aws-sdk-fms 1.68.0 → 1.69.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bc395802b27205d2a12a13a49f9d374b13fea6905610404981b6cc82e73ca734
4
- data.tar.gz: '09d25d9c04593db28c4232cecbe79cbd5ae07a7c5bbcaad8f97c37fbf2855711'
3
+ metadata.gz: 62a6a89ea46f5e5261fe3dc66de59afa7588c78b5c44e425f66761048013388a
4
+ data.tar.gz: 26b63a1a6850685bfcf6017eda89e4ab4555e9c19be48ad8b0253f6d543f93a2
5
5
  SHA512:
6
- metadata.gz: 7849d3d2181f681a3355e60c09f28fd06d8a93b784a515d36957b7935f24f4dd3d038ea380b6f4f24c6a98b2d477721e0a0fe77720bc2c8893f27b3aba7d57d3
7
- data.tar.gz: bb5d26da0876cb7ba114679b4a107de68ba7ff0a70418bd4ed764b366b54d08b047251d2e6e77ac250bf87de9fcaeb51ff3d845308be9e886128800845f26625
6
+ metadata.gz: f7745ed92a2d16f0e115b5039bd320f3751bf3ce236790043688bf78fdf7c686329af6bb367c3a734d3b6e10b12426d7055e99152aee8ff94bc10f3fe0beb498
7
+ data.tar.gz: 3e88919d17b0e0346fbb52ffdd41bf08ba3fef2a0195c3b374b02aa00be2a61037275c96ae3887946cfb61604f68f6c8f87d2f198f94b3e4b65c7ce898e68af5
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.69.0 (2024-04-30)
5
+ ------------------
6
+
7
+ * Feature - AWS Firewall Manager now supports the network firewall service stream exception policy feature for accounts within your organization.
8
+
4
9
  1.68.0 (2024-04-25)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.68.0
1
+ 1.69.0
@@ -1338,6 +1338,7 @@ module Aws::FMS
1338
1338
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions #=> Array
1339
1339
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions[0] #=> String
1340
1340
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
1341
+ # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_engine_options.stream_exception_policy #=> String, one of "DROP", "CONTINUE", "REJECT", "FMS_IGNORE"
1341
1342
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups #=> Array
1342
1343
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].rule_group_name #=> String
1343
1344
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].resource_id #=> String
@@ -1356,6 +1357,7 @@ module Aws::FMS
1356
1357
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions #=> Array
1357
1358
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions[0] #=> String
1358
1359
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
1360
+ # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_engine_options.stream_exception_policy #=> String, one of "DROP", "CONTINUE", "REJECT", "FMS_IGNORE"
1359
1361
  # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_id #=> String
1360
1362
  # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_availability_zone #=> String
1361
1363
  # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.route_table_id #=> String
@@ -2908,7 +2910,7 @@ module Aws::FMS
2908
2910
  params: params,
2909
2911
  config: config)
2910
2912
  context[:gem_name] = 'aws-sdk-fms'
2911
- context[:gem_version] = '1.68.0'
2913
+ context[:gem_version] = '1.69.0'
2912
2914
  Seahorse::Client::Request.new(handlers, context)
2913
2915
  end
2914
2916
 
@@ -283,6 +283,7 @@ module Aws::FMS
283
283
  StatelessRuleGroup = Shapes::StructureShape.new(name: 'StatelessRuleGroup')
284
284
  StatelessRuleGroupList = Shapes::ListShape.new(name: 'StatelessRuleGroupList')
285
285
  StatelessRuleGroupPriority = Shapes::IntegerShape.new(name: 'StatelessRuleGroupPriority')
286
+ StreamExceptionPolicy = Shapes::StringShape.new(name: 'StreamExceptionPolicy')
286
287
  Tag = Shapes::StructureShape.new(name: 'Tag')
287
288
  TagKey = Shapes::StringShape.new(name: 'TagKey')
288
289
  TagKeyList = Shapes::ListShape.new(name: 'TagKeyList')
@@ -1226,6 +1227,7 @@ module Aws::FMS
1226
1227
  SecurityServiceTypeList.member = Shapes::ShapeRef.new(shape: SecurityServiceType)
1227
1228
 
1228
1229
  StatefulEngineOptions.add_member(:rule_order, Shapes::ShapeRef.new(shape: RuleOrder, location_name: "RuleOrder"))
1230
+ StatefulEngineOptions.add_member(:stream_exception_policy, Shapes::ShapeRef.new(shape: StreamExceptionPolicy, location_name: "StreamExceptionPolicy"))
1229
1231
  StatefulEngineOptions.struct_class = Types::StatefulEngineOptions
1230
1232
 
1231
1233
  StatefulRuleGroup.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: NetworkFirewallResourceName, location_name: "RuleGroupName"))
@@ -2668,6 +2668,9 @@ module Aws::FMS
2668
2668
  # network ACLs that it creates.
2669
2669
  #
2670
2670
  # </note>
2671
+ #
2672
+ # You must specify at least one first entry or one last entry in any
2673
+ # network ACL policy.
2671
2674
  # @return [Array<Types::NetworkAclEntry>]
2672
2675
  #
2673
2676
  # @!attribute [rw] force_remediate_for_first_entries
@@ -2696,6 +2699,9 @@ module Aws::FMS
2696
2699
  # network ACLs that it creates.
2697
2700
  #
2698
2701
  # </note>
2702
+ #
2703
+ # You must specify at least one first entry or one last entry in any
2704
+ # network ACL policy.
2699
2705
  # @return [Array<Types::NetworkAclEntry>]
2700
2706
  #
2701
2707
  # @!attribute [rw] force_remediate_for_last_entries
@@ -5138,21 +5144,63 @@ module Aws::FMS
5138
5144
  #
5139
5145
  # @!attribute [rw] rule_order
5140
5146
  # Indicates how to manage the order of stateful rule evaluation for
5141
- # the policy. `DEFAULT_ACTION_ORDER` is the default behavior. Stateful
5142
- # rules are provided to the rule engine as Suricata compatible
5143
- # strings, and Suricata evaluates them based on certain settings. For
5144
- # more information, see [Evaluation order for stateful rules][1] in
5145
- # the *Network Firewall Developer Guide*.
5147
+ # the policy. Stateful rules are provided to the rule engine as
5148
+ # Suricata compatible strings, and Suricata evaluates them based on
5149
+ # certain settings. For more information, see [Evaluation order for
5150
+ # stateful rules][1] in the *Network Firewall Developer Guide*.
5151
+ #
5152
+ # Default: `DEFAULT_ACTION_ORDER`
5146
5153
  #
5147
5154
  #
5148
5155
  #
5149
5156
  # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html
5150
5157
  # @return [String]
5151
5158
  #
5159
+ # @!attribute [rw] stream_exception_policy
5160
+ # Indicates how Network Firewall should handle traffic when a network
5161
+ # connection breaks midstream.
5162
+ #
5163
+ # * `DROP` - Fail closed and drop all subsequent traffic going to the
5164
+ # firewall.
5165
+ #
5166
+ # * `CONTINUE` - Continue to apply rules to subsequent traffic without
5167
+ # context from traffic before the break. This impacts the behavior
5168
+ # of rules that depend on context. For example, with a stateful rule
5169
+ # that drops HTTP traffic, Network Firewall won't match subsequent
5170
+ # traffic because the it won't have the context from session
5171
+ # initialization, which defines the application layer protocol as
5172
+ # HTTP. However, a TCP-layer rule using a `flow:stateless` rule
5173
+ # would still match, and so would the `aws:drop_strict` default
5174
+ # action.
5175
+ #
5176
+ # * `REJECT` - Fail closed and drop all subsequent traffic going to
5177
+ # the firewall. With this option, Network Firewall also sends a TCP
5178
+ # reject packet back to the client so the client can immediately
5179
+ # establish a new session. With the new session, Network Firewall
5180
+ # will have context and will apply rules appropriately.
5181
+ #
5182
+ # For applications that are reliant on long-lived TCP connections
5183
+ # that trigger Gateway Load Balancer idle timeouts, this is the
5184
+ # recommended setting.
5185
+ #
5186
+ # * `FMS_IGNORE` - Firewall Manager doesn't monitor or modify the
5187
+ # Network Firewall stream exception policy settings.
5188
+ #
5189
+ # For more information, see [Stream exception policy in your firewall
5190
+ # policy][1] in the *Network Firewall Developer Guide*.
5191
+ #
5192
+ # Default: `FMS_IGNORE`
5193
+ #
5194
+ #
5195
+ #
5196
+ # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/stream-exception-policy.html
5197
+ # @return [String]
5198
+ #
5152
5199
  # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatefulEngineOptions AWS API Documentation
5153
5200
  #
5154
5201
  class StatefulEngineOptions < Struct.new(
5155
- :rule_order)
5202
+ :rule_order,
5203
+ :stream_exception_policy)
5156
5204
  SENSITIVE = []
5157
5205
  include Aws::Structure
5158
5206
  end
data/lib/aws-sdk-fms.rb CHANGED
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-fms/customizations'
52
52
  # @!group service
53
53
  module Aws::FMS
54
54
 
55
- GEM_VERSION = '1.68.0'
55
+ GEM_VERSION = '1.69.0'
56
56
 
57
57
  end
data/sig/types.rbs CHANGED
@@ -1135,6 +1135,7 @@ module Aws::FMS
1135
1135
 
1136
1136
  class StatefulEngineOptions
1137
1137
  attr_accessor rule_order: ("STRICT_ORDER" | "DEFAULT_ACTION_ORDER")
1138
+ attr_accessor stream_exception_policy: ("DROP" | "CONTINUE" | "REJECT" | "FMS_IGNORE")
1138
1139
  SENSITIVE: []
1139
1140
  end
1140
1141
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-fms
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.68.0
4
+ version: 1.69.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-04-25 00:00:00.000000000 Z
11
+ date: 2024-04-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core