diff --git a/README.md b/README.md
--- a/README.md
+++ b/README.md
@@ -7,9 +7,8 @@
 
 
 ## Version
-
-`1.6.1`
-
+ 
+`2.0` - Derived from API version @2016-06-02@ of the AWS service descriptions, licensed under Apache 2.0.
 
 ## Description
 
@@ -26,7 +25,7 @@
 The provided lenses should be compatible with any of the major lens libraries
 [lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).
 
-See [Network.AWS.Shield](http://hackage.haskell.org/package/amazonka-shield/docs/Network-AWS-Shield.html)
+See [Amazonka.Shield](http://hackage.haskell.org/package/amazonka-shield/docs/Amazonka-Shield.html)
 or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.
 
 
diff --git a/Setup.hs b/Setup.hs
deleted file mode 100644
--- a/Setup.hs
+++ /dev/null
@@ -1,2 +0,0 @@
-import           Distribution.Simple
-main = defaultMain
diff --git a/amazonka-shield.cabal b/amazonka-shield.cabal
--- a/amazonka-shield.cabal
+++ b/amazonka-shield.cabal
@@ -1,95 +1,159 @@
-name:                  amazonka-shield
-version:               1.6.1
-synopsis:              Amazon Shield SDK.
-homepage:              https://github.com/brendanhay/amazonka
-bug-reports:           https://github.com/brendanhay/amazonka/issues
-license:               MPL-2.0
-license-file:          LICENSE
-author:                Brendan Hay
-maintainer:            Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-copyright:             Copyright (c) 2013-2018 Brendan Hay
-category:              Network, AWS, Cloud, Distributed Computing
-build-type:            Simple
-cabal-version:         >= 1.10
-extra-source-files:    README.md fixture/*.yaml fixture/*.proto src/.gitkeep
+cabal-version:      2.2
+name:               amazonka-shield
+version:            2.0
+synopsis:           Amazon Shield SDK.
+homepage:           https://github.com/brendanhay/amazonka
+bug-reports:        https://github.com/brendanhay/amazonka/issues
+license:            MPL-2.0
+license-file:       LICENSE
+author:             Brendan Hay
+maintainer:
+  Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>
+
+copyright:          Copyright (c) 2013-2023 Brendan Hay
+category:           AWS
+build-type:         Simple
+extra-source-files:
+  fixture/*.proto
+  fixture/*.yaml
+  README.md
+  src/.gitkeep
+
 description:
-    The types from this library are intended to be used with
-    <http://hackage.haskell.org/package/amazonka amazonka>, which provides
-    mechanisms for specifying AuthN/AuthZ information, sending requests,
-    and receiving responses.
-    .
-    Lenses are used for constructing and manipulating types,
-    due to the depth of nesting of AWS types and transparency regarding
-    de/serialisation into more palatable Haskell values.
-    The provided lenses should be compatible with any of the major lens libraries
-    such as <http://hackage.haskell.org/package/lens lens> or
-    <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
-    .
-    See "Network.AWS.Shield" or <https://aws.amazon.com/documentation/ the AWS documentation>
-    to get started.
+  Derived from API version @2016-06-02@ of the AWS service descriptions, licensed under Apache 2.0.
+  .
+  The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,
+  which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.
+  .
+  It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.
+  .
+  Generated lenses can be found in "Amazonka.Shield.Lens" and are
+  suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
+  .
+  See "Amazonka.Shield" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.
 
 source-repository head
-    type:              git
-    location:          git://github.com/brendanhay/amazonka.git
-    subdir:            amazonka-shield
+  type:     git
+  location: git://github.com/brendanhay/amazonka.git
+  subdir:   amazonka-shield
 
 library
-    default-language:  Haskell2010
-    hs-source-dirs:    src gen
-
-    ghc-options:
-        -Wall
-        -fwarn-incomplete-uni-patterns
-        -fwarn-incomplete-record-updates
-        -funbox-strict-fields
-
-    exposed-modules:
-          Network.AWS.Shield
-        , Network.AWS.Shield.CreateProtection
-        , Network.AWS.Shield.CreateSubscription
-        , Network.AWS.Shield.DeleteProtection
-        , Network.AWS.Shield.DeleteSubscription
-        , Network.AWS.Shield.DescribeAttack
-        , Network.AWS.Shield.DescribeProtection
-        , Network.AWS.Shield.DescribeSubscription
-        , Network.AWS.Shield.GetSubscriptionState
-        , Network.AWS.Shield.ListAttacks
-        , Network.AWS.Shield.ListProtections
-        , Network.AWS.Shield.Types
-        , Network.AWS.Shield.Waiters
+  default-language: Haskell2010
+  hs-source-dirs:   src gen
+  ghc-options:
+    -Wall -fwarn-incomplete-uni-patterns
+    -fwarn-incomplete-record-updates -funbox-strict-fields
 
-    other-modules:
-          Network.AWS.Shield.Types.Product
-        , Network.AWS.Shield.Types.Sum
+  exposed-modules:
+    Amazonka.Shield
+    Amazonka.Shield.AssociateDRTLogBucket
+    Amazonka.Shield.AssociateDRTRole
+    Amazonka.Shield.AssociateHealthCheck
+    Amazonka.Shield.AssociateProactiveEngagementDetails
+    Amazonka.Shield.CreateProtection
+    Amazonka.Shield.CreateProtectionGroup
+    Amazonka.Shield.CreateSubscription
+    Amazonka.Shield.DeleteProtection
+    Amazonka.Shield.DeleteProtectionGroup
+    Amazonka.Shield.DescribeAttack
+    Amazonka.Shield.DescribeAttackStatistics
+    Amazonka.Shield.DescribeDRTAccess
+    Amazonka.Shield.DescribeEmergencyContactSettings
+    Amazonka.Shield.DescribeProtection
+    Amazonka.Shield.DescribeProtectionGroup
+    Amazonka.Shield.DescribeSubscription
+    Amazonka.Shield.DisableApplicationLayerAutomaticResponse
+    Amazonka.Shield.DisableProactiveEngagement
+    Amazonka.Shield.DisassociateDRTLogBucket
+    Amazonka.Shield.DisassociateDRTRole
+    Amazonka.Shield.DisassociateHealthCheck
+    Amazonka.Shield.EnableApplicationLayerAutomaticResponse
+    Amazonka.Shield.EnableProactiveEngagement
+    Amazonka.Shield.GetSubscriptionState
+    Amazonka.Shield.Lens
+    Amazonka.Shield.ListAttacks
+    Amazonka.Shield.ListProtectionGroups
+    Amazonka.Shield.ListProtections
+    Amazonka.Shield.ListResourcesInProtectionGroup
+    Amazonka.Shield.ListTagsForResource
+    Amazonka.Shield.TagResource
+    Amazonka.Shield.Types
+    Amazonka.Shield.Types.ApplicationLayerAutomaticResponseConfiguration
+    Amazonka.Shield.Types.ApplicationLayerAutomaticResponseStatus
+    Amazonka.Shield.Types.AttackDetail
+    Amazonka.Shield.Types.AttackLayer
+    Amazonka.Shield.Types.AttackProperty
+    Amazonka.Shield.Types.AttackPropertyIdentifier
+    Amazonka.Shield.Types.AttackStatisticsDataItem
+    Amazonka.Shield.Types.AttackSummary
+    Amazonka.Shield.Types.AttackVectorDescription
+    Amazonka.Shield.Types.AttackVolume
+    Amazonka.Shield.Types.AttackVolumeStatistics
+    Amazonka.Shield.Types.AutoRenew
+    Amazonka.Shield.Types.BlockAction
+    Amazonka.Shield.Types.Contributor
+    Amazonka.Shield.Types.CountAction
+    Amazonka.Shield.Types.EmergencyContact
+    Amazonka.Shield.Types.InclusionProtectionFilters
+    Amazonka.Shield.Types.InclusionProtectionGroupFilters
+    Amazonka.Shield.Types.Limit
+    Amazonka.Shield.Types.Mitigation
+    Amazonka.Shield.Types.ProactiveEngagementStatus
+    Amazonka.Shield.Types.ProtectedResourceType
+    Amazonka.Shield.Types.Protection
+    Amazonka.Shield.Types.ProtectionGroup
+    Amazonka.Shield.Types.ProtectionGroupAggregation
+    Amazonka.Shield.Types.ProtectionGroupArbitraryPatternLimits
+    Amazonka.Shield.Types.ProtectionGroupLimits
+    Amazonka.Shield.Types.ProtectionGroupPattern
+    Amazonka.Shield.Types.ProtectionGroupPatternTypeLimits
+    Amazonka.Shield.Types.ProtectionLimits
+    Amazonka.Shield.Types.ResponseAction
+    Amazonka.Shield.Types.SubResourceSummary
+    Amazonka.Shield.Types.SubResourceType
+    Amazonka.Shield.Types.Subscription
+    Amazonka.Shield.Types.SubscriptionLimits
+    Amazonka.Shield.Types.SubscriptionState
+    Amazonka.Shield.Types.SummarizedAttackVector
+    Amazonka.Shield.Types.SummarizedCounter
+    Amazonka.Shield.Types.Tag
+    Amazonka.Shield.Types.TimeRange
+    Amazonka.Shield.Types.Unit
+    Amazonka.Shield.UntagResource
+    Amazonka.Shield.UpdateApplicationLayerAutomaticResponse
+    Amazonka.Shield.UpdateEmergencyContactSettings
+    Amazonka.Shield.UpdateProtectionGroup
+    Amazonka.Shield.UpdateSubscription
+    Amazonka.Shield.Waiters
 
-    build-depends:
-          amazonka-core == 1.6.1.*
-        , base          >= 4.7     && < 5
+  build-depends:
+    , amazonka-core  >=2.0  && <2.1
+    , base           >=4.12 && <5
 
 test-suite amazonka-shield-test
-    type:              exitcode-stdio-1.0
-    default-language:  Haskell2010
-    hs-source-dirs:    test
-    main-is:           Main.hs
-
-    ghc-options:       -Wall -threaded
+  type:             exitcode-stdio-1.0
+  default-language: Haskell2010
+  hs-source-dirs:   test
+  main-is:          Main.hs
+  ghc-options:      -Wall -threaded
 
-    -- This section is encoded by the template and any modules added by
-    -- hand outside these namespaces will not correctly be added to the
-    -- distribution package.
-    other-modules:
-          Test.AWS.Shield
-        , Test.AWS.Gen.Shield
-        , Test.AWS.Shield.Internal
+  -- This section is encoded by the template and any modules added by
+  -- hand outside these namespaces will not correctly be added to the
+  -- distribution package.
+  other-modules:
+    Test.Amazonka.Gen.Shield
+    Test.Amazonka.Shield
+    Test.Amazonka.Shield.Internal
 
-    build-depends:
-          amazonka-core == 1.6.1.*
-        , amazonka-test == 1.6.1.*
-        , amazonka-shield
-        , base
-        , bytestring
-        , tasty
-        , tasty-hunit
-        , text
-        , time
-        , unordered-containers
+  build-depends:
+    , amazonka-core         >=2.0 && <2.1
+    , amazonka-shield
+    , amazonka-test         >=2.0 && <2.1
+    , base
+    , bytestring
+    , case-insensitive
+    , tasty
+    , tasty-hunit
+    , text
+    , time
+    , unordered-containers
diff --git a/fixture/AssociateDRTLogBucket.yaml b/fixture/AssociateDRTLogBucket.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateDRTLogBucket.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AssociateDRTLogBucketResponse.proto b/fixture/AssociateDRTLogBucketResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateDRTLogBucketResponse.proto
diff --git a/fixture/AssociateDRTRole.yaml b/fixture/AssociateDRTRole.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateDRTRole.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AssociateDRTRoleResponse.proto b/fixture/AssociateDRTRoleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateDRTRoleResponse.proto
diff --git a/fixture/AssociateHealthCheck.yaml b/fixture/AssociateHealthCheck.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateHealthCheck.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AssociateHealthCheckResponse.proto b/fixture/AssociateHealthCheckResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateHealthCheckResponse.proto
diff --git a/fixture/AssociateProactiveEngagementDetails.yaml b/fixture/AssociateProactiveEngagementDetails.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateProactiveEngagementDetails.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AssociateProactiveEngagementDetailsResponse.proto b/fixture/AssociateProactiveEngagementDetailsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateProactiveEngagementDetailsResponse.proto
diff --git a/fixture/CreateProtectionGroup.yaml b/fixture/CreateProtectionGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateProtectionGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateProtectionGroupResponse.proto b/fixture/CreateProtectionGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateProtectionGroupResponse.proto
diff --git a/fixture/DeleteProtectionGroup.yaml b/fixture/DeleteProtectionGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteProtectionGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteProtectionGroupResponse.proto b/fixture/DeleteProtectionGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteProtectionGroupResponse.proto
diff --git a/fixture/DescribeAttackStatistics.yaml b/fixture/DescribeAttackStatistics.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeAttackStatistics.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeAttackStatisticsResponse.proto b/fixture/DescribeAttackStatisticsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeAttackStatisticsResponse.proto
diff --git a/fixture/DescribeDRTAccess.yaml b/fixture/DescribeDRTAccess.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeDRTAccess.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeDRTAccessResponse.proto b/fixture/DescribeDRTAccessResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeDRTAccessResponse.proto
diff --git a/fixture/DescribeEmergencyContactSettings.yaml b/fixture/DescribeEmergencyContactSettings.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeEmergencyContactSettings.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeEmergencyContactSettingsResponse.proto b/fixture/DescribeEmergencyContactSettingsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeEmergencyContactSettingsResponse.proto
diff --git a/fixture/DescribeProtectionGroup.yaml b/fixture/DescribeProtectionGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeProtectionGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeProtectionGroupResponse.proto b/fixture/DescribeProtectionGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeProtectionGroupResponse.proto
diff --git a/fixture/DisableApplicationLayerAutomaticResponse.yaml b/fixture/DisableApplicationLayerAutomaticResponse.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisableApplicationLayerAutomaticResponse.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisableApplicationLayerAutomaticResponseResponse.proto b/fixture/DisableApplicationLayerAutomaticResponseResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisableApplicationLayerAutomaticResponseResponse.proto
diff --git a/fixture/DisableProactiveEngagement.yaml b/fixture/DisableProactiveEngagement.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisableProactiveEngagement.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisableProactiveEngagementResponse.proto b/fixture/DisableProactiveEngagementResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisableProactiveEngagementResponse.proto
diff --git a/fixture/DisassociateDRTLogBucket.yaml b/fixture/DisassociateDRTLogBucket.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateDRTLogBucket.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisassociateDRTLogBucketResponse.proto b/fixture/DisassociateDRTLogBucketResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateDRTLogBucketResponse.proto
diff --git a/fixture/DisassociateDRTRole.yaml b/fixture/DisassociateDRTRole.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateDRTRole.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisassociateDRTRoleResponse.proto b/fixture/DisassociateDRTRoleResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateDRTRoleResponse.proto
diff --git a/fixture/DisassociateHealthCheck.yaml b/fixture/DisassociateHealthCheck.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateHealthCheck.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisassociateHealthCheckResponse.proto b/fixture/DisassociateHealthCheckResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateHealthCheckResponse.proto
diff --git a/fixture/EnableApplicationLayerAutomaticResponse.yaml b/fixture/EnableApplicationLayerAutomaticResponse.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/EnableApplicationLayerAutomaticResponse.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/EnableApplicationLayerAutomaticResponseResponse.proto b/fixture/EnableApplicationLayerAutomaticResponseResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/EnableApplicationLayerAutomaticResponseResponse.proto
diff --git a/fixture/EnableProactiveEngagement.yaml b/fixture/EnableProactiveEngagement.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/EnableProactiveEngagement.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/EnableProactiveEngagementResponse.proto b/fixture/EnableProactiveEngagementResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/EnableProactiveEngagementResponse.proto
diff --git a/fixture/ListProtectionGroups.yaml b/fixture/ListProtectionGroups.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListProtectionGroups.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListProtectionGroupsResponse.proto b/fixture/ListProtectionGroupsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListProtectionGroupsResponse.proto
diff --git a/fixture/ListResourcesInProtectionGroup.yaml b/fixture/ListResourcesInProtectionGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListResourcesInProtectionGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListResourcesInProtectionGroupResponse.proto b/fixture/ListResourcesInProtectionGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListResourcesInProtectionGroupResponse.proto
diff --git a/fixture/ListTagsForResource.yaml b/fixture/ListTagsForResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListTagsForResourceResponse.proto b/fixture/ListTagsForResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResourceResponse.proto
diff --git a/fixture/TagResource.yaml b/fixture/TagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/TagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/TagResourceResponse.proto b/fixture/TagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/TagResourceResponse.proto
diff --git a/fixture/UntagResource.yaml b/fixture/UntagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UntagResourceResponse.proto b/fixture/UntagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResourceResponse.proto
diff --git a/fixture/UpdateApplicationLayerAutomaticResponse.yaml b/fixture/UpdateApplicationLayerAutomaticResponse.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateApplicationLayerAutomaticResponse.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateApplicationLayerAutomaticResponseResponse.proto b/fixture/UpdateApplicationLayerAutomaticResponseResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateApplicationLayerAutomaticResponseResponse.proto
diff --git a/fixture/UpdateEmergencyContactSettings.yaml b/fixture/UpdateEmergencyContactSettings.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateEmergencyContactSettings.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateEmergencyContactSettingsResponse.proto b/fixture/UpdateEmergencyContactSettingsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateEmergencyContactSettingsResponse.proto
diff --git a/fixture/UpdateProtectionGroup.yaml b/fixture/UpdateProtectionGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateProtectionGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateProtectionGroupResponse.proto b/fixture/UpdateProtectionGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateProtectionGroupResponse.proto
diff --git a/fixture/UpdateSubscription.yaml b/fixture/UpdateSubscription.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateSubscription.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/shield/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  shield.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateSubscriptionResponse.proto b/fixture/UpdateSubscriptionResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateSubscriptionResponse.proto
diff --git a/gen/Amazonka/Shield.hs b/gen/Amazonka/Shield.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield.hs
@@ -0,0 +1,505 @@
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Amazonka.Shield
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Derived from API version @2016-06-02@ of the AWS service descriptions, licensed under Apache 2.0.
+--
+-- Shield Advanced
+--
+-- This is the /Shield Advanced API Reference/. This guide is for
+-- developers who need detailed information about the Shield Advanced API
+-- actions, data types, and errors. For detailed information about WAF and
+-- Shield Advanced features and an overview of how to use the WAF and
+-- Shield Advanced APIs, see the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/ WAF and Shield Developer Guide>.
+module Amazonka.Shield
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    -- $errors
+
+    -- ** AccessDeniedException
+    _AccessDeniedException,
+
+    -- ** AccessDeniedForDependencyException
+    _AccessDeniedForDependencyException,
+
+    -- ** InternalErrorException
+    _InternalErrorException,
+
+    -- ** InvalidOperationException
+    _InvalidOperationException,
+
+    -- ** InvalidPaginationTokenException
+    _InvalidPaginationTokenException,
+
+    -- ** InvalidParameterException
+    _InvalidParameterException,
+
+    -- ** InvalidResourceException
+    _InvalidResourceException,
+
+    -- ** LimitsExceededException
+    _LimitsExceededException,
+
+    -- ** LockedSubscriptionException
+    _LockedSubscriptionException,
+
+    -- ** NoAssociatedRoleException
+    _NoAssociatedRoleException,
+
+    -- ** OptimisticLockException
+    _OptimisticLockException,
+
+    -- ** ResourceAlreadyExistsException
+    _ResourceAlreadyExistsException,
+
+    -- ** ResourceNotFoundException
+    _ResourceNotFoundException,
+
+    -- * Waiters
+    -- $waiters
+
+    -- * Operations
+    -- $operations
+
+    -- ** AssociateDRTLogBucket
+    AssociateDRTLogBucket (AssociateDRTLogBucket'),
+    newAssociateDRTLogBucket,
+    AssociateDRTLogBucketResponse (AssociateDRTLogBucketResponse'),
+    newAssociateDRTLogBucketResponse,
+
+    -- ** AssociateDRTRole
+    AssociateDRTRole (AssociateDRTRole'),
+    newAssociateDRTRole,
+    AssociateDRTRoleResponse (AssociateDRTRoleResponse'),
+    newAssociateDRTRoleResponse,
+
+    -- ** AssociateHealthCheck
+    AssociateHealthCheck (AssociateHealthCheck'),
+    newAssociateHealthCheck,
+    AssociateHealthCheckResponse (AssociateHealthCheckResponse'),
+    newAssociateHealthCheckResponse,
+
+    -- ** AssociateProactiveEngagementDetails
+    AssociateProactiveEngagementDetails (AssociateProactiveEngagementDetails'),
+    newAssociateProactiveEngagementDetails,
+    AssociateProactiveEngagementDetailsResponse (AssociateProactiveEngagementDetailsResponse'),
+    newAssociateProactiveEngagementDetailsResponse,
+
+    -- ** CreateProtection
+    CreateProtection (CreateProtection'),
+    newCreateProtection,
+    CreateProtectionResponse (CreateProtectionResponse'),
+    newCreateProtectionResponse,
+
+    -- ** CreateProtectionGroup
+    CreateProtectionGroup (CreateProtectionGroup'),
+    newCreateProtectionGroup,
+    CreateProtectionGroupResponse (CreateProtectionGroupResponse'),
+    newCreateProtectionGroupResponse,
+
+    -- ** CreateSubscription
+    CreateSubscription (CreateSubscription'),
+    newCreateSubscription,
+    CreateSubscriptionResponse (CreateSubscriptionResponse'),
+    newCreateSubscriptionResponse,
+
+    -- ** DeleteProtection
+    DeleteProtection (DeleteProtection'),
+    newDeleteProtection,
+    DeleteProtectionResponse (DeleteProtectionResponse'),
+    newDeleteProtectionResponse,
+
+    -- ** DeleteProtectionGroup
+    DeleteProtectionGroup (DeleteProtectionGroup'),
+    newDeleteProtectionGroup,
+    DeleteProtectionGroupResponse (DeleteProtectionGroupResponse'),
+    newDeleteProtectionGroupResponse,
+
+    -- ** DescribeAttack
+    DescribeAttack (DescribeAttack'),
+    newDescribeAttack,
+    DescribeAttackResponse (DescribeAttackResponse'),
+    newDescribeAttackResponse,
+
+    -- ** DescribeAttackStatistics
+    DescribeAttackStatistics (DescribeAttackStatistics'),
+    newDescribeAttackStatistics,
+    DescribeAttackStatisticsResponse (DescribeAttackStatisticsResponse'),
+    newDescribeAttackStatisticsResponse,
+
+    -- ** DescribeDRTAccess
+    DescribeDRTAccess (DescribeDRTAccess'),
+    newDescribeDRTAccess,
+    DescribeDRTAccessResponse (DescribeDRTAccessResponse'),
+    newDescribeDRTAccessResponse,
+
+    -- ** DescribeEmergencyContactSettings
+    DescribeEmergencyContactSettings (DescribeEmergencyContactSettings'),
+    newDescribeEmergencyContactSettings,
+    DescribeEmergencyContactSettingsResponse (DescribeEmergencyContactSettingsResponse'),
+    newDescribeEmergencyContactSettingsResponse,
+
+    -- ** DescribeProtection
+    DescribeProtection (DescribeProtection'),
+    newDescribeProtection,
+    DescribeProtectionResponse (DescribeProtectionResponse'),
+    newDescribeProtectionResponse,
+
+    -- ** DescribeProtectionGroup
+    DescribeProtectionGroup (DescribeProtectionGroup'),
+    newDescribeProtectionGroup,
+    DescribeProtectionGroupResponse (DescribeProtectionGroupResponse'),
+    newDescribeProtectionGroupResponse,
+
+    -- ** DescribeSubscription
+    DescribeSubscription (DescribeSubscription'),
+    newDescribeSubscription,
+    DescribeSubscriptionResponse (DescribeSubscriptionResponse'),
+    newDescribeSubscriptionResponse,
+
+    -- ** DisableApplicationLayerAutomaticResponse
+    DisableApplicationLayerAutomaticResponse (DisableApplicationLayerAutomaticResponse'),
+    newDisableApplicationLayerAutomaticResponse,
+    DisableApplicationLayerAutomaticResponseResponse (DisableApplicationLayerAutomaticResponseResponse'),
+    newDisableApplicationLayerAutomaticResponseResponse,
+
+    -- ** DisableProactiveEngagement
+    DisableProactiveEngagement (DisableProactiveEngagement'),
+    newDisableProactiveEngagement,
+    DisableProactiveEngagementResponse (DisableProactiveEngagementResponse'),
+    newDisableProactiveEngagementResponse,
+
+    -- ** DisassociateDRTLogBucket
+    DisassociateDRTLogBucket (DisassociateDRTLogBucket'),
+    newDisassociateDRTLogBucket,
+    DisassociateDRTLogBucketResponse (DisassociateDRTLogBucketResponse'),
+    newDisassociateDRTLogBucketResponse,
+
+    -- ** DisassociateDRTRole
+    DisassociateDRTRole (DisassociateDRTRole'),
+    newDisassociateDRTRole,
+    DisassociateDRTRoleResponse (DisassociateDRTRoleResponse'),
+    newDisassociateDRTRoleResponse,
+
+    -- ** DisassociateHealthCheck
+    DisassociateHealthCheck (DisassociateHealthCheck'),
+    newDisassociateHealthCheck,
+    DisassociateHealthCheckResponse (DisassociateHealthCheckResponse'),
+    newDisassociateHealthCheckResponse,
+
+    -- ** EnableApplicationLayerAutomaticResponse
+    EnableApplicationLayerAutomaticResponse (EnableApplicationLayerAutomaticResponse'),
+    newEnableApplicationLayerAutomaticResponse,
+    EnableApplicationLayerAutomaticResponseResponse (EnableApplicationLayerAutomaticResponseResponse'),
+    newEnableApplicationLayerAutomaticResponseResponse,
+
+    -- ** EnableProactiveEngagement
+    EnableProactiveEngagement (EnableProactiveEngagement'),
+    newEnableProactiveEngagement,
+    EnableProactiveEngagementResponse (EnableProactiveEngagementResponse'),
+    newEnableProactiveEngagementResponse,
+
+    -- ** GetSubscriptionState
+    GetSubscriptionState (GetSubscriptionState'),
+    newGetSubscriptionState,
+    GetSubscriptionStateResponse (GetSubscriptionStateResponse'),
+    newGetSubscriptionStateResponse,
+
+    -- ** ListAttacks (Paginated)
+    ListAttacks (ListAttacks'),
+    newListAttacks,
+    ListAttacksResponse (ListAttacksResponse'),
+    newListAttacksResponse,
+
+    -- ** ListProtectionGroups
+    ListProtectionGroups (ListProtectionGroups'),
+    newListProtectionGroups,
+    ListProtectionGroupsResponse (ListProtectionGroupsResponse'),
+    newListProtectionGroupsResponse,
+
+    -- ** ListProtections (Paginated)
+    ListProtections (ListProtections'),
+    newListProtections,
+    ListProtectionsResponse (ListProtectionsResponse'),
+    newListProtectionsResponse,
+
+    -- ** ListResourcesInProtectionGroup
+    ListResourcesInProtectionGroup (ListResourcesInProtectionGroup'),
+    newListResourcesInProtectionGroup,
+    ListResourcesInProtectionGroupResponse (ListResourcesInProtectionGroupResponse'),
+    newListResourcesInProtectionGroupResponse,
+
+    -- ** ListTagsForResource
+    ListTagsForResource (ListTagsForResource'),
+    newListTagsForResource,
+    ListTagsForResourceResponse (ListTagsForResourceResponse'),
+    newListTagsForResourceResponse,
+
+    -- ** TagResource
+    TagResource (TagResource'),
+    newTagResource,
+    TagResourceResponse (TagResourceResponse'),
+    newTagResourceResponse,
+
+    -- ** UntagResource
+    UntagResource (UntagResource'),
+    newUntagResource,
+    UntagResourceResponse (UntagResourceResponse'),
+    newUntagResourceResponse,
+
+    -- ** UpdateApplicationLayerAutomaticResponse
+    UpdateApplicationLayerAutomaticResponse (UpdateApplicationLayerAutomaticResponse'),
+    newUpdateApplicationLayerAutomaticResponse,
+    UpdateApplicationLayerAutomaticResponseResponse (UpdateApplicationLayerAutomaticResponseResponse'),
+    newUpdateApplicationLayerAutomaticResponseResponse,
+
+    -- ** UpdateEmergencyContactSettings
+    UpdateEmergencyContactSettings (UpdateEmergencyContactSettings'),
+    newUpdateEmergencyContactSettings,
+    UpdateEmergencyContactSettingsResponse (UpdateEmergencyContactSettingsResponse'),
+    newUpdateEmergencyContactSettingsResponse,
+
+    -- ** UpdateProtectionGroup
+    UpdateProtectionGroup (UpdateProtectionGroup'),
+    newUpdateProtectionGroup,
+    UpdateProtectionGroupResponse (UpdateProtectionGroupResponse'),
+    newUpdateProtectionGroupResponse,
+
+    -- ** UpdateSubscription
+    UpdateSubscription (UpdateSubscription'),
+    newUpdateSubscription,
+    UpdateSubscriptionResponse (UpdateSubscriptionResponse'),
+    newUpdateSubscriptionResponse,
+
+    -- * Types
+
+    -- ** ApplicationLayerAutomaticResponseStatus
+    ApplicationLayerAutomaticResponseStatus (..),
+
+    -- ** AttackLayer
+    AttackLayer (..),
+
+    -- ** AttackPropertyIdentifier
+    AttackPropertyIdentifier (..),
+
+    -- ** AutoRenew
+    AutoRenew (..),
+
+    -- ** ProactiveEngagementStatus
+    ProactiveEngagementStatus (..),
+
+    -- ** ProtectedResourceType
+    ProtectedResourceType (..),
+
+    -- ** ProtectionGroupAggregation
+    ProtectionGroupAggregation (..),
+
+    -- ** ProtectionGroupPattern
+    ProtectionGroupPattern (..),
+
+    -- ** SubResourceType
+    SubResourceType (..),
+
+    -- ** SubscriptionState
+    SubscriptionState (..),
+
+    -- ** Unit
+    Unit (..),
+
+    -- ** ApplicationLayerAutomaticResponseConfiguration
+    ApplicationLayerAutomaticResponseConfiguration (ApplicationLayerAutomaticResponseConfiguration'),
+    newApplicationLayerAutomaticResponseConfiguration,
+
+    -- ** AttackDetail
+    AttackDetail (AttackDetail'),
+    newAttackDetail,
+
+    -- ** AttackProperty
+    AttackProperty (AttackProperty'),
+    newAttackProperty,
+
+    -- ** AttackStatisticsDataItem
+    AttackStatisticsDataItem (AttackStatisticsDataItem'),
+    newAttackStatisticsDataItem,
+
+    -- ** AttackSummary
+    AttackSummary (AttackSummary'),
+    newAttackSummary,
+
+    -- ** AttackVectorDescription
+    AttackVectorDescription (AttackVectorDescription'),
+    newAttackVectorDescription,
+
+    -- ** AttackVolume
+    AttackVolume (AttackVolume'),
+    newAttackVolume,
+
+    -- ** AttackVolumeStatistics
+    AttackVolumeStatistics (AttackVolumeStatistics'),
+    newAttackVolumeStatistics,
+
+    -- ** BlockAction
+    BlockAction (BlockAction'),
+    newBlockAction,
+
+    -- ** Contributor
+    Contributor (Contributor'),
+    newContributor,
+
+    -- ** CountAction
+    CountAction (CountAction'),
+    newCountAction,
+
+    -- ** EmergencyContact
+    EmergencyContact (EmergencyContact'),
+    newEmergencyContact,
+
+    -- ** InclusionProtectionFilters
+    InclusionProtectionFilters (InclusionProtectionFilters'),
+    newInclusionProtectionFilters,
+
+    -- ** InclusionProtectionGroupFilters
+    InclusionProtectionGroupFilters (InclusionProtectionGroupFilters'),
+    newInclusionProtectionGroupFilters,
+
+    -- ** Limit
+    Limit (Limit'),
+    newLimit,
+
+    -- ** Mitigation
+    Mitigation (Mitigation'),
+    newMitigation,
+
+    -- ** Protection
+    Protection (Protection'),
+    newProtection,
+
+    -- ** ProtectionGroup
+    ProtectionGroup (ProtectionGroup'),
+    newProtectionGroup,
+
+    -- ** ProtectionGroupArbitraryPatternLimits
+    ProtectionGroupArbitraryPatternLimits (ProtectionGroupArbitraryPatternLimits'),
+    newProtectionGroupArbitraryPatternLimits,
+
+    -- ** ProtectionGroupLimits
+    ProtectionGroupLimits (ProtectionGroupLimits'),
+    newProtectionGroupLimits,
+
+    -- ** ProtectionGroupPatternTypeLimits
+    ProtectionGroupPatternTypeLimits (ProtectionGroupPatternTypeLimits'),
+    newProtectionGroupPatternTypeLimits,
+
+    -- ** ProtectionLimits
+    ProtectionLimits (ProtectionLimits'),
+    newProtectionLimits,
+
+    -- ** ResponseAction
+    ResponseAction (ResponseAction'),
+    newResponseAction,
+
+    -- ** SubResourceSummary
+    SubResourceSummary (SubResourceSummary'),
+    newSubResourceSummary,
+
+    -- ** Subscription
+    Subscription (Subscription'),
+    newSubscription,
+
+    -- ** SubscriptionLimits
+    SubscriptionLimits (SubscriptionLimits'),
+    newSubscriptionLimits,
+
+    -- ** SummarizedAttackVector
+    SummarizedAttackVector (SummarizedAttackVector'),
+    newSummarizedAttackVector,
+
+    -- ** SummarizedCounter
+    SummarizedCounter (SummarizedCounter'),
+    newSummarizedCounter,
+
+    -- ** Tag
+    Tag (Tag'),
+    newTag,
+
+    -- ** TimeRange
+    TimeRange (TimeRange'),
+    newTimeRange,
+  )
+where
+
+import Amazonka.Shield.AssociateDRTLogBucket
+import Amazonka.Shield.AssociateDRTRole
+import Amazonka.Shield.AssociateHealthCheck
+import Amazonka.Shield.AssociateProactiveEngagementDetails
+import Amazonka.Shield.CreateProtection
+import Amazonka.Shield.CreateProtectionGroup
+import Amazonka.Shield.CreateSubscription
+import Amazonka.Shield.DeleteProtection
+import Amazonka.Shield.DeleteProtectionGroup
+import Amazonka.Shield.DescribeAttack
+import Amazonka.Shield.DescribeAttackStatistics
+import Amazonka.Shield.DescribeDRTAccess
+import Amazonka.Shield.DescribeEmergencyContactSettings
+import Amazonka.Shield.DescribeProtection
+import Amazonka.Shield.DescribeProtectionGroup
+import Amazonka.Shield.DescribeSubscription
+import Amazonka.Shield.DisableApplicationLayerAutomaticResponse
+import Amazonka.Shield.DisableProactiveEngagement
+import Amazonka.Shield.DisassociateDRTLogBucket
+import Amazonka.Shield.DisassociateDRTRole
+import Amazonka.Shield.DisassociateHealthCheck
+import Amazonka.Shield.EnableApplicationLayerAutomaticResponse
+import Amazonka.Shield.EnableProactiveEngagement
+import Amazonka.Shield.GetSubscriptionState
+import Amazonka.Shield.Lens
+import Amazonka.Shield.ListAttacks
+import Amazonka.Shield.ListProtectionGroups
+import Amazonka.Shield.ListProtections
+import Amazonka.Shield.ListResourcesInProtectionGroup
+import Amazonka.Shield.ListTagsForResource
+import Amazonka.Shield.TagResource
+import Amazonka.Shield.Types
+import Amazonka.Shield.UntagResource
+import Amazonka.Shield.UpdateApplicationLayerAutomaticResponse
+import Amazonka.Shield.UpdateEmergencyContactSettings
+import Amazonka.Shield.UpdateProtectionGroup
+import Amazonka.Shield.UpdateSubscription
+import Amazonka.Shield.Waiters
+
+-- $errors
+-- Error matchers are designed for use with the functions provided by
+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
+-- This allows catching (and rethrowing) service specific errors returned
+-- by 'Shield'.
+
+-- $operations
+-- Some AWS operations return results that are incomplete and require subsequent
+-- requests in order to obtain the entire result set. The process of sending
+-- subsequent requests to continue where a previous request left off is called
+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
+-- 1000 objects at a time, and you must send subsequent requests with the
+-- appropriate Marker in order to retrieve the next page of results.
+--
+-- Operations that have an 'AWSPager' instance can transparently perform subsequent
+-- requests, correctly setting Markers and other request facets to iterate through
+-- the entire result set of a truncated API operation. Operations which support
+-- this have an additional note in the documentation.
+--
+-- Many operations have the ability to filter results on the server side. See the
+-- individual operation parameters for details.
+
+-- $waiters
+-- Waiters poll by repeatedly sending a request until some remote success condition
+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification
+-- determines how many attempts should be made, in addition to delay and retry strategies.
diff --git a/gen/Amazonka/Shield/AssociateDRTLogBucket.hs b/gen/Amazonka/Shield/AssociateDRTLogBucket.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/AssociateDRTLogBucket.hs
@@ -0,0 +1,166 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.AssociateDRTLogBucket
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Authorizes the Shield Response Team (SRT) to access the specified Amazon
+-- S3 bucket containing log data such as Application Load Balancer access
+-- logs, CloudFront logs, or logs from third party sources. You can
+-- associate up to 10 Amazon S3 buckets with your subscription.
+--
+-- To use the services of the SRT and make an @AssociateDRTLogBucket@
+-- request, you must be subscribed to the
+-- <http://aws.amazon.com/premiumsupport/business-support/ Business Support plan>
+-- or the
+-- <http://aws.amazon.com/premiumsupport/enterprise-support/ Enterprise Support plan>.
+module Amazonka.Shield.AssociateDRTLogBucket
+  ( -- * Creating a Request
+    AssociateDRTLogBucket (..),
+    newAssociateDRTLogBucket,
+
+    -- * Request Lenses
+    associateDRTLogBucket_logBucket,
+
+    -- * Destructuring the Response
+    AssociateDRTLogBucketResponse (..),
+    newAssociateDRTLogBucketResponse,
+
+    -- * Response Lenses
+    associateDRTLogBucketResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newAssociateDRTLogBucket' smart constructor.
+data AssociateDRTLogBucket = AssociateDRTLogBucket'
+  { -- | The Amazon S3 bucket that contains the logs that you want to share.
+    logBucket :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateDRTLogBucket' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'logBucket', 'associateDRTLogBucket_logBucket' - The Amazon S3 bucket that contains the logs that you want to share.
+newAssociateDRTLogBucket ::
+  -- | 'logBucket'
+  Prelude.Text ->
+  AssociateDRTLogBucket
+newAssociateDRTLogBucket pLogBucket_ =
+  AssociateDRTLogBucket' {logBucket = pLogBucket_}
+
+-- | The Amazon S3 bucket that contains the logs that you want to share.
+associateDRTLogBucket_logBucket :: Lens.Lens' AssociateDRTLogBucket Prelude.Text
+associateDRTLogBucket_logBucket = Lens.lens (\AssociateDRTLogBucket' {logBucket} -> logBucket) (\s@AssociateDRTLogBucket' {} a -> s {logBucket = a} :: AssociateDRTLogBucket)
+
+instance Core.AWSRequest AssociateDRTLogBucket where
+  type
+    AWSResponse AssociateDRTLogBucket =
+      AssociateDRTLogBucketResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          AssociateDRTLogBucketResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable AssociateDRTLogBucket where
+  hashWithSalt _salt AssociateDRTLogBucket' {..} =
+    _salt `Prelude.hashWithSalt` logBucket
+
+instance Prelude.NFData AssociateDRTLogBucket where
+  rnf AssociateDRTLogBucket' {..} =
+    Prelude.rnf logBucket
+
+instance Data.ToHeaders AssociateDRTLogBucket where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.AssociateDRTLogBucket" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON AssociateDRTLogBucket where
+  toJSON AssociateDRTLogBucket' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("LogBucket" Data..= logBucket)]
+      )
+
+instance Data.ToPath AssociateDRTLogBucket where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery AssociateDRTLogBucket where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAssociateDRTLogBucketResponse' smart constructor.
+data AssociateDRTLogBucketResponse = AssociateDRTLogBucketResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateDRTLogBucketResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'associateDRTLogBucketResponse_httpStatus' - The response's http status code.
+newAssociateDRTLogBucketResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  AssociateDRTLogBucketResponse
+newAssociateDRTLogBucketResponse pHttpStatus_ =
+  AssociateDRTLogBucketResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+associateDRTLogBucketResponse_httpStatus :: Lens.Lens' AssociateDRTLogBucketResponse Prelude.Int
+associateDRTLogBucketResponse_httpStatus = Lens.lens (\AssociateDRTLogBucketResponse' {httpStatus} -> httpStatus) (\s@AssociateDRTLogBucketResponse' {} a -> s {httpStatus = a} :: AssociateDRTLogBucketResponse)
+
+instance Prelude.NFData AssociateDRTLogBucketResponse where
+  rnf AssociateDRTLogBucketResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/AssociateDRTRole.hs b/gen/Amazonka/Shield/AssociateDRTRole.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/AssociateDRTRole.hs
@@ -0,0 +1,207 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.AssociateDRTRole
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Authorizes the Shield Response Team (SRT) using the specified role, to
+-- access your Amazon Web Services account to assist with DDoS attack
+-- mitigation during potential attacks. This enables the SRT to inspect
+-- your WAF configuration and create or update WAF rules and web ACLs.
+--
+-- You can associate only one @RoleArn@ with your subscription. If you
+-- submit an @AssociateDRTRole@ request for an account that already has an
+-- associated role, the new @RoleArn@ will replace the existing @RoleArn@.
+--
+-- Prior to making the @AssociateDRTRole@ request, you must attach the
+-- @AWSShieldDRTAccessPolicy@ managed policy to the role that you\'ll
+-- specify in the request. You can access this policy in the IAM console at
+-- <https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy AWSShieldDRTAccessPolicy>.
+-- For more information see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html Adding and removing IAM identity permissions>.
+-- The role must also trust the service principal
+-- @drt.shield.amazonaws.com@. For more information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html IAM JSON policy elements: Principal>.
+--
+-- The SRT will have access only to your WAF and Shield resources. By
+-- submitting this request, you authorize the SRT to inspect your WAF and
+-- Shield configuration and create and update WAF rules and web ACLs on
+-- your behalf. The SRT takes these actions only if explicitly authorized
+-- by you.
+--
+-- You must have the @iam:PassRole@ permission to make an
+-- @AssociateDRTRole@ request. For more information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html Granting a user permissions to pass a role to an Amazon Web Services service>.
+--
+-- To use the services of the SRT and make an @AssociateDRTRole@ request,
+-- you must be subscribed to the
+-- <http://aws.amazon.com/premiumsupport/business-support/ Business Support plan>
+-- or the
+-- <http://aws.amazon.com/premiumsupport/enterprise-support/ Enterprise Support plan>.
+module Amazonka.Shield.AssociateDRTRole
+  ( -- * Creating a Request
+    AssociateDRTRole (..),
+    newAssociateDRTRole,
+
+    -- * Request Lenses
+    associateDRTRole_roleArn,
+
+    -- * Destructuring the Response
+    AssociateDRTRoleResponse (..),
+    newAssociateDRTRoleResponse,
+
+    -- * Response Lenses
+    associateDRTRoleResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newAssociateDRTRole' smart constructor.
+data AssociateDRTRole = AssociateDRTRole'
+  { -- | The Amazon Resource Name (ARN) of the role the SRT will use to access
+    -- your Amazon Web Services account.
+    --
+    -- Prior to making the @AssociateDRTRole@ request, you must attach the
+    -- <https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy AWSShieldDRTAccessPolicy>
+    -- managed policy to this role. For more information see
+    -- <%20https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html Attaching and Detaching IAM Policies>.
+    roleArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateDRTRole' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'roleArn', 'associateDRTRole_roleArn' - The Amazon Resource Name (ARN) of the role the SRT will use to access
+-- your Amazon Web Services account.
+--
+-- Prior to making the @AssociateDRTRole@ request, you must attach the
+-- <https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy AWSShieldDRTAccessPolicy>
+-- managed policy to this role. For more information see
+-- <%20https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html Attaching and Detaching IAM Policies>.
+newAssociateDRTRole ::
+  -- | 'roleArn'
+  Prelude.Text ->
+  AssociateDRTRole
+newAssociateDRTRole pRoleArn_ =
+  AssociateDRTRole' {roleArn = pRoleArn_}
+
+-- | The Amazon Resource Name (ARN) of the role the SRT will use to access
+-- your Amazon Web Services account.
+--
+-- Prior to making the @AssociateDRTRole@ request, you must attach the
+-- <https://console.aws.amazon.com/iam/home?#/policies/arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy AWSShieldDRTAccessPolicy>
+-- managed policy to this role. For more information see
+-- <%20https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html Attaching and Detaching IAM Policies>.
+associateDRTRole_roleArn :: Lens.Lens' AssociateDRTRole Prelude.Text
+associateDRTRole_roleArn = Lens.lens (\AssociateDRTRole' {roleArn} -> roleArn) (\s@AssociateDRTRole' {} a -> s {roleArn = a} :: AssociateDRTRole)
+
+instance Core.AWSRequest AssociateDRTRole where
+  type
+    AWSResponse AssociateDRTRole =
+      AssociateDRTRoleResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          AssociateDRTRoleResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable AssociateDRTRole where
+  hashWithSalt _salt AssociateDRTRole' {..} =
+    _salt `Prelude.hashWithSalt` roleArn
+
+instance Prelude.NFData AssociateDRTRole where
+  rnf AssociateDRTRole' {..} = Prelude.rnf roleArn
+
+instance Data.ToHeaders AssociateDRTRole where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.AssociateDRTRole" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON AssociateDRTRole where
+  toJSON AssociateDRTRole' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("RoleArn" Data..= roleArn)]
+      )
+
+instance Data.ToPath AssociateDRTRole where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery AssociateDRTRole where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAssociateDRTRoleResponse' smart constructor.
+data AssociateDRTRoleResponse = AssociateDRTRoleResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateDRTRoleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'associateDRTRoleResponse_httpStatus' - The response's http status code.
+newAssociateDRTRoleResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  AssociateDRTRoleResponse
+newAssociateDRTRoleResponse pHttpStatus_ =
+  AssociateDRTRoleResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+associateDRTRoleResponse_httpStatus :: Lens.Lens' AssociateDRTRoleResponse Prelude.Int
+associateDRTRoleResponse_httpStatus = Lens.lens (\AssociateDRTRoleResponse' {httpStatus} -> httpStatus) (\s@AssociateDRTRoleResponse' {} a -> s {httpStatus = a} :: AssociateDRTRoleResponse)
+
+instance Prelude.NFData AssociateDRTRoleResponse where
+  rnf AssociateDRTRoleResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/AssociateHealthCheck.hs b/gen/Amazonka/Shield/AssociateHealthCheck.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/AssociateHealthCheck.hs
@@ -0,0 +1,194 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.AssociateHealthCheck
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Adds health-based detection to the Shield Advanced protection for a
+-- resource. Shield Advanced health-based detection uses the health of your
+-- Amazon Web Services resource to improve responsiveness and accuracy in
+-- attack detection and response.
+--
+-- You define the health check in Route 53 and then associate it with your
+-- Shield Advanced protection. For more information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html#ddos-advanced-health-check-option Shield Advanced Health-Based Detection>
+-- in the /WAF Developer Guide/.
+module Amazonka.Shield.AssociateHealthCheck
+  ( -- * Creating a Request
+    AssociateHealthCheck (..),
+    newAssociateHealthCheck,
+
+    -- * Request Lenses
+    associateHealthCheck_protectionId,
+    associateHealthCheck_healthCheckArn,
+
+    -- * Destructuring the Response
+    AssociateHealthCheckResponse (..),
+    newAssociateHealthCheckResponse,
+
+    -- * Response Lenses
+    associateHealthCheckResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newAssociateHealthCheck' smart constructor.
+data AssociateHealthCheck = AssociateHealthCheck'
+  { -- | The unique identifier (ID) for the Protection object to add the health
+    -- check association to.
+    protectionId :: Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the health check to associate with the
+    -- protection.
+    healthCheckArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateHealthCheck' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'protectionId', 'associateHealthCheck_protectionId' - The unique identifier (ID) for the Protection object to add the health
+-- check association to.
+--
+-- 'healthCheckArn', 'associateHealthCheck_healthCheckArn' - The Amazon Resource Name (ARN) of the health check to associate with the
+-- protection.
+newAssociateHealthCheck ::
+  -- | 'protectionId'
+  Prelude.Text ->
+  -- | 'healthCheckArn'
+  Prelude.Text ->
+  AssociateHealthCheck
+newAssociateHealthCheck
+  pProtectionId_
+  pHealthCheckArn_ =
+    AssociateHealthCheck'
+      { protectionId =
+          pProtectionId_,
+        healthCheckArn = pHealthCheckArn_
+      }
+
+-- | The unique identifier (ID) for the Protection object to add the health
+-- check association to.
+associateHealthCheck_protectionId :: Lens.Lens' AssociateHealthCheck Prelude.Text
+associateHealthCheck_protectionId = Lens.lens (\AssociateHealthCheck' {protectionId} -> protectionId) (\s@AssociateHealthCheck' {} a -> s {protectionId = a} :: AssociateHealthCheck)
+
+-- | The Amazon Resource Name (ARN) of the health check to associate with the
+-- protection.
+associateHealthCheck_healthCheckArn :: Lens.Lens' AssociateHealthCheck Prelude.Text
+associateHealthCheck_healthCheckArn = Lens.lens (\AssociateHealthCheck' {healthCheckArn} -> healthCheckArn) (\s@AssociateHealthCheck' {} a -> s {healthCheckArn = a} :: AssociateHealthCheck)
+
+instance Core.AWSRequest AssociateHealthCheck where
+  type
+    AWSResponse AssociateHealthCheck =
+      AssociateHealthCheckResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          AssociateHealthCheckResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable AssociateHealthCheck where
+  hashWithSalt _salt AssociateHealthCheck' {..} =
+    _salt
+      `Prelude.hashWithSalt` protectionId
+      `Prelude.hashWithSalt` healthCheckArn
+
+instance Prelude.NFData AssociateHealthCheck where
+  rnf AssociateHealthCheck' {..} =
+    Prelude.rnf protectionId
+      `Prelude.seq` Prelude.rnf healthCheckArn
+
+instance Data.ToHeaders AssociateHealthCheck where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.AssociateHealthCheck" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON AssociateHealthCheck where
+  toJSON AssociateHealthCheck' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ProtectionId" Data..= protectionId),
+            Prelude.Just
+              ("HealthCheckArn" Data..= healthCheckArn)
+          ]
+      )
+
+instance Data.ToPath AssociateHealthCheck where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery AssociateHealthCheck where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAssociateHealthCheckResponse' smart constructor.
+data AssociateHealthCheckResponse = AssociateHealthCheckResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateHealthCheckResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'associateHealthCheckResponse_httpStatus' - The response's http status code.
+newAssociateHealthCheckResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  AssociateHealthCheckResponse
+newAssociateHealthCheckResponse pHttpStatus_ =
+  AssociateHealthCheckResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+associateHealthCheckResponse_httpStatus :: Lens.Lens' AssociateHealthCheckResponse Prelude.Int
+associateHealthCheckResponse_httpStatus = Lens.lens (\AssociateHealthCheckResponse' {httpStatus} -> httpStatus) (\s@AssociateHealthCheckResponse' {} a -> s {httpStatus = a} :: AssociateHealthCheckResponse)
+
+instance Prelude.NFData AssociateHealthCheckResponse where
+  rnf AssociateHealthCheckResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/AssociateProactiveEngagementDetails.hs b/gen/Amazonka/Shield/AssociateProactiveEngagementDetails.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/AssociateProactiveEngagementDetails.hs
@@ -0,0 +1,234 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.AssociateProactiveEngagementDetails
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Initializes proactive engagement and sets the list of contacts for the
+-- Shield Response Team (SRT) to use. You must provide at least one phone
+-- number in the emergency contact list.
+--
+-- After you have initialized proactive engagement using this call, to
+-- disable or enable proactive engagement, use the calls
+-- @DisableProactiveEngagement@ and @EnableProactiveEngagement@.
+--
+-- This call defines the list of email addresses and phone numbers that the
+-- SRT can use to contact you for escalations to the SRT and to initiate
+-- proactive customer support.
+--
+-- The contacts that you provide in the request replace any contacts that
+-- were already defined. If you already have contacts defined and want to
+-- use them, retrieve the list using @DescribeEmergencyContactSettings@ and
+-- then provide it to this call.
+module Amazonka.Shield.AssociateProactiveEngagementDetails
+  ( -- * Creating a Request
+    AssociateProactiveEngagementDetails (..),
+    newAssociateProactiveEngagementDetails,
+
+    -- * Request Lenses
+    associateProactiveEngagementDetails_emergencyContactList,
+
+    -- * Destructuring the Response
+    AssociateProactiveEngagementDetailsResponse (..),
+    newAssociateProactiveEngagementDetailsResponse,
+
+    -- * Response Lenses
+    associateProactiveEngagementDetailsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newAssociateProactiveEngagementDetails' smart constructor.
+data AssociateProactiveEngagementDetails = AssociateProactiveEngagementDetails'
+  { -- | A list of email addresses and phone numbers that the Shield Response
+    -- Team (SRT) can use to contact you for escalations to the SRT and to
+    -- initiate proactive customer support.
+    --
+    -- To enable proactive engagement, the contact list must include at least
+    -- one phone number.
+    --
+    -- The contacts that you provide here replace any contacts that were
+    -- already defined. If you already have contacts defined and want to use
+    -- them, retrieve the list using @DescribeEmergencyContactSettings@ and
+    -- then provide it here.
+    emergencyContactList :: [EmergencyContact]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateProactiveEngagementDetails' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'emergencyContactList', 'associateProactiveEngagementDetails_emergencyContactList' - A list of email addresses and phone numbers that the Shield Response
+-- Team (SRT) can use to contact you for escalations to the SRT and to
+-- initiate proactive customer support.
+--
+-- To enable proactive engagement, the contact list must include at least
+-- one phone number.
+--
+-- The contacts that you provide here replace any contacts that were
+-- already defined. If you already have contacts defined and want to use
+-- them, retrieve the list using @DescribeEmergencyContactSettings@ and
+-- then provide it here.
+newAssociateProactiveEngagementDetails ::
+  AssociateProactiveEngagementDetails
+newAssociateProactiveEngagementDetails =
+  AssociateProactiveEngagementDetails'
+    { emergencyContactList =
+        Prelude.mempty
+    }
+
+-- | A list of email addresses and phone numbers that the Shield Response
+-- Team (SRT) can use to contact you for escalations to the SRT and to
+-- initiate proactive customer support.
+--
+-- To enable proactive engagement, the contact list must include at least
+-- one phone number.
+--
+-- The contacts that you provide here replace any contacts that were
+-- already defined. If you already have contacts defined and want to use
+-- them, retrieve the list using @DescribeEmergencyContactSettings@ and
+-- then provide it here.
+associateProactiveEngagementDetails_emergencyContactList :: Lens.Lens' AssociateProactiveEngagementDetails [EmergencyContact]
+associateProactiveEngagementDetails_emergencyContactList = Lens.lens (\AssociateProactiveEngagementDetails' {emergencyContactList} -> emergencyContactList) (\s@AssociateProactiveEngagementDetails' {} a -> s {emergencyContactList = a} :: AssociateProactiveEngagementDetails) Prelude.. Lens.coerced
+
+instance
+  Core.AWSRequest
+    AssociateProactiveEngagementDetails
+  where
+  type
+    AWSResponse AssociateProactiveEngagementDetails =
+      AssociateProactiveEngagementDetailsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          AssociateProactiveEngagementDetailsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    AssociateProactiveEngagementDetails
+  where
+  hashWithSalt
+    _salt
+    AssociateProactiveEngagementDetails' {..} =
+      _salt `Prelude.hashWithSalt` emergencyContactList
+
+instance
+  Prelude.NFData
+    AssociateProactiveEngagementDetails
+  where
+  rnf AssociateProactiveEngagementDetails' {..} =
+    Prelude.rnf emergencyContactList
+
+instance
+  Data.ToHeaders
+    AssociateProactiveEngagementDetails
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.AssociateProactiveEngagementDetails" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    AssociateProactiveEngagementDetails
+  where
+  toJSON AssociateProactiveEngagementDetails' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "EmergencyContactList"
+                  Data..= emergencyContactList
+              )
+          ]
+      )
+
+instance
+  Data.ToPath
+    AssociateProactiveEngagementDetails
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    AssociateProactiveEngagementDetails
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAssociateProactiveEngagementDetailsResponse' smart constructor.
+data AssociateProactiveEngagementDetailsResponse = AssociateProactiveEngagementDetailsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateProactiveEngagementDetailsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'associateProactiveEngagementDetailsResponse_httpStatus' - The response's http status code.
+newAssociateProactiveEngagementDetailsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  AssociateProactiveEngagementDetailsResponse
+newAssociateProactiveEngagementDetailsResponse
+  pHttpStatus_ =
+    AssociateProactiveEngagementDetailsResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+associateProactiveEngagementDetailsResponse_httpStatus :: Lens.Lens' AssociateProactiveEngagementDetailsResponse Prelude.Int
+associateProactiveEngagementDetailsResponse_httpStatus = Lens.lens (\AssociateProactiveEngagementDetailsResponse' {httpStatus} -> httpStatus) (\s@AssociateProactiveEngagementDetailsResponse' {} a -> s {httpStatus = a} :: AssociateProactiveEngagementDetailsResponse)
+
+instance
+  Prelude.NFData
+    AssociateProactiveEngagementDetailsResponse
+  where
+  rnf AssociateProactiveEngagementDetailsResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/CreateProtection.hs b/gen/Amazonka/Shield/CreateProtection.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/CreateProtection.hs
@@ -0,0 +1,278 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.CreateProtection
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Enables Shield Advanced for a specific Amazon Web Services resource. The
+-- resource can be an Amazon CloudFront distribution, Amazon Route 53
+-- hosted zone, Global Accelerator standard accelerator, Elastic IP
+-- Address, Application Load Balancer, or a Classic Load Balancer. You can
+-- protect Amazon EC2 instances and Network Load Balancers by association
+-- with protected Amazon EC2 Elastic IP addresses.
+--
+-- You can add protection to only a single resource with each
+-- @CreateProtection@ request. You can add protection to multiple resources
+-- at once through the Shield Advanced console at
+-- <https://console.aws.amazon.com/wafv2/shieldv2#/>. For more information
+-- see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html Getting Started with Shield Advanced>
+-- and
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html Adding Shield Advanced protection to Amazon Web Services resources>.
+module Amazonka.Shield.CreateProtection
+  ( -- * Creating a Request
+    CreateProtection (..),
+    newCreateProtection,
+
+    -- * Request Lenses
+    createProtection_tags,
+    createProtection_name,
+    createProtection_resourceArn,
+
+    -- * Destructuring the Response
+    CreateProtectionResponse (..),
+    newCreateProtectionResponse,
+
+    -- * Response Lenses
+    createProtectionResponse_protectionId,
+    createProtectionResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newCreateProtection' smart constructor.
+data CreateProtection = CreateProtection'
+  { -- | One or more tag key-value pairs for the Protection object that is
+    -- created.
+    tags :: Prelude.Maybe [Tag],
+    -- | Friendly name for the @Protection@ you are creating.
+    name :: Prelude.Text,
+    -- | The ARN (Amazon Resource Name) of the resource to be protected.
+    --
+    -- The ARN should be in one of the following formats:
+    --
+    -- -   For an Application Load Balancer:
+    --     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/app\/@/@load-balancer-name@/@\/@/@load-balancer-id@/@ @
+    --
+    -- -   For an Elastic Load Balancer (Classic Load Balancer):
+    --     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/@/@load-balancer-name@/@ @
+    --
+    -- -   For an Amazon CloudFront distribution:
+    --     @arn:aws:cloudfront::@/@account-id@/@:distribution\/@/@distribution-id@/@ @
+    --
+    -- -   For an Global Accelerator standard accelerator:
+    --     @arn:aws:globalaccelerator::@/@account-id@/@:accelerator\/@/@accelerator-id@/@ @
+    --
+    -- -   For Amazon Route 53:
+    --     @arn:aws:route53:::hostedzone\/@/@hosted-zone-id@/@ @
+    --
+    -- -   For an Elastic IP address:
+    --     @arn:aws:ec2:@/@region@/@:@/@account-id@/@:eip-allocation\/@/@allocation-id@/@ @
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateProtection' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'tags', 'createProtection_tags' - One or more tag key-value pairs for the Protection object that is
+-- created.
+--
+-- 'name', 'createProtection_name' - Friendly name for the @Protection@ you are creating.
+--
+-- 'resourceArn', 'createProtection_resourceArn' - The ARN (Amazon Resource Name) of the resource to be protected.
+--
+-- The ARN should be in one of the following formats:
+--
+-- -   For an Application Load Balancer:
+--     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/app\/@/@load-balancer-name@/@\/@/@load-balancer-id@/@ @
+--
+-- -   For an Elastic Load Balancer (Classic Load Balancer):
+--     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/@/@load-balancer-name@/@ @
+--
+-- -   For an Amazon CloudFront distribution:
+--     @arn:aws:cloudfront::@/@account-id@/@:distribution\/@/@distribution-id@/@ @
+--
+-- -   For an Global Accelerator standard accelerator:
+--     @arn:aws:globalaccelerator::@/@account-id@/@:accelerator\/@/@accelerator-id@/@ @
+--
+-- -   For Amazon Route 53:
+--     @arn:aws:route53:::hostedzone\/@/@hosted-zone-id@/@ @
+--
+-- -   For an Elastic IP address:
+--     @arn:aws:ec2:@/@region@/@:@/@account-id@/@:eip-allocation\/@/@allocation-id@/@ @
+newCreateProtection ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'resourceArn'
+  Prelude.Text ->
+  CreateProtection
+newCreateProtection pName_ pResourceArn_ =
+  CreateProtection'
+    { tags = Prelude.Nothing,
+      name = pName_,
+      resourceArn = pResourceArn_
+    }
+
+-- | One or more tag key-value pairs for the Protection object that is
+-- created.
+createProtection_tags :: Lens.Lens' CreateProtection (Prelude.Maybe [Tag])
+createProtection_tags = Lens.lens (\CreateProtection' {tags} -> tags) (\s@CreateProtection' {} a -> s {tags = a} :: CreateProtection) Prelude.. Lens.mapping Lens.coerced
+
+-- | Friendly name for the @Protection@ you are creating.
+createProtection_name :: Lens.Lens' CreateProtection Prelude.Text
+createProtection_name = Lens.lens (\CreateProtection' {name} -> name) (\s@CreateProtection' {} a -> s {name = a} :: CreateProtection)
+
+-- | The ARN (Amazon Resource Name) of the resource to be protected.
+--
+-- The ARN should be in one of the following formats:
+--
+-- -   For an Application Load Balancer:
+--     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/app\/@/@load-balancer-name@/@\/@/@load-balancer-id@/@ @
+--
+-- -   For an Elastic Load Balancer (Classic Load Balancer):
+--     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/@/@load-balancer-name@/@ @
+--
+-- -   For an Amazon CloudFront distribution:
+--     @arn:aws:cloudfront::@/@account-id@/@:distribution\/@/@distribution-id@/@ @
+--
+-- -   For an Global Accelerator standard accelerator:
+--     @arn:aws:globalaccelerator::@/@account-id@/@:accelerator\/@/@accelerator-id@/@ @
+--
+-- -   For Amazon Route 53:
+--     @arn:aws:route53:::hostedzone\/@/@hosted-zone-id@/@ @
+--
+-- -   For an Elastic IP address:
+--     @arn:aws:ec2:@/@region@/@:@/@account-id@/@:eip-allocation\/@/@allocation-id@/@ @
+createProtection_resourceArn :: Lens.Lens' CreateProtection Prelude.Text
+createProtection_resourceArn = Lens.lens (\CreateProtection' {resourceArn} -> resourceArn) (\s@CreateProtection' {} a -> s {resourceArn = a} :: CreateProtection)
+
+instance Core.AWSRequest CreateProtection where
+  type
+    AWSResponse CreateProtection =
+      CreateProtectionResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateProtectionResponse'
+            Prelude.<$> (x Data..?> "ProtectionId")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateProtection where
+  hashWithSalt _salt CreateProtection' {..} =
+    _salt
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData CreateProtection where
+  rnf CreateProtection' {..} =
+    Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf resourceArn
+
+instance Data.ToHeaders CreateProtection where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.CreateProtection" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateProtection where
+  toJSON CreateProtection' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("ResourceArn" Data..= resourceArn)
+          ]
+      )
+
+instance Data.ToPath CreateProtection where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateProtection where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateProtectionResponse' smart constructor.
+data CreateProtectionResponse = CreateProtectionResponse'
+  { -- | The unique identifier (ID) for the Protection object that is created.
+    protectionId :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateProtectionResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'protectionId', 'createProtectionResponse_protectionId' - The unique identifier (ID) for the Protection object that is created.
+--
+-- 'httpStatus', 'createProtectionResponse_httpStatus' - The response's http status code.
+newCreateProtectionResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateProtectionResponse
+newCreateProtectionResponse pHttpStatus_ =
+  CreateProtectionResponse'
+    { protectionId =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The unique identifier (ID) for the Protection object that is created.
+createProtectionResponse_protectionId :: Lens.Lens' CreateProtectionResponse (Prelude.Maybe Prelude.Text)
+createProtectionResponse_protectionId = Lens.lens (\CreateProtectionResponse' {protectionId} -> protectionId) (\s@CreateProtectionResponse' {} a -> s {protectionId = a} :: CreateProtectionResponse)
+
+-- | The response's http status code.
+createProtectionResponse_httpStatus :: Lens.Lens' CreateProtectionResponse Prelude.Int
+createProtectionResponse_httpStatus = Lens.lens (\CreateProtectionResponse' {httpStatus} -> httpStatus) (\s@CreateProtectionResponse' {} a -> s {httpStatus = a} :: CreateProtectionResponse)
+
+instance Prelude.NFData CreateProtectionResponse where
+  rnf CreateProtectionResponse' {..} =
+    Prelude.rnf protectionId
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/CreateProtectionGroup.hs b/gen/Amazonka/Shield/CreateProtectionGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/CreateProtectionGroup.hs
@@ -0,0 +1,311 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.CreateProtectionGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a grouping of protected resources so they can be handled as a
+-- collective. This resource grouping improves the accuracy of detection
+-- and reduces false positives.
+module Amazonka.Shield.CreateProtectionGroup
+  ( -- * Creating a Request
+    CreateProtectionGroup (..),
+    newCreateProtectionGroup,
+
+    -- * Request Lenses
+    createProtectionGroup_members,
+    createProtectionGroup_resourceType,
+    createProtectionGroup_tags,
+    createProtectionGroup_protectionGroupId,
+    createProtectionGroup_aggregation,
+    createProtectionGroup_pattern,
+
+    -- * Destructuring the Response
+    CreateProtectionGroupResponse (..),
+    newCreateProtectionGroupResponse,
+
+    -- * Response Lenses
+    createProtectionGroupResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newCreateProtectionGroup' smart constructor.
+data CreateProtectionGroup = CreateProtectionGroup'
+  { -- | The Amazon Resource Names (ARNs) of the resources to include in the
+    -- protection group. You must set this when you set @Pattern@ to
+    -- @ARBITRARY@ and you must not set it for any other @Pattern@ setting.
+    members :: Prelude.Maybe [Prelude.Text],
+    -- | The resource type to include in the protection group. All protected
+    -- resources of this type are included in the protection group. Newly
+    -- protected resources of this type are automatically added to the group.
+    -- You must set this when you set @Pattern@ to @BY_RESOURCE_TYPE@ and you
+    -- must not set it for any other @Pattern@ setting.
+    resourceType :: Prelude.Maybe ProtectedResourceType,
+    -- | One or more tag key-value pairs for the protection group.
+    tags :: Prelude.Maybe [Tag],
+    -- | The name of the protection group. You use this to identify the
+    -- protection group in lists and to manage the protection group, for
+    -- example to update, delete, or describe it.
+    protectionGroupId :: Prelude.Text,
+    -- | Defines how Shield combines resource data for the group in order to
+    -- detect, mitigate, and report events.
+    --
+    -- -   Sum - Use the total traffic across the group. This is a good choice
+    --     for most cases. Examples include Elastic IP addresses for EC2
+    --     instances that scale manually or automatically.
+    --
+    -- -   Mean - Use the average of the traffic across the group. This is a
+    --     good choice for resources that share traffic uniformly. Examples
+    --     include accelerators and load balancers.
+    --
+    -- -   Max - Use the highest traffic from each resource. This is useful for
+    --     resources that don\'t share traffic and for resources that share
+    --     that traffic in a non-uniform way. Examples include Amazon
+    --     CloudFront and origin resources for CloudFront distributions.
+    aggregation :: ProtectionGroupAggregation,
+    -- | The criteria to use to choose the protected resources for inclusion in
+    -- the group. You can include all resources that have protections, provide
+    -- a list of resource Amazon Resource Names (ARNs), or include all
+    -- resources of a specified resource type.
+    pattern' :: ProtectionGroupPattern
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateProtectionGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'members', 'createProtectionGroup_members' - The Amazon Resource Names (ARNs) of the resources to include in the
+-- protection group. You must set this when you set @Pattern@ to
+-- @ARBITRARY@ and you must not set it for any other @Pattern@ setting.
+--
+-- 'resourceType', 'createProtectionGroup_resourceType' - The resource type to include in the protection group. All protected
+-- resources of this type are included in the protection group. Newly
+-- protected resources of this type are automatically added to the group.
+-- You must set this when you set @Pattern@ to @BY_RESOURCE_TYPE@ and you
+-- must not set it for any other @Pattern@ setting.
+--
+-- 'tags', 'createProtectionGroup_tags' - One or more tag key-value pairs for the protection group.
+--
+-- 'protectionGroupId', 'createProtectionGroup_protectionGroupId' - The name of the protection group. You use this to identify the
+-- protection group in lists and to manage the protection group, for
+-- example to update, delete, or describe it.
+--
+-- 'aggregation', 'createProtectionGroup_aggregation' - Defines how Shield combines resource data for the group in order to
+-- detect, mitigate, and report events.
+--
+-- -   Sum - Use the total traffic across the group. This is a good choice
+--     for most cases. Examples include Elastic IP addresses for EC2
+--     instances that scale manually or automatically.
+--
+-- -   Mean - Use the average of the traffic across the group. This is a
+--     good choice for resources that share traffic uniformly. Examples
+--     include accelerators and load balancers.
+--
+-- -   Max - Use the highest traffic from each resource. This is useful for
+--     resources that don\'t share traffic and for resources that share
+--     that traffic in a non-uniform way. Examples include Amazon
+--     CloudFront and origin resources for CloudFront distributions.
+--
+-- 'pattern'', 'createProtectionGroup_pattern' - The criteria to use to choose the protected resources for inclusion in
+-- the group. You can include all resources that have protections, provide
+-- a list of resource Amazon Resource Names (ARNs), or include all
+-- resources of a specified resource type.
+newCreateProtectionGroup ::
+  -- | 'protectionGroupId'
+  Prelude.Text ->
+  -- | 'aggregation'
+  ProtectionGroupAggregation ->
+  -- | 'pattern''
+  ProtectionGroupPattern ->
+  CreateProtectionGroup
+newCreateProtectionGroup
+  pProtectionGroupId_
+  pAggregation_
+  pPattern_ =
+    CreateProtectionGroup'
+      { members = Prelude.Nothing,
+        resourceType = Prelude.Nothing,
+        tags = Prelude.Nothing,
+        protectionGroupId = pProtectionGroupId_,
+        aggregation = pAggregation_,
+        pattern' = pPattern_
+      }
+
+-- | The Amazon Resource Names (ARNs) of the resources to include in the
+-- protection group. You must set this when you set @Pattern@ to
+-- @ARBITRARY@ and you must not set it for any other @Pattern@ setting.
+createProtectionGroup_members :: Lens.Lens' CreateProtectionGroup (Prelude.Maybe [Prelude.Text])
+createProtectionGroup_members = Lens.lens (\CreateProtectionGroup' {members} -> members) (\s@CreateProtectionGroup' {} a -> s {members = a} :: CreateProtectionGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | The resource type to include in the protection group. All protected
+-- resources of this type are included in the protection group. Newly
+-- protected resources of this type are automatically added to the group.
+-- You must set this when you set @Pattern@ to @BY_RESOURCE_TYPE@ and you
+-- must not set it for any other @Pattern@ setting.
+createProtectionGroup_resourceType :: Lens.Lens' CreateProtectionGroup (Prelude.Maybe ProtectedResourceType)
+createProtectionGroup_resourceType = Lens.lens (\CreateProtectionGroup' {resourceType} -> resourceType) (\s@CreateProtectionGroup' {} a -> s {resourceType = a} :: CreateProtectionGroup)
+
+-- | One or more tag key-value pairs for the protection group.
+createProtectionGroup_tags :: Lens.Lens' CreateProtectionGroup (Prelude.Maybe [Tag])
+createProtectionGroup_tags = Lens.lens (\CreateProtectionGroup' {tags} -> tags) (\s@CreateProtectionGroup' {} a -> s {tags = a} :: CreateProtectionGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the protection group. You use this to identify the
+-- protection group in lists and to manage the protection group, for
+-- example to update, delete, or describe it.
+createProtectionGroup_protectionGroupId :: Lens.Lens' CreateProtectionGroup Prelude.Text
+createProtectionGroup_protectionGroupId = Lens.lens (\CreateProtectionGroup' {protectionGroupId} -> protectionGroupId) (\s@CreateProtectionGroup' {} a -> s {protectionGroupId = a} :: CreateProtectionGroup)
+
+-- | Defines how Shield combines resource data for the group in order to
+-- detect, mitigate, and report events.
+--
+-- -   Sum - Use the total traffic across the group. This is a good choice
+--     for most cases. Examples include Elastic IP addresses for EC2
+--     instances that scale manually or automatically.
+--
+-- -   Mean - Use the average of the traffic across the group. This is a
+--     good choice for resources that share traffic uniformly. Examples
+--     include accelerators and load balancers.
+--
+-- -   Max - Use the highest traffic from each resource. This is useful for
+--     resources that don\'t share traffic and for resources that share
+--     that traffic in a non-uniform way. Examples include Amazon
+--     CloudFront and origin resources for CloudFront distributions.
+createProtectionGroup_aggregation :: Lens.Lens' CreateProtectionGroup ProtectionGroupAggregation
+createProtectionGroup_aggregation = Lens.lens (\CreateProtectionGroup' {aggregation} -> aggregation) (\s@CreateProtectionGroup' {} a -> s {aggregation = a} :: CreateProtectionGroup)
+
+-- | The criteria to use to choose the protected resources for inclusion in
+-- the group. You can include all resources that have protections, provide
+-- a list of resource Amazon Resource Names (ARNs), or include all
+-- resources of a specified resource type.
+createProtectionGroup_pattern :: Lens.Lens' CreateProtectionGroup ProtectionGroupPattern
+createProtectionGroup_pattern = Lens.lens (\CreateProtectionGroup' {pattern'} -> pattern') (\s@CreateProtectionGroup' {} a -> s {pattern' = a} :: CreateProtectionGroup)
+
+instance Core.AWSRequest CreateProtectionGroup where
+  type
+    AWSResponse CreateProtectionGroup =
+      CreateProtectionGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          CreateProtectionGroupResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateProtectionGroup where
+  hashWithSalt _salt CreateProtectionGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` members
+      `Prelude.hashWithSalt` resourceType
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` protectionGroupId
+      `Prelude.hashWithSalt` aggregation
+      `Prelude.hashWithSalt` pattern'
+
+instance Prelude.NFData CreateProtectionGroup where
+  rnf CreateProtectionGroup' {..} =
+    Prelude.rnf members
+      `Prelude.seq` Prelude.rnf resourceType
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf protectionGroupId
+      `Prelude.seq` Prelude.rnf aggregation
+      `Prelude.seq` Prelude.rnf pattern'
+
+instance Data.ToHeaders CreateProtectionGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.CreateProtectionGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateProtectionGroup where
+  toJSON CreateProtectionGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Members" Data..=) Prelude.<$> members,
+            ("ResourceType" Data..=) Prelude.<$> resourceType,
+            ("Tags" Data..=) Prelude.<$> tags,
+            Prelude.Just
+              ("ProtectionGroupId" Data..= protectionGroupId),
+            Prelude.Just ("Aggregation" Data..= aggregation),
+            Prelude.Just ("Pattern" Data..= pattern')
+          ]
+      )
+
+instance Data.ToPath CreateProtectionGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateProtectionGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateProtectionGroupResponse' smart constructor.
+data CreateProtectionGroupResponse = CreateProtectionGroupResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateProtectionGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createProtectionGroupResponse_httpStatus' - The response's http status code.
+newCreateProtectionGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateProtectionGroupResponse
+newCreateProtectionGroupResponse pHttpStatus_ =
+  CreateProtectionGroupResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+createProtectionGroupResponse_httpStatus :: Lens.Lens' CreateProtectionGroupResponse Prelude.Int
+createProtectionGroupResponse_httpStatus = Lens.lens (\CreateProtectionGroupResponse' {httpStatus} -> httpStatus) (\s@CreateProtectionGroupResponse' {} a -> s {httpStatus = a} :: CreateProtectionGroupResponse)
+
+instance Prelude.NFData CreateProtectionGroupResponse where
+  rnf CreateProtectionGroupResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/CreateSubscription.hs b/gen/Amazonka/Shield/CreateSubscription.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/CreateSubscription.hs
@@ -0,0 +1,144 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.CreateSubscription
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Activates Shield Advanced for an account.
+--
+-- For accounts that are members of an Organizations organization, Shield
+-- Advanced subscriptions are billed against the organization\'s payer
+-- account, regardless of whether the payer account itself is subscribed.
+--
+-- When you initially create a subscription, your subscription is set to be
+-- automatically renewed at the end of the existing subscription period.
+-- You can change this by submitting an @UpdateSubscription@ request.
+module Amazonka.Shield.CreateSubscription
+  ( -- * Creating a Request
+    CreateSubscription (..),
+    newCreateSubscription,
+
+    -- * Destructuring the Response
+    CreateSubscriptionResponse (..),
+    newCreateSubscriptionResponse,
+
+    -- * Response Lenses
+    createSubscriptionResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newCreateSubscription' smart constructor.
+data CreateSubscription = CreateSubscription'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateSubscription' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newCreateSubscription ::
+  CreateSubscription
+newCreateSubscription = CreateSubscription'
+
+instance Core.AWSRequest CreateSubscription where
+  type
+    AWSResponse CreateSubscription =
+      CreateSubscriptionResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          CreateSubscriptionResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateSubscription where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData CreateSubscription where
+  rnf _ = ()
+
+instance Data.ToHeaders CreateSubscription where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.CreateSubscription" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateSubscription where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath CreateSubscription where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateSubscription where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateSubscriptionResponse' smart constructor.
+data CreateSubscriptionResponse = CreateSubscriptionResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateSubscriptionResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'createSubscriptionResponse_httpStatus' - The response's http status code.
+newCreateSubscriptionResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateSubscriptionResponse
+newCreateSubscriptionResponse pHttpStatus_ =
+  CreateSubscriptionResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+createSubscriptionResponse_httpStatus :: Lens.Lens' CreateSubscriptionResponse Prelude.Int
+createSubscriptionResponse_httpStatus = Lens.lens (\CreateSubscriptionResponse' {httpStatus} -> httpStatus) (\s@CreateSubscriptionResponse' {} a -> s {httpStatus = a} :: CreateSubscriptionResponse)
+
+instance Prelude.NFData CreateSubscriptionResponse where
+  rnf CreateSubscriptionResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/DeleteProtection.hs b/gen/Amazonka/Shield/DeleteProtection.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DeleteProtection.hs
@@ -0,0 +1,156 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DeleteProtection
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes an Shield Advanced Protection.
+module Amazonka.Shield.DeleteProtection
+  ( -- * Creating a Request
+    DeleteProtection (..),
+    newDeleteProtection,
+
+    -- * Request Lenses
+    deleteProtection_protectionId,
+
+    -- * Destructuring the Response
+    DeleteProtectionResponse (..),
+    newDeleteProtectionResponse,
+
+    -- * Response Lenses
+    deleteProtectionResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDeleteProtection' smart constructor.
+data DeleteProtection = DeleteProtection'
+  { -- | The unique identifier (ID) for the Protection object to be deleted.
+    protectionId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteProtection' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'protectionId', 'deleteProtection_protectionId' - The unique identifier (ID) for the Protection object to be deleted.
+newDeleteProtection ::
+  -- | 'protectionId'
+  Prelude.Text ->
+  DeleteProtection
+newDeleteProtection pProtectionId_ =
+  DeleteProtection' {protectionId = pProtectionId_}
+
+-- | The unique identifier (ID) for the Protection object to be deleted.
+deleteProtection_protectionId :: Lens.Lens' DeleteProtection Prelude.Text
+deleteProtection_protectionId = Lens.lens (\DeleteProtection' {protectionId} -> protectionId) (\s@DeleteProtection' {} a -> s {protectionId = a} :: DeleteProtection)
+
+instance Core.AWSRequest DeleteProtection where
+  type
+    AWSResponse DeleteProtection =
+      DeleteProtectionResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteProtectionResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteProtection where
+  hashWithSalt _salt DeleteProtection' {..} =
+    _salt `Prelude.hashWithSalt` protectionId
+
+instance Prelude.NFData DeleteProtection where
+  rnf DeleteProtection' {..} = Prelude.rnf protectionId
+
+instance Data.ToHeaders DeleteProtection where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DeleteProtection" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteProtection where
+  toJSON DeleteProtection' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ProtectionId" Data..= protectionId)]
+      )
+
+instance Data.ToPath DeleteProtection where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteProtection where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteProtectionResponse' smart constructor.
+data DeleteProtectionResponse = DeleteProtectionResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteProtectionResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteProtectionResponse_httpStatus' - The response's http status code.
+newDeleteProtectionResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteProtectionResponse
+newDeleteProtectionResponse pHttpStatus_ =
+  DeleteProtectionResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+deleteProtectionResponse_httpStatus :: Lens.Lens' DeleteProtectionResponse Prelude.Int
+deleteProtectionResponse_httpStatus = Lens.lens (\DeleteProtectionResponse' {httpStatus} -> httpStatus) (\s@DeleteProtectionResponse' {} a -> s {httpStatus = a} :: DeleteProtectionResponse)
+
+instance Prelude.NFData DeleteProtectionResponse where
+  rnf DeleteProtectionResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/DeleteProtectionGroup.hs b/gen/Amazonka/Shield/DeleteProtectionGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DeleteProtectionGroup.hs
@@ -0,0 +1,168 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DeleteProtectionGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes the specified protection group.
+module Amazonka.Shield.DeleteProtectionGroup
+  ( -- * Creating a Request
+    DeleteProtectionGroup (..),
+    newDeleteProtectionGroup,
+
+    -- * Request Lenses
+    deleteProtectionGroup_protectionGroupId,
+
+    -- * Destructuring the Response
+    DeleteProtectionGroupResponse (..),
+    newDeleteProtectionGroupResponse,
+
+    -- * Response Lenses
+    deleteProtectionGroupResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDeleteProtectionGroup' smart constructor.
+data DeleteProtectionGroup = DeleteProtectionGroup'
+  { -- | The name of the protection group. You use this to identify the
+    -- protection group in lists and to manage the protection group, for
+    -- example to update, delete, or describe it.
+    protectionGroupId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteProtectionGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'protectionGroupId', 'deleteProtectionGroup_protectionGroupId' - The name of the protection group. You use this to identify the
+-- protection group in lists and to manage the protection group, for
+-- example to update, delete, or describe it.
+newDeleteProtectionGroup ::
+  -- | 'protectionGroupId'
+  Prelude.Text ->
+  DeleteProtectionGroup
+newDeleteProtectionGroup pProtectionGroupId_ =
+  DeleteProtectionGroup'
+    { protectionGroupId =
+        pProtectionGroupId_
+    }
+
+-- | The name of the protection group. You use this to identify the
+-- protection group in lists and to manage the protection group, for
+-- example to update, delete, or describe it.
+deleteProtectionGroup_protectionGroupId :: Lens.Lens' DeleteProtectionGroup Prelude.Text
+deleteProtectionGroup_protectionGroupId = Lens.lens (\DeleteProtectionGroup' {protectionGroupId} -> protectionGroupId) (\s@DeleteProtectionGroup' {} a -> s {protectionGroupId = a} :: DeleteProtectionGroup)
+
+instance Core.AWSRequest DeleteProtectionGroup where
+  type
+    AWSResponse DeleteProtectionGroup =
+      DeleteProtectionGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteProtectionGroupResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteProtectionGroup where
+  hashWithSalt _salt DeleteProtectionGroup' {..} =
+    _salt `Prelude.hashWithSalt` protectionGroupId
+
+instance Prelude.NFData DeleteProtectionGroup where
+  rnf DeleteProtectionGroup' {..} =
+    Prelude.rnf protectionGroupId
+
+instance Data.ToHeaders DeleteProtectionGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DeleteProtectionGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteProtectionGroup where
+  toJSON DeleteProtectionGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("ProtectionGroupId" Data..= protectionGroupId)
+          ]
+      )
+
+instance Data.ToPath DeleteProtectionGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteProtectionGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteProtectionGroupResponse' smart constructor.
+data DeleteProtectionGroupResponse = DeleteProtectionGroupResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteProtectionGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteProtectionGroupResponse_httpStatus' - The response's http status code.
+newDeleteProtectionGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteProtectionGroupResponse
+newDeleteProtectionGroupResponse pHttpStatus_ =
+  DeleteProtectionGroupResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+deleteProtectionGroupResponse_httpStatus :: Lens.Lens' DeleteProtectionGroupResponse Prelude.Int
+deleteProtectionGroupResponse_httpStatus = Lens.lens (\DeleteProtectionGroupResponse' {httpStatus} -> httpStatus) (\s@DeleteProtectionGroupResponse' {} a -> s {httpStatus = a} :: DeleteProtectionGroupResponse)
+
+instance Prelude.NFData DeleteProtectionGroupResponse where
+  rnf DeleteProtectionGroupResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/DescribeAttack.hs b/gen/Amazonka/Shield/DescribeAttack.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DescribeAttack.hs
@@ -0,0 +1,167 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DescribeAttack
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Describes the details of a DDoS attack.
+module Amazonka.Shield.DescribeAttack
+  ( -- * Creating a Request
+    DescribeAttack (..),
+    newDescribeAttack,
+
+    -- * Request Lenses
+    describeAttack_attackId,
+
+    -- * Destructuring the Response
+    DescribeAttackResponse (..),
+    newDescribeAttackResponse,
+
+    -- * Response Lenses
+    describeAttackResponse_attack,
+    describeAttackResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDescribeAttack' smart constructor.
+data DescribeAttack = DescribeAttack'
+  { -- | The unique identifier (ID) for the attack.
+    attackId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeAttack' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attackId', 'describeAttack_attackId' - The unique identifier (ID) for the attack.
+newDescribeAttack ::
+  -- | 'attackId'
+  Prelude.Text ->
+  DescribeAttack
+newDescribeAttack pAttackId_ =
+  DescribeAttack' {attackId = pAttackId_}
+
+-- | The unique identifier (ID) for the attack.
+describeAttack_attackId :: Lens.Lens' DescribeAttack Prelude.Text
+describeAttack_attackId = Lens.lens (\DescribeAttack' {attackId} -> attackId) (\s@DescribeAttack' {} a -> s {attackId = a} :: DescribeAttack)
+
+instance Core.AWSRequest DescribeAttack where
+  type
+    AWSResponse DescribeAttack =
+      DescribeAttackResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeAttackResponse'
+            Prelude.<$> (x Data..?> "Attack")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DescribeAttack where
+  hashWithSalt _salt DescribeAttack' {..} =
+    _salt `Prelude.hashWithSalt` attackId
+
+instance Prelude.NFData DescribeAttack where
+  rnf DescribeAttack' {..} = Prelude.rnf attackId
+
+instance Data.ToHeaders DescribeAttack where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DescribeAttack" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DescribeAttack where
+  toJSON DescribeAttack' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("AttackId" Data..= attackId)]
+      )
+
+instance Data.ToPath DescribeAttack where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DescribeAttack where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeAttackResponse' smart constructor.
+data DescribeAttackResponse = DescribeAttackResponse'
+  { -- | The attack that you requested.
+    attack :: Prelude.Maybe AttackDetail,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeAttackResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attack', 'describeAttackResponse_attack' - The attack that you requested.
+--
+-- 'httpStatus', 'describeAttackResponse_httpStatus' - The response's http status code.
+newDescribeAttackResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeAttackResponse
+newDescribeAttackResponse pHttpStatus_ =
+  DescribeAttackResponse'
+    { attack = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The attack that you requested.
+describeAttackResponse_attack :: Lens.Lens' DescribeAttackResponse (Prelude.Maybe AttackDetail)
+describeAttackResponse_attack = Lens.lens (\DescribeAttackResponse' {attack} -> attack) (\s@DescribeAttackResponse' {} a -> s {attack = a} :: DescribeAttackResponse)
+
+-- | The response's http status code.
+describeAttackResponse_httpStatus :: Lens.Lens' DescribeAttackResponse Prelude.Int
+describeAttackResponse_httpStatus = Lens.lens (\DescribeAttackResponse' {httpStatus} -> httpStatus) (\s@DescribeAttackResponse' {} a -> s {httpStatus = a} :: DescribeAttackResponse)
+
+instance Prelude.NFData DescribeAttackResponse where
+  rnf DescribeAttackResponse' {..} =
+    Prelude.rnf attack
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/DescribeAttackStatistics.hs b/gen/Amazonka/Shield/DescribeAttackStatistics.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DescribeAttackStatistics.hs
@@ -0,0 +1,181 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DescribeAttackStatistics
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Provides information about the number and type of attacks Shield has
+-- detected in the last year for all resources that belong to your account,
+-- regardless of whether you\'ve defined Shield protections for them. This
+-- operation is available to Shield customers as well as to Shield Advanced
+-- customers.
+--
+-- The operation returns data for the time range of midnight UTC, one year
+-- ago, to midnight UTC, today. For example, if the current time is
+-- @2020-10-26 15:39:32 PDT@, equal to @2020-10-26 22:39:32 UTC@, then the
+-- time range for the attack data returned is from
+-- @2019-10-26 00:00:00 UTC@ to @2020-10-26 00:00:00 UTC@.
+--
+-- The time range indicates the period covered by the attack statistics
+-- data items.
+module Amazonka.Shield.DescribeAttackStatistics
+  ( -- * Creating a Request
+    DescribeAttackStatistics (..),
+    newDescribeAttackStatistics,
+
+    -- * Destructuring the Response
+    DescribeAttackStatisticsResponse (..),
+    newDescribeAttackStatisticsResponse,
+
+    -- * Response Lenses
+    describeAttackStatisticsResponse_httpStatus,
+    describeAttackStatisticsResponse_timeRange,
+    describeAttackStatisticsResponse_dataItems,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDescribeAttackStatistics' smart constructor.
+data DescribeAttackStatistics = DescribeAttackStatistics'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeAttackStatistics' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newDescribeAttackStatistics ::
+  DescribeAttackStatistics
+newDescribeAttackStatistics =
+  DescribeAttackStatistics'
+
+instance Core.AWSRequest DescribeAttackStatistics where
+  type
+    AWSResponse DescribeAttackStatistics =
+      DescribeAttackStatisticsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeAttackStatisticsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "TimeRange")
+            Prelude.<*> (x Data..?> "DataItems" Core..!@ Prelude.mempty)
+      )
+
+instance Prelude.Hashable DescribeAttackStatistics where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData DescribeAttackStatistics where
+  rnf _ = ()
+
+instance Data.ToHeaders DescribeAttackStatistics where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DescribeAttackStatistics" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DescribeAttackStatistics where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath DescribeAttackStatistics where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DescribeAttackStatistics where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeAttackStatisticsResponse' smart constructor.
+data DescribeAttackStatisticsResponse = DescribeAttackStatisticsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The time range of the attack.
+    timeRange :: TimeRange,
+    -- | The data that describes the attacks detected during the time period.
+    dataItems :: [AttackStatisticsDataItem]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeAttackStatisticsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'describeAttackStatisticsResponse_httpStatus' - The response's http status code.
+--
+-- 'timeRange', 'describeAttackStatisticsResponse_timeRange' - The time range of the attack.
+--
+-- 'dataItems', 'describeAttackStatisticsResponse_dataItems' - The data that describes the attacks detected during the time period.
+newDescribeAttackStatisticsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'timeRange'
+  TimeRange ->
+  DescribeAttackStatisticsResponse
+newDescribeAttackStatisticsResponse
+  pHttpStatus_
+  pTimeRange_ =
+    DescribeAttackStatisticsResponse'
+      { httpStatus =
+          pHttpStatus_,
+        timeRange = pTimeRange_,
+        dataItems = Prelude.mempty
+      }
+
+-- | The response's http status code.
+describeAttackStatisticsResponse_httpStatus :: Lens.Lens' DescribeAttackStatisticsResponse Prelude.Int
+describeAttackStatisticsResponse_httpStatus = Lens.lens (\DescribeAttackStatisticsResponse' {httpStatus} -> httpStatus) (\s@DescribeAttackStatisticsResponse' {} a -> s {httpStatus = a} :: DescribeAttackStatisticsResponse)
+
+-- | The time range of the attack.
+describeAttackStatisticsResponse_timeRange :: Lens.Lens' DescribeAttackStatisticsResponse TimeRange
+describeAttackStatisticsResponse_timeRange = Lens.lens (\DescribeAttackStatisticsResponse' {timeRange} -> timeRange) (\s@DescribeAttackStatisticsResponse' {} a -> s {timeRange = a} :: DescribeAttackStatisticsResponse)
+
+-- | The data that describes the attacks detected during the time period.
+describeAttackStatisticsResponse_dataItems :: Lens.Lens' DescribeAttackStatisticsResponse [AttackStatisticsDataItem]
+describeAttackStatisticsResponse_dataItems = Lens.lens (\DescribeAttackStatisticsResponse' {dataItems} -> dataItems) (\s@DescribeAttackStatisticsResponse' {} a -> s {dataItems = a} :: DescribeAttackStatisticsResponse) Prelude.. Lens.coerced
+
+instance
+  Prelude.NFData
+    DescribeAttackStatisticsResponse
+  where
+  rnf DescribeAttackStatisticsResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf timeRange
+      `Prelude.seq` Prelude.rnf dataItems
diff --git a/gen/Amazonka/Shield/DescribeDRTAccess.hs b/gen/Amazonka/Shield/DescribeDRTAccess.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DescribeDRTAccess.hs
@@ -0,0 +1,165 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DescribeDRTAccess
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the current role and list of Amazon S3 log buckets used by the
+-- Shield Response Team (SRT) to access your Amazon Web Services account
+-- while assisting with attack mitigation.
+module Amazonka.Shield.DescribeDRTAccess
+  ( -- * Creating a Request
+    DescribeDRTAccess (..),
+    newDescribeDRTAccess,
+
+    -- * Destructuring the Response
+    DescribeDRTAccessResponse (..),
+    newDescribeDRTAccessResponse,
+
+    -- * Response Lenses
+    describeDRTAccessResponse_logBucketList,
+    describeDRTAccessResponse_roleArn,
+    describeDRTAccessResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDescribeDRTAccess' smart constructor.
+data DescribeDRTAccess = DescribeDRTAccess'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeDRTAccess' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newDescribeDRTAccess ::
+  DescribeDRTAccess
+newDescribeDRTAccess = DescribeDRTAccess'
+
+instance Core.AWSRequest DescribeDRTAccess where
+  type
+    AWSResponse DescribeDRTAccess =
+      DescribeDRTAccessResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeDRTAccessResponse'
+            Prelude.<$> (x Data..?> "LogBucketList" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "RoleArn")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DescribeDRTAccess where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData DescribeDRTAccess where
+  rnf _ = ()
+
+instance Data.ToHeaders DescribeDRTAccess where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DescribeDRTAccess" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DescribeDRTAccess where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath DescribeDRTAccess where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DescribeDRTAccess where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeDRTAccessResponse' smart constructor.
+data DescribeDRTAccessResponse = DescribeDRTAccessResponse'
+  { -- | The list of Amazon S3 buckets accessed by the SRT.
+    logBucketList :: Prelude.Maybe [Prelude.Text],
+    -- | The Amazon Resource Name (ARN) of the role the SRT used to access your
+    -- Amazon Web Services account.
+    roleArn :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeDRTAccessResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'logBucketList', 'describeDRTAccessResponse_logBucketList' - The list of Amazon S3 buckets accessed by the SRT.
+--
+-- 'roleArn', 'describeDRTAccessResponse_roleArn' - The Amazon Resource Name (ARN) of the role the SRT used to access your
+-- Amazon Web Services account.
+--
+-- 'httpStatus', 'describeDRTAccessResponse_httpStatus' - The response's http status code.
+newDescribeDRTAccessResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeDRTAccessResponse
+newDescribeDRTAccessResponse pHttpStatus_ =
+  DescribeDRTAccessResponse'
+    { logBucketList =
+        Prelude.Nothing,
+      roleArn = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The list of Amazon S3 buckets accessed by the SRT.
+describeDRTAccessResponse_logBucketList :: Lens.Lens' DescribeDRTAccessResponse (Prelude.Maybe [Prelude.Text])
+describeDRTAccessResponse_logBucketList = Lens.lens (\DescribeDRTAccessResponse' {logBucketList} -> logBucketList) (\s@DescribeDRTAccessResponse' {} a -> s {logBucketList = a} :: DescribeDRTAccessResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Amazon Resource Name (ARN) of the role the SRT used to access your
+-- Amazon Web Services account.
+describeDRTAccessResponse_roleArn :: Lens.Lens' DescribeDRTAccessResponse (Prelude.Maybe Prelude.Text)
+describeDRTAccessResponse_roleArn = Lens.lens (\DescribeDRTAccessResponse' {roleArn} -> roleArn) (\s@DescribeDRTAccessResponse' {} a -> s {roleArn = a} :: DescribeDRTAccessResponse)
+
+-- | The response's http status code.
+describeDRTAccessResponse_httpStatus :: Lens.Lens' DescribeDRTAccessResponse Prelude.Int
+describeDRTAccessResponse_httpStatus = Lens.lens (\DescribeDRTAccessResponse' {httpStatus} -> httpStatus) (\s@DescribeDRTAccessResponse' {} a -> s {httpStatus = a} :: DescribeDRTAccessResponse)
+
+instance Prelude.NFData DescribeDRTAccessResponse where
+  rnf DescribeDRTAccessResponse' {..} =
+    Prelude.rnf logBucketList
+      `Prelude.seq` Prelude.rnf roleArn
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/DescribeEmergencyContactSettings.hs b/gen/Amazonka/Shield/DescribeEmergencyContactSettings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DescribeEmergencyContactSettings.hs
@@ -0,0 +1,183 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DescribeEmergencyContactSettings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- A list of email addresses and phone numbers that the Shield Response
+-- Team (SRT) can use to contact you if you have proactive engagement
+-- enabled, for escalations to the SRT and to initiate proactive customer
+-- support.
+module Amazonka.Shield.DescribeEmergencyContactSettings
+  ( -- * Creating a Request
+    DescribeEmergencyContactSettings (..),
+    newDescribeEmergencyContactSettings,
+
+    -- * Destructuring the Response
+    DescribeEmergencyContactSettingsResponse (..),
+    newDescribeEmergencyContactSettingsResponse,
+
+    -- * Response Lenses
+    describeEmergencyContactSettingsResponse_emergencyContactList,
+    describeEmergencyContactSettingsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDescribeEmergencyContactSettings' smart constructor.
+data DescribeEmergencyContactSettings = DescribeEmergencyContactSettings'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeEmergencyContactSettings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newDescribeEmergencyContactSettings ::
+  DescribeEmergencyContactSettings
+newDescribeEmergencyContactSettings =
+  DescribeEmergencyContactSettings'
+
+instance
+  Core.AWSRequest
+    DescribeEmergencyContactSettings
+  where
+  type
+    AWSResponse DescribeEmergencyContactSettings =
+      DescribeEmergencyContactSettingsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeEmergencyContactSettingsResponse'
+            Prelude.<$> ( x
+                            Data..?> "EmergencyContactList"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DescribeEmergencyContactSettings
+  where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance
+  Prelude.NFData
+    DescribeEmergencyContactSettings
+  where
+  rnf _ = ()
+
+instance
+  Data.ToHeaders
+    DescribeEmergencyContactSettings
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DescribeEmergencyContactSettings" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DescribeEmergencyContactSettings where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath DescribeEmergencyContactSettings where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    DescribeEmergencyContactSettings
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeEmergencyContactSettingsResponse' smart constructor.
+data DescribeEmergencyContactSettingsResponse = DescribeEmergencyContactSettingsResponse'
+  { -- | A list of email addresses and phone numbers that the Shield Response
+    -- Team (SRT) can use to contact you if you have proactive engagement
+    -- enabled, for escalations to the SRT and to initiate proactive customer
+    -- support.
+    emergencyContactList :: Prelude.Maybe [EmergencyContact],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeEmergencyContactSettingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'emergencyContactList', 'describeEmergencyContactSettingsResponse_emergencyContactList' - A list of email addresses and phone numbers that the Shield Response
+-- Team (SRT) can use to contact you if you have proactive engagement
+-- enabled, for escalations to the SRT and to initiate proactive customer
+-- support.
+--
+-- 'httpStatus', 'describeEmergencyContactSettingsResponse_httpStatus' - The response's http status code.
+newDescribeEmergencyContactSettingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeEmergencyContactSettingsResponse
+newDescribeEmergencyContactSettingsResponse
+  pHttpStatus_ =
+    DescribeEmergencyContactSettingsResponse'
+      { emergencyContactList =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | A list of email addresses and phone numbers that the Shield Response
+-- Team (SRT) can use to contact you if you have proactive engagement
+-- enabled, for escalations to the SRT and to initiate proactive customer
+-- support.
+describeEmergencyContactSettingsResponse_emergencyContactList :: Lens.Lens' DescribeEmergencyContactSettingsResponse (Prelude.Maybe [EmergencyContact])
+describeEmergencyContactSettingsResponse_emergencyContactList = Lens.lens (\DescribeEmergencyContactSettingsResponse' {emergencyContactList} -> emergencyContactList) (\s@DescribeEmergencyContactSettingsResponse' {} a -> s {emergencyContactList = a} :: DescribeEmergencyContactSettingsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+describeEmergencyContactSettingsResponse_httpStatus :: Lens.Lens' DescribeEmergencyContactSettingsResponse Prelude.Int
+describeEmergencyContactSettingsResponse_httpStatus = Lens.lens (\DescribeEmergencyContactSettingsResponse' {httpStatus} -> httpStatus) (\s@DescribeEmergencyContactSettingsResponse' {} a -> s {httpStatus = a} :: DescribeEmergencyContactSettingsResponse)
+
+instance
+  Prelude.NFData
+    DescribeEmergencyContactSettingsResponse
+  where
+  rnf DescribeEmergencyContactSettingsResponse' {..} =
+    Prelude.rnf emergencyContactList
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/DescribeProtection.hs b/gen/Amazonka/Shield/DescribeProtection.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DescribeProtection.hs
@@ -0,0 +1,196 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DescribeProtection
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Lists the details of a Protection object.
+module Amazonka.Shield.DescribeProtection
+  ( -- * Creating a Request
+    DescribeProtection (..),
+    newDescribeProtection,
+
+    -- * Request Lenses
+    describeProtection_protectionId,
+    describeProtection_resourceArn,
+
+    -- * Destructuring the Response
+    DescribeProtectionResponse (..),
+    newDescribeProtectionResponse,
+
+    -- * Response Lenses
+    describeProtectionResponse_protection,
+    describeProtectionResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDescribeProtection' smart constructor.
+data DescribeProtection = DescribeProtection'
+  { -- | The unique identifier (ID) for the Protection object to describe. You
+    -- must provide either the @ResourceArn@ of the protected resource or the
+    -- @ProtectionID@ of the protection, but not both.
+    protectionId :: Prelude.Maybe Prelude.Text,
+    -- | The ARN (Amazon Resource Name) of the protected Amazon Web Services
+    -- resource. You must provide either the @ResourceArn@ of the protected
+    -- resource or the @ProtectionID@ of the protection, but not both.
+    resourceArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeProtection' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'protectionId', 'describeProtection_protectionId' - The unique identifier (ID) for the Protection object to describe. You
+-- must provide either the @ResourceArn@ of the protected resource or the
+-- @ProtectionID@ of the protection, but not both.
+--
+-- 'resourceArn', 'describeProtection_resourceArn' - The ARN (Amazon Resource Name) of the protected Amazon Web Services
+-- resource. You must provide either the @ResourceArn@ of the protected
+-- resource or the @ProtectionID@ of the protection, but not both.
+newDescribeProtection ::
+  DescribeProtection
+newDescribeProtection =
+  DescribeProtection'
+    { protectionId = Prelude.Nothing,
+      resourceArn = Prelude.Nothing
+    }
+
+-- | The unique identifier (ID) for the Protection object to describe. You
+-- must provide either the @ResourceArn@ of the protected resource or the
+-- @ProtectionID@ of the protection, but not both.
+describeProtection_protectionId :: Lens.Lens' DescribeProtection (Prelude.Maybe Prelude.Text)
+describeProtection_protectionId = Lens.lens (\DescribeProtection' {protectionId} -> protectionId) (\s@DescribeProtection' {} a -> s {protectionId = a} :: DescribeProtection)
+
+-- | The ARN (Amazon Resource Name) of the protected Amazon Web Services
+-- resource. You must provide either the @ResourceArn@ of the protected
+-- resource or the @ProtectionID@ of the protection, but not both.
+describeProtection_resourceArn :: Lens.Lens' DescribeProtection (Prelude.Maybe Prelude.Text)
+describeProtection_resourceArn = Lens.lens (\DescribeProtection' {resourceArn} -> resourceArn) (\s@DescribeProtection' {} a -> s {resourceArn = a} :: DescribeProtection)
+
+instance Core.AWSRequest DescribeProtection where
+  type
+    AWSResponse DescribeProtection =
+      DescribeProtectionResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeProtectionResponse'
+            Prelude.<$> (x Data..?> "Protection")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DescribeProtection where
+  hashWithSalt _salt DescribeProtection' {..} =
+    _salt
+      `Prelude.hashWithSalt` protectionId
+      `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData DescribeProtection where
+  rnf DescribeProtection' {..} =
+    Prelude.rnf protectionId
+      `Prelude.seq` Prelude.rnf resourceArn
+
+instance Data.ToHeaders DescribeProtection where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DescribeProtection" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DescribeProtection where
+  toJSON DescribeProtection' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ProtectionId" Data..=) Prelude.<$> protectionId,
+            ("ResourceArn" Data..=) Prelude.<$> resourceArn
+          ]
+      )
+
+instance Data.ToPath DescribeProtection where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DescribeProtection where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeProtectionResponse' smart constructor.
+data DescribeProtectionResponse = DescribeProtectionResponse'
+  { -- | The Protection that you requested.
+    protection :: Prelude.Maybe Protection,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeProtectionResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'protection', 'describeProtectionResponse_protection' - The Protection that you requested.
+--
+-- 'httpStatus', 'describeProtectionResponse_httpStatus' - The response's http status code.
+newDescribeProtectionResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeProtectionResponse
+newDescribeProtectionResponse pHttpStatus_ =
+  DescribeProtectionResponse'
+    { protection =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The Protection that you requested.
+describeProtectionResponse_protection :: Lens.Lens' DescribeProtectionResponse (Prelude.Maybe Protection)
+describeProtectionResponse_protection = Lens.lens (\DescribeProtectionResponse' {protection} -> protection) (\s@DescribeProtectionResponse' {} a -> s {protection = a} :: DescribeProtectionResponse)
+
+-- | The response's http status code.
+describeProtectionResponse_httpStatus :: Lens.Lens' DescribeProtectionResponse Prelude.Int
+describeProtectionResponse_httpStatus = Lens.lens (\DescribeProtectionResponse' {httpStatus} -> httpStatus) (\s@DescribeProtectionResponse' {} a -> s {httpStatus = a} :: DescribeProtectionResponse)
+
+instance Prelude.NFData DescribeProtectionResponse where
+  rnf DescribeProtectionResponse' {..} =
+    Prelude.rnf protection
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/DescribeProtectionGroup.hs b/gen/Amazonka/Shield/DescribeProtectionGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DescribeProtectionGroup.hs
@@ -0,0 +1,193 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DescribeProtectionGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the specification for the specified protection group.
+module Amazonka.Shield.DescribeProtectionGroup
+  ( -- * Creating a Request
+    DescribeProtectionGroup (..),
+    newDescribeProtectionGroup,
+
+    -- * Request Lenses
+    describeProtectionGroup_protectionGroupId,
+
+    -- * Destructuring the Response
+    DescribeProtectionGroupResponse (..),
+    newDescribeProtectionGroupResponse,
+
+    -- * Response Lenses
+    describeProtectionGroupResponse_httpStatus,
+    describeProtectionGroupResponse_protectionGroup,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDescribeProtectionGroup' smart constructor.
+data DescribeProtectionGroup = DescribeProtectionGroup'
+  { -- | The name of the protection group. You use this to identify the
+    -- protection group in lists and to manage the protection group, for
+    -- example to update, delete, or describe it.
+    protectionGroupId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeProtectionGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'protectionGroupId', 'describeProtectionGroup_protectionGroupId' - The name of the protection group. You use this to identify the
+-- protection group in lists and to manage the protection group, for
+-- example to update, delete, or describe it.
+newDescribeProtectionGroup ::
+  -- | 'protectionGroupId'
+  Prelude.Text ->
+  DescribeProtectionGroup
+newDescribeProtectionGroup pProtectionGroupId_ =
+  DescribeProtectionGroup'
+    { protectionGroupId =
+        pProtectionGroupId_
+    }
+
+-- | The name of the protection group. You use this to identify the
+-- protection group in lists and to manage the protection group, for
+-- example to update, delete, or describe it.
+describeProtectionGroup_protectionGroupId :: Lens.Lens' DescribeProtectionGroup Prelude.Text
+describeProtectionGroup_protectionGroupId = Lens.lens (\DescribeProtectionGroup' {protectionGroupId} -> protectionGroupId) (\s@DescribeProtectionGroup' {} a -> s {protectionGroupId = a} :: DescribeProtectionGroup)
+
+instance Core.AWSRequest DescribeProtectionGroup where
+  type
+    AWSResponse DescribeProtectionGroup =
+      DescribeProtectionGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeProtectionGroupResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "ProtectionGroup")
+      )
+
+instance Prelude.Hashable DescribeProtectionGroup where
+  hashWithSalt _salt DescribeProtectionGroup' {..} =
+    _salt `Prelude.hashWithSalt` protectionGroupId
+
+instance Prelude.NFData DescribeProtectionGroup where
+  rnf DescribeProtectionGroup' {..} =
+    Prelude.rnf protectionGroupId
+
+instance Data.ToHeaders DescribeProtectionGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DescribeProtectionGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DescribeProtectionGroup where
+  toJSON DescribeProtectionGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("ProtectionGroupId" Data..= protectionGroupId)
+          ]
+      )
+
+instance Data.ToPath DescribeProtectionGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DescribeProtectionGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeProtectionGroupResponse' smart constructor.
+data DescribeProtectionGroupResponse = DescribeProtectionGroupResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | A grouping of protected resources that you and Shield Advanced can
+    -- monitor as a collective. This resource grouping improves the accuracy of
+    -- detection and reduces false positives.
+    protectionGroup :: ProtectionGroup
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeProtectionGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'describeProtectionGroupResponse_httpStatus' - The response's http status code.
+--
+-- 'protectionGroup', 'describeProtectionGroupResponse_protectionGroup' - A grouping of protected resources that you and Shield Advanced can
+-- monitor as a collective. This resource grouping improves the accuracy of
+-- detection and reduces false positives.
+newDescribeProtectionGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'protectionGroup'
+  ProtectionGroup ->
+  DescribeProtectionGroupResponse
+newDescribeProtectionGroupResponse
+  pHttpStatus_
+  pProtectionGroup_ =
+    DescribeProtectionGroupResponse'
+      { httpStatus =
+          pHttpStatus_,
+        protectionGroup = pProtectionGroup_
+      }
+
+-- | The response's http status code.
+describeProtectionGroupResponse_httpStatus :: Lens.Lens' DescribeProtectionGroupResponse Prelude.Int
+describeProtectionGroupResponse_httpStatus = Lens.lens (\DescribeProtectionGroupResponse' {httpStatus} -> httpStatus) (\s@DescribeProtectionGroupResponse' {} a -> s {httpStatus = a} :: DescribeProtectionGroupResponse)
+
+-- | A grouping of protected resources that you and Shield Advanced can
+-- monitor as a collective. This resource grouping improves the accuracy of
+-- detection and reduces false positives.
+describeProtectionGroupResponse_protectionGroup :: Lens.Lens' DescribeProtectionGroupResponse ProtectionGroup
+describeProtectionGroupResponse_protectionGroup = Lens.lens (\DescribeProtectionGroupResponse' {protectionGroup} -> protectionGroup) (\s@DescribeProtectionGroupResponse' {} a -> s {protectionGroup = a} :: DescribeProtectionGroupResponse)
+
+instance
+  Prelude.NFData
+    DescribeProtectionGroupResponse
+  where
+  rnf DescribeProtectionGroupResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf protectionGroup
diff --git a/gen/Amazonka/Shield/DescribeSubscription.hs b/gen/Amazonka/Shield/DescribeSubscription.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DescribeSubscription.hs
@@ -0,0 +1,148 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DescribeSubscription
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Provides details about the Shield Advanced subscription for an account.
+module Amazonka.Shield.DescribeSubscription
+  ( -- * Creating a Request
+    DescribeSubscription (..),
+    newDescribeSubscription,
+
+    -- * Destructuring the Response
+    DescribeSubscriptionResponse (..),
+    newDescribeSubscriptionResponse,
+
+    -- * Response Lenses
+    describeSubscriptionResponse_subscription,
+    describeSubscriptionResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDescribeSubscription' smart constructor.
+data DescribeSubscription = DescribeSubscription'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeSubscription' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newDescribeSubscription ::
+  DescribeSubscription
+newDescribeSubscription = DescribeSubscription'
+
+instance Core.AWSRequest DescribeSubscription where
+  type
+    AWSResponse DescribeSubscription =
+      DescribeSubscriptionResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeSubscriptionResponse'
+            Prelude.<$> (x Data..?> "Subscription")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DescribeSubscription where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData DescribeSubscription where
+  rnf _ = ()
+
+instance Data.ToHeaders DescribeSubscription where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DescribeSubscription" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DescribeSubscription where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath DescribeSubscription where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DescribeSubscription where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeSubscriptionResponse' smart constructor.
+data DescribeSubscriptionResponse = DescribeSubscriptionResponse'
+  { -- | The Shield Advanced subscription details for an account.
+    subscription :: Prelude.Maybe Subscription,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeSubscriptionResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'subscription', 'describeSubscriptionResponse_subscription' - The Shield Advanced subscription details for an account.
+--
+-- 'httpStatus', 'describeSubscriptionResponse_httpStatus' - The response's http status code.
+newDescribeSubscriptionResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeSubscriptionResponse
+newDescribeSubscriptionResponse pHttpStatus_ =
+  DescribeSubscriptionResponse'
+    { subscription =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The Shield Advanced subscription details for an account.
+describeSubscriptionResponse_subscription :: Lens.Lens' DescribeSubscriptionResponse (Prelude.Maybe Subscription)
+describeSubscriptionResponse_subscription = Lens.lens (\DescribeSubscriptionResponse' {subscription} -> subscription) (\s@DescribeSubscriptionResponse' {} a -> s {subscription = a} :: DescribeSubscriptionResponse)
+
+-- | The response's http status code.
+describeSubscriptionResponse_httpStatus :: Lens.Lens' DescribeSubscriptionResponse Prelude.Int
+describeSubscriptionResponse_httpStatus = Lens.lens (\DescribeSubscriptionResponse' {httpStatus} -> httpStatus) (\s@DescribeSubscriptionResponse' {} a -> s {httpStatus = a} :: DescribeSubscriptionResponse)
+
+instance Prelude.NFData DescribeSubscriptionResponse where
+  rnf DescribeSubscriptionResponse' {..} =
+    Prelude.rnf subscription
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/DisableApplicationLayerAutomaticResponse.hs b/gen/Amazonka/Shield/DisableApplicationLayerAutomaticResponse.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DisableApplicationLayerAutomaticResponse.hs
@@ -0,0 +1,193 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DisableApplicationLayerAutomaticResponse
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disable the Shield Advanced automatic application layer DDoS mitigation
+-- feature for the protected resource. This stops Shield Advanced from
+-- creating, verifying, and applying WAF rules for attacks that it detects
+-- for the resource.
+module Amazonka.Shield.DisableApplicationLayerAutomaticResponse
+  ( -- * Creating a Request
+    DisableApplicationLayerAutomaticResponse (..),
+    newDisableApplicationLayerAutomaticResponse,
+
+    -- * Request Lenses
+    disableApplicationLayerAutomaticResponse_resourceArn,
+
+    -- * Destructuring the Response
+    DisableApplicationLayerAutomaticResponseResponse (..),
+    newDisableApplicationLayerAutomaticResponseResponse,
+
+    -- * Response Lenses
+    disableApplicationLayerAutomaticResponseResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDisableApplicationLayerAutomaticResponse' smart constructor.
+data DisableApplicationLayerAutomaticResponse = DisableApplicationLayerAutomaticResponse'
+  { -- | The ARN (Amazon Resource Name) of the protected resource.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableApplicationLayerAutomaticResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'disableApplicationLayerAutomaticResponse_resourceArn' - The ARN (Amazon Resource Name) of the protected resource.
+newDisableApplicationLayerAutomaticResponse ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  DisableApplicationLayerAutomaticResponse
+newDisableApplicationLayerAutomaticResponse
+  pResourceArn_ =
+    DisableApplicationLayerAutomaticResponse'
+      { resourceArn =
+          pResourceArn_
+      }
+
+-- | The ARN (Amazon Resource Name) of the protected resource.
+disableApplicationLayerAutomaticResponse_resourceArn :: Lens.Lens' DisableApplicationLayerAutomaticResponse Prelude.Text
+disableApplicationLayerAutomaticResponse_resourceArn = Lens.lens (\DisableApplicationLayerAutomaticResponse' {resourceArn} -> resourceArn) (\s@DisableApplicationLayerAutomaticResponse' {} a -> s {resourceArn = a} :: DisableApplicationLayerAutomaticResponse)
+
+instance
+  Core.AWSRequest
+    DisableApplicationLayerAutomaticResponse
+  where
+  type
+    AWSResponse
+      DisableApplicationLayerAutomaticResponse =
+      DisableApplicationLayerAutomaticResponseResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DisableApplicationLayerAutomaticResponseResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DisableApplicationLayerAutomaticResponse
+  where
+  hashWithSalt
+    _salt
+    DisableApplicationLayerAutomaticResponse' {..} =
+      _salt `Prelude.hashWithSalt` resourceArn
+
+instance
+  Prelude.NFData
+    DisableApplicationLayerAutomaticResponse
+  where
+  rnf DisableApplicationLayerAutomaticResponse' {..} =
+    Prelude.rnf resourceArn
+
+instance
+  Data.ToHeaders
+    DisableApplicationLayerAutomaticResponse
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DisableApplicationLayerAutomaticResponse" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    DisableApplicationLayerAutomaticResponse
+  where
+  toJSON DisableApplicationLayerAutomaticResponse' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ResourceArn" Data..= resourceArn)]
+      )
+
+instance
+  Data.ToPath
+    DisableApplicationLayerAutomaticResponse
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    DisableApplicationLayerAutomaticResponse
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisableApplicationLayerAutomaticResponseResponse' smart constructor.
+data DisableApplicationLayerAutomaticResponseResponse = DisableApplicationLayerAutomaticResponseResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableApplicationLayerAutomaticResponseResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disableApplicationLayerAutomaticResponseResponse_httpStatus' - The response's http status code.
+newDisableApplicationLayerAutomaticResponseResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisableApplicationLayerAutomaticResponseResponse
+newDisableApplicationLayerAutomaticResponseResponse
+  pHttpStatus_ =
+    DisableApplicationLayerAutomaticResponseResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+disableApplicationLayerAutomaticResponseResponse_httpStatus :: Lens.Lens' DisableApplicationLayerAutomaticResponseResponse Prelude.Int
+disableApplicationLayerAutomaticResponseResponse_httpStatus = Lens.lens (\DisableApplicationLayerAutomaticResponseResponse' {httpStatus} -> httpStatus) (\s@DisableApplicationLayerAutomaticResponseResponse' {} a -> s {httpStatus = a} :: DisableApplicationLayerAutomaticResponseResponse)
+
+instance
+  Prelude.NFData
+    DisableApplicationLayerAutomaticResponseResponse
+  where
+  rnf
+    DisableApplicationLayerAutomaticResponseResponse' {..} =
+      Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/DisableProactiveEngagement.hs b/gen/Amazonka/Shield/DisableProactiveEngagement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DisableProactiveEngagement.hs
@@ -0,0 +1,142 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DisableProactiveEngagement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes authorization from the Shield Response Team (SRT) to notify
+-- contacts about escalations to the SRT and to initiate proactive customer
+-- support.
+module Amazonka.Shield.DisableProactiveEngagement
+  ( -- * Creating a Request
+    DisableProactiveEngagement (..),
+    newDisableProactiveEngagement,
+
+    -- * Destructuring the Response
+    DisableProactiveEngagementResponse (..),
+    newDisableProactiveEngagementResponse,
+
+    -- * Response Lenses
+    disableProactiveEngagementResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDisableProactiveEngagement' smart constructor.
+data DisableProactiveEngagement = DisableProactiveEngagement'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableProactiveEngagement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newDisableProactiveEngagement ::
+  DisableProactiveEngagement
+newDisableProactiveEngagement =
+  DisableProactiveEngagement'
+
+instance Core.AWSRequest DisableProactiveEngagement where
+  type
+    AWSResponse DisableProactiveEngagement =
+      DisableProactiveEngagementResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DisableProactiveEngagementResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DisableProactiveEngagement where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData DisableProactiveEngagement where
+  rnf _ = ()
+
+instance Data.ToHeaders DisableProactiveEngagement where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DisableProactiveEngagement" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisableProactiveEngagement where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath DisableProactiveEngagement where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DisableProactiveEngagement where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisableProactiveEngagementResponse' smart constructor.
+data DisableProactiveEngagementResponse = DisableProactiveEngagementResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisableProactiveEngagementResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disableProactiveEngagementResponse_httpStatus' - The response's http status code.
+newDisableProactiveEngagementResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisableProactiveEngagementResponse
+newDisableProactiveEngagementResponse pHttpStatus_ =
+  DisableProactiveEngagementResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+disableProactiveEngagementResponse_httpStatus :: Lens.Lens' DisableProactiveEngagementResponse Prelude.Int
+disableProactiveEngagementResponse_httpStatus = Lens.lens (\DisableProactiveEngagementResponse' {httpStatus} -> httpStatus) (\s@DisableProactiveEngagementResponse' {} a -> s {httpStatus = a} :: DisableProactiveEngagementResponse)
+
+instance
+  Prelude.NFData
+    DisableProactiveEngagementResponse
+  where
+  rnf DisableProactiveEngagementResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/DisassociateDRTLogBucket.hs b/gen/Amazonka/Shield/DisassociateDRTLogBucket.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DisassociateDRTLogBucket.hs
@@ -0,0 +1,161 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DisassociateDRTLogBucket
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes the Shield Response Team\'s (SRT) access to the specified Amazon
+-- S3 bucket containing the logs that you shared previously.
+module Amazonka.Shield.DisassociateDRTLogBucket
+  ( -- * Creating a Request
+    DisassociateDRTLogBucket (..),
+    newDisassociateDRTLogBucket,
+
+    -- * Request Lenses
+    disassociateDRTLogBucket_logBucket,
+
+    -- * Destructuring the Response
+    DisassociateDRTLogBucketResponse (..),
+    newDisassociateDRTLogBucketResponse,
+
+    -- * Response Lenses
+    disassociateDRTLogBucketResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDisassociateDRTLogBucket' smart constructor.
+data DisassociateDRTLogBucket = DisassociateDRTLogBucket'
+  { -- | The Amazon S3 bucket that contains the logs that you want to share.
+    logBucket :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateDRTLogBucket' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'logBucket', 'disassociateDRTLogBucket_logBucket' - The Amazon S3 bucket that contains the logs that you want to share.
+newDisassociateDRTLogBucket ::
+  -- | 'logBucket'
+  Prelude.Text ->
+  DisassociateDRTLogBucket
+newDisassociateDRTLogBucket pLogBucket_ =
+  DisassociateDRTLogBucket' {logBucket = pLogBucket_}
+
+-- | The Amazon S3 bucket that contains the logs that you want to share.
+disassociateDRTLogBucket_logBucket :: Lens.Lens' DisassociateDRTLogBucket Prelude.Text
+disassociateDRTLogBucket_logBucket = Lens.lens (\DisassociateDRTLogBucket' {logBucket} -> logBucket) (\s@DisassociateDRTLogBucket' {} a -> s {logBucket = a} :: DisassociateDRTLogBucket)
+
+instance Core.AWSRequest DisassociateDRTLogBucket where
+  type
+    AWSResponse DisassociateDRTLogBucket =
+      DisassociateDRTLogBucketResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DisassociateDRTLogBucketResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DisassociateDRTLogBucket where
+  hashWithSalt _salt DisassociateDRTLogBucket' {..} =
+    _salt `Prelude.hashWithSalt` logBucket
+
+instance Prelude.NFData DisassociateDRTLogBucket where
+  rnf DisassociateDRTLogBucket' {..} =
+    Prelude.rnf logBucket
+
+instance Data.ToHeaders DisassociateDRTLogBucket where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DisassociateDRTLogBucket" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisassociateDRTLogBucket where
+  toJSON DisassociateDRTLogBucket' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("LogBucket" Data..= logBucket)]
+      )
+
+instance Data.ToPath DisassociateDRTLogBucket where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DisassociateDRTLogBucket where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisassociateDRTLogBucketResponse' smart constructor.
+data DisassociateDRTLogBucketResponse = DisassociateDRTLogBucketResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateDRTLogBucketResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disassociateDRTLogBucketResponse_httpStatus' - The response's http status code.
+newDisassociateDRTLogBucketResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisassociateDRTLogBucketResponse
+newDisassociateDRTLogBucketResponse pHttpStatus_ =
+  DisassociateDRTLogBucketResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+disassociateDRTLogBucketResponse_httpStatus :: Lens.Lens' DisassociateDRTLogBucketResponse Prelude.Int
+disassociateDRTLogBucketResponse_httpStatus = Lens.lens (\DisassociateDRTLogBucketResponse' {httpStatus} -> httpStatus) (\s@DisassociateDRTLogBucketResponse' {} a -> s {httpStatus = a} :: DisassociateDRTLogBucketResponse)
+
+instance
+  Prelude.NFData
+    DisassociateDRTLogBucketResponse
+  where
+  rnf DisassociateDRTLogBucketResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/DisassociateDRTRole.hs b/gen/Amazonka/Shield/DisassociateDRTRole.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DisassociateDRTRole.hs
@@ -0,0 +1,137 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DisassociateDRTRole
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes the Shield Response Team\'s (SRT) access to your Amazon Web
+-- Services account.
+module Amazonka.Shield.DisassociateDRTRole
+  ( -- * Creating a Request
+    DisassociateDRTRole (..),
+    newDisassociateDRTRole,
+
+    -- * Destructuring the Response
+    DisassociateDRTRoleResponse (..),
+    newDisassociateDRTRoleResponse,
+
+    -- * Response Lenses
+    disassociateDRTRoleResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDisassociateDRTRole' smart constructor.
+data DisassociateDRTRole = DisassociateDRTRole'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateDRTRole' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newDisassociateDRTRole ::
+  DisassociateDRTRole
+newDisassociateDRTRole = DisassociateDRTRole'
+
+instance Core.AWSRequest DisassociateDRTRole where
+  type
+    AWSResponse DisassociateDRTRole =
+      DisassociateDRTRoleResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DisassociateDRTRoleResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DisassociateDRTRole where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData DisassociateDRTRole where
+  rnf _ = ()
+
+instance Data.ToHeaders DisassociateDRTRole where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DisassociateDRTRole" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisassociateDRTRole where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath DisassociateDRTRole where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DisassociateDRTRole where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisassociateDRTRoleResponse' smart constructor.
+data DisassociateDRTRoleResponse = DisassociateDRTRoleResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateDRTRoleResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disassociateDRTRoleResponse_httpStatus' - The response's http status code.
+newDisassociateDRTRoleResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisassociateDRTRoleResponse
+newDisassociateDRTRoleResponse pHttpStatus_ =
+  DisassociateDRTRoleResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+disassociateDRTRoleResponse_httpStatus :: Lens.Lens' DisassociateDRTRoleResponse Prelude.Int
+disassociateDRTRoleResponse_httpStatus = Lens.lens (\DisassociateDRTRoleResponse' {httpStatus} -> httpStatus) (\s@DisassociateDRTRoleResponse' {} a -> s {httpStatus = a} :: DisassociateDRTRoleResponse)
+
+instance Prelude.NFData DisassociateDRTRoleResponse where
+  rnf DisassociateDRTRoleResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/DisassociateHealthCheck.hs b/gen/Amazonka/Shield/DisassociateHealthCheck.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/DisassociateHealthCheck.hs
@@ -0,0 +1,198 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.DisassociateHealthCheck
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes health-based detection from the Shield Advanced protection for a
+-- resource. Shield Advanced health-based detection uses the health of your
+-- Amazon Web Services resource to improve responsiveness and accuracy in
+-- attack detection and response.
+--
+-- You define the health check in Route 53 and then associate or
+-- disassociate it with your Shield Advanced protection. For more
+-- information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/ddos-overview.html#ddos-advanced-health-check-option Shield Advanced Health-Based Detection>
+-- in the /WAF Developer Guide/.
+module Amazonka.Shield.DisassociateHealthCheck
+  ( -- * Creating a Request
+    DisassociateHealthCheck (..),
+    newDisassociateHealthCheck,
+
+    -- * Request Lenses
+    disassociateHealthCheck_protectionId,
+    disassociateHealthCheck_healthCheckArn,
+
+    -- * Destructuring the Response
+    DisassociateHealthCheckResponse (..),
+    newDisassociateHealthCheckResponse,
+
+    -- * Response Lenses
+    disassociateHealthCheckResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newDisassociateHealthCheck' smart constructor.
+data DisassociateHealthCheck = DisassociateHealthCheck'
+  { -- | The unique identifier (ID) for the Protection object to remove the
+    -- health check association from.
+    protectionId :: Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the health check that is associated
+    -- with the protection.
+    healthCheckArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateHealthCheck' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'protectionId', 'disassociateHealthCheck_protectionId' - The unique identifier (ID) for the Protection object to remove the
+-- health check association from.
+--
+-- 'healthCheckArn', 'disassociateHealthCheck_healthCheckArn' - The Amazon Resource Name (ARN) of the health check that is associated
+-- with the protection.
+newDisassociateHealthCheck ::
+  -- | 'protectionId'
+  Prelude.Text ->
+  -- | 'healthCheckArn'
+  Prelude.Text ->
+  DisassociateHealthCheck
+newDisassociateHealthCheck
+  pProtectionId_
+  pHealthCheckArn_ =
+    DisassociateHealthCheck'
+      { protectionId =
+          pProtectionId_,
+        healthCheckArn = pHealthCheckArn_
+      }
+
+-- | The unique identifier (ID) for the Protection object to remove the
+-- health check association from.
+disassociateHealthCheck_protectionId :: Lens.Lens' DisassociateHealthCheck Prelude.Text
+disassociateHealthCheck_protectionId = Lens.lens (\DisassociateHealthCheck' {protectionId} -> protectionId) (\s@DisassociateHealthCheck' {} a -> s {protectionId = a} :: DisassociateHealthCheck)
+
+-- | The Amazon Resource Name (ARN) of the health check that is associated
+-- with the protection.
+disassociateHealthCheck_healthCheckArn :: Lens.Lens' DisassociateHealthCheck Prelude.Text
+disassociateHealthCheck_healthCheckArn = Lens.lens (\DisassociateHealthCheck' {healthCheckArn} -> healthCheckArn) (\s@DisassociateHealthCheck' {} a -> s {healthCheckArn = a} :: DisassociateHealthCheck)
+
+instance Core.AWSRequest DisassociateHealthCheck where
+  type
+    AWSResponse DisassociateHealthCheck =
+      DisassociateHealthCheckResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DisassociateHealthCheckResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DisassociateHealthCheck where
+  hashWithSalt _salt DisassociateHealthCheck' {..} =
+    _salt
+      `Prelude.hashWithSalt` protectionId
+      `Prelude.hashWithSalt` healthCheckArn
+
+instance Prelude.NFData DisassociateHealthCheck where
+  rnf DisassociateHealthCheck' {..} =
+    Prelude.rnf protectionId
+      `Prelude.seq` Prelude.rnf healthCheckArn
+
+instance Data.ToHeaders DisassociateHealthCheck where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.DisassociateHealthCheck" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisassociateHealthCheck where
+  toJSON DisassociateHealthCheck' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ProtectionId" Data..= protectionId),
+            Prelude.Just
+              ("HealthCheckArn" Data..= healthCheckArn)
+          ]
+      )
+
+instance Data.ToPath DisassociateHealthCheck where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DisassociateHealthCheck where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisassociateHealthCheckResponse' smart constructor.
+data DisassociateHealthCheckResponse = DisassociateHealthCheckResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateHealthCheckResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disassociateHealthCheckResponse_httpStatus' - The response's http status code.
+newDisassociateHealthCheckResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisassociateHealthCheckResponse
+newDisassociateHealthCheckResponse pHttpStatus_ =
+  DisassociateHealthCheckResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+disassociateHealthCheckResponse_httpStatus :: Lens.Lens' DisassociateHealthCheckResponse Prelude.Int
+disassociateHealthCheckResponse_httpStatus = Lens.lens (\DisassociateHealthCheckResponse' {httpStatus} -> httpStatus) (\s@DisassociateHealthCheckResponse' {} a -> s {httpStatus = a} :: DisassociateHealthCheckResponse)
+
+instance
+  Prelude.NFData
+    DisassociateHealthCheckResponse
+  where
+  rnf DisassociateHealthCheckResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/EnableApplicationLayerAutomaticResponse.hs b/gen/Amazonka/Shield/EnableApplicationLayerAutomaticResponse.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/EnableApplicationLayerAutomaticResponse.hs
@@ -0,0 +1,252 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.EnableApplicationLayerAutomaticResponse
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Enable the Shield Advanced automatic application layer DDoS mitigation
+-- for the protected resource.
+--
+-- This feature is available for Amazon CloudFront distributions and
+-- Application Load Balancers only.
+--
+-- This causes Shield Advanced to create, verify, and apply WAF rules for
+-- DDoS attacks that it detects for the resource. Shield Advanced applies
+-- the rules in a Shield rule group inside the web ACL that you\'ve
+-- associated with the resource. For information about how automatic
+-- mitigation works and the requirements for using it, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/ddos-advanced-automatic-app-layer-response.html Shield Advanced automatic application layer DDoS mitigation>.
+--
+-- Don\'t use this action to make changes to automatic mitigation settings
+-- when it\'s already enabled for a resource. Instead, use
+-- UpdateApplicationLayerAutomaticResponse.
+--
+-- To use this feature, you must associate a web ACL with the protected
+-- resource. The web ACL must be created using the latest version of WAF
+-- (v2). You can associate the web ACL through the Shield Advanced console
+-- at <https://console.aws.amazon.com/wafv2/shieldv2#/>. For more
+-- information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html Getting Started with Shield Advanced>.
+-- You can also associate the web ACL to the resource through the WAF
+-- console or the WAF API, but you must manage Shield Advanced automatic
+-- mitigation through Shield Advanced. For information about WAF, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/ WAF Developer Guide>.
+module Amazonka.Shield.EnableApplicationLayerAutomaticResponse
+  ( -- * Creating a Request
+    EnableApplicationLayerAutomaticResponse (..),
+    newEnableApplicationLayerAutomaticResponse,
+
+    -- * Request Lenses
+    enableApplicationLayerAutomaticResponse_resourceArn,
+    enableApplicationLayerAutomaticResponse_action,
+
+    -- * Destructuring the Response
+    EnableApplicationLayerAutomaticResponseResponse (..),
+    newEnableApplicationLayerAutomaticResponseResponse,
+
+    -- * Response Lenses
+    enableApplicationLayerAutomaticResponseResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newEnableApplicationLayerAutomaticResponse' smart constructor.
+data EnableApplicationLayerAutomaticResponse = EnableApplicationLayerAutomaticResponse'
+  { -- | The ARN (Amazon Resource Name) of the protected resource.
+    resourceArn :: Prelude.Text,
+    -- | Specifies the action setting that Shield Advanced should use in the WAF
+    -- rules that it creates on behalf of the protected resource in response to
+    -- DDoS attacks. You specify this as part of the configuration for the
+    -- automatic application layer DDoS mitigation feature, when you enable or
+    -- update automatic mitigation. Shield Advanced creates the WAF rules in a
+    -- Shield Advanced-managed rule group, inside the web ACL that you have
+    -- associated with the resource.
+    action :: ResponseAction
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableApplicationLayerAutomaticResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'enableApplicationLayerAutomaticResponse_resourceArn' - The ARN (Amazon Resource Name) of the protected resource.
+--
+-- 'action', 'enableApplicationLayerAutomaticResponse_action' - Specifies the action setting that Shield Advanced should use in the WAF
+-- rules that it creates on behalf of the protected resource in response to
+-- DDoS attacks. You specify this as part of the configuration for the
+-- automatic application layer DDoS mitigation feature, when you enable or
+-- update automatic mitigation. Shield Advanced creates the WAF rules in a
+-- Shield Advanced-managed rule group, inside the web ACL that you have
+-- associated with the resource.
+newEnableApplicationLayerAutomaticResponse ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  -- | 'action'
+  ResponseAction ->
+  EnableApplicationLayerAutomaticResponse
+newEnableApplicationLayerAutomaticResponse
+  pResourceArn_
+  pAction_ =
+    EnableApplicationLayerAutomaticResponse'
+      { resourceArn =
+          pResourceArn_,
+        action = pAction_
+      }
+
+-- | The ARN (Amazon Resource Name) of the protected resource.
+enableApplicationLayerAutomaticResponse_resourceArn :: Lens.Lens' EnableApplicationLayerAutomaticResponse Prelude.Text
+enableApplicationLayerAutomaticResponse_resourceArn = Lens.lens (\EnableApplicationLayerAutomaticResponse' {resourceArn} -> resourceArn) (\s@EnableApplicationLayerAutomaticResponse' {} a -> s {resourceArn = a} :: EnableApplicationLayerAutomaticResponse)
+
+-- | Specifies the action setting that Shield Advanced should use in the WAF
+-- rules that it creates on behalf of the protected resource in response to
+-- DDoS attacks. You specify this as part of the configuration for the
+-- automatic application layer DDoS mitigation feature, when you enable or
+-- update automatic mitigation. Shield Advanced creates the WAF rules in a
+-- Shield Advanced-managed rule group, inside the web ACL that you have
+-- associated with the resource.
+enableApplicationLayerAutomaticResponse_action :: Lens.Lens' EnableApplicationLayerAutomaticResponse ResponseAction
+enableApplicationLayerAutomaticResponse_action = Lens.lens (\EnableApplicationLayerAutomaticResponse' {action} -> action) (\s@EnableApplicationLayerAutomaticResponse' {} a -> s {action = a} :: EnableApplicationLayerAutomaticResponse)
+
+instance
+  Core.AWSRequest
+    EnableApplicationLayerAutomaticResponse
+  where
+  type
+    AWSResponse
+      EnableApplicationLayerAutomaticResponse =
+      EnableApplicationLayerAutomaticResponseResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          EnableApplicationLayerAutomaticResponseResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    EnableApplicationLayerAutomaticResponse
+  where
+  hashWithSalt
+    _salt
+    EnableApplicationLayerAutomaticResponse' {..} =
+      _salt
+        `Prelude.hashWithSalt` resourceArn
+        `Prelude.hashWithSalt` action
+
+instance
+  Prelude.NFData
+    EnableApplicationLayerAutomaticResponse
+  where
+  rnf EnableApplicationLayerAutomaticResponse' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf action
+
+instance
+  Data.ToHeaders
+    EnableApplicationLayerAutomaticResponse
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.EnableApplicationLayerAutomaticResponse" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    EnableApplicationLayerAutomaticResponse
+  where
+  toJSON EnableApplicationLayerAutomaticResponse' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ResourceArn" Data..= resourceArn),
+            Prelude.Just ("Action" Data..= action)
+          ]
+      )
+
+instance
+  Data.ToPath
+    EnableApplicationLayerAutomaticResponse
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    EnableApplicationLayerAutomaticResponse
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newEnableApplicationLayerAutomaticResponseResponse' smart constructor.
+data EnableApplicationLayerAutomaticResponseResponse = EnableApplicationLayerAutomaticResponseResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableApplicationLayerAutomaticResponseResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'enableApplicationLayerAutomaticResponseResponse_httpStatus' - The response's http status code.
+newEnableApplicationLayerAutomaticResponseResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  EnableApplicationLayerAutomaticResponseResponse
+newEnableApplicationLayerAutomaticResponseResponse
+  pHttpStatus_ =
+    EnableApplicationLayerAutomaticResponseResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+enableApplicationLayerAutomaticResponseResponse_httpStatus :: Lens.Lens' EnableApplicationLayerAutomaticResponseResponse Prelude.Int
+enableApplicationLayerAutomaticResponseResponse_httpStatus = Lens.lens (\EnableApplicationLayerAutomaticResponseResponse' {httpStatus} -> httpStatus) (\s@EnableApplicationLayerAutomaticResponseResponse' {} a -> s {httpStatus = a} :: EnableApplicationLayerAutomaticResponseResponse)
+
+instance
+  Prelude.NFData
+    EnableApplicationLayerAutomaticResponseResponse
+  where
+  rnf
+    EnableApplicationLayerAutomaticResponseResponse' {..} =
+      Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/EnableProactiveEngagement.hs b/gen/Amazonka/Shield/EnableProactiveEngagement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/EnableProactiveEngagement.hs
@@ -0,0 +1,142 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.EnableProactiveEngagement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Authorizes the Shield Response Team (SRT) to use email and phone to
+-- notify contacts about escalations to the SRT and to initiate proactive
+-- customer support.
+module Amazonka.Shield.EnableProactiveEngagement
+  ( -- * Creating a Request
+    EnableProactiveEngagement (..),
+    newEnableProactiveEngagement,
+
+    -- * Destructuring the Response
+    EnableProactiveEngagementResponse (..),
+    newEnableProactiveEngagementResponse,
+
+    -- * Response Lenses
+    enableProactiveEngagementResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newEnableProactiveEngagement' smart constructor.
+data EnableProactiveEngagement = EnableProactiveEngagement'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableProactiveEngagement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newEnableProactiveEngagement ::
+  EnableProactiveEngagement
+newEnableProactiveEngagement =
+  EnableProactiveEngagement'
+
+instance Core.AWSRequest EnableProactiveEngagement where
+  type
+    AWSResponse EnableProactiveEngagement =
+      EnableProactiveEngagementResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          EnableProactiveEngagementResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable EnableProactiveEngagement where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData EnableProactiveEngagement where
+  rnf _ = ()
+
+instance Data.ToHeaders EnableProactiveEngagement where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.EnableProactiveEngagement" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON EnableProactiveEngagement where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath EnableProactiveEngagement where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery EnableProactiveEngagement where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newEnableProactiveEngagementResponse' smart constructor.
+data EnableProactiveEngagementResponse = EnableProactiveEngagementResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EnableProactiveEngagementResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'enableProactiveEngagementResponse_httpStatus' - The response's http status code.
+newEnableProactiveEngagementResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  EnableProactiveEngagementResponse
+newEnableProactiveEngagementResponse pHttpStatus_ =
+  EnableProactiveEngagementResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+enableProactiveEngagementResponse_httpStatus :: Lens.Lens' EnableProactiveEngagementResponse Prelude.Int
+enableProactiveEngagementResponse_httpStatus = Lens.lens (\EnableProactiveEngagementResponse' {httpStatus} -> httpStatus) (\s@EnableProactiveEngagementResponse' {} a -> s {httpStatus = a} :: EnableProactiveEngagementResponse)
+
+instance
+  Prelude.NFData
+    EnableProactiveEngagementResponse
+  where
+  rnf EnableProactiveEngagementResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/GetSubscriptionState.hs b/gen/Amazonka/Shield/GetSubscriptionState.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/GetSubscriptionState.hs
@@ -0,0 +1,152 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.GetSubscriptionState
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the @SubscriptionState@, either @Active@ or @Inactive@.
+module Amazonka.Shield.GetSubscriptionState
+  ( -- * Creating a Request
+    GetSubscriptionState (..),
+    newGetSubscriptionState,
+
+    -- * Destructuring the Response
+    GetSubscriptionStateResponse (..),
+    newGetSubscriptionStateResponse,
+
+    -- * Response Lenses
+    getSubscriptionStateResponse_httpStatus,
+    getSubscriptionStateResponse_subscriptionState,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newGetSubscriptionState' smart constructor.
+data GetSubscriptionState = GetSubscriptionState'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetSubscriptionState' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newGetSubscriptionState ::
+  GetSubscriptionState
+newGetSubscriptionState = GetSubscriptionState'
+
+instance Core.AWSRequest GetSubscriptionState where
+  type
+    AWSResponse GetSubscriptionState =
+      GetSubscriptionStateResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetSubscriptionStateResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..:> "SubscriptionState")
+      )
+
+instance Prelude.Hashable GetSubscriptionState where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData GetSubscriptionState where
+  rnf _ = ()
+
+instance Data.ToHeaders GetSubscriptionState where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.GetSubscriptionState" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetSubscriptionState where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
+
+instance Data.ToPath GetSubscriptionState where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetSubscriptionState where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetSubscriptionStateResponse' smart constructor.
+data GetSubscriptionStateResponse = GetSubscriptionStateResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The status of the subscription.
+    subscriptionState :: SubscriptionState
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetSubscriptionStateResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'getSubscriptionStateResponse_httpStatus' - The response's http status code.
+--
+-- 'subscriptionState', 'getSubscriptionStateResponse_subscriptionState' - The status of the subscription.
+newGetSubscriptionStateResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  -- | 'subscriptionState'
+  SubscriptionState ->
+  GetSubscriptionStateResponse
+newGetSubscriptionStateResponse
+  pHttpStatus_
+  pSubscriptionState_ =
+    GetSubscriptionStateResponse'
+      { httpStatus =
+          pHttpStatus_,
+        subscriptionState = pSubscriptionState_
+      }
+
+-- | The response's http status code.
+getSubscriptionStateResponse_httpStatus :: Lens.Lens' GetSubscriptionStateResponse Prelude.Int
+getSubscriptionStateResponse_httpStatus = Lens.lens (\GetSubscriptionStateResponse' {httpStatus} -> httpStatus) (\s@GetSubscriptionStateResponse' {} a -> s {httpStatus = a} :: GetSubscriptionStateResponse)
+
+-- | The status of the subscription.
+getSubscriptionStateResponse_subscriptionState :: Lens.Lens' GetSubscriptionStateResponse SubscriptionState
+getSubscriptionStateResponse_subscriptionState = Lens.lens (\GetSubscriptionStateResponse' {subscriptionState} -> subscriptionState) (\s@GetSubscriptionStateResponse' {} a -> s {subscriptionState = a} :: GetSubscriptionStateResponse)
+
+instance Prelude.NFData GetSubscriptionStateResponse where
+  rnf GetSubscriptionStateResponse' {..} =
+    Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf subscriptionState
diff --git a/gen/Amazonka/Shield/Lens.hs b/gen/Amazonka/Shield/Lens.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Lens.hs
@@ -0,0 +1,411 @@
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Lens
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Lens
+  ( -- * Operations
+
+    -- ** AssociateDRTLogBucket
+    associateDRTLogBucket_logBucket,
+    associateDRTLogBucketResponse_httpStatus,
+
+    -- ** AssociateDRTRole
+    associateDRTRole_roleArn,
+    associateDRTRoleResponse_httpStatus,
+
+    -- ** AssociateHealthCheck
+    associateHealthCheck_protectionId,
+    associateHealthCheck_healthCheckArn,
+    associateHealthCheckResponse_httpStatus,
+
+    -- ** AssociateProactiveEngagementDetails
+    associateProactiveEngagementDetails_emergencyContactList,
+    associateProactiveEngagementDetailsResponse_httpStatus,
+
+    -- ** CreateProtection
+    createProtection_tags,
+    createProtection_name,
+    createProtection_resourceArn,
+    createProtectionResponse_protectionId,
+    createProtectionResponse_httpStatus,
+
+    -- ** CreateProtectionGroup
+    createProtectionGroup_members,
+    createProtectionGroup_resourceType,
+    createProtectionGroup_tags,
+    createProtectionGroup_protectionGroupId,
+    createProtectionGroup_aggregation,
+    createProtectionGroup_pattern,
+    createProtectionGroupResponse_httpStatus,
+
+    -- ** CreateSubscription
+    createSubscriptionResponse_httpStatus,
+
+    -- ** DeleteProtection
+    deleteProtection_protectionId,
+    deleteProtectionResponse_httpStatus,
+
+    -- ** DeleteProtectionGroup
+    deleteProtectionGroup_protectionGroupId,
+    deleteProtectionGroupResponse_httpStatus,
+
+    -- ** DescribeAttack
+    describeAttack_attackId,
+    describeAttackResponse_attack,
+    describeAttackResponse_httpStatus,
+
+    -- ** DescribeAttackStatistics
+    describeAttackStatisticsResponse_httpStatus,
+    describeAttackStatisticsResponse_timeRange,
+    describeAttackStatisticsResponse_dataItems,
+
+    -- ** DescribeDRTAccess
+    describeDRTAccessResponse_logBucketList,
+    describeDRTAccessResponse_roleArn,
+    describeDRTAccessResponse_httpStatus,
+
+    -- ** DescribeEmergencyContactSettings
+    describeEmergencyContactSettingsResponse_emergencyContactList,
+    describeEmergencyContactSettingsResponse_httpStatus,
+
+    -- ** DescribeProtection
+    describeProtection_protectionId,
+    describeProtection_resourceArn,
+    describeProtectionResponse_protection,
+    describeProtectionResponse_httpStatus,
+
+    -- ** DescribeProtectionGroup
+    describeProtectionGroup_protectionGroupId,
+    describeProtectionGroupResponse_httpStatus,
+    describeProtectionGroupResponse_protectionGroup,
+
+    -- ** DescribeSubscription
+    describeSubscriptionResponse_subscription,
+    describeSubscriptionResponse_httpStatus,
+
+    -- ** DisableApplicationLayerAutomaticResponse
+    disableApplicationLayerAutomaticResponse_resourceArn,
+    disableApplicationLayerAutomaticResponseResponse_httpStatus,
+
+    -- ** DisableProactiveEngagement
+    disableProactiveEngagementResponse_httpStatus,
+
+    -- ** DisassociateDRTLogBucket
+    disassociateDRTLogBucket_logBucket,
+    disassociateDRTLogBucketResponse_httpStatus,
+
+    -- ** DisassociateDRTRole
+    disassociateDRTRoleResponse_httpStatus,
+
+    -- ** DisassociateHealthCheck
+    disassociateHealthCheck_protectionId,
+    disassociateHealthCheck_healthCheckArn,
+    disassociateHealthCheckResponse_httpStatus,
+
+    -- ** EnableApplicationLayerAutomaticResponse
+    enableApplicationLayerAutomaticResponse_resourceArn,
+    enableApplicationLayerAutomaticResponse_action,
+    enableApplicationLayerAutomaticResponseResponse_httpStatus,
+
+    -- ** EnableProactiveEngagement
+    enableProactiveEngagementResponse_httpStatus,
+
+    -- ** GetSubscriptionState
+    getSubscriptionStateResponse_httpStatus,
+    getSubscriptionStateResponse_subscriptionState,
+
+    -- ** ListAttacks
+    listAttacks_endTime,
+    listAttacks_maxResults,
+    listAttacks_nextToken,
+    listAttacks_resourceArns,
+    listAttacks_startTime,
+    listAttacksResponse_attackSummaries,
+    listAttacksResponse_nextToken,
+    listAttacksResponse_httpStatus,
+
+    -- ** ListProtectionGroups
+    listProtectionGroups_inclusionFilters,
+    listProtectionGroups_maxResults,
+    listProtectionGroups_nextToken,
+    listProtectionGroupsResponse_nextToken,
+    listProtectionGroupsResponse_httpStatus,
+    listProtectionGroupsResponse_protectionGroups,
+
+    -- ** ListProtections
+    listProtections_inclusionFilters,
+    listProtections_maxResults,
+    listProtections_nextToken,
+    listProtectionsResponse_nextToken,
+    listProtectionsResponse_protections,
+    listProtectionsResponse_httpStatus,
+
+    -- ** ListResourcesInProtectionGroup
+    listResourcesInProtectionGroup_maxResults,
+    listResourcesInProtectionGroup_nextToken,
+    listResourcesInProtectionGroup_protectionGroupId,
+    listResourcesInProtectionGroupResponse_nextToken,
+    listResourcesInProtectionGroupResponse_httpStatus,
+    listResourcesInProtectionGroupResponse_resourceArns,
+
+    -- ** ListTagsForResource
+    listTagsForResource_resourceARN,
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+
+    -- ** TagResource
+    tagResource_resourceARN,
+    tagResource_tags,
+    tagResourceResponse_httpStatus,
+
+    -- ** UntagResource
+    untagResource_resourceARN,
+    untagResource_tagKeys,
+    untagResourceResponse_httpStatus,
+
+    -- ** UpdateApplicationLayerAutomaticResponse
+    updateApplicationLayerAutomaticResponse_resourceArn,
+    updateApplicationLayerAutomaticResponse_action,
+    updateApplicationLayerAutomaticResponseResponse_httpStatus,
+
+    -- ** UpdateEmergencyContactSettings
+    updateEmergencyContactSettings_emergencyContactList,
+    updateEmergencyContactSettingsResponse_httpStatus,
+
+    -- ** UpdateProtectionGroup
+    updateProtectionGroup_members,
+    updateProtectionGroup_resourceType,
+    updateProtectionGroup_protectionGroupId,
+    updateProtectionGroup_aggregation,
+    updateProtectionGroup_pattern,
+    updateProtectionGroupResponse_httpStatus,
+
+    -- ** UpdateSubscription
+    updateSubscription_autoRenew,
+    updateSubscriptionResponse_httpStatus,
+
+    -- * Types
+
+    -- ** ApplicationLayerAutomaticResponseConfiguration
+    applicationLayerAutomaticResponseConfiguration_status,
+    applicationLayerAutomaticResponseConfiguration_action,
+
+    -- ** AttackDetail
+    attackDetail_attackCounters,
+    attackDetail_attackId,
+    attackDetail_attackProperties,
+    attackDetail_endTime,
+    attackDetail_mitigations,
+    attackDetail_resourceArn,
+    attackDetail_startTime,
+    attackDetail_subResources,
+
+    -- ** AttackProperty
+    attackProperty_attackLayer,
+    attackProperty_attackPropertyIdentifier,
+    attackProperty_topContributors,
+    attackProperty_total,
+    attackProperty_unit,
+
+    -- ** AttackStatisticsDataItem
+    attackStatisticsDataItem_attackVolume,
+    attackStatisticsDataItem_attackCount,
+
+    -- ** AttackSummary
+    attackSummary_attackId,
+    attackSummary_attackVectors,
+    attackSummary_endTime,
+    attackSummary_resourceArn,
+    attackSummary_startTime,
+
+    -- ** AttackVectorDescription
+    attackVectorDescription_vectorType,
+
+    -- ** AttackVolume
+    attackVolume_bitsPerSecond,
+    attackVolume_packetsPerSecond,
+    attackVolume_requestsPerSecond,
+
+    -- ** AttackVolumeStatistics
+    attackVolumeStatistics_max,
+
+    -- ** BlockAction
+
+    -- ** Contributor
+    contributor_name,
+    contributor_value,
+
+    -- ** CountAction
+
+    -- ** EmergencyContact
+    emergencyContact_contactNotes,
+    emergencyContact_phoneNumber,
+    emergencyContact_emailAddress,
+
+    -- ** InclusionProtectionFilters
+    inclusionProtectionFilters_protectionNames,
+    inclusionProtectionFilters_resourceArns,
+    inclusionProtectionFilters_resourceTypes,
+
+    -- ** InclusionProtectionGroupFilters
+    inclusionProtectionGroupFilters_aggregations,
+    inclusionProtectionGroupFilters_patterns,
+    inclusionProtectionGroupFilters_protectionGroupIds,
+    inclusionProtectionGroupFilters_resourceTypes,
+
+    -- ** Limit
+    limit_max,
+    limit_type,
+
+    -- ** Mitigation
+    mitigation_mitigationName,
+
+    -- ** Protection
+    protection_applicationLayerAutomaticResponseConfiguration,
+    protection_healthCheckIds,
+    protection_id,
+    protection_name,
+    protection_protectionArn,
+    protection_resourceArn,
+
+    -- ** ProtectionGroup
+    protectionGroup_protectionGroupArn,
+    protectionGroup_resourceType,
+    protectionGroup_protectionGroupId,
+    protectionGroup_aggregation,
+    protectionGroup_pattern,
+    protectionGroup_members,
+
+    -- ** ProtectionGroupArbitraryPatternLimits
+    protectionGroupArbitraryPatternLimits_maxMembers,
+
+    -- ** ProtectionGroupLimits
+    protectionGroupLimits_maxProtectionGroups,
+    protectionGroupLimits_patternTypeLimits,
+
+    -- ** ProtectionGroupPatternTypeLimits
+    protectionGroupPatternTypeLimits_arbitraryPatternLimits,
+
+    -- ** ProtectionLimits
+    protectionLimits_protectedResourceTypeLimits,
+
+    -- ** ResponseAction
+    responseAction_block,
+    responseAction_count,
+
+    -- ** SubResourceSummary
+    subResourceSummary_attackVectors,
+    subResourceSummary_counters,
+    subResourceSummary_id,
+    subResourceSummary_type,
+
+    -- ** Subscription
+    subscription_autoRenew,
+    subscription_endTime,
+    subscription_limits,
+    subscription_proactiveEngagementStatus,
+    subscription_startTime,
+    subscription_subscriptionArn,
+    subscription_timeCommitmentInSeconds,
+    subscription_subscriptionLimits,
+
+    -- ** SubscriptionLimits
+    subscriptionLimits_protectionLimits,
+    subscriptionLimits_protectionGroupLimits,
+
+    -- ** SummarizedAttackVector
+    summarizedAttackVector_vectorCounters,
+    summarizedAttackVector_vectorType,
+
+    -- ** SummarizedCounter
+    summarizedCounter_average,
+    summarizedCounter_max,
+    summarizedCounter_n,
+    summarizedCounter_name,
+    summarizedCounter_sum,
+    summarizedCounter_unit,
+
+    -- ** Tag
+    tag_key,
+    tag_value,
+
+    -- ** TimeRange
+    timeRange_fromInclusive,
+    timeRange_toExclusive,
+  )
+where
+
+import Amazonka.Shield.AssociateDRTLogBucket
+import Amazonka.Shield.AssociateDRTRole
+import Amazonka.Shield.AssociateHealthCheck
+import Amazonka.Shield.AssociateProactiveEngagementDetails
+import Amazonka.Shield.CreateProtection
+import Amazonka.Shield.CreateProtectionGroup
+import Amazonka.Shield.CreateSubscription
+import Amazonka.Shield.DeleteProtection
+import Amazonka.Shield.DeleteProtectionGroup
+import Amazonka.Shield.DescribeAttack
+import Amazonka.Shield.DescribeAttackStatistics
+import Amazonka.Shield.DescribeDRTAccess
+import Amazonka.Shield.DescribeEmergencyContactSettings
+import Amazonka.Shield.DescribeProtection
+import Amazonka.Shield.DescribeProtectionGroup
+import Amazonka.Shield.DescribeSubscription
+import Amazonka.Shield.DisableApplicationLayerAutomaticResponse
+import Amazonka.Shield.DisableProactiveEngagement
+import Amazonka.Shield.DisassociateDRTLogBucket
+import Amazonka.Shield.DisassociateDRTRole
+import Amazonka.Shield.DisassociateHealthCheck
+import Amazonka.Shield.EnableApplicationLayerAutomaticResponse
+import Amazonka.Shield.EnableProactiveEngagement
+import Amazonka.Shield.GetSubscriptionState
+import Amazonka.Shield.ListAttacks
+import Amazonka.Shield.ListProtectionGroups
+import Amazonka.Shield.ListProtections
+import Amazonka.Shield.ListResourcesInProtectionGroup
+import Amazonka.Shield.ListTagsForResource
+import Amazonka.Shield.TagResource
+import Amazonka.Shield.Types.ApplicationLayerAutomaticResponseConfiguration
+import Amazonka.Shield.Types.AttackDetail
+import Amazonka.Shield.Types.AttackProperty
+import Amazonka.Shield.Types.AttackStatisticsDataItem
+import Amazonka.Shield.Types.AttackSummary
+import Amazonka.Shield.Types.AttackVectorDescription
+import Amazonka.Shield.Types.AttackVolume
+import Amazonka.Shield.Types.AttackVolumeStatistics
+import Amazonka.Shield.Types.BlockAction
+import Amazonka.Shield.Types.Contributor
+import Amazonka.Shield.Types.CountAction
+import Amazonka.Shield.Types.EmergencyContact
+import Amazonka.Shield.Types.InclusionProtectionFilters
+import Amazonka.Shield.Types.InclusionProtectionGroupFilters
+import Amazonka.Shield.Types.Limit
+import Amazonka.Shield.Types.Mitigation
+import Amazonka.Shield.Types.Protection
+import Amazonka.Shield.Types.ProtectionGroup
+import Amazonka.Shield.Types.ProtectionGroupArbitraryPatternLimits
+import Amazonka.Shield.Types.ProtectionGroupLimits
+import Amazonka.Shield.Types.ProtectionGroupPatternTypeLimits
+import Amazonka.Shield.Types.ProtectionLimits
+import Amazonka.Shield.Types.ResponseAction
+import Amazonka.Shield.Types.SubResourceSummary
+import Amazonka.Shield.Types.Subscription
+import Amazonka.Shield.Types.SubscriptionLimits
+import Amazonka.Shield.Types.SummarizedAttackVector
+import Amazonka.Shield.Types.SummarizedCounter
+import Amazonka.Shield.Types.Tag
+import Amazonka.Shield.Types.TimeRange
+import Amazonka.Shield.UntagResource
+import Amazonka.Shield.UpdateApplicationLayerAutomaticResponse
+import Amazonka.Shield.UpdateEmergencyContactSettings
+import Amazonka.Shield.UpdateProtectionGroup
+import Amazonka.Shield.UpdateSubscription
diff --git a/gen/Amazonka/Shield/ListAttacks.hs b/gen/Amazonka/Shield/ListAttacks.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/ListAttacks.hs
@@ -0,0 +1,387 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.ListAttacks
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns all ongoing DDoS attacks or all DDoS attacks during a specified
+-- time period.
+--
+-- This operation returns paginated results.
+module Amazonka.Shield.ListAttacks
+  ( -- * Creating a Request
+    ListAttacks (..),
+    newListAttacks,
+
+    -- * Request Lenses
+    listAttacks_endTime,
+    listAttacks_maxResults,
+    listAttacks_nextToken,
+    listAttacks_resourceArns,
+    listAttacks_startTime,
+
+    -- * Destructuring the Response
+    ListAttacksResponse (..),
+    newListAttacksResponse,
+
+    -- * Response Lenses
+    listAttacksResponse_attackSummaries,
+    listAttacksResponse_nextToken,
+    listAttacksResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newListAttacks' smart constructor.
+data ListAttacks = ListAttacks'
+  { -- | The end of the time period for the attacks. This is a @timestamp@ type.
+    -- The request syntax listing for this call indicates a @number@ type, but
+    -- you can provide the time in any valid
+    -- <https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-types.html#parameter-type-timestamp timestamp format>
+    -- setting.
+    endTime :: Prelude.Maybe TimeRange,
+    -- | The greatest number of objects that you want Shield Advanced to return
+    -- to the list request. Shield Advanced might return fewer objects than you
+    -- indicate in this setting, even if more objects are available. If there
+    -- are more objects remaining, Shield Advanced will always also return a
+    -- @NextToken@ value in the response.
+    --
+    -- The default setting is 20.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects from Shield Advanced, if the response
+    -- does not include all of the remaining available objects, Shield Advanced
+    -- includes a @NextToken@ value in the response. You can retrieve the next
+    -- batch of objects by requesting the list again and providing the token
+    -- that was returned by the prior call in your request.
+    --
+    -- You can indicate the maximum number of objects that you want Shield
+    -- Advanced to return for a single call with the @MaxResults@ setting.
+    -- Shield Advanced will not return more than @MaxResults@ objects, but may
+    -- return fewer, even if more objects are still available.
+    --
+    -- Whenever more objects remain that Shield Advanced has not yet returned
+    -- to you, the response will include a @NextToken@ value.
+    --
+    -- On your first call to a list operation, leave this setting empty.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The ARNs (Amazon Resource Names) of the resources that were attacked. If
+    -- you leave this blank, all applicable resources for this account will be
+    -- included.
+    resourceArns :: Prelude.Maybe [Prelude.Text],
+    -- | The start of the time period for the attacks. This is a @timestamp@
+    -- type. The request syntax listing for this call indicates a @number@
+    -- type, but you can provide the time in any valid
+    -- <https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-types.html#parameter-type-timestamp timestamp format>
+    -- setting.
+    startTime :: Prelude.Maybe TimeRange
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAttacks' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'endTime', 'listAttacks_endTime' - The end of the time period for the attacks. This is a @timestamp@ type.
+-- The request syntax listing for this call indicates a @number@ type, but
+-- you can provide the time in any valid
+-- <https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-types.html#parameter-type-timestamp timestamp format>
+-- setting.
+--
+-- 'maxResults', 'listAttacks_maxResults' - The greatest number of objects that you want Shield Advanced to return
+-- to the list request. Shield Advanced might return fewer objects than you
+-- indicate in this setting, even if more objects are available. If there
+-- are more objects remaining, Shield Advanced will always also return a
+-- @NextToken@ value in the response.
+--
+-- The default setting is 20.
+--
+-- 'nextToken', 'listAttacks_nextToken' - When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+--
+-- On your first call to a list operation, leave this setting empty.
+--
+-- 'resourceArns', 'listAttacks_resourceArns' - The ARNs (Amazon Resource Names) of the resources that were attacked. If
+-- you leave this blank, all applicable resources for this account will be
+-- included.
+--
+-- 'startTime', 'listAttacks_startTime' - The start of the time period for the attacks. This is a @timestamp@
+-- type. The request syntax listing for this call indicates a @number@
+-- type, but you can provide the time in any valid
+-- <https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-types.html#parameter-type-timestamp timestamp format>
+-- setting.
+newListAttacks ::
+  ListAttacks
+newListAttacks =
+  ListAttacks'
+    { endTime = Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      resourceArns = Prelude.Nothing,
+      startTime = Prelude.Nothing
+    }
+
+-- | The end of the time period for the attacks. This is a @timestamp@ type.
+-- The request syntax listing for this call indicates a @number@ type, but
+-- you can provide the time in any valid
+-- <https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-types.html#parameter-type-timestamp timestamp format>
+-- setting.
+listAttacks_endTime :: Lens.Lens' ListAttacks (Prelude.Maybe TimeRange)
+listAttacks_endTime = Lens.lens (\ListAttacks' {endTime} -> endTime) (\s@ListAttacks' {} a -> s {endTime = a} :: ListAttacks)
+
+-- | The greatest number of objects that you want Shield Advanced to return
+-- to the list request. Shield Advanced might return fewer objects than you
+-- indicate in this setting, even if more objects are available. If there
+-- are more objects remaining, Shield Advanced will always also return a
+-- @NextToken@ value in the response.
+--
+-- The default setting is 20.
+listAttacks_maxResults :: Lens.Lens' ListAttacks (Prelude.Maybe Prelude.Natural)
+listAttacks_maxResults = Lens.lens (\ListAttacks' {maxResults} -> maxResults) (\s@ListAttacks' {} a -> s {maxResults = a} :: ListAttacks)
+
+-- | When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+--
+-- On your first call to a list operation, leave this setting empty.
+listAttacks_nextToken :: Lens.Lens' ListAttacks (Prelude.Maybe Prelude.Text)
+listAttacks_nextToken = Lens.lens (\ListAttacks' {nextToken} -> nextToken) (\s@ListAttacks' {} a -> s {nextToken = a} :: ListAttacks)
+
+-- | The ARNs (Amazon Resource Names) of the resources that were attacked. If
+-- you leave this blank, all applicable resources for this account will be
+-- included.
+listAttacks_resourceArns :: Lens.Lens' ListAttacks (Prelude.Maybe [Prelude.Text])
+listAttacks_resourceArns = Lens.lens (\ListAttacks' {resourceArns} -> resourceArns) (\s@ListAttacks' {} a -> s {resourceArns = a} :: ListAttacks) Prelude.. Lens.mapping Lens.coerced
+
+-- | The start of the time period for the attacks. This is a @timestamp@
+-- type. The request syntax listing for this call indicates a @number@
+-- type, but you can provide the time in any valid
+-- <https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-types.html#parameter-type-timestamp timestamp format>
+-- setting.
+listAttacks_startTime :: Lens.Lens' ListAttacks (Prelude.Maybe TimeRange)
+listAttacks_startTime = Lens.lens (\ListAttacks' {startTime} -> startTime) (\s@ListAttacks' {} a -> s {startTime = a} :: ListAttacks)
+
+instance Core.AWSPager ListAttacks where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listAttacksResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listAttacksResponse_attackSummaries
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listAttacks_nextToken
+          Lens..~ rs
+          Lens.^? listAttacksResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListAttacks where
+  type AWSResponse ListAttacks = ListAttacksResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListAttacksResponse'
+            Prelude.<$> ( x
+                            Data..?> "AttackSummaries"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListAttacks where
+  hashWithSalt _salt ListAttacks' {..} =
+    _salt
+      `Prelude.hashWithSalt` endTime
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+      `Prelude.hashWithSalt` resourceArns
+      `Prelude.hashWithSalt` startTime
+
+instance Prelude.NFData ListAttacks where
+  rnf ListAttacks' {..} =
+    Prelude.rnf endTime
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf resourceArns
+      `Prelude.seq` Prelude.rnf startTime
+
+instance Data.ToHeaders ListAttacks where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.ListAttacks" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListAttacks where
+  toJSON ListAttacks' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("EndTime" Data..=) Prelude.<$> endTime,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            ("ResourceArns" Data..=) Prelude.<$> resourceArns,
+            ("StartTime" Data..=) Prelude.<$> startTime
+          ]
+      )
+
+instance Data.ToPath ListAttacks where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListAttacks where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListAttacksResponse' smart constructor.
+data ListAttacksResponse = ListAttacksResponse'
+  { -- | The attack information for the specified time range.
+    attackSummaries :: Prelude.Maybe [AttackSummary],
+    -- | When you request a list of objects from Shield Advanced, if the response
+    -- does not include all of the remaining available objects, Shield Advanced
+    -- includes a @NextToken@ value in the response. You can retrieve the next
+    -- batch of objects by requesting the list again and providing the token
+    -- that was returned by the prior call in your request.
+    --
+    -- You can indicate the maximum number of objects that you want Shield
+    -- Advanced to return for a single call with the @MaxResults@ setting.
+    -- Shield Advanced will not return more than @MaxResults@ objects, but may
+    -- return fewer, even if more objects are still available.
+    --
+    -- Whenever more objects remain that Shield Advanced has not yet returned
+    -- to you, the response will include a @NextToken@ value.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAttacksResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attackSummaries', 'listAttacksResponse_attackSummaries' - The attack information for the specified time range.
+--
+-- 'nextToken', 'listAttacksResponse_nextToken' - When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+--
+-- 'httpStatus', 'listAttacksResponse_httpStatus' - The response's http status code.
+newListAttacksResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListAttacksResponse
+newListAttacksResponse pHttpStatus_ =
+  ListAttacksResponse'
+    { attackSummaries =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The attack information for the specified time range.
+listAttacksResponse_attackSummaries :: Lens.Lens' ListAttacksResponse (Prelude.Maybe [AttackSummary])
+listAttacksResponse_attackSummaries = Lens.lens (\ListAttacksResponse' {attackSummaries} -> attackSummaries) (\s@ListAttacksResponse' {} a -> s {attackSummaries = a} :: ListAttacksResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+listAttacksResponse_nextToken :: Lens.Lens' ListAttacksResponse (Prelude.Maybe Prelude.Text)
+listAttacksResponse_nextToken = Lens.lens (\ListAttacksResponse' {nextToken} -> nextToken) (\s@ListAttacksResponse' {} a -> s {nextToken = a} :: ListAttacksResponse)
+
+-- | The response's http status code.
+listAttacksResponse_httpStatus :: Lens.Lens' ListAttacksResponse Prelude.Int
+listAttacksResponse_httpStatus = Lens.lens (\ListAttacksResponse' {httpStatus} -> httpStatus) (\s@ListAttacksResponse' {} a -> s {httpStatus = a} :: ListAttacksResponse)
+
+instance Prelude.NFData ListAttacksResponse where
+  rnf ListAttacksResponse' {..} =
+    Prelude.rnf attackSummaries
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/ListProtectionGroups.hs b/gen/Amazonka/Shield/ListProtectionGroups.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/ListProtectionGroups.hs
@@ -0,0 +1,325 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.ListProtectionGroups
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves ProtectionGroup objects for the account. You can retrieve all
+-- protection groups or you can provide filtering criteria and retrieve
+-- just the subset of protection groups that match the criteria.
+module Amazonka.Shield.ListProtectionGroups
+  ( -- * Creating a Request
+    ListProtectionGroups (..),
+    newListProtectionGroups,
+
+    -- * Request Lenses
+    listProtectionGroups_inclusionFilters,
+    listProtectionGroups_maxResults,
+    listProtectionGroups_nextToken,
+
+    -- * Destructuring the Response
+    ListProtectionGroupsResponse (..),
+    newListProtectionGroupsResponse,
+
+    -- * Response Lenses
+    listProtectionGroupsResponse_nextToken,
+    listProtectionGroupsResponse_httpStatus,
+    listProtectionGroupsResponse_protectionGroups,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newListProtectionGroups' smart constructor.
+data ListProtectionGroups = ListProtectionGroups'
+  { -- | Narrows the set of protection groups that the call retrieves. You can
+    -- retrieve a single protection group by its name and you can retrieve all
+    -- protection groups that are configured with specific pattern or
+    -- aggregation settings. You can provide up to one criteria per filter
+    -- type. Shield Advanced returns the protection groups that exactly match
+    -- all of the search criteria that you provide.
+    inclusionFilters :: Prelude.Maybe InclusionProtectionGroupFilters,
+    -- | The greatest number of objects that you want Shield Advanced to return
+    -- to the list request. Shield Advanced might return fewer objects than you
+    -- indicate in this setting, even if more objects are available. If there
+    -- are more objects remaining, Shield Advanced will always also return a
+    -- @NextToken@ value in the response.
+    --
+    -- The default setting is 20.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects from Shield Advanced, if the response
+    -- does not include all of the remaining available objects, Shield Advanced
+    -- includes a @NextToken@ value in the response. You can retrieve the next
+    -- batch of objects by requesting the list again and providing the token
+    -- that was returned by the prior call in your request.
+    --
+    -- You can indicate the maximum number of objects that you want Shield
+    -- Advanced to return for a single call with the @MaxResults@ setting.
+    -- Shield Advanced will not return more than @MaxResults@ objects, but may
+    -- return fewer, even if more objects are still available.
+    --
+    -- Whenever more objects remain that Shield Advanced has not yet returned
+    -- to you, the response will include a @NextToken@ value.
+    --
+    -- On your first call to a list operation, leave this setting empty.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListProtectionGroups' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'inclusionFilters', 'listProtectionGroups_inclusionFilters' - Narrows the set of protection groups that the call retrieves. You can
+-- retrieve a single protection group by its name and you can retrieve all
+-- protection groups that are configured with specific pattern or
+-- aggregation settings. You can provide up to one criteria per filter
+-- type. Shield Advanced returns the protection groups that exactly match
+-- all of the search criteria that you provide.
+--
+-- 'maxResults', 'listProtectionGroups_maxResults' - The greatest number of objects that you want Shield Advanced to return
+-- to the list request. Shield Advanced might return fewer objects than you
+-- indicate in this setting, even if more objects are available. If there
+-- are more objects remaining, Shield Advanced will always also return a
+-- @NextToken@ value in the response.
+--
+-- The default setting is 20.
+--
+-- 'nextToken', 'listProtectionGroups_nextToken' - When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+--
+-- On your first call to a list operation, leave this setting empty.
+newListProtectionGroups ::
+  ListProtectionGroups
+newListProtectionGroups =
+  ListProtectionGroups'
+    { inclusionFilters =
+        Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | Narrows the set of protection groups that the call retrieves. You can
+-- retrieve a single protection group by its name and you can retrieve all
+-- protection groups that are configured with specific pattern or
+-- aggregation settings. You can provide up to one criteria per filter
+-- type. Shield Advanced returns the protection groups that exactly match
+-- all of the search criteria that you provide.
+listProtectionGroups_inclusionFilters :: Lens.Lens' ListProtectionGroups (Prelude.Maybe InclusionProtectionGroupFilters)
+listProtectionGroups_inclusionFilters = Lens.lens (\ListProtectionGroups' {inclusionFilters} -> inclusionFilters) (\s@ListProtectionGroups' {} a -> s {inclusionFilters = a} :: ListProtectionGroups)
+
+-- | The greatest number of objects that you want Shield Advanced to return
+-- to the list request. Shield Advanced might return fewer objects than you
+-- indicate in this setting, even if more objects are available. If there
+-- are more objects remaining, Shield Advanced will always also return a
+-- @NextToken@ value in the response.
+--
+-- The default setting is 20.
+listProtectionGroups_maxResults :: Lens.Lens' ListProtectionGroups (Prelude.Maybe Prelude.Natural)
+listProtectionGroups_maxResults = Lens.lens (\ListProtectionGroups' {maxResults} -> maxResults) (\s@ListProtectionGroups' {} a -> s {maxResults = a} :: ListProtectionGroups)
+
+-- | When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+--
+-- On your first call to a list operation, leave this setting empty.
+listProtectionGroups_nextToken :: Lens.Lens' ListProtectionGroups (Prelude.Maybe Prelude.Text)
+listProtectionGroups_nextToken = Lens.lens (\ListProtectionGroups' {nextToken} -> nextToken) (\s@ListProtectionGroups' {} a -> s {nextToken = a} :: ListProtectionGroups)
+
+instance Core.AWSRequest ListProtectionGroups where
+  type
+    AWSResponse ListProtectionGroups =
+      ListProtectionGroupsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListProtectionGroupsResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> ( x
+                            Data..?> "ProtectionGroups"
+                            Core..!@ Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable ListProtectionGroups where
+  hashWithSalt _salt ListProtectionGroups' {..} =
+    _salt
+      `Prelude.hashWithSalt` inclusionFilters
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListProtectionGroups where
+  rnf ListProtectionGroups' {..} =
+    Prelude.rnf inclusionFilters
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListProtectionGroups where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.ListProtectionGroups" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListProtectionGroups where
+  toJSON ListProtectionGroups' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("InclusionFilters" Data..=)
+              Prelude.<$> inclusionFilters,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken
+          ]
+      )
+
+instance Data.ToPath ListProtectionGroups where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListProtectionGroups where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListProtectionGroupsResponse' smart constructor.
+data ListProtectionGroupsResponse = ListProtectionGroupsResponse'
+  { -- | When you request a list of objects from Shield Advanced, if the response
+    -- does not include all of the remaining available objects, Shield Advanced
+    -- includes a @NextToken@ value in the response. You can retrieve the next
+    -- batch of objects by requesting the list again and providing the token
+    -- that was returned by the prior call in your request.
+    --
+    -- You can indicate the maximum number of objects that you want Shield
+    -- Advanced to return for a single call with the @MaxResults@ setting.
+    -- Shield Advanced will not return more than @MaxResults@ objects, but may
+    -- return fewer, even if more objects are still available.
+    --
+    -- Whenever more objects remain that Shield Advanced has not yet returned
+    -- to you, the response will include a @NextToken@ value.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    protectionGroups :: [ProtectionGroup]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListProtectionGroupsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listProtectionGroupsResponse_nextToken' - When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+--
+-- 'httpStatus', 'listProtectionGroupsResponse_httpStatus' - The response's http status code.
+--
+-- 'protectionGroups', 'listProtectionGroupsResponse_protectionGroups' -
+newListProtectionGroupsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListProtectionGroupsResponse
+newListProtectionGroupsResponse pHttpStatus_ =
+  ListProtectionGroupsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_,
+      protectionGroups = Prelude.mempty
+    }
+
+-- | When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+listProtectionGroupsResponse_nextToken :: Lens.Lens' ListProtectionGroupsResponse (Prelude.Maybe Prelude.Text)
+listProtectionGroupsResponse_nextToken = Lens.lens (\ListProtectionGroupsResponse' {nextToken} -> nextToken) (\s@ListProtectionGroupsResponse' {} a -> s {nextToken = a} :: ListProtectionGroupsResponse)
+
+-- | The response's http status code.
+listProtectionGroupsResponse_httpStatus :: Lens.Lens' ListProtectionGroupsResponse Prelude.Int
+listProtectionGroupsResponse_httpStatus = Lens.lens (\ListProtectionGroupsResponse' {httpStatus} -> httpStatus) (\s@ListProtectionGroupsResponse' {} a -> s {httpStatus = a} :: ListProtectionGroupsResponse)
+
+listProtectionGroupsResponse_protectionGroups :: Lens.Lens' ListProtectionGroupsResponse [ProtectionGroup]
+listProtectionGroupsResponse_protectionGroups = Lens.lens (\ListProtectionGroupsResponse' {protectionGroups} -> protectionGroups) (\s@ListProtectionGroupsResponse' {} a -> s {protectionGroups = a} :: ListProtectionGroupsResponse) Prelude.. Lens.coerced
+
+instance Prelude.NFData ListProtectionGroupsResponse where
+  rnf ListProtectionGroupsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf protectionGroups
diff --git a/gen/Amazonka/Shield/ListProtections.hs b/gen/Amazonka/Shield/ListProtections.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/ListProtections.hs
@@ -0,0 +1,348 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.ListProtections
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves Protection objects for the account. You can retrieve all
+-- protections or you can provide filtering criteria and retrieve just the
+-- subset of protections that match the criteria.
+--
+-- This operation returns paginated results.
+module Amazonka.Shield.ListProtections
+  ( -- * Creating a Request
+    ListProtections (..),
+    newListProtections,
+
+    -- * Request Lenses
+    listProtections_inclusionFilters,
+    listProtections_maxResults,
+    listProtections_nextToken,
+
+    -- * Destructuring the Response
+    ListProtectionsResponse (..),
+    newListProtectionsResponse,
+
+    -- * Response Lenses
+    listProtectionsResponse_nextToken,
+    listProtectionsResponse_protections,
+    listProtectionsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newListProtections' smart constructor.
+data ListProtections = ListProtections'
+  { -- | Narrows the set of protections that the call retrieves. You can retrieve
+    -- a single protection by providing its name or the ARN (Amazon Resource
+    -- Name) of its protected resource. You can also retrieve all protections
+    -- for a specific resource type. You can provide up to one criteria per
+    -- filter type. Shield Advanced returns protections that exactly match all
+    -- of the filter criteria that you provide.
+    inclusionFilters :: Prelude.Maybe InclusionProtectionFilters,
+    -- | The greatest number of objects that you want Shield Advanced to return
+    -- to the list request. Shield Advanced might return fewer objects than you
+    -- indicate in this setting, even if more objects are available. If there
+    -- are more objects remaining, Shield Advanced will always also return a
+    -- @NextToken@ value in the response.
+    --
+    -- The default setting is 20.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects from Shield Advanced, if the response
+    -- does not include all of the remaining available objects, Shield Advanced
+    -- includes a @NextToken@ value in the response. You can retrieve the next
+    -- batch of objects by requesting the list again and providing the token
+    -- that was returned by the prior call in your request.
+    --
+    -- You can indicate the maximum number of objects that you want Shield
+    -- Advanced to return for a single call with the @MaxResults@ setting.
+    -- Shield Advanced will not return more than @MaxResults@ objects, but may
+    -- return fewer, even if more objects are still available.
+    --
+    -- Whenever more objects remain that Shield Advanced has not yet returned
+    -- to you, the response will include a @NextToken@ value.
+    --
+    -- On your first call to a list operation, leave this setting empty.
+    nextToken :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListProtections' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'inclusionFilters', 'listProtections_inclusionFilters' - Narrows the set of protections that the call retrieves. You can retrieve
+-- a single protection by providing its name or the ARN (Amazon Resource
+-- Name) of its protected resource. You can also retrieve all protections
+-- for a specific resource type. You can provide up to one criteria per
+-- filter type. Shield Advanced returns protections that exactly match all
+-- of the filter criteria that you provide.
+--
+-- 'maxResults', 'listProtections_maxResults' - The greatest number of objects that you want Shield Advanced to return
+-- to the list request. Shield Advanced might return fewer objects than you
+-- indicate in this setting, even if more objects are available. If there
+-- are more objects remaining, Shield Advanced will always also return a
+-- @NextToken@ value in the response.
+--
+-- The default setting is 20.
+--
+-- 'nextToken', 'listProtections_nextToken' - When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+--
+-- On your first call to a list operation, leave this setting empty.
+newListProtections ::
+  ListProtections
+newListProtections =
+  ListProtections'
+    { inclusionFilters =
+        Prelude.Nothing,
+      maxResults = Prelude.Nothing,
+      nextToken = Prelude.Nothing
+    }
+
+-- | Narrows the set of protections that the call retrieves. You can retrieve
+-- a single protection by providing its name or the ARN (Amazon Resource
+-- Name) of its protected resource. You can also retrieve all protections
+-- for a specific resource type. You can provide up to one criteria per
+-- filter type. Shield Advanced returns protections that exactly match all
+-- of the filter criteria that you provide.
+listProtections_inclusionFilters :: Lens.Lens' ListProtections (Prelude.Maybe InclusionProtectionFilters)
+listProtections_inclusionFilters = Lens.lens (\ListProtections' {inclusionFilters} -> inclusionFilters) (\s@ListProtections' {} a -> s {inclusionFilters = a} :: ListProtections)
+
+-- | The greatest number of objects that you want Shield Advanced to return
+-- to the list request. Shield Advanced might return fewer objects than you
+-- indicate in this setting, even if more objects are available. If there
+-- are more objects remaining, Shield Advanced will always also return a
+-- @NextToken@ value in the response.
+--
+-- The default setting is 20.
+listProtections_maxResults :: Lens.Lens' ListProtections (Prelude.Maybe Prelude.Natural)
+listProtections_maxResults = Lens.lens (\ListProtections' {maxResults} -> maxResults) (\s@ListProtections' {} a -> s {maxResults = a} :: ListProtections)
+
+-- | When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+--
+-- On your first call to a list operation, leave this setting empty.
+listProtections_nextToken :: Lens.Lens' ListProtections (Prelude.Maybe Prelude.Text)
+listProtections_nextToken = Lens.lens (\ListProtections' {nextToken} -> nextToken) (\s@ListProtections' {} a -> s {nextToken = a} :: ListProtections)
+
+instance Core.AWSPager ListProtections where
+  page rq rs
+    | Core.stop
+        ( rs
+            Lens.^? listProtectionsResponse_nextToken
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Core.stop
+        ( rs
+            Lens.^? listProtectionsResponse_protections
+            Prelude.. Lens._Just
+        ) =
+        Prelude.Nothing
+    | Prelude.otherwise =
+        Prelude.Just
+          Prelude.$ rq
+          Prelude.& listProtections_nextToken
+          Lens..~ rs
+          Lens.^? listProtectionsResponse_nextToken
+          Prelude.. Lens._Just
+
+instance Core.AWSRequest ListProtections where
+  type
+    AWSResponse ListProtections =
+      ListProtectionsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListProtectionsResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> (x Data..?> "Protections" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListProtections where
+  hashWithSalt _salt ListProtections' {..} =
+    _salt
+      `Prelude.hashWithSalt` inclusionFilters
+      `Prelude.hashWithSalt` maxResults
+      `Prelude.hashWithSalt` nextToken
+
+instance Prelude.NFData ListProtections where
+  rnf ListProtections' {..} =
+    Prelude.rnf inclusionFilters
+      `Prelude.seq` Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+
+instance Data.ToHeaders ListProtections where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.ListProtections" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListProtections where
+  toJSON ListProtections' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("InclusionFilters" Data..=)
+              Prelude.<$> inclusionFilters,
+            ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken
+          ]
+      )
+
+instance Data.ToPath ListProtections where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListProtections where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListProtectionsResponse' smart constructor.
+data ListProtectionsResponse = ListProtectionsResponse'
+  { -- | When you request a list of objects from Shield Advanced, if the response
+    -- does not include all of the remaining available objects, Shield Advanced
+    -- includes a @NextToken@ value in the response. You can retrieve the next
+    -- batch of objects by requesting the list again and providing the token
+    -- that was returned by the prior call in your request.
+    --
+    -- You can indicate the maximum number of objects that you want Shield
+    -- Advanced to return for a single call with the @MaxResults@ setting.
+    -- Shield Advanced will not return more than @MaxResults@ objects, but may
+    -- return fewer, even if more objects are still available.
+    --
+    -- Whenever more objects remain that Shield Advanced has not yet returned
+    -- to you, the response will include a @NextToken@ value.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The array of enabled Protection objects.
+    protections :: Prelude.Maybe [Protection],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListProtectionsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listProtectionsResponse_nextToken' - When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+--
+-- 'protections', 'listProtectionsResponse_protections' - The array of enabled Protection objects.
+--
+-- 'httpStatus', 'listProtectionsResponse_httpStatus' - The response's http status code.
+newListProtectionsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListProtectionsResponse
+newListProtectionsResponse pHttpStatus_ =
+  ListProtectionsResponse'
+    { nextToken =
+        Prelude.Nothing,
+      protections = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+listProtectionsResponse_nextToken :: Lens.Lens' ListProtectionsResponse (Prelude.Maybe Prelude.Text)
+listProtectionsResponse_nextToken = Lens.lens (\ListProtectionsResponse' {nextToken} -> nextToken) (\s@ListProtectionsResponse' {} a -> s {nextToken = a} :: ListProtectionsResponse)
+
+-- | The array of enabled Protection objects.
+listProtectionsResponse_protections :: Lens.Lens' ListProtectionsResponse (Prelude.Maybe [Protection])
+listProtectionsResponse_protections = Lens.lens (\ListProtectionsResponse' {protections} -> protections) (\s@ListProtectionsResponse' {} a -> s {protections = a} :: ListProtectionsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listProtectionsResponse_httpStatus :: Lens.Lens' ListProtectionsResponse Prelude.Int
+listProtectionsResponse_httpStatus = Lens.lens (\ListProtectionsResponse' {httpStatus} -> httpStatus) (\s@ListProtectionsResponse' {} a -> s {httpStatus = a} :: ListProtectionsResponse)
+
+instance Prelude.NFData ListProtectionsResponse where
+  rnf ListProtectionsResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf protections
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/ListResourcesInProtectionGroup.hs b/gen/Amazonka/Shield/ListResourcesInProtectionGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/ListResourcesInProtectionGroup.hs
@@ -0,0 +1,336 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.ListResourcesInProtectionGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the resources that are included in the protection group.
+module Amazonka.Shield.ListResourcesInProtectionGroup
+  ( -- * Creating a Request
+    ListResourcesInProtectionGroup (..),
+    newListResourcesInProtectionGroup,
+
+    -- * Request Lenses
+    listResourcesInProtectionGroup_maxResults,
+    listResourcesInProtectionGroup_nextToken,
+    listResourcesInProtectionGroup_protectionGroupId,
+
+    -- * Destructuring the Response
+    ListResourcesInProtectionGroupResponse (..),
+    newListResourcesInProtectionGroupResponse,
+
+    -- * Response Lenses
+    listResourcesInProtectionGroupResponse_nextToken,
+    listResourcesInProtectionGroupResponse_httpStatus,
+    listResourcesInProtectionGroupResponse_resourceArns,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newListResourcesInProtectionGroup' smart constructor.
+data ListResourcesInProtectionGroup = ListResourcesInProtectionGroup'
+  { -- | The greatest number of objects that you want Shield Advanced to return
+    -- to the list request. Shield Advanced might return fewer objects than you
+    -- indicate in this setting, even if more objects are available. If there
+    -- are more objects remaining, Shield Advanced will always also return a
+    -- @NextToken@ value in the response.
+    --
+    -- The default setting is 20.
+    maxResults :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects from Shield Advanced, if the response
+    -- does not include all of the remaining available objects, Shield Advanced
+    -- includes a @NextToken@ value in the response. You can retrieve the next
+    -- batch of objects by requesting the list again and providing the token
+    -- that was returned by the prior call in your request.
+    --
+    -- You can indicate the maximum number of objects that you want Shield
+    -- Advanced to return for a single call with the @MaxResults@ setting.
+    -- Shield Advanced will not return more than @MaxResults@ objects, but may
+    -- return fewer, even if more objects are still available.
+    --
+    -- Whenever more objects remain that Shield Advanced has not yet returned
+    -- to you, the response will include a @NextToken@ value.
+    --
+    -- On your first call to a list operation, leave this setting empty.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The name of the protection group. You use this to identify the
+    -- protection group in lists and to manage the protection group, for
+    -- example to update, delete, or describe it.
+    protectionGroupId :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResourcesInProtectionGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxResults', 'listResourcesInProtectionGroup_maxResults' - The greatest number of objects that you want Shield Advanced to return
+-- to the list request. Shield Advanced might return fewer objects than you
+-- indicate in this setting, even if more objects are available. If there
+-- are more objects remaining, Shield Advanced will always also return a
+-- @NextToken@ value in the response.
+--
+-- The default setting is 20.
+--
+-- 'nextToken', 'listResourcesInProtectionGroup_nextToken' - When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+--
+-- On your first call to a list operation, leave this setting empty.
+--
+-- 'protectionGroupId', 'listResourcesInProtectionGroup_protectionGroupId' - The name of the protection group. You use this to identify the
+-- protection group in lists and to manage the protection group, for
+-- example to update, delete, or describe it.
+newListResourcesInProtectionGroup ::
+  -- | 'protectionGroupId'
+  Prelude.Text ->
+  ListResourcesInProtectionGroup
+newListResourcesInProtectionGroup pProtectionGroupId_ =
+  ListResourcesInProtectionGroup'
+    { maxResults =
+        Prelude.Nothing,
+      nextToken = Prelude.Nothing,
+      protectionGroupId = pProtectionGroupId_
+    }
+
+-- | The greatest number of objects that you want Shield Advanced to return
+-- to the list request. Shield Advanced might return fewer objects than you
+-- indicate in this setting, even if more objects are available. If there
+-- are more objects remaining, Shield Advanced will always also return a
+-- @NextToken@ value in the response.
+--
+-- The default setting is 20.
+listResourcesInProtectionGroup_maxResults :: Lens.Lens' ListResourcesInProtectionGroup (Prelude.Maybe Prelude.Natural)
+listResourcesInProtectionGroup_maxResults = Lens.lens (\ListResourcesInProtectionGroup' {maxResults} -> maxResults) (\s@ListResourcesInProtectionGroup' {} a -> s {maxResults = a} :: ListResourcesInProtectionGroup)
+
+-- | When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+--
+-- On your first call to a list operation, leave this setting empty.
+listResourcesInProtectionGroup_nextToken :: Lens.Lens' ListResourcesInProtectionGroup (Prelude.Maybe Prelude.Text)
+listResourcesInProtectionGroup_nextToken = Lens.lens (\ListResourcesInProtectionGroup' {nextToken} -> nextToken) (\s@ListResourcesInProtectionGroup' {} a -> s {nextToken = a} :: ListResourcesInProtectionGroup)
+
+-- | The name of the protection group. You use this to identify the
+-- protection group in lists and to manage the protection group, for
+-- example to update, delete, or describe it.
+listResourcesInProtectionGroup_protectionGroupId :: Lens.Lens' ListResourcesInProtectionGroup Prelude.Text
+listResourcesInProtectionGroup_protectionGroupId = Lens.lens (\ListResourcesInProtectionGroup' {protectionGroupId} -> protectionGroupId) (\s@ListResourcesInProtectionGroup' {} a -> s {protectionGroupId = a} :: ListResourcesInProtectionGroup)
+
+instance
+  Core.AWSRequest
+    ListResourcesInProtectionGroup
+  where
+  type
+    AWSResponse ListResourcesInProtectionGroup =
+      ListResourcesInProtectionGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListResourcesInProtectionGroupResponse'
+            Prelude.<$> (x Data..?> "NextToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+            Prelude.<*> (x Data..?> "ResourceArns" Core..!@ Prelude.mempty)
+      )
+
+instance
+  Prelude.Hashable
+    ListResourcesInProtectionGroup
+  where
+  hashWithSalt
+    _salt
+    ListResourcesInProtectionGroup' {..} =
+      _salt
+        `Prelude.hashWithSalt` maxResults
+        `Prelude.hashWithSalt` nextToken
+        `Prelude.hashWithSalt` protectionGroupId
+
+instance
+  Prelude.NFData
+    ListResourcesInProtectionGroup
+  where
+  rnf ListResourcesInProtectionGroup' {..} =
+    Prelude.rnf maxResults
+      `Prelude.seq` Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf protectionGroupId
+
+instance
+  Data.ToHeaders
+    ListResourcesInProtectionGroup
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.ListResourcesInProtectionGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListResourcesInProtectionGroup where
+  toJSON ListResourcesInProtectionGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,
+            ("NextToken" Data..=) Prelude.<$> nextToken,
+            Prelude.Just
+              ("ProtectionGroupId" Data..= protectionGroupId)
+          ]
+      )
+
+instance Data.ToPath ListResourcesInProtectionGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListResourcesInProtectionGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListResourcesInProtectionGroupResponse' smart constructor.
+data ListResourcesInProtectionGroupResponse = ListResourcesInProtectionGroupResponse'
+  { -- | When you request a list of objects from Shield Advanced, if the response
+    -- does not include all of the remaining available objects, Shield Advanced
+    -- includes a @NextToken@ value in the response. You can retrieve the next
+    -- batch of objects by requesting the list again and providing the token
+    -- that was returned by the prior call in your request.
+    --
+    -- You can indicate the maximum number of objects that you want Shield
+    -- Advanced to return for a single call with the @MaxResults@ setting.
+    -- Shield Advanced will not return more than @MaxResults@ objects, but may
+    -- return fewer, even if more objects are still available.
+    --
+    -- Whenever more objects remain that Shield Advanced has not yet returned
+    -- to you, the response will include a @NextToken@ value.
+    nextToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int,
+    -- | The Amazon Resource Names (ARNs) of the resources that are included in
+    -- the protection group.
+    resourceArns :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResourcesInProtectionGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextToken', 'listResourcesInProtectionGroupResponse_nextToken' - When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+--
+-- 'httpStatus', 'listResourcesInProtectionGroupResponse_httpStatus' - The response's http status code.
+--
+-- 'resourceArns', 'listResourcesInProtectionGroupResponse_resourceArns' - The Amazon Resource Names (ARNs) of the resources that are included in
+-- the protection group.
+newListResourcesInProtectionGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListResourcesInProtectionGroupResponse
+newListResourcesInProtectionGroupResponse
+  pHttpStatus_ =
+    ListResourcesInProtectionGroupResponse'
+      { nextToken =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_,
+        resourceArns = Prelude.mempty
+      }
+
+-- | When you request a list of objects from Shield Advanced, if the response
+-- does not include all of the remaining available objects, Shield Advanced
+-- includes a @NextToken@ value in the response. You can retrieve the next
+-- batch of objects by requesting the list again and providing the token
+-- that was returned by the prior call in your request.
+--
+-- You can indicate the maximum number of objects that you want Shield
+-- Advanced to return for a single call with the @MaxResults@ setting.
+-- Shield Advanced will not return more than @MaxResults@ objects, but may
+-- return fewer, even if more objects are still available.
+--
+-- Whenever more objects remain that Shield Advanced has not yet returned
+-- to you, the response will include a @NextToken@ value.
+listResourcesInProtectionGroupResponse_nextToken :: Lens.Lens' ListResourcesInProtectionGroupResponse (Prelude.Maybe Prelude.Text)
+listResourcesInProtectionGroupResponse_nextToken = Lens.lens (\ListResourcesInProtectionGroupResponse' {nextToken} -> nextToken) (\s@ListResourcesInProtectionGroupResponse' {} a -> s {nextToken = a} :: ListResourcesInProtectionGroupResponse)
+
+-- | The response's http status code.
+listResourcesInProtectionGroupResponse_httpStatus :: Lens.Lens' ListResourcesInProtectionGroupResponse Prelude.Int
+listResourcesInProtectionGroupResponse_httpStatus = Lens.lens (\ListResourcesInProtectionGroupResponse' {httpStatus} -> httpStatus) (\s@ListResourcesInProtectionGroupResponse' {} a -> s {httpStatus = a} :: ListResourcesInProtectionGroupResponse)
+
+-- | The Amazon Resource Names (ARNs) of the resources that are included in
+-- the protection group.
+listResourcesInProtectionGroupResponse_resourceArns :: Lens.Lens' ListResourcesInProtectionGroupResponse [Prelude.Text]
+listResourcesInProtectionGroupResponse_resourceArns = Lens.lens (\ListResourcesInProtectionGroupResponse' {resourceArns} -> resourceArns) (\s@ListResourcesInProtectionGroupResponse' {} a -> s {resourceArns = a} :: ListResourcesInProtectionGroupResponse) Prelude.. Lens.coerced
+
+instance
+  Prelude.NFData
+    ListResourcesInProtectionGroupResponse
+  where
+  rnf ListResourcesInProtectionGroupResponse' {..} =
+    Prelude.rnf nextToken
+      `Prelude.seq` Prelude.rnf httpStatus
+      `Prelude.seq` Prelude.rnf resourceArns
diff --git a/gen/Amazonka/Shield/ListTagsForResource.hs b/gen/Amazonka/Shield/ListTagsForResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/ListTagsForResource.hs
@@ -0,0 +1,173 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.ListTagsForResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets information about Amazon Web Services tags for a specified Amazon
+-- Resource Name (ARN) in Shield.
+module Amazonka.Shield.ListTagsForResource
+  ( -- * Creating a Request
+    ListTagsForResource (..),
+    newListTagsForResource,
+
+    -- * Request Lenses
+    listTagsForResource_resourceARN,
+
+    -- * Destructuring the Response
+    ListTagsForResourceResponse (..),
+    newListTagsForResourceResponse,
+
+    -- * Response Lenses
+    listTagsForResourceResponse_tags,
+    listTagsForResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newListTagsForResource' smart constructor.
+data ListTagsForResource = ListTagsForResource'
+  { -- | The Amazon Resource Name (ARN) of the resource to get tags for.
+    resourceARN :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceARN', 'listTagsForResource_resourceARN' - The Amazon Resource Name (ARN) of the resource to get tags for.
+newListTagsForResource ::
+  -- | 'resourceARN'
+  Prelude.Text ->
+  ListTagsForResource
+newListTagsForResource pResourceARN_ =
+  ListTagsForResource' {resourceARN = pResourceARN_}
+
+-- | The Amazon Resource Name (ARN) of the resource to get tags for.
+listTagsForResource_resourceARN :: Lens.Lens' ListTagsForResource Prelude.Text
+listTagsForResource_resourceARN = Lens.lens (\ListTagsForResource' {resourceARN} -> resourceARN) (\s@ListTagsForResource' {} a -> s {resourceARN = a} :: ListTagsForResource)
+
+instance Core.AWSRequest ListTagsForResource where
+  type
+    AWSResponse ListTagsForResource =
+      ListTagsForResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListTagsForResourceResponse'
+            Prelude.<$> (x Data..?> "Tags" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListTagsForResource where
+  hashWithSalt _salt ListTagsForResource' {..} =
+    _salt `Prelude.hashWithSalt` resourceARN
+
+instance Prelude.NFData ListTagsForResource where
+  rnf ListTagsForResource' {..} =
+    Prelude.rnf resourceARN
+
+instance Data.ToHeaders ListTagsForResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.ListTagsForResource" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListTagsForResource where
+  toJSON ListTagsForResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ResourceARN" Data..= resourceARN)]
+      )
+
+instance Data.ToPath ListTagsForResource where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListTagsForResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListTagsForResourceResponse' smart constructor.
+data ListTagsForResourceResponse = ListTagsForResourceResponse'
+  { -- | A list of tag key and value pairs associated with the specified
+    -- resource.
+    tags :: Prelude.Maybe [Tag],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'tags', 'listTagsForResourceResponse_tags' - A list of tag key and value pairs associated with the specified
+-- resource.
+--
+-- 'httpStatus', 'listTagsForResourceResponse_httpStatus' - The response's http status code.
+newListTagsForResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListTagsForResourceResponse
+newListTagsForResourceResponse pHttpStatus_ =
+  ListTagsForResourceResponse'
+    { tags =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A list of tag key and value pairs associated with the specified
+-- resource.
+listTagsForResourceResponse_tags :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe [Tag])
+listTagsForResourceResponse_tags = Lens.lens (\ListTagsForResourceResponse' {tags} -> tags) (\s@ListTagsForResourceResponse' {} a -> s {tags = a} :: ListTagsForResourceResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listTagsForResourceResponse_httpStatus :: Lens.Lens' ListTagsForResourceResponse Prelude.Int
+listTagsForResourceResponse_httpStatus = Lens.lens (\ListTagsForResourceResponse' {httpStatus} -> httpStatus) (\s@ListTagsForResourceResponse' {} a -> s {httpStatus = a} :: ListTagsForResourceResponse)
+
+instance Prelude.NFData ListTagsForResourceResponse where
+  rnf ListTagsForResourceResponse' {..} =
+    Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/TagResource.hs b/gen/Amazonka/Shield/TagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/TagResource.hs
@@ -0,0 +1,171 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.TagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Adds or updates tags for a resource in Shield.
+module Amazonka.Shield.TagResource
+  ( -- * Creating a Request
+    TagResource (..),
+    newTagResource,
+
+    -- * Request Lenses
+    tagResource_resourceARN,
+    tagResource_tags,
+
+    -- * Destructuring the Response
+    TagResourceResponse (..),
+    newTagResourceResponse,
+
+    -- * Response Lenses
+    tagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newTagResource' smart constructor.
+data TagResource = TagResource'
+  { -- | The Amazon Resource Name (ARN) of the resource that you want to add or
+    -- update tags for.
+    resourceARN :: Prelude.Text,
+    -- | The tags that you want to modify or add to the resource.
+    tags :: [Tag]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceARN', 'tagResource_resourceARN' - The Amazon Resource Name (ARN) of the resource that you want to add or
+-- update tags for.
+--
+-- 'tags', 'tagResource_tags' - The tags that you want to modify or add to the resource.
+newTagResource ::
+  -- | 'resourceARN'
+  Prelude.Text ->
+  TagResource
+newTagResource pResourceARN_ =
+  TagResource'
+    { resourceARN = pResourceARN_,
+      tags = Prelude.mempty
+    }
+
+-- | The Amazon Resource Name (ARN) of the resource that you want to add or
+-- update tags for.
+tagResource_resourceARN :: Lens.Lens' TagResource Prelude.Text
+tagResource_resourceARN = Lens.lens (\TagResource' {resourceARN} -> resourceARN) (\s@TagResource' {} a -> s {resourceARN = a} :: TagResource)
+
+-- | The tags that you want to modify or add to the resource.
+tagResource_tags :: Lens.Lens' TagResource [Tag]
+tagResource_tags = Lens.lens (\TagResource' {tags} -> tags) (\s@TagResource' {} a -> s {tags = a} :: TagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest TagResource where
+  type AWSResponse TagResource = TagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          TagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable TagResource where
+  hashWithSalt _salt TagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceARN
+      `Prelude.hashWithSalt` tags
+
+instance Prelude.NFData TagResource where
+  rnf TagResource' {..} =
+    Prelude.rnf resourceARN
+      `Prelude.seq` Prelude.rnf tags
+
+instance Data.ToHeaders TagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.TagResource" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON TagResource where
+  toJSON TagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ResourceARN" Data..= resourceARN),
+            Prelude.Just ("Tags" Data..= tags)
+          ]
+      )
+
+instance Data.ToPath TagResource where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery TagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newTagResourceResponse' smart constructor.
+data TagResourceResponse = TagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'tagResourceResponse_httpStatus' - The response's http status code.
+newTagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  TagResourceResponse
+newTagResourceResponse pHttpStatus_ =
+  TagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+tagResourceResponse_httpStatus :: Lens.Lens' TagResourceResponse Prelude.Int
+tagResourceResponse_httpStatus = Lens.lens (\TagResourceResponse' {httpStatus} -> httpStatus) (\s@TagResourceResponse' {} a -> s {httpStatus = a} :: TagResourceResponse)
+
+instance Prelude.NFData TagResourceResponse where
+  rnf TagResourceResponse' {..} = Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/Types.hs b/gen/Amazonka/Shield/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types.hs
@@ -0,0 +1,501 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    _AccessDeniedException,
+    _AccessDeniedForDependencyException,
+    _InternalErrorException,
+    _InvalidOperationException,
+    _InvalidPaginationTokenException,
+    _InvalidParameterException,
+    _InvalidResourceException,
+    _LimitsExceededException,
+    _LockedSubscriptionException,
+    _NoAssociatedRoleException,
+    _OptimisticLockException,
+    _ResourceAlreadyExistsException,
+    _ResourceNotFoundException,
+
+    -- * ApplicationLayerAutomaticResponseStatus
+    ApplicationLayerAutomaticResponseStatus (..),
+
+    -- * AttackLayer
+    AttackLayer (..),
+
+    -- * AttackPropertyIdentifier
+    AttackPropertyIdentifier (..),
+
+    -- * AutoRenew
+    AutoRenew (..),
+
+    -- * ProactiveEngagementStatus
+    ProactiveEngagementStatus (..),
+
+    -- * ProtectedResourceType
+    ProtectedResourceType (..),
+
+    -- * ProtectionGroupAggregation
+    ProtectionGroupAggregation (..),
+
+    -- * ProtectionGroupPattern
+    ProtectionGroupPattern (..),
+
+    -- * SubResourceType
+    SubResourceType (..),
+
+    -- * SubscriptionState
+    SubscriptionState (..),
+
+    -- * Unit
+    Unit (..),
+
+    -- * ApplicationLayerAutomaticResponseConfiguration
+    ApplicationLayerAutomaticResponseConfiguration (..),
+    newApplicationLayerAutomaticResponseConfiguration,
+    applicationLayerAutomaticResponseConfiguration_status,
+    applicationLayerAutomaticResponseConfiguration_action,
+
+    -- * AttackDetail
+    AttackDetail (..),
+    newAttackDetail,
+    attackDetail_attackCounters,
+    attackDetail_attackId,
+    attackDetail_attackProperties,
+    attackDetail_endTime,
+    attackDetail_mitigations,
+    attackDetail_resourceArn,
+    attackDetail_startTime,
+    attackDetail_subResources,
+
+    -- * AttackProperty
+    AttackProperty (..),
+    newAttackProperty,
+    attackProperty_attackLayer,
+    attackProperty_attackPropertyIdentifier,
+    attackProperty_topContributors,
+    attackProperty_total,
+    attackProperty_unit,
+
+    -- * AttackStatisticsDataItem
+    AttackStatisticsDataItem (..),
+    newAttackStatisticsDataItem,
+    attackStatisticsDataItem_attackVolume,
+    attackStatisticsDataItem_attackCount,
+
+    -- * AttackSummary
+    AttackSummary (..),
+    newAttackSummary,
+    attackSummary_attackId,
+    attackSummary_attackVectors,
+    attackSummary_endTime,
+    attackSummary_resourceArn,
+    attackSummary_startTime,
+
+    -- * AttackVectorDescription
+    AttackVectorDescription (..),
+    newAttackVectorDescription,
+    attackVectorDescription_vectorType,
+
+    -- * AttackVolume
+    AttackVolume (..),
+    newAttackVolume,
+    attackVolume_bitsPerSecond,
+    attackVolume_packetsPerSecond,
+    attackVolume_requestsPerSecond,
+
+    -- * AttackVolumeStatistics
+    AttackVolumeStatistics (..),
+    newAttackVolumeStatistics,
+    attackVolumeStatistics_max,
+
+    -- * BlockAction
+    BlockAction (..),
+    newBlockAction,
+
+    -- * Contributor
+    Contributor (..),
+    newContributor,
+    contributor_name,
+    contributor_value,
+
+    -- * CountAction
+    CountAction (..),
+    newCountAction,
+
+    -- * EmergencyContact
+    EmergencyContact (..),
+    newEmergencyContact,
+    emergencyContact_contactNotes,
+    emergencyContact_phoneNumber,
+    emergencyContact_emailAddress,
+
+    -- * InclusionProtectionFilters
+    InclusionProtectionFilters (..),
+    newInclusionProtectionFilters,
+    inclusionProtectionFilters_protectionNames,
+    inclusionProtectionFilters_resourceArns,
+    inclusionProtectionFilters_resourceTypes,
+
+    -- * InclusionProtectionGroupFilters
+    InclusionProtectionGroupFilters (..),
+    newInclusionProtectionGroupFilters,
+    inclusionProtectionGroupFilters_aggregations,
+    inclusionProtectionGroupFilters_patterns,
+    inclusionProtectionGroupFilters_protectionGroupIds,
+    inclusionProtectionGroupFilters_resourceTypes,
+
+    -- * Limit
+    Limit (..),
+    newLimit,
+    limit_max,
+    limit_type,
+
+    -- * Mitigation
+    Mitigation (..),
+    newMitigation,
+    mitigation_mitigationName,
+
+    -- * Protection
+    Protection (..),
+    newProtection,
+    protection_applicationLayerAutomaticResponseConfiguration,
+    protection_healthCheckIds,
+    protection_id,
+    protection_name,
+    protection_protectionArn,
+    protection_resourceArn,
+
+    -- * ProtectionGroup
+    ProtectionGroup (..),
+    newProtectionGroup,
+    protectionGroup_protectionGroupArn,
+    protectionGroup_resourceType,
+    protectionGroup_protectionGroupId,
+    protectionGroup_aggregation,
+    protectionGroup_pattern,
+    protectionGroup_members,
+
+    -- * ProtectionGroupArbitraryPatternLimits
+    ProtectionGroupArbitraryPatternLimits (..),
+    newProtectionGroupArbitraryPatternLimits,
+    protectionGroupArbitraryPatternLimits_maxMembers,
+
+    -- * ProtectionGroupLimits
+    ProtectionGroupLimits (..),
+    newProtectionGroupLimits,
+    protectionGroupLimits_maxProtectionGroups,
+    protectionGroupLimits_patternTypeLimits,
+
+    -- * ProtectionGroupPatternTypeLimits
+    ProtectionGroupPatternTypeLimits (..),
+    newProtectionGroupPatternTypeLimits,
+    protectionGroupPatternTypeLimits_arbitraryPatternLimits,
+
+    -- * ProtectionLimits
+    ProtectionLimits (..),
+    newProtectionLimits,
+    protectionLimits_protectedResourceTypeLimits,
+
+    -- * ResponseAction
+    ResponseAction (..),
+    newResponseAction,
+    responseAction_block,
+    responseAction_count,
+
+    -- * SubResourceSummary
+    SubResourceSummary (..),
+    newSubResourceSummary,
+    subResourceSummary_attackVectors,
+    subResourceSummary_counters,
+    subResourceSummary_id,
+    subResourceSummary_type,
+
+    -- * Subscription
+    Subscription (..),
+    newSubscription,
+    subscription_autoRenew,
+    subscription_endTime,
+    subscription_limits,
+    subscription_proactiveEngagementStatus,
+    subscription_startTime,
+    subscription_subscriptionArn,
+    subscription_timeCommitmentInSeconds,
+    subscription_subscriptionLimits,
+
+    -- * SubscriptionLimits
+    SubscriptionLimits (..),
+    newSubscriptionLimits,
+    subscriptionLimits_protectionLimits,
+    subscriptionLimits_protectionGroupLimits,
+
+    -- * SummarizedAttackVector
+    SummarizedAttackVector (..),
+    newSummarizedAttackVector,
+    summarizedAttackVector_vectorCounters,
+    summarizedAttackVector_vectorType,
+
+    -- * SummarizedCounter
+    SummarizedCounter (..),
+    newSummarizedCounter,
+    summarizedCounter_average,
+    summarizedCounter_max,
+    summarizedCounter_n,
+    summarizedCounter_name,
+    summarizedCounter_sum,
+    summarizedCounter_unit,
+
+    -- * Tag
+    Tag (..),
+    newTag,
+    tag_key,
+    tag_value,
+
+    -- * TimeRange
+    TimeRange (..),
+    newTimeRange,
+    timeRange_fromInclusive,
+    timeRange_toExclusive,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.ApplicationLayerAutomaticResponseConfiguration
+import Amazonka.Shield.Types.ApplicationLayerAutomaticResponseStatus
+import Amazonka.Shield.Types.AttackDetail
+import Amazonka.Shield.Types.AttackLayer
+import Amazonka.Shield.Types.AttackProperty
+import Amazonka.Shield.Types.AttackPropertyIdentifier
+import Amazonka.Shield.Types.AttackStatisticsDataItem
+import Amazonka.Shield.Types.AttackSummary
+import Amazonka.Shield.Types.AttackVectorDescription
+import Amazonka.Shield.Types.AttackVolume
+import Amazonka.Shield.Types.AttackVolumeStatistics
+import Amazonka.Shield.Types.AutoRenew
+import Amazonka.Shield.Types.BlockAction
+import Amazonka.Shield.Types.Contributor
+import Amazonka.Shield.Types.CountAction
+import Amazonka.Shield.Types.EmergencyContact
+import Amazonka.Shield.Types.InclusionProtectionFilters
+import Amazonka.Shield.Types.InclusionProtectionGroupFilters
+import Amazonka.Shield.Types.Limit
+import Amazonka.Shield.Types.Mitigation
+import Amazonka.Shield.Types.ProactiveEngagementStatus
+import Amazonka.Shield.Types.ProtectedResourceType
+import Amazonka.Shield.Types.Protection
+import Amazonka.Shield.Types.ProtectionGroup
+import Amazonka.Shield.Types.ProtectionGroupAggregation
+import Amazonka.Shield.Types.ProtectionGroupArbitraryPatternLimits
+import Amazonka.Shield.Types.ProtectionGroupLimits
+import Amazonka.Shield.Types.ProtectionGroupPattern
+import Amazonka.Shield.Types.ProtectionGroupPatternTypeLimits
+import Amazonka.Shield.Types.ProtectionLimits
+import Amazonka.Shield.Types.ResponseAction
+import Amazonka.Shield.Types.SubResourceSummary
+import Amazonka.Shield.Types.SubResourceType
+import Amazonka.Shield.Types.Subscription
+import Amazonka.Shield.Types.SubscriptionLimits
+import Amazonka.Shield.Types.SubscriptionState
+import Amazonka.Shield.Types.SummarizedAttackVector
+import Amazonka.Shield.Types.SummarizedCounter
+import Amazonka.Shield.Types.Tag
+import Amazonka.Shield.Types.TimeRange
+import Amazonka.Shield.Types.Unit
+import qualified Amazonka.Sign.V4 as Sign
+
+-- | API version @2016-06-02@ of the Amazon Shield SDK configuration.
+defaultService :: Core.Service
+defaultService =
+  Core.Service
+    { Core.abbrev = "Shield",
+      Core.signer = Sign.v4,
+      Core.endpointPrefix = "shield",
+      Core.signingName = "shield",
+      Core.version = "2016-06-02",
+      Core.s3AddressingStyle = Core.S3AddressingStyleAuto,
+      Core.endpoint = Core.defaultEndpoint defaultService,
+      Core.timeout = Prelude.Just 70,
+      Core.check = Core.statusSuccess,
+      Core.error = Core.parseJSONError "Shield",
+      Core.retry = retry
+    }
+  where
+    retry =
+      Core.Exponential
+        { Core.base = 5.0e-2,
+          Core.growth = 2,
+          Core.attempts = 5,
+          Core.check = check
+        }
+    check e
+      | Lens.has (Core.hasStatus 502) e =
+          Prelude.Just "bad_gateway"
+      | Lens.has (Core.hasStatus 504) e =
+          Prelude.Just "gateway_timeout"
+      | Lens.has (Core.hasStatus 500) e =
+          Prelude.Just "general_server_error"
+      | Lens.has (Core.hasStatus 509) e =
+          Prelude.Just "limit_exceeded"
+      | Lens.has
+          ( Core.hasCode "RequestThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "request_throttled_exception"
+      | Lens.has (Core.hasStatus 503) e =
+          Prelude.Just "service_unavailable"
+      | Lens.has
+          ( Core.hasCode "ThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttled_exception"
+      | Lens.has
+          ( Core.hasCode "Throttling"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling"
+      | Lens.has
+          ( Core.hasCode "ThrottlingException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling_exception"
+      | Lens.has
+          ( Core.hasCode
+              "ProvisionedThroughputExceededException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throughput_exceeded"
+      | Lens.has (Core.hasStatus 429) e =
+          Prelude.Just "too_many_requests"
+      | Prelude.otherwise = Prelude.Nothing
+
+-- | Exception that indicates the specified @AttackId@ does not exist, or the
+-- requester does not have the appropriate permissions to access the
+-- @AttackId@.
+_AccessDeniedException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_AccessDeniedException =
+  Core._MatchServiceError
+    defaultService
+    "AccessDeniedException"
+
+-- | In order to grant the necessary access to the Shield Response Team (SRT)
+-- the user submitting the request must have the @iam:PassRole@ permission.
+-- This error indicates the user did not have the appropriate permissions.
+-- For more information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html Granting a User Permissions to Pass a Role to an Amazon Web Services Service>.
+_AccessDeniedForDependencyException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_AccessDeniedForDependencyException =
+  Core._MatchServiceError
+    defaultService
+    "AccessDeniedForDependencyException"
+
+-- | Exception that indicates that a problem occurred with the service
+-- infrastructure. You can retry the request.
+_InternalErrorException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InternalErrorException =
+  Core._MatchServiceError
+    defaultService
+    "InternalErrorException"
+
+-- | Exception that indicates that the operation would not cause any change
+-- to occur.
+_InvalidOperationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidOperationException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidOperationException"
+
+-- | Exception that indicates that the @NextToken@ specified in the request
+-- is invalid. Submit the request using the @NextToken@ value that was
+-- returned in the prior response.
+_InvalidPaginationTokenException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidPaginationTokenException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidPaginationTokenException"
+
+-- | Exception that indicates that the parameters passed to the API are
+-- invalid. If available, this exception includes details in additional
+-- properties.
+_InvalidParameterException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidParameterException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidParameterException"
+
+-- | Exception that indicates that the resource is invalid. You might not
+-- have access to the resource, or the resource might not exist.
+_InvalidResourceException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_InvalidResourceException =
+  Core._MatchServiceError
+    defaultService
+    "InvalidResourceException"
+
+-- | Exception that indicates that the operation would exceed a limit.
+_LimitsExceededException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_LimitsExceededException =
+  Core._MatchServiceError
+    defaultService
+    "LimitsExceededException"
+
+-- | You are trying to update a subscription that has not yet completed the
+-- 1-year commitment. You can change the @AutoRenew@ parameter during the
+-- last 30 days of your subscription. This exception indicates that you are
+-- attempting to change @AutoRenew@ prior to that period.
+_LockedSubscriptionException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_LockedSubscriptionException =
+  Core._MatchServiceError
+    defaultService
+    "LockedSubscriptionException"
+
+-- | The ARN of the role that you specified does not exist.
+_NoAssociatedRoleException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_NoAssociatedRoleException =
+  Core._MatchServiceError
+    defaultService
+    "NoAssociatedRoleException"
+
+-- | Exception that indicates that the resource state has been modified by
+-- another client. Retrieve the resource and then retry your request.
+_OptimisticLockException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_OptimisticLockException =
+  Core._MatchServiceError
+    defaultService
+    "OptimisticLockException"
+
+-- | Exception indicating the specified resource already exists. If
+-- available, this exception includes details in additional properties.
+_ResourceAlreadyExistsException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ResourceAlreadyExistsException =
+  Core._MatchServiceError
+    defaultService
+    "ResourceAlreadyExistsException"
+
+-- | Exception indicating the specified resource does not exist. If
+-- available, this exception includes details in additional properties.
+_ResourceNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_ResourceNotFoundException =
+  Core._MatchServiceError
+    defaultService
+    "ResourceNotFoundException"
diff --git a/gen/Amazonka/Shield/Types/ApplicationLayerAutomaticResponseConfiguration.hs b/gen/Amazonka/Shield/Types/ApplicationLayerAutomaticResponseConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/ApplicationLayerAutomaticResponseConfiguration.hs
@@ -0,0 +1,129 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.ApplicationLayerAutomaticResponseConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.ApplicationLayerAutomaticResponseConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.ApplicationLayerAutomaticResponseStatus
+import Amazonka.Shield.Types.ResponseAction
+
+-- | The automatic application layer DDoS mitigation settings for a
+-- Protection. This configuration determines whether Shield Advanced
+-- automatically manages rules in the web ACL in order to respond to
+-- application layer events that Shield Advanced determines to be DDoS
+-- attacks.
+--
+-- /See:/ 'newApplicationLayerAutomaticResponseConfiguration' smart constructor.
+data ApplicationLayerAutomaticResponseConfiguration = ApplicationLayerAutomaticResponseConfiguration'
+  { -- | Indicates whether automatic application layer DDoS mitigation is enabled
+    -- for the protection.
+    status :: ApplicationLayerAutomaticResponseStatus,
+    -- | Specifies the action setting that Shield Advanced should use in the WAF
+    -- rules that it creates on behalf of the protected resource in response to
+    -- DDoS attacks. You specify this as part of the configuration for the
+    -- automatic application layer DDoS mitigation feature, when you enable or
+    -- update automatic mitigation. Shield Advanced creates the WAF rules in a
+    -- Shield Advanced-managed rule group, inside the web ACL that you have
+    -- associated with the resource.
+    action :: ResponseAction
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ApplicationLayerAutomaticResponseConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'status', 'applicationLayerAutomaticResponseConfiguration_status' - Indicates whether automatic application layer DDoS mitigation is enabled
+-- for the protection.
+--
+-- 'action', 'applicationLayerAutomaticResponseConfiguration_action' - Specifies the action setting that Shield Advanced should use in the WAF
+-- rules that it creates on behalf of the protected resource in response to
+-- DDoS attacks. You specify this as part of the configuration for the
+-- automatic application layer DDoS mitigation feature, when you enable or
+-- update automatic mitigation. Shield Advanced creates the WAF rules in a
+-- Shield Advanced-managed rule group, inside the web ACL that you have
+-- associated with the resource.
+newApplicationLayerAutomaticResponseConfiguration ::
+  -- | 'status'
+  ApplicationLayerAutomaticResponseStatus ->
+  -- | 'action'
+  ResponseAction ->
+  ApplicationLayerAutomaticResponseConfiguration
+newApplicationLayerAutomaticResponseConfiguration
+  pStatus_
+  pAction_ =
+    ApplicationLayerAutomaticResponseConfiguration'
+      { status =
+          pStatus_,
+        action = pAction_
+      }
+
+-- | Indicates whether automatic application layer DDoS mitigation is enabled
+-- for the protection.
+applicationLayerAutomaticResponseConfiguration_status :: Lens.Lens' ApplicationLayerAutomaticResponseConfiguration ApplicationLayerAutomaticResponseStatus
+applicationLayerAutomaticResponseConfiguration_status = Lens.lens (\ApplicationLayerAutomaticResponseConfiguration' {status} -> status) (\s@ApplicationLayerAutomaticResponseConfiguration' {} a -> s {status = a} :: ApplicationLayerAutomaticResponseConfiguration)
+
+-- | Specifies the action setting that Shield Advanced should use in the WAF
+-- rules that it creates on behalf of the protected resource in response to
+-- DDoS attacks. You specify this as part of the configuration for the
+-- automatic application layer DDoS mitigation feature, when you enable or
+-- update automatic mitigation. Shield Advanced creates the WAF rules in a
+-- Shield Advanced-managed rule group, inside the web ACL that you have
+-- associated with the resource.
+applicationLayerAutomaticResponseConfiguration_action :: Lens.Lens' ApplicationLayerAutomaticResponseConfiguration ResponseAction
+applicationLayerAutomaticResponseConfiguration_action = Lens.lens (\ApplicationLayerAutomaticResponseConfiguration' {action} -> action) (\s@ApplicationLayerAutomaticResponseConfiguration' {} a -> s {action = a} :: ApplicationLayerAutomaticResponseConfiguration)
+
+instance
+  Data.FromJSON
+    ApplicationLayerAutomaticResponseConfiguration
+  where
+  parseJSON =
+    Data.withObject
+      "ApplicationLayerAutomaticResponseConfiguration"
+      ( \x ->
+          ApplicationLayerAutomaticResponseConfiguration'
+            Prelude.<$> (x Data..: "Status")
+            Prelude.<*> (x Data..: "Action")
+      )
+
+instance
+  Prelude.Hashable
+    ApplicationLayerAutomaticResponseConfiguration
+  where
+  hashWithSalt
+    _salt
+    ApplicationLayerAutomaticResponseConfiguration' {..} =
+      _salt
+        `Prelude.hashWithSalt` status
+        `Prelude.hashWithSalt` action
+
+instance
+  Prelude.NFData
+    ApplicationLayerAutomaticResponseConfiguration
+  where
+  rnf
+    ApplicationLayerAutomaticResponseConfiguration' {..} =
+      Prelude.rnf status `Prelude.seq` Prelude.rnf action
diff --git a/gen/Amazonka/Shield/Types/ApplicationLayerAutomaticResponseStatus.hs b/gen/Amazonka/Shield/Types/ApplicationLayerAutomaticResponseStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/ApplicationLayerAutomaticResponseStatus.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.ApplicationLayerAutomaticResponseStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.ApplicationLayerAutomaticResponseStatus
+  ( ApplicationLayerAutomaticResponseStatus
+      ( ..,
+        ApplicationLayerAutomaticResponseStatus_DISABLED,
+        ApplicationLayerAutomaticResponseStatus_ENABLED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ApplicationLayerAutomaticResponseStatus = ApplicationLayerAutomaticResponseStatus'
+  { fromApplicationLayerAutomaticResponseStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ApplicationLayerAutomaticResponseStatus_DISABLED :: ApplicationLayerAutomaticResponseStatus
+pattern ApplicationLayerAutomaticResponseStatus_DISABLED = ApplicationLayerAutomaticResponseStatus' "DISABLED"
+
+pattern ApplicationLayerAutomaticResponseStatus_ENABLED :: ApplicationLayerAutomaticResponseStatus
+pattern ApplicationLayerAutomaticResponseStatus_ENABLED = ApplicationLayerAutomaticResponseStatus' "ENABLED"
+
+{-# COMPLETE
+  ApplicationLayerAutomaticResponseStatus_DISABLED,
+  ApplicationLayerAutomaticResponseStatus_ENABLED,
+  ApplicationLayerAutomaticResponseStatus'
+  #-}
diff --git a/gen/Amazonka/Shield/Types/AttackDetail.hs b/gen/Amazonka/Shield/Types/AttackDetail.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/AttackDetail.hs
@@ -0,0 +1,184 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.AttackDetail
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.AttackDetail where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.AttackProperty
+import Amazonka.Shield.Types.Mitigation
+import Amazonka.Shield.Types.SubResourceSummary
+import Amazonka.Shield.Types.SummarizedCounter
+
+-- | The details of a DDoS attack.
+--
+-- /See:/ 'newAttackDetail' smart constructor.
+data AttackDetail = AttackDetail'
+  { -- | List of counters that describe the attack for the specified time period.
+    attackCounters :: Prelude.Maybe [SummarizedCounter],
+    -- | The unique identifier (ID) of the attack.
+    attackId :: Prelude.Maybe Prelude.Text,
+    -- | The array of objects that provide details of the Shield event.
+    --
+    -- For infrastructure layer events (L3 and L4 events), you can view metrics
+    -- for top contributors in Amazon CloudWatch metrics. For more information,
+    -- see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#set-ddos-alarms Shield metrics and alarms>
+    -- in the /WAF Developer Guide/.
+    attackProperties :: Prelude.Maybe [AttackProperty],
+    -- | The time the attack ended, in Unix time in seconds.
+    endTime :: Prelude.Maybe Data.POSIX,
+    -- | List of mitigation actions taken for the attack.
+    mitigations :: Prelude.Maybe [Mitigation],
+    -- | The ARN (Amazon Resource Name) of the resource that was attacked.
+    resourceArn :: Prelude.Maybe Prelude.Text,
+    -- | The time the attack started, in Unix time in seconds.
+    startTime :: Prelude.Maybe Data.POSIX,
+    -- | If applicable, additional detail about the resource being attacked, for
+    -- example, IP address or URL.
+    subResources :: Prelude.Maybe [SubResourceSummary]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AttackDetail' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attackCounters', 'attackDetail_attackCounters' - List of counters that describe the attack for the specified time period.
+--
+-- 'attackId', 'attackDetail_attackId' - The unique identifier (ID) of the attack.
+--
+-- 'attackProperties', 'attackDetail_attackProperties' - The array of objects that provide details of the Shield event.
+--
+-- For infrastructure layer events (L3 and L4 events), you can view metrics
+-- for top contributors in Amazon CloudWatch metrics. For more information,
+-- see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#set-ddos-alarms Shield metrics and alarms>
+-- in the /WAF Developer Guide/.
+--
+-- 'endTime', 'attackDetail_endTime' - The time the attack ended, in Unix time in seconds.
+--
+-- 'mitigations', 'attackDetail_mitigations' - List of mitigation actions taken for the attack.
+--
+-- 'resourceArn', 'attackDetail_resourceArn' - The ARN (Amazon Resource Name) of the resource that was attacked.
+--
+-- 'startTime', 'attackDetail_startTime' - The time the attack started, in Unix time in seconds.
+--
+-- 'subResources', 'attackDetail_subResources' - If applicable, additional detail about the resource being attacked, for
+-- example, IP address or URL.
+newAttackDetail ::
+  AttackDetail
+newAttackDetail =
+  AttackDetail'
+    { attackCounters = Prelude.Nothing,
+      attackId = Prelude.Nothing,
+      attackProperties = Prelude.Nothing,
+      endTime = Prelude.Nothing,
+      mitigations = Prelude.Nothing,
+      resourceArn = Prelude.Nothing,
+      startTime = Prelude.Nothing,
+      subResources = Prelude.Nothing
+    }
+
+-- | List of counters that describe the attack for the specified time period.
+attackDetail_attackCounters :: Lens.Lens' AttackDetail (Prelude.Maybe [SummarizedCounter])
+attackDetail_attackCounters = Lens.lens (\AttackDetail' {attackCounters} -> attackCounters) (\s@AttackDetail' {} a -> s {attackCounters = a} :: AttackDetail) Prelude.. Lens.mapping Lens.coerced
+
+-- | The unique identifier (ID) of the attack.
+attackDetail_attackId :: Lens.Lens' AttackDetail (Prelude.Maybe Prelude.Text)
+attackDetail_attackId = Lens.lens (\AttackDetail' {attackId} -> attackId) (\s@AttackDetail' {} a -> s {attackId = a} :: AttackDetail)
+
+-- | The array of objects that provide details of the Shield event.
+--
+-- For infrastructure layer events (L3 and L4 events), you can view metrics
+-- for top contributors in Amazon CloudWatch metrics. For more information,
+-- see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#set-ddos-alarms Shield metrics and alarms>
+-- in the /WAF Developer Guide/.
+attackDetail_attackProperties :: Lens.Lens' AttackDetail (Prelude.Maybe [AttackProperty])
+attackDetail_attackProperties = Lens.lens (\AttackDetail' {attackProperties} -> attackProperties) (\s@AttackDetail' {} a -> s {attackProperties = a} :: AttackDetail) Prelude.. Lens.mapping Lens.coerced
+
+-- | The time the attack ended, in Unix time in seconds.
+attackDetail_endTime :: Lens.Lens' AttackDetail (Prelude.Maybe Prelude.UTCTime)
+attackDetail_endTime = Lens.lens (\AttackDetail' {endTime} -> endTime) (\s@AttackDetail' {} a -> s {endTime = a} :: AttackDetail) Prelude.. Lens.mapping Data._Time
+
+-- | List of mitigation actions taken for the attack.
+attackDetail_mitigations :: Lens.Lens' AttackDetail (Prelude.Maybe [Mitigation])
+attackDetail_mitigations = Lens.lens (\AttackDetail' {mitigations} -> mitigations) (\s@AttackDetail' {} a -> s {mitigations = a} :: AttackDetail) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN (Amazon Resource Name) of the resource that was attacked.
+attackDetail_resourceArn :: Lens.Lens' AttackDetail (Prelude.Maybe Prelude.Text)
+attackDetail_resourceArn = Lens.lens (\AttackDetail' {resourceArn} -> resourceArn) (\s@AttackDetail' {} a -> s {resourceArn = a} :: AttackDetail)
+
+-- | The time the attack started, in Unix time in seconds.
+attackDetail_startTime :: Lens.Lens' AttackDetail (Prelude.Maybe Prelude.UTCTime)
+attackDetail_startTime = Lens.lens (\AttackDetail' {startTime} -> startTime) (\s@AttackDetail' {} a -> s {startTime = a} :: AttackDetail) Prelude.. Lens.mapping Data._Time
+
+-- | If applicable, additional detail about the resource being attacked, for
+-- example, IP address or URL.
+attackDetail_subResources :: Lens.Lens' AttackDetail (Prelude.Maybe [SubResourceSummary])
+attackDetail_subResources = Lens.lens (\AttackDetail' {subResources} -> subResources) (\s@AttackDetail' {} a -> s {subResources = a} :: AttackDetail) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON AttackDetail where
+  parseJSON =
+    Data.withObject
+      "AttackDetail"
+      ( \x ->
+          AttackDetail'
+            Prelude.<$> (x Data..:? "AttackCounters" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "AttackId")
+            Prelude.<*> ( x
+                            Data..:? "AttackProperties"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "EndTime")
+            Prelude.<*> (x Data..:? "Mitigations" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "ResourceArn")
+            Prelude.<*> (x Data..:? "StartTime")
+            Prelude.<*> (x Data..:? "SubResources" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable AttackDetail where
+  hashWithSalt _salt AttackDetail' {..} =
+    _salt
+      `Prelude.hashWithSalt` attackCounters
+      `Prelude.hashWithSalt` attackId
+      `Prelude.hashWithSalt` attackProperties
+      `Prelude.hashWithSalt` endTime
+      `Prelude.hashWithSalt` mitigations
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` startTime
+      `Prelude.hashWithSalt` subResources
+
+instance Prelude.NFData AttackDetail where
+  rnf AttackDetail' {..} =
+    Prelude.rnf attackCounters
+      `Prelude.seq` Prelude.rnf attackId
+      `Prelude.seq` Prelude.rnf attackProperties
+      `Prelude.seq` Prelude.rnf endTime
+      `Prelude.seq` Prelude.rnf mitigations
+      `Prelude.seq` Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf startTime
+      `Prelude.seq` Prelude.rnf subResources
diff --git a/gen/Amazonka/Shield/Types/AttackLayer.hs b/gen/Amazonka/Shield/Types/AttackLayer.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/AttackLayer.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.AttackLayer
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.AttackLayer
+  ( AttackLayer
+      ( ..,
+        AttackLayer_APPLICATION,
+        AttackLayer_NETWORK
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AttackLayer = AttackLayer'
+  { fromAttackLayer ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AttackLayer_APPLICATION :: AttackLayer
+pattern AttackLayer_APPLICATION = AttackLayer' "APPLICATION"
+
+pattern AttackLayer_NETWORK :: AttackLayer
+pattern AttackLayer_NETWORK = AttackLayer' "NETWORK"
+
+{-# COMPLETE
+  AttackLayer_APPLICATION,
+  AttackLayer_NETWORK,
+  AttackLayer'
+  #-}
diff --git a/gen/Amazonka/Shield/Types/AttackProperty.hs b/gen/Amazonka/Shield/Types/AttackProperty.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/AttackProperty.hs
@@ -0,0 +1,160 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.AttackProperty
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.AttackProperty where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.AttackLayer
+import Amazonka.Shield.Types.AttackPropertyIdentifier
+import Amazonka.Shield.Types.Contributor
+import Amazonka.Shield.Types.Unit
+
+-- | Details of a Shield event. This is provided as part of an AttackDetail.
+--
+-- /See:/ 'newAttackProperty' smart constructor.
+data AttackProperty = AttackProperty'
+  { -- | The type of Shield event that was observed. @NETWORK@ indicates layer 3
+    -- and layer 4 events and @APPLICATION@ indicates layer 7 events.
+    --
+    -- For infrastructure layer events (L3 and L4 events), you can view metrics
+    -- for top contributors in Amazon CloudWatch metrics. For more information,
+    -- see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#set-ddos-alarms Shield metrics and alarms>
+    -- in the /WAF Developer Guide/.
+    attackLayer :: Prelude.Maybe AttackLayer,
+    -- | Defines the Shield event property information that is provided. The
+    -- @WORDPRESS_PINGBACK_REFLECTOR@ and @WORDPRESS_PINGBACK_SOURCE@ values
+    -- are valid only for WordPress reflective pingback events.
+    attackPropertyIdentifier :: Prelude.Maybe AttackPropertyIdentifier,
+    -- | Contributor objects for the top five contributors to a Shield event. A
+    -- contributor is a source of traffic that Shield Advanced identifies as
+    -- responsible for some or all of an event.
+    topContributors :: Prelude.Maybe [Contributor],
+    -- | The total contributions made to this Shield event by all contributors.
+    total :: Prelude.Maybe Prelude.Integer,
+    -- | The unit used for the @Contributor@ @Value@ property.
+    unit :: Prelude.Maybe Unit
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AttackProperty' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attackLayer', 'attackProperty_attackLayer' - The type of Shield event that was observed. @NETWORK@ indicates layer 3
+-- and layer 4 events and @APPLICATION@ indicates layer 7 events.
+--
+-- For infrastructure layer events (L3 and L4 events), you can view metrics
+-- for top contributors in Amazon CloudWatch metrics. For more information,
+-- see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#set-ddos-alarms Shield metrics and alarms>
+-- in the /WAF Developer Guide/.
+--
+-- 'attackPropertyIdentifier', 'attackProperty_attackPropertyIdentifier' - Defines the Shield event property information that is provided. The
+-- @WORDPRESS_PINGBACK_REFLECTOR@ and @WORDPRESS_PINGBACK_SOURCE@ values
+-- are valid only for WordPress reflective pingback events.
+--
+-- 'topContributors', 'attackProperty_topContributors' - Contributor objects for the top five contributors to a Shield event. A
+-- contributor is a source of traffic that Shield Advanced identifies as
+-- responsible for some or all of an event.
+--
+-- 'total', 'attackProperty_total' - The total contributions made to this Shield event by all contributors.
+--
+-- 'unit', 'attackProperty_unit' - The unit used for the @Contributor@ @Value@ property.
+newAttackProperty ::
+  AttackProperty
+newAttackProperty =
+  AttackProperty'
+    { attackLayer = Prelude.Nothing,
+      attackPropertyIdentifier = Prelude.Nothing,
+      topContributors = Prelude.Nothing,
+      total = Prelude.Nothing,
+      unit = Prelude.Nothing
+    }
+
+-- | The type of Shield event that was observed. @NETWORK@ indicates layer 3
+-- and layer 4 events and @APPLICATION@ indicates layer 7 events.
+--
+-- For infrastructure layer events (L3 and L4 events), you can view metrics
+-- for top contributors in Amazon CloudWatch metrics. For more information,
+-- see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#set-ddos-alarms Shield metrics and alarms>
+-- in the /WAF Developer Guide/.
+attackProperty_attackLayer :: Lens.Lens' AttackProperty (Prelude.Maybe AttackLayer)
+attackProperty_attackLayer = Lens.lens (\AttackProperty' {attackLayer} -> attackLayer) (\s@AttackProperty' {} a -> s {attackLayer = a} :: AttackProperty)
+
+-- | Defines the Shield event property information that is provided. The
+-- @WORDPRESS_PINGBACK_REFLECTOR@ and @WORDPRESS_PINGBACK_SOURCE@ values
+-- are valid only for WordPress reflective pingback events.
+attackProperty_attackPropertyIdentifier :: Lens.Lens' AttackProperty (Prelude.Maybe AttackPropertyIdentifier)
+attackProperty_attackPropertyIdentifier = Lens.lens (\AttackProperty' {attackPropertyIdentifier} -> attackPropertyIdentifier) (\s@AttackProperty' {} a -> s {attackPropertyIdentifier = a} :: AttackProperty)
+
+-- | Contributor objects for the top five contributors to a Shield event. A
+-- contributor is a source of traffic that Shield Advanced identifies as
+-- responsible for some or all of an event.
+attackProperty_topContributors :: Lens.Lens' AttackProperty (Prelude.Maybe [Contributor])
+attackProperty_topContributors = Lens.lens (\AttackProperty' {topContributors} -> topContributors) (\s@AttackProperty' {} a -> s {topContributors = a} :: AttackProperty) Prelude.. Lens.mapping Lens.coerced
+
+-- | The total contributions made to this Shield event by all contributors.
+attackProperty_total :: Lens.Lens' AttackProperty (Prelude.Maybe Prelude.Integer)
+attackProperty_total = Lens.lens (\AttackProperty' {total} -> total) (\s@AttackProperty' {} a -> s {total = a} :: AttackProperty)
+
+-- | The unit used for the @Contributor@ @Value@ property.
+attackProperty_unit :: Lens.Lens' AttackProperty (Prelude.Maybe Unit)
+attackProperty_unit = Lens.lens (\AttackProperty' {unit} -> unit) (\s@AttackProperty' {} a -> s {unit = a} :: AttackProperty)
+
+instance Data.FromJSON AttackProperty where
+  parseJSON =
+    Data.withObject
+      "AttackProperty"
+      ( \x ->
+          AttackProperty'
+            Prelude.<$> (x Data..:? "AttackLayer")
+            Prelude.<*> (x Data..:? "AttackPropertyIdentifier")
+            Prelude.<*> ( x
+                            Data..:? "TopContributors"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Total")
+            Prelude.<*> (x Data..:? "Unit")
+      )
+
+instance Prelude.Hashable AttackProperty where
+  hashWithSalt _salt AttackProperty' {..} =
+    _salt
+      `Prelude.hashWithSalt` attackLayer
+      `Prelude.hashWithSalt` attackPropertyIdentifier
+      `Prelude.hashWithSalt` topContributors
+      `Prelude.hashWithSalt` total
+      `Prelude.hashWithSalt` unit
+
+instance Prelude.NFData AttackProperty where
+  rnf AttackProperty' {..} =
+    Prelude.rnf attackLayer
+      `Prelude.seq` Prelude.rnf attackPropertyIdentifier
+      `Prelude.seq` Prelude.rnf topContributors
+      `Prelude.seq` Prelude.rnf total
+      `Prelude.seq` Prelude.rnf unit
diff --git a/gen/Amazonka/Shield/Types/AttackPropertyIdentifier.hs b/gen/Amazonka/Shield/Types/AttackPropertyIdentifier.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/AttackPropertyIdentifier.hs
@@ -0,0 +1,101 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.AttackPropertyIdentifier
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.AttackPropertyIdentifier
+  ( AttackPropertyIdentifier
+      ( ..,
+        AttackPropertyIdentifier_DESTINATION_URL,
+        AttackPropertyIdentifier_REFERRER,
+        AttackPropertyIdentifier_SOURCE_ASN,
+        AttackPropertyIdentifier_SOURCE_COUNTRY,
+        AttackPropertyIdentifier_SOURCE_IP_ADDRESS,
+        AttackPropertyIdentifier_SOURCE_USER_AGENT,
+        AttackPropertyIdentifier_WORDPRESS_PINGBACK_REFLECTOR,
+        AttackPropertyIdentifier_WORDPRESS_PINGBACK_SOURCE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AttackPropertyIdentifier = AttackPropertyIdentifier'
+  { fromAttackPropertyIdentifier ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AttackPropertyIdentifier_DESTINATION_URL :: AttackPropertyIdentifier
+pattern AttackPropertyIdentifier_DESTINATION_URL = AttackPropertyIdentifier' "DESTINATION_URL"
+
+pattern AttackPropertyIdentifier_REFERRER :: AttackPropertyIdentifier
+pattern AttackPropertyIdentifier_REFERRER = AttackPropertyIdentifier' "REFERRER"
+
+pattern AttackPropertyIdentifier_SOURCE_ASN :: AttackPropertyIdentifier
+pattern AttackPropertyIdentifier_SOURCE_ASN = AttackPropertyIdentifier' "SOURCE_ASN"
+
+pattern AttackPropertyIdentifier_SOURCE_COUNTRY :: AttackPropertyIdentifier
+pattern AttackPropertyIdentifier_SOURCE_COUNTRY = AttackPropertyIdentifier' "SOURCE_COUNTRY"
+
+pattern AttackPropertyIdentifier_SOURCE_IP_ADDRESS :: AttackPropertyIdentifier
+pattern AttackPropertyIdentifier_SOURCE_IP_ADDRESS = AttackPropertyIdentifier' "SOURCE_IP_ADDRESS"
+
+pattern AttackPropertyIdentifier_SOURCE_USER_AGENT :: AttackPropertyIdentifier
+pattern AttackPropertyIdentifier_SOURCE_USER_AGENT = AttackPropertyIdentifier' "SOURCE_USER_AGENT"
+
+pattern AttackPropertyIdentifier_WORDPRESS_PINGBACK_REFLECTOR :: AttackPropertyIdentifier
+pattern AttackPropertyIdentifier_WORDPRESS_PINGBACK_REFLECTOR = AttackPropertyIdentifier' "WORDPRESS_PINGBACK_REFLECTOR"
+
+pattern AttackPropertyIdentifier_WORDPRESS_PINGBACK_SOURCE :: AttackPropertyIdentifier
+pattern AttackPropertyIdentifier_WORDPRESS_PINGBACK_SOURCE = AttackPropertyIdentifier' "WORDPRESS_PINGBACK_SOURCE"
+
+{-# COMPLETE
+  AttackPropertyIdentifier_DESTINATION_URL,
+  AttackPropertyIdentifier_REFERRER,
+  AttackPropertyIdentifier_SOURCE_ASN,
+  AttackPropertyIdentifier_SOURCE_COUNTRY,
+  AttackPropertyIdentifier_SOURCE_IP_ADDRESS,
+  AttackPropertyIdentifier_SOURCE_USER_AGENT,
+  AttackPropertyIdentifier_WORDPRESS_PINGBACK_REFLECTOR,
+  AttackPropertyIdentifier_WORDPRESS_PINGBACK_SOURCE,
+  AttackPropertyIdentifier'
+  #-}
diff --git a/gen/Amazonka/Shield/Types/AttackStatisticsDataItem.hs b/gen/Amazonka/Shield/Types/AttackStatisticsDataItem.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/AttackStatisticsDataItem.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.AttackStatisticsDataItem
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.AttackStatisticsDataItem where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.AttackVolume
+
+-- | A single attack statistics data record. This is returned by
+-- DescribeAttackStatistics along with a time range indicating the time
+-- period that the attack statistics apply to.
+--
+-- /See:/ 'newAttackStatisticsDataItem' smart constructor.
+data AttackStatisticsDataItem = AttackStatisticsDataItem'
+  { -- | Information about the volume of attacks during the time period. If the
+    -- accompanying @AttackCount@ is zero, this setting might be empty.
+    attackVolume :: Prelude.Maybe AttackVolume,
+    -- | The number of attacks detected during the time period. This is always
+    -- present, but might be zero.
+    attackCount :: Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AttackStatisticsDataItem' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attackVolume', 'attackStatisticsDataItem_attackVolume' - Information about the volume of attacks during the time period. If the
+-- accompanying @AttackCount@ is zero, this setting might be empty.
+--
+-- 'attackCount', 'attackStatisticsDataItem_attackCount' - The number of attacks detected during the time period. This is always
+-- present, but might be zero.
+newAttackStatisticsDataItem ::
+  -- | 'attackCount'
+  Prelude.Integer ->
+  AttackStatisticsDataItem
+newAttackStatisticsDataItem pAttackCount_ =
+  AttackStatisticsDataItem'
+    { attackVolume =
+        Prelude.Nothing,
+      attackCount = pAttackCount_
+    }
+
+-- | Information about the volume of attacks during the time period. If the
+-- accompanying @AttackCount@ is zero, this setting might be empty.
+attackStatisticsDataItem_attackVolume :: Lens.Lens' AttackStatisticsDataItem (Prelude.Maybe AttackVolume)
+attackStatisticsDataItem_attackVolume = Lens.lens (\AttackStatisticsDataItem' {attackVolume} -> attackVolume) (\s@AttackStatisticsDataItem' {} a -> s {attackVolume = a} :: AttackStatisticsDataItem)
+
+-- | The number of attacks detected during the time period. This is always
+-- present, but might be zero.
+attackStatisticsDataItem_attackCount :: Lens.Lens' AttackStatisticsDataItem Prelude.Integer
+attackStatisticsDataItem_attackCount = Lens.lens (\AttackStatisticsDataItem' {attackCount} -> attackCount) (\s@AttackStatisticsDataItem' {} a -> s {attackCount = a} :: AttackStatisticsDataItem)
+
+instance Data.FromJSON AttackStatisticsDataItem where
+  parseJSON =
+    Data.withObject
+      "AttackStatisticsDataItem"
+      ( \x ->
+          AttackStatisticsDataItem'
+            Prelude.<$> (x Data..:? "AttackVolume")
+            Prelude.<*> (x Data..: "AttackCount")
+      )
+
+instance Prelude.Hashable AttackStatisticsDataItem where
+  hashWithSalt _salt AttackStatisticsDataItem' {..} =
+    _salt
+      `Prelude.hashWithSalt` attackVolume
+      `Prelude.hashWithSalt` attackCount
+
+instance Prelude.NFData AttackStatisticsDataItem where
+  rnf AttackStatisticsDataItem' {..} =
+    Prelude.rnf attackVolume
+      `Prelude.seq` Prelude.rnf attackCount
diff --git a/gen/Amazonka/Shield/Types/AttackSummary.hs b/gen/Amazonka/Shield/Types/AttackSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/AttackSummary.hs
@@ -0,0 +1,121 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.AttackSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.AttackSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.AttackVectorDescription
+
+-- | Summarizes all DDoS attacks for a specified time period.
+--
+-- /See:/ 'newAttackSummary' smart constructor.
+data AttackSummary = AttackSummary'
+  { -- | The unique identifier (ID) of the attack.
+    attackId :: Prelude.Maybe Prelude.Text,
+    -- | The list of attacks for a specified time period.
+    attackVectors :: Prelude.Maybe [AttackVectorDescription],
+    -- | The end time of the attack, in Unix time in seconds.
+    endTime :: Prelude.Maybe Data.POSIX,
+    -- | The ARN (Amazon Resource Name) of the resource that was attacked.
+    resourceArn :: Prelude.Maybe Prelude.Text,
+    -- | The start time of the attack, in Unix time in seconds.
+    startTime :: Prelude.Maybe Data.POSIX
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AttackSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attackId', 'attackSummary_attackId' - The unique identifier (ID) of the attack.
+--
+-- 'attackVectors', 'attackSummary_attackVectors' - The list of attacks for a specified time period.
+--
+-- 'endTime', 'attackSummary_endTime' - The end time of the attack, in Unix time in seconds.
+--
+-- 'resourceArn', 'attackSummary_resourceArn' - The ARN (Amazon Resource Name) of the resource that was attacked.
+--
+-- 'startTime', 'attackSummary_startTime' - The start time of the attack, in Unix time in seconds.
+newAttackSummary ::
+  AttackSummary
+newAttackSummary =
+  AttackSummary'
+    { attackId = Prelude.Nothing,
+      attackVectors = Prelude.Nothing,
+      endTime = Prelude.Nothing,
+      resourceArn = Prelude.Nothing,
+      startTime = Prelude.Nothing
+    }
+
+-- | The unique identifier (ID) of the attack.
+attackSummary_attackId :: Lens.Lens' AttackSummary (Prelude.Maybe Prelude.Text)
+attackSummary_attackId = Lens.lens (\AttackSummary' {attackId} -> attackId) (\s@AttackSummary' {} a -> s {attackId = a} :: AttackSummary)
+
+-- | The list of attacks for a specified time period.
+attackSummary_attackVectors :: Lens.Lens' AttackSummary (Prelude.Maybe [AttackVectorDescription])
+attackSummary_attackVectors = Lens.lens (\AttackSummary' {attackVectors} -> attackVectors) (\s@AttackSummary' {} a -> s {attackVectors = a} :: AttackSummary) Prelude.. Lens.mapping Lens.coerced
+
+-- | The end time of the attack, in Unix time in seconds.
+attackSummary_endTime :: Lens.Lens' AttackSummary (Prelude.Maybe Prelude.UTCTime)
+attackSummary_endTime = Lens.lens (\AttackSummary' {endTime} -> endTime) (\s@AttackSummary' {} a -> s {endTime = a} :: AttackSummary) Prelude.. Lens.mapping Data._Time
+
+-- | The ARN (Amazon Resource Name) of the resource that was attacked.
+attackSummary_resourceArn :: Lens.Lens' AttackSummary (Prelude.Maybe Prelude.Text)
+attackSummary_resourceArn = Lens.lens (\AttackSummary' {resourceArn} -> resourceArn) (\s@AttackSummary' {} a -> s {resourceArn = a} :: AttackSummary)
+
+-- | The start time of the attack, in Unix time in seconds.
+attackSummary_startTime :: Lens.Lens' AttackSummary (Prelude.Maybe Prelude.UTCTime)
+attackSummary_startTime = Lens.lens (\AttackSummary' {startTime} -> startTime) (\s@AttackSummary' {} a -> s {startTime = a} :: AttackSummary) Prelude.. Lens.mapping Data._Time
+
+instance Data.FromJSON AttackSummary where
+  parseJSON =
+    Data.withObject
+      "AttackSummary"
+      ( \x ->
+          AttackSummary'
+            Prelude.<$> (x Data..:? "AttackId")
+            Prelude.<*> (x Data..:? "AttackVectors" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "EndTime")
+            Prelude.<*> (x Data..:? "ResourceArn")
+            Prelude.<*> (x Data..:? "StartTime")
+      )
+
+instance Prelude.Hashable AttackSummary where
+  hashWithSalt _salt AttackSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` attackId
+      `Prelude.hashWithSalt` attackVectors
+      `Prelude.hashWithSalt` endTime
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` startTime
+
+instance Prelude.NFData AttackSummary where
+  rnf AttackSummary' {..} =
+    Prelude.rnf attackId
+      `Prelude.seq` Prelude.rnf attackVectors
+      `Prelude.seq` Prelude.rnf endTime
+      `Prelude.seq` Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf startTime
diff --git a/gen/Amazonka/Shield/Types/AttackVectorDescription.hs b/gen/Amazonka/Shield/Types/AttackVectorDescription.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/AttackVectorDescription.hs
@@ -0,0 +1,179 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.AttackVectorDescription
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.AttackVectorDescription where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes the attack.
+--
+-- /See:/ 'newAttackVectorDescription' smart constructor.
+data AttackVectorDescription = AttackVectorDescription'
+  { -- | The attack type. Valid values:
+    --
+    -- -   UDP_TRAFFIC
+    --
+    -- -   UDP_FRAGMENT
+    --
+    -- -   GENERIC_UDP_REFLECTION
+    --
+    -- -   DNS_REFLECTION
+    --
+    -- -   NTP_REFLECTION
+    --
+    -- -   CHARGEN_REFLECTION
+    --
+    -- -   SSDP_REFLECTION
+    --
+    -- -   PORT_MAPPER
+    --
+    -- -   RIP_REFLECTION
+    --
+    -- -   SNMP_REFLECTION
+    --
+    -- -   MSSQL_REFLECTION
+    --
+    -- -   NET_BIOS_REFLECTION
+    --
+    -- -   SYN_FLOOD
+    --
+    -- -   ACK_FLOOD
+    --
+    -- -   REQUEST_FLOOD
+    --
+    -- -   HTTP_REFLECTION
+    --
+    -- -   UDS_REFLECTION
+    --
+    -- -   MEMCACHED_REFLECTION
+    vectorType :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AttackVectorDescription' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'vectorType', 'attackVectorDescription_vectorType' - The attack type. Valid values:
+--
+-- -   UDP_TRAFFIC
+--
+-- -   UDP_FRAGMENT
+--
+-- -   GENERIC_UDP_REFLECTION
+--
+-- -   DNS_REFLECTION
+--
+-- -   NTP_REFLECTION
+--
+-- -   CHARGEN_REFLECTION
+--
+-- -   SSDP_REFLECTION
+--
+-- -   PORT_MAPPER
+--
+-- -   RIP_REFLECTION
+--
+-- -   SNMP_REFLECTION
+--
+-- -   MSSQL_REFLECTION
+--
+-- -   NET_BIOS_REFLECTION
+--
+-- -   SYN_FLOOD
+--
+-- -   ACK_FLOOD
+--
+-- -   REQUEST_FLOOD
+--
+-- -   HTTP_REFLECTION
+--
+-- -   UDS_REFLECTION
+--
+-- -   MEMCACHED_REFLECTION
+newAttackVectorDescription ::
+  -- | 'vectorType'
+  Prelude.Text ->
+  AttackVectorDescription
+newAttackVectorDescription pVectorType_ =
+  AttackVectorDescription' {vectorType = pVectorType_}
+
+-- | The attack type. Valid values:
+--
+-- -   UDP_TRAFFIC
+--
+-- -   UDP_FRAGMENT
+--
+-- -   GENERIC_UDP_REFLECTION
+--
+-- -   DNS_REFLECTION
+--
+-- -   NTP_REFLECTION
+--
+-- -   CHARGEN_REFLECTION
+--
+-- -   SSDP_REFLECTION
+--
+-- -   PORT_MAPPER
+--
+-- -   RIP_REFLECTION
+--
+-- -   SNMP_REFLECTION
+--
+-- -   MSSQL_REFLECTION
+--
+-- -   NET_BIOS_REFLECTION
+--
+-- -   SYN_FLOOD
+--
+-- -   ACK_FLOOD
+--
+-- -   REQUEST_FLOOD
+--
+-- -   HTTP_REFLECTION
+--
+-- -   UDS_REFLECTION
+--
+-- -   MEMCACHED_REFLECTION
+attackVectorDescription_vectorType :: Lens.Lens' AttackVectorDescription Prelude.Text
+attackVectorDescription_vectorType = Lens.lens (\AttackVectorDescription' {vectorType} -> vectorType) (\s@AttackVectorDescription' {} a -> s {vectorType = a} :: AttackVectorDescription)
+
+instance Data.FromJSON AttackVectorDescription where
+  parseJSON =
+    Data.withObject
+      "AttackVectorDescription"
+      ( \x ->
+          AttackVectorDescription'
+            Prelude.<$> (x Data..: "VectorType")
+      )
+
+instance Prelude.Hashable AttackVectorDescription where
+  hashWithSalt _salt AttackVectorDescription' {..} =
+    _salt `Prelude.hashWithSalt` vectorType
+
+instance Prelude.NFData AttackVectorDescription where
+  rnf AttackVectorDescription' {..} =
+    Prelude.rnf vectorType
diff --git a/gen/Amazonka/Shield/Types/AttackVolume.hs b/gen/Amazonka/Shield/Types/AttackVolume.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/AttackVolume.hs
@@ -0,0 +1,111 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.AttackVolume
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.AttackVolume where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.AttackVolumeStatistics
+
+-- | Information about the volume of attacks during the time period, included
+-- in an AttackStatisticsDataItem. If the accompanying @AttackCount@ in the
+-- statistics object is zero, this setting might be empty.
+--
+-- /See:/ 'newAttackVolume' smart constructor.
+data AttackVolume = AttackVolume'
+  { -- | A statistics object that uses bits per second as the unit. This is
+    -- included for network level attacks.
+    bitsPerSecond :: Prelude.Maybe AttackVolumeStatistics,
+    -- | A statistics object that uses packets per second as the unit. This is
+    -- included for network level attacks.
+    packetsPerSecond :: Prelude.Maybe AttackVolumeStatistics,
+    -- | A statistics object that uses requests per second as the unit. This is
+    -- included for application level attacks, and is only available for
+    -- accounts that are subscribed to Shield Advanced.
+    requestsPerSecond :: Prelude.Maybe AttackVolumeStatistics
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AttackVolume' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'bitsPerSecond', 'attackVolume_bitsPerSecond' - A statistics object that uses bits per second as the unit. This is
+-- included for network level attacks.
+--
+-- 'packetsPerSecond', 'attackVolume_packetsPerSecond' - A statistics object that uses packets per second as the unit. This is
+-- included for network level attacks.
+--
+-- 'requestsPerSecond', 'attackVolume_requestsPerSecond' - A statistics object that uses requests per second as the unit. This is
+-- included for application level attacks, and is only available for
+-- accounts that are subscribed to Shield Advanced.
+newAttackVolume ::
+  AttackVolume
+newAttackVolume =
+  AttackVolume'
+    { bitsPerSecond = Prelude.Nothing,
+      packetsPerSecond = Prelude.Nothing,
+      requestsPerSecond = Prelude.Nothing
+    }
+
+-- | A statistics object that uses bits per second as the unit. This is
+-- included for network level attacks.
+attackVolume_bitsPerSecond :: Lens.Lens' AttackVolume (Prelude.Maybe AttackVolumeStatistics)
+attackVolume_bitsPerSecond = Lens.lens (\AttackVolume' {bitsPerSecond} -> bitsPerSecond) (\s@AttackVolume' {} a -> s {bitsPerSecond = a} :: AttackVolume)
+
+-- | A statistics object that uses packets per second as the unit. This is
+-- included for network level attacks.
+attackVolume_packetsPerSecond :: Lens.Lens' AttackVolume (Prelude.Maybe AttackVolumeStatistics)
+attackVolume_packetsPerSecond = Lens.lens (\AttackVolume' {packetsPerSecond} -> packetsPerSecond) (\s@AttackVolume' {} a -> s {packetsPerSecond = a} :: AttackVolume)
+
+-- | A statistics object that uses requests per second as the unit. This is
+-- included for application level attacks, and is only available for
+-- accounts that are subscribed to Shield Advanced.
+attackVolume_requestsPerSecond :: Lens.Lens' AttackVolume (Prelude.Maybe AttackVolumeStatistics)
+attackVolume_requestsPerSecond = Lens.lens (\AttackVolume' {requestsPerSecond} -> requestsPerSecond) (\s@AttackVolume' {} a -> s {requestsPerSecond = a} :: AttackVolume)
+
+instance Data.FromJSON AttackVolume where
+  parseJSON =
+    Data.withObject
+      "AttackVolume"
+      ( \x ->
+          AttackVolume'
+            Prelude.<$> (x Data..:? "BitsPerSecond")
+            Prelude.<*> (x Data..:? "PacketsPerSecond")
+            Prelude.<*> (x Data..:? "RequestsPerSecond")
+      )
+
+instance Prelude.Hashable AttackVolume where
+  hashWithSalt _salt AttackVolume' {..} =
+    _salt
+      `Prelude.hashWithSalt` bitsPerSecond
+      `Prelude.hashWithSalt` packetsPerSecond
+      `Prelude.hashWithSalt` requestsPerSecond
+
+instance Prelude.NFData AttackVolume where
+  rnf AttackVolume' {..} =
+    Prelude.rnf bitsPerSecond
+      `Prelude.seq` Prelude.rnf packetsPerSecond
+      `Prelude.seq` Prelude.rnf requestsPerSecond
diff --git a/gen/Amazonka/Shield/Types/AttackVolumeStatistics.hs b/gen/Amazonka/Shield/Types/AttackVolumeStatistics.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/AttackVolumeStatistics.hs
@@ -0,0 +1,70 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.AttackVolumeStatistics
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.AttackVolumeStatistics where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Statistics objects for the various data types in AttackVolume.
+--
+-- /See:/ 'newAttackVolumeStatistics' smart constructor.
+data AttackVolumeStatistics = AttackVolumeStatistics'
+  { -- | The maximum attack volume observed for the given unit.
+    max :: Prelude.Double
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AttackVolumeStatistics' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'max', 'attackVolumeStatistics_max' - The maximum attack volume observed for the given unit.
+newAttackVolumeStatistics ::
+  -- | 'max'
+  Prelude.Double ->
+  AttackVolumeStatistics
+newAttackVolumeStatistics pMax_ =
+  AttackVolumeStatistics' {max = pMax_}
+
+-- | The maximum attack volume observed for the given unit.
+attackVolumeStatistics_max :: Lens.Lens' AttackVolumeStatistics Prelude.Double
+attackVolumeStatistics_max = Lens.lens (\AttackVolumeStatistics' {max} -> max) (\s@AttackVolumeStatistics' {} a -> s {max = a} :: AttackVolumeStatistics)
+
+instance Data.FromJSON AttackVolumeStatistics where
+  parseJSON =
+    Data.withObject
+      "AttackVolumeStatistics"
+      ( \x ->
+          AttackVolumeStatistics'
+            Prelude.<$> (x Data..: "Max")
+      )
+
+instance Prelude.Hashable AttackVolumeStatistics where
+  hashWithSalt _salt AttackVolumeStatistics' {..} =
+    _salt `Prelude.hashWithSalt` max
+
+instance Prelude.NFData AttackVolumeStatistics where
+  rnf AttackVolumeStatistics' {..} = Prelude.rnf max
diff --git a/gen/Amazonka/Shield/Types/AutoRenew.hs b/gen/Amazonka/Shield/Types/AutoRenew.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/AutoRenew.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.AutoRenew
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.AutoRenew
+  ( AutoRenew
+      ( ..,
+        AutoRenew_DISABLED,
+        AutoRenew_ENABLED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype AutoRenew = AutoRenew'
+  { fromAutoRenew ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern AutoRenew_DISABLED :: AutoRenew
+pattern AutoRenew_DISABLED = AutoRenew' "DISABLED"
+
+pattern AutoRenew_ENABLED :: AutoRenew
+pattern AutoRenew_ENABLED = AutoRenew' "ENABLED"
+
+{-# COMPLETE
+  AutoRenew_DISABLED,
+  AutoRenew_ENABLED,
+  AutoRenew'
+  #-}
diff --git a/gen/Amazonka/Shield/Types/BlockAction.hs b/gen/Amazonka/Shield/Types/BlockAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/BlockAction.hs
@@ -0,0 +1,62 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.BlockAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.BlockAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies that Shield Advanced should configure its WAF rules with the
+-- WAF @Block@ action.
+--
+-- This is only used in the context of the @ResponseAction@ setting.
+--
+-- JSON specification: @\"Block\": {}@
+--
+-- /See:/ 'newBlockAction' smart constructor.
+data BlockAction = BlockAction'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BlockAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newBlockAction ::
+  BlockAction
+newBlockAction = BlockAction'
+
+instance Data.FromJSON BlockAction where
+  parseJSON =
+    Data.withObject
+      "BlockAction"
+      (\x -> Prelude.pure BlockAction')
+
+instance Prelude.Hashable BlockAction where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData BlockAction where
+  rnf _ = ()
+
+instance Data.ToJSON BlockAction where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
diff --git a/gen/Amazonka/Shield/Types/Contributor.hs b/gen/Amazonka/Shield/Types/Contributor.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/Contributor.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.Contributor
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.Contributor where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A contributor to the attack and their contribution.
+--
+-- /See:/ 'newContributor' smart constructor.
+data Contributor = Contributor'
+  { -- | The name of the contributor. The type of name that you\'ll find here
+    -- depends on the @AttackPropertyIdentifier@ setting in the
+    -- @AttackProperty@ where this contributor is defined. For example, if the
+    -- @AttackPropertyIdentifier@ is @SOURCE_COUNTRY@, the @Name@ could be
+    -- @United States@.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The contribution of this contributor expressed in Protection units. For
+    -- example @10,000@.
+    value :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Contributor' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'contributor_name' - The name of the contributor. The type of name that you\'ll find here
+-- depends on the @AttackPropertyIdentifier@ setting in the
+-- @AttackProperty@ where this contributor is defined. For example, if the
+-- @AttackPropertyIdentifier@ is @SOURCE_COUNTRY@, the @Name@ could be
+-- @United States@.
+--
+-- 'value', 'contributor_value' - The contribution of this contributor expressed in Protection units. For
+-- example @10,000@.
+newContributor ::
+  Contributor
+newContributor =
+  Contributor'
+    { name = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The name of the contributor. The type of name that you\'ll find here
+-- depends on the @AttackPropertyIdentifier@ setting in the
+-- @AttackProperty@ where this contributor is defined. For example, if the
+-- @AttackPropertyIdentifier@ is @SOURCE_COUNTRY@, the @Name@ could be
+-- @United States@.
+contributor_name :: Lens.Lens' Contributor (Prelude.Maybe Prelude.Text)
+contributor_name = Lens.lens (\Contributor' {name} -> name) (\s@Contributor' {} a -> s {name = a} :: Contributor)
+
+-- | The contribution of this contributor expressed in Protection units. For
+-- example @10,000@.
+contributor_value :: Lens.Lens' Contributor (Prelude.Maybe Prelude.Integer)
+contributor_value = Lens.lens (\Contributor' {value} -> value) (\s@Contributor' {} a -> s {value = a} :: Contributor)
+
+instance Data.FromJSON Contributor where
+  parseJSON =
+    Data.withObject
+      "Contributor"
+      ( \x ->
+          Contributor'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance Prelude.Hashable Contributor where
+  hashWithSalt _salt Contributor' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData Contributor where
+  rnf Contributor' {..} =
+    Prelude.rnf name `Prelude.seq` Prelude.rnf value
diff --git a/gen/Amazonka/Shield/Types/CountAction.hs b/gen/Amazonka/Shield/Types/CountAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/CountAction.hs
@@ -0,0 +1,62 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.CountAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.CountAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies that Shield Advanced should configure its WAF rules with the
+-- WAF @Count@ action.
+--
+-- This is only used in the context of the @ResponseAction@ setting.
+--
+-- JSON specification: @\"Count\": {}@
+--
+-- /See:/ 'newCountAction' smart constructor.
+data CountAction = CountAction'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CountAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newCountAction ::
+  CountAction
+newCountAction = CountAction'
+
+instance Data.FromJSON CountAction where
+  parseJSON =
+    Data.withObject
+      "CountAction"
+      (\x -> Prelude.pure CountAction')
+
+instance Prelude.Hashable CountAction where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData CountAction where
+  rnf _ = ()
+
+instance Data.ToJSON CountAction where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
diff --git a/gen/Amazonka/Shield/Types/EmergencyContact.hs b/gen/Amazonka/Shield/Types/EmergencyContact.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/EmergencyContact.hs
@@ -0,0 +1,110 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.EmergencyContact
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.EmergencyContact where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Contact information that the SRT can use to contact you if you have
+-- proactive engagement enabled, for escalations to the SRT and to initiate
+-- proactive customer support.
+--
+-- /See:/ 'newEmergencyContact' smart constructor.
+data EmergencyContact = EmergencyContact'
+  { -- | Additional notes regarding the contact.
+    contactNotes :: Prelude.Maybe Prelude.Text,
+    -- | The phone number for the contact.
+    phoneNumber :: Prelude.Maybe Prelude.Text,
+    -- | The email address for the contact.
+    emailAddress :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'EmergencyContact' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'contactNotes', 'emergencyContact_contactNotes' - Additional notes regarding the contact.
+--
+-- 'phoneNumber', 'emergencyContact_phoneNumber' - The phone number for the contact.
+--
+-- 'emailAddress', 'emergencyContact_emailAddress' - The email address for the contact.
+newEmergencyContact ::
+  -- | 'emailAddress'
+  Prelude.Text ->
+  EmergencyContact
+newEmergencyContact pEmailAddress_ =
+  EmergencyContact'
+    { contactNotes = Prelude.Nothing,
+      phoneNumber = Prelude.Nothing,
+      emailAddress = pEmailAddress_
+    }
+
+-- | Additional notes regarding the contact.
+emergencyContact_contactNotes :: Lens.Lens' EmergencyContact (Prelude.Maybe Prelude.Text)
+emergencyContact_contactNotes = Lens.lens (\EmergencyContact' {contactNotes} -> contactNotes) (\s@EmergencyContact' {} a -> s {contactNotes = a} :: EmergencyContact)
+
+-- | The phone number for the contact.
+emergencyContact_phoneNumber :: Lens.Lens' EmergencyContact (Prelude.Maybe Prelude.Text)
+emergencyContact_phoneNumber = Lens.lens (\EmergencyContact' {phoneNumber} -> phoneNumber) (\s@EmergencyContact' {} a -> s {phoneNumber = a} :: EmergencyContact)
+
+-- | The email address for the contact.
+emergencyContact_emailAddress :: Lens.Lens' EmergencyContact Prelude.Text
+emergencyContact_emailAddress = Lens.lens (\EmergencyContact' {emailAddress} -> emailAddress) (\s@EmergencyContact' {} a -> s {emailAddress = a} :: EmergencyContact)
+
+instance Data.FromJSON EmergencyContact where
+  parseJSON =
+    Data.withObject
+      "EmergencyContact"
+      ( \x ->
+          EmergencyContact'
+            Prelude.<$> (x Data..:? "ContactNotes")
+            Prelude.<*> (x Data..:? "PhoneNumber")
+            Prelude.<*> (x Data..: "EmailAddress")
+      )
+
+instance Prelude.Hashable EmergencyContact where
+  hashWithSalt _salt EmergencyContact' {..} =
+    _salt
+      `Prelude.hashWithSalt` contactNotes
+      `Prelude.hashWithSalt` phoneNumber
+      `Prelude.hashWithSalt` emailAddress
+
+instance Prelude.NFData EmergencyContact where
+  rnf EmergencyContact' {..} =
+    Prelude.rnf contactNotes
+      `Prelude.seq` Prelude.rnf phoneNumber
+      `Prelude.seq` Prelude.rnf emailAddress
+
+instance Data.ToJSON EmergencyContact where
+  toJSON EmergencyContact' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ContactNotes" Data..=) Prelude.<$> contactNotes,
+            ("PhoneNumber" Data..=) Prelude.<$> phoneNumber,
+            Prelude.Just ("EmailAddress" Data..= emailAddress)
+          ]
+      )
diff --git a/gen/Amazonka/Shield/Types/InclusionProtectionFilters.hs b/gen/Amazonka/Shield/Types/InclusionProtectionFilters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/InclusionProtectionFilters.hs
@@ -0,0 +1,106 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.InclusionProtectionFilters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.InclusionProtectionFilters where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.ProtectedResourceType
+
+-- | Narrows the set of protections that the call retrieves. You can retrieve
+-- a single protection by providing its name or the ARN (Amazon Resource
+-- Name) of its protected resource. You can also retrieve all protections
+-- for a specific resource type. You can provide up to one criteria per
+-- filter type. Shield Advanced returns protections that exactly match all
+-- of the filter criteria that you provide.
+--
+-- /See:/ 'newInclusionProtectionFilters' smart constructor.
+data InclusionProtectionFilters = InclusionProtectionFilters'
+  { -- | The name of the protection that you want to retrieve.
+    protectionNames :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text),
+    -- | The ARN (Amazon Resource Name) of the resource whose protection you want
+    -- to retrieve.
+    resourceArns :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text),
+    -- | The type of protected resource whose protections you want to retrieve.
+    resourceTypes :: Prelude.Maybe (Prelude.NonEmpty ProtectedResourceType)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InclusionProtectionFilters' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'protectionNames', 'inclusionProtectionFilters_protectionNames' - The name of the protection that you want to retrieve.
+--
+-- 'resourceArns', 'inclusionProtectionFilters_resourceArns' - The ARN (Amazon Resource Name) of the resource whose protection you want
+-- to retrieve.
+--
+-- 'resourceTypes', 'inclusionProtectionFilters_resourceTypes' - The type of protected resource whose protections you want to retrieve.
+newInclusionProtectionFilters ::
+  InclusionProtectionFilters
+newInclusionProtectionFilters =
+  InclusionProtectionFilters'
+    { protectionNames =
+        Prelude.Nothing,
+      resourceArns = Prelude.Nothing,
+      resourceTypes = Prelude.Nothing
+    }
+
+-- | The name of the protection that you want to retrieve.
+inclusionProtectionFilters_protectionNames :: Lens.Lens' InclusionProtectionFilters (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+inclusionProtectionFilters_protectionNames = Lens.lens (\InclusionProtectionFilters' {protectionNames} -> protectionNames) (\s@InclusionProtectionFilters' {} a -> s {protectionNames = a} :: InclusionProtectionFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ARN (Amazon Resource Name) of the resource whose protection you want
+-- to retrieve.
+inclusionProtectionFilters_resourceArns :: Lens.Lens' InclusionProtectionFilters (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+inclusionProtectionFilters_resourceArns = Lens.lens (\InclusionProtectionFilters' {resourceArns} -> resourceArns) (\s@InclusionProtectionFilters' {} a -> s {resourceArns = a} :: InclusionProtectionFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The type of protected resource whose protections you want to retrieve.
+inclusionProtectionFilters_resourceTypes :: Lens.Lens' InclusionProtectionFilters (Prelude.Maybe (Prelude.NonEmpty ProtectedResourceType))
+inclusionProtectionFilters_resourceTypes = Lens.lens (\InclusionProtectionFilters' {resourceTypes} -> resourceTypes) (\s@InclusionProtectionFilters' {} a -> s {resourceTypes = a} :: InclusionProtectionFilters) Prelude.. Lens.mapping Lens.coerced
+
+instance Prelude.Hashable InclusionProtectionFilters where
+  hashWithSalt _salt InclusionProtectionFilters' {..} =
+    _salt
+      `Prelude.hashWithSalt` protectionNames
+      `Prelude.hashWithSalt` resourceArns
+      `Prelude.hashWithSalt` resourceTypes
+
+instance Prelude.NFData InclusionProtectionFilters where
+  rnf InclusionProtectionFilters' {..} =
+    Prelude.rnf protectionNames
+      `Prelude.seq` Prelude.rnf resourceArns
+      `Prelude.seq` Prelude.rnf resourceTypes
+
+instance Data.ToJSON InclusionProtectionFilters where
+  toJSON InclusionProtectionFilters' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ProtectionNames" Data..=)
+              Prelude.<$> protectionNames,
+            ("ResourceArns" Data..=) Prelude.<$> resourceArns,
+            ("ResourceTypes" Data..=) Prelude.<$> resourceTypes
+          ]
+      )
diff --git a/gen/Amazonka/Shield/Types/InclusionProtectionGroupFilters.hs b/gen/Amazonka/Shield/Types/InclusionProtectionGroupFilters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/InclusionProtectionGroupFilters.hs
@@ -0,0 +1,137 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.InclusionProtectionGroupFilters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.InclusionProtectionGroupFilters where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.ProtectedResourceType
+import Amazonka.Shield.Types.ProtectionGroupAggregation
+import Amazonka.Shield.Types.ProtectionGroupPattern
+
+-- | Narrows the set of protection groups that the call retrieves. You can
+-- retrieve a single protection group by its name and you can retrieve all
+-- protection groups that are configured with a specific pattern,
+-- aggregation, or resource type. You can provide up to one criteria per
+-- filter type. Shield Advanced returns the protection groups that exactly
+-- match all of the search criteria that you provide.
+--
+-- /See:/ 'newInclusionProtectionGroupFilters' smart constructor.
+data InclusionProtectionGroupFilters = InclusionProtectionGroupFilters'
+  { -- | The aggregation setting of the protection groups that you want to
+    -- retrieve.
+    aggregations :: Prelude.Maybe (Prelude.NonEmpty ProtectionGroupAggregation),
+    -- | The pattern specification of the protection groups that you want to
+    -- retrieve.
+    patterns :: Prelude.Maybe (Prelude.NonEmpty ProtectionGroupPattern),
+    -- | The ID of the protection group that you want to retrieve.
+    protectionGroupIds :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text),
+    -- | The resource type configuration of the protection groups that you want
+    -- to retrieve. In the protection group configuration, you specify the
+    -- resource type when you set the group\'s @Pattern@ to @BY_RESOURCE_TYPE@.
+    resourceTypes :: Prelude.Maybe (Prelude.NonEmpty ProtectedResourceType)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'InclusionProtectionGroupFilters' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'aggregations', 'inclusionProtectionGroupFilters_aggregations' - The aggregation setting of the protection groups that you want to
+-- retrieve.
+--
+-- 'patterns', 'inclusionProtectionGroupFilters_patterns' - The pattern specification of the protection groups that you want to
+-- retrieve.
+--
+-- 'protectionGroupIds', 'inclusionProtectionGroupFilters_protectionGroupIds' - The ID of the protection group that you want to retrieve.
+--
+-- 'resourceTypes', 'inclusionProtectionGroupFilters_resourceTypes' - The resource type configuration of the protection groups that you want
+-- to retrieve. In the protection group configuration, you specify the
+-- resource type when you set the group\'s @Pattern@ to @BY_RESOURCE_TYPE@.
+newInclusionProtectionGroupFilters ::
+  InclusionProtectionGroupFilters
+newInclusionProtectionGroupFilters =
+  InclusionProtectionGroupFilters'
+    { aggregations =
+        Prelude.Nothing,
+      patterns = Prelude.Nothing,
+      protectionGroupIds = Prelude.Nothing,
+      resourceTypes = Prelude.Nothing
+    }
+
+-- | The aggregation setting of the protection groups that you want to
+-- retrieve.
+inclusionProtectionGroupFilters_aggregations :: Lens.Lens' InclusionProtectionGroupFilters (Prelude.Maybe (Prelude.NonEmpty ProtectionGroupAggregation))
+inclusionProtectionGroupFilters_aggregations = Lens.lens (\InclusionProtectionGroupFilters' {aggregations} -> aggregations) (\s@InclusionProtectionGroupFilters' {} a -> s {aggregations = a} :: InclusionProtectionGroupFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The pattern specification of the protection groups that you want to
+-- retrieve.
+inclusionProtectionGroupFilters_patterns :: Lens.Lens' InclusionProtectionGroupFilters (Prelude.Maybe (Prelude.NonEmpty ProtectionGroupPattern))
+inclusionProtectionGroupFilters_patterns = Lens.lens (\InclusionProtectionGroupFilters' {patterns} -> patterns) (\s@InclusionProtectionGroupFilters' {} a -> s {patterns = a} :: InclusionProtectionGroupFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The ID of the protection group that you want to retrieve.
+inclusionProtectionGroupFilters_protectionGroupIds :: Lens.Lens' InclusionProtectionGroupFilters (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+inclusionProtectionGroupFilters_protectionGroupIds = Lens.lens (\InclusionProtectionGroupFilters' {protectionGroupIds} -> protectionGroupIds) (\s@InclusionProtectionGroupFilters' {} a -> s {protectionGroupIds = a} :: InclusionProtectionGroupFilters) Prelude.. Lens.mapping Lens.coerced
+
+-- | The resource type configuration of the protection groups that you want
+-- to retrieve. In the protection group configuration, you specify the
+-- resource type when you set the group\'s @Pattern@ to @BY_RESOURCE_TYPE@.
+inclusionProtectionGroupFilters_resourceTypes :: Lens.Lens' InclusionProtectionGroupFilters (Prelude.Maybe (Prelude.NonEmpty ProtectedResourceType))
+inclusionProtectionGroupFilters_resourceTypes = Lens.lens (\InclusionProtectionGroupFilters' {resourceTypes} -> resourceTypes) (\s@InclusionProtectionGroupFilters' {} a -> s {resourceTypes = a} :: InclusionProtectionGroupFilters) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Prelude.Hashable
+    InclusionProtectionGroupFilters
+  where
+  hashWithSalt
+    _salt
+    InclusionProtectionGroupFilters' {..} =
+      _salt
+        `Prelude.hashWithSalt` aggregations
+        `Prelude.hashWithSalt` patterns
+        `Prelude.hashWithSalt` protectionGroupIds
+        `Prelude.hashWithSalt` resourceTypes
+
+instance
+  Prelude.NFData
+    InclusionProtectionGroupFilters
+  where
+  rnf InclusionProtectionGroupFilters' {..} =
+    Prelude.rnf aggregations
+      `Prelude.seq` Prelude.rnf patterns
+      `Prelude.seq` Prelude.rnf protectionGroupIds
+      `Prelude.seq` Prelude.rnf resourceTypes
+
+instance Data.ToJSON InclusionProtectionGroupFilters where
+  toJSON InclusionProtectionGroupFilters' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Aggregations" Data..=) Prelude.<$> aggregations,
+            ("Patterns" Data..=) Prelude.<$> patterns,
+            ("ProtectionGroupIds" Data..=)
+              Prelude.<$> protectionGroupIds,
+            ("ResourceTypes" Data..=) Prelude.<$> resourceTypes
+          ]
+      )
diff --git a/gen/Amazonka/Shield/Types/Limit.hs b/gen/Amazonka/Shield/Types/Limit.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/Limit.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.Limit
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.Limit where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies how many protections of a given type you can create.
+--
+-- /See:/ 'newLimit' smart constructor.
+data Limit = Limit'
+  { -- | The maximum number of protections that can be created for the specified
+    -- @Type@.
+    max :: Prelude.Maybe Prelude.Integer,
+    -- | The type of protection.
+    type' :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Limit' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'max', 'limit_max' - The maximum number of protections that can be created for the specified
+-- @Type@.
+--
+-- 'type'', 'limit_type' - The type of protection.
+newLimit ::
+  Limit
+newLimit =
+  Limit'
+    { max = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The maximum number of protections that can be created for the specified
+-- @Type@.
+limit_max :: Lens.Lens' Limit (Prelude.Maybe Prelude.Integer)
+limit_max = Lens.lens (\Limit' {max} -> max) (\s@Limit' {} a -> s {max = a} :: Limit)
+
+-- | The type of protection.
+limit_type :: Lens.Lens' Limit (Prelude.Maybe Prelude.Text)
+limit_type = Lens.lens (\Limit' {type'} -> type') (\s@Limit' {} a -> s {type' = a} :: Limit)
+
+instance Data.FromJSON Limit where
+  parseJSON =
+    Data.withObject
+      "Limit"
+      ( \x ->
+          Limit'
+            Prelude.<$> (x Data..:? "Max")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance Prelude.Hashable Limit where
+  hashWithSalt _salt Limit' {..} =
+    _salt
+      `Prelude.hashWithSalt` max
+      `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData Limit where
+  rnf Limit' {..} =
+    Prelude.rnf max `Prelude.seq` Prelude.rnf type'
diff --git a/gen/Amazonka/Shield/Types/Mitigation.hs b/gen/Amazonka/Shield/Types/Mitigation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/Mitigation.hs
@@ -0,0 +1,68 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.Mitigation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.Mitigation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The mitigation applied to a DDoS attack.
+--
+-- /See:/ 'newMitigation' smart constructor.
+data Mitigation = Mitigation'
+  { -- | The name of the mitigation taken for this attack.
+    mitigationName :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Mitigation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'mitigationName', 'mitigation_mitigationName' - The name of the mitigation taken for this attack.
+newMitigation ::
+  Mitigation
+newMitigation =
+  Mitigation' {mitigationName = Prelude.Nothing}
+
+-- | The name of the mitigation taken for this attack.
+mitigation_mitigationName :: Lens.Lens' Mitigation (Prelude.Maybe Prelude.Text)
+mitigation_mitigationName = Lens.lens (\Mitigation' {mitigationName} -> mitigationName) (\s@Mitigation' {} a -> s {mitigationName = a} :: Mitigation)
+
+instance Data.FromJSON Mitigation where
+  parseJSON =
+    Data.withObject
+      "Mitigation"
+      ( \x ->
+          Mitigation'
+            Prelude.<$> (x Data..:? "MitigationName")
+      )
+
+instance Prelude.Hashable Mitigation where
+  hashWithSalt _salt Mitigation' {..} =
+    _salt `Prelude.hashWithSalt` mitigationName
+
+instance Prelude.NFData Mitigation where
+  rnf Mitigation' {..} = Prelude.rnf mitigationName
diff --git a/gen/Amazonka/Shield/Types/ProactiveEngagementStatus.hs b/gen/Amazonka/Shield/Types/ProactiveEngagementStatus.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/ProactiveEngagementStatus.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.ProactiveEngagementStatus
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.ProactiveEngagementStatus
+  ( ProactiveEngagementStatus
+      ( ..,
+        ProactiveEngagementStatus_DISABLED,
+        ProactiveEngagementStatus_ENABLED,
+        ProactiveEngagementStatus_PENDING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ProactiveEngagementStatus = ProactiveEngagementStatus'
+  { fromProactiveEngagementStatus ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ProactiveEngagementStatus_DISABLED :: ProactiveEngagementStatus
+pattern ProactiveEngagementStatus_DISABLED = ProactiveEngagementStatus' "DISABLED"
+
+pattern ProactiveEngagementStatus_ENABLED :: ProactiveEngagementStatus
+pattern ProactiveEngagementStatus_ENABLED = ProactiveEngagementStatus' "ENABLED"
+
+pattern ProactiveEngagementStatus_PENDING :: ProactiveEngagementStatus
+pattern ProactiveEngagementStatus_PENDING = ProactiveEngagementStatus' "PENDING"
+
+{-# COMPLETE
+  ProactiveEngagementStatus_DISABLED,
+  ProactiveEngagementStatus_ENABLED,
+  ProactiveEngagementStatus_PENDING,
+  ProactiveEngagementStatus'
+  #-}
diff --git a/gen/Amazonka/Shield/Types/ProtectedResourceType.hs b/gen/Amazonka/Shield/Types/ProtectedResourceType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/ProtectedResourceType.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.ProtectedResourceType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.ProtectedResourceType
+  ( ProtectedResourceType
+      ( ..,
+        ProtectedResourceType_APPLICATION_LOAD_BALANCER,
+        ProtectedResourceType_CLASSIC_LOAD_BALANCER,
+        ProtectedResourceType_CLOUDFRONT_DISTRIBUTION,
+        ProtectedResourceType_ELASTIC_IP_ALLOCATION,
+        ProtectedResourceType_GLOBAL_ACCELERATOR,
+        ProtectedResourceType_ROUTE_53_HOSTED_ZONE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ProtectedResourceType = ProtectedResourceType'
+  { fromProtectedResourceType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ProtectedResourceType_APPLICATION_LOAD_BALANCER :: ProtectedResourceType
+pattern ProtectedResourceType_APPLICATION_LOAD_BALANCER = ProtectedResourceType' "APPLICATION_LOAD_BALANCER"
+
+pattern ProtectedResourceType_CLASSIC_LOAD_BALANCER :: ProtectedResourceType
+pattern ProtectedResourceType_CLASSIC_LOAD_BALANCER = ProtectedResourceType' "CLASSIC_LOAD_BALANCER"
+
+pattern ProtectedResourceType_CLOUDFRONT_DISTRIBUTION :: ProtectedResourceType
+pattern ProtectedResourceType_CLOUDFRONT_DISTRIBUTION = ProtectedResourceType' "CLOUDFRONT_DISTRIBUTION"
+
+pattern ProtectedResourceType_ELASTIC_IP_ALLOCATION :: ProtectedResourceType
+pattern ProtectedResourceType_ELASTIC_IP_ALLOCATION = ProtectedResourceType' "ELASTIC_IP_ALLOCATION"
+
+pattern ProtectedResourceType_GLOBAL_ACCELERATOR :: ProtectedResourceType
+pattern ProtectedResourceType_GLOBAL_ACCELERATOR = ProtectedResourceType' "GLOBAL_ACCELERATOR"
+
+pattern ProtectedResourceType_ROUTE_53_HOSTED_ZONE :: ProtectedResourceType
+pattern ProtectedResourceType_ROUTE_53_HOSTED_ZONE = ProtectedResourceType' "ROUTE_53_HOSTED_ZONE"
+
+{-# COMPLETE
+  ProtectedResourceType_APPLICATION_LOAD_BALANCER,
+  ProtectedResourceType_CLASSIC_LOAD_BALANCER,
+  ProtectedResourceType_CLOUDFRONT_DISTRIBUTION,
+  ProtectedResourceType_ELASTIC_IP_ALLOCATION,
+  ProtectedResourceType_GLOBAL_ACCELERATOR,
+  ProtectedResourceType_ROUTE_53_HOSTED_ZONE,
+  ProtectedResourceType'
+  #-}
diff --git a/gen/Amazonka/Shield/Types/Protection.hs b/gen/Amazonka/Shield/Types/Protection.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/Protection.hs
@@ -0,0 +1,155 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.Protection
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.Protection where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.ApplicationLayerAutomaticResponseConfiguration
+
+-- | An object that represents a resource that is under DDoS protection.
+--
+-- /See:/ 'newProtection' smart constructor.
+data Protection = Protection'
+  { -- | The automatic application layer DDoS mitigation settings for the
+    -- protection. This configuration determines whether Shield Advanced
+    -- automatically manages rules in the web ACL in order to respond to
+    -- application layer events that Shield Advanced determines to be DDoS
+    -- attacks.
+    applicationLayerAutomaticResponseConfiguration :: Prelude.Maybe ApplicationLayerAutomaticResponseConfiguration,
+    -- | The unique identifier (ID) for the Route 53 health check that\'s
+    -- associated with the protection.
+    healthCheckIds :: Prelude.Maybe [Prelude.Text],
+    -- | The unique identifier (ID) of the protection.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The name of the protection. For example, @My CloudFront distributions@.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The ARN (Amazon Resource Name) of the protection.
+    protectionArn :: Prelude.Maybe Prelude.Text,
+    -- | The ARN (Amazon Resource Name) of the Amazon Web Services resource that
+    -- is protected.
+    resourceArn :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Protection' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'applicationLayerAutomaticResponseConfiguration', 'protection_applicationLayerAutomaticResponseConfiguration' - The automatic application layer DDoS mitigation settings for the
+-- protection. This configuration determines whether Shield Advanced
+-- automatically manages rules in the web ACL in order to respond to
+-- application layer events that Shield Advanced determines to be DDoS
+-- attacks.
+--
+-- 'healthCheckIds', 'protection_healthCheckIds' - The unique identifier (ID) for the Route 53 health check that\'s
+-- associated with the protection.
+--
+-- 'id', 'protection_id' - The unique identifier (ID) of the protection.
+--
+-- 'name', 'protection_name' - The name of the protection. For example, @My CloudFront distributions@.
+--
+-- 'protectionArn', 'protection_protectionArn' - The ARN (Amazon Resource Name) of the protection.
+--
+-- 'resourceArn', 'protection_resourceArn' - The ARN (Amazon Resource Name) of the Amazon Web Services resource that
+-- is protected.
+newProtection ::
+  Protection
+newProtection =
+  Protection'
+    { applicationLayerAutomaticResponseConfiguration =
+        Prelude.Nothing,
+      healthCheckIds = Prelude.Nothing,
+      id = Prelude.Nothing,
+      name = Prelude.Nothing,
+      protectionArn = Prelude.Nothing,
+      resourceArn = Prelude.Nothing
+    }
+
+-- | The automatic application layer DDoS mitigation settings for the
+-- protection. This configuration determines whether Shield Advanced
+-- automatically manages rules in the web ACL in order to respond to
+-- application layer events that Shield Advanced determines to be DDoS
+-- attacks.
+protection_applicationLayerAutomaticResponseConfiguration :: Lens.Lens' Protection (Prelude.Maybe ApplicationLayerAutomaticResponseConfiguration)
+protection_applicationLayerAutomaticResponseConfiguration = Lens.lens (\Protection' {applicationLayerAutomaticResponseConfiguration} -> applicationLayerAutomaticResponseConfiguration) (\s@Protection' {} a -> s {applicationLayerAutomaticResponseConfiguration = a} :: Protection)
+
+-- | The unique identifier (ID) for the Route 53 health check that\'s
+-- associated with the protection.
+protection_healthCheckIds :: Lens.Lens' Protection (Prelude.Maybe [Prelude.Text])
+protection_healthCheckIds = Lens.lens (\Protection' {healthCheckIds} -> healthCheckIds) (\s@Protection' {} a -> s {healthCheckIds = a} :: Protection) Prelude.. Lens.mapping Lens.coerced
+
+-- | The unique identifier (ID) of the protection.
+protection_id :: Lens.Lens' Protection (Prelude.Maybe Prelude.Text)
+protection_id = Lens.lens (\Protection' {id} -> id) (\s@Protection' {} a -> s {id = a} :: Protection)
+
+-- | The name of the protection. For example, @My CloudFront distributions@.
+protection_name :: Lens.Lens' Protection (Prelude.Maybe Prelude.Text)
+protection_name = Lens.lens (\Protection' {name} -> name) (\s@Protection' {} a -> s {name = a} :: Protection)
+
+-- | The ARN (Amazon Resource Name) of the protection.
+protection_protectionArn :: Lens.Lens' Protection (Prelude.Maybe Prelude.Text)
+protection_protectionArn = Lens.lens (\Protection' {protectionArn} -> protectionArn) (\s@Protection' {} a -> s {protectionArn = a} :: Protection)
+
+-- | The ARN (Amazon Resource Name) of the Amazon Web Services resource that
+-- is protected.
+protection_resourceArn :: Lens.Lens' Protection (Prelude.Maybe Prelude.Text)
+protection_resourceArn = Lens.lens (\Protection' {resourceArn} -> resourceArn) (\s@Protection' {} a -> s {resourceArn = a} :: Protection)
+
+instance Data.FromJSON Protection where
+  parseJSON =
+    Data.withObject
+      "Protection"
+      ( \x ->
+          Protection'
+            Prelude.<$> ( x
+                            Data..:? "ApplicationLayerAutomaticResponseConfiguration"
+                        )
+            Prelude.<*> (x Data..:? "HealthCheckIds" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "ProtectionArn")
+            Prelude.<*> (x Data..:? "ResourceArn")
+      )
+
+instance Prelude.Hashable Protection where
+  hashWithSalt _salt Protection' {..} =
+    _salt
+      `Prelude.hashWithSalt` applicationLayerAutomaticResponseConfiguration
+      `Prelude.hashWithSalt` healthCheckIds
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` protectionArn
+      `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData Protection where
+  rnf Protection' {..} =
+    Prelude.rnf
+      applicationLayerAutomaticResponseConfiguration
+      `Prelude.seq` Prelude.rnf healthCheckIds
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf protectionArn
+      `Prelude.seq` Prelude.rnf resourceArn
diff --git a/gen/Amazonka/Shield/Types/ProtectionGroup.hs b/gen/Amazonka/Shield/Types/ProtectionGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/ProtectionGroup.hs
@@ -0,0 +1,222 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.ProtectionGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.ProtectionGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.ProtectedResourceType
+import Amazonka.Shield.Types.ProtectionGroupAggregation
+import Amazonka.Shield.Types.ProtectionGroupPattern
+
+-- | A grouping of protected resources that you and Shield Advanced can
+-- monitor as a collective. This resource grouping improves the accuracy of
+-- detection and reduces false positives.
+--
+-- /See:/ 'newProtectionGroup' smart constructor.
+data ProtectionGroup = ProtectionGroup'
+  { -- | The ARN (Amazon Resource Name) of the protection group.
+    protectionGroupArn :: Prelude.Maybe Prelude.Text,
+    -- | The resource type to include in the protection group. All protected
+    -- resources of this type are included in the protection group. You must
+    -- set this when you set @Pattern@ to @BY_RESOURCE_TYPE@ and you must not
+    -- set it for any other @Pattern@ setting.
+    resourceType :: Prelude.Maybe ProtectedResourceType,
+    -- | The name of the protection group. You use this to identify the
+    -- protection group in lists and to manage the protection group, for
+    -- example to update, delete, or describe it.
+    protectionGroupId :: Prelude.Text,
+    -- | Defines how Shield combines resource data for the group in order to
+    -- detect, mitigate, and report events.
+    --
+    -- -   Sum - Use the total traffic across the group. This is a good choice
+    --     for most cases. Examples include Elastic IP addresses for EC2
+    --     instances that scale manually or automatically.
+    --
+    -- -   Mean - Use the average of the traffic across the group. This is a
+    --     good choice for resources that share traffic uniformly. Examples
+    --     include accelerators and load balancers.
+    --
+    -- -   Max - Use the highest traffic from each resource. This is useful for
+    --     resources that don\'t share traffic and for resources that share
+    --     that traffic in a non-uniform way. Examples include Amazon
+    --     CloudFront distributions and origin resources for CloudFront
+    --     distributions.
+    aggregation :: ProtectionGroupAggregation,
+    -- | The criteria to use to choose the protected resources for inclusion in
+    -- the group. You can include all resources that have protections, provide
+    -- a list of resource ARNs (Amazon Resource Names), or include all
+    -- resources of a specified resource type.
+    pattern' :: ProtectionGroupPattern,
+    -- | The ARNs (Amazon Resource Names) of the resources to include in the
+    -- protection group. You must set this when you set @Pattern@ to
+    -- @ARBITRARY@ and you must not set it for any other @Pattern@ setting.
+    members :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ProtectionGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'protectionGroupArn', 'protectionGroup_protectionGroupArn' - The ARN (Amazon Resource Name) of the protection group.
+--
+-- 'resourceType', 'protectionGroup_resourceType' - The resource type to include in the protection group. All protected
+-- resources of this type are included in the protection group. You must
+-- set this when you set @Pattern@ to @BY_RESOURCE_TYPE@ and you must not
+-- set it for any other @Pattern@ setting.
+--
+-- 'protectionGroupId', 'protectionGroup_protectionGroupId' - The name of the protection group. You use this to identify the
+-- protection group in lists and to manage the protection group, for
+-- example to update, delete, or describe it.
+--
+-- 'aggregation', 'protectionGroup_aggregation' - Defines how Shield combines resource data for the group in order to
+-- detect, mitigate, and report events.
+--
+-- -   Sum - Use the total traffic across the group. This is a good choice
+--     for most cases. Examples include Elastic IP addresses for EC2
+--     instances that scale manually or automatically.
+--
+-- -   Mean - Use the average of the traffic across the group. This is a
+--     good choice for resources that share traffic uniformly. Examples
+--     include accelerators and load balancers.
+--
+-- -   Max - Use the highest traffic from each resource. This is useful for
+--     resources that don\'t share traffic and for resources that share
+--     that traffic in a non-uniform way. Examples include Amazon
+--     CloudFront distributions and origin resources for CloudFront
+--     distributions.
+--
+-- 'pattern'', 'protectionGroup_pattern' - The criteria to use to choose the protected resources for inclusion in
+-- the group. You can include all resources that have protections, provide
+-- a list of resource ARNs (Amazon Resource Names), or include all
+-- resources of a specified resource type.
+--
+-- 'members', 'protectionGroup_members' - The ARNs (Amazon Resource Names) of the resources to include in the
+-- protection group. You must set this when you set @Pattern@ to
+-- @ARBITRARY@ and you must not set it for any other @Pattern@ setting.
+newProtectionGroup ::
+  -- | 'protectionGroupId'
+  Prelude.Text ->
+  -- | 'aggregation'
+  ProtectionGroupAggregation ->
+  -- | 'pattern''
+  ProtectionGroupPattern ->
+  ProtectionGroup
+newProtectionGroup
+  pProtectionGroupId_
+  pAggregation_
+  pPattern_ =
+    ProtectionGroup'
+      { protectionGroupArn =
+          Prelude.Nothing,
+        resourceType = Prelude.Nothing,
+        protectionGroupId = pProtectionGroupId_,
+        aggregation = pAggregation_,
+        pattern' = pPattern_,
+        members = Prelude.mempty
+      }
+
+-- | The ARN (Amazon Resource Name) of the protection group.
+protectionGroup_protectionGroupArn :: Lens.Lens' ProtectionGroup (Prelude.Maybe Prelude.Text)
+protectionGroup_protectionGroupArn = Lens.lens (\ProtectionGroup' {protectionGroupArn} -> protectionGroupArn) (\s@ProtectionGroup' {} a -> s {protectionGroupArn = a} :: ProtectionGroup)
+
+-- | The resource type to include in the protection group. All protected
+-- resources of this type are included in the protection group. You must
+-- set this when you set @Pattern@ to @BY_RESOURCE_TYPE@ and you must not
+-- set it for any other @Pattern@ setting.
+protectionGroup_resourceType :: Lens.Lens' ProtectionGroup (Prelude.Maybe ProtectedResourceType)
+protectionGroup_resourceType = Lens.lens (\ProtectionGroup' {resourceType} -> resourceType) (\s@ProtectionGroup' {} a -> s {resourceType = a} :: ProtectionGroup)
+
+-- | The name of the protection group. You use this to identify the
+-- protection group in lists and to manage the protection group, for
+-- example to update, delete, or describe it.
+protectionGroup_protectionGroupId :: Lens.Lens' ProtectionGroup Prelude.Text
+protectionGroup_protectionGroupId = Lens.lens (\ProtectionGroup' {protectionGroupId} -> protectionGroupId) (\s@ProtectionGroup' {} a -> s {protectionGroupId = a} :: ProtectionGroup)
+
+-- | Defines how Shield combines resource data for the group in order to
+-- detect, mitigate, and report events.
+--
+-- -   Sum - Use the total traffic across the group. This is a good choice
+--     for most cases. Examples include Elastic IP addresses for EC2
+--     instances that scale manually or automatically.
+--
+-- -   Mean - Use the average of the traffic across the group. This is a
+--     good choice for resources that share traffic uniformly. Examples
+--     include accelerators and load balancers.
+--
+-- -   Max - Use the highest traffic from each resource. This is useful for
+--     resources that don\'t share traffic and for resources that share
+--     that traffic in a non-uniform way. Examples include Amazon
+--     CloudFront distributions and origin resources for CloudFront
+--     distributions.
+protectionGroup_aggregation :: Lens.Lens' ProtectionGroup ProtectionGroupAggregation
+protectionGroup_aggregation = Lens.lens (\ProtectionGroup' {aggregation} -> aggregation) (\s@ProtectionGroup' {} a -> s {aggregation = a} :: ProtectionGroup)
+
+-- | The criteria to use to choose the protected resources for inclusion in
+-- the group. You can include all resources that have protections, provide
+-- a list of resource ARNs (Amazon Resource Names), or include all
+-- resources of a specified resource type.
+protectionGroup_pattern :: Lens.Lens' ProtectionGroup ProtectionGroupPattern
+protectionGroup_pattern = Lens.lens (\ProtectionGroup' {pattern'} -> pattern') (\s@ProtectionGroup' {} a -> s {pattern' = a} :: ProtectionGroup)
+
+-- | The ARNs (Amazon Resource Names) of the resources to include in the
+-- protection group. You must set this when you set @Pattern@ to
+-- @ARBITRARY@ and you must not set it for any other @Pattern@ setting.
+protectionGroup_members :: Lens.Lens' ProtectionGroup [Prelude.Text]
+protectionGroup_members = Lens.lens (\ProtectionGroup' {members} -> members) (\s@ProtectionGroup' {} a -> s {members = a} :: ProtectionGroup) Prelude.. Lens.coerced
+
+instance Data.FromJSON ProtectionGroup where
+  parseJSON =
+    Data.withObject
+      "ProtectionGroup"
+      ( \x ->
+          ProtectionGroup'
+            Prelude.<$> (x Data..:? "ProtectionGroupArn")
+            Prelude.<*> (x Data..:? "ResourceType")
+            Prelude.<*> (x Data..: "ProtectionGroupId")
+            Prelude.<*> (x Data..: "Aggregation")
+            Prelude.<*> (x Data..: "Pattern")
+            Prelude.<*> (x Data..:? "Members" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable ProtectionGroup where
+  hashWithSalt _salt ProtectionGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` protectionGroupArn
+      `Prelude.hashWithSalt` resourceType
+      `Prelude.hashWithSalt` protectionGroupId
+      `Prelude.hashWithSalt` aggregation
+      `Prelude.hashWithSalt` pattern'
+      `Prelude.hashWithSalt` members
+
+instance Prelude.NFData ProtectionGroup where
+  rnf ProtectionGroup' {..} =
+    Prelude.rnf protectionGroupArn
+      `Prelude.seq` Prelude.rnf resourceType
+      `Prelude.seq` Prelude.rnf protectionGroupId
+      `Prelude.seq` Prelude.rnf aggregation
+      `Prelude.seq` Prelude.rnf pattern'
+      `Prelude.seq` Prelude.rnf members
diff --git a/gen/Amazonka/Shield/Types/ProtectionGroupAggregation.hs b/gen/Amazonka/Shield/Types/ProtectionGroupAggregation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/ProtectionGroupAggregation.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.ProtectionGroupAggregation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.ProtectionGroupAggregation
+  ( ProtectionGroupAggregation
+      ( ..,
+        ProtectionGroupAggregation_MAX,
+        ProtectionGroupAggregation_MEAN,
+        ProtectionGroupAggregation_SUM
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ProtectionGroupAggregation = ProtectionGroupAggregation'
+  { fromProtectionGroupAggregation ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ProtectionGroupAggregation_MAX :: ProtectionGroupAggregation
+pattern ProtectionGroupAggregation_MAX = ProtectionGroupAggregation' "MAX"
+
+pattern ProtectionGroupAggregation_MEAN :: ProtectionGroupAggregation
+pattern ProtectionGroupAggregation_MEAN = ProtectionGroupAggregation' "MEAN"
+
+pattern ProtectionGroupAggregation_SUM :: ProtectionGroupAggregation
+pattern ProtectionGroupAggregation_SUM = ProtectionGroupAggregation' "SUM"
+
+{-# COMPLETE
+  ProtectionGroupAggregation_MAX,
+  ProtectionGroupAggregation_MEAN,
+  ProtectionGroupAggregation_SUM,
+  ProtectionGroupAggregation'
+  #-}
diff --git a/gen/Amazonka/Shield/Types/ProtectionGroupArbitraryPatternLimits.hs b/gen/Amazonka/Shield/Types/ProtectionGroupArbitraryPatternLimits.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/ProtectionGroupArbitraryPatternLimits.hs
@@ -0,0 +1,88 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.ProtectionGroupArbitraryPatternLimits
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.ProtectionGroupArbitraryPatternLimits where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Limits settings on protection groups with arbitrary pattern type.
+--
+-- /See:/ 'newProtectionGroupArbitraryPatternLimits' smart constructor.
+data ProtectionGroupArbitraryPatternLimits = ProtectionGroupArbitraryPatternLimits'
+  { -- | The maximum number of resources you can specify for a single arbitrary
+    -- pattern in a protection group.
+    maxMembers :: Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ProtectionGroupArbitraryPatternLimits' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxMembers', 'protectionGroupArbitraryPatternLimits_maxMembers' - The maximum number of resources you can specify for a single arbitrary
+-- pattern in a protection group.
+newProtectionGroupArbitraryPatternLimits ::
+  -- | 'maxMembers'
+  Prelude.Integer ->
+  ProtectionGroupArbitraryPatternLimits
+newProtectionGroupArbitraryPatternLimits pMaxMembers_ =
+  ProtectionGroupArbitraryPatternLimits'
+    { maxMembers =
+        pMaxMembers_
+    }
+
+-- | The maximum number of resources you can specify for a single arbitrary
+-- pattern in a protection group.
+protectionGroupArbitraryPatternLimits_maxMembers :: Lens.Lens' ProtectionGroupArbitraryPatternLimits Prelude.Integer
+protectionGroupArbitraryPatternLimits_maxMembers = Lens.lens (\ProtectionGroupArbitraryPatternLimits' {maxMembers} -> maxMembers) (\s@ProtectionGroupArbitraryPatternLimits' {} a -> s {maxMembers = a} :: ProtectionGroupArbitraryPatternLimits)
+
+instance
+  Data.FromJSON
+    ProtectionGroupArbitraryPatternLimits
+  where
+  parseJSON =
+    Data.withObject
+      "ProtectionGroupArbitraryPatternLimits"
+      ( \x ->
+          ProtectionGroupArbitraryPatternLimits'
+            Prelude.<$> (x Data..: "MaxMembers")
+      )
+
+instance
+  Prelude.Hashable
+    ProtectionGroupArbitraryPatternLimits
+  where
+  hashWithSalt
+    _salt
+    ProtectionGroupArbitraryPatternLimits' {..} =
+      _salt `Prelude.hashWithSalt` maxMembers
+
+instance
+  Prelude.NFData
+    ProtectionGroupArbitraryPatternLimits
+  where
+  rnf ProtectionGroupArbitraryPatternLimits' {..} =
+    Prelude.rnf maxMembers
diff --git a/gen/Amazonka/Shield/Types/ProtectionGroupLimits.hs b/gen/Amazonka/Shield/Types/ProtectionGroupLimits.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/ProtectionGroupLimits.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.ProtectionGroupLimits
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.ProtectionGroupLimits where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.ProtectionGroupPatternTypeLimits
+
+-- | Limits settings on protection groups for your subscription.
+--
+-- /See:/ 'newProtectionGroupLimits' smart constructor.
+data ProtectionGroupLimits = ProtectionGroupLimits'
+  { -- | The maximum number of protection groups that you can have at one time.
+    maxProtectionGroups :: Prelude.Integer,
+    -- | Limits settings by pattern type in the protection groups for your
+    -- subscription.
+    patternTypeLimits :: ProtectionGroupPatternTypeLimits
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ProtectionGroupLimits' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'maxProtectionGroups', 'protectionGroupLimits_maxProtectionGroups' - The maximum number of protection groups that you can have at one time.
+--
+-- 'patternTypeLimits', 'protectionGroupLimits_patternTypeLimits' - Limits settings by pattern type in the protection groups for your
+-- subscription.
+newProtectionGroupLimits ::
+  -- | 'maxProtectionGroups'
+  Prelude.Integer ->
+  -- | 'patternTypeLimits'
+  ProtectionGroupPatternTypeLimits ->
+  ProtectionGroupLimits
+newProtectionGroupLimits
+  pMaxProtectionGroups_
+  pPatternTypeLimits_ =
+    ProtectionGroupLimits'
+      { maxProtectionGroups =
+          pMaxProtectionGroups_,
+        patternTypeLimits = pPatternTypeLimits_
+      }
+
+-- | The maximum number of protection groups that you can have at one time.
+protectionGroupLimits_maxProtectionGroups :: Lens.Lens' ProtectionGroupLimits Prelude.Integer
+protectionGroupLimits_maxProtectionGroups = Lens.lens (\ProtectionGroupLimits' {maxProtectionGroups} -> maxProtectionGroups) (\s@ProtectionGroupLimits' {} a -> s {maxProtectionGroups = a} :: ProtectionGroupLimits)
+
+-- | Limits settings by pattern type in the protection groups for your
+-- subscription.
+protectionGroupLimits_patternTypeLimits :: Lens.Lens' ProtectionGroupLimits ProtectionGroupPatternTypeLimits
+protectionGroupLimits_patternTypeLimits = Lens.lens (\ProtectionGroupLimits' {patternTypeLimits} -> patternTypeLimits) (\s@ProtectionGroupLimits' {} a -> s {patternTypeLimits = a} :: ProtectionGroupLimits)
+
+instance Data.FromJSON ProtectionGroupLimits where
+  parseJSON =
+    Data.withObject
+      "ProtectionGroupLimits"
+      ( \x ->
+          ProtectionGroupLimits'
+            Prelude.<$> (x Data..: "MaxProtectionGroups")
+            Prelude.<*> (x Data..: "PatternTypeLimits")
+      )
+
+instance Prelude.Hashable ProtectionGroupLimits where
+  hashWithSalt _salt ProtectionGroupLimits' {..} =
+    _salt
+      `Prelude.hashWithSalt` maxProtectionGroups
+      `Prelude.hashWithSalt` patternTypeLimits
+
+instance Prelude.NFData ProtectionGroupLimits where
+  rnf ProtectionGroupLimits' {..} =
+    Prelude.rnf maxProtectionGroups
+      `Prelude.seq` Prelude.rnf patternTypeLimits
diff --git a/gen/Amazonka/Shield/Types/ProtectionGroupPattern.hs b/gen/Amazonka/Shield/Types/ProtectionGroupPattern.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/ProtectionGroupPattern.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.ProtectionGroupPattern
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.ProtectionGroupPattern
+  ( ProtectionGroupPattern
+      ( ..,
+        ProtectionGroupPattern_ALL,
+        ProtectionGroupPattern_ARBITRARY,
+        ProtectionGroupPattern_BY_RESOURCE_TYPE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ProtectionGroupPattern = ProtectionGroupPattern'
+  { fromProtectionGroupPattern ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ProtectionGroupPattern_ALL :: ProtectionGroupPattern
+pattern ProtectionGroupPattern_ALL = ProtectionGroupPattern' "ALL"
+
+pattern ProtectionGroupPattern_ARBITRARY :: ProtectionGroupPattern
+pattern ProtectionGroupPattern_ARBITRARY = ProtectionGroupPattern' "ARBITRARY"
+
+pattern ProtectionGroupPattern_BY_RESOURCE_TYPE :: ProtectionGroupPattern
+pattern ProtectionGroupPattern_BY_RESOURCE_TYPE = ProtectionGroupPattern' "BY_RESOURCE_TYPE"
+
+{-# COMPLETE
+  ProtectionGroupPattern_ALL,
+  ProtectionGroupPattern_ARBITRARY,
+  ProtectionGroupPattern_BY_RESOURCE_TYPE,
+  ProtectionGroupPattern'
+  #-}
diff --git a/gen/Amazonka/Shield/Types/ProtectionGroupPatternTypeLimits.hs b/gen/Amazonka/Shield/Types/ProtectionGroupPatternTypeLimits.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/ProtectionGroupPatternTypeLimits.hs
@@ -0,0 +1,88 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.ProtectionGroupPatternTypeLimits
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.ProtectionGroupPatternTypeLimits where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.ProtectionGroupArbitraryPatternLimits
+
+-- | Limits settings by pattern type in the protection groups for your
+-- subscription.
+--
+-- /See:/ 'newProtectionGroupPatternTypeLimits' smart constructor.
+data ProtectionGroupPatternTypeLimits = ProtectionGroupPatternTypeLimits'
+  { -- | Limits settings on protection groups with arbitrary pattern type.
+    arbitraryPatternLimits :: ProtectionGroupArbitraryPatternLimits
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ProtectionGroupPatternTypeLimits' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arbitraryPatternLimits', 'protectionGroupPatternTypeLimits_arbitraryPatternLimits' - Limits settings on protection groups with arbitrary pattern type.
+newProtectionGroupPatternTypeLimits ::
+  -- | 'arbitraryPatternLimits'
+  ProtectionGroupArbitraryPatternLimits ->
+  ProtectionGroupPatternTypeLimits
+newProtectionGroupPatternTypeLimits
+  pArbitraryPatternLimits_ =
+    ProtectionGroupPatternTypeLimits'
+      { arbitraryPatternLimits =
+          pArbitraryPatternLimits_
+      }
+
+-- | Limits settings on protection groups with arbitrary pattern type.
+protectionGroupPatternTypeLimits_arbitraryPatternLimits :: Lens.Lens' ProtectionGroupPatternTypeLimits ProtectionGroupArbitraryPatternLimits
+protectionGroupPatternTypeLimits_arbitraryPatternLimits = Lens.lens (\ProtectionGroupPatternTypeLimits' {arbitraryPatternLimits} -> arbitraryPatternLimits) (\s@ProtectionGroupPatternTypeLimits' {} a -> s {arbitraryPatternLimits = a} :: ProtectionGroupPatternTypeLimits)
+
+instance
+  Data.FromJSON
+    ProtectionGroupPatternTypeLimits
+  where
+  parseJSON =
+    Data.withObject
+      "ProtectionGroupPatternTypeLimits"
+      ( \x ->
+          ProtectionGroupPatternTypeLimits'
+            Prelude.<$> (x Data..: "ArbitraryPatternLimits")
+      )
+
+instance
+  Prelude.Hashable
+    ProtectionGroupPatternTypeLimits
+  where
+  hashWithSalt
+    _salt
+    ProtectionGroupPatternTypeLimits' {..} =
+      _salt `Prelude.hashWithSalt` arbitraryPatternLimits
+
+instance
+  Prelude.NFData
+    ProtectionGroupPatternTypeLimits
+  where
+  rnf ProtectionGroupPatternTypeLimits' {..} =
+    Prelude.rnf arbitraryPatternLimits
diff --git a/gen/Amazonka/Shield/Types/ProtectionLimits.hs b/gen/Amazonka/Shield/Types/ProtectionLimits.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/ProtectionLimits.hs
@@ -0,0 +1,80 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.ProtectionLimits
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.ProtectionLimits where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.Limit
+
+-- | Limits settings on protections for your subscription.
+--
+-- /See:/ 'newProtectionLimits' smart constructor.
+data ProtectionLimits = ProtectionLimits'
+  { -- | The maximum number of resource types that you can specify in a
+    -- protection.
+    protectedResourceTypeLimits :: [Limit]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ProtectionLimits' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'protectedResourceTypeLimits', 'protectionLimits_protectedResourceTypeLimits' - The maximum number of resource types that you can specify in a
+-- protection.
+newProtectionLimits ::
+  ProtectionLimits
+newProtectionLimits =
+  ProtectionLimits'
+    { protectedResourceTypeLimits =
+        Prelude.mempty
+    }
+
+-- | The maximum number of resource types that you can specify in a
+-- protection.
+protectionLimits_protectedResourceTypeLimits :: Lens.Lens' ProtectionLimits [Limit]
+protectionLimits_protectedResourceTypeLimits = Lens.lens (\ProtectionLimits' {protectedResourceTypeLimits} -> protectedResourceTypeLimits) (\s@ProtectionLimits' {} a -> s {protectedResourceTypeLimits = a} :: ProtectionLimits) Prelude.. Lens.coerced
+
+instance Data.FromJSON ProtectionLimits where
+  parseJSON =
+    Data.withObject
+      "ProtectionLimits"
+      ( \x ->
+          ProtectionLimits'
+            Prelude.<$> ( x
+                            Data..:? "ProtectedResourceTypeLimits"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable ProtectionLimits where
+  hashWithSalt _salt ProtectionLimits' {..} =
+    _salt
+      `Prelude.hashWithSalt` protectedResourceTypeLimits
+
+instance Prelude.NFData ProtectionLimits where
+  rnf ProtectionLimits' {..} =
+    Prelude.rnf protectedResourceTypeLimits
diff --git a/gen/Amazonka/Shield/Types/ResponseAction.hs b/gen/Amazonka/Shield/Types/ResponseAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/ResponseAction.hs
@@ -0,0 +1,118 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.ResponseAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.ResponseAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.BlockAction
+import Amazonka.Shield.Types.CountAction
+
+-- | Specifies the action setting that Shield Advanced should use in the WAF
+-- rules that it creates on behalf of the protected resource in response to
+-- DDoS attacks. You specify this as part of the configuration for the
+-- automatic application layer DDoS mitigation feature, when you enable or
+-- update automatic mitigation. Shield Advanced creates the WAF rules in a
+-- Shield Advanced-managed rule group, inside the web ACL that you have
+-- associated with the resource.
+--
+-- /See:/ 'newResponseAction' smart constructor.
+data ResponseAction = ResponseAction'
+  { -- | Specifies that Shield Advanced should configure its WAF rules with the
+    -- WAF @Block@ action.
+    --
+    -- You must specify exactly one action, either @Block@ or @Count@.
+    block :: Prelude.Maybe BlockAction,
+    -- | Specifies that Shield Advanced should configure its WAF rules with the
+    -- WAF @Count@ action.
+    --
+    -- You must specify exactly one action, either @Block@ or @Count@.
+    count :: Prelude.Maybe CountAction
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ResponseAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'block', 'responseAction_block' - Specifies that Shield Advanced should configure its WAF rules with the
+-- WAF @Block@ action.
+--
+-- You must specify exactly one action, either @Block@ or @Count@.
+--
+-- 'count', 'responseAction_count' - Specifies that Shield Advanced should configure its WAF rules with the
+-- WAF @Count@ action.
+--
+-- You must specify exactly one action, either @Block@ or @Count@.
+newResponseAction ::
+  ResponseAction
+newResponseAction =
+  ResponseAction'
+    { block = Prelude.Nothing,
+      count = Prelude.Nothing
+    }
+
+-- | Specifies that Shield Advanced should configure its WAF rules with the
+-- WAF @Block@ action.
+--
+-- You must specify exactly one action, either @Block@ or @Count@.
+responseAction_block :: Lens.Lens' ResponseAction (Prelude.Maybe BlockAction)
+responseAction_block = Lens.lens (\ResponseAction' {block} -> block) (\s@ResponseAction' {} a -> s {block = a} :: ResponseAction)
+
+-- | Specifies that Shield Advanced should configure its WAF rules with the
+-- WAF @Count@ action.
+--
+-- You must specify exactly one action, either @Block@ or @Count@.
+responseAction_count :: Lens.Lens' ResponseAction (Prelude.Maybe CountAction)
+responseAction_count = Lens.lens (\ResponseAction' {count} -> count) (\s@ResponseAction' {} a -> s {count = a} :: ResponseAction)
+
+instance Data.FromJSON ResponseAction where
+  parseJSON =
+    Data.withObject
+      "ResponseAction"
+      ( \x ->
+          ResponseAction'
+            Prelude.<$> (x Data..:? "Block")
+            Prelude.<*> (x Data..:? "Count")
+      )
+
+instance Prelude.Hashable ResponseAction where
+  hashWithSalt _salt ResponseAction' {..} =
+    _salt
+      `Prelude.hashWithSalt` block
+      `Prelude.hashWithSalt` count
+
+instance Prelude.NFData ResponseAction where
+  rnf ResponseAction' {..} =
+    Prelude.rnf block `Prelude.seq` Prelude.rnf count
+
+instance Data.ToJSON ResponseAction where
+  toJSON ResponseAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Block" Data..=) Prelude.<$> block,
+            ("Count" Data..=) Prelude.<$> count
+          ]
+      )
diff --git a/gen/Amazonka/Shield/Types/SubResourceSummary.hs b/gen/Amazonka/Shield/Types/SubResourceSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/SubResourceSummary.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.SubResourceSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.SubResourceSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.SubResourceType
+import Amazonka.Shield.Types.SummarizedAttackVector
+import Amazonka.Shield.Types.SummarizedCounter
+
+-- | The attack information for the specified SubResource.
+--
+-- /See:/ 'newSubResourceSummary' smart constructor.
+data SubResourceSummary = SubResourceSummary'
+  { -- | The list of attack types and associated counters.
+    attackVectors :: Prelude.Maybe [SummarizedAttackVector],
+    -- | The counters that describe the details of the attack.
+    counters :: Prelude.Maybe [SummarizedCounter],
+    -- | The unique identifier (ID) of the @SubResource@.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The @SubResource@ type.
+    type' :: Prelude.Maybe SubResourceType
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SubResourceSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'attackVectors', 'subResourceSummary_attackVectors' - The list of attack types and associated counters.
+--
+-- 'counters', 'subResourceSummary_counters' - The counters that describe the details of the attack.
+--
+-- 'id', 'subResourceSummary_id' - The unique identifier (ID) of the @SubResource@.
+--
+-- 'type'', 'subResourceSummary_type' - The @SubResource@ type.
+newSubResourceSummary ::
+  SubResourceSummary
+newSubResourceSummary =
+  SubResourceSummary'
+    { attackVectors =
+        Prelude.Nothing,
+      counters = Prelude.Nothing,
+      id = Prelude.Nothing,
+      type' = Prelude.Nothing
+    }
+
+-- | The list of attack types and associated counters.
+subResourceSummary_attackVectors :: Lens.Lens' SubResourceSummary (Prelude.Maybe [SummarizedAttackVector])
+subResourceSummary_attackVectors = Lens.lens (\SubResourceSummary' {attackVectors} -> attackVectors) (\s@SubResourceSummary' {} a -> s {attackVectors = a} :: SubResourceSummary) Prelude.. Lens.mapping Lens.coerced
+
+-- | The counters that describe the details of the attack.
+subResourceSummary_counters :: Lens.Lens' SubResourceSummary (Prelude.Maybe [SummarizedCounter])
+subResourceSummary_counters = Lens.lens (\SubResourceSummary' {counters} -> counters) (\s@SubResourceSummary' {} a -> s {counters = a} :: SubResourceSummary) Prelude.. Lens.mapping Lens.coerced
+
+-- | The unique identifier (ID) of the @SubResource@.
+subResourceSummary_id :: Lens.Lens' SubResourceSummary (Prelude.Maybe Prelude.Text)
+subResourceSummary_id = Lens.lens (\SubResourceSummary' {id} -> id) (\s@SubResourceSummary' {} a -> s {id = a} :: SubResourceSummary)
+
+-- | The @SubResource@ type.
+subResourceSummary_type :: Lens.Lens' SubResourceSummary (Prelude.Maybe SubResourceType)
+subResourceSummary_type = Lens.lens (\SubResourceSummary' {type'} -> type') (\s@SubResourceSummary' {} a -> s {type' = a} :: SubResourceSummary)
+
+instance Data.FromJSON SubResourceSummary where
+  parseJSON =
+    Data.withObject
+      "SubResourceSummary"
+      ( \x ->
+          SubResourceSummary'
+            Prelude.<$> (x Data..:? "AttackVectors" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Counters" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "Type")
+      )
+
+instance Prelude.Hashable SubResourceSummary where
+  hashWithSalt _salt SubResourceSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` attackVectors
+      `Prelude.hashWithSalt` counters
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData SubResourceSummary where
+  rnf SubResourceSummary' {..} =
+    Prelude.rnf attackVectors
+      `Prelude.seq` Prelude.rnf counters
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf type'
diff --git a/gen/Amazonka/Shield/Types/SubResourceType.hs b/gen/Amazonka/Shield/Types/SubResourceType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/SubResourceType.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.SubResourceType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.SubResourceType
+  ( SubResourceType
+      ( ..,
+        SubResourceType_IP,
+        SubResourceType_URL
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype SubResourceType = SubResourceType'
+  { fromSubResourceType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern SubResourceType_IP :: SubResourceType
+pattern SubResourceType_IP = SubResourceType' "IP"
+
+pattern SubResourceType_URL :: SubResourceType
+pattern SubResourceType_URL = SubResourceType' "URL"
+
+{-# COMPLETE
+  SubResourceType_IP,
+  SubResourceType_URL,
+  SubResourceType'
+  #-}
diff --git a/gen/Amazonka/Shield/Types/Subscription.hs b/gen/Amazonka/Shield/Types/Subscription.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/Subscription.hs
@@ -0,0 +1,210 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.Subscription
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.Subscription where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.AutoRenew
+import Amazonka.Shield.Types.Limit
+import Amazonka.Shield.Types.ProactiveEngagementStatus
+import Amazonka.Shield.Types.SubscriptionLimits
+
+-- | Information about the Shield Advanced subscription for an account.
+--
+-- /See:/ 'newSubscription' smart constructor.
+data Subscription = Subscription'
+  { -- | If @ENABLED@, the subscription will be automatically renewed at the end
+    -- of the existing subscription period.
+    --
+    -- When you initally create a subscription, @AutoRenew@ is set to
+    -- @ENABLED@. You can change this by submitting an @UpdateSubscription@
+    -- request. If the @UpdateSubscription@ request does not included a value
+    -- for @AutoRenew@, the existing value for @AutoRenew@ remains unchanged.
+    autoRenew :: Prelude.Maybe AutoRenew,
+    -- | The date and time your subscription will end.
+    endTime :: Prelude.Maybe Data.POSIX,
+    -- | Specifies how many protections of a given type you can create.
+    limits :: Prelude.Maybe [Limit],
+    -- | If @ENABLED@, the Shield Response Team (SRT) will use email and phone to
+    -- notify contacts about escalations to the SRT and to initiate proactive
+    -- customer support.
+    --
+    -- If @PENDING@, you have requested proactive engagement and the request is
+    -- pending. The status changes to @ENABLED@ when your request is fully
+    -- processed.
+    --
+    -- If @DISABLED@, the SRT will not proactively notify contacts about
+    -- escalations or to initiate proactive customer support.
+    proactiveEngagementStatus :: Prelude.Maybe ProactiveEngagementStatus,
+    -- | The start time of the subscription, in Unix time in seconds.
+    startTime :: Prelude.Maybe Data.POSIX,
+    -- | The ARN (Amazon Resource Name) of the subscription.
+    subscriptionArn :: Prelude.Maybe Prelude.Text,
+    -- | The length, in seconds, of the Shield Advanced subscription for the
+    -- account.
+    timeCommitmentInSeconds :: Prelude.Maybe Prelude.Natural,
+    -- | Limits settings for your subscription.
+    subscriptionLimits :: SubscriptionLimits
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Subscription' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoRenew', 'subscription_autoRenew' - If @ENABLED@, the subscription will be automatically renewed at the end
+-- of the existing subscription period.
+--
+-- When you initally create a subscription, @AutoRenew@ is set to
+-- @ENABLED@. You can change this by submitting an @UpdateSubscription@
+-- request. If the @UpdateSubscription@ request does not included a value
+-- for @AutoRenew@, the existing value for @AutoRenew@ remains unchanged.
+--
+-- 'endTime', 'subscription_endTime' - The date and time your subscription will end.
+--
+-- 'limits', 'subscription_limits' - Specifies how many protections of a given type you can create.
+--
+-- 'proactiveEngagementStatus', 'subscription_proactiveEngagementStatus' - If @ENABLED@, the Shield Response Team (SRT) will use email and phone to
+-- notify contacts about escalations to the SRT and to initiate proactive
+-- customer support.
+--
+-- If @PENDING@, you have requested proactive engagement and the request is
+-- pending. The status changes to @ENABLED@ when your request is fully
+-- processed.
+--
+-- If @DISABLED@, the SRT will not proactively notify contacts about
+-- escalations or to initiate proactive customer support.
+--
+-- 'startTime', 'subscription_startTime' - The start time of the subscription, in Unix time in seconds.
+--
+-- 'subscriptionArn', 'subscription_subscriptionArn' - The ARN (Amazon Resource Name) of the subscription.
+--
+-- 'timeCommitmentInSeconds', 'subscription_timeCommitmentInSeconds' - The length, in seconds, of the Shield Advanced subscription for the
+-- account.
+--
+-- 'subscriptionLimits', 'subscription_subscriptionLimits' - Limits settings for your subscription.
+newSubscription ::
+  -- | 'subscriptionLimits'
+  SubscriptionLimits ->
+  Subscription
+newSubscription pSubscriptionLimits_ =
+  Subscription'
+    { autoRenew = Prelude.Nothing,
+      endTime = Prelude.Nothing,
+      limits = Prelude.Nothing,
+      proactiveEngagementStatus = Prelude.Nothing,
+      startTime = Prelude.Nothing,
+      subscriptionArn = Prelude.Nothing,
+      timeCommitmentInSeconds = Prelude.Nothing,
+      subscriptionLimits = pSubscriptionLimits_
+    }
+
+-- | If @ENABLED@, the subscription will be automatically renewed at the end
+-- of the existing subscription period.
+--
+-- When you initally create a subscription, @AutoRenew@ is set to
+-- @ENABLED@. You can change this by submitting an @UpdateSubscription@
+-- request. If the @UpdateSubscription@ request does not included a value
+-- for @AutoRenew@, the existing value for @AutoRenew@ remains unchanged.
+subscription_autoRenew :: Lens.Lens' Subscription (Prelude.Maybe AutoRenew)
+subscription_autoRenew = Lens.lens (\Subscription' {autoRenew} -> autoRenew) (\s@Subscription' {} a -> s {autoRenew = a} :: Subscription)
+
+-- | The date and time your subscription will end.
+subscription_endTime :: Lens.Lens' Subscription (Prelude.Maybe Prelude.UTCTime)
+subscription_endTime = Lens.lens (\Subscription' {endTime} -> endTime) (\s@Subscription' {} a -> s {endTime = a} :: Subscription) Prelude.. Lens.mapping Data._Time
+
+-- | Specifies how many protections of a given type you can create.
+subscription_limits :: Lens.Lens' Subscription (Prelude.Maybe [Limit])
+subscription_limits = Lens.lens (\Subscription' {limits} -> limits) (\s@Subscription' {} a -> s {limits = a} :: Subscription) Prelude.. Lens.mapping Lens.coerced
+
+-- | If @ENABLED@, the Shield Response Team (SRT) will use email and phone to
+-- notify contacts about escalations to the SRT and to initiate proactive
+-- customer support.
+--
+-- If @PENDING@, you have requested proactive engagement and the request is
+-- pending. The status changes to @ENABLED@ when your request is fully
+-- processed.
+--
+-- If @DISABLED@, the SRT will not proactively notify contacts about
+-- escalations or to initiate proactive customer support.
+subscription_proactiveEngagementStatus :: Lens.Lens' Subscription (Prelude.Maybe ProactiveEngagementStatus)
+subscription_proactiveEngagementStatus = Lens.lens (\Subscription' {proactiveEngagementStatus} -> proactiveEngagementStatus) (\s@Subscription' {} a -> s {proactiveEngagementStatus = a} :: Subscription)
+
+-- | The start time of the subscription, in Unix time in seconds.
+subscription_startTime :: Lens.Lens' Subscription (Prelude.Maybe Prelude.UTCTime)
+subscription_startTime = Lens.lens (\Subscription' {startTime} -> startTime) (\s@Subscription' {} a -> s {startTime = a} :: Subscription) Prelude.. Lens.mapping Data._Time
+
+-- | The ARN (Amazon Resource Name) of the subscription.
+subscription_subscriptionArn :: Lens.Lens' Subscription (Prelude.Maybe Prelude.Text)
+subscription_subscriptionArn = Lens.lens (\Subscription' {subscriptionArn} -> subscriptionArn) (\s@Subscription' {} a -> s {subscriptionArn = a} :: Subscription)
+
+-- | The length, in seconds, of the Shield Advanced subscription for the
+-- account.
+subscription_timeCommitmentInSeconds :: Lens.Lens' Subscription (Prelude.Maybe Prelude.Natural)
+subscription_timeCommitmentInSeconds = Lens.lens (\Subscription' {timeCommitmentInSeconds} -> timeCommitmentInSeconds) (\s@Subscription' {} a -> s {timeCommitmentInSeconds = a} :: Subscription)
+
+-- | Limits settings for your subscription.
+subscription_subscriptionLimits :: Lens.Lens' Subscription SubscriptionLimits
+subscription_subscriptionLimits = Lens.lens (\Subscription' {subscriptionLimits} -> subscriptionLimits) (\s@Subscription' {} a -> s {subscriptionLimits = a} :: Subscription)
+
+instance Data.FromJSON Subscription where
+  parseJSON =
+    Data.withObject
+      "Subscription"
+      ( \x ->
+          Subscription'
+            Prelude.<$> (x Data..:? "AutoRenew")
+            Prelude.<*> (x Data..:? "EndTime")
+            Prelude.<*> (x Data..:? "Limits" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "ProactiveEngagementStatus")
+            Prelude.<*> (x Data..:? "StartTime")
+            Prelude.<*> (x Data..:? "SubscriptionArn")
+            Prelude.<*> (x Data..:? "TimeCommitmentInSeconds")
+            Prelude.<*> (x Data..: "SubscriptionLimits")
+      )
+
+instance Prelude.Hashable Subscription where
+  hashWithSalt _salt Subscription' {..} =
+    _salt
+      `Prelude.hashWithSalt` autoRenew
+      `Prelude.hashWithSalt` endTime
+      `Prelude.hashWithSalt` limits
+      `Prelude.hashWithSalt` proactiveEngagementStatus
+      `Prelude.hashWithSalt` startTime
+      `Prelude.hashWithSalt` subscriptionArn
+      `Prelude.hashWithSalt` timeCommitmentInSeconds
+      `Prelude.hashWithSalt` subscriptionLimits
+
+instance Prelude.NFData Subscription where
+  rnf Subscription' {..} =
+    Prelude.rnf autoRenew
+      `Prelude.seq` Prelude.rnf endTime
+      `Prelude.seq` Prelude.rnf limits
+      `Prelude.seq` Prelude.rnf proactiveEngagementStatus
+      `Prelude.seq` Prelude.rnf startTime
+      `Prelude.seq` Prelude.rnf subscriptionArn
+      `Prelude.seq` Prelude.rnf timeCommitmentInSeconds
+      `Prelude.seq` Prelude.rnf subscriptionLimits
diff --git a/gen/Amazonka/Shield/Types/SubscriptionLimits.hs b/gen/Amazonka/Shield/Types/SubscriptionLimits.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/SubscriptionLimits.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.SubscriptionLimits
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.SubscriptionLimits where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.ProtectionGroupLimits
+import Amazonka.Shield.Types.ProtectionLimits
+
+-- | Limits settings for your subscription.
+--
+-- /See:/ 'newSubscriptionLimits' smart constructor.
+data SubscriptionLimits = SubscriptionLimits'
+  { -- | Limits settings on protections for your subscription.
+    protectionLimits :: ProtectionLimits,
+    -- | Limits settings on protection groups for your subscription.
+    protectionGroupLimits :: ProtectionGroupLimits
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SubscriptionLimits' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'protectionLimits', 'subscriptionLimits_protectionLimits' - Limits settings on protections for your subscription.
+--
+-- 'protectionGroupLimits', 'subscriptionLimits_protectionGroupLimits' - Limits settings on protection groups for your subscription.
+newSubscriptionLimits ::
+  -- | 'protectionLimits'
+  ProtectionLimits ->
+  -- | 'protectionGroupLimits'
+  ProtectionGroupLimits ->
+  SubscriptionLimits
+newSubscriptionLimits
+  pProtectionLimits_
+  pProtectionGroupLimits_ =
+    SubscriptionLimits'
+      { protectionLimits =
+          pProtectionLimits_,
+        protectionGroupLimits = pProtectionGroupLimits_
+      }
+
+-- | Limits settings on protections for your subscription.
+subscriptionLimits_protectionLimits :: Lens.Lens' SubscriptionLimits ProtectionLimits
+subscriptionLimits_protectionLimits = Lens.lens (\SubscriptionLimits' {protectionLimits} -> protectionLimits) (\s@SubscriptionLimits' {} a -> s {protectionLimits = a} :: SubscriptionLimits)
+
+-- | Limits settings on protection groups for your subscription.
+subscriptionLimits_protectionGroupLimits :: Lens.Lens' SubscriptionLimits ProtectionGroupLimits
+subscriptionLimits_protectionGroupLimits = Lens.lens (\SubscriptionLimits' {protectionGroupLimits} -> protectionGroupLimits) (\s@SubscriptionLimits' {} a -> s {protectionGroupLimits = a} :: SubscriptionLimits)
+
+instance Data.FromJSON SubscriptionLimits where
+  parseJSON =
+    Data.withObject
+      "SubscriptionLimits"
+      ( \x ->
+          SubscriptionLimits'
+            Prelude.<$> (x Data..: "ProtectionLimits")
+            Prelude.<*> (x Data..: "ProtectionGroupLimits")
+      )
+
+instance Prelude.Hashable SubscriptionLimits where
+  hashWithSalt _salt SubscriptionLimits' {..} =
+    _salt
+      `Prelude.hashWithSalt` protectionLimits
+      `Prelude.hashWithSalt` protectionGroupLimits
+
+instance Prelude.NFData SubscriptionLimits where
+  rnf SubscriptionLimits' {..} =
+    Prelude.rnf protectionLimits
+      `Prelude.seq` Prelude.rnf protectionGroupLimits
diff --git a/gen/Amazonka/Shield/Types/SubscriptionState.hs b/gen/Amazonka/Shield/Types/SubscriptionState.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/SubscriptionState.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.SubscriptionState
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.SubscriptionState
+  ( SubscriptionState
+      ( ..,
+        SubscriptionState_ACTIVE,
+        SubscriptionState_INACTIVE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype SubscriptionState = SubscriptionState'
+  { fromSubscriptionState ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern SubscriptionState_ACTIVE :: SubscriptionState
+pattern SubscriptionState_ACTIVE = SubscriptionState' "ACTIVE"
+
+pattern SubscriptionState_INACTIVE :: SubscriptionState
+pattern SubscriptionState_INACTIVE = SubscriptionState' "INACTIVE"
+
+{-# COMPLETE
+  SubscriptionState_ACTIVE,
+  SubscriptionState_INACTIVE,
+  SubscriptionState'
+  #-}
diff --git a/gen/Amazonka/Shield/Types/SummarizedAttackVector.hs b/gen/Amazonka/Shield/Types/SummarizedAttackVector.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/SummarizedAttackVector.hs
@@ -0,0 +1,88 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.SummarizedAttackVector
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.SummarizedAttackVector where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Types.SummarizedCounter
+
+-- | A summary of information about the attack.
+--
+-- /See:/ 'newSummarizedAttackVector' smart constructor.
+data SummarizedAttackVector = SummarizedAttackVector'
+  { -- | The list of counters that describe the details of the attack.
+    vectorCounters :: Prelude.Maybe [SummarizedCounter],
+    -- | The attack type, for example, SNMP reflection or SYN flood.
+    vectorType :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SummarizedAttackVector' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'vectorCounters', 'summarizedAttackVector_vectorCounters' - The list of counters that describe the details of the attack.
+--
+-- 'vectorType', 'summarizedAttackVector_vectorType' - The attack type, for example, SNMP reflection or SYN flood.
+newSummarizedAttackVector ::
+  -- | 'vectorType'
+  Prelude.Text ->
+  SummarizedAttackVector
+newSummarizedAttackVector pVectorType_ =
+  SummarizedAttackVector'
+    { vectorCounters =
+        Prelude.Nothing,
+      vectorType = pVectorType_
+    }
+
+-- | The list of counters that describe the details of the attack.
+summarizedAttackVector_vectorCounters :: Lens.Lens' SummarizedAttackVector (Prelude.Maybe [SummarizedCounter])
+summarizedAttackVector_vectorCounters = Lens.lens (\SummarizedAttackVector' {vectorCounters} -> vectorCounters) (\s@SummarizedAttackVector' {} a -> s {vectorCounters = a} :: SummarizedAttackVector) Prelude.. Lens.mapping Lens.coerced
+
+-- | The attack type, for example, SNMP reflection or SYN flood.
+summarizedAttackVector_vectorType :: Lens.Lens' SummarizedAttackVector Prelude.Text
+summarizedAttackVector_vectorType = Lens.lens (\SummarizedAttackVector' {vectorType} -> vectorType) (\s@SummarizedAttackVector' {} a -> s {vectorType = a} :: SummarizedAttackVector)
+
+instance Data.FromJSON SummarizedAttackVector where
+  parseJSON =
+    Data.withObject
+      "SummarizedAttackVector"
+      ( \x ->
+          SummarizedAttackVector'
+            Prelude.<$> (x Data..:? "VectorCounters" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "VectorType")
+      )
+
+instance Prelude.Hashable SummarizedAttackVector where
+  hashWithSalt _salt SummarizedAttackVector' {..} =
+    _salt
+      `Prelude.hashWithSalt` vectorCounters
+      `Prelude.hashWithSalt` vectorType
+
+instance Prelude.NFData SummarizedAttackVector where
+  rnf SummarizedAttackVector' {..} =
+    Prelude.rnf vectorCounters
+      `Prelude.seq` Prelude.rnf vectorType
diff --git a/gen/Amazonka/Shield/Types/SummarizedCounter.hs b/gen/Amazonka/Shield/Types/SummarizedCounter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/SummarizedCounter.hs
@@ -0,0 +1,132 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.SummarizedCounter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.SummarizedCounter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The counter that describes a DDoS attack.
+--
+-- /See:/ 'newSummarizedCounter' smart constructor.
+data SummarizedCounter = SummarizedCounter'
+  { -- | The average value of the counter for a specified time period.
+    average :: Prelude.Maybe Prelude.Double,
+    -- | The maximum value of the counter for a specified time period.
+    max :: Prelude.Maybe Prelude.Double,
+    -- | The number of counters for a specified time period.
+    n :: Prelude.Maybe Prelude.Int,
+    -- | The counter name.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The total of counter values for a specified time period.
+    sum :: Prelude.Maybe Prelude.Double,
+    -- | The unit of the counters.
+    unit :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SummarizedCounter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'average', 'summarizedCounter_average' - The average value of the counter for a specified time period.
+--
+-- 'max', 'summarizedCounter_max' - The maximum value of the counter for a specified time period.
+--
+-- 'n', 'summarizedCounter_n' - The number of counters for a specified time period.
+--
+-- 'name', 'summarizedCounter_name' - The counter name.
+--
+-- 'sum', 'summarizedCounter_sum' - The total of counter values for a specified time period.
+--
+-- 'unit', 'summarizedCounter_unit' - The unit of the counters.
+newSummarizedCounter ::
+  SummarizedCounter
+newSummarizedCounter =
+  SummarizedCounter'
+    { average = Prelude.Nothing,
+      max = Prelude.Nothing,
+      n = Prelude.Nothing,
+      name = Prelude.Nothing,
+      sum = Prelude.Nothing,
+      unit = Prelude.Nothing
+    }
+
+-- | The average value of the counter for a specified time period.
+summarizedCounter_average :: Lens.Lens' SummarizedCounter (Prelude.Maybe Prelude.Double)
+summarizedCounter_average = Lens.lens (\SummarizedCounter' {average} -> average) (\s@SummarizedCounter' {} a -> s {average = a} :: SummarizedCounter)
+
+-- | The maximum value of the counter for a specified time period.
+summarizedCounter_max :: Lens.Lens' SummarizedCounter (Prelude.Maybe Prelude.Double)
+summarizedCounter_max = Lens.lens (\SummarizedCounter' {max} -> max) (\s@SummarizedCounter' {} a -> s {max = a} :: SummarizedCounter)
+
+-- | The number of counters for a specified time period.
+summarizedCounter_n :: Lens.Lens' SummarizedCounter (Prelude.Maybe Prelude.Int)
+summarizedCounter_n = Lens.lens (\SummarizedCounter' {n} -> n) (\s@SummarizedCounter' {} a -> s {n = a} :: SummarizedCounter)
+
+-- | The counter name.
+summarizedCounter_name :: Lens.Lens' SummarizedCounter (Prelude.Maybe Prelude.Text)
+summarizedCounter_name = Lens.lens (\SummarizedCounter' {name} -> name) (\s@SummarizedCounter' {} a -> s {name = a} :: SummarizedCounter)
+
+-- | The total of counter values for a specified time period.
+summarizedCounter_sum :: Lens.Lens' SummarizedCounter (Prelude.Maybe Prelude.Double)
+summarizedCounter_sum = Lens.lens (\SummarizedCounter' {sum} -> sum) (\s@SummarizedCounter' {} a -> s {sum = a} :: SummarizedCounter)
+
+-- | The unit of the counters.
+summarizedCounter_unit :: Lens.Lens' SummarizedCounter (Prelude.Maybe Prelude.Text)
+summarizedCounter_unit = Lens.lens (\SummarizedCounter' {unit} -> unit) (\s@SummarizedCounter' {} a -> s {unit = a} :: SummarizedCounter)
+
+instance Data.FromJSON SummarizedCounter where
+  parseJSON =
+    Data.withObject
+      "SummarizedCounter"
+      ( \x ->
+          SummarizedCounter'
+            Prelude.<$> (x Data..:? "Average")
+            Prelude.<*> (x Data..:? "Max")
+            Prelude.<*> (x Data..:? "N")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Sum")
+            Prelude.<*> (x Data..:? "Unit")
+      )
+
+instance Prelude.Hashable SummarizedCounter where
+  hashWithSalt _salt SummarizedCounter' {..} =
+    _salt
+      `Prelude.hashWithSalt` average
+      `Prelude.hashWithSalt` max
+      `Prelude.hashWithSalt` n
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` sum
+      `Prelude.hashWithSalt` unit
+
+instance Prelude.NFData SummarizedCounter where
+  rnf SummarizedCounter' {..} =
+    Prelude.rnf average
+      `Prelude.seq` Prelude.rnf max
+      `Prelude.seq` Prelude.rnf n
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf sum
+      `Prelude.seq` Prelude.rnf unit
diff --git a/gen/Amazonka/Shield/Types/Tag.hs b/gen/Amazonka/Shield/Types/Tag.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/Tag.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.Tag
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.Tag where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A tag associated with an Amazon Web Services resource. Tags are
+-- key:value pairs that you can use to categorize and manage your
+-- resources, for purposes like billing or other management. Typically, the
+-- tag key represents a category, such as \"environment\", and the tag
+-- value represents a specific value within that category, such as
+-- \"test,\" \"development,\" or \"production\". Or you might set the tag
+-- key to \"customer\" and the value to the customer name or ID. You can
+-- specify one or more tags to add to each Amazon Web Services resource, up
+-- to 50 tags for a resource.
+--
+-- /See:/ 'newTag' smart constructor.
+data Tag = Tag'
+  { -- | Part of the key:value pair that defines a tag. You can use a tag key to
+    -- describe a category of information, such as \"customer.\" Tag keys are
+    -- case-sensitive.
+    key :: Prelude.Maybe Prelude.Text,
+    -- | Part of the key:value pair that defines a tag. You can use a tag value
+    -- to describe a specific value within a category, such as \"companyA\" or
+    -- \"companyB.\" Tag values are case-sensitive.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Tag' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'key', 'tag_key' - Part of the key:value pair that defines a tag. You can use a tag key to
+-- describe a category of information, such as \"customer.\" Tag keys are
+-- case-sensitive.
+--
+-- 'value', 'tag_value' - Part of the key:value pair that defines a tag. You can use a tag value
+-- to describe a specific value within a category, such as \"companyA\" or
+-- \"companyB.\" Tag values are case-sensitive.
+newTag ::
+  Tag
+newTag =
+  Tag'
+    { key = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | Part of the key:value pair that defines a tag. You can use a tag key to
+-- describe a category of information, such as \"customer.\" Tag keys are
+-- case-sensitive.
+tag_key :: Lens.Lens' Tag (Prelude.Maybe Prelude.Text)
+tag_key = Lens.lens (\Tag' {key} -> key) (\s@Tag' {} a -> s {key = a} :: Tag)
+
+-- | Part of the key:value pair that defines a tag. You can use a tag value
+-- to describe a specific value within a category, such as \"companyA\" or
+-- \"companyB.\" Tag values are case-sensitive.
+tag_value :: Lens.Lens' Tag (Prelude.Maybe Prelude.Text)
+tag_value = Lens.lens (\Tag' {value} -> value) (\s@Tag' {} a -> s {value = a} :: Tag)
+
+instance Data.FromJSON Tag where
+  parseJSON =
+    Data.withObject
+      "Tag"
+      ( \x ->
+          Tag'
+            Prelude.<$> (x Data..:? "Key")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance Prelude.Hashable Tag where
+  hashWithSalt _salt Tag' {..} =
+    _salt
+      `Prelude.hashWithSalt` key
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData Tag where
+  rnf Tag' {..} =
+    Prelude.rnf key `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON Tag where
+  toJSON Tag' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Key" Data..=) Prelude.<$> key,
+            ("Value" Data..=) Prelude.<$> value
+          ]
+      )
diff --git a/gen/Amazonka/Shield/Types/TimeRange.hs b/gen/Amazonka/Shield/Types/TimeRange.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/TimeRange.hs
@@ -0,0 +1,93 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.TimeRange
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.TimeRange where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | The time range.
+--
+-- /See:/ 'newTimeRange' smart constructor.
+data TimeRange = TimeRange'
+  { -- | The start time, in Unix time in seconds.
+    fromInclusive :: Prelude.Maybe Data.POSIX,
+    -- | The end time, in Unix time in seconds.
+    toExclusive :: Prelude.Maybe Data.POSIX
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TimeRange' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'fromInclusive', 'timeRange_fromInclusive' - The start time, in Unix time in seconds.
+--
+-- 'toExclusive', 'timeRange_toExclusive' - The end time, in Unix time in seconds.
+newTimeRange ::
+  TimeRange
+newTimeRange =
+  TimeRange'
+    { fromInclusive = Prelude.Nothing,
+      toExclusive = Prelude.Nothing
+    }
+
+-- | The start time, in Unix time in seconds.
+timeRange_fromInclusive :: Lens.Lens' TimeRange (Prelude.Maybe Prelude.UTCTime)
+timeRange_fromInclusive = Lens.lens (\TimeRange' {fromInclusive} -> fromInclusive) (\s@TimeRange' {} a -> s {fromInclusive = a} :: TimeRange) Prelude.. Lens.mapping Data._Time
+
+-- | The end time, in Unix time in seconds.
+timeRange_toExclusive :: Lens.Lens' TimeRange (Prelude.Maybe Prelude.UTCTime)
+timeRange_toExclusive = Lens.lens (\TimeRange' {toExclusive} -> toExclusive) (\s@TimeRange' {} a -> s {toExclusive = a} :: TimeRange) Prelude.. Lens.mapping Data._Time
+
+instance Data.FromJSON TimeRange where
+  parseJSON =
+    Data.withObject
+      "TimeRange"
+      ( \x ->
+          TimeRange'
+            Prelude.<$> (x Data..:? "FromInclusive")
+            Prelude.<*> (x Data..:? "ToExclusive")
+      )
+
+instance Prelude.Hashable TimeRange where
+  hashWithSalt _salt TimeRange' {..} =
+    _salt
+      `Prelude.hashWithSalt` fromInclusive
+      `Prelude.hashWithSalt` toExclusive
+
+instance Prelude.NFData TimeRange where
+  rnf TimeRange' {..} =
+    Prelude.rnf fromInclusive
+      `Prelude.seq` Prelude.rnf toExclusive
+
+instance Data.ToJSON TimeRange where
+  toJSON TimeRange' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("FromInclusive" Data..=) Prelude.<$> fromInclusive,
+            ("ToExclusive" Data..=) Prelude.<$> toExclusive
+          ]
+      )
diff --git a/gen/Amazonka/Shield/Types/Unit.hs b/gen/Amazonka/Shield/Types/Unit.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Types/Unit.hs
@@ -0,0 +1,78 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Types.Unit
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Types.Unit
+  ( Unit
+      ( ..,
+        Unit_BITS,
+        Unit_BYTES,
+        Unit_PACKETS,
+        Unit_REQUESTS
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype Unit = Unit' {fromUnit :: Data.Text}
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern Unit_BITS :: Unit
+pattern Unit_BITS = Unit' "BITS"
+
+pattern Unit_BYTES :: Unit
+pattern Unit_BYTES = Unit' "BYTES"
+
+pattern Unit_PACKETS :: Unit
+pattern Unit_PACKETS = Unit' "PACKETS"
+
+pattern Unit_REQUESTS :: Unit
+pattern Unit_REQUESTS = Unit' "REQUESTS"
+
+{-# COMPLETE
+  Unit_BITS,
+  Unit_BYTES,
+  Unit_PACKETS,
+  Unit_REQUESTS,
+  Unit'
+  #-}
diff --git a/gen/Amazonka/Shield/UntagResource.hs b/gen/Amazonka/Shield/UntagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/UntagResource.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.UntagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Removes tags from a resource in Shield.
+module Amazonka.Shield.UntagResource
+  ( -- * Creating a Request
+    UntagResource (..),
+    newUntagResource,
+
+    -- * Request Lenses
+    untagResource_resourceARN,
+    untagResource_tagKeys,
+
+    -- * Destructuring the Response
+    UntagResourceResponse (..),
+    newUntagResourceResponse,
+
+    -- * Response Lenses
+    untagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newUntagResource' smart constructor.
+data UntagResource = UntagResource'
+  { -- | The Amazon Resource Name (ARN) of the resource that you want to remove
+    -- tags from.
+    resourceARN :: Prelude.Text,
+    -- | The tag key for each tag that you want to remove from the resource.
+    tagKeys :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceARN', 'untagResource_resourceARN' - The Amazon Resource Name (ARN) of the resource that you want to remove
+-- tags from.
+--
+-- 'tagKeys', 'untagResource_tagKeys' - The tag key for each tag that you want to remove from the resource.
+newUntagResource ::
+  -- | 'resourceARN'
+  Prelude.Text ->
+  UntagResource
+newUntagResource pResourceARN_ =
+  UntagResource'
+    { resourceARN = pResourceARN_,
+      tagKeys = Prelude.mempty
+    }
+
+-- | The Amazon Resource Name (ARN) of the resource that you want to remove
+-- tags from.
+untagResource_resourceARN :: Lens.Lens' UntagResource Prelude.Text
+untagResource_resourceARN = Lens.lens (\UntagResource' {resourceARN} -> resourceARN) (\s@UntagResource' {} a -> s {resourceARN = a} :: UntagResource)
+
+-- | The tag key for each tag that you want to remove from the resource.
+untagResource_tagKeys :: Lens.Lens' UntagResource [Prelude.Text]
+untagResource_tagKeys = Lens.lens (\UntagResource' {tagKeys} -> tagKeys) (\s@UntagResource' {} a -> s {tagKeys = a} :: UntagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest UntagResource where
+  type
+    AWSResponse UntagResource =
+      UntagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UntagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UntagResource where
+  hashWithSalt _salt UntagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceARN
+      `Prelude.hashWithSalt` tagKeys
+
+instance Prelude.NFData UntagResource where
+  rnf UntagResource' {..} =
+    Prelude.rnf resourceARN
+      `Prelude.seq` Prelude.rnf tagKeys
+
+instance Data.ToHeaders UntagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.UntagResource" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UntagResource where
+  toJSON UntagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ResourceARN" Data..= resourceARN),
+            Prelude.Just ("TagKeys" Data..= tagKeys)
+          ]
+      )
+
+instance Data.ToPath UntagResource where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UntagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUntagResourceResponse' smart constructor.
+data UntagResourceResponse = UntagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'untagResourceResponse_httpStatus' - The response's http status code.
+newUntagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UntagResourceResponse
+newUntagResourceResponse pHttpStatus_ =
+  UntagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+untagResourceResponse_httpStatus :: Lens.Lens' UntagResourceResponse Prelude.Int
+untagResourceResponse_httpStatus = Lens.lens (\UntagResourceResponse' {httpStatus} -> httpStatus) (\s@UntagResourceResponse' {} a -> s {httpStatus = a} :: UntagResourceResponse)
+
+instance Prelude.NFData UntagResourceResponse where
+  rnf UntagResourceResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/UpdateApplicationLayerAutomaticResponse.hs b/gen/Amazonka/Shield/UpdateApplicationLayerAutomaticResponse.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/UpdateApplicationLayerAutomaticResponse.hs
@@ -0,0 +1,227 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.UpdateApplicationLayerAutomaticResponse
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates an existing Shield Advanced automatic application layer DDoS
+-- mitigation configuration for the specified resource.
+module Amazonka.Shield.UpdateApplicationLayerAutomaticResponse
+  ( -- * Creating a Request
+    UpdateApplicationLayerAutomaticResponse (..),
+    newUpdateApplicationLayerAutomaticResponse,
+
+    -- * Request Lenses
+    updateApplicationLayerAutomaticResponse_resourceArn,
+    updateApplicationLayerAutomaticResponse_action,
+
+    -- * Destructuring the Response
+    UpdateApplicationLayerAutomaticResponseResponse (..),
+    newUpdateApplicationLayerAutomaticResponseResponse,
+
+    -- * Response Lenses
+    updateApplicationLayerAutomaticResponseResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newUpdateApplicationLayerAutomaticResponse' smart constructor.
+data UpdateApplicationLayerAutomaticResponse = UpdateApplicationLayerAutomaticResponse'
+  { -- | The ARN (Amazon Resource Name) of the resource.
+    resourceArn :: Prelude.Text,
+    -- | Specifies the action setting that Shield Advanced should use in the WAF
+    -- rules that it creates on behalf of the protected resource in response to
+    -- DDoS attacks. You specify this as part of the configuration for the
+    -- automatic application layer DDoS mitigation feature, when you enable or
+    -- update automatic mitigation. Shield Advanced creates the WAF rules in a
+    -- Shield Advanced-managed rule group, inside the web ACL that you have
+    -- associated with the resource.
+    action :: ResponseAction
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateApplicationLayerAutomaticResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'updateApplicationLayerAutomaticResponse_resourceArn' - The ARN (Amazon Resource Name) of the resource.
+--
+-- 'action', 'updateApplicationLayerAutomaticResponse_action' - Specifies the action setting that Shield Advanced should use in the WAF
+-- rules that it creates on behalf of the protected resource in response to
+-- DDoS attacks. You specify this as part of the configuration for the
+-- automatic application layer DDoS mitigation feature, when you enable or
+-- update automatic mitigation. Shield Advanced creates the WAF rules in a
+-- Shield Advanced-managed rule group, inside the web ACL that you have
+-- associated with the resource.
+newUpdateApplicationLayerAutomaticResponse ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  -- | 'action'
+  ResponseAction ->
+  UpdateApplicationLayerAutomaticResponse
+newUpdateApplicationLayerAutomaticResponse
+  pResourceArn_
+  pAction_ =
+    UpdateApplicationLayerAutomaticResponse'
+      { resourceArn =
+          pResourceArn_,
+        action = pAction_
+      }
+
+-- | The ARN (Amazon Resource Name) of the resource.
+updateApplicationLayerAutomaticResponse_resourceArn :: Lens.Lens' UpdateApplicationLayerAutomaticResponse Prelude.Text
+updateApplicationLayerAutomaticResponse_resourceArn = Lens.lens (\UpdateApplicationLayerAutomaticResponse' {resourceArn} -> resourceArn) (\s@UpdateApplicationLayerAutomaticResponse' {} a -> s {resourceArn = a} :: UpdateApplicationLayerAutomaticResponse)
+
+-- | Specifies the action setting that Shield Advanced should use in the WAF
+-- rules that it creates on behalf of the protected resource in response to
+-- DDoS attacks. You specify this as part of the configuration for the
+-- automatic application layer DDoS mitigation feature, when you enable or
+-- update automatic mitigation. Shield Advanced creates the WAF rules in a
+-- Shield Advanced-managed rule group, inside the web ACL that you have
+-- associated with the resource.
+updateApplicationLayerAutomaticResponse_action :: Lens.Lens' UpdateApplicationLayerAutomaticResponse ResponseAction
+updateApplicationLayerAutomaticResponse_action = Lens.lens (\UpdateApplicationLayerAutomaticResponse' {action} -> action) (\s@UpdateApplicationLayerAutomaticResponse' {} a -> s {action = a} :: UpdateApplicationLayerAutomaticResponse)
+
+instance
+  Core.AWSRequest
+    UpdateApplicationLayerAutomaticResponse
+  where
+  type
+    AWSResponse
+      UpdateApplicationLayerAutomaticResponse =
+      UpdateApplicationLayerAutomaticResponseResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateApplicationLayerAutomaticResponseResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    UpdateApplicationLayerAutomaticResponse
+  where
+  hashWithSalt
+    _salt
+    UpdateApplicationLayerAutomaticResponse' {..} =
+      _salt
+        `Prelude.hashWithSalt` resourceArn
+        `Prelude.hashWithSalt` action
+
+instance
+  Prelude.NFData
+    UpdateApplicationLayerAutomaticResponse
+  where
+  rnf UpdateApplicationLayerAutomaticResponse' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf action
+
+instance
+  Data.ToHeaders
+    UpdateApplicationLayerAutomaticResponse
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.UpdateApplicationLayerAutomaticResponse" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    UpdateApplicationLayerAutomaticResponse
+  where
+  toJSON UpdateApplicationLayerAutomaticResponse' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ResourceArn" Data..= resourceArn),
+            Prelude.Just ("Action" Data..= action)
+          ]
+      )
+
+instance
+  Data.ToPath
+    UpdateApplicationLayerAutomaticResponse
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    UpdateApplicationLayerAutomaticResponse
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateApplicationLayerAutomaticResponseResponse' smart constructor.
+data UpdateApplicationLayerAutomaticResponseResponse = UpdateApplicationLayerAutomaticResponseResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateApplicationLayerAutomaticResponseResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateApplicationLayerAutomaticResponseResponse_httpStatus' - The response's http status code.
+newUpdateApplicationLayerAutomaticResponseResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateApplicationLayerAutomaticResponseResponse
+newUpdateApplicationLayerAutomaticResponseResponse
+  pHttpStatus_ =
+    UpdateApplicationLayerAutomaticResponseResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+updateApplicationLayerAutomaticResponseResponse_httpStatus :: Lens.Lens' UpdateApplicationLayerAutomaticResponseResponse Prelude.Int
+updateApplicationLayerAutomaticResponseResponse_httpStatus = Lens.lens (\UpdateApplicationLayerAutomaticResponseResponse' {httpStatus} -> httpStatus) (\s@UpdateApplicationLayerAutomaticResponseResponse' {} a -> s {httpStatus = a} :: UpdateApplicationLayerAutomaticResponseResponse)
+
+instance
+  Prelude.NFData
+    UpdateApplicationLayerAutomaticResponseResponse
+  where
+  rnf
+    UpdateApplicationLayerAutomaticResponseResponse' {..} =
+      Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/UpdateEmergencyContactSettings.hs b/gen/Amazonka/Shield/UpdateEmergencyContactSettings.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/UpdateEmergencyContactSettings.hs
@@ -0,0 +1,199 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.UpdateEmergencyContactSettings
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the details of the list of email addresses and phone numbers
+-- that the Shield Response Team (SRT) can use to contact you if you have
+-- proactive engagement enabled, for escalations to the SRT and to initiate
+-- proactive customer support.
+module Amazonka.Shield.UpdateEmergencyContactSettings
+  ( -- * Creating a Request
+    UpdateEmergencyContactSettings (..),
+    newUpdateEmergencyContactSettings,
+
+    -- * Request Lenses
+    updateEmergencyContactSettings_emergencyContactList,
+
+    -- * Destructuring the Response
+    UpdateEmergencyContactSettingsResponse (..),
+    newUpdateEmergencyContactSettingsResponse,
+
+    -- * Response Lenses
+    updateEmergencyContactSettingsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newUpdateEmergencyContactSettings' smart constructor.
+data UpdateEmergencyContactSettings = UpdateEmergencyContactSettings'
+  { -- | A list of email addresses and phone numbers that the Shield Response
+    -- Team (SRT) can use to contact you if you have proactive engagement
+    -- enabled, for escalations to the SRT and to initiate proactive customer
+    -- support.
+    --
+    -- If you have proactive engagement enabled, the contact list must include
+    -- at least one phone number.
+    emergencyContactList :: Prelude.Maybe [EmergencyContact]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateEmergencyContactSettings' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'emergencyContactList', 'updateEmergencyContactSettings_emergencyContactList' - A list of email addresses and phone numbers that the Shield Response
+-- Team (SRT) can use to contact you if you have proactive engagement
+-- enabled, for escalations to the SRT and to initiate proactive customer
+-- support.
+--
+-- If you have proactive engagement enabled, the contact list must include
+-- at least one phone number.
+newUpdateEmergencyContactSettings ::
+  UpdateEmergencyContactSettings
+newUpdateEmergencyContactSettings =
+  UpdateEmergencyContactSettings'
+    { emergencyContactList =
+        Prelude.Nothing
+    }
+
+-- | A list of email addresses and phone numbers that the Shield Response
+-- Team (SRT) can use to contact you if you have proactive engagement
+-- enabled, for escalations to the SRT and to initiate proactive customer
+-- support.
+--
+-- If you have proactive engagement enabled, the contact list must include
+-- at least one phone number.
+updateEmergencyContactSettings_emergencyContactList :: Lens.Lens' UpdateEmergencyContactSettings (Prelude.Maybe [EmergencyContact])
+updateEmergencyContactSettings_emergencyContactList = Lens.lens (\UpdateEmergencyContactSettings' {emergencyContactList} -> emergencyContactList) (\s@UpdateEmergencyContactSettings' {} a -> s {emergencyContactList = a} :: UpdateEmergencyContactSettings) Prelude.. Lens.mapping Lens.coerced
+
+instance
+  Core.AWSRequest
+    UpdateEmergencyContactSettings
+  where
+  type
+    AWSResponse UpdateEmergencyContactSettings =
+      UpdateEmergencyContactSettingsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateEmergencyContactSettingsResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    UpdateEmergencyContactSettings
+  where
+  hashWithSalt
+    _salt
+    UpdateEmergencyContactSettings' {..} =
+      _salt `Prelude.hashWithSalt` emergencyContactList
+
+instance
+  Prelude.NFData
+    UpdateEmergencyContactSettings
+  where
+  rnf UpdateEmergencyContactSettings' {..} =
+    Prelude.rnf emergencyContactList
+
+instance
+  Data.ToHeaders
+    UpdateEmergencyContactSettings
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.UpdateEmergencyContactSettings" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateEmergencyContactSettings where
+  toJSON UpdateEmergencyContactSettings' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("EmergencyContactList" Data..=)
+              Prelude.<$> emergencyContactList
+          ]
+      )
+
+instance Data.ToPath UpdateEmergencyContactSettings where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateEmergencyContactSettings where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateEmergencyContactSettingsResponse' smart constructor.
+data UpdateEmergencyContactSettingsResponse = UpdateEmergencyContactSettingsResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateEmergencyContactSettingsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateEmergencyContactSettingsResponse_httpStatus' - The response's http status code.
+newUpdateEmergencyContactSettingsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateEmergencyContactSettingsResponse
+newUpdateEmergencyContactSettingsResponse
+  pHttpStatus_ =
+    UpdateEmergencyContactSettingsResponse'
+      { httpStatus =
+          pHttpStatus_
+      }
+
+-- | The response's http status code.
+updateEmergencyContactSettingsResponse_httpStatus :: Lens.Lens' UpdateEmergencyContactSettingsResponse Prelude.Int
+updateEmergencyContactSettingsResponse_httpStatus = Lens.lens (\UpdateEmergencyContactSettingsResponse' {httpStatus} -> httpStatus) (\s@UpdateEmergencyContactSettingsResponse' {} a -> s {httpStatus = a} :: UpdateEmergencyContactSettingsResponse)
+
+instance
+  Prelude.NFData
+    UpdateEmergencyContactSettingsResponse
+  where
+  rnf UpdateEmergencyContactSettingsResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/UpdateProtectionGroup.hs b/gen/Amazonka/Shield/UpdateProtectionGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/UpdateProtectionGroup.hs
@@ -0,0 +1,299 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.UpdateProtectionGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates an existing protection group. A protection group is a grouping
+-- of protected resources so they can be handled as a collective. This
+-- resource grouping improves the accuracy of detection and reduces false
+-- positives.
+module Amazonka.Shield.UpdateProtectionGroup
+  ( -- * Creating a Request
+    UpdateProtectionGroup (..),
+    newUpdateProtectionGroup,
+
+    -- * Request Lenses
+    updateProtectionGroup_members,
+    updateProtectionGroup_resourceType,
+    updateProtectionGroup_protectionGroupId,
+    updateProtectionGroup_aggregation,
+    updateProtectionGroup_pattern,
+
+    -- * Destructuring the Response
+    UpdateProtectionGroupResponse (..),
+    newUpdateProtectionGroupResponse,
+
+    -- * Response Lenses
+    updateProtectionGroupResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newUpdateProtectionGroup' smart constructor.
+data UpdateProtectionGroup = UpdateProtectionGroup'
+  { -- | The Amazon Resource Names (ARNs) of the resources to include in the
+    -- protection group. You must set this when you set @Pattern@ to
+    -- @ARBITRARY@ and you must not set it for any other @Pattern@ setting.
+    members :: Prelude.Maybe [Prelude.Text],
+    -- | The resource type to include in the protection group. All protected
+    -- resources of this type are included in the protection group. You must
+    -- set this when you set @Pattern@ to @BY_RESOURCE_TYPE@ and you must not
+    -- set it for any other @Pattern@ setting.
+    resourceType :: Prelude.Maybe ProtectedResourceType,
+    -- | The name of the protection group. You use this to identify the
+    -- protection group in lists and to manage the protection group, for
+    -- example to update, delete, or describe it.
+    protectionGroupId :: Prelude.Text,
+    -- | Defines how Shield combines resource data for the group in order to
+    -- detect, mitigate, and report events.
+    --
+    -- -   Sum - Use the total traffic across the group. This is a good choice
+    --     for most cases. Examples include Elastic IP addresses for EC2
+    --     instances that scale manually or automatically.
+    --
+    -- -   Mean - Use the average of the traffic across the group. This is a
+    --     good choice for resources that share traffic uniformly. Examples
+    --     include accelerators and load balancers.
+    --
+    -- -   Max - Use the highest traffic from each resource. This is useful for
+    --     resources that don\'t share traffic and for resources that share
+    --     that traffic in a non-uniform way. Examples include Amazon
+    --     CloudFront distributions and origin resources for CloudFront
+    --     distributions.
+    aggregation :: ProtectionGroupAggregation,
+    -- | The criteria to use to choose the protected resources for inclusion in
+    -- the group. You can include all resources that have protections, provide
+    -- a list of resource Amazon Resource Names (ARNs), or include all
+    -- resources of a specified resource type.
+    pattern' :: ProtectionGroupPattern
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateProtectionGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'members', 'updateProtectionGroup_members' - The Amazon Resource Names (ARNs) of the resources to include in the
+-- protection group. You must set this when you set @Pattern@ to
+-- @ARBITRARY@ and you must not set it for any other @Pattern@ setting.
+--
+-- 'resourceType', 'updateProtectionGroup_resourceType' - The resource type to include in the protection group. All protected
+-- resources of this type are included in the protection group. You must
+-- set this when you set @Pattern@ to @BY_RESOURCE_TYPE@ and you must not
+-- set it for any other @Pattern@ setting.
+--
+-- 'protectionGroupId', 'updateProtectionGroup_protectionGroupId' - The name of the protection group. You use this to identify the
+-- protection group in lists and to manage the protection group, for
+-- example to update, delete, or describe it.
+--
+-- 'aggregation', 'updateProtectionGroup_aggregation' - Defines how Shield combines resource data for the group in order to
+-- detect, mitigate, and report events.
+--
+-- -   Sum - Use the total traffic across the group. This is a good choice
+--     for most cases. Examples include Elastic IP addresses for EC2
+--     instances that scale manually or automatically.
+--
+-- -   Mean - Use the average of the traffic across the group. This is a
+--     good choice for resources that share traffic uniformly. Examples
+--     include accelerators and load balancers.
+--
+-- -   Max - Use the highest traffic from each resource. This is useful for
+--     resources that don\'t share traffic and for resources that share
+--     that traffic in a non-uniform way. Examples include Amazon
+--     CloudFront distributions and origin resources for CloudFront
+--     distributions.
+--
+-- 'pattern'', 'updateProtectionGroup_pattern' - The criteria to use to choose the protected resources for inclusion in
+-- the group. You can include all resources that have protections, provide
+-- a list of resource Amazon Resource Names (ARNs), or include all
+-- resources of a specified resource type.
+newUpdateProtectionGroup ::
+  -- | 'protectionGroupId'
+  Prelude.Text ->
+  -- | 'aggregation'
+  ProtectionGroupAggregation ->
+  -- | 'pattern''
+  ProtectionGroupPattern ->
+  UpdateProtectionGroup
+newUpdateProtectionGroup
+  pProtectionGroupId_
+  pAggregation_
+  pPattern_ =
+    UpdateProtectionGroup'
+      { members = Prelude.Nothing,
+        resourceType = Prelude.Nothing,
+        protectionGroupId = pProtectionGroupId_,
+        aggregation = pAggregation_,
+        pattern' = pPattern_
+      }
+
+-- | The Amazon Resource Names (ARNs) of the resources to include in the
+-- protection group. You must set this when you set @Pattern@ to
+-- @ARBITRARY@ and you must not set it for any other @Pattern@ setting.
+updateProtectionGroup_members :: Lens.Lens' UpdateProtectionGroup (Prelude.Maybe [Prelude.Text])
+updateProtectionGroup_members = Lens.lens (\UpdateProtectionGroup' {members} -> members) (\s@UpdateProtectionGroup' {} a -> s {members = a} :: UpdateProtectionGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | The resource type to include in the protection group. All protected
+-- resources of this type are included in the protection group. You must
+-- set this when you set @Pattern@ to @BY_RESOURCE_TYPE@ and you must not
+-- set it for any other @Pattern@ setting.
+updateProtectionGroup_resourceType :: Lens.Lens' UpdateProtectionGroup (Prelude.Maybe ProtectedResourceType)
+updateProtectionGroup_resourceType = Lens.lens (\UpdateProtectionGroup' {resourceType} -> resourceType) (\s@UpdateProtectionGroup' {} a -> s {resourceType = a} :: UpdateProtectionGroup)
+
+-- | The name of the protection group. You use this to identify the
+-- protection group in lists and to manage the protection group, for
+-- example to update, delete, or describe it.
+updateProtectionGroup_protectionGroupId :: Lens.Lens' UpdateProtectionGroup Prelude.Text
+updateProtectionGroup_protectionGroupId = Lens.lens (\UpdateProtectionGroup' {protectionGroupId} -> protectionGroupId) (\s@UpdateProtectionGroup' {} a -> s {protectionGroupId = a} :: UpdateProtectionGroup)
+
+-- | Defines how Shield combines resource data for the group in order to
+-- detect, mitigate, and report events.
+--
+-- -   Sum - Use the total traffic across the group. This is a good choice
+--     for most cases. Examples include Elastic IP addresses for EC2
+--     instances that scale manually or automatically.
+--
+-- -   Mean - Use the average of the traffic across the group. This is a
+--     good choice for resources that share traffic uniformly. Examples
+--     include accelerators and load balancers.
+--
+-- -   Max - Use the highest traffic from each resource. This is useful for
+--     resources that don\'t share traffic and for resources that share
+--     that traffic in a non-uniform way. Examples include Amazon
+--     CloudFront distributions and origin resources for CloudFront
+--     distributions.
+updateProtectionGroup_aggregation :: Lens.Lens' UpdateProtectionGroup ProtectionGroupAggregation
+updateProtectionGroup_aggregation = Lens.lens (\UpdateProtectionGroup' {aggregation} -> aggregation) (\s@UpdateProtectionGroup' {} a -> s {aggregation = a} :: UpdateProtectionGroup)
+
+-- | The criteria to use to choose the protected resources for inclusion in
+-- the group. You can include all resources that have protections, provide
+-- a list of resource Amazon Resource Names (ARNs), or include all
+-- resources of a specified resource type.
+updateProtectionGroup_pattern :: Lens.Lens' UpdateProtectionGroup ProtectionGroupPattern
+updateProtectionGroup_pattern = Lens.lens (\UpdateProtectionGroup' {pattern'} -> pattern') (\s@UpdateProtectionGroup' {} a -> s {pattern' = a} :: UpdateProtectionGroup)
+
+instance Core.AWSRequest UpdateProtectionGroup where
+  type
+    AWSResponse UpdateProtectionGroup =
+      UpdateProtectionGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateProtectionGroupResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateProtectionGroup where
+  hashWithSalt _salt UpdateProtectionGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` members
+      `Prelude.hashWithSalt` resourceType
+      `Prelude.hashWithSalt` protectionGroupId
+      `Prelude.hashWithSalt` aggregation
+      `Prelude.hashWithSalt` pattern'
+
+instance Prelude.NFData UpdateProtectionGroup where
+  rnf UpdateProtectionGroup' {..} =
+    Prelude.rnf members
+      `Prelude.seq` Prelude.rnf resourceType
+      `Prelude.seq` Prelude.rnf protectionGroupId
+      `Prelude.seq` Prelude.rnf aggregation
+      `Prelude.seq` Prelude.rnf pattern'
+
+instance Data.ToHeaders UpdateProtectionGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.UpdateProtectionGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateProtectionGroup where
+  toJSON UpdateProtectionGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Members" Data..=) Prelude.<$> members,
+            ("ResourceType" Data..=) Prelude.<$> resourceType,
+            Prelude.Just
+              ("ProtectionGroupId" Data..= protectionGroupId),
+            Prelude.Just ("Aggregation" Data..= aggregation),
+            Prelude.Just ("Pattern" Data..= pattern')
+          ]
+      )
+
+instance Data.ToPath UpdateProtectionGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateProtectionGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateProtectionGroupResponse' smart constructor.
+data UpdateProtectionGroupResponse = UpdateProtectionGroupResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateProtectionGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateProtectionGroupResponse_httpStatus' - The response's http status code.
+newUpdateProtectionGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateProtectionGroupResponse
+newUpdateProtectionGroupResponse pHttpStatus_ =
+  UpdateProtectionGroupResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+updateProtectionGroupResponse_httpStatus :: Lens.Lens' UpdateProtectionGroupResponse Prelude.Int
+updateProtectionGroupResponse_httpStatus = Lens.lens (\UpdateProtectionGroupResponse' {httpStatus} -> httpStatus) (\s@UpdateProtectionGroupResponse' {} a -> s {httpStatus = a} :: UpdateProtectionGroupResponse)
+
+instance Prelude.NFData UpdateProtectionGroupResponse where
+  rnf UpdateProtectionGroupResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/UpdateSubscription.hs b/gen/Amazonka/Shield/UpdateSubscription.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/UpdateSubscription.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.UpdateSubscription
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the details of an existing subscription. Only enter values for
+-- parameters you want to change. Empty parameters are not updated.
+--
+-- For accounts that are members of an Organizations organization, Shield
+-- Advanced subscriptions are billed against the organization\'s payer
+-- account, regardless of whether the payer account itself is subscribed.
+module Amazonka.Shield.UpdateSubscription
+  ( -- * Creating a Request
+    UpdateSubscription (..),
+    newUpdateSubscription,
+
+    -- * Request Lenses
+    updateSubscription_autoRenew,
+
+    -- * Destructuring the Response
+    UpdateSubscriptionResponse (..),
+    newUpdateSubscriptionResponse,
+
+    -- * Response Lenses
+    updateSubscriptionResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.Shield.Types
+
+-- | /See:/ 'newUpdateSubscription' smart constructor.
+data UpdateSubscription = UpdateSubscription'
+  { -- | When you initally create a subscription, @AutoRenew@ is set to
+    -- @ENABLED@. If @ENABLED@, the subscription will be automatically renewed
+    -- at the end of the existing subscription period. You can change this by
+    -- submitting an @UpdateSubscription@ request. If the @UpdateSubscription@
+    -- request does not included a value for @AutoRenew@, the existing value
+    -- for @AutoRenew@ remains unchanged.
+    autoRenew :: Prelude.Maybe AutoRenew
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateSubscription' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'autoRenew', 'updateSubscription_autoRenew' - When you initally create a subscription, @AutoRenew@ is set to
+-- @ENABLED@. If @ENABLED@, the subscription will be automatically renewed
+-- at the end of the existing subscription period. You can change this by
+-- submitting an @UpdateSubscription@ request. If the @UpdateSubscription@
+-- request does not included a value for @AutoRenew@, the existing value
+-- for @AutoRenew@ remains unchanged.
+newUpdateSubscription ::
+  UpdateSubscription
+newUpdateSubscription =
+  UpdateSubscription' {autoRenew = Prelude.Nothing}
+
+-- | When you initally create a subscription, @AutoRenew@ is set to
+-- @ENABLED@. If @ENABLED@, the subscription will be automatically renewed
+-- at the end of the existing subscription period. You can change this by
+-- submitting an @UpdateSubscription@ request. If the @UpdateSubscription@
+-- request does not included a value for @AutoRenew@, the existing value
+-- for @AutoRenew@ remains unchanged.
+updateSubscription_autoRenew :: Lens.Lens' UpdateSubscription (Prelude.Maybe AutoRenew)
+updateSubscription_autoRenew = Lens.lens (\UpdateSubscription' {autoRenew} -> autoRenew) (\s@UpdateSubscription' {} a -> s {autoRenew = a} :: UpdateSubscription)
+
+instance Core.AWSRequest UpdateSubscription where
+  type
+    AWSResponse UpdateSubscription =
+      UpdateSubscriptionResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UpdateSubscriptionResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateSubscription where
+  hashWithSalt _salt UpdateSubscription' {..} =
+    _salt `Prelude.hashWithSalt` autoRenew
+
+instance Prelude.NFData UpdateSubscription where
+  rnf UpdateSubscription' {..} = Prelude.rnf autoRenew
+
+instance Data.ToHeaders UpdateSubscription where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSShield_20160616.UpdateSubscription" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateSubscription where
+  toJSON UpdateSubscription' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("AutoRenew" Data..=) Prelude.<$> autoRenew]
+      )
+
+instance Data.ToPath UpdateSubscription where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateSubscription where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateSubscriptionResponse' smart constructor.
+data UpdateSubscriptionResponse = UpdateSubscriptionResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateSubscriptionResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'updateSubscriptionResponse_httpStatus' - The response's http status code.
+newUpdateSubscriptionResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateSubscriptionResponse
+newUpdateSubscriptionResponse pHttpStatus_ =
+  UpdateSubscriptionResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+updateSubscriptionResponse_httpStatus :: Lens.Lens' UpdateSubscriptionResponse Prelude.Int
+updateSubscriptionResponse_httpStatus = Lens.lens (\UpdateSubscriptionResponse' {httpStatus} -> httpStatus) (\s@UpdateSubscriptionResponse' {} a -> s {httpStatus = a} :: UpdateSubscriptionResponse)
+
+instance Prelude.NFData UpdateSubscriptionResponse where
+  rnf UpdateSubscriptionResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/Shield/Waiters.hs b/gen/Amazonka/Shield/Waiters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/Shield/Waiters.hs
@@ -0,0 +1,24 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.Shield.Waiters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.Shield.Waiters where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.Shield.Lens
+import Amazonka.Shield.Types
diff --git a/gen/Network/AWS/Shield.hs b/gen/Network/AWS/Shield.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield.hs
+++ /dev/null
@@ -1,237 +0,0 @@
-{-# OPTIONS_GHC -fno-warn-unused-imports    #-}
-{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- __AWS Shield Advanced__
---
--- This is the /AWS Shield Advanced API Reference/ . This guide is for developers who need detailed information about the AWS Shield Advanced API actions, data types, and errors. For detailed information about AWS WAF and AWS Shield Advanced features and an overview of how to use the AWS WAF and AWS Shield Advanced APIs, see the <http://docs.aws.amazon.com/waf/latest/developerguide/ AWS WAF and AWS Shield Developer Guide> .
---
-module Network.AWS.Shield
-    (
-    -- * Service Configuration
-      shield
-
-    -- * Errors
-    -- $errors
-
-    -- ** InvalidResourceException
-    , _InvalidResourceException
-
-    -- ** InvalidParameterException
-    , _InvalidParameterException
-
-    -- ** LimitsExceededException
-    , _LimitsExceededException
-
-    -- ** InternalErrorException
-    , _InternalErrorException
-
-    -- ** ResourceAlreadyExistsException
-    , _ResourceAlreadyExistsException
-
-    -- ** OptimisticLockException
-    , _OptimisticLockException
-
-    -- ** InvalidOperationException
-    , _InvalidOperationException
-
-    -- ** LockedSubscriptionException
-    , _LockedSubscriptionException
-
-    -- ** ResourceNotFoundException
-    , _ResourceNotFoundException
-
-    -- * Waiters
-    -- $waiters
-
-    -- * Operations
-    -- $operations
-
-    -- ** CreateSubscription
-    , module Network.AWS.Shield.CreateSubscription
-
-    -- ** ListProtections (Paginated)
-    , module Network.AWS.Shield.ListProtections
-
-    -- ** DeleteSubscription
-    , module Network.AWS.Shield.DeleteSubscription
-
-    -- ** DescribeAttack
-    , module Network.AWS.Shield.DescribeAttack
-
-    -- ** DescribeProtection
-    , module Network.AWS.Shield.DescribeProtection
-
-    -- ** ListAttacks
-    , module Network.AWS.Shield.ListAttacks
-
-    -- ** CreateProtection
-    , module Network.AWS.Shield.CreateProtection
-
-    -- ** DeleteProtection
-    , module Network.AWS.Shield.DeleteProtection
-
-    -- ** GetSubscriptionState
-    , module Network.AWS.Shield.GetSubscriptionState
-
-    -- ** DescribeSubscription
-    , module Network.AWS.Shield.DescribeSubscription
-
-    -- * Types
-
-    -- ** AttackLayer
-    , AttackLayer (..)
-
-    -- ** AttackPropertyIdentifier
-    , AttackPropertyIdentifier (..)
-
-    -- ** SubResourceType
-    , SubResourceType (..)
-
-    -- ** SubscriptionState
-    , SubscriptionState (..)
-
-    -- ** Unit
-    , Unit (..)
-
-    -- ** AttackDetail
-    , AttackDetail
-    , attackDetail
-    , adAttackId
-    , adStartTime
-    , adSubResources
-    , adMitigations
-    , adAttackProperties
-    , adAttackCounters
-    , adResourceARN
-    , adEndTime
-
-    -- ** AttackProperty
-    , AttackProperty
-    , attackProperty
-    , apAttackLayer
-    , apTopContributors
-    , apAttackPropertyIdentifier
-    , apTotal
-    , apUnit
-
-    -- ** AttackSummary
-    , AttackSummary
-    , attackSummary
-    , asAttackVectors
-    , asAttackId
-    , asStartTime
-    , asResourceARN
-    , asEndTime
-
-    -- ** AttackVectorDescription
-    , AttackVectorDescription
-    , attackVectorDescription
-    , avdVectorType
-
-    -- ** Contributor
-    , Contributor
-    , contributor
-    , cValue
-    , cName
-
-    -- ** Mitigation
-    , Mitigation
-    , mitigation
-    , mMitigationName
-
-    -- ** Protection
-    , Protection
-    , protection
-    , pResourceARN
-    , pName
-    , pId
-
-    -- ** SubResourceSummary
-    , SubResourceSummary
-    , subResourceSummary
-    , srsCounters
-    , srsAttackVectors
-    , srsId
-    , srsType
-
-    -- ** Subscription
-    , Subscription
-    , subscription
-    , sTimeCommitmentInSeconds
-    , sStartTime
-
-    -- ** SummarizedAttackVector
-    , SummarizedAttackVector
-    , summarizedAttackVector
-    , savVectorCounters
-    , savVectorType
-
-    -- ** SummarizedCounter
-    , SummarizedCounter
-    , summarizedCounter
-    , scMax
-    , scAverage
-    , scN
-    , scName
-    , scSum
-    , scUnit
-
-    -- ** TimeRange
-    , TimeRange
-    , timeRange
-    , trFromInclusive
-    , trToExclusive
-    ) where
-
-import Network.AWS.Shield.CreateProtection
-import Network.AWS.Shield.CreateSubscription
-import Network.AWS.Shield.DeleteProtection
-import Network.AWS.Shield.DeleteSubscription
-import Network.AWS.Shield.DescribeAttack
-import Network.AWS.Shield.DescribeProtection
-import Network.AWS.Shield.DescribeSubscription
-import Network.AWS.Shield.GetSubscriptionState
-import Network.AWS.Shield.ListAttacks
-import Network.AWS.Shield.ListProtections
-import Network.AWS.Shield.Types
-import Network.AWS.Shield.Waiters
-
-{- $errors
-Error matchers are designed for use with the functions provided by
-<http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
-This allows catching (and rethrowing) service specific errors returned
-by 'Shield'.
--}
-
-{- $operations
-Some AWS operations return results that are incomplete and require subsequent
-requests in order to obtain the entire result set. The process of sending
-subsequent requests to continue where a previous request left off is called
-pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
-1000 objects at a time, and you must send subsequent requests with the
-appropriate Marker in order to retrieve the next page of results.
-
-Operations that have an 'AWSPager' instance can transparently perform subsequent
-requests, correctly setting Markers and other request facets to iterate through
-the entire result set of a truncated API operation. Operations which support
-this have an additional note in the documentation.
-
-Many operations have the ability to filter results on the server side. See the
-individual operation parameters for details.
--}
-
-{- $waiters
-Waiters poll by repeatedly sending a request until some remote success condition
-configured by the 'Wait' specification is fulfilled. The 'Wait' specification
-determines how many attempts should be made, in addition to delay and retry strategies.
--}
diff --git a/gen/Network/AWS/Shield/CreateProtection.hs b/gen/Network/AWS/Shield/CreateProtection.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/CreateProtection.hs
+++ /dev/null
@@ -1,144 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.CreateProtection
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Enables AWS Shield Advanced for a specific AWS resource. The resource can be an Amazon CloudFront distribution, Elastic Load Balancing load balancer, Elastic IP Address, or an Amazon Route 53 hosted zone.
---
---
-module Network.AWS.Shield.CreateProtection
-    (
-    -- * Creating a Request
-      createProtection
-    , CreateProtection
-    -- * Request Lenses
-    , cpName
-    , cpResourceARN
-
-    -- * Destructuring the Response
-    , createProtectionResponse
-    , CreateProtectionResponse
-    -- * Response Lenses
-    , cprsProtectionId
-    , cprsResponseStatus
-    ) where
-
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-import Network.AWS.Shield.Types
-import Network.AWS.Shield.Types.Product
-
--- | /See:/ 'createProtection' smart constructor.
-data CreateProtection = CreateProtection'
-  { _cpName        :: !Text
-  , _cpResourceARN :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateProtection' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cpName' - Friendly name for the @Protection@ you are creating.
---
--- * 'cpResourceARN' - The ARN (Amazon Resource Name) of the resource to be protected. The ARN should be in one of the following formats:     * For an Application Load Balancer: @arn:aws:elasticloadbalancing:/region/ :/account-id/ :loadbalancer/app//load-balancer-name/ //load-balancer-id/ @      * For an Elastic Load Balancer (Classic Load Balancer): @arn:aws:elasticloadbalancing:/region/ :/account-id/ :loadbalancer//load-balancer-name/ @      * For AWS CloudFront distribution: @arn:aws:cloudfront::/account-id/ :distribution//distribution-id/ @      * For Amazon Route 53: @arn:aws:route53::/account-id/ :hostedzone//hosted-zone-id/ @      * For an Elastic IP address: @arn:aws:ec2:/region/ :/account-id/ :eip-allocation//allocation-id/ @
-createProtection
-    :: Text -- ^ 'cpName'
-    -> Text -- ^ 'cpResourceARN'
-    -> CreateProtection
-createProtection pName_ pResourceARN_ =
-  CreateProtection' {_cpName = pName_, _cpResourceARN = pResourceARN_}
-
-
--- | Friendly name for the @Protection@ you are creating.
-cpName :: Lens' CreateProtection Text
-cpName = lens _cpName (\ s a -> s{_cpName = a})
-
--- | The ARN (Amazon Resource Name) of the resource to be protected. The ARN should be in one of the following formats:     * For an Application Load Balancer: @arn:aws:elasticloadbalancing:/region/ :/account-id/ :loadbalancer/app//load-balancer-name/ //load-balancer-id/ @      * For an Elastic Load Balancer (Classic Load Balancer): @arn:aws:elasticloadbalancing:/region/ :/account-id/ :loadbalancer//load-balancer-name/ @      * For AWS CloudFront distribution: @arn:aws:cloudfront::/account-id/ :distribution//distribution-id/ @      * For Amazon Route 53: @arn:aws:route53::/account-id/ :hostedzone//hosted-zone-id/ @      * For an Elastic IP address: @arn:aws:ec2:/region/ :/account-id/ :eip-allocation//allocation-id/ @
-cpResourceARN :: Lens' CreateProtection Text
-cpResourceARN = lens _cpResourceARN (\ s a -> s{_cpResourceARN = a})
-
-instance AWSRequest CreateProtection where
-        type Rs CreateProtection = CreateProtectionResponse
-        request = postJSON shield
-        response
-          = receiveJSON
-              (\ s h x ->
-                 CreateProtectionResponse' <$>
-                   (x .?> "ProtectionId") <*> (pure (fromEnum s)))
-
-instance Hashable CreateProtection where
-
-instance NFData CreateProtection where
-
-instance ToHeaders CreateProtection where
-        toHeaders
-          = const
-              (mconcat
-                 ["X-Amz-Target" =#
-                    ("AWSShield_20160616.CreateProtection" ::
-                       ByteString),
-                  "Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON CreateProtection where
-        toJSON CreateProtection'{..}
-          = object
-              (catMaybes
-                 [Just ("Name" .= _cpName),
-                  Just ("ResourceArn" .= _cpResourceARN)])
-
-instance ToPath CreateProtection where
-        toPath = const "/"
-
-instance ToQuery CreateProtection where
-        toQuery = const mempty
-
--- | /See:/ 'createProtectionResponse' smart constructor.
-data CreateProtectionResponse = CreateProtectionResponse'
-  { _cprsProtectionId   :: !(Maybe Text)
-  , _cprsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateProtectionResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cprsProtectionId' - The unique identifier (ID) for the 'Protection' object that is created.
---
--- * 'cprsResponseStatus' - -- | The response status code.
-createProtectionResponse
-    :: Int -- ^ 'cprsResponseStatus'
-    -> CreateProtectionResponse
-createProtectionResponse pResponseStatus_ =
-  CreateProtectionResponse'
-    {_cprsProtectionId = Nothing, _cprsResponseStatus = pResponseStatus_}
-
-
--- | The unique identifier (ID) for the 'Protection' object that is created.
-cprsProtectionId :: Lens' CreateProtectionResponse (Maybe Text)
-cprsProtectionId = lens _cprsProtectionId (\ s a -> s{_cprsProtectionId = a})
-
--- | -- | The response status code.
-cprsResponseStatus :: Lens' CreateProtectionResponse Int
-cprsResponseStatus = lens _cprsResponseStatus (\ s a -> s{_cprsResponseStatus = a})
-
-instance NFData CreateProtectionResponse where
diff --git a/gen/Network/AWS/Shield/CreateSubscription.hs b/gen/Network/AWS/Shield/CreateSubscription.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/CreateSubscription.hs
+++ /dev/null
@@ -1,111 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.CreateSubscription
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Activates AWS Shield Advanced for an account.
---
---
-module Network.AWS.Shield.CreateSubscription
-    (
-    -- * Creating a Request
-      createSubscription
-    , CreateSubscription
-
-    -- * Destructuring the Response
-    , createSubscriptionResponse
-    , CreateSubscriptionResponse
-    -- * Response Lenses
-    , csrsResponseStatus
-    ) where
-
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-import Network.AWS.Shield.Types
-import Network.AWS.Shield.Types.Product
-
--- | /See:/ 'createSubscription' smart constructor.
-data CreateSubscription =
-  CreateSubscription'
-  deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateSubscription' with the minimum fields required to make a request.
---
-createSubscription
-    :: CreateSubscription
-createSubscription = CreateSubscription'
-
-
-instance AWSRequest CreateSubscription where
-        type Rs CreateSubscription =
-             CreateSubscriptionResponse
-        request = postJSON shield
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 CreateSubscriptionResponse' <$> (pure (fromEnum s)))
-
-instance Hashable CreateSubscription where
-
-instance NFData CreateSubscription where
-
-instance ToHeaders CreateSubscription where
-        toHeaders
-          = const
-              (mconcat
-                 ["X-Amz-Target" =#
-                    ("AWSShield_20160616.CreateSubscription" ::
-                       ByteString),
-                  "Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON CreateSubscription where
-        toJSON = const (Object mempty)
-
-instance ToPath CreateSubscription where
-        toPath = const "/"
-
-instance ToQuery CreateSubscription where
-        toQuery = const mempty
-
--- | /See:/ 'createSubscriptionResponse' smart constructor.
-newtype CreateSubscriptionResponse = CreateSubscriptionResponse'
-  { _csrsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'CreateSubscriptionResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'csrsResponseStatus' - -- | The response status code.
-createSubscriptionResponse
-    :: Int -- ^ 'csrsResponseStatus'
-    -> CreateSubscriptionResponse
-createSubscriptionResponse pResponseStatus_ =
-  CreateSubscriptionResponse' {_csrsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-csrsResponseStatus :: Lens' CreateSubscriptionResponse Int
-csrsResponseStatus = lens _csrsResponseStatus (\ s a -> s{_csrsResponseStatus = a})
-
-instance NFData CreateSubscriptionResponse where
diff --git a/gen/Network/AWS/Shield/DeleteProtection.hs b/gen/Network/AWS/Shield/DeleteProtection.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/DeleteProtection.hs
+++ /dev/null
@@ -1,123 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.DeleteProtection
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Deletes an AWS Shield Advanced 'Protection' .
---
---
-module Network.AWS.Shield.DeleteProtection
-    (
-    -- * Creating a Request
-      deleteProtection
-    , DeleteProtection
-    -- * Request Lenses
-    , dProtectionId
-
-    -- * Destructuring the Response
-    , deleteProtectionResponse
-    , DeleteProtectionResponse
-    -- * Response Lenses
-    , delrsResponseStatus
-    ) where
-
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-import Network.AWS.Shield.Types
-import Network.AWS.Shield.Types.Product
-
--- | /See:/ 'deleteProtection' smart constructor.
-newtype DeleteProtection = DeleteProtection'
-  { _dProtectionId :: Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteProtection' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dProtectionId' - The unique identifier (ID) for the 'Protection' object to be deleted.
-deleteProtection
-    :: Text -- ^ 'dProtectionId'
-    -> DeleteProtection
-deleteProtection pProtectionId_ =
-  DeleteProtection' {_dProtectionId = pProtectionId_}
-
-
--- | The unique identifier (ID) for the 'Protection' object to be deleted.
-dProtectionId :: Lens' DeleteProtection Text
-dProtectionId = lens _dProtectionId (\ s a -> s{_dProtectionId = a})
-
-instance AWSRequest DeleteProtection where
-        type Rs DeleteProtection = DeleteProtectionResponse
-        request = postJSON shield
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 DeleteProtectionResponse' <$> (pure (fromEnum s)))
-
-instance Hashable DeleteProtection where
-
-instance NFData DeleteProtection where
-
-instance ToHeaders DeleteProtection where
-        toHeaders
-          = const
-              (mconcat
-                 ["X-Amz-Target" =#
-                    ("AWSShield_20160616.DeleteProtection" ::
-                       ByteString),
-                  "Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON DeleteProtection where
-        toJSON DeleteProtection'{..}
-          = object
-              (catMaybes [Just ("ProtectionId" .= _dProtectionId)])
-
-instance ToPath DeleteProtection where
-        toPath = const "/"
-
-instance ToQuery DeleteProtection where
-        toQuery = const mempty
-
--- | /See:/ 'deleteProtectionResponse' smart constructor.
-newtype DeleteProtectionResponse = DeleteProtectionResponse'
-  { _delrsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteProtectionResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'delrsResponseStatus' - -- | The response status code.
-deleteProtectionResponse
-    :: Int -- ^ 'delrsResponseStatus'
-    -> DeleteProtectionResponse
-deleteProtectionResponse pResponseStatus_ =
-  DeleteProtectionResponse' {_delrsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-delrsResponseStatus :: Lens' DeleteProtectionResponse Int
-delrsResponseStatus = lens _delrsResponseStatus (\ s a -> s{_delrsResponseStatus = a})
-
-instance NFData DeleteProtectionResponse where
diff --git a/gen/Network/AWS/Shield/DeleteSubscription.hs b/gen/Network/AWS/Shield/DeleteSubscription.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/DeleteSubscription.hs
+++ /dev/null
@@ -1,111 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.DeleteSubscription
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Removes AWS Shield Advanced from an account. AWS Shield Advanced requires a 1-year subscription commitment. You cannot delete a subscription prior to the completion of that commitment.
---
---
-module Network.AWS.Shield.DeleteSubscription
-    (
-    -- * Creating a Request
-      deleteSubscription
-    , DeleteSubscription
-
-    -- * Destructuring the Response
-    , deleteSubscriptionResponse
-    , DeleteSubscriptionResponse
-    -- * Response Lenses
-    , drsResponseStatus
-    ) where
-
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-import Network.AWS.Shield.Types
-import Network.AWS.Shield.Types.Product
-
--- | /See:/ 'deleteSubscription' smart constructor.
-data DeleteSubscription =
-  DeleteSubscription'
-  deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteSubscription' with the minimum fields required to make a request.
---
-deleteSubscription
-    :: DeleteSubscription
-deleteSubscription = DeleteSubscription'
-
-
-instance AWSRequest DeleteSubscription where
-        type Rs DeleteSubscription =
-             DeleteSubscriptionResponse
-        request = postJSON shield
-        response
-          = receiveEmpty
-              (\ s h x ->
-                 DeleteSubscriptionResponse' <$> (pure (fromEnum s)))
-
-instance Hashable DeleteSubscription where
-
-instance NFData DeleteSubscription where
-
-instance ToHeaders DeleteSubscription where
-        toHeaders
-          = const
-              (mconcat
-                 ["X-Amz-Target" =#
-                    ("AWSShield_20160616.DeleteSubscription" ::
-                       ByteString),
-                  "Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON DeleteSubscription where
-        toJSON = const (Object mempty)
-
-instance ToPath DeleteSubscription where
-        toPath = const "/"
-
-instance ToQuery DeleteSubscription where
-        toQuery = const mempty
-
--- | /See:/ 'deleteSubscriptionResponse' smart constructor.
-newtype DeleteSubscriptionResponse = DeleteSubscriptionResponse'
-  { _drsResponseStatus :: Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DeleteSubscriptionResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'drsResponseStatus' - -- | The response status code.
-deleteSubscriptionResponse
-    :: Int -- ^ 'drsResponseStatus'
-    -> DeleteSubscriptionResponse
-deleteSubscriptionResponse pResponseStatus_ =
-  DeleteSubscriptionResponse' {_drsResponseStatus = pResponseStatus_}
-
-
--- | -- | The response status code.
-drsResponseStatus :: Lens' DeleteSubscriptionResponse Int
-drsResponseStatus = lens _drsResponseStatus (\ s a -> s{_drsResponseStatus = a})
-
-instance NFData DeleteSubscriptionResponse where
diff --git a/gen/Network/AWS/Shield/DescribeAttack.hs b/gen/Network/AWS/Shield/DescribeAttack.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/DescribeAttack.hs
+++ /dev/null
@@ -1,131 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.DescribeAttack
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Describes the details of a DDoS attack.
---
---
-module Network.AWS.Shield.DescribeAttack
-    (
-    -- * Creating a Request
-      describeAttack
-    , DescribeAttack
-    -- * Request Lenses
-    , daAttackId
-
-    -- * Destructuring the Response
-    , describeAttackResponse
-    , DescribeAttackResponse
-    -- * Response Lenses
-    , darsAttack
-    , darsResponseStatus
-    ) where
-
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-import Network.AWS.Shield.Types
-import Network.AWS.Shield.Types.Product
-
--- | /See:/ 'describeAttack' smart constructor.
-newtype DescribeAttack = DescribeAttack'
-  { _daAttackId :: Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DescribeAttack' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'daAttackId' - The unique identifier (ID) for the attack that to be described.
-describeAttack
-    :: Text -- ^ 'daAttackId'
-    -> DescribeAttack
-describeAttack pAttackId_ = DescribeAttack' {_daAttackId = pAttackId_}
-
-
--- | The unique identifier (ID) for the attack that to be described.
-daAttackId :: Lens' DescribeAttack Text
-daAttackId = lens _daAttackId (\ s a -> s{_daAttackId = a})
-
-instance AWSRequest DescribeAttack where
-        type Rs DescribeAttack = DescribeAttackResponse
-        request = postJSON shield
-        response
-          = receiveJSON
-              (\ s h x ->
-                 DescribeAttackResponse' <$>
-                   (x .?> "Attack") <*> (pure (fromEnum s)))
-
-instance Hashable DescribeAttack where
-
-instance NFData DescribeAttack where
-
-instance ToHeaders DescribeAttack where
-        toHeaders
-          = const
-              (mconcat
-                 ["X-Amz-Target" =#
-                    ("AWSShield_20160616.DescribeAttack" :: ByteString),
-                  "Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON DescribeAttack where
-        toJSON DescribeAttack'{..}
-          = object
-              (catMaybes [Just ("AttackId" .= _daAttackId)])
-
-instance ToPath DescribeAttack where
-        toPath = const "/"
-
-instance ToQuery DescribeAttack where
-        toQuery = const mempty
-
--- | /See:/ 'describeAttackResponse' smart constructor.
-data DescribeAttackResponse = DescribeAttackResponse'
-  { _darsAttack         :: !(Maybe AttackDetail)
-  , _darsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DescribeAttackResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'darsAttack' - The attack that is described.
---
--- * 'darsResponseStatus' - -- | The response status code.
-describeAttackResponse
-    :: Int -- ^ 'darsResponseStatus'
-    -> DescribeAttackResponse
-describeAttackResponse pResponseStatus_ =
-  DescribeAttackResponse'
-    {_darsAttack = Nothing, _darsResponseStatus = pResponseStatus_}
-
-
--- | The attack that is described.
-darsAttack :: Lens' DescribeAttackResponse (Maybe AttackDetail)
-darsAttack = lens _darsAttack (\ s a -> s{_darsAttack = a})
-
--- | -- | The response status code.
-darsResponseStatus :: Lens' DescribeAttackResponse Int
-darsResponseStatus = lens _darsResponseStatus (\ s a -> s{_darsResponseStatus = a})
-
-instance NFData DescribeAttackResponse where
diff --git a/gen/Network/AWS/Shield/DescribeProtection.hs b/gen/Network/AWS/Shield/DescribeProtection.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/DescribeProtection.hs
+++ /dev/null
@@ -1,135 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.DescribeProtection
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Lists the details of a 'Protection' object.
---
---
-module Network.AWS.Shield.DescribeProtection
-    (
-    -- * Creating a Request
-      describeProtection
-    , DescribeProtection
-    -- * Request Lenses
-    , dpProtectionId
-
-    -- * Destructuring the Response
-    , describeProtectionResponse
-    , DescribeProtectionResponse
-    -- * Response Lenses
-    , dprsProtection
-    , dprsResponseStatus
-    ) where
-
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-import Network.AWS.Shield.Types
-import Network.AWS.Shield.Types.Product
-
--- | /See:/ 'describeProtection' smart constructor.
-newtype DescribeProtection = DescribeProtection'
-  { _dpProtectionId :: Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DescribeProtection' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dpProtectionId' - The unique identifier (ID) for the 'Protection' object that is described.
-describeProtection
-    :: Text -- ^ 'dpProtectionId'
-    -> DescribeProtection
-describeProtection pProtectionId_ =
-  DescribeProtection' {_dpProtectionId = pProtectionId_}
-
-
--- | The unique identifier (ID) for the 'Protection' object that is described.
-dpProtectionId :: Lens' DescribeProtection Text
-dpProtectionId = lens _dpProtectionId (\ s a -> s{_dpProtectionId = a})
-
-instance AWSRequest DescribeProtection where
-        type Rs DescribeProtection =
-             DescribeProtectionResponse
-        request = postJSON shield
-        response
-          = receiveJSON
-              (\ s h x ->
-                 DescribeProtectionResponse' <$>
-                   (x .?> "Protection") <*> (pure (fromEnum s)))
-
-instance Hashable DescribeProtection where
-
-instance NFData DescribeProtection where
-
-instance ToHeaders DescribeProtection where
-        toHeaders
-          = const
-              (mconcat
-                 ["X-Amz-Target" =#
-                    ("AWSShield_20160616.DescribeProtection" ::
-                       ByteString),
-                  "Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON DescribeProtection where
-        toJSON DescribeProtection'{..}
-          = object
-              (catMaybes
-                 [Just ("ProtectionId" .= _dpProtectionId)])
-
-instance ToPath DescribeProtection where
-        toPath = const "/"
-
-instance ToQuery DescribeProtection where
-        toQuery = const mempty
-
--- | /See:/ 'describeProtectionResponse' smart constructor.
-data DescribeProtectionResponse = DescribeProtectionResponse'
-  { _dprsProtection     :: !(Maybe Protection)
-  , _dprsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DescribeProtectionResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dprsProtection' - The 'Protection' object that is described.
---
--- * 'dprsResponseStatus' - -- | The response status code.
-describeProtectionResponse
-    :: Int -- ^ 'dprsResponseStatus'
-    -> DescribeProtectionResponse
-describeProtectionResponse pResponseStatus_ =
-  DescribeProtectionResponse'
-    {_dprsProtection = Nothing, _dprsResponseStatus = pResponseStatus_}
-
-
--- | The 'Protection' object that is described.
-dprsProtection :: Lens' DescribeProtectionResponse (Maybe Protection)
-dprsProtection = lens _dprsProtection (\ s a -> s{_dprsProtection = a})
-
--- | -- | The response status code.
-dprsResponseStatus :: Lens' DescribeProtectionResponse Int
-dprsResponseStatus = lens _dprsResponseStatus (\ s a -> s{_dprsResponseStatus = a})
-
-instance NFData DescribeProtectionResponse where
diff --git a/gen/Network/AWS/Shield/DescribeSubscription.hs b/gen/Network/AWS/Shield/DescribeSubscription.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/DescribeSubscription.hs
+++ /dev/null
@@ -1,121 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.DescribeSubscription
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Provides details about the AWS Shield Advanced subscription for an account.
---
---
-module Network.AWS.Shield.DescribeSubscription
-    (
-    -- * Creating a Request
-      describeSubscription
-    , DescribeSubscription
-
-    -- * Destructuring the Response
-    , describeSubscriptionResponse
-    , DescribeSubscriptionResponse
-    -- * Response Lenses
-    , dsrsSubscription
-    , dsrsResponseStatus
-    ) where
-
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-import Network.AWS.Shield.Types
-import Network.AWS.Shield.Types.Product
-
--- | /See:/ 'describeSubscription' smart constructor.
-data DescribeSubscription =
-  DescribeSubscription'
-  deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DescribeSubscription' with the minimum fields required to make a request.
---
-describeSubscription
-    :: DescribeSubscription
-describeSubscription = DescribeSubscription'
-
-
-instance AWSRequest DescribeSubscription where
-        type Rs DescribeSubscription =
-             DescribeSubscriptionResponse
-        request = postJSON shield
-        response
-          = receiveJSON
-              (\ s h x ->
-                 DescribeSubscriptionResponse' <$>
-                   (x .?> "Subscription") <*> (pure (fromEnum s)))
-
-instance Hashable DescribeSubscription where
-
-instance NFData DescribeSubscription where
-
-instance ToHeaders DescribeSubscription where
-        toHeaders
-          = const
-              (mconcat
-                 ["X-Amz-Target" =#
-                    ("AWSShield_20160616.DescribeSubscription" ::
-                       ByteString),
-                  "Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON DescribeSubscription where
-        toJSON = const (Object mempty)
-
-instance ToPath DescribeSubscription where
-        toPath = const "/"
-
-instance ToQuery DescribeSubscription where
-        toQuery = const mempty
-
--- | /See:/ 'describeSubscriptionResponse' smart constructor.
-data DescribeSubscriptionResponse = DescribeSubscriptionResponse'
-  { _dsrsSubscription   :: !(Maybe Subscription)
-  , _dsrsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'DescribeSubscriptionResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'dsrsSubscription' - The AWS Shield Advanced subscription details for an account.
---
--- * 'dsrsResponseStatus' - -- | The response status code.
-describeSubscriptionResponse
-    :: Int -- ^ 'dsrsResponseStatus'
-    -> DescribeSubscriptionResponse
-describeSubscriptionResponse pResponseStatus_ =
-  DescribeSubscriptionResponse'
-    {_dsrsSubscription = Nothing, _dsrsResponseStatus = pResponseStatus_}
-
-
--- | The AWS Shield Advanced subscription details for an account.
-dsrsSubscription :: Lens' DescribeSubscriptionResponse (Maybe Subscription)
-dsrsSubscription = lens _dsrsSubscription (\ s a -> s{_dsrsSubscription = a})
-
--- | -- | The response status code.
-dsrsResponseStatus :: Lens' DescribeSubscriptionResponse Int
-dsrsResponseStatus = lens _dsrsResponseStatus (\ s a -> s{_dsrsResponseStatus = a})
-
-instance NFData DescribeSubscriptionResponse where
diff --git a/gen/Network/AWS/Shield/GetSubscriptionState.hs b/gen/Network/AWS/Shield/GetSubscriptionState.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/GetSubscriptionState.hs
+++ /dev/null
@@ -1,124 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.GetSubscriptionState
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Returns the @SubscriptionState@ , either @Active@ or @Inactive@ .
---
---
-module Network.AWS.Shield.GetSubscriptionState
-    (
-    -- * Creating a Request
-      getSubscriptionState
-    , GetSubscriptionState
-
-    -- * Destructuring the Response
-    , getSubscriptionStateResponse
-    , GetSubscriptionStateResponse
-    -- * Response Lenses
-    , gssrsResponseStatus
-    , gssrsSubscriptionState
-    ) where
-
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-import Network.AWS.Shield.Types
-import Network.AWS.Shield.Types.Product
-
--- | /See:/ 'getSubscriptionState' smart constructor.
-data GetSubscriptionState =
-  GetSubscriptionState'
-  deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetSubscriptionState' with the minimum fields required to make a request.
---
-getSubscriptionState
-    :: GetSubscriptionState
-getSubscriptionState = GetSubscriptionState'
-
-
-instance AWSRequest GetSubscriptionState where
-        type Rs GetSubscriptionState =
-             GetSubscriptionStateResponse
-        request = postJSON shield
-        response
-          = receiveJSON
-              (\ s h x ->
-                 GetSubscriptionStateResponse' <$>
-                   (pure (fromEnum s)) <*> (x .:> "SubscriptionState"))
-
-instance Hashable GetSubscriptionState where
-
-instance NFData GetSubscriptionState where
-
-instance ToHeaders GetSubscriptionState where
-        toHeaders
-          = const
-              (mconcat
-                 ["X-Amz-Target" =#
-                    ("AWSShield_20160616.GetSubscriptionState" ::
-                       ByteString),
-                  "Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON GetSubscriptionState where
-        toJSON = const (Object mempty)
-
-instance ToPath GetSubscriptionState where
-        toPath = const "/"
-
-instance ToQuery GetSubscriptionState where
-        toQuery = const mempty
-
--- | /See:/ 'getSubscriptionStateResponse' smart constructor.
-data GetSubscriptionStateResponse = GetSubscriptionStateResponse'
-  { _gssrsResponseStatus    :: !Int
-  , _gssrsSubscriptionState :: !SubscriptionState
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'GetSubscriptionStateResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'gssrsResponseStatus' - -- | The response status code.
---
--- * 'gssrsSubscriptionState' - The status of the subscription.
-getSubscriptionStateResponse
-    :: Int -- ^ 'gssrsResponseStatus'
-    -> SubscriptionState -- ^ 'gssrsSubscriptionState'
-    -> GetSubscriptionStateResponse
-getSubscriptionStateResponse pResponseStatus_ pSubscriptionState_ =
-  GetSubscriptionStateResponse'
-    { _gssrsResponseStatus = pResponseStatus_
-    , _gssrsSubscriptionState = pSubscriptionState_
-    }
-
-
--- | -- | The response status code.
-gssrsResponseStatus :: Lens' GetSubscriptionStateResponse Int
-gssrsResponseStatus = lens _gssrsResponseStatus (\ s a -> s{_gssrsResponseStatus = a})
-
--- | The status of the subscription.
-gssrsSubscriptionState :: Lens' GetSubscriptionStateResponse SubscriptionState
-gssrsSubscriptionState = lens _gssrsSubscriptionState (\ s a -> s{_gssrsSubscriptionState = a})
-
-instance NFData GetSubscriptionStateResponse where
diff --git a/gen/Network/AWS/Shield/ListAttacks.hs b/gen/Network/AWS/Shield/ListAttacks.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/ListAttacks.hs
+++ /dev/null
@@ -1,187 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.ListAttacks
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Returns all ongoing DDoS attacks or all DDoS attacks during a specified time period.
---
---
-module Network.AWS.Shield.ListAttacks
-    (
-    -- * Creating a Request
-      listAttacks
-    , ListAttacks
-    -- * Request Lenses
-    , laStartTime
-    , laResourceARNs
-    , laNextToken
-    , laEndTime
-    , laMaxResults
-
-    -- * Destructuring the Response
-    , listAttacksResponse
-    , ListAttacksResponse
-    -- * Response Lenses
-    , larsAttackSummaries
-    , larsNextToken
-    , larsResponseStatus
-    ) where
-
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-import Network.AWS.Shield.Types
-import Network.AWS.Shield.Types.Product
-
--- | /See:/ 'listAttacks' smart constructor.
-data ListAttacks = ListAttacks'
-  { _laStartTime    :: !(Maybe TimeRange)
-  , _laResourceARNs :: !(Maybe [Text])
-  , _laNextToken    :: !(Maybe Text)
-  , _laEndTime      :: !(Maybe TimeRange)
-  , _laMaxResults   :: !(Maybe Nat)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListAttacks' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'laStartTime' - The start of the time period for the attacks. This is a @timestamp@ type. The sample request above indicates a @number@ type because the default used by WAF is Unix time in seconds. However any valid <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp format> is allowed.
---
--- * 'laResourceARNs' - The ARN (Amazon Resource Name) of the resource that was attacked. If this is left blank, all applicable resources for this account will be included.
---
--- * 'laNextToken' - The @ListAttacksRequest.NextMarker@ value from a previous call to @ListAttacksRequest@ . Pass null if this is the first call.
---
--- * 'laEndTime' - The end of the time period for the attacks. This is a @timestamp@ type. The sample request above indicates a @number@ type because the default used by WAF is Unix time in seconds. However any valid <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp format> is allowed.
---
--- * 'laMaxResults' - The maximum number of 'AttackSummary' objects to be returned. If this is left blank, the first 20 results will be returned.
-listAttacks
-    :: ListAttacks
-listAttacks =
-  ListAttacks'
-    { _laStartTime = Nothing
-    , _laResourceARNs = Nothing
-    , _laNextToken = Nothing
-    , _laEndTime = Nothing
-    , _laMaxResults = Nothing
-    }
-
-
--- | The start of the time period for the attacks. This is a @timestamp@ type. The sample request above indicates a @number@ type because the default used by WAF is Unix time in seconds. However any valid <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp format> is allowed.
-laStartTime :: Lens' ListAttacks (Maybe TimeRange)
-laStartTime = lens _laStartTime (\ s a -> s{_laStartTime = a})
-
--- | The ARN (Amazon Resource Name) of the resource that was attacked. If this is left blank, all applicable resources for this account will be included.
-laResourceARNs :: Lens' ListAttacks [Text]
-laResourceARNs = lens _laResourceARNs (\ s a -> s{_laResourceARNs = a}) . _Default . _Coerce
-
--- | The @ListAttacksRequest.NextMarker@ value from a previous call to @ListAttacksRequest@ . Pass null if this is the first call.
-laNextToken :: Lens' ListAttacks (Maybe Text)
-laNextToken = lens _laNextToken (\ s a -> s{_laNextToken = a})
-
--- | The end of the time period for the attacks. This is a @timestamp@ type. The sample request above indicates a @number@ type because the default used by WAF is Unix time in seconds. However any valid <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp format> is allowed.
-laEndTime :: Lens' ListAttacks (Maybe TimeRange)
-laEndTime = lens _laEndTime (\ s a -> s{_laEndTime = a})
-
--- | The maximum number of 'AttackSummary' objects to be returned. If this is left blank, the first 20 results will be returned.
-laMaxResults :: Lens' ListAttacks (Maybe Natural)
-laMaxResults = lens _laMaxResults (\ s a -> s{_laMaxResults = a}) . mapping _Nat
-
-instance AWSRequest ListAttacks where
-        type Rs ListAttacks = ListAttacksResponse
-        request = postJSON shield
-        response
-          = receiveJSON
-              (\ s h x ->
-                 ListAttacksResponse' <$>
-                   (x .?> "AttackSummaries" .!@ mempty) <*>
-                     (x .?> "NextToken")
-                     <*> (pure (fromEnum s)))
-
-instance Hashable ListAttacks where
-
-instance NFData ListAttacks where
-
-instance ToHeaders ListAttacks where
-        toHeaders
-          = const
-              (mconcat
-                 ["X-Amz-Target" =#
-                    ("AWSShield_20160616.ListAttacks" :: ByteString),
-                  "Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON ListAttacks where
-        toJSON ListAttacks'{..}
-          = object
-              (catMaybes
-                 [("StartTime" .=) <$> _laStartTime,
-                  ("ResourceArns" .=) <$> _laResourceARNs,
-                  ("NextToken" .=) <$> _laNextToken,
-                  ("EndTime" .=) <$> _laEndTime,
-                  ("MaxResults" .=) <$> _laMaxResults])
-
-instance ToPath ListAttacks where
-        toPath = const "/"
-
-instance ToQuery ListAttacks where
-        toQuery = const mempty
-
--- | /See:/ 'listAttacksResponse' smart constructor.
-data ListAttacksResponse = ListAttacksResponse'
-  { _larsAttackSummaries :: !(Maybe [AttackSummary])
-  , _larsNextToken       :: !(Maybe Text)
-  , _larsResponseStatus  :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListAttacksResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'larsAttackSummaries' - The attack information for the specified time range.
---
--- * 'larsNextToken' - The token returned by a previous call to indicate that there is more data available. If not null, more results are available. Pass this value for the @NextMarker@ parameter in a subsequent call to @ListAttacks@ to retrieve the next set of items.
---
--- * 'larsResponseStatus' - -- | The response status code.
-listAttacksResponse
-    :: Int -- ^ 'larsResponseStatus'
-    -> ListAttacksResponse
-listAttacksResponse pResponseStatus_ =
-  ListAttacksResponse'
-    { _larsAttackSummaries = Nothing
-    , _larsNextToken = Nothing
-    , _larsResponseStatus = pResponseStatus_
-    }
-
-
--- | The attack information for the specified time range.
-larsAttackSummaries :: Lens' ListAttacksResponse [AttackSummary]
-larsAttackSummaries = lens _larsAttackSummaries (\ s a -> s{_larsAttackSummaries = a}) . _Default . _Coerce
-
--- | The token returned by a previous call to indicate that there is more data available. If not null, more results are available. Pass this value for the @NextMarker@ parameter in a subsequent call to @ListAttacks@ to retrieve the next set of items.
-larsNextToken :: Lens' ListAttacksResponse (Maybe Text)
-larsNextToken = lens _larsNextToken (\ s a -> s{_larsNextToken = a})
-
--- | -- | The response status code.
-larsResponseStatus :: Lens' ListAttacksResponse Int
-larsResponseStatus = lens _larsResponseStatus (\ s a -> s{_larsResponseStatus = a})
-
-instance NFData ListAttacksResponse where
diff --git a/gen/Network/AWS/Shield/ListProtections.hs b/gen/Network/AWS/Shield/ListProtections.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/ListProtections.hs
+++ /dev/null
@@ -1,164 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-{-# LANGUAGE TypeFamilies       #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-unused-binds   #-}
-{-# OPTIONS_GHC -fno-warn-unused-matches #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.ListProtections
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
--- Lists all 'Protection' objects for the account.
---
---
---
--- This operation returns paginated results.
-module Network.AWS.Shield.ListProtections
-    (
-    -- * Creating a Request
-      listProtections
-    , ListProtections
-    -- * Request Lenses
-    , lpNextToken
-    , lpMaxResults
-
-    -- * Destructuring the Response
-    , listProtectionsResponse
-    , ListProtectionsResponse
-    -- * Response Lenses
-    , lprsProtections
-    , lprsNextToken
-    , lprsResponseStatus
-    ) where
-
-import Network.AWS.Lens
-import Network.AWS.Pager
-import Network.AWS.Prelude
-import Network.AWS.Request
-import Network.AWS.Response
-import Network.AWS.Shield.Types
-import Network.AWS.Shield.Types.Product
-
--- | /See:/ 'listProtections' smart constructor.
-data ListProtections = ListProtections'
-  { _lpNextToken  :: !(Maybe Text)
-  , _lpMaxResults :: !(Maybe Nat)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListProtections' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'lpNextToken' - The @ListProtectionsRequest.NextToken@ value from a previous call to @ListProtections@ . Pass null if this is the first call.
---
--- * 'lpMaxResults' - The maximum number of 'Protection' objects to be returned. If this is left blank the first 20 results will be returned.
-listProtections
-    :: ListProtections
-listProtections =
-  ListProtections' {_lpNextToken = Nothing, _lpMaxResults = Nothing}
-
-
--- | The @ListProtectionsRequest.NextToken@ value from a previous call to @ListProtections@ . Pass null if this is the first call.
-lpNextToken :: Lens' ListProtections (Maybe Text)
-lpNextToken = lens _lpNextToken (\ s a -> s{_lpNextToken = a})
-
--- | The maximum number of 'Protection' objects to be returned. If this is left blank the first 20 results will be returned.
-lpMaxResults :: Lens' ListProtections (Maybe Natural)
-lpMaxResults = lens _lpMaxResults (\ s a -> s{_lpMaxResults = a}) . mapping _Nat
-
-instance AWSPager ListProtections where
-        page rq rs
-          | stop (rs ^. lprsNextToken) = Nothing
-          | stop (rs ^. lprsProtections) = Nothing
-          | otherwise =
-            Just $ rq & lpNextToken .~ rs ^. lprsNextToken
-
-instance AWSRequest ListProtections where
-        type Rs ListProtections = ListProtectionsResponse
-        request = postJSON shield
-        response
-          = receiveJSON
-              (\ s h x ->
-                 ListProtectionsResponse' <$>
-                   (x .?> "Protections" .!@ mempty) <*>
-                     (x .?> "NextToken")
-                     <*> (pure (fromEnum s)))
-
-instance Hashable ListProtections where
-
-instance NFData ListProtections where
-
-instance ToHeaders ListProtections where
-        toHeaders
-          = const
-              (mconcat
-                 ["X-Amz-Target" =#
-                    ("AWSShield_20160616.ListProtections" :: ByteString),
-                  "Content-Type" =#
-                    ("application/x-amz-json-1.1" :: ByteString)])
-
-instance ToJSON ListProtections where
-        toJSON ListProtections'{..}
-          = object
-              (catMaybes
-                 [("NextToken" .=) <$> _lpNextToken,
-                  ("MaxResults" .=) <$> _lpMaxResults])
-
-instance ToPath ListProtections where
-        toPath = const "/"
-
-instance ToQuery ListProtections where
-        toQuery = const mempty
-
--- | /See:/ 'listProtectionsResponse' smart constructor.
-data ListProtectionsResponse = ListProtectionsResponse'
-  { _lprsProtections    :: !(Maybe [Protection])
-  , _lprsNextToken      :: !(Maybe Text)
-  , _lprsResponseStatus :: !Int
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'ListProtectionsResponse' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'lprsProtections' - The array of enabled 'Protection' objects.
---
--- * 'lprsNextToken' - If you specify a value for @MaxResults@ and you have more Protections than the value of MaxResults, AWS Shield Advanced returns a NextToken value in the response that allows you to list another group of Protections. For the second and subsequent ListProtections requests, specify the value of NextToken from the previous response to get information about another batch of Protections.
---
--- * 'lprsResponseStatus' - -- | The response status code.
-listProtectionsResponse
-    :: Int -- ^ 'lprsResponseStatus'
-    -> ListProtectionsResponse
-listProtectionsResponse pResponseStatus_ =
-  ListProtectionsResponse'
-    { _lprsProtections = Nothing
-    , _lprsNextToken = Nothing
-    , _lprsResponseStatus = pResponseStatus_
-    }
-
-
--- | The array of enabled 'Protection' objects.
-lprsProtections :: Lens' ListProtectionsResponse [Protection]
-lprsProtections = lens _lprsProtections (\ s a -> s{_lprsProtections = a}) . _Default . _Coerce
-
--- | If you specify a value for @MaxResults@ and you have more Protections than the value of MaxResults, AWS Shield Advanced returns a NextToken value in the response that allows you to list another group of Protections. For the second and subsequent ListProtections requests, specify the value of NextToken from the previous response to get information about another batch of Protections.
-lprsNextToken :: Lens' ListProtectionsResponse (Maybe Text)
-lprsNextToken = lens _lprsNextToken (\ s a -> s{_lprsNextToken = a})
-
--- | -- | The response status code.
-lprsResponseStatus :: Lens' ListProtectionsResponse Int
-lprsResponseStatus = lens _lprsResponseStatus (\ s a -> s{_lprsResponseStatus = a})
-
-instance NFData ListProtectionsResponse where
diff --git a/gen/Network/AWS/Shield/Types.hs b/gen/Network/AWS/Shield/Types.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/Types.hs
+++ /dev/null
@@ -1,249 +0,0 @@
-{-# LANGUAGE OverloadedStrings #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.Types
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Network.AWS.Shield.Types
-    (
-    -- * Service Configuration
-      shield
-
-    -- * Errors
-    , _InvalidResourceException
-    , _InvalidParameterException
-    , _LimitsExceededException
-    , _InternalErrorException
-    , _ResourceAlreadyExistsException
-    , _OptimisticLockException
-    , _InvalidOperationException
-    , _LockedSubscriptionException
-    , _ResourceNotFoundException
-
-    -- * AttackLayer
-    , AttackLayer (..)
-
-    -- * AttackPropertyIdentifier
-    , AttackPropertyIdentifier (..)
-
-    -- * SubResourceType
-    , SubResourceType (..)
-
-    -- * SubscriptionState
-    , SubscriptionState (..)
-
-    -- * Unit
-    , Unit (..)
-
-    -- * AttackDetail
-    , AttackDetail
-    , attackDetail
-    , adAttackId
-    , adStartTime
-    , adSubResources
-    , adMitigations
-    , adAttackProperties
-    , adAttackCounters
-    , adResourceARN
-    , adEndTime
-
-    -- * AttackProperty
-    , AttackProperty
-    , attackProperty
-    , apAttackLayer
-    , apTopContributors
-    , apAttackPropertyIdentifier
-    , apTotal
-    , apUnit
-
-    -- * AttackSummary
-    , AttackSummary
-    , attackSummary
-    , asAttackVectors
-    , asAttackId
-    , asStartTime
-    , asResourceARN
-    , asEndTime
-
-    -- * AttackVectorDescription
-    , AttackVectorDescription
-    , attackVectorDescription
-    , avdVectorType
-
-    -- * Contributor
-    , Contributor
-    , contributor
-    , cValue
-    , cName
-
-    -- * Mitigation
-    , Mitigation
-    , mitigation
-    , mMitigationName
-
-    -- * Protection
-    , Protection
-    , protection
-    , pResourceARN
-    , pName
-    , pId
-
-    -- * SubResourceSummary
-    , SubResourceSummary
-    , subResourceSummary
-    , srsCounters
-    , srsAttackVectors
-    , srsId
-    , srsType
-
-    -- * Subscription
-    , Subscription
-    , subscription
-    , sTimeCommitmentInSeconds
-    , sStartTime
-
-    -- * SummarizedAttackVector
-    , SummarizedAttackVector
-    , summarizedAttackVector
-    , savVectorCounters
-    , savVectorType
-
-    -- * SummarizedCounter
-    , SummarizedCounter
-    , summarizedCounter
-    , scMax
-    , scAverage
-    , scN
-    , scName
-    , scSum
-    , scUnit
-
-    -- * TimeRange
-    , TimeRange
-    , timeRange
-    , trFromInclusive
-    , trToExclusive
-    ) where
-
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Shield.Types.Product
-import Network.AWS.Shield.Types.Sum
-import Network.AWS.Sign.V4
-
--- | API version @2016-06-02@ of the Amazon Shield SDK configuration.
-shield :: Service
-shield =
-  Service
-    { _svcAbbrev = "Shield"
-    , _svcSigner = v4
-    , _svcPrefix = "shield"
-    , _svcVersion = "2016-06-02"
-    , _svcEndpoint = defaultEndpoint shield
-    , _svcTimeout = Just 70
-    , _svcCheck = statusSuccess
-    , _svcError = parseJSONError "Shield"
-    , _svcRetry = retry
-    }
-  where
-    retry =
-      Exponential
-        { _retryBase = 5.0e-2
-        , _retryGrowth = 2
-        , _retryAttempts = 5
-        , _retryCheck = check
-        }
-    check e
-      | has (hasCode "ThrottledException" . hasStatus 400) e =
-        Just "throttled_exception"
-      | has (hasStatus 429) e = Just "too_many_requests"
-      | has (hasCode "ThrottlingException" . hasStatus 400) e =
-        Just "throttling_exception"
-      | has (hasCode "Throttling" . hasStatus 400) e = Just "throttling"
-      | has (hasStatus 504) e = Just "gateway_timeout"
-      | has (hasCode "RequestThrottledException" . hasStatus 400) e =
-        Just "request_throttled_exception"
-      | has (hasStatus 502) e = Just "bad_gateway"
-      | has (hasStatus 503) e = Just "service_unavailable"
-      | has (hasStatus 500) e = Just "general_server_error"
-      | has (hasStatus 509) e = Just "limit_exceeded"
-      | otherwise = Nothing
-
-
--- | Exception that indicates that the resource is invalid. You might not have access to the resource, or the resource might not exist.
---
---
-_InvalidResourceException :: AsError a => Getting (First ServiceError) a ServiceError
-_InvalidResourceException = _MatchServiceError shield "InvalidResourceException"
-
-
--- | Exception that indicates that the parameters passed to the API are invalid.
---
---
-_InvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError
-_InvalidParameterException =
-  _MatchServiceError shield "InvalidParameterException"
-
-
--- | Exception that indicates that the operation would exceed a limit.
---
---
--- @Type@ is the type of limit that would be exceeded.
---
--- @Limit@ is the threshold that would be exceeded.
---
-_LimitsExceededException :: AsError a => Getting (First ServiceError) a ServiceError
-_LimitsExceededException = _MatchServiceError shield "LimitsExceededException"
-
-
--- | Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.
---
---
-_InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError
-_InternalErrorException = _MatchServiceError shield "InternalErrorException"
-
-
--- | Exception indicating the specified resource already exists.
---
---
-_ResourceAlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError
-_ResourceAlreadyExistsException =
-  _MatchServiceError shield "ResourceAlreadyExistsException"
-
-
--- | Exception that indicates that the protection state has been modified by another client. You can retry the request.
---
---
-_OptimisticLockException :: AsError a => Getting (First ServiceError) a ServiceError
-_OptimisticLockException = _MatchServiceError shield "OptimisticLockException"
-
-
--- | Exception that indicates that the operation would not cause any change to occur.
---
---
-_InvalidOperationException :: AsError a => Getting (First ServiceError) a ServiceError
-_InvalidOperationException =
-  _MatchServiceError shield "InvalidOperationException"
-
-
--- | Exception that indicates that the subscription you are trying to delete has not yet completed the 1-year commitment. You cannot delete this subscription.
---
---
-_LockedSubscriptionException :: AsError a => Getting (First ServiceError) a ServiceError
-_LockedSubscriptionException =
-  _MatchServiceError shield "LockedSubscriptionException"
-
-
--- | Exception indicating the specified resource does not exist.
---
---
-_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
-_ResourceNotFoundException =
-  _MatchServiceError shield "ResourceNotFoundException"
-
diff --git a/gen/Network/AWS/Shield/Types/Product.hs b/gen/Network/AWS/Shield/Types/Product.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/Types/Product.hs
+++ /dev/null
@@ -1,709 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE OverloadedStrings  #-}
-{-# LANGUAGE RecordWildCards    #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.Types.Product
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Network.AWS.Shield.Types.Product where
-
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Shield.Types.Sum
-
--- | The details of a DDoS attack.
---
---
---
--- /See:/ 'attackDetail' smart constructor.
-data AttackDetail = AttackDetail'
-  { _adAttackId         :: !(Maybe Text)
-  , _adStartTime        :: !(Maybe POSIX)
-  , _adSubResources     :: !(Maybe [SubResourceSummary])
-  , _adMitigations      :: !(Maybe [Mitigation])
-  , _adAttackProperties :: !(Maybe [AttackProperty])
-  , _adAttackCounters   :: !(Maybe [SummarizedCounter])
-  , _adResourceARN      :: !(Maybe Text)
-  , _adEndTime          :: !(Maybe POSIX)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'AttackDetail' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'adAttackId' - The unique identifier (ID) of the attack.
---
--- * 'adStartTime' - The time the attack started, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
---
--- * 'adSubResources' - If applicable, additional detail about the resource being attacked, for example, IP address or URL.
---
--- * 'adMitigations' - List of mitigation actions taken for the attack.
---
--- * 'adAttackProperties' - The array of 'AttackProperty' objects.
---
--- * 'adAttackCounters' - List of counters that describe the attack for the specified time period.
---
--- * 'adResourceARN' - The ARN (Amazon Resource Name) of the resource that was attacked.
---
--- * 'adEndTime' - The time the attack ended, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
-attackDetail
-    :: AttackDetail
-attackDetail =
-  AttackDetail'
-    { _adAttackId = Nothing
-    , _adStartTime = Nothing
-    , _adSubResources = Nothing
-    , _adMitigations = Nothing
-    , _adAttackProperties = Nothing
-    , _adAttackCounters = Nothing
-    , _adResourceARN = Nothing
-    , _adEndTime = Nothing
-    }
-
-
--- | The unique identifier (ID) of the attack.
-adAttackId :: Lens' AttackDetail (Maybe Text)
-adAttackId = lens _adAttackId (\ s a -> s{_adAttackId = a})
-
--- | The time the attack started, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
-adStartTime :: Lens' AttackDetail (Maybe UTCTime)
-adStartTime = lens _adStartTime (\ s a -> s{_adStartTime = a}) . mapping _Time
-
--- | If applicable, additional detail about the resource being attacked, for example, IP address or URL.
-adSubResources :: Lens' AttackDetail [SubResourceSummary]
-adSubResources = lens _adSubResources (\ s a -> s{_adSubResources = a}) . _Default . _Coerce
-
--- | List of mitigation actions taken for the attack.
-adMitigations :: Lens' AttackDetail [Mitigation]
-adMitigations = lens _adMitigations (\ s a -> s{_adMitigations = a}) . _Default . _Coerce
-
--- | The array of 'AttackProperty' objects.
-adAttackProperties :: Lens' AttackDetail [AttackProperty]
-adAttackProperties = lens _adAttackProperties (\ s a -> s{_adAttackProperties = a}) . _Default . _Coerce
-
--- | List of counters that describe the attack for the specified time period.
-adAttackCounters :: Lens' AttackDetail [SummarizedCounter]
-adAttackCounters = lens _adAttackCounters (\ s a -> s{_adAttackCounters = a}) . _Default . _Coerce
-
--- | The ARN (Amazon Resource Name) of the resource that was attacked.
-adResourceARN :: Lens' AttackDetail (Maybe Text)
-adResourceARN = lens _adResourceARN (\ s a -> s{_adResourceARN = a})
-
--- | The time the attack ended, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
-adEndTime :: Lens' AttackDetail (Maybe UTCTime)
-adEndTime = lens _adEndTime (\ s a -> s{_adEndTime = a}) . mapping _Time
-
-instance FromJSON AttackDetail where
-        parseJSON
-          = withObject "AttackDetail"
-              (\ x ->
-                 AttackDetail' <$>
-                   (x .:? "AttackId") <*> (x .:? "StartTime") <*>
-                     (x .:? "SubResources" .!= mempty)
-                     <*> (x .:? "Mitigations" .!= mempty)
-                     <*> (x .:? "AttackProperties" .!= mempty)
-                     <*> (x .:? "AttackCounters" .!= mempty)
-                     <*> (x .:? "ResourceArn")
-                     <*> (x .:? "EndTime"))
-
-instance Hashable AttackDetail where
-
-instance NFData AttackDetail where
-
--- | Details of the described attack.
---
---
---
--- /See:/ 'attackProperty' smart constructor.
-data AttackProperty = AttackProperty'
-  { _apAttackLayer              :: !(Maybe AttackLayer)
-  , _apTopContributors          :: !(Maybe [Contributor])
-  , _apAttackPropertyIdentifier :: !(Maybe AttackPropertyIdentifier)
-  , _apTotal                    :: !(Maybe Integer)
-  , _apUnit                     :: !(Maybe Unit)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'AttackProperty' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'apAttackLayer' - The type of DDoS event that was observed. @NETWORK@ indicates layer 3 and layer 4 events and @APPLICATION@ indicates layer 7 events.
---
--- * 'apTopContributors' - The array of 'Contributor' objects that includes the top five contributors to an attack.
---
--- * 'apAttackPropertyIdentifier' - Defines the DDoS attack property information that is provided.
---
--- * 'apTotal' - The total contributions made to this attack by all contributors, not just the five listed in the @TopContributors@ list.
---
--- * 'apUnit' - The unit of the @Value@ of the contributions.
-attackProperty
-    :: AttackProperty
-attackProperty =
-  AttackProperty'
-    { _apAttackLayer = Nothing
-    , _apTopContributors = Nothing
-    , _apAttackPropertyIdentifier = Nothing
-    , _apTotal = Nothing
-    , _apUnit = Nothing
-    }
-
-
--- | The type of DDoS event that was observed. @NETWORK@ indicates layer 3 and layer 4 events and @APPLICATION@ indicates layer 7 events.
-apAttackLayer :: Lens' AttackProperty (Maybe AttackLayer)
-apAttackLayer = lens _apAttackLayer (\ s a -> s{_apAttackLayer = a})
-
--- | The array of 'Contributor' objects that includes the top five contributors to an attack.
-apTopContributors :: Lens' AttackProperty [Contributor]
-apTopContributors = lens _apTopContributors (\ s a -> s{_apTopContributors = a}) . _Default . _Coerce
-
--- | Defines the DDoS attack property information that is provided.
-apAttackPropertyIdentifier :: Lens' AttackProperty (Maybe AttackPropertyIdentifier)
-apAttackPropertyIdentifier = lens _apAttackPropertyIdentifier (\ s a -> s{_apAttackPropertyIdentifier = a})
-
--- | The total contributions made to this attack by all contributors, not just the five listed in the @TopContributors@ list.
-apTotal :: Lens' AttackProperty (Maybe Integer)
-apTotal = lens _apTotal (\ s a -> s{_apTotal = a})
-
--- | The unit of the @Value@ of the contributions.
-apUnit :: Lens' AttackProperty (Maybe Unit)
-apUnit = lens _apUnit (\ s a -> s{_apUnit = a})
-
-instance FromJSON AttackProperty where
-        parseJSON
-          = withObject "AttackProperty"
-              (\ x ->
-                 AttackProperty' <$>
-                   (x .:? "AttackLayer") <*>
-                     (x .:? "TopContributors" .!= mempty)
-                     <*> (x .:? "AttackPropertyIdentifier")
-                     <*> (x .:? "Total")
-                     <*> (x .:? "Unit"))
-
-instance Hashable AttackProperty where
-
-instance NFData AttackProperty where
-
--- | Summarizes all DDoS attacks for a specified time period.
---
---
---
--- /See:/ 'attackSummary' smart constructor.
-data AttackSummary = AttackSummary'
-  { _asAttackVectors :: !(Maybe [AttackVectorDescription])
-  , _asAttackId      :: !(Maybe Text)
-  , _asStartTime     :: !(Maybe POSIX)
-  , _asResourceARN   :: !(Maybe Text)
-  , _asEndTime       :: !(Maybe POSIX)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'AttackSummary' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'asAttackVectors' - The list of attacks for a specified time period.
---
--- * 'asAttackId' - The unique identifier (ID) of the attack.
---
--- * 'asStartTime' - The start time of the attack, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
---
--- * 'asResourceARN' - The ARN (Amazon Resource Name) of the resource that was attacked.
---
--- * 'asEndTime' - The end time of the attack, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
-attackSummary
-    :: AttackSummary
-attackSummary =
-  AttackSummary'
-    { _asAttackVectors = Nothing
-    , _asAttackId = Nothing
-    , _asStartTime = Nothing
-    , _asResourceARN = Nothing
-    , _asEndTime = Nothing
-    }
-
-
--- | The list of attacks for a specified time period.
-asAttackVectors :: Lens' AttackSummary [AttackVectorDescription]
-asAttackVectors = lens _asAttackVectors (\ s a -> s{_asAttackVectors = a}) . _Default . _Coerce
-
--- | The unique identifier (ID) of the attack.
-asAttackId :: Lens' AttackSummary (Maybe Text)
-asAttackId = lens _asAttackId (\ s a -> s{_asAttackId = a})
-
--- | The start time of the attack, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
-asStartTime :: Lens' AttackSummary (Maybe UTCTime)
-asStartTime = lens _asStartTime (\ s a -> s{_asStartTime = a}) . mapping _Time
-
--- | The ARN (Amazon Resource Name) of the resource that was attacked.
-asResourceARN :: Lens' AttackSummary (Maybe Text)
-asResourceARN = lens _asResourceARN (\ s a -> s{_asResourceARN = a})
-
--- | The end time of the attack, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
-asEndTime :: Lens' AttackSummary (Maybe UTCTime)
-asEndTime = lens _asEndTime (\ s a -> s{_asEndTime = a}) . mapping _Time
-
-instance FromJSON AttackSummary where
-        parseJSON
-          = withObject "AttackSummary"
-              (\ x ->
-                 AttackSummary' <$>
-                   (x .:? "AttackVectors" .!= mempty) <*>
-                     (x .:? "AttackId")
-                     <*> (x .:? "StartTime")
-                     <*> (x .:? "ResourceArn")
-                     <*> (x .:? "EndTime"))
-
-instance Hashable AttackSummary where
-
-instance NFData AttackSummary where
-
--- | Describes the attack.
---
---
---
--- /See:/ 'attackVectorDescription' smart constructor.
-newtype AttackVectorDescription = AttackVectorDescription'
-  { _avdVectorType :: Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'AttackVectorDescription' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'avdVectorType' - The attack type. Valid values:     * UDP_TRAFFIC     * UDP_FRAGMENT     * GENERIC_UDP_REFLECTION     * DNS_REFLECTION     * NTP_REFLECTION     * CHARGEN_REFLECTION     * SSDP_REFLECTION     * PORT_MAPPER     * RIP_REFLECTION     * SNMP_REFLECTION     * MSSQL_REFLECTION     * NET_BIOS_REFLECTION     * SYN_FLOOD     * ACK_FLOOD     * REQUEST_FLOOD
-attackVectorDescription
-    :: Text -- ^ 'avdVectorType'
-    -> AttackVectorDescription
-attackVectorDescription pVectorType_ =
-  AttackVectorDescription' {_avdVectorType = pVectorType_}
-
-
--- | The attack type. Valid values:     * UDP_TRAFFIC     * UDP_FRAGMENT     * GENERIC_UDP_REFLECTION     * DNS_REFLECTION     * NTP_REFLECTION     * CHARGEN_REFLECTION     * SSDP_REFLECTION     * PORT_MAPPER     * RIP_REFLECTION     * SNMP_REFLECTION     * MSSQL_REFLECTION     * NET_BIOS_REFLECTION     * SYN_FLOOD     * ACK_FLOOD     * REQUEST_FLOOD
-avdVectorType :: Lens' AttackVectorDescription Text
-avdVectorType = lens _avdVectorType (\ s a -> s{_avdVectorType = a})
-
-instance FromJSON AttackVectorDescription where
-        parseJSON
-          = withObject "AttackVectorDescription"
-              (\ x ->
-                 AttackVectorDescription' <$> (x .: "VectorType"))
-
-instance Hashable AttackVectorDescription where
-
-instance NFData AttackVectorDescription where
-
--- | A contributor to the attack and their contribution.
---
---
---
--- /See:/ 'contributor' smart constructor.
-data Contributor = Contributor'
-  { _cValue :: !(Maybe Integer)
-  , _cName  :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Contributor' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'cValue' - The contribution of this contributor expressed in 'Protection' units. For example @10,000@ .
---
--- * 'cName' - The name of the contributor. This is dependent on the @AttackPropertyIdentifier@ . For example, if the @AttackPropertyIdentifier@ is @SOURCE_COUNTRY@ , the @Name@ could be @United States@ .
-contributor
-    :: Contributor
-contributor = Contributor' {_cValue = Nothing, _cName = Nothing}
-
-
--- | The contribution of this contributor expressed in 'Protection' units. For example @10,000@ .
-cValue :: Lens' Contributor (Maybe Integer)
-cValue = lens _cValue (\ s a -> s{_cValue = a})
-
--- | The name of the contributor. This is dependent on the @AttackPropertyIdentifier@ . For example, if the @AttackPropertyIdentifier@ is @SOURCE_COUNTRY@ , the @Name@ could be @United States@ .
-cName :: Lens' Contributor (Maybe Text)
-cName = lens _cName (\ s a -> s{_cName = a})
-
-instance FromJSON Contributor where
-        parseJSON
-          = withObject "Contributor"
-              (\ x ->
-                 Contributor' <$> (x .:? "Value") <*> (x .:? "Name"))
-
-instance Hashable Contributor where
-
-instance NFData Contributor where
-
--- | The mitigation applied to a DDoS attack.
---
---
---
--- /See:/ 'mitigation' smart constructor.
-newtype Mitigation = Mitigation'
-  { _mMitigationName :: Maybe Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Mitigation' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'mMitigationName' - The name of the mitigation taken for this attack.
-mitigation
-    :: Mitigation
-mitigation = Mitigation' {_mMitigationName = Nothing}
-
-
--- | The name of the mitigation taken for this attack.
-mMitigationName :: Lens' Mitigation (Maybe Text)
-mMitigationName = lens _mMitigationName (\ s a -> s{_mMitigationName = a})
-
-instance FromJSON Mitigation where
-        parseJSON
-          = withObject "Mitigation"
-              (\ x -> Mitigation' <$> (x .:? "MitigationName"))
-
-instance Hashable Mitigation where
-
-instance NFData Mitigation where
-
--- | An object that represents a resource that is under DDoS protection.
---
---
---
--- /See:/ 'protection' smart constructor.
-data Protection = Protection'
-  { _pResourceARN :: !(Maybe Text)
-  , _pName        :: !(Maybe Text)
-  , _pId          :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Protection' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'pResourceARN' - The ARN (Amazon Resource Name) of the AWS resource that is protected.
---
--- * 'pName' - The friendly name of the protection. For example, @My CloudFront distributions@ .
---
--- * 'pId' - The unique identifier (ID) of the protection.
-protection
-    :: Protection
-protection =
-  Protection' {_pResourceARN = Nothing, _pName = Nothing, _pId = Nothing}
-
-
--- | The ARN (Amazon Resource Name) of the AWS resource that is protected.
-pResourceARN :: Lens' Protection (Maybe Text)
-pResourceARN = lens _pResourceARN (\ s a -> s{_pResourceARN = a})
-
--- | The friendly name of the protection. For example, @My CloudFront distributions@ .
-pName :: Lens' Protection (Maybe Text)
-pName = lens _pName (\ s a -> s{_pName = a})
-
--- | The unique identifier (ID) of the protection.
-pId :: Lens' Protection (Maybe Text)
-pId = lens _pId (\ s a -> s{_pId = a})
-
-instance FromJSON Protection where
-        parseJSON
-          = withObject "Protection"
-              (\ x ->
-                 Protection' <$>
-                   (x .:? "ResourceArn") <*> (x .:? "Name") <*>
-                     (x .:? "Id"))
-
-instance Hashable Protection where
-
-instance NFData Protection where
-
--- | The attack information for the specified SubResource.
---
---
---
--- /See:/ 'subResourceSummary' smart constructor.
-data SubResourceSummary = SubResourceSummary'
-  { _srsCounters      :: !(Maybe [SummarizedCounter])
-  , _srsAttackVectors :: !(Maybe [SummarizedAttackVector])
-  , _srsId            :: !(Maybe Text)
-  , _srsType          :: !(Maybe SubResourceType)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'SubResourceSummary' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'srsCounters' - The counters that describe the details of the attack.
---
--- * 'srsAttackVectors' - The list of attack types and associated counters.
---
--- * 'srsId' - The unique identifier (ID) of the @SubResource@ .
---
--- * 'srsType' - The @SubResource@ type.
-subResourceSummary
-    :: SubResourceSummary
-subResourceSummary =
-  SubResourceSummary'
-    { _srsCounters = Nothing
-    , _srsAttackVectors = Nothing
-    , _srsId = Nothing
-    , _srsType = Nothing
-    }
-
-
--- | The counters that describe the details of the attack.
-srsCounters :: Lens' SubResourceSummary [SummarizedCounter]
-srsCounters = lens _srsCounters (\ s a -> s{_srsCounters = a}) . _Default . _Coerce
-
--- | The list of attack types and associated counters.
-srsAttackVectors :: Lens' SubResourceSummary [SummarizedAttackVector]
-srsAttackVectors = lens _srsAttackVectors (\ s a -> s{_srsAttackVectors = a}) . _Default . _Coerce
-
--- | The unique identifier (ID) of the @SubResource@ .
-srsId :: Lens' SubResourceSummary (Maybe Text)
-srsId = lens _srsId (\ s a -> s{_srsId = a})
-
--- | The @SubResource@ type.
-srsType :: Lens' SubResourceSummary (Maybe SubResourceType)
-srsType = lens _srsType (\ s a -> s{_srsType = a})
-
-instance FromJSON SubResourceSummary where
-        parseJSON
-          = withObject "SubResourceSummary"
-              (\ x ->
-                 SubResourceSummary' <$>
-                   (x .:? "Counters" .!= mempty) <*>
-                     (x .:? "AttackVectors" .!= mempty)
-                     <*> (x .:? "Id")
-                     <*> (x .:? "Type"))
-
-instance Hashable SubResourceSummary where
-
-instance NFData SubResourceSummary where
-
--- | Information about the AWS Shield Advanced subscription for an account.
---
---
---
--- /See:/ 'subscription' smart constructor.
-data Subscription = Subscription'
-  { _sTimeCommitmentInSeconds :: !(Maybe Nat)
-  , _sStartTime               :: !(Maybe POSIX)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'Subscription' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'sTimeCommitmentInSeconds' - The length, in seconds, of the AWS Shield Advanced subscription for the account.
---
--- * 'sStartTime' - The start time of the subscription, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
-subscription
-    :: Subscription
-subscription =
-  Subscription' {_sTimeCommitmentInSeconds = Nothing, _sStartTime = Nothing}
-
-
--- | The length, in seconds, of the AWS Shield Advanced subscription for the account.
-sTimeCommitmentInSeconds :: Lens' Subscription (Maybe Natural)
-sTimeCommitmentInSeconds = lens _sTimeCommitmentInSeconds (\ s a -> s{_sTimeCommitmentInSeconds = a}) . mapping _Nat
-
--- | The start time of the subscription, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
-sStartTime :: Lens' Subscription (Maybe UTCTime)
-sStartTime = lens _sStartTime (\ s a -> s{_sStartTime = a}) . mapping _Time
-
-instance FromJSON Subscription where
-        parseJSON
-          = withObject "Subscription"
-              (\ x ->
-                 Subscription' <$>
-                   (x .:? "TimeCommitmentInSeconds") <*>
-                     (x .:? "StartTime"))
-
-instance Hashable Subscription where
-
-instance NFData Subscription where
-
--- | A summary of information about the attack.
---
---
---
--- /See:/ 'summarizedAttackVector' smart constructor.
-data SummarizedAttackVector = SummarizedAttackVector'
-  { _savVectorCounters :: !(Maybe [SummarizedCounter])
-  , _savVectorType     :: !Text
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'SummarizedAttackVector' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'savVectorCounters' - The list of counters that describe the details of the attack.
---
--- * 'savVectorType' - The attack type, for example, SNMP reflection or SYN flood.
-summarizedAttackVector
-    :: Text -- ^ 'savVectorType'
-    -> SummarizedAttackVector
-summarizedAttackVector pVectorType_ =
-  SummarizedAttackVector'
-    {_savVectorCounters = Nothing, _savVectorType = pVectorType_}
-
-
--- | The list of counters that describe the details of the attack.
-savVectorCounters :: Lens' SummarizedAttackVector [SummarizedCounter]
-savVectorCounters = lens _savVectorCounters (\ s a -> s{_savVectorCounters = a}) . _Default . _Coerce
-
--- | The attack type, for example, SNMP reflection or SYN flood.
-savVectorType :: Lens' SummarizedAttackVector Text
-savVectorType = lens _savVectorType (\ s a -> s{_savVectorType = a})
-
-instance FromJSON SummarizedAttackVector where
-        parseJSON
-          = withObject "SummarizedAttackVector"
-              (\ x ->
-                 SummarizedAttackVector' <$>
-                   (x .:? "VectorCounters" .!= mempty) <*>
-                     (x .: "VectorType"))
-
-instance Hashable SummarizedAttackVector where
-
-instance NFData SummarizedAttackVector where
-
--- | The counter that describes a DDoS attack.
---
---
---
--- /See:/ 'summarizedCounter' smart constructor.
-data SummarizedCounter = SummarizedCounter'
-  { _scMax     :: !(Maybe Double)
-  , _scAverage :: !(Maybe Double)
-  , _scN       :: !(Maybe Int)
-  , _scName    :: !(Maybe Text)
-  , _scSum     :: !(Maybe Double)
-  , _scUnit    :: !(Maybe Text)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'SummarizedCounter' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'scMax' - The maximum value of the counter for a specified time period.
---
--- * 'scAverage' - The average value of the counter for a specified time period.
---
--- * 'scN' - The number of counters for a specified time period.
---
--- * 'scName' - The counter name.
---
--- * 'scSum' - The total of counter values for a specified time period.
---
--- * 'scUnit' - The unit of the counters.
-summarizedCounter
-    :: SummarizedCounter
-summarizedCounter =
-  SummarizedCounter'
-    { _scMax = Nothing
-    , _scAverage = Nothing
-    , _scN = Nothing
-    , _scName = Nothing
-    , _scSum = Nothing
-    , _scUnit = Nothing
-    }
-
-
--- | The maximum value of the counter for a specified time period.
-scMax :: Lens' SummarizedCounter (Maybe Double)
-scMax = lens _scMax (\ s a -> s{_scMax = a})
-
--- | The average value of the counter for a specified time period.
-scAverage :: Lens' SummarizedCounter (Maybe Double)
-scAverage = lens _scAverage (\ s a -> s{_scAverage = a})
-
--- | The number of counters for a specified time period.
-scN :: Lens' SummarizedCounter (Maybe Int)
-scN = lens _scN (\ s a -> s{_scN = a})
-
--- | The counter name.
-scName :: Lens' SummarizedCounter (Maybe Text)
-scName = lens _scName (\ s a -> s{_scName = a})
-
--- | The total of counter values for a specified time period.
-scSum :: Lens' SummarizedCounter (Maybe Double)
-scSum = lens _scSum (\ s a -> s{_scSum = a})
-
--- | The unit of the counters.
-scUnit :: Lens' SummarizedCounter (Maybe Text)
-scUnit = lens _scUnit (\ s a -> s{_scUnit = a})
-
-instance FromJSON SummarizedCounter where
-        parseJSON
-          = withObject "SummarizedCounter"
-              (\ x ->
-                 SummarizedCounter' <$>
-                   (x .:? "Max") <*> (x .:? "Average") <*> (x .:? "N")
-                     <*> (x .:? "Name")
-                     <*> (x .:? "Sum")
-                     <*> (x .:? "Unit"))
-
-instance Hashable SummarizedCounter where
-
-instance NFData SummarizedCounter where
-
--- | The time range.
---
---
---
--- /See:/ 'timeRange' smart constructor.
-data TimeRange = TimeRange'
-  { _trFromInclusive :: !(Maybe POSIX)
-  , _trToExclusive   :: !(Maybe POSIX)
-  } deriving (Eq, Read, Show, Data, Typeable, Generic)
-
-
--- | Creates a value of 'TimeRange' with the minimum fields required to make a request.
---
--- Use one of the following lenses to modify other fields as desired:
---
--- * 'trFromInclusive' - The start time, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
---
--- * 'trToExclusive' - The end time, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
-timeRange
-    :: TimeRange
-timeRange = TimeRange' {_trFromInclusive = Nothing, _trToExclusive = Nothing}
-
-
--- | The start time, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
-trFromInclusive :: Lens' TimeRange (Maybe UTCTime)
-trFromInclusive = lens _trFromInclusive (\ s a -> s{_trFromInclusive = a}) . mapping _Time
-
--- | The end time, in Unix time in seconds. For more information see <http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#parameter-types timestamp> .
-trToExclusive :: Lens' TimeRange (Maybe UTCTime)
-trToExclusive = lens _trToExclusive (\ s a -> s{_trToExclusive = a}) . mapping _Time
-
-instance Hashable TimeRange where
-
-instance NFData TimeRange where
-
-instance ToJSON TimeRange where
-        toJSON TimeRange'{..}
-          = object
-              (catMaybes
-                 [("FromInclusive" .=) <$> _trFromInclusive,
-                  ("ToExclusive" .=) <$> _trToExclusive])
diff --git a/gen/Network/AWS/Shield/Types/Sum.hs b/gen/Network/AWS/Shield/Types/Sum.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/Types/Sum.hs
+++ /dev/null
@@ -1,173 +0,0 @@
-{-# LANGUAGE DeriveDataTypeable #-}
-{-# LANGUAGE DeriveGeneric      #-}
-{-# LANGUAGE LambdaCase         #-}
-{-# LANGUAGE OverloadedStrings  #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.Types.Sum
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Network.AWS.Shield.Types.Sum where
-
-import Network.AWS.Prelude
-
-data AttackLayer
-  = Application
-  | Network
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText AttackLayer where
-    parser = takeLowerText >>= \case
-        "application" -> pure Application
-        "network" -> pure Network
-        e -> fromTextError $ "Failure parsing AttackLayer from value: '" <> e
-           <> "'. Accepted values: application, network"
-
-instance ToText AttackLayer where
-    toText = \case
-        Application -> "APPLICATION"
-        Network -> "NETWORK"
-
-instance Hashable     AttackLayer
-instance NFData       AttackLayer
-instance ToByteString AttackLayer
-instance ToQuery      AttackLayer
-instance ToHeader     AttackLayer
-
-instance FromJSON AttackLayer where
-    parseJSON = parseJSONText "AttackLayer"
-
-data AttackPropertyIdentifier
-  = DestinationURL
-  | Referrer
-  | SourceASN
-  | SourceCountry
-  | SourceIPAddress
-  | SourceUserAgent
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText AttackPropertyIdentifier where
-    parser = takeLowerText >>= \case
-        "destination_url" -> pure DestinationURL
-        "referrer" -> pure Referrer
-        "source_asn" -> pure SourceASN
-        "source_country" -> pure SourceCountry
-        "source_ip_address" -> pure SourceIPAddress
-        "source_user_agent" -> pure SourceUserAgent
-        e -> fromTextError $ "Failure parsing AttackPropertyIdentifier from value: '" <> e
-           <> "'. Accepted values: destination_url, referrer, source_asn, source_country, source_ip_address, source_user_agent"
-
-instance ToText AttackPropertyIdentifier where
-    toText = \case
-        DestinationURL -> "DESTINATION_URL"
-        Referrer -> "REFERRER"
-        SourceASN -> "SOURCE_ASN"
-        SourceCountry -> "SOURCE_COUNTRY"
-        SourceIPAddress -> "SOURCE_IP_ADDRESS"
-        SourceUserAgent -> "SOURCE_USER_AGENT"
-
-instance Hashable     AttackPropertyIdentifier
-instance NFData       AttackPropertyIdentifier
-instance ToByteString AttackPropertyIdentifier
-instance ToQuery      AttackPropertyIdentifier
-instance ToHeader     AttackPropertyIdentifier
-
-instance FromJSON AttackPropertyIdentifier where
-    parseJSON = parseJSONText "AttackPropertyIdentifier"
-
-data SubResourceType
-  = IP
-  | URL
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText SubResourceType where
-    parser = takeLowerText >>= \case
-        "ip" -> pure IP
-        "url" -> pure URL
-        e -> fromTextError $ "Failure parsing SubResourceType from value: '" <> e
-           <> "'. Accepted values: ip, url"
-
-instance ToText SubResourceType where
-    toText = \case
-        IP -> "IP"
-        URL -> "URL"
-
-instance Hashable     SubResourceType
-instance NFData       SubResourceType
-instance ToByteString SubResourceType
-instance ToQuery      SubResourceType
-instance ToHeader     SubResourceType
-
-instance FromJSON SubResourceType where
-    parseJSON = parseJSONText "SubResourceType"
-
-data SubscriptionState
-  = Active
-  | Inactive
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText SubscriptionState where
-    parser = takeLowerText >>= \case
-        "active" -> pure Active
-        "inactive" -> pure Inactive
-        e -> fromTextError $ "Failure parsing SubscriptionState from value: '" <> e
-           <> "'. Accepted values: active, inactive"
-
-instance ToText SubscriptionState where
-    toText = \case
-        Active -> "ACTIVE"
-        Inactive -> "INACTIVE"
-
-instance Hashable     SubscriptionState
-instance NFData       SubscriptionState
-instance ToByteString SubscriptionState
-instance ToQuery      SubscriptionState
-instance ToHeader     SubscriptionState
-
-instance FromJSON SubscriptionState where
-    parseJSON = parseJSONText "SubscriptionState"
-
-data Unit
-  = Bits
-  | Bytes
-  | Packets
-  | Requests
-  deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)
-
-
-instance FromText Unit where
-    parser = takeLowerText >>= \case
-        "bits" -> pure Bits
-        "bytes" -> pure Bytes
-        "packets" -> pure Packets
-        "requests" -> pure Requests
-        e -> fromTextError $ "Failure parsing Unit from value: '" <> e
-           <> "'. Accepted values: bits, bytes, packets, requests"
-
-instance ToText Unit where
-    toText = \case
-        Bits -> "BITS"
-        Bytes -> "BYTES"
-        Packets -> "PACKETS"
-        Requests -> "REQUESTS"
-
-instance Hashable     Unit
-instance NFData       Unit
-instance ToByteString Unit
-instance ToQuery      Unit
-instance ToHeader     Unit
-
-instance FromJSON Unit where
-    parseJSON = parseJSONText "Unit"
diff --git a/gen/Network/AWS/Shield/Waiters.hs b/gen/Network/AWS/Shield/Waiters.hs
deleted file mode 100644
--- a/gen/Network/AWS/Shield/Waiters.hs
+++ /dev/null
@@ -1,21 +0,0 @@
-{-# LANGUAGE OverloadedStrings #-}
-{-# LANGUAGE TypeFamilies      #-}
-
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Network.AWS.Shield.Waiters
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Network.AWS.Shield.Waiters where
-
-import Network.AWS.Lens
-import Network.AWS.Prelude
-import Network.AWS.Shield.Types
-import Network.AWS.Waiter
diff --git a/test/Main.hs b/test/Main.hs
--- a/test/Main.hs
+++ b/test/Main.hs
@@ -2,20 +2,22 @@
 
 -- |
 -- Module      : Main
--- Copyright   : (c) 2013-2018 Brendan Hay
+-- Copyright   : (c) 2013-2023 Brendan Hay
 -- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
+-- Maintainer  : Brendan Hay
 -- Stability   : auto-generated
 -- Portability : non-portable (GHC extensions)
---
 module Main (main) where
 
+import Test.Amazonka.Shield
+import Test.Amazonka.Shield.Internal
 import Test.Tasty
-import Test.AWS.Shield
-import Test.AWS.Shield.Internal
 
 main :: IO ()
-main = defaultMain $ testGroup "Shield"
-    [ testGroup "tests"    tests
-    , testGroup "fixtures" fixtures
-    ]
+main =
+  defaultMain $
+    testGroup
+      "Shield"
+      [ testGroup "tests" tests,
+        testGroup "fixtures" fixtures
+      ]
diff --git a/test/Test/AWS/Gen/Shield.hs b/test/Test/AWS/Gen/Shield.hs
deleted file mode 100644
--- a/test/Test/AWS/Gen/Shield.hs
+++ /dev/null
@@ -1,219 +0,0 @@
-{-# OPTIONS_GHC -fno-warn-unused-imports #-}
-{-# OPTIONS_GHC -fno-warn-orphans        #-}
-
--- Derived from AWS service descriptions, licensed under Apache 2.0.
-
--- |
--- Module      : Test.AWS.Gen.Shield
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Test.AWS.Gen.Shield where
-
-import Data.Proxy
-import Network.AWS.Shield
-import Test.AWS.Fixture
-import Test.AWS.Prelude
-import Test.AWS.Shield.Internal
-import Test.Tasty
-
--- Auto-generated: the actual test selection needs to be manually placed into
--- the top-level so that real test data can be incrementally added.
---
--- This commented snippet is what the entire set should look like:
-
--- fixtures :: TestTree
--- fixtures =
---     [ testGroup "request"
---         [ requestCreateSubscription $
---             createSubscription
---
---         , requestListProtections $
---             listProtections
---
---         , requestDeleteSubscription $
---             deleteSubscription
---
---         , requestDescribeAttack $
---             describeAttack
---
---         , requestDescribeProtection $
---             describeProtection
---
---         , requestListAttacks $
---             listAttacks
---
---         , requestCreateProtection $
---             createProtection
---
---         , requestDeleteProtection $
---             deleteProtection
---
---         , requestGetSubscriptionState $
---             getSubscriptionState
---
---         , requestDescribeSubscription $
---             describeSubscription
---
---           ]
-
---     , testGroup "response"
---         [ responseCreateSubscription $
---             createSubscriptionResponse
---
---         , responseListProtections $
---             listProtectionsResponse
---
---         , responseDeleteSubscription $
---             deleteSubscriptionResponse
---
---         , responseDescribeAttack $
---             describeAttackResponse
---
---         , responseDescribeProtection $
---             describeProtectionResponse
---
---         , responseListAttacks $
---             listAttacksResponse
---
---         , responseCreateProtection $
---             createProtectionResponse
---
---         , responseDeleteProtection $
---             deleteProtectionResponse
---
---         , responseGetSubscriptionState $
---             getSubscriptionStateResponse
---
---         , responseDescribeSubscription $
---             describeSubscriptionResponse
---
---           ]
---     ]
-
--- Requests
-
-requestCreateSubscription :: CreateSubscription -> TestTree
-requestCreateSubscription = req
-    "CreateSubscription"
-    "fixture/CreateSubscription.yaml"
-
-requestListProtections :: ListProtections -> TestTree
-requestListProtections = req
-    "ListProtections"
-    "fixture/ListProtections.yaml"
-
-requestDeleteSubscription :: DeleteSubscription -> TestTree
-requestDeleteSubscription = req
-    "DeleteSubscription"
-    "fixture/DeleteSubscription.yaml"
-
-requestDescribeAttack :: DescribeAttack -> TestTree
-requestDescribeAttack = req
-    "DescribeAttack"
-    "fixture/DescribeAttack.yaml"
-
-requestDescribeProtection :: DescribeProtection -> TestTree
-requestDescribeProtection = req
-    "DescribeProtection"
-    "fixture/DescribeProtection.yaml"
-
-requestListAttacks :: ListAttacks -> TestTree
-requestListAttacks = req
-    "ListAttacks"
-    "fixture/ListAttacks.yaml"
-
-requestCreateProtection :: CreateProtection -> TestTree
-requestCreateProtection = req
-    "CreateProtection"
-    "fixture/CreateProtection.yaml"
-
-requestDeleteProtection :: DeleteProtection -> TestTree
-requestDeleteProtection = req
-    "DeleteProtection"
-    "fixture/DeleteProtection.yaml"
-
-requestGetSubscriptionState :: GetSubscriptionState -> TestTree
-requestGetSubscriptionState = req
-    "GetSubscriptionState"
-    "fixture/GetSubscriptionState.yaml"
-
-requestDescribeSubscription :: DescribeSubscription -> TestTree
-requestDescribeSubscription = req
-    "DescribeSubscription"
-    "fixture/DescribeSubscription.yaml"
-
--- Responses
-
-responseCreateSubscription :: CreateSubscriptionResponse -> TestTree
-responseCreateSubscription = res
-    "CreateSubscriptionResponse"
-    "fixture/CreateSubscriptionResponse.proto"
-    shield
-    (Proxy :: Proxy CreateSubscription)
-
-responseListProtections :: ListProtectionsResponse -> TestTree
-responseListProtections = res
-    "ListProtectionsResponse"
-    "fixture/ListProtectionsResponse.proto"
-    shield
-    (Proxy :: Proxy ListProtections)
-
-responseDeleteSubscription :: DeleteSubscriptionResponse -> TestTree
-responseDeleteSubscription = res
-    "DeleteSubscriptionResponse"
-    "fixture/DeleteSubscriptionResponse.proto"
-    shield
-    (Proxy :: Proxy DeleteSubscription)
-
-responseDescribeAttack :: DescribeAttackResponse -> TestTree
-responseDescribeAttack = res
-    "DescribeAttackResponse"
-    "fixture/DescribeAttackResponse.proto"
-    shield
-    (Proxy :: Proxy DescribeAttack)
-
-responseDescribeProtection :: DescribeProtectionResponse -> TestTree
-responseDescribeProtection = res
-    "DescribeProtectionResponse"
-    "fixture/DescribeProtectionResponse.proto"
-    shield
-    (Proxy :: Proxy DescribeProtection)
-
-responseListAttacks :: ListAttacksResponse -> TestTree
-responseListAttacks = res
-    "ListAttacksResponse"
-    "fixture/ListAttacksResponse.proto"
-    shield
-    (Proxy :: Proxy ListAttacks)
-
-responseCreateProtection :: CreateProtectionResponse -> TestTree
-responseCreateProtection = res
-    "CreateProtectionResponse"
-    "fixture/CreateProtectionResponse.proto"
-    shield
-    (Proxy :: Proxy CreateProtection)
-
-responseDeleteProtection :: DeleteProtectionResponse -> TestTree
-responseDeleteProtection = res
-    "DeleteProtectionResponse"
-    "fixture/DeleteProtectionResponse.proto"
-    shield
-    (Proxy :: Proxy DeleteProtection)
-
-responseGetSubscriptionState :: GetSubscriptionStateResponse -> TestTree
-responseGetSubscriptionState = res
-    "GetSubscriptionStateResponse"
-    "fixture/GetSubscriptionStateResponse.proto"
-    shield
-    (Proxy :: Proxy GetSubscriptionState)
-
-responseDescribeSubscription :: DescribeSubscriptionResponse -> TestTree
-responseDescribeSubscription = res
-    "DescribeSubscriptionResponse"
-    "fixture/DescribeSubscriptionResponse.proto"
-    shield
-    (Proxy :: Proxy DescribeSubscription)
diff --git a/test/Test/AWS/Shield.hs b/test/Test/AWS/Shield.hs
deleted file mode 100644
--- a/test/Test/AWS/Shield.hs
+++ /dev/null
@@ -1,20 +0,0 @@
--- |
--- Module      : Test.AWS.Shield
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Test.AWS.Shield
-    ( tests
-    , fixtures
-    ) where
-
-import Test.Tasty (TestTree)
-
-tests :: [TestTree]
-tests = []
-
-fixtures :: [TestTree]
-fixtures = []
diff --git a/test/Test/AWS/Shield/Internal.hs b/test/Test/AWS/Shield/Internal.hs
deleted file mode 100644
--- a/test/Test/AWS/Shield/Internal.hs
+++ /dev/null
@@ -1,9 +0,0 @@
--- |
--- Module      : Test.AWS.Shield.Internal
--- Copyright   : (c) 2013-2018 Brendan Hay
--- License     : Mozilla Public License, v. 2.0.
--- Maintainer  : Brendan Hay <brendan.g.hay@gmail.com>
--- Stability   : auto-generated
--- Portability : non-portable (GHC extensions)
---
-module Test.AWS.Shield.Internal where
diff --git a/test/Test/Amazonka/Gen/Shield.hs b/test/Test/Amazonka/Gen/Shield.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Gen/Shield.hs
@@ -0,0 +1,738 @@
+{-# OPTIONS_GHC -fno-warn-orphans #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Test.Amazonka.Gen.Shield
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Gen.Shield where
+
+import Amazonka.Shield
+import qualified Data.Proxy as Proxy
+import Test.Amazonka.Fixture
+import Test.Amazonka.Prelude
+import Test.Amazonka.Shield.Internal
+import Test.Tasty
+
+-- Auto-generated: the actual test selection needs to be manually placed into
+-- the top-level so that real test data can be incrementally added.
+--
+-- This commented snippet is what the entire set should look like:
+
+-- fixtures :: TestTree
+-- fixtures =
+--     [ testGroup "request"
+--         [ requestAssociateDRTLogBucket $
+--             newAssociateDRTLogBucket
+--
+--         , requestAssociateDRTRole $
+--             newAssociateDRTRole
+--
+--         , requestAssociateHealthCheck $
+--             newAssociateHealthCheck
+--
+--         , requestAssociateProactiveEngagementDetails $
+--             newAssociateProactiveEngagementDetails
+--
+--         , requestCreateProtection $
+--             newCreateProtection
+--
+--         , requestCreateProtectionGroup $
+--             newCreateProtectionGroup
+--
+--         , requestCreateSubscription $
+--             newCreateSubscription
+--
+--         , requestDeleteProtection $
+--             newDeleteProtection
+--
+--         , requestDeleteProtectionGroup $
+--             newDeleteProtectionGroup
+--
+--         , requestDescribeAttack $
+--             newDescribeAttack
+--
+--         , requestDescribeAttackStatistics $
+--             newDescribeAttackStatistics
+--
+--         , requestDescribeDRTAccess $
+--             newDescribeDRTAccess
+--
+--         , requestDescribeEmergencyContactSettings $
+--             newDescribeEmergencyContactSettings
+--
+--         , requestDescribeProtection $
+--             newDescribeProtection
+--
+--         , requestDescribeProtectionGroup $
+--             newDescribeProtectionGroup
+--
+--         , requestDescribeSubscription $
+--             newDescribeSubscription
+--
+--         , requestDisableApplicationLayerAutomaticResponse $
+--             newDisableApplicationLayerAutomaticResponse
+--
+--         , requestDisableProactiveEngagement $
+--             newDisableProactiveEngagement
+--
+--         , requestDisassociateDRTLogBucket $
+--             newDisassociateDRTLogBucket
+--
+--         , requestDisassociateDRTRole $
+--             newDisassociateDRTRole
+--
+--         , requestDisassociateHealthCheck $
+--             newDisassociateHealthCheck
+--
+--         , requestEnableApplicationLayerAutomaticResponse $
+--             newEnableApplicationLayerAutomaticResponse
+--
+--         , requestEnableProactiveEngagement $
+--             newEnableProactiveEngagement
+--
+--         , requestGetSubscriptionState $
+--             newGetSubscriptionState
+--
+--         , requestListAttacks $
+--             newListAttacks
+--
+--         , requestListProtectionGroups $
+--             newListProtectionGroups
+--
+--         , requestListProtections $
+--             newListProtections
+--
+--         , requestListResourcesInProtectionGroup $
+--             newListResourcesInProtectionGroup
+--
+--         , requestListTagsForResource $
+--             newListTagsForResource
+--
+--         , requestTagResource $
+--             newTagResource
+--
+--         , requestUntagResource $
+--             newUntagResource
+--
+--         , requestUpdateApplicationLayerAutomaticResponse $
+--             newUpdateApplicationLayerAutomaticResponse
+--
+--         , requestUpdateEmergencyContactSettings $
+--             newUpdateEmergencyContactSettings
+--
+--         , requestUpdateProtectionGroup $
+--             newUpdateProtectionGroup
+--
+--         , requestUpdateSubscription $
+--             newUpdateSubscription
+--
+--           ]
+
+--     , testGroup "response"
+--         [ responseAssociateDRTLogBucket $
+--             newAssociateDRTLogBucketResponse
+--
+--         , responseAssociateDRTRole $
+--             newAssociateDRTRoleResponse
+--
+--         , responseAssociateHealthCheck $
+--             newAssociateHealthCheckResponse
+--
+--         , responseAssociateProactiveEngagementDetails $
+--             newAssociateProactiveEngagementDetailsResponse
+--
+--         , responseCreateProtection $
+--             newCreateProtectionResponse
+--
+--         , responseCreateProtectionGroup $
+--             newCreateProtectionGroupResponse
+--
+--         , responseCreateSubscription $
+--             newCreateSubscriptionResponse
+--
+--         , responseDeleteProtection $
+--             newDeleteProtectionResponse
+--
+--         , responseDeleteProtectionGroup $
+--             newDeleteProtectionGroupResponse
+--
+--         , responseDescribeAttack $
+--             newDescribeAttackResponse
+--
+--         , responseDescribeAttackStatistics $
+--             newDescribeAttackStatisticsResponse
+--
+--         , responseDescribeDRTAccess $
+--             newDescribeDRTAccessResponse
+--
+--         , responseDescribeEmergencyContactSettings $
+--             newDescribeEmergencyContactSettingsResponse
+--
+--         , responseDescribeProtection $
+--             newDescribeProtectionResponse
+--
+--         , responseDescribeProtectionGroup $
+--             newDescribeProtectionGroupResponse
+--
+--         , responseDescribeSubscription $
+--             newDescribeSubscriptionResponse
+--
+--         , responseDisableApplicationLayerAutomaticResponse $
+--             newDisableApplicationLayerAutomaticResponseResponse
+--
+--         , responseDisableProactiveEngagement $
+--             newDisableProactiveEngagementResponse
+--
+--         , responseDisassociateDRTLogBucket $
+--             newDisassociateDRTLogBucketResponse
+--
+--         , responseDisassociateDRTRole $
+--             newDisassociateDRTRoleResponse
+--
+--         , responseDisassociateHealthCheck $
+--             newDisassociateHealthCheckResponse
+--
+--         , responseEnableApplicationLayerAutomaticResponse $
+--             newEnableApplicationLayerAutomaticResponseResponse
+--
+--         , responseEnableProactiveEngagement $
+--             newEnableProactiveEngagementResponse
+--
+--         , responseGetSubscriptionState $
+--             newGetSubscriptionStateResponse
+--
+--         , responseListAttacks $
+--             newListAttacksResponse
+--
+--         , responseListProtectionGroups $
+--             newListProtectionGroupsResponse
+--
+--         , responseListProtections $
+--             newListProtectionsResponse
+--
+--         , responseListResourcesInProtectionGroup $
+--             newListResourcesInProtectionGroupResponse
+--
+--         , responseListTagsForResource $
+--             newListTagsForResourceResponse
+--
+--         , responseTagResource $
+--             newTagResourceResponse
+--
+--         , responseUntagResource $
+--             newUntagResourceResponse
+--
+--         , responseUpdateApplicationLayerAutomaticResponse $
+--             newUpdateApplicationLayerAutomaticResponseResponse
+--
+--         , responseUpdateEmergencyContactSettings $
+--             newUpdateEmergencyContactSettingsResponse
+--
+--         , responseUpdateProtectionGroup $
+--             newUpdateProtectionGroupResponse
+--
+--         , responseUpdateSubscription $
+--             newUpdateSubscriptionResponse
+--
+--           ]
+--     ]
+
+-- Requests
+
+requestAssociateDRTLogBucket :: AssociateDRTLogBucket -> TestTree
+requestAssociateDRTLogBucket =
+  req
+    "AssociateDRTLogBucket"
+    "fixture/AssociateDRTLogBucket.yaml"
+
+requestAssociateDRTRole :: AssociateDRTRole -> TestTree
+requestAssociateDRTRole =
+  req
+    "AssociateDRTRole"
+    "fixture/AssociateDRTRole.yaml"
+
+requestAssociateHealthCheck :: AssociateHealthCheck -> TestTree
+requestAssociateHealthCheck =
+  req
+    "AssociateHealthCheck"
+    "fixture/AssociateHealthCheck.yaml"
+
+requestAssociateProactiveEngagementDetails :: AssociateProactiveEngagementDetails -> TestTree
+requestAssociateProactiveEngagementDetails =
+  req
+    "AssociateProactiveEngagementDetails"
+    "fixture/AssociateProactiveEngagementDetails.yaml"
+
+requestCreateProtection :: CreateProtection -> TestTree
+requestCreateProtection =
+  req
+    "CreateProtection"
+    "fixture/CreateProtection.yaml"
+
+requestCreateProtectionGroup :: CreateProtectionGroup -> TestTree
+requestCreateProtectionGroup =
+  req
+    "CreateProtectionGroup"
+    "fixture/CreateProtectionGroup.yaml"
+
+requestCreateSubscription :: CreateSubscription -> TestTree
+requestCreateSubscription =
+  req
+    "CreateSubscription"
+    "fixture/CreateSubscription.yaml"
+
+requestDeleteProtection :: DeleteProtection -> TestTree
+requestDeleteProtection =
+  req
+    "DeleteProtection"
+    "fixture/DeleteProtection.yaml"
+
+requestDeleteProtectionGroup :: DeleteProtectionGroup -> TestTree
+requestDeleteProtectionGroup =
+  req
+    "DeleteProtectionGroup"
+    "fixture/DeleteProtectionGroup.yaml"
+
+requestDescribeAttack :: DescribeAttack -> TestTree
+requestDescribeAttack =
+  req
+    "DescribeAttack"
+    "fixture/DescribeAttack.yaml"
+
+requestDescribeAttackStatistics :: DescribeAttackStatistics -> TestTree
+requestDescribeAttackStatistics =
+  req
+    "DescribeAttackStatistics"
+    "fixture/DescribeAttackStatistics.yaml"
+
+requestDescribeDRTAccess :: DescribeDRTAccess -> TestTree
+requestDescribeDRTAccess =
+  req
+    "DescribeDRTAccess"
+    "fixture/DescribeDRTAccess.yaml"
+
+requestDescribeEmergencyContactSettings :: DescribeEmergencyContactSettings -> TestTree
+requestDescribeEmergencyContactSettings =
+  req
+    "DescribeEmergencyContactSettings"
+    "fixture/DescribeEmergencyContactSettings.yaml"
+
+requestDescribeProtection :: DescribeProtection -> TestTree
+requestDescribeProtection =
+  req
+    "DescribeProtection"
+    "fixture/DescribeProtection.yaml"
+
+requestDescribeProtectionGroup :: DescribeProtectionGroup -> TestTree
+requestDescribeProtectionGroup =
+  req
+    "DescribeProtectionGroup"
+    "fixture/DescribeProtectionGroup.yaml"
+
+requestDescribeSubscription :: DescribeSubscription -> TestTree
+requestDescribeSubscription =
+  req
+    "DescribeSubscription"
+    "fixture/DescribeSubscription.yaml"
+
+requestDisableApplicationLayerAutomaticResponse :: DisableApplicationLayerAutomaticResponse -> TestTree
+requestDisableApplicationLayerAutomaticResponse =
+  req
+    "DisableApplicationLayerAutomaticResponse"
+    "fixture/DisableApplicationLayerAutomaticResponse.yaml"
+
+requestDisableProactiveEngagement :: DisableProactiveEngagement -> TestTree
+requestDisableProactiveEngagement =
+  req
+    "DisableProactiveEngagement"
+    "fixture/DisableProactiveEngagement.yaml"
+
+requestDisassociateDRTLogBucket :: DisassociateDRTLogBucket -> TestTree
+requestDisassociateDRTLogBucket =
+  req
+    "DisassociateDRTLogBucket"
+    "fixture/DisassociateDRTLogBucket.yaml"
+
+requestDisassociateDRTRole :: DisassociateDRTRole -> TestTree
+requestDisassociateDRTRole =
+  req
+    "DisassociateDRTRole"
+    "fixture/DisassociateDRTRole.yaml"
+
+requestDisassociateHealthCheck :: DisassociateHealthCheck -> TestTree
+requestDisassociateHealthCheck =
+  req
+    "DisassociateHealthCheck"
+    "fixture/DisassociateHealthCheck.yaml"
+
+requestEnableApplicationLayerAutomaticResponse :: EnableApplicationLayerAutomaticResponse -> TestTree
+requestEnableApplicationLayerAutomaticResponse =
+  req
+    "EnableApplicationLayerAutomaticResponse"
+    "fixture/EnableApplicationLayerAutomaticResponse.yaml"
+
+requestEnableProactiveEngagement :: EnableProactiveEngagement -> TestTree
+requestEnableProactiveEngagement =
+  req
+    "EnableProactiveEngagement"
+    "fixture/EnableProactiveEngagement.yaml"
+
+requestGetSubscriptionState :: GetSubscriptionState -> TestTree
+requestGetSubscriptionState =
+  req
+    "GetSubscriptionState"
+    "fixture/GetSubscriptionState.yaml"
+
+requestListAttacks :: ListAttacks -> TestTree
+requestListAttacks =
+  req
+    "ListAttacks"
+    "fixture/ListAttacks.yaml"
+
+requestListProtectionGroups :: ListProtectionGroups -> TestTree
+requestListProtectionGroups =
+  req
+    "ListProtectionGroups"
+    "fixture/ListProtectionGroups.yaml"
+
+requestListProtections :: ListProtections -> TestTree
+requestListProtections =
+  req
+    "ListProtections"
+    "fixture/ListProtections.yaml"
+
+requestListResourcesInProtectionGroup :: ListResourcesInProtectionGroup -> TestTree
+requestListResourcesInProtectionGroup =
+  req
+    "ListResourcesInProtectionGroup"
+    "fixture/ListResourcesInProtectionGroup.yaml"
+
+requestListTagsForResource :: ListTagsForResource -> TestTree
+requestListTagsForResource =
+  req
+    "ListTagsForResource"
+    "fixture/ListTagsForResource.yaml"
+
+requestTagResource :: TagResource -> TestTree
+requestTagResource =
+  req
+    "TagResource"
+    "fixture/TagResource.yaml"
+
+requestUntagResource :: UntagResource -> TestTree
+requestUntagResource =
+  req
+    "UntagResource"
+    "fixture/UntagResource.yaml"
+
+requestUpdateApplicationLayerAutomaticResponse :: UpdateApplicationLayerAutomaticResponse -> TestTree
+requestUpdateApplicationLayerAutomaticResponse =
+  req
+    "UpdateApplicationLayerAutomaticResponse"
+    "fixture/UpdateApplicationLayerAutomaticResponse.yaml"
+
+requestUpdateEmergencyContactSettings :: UpdateEmergencyContactSettings -> TestTree
+requestUpdateEmergencyContactSettings =
+  req
+    "UpdateEmergencyContactSettings"
+    "fixture/UpdateEmergencyContactSettings.yaml"
+
+requestUpdateProtectionGroup :: UpdateProtectionGroup -> TestTree
+requestUpdateProtectionGroup =
+  req
+    "UpdateProtectionGroup"
+    "fixture/UpdateProtectionGroup.yaml"
+
+requestUpdateSubscription :: UpdateSubscription -> TestTree
+requestUpdateSubscription =
+  req
+    "UpdateSubscription"
+    "fixture/UpdateSubscription.yaml"
+
+-- Responses
+
+responseAssociateDRTLogBucket :: AssociateDRTLogBucketResponse -> TestTree
+responseAssociateDRTLogBucket =
+  res
+    "AssociateDRTLogBucketResponse"
+    "fixture/AssociateDRTLogBucketResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AssociateDRTLogBucket)
+
+responseAssociateDRTRole :: AssociateDRTRoleResponse -> TestTree
+responseAssociateDRTRole =
+  res
+    "AssociateDRTRoleResponse"
+    "fixture/AssociateDRTRoleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AssociateDRTRole)
+
+responseAssociateHealthCheck :: AssociateHealthCheckResponse -> TestTree
+responseAssociateHealthCheck =
+  res
+    "AssociateHealthCheckResponse"
+    "fixture/AssociateHealthCheckResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AssociateHealthCheck)
+
+responseAssociateProactiveEngagementDetails :: AssociateProactiveEngagementDetailsResponse -> TestTree
+responseAssociateProactiveEngagementDetails =
+  res
+    "AssociateProactiveEngagementDetailsResponse"
+    "fixture/AssociateProactiveEngagementDetailsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AssociateProactiveEngagementDetails)
+
+responseCreateProtection :: CreateProtectionResponse -> TestTree
+responseCreateProtection =
+  res
+    "CreateProtectionResponse"
+    "fixture/CreateProtectionResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateProtection)
+
+responseCreateProtectionGroup :: CreateProtectionGroupResponse -> TestTree
+responseCreateProtectionGroup =
+  res
+    "CreateProtectionGroupResponse"
+    "fixture/CreateProtectionGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateProtectionGroup)
+
+responseCreateSubscription :: CreateSubscriptionResponse -> TestTree
+responseCreateSubscription =
+  res
+    "CreateSubscriptionResponse"
+    "fixture/CreateSubscriptionResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateSubscription)
+
+responseDeleteProtection :: DeleteProtectionResponse -> TestTree
+responseDeleteProtection =
+  res
+    "DeleteProtectionResponse"
+    "fixture/DeleteProtectionResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteProtection)
+
+responseDeleteProtectionGroup :: DeleteProtectionGroupResponse -> TestTree
+responseDeleteProtectionGroup =
+  res
+    "DeleteProtectionGroupResponse"
+    "fixture/DeleteProtectionGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteProtectionGroup)
+
+responseDescribeAttack :: DescribeAttackResponse -> TestTree
+responseDescribeAttack =
+  res
+    "DescribeAttackResponse"
+    "fixture/DescribeAttackResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeAttack)
+
+responseDescribeAttackStatistics :: DescribeAttackStatisticsResponse -> TestTree
+responseDescribeAttackStatistics =
+  res
+    "DescribeAttackStatisticsResponse"
+    "fixture/DescribeAttackStatisticsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeAttackStatistics)
+
+responseDescribeDRTAccess :: DescribeDRTAccessResponse -> TestTree
+responseDescribeDRTAccess =
+  res
+    "DescribeDRTAccessResponse"
+    "fixture/DescribeDRTAccessResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeDRTAccess)
+
+responseDescribeEmergencyContactSettings :: DescribeEmergencyContactSettingsResponse -> TestTree
+responseDescribeEmergencyContactSettings =
+  res
+    "DescribeEmergencyContactSettingsResponse"
+    "fixture/DescribeEmergencyContactSettingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeEmergencyContactSettings)
+
+responseDescribeProtection :: DescribeProtectionResponse -> TestTree
+responseDescribeProtection =
+  res
+    "DescribeProtectionResponse"
+    "fixture/DescribeProtectionResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeProtection)
+
+responseDescribeProtectionGroup :: DescribeProtectionGroupResponse -> TestTree
+responseDescribeProtectionGroup =
+  res
+    "DescribeProtectionGroupResponse"
+    "fixture/DescribeProtectionGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeProtectionGroup)
+
+responseDescribeSubscription :: DescribeSubscriptionResponse -> TestTree
+responseDescribeSubscription =
+  res
+    "DescribeSubscriptionResponse"
+    "fixture/DescribeSubscriptionResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeSubscription)
+
+responseDisableApplicationLayerAutomaticResponse :: DisableApplicationLayerAutomaticResponseResponse -> TestTree
+responseDisableApplicationLayerAutomaticResponse =
+  res
+    "DisableApplicationLayerAutomaticResponseResponse"
+    "fixture/DisableApplicationLayerAutomaticResponseResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisableApplicationLayerAutomaticResponse)
+
+responseDisableProactiveEngagement :: DisableProactiveEngagementResponse -> TestTree
+responseDisableProactiveEngagement =
+  res
+    "DisableProactiveEngagementResponse"
+    "fixture/DisableProactiveEngagementResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisableProactiveEngagement)
+
+responseDisassociateDRTLogBucket :: DisassociateDRTLogBucketResponse -> TestTree
+responseDisassociateDRTLogBucket =
+  res
+    "DisassociateDRTLogBucketResponse"
+    "fixture/DisassociateDRTLogBucketResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisassociateDRTLogBucket)
+
+responseDisassociateDRTRole :: DisassociateDRTRoleResponse -> TestTree
+responseDisassociateDRTRole =
+  res
+    "DisassociateDRTRoleResponse"
+    "fixture/DisassociateDRTRoleResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisassociateDRTRole)
+
+responseDisassociateHealthCheck :: DisassociateHealthCheckResponse -> TestTree
+responseDisassociateHealthCheck =
+  res
+    "DisassociateHealthCheckResponse"
+    "fixture/DisassociateHealthCheckResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisassociateHealthCheck)
+
+responseEnableApplicationLayerAutomaticResponse :: EnableApplicationLayerAutomaticResponseResponse -> TestTree
+responseEnableApplicationLayerAutomaticResponse =
+  res
+    "EnableApplicationLayerAutomaticResponseResponse"
+    "fixture/EnableApplicationLayerAutomaticResponseResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy EnableApplicationLayerAutomaticResponse)
+
+responseEnableProactiveEngagement :: EnableProactiveEngagementResponse -> TestTree
+responseEnableProactiveEngagement =
+  res
+    "EnableProactiveEngagementResponse"
+    "fixture/EnableProactiveEngagementResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy EnableProactiveEngagement)
+
+responseGetSubscriptionState :: GetSubscriptionStateResponse -> TestTree
+responseGetSubscriptionState =
+  res
+    "GetSubscriptionStateResponse"
+    "fixture/GetSubscriptionStateResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetSubscriptionState)
+
+responseListAttacks :: ListAttacksResponse -> TestTree
+responseListAttacks =
+  res
+    "ListAttacksResponse"
+    "fixture/ListAttacksResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListAttacks)
+
+responseListProtectionGroups :: ListProtectionGroupsResponse -> TestTree
+responseListProtectionGroups =
+  res
+    "ListProtectionGroupsResponse"
+    "fixture/ListProtectionGroupsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListProtectionGroups)
+
+responseListProtections :: ListProtectionsResponse -> TestTree
+responseListProtections =
+  res
+    "ListProtectionsResponse"
+    "fixture/ListProtectionsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListProtections)
+
+responseListResourcesInProtectionGroup :: ListResourcesInProtectionGroupResponse -> TestTree
+responseListResourcesInProtectionGroup =
+  res
+    "ListResourcesInProtectionGroupResponse"
+    "fixture/ListResourcesInProtectionGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListResourcesInProtectionGroup)
+
+responseListTagsForResource :: ListTagsForResourceResponse -> TestTree
+responseListTagsForResource =
+  res
+    "ListTagsForResourceResponse"
+    "fixture/ListTagsForResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListTagsForResource)
+
+responseTagResource :: TagResourceResponse -> TestTree
+responseTagResource =
+  res
+    "TagResourceResponse"
+    "fixture/TagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy TagResource)
+
+responseUntagResource :: UntagResourceResponse -> TestTree
+responseUntagResource =
+  res
+    "UntagResourceResponse"
+    "fixture/UntagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UntagResource)
+
+responseUpdateApplicationLayerAutomaticResponse :: UpdateApplicationLayerAutomaticResponseResponse -> TestTree
+responseUpdateApplicationLayerAutomaticResponse =
+  res
+    "UpdateApplicationLayerAutomaticResponseResponse"
+    "fixture/UpdateApplicationLayerAutomaticResponseResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateApplicationLayerAutomaticResponse)
+
+responseUpdateEmergencyContactSettings :: UpdateEmergencyContactSettingsResponse -> TestTree
+responseUpdateEmergencyContactSettings =
+  res
+    "UpdateEmergencyContactSettingsResponse"
+    "fixture/UpdateEmergencyContactSettingsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateEmergencyContactSettings)
+
+responseUpdateProtectionGroup :: UpdateProtectionGroupResponse -> TestTree
+responseUpdateProtectionGroup =
+  res
+    "UpdateProtectionGroupResponse"
+    "fixture/UpdateProtectionGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateProtectionGroup)
+
+responseUpdateSubscription :: UpdateSubscriptionResponse -> TestTree
+responseUpdateSubscription =
+  res
+    "UpdateSubscriptionResponse"
+    "fixture/UpdateSubscriptionResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateSubscription)
diff --git a/test/Test/Amazonka/Shield.hs b/test/Test/Amazonka/Shield.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Shield.hs
@@ -0,0 +1,20 @@
+-- |
+-- Module      : Test.Amazonka.Shield
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Shield
+  ( tests,
+    fixtures,
+  )
+where
+
+import Test.Tasty (TestTree)
+
+tests :: [TestTree]
+tests = []
+
+fixtures :: [TestTree]
+fixtures = []
diff --git a/test/Test/Amazonka/Shield/Internal.hs b/test/Test/Amazonka/Shield/Internal.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Shield/Internal.hs
@@ -0,0 +1,8 @@
+-- |
+-- Module      : Test.Amazonka.Shield.Internal
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Shield.Internal where
