aws-sdk-fms 1.68.0 → 1.70.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bc395802b27205d2a12a13a49f9d374b13fea6905610404981b6cc82e73ca734
-  data.tar.gz: '09d25d9c04593db28c4232cecbe79cbd5ae07a7c5bbcaad8f97c37fbf2855711'
+  metadata.gz: 503e75f6b2f6e52b3649c04c4d9f5b35f9587ec412085df25c6a1a8d09eb5aef
+  data.tar.gz: 0236dcf0419e19755c3d87a5eeb65d3522efdad988e190e01bb36aa7ee139a0c
 SHA512:
-  metadata.gz: 7849d3d2181f681a3355e60c09f28fd06d8a93b784a515d36957b7935f24f4dd3d038ea380b6f4f24c6a98b2d477721e0a0fe77720bc2c8893f27b3aba7d57d3
-  data.tar.gz: bb5d26da0876cb7ba114679b4a107de68ba7ff0a70418bd4ed764b366b54d08b047251d2e6e77ac250bf87de9fcaeb51ff3d845308be9e886128800845f26625
+  metadata.gz: 4a29e3f48af7242ba40175a734ffecc7b9d4d1074eb5068d389ffabba431a30033ff4cb8b1503434da83d648c84a02365953fcf69872b5d3009c0bd6477f777e
+  data.tar.gz: b8112f43f0855ebf3eb986f4dae7d2a281e21e6fd89294b54c258d0793aacfa3ff26918c6eefba6b9acf58d6a6072eb3fd9a6907bd199cd7e24d3d6e68067676

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.70.0 (2024-05-08)
+------------------
+
+* Feature - The policy scope resource tag is always a string value, either a non-empty string or an empty string.
+
+1.69.0 (2024-04-30)
+------------------
+
+* Feature - AWS Firewall Manager now supports the network firewall service stream exception policy feature for accounts within your organization.
+
 1.68.0 (2024-04-25)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.68.0
+1.70.0

data/lib/aws-sdk-fms/client.rb

@@ -1338,6 +1338,7 @@ module Aws::FMS
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions #=> Array
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions[0] #=> String
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_engine_options.stream_exception_policy #=> String, one of "DROP", "CONTINUE", "REJECT", "FMS_IGNORE"
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups #=> Array
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].rule_group_name #=> String
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].resource_id #=> String
@@ -1356,6 +1357,7 @@ module Aws::FMS
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions #=> Array
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions[0] #=> String
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_engine_options.stream_exception_policy #=> String, one of "DROP", "CONTINUE", "REJECT", "FMS_IGNORE"
     #   resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_id #=> String
     #   resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_availability_zone #=> String
     #   resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.route_table_id #=> String
@@ -2552,7 +2554,7 @@ module Aws::FMS
     #
     #
     #
-    # [1]: https://aws.amazon.com/marketplace
+    # [1]: http://aws.amazon.com/marketplace
     #
     # @option params [required, Types::Policy] :policy
     #   The details of the Firewall Manager policy to be created.
@@ -2908,7 +2910,7 @@ module Aws::FMS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-fms'
-      context[:gem_version] = '1.68.0'
+      context[:gem_version] = '1.70.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-fms/client_api.rb

@@ -283,6 +283,7 @@ module Aws::FMS
     StatelessRuleGroup = Shapes::StructureShape.new(name: 'StatelessRuleGroup')
     StatelessRuleGroupList = Shapes::ListShape.new(name: 'StatelessRuleGroupList')
     StatelessRuleGroupPriority = Shapes::IntegerShape.new(name: 'StatelessRuleGroupPriority')
+    StreamExceptionPolicy = Shapes::StringShape.new(name: 'StreamExceptionPolicy')
     Tag = Shapes::StructureShape.new(name: 'Tag')
     TagKey = Shapes::StringShape.new(name: 'TagKey')
     TagKeyList = Shapes::ListShape.new(name: 'TagKeyList')
@@ -1226,6 +1227,7 @@ module Aws::FMS
     SecurityServiceTypeList.member = Shapes::ShapeRef.new(shape: SecurityServiceType)
 
     StatefulEngineOptions.add_member(:rule_order, Shapes::ShapeRef.new(shape: RuleOrder, location_name: "RuleOrder"))
+    StatefulEngineOptions.add_member(:stream_exception_policy, Shapes::ShapeRef.new(shape: StreamExceptionPolicy, location_name: "StreamExceptionPolicy"))
     StatefulEngineOptions.struct_class = Types::StatefulEngineOptions
 
     StatefulRuleGroup.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: NetworkFirewallResourceName, location_name: "RuleGroupName"))

data/lib/aws-sdk-fms/types.rb

@@ -2668,6 +2668,9 @@ module Aws::FMS
     #   network ACLs that it creates.
     #
     #    </note>
+    #
+    #   You must specify at least one first entry or one last entry in any
+    #   network ACL policy.
     #   @return [Array<Types::NetworkAclEntry>]
     #
     # @!attribute [rw] force_remediate_for_first_entries
@@ -2678,13 +2681,12 @@ module Aws::FMS
     #
     #   If forced remediation is disabled, Firewall Manager marks the
     #   network ACL as noncompliant and does not try to remediate. For more
-    #   information about the remediation behavior, see [Network access
-    #   control list (ACL) policies][1] in the *Firewall Manager Developer
-    #   Guide*.
+    #   information about the remediation behavior, see [Remediation for
+    #   managed network ACLs][1] in the *Firewall Manager Developer Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/network-acl-policies.html
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/network-acl-policies.html#network-acls-remediation
     #   @return [Boolean]
     #
     # @!attribute [rw] last_entries
@@ -2696,6 +2698,9 @@ module Aws::FMS
     #   network ACLs that it creates.
     #
     #    </note>
+    #
+    #   You must specify at least one first entry or one last entry in any
+    #   network ACL policy.
     #   @return [Array<Types::NetworkAclEntry>]
     #
     # @!attribute [rw] force_remediate_for_last_entries
@@ -2706,13 +2711,12 @@ module Aws::FMS
     #
     #   If forced remediation is disabled, Firewall Manager marks the
     #   network ACL as noncompliant and does not try to remediate. For more
-    #   information about the remediation behavior, see [Network access
-    #   control list (ACL) policies][1] in the *Firewall Manager Developer
-    #   Guide*.
+    #   information about the remediation behavior, see [Remediation for
+    #   managed network ACLs][1] in the *Firewall Manager Developer Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/network-acl-policies.html
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/network-acl-policies.html#network-acls-remediation
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkAclEntrySet AWS API Documentation
@@ -3531,7 +3535,7 @@ module Aws::FMS
     #   @return [Array<String>]
     #
     # @!attribute [rw] policy_description
-    #   The definition of the Network Firewall firewall policy.
+    #   Your description of the Firewall Manager policy.
     #   @return [String]
     #
     # @!attribute [rw] policy_status
@@ -4429,6 +4433,13 @@ module Aws::FMS
     # specified tags to be included or excluded. For more information, see
     # [Working with Tag Editor][1].
     #
+    # Every resource tag must have a string value, either a non-empty string
+    # or an empty string. If you don't provide a value for a resource tag,
+    # Firewall Manager saves the value as an empty string: "". When
+    # Firewall Manager compares tags, it only matches two tags if they have
+    # the same key and the same value. A tag with an empty string value only
+    # matches with tags that also have an empty string value.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/tag-editor.html
@@ -4438,7 +4449,8 @@ module Aws::FMS
     #   @return [String]
     #
     # @!attribute [rw] value
-    #   The resource tag value.
+    #   The resource tag value. To specify an empty string value, either
+    #   don't provide this or specify it as "".
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceTag AWS API Documentation
@@ -5138,21 +5150,63 @@ module Aws::FMS
     #
     # @!attribute [rw] rule_order
     #   Indicates how to manage the order of stateful rule evaluation for
-    #   the policy. `DEFAULT_ACTION_ORDER` is the default behavior. Stateful
-    #   rules are provided to the rule engine as Suricata compatible
-    #   strings, and Suricata evaluates them based on certain settings. For
-    #   more information, see [Evaluation order for stateful rules][1] in
-    #   the *Network Firewall Developer Guide*.
+    #   the policy. Stateful rules are provided to the rule engine as
+    #   Suricata compatible strings, and Suricata evaluates them based on
+    #   certain settings. For more information, see [Evaluation order for
+    #   stateful rules][1] in the *Network Firewall Developer Guide*.
+    #
+    #   Default: `DEFAULT_ACTION_ORDER`
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html
     #   @return [String]
     #
+    # @!attribute [rw] stream_exception_policy
+    #   Indicates how Network Firewall should handle traffic when a network
+    #   connection breaks midstream.
+    #
+    #   * `DROP` - Fail closed and drop all subsequent traffic going to the
+    #     firewall.
+    #
+    #   * `CONTINUE` - Continue to apply rules to subsequent traffic without
+    #     context from traffic before the break. This impacts the behavior
+    #     of rules that depend on context. For example, with a stateful rule
+    #     that drops HTTP traffic, Network Firewall won't match subsequent
+    #     traffic because the it won't have the context from session
+    #     initialization, which defines the application layer protocol as
+    #     HTTP. However, a TCP-layer rule using a `flow:stateless` rule
+    #     would still match, and so would the `aws:drop_strict` default
+    #     action.
+    #
+    #   * `REJECT` - Fail closed and drop all subsequent traffic going to
+    #     the firewall. With this option, Network Firewall also sends a TCP
+    #     reject packet back to the client so the client can immediately
+    #     establish a new session. With the new session, Network Firewall
+    #     will have context and will apply rules appropriately.
+    #
+    #     For applications that are reliant on long-lived TCP connections
+    #     that trigger Gateway Load Balancer idle timeouts, this is the
+    #     recommended setting.
+    #
+    #   * `FMS_IGNORE` - Firewall Manager doesn't monitor or modify the
+    #     Network Firewall stream exception policy settings.
+    #
+    #   For more information, see [Stream exception policy in your firewall
+    #   policy][1] in the *Network Firewall Developer Guide*.
+    #
+    #   Default: `FMS_IGNORE`
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/stream-exception-policy.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatefulEngineOptions AWS API Documentation
     #
     class StatefulEngineOptions < Struct.new(
-      :rule_order)
+      :rule_order,
+      :stream_exception_policy)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-fms.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-fms/customizations'
 # @!group service
 module Aws::FMS
 
-  GEM_VERSION = '1.68.0'
+  GEM_VERSION = '1.70.0'
 
 end

data/sig/types.rbs

@@ -1135,6 +1135,7 @@ module Aws::FMS
 
     class StatefulEngineOptions
       attr_accessor rule_order: ("STRICT_ORDER" | "DEFAULT_ACTION_ORDER")
+      attr_accessor stream_exception_policy: ("DROP" | "CONTINUE" | "REJECT" | "FMS_IGNORE")
       SENSITIVE: []
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-fms
 version: !ruby/object:Gem::Version
-  version: 1.68.0
+  version: 1.70.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-04-25 00:00:00.000000000 Z
+date: 2024-05-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core