aws-sdk-networkfirewall 1.11.0 → 1.12.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6ccab61032781decb6d5f4dc880424249824ef1dca1669c6985c65bf4c3b8a13
4
- data.tar.gz: f8a4f0fcb037edace6d2f15af90846b2161801c93006fb3b8be813153c7fd620
3
+ metadata.gz: efb85e8a5f83f0a539703aefb30893ed8f96df4e00a361da83089ac061211dc5
4
+ data.tar.gz: 2cfc028fd27c7681a8a3561cfc22f250c8f93f3cf0b7d5543ff914bebc9ac7a5
5
5
  SHA512:
6
- metadata.gz: e79c16a8f3fea2e0ab53e0d85e4b37892fe7d914c700fcc4408a630f604eb04ca64ba5af9d53f35a60d583dd9427939ae55785dfa16116c93fe5ab2ba3d7b1e0
7
- data.tar.gz: ad221e62dfa116b7de586c3078ede1a795bed53bb2c11960f01be63000dcb6df57afc92da76389acfead37e08d1e1103503bd44c8d074eff02ae3eaa36a87f80
6
+ metadata.gz: 68820ccd6afe392a2ac4481f2657cdd404faafec75415d87cf313e959575bdea39ac5f3d7155622ef2faa2d17388d229a871735beaef8431e14e05115f59c7ac
7
+ data.tar.gz: d6e4dfb732b21248197e928a6219d36f194ecce636cd1b856182d875b5bf1938eef8dfb8ccca75be589a5e887e7db3d9410db0e922b78465a402ae27eec729e6
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.12.0 (2021-12-09)
5
+ ------------------
6
+
7
+ * Feature - This release adds support for managed rule groups.
8
+
4
9
  1.11.0 (2021-11-30)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.11.0
1
+ 1.12.0
@@ -704,6 +704,9 @@ module Aws::NetworkFirewall
704
704
  # {
705
705
  # resource_arn: "ResourceArn", # required
706
706
  # priority: 1,
707
+ # override: {
708
+ # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
709
+ # },
707
710
  # },
708
711
  # ],
709
712
  # stateful_default_actions: ["CollectionMember_String"],
@@ -1319,6 +1322,7 @@ module Aws::NetworkFirewall
1319
1322
  # resp.firewall_policy.stateful_rule_group_references #=> Array
1320
1323
  # resp.firewall_policy.stateful_rule_group_references[0].resource_arn #=> String
1321
1324
  # resp.firewall_policy.stateful_rule_group_references[0].priority #=> Integer
1325
+ # resp.firewall_policy.stateful_rule_group_references[0].override.action #=> String, one of "DROP_TO_ALERT"
1322
1326
  # resp.firewall_policy.stateful_default_actions #=> Array
1323
1327
  # resp.firewall_policy.stateful_default_actions[0] #=> String
1324
1328
  # resp.firewall_policy.stateful_engine_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
@@ -1517,6 +1521,68 @@ module Aws::NetworkFirewall
1517
1521
  req.send_request(options)
1518
1522
  end
1519
1523
 
1524
+ # High-level information about a rule group, returned by operations like
1525
+ # create and describe. You can use the information provided in the
1526
+ # metadata to retrieve and manage a rule group. You can retrieve all
1527
+ # objects for a rule group by calling DescribeRuleGroup.
1528
+ #
1529
+ # @option params [String] :rule_group_name
1530
+ # The descriptive name of the rule group. You can't change the name of
1531
+ # a rule group after you create it.
1532
+ #
1533
+ # You must specify the ARN or the name, and you can specify both.
1534
+ #
1535
+ # @option params [String] :rule_group_arn
1536
+ # The descriptive name of the rule group. You can't change the name of
1537
+ # a rule group after you create it.
1538
+ #
1539
+ # You must specify the ARN or the name, and you can specify both.
1540
+ #
1541
+ # @option params [String] :type
1542
+ # Indicates whether the rule group is stateless or stateful. If the rule
1543
+ # group is stateless, it contains stateless rules. If it is stateful, it
1544
+ # contains stateful rules.
1545
+ #
1546
+ # <note markdown="1"> This setting is required for requests that do not include the
1547
+ # `RuleGroupARN`.
1548
+ #
1549
+ # </note>
1550
+ #
1551
+ # @return [Types::DescribeRuleGroupMetadataResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1552
+ #
1553
+ # * {Types::DescribeRuleGroupMetadataResponse#rule_group_arn #rule_group_arn} => String
1554
+ # * {Types::DescribeRuleGroupMetadataResponse#rule_group_name #rule_group_name} => String
1555
+ # * {Types::DescribeRuleGroupMetadataResponse#description #description} => String
1556
+ # * {Types::DescribeRuleGroupMetadataResponse#type #type} => String
1557
+ # * {Types::DescribeRuleGroupMetadataResponse#capacity #capacity} => Integer
1558
+ # * {Types::DescribeRuleGroupMetadataResponse#stateful_rule_options #stateful_rule_options} => Types::StatefulRuleOptions
1559
+ #
1560
+ # @example Request syntax with placeholder values
1561
+ #
1562
+ # resp = client.describe_rule_group_metadata({
1563
+ # rule_group_name: "ResourceName",
1564
+ # rule_group_arn: "ResourceArn",
1565
+ # type: "STATELESS", # accepts STATELESS, STATEFUL
1566
+ # })
1567
+ #
1568
+ # @example Response structure
1569
+ #
1570
+ # resp.rule_group_arn #=> String
1571
+ # resp.rule_group_name #=> String
1572
+ # resp.description #=> String
1573
+ # resp.type #=> String, one of "STATELESS", "STATEFUL"
1574
+ # resp.capacity #=> Integer
1575
+ # resp.stateful_rule_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
1576
+ #
1577
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadata AWS API Documentation
1578
+ #
1579
+ # @overload describe_rule_group_metadata(params = {})
1580
+ # @param [Hash] params ({})
1581
+ def describe_rule_group_metadata(params = {}, options = {})
1582
+ req = build_request(:describe_rule_group_metadata, params)
1583
+ req.send_request(options)
1584
+ end
1585
+
1520
1586
  # Removes the specified subnet associations from the firewall. This
1521
1587
  # removes the firewall endpoints from the subnets and removes any
1522
1588
  # network filtering protections that the endpoints were providing.
@@ -1707,6 +1773,11 @@ module Aws::NetworkFirewall
1707
1773
  # Network Firewall provides a `NextToken` value that you can use in a
1708
1774
  # subsequent call to get the next batch of objects.
1709
1775
  #
1776
+ # @option params [String] :scope
1777
+ # The scope of the request. The default setting of `ACCOUNT` or a
1778
+ # setting of `NULL` returns all of the rule groups in your account. A
1779
+ # setting of `MANAGED` returns all available managed rule groups.
1780
+ #
1710
1781
  # @return [Types::ListRuleGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1711
1782
  #
1712
1783
  # * {Types::ListRuleGroupsResponse#next_token #next_token} => String
@@ -1719,6 +1790,7 @@ module Aws::NetworkFirewall
1719
1790
  # resp = client.list_rule_groups({
1720
1791
  # next_token: "PaginationToken",
1721
1792
  # max_results: 1,
1793
+ # scope: "MANAGED", # accepts MANAGED, ACCOUNT
1722
1794
  # })
1723
1795
  #
1724
1796
  # @example Response structure
@@ -2176,6 +2248,9 @@ module Aws::NetworkFirewall
2176
2248
  # {
2177
2249
  # resource_arn: "ResourceArn", # required
2178
2250
  # priority: 1,
2251
+ # override: {
2252
+ # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
2253
+ # },
2179
2254
  # },
2180
2255
  # ],
2181
2256
  # stateful_default_actions: ["CollectionMember_String"],
@@ -2211,6 +2286,11 @@ module Aws::NetworkFirewall
2211
2286
  req.send_request(options)
2212
2287
  end
2213
2288
 
2289
+ # Modifies the flag, `ChangeProtection`, which indicates whether it is
2290
+ # possible to change the firewall. If the flag is set to `TRUE`, the
2291
+ # firewall is protected from changes. This setting helps protect against
2292
+ # accidentally changing a firewall that's in use.
2293
+ #
2214
2294
  # @option params [String] :update_token
2215
2295
  # An optional token that you can use for optimistic locking. Network
2216
2296
  # Firewall returns a token to your requests that access the firewall.
@@ -2669,7 +2749,7 @@ module Aws::NetworkFirewall
2669
2749
  params: params,
2670
2750
  config: config)
2671
2751
  context[:gem_name] = 'aws-sdk-networkfirewall'
2672
- context[:gem_version] = '1.11.0'
2752
+ context[:gem_version] = '1.12.0'
2673
2753
  Seahorse::Client::Request.new(handlers, context)
2674
2754
  end
2675
2755
 
@@ -54,6 +54,8 @@ module Aws::NetworkFirewall
54
54
  DescribeLoggingConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeLoggingConfigurationResponse')
55
55
  DescribeResourcePolicyRequest = Shapes::StructureShape.new(name: 'DescribeResourcePolicyRequest')
56
56
  DescribeResourcePolicyResponse = Shapes::StructureShape.new(name: 'DescribeResourcePolicyResponse')
57
+ DescribeRuleGroupMetadataRequest = Shapes::StructureShape.new(name: 'DescribeRuleGroupMetadataRequest')
58
+ DescribeRuleGroupMetadataResponse = Shapes::StructureShape.new(name: 'DescribeRuleGroupMetadataResponse')
57
59
  DescribeRuleGroupRequest = Shapes::StructureShape.new(name: 'DescribeRuleGroupRequest')
58
60
  DescribeRuleGroupResponse = Shapes::StructureShape.new(name: 'DescribeRuleGroupResponse')
59
61
  Description = Shapes::StringShape.new(name: 'Description')
@@ -106,6 +108,7 @@ module Aws::NetworkFirewall
106
108
  LoggingConfiguration = Shapes::StructureShape.new(name: 'LoggingConfiguration')
107
109
  MatchAttributes = Shapes::StructureShape.new(name: 'MatchAttributes')
108
110
  NumberOfAssociations = Shapes::IntegerShape.new(name: 'NumberOfAssociations')
111
+ OverrideAction = Shapes::StringShape.new(name: 'OverrideAction')
109
112
  PaginationMaxResults = Shapes::IntegerShape.new(name: 'PaginationMaxResults')
110
113
  PaginationToken = Shapes::StringShape.new(name: 'PaginationToken')
111
114
  PerObjectStatus = Shapes::StructureShape.new(name: 'PerObjectStatus')
@@ -125,6 +128,7 @@ module Aws::NetworkFirewall
125
128
  PutResourcePolicyResponse = Shapes::StructureShape.new(name: 'PutResourcePolicyResponse')
126
129
  ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
127
130
  ResourceId = Shapes::StringShape.new(name: 'ResourceId')
131
+ ResourceManagedStatus = Shapes::StringShape.new(name: 'ResourceManagedStatus')
128
132
  ResourceName = Shapes::StringShape.new(name: 'ResourceName')
129
133
  ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
130
134
  ResourceOwnerCheckException = Shapes::StructureShape.new(name: 'ResourceOwnerCheckException')
@@ -153,6 +157,7 @@ module Aws::NetworkFirewall
153
157
  StatefulEngineOptions = Shapes::StructureShape.new(name: 'StatefulEngineOptions')
154
158
  StatefulRule = Shapes::StructureShape.new(name: 'StatefulRule')
155
159
  StatefulRuleDirection = Shapes::StringShape.new(name: 'StatefulRuleDirection')
160
+ StatefulRuleGroupOverride = Shapes::StructureShape.new(name: 'StatefulRuleGroupOverride')
156
161
  StatefulRuleGroupReference = Shapes::StructureShape.new(name: 'StatefulRuleGroupReference')
157
162
  StatefulRuleGroupReferences = Shapes::ListShape.new(name: 'StatefulRuleGroupReferences')
158
163
  StatefulRuleOptions = Shapes::StructureShape.new(name: 'StatefulRuleOptions')
@@ -351,6 +356,19 @@ module Aws::NetworkFirewall
351
356
  DescribeResourcePolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: PolicyString, location_name: "Policy"))
352
357
  DescribeResourcePolicyResponse.struct_class = Types::DescribeResourcePolicyResponse
353
358
 
359
+ DescribeRuleGroupMetadataRequest.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "RuleGroupName"))
360
+ DescribeRuleGroupMetadataRequest.add_member(:rule_group_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "RuleGroupArn"))
361
+ DescribeRuleGroupMetadataRequest.add_member(:type, Shapes::ShapeRef.new(shape: RuleGroupType, location_name: "Type"))
362
+ DescribeRuleGroupMetadataRequest.struct_class = Types::DescribeRuleGroupMetadataRequest
363
+
364
+ DescribeRuleGroupMetadataResponse.add_member(:rule_group_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "RuleGroupArn"))
365
+ DescribeRuleGroupMetadataResponse.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: ResourceName, required: true, location_name: "RuleGroupName"))
366
+ DescribeRuleGroupMetadataResponse.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
367
+ DescribeRuleGroupMetadataResponse.add_member(:type, Shapes::ShapeRef.new(shape: RuleGroupType, location_name: "Type"))
368
+ DescribeRuleGroupMetadataResponse.add_member(:capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "Capacity"))
369
+ DescribeRuleGroupMetadataResponse.add_member(:stateful_rule_options, Shapes::ShapeRef.new(shape: StatefulRuleOptions, location_name: "StatefulRuleOptions"))
370
+ DescribeRuleGroupMetadataResponse.struct_class = Types::DescribeRuleGroupMetadataResponse
371
+
354
372
  DescribeRuleGroupRequest.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "RuleGroupName"))
355
373
  DescribeRuleGroupRequest.add_member(:rule_group_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "RuleGroupArn"))
356
374
  DescribeRuleGroupRequest.add_member(:type, Shapes::ShapeRef.new(shape: RuleGroupType, location_name: "Type"))
@@ -484,6 +502,7 @@ module Aws::NetworkFirewall
484
502
 
485
503
  ListRuleGroupsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
486
504
  ListRuleGroupsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: PaginationMaxResults, location_name: "MaxResults"))
505
+ ListRuleGroupsRequest.add_member(:scope, Shapes::ShapeRef.new(shape: ResourceManagedStatus, location_name: "Scope"))
487
506
  ListRuleGroupsRequest.struct_class = Types::ListRuleGroupsRequest
488
507
 
489
508
  ListRuleGroupsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
@@ -618,8 +637,12 @@ module Aws::NetworkFirewall
618
637
  StatefulRule.add_member(:rule_options, Shapes::ShapeRef.new(shape: RuleOptions, required: true, location_name: "RuleOptions"))
619
638
  StatefulRule.struct_class = Types::StatefulRule
620
639
 
640
+ StatefulRuleGroupOverride.add_member(:action, Shapes::ShapeRef.new(shape: OverrideAction, location_name: "Action"))
641
+ StatefulRuleGroupOverride.struct_class = Types::StatefulRuleGroupOverride
642
+
621
643
  StatefulRuleGroupReference.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ResourceArn"))
622
644
  StatefulRuleGroupReference.add_member(:priority, Shapes::ShapeRef.new(shape: Priority, location_name: "Priority", metadata: {"box"=>true}))
645
+ StatefulRuleGroupReference.add_member(:override, Shapes::ShapeRef.new(shape: StatefulRuleGroupOverride, location_name: "Override"))
623
646
  StatefulRuleGroupReference.struct_class = Types::StatefulRuleGroupReference
624
647
 
625
648
  StatefulRuleGroupReferences.member = Shapes::ShapeRef.new(shape: StatefulRuleGroupReference)
@@ -988,6 +1011,18 @@ module Aws::NetworkFirewall
988
1011
  o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
989
1012
  end)
990
1013
 
1014
+ api.add_operation(:describe_rule_group_metadata, Seahorse::Model::Operation.new.tap do |o|
1015
+ o.name = "DescribeRuleGroupMetadata"
1016
+ o.http_method = "POST"
1017
+ o.http_request_uri = "/"
1018
+ o.input = Shapes::ShapeRef.new(shape: DescribeRuleGroupMetadataRequest)
1019
+ o.output = Shapes::ShapeRef.new(shape: DescribeRuleGroupMetadataResponse)
1020
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
1021
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
1022
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
1023
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
1024
+ end)
1025
+
991
1026
  api.add_operation(:disassociate_subnets, Seahorse::Model::Operation.new.tap do |o|
992
1027
  o.name = "DisassociateSubnets"
993
1028
  o.http_method = "POST"
@@ -1059,6 +1094,8 @@ module Aws::NetworkFirewall
1059
1094
  o.http_request_uri = "/"
1060
1095
  o.input = Shapes::ShapeRef.new(shape: ListTagsForResourceRequest)
1061
1096
  o.output = Shapes::ShapeRef.new(shape: ListTagsForResourceResponse)
1097
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
1098
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
1062
1099
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
1063
1100
  o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
1064
1101
  o[:pager] = Aws::Pager.new(
@@ -1088,6 +1125,8 @@ module Aws::NetworkFirewall
1088
1125
  o.http_request_uri = "/"
1089
1126
  o.input = Shapes::ShapeRef.new(shape: TagResourceRequest)
1090
1127
  o.output = Shapes::ShapeRef.new(shape: TagResourceResponse)
1128
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
1129
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
1091
1130
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
1092
1131
  o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
1093
1132
  end)
@@ -1098,6 +1137,8 @@ module Aws::NetworkFirewall
1098
1137
  o.http_request_uri = "/"
1099
1138
  o.input = Shapes::ShapeRef.new(shape: UntagResourceRequest)
1100
1139
  o.output = Shapes::ShapeRef.new(shape: UntagResourceResponse)
1140
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
1141
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
1101
1142
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
1102
1143
  o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
1103
1144
  end)
@@ -361,6 +361,9 @@ module Aws::NetworkFirewall
361
361
  # {
362
362
  # resource_arn: "ResourceArn", # required
363
363
  # priority: 1,
364
+ # override: {
365
+ # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
366
+ # },
364
367
  # },
365
368
  # ],
366
369
  # stateful_default_actions: ["CollectionMember_String"],
@@ -1291,6 +1294,109 @@ module Aws::NetworkFirewall
1291
1294
  include Aws::Structure
1292
1295
  end
1293
1296
 
1297
+ # @note When making an API call, you may pass DescribeRuleGroupMetadataRequest
1298
+ # data as a hash:
1299
+ #
1300
+ # {
1301
+ # rule_group_name: "ResourceName",
1302
+ # rule_group_arn: "ResourceArn",
1303
+ # type: "STATELESS", # accepts STATELESS, STATEFUL
1304
+ # }
1305
+ #
1306
+ # @!attribute [rw] rule_group_name
1307
+ # The descriptive name of the rule group. You can't change the name
1308
+ # of a rule group after you create it.
1309
+ #
1310
+ # You must specify the ARN or the name, and you can specify both.
1311
+ # @return [String]
1312
+ #
1313
+ # @!attribute [rw] rule_group_arn
1314
+ # The descriptive name of the rule group. You can't change the name
1315
+ # of a rule group after you create it.
1316
+ #
1317
+ # You must specify the ARN or the name, and you can specify both.
1318
+ # @return [String]
1319
+ #
1320
+ # @!attribute [rw] type
1321
+ # Indicates whether the rule group is stateless or stateful. If the
1322
+ # rule group is stateless, it contains stateless rules. If it is
1323
+ # stateful, it contains stateful rules.
1324
+ #
1325
+ # <note markdown="1"> This setting is required for requests that do not include the
1326
+ # `RuleGroupARN`.
1327
+ #
1328
+ # </note>
1329
+ # @return [String]
1330
+ #
1331
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadataRequest AWS API Documentation
1332
+ #
1333
+ class DescribeRuleGroupMetadataRequest < Struct.new(
1334
+ :rule_group_name,
1335
+ :rule_group_arn,
1336
+ :type)
1337
+ SENSITIVE = []
1338
+ include Aws::Structure
1339
+ end
1340
+
1341
+ # @!attribute [rw] rule_group_arn
1342
+ # The descriptive name of the rule group. You can't change the name
1343
+ # of a rule group after you create it.
1344
+ #
1345
+ # You must specify the ARN or the name, and you can specify both.
1346
+ # @return [String]
1347
+ #
1348
+ # @!attribute [rw] rule_group_name
1349
+ # The descriptive name of the rule group. You can't change the name
1350
+ # of a rule group after you create it.
1351
+ #
1352
+ # You must specify the ARN or the name, and you can specify both.
1353
+ # @return [String]
1354
+ #
1355
+ # @!attribute [rw] description
1356
+ # Returns the metadata objects for the specified rule group.
1357
+ # @return [String]
1358
+ #
1359
+ # @!attribute [rw] type
1360
+ # Indicates whether the rule group is stateless or stateful. If the
1361
+ # rule group is stateless, it contains stateless rules. If it is
1362
+ # stateful, it contains stateful rules.
1363
+ #
1364
+ # <note markdown="1"> This setting is required for requests that do not include the
1365
+ # `RuleGroupARN`.
1366
+ #
1367
+ # </note>
1368
+ # @return [String]
1369
+ #
1370
+ # @!attribute [rw] capacity
1371
+ # The maximum operating resources that this rule group can use. Rule
1372
+ # group capacity is fixed at creation. When you update a rule group,
1373
+ # you are limited to this capacity. When you reference a rule group
1374
+ # from a firewall policy, Network Firewall reserves this capacity for
1375
+ # the rule group.
1376
+ #
1377
+ # You can retrieve the capacity that would be required for a rule
1378
+ # group before you create the rule group by calling CreateRuleGroup
1379
+ # with `DryRun` set to `TRUE`.
1380
+ # @return [Integer]
1381
+ #
1382
+ # @!attribute [rw] stateful_rule_options
1383
+ # Additional options governing how Network Firewall handles the rule
1384
+ # group. You can only use these for stateful rule groups.
1385
+ # @return [Types::StatefulRuleOptions]
1386
+ #
1387
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadataResponse AWS API Documentation
1388
+ #
1389
+ class DescribeRuleGroupMetadataResponse < Struct.new(
1390
+ :rule_group_arn,
1391
+ :rule_group_name,
1392
+ :description,
1393
+ :type,
1394
+ :capacity,
1395
+ :stateful_rule_options)
1396
+ SENSITIVE = []
1397
+ include Aws::Structure
1398
+ end
1399
+
1294
1400
  # @note When making an API call, you may pass DescribeRuleGroupRequest
1295
1401
  # data as a hash:
1296
1402
  #
@@ -1667,6 +1773,9 @@ module Aws::NetworkFirewall
1667
1773
  # {
1668
1774
  # resource_arn: "ResourceArn", # required
1669
1775
  # priority: 1,
1776
+ # override: {
1777
+ # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
1778
+ # },
1670
1779
  # },
1671
1780
  # ],
1672
1781
  # stateful_default_actions: ["CollectionMember_String"],
@@ -1728,7 +1837,25 @@ module Aws::NetworkFirewall
1728
1837
  #
1729
1838
  # @!attribute [rw] stateful_default_actions
1730
1839
  # The default actions to take on a packet that doesn't match any
1731
- # stateful rules.
1840
+ # stateful rules. The stateful default action is optional, and is only
1841
+ # valid when using the strict rule order.
1842
+ #
1843
+ # Valid values of the stateful default action:
1844
+ #
1845
+ # * aws:drop\_strict
1846
+ #
1847
+ # * aws:drop\_established
1848
+ #
1849
+ # * aws:alert\_strict
1850
+ #
1851
+ # * aws:alert\_established
1852
+ #
1853
+ # For more information, see [Strict evaluation order][1] in the *AWS
1854
+ # Network Firewall Developer Guide*.
1855
+ #
1856
+ #
1857
+ #
1858
+ # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-strict-rule-evaluation-order.html
1732
1859
  # @return [Array<String>]
1733
1860
  #
1734
1861
  # @!attribute [rw] stateful_engine_options
@@ -2243,6 +2370,7 @@ module Aws::NetworkFirewall
2243
2370
  # {
2244
2371
  # next_token: "PaginationToken",
2245
2372
  # max_results: 1,
2373
+ # scope: "MANAGED", # accepts MANAGED, ACCOUNT
2246
2374
  # }
2247
2375
  #
2248
2376
  # @!attribute [rw] next_token
@@ -2260,11 +2388,18 @@ module Aws::NetworkFirewall
2260
2388
  # use in a subsequent call to get the next batch of objects.
2261
2389
  # @return [Integer]
2262
2390
  #
2391
+ # @!attribute [rw] scope
2392
+ # The scope of the request. The default setting of `ACCOUNT` or a
2393
+ # setting of `NULL` returns all of the rule groups in your account. A
2394
+ # setting of `MANAGED` returns all available managed rule groups.
2395
+ # @return [String]
2396
+ #
2263
2397
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListRuleGroupsRequest AWS API Documentation
2264
2398
  #
2265
2399
  class ListRuleGroupsRequest < Struct.new(
2266
2400
  :next_token,
2267
- :max_results)
2401
+ :max_results,
2402
+ :scope)
2268
2403
  SENSITIVE = []
2269
2404
  include Aws::Structure
2270
2405
  end
@@ -3309,9 +3444,8 @@ module Aws::NetworkFirewall
3309
3444
  # }
3310
3445
  #
3311
3446
  # @!attribute [rw] targets
3312
- # The domains that you want to inspect for in your traffic flows. To
3313
- # provide multiple domains, separate them with commas. Valid domain
3314
- # specifications are the following:
3447
+ # The domains that you want to inspect for in your traffic flows.
3448
+ # Valid domain specifications are the following:
3315
3449
  #
3316
3450
  # * Explicit names. For example, `abc.example.com` matches only the
3317
3451
  # domain `abc.example.com`.
@@ -3354,13 +3488,15 @@ module Aws::NetworkFirewall
3354
3488
  #
3355
3489
  # @!attribute [rw] rule_order
3356
3490
  # Indicates how to manage the order of stateful rule evaluation for
3357
- # the policy. By default, Network Firewall leaves the rule evaluation
3358
- # order up to the Suricata rule processing engine. If you set this to
3359
- # `STRICT_ORDER`, your rules are evaluated in the exact order that you
3360
- # provide them in the policy. With strict ordering, the rule groups
3361
- # are evaluated by order of priority, starting from the lowest number,
3362
- # and the rules in each rule group are processed in the order that
3363
- # they're defined.
3491
+ # the policy. `DEFAULT_ACTION_ORDER` is the default behavior. Stateful
3492
+ # rules are provided to the rule engine as Suricata compatible
3493
+ # strings, and Suricata evaluates them based on certain settings. For
3494
+ # more information, see [Evaluation order for stateful rules][1] in
3495
+ # the *AWS Network Firewall Developer Guide*.
3496
+ #
3497
+ #
3498
+ #
3499
+ # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html
3364
3500
  # @return [String]
3365
3501
  #
3366
3502
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulEngineOptions AWS API Documentation
@@ -3446,6 +3582,29 @@ module Aws::NetworkFirewall
3446
3582
  include Aws::Structure
3447
3583
  end
3448
3584
 
3585
+ # The setting that allows the policy owner to change the behavior of the
3586
+ # rule group within a policy.
3587
+ #
3588
+ # @note When making an API call, you may pass StatefulRuleGroupOverride
3589
+ # data as a hash:
3590
+ #
3591
+ # {
3592
+ # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
3593
+ # }
3594
+ #
3595
+ # @!attribute [rw] action
3596
+ # The action that changes the rule group from `DROP` to `ALERT`. This
3597
+ # only applies to managed rule groups.
3598
+ # @return [String]
3599
+ #
3600
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleGroupOverride AWS API Documentation
3601
+ #
3602
+ class StatefulRuleGroupOverride < Struct.new(
3603
+ :action)
3604
+ SENSITIVE = []
3605
+ include Aws::Structure
3606
+ end
3607
+
3449
3608
  # Identifier for a single stateful rule group, used in a firewall policy
3450
3609
  # to refer to a rule group.
3451
3610
  #
@@ -3455,6 +3614,9 @@ module Aws::NetworkFirewall
3455
3614
  # {
3456
3615
  # resource_arn: "ResourceArn", # required
3457
3616
  # priority: 1,
3617
+ # override: {
3618
+ # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
3619
+ # },
3458
3620
  # }
3459
3621
  #
3460
3622
  # @!attribute [rw] resource_arn
@@ -3478,11 +3640,17 @@ module Aws::NetworkFirewall
3478
3640
  # on.
3479
3641
  # @return [Integer]
3480
3642
  #
3643
+ # @!attribute [rw] override
3644
+ # The action that allows the policy owner to override the behavior of
3645
+ # the rule group within a policy.
3646
+ # @return [Types::StatefulRuleGroupOverride]
3647
+ #
3481
3648
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleGroupReference AWS API Documentation
3482
3649
  #
3483
3650
  class StatefulRuleGroupReference < Struct.new(
3484
3651
  :resource_arn,
3485
- :priority)
3652
+ :priority,
3653
+ :override)
3486
3654
  SENSITIVE = []
3487
3655
  include Aws::Structure
3488
3656
  end
@@ -3499,10 +3667,15 @@ module Aws::NetworkFirewall
3499
3667
  #
3500
3668
  # @!attribute [rw] rule_order
3501
3669
  # Indicates how to manage the order of the rule evaluation for the
3502
- # rule group. By default, Network Firewall leaves the rule evaluation
3503
- # order up to the Suricata rule processing engine. If you set this to
3504
- # `STRICT_ORDER`, your rules are evaluated in the exact order that
3505
- # they're listed in your Suricata rules string.
3670
+ # rule group. `DEFAULT_ACTION_ORDER` is the default behavior. Stateful
3671
+ # rules are provided to the rule engine as Suricata compatible
3672
+ # strings, and Suricata evaluates them based on certain settings. For
3673
+ # more information, see [Evaluation order for stateful rules][1] in
3674
+ # the *AWS Network Firewall Developer Guide*.
3675
+ #
3676
+ #
3677
+ #
3678
+ # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html
3506
3679
  # @return [String]
3507
3680
  #
3508
3681
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleOptions AWS API Documentation
@@ -4009,6 +4182,11 @@ module Aws::NetworkFirewall
4009
4182
  # @return [String]
4010
4183
  #
4011
4184
  # @!attribute [rw] delete_protection
4185
+ # A flag indicating whether it is possible to delete the firewall. A
4186
+ # setting of `TRUE` indicates that the firewall is protected against
4187
+ # deletion. Use this setting to protect against accidentally deleting
4188
+ # a firewall that is in use. When you create a firewall, the operation
4189
+ # initializes this flag to `TRUE`.
4012
4190
  # @return [Boolean]
4013
4191
  #
4014
4192
  # @!attribute [rw] update_token
@@ -4289,6 +4467,9 @@ module Aws::NetworkFirewall
4289
4467
  # {
4290
4468
  # resource_arn: "ResourceArn", # required
4291
4469
  # priority: 1,
4470
+ # override: {
4471
+ # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
4472
+ # },
4292
4473
  # },
4293
4474
  # ],
4294
4475
  # stateful_default_actions: ["CollectionMember_String"],
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
48
48
  # @!group service
49
49
  module Aws::NetworkFirewall
50
50
 
51
- GEM_VERSION = '1.11.0'
51
+ GEM_VERSION = '1.12.0'
52
52
 
53
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-networkfirewall
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.11.0
4
+ version: 1.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-11-30 00:00:00.000000000 Z
11
+ date: 2021-12-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core