aws-sdk-fms 1.49.0 → 1.50.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-fms/client.rb +9 -1
- data/lib/aws-sdk-fms/client_api.rb +9 -0
- data/lib/aws-sdk-fms/types.rb +154 -153
- data/lib/aws-sdk-fms.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b0354824395b1da8d77e832a9686ef6cba2e9e95134480f478050c07753b7881
|
|
4
|
+
data.tar.gz: e04d84b455acc67f75a96408815fd8293964b35d823b292b23f56d73a245a121
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cf25988cec2d137f328a97b0054bf09d3424e986459d865af373f360fb41f22fe471b93df41525d4da1f2e2ffd0268c377706e5ab3d4e05ad75ae8319bb8d903
|
|
7
|
+
data.tar.gz: d67884dc6946f5abe4a88e3525ad0080d5da054054f2097d3696c1149b8279dafcf031e9ff989620d2371d7707c86c20d0505a52ef1c8465976fe1e3068bed4c
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.50.0
|
data/lib/aws-sdk-fms/client.rb
CHANGED
|
@@ -1045,6 +1045,10 @@ module Aws::FMS
|
|
|
1045
1045
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups #=> Array
|
|
1046
1046
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].rule_group_name #=> String
|
|
1047
1047
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].resource_id #=> String
|
|
1048
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].priority #=> Integer
|
|
1049
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions #=> Array
|
|
1050
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions[0] #=> String
|
|
1051
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
|
|
1048
1052
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups #=> Array
|
|
1049
1053
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].rule_group_name #=> String
|
|
1050
1054
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].resource_id #=> String
|
|
@@ -1058,6 +1062,10 @@ module Aws::FMS
|
|
|
1058
1062
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups #=> Array
|
|
1059
1063
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].rule_group_name #=> String
|
|
1060
1064
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].resource_id #=> String
|
|
1065
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].priority #=> Integer
|
|
1066
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions #=> Array
|
|
1067
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions[0] #=> String
|
|
1068
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
|
|
1061
1069
|
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_id #=> String
|
|
1062
1070
|
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_availability_zone #=> String
|
|
1063
1071
|
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.route_table_id #=> String
|
|
@@ -2047,7 +2055,7 @@ module Aws::FMS
|
|
|
2047
2055
|
params: params,
|
|
2048
2056
|
config: config)
|
|
2049
2057
|
context[:gem_name] = 'aws-sdk-fms'
|
|
2050
|
-
context[:gem_version] = '1.
|
|
2058
|
+
context[:gem_version] = '1.50.0'
|
|
2051
2059
|
Seahorse::Client::Request.new(handlers, context)
|
|
2052
2060
|
end
|
|
2053
2061
|
|
|
@@ -152,6 +152,7 @@ module Aws::FMS
|
|
|
152
152
|
PreviousAppsList = Shapes::MapShape.new(name: 'PreviousAppsList')
|
|
153
153
|
PreviousListVersion = Shapes::StringShape.new(name: 'PreviousListVersion')
|
|
154
154
|
PreviousProtocolsList = Shapes::MapShape.new(name: 'PreviousProtocolsList')
|
|
155
|
+
PriorityNumber = Shapes::IntegerShape.new(name: 'PriorityNumber')
|
|
155
156
|
ProtectionData = Shapes::StringShape.new(name: 'ProtectionData')
|
|
156
157
|
Protocol = Shapes::StringShape.new(name: 'Protocol')
|
|
157
158
|
ProtocolsList = Shapes::ListShape.new(name: 'ProtocolsList')
|
|
@@ -187,11 +188,13 @@ module Aws::FMS
|
|
|
187
188
|
Route = Shapes::StructureShape.new(name: 'Route')
|
|
188
189
|
RouteHasOutOfScopeEndpointViolation = Shapes::StructureShape.new(name: 'RouteHasOutOfScopeEndpointViolation')
|
|
189
190
|
Routes = Shapes::ListShape.new(name: 'Routes')
|
|
191
|
+
RuleOrder = Shapes::StringShape.new(name: 'RuleOrder')
|
|
190
192
|
SecurityGroupRemediationAction = Shapes::StructureShape.new(name: 'SecurityGroupRemediationAction')
|
|
191
193
|
SecurityGroupRemediationActions = Shapes::ListShape.new(name: 'SecurityGroupRemediationActions')
|
|
192
194
|
SecurityGroupRuleDescription = Shapes::StructureShape.new(name: 'SecurityGroupRuleDescription')
|
|
193
195
|
SecurityServicePolicyData = Shapes::StructureShape.new(name: 'SecurityServicePolicyData')
|
|
194
196
|
SecurityServiceType = Shapes::StringShape.new(name: 'SecurityServiceType')
|
|
197
|
+
StatefulEngineOptions = Shapes::StructureShape.new(name: 'StatefulEngineOptions')
|
|
195
198
|
StatefulRuleGroup = Shapes::StructureShape.new(name: 'StatefulRuleGroup')
|
|
196
199
|
StatefulRuleGroupList = Shapes::ListShape.new(name: 'StatefulRuleGroupList')
|
|
197
200
|
StatelessRuleGroup = Shapes::StructureShape.new(name: 'StatelessRuleGroup')
|
|
@@ -635,6 +638,8 @@ module Aws::FMS
|
|
|
635
638
|
NetworkFirewallPolicyDescription.add_member(:stateless_fragment_default_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatelessFragmentDefaultActions"))
|
|
636
639
|
NetworkFirewallPolicyDescription.add_member(:stateless_custom_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatelessCustomActions"))
|
|
637
640
|
NetworkFirewallPolicyDescription.add_member(:stateful_rule_groups, Shapes::ShapeRef.new(shape: StatefulRuleGroupList, location_name: "StatefulRuleGroups"))
|
|
641
|
+
NetworkFirewallPolicyDescription.add_member(:stateful_default_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatefulDefaultActions"))
|
|
642
|
+
NetworkFirewallPolicyDescription.add_member(:stateful_engine_options, Shapes::ShapeRef.new(shape: StatefulEngineOptions, location_name: "StatefulEngineOptions"))
|
|
638
643
|
NetworkFirewallPolicyDescription.struct_class = Types::NetworkFirewallPolicyDescription
|
|
639
644
|
|
|
640
645
|
NetworkFirewallPolicyModifiedViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
|
|
@@ -874,8 +879,12 @@ module Aws::FMS
|
|
|
874
879
|
SecurityServicePolicyData.add_member(:policy_option, Shapes::ShapeRef.new(shape: PolicyOption, location_name: "PolicyOption"))
|
|
875
880
|
SecurityServicePolicyData.struct_class = Types::SecurityServicePolicyData
|
|
876
881
|
|
|
882
|
+
StatefulEngineOptions.add_member(:rule_order, Shapes::ShapeRef.new(shape: RuleOrder, location_name: "RuleOrder"))
|
|
883
|
+
StatefulEngineOptions.struct_class = Types::StatefulEngineOptions
|
|
884
|
+
|
|
877
885
|
StatefulRuleGroup.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: NetworkFirewallResourceName, location_name: "RuleGroupName"))
|
|
878
886
|
StatefulRuleGroup.add_member(:resource_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ResourceId"))
|
|
887
|
+
StatefulRuleGroup.add_member(:priority, Shapes::ShapeRef.new(shape: PriorityNumber, location_name: "Priority"))
|
|
879
888
|
StatefulRuleGroup.struct_class = Types::StatefulRuleGroup
|
|
880
889
|
|
|
881
890
|
StatefulRuleGroupList.member = Shapes::ShapeRef.new(shape: StatefulRuleGroup)
|
data/lib/aws-sdk-fms/types.rb
CHANGED
|
@@ -1365,11 +1365,11 @@ module Aws::FMS
|
|
|
1365
1365
|
#
|
|
1366
1366
|
# @!attribute [rw] marketplace_onboarding_status
|
|
1367
1367
|
# The status for subscribing to the third-party firewall vendor in the
|
|
1368
|
-
#
|
|
1368
|
+
# Amazon Web Services Marketplace.
|
|
1369
1369
|
#
|
|
1370
1370
|
# * `NO_SUBSCRIPTION` - The Firewall Manager policy administrator
|
|
1371
|
-
# isn't subscribed to the third-party firewall service in the
|
|
1372
|
-
# Marketplace.
|
|
1371
|
+
# isn't subscribed to the third-party firewall service in the
|
|
1372
|
+
# Amazon Web Services Marketplace.
|
|
1373
1373
|
#
|
|
1374
1374
|
# * `NOT_COMPLETE` - The Firewall Manager policy administrator is in
|
|
1375
1375
|
# the process of subscribing to the third-party firewall service in
|
|
@@ -2318,6 +2318,29 @@ module Aws::FMS
|
|
|
2318
2318
|
# firewall policy.
|
|
2319
2319
|
# @return [Array<Types::StatefulRuleGroup>]
|
|
2320
2320
|
#
|
|
2321
|
+
# @!attribute [rw] stateful_default_actions
|
|
2322
|
+
# The default actions to take on a packet that doesn't match any
|
|
2323
|
+
# stateful rules. The stateful default action is optional, and is only
|
|
2324
|
+
# valid when using the strict rule order.
|
|
2325
|
+
#
|
|
2326
|
+
# Valid values of the stateful default action:
|
|
2327
|
+
#
|
|
2328
|
+
# * aws:drop\_strict
|
|
2329
|
+
#
|
|
2330
|
+
# * aws:drop\_established
|
|
2331
|
+
#
|
|
2332
|
+
# * aws:alert\_strict
|
|
2333
|
+
#
|
|
2334
|
+
# * aws:alert\_established
|
|
2335
|
+
# @return [Array<String>]
|
|
2336
|
+
#
|
|
2337
|
+
# @!attribute [rw] stateful_engine_options
|
|
2338
|
+
# Additional options governing how Network Firewall handles stateful
|
|
2339
|
+
# rules. The stateful rule groups that you use in your policy must
|
|
2340
|
+
# have stateful rule options settings that are compatible with these
|
|
2341
|
+
# settings.
|
|
2342
|
+
# @return [Types::StatefulEngineOptions]
|
|
2343
|
+
#
|
|
2321
2344
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallPolicyDescription AWS API Documentation
|
|
2322
2345
|
#
|
|
2323
2346
|
class NetworkFirewallPolicyDescription < Struct.new(
|
|
@@ -2325,7 +2348,9 @@ module Aws::FMS
|
|
|
2325
2348
|
:stateless_default_actions,
|
|
2326
2349
|
:stateless_fragment_default_actions,
|
|
2327
2350
|
:stateless_custom_actions,
|
|
2328
|
-
:stateful_rule_groups
|
|
2351
|
+
:stateful_rule_groups,
|
|
2352
|
+
:stateful_default_actions,
|
|
2353
|
+
:stateful_engine_options)
|
|
2329
2354
|
SENSITIVE = []
|
|
2330
2355
|
include Aws::Structure
|
|
2331
2356
|
end
|
|
@@ -2748,8 +2773,8 @@ module Aws::FMS
|
|
|
2748
2773
|
include Aws::Structure
|
|
2749
2774
|
end
|
|
2750
2775
|
|
|
2751
|
-
# Contains the Network Firewall firewall policy options to configure
|
|
2752
|
-
#
|
|
2776
|
+
# Contains the Network Firewall firewall policy options to configure the
|
|
2777
|
+
# policy's deployment model and third-party firewall policy settings.
|
|
2753
2778
|
#
|
|
2754
2779
|
# @note When making an API call, you may pass PolicyOption
|
|
2755
2780
|
# data as a hash:
|
|
@@ -3717,161 +3742,78 @@ module Aws::FMS
|
|
|
3717
3742
|
#
|
|
3718
3743
|
# </note>
|
|
3719
3744
|
#
|
|
3720
|
-
# * Example: `
|
|
3745
|
+
# * Example: `NETWORK_FIREWALL` - Centralized deployment model
|
|
3721
3746
|
#
|
|
3722
|
-
# `"\{"type":"
|
|
3747
|
+
# `"\{"type":"NETWORK_FIREWALL","awsNetworkFirewallConfig":\{"networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":true\}\},"firewallDeploymentModel":\{"centralizedFirewallDeploymentModel":\{"centralizedFirewallOrchestrationConfig":\{"inspectionVpcIds":[\{"resourceId":"vpc-1234","accountId":"123456789011"\}],"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]\}]\}\},"allowedIPV4CidrList":[]\}\}\}\}"`
|
|
3723
3748
|
#
|
|
3724
|
-
#
|
|
3725
|
-
#
|
|
3726
|
-
# 10000.
|
|
3749
|
+
# To use the centralized deployment model, you must set
|
|
3750
|
+
# [PolicyOption][1] to `CENTRALIZED`.
|
|
3727
3751
|
#
|
|
3728
|
-
#
|
|
3752
|
+
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
|
3753
|
+
# automatic Availability Zone configuration
|
|
3754
|
+
#
|
|
3755
|
+
# `
|
|
3756
|
+
# "\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallOrchestrationConfig":\{"singleFirewallEndpointPerVPC":false,"allowedIPV4CidrList":["10.0.0.0/28","192.168.0.0/28"],"routeManagementAction":"OFF"\},"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":true\}\}"
|
|
3757
|
+
# `
|
|
3758
|
+
#
|
|
3759
|
+
# With automatic Availbility Zone configuration, Firewall Manager
|
|
3760
|
+
# chooses which Availability Zones to create the endpoints in. To
|
|
3761
|
+
# use the distributed deployment model, you must set
|
|
3762
|
+
# [PolicyOption][1] to `NULL`.
|
|
3729
3763
|
#
|
|
3730
3764
|
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
|
3731
|
-
# automatic Availability Zone configuration
|
|
3732
|
-
#
|
|
3733
|
-
#
|
|
3734
|
-
#
|
|
3735
|
-
#
|
|
3736
|
-
#
|
|
3737
|
-
# "resourceARN":
|
|
3738
|
-
# "arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test",
|
|
3739
|
-
# "priority": 1 \} ], "networkFirewallStatelessDefaultActions":
|
|
3740
|
-
# [ "aws:forward_to_sfe", "customActionName" ],
|
|
3741
|
-
# "networkFirewallStatelessFragmentDefaultActions": [
|
|
3742
|
-
# "aws:forward_to_sfe", "customActionName" ],
|
|
3743
|
-
# "networkFirewallStatelessCustomActions": [ \{ "actionName":
|
|
3744
|
-
# "customActionName", "actionDefinition": \{
|
|
3745
|
-
# "publishMetricAction": \{ "dimensions": [ \{ "value":
|
|
3746
|
-
# "metricdimensionvalue" \} ] \} \} \} ],
|
|
3747
|
-
# "networkFirewallStatefulRuleGroupReferences": [ \{
|
|
3748
|
-
# "resourceARN":
|
|
3749
|
-
# "arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
|
|
3750
|
-
# \} ], "networkFirewallOrchestrationConfig": \{
|
|
3751
|
-
# "singleFirewallEndpointPerVPC": false, "allowedIPV4CidrList":
|
|
3752
|
-
# [ "10.0.0.0/28", "192.168.0.0/28" ],
|
|
3753
|
-
# "routeManagementAction": "OFF" \},
|
|
3754
|
-
# "networkFirewallLoggingConfiguration": \{
|
|
3755
|
-
# "logDestinationConfigs": [ \{ "logDestinationType": "S3",
|
|
3756
|
-
# "logType": "ALERT", "logDestination": \{ "bucketName":
|
|
3757
|
-
# "s3-bucket-name" \} \}, \{ "logDestinationType": "S3",
|
|
3758
|
-
# "logType": "FLOW", "logDestination": \{ "bucketName":
|
|
3759
|
-
# "s3-bucket-name" \} \} ], "overrideExistingConfig": true \}
|
|
3760
|
-
# \}"`
|
|
3765
|
+
# automatic Availability Zone configuration and route management
|
|
3766
|
+
#
|
|
3767
|
+
# `
|
|
3768
|
+
# "\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallOrchestrationConfig":\{"singleFirewallEndpointPerVPC":false,"allowedIPV4CidrList":["10.0.0.0/28","192.168.0.0/28"],"routeManagementAction":"MONITOR","routeManagementTargetTypes":["InternetGateway"]\},"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":
|
|
3769
|
+
# "FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":true\}\}"
|
|
3770
|
+
# `
|
|
3761
3771
|
#
|
|
3762
3772
|
# To use the distributed deployment model, you must set
|
|
3763
3773
|
# [PolicyOption][1] to `NULL`.
|
|
3764
3774
|
#
|
|
3765
3775
|
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
|
3766
|
-
#
|
|
3767
|
-
#
|
|
3768
|
-
# `"\{
|
|
3769
|
-
# "
|
|
3770
|
-
# "
|
|
3771
|
-
# "
|
|
3772
|
-
# "
|
|
3773
|
-
#
|
|
3774
|
-
#
|
|
3775
|
-
#
|
|
3776
|
-
#
|
|
3777
|
-
#
|
|
3778
|
-
#
|
|
3779
|
-
#
|
|
3780
|
-
#
|
|
3781
|
-
# "resourceARN":
|
|
3782
|
-
# "arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
|
|
3783
|
-
# \} ], "networkFirewallOrchestrationConfig": \{
|
|
3784
|
-
# "singleFirewallEndpointPerVPC": false, "allowedIPV4CidrList":
|
|
3785
|
-
# [ "10.0.0.0/28", "192.168.0.0/28" ],
|
|
3786
|
-
# "routeManagementAction": "MONITOR",
|
|
3787
|
-
# "routeManagementTargetTypes": [ "InternetGateway" ] \},
|
|
3788
|
-
# "networkFirewallLoggingConfiguration": \{
|
|
3789
|
-
# "logDestinationConfigs": [ \{ "logDestinationType": "S3",
|
|
3790
|
-
# "logType": "ALERT", "logDestination": \{ "bucketName":
|
|
3791
|
-
# "s3-bucket-name" \} \}, \{ "logDestinationType": "S3",
|
|
3792
|
-
# "logType": "FLOW", "logDestination": \{ "bucketName":
|
|
3793
|
-
# "s3-bucket-name" \} \} ], "overrideExistingConfig": true \}
|
|
3794
|
-
# \}"`
|
|
3776
|
+
# custom Availability Zone configuration
|
|
3777
|
+
#
|
|
3778
|
+
# `"\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","fragmentcustomactionname"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName",
|
|
3779
|
+
# "actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\},\{"actionName":"fragmentcustomactionname","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"fragmentmetricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallOrchestrationConfig":\{"firewallCreationConfig":\{
|
|
3780
|
+
# "endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]\},\{"availabilityZoneName":"us-east-1b","allowedIPV4CidrList":[
|
|
3781
|
+
# "10.0.0.0/28"]\}]\}
|
|
3782
|
+
# \},"singleFirewallEndpointPerVPC":false,"allowedIPV4CidrList":null,"routeManagementAction":"OFF","networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":boolean\}\}"
|
|
3783
|
+
# `
|
|
3784
|
+
#
|
|
3785
|
+
# With custom Availability Zone configuration, you define which
|
|
3786
|
+
# specific Availability Zones to create endpoints in by configuring
|
|
3787
|
+
# `firewallCreationConfig`. To configure the Availability Zones in
|
|
3788
|
+
# `firewallCreationConfig`, specify either the
|
|
3789
|
+
# `availabilityZoneName` or `availabilityZoneId` parameter, not both
|
|
3790
|
+
# parameters.
|
|
3795
3791
|
#
|
|
3796
|
-
#
|
|
3797
|
-
#
|
|
3798
|
-
# Zone configuration, you define which specific Availability Zones
|
|
3799
|
-
# to create endpoints in by configuring `firewallCreationConfig`.
|
|
3800
|
-
#
|
|
3801
|
-
# `"\{
|
|
3802
|
-
# "type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],
|
|
3803
|
-
# "networkFirewallStatelessDefaultActions":[
|
|
3804
|
-
# "aws:forward_to_sfe", "customActionName" ],
|
|
3805
|
-
# "networkFirewallStatelessFragmentDefaultActions":[
|
|
3806
|
-
# "aws:forward_to_sfe", "fragmentcustomactionname" ],
|
|
3807
|
-
# "networkFirewallStatelessCustomActions":[ \{
|
|
3808
|
-
# "actionName":"customActionName", "actionDefinition":\{
|
|
3809
|
-
# "publishMetricAction":\{ "dimensions":[ \{
|
|
3810
|
-
# "value":"metricdimensionvalue" \} ] \} \} \}, \{
|
|
3811
|
-
# "actionName":"fragmentcustomactionname",
|
|
3812
|
-
# "actionDefinition":\{ "publishMetricAction":\{
|
|
3813
|
-
# "dimensions":[ \{ "value":"fragmentmetricdimensionvalue" \}
|
|
3814
|
-
# ] \} \} \} ], "networkFirewallStatefulRuleGroupReferences":[ \{
|
|
3815
|
-
# "resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
|
|
3816
|
-
# \} ], "networkFirewallOrchestrationConfig":\{
|
|
3817
|
-
# "firewallCreationConfig":\{ "endpointLocation":\{
|
|
3818
|
-
# "availabilityZoneConfigList":[ \{ "availabilityZoneId":null,
|
|
3819
|
-
# "availabilityZoneName":"us-east-1a", "allowedIPV4CidrList":[
|
|
3820
|
-
# "10.0.0.0/28" ] \}, \{ ¯"availabilityZoneId":null,
|
|
3821
|
-
# "availabilityZoneName":"us-east-1b", "allowedIPV4CidrList":[
|
|
3822
|
-
# "10.0.0.0/28" ] \} ] \} \},
|
|
3823
|
-
# "singleFirewallEndpointPerVPC":false,
|
|
3824
|
-
# "allowedIPV4CidrList":null, "routeManagementAction":"OFF",
|
|
3825
|
-
# "networkFirewallLoggingConfiguration":\{
|
|
3826
|
-
# "logDestinationConfigs":[ \{ "logDestinationType":"S3",
|
|
3827
|
-
# "logType":"ALERT", "logDestination":\{
|
|
3828
|
-
# "bucketName":"s3-bucket-name" \} \}, \{
|
|
3829
|
-
# "logDestinationType":"S3", "logType":"FLOW",
|
|
3830
|
-
# "logDestination":\{ "bucketName":"s3-bucket-name" \} \} ],
|
|
3831
|
-
# "overrideExistingConfig":boolean \} \}"`
|
|
3792
|
+
# To use the distributed deployment model, you must set
|
|
3793
|
+
# [PolicyOption][1] to `NULL`.
|
|
3832
3794
|
#
|
|
3833
3795
|
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
|
3834
|
-
# custom Availability Zone configuration
|
|
3835
|
-
#
|
|
3836
|
-
# `"\{
|
|
3837
|
-
#
|
|
3838
|
-
#
|
|
3839
|
-
#
|
|
3840
|
-
#
|
|
3841
|
-
#
|
|
3842
|
-
#
|
|
3843
|
-
#
|
|
3844
|
-
# "
|
|
3845
|
-
# "
|
|
3846
|
-
# "
|
|
3847
|
-
# "
|
|
3848
|
-
# "
|
|
3849
|
-
#
|
|
3850
|
-
# "
|
|
3851
|
-
# \} ], "networkFirewallOrchestrationConfig":\{
|
|
3796
|
+
# custom Availability Zone configuration and route management
|
|
3797
|
+
#
|
|
3798
|
+
# `"\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","fragmentcustomactionname"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\},\{"actionName":"fragmentcustomactionname","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"fragmentmetricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallOrchestrationConfig":\{"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]\},\{"availabilityZoneName":"us-east-1b","allowedIPV4CidrList":["10.0.0.0/28"]\}]\}\},"singleFirewallEndpointPerVPC":false,"allowedIPV4CidrList":null,"routeManagementAction":"MONITOR","routeManagementTargetTypes":["InternetGateway"],"routeManagementConfig":\{"allowCrossAZTrafficIfNoEndpoint":true\}\},"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":boolean\}\}"
|
|
3799
|
+
# `
|
|
3800
|
+
#
|
|
3801
|
+
# To use the distributed deployment model, you must set
|
|
3802
|
+
# [PolicyOption][1] to `NULL`.
|
|
3803
|
+
#
|
|
3804
|
+
# * Example: `THIRD_PARTY_FIREWALL`
|
|
3805
|
+
#
|
|
3806
|
+
# `"\{ "type":"THIRD_PARTY_FIREWALL",
|
|
3807
|
+
# "thirdPartyFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW",
|
|
3808
|
+
# "thirdPartyFirewallConfig":\{
|
|
3809
|
+
# "thirdPartyFirewallPolicyList":["global-1"] \},
|
|
3810
|
+
# "firewallDeploymentModel":\{
|
|
3811
|
+
# "distributedFirewallDeploymentModel":\{
|
|
3812
|
+
# "distributedFirewallOrchestrationConfig":\{
|
|
3852
3813
|
# "firewallCreationConfig":\{ "endpointLocation":\{
|
|
3853
|
-
# "availabilityZoneConfigList":[ \{
|
|
3854
|
-
# "availabilityZoneName":"
|
|
3855
|
-
# "
|
|
3856
|
-
# "availabilityZoneName":"us-east-1b", "allowedIPV4CidrList":[
|
|
3857
|
-
# "10.0.0.0/28" ] \} ] \} \},
|
|
3858
|
-
# "singleFirewallEndpointPerVPC":false,
|
|
3859
|
-
# "allowedIPV4CidrList":null,
|
|
3860
|
-
# "routeManagementAction":"MONITOR",
|
|
3861
|
-
# "routeManagementTargetTypes":[ "InternetGateway" ],
|
|
3862
|
-
# "routeManagementConfig":\{
|
|
3863
|
-
# "allowCrossAZTrafficIfNoEndpoint":true \} \},
|
|
3864
|
-
# "networkFirewallLoggingConfiguration":\{
|
|
3865
|
-
# "logDestinationConfigs":[ \{ "logDestinationType":"S3",
|
|
3866
|
-
# "logType":"ALERT", "logDestination":\{
|
|
3867
|
-
# "bucketName":"s3-bucket-name" \} \}, \{
|
|
3868
|
-
# "logDestinationType":"S3", "logType":"FLOW",
|
|
3869
|
-
# "logDestination":\{ "bucketName":"s3-bucket-name" \} \} ],
|
|
3870
|
-
# "overrideExistingConfig":boolean \} \}"`
|
|
3871
|
-
#
|
|
3872
|
-
# * Example: `PARTNER_FIREWALL` for Firewall Manager
|
|
3873
|
-
#
|
|
3874
|
-
# `"\{"type":"THIRD_PARTY_FIREWALL","thirdPartyrFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW","thirdPartyFirewallConfig":\{"thirdPartyFirewallPolicyList":["global-123456789012-1"],"networkFirewallLoggingConfiguration":null\},"firewallDeploymentModel":\{"distributedFirewallDeploymentModel":\{"distributedFirewallOrchestrationConfig":\{"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.1.0/28"]\}]\}\},"allowedIPV4CidrList":null\},"distributedRouteManagementConfig":null\},"centralizedFirewallDeploymentModel":null\}\}""`
|
|
3814
|
+
# "availabilityZoneConfigList":[ \{
|
|
3815
|
+
# "availabilityZoneName":"$\{AvailabilityZone\}" \} ] \} \},
|
|
3816
|
+
# "allowedIPV4CidrList":[ ] \} \} \} \}"`
|
|
3875
3817
|
#
|
|
3876
3818
|
# * Specification for `SHIELD_ADVANCED` for Amazon CloudFront
|
|
3877
3819
|
# distributions
|
|
@@ -3929,6 +3871,24 @@ module Aws::FMS
|
|
|
3929
3871
|
# "applyToAllEC2InstanceENIs":false,"securityGroups":[\{"id":"
|
|
3930
3872
|
# sg-000e55995d61a06bd"\}]\}"`
|
|
3931
3873
|
#
|
|
3874
|
+
# * Example: `SECURITY_GROUPS_COMMON` - Security group tag
|
|
3875
|
+
# distribution
|
|
3876
|
+
#
|
|
3877
|
+
# `""\{"type":"SECURITY_GROUPS_COMMON","securityGroups":[\{"id":"sg-000e55995d61a06bd"\}],"revertManualSecurityGroupChanges":true,"exclusiveResourceSecurityGroupManagement":false,"applyToAllEC2InstanceENIs":false,"includeSharedVPC":false,"enableTagDistribution":true\}""`
|
|
3878
|
+
#
|
|
3879
|
+
# Firewall Manager automatically distributes tags from the primary
|
|
3880
|
+
# group to the security groups created by this policy. To use
|
|
3881
|
+
# security group tag distribution, you must also set
|
|
3882
|
+
# `revertManualSecurityGroupChanges` to `true`, otherwise Firewall
|
|
3883
|
+
# Manager won't be able to create the policy. When you enable
|
|
3884
|
+
# `revertManualSecurityGroupChanges`, Firewall Manager identifies
|
|
3885
|
+
# and reports when the security groups created by this policy become
|
|
3886
|
+
# non-compliant.
|
|
3887
|
+
#
|
|
3888
|
+
# Firewall Manager won't distrubute system tags added by Amazon Web
|
|
3889
|
+
# Services services into the replica security groups. System tags
|
|
3890
|
+
# begin with the `aws:` prefix.
|
|
3891
|
+
#
|
|
3932
3892
|
# * Example: Shared VPCs. Apply the preceding policy to resources in
|
|
3933
3893
|
# shared VPCs as well as to those in VPCs that the account owns
|
|
3934
3894
|
#
|
|
@@ -3971,6 +3931,30 @@ module Aws::FMS
|
|
|
3971
3931
|
include Aws::Structure
|
|
3972
3932
|
end
|
|
3973
3933
|
|
|
3934
|
+
# Configuration settings for the handling of the stateful rule groups in
|
|
3935
|
+
# a Network Firewall firewall policy.
|
|
3936
|
+
#
|
|
3937
|
+
# @!attribute [rw] rule_order
|
|
3938
|
+
# Indicates how to manage the order of stateful rule evaluation for
|
|
3939
|
+
# the policy. `DEFAULT_ACTION_ORDER` is the default behavior. Stateful
|
|
3940
|
+
# rules are provided to the rule engine as Suricata compatible
|
|
3941
|
+
# strings, and Suricata evaluates them based on certain settings. For
|
|
3942
|
+
# more information, see [Evaluation order for stateful rules][1] in
|
|
3943
|
+
# the *Network Firewall Developer Guide*.
|
|
3944
|
+
#
|
|
3945
|
+
#
|
|
3946
|
+
#
|
|
3947
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html
|
|
3948
|
+
# @return [String]
|
|
3949
|
+
#
|
|
3950
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatefulEngineOptions AWS API Documentation
|
|
3951
|
+
#
|
|
3952
|
+
class StatefulEngineOptions < Struct.new(
|
|
3953
|
+
:rule_order)
|
|
3954
|
+
SENSITIVE = []
|
|
3955
|
+
include Aws::Structure
|
|
3956
|
+
end
|
|
3957
|
+
|
|
3974
3958
|
# Network Firewall stateful rule group, used in a
|
|
3975
3959
|
# NetworkFirewallPolicyDescription.
|
|
3976
3960
|
#
|
|
@@ -3982,11 +3966,29 @@ module Aws::FMS
|
|
|
3982
3966
|
# The resource ID of the rule group.
|
|
3983
3967
|
# @return [String]
|
|
3984
3968
|
#
|
|
3969
|
+
# @!attribute [rw] priority
|
|
3970
|
+
# An integer setting that indicates the order in which to run the
|
|
3971
|
+
# stateful rule groups in a single Network Firewall firewall policy.
|
|
3972
|
+
# This setting only applies to firewall policies that specify the
|
|
3973
|
+
# `STRICT_ORDER` rule order in the stateful engine options settings.
|
|
3974
|
+
#
|
|
3975
|
+
# Network Firewall evalutes each stateful rule group against a packet
|
|
3976
|
+
# starting with the group that has the lowest priority setting. You
|
|
3977
|
+
# must ensure that the priority settings are unique within each
|
|
3978
|
+
# policy. For information about
|
|
3979
|
+
#
|
|
3980
|
+
# You can change the priority settings of your rule groups at any
|
|
3981
|
+
# time. To make it easier to insert rule groups later, number them so
|
|
3982
|
+
# there's a wide range in between, for example use 100, 200, and so
|
|
3983
|
+
# on.
|
|
3984
|
+
# @return [Integer]
|
|
3985
|
+
#
|
|
3985
3986
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatefulRuleGroup AWS API Documentation
|
|
3986
3987
|
#
|
|
3987
3988
|
class StatefulRuleGroup < Struct.new(
|
|
3988
3989
|
:rule_group_name,
|
|
3989
|
-
:resource_id
|
|
3990
|
+
:resource_id,
|
|
3991
|
+
:priority)
|
|
3990
3992
|
SENSITIVE = []
|
|
3991
3993
|
include Aws::Structure
|
|
3992
3994
|
end
|
|
@@ -4090,9 +4092,7 @@ module Aws::FMS
|
|
|
4090
4092
|
#
|
|
4091
4093
|
class TagResourceResponse < Aws::EmptyStructure; end
|
|
4092
4094
|
|
|
4093
|
-
# Configures the firewall policy
|
|
4094
|
-
# firewall. The deployment model can either be distributed or
|
|
4095
|
-
# centralized.
|
|
4095
|
+
# Configures the third-party firewall's firewall policy.
|
|
4096
4096
|
#
|
|
4097
4097
|
# @!attribute [rw] firewall_policy_id
|
|
4098
4098
|
# The ID of the specified firewall policy.
|
|
@@ -4216,7 +4216,7 @@ module Aws::FMS
|
|
|
4216
4216
|
include Aws::Structure
|
|
4217
4217
|
end
|
|
4218
4218
|
|
|
4219
|
-
# Configures the
|
|
4219
|
+
# Configures the deployment model for the third-party firewall.
|
|
4220
4220
|
#
|
|
4221
4221
|
# @note When making an API call, you may pass ThirdPartyFirewallPolicy
|
|
4222
4222
|
# data as a hash:
|
|
@@ -4226,7 +4226,8 @@ module Aws::FMS
|
|
|
4226
4226
|
# }
|
|
4227
4227
|
#
|
|
4228
4228
|
# @!attribute [rw] firewall_deployment_model
|
|
4229
|
-
# Defines the deployment model to use for the third-party firewall
|
|
4229
|
+
# Defines the deployment model to use for the third-party firewall
|
|
4230
|
+
# policy.
|
|
4230
4231
|
# @return [String]
|
|
4231
4232
|
#
|
|
4232
4233
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallPolicy AWS API Documentation
|
data/lib/aws-sdk-fms.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-fms
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.50.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-07-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-core
|