aws-sdk-fms 1.49.0 → 1.50.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-fms/client.rb +9 -1
- data/lib/aws-sdk-fms/client_api.rb +9 -0
- data/lib/aws-sdk-fms/types.rb +154 -153
- data/lib/aws-sdk-fms.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b0354824395b1da8d77e832a9686ef6cba2e9e95134480f478050c07753b7881
|
4
|
+
data.tar.gz: e04d84b455acc67f75a96408815fd8293964b35d823b292b23f56d73a245a121
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cf25988cec2d137f328a97b0054bf09d3424e986459d865af373f360fb41f22fe471b93df41525d4da1f2e2ffd0268c377706e5ab3d4e05ad75ae8319bb8d903
|
7
|
+
data.tar.gz: d67884dc6946f5abe4a88e3525ad0080d5da054054f2097d3696c1149b8279dafcf031e9ff989620d2371d7707c86c20d0505a52ef1c8465976fe1e3068bed4c
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.50.0
|
data/lib/aws-sdk-fms/client.rb
CHANGED
@@ -1045,6 +1045,10 @@ module Aws::FMS
|
|
1045
1045
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups #=> Array
|
1046
1046
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].rule_group_name #=> String
|
1047
1047
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].resource_id #=> String
|
1048
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].priority #=> Integer
|
1049
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions #=> Array
|
1050
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions[0] #=> String
|
1051
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
|
1048
1052
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups #=> Array
|
1049
1053
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].rule_group_name #=> String
|
1050
1054
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].resource_id #=> String
|
@@ -1058,6 +1062,10 @@ module Aws::FMS
|
|
1058
1062
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups #=> Array
|
1059
1063
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].rule_group_name #=> String
|
1060
1064
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].resource_id #=> String
|
1065
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].priority #=> Integer
|
1066
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions #=> Array
|
1067
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions[0] #=> String
|
1068
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
|
1061
1069
|
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_id #=> String
|
1062
1070
|
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_availability_zone #=> String
|
1063
1071
|
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.route_table_id #=> String
|
@@ -2047,7 +2055,7 @@ module Aws::FMS
|
|
2047
2055
|
params: params,
|
2048
2056
|
config: config)
|
2049
2057
|
context[:gem_name] = 'aws-sdk-fms'
|
2050
|
-
context[:gem_version] = '1.
|
2058
|
+
context[:gem_version] = '1.50.0'
|
2051
2059
|
Seahorse::Client::Request.new(handlers, context)
|
2052
2060
|
end
|
2053
2061
|
|
@@ -152,6 +152,7 @@ module Aws::FMS
|
|
152
152
|
PreviousAppsList = Shapes::MapShape.new(name: 'PreviousAppsList')
|
153
153
|
PreviousListVersion = Shapes::StringShape.new(name: 'PreviousListVersion')
|
154
154
|
PreviousProtocolsList = Shapes::MapShape.new(name: 'PreviousProtocolsList')
|
155
|
+
PriorityNumber = Shapes::IntegerShape.new(name: 'PriorityNumber')
|
155
156
|
ProtectionData = Shapes::StringShape.new(name: 'ProtectionData')
|
156
157
|
Protocol = Shapes::StringShape.new(name: 'Protocol')
|
157
158
|
ProtocolsList = Shapes::ListShape.new(name: 'ProtocolsList')
|
@@ -187,11 +188,13 @@ module Aws::FMS
|
|
187
188
|
Route = Shapes::StructureShape.new(name: 'Route')
|
188
189
|
RouteHasOutOfScopeEndpointViolation = Shapes::StructureShape.new(name: 'RouteHasOutOfScopeEndpointViolation')
|
189
190
|
Routes = Shapes::ListShape.new(name: 'Routes')
|
191
|
+
RuleOrder = Shapes::StringShape.new(name: 'RuleOrder')
|
190
192
|
SecurityGroupRemediationAction = Shapes::StructureShape.new(name: 'SecurityGroupRemediationAction')
|
191
193
|
SecurityGroupRemediationActions = Shapes::ListShape.new(name: 'SecurityGroupRemediationActions')
|
192
194
|
SecurityGroupRuleDescription = Shapes::StructureShape.new(name: 'SecurityGroupRuleDescription')
|
193
195
|
SecurityServicePolicyData = Shapes::StructureShape.new(name: 'SecurityServicePolicyData')
|
194
196
|
SecurityServiceType = Shapes::StringShape.new(name: 'SecurityServiceType')
|
197
|
+
StatefulEngineOptions = Shapes::StructureShape.new(name: 'StatefulEngineOptions')
|
195
198
|
StatefulRuleGroup = Shapes::StructureShape.new(name: 'StatefulRuleGroup')
|
196
199
|
StatefulRuleGroupList = Shapes::ListShape.new(name: 'StatefulRuleGroupList')
|
197
200
|
StatelessRuleGroup = Shapes::StructureShape.new(name: 'StatelessRuleGroup')
|
@@ -635,6 +638,8 @@ module Aws::FMS
|
|
635
638
|
NetworkFirewallPolicyDescription.add_member(:stateless_fragment_default_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatelessFragmentDefaultActions"))
|
636
639
|
NetworkFirewallPolicyDescription.add_member(:stateless_custom_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatelessCustomActions"))
|
637
640
|
NetworkFirewallPolicyDescription.add_member(:stateful_rule_groups, Shapes::ShapeRef.new(shape: StatefulRuleGroupList, location_name: "StatefulRuleGroups"))
|
641
|
+
NetworkFirewallPolicyDescription.add_member(:stateful_default_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatefulDefaultActions"))
|
642
|
+
NetworkFirewallPolicyDescription.add_member(:stateful_engine_options, Shapes::ShapeRef.new(shape: StatefulEngineOptions, location_name: "StatefulEngineOptions"))
|
638
643
|
NetworkFirewallPolicyDescription.struct_class = Types::NetworkFirewallPolicyDescription
|
639
644
|
|
640
645
|
NetworkFirewallPolicyModifiedViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
|
@@ -874,8 +879,12 @@ module Aws::FMS
|
|
874
879
|
SecurityServicePolicyData.add_member(:policy_option, Shapes::ShapeRef.new(shape: PolicyOption, location_name: "PolicyOption"))
|
875
880
|
SecurityServicePolicyData.struct_class = Types::SecurityServicePolicyData
|
876
881
|
|
882
|
+
StatefulEngineOptions.add_member(:rule_order, Shapes::ShapeRef.new(shape: RuleOrder, location_name: "RuleOrder"))
|
883
|
+
StatefulEngineOptions.struct_class = Types::StatefulEngineOptions
|
884
|
+
|
877
885
|
StatefulRuleGroup.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: NetworkFirewallResourceName, location_name: "RuleGroupName"))
|
878
886
|
StatefulRuleGroup.add_member(:resource_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ResourceId"))
|
887
|
+
StatefulRuleGroup.add_member(:priority, Shapes::ShapeRef.new(shape: PriorityNumber, location_name: "Priority"))
|
879
888
|
StatefulRuleGroup.struct_class = Types::StatefulRuleGroup
|
880
889
|
|
881
890
|
StatefulRuleGroupList.member = Shapes::ShapeRef.new(shape: StatefulRuleGroup)
|
data/lib/aws-sdk-fms/types.rb
CHANGED
@@ -1365,11 +1365,11 @@ module Aws::FMS
|
|
1365
1365
|
#
|
1366
1366
|
# @!attribute [rw] marketplace_onboarding_status
|
1367
1367
|
# The status for subscribing to the third-party firewall vendor in the
|
1368
|
-
#
|
1368
|
+
# Amazon Web Services Marketplace.
|
1369
1369
|
#
|
1370
1370
|
# * `NO_SUBSCRIPTION` - The Firewall Manager policy administrator
|
1371
|
-
# isn't subscribed to the third-party firewall service in the
|
1372
|
-
# Marketplace.
|
1371
|
+
# isn't subscribed to the third-party firewall service in the
|
1372
|
+
# Amazon Web Services Marketplace.
|
1373
1373
|
#
|
1374
1374
|
# * `NOT_COMPLETE` - The Firewall Manager policy administrator is in
|
1375
1375
|
# the process of subscribing to the third-party firewall service in
|
@@ -2318,6 +2318,29 @@ module Aws::FMS
|
|
2318
2318
|
# firewall policy.
|
2319
2319
|
# @return [Array<Types::StatefulRuleGroup>]
|
2320
2320
|
#
|
2321
|
+
# @!attribute [rw] stateful_default_actions
|
2322
|
+
# The default actions to take on a packet that doesn't match any
|
2323
|
+
# stateful rules. The stateful default action is optional, and is only
|
2324
|
+
# valid when using the strict rule order.
|
2325
|
+
#
|
2326
|
+
# Valid values of the stateful default action:
|
2327
|
+
#
|
2328
|
+
# * aws:drop\_strict
|
2329
|
+
#
|
2330
|
+
# * aws:drop\_established
|
2331
|
+
#
|
2332
|
+
# * aws:alert\_strict
|
2333
|
+
#
|
2334
|
+
# * aws:alert\_established
|
2335
|
+
# @return [Array<String>]
|
2336
|
+
#
|
2337
|
+
# @!attribute [rw] stateful_engine_options
|
2338
|
+
# Additional options governing how Network Firewall handles stateful
|
2339
|
+
# rules. The stateful rule groups that you use in your policy must
|
2340
|
+
# have stateful rule options settings that are compatible with these
|
2341
|
+
# settings.
|
2342
|
+
# @return [Types::StatefulEngineOptions]
|
2343
|
+
#
|
2321
2344
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallPolicyDescription AWS API Documentation
|
2322
2345
|
#
|
2323
2346
|
class NetworkFirewallPolicyDescription < Struct.new(
|
@@ -2325,7 +2348,9 @@ module Aws::FMS
|
|
2325
2348
|
:stateless_default_actions,
|
2326
2349
|
:stateless_fragment_default_actions,
|
2327
2350
|
:stateless_custom_actions,
|
2328
|
-
:stateful_rule_groups
|
2351
|
+
:stateful_rule_groups,
|
2352
|
+
:stateful_default_actions,
|
2353
|
+
:stateful_engine_options)
|
2329
2354
|
SENSITIVE = []
|
2330
2355
|
include Aws::Structure
|
2331
2356
|
end
|
@@ -2748,8 +2773,8 @@ module Aws::FMS
|
|
2748
2773
|
include Aws::Structure
|
2749
2774
|
end
|
2750
2775
|
|
2751
|
-
# Contains the Network Firewall firewall policy options to configure
|
2752
|
-
#
|
2776
|
+
# Contains the Network Firewall firewall policy options to configure the
|
2777
|
+
# policy's deployment model and third-party firewall policy settings.
|
2753
2778
|
#
|
2754
2779
|
# @note When making an API call, you may pass PolicyOption
|
2755
2780
|
# data as a hash:
|
@@ -3717,161 +3742,78 @@ module Aws::FMS
|
|
3717
3742
|
#
|
3718
3743
|
# </note>
|
3719
3744
|
#
|
3720
|
-
# * Example: `
|
3745
|
+
# * Example: `NETWORK_FIREWALL` - Centralized deployment model
|
3721
3746
|
#
|
3722
|
-
# `"\{"type":"
|
3747
|
+
# `"\{"type":"NETWORK_FIREWALL","awsNetworkFirewallConfig":\{"networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":true\}\},"firewallDeploymentModel":\{"centralizedFirewallDeploymentModel":\{"centralizedFirewallOrchestrationConfig":\{"inspectionVpcIds":[\{"resourceId":"vpc-1234","accountId":"123456789011"\}],"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]\}]\}\},"allowedIPV4CidrList":[]\}\}\}\}"`
|
3723
3748
|
#
|
3724
|
-
#
|
3725
|
-
#
|
3726
|
-
# 10000.
|
3749
|
+
# To use the centralized deployment model, you must set
|
3750
|
+
# [PolicyOption][1] to `CENTRALIZED`.
|
3727
3751
|
#
|
3728
|
-
#
|
3752
|
+
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
3753
|
+
# automatic Availability Zone configuration
|
3754
|
+
#
|
3755
|
+
# `
|
3756
|
+
# "\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallOrchestrationConfig":\{"singleFirewallEndpointPerVPC":false,"allowedIPV4CidrList":["10.0.0.0/28","192.168.0.0/28"],"routeManagementAction":"OFF"\},"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":true\}\}"
|
3757
|
+
# `
|
3758
|
+
#
|
3759
|
+
# With automatic Availbility Zone configuration, Firewall Manager
|
3760
|
+
# chooses which Availability Zones to create the endpoints in. To
|
3761
|
+
# use the distributed deployment model, you must set
|
3762
|
+
# [PolicyOption][1] to `NULL`.
|
3729
3763
|
#
|
3730
3764
|
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
3731
|
-
# automatic Availability Zone configuration
|
3732
|
-
#
|
3733
|
-
#
|
3734
|
-
#
|
3735
|
-
#
|
3736
|
-
#
|
3737
|
-
# "resourceARN":
|
3738
|
-
# "arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test",
|
3739
|
-
# "priority": 1 \} ], "networkFirewallStatelessDefaultActions":
|
3740
|
-
# [ "aws:forward_to_sfe", "customActionName" ],
|
3741
|
-
# "networkFirewallStatelessFragmentDefaultActions": [
|
3742
|
-
# "aws:forward_to_sfe", "customActionName" ],
|
3743
|
-
# "networkFirewallStatelessCustomActions": [ \{ "actionName":
|
3744
|
-
# "customActionName", "actionDefinition": \{
|
3745
|
-
# "publishMetricAction": \{ "dimensions": [ \{ "value":
|
3746
|
-
# "metricdimensionvalue" \} ] \} \} \} ],
|
3747
|
-
# "networkFirewallStatefulRuleGroupReferences": [ \{
|
3748
|
-
# "resourceARN":
|
3749
|
-
# "arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
|
3750
|
-
# \} ], "networkFirewallOrchestrationConfig": \{
|
3751
|
-
# "singleFirewallEndpointPerVPC": false, "allowedIPV4CidrList":
|
3752
|
-
# [ "10.0.0.0/28", "192.168.0.0/28" ],
|
3753
|
-
# "routeManagementAction": "OFF" \},
|
3754
|
-
# "networkFirewallLoggingConfiguration": \{
|
3755
|
-
# "logDestinationConfigs": [ \{ "logDestinationType": "S3",
|
3756
|
-
# "logType": "ALERT", "logDestination": \{ "bucketName":
|
3757
|
-
# "s3-bucket-name" \} \}, \{ "logDestinationType": "S3",
|
3758
|
-
# "logType": "FLOW", "logDestination": \{ "bucketName":
|
3759
|
-
# "s3-bucket-name" \} \} ], "overrideExistingConfig": true \}
|
3760
|
-
# \}"`
|
3765
|
+
# automatic Availability Zone configuration and route management
|
3766
|
+
#
|
3767
|
+
# `
|
3768
|
+
# "\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallOrchestrationConfig":\{"singleFirewallEndpointPerVPC":false,"allowedIPV4CidrList":["10.0.0.0/28","192.168.0.0/28"],"routeManagementAction":"MONITOR","routeManagementTargetTypes":["InternetGateway"]\},"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":
|
3769
|
+
# "FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":true\}\}"
|
3770
|
+
# `
|
3761
3771
|
#
|
3762
3772
|
# To use the distributed deployment model, you must set
|
3763
3773
|
# [PolicyOption][1] to `NULL`.
|
3764
3774
|
#
|
3765
3775
|
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
3766
|
-
#
|
3767
|
-
#
|
3768
|
-
# `"\{
|
3769
|
-
# "
|
3770
|
-
# "
|
3771
|
-
# "
|
3772
|
-
# "
|
3773
|
-
#
|
3774
|
-
#
|
3775
|
-
#
|
3776
|
-
#
|
3777
|
-
#
|
3778
|
-
#
|
3779
|
-
#
|
3780
|
-
#
|
3781
|
-
# "resourceARN":
|
3782
|
-
# "arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
|
3783
|
-
# \} ], "networkFirewallOrchestrationConfig": \{
|
3784
|
-
# "singleFirewallEndpointPerVPC": false, "allowedIPV4CidrList":
|
3785
|
-
# [ "10.0.0.0/28", "192.168.0.0/28" ],
|
3786
|
-
# "routeManagementAction": "MONITOR",
|
3787
|
-
# "routeManagementTargetTypes": [ "InternetGateway" ] \},
|
3788
|
-
# "networkFirewallLoggingConfiguration": \{
|
3789
|
-
# "logDestinationConfigs": [ \{ "logDestinationType": "S3",
|
3790
|
-
# "logType": "ALERT", "logDestination": \{ "bucketName":
|
3791
|
-
# "s3-bucket-name" \} \}, \{ "logDestinationType": "S3",
|
3792
|
-
# "logType": "FLOW", "logDestination": \{ "bucketName":
|
3793
|
-
# "s3-bucket-name" \} \} ], "overrideExistingConfig": true \}
|
3794
|
-
# \}"`
|
3776
|
+
# custom Availability Zone configuration
|
3777
|
+
#
|
3778
|
+
# `"\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","fragmentcustomactionname"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName",
|
3779
|
+
# "actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\},\{"actionName":"fragmentcustomactionname","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"fragmentmetricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallOrchestrationConfig":\{"firewallCreationConfig":\{
|
3780
|
+
# "endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]\},\{"availabilityZoneName":"us-east-1b","allowedIPV4CidrList":[
|
3781
|
+
# "10.0.0.0/28"]\}]\}
|
3782
|
+
# \},"singleFirewallEndpointPerVPC":false,"allowedIPV4CidrList":null,"routeManagementAction":"OFF","networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":boolean\}\}"
|
3783
|
+
# `
|
3784
|
+
#
|
3785
|
+
# With custom Availability Zone configuration, you define which
|
3786
|
+
# specific Availability Zones to create endpoints in by configuring
|
3787
|
+
# `firewallCreationConfig`. To configure the Availability Zones in
|
3788
|
+
# `firewallCreationConfig`, specify either the
|
3789
|
+
# `availabilityZoneName` or `availabilityZoneId` parameter, not both
|
3790
|
+
# parameters.
|
3795
3791
|
#
|
3796
|
-
#
|
3797
|
-
#
|
3798
|
-
# Zone configuration, you define which specific Availability Zones
|
3799
|
-
# to create endpoints in by configuring `firewallCreationConfig`.
|
3800
|
-
#
|
3801
|
-
# `"\{
|
3802
|
-
# "type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],
|
3803
|
-
# "networkFirewallStatelessDefaultActions":[
|
3804
|
-
# "aws:forward_to_sfe", "customActionName" ],
|
3805
|
-
# "networkFirewallStatelessFragmentDefaultActions":[
|
3806
|
-
# "aws:forward_to_sfe", "fragmentcustomactionname" ],
|
3807
|
-
# "networkFirewallStatelessCustomActions":[ \{
|
3808
|
-
# "actionName":"customActionName", "actionDefinition":\{
|
3809
|
-
# "publishMetricAction":\{ "dimensions":[ \{
|
3810
|
-
# "value":"metricdimensionvalue" \} ] \} \} \}, \{
|
3811
|
-
# "actionName":"fragmentcustomactionname",
|
3812
|
-
# "actionDefinition":\{ "publishMetricAction":\{
|
3813
|
-
# "dimensions":[ \{ "value":"fragmentmetricdimensionvalue" \}
|
3814
|
-
# ] \} \} \} ], "networkFirewallStatefulRuleGroupReferences":[ \{
|
3815
|
-
# "resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
|
3816
|
-
# \} ], "networkFirewallOrchestrationConfig":\{
|
3817
|
-
# "firewallCreationConfig":\{ "endpointLocation":\{
|
3818
|
-
# "availabilityZoneConfigList":[ \{ "availabilityZoneId":null,
|
3819
|
-
# "availabilityZoneName":"us-east-1a", "allowedIPV4CidrList":[
|
3820
|
-
# "10.0.0.0/28" ] \}, \{ ¯"availabilityZoneId":null,
|
3821
|
-
# "availabilityZoneName":"us-east-1b", "allowedIPV4CidrList":[
|
3822
|
-
# "10.0.0.0/28" ] \} ] \} \},
|
3823
|
-
# "singleFirewallEndpointPerVPC":false,
|
3824
|
-
# "allowedIPV4CidrList":null, "routeManagementAction":"OFF",
|
3825
|
-
# "networkFirewallLoggingConfiguration":\{
|
3826
|
-
# "logDestinationConfigs":[ \{ "logDestinationType":"S3",
|
3827
|
-
# "logType":"ALERT", "logDestination":\{
|
3828
|
-
# "bucketName":"s3-bucket-name" \} \}, \{
|
3829
|
-
# "logDestinationType":"S3", "logType":"FLOW",
|
3830
|
-
# "logDestination":\{ "bucketName":"s3-bucket-name" \} \} ],
|
3831
|
-
# "overrideExistingConfig":boolean \} \}"`
|
3792
|
+
# To use the distributed deployment model, you must set
|
3793
|
+
# [PolicyOption][1] to `NULL`.
|
3832
3794
|
#
|
3833
3795
|
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
3834
|
-
# custom Availability Zone configuration
|
3835
|
-
#
|
3836
|
-
# `"\{
|
3837
|
-
#
|
3838
|
-
#
|
3839
|
-
#
|
3840
|
-
#
|
3841
|
-
#
|
3842
|
-
#
|
3843
|
-
#
|
3844
|
-
# "
|
3845
|
-
# "
|
3846
|
-
# "
|
3847
|
-
# "
|
3848
|
-
# "
|
3849
|
-
#
|
3850
|
-
# "
|
3851
|
-
# \} ], "networkFirewallOrchestrationConfig":\{
|
3796
|
+
# custom Availability Zone configuration and route management
|
3797
|
+
#
|
3798
|
+
# `"\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","fragmentcustomactionname"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\},\{"actionName":"fragmentcustomactionname","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"fragmentmetricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallOrchestrationConfig":\{"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]\},\{"availabilityZoneName":"us-east-1b","allowedIPV4CidrList":["10.0.0.0/28"]\}]\}\},"singleFirewallEndpointPerVPC":false,"allowedIPV4CidrList":null,"routeManagementAction":"MONITOR","routeManagementTargetTypes":["InternetGateway"],"routeManagementConfig":\{"allowCrossAZTrafficIfNoEndpoint":true\}\},"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":boolean\}\}"
|
3799
|
+
# `
|
3800
|
+
#
|
3801
|
+
# To use the distributed deployment model, you must set
|
3802
|
+
# [PolicyOption][1] to `NULL`.
|
3803
|
+
#
|
3804
|
+
# * Example: `THIRD_PARTY_FIREWALL`
|
3805
|
+
#
|
3806
|
+
# `"\{ "type":"THIRD_PARTY_FIREWALL",
|
3807
|
+
# "thirdPartyFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW",
|
3808
|
+
# "thirdPartyFirewallConfig":\{
|
3809
|
+
# "thirdPartyFirewallPolicyList":["global-1"] \},
|
3810
|
+
# "firewallDeploymentModel":\{
|
3811
|
+
# "distributedFirewallDeploymentModel":\{
|
3812
|
+
# "distributedFirewallOrchestrationConfig":\{
|
3852
3813
|
# "firewallCreationConfig":\{ "endpointLocation":\{
|
3853
|
-
# "availabilityZoneConfigList":[ \{
|
3854
|
-
# "availabilityZoneName":"
|
3855
|
-
# "
|
3856
|
-
# "availabilityZoneName":"us-east-1b", "allowedIPV4CidrList":[
|
3857
|
-
# "10.0.0.0/28" ] \} ] \} \},
|
3858
|
-
# "singleFirewallEndpointPerVPC":false,
|
3859
|
-
# "allowedIPV4CidrList":null,
|
3860
|
-
# "routeManagementAction":"MONITOR",
|
3861
|
-
# "routeManagementTargetTypes":[ "InternetGateway" ],
|
3862
|
-
# "routeManagementConfig":\{
|
3863
|
-
# "allowCrossAZTrafficIfNoEndpoint":true \} \},
|
3864
|
-
# "networkFirewallLoggingConfiguration":\{
|
3865
|
-
# "logDestinationConfigs":[ \{ "logDestinationType":"S3",
|
3866
|
-
# "logType":"ALERT", "logDestination":\{
|
3867
|
-
# "bucketName":"s3-bucket-name" \} \}, \{
|
3868
|
-
# "logDestinationType":"S3", "logType":"FLOW",
|
3869
|
-
# "logDestination":\{ "bucketName":"s3-bucket-name" \} \} ],
|
3870
|
-
# "overrideExistingConfig":boolean \} \}"`
|
3871
|
-
#
|
3872
|
-
# * Example: `PARTNER_FIREWALL` for Firewall Manager
|
3873
|
-
#
|
3874
|
-
# `"\{"type":"THIRD_PARTY_FIREWALL","thirdPartyrFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW","thirdPartyFirewallConfig":\{"thirdPartyFirewallPolicyList":["global-123456789012-1"],"networkFirewallLoggingConfiguration":null\},"firewallDeploymentModel":\{"distributedFirewallDeploymentModel":\{"distributedFirewallOrchestrationConfig":\{"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.1.0/28"]\}]\}\},"allowedIPV4CidrList":null\},"distributedRouteManagementConfig":null\},"centralizedFirewallDeploymentModel":null\}\}""`
|
3814
|
+
# "availabilityZoneConfigList":[ \{
|
3815
|
+
# "availabilityZoneName":"$\{AvailabilityZone\}" \} ] \} \},
|
3816
|
+
# "allowedIPV4CidrList":[ ] \} \} \} \}"`
|
3875
3817
|
#
|
3876
3818
|
# * Specification for `SHIELD_ADVANCED` for Amazon CloudFront
|
3877
3819
|
# distributions
|
@@ -3929,6 +3871,24 @@ module Aws::FMS
|
|
3929
3871
|
# "applyToAllEC2InstanceENIs":false,"securityGroups":[\{"id":"
|
3930
3872
|
# sg-000e55995d61a06bd"\}]\}"`
|
3931
3873
|
#
|
3874
|
+
# * Example: `SECURITY_GROUPS_COMMON` - Security group tag
|
3875
|
+
# distribution
|
3876
|
+
#
|
3877
|
+
# `""\{"type":"SECURITY_GROUPS_COMMON","securityGroups":[\{"id":"sg-000e55995d61a06bd"\}],"revertManualSecurityGroupChanges":true,"exclusiveResourceSecurityGroupManagement":false,"applyToAllEC2InstanceENIs":false,"includeSharedVPC":false,"enableTagDistribution":true\}""`
|
3878
|
+
#
|
3879
|
+
# Firewall Manager automatically distributes tags from the primary
|
3880
|
+
# group to the security groups created by this policy. To use
|
3881
|
+
# security group tag distribution, you must also set
|
3882
|
+
# `revertManualSecurityGroupChanges` to `true`, otherwise Firewall
|
3883
|
+
# Manager won't be able to create the policy. When you enable
|
3884
|
+
# `revertManualSecurityGroupChanges`, Firewall Manager identifies
|
3885
|
+
# and reports when the security groups created by this policy become
|
3886
|
+
# non-compliant.
|
3887
|
+
#
|
3888
|
+
# Firewall Manager won't distrubute system tags added by Amazon Web
|
3889
|
+
# Services services into the replica security groups. System tags
|
3890
|
+
# begin with the `aws:` prefix.
|
3891
|
+
#
|
3932
3892
|
# * Example: Shared VPCs. Apply the preceding policy to resources in
|
3933
3893
|
# shared VPCs as well as to those in VPCs that the account owns
|
3934
3894
|
#
|
@@ -3971,6 +3931,30 @@ module Aws::FMS
|
|
3971
3931
|
include Aws::Structure
|
3972
3932
|
end
|
3973
3933
|
|
3934
|
+
# Configuration settings for the handling of the stateful rule groups in
|
3935
|
+
# a Network Firewall firewall policy.
|
3936
|
+
#
|
3937
|
+
# @!attribute [rw] rule_order
|
3938
|
+
# Indicates how to manage the order of stateful rule evaluation for
|
3939
|
+
# the policy. `DEFAULT_ACTION_ORDER` is the default behavior. Stateful
|
3940
|
+
# rules are provided to the rule engine as Suricata compatible
|
3941
|
+
# strings, and Suricata evaluates them based on certain settings. For
|
3942
|
+
# more information, see [Evaluation order for stateful rules][1] in
|
3943
|
+
# the *Network Firewall Developer Guide*.
|
3944
|
+
#
|
3945
|
+
#
|
3946
|
+
#
|
3947
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html
|
3948
|
+
# @return [String]
|
3949
|
+
#
|
3950
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatefulEngineOptions AWS API Documentation
|
3951
|
+
#
|
3952
|
+
class StatefulEngineOptions < Struct.new(
|
3953
|
+
:rule_order)
|
3954
|
+
SENSITIVE = []
|
3955
|
+
include Aws::Structure
|
3956
|
+
end
|
3957
|
+
|
3974
3958
|
# Network Firewall stateful rule group, used in a
|
3975
3959
|
# NetworkFirewallPolicyDescription.
|
3976
3960
|
#
|
@@ -3982,11 +3966,29 @@ module Aws::FMS
|
|
3982
3966
|
# The resource ID of the rule group.
|
3983
3967
|
# @return [String]
|
3984
3968
|
#
|
3969
|
+
# @!attribute [rw] priority
|
3970
|
+
# An integer setting that indicates the order in which to run the
|
3971
|
+
# stateful rule groups in a single Network Firewall firewall policy.
|
3972
|
+
# This setting only applies to firewall policies that specify the
|
3973
|
+
# `STRICT_ORDER` rule order in the stateful engine options settings.
|
3974
|
+
#
|
3975
|
+
# Network Firewall evalutes each stateful rule group against a packet
|
3976
|
+
# starting with the group that has the lowest priority setting. You
|
3977
|
+
# must ensure that the priority settings are unique within each
|
3978
|
+
# policy. For information about
|
3979
|
+
#
|
3980
|
+
# You can change the priority settings of your rule groups at any
|
3981
|
+
# time. To make it easier to insert rule groups later, number them so
|
3982
|
+
# there's a wide range in between, for example use 100, 200, and so
|
3983
|
+
# on.
|
3984
|
+
# @return [Integer]
|
3985
|
+
#
|
3985
3986
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatefulRuleGroup AWS API Documentation
|
3986
3987
|
#
|
3987
3988
|
class StatefulRuleGroup < Struct.new(
|
3988
3989
|
:rule_group_name,
|
3989
|
-
:resource_id
|
3990
|
+
:resource_id,
|
3991
|
+
:priority)
|
3990
3992
|
SENSITIVE = []
|
3991
3993
|
include Aws::Structure
|
3992
3994
|
end
|
@@ -4090,9 +4092,7 @@ module Aws::FMS
|
|
4090
4092
|
#
|
4091
4093
|
class TagResourceResponse < Aws::EmptyStructure; end
|
4092
4094
|
|
4093
|
-
# Configures the firewall policy
|
4094
|
-
# firewall. The deployment model can either be distributed or
|
4095
|
-
# centralized.
|
4095
|
+
# Configures the third-party firewall's firewall policy.
|
4096
4096
|
#
|
4097
4097
|
# @!attribute [rw] firewall_policy_id
|
4098
4098
|
# The ID of the specified firewall policy.
|
@@ -4216,7 +4216,7 @@ module Aws::FMS
|
|
4216
4216
|
include Aws::Structure
|
4217
4217
|
end
|
4218
4218
|
|
4219
|
-
# Configures the
|
4219
|
+
# Configures the deployment model for the third-party firewall.
|
4220
4220
|
#
|
4221
4221
|
# @note When making an API call, you may pass ThirdPartyFirewallPolicy
|
4222
4222
|
# data as a hash:
|
@@ -4226,7 +4226,8 @@ module Aws::FMS
|
|
4226
4226
|
# }
|
4227
4227
|
#
|
4228
4228
|
# @!attribute [rw] firewall_deployment_model
|
4229
|
-
# Defines the deployment model to use for the third-party firewall
|
4229
|
+
# Defines the deployment model to use for the third-party firewall
|
4230
|
+
# policy.
|
4230
4231
|
# @return [String]
|
4231
4232
|
#
|
4232
4233
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallPolicy AWS API Documentation
|
data/lib/aws-sdk-fms.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-fms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.50.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-07-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|