aws-sdk-networkfirewall 1.13.0 → 1.16.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-networkfirewall/client.rb +181 -34
- data/lib/aws-sdk-networkfirewall/client_api.rb +43 -0
- data/lib/aws-sdk-networkfirewall/types.rb +294 -52
- data/lib/aws-sdk-networkfirewall.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f66bf7c71cb11bf0af157ffcdbad8e7df68a441447cd7907b6d19dbba2d6bf1a
|
4
|
+
data.tar.gz: a307c7c73f68026af50870890e9e4e75f00767e05e4fec15368f1609ce5dcff2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8e39869232f6ea4567b75c432c293f6e13bff33f7b0467d4c34f71ecf27124b254a8ac919e565bfafd8843268e9d3376e188c8084cd5bcf2f93f763f0d9467a1
|
7
|
+
data.tar.gz: 71f99b4fa4d00a371ed89c8e8291b51342f7662f3355c1c11e7fc09bc00f089e03329b1769fcdb206bac0a82360ddd25d93124d326c979129af3c130f36dee2b
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,21 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.16.0 (2022-04-26)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - AWS Network Firewall now enables customers to use a customer managed AWS KMS key for the encryption of their firewall resources.
|
8
|
+
|
9
|
+
1.15.0 (2022-02-24)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
13
|
+
|
14
|
+
1.14.0 (2022-02-03)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
18
|
+
|
4
19
|
1.13.0 (2021-12-21)
|
5
20
|
------------------
|
6
21
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.16.0
|
@@ -27,7 +27,9 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
30
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
32
|
+
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
31
33
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
32
34
|
require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
|
33
35
|
|
@@ -74,7 +76,9 @@ module Aws::NetworkFirewall
|
|
74
76
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
75
77
|
add_plugin(Aws::Plugins::TransferEncoding)
|
76
78
|
add_plugin(Aws::Plugins::HttpChecksum)
|
79
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
77
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
81
|
+
add_plugin(Aws::Plugins::RecursionDetection)
|
78
82
|
add_plugin(Aws::Plugins::SignatureV4)
|
79
83
|
add_plugin(Aws::Plugins::Protocols::JsonRpc)
|
80
84
|
|
@@ -433,8 +437,8 @@ module Aws::NetworkFirewall
|
|
433
437
|
# You can specify one subnet for each of the Availability Zones that the
|
434
438
|
# VPC spans.
|
435
439
|
#
|
436
|
-
# This request creates an
|
437
|
-
#
|
440
|
+
# This request creates an Network Firewall firewall endpoint in each of
|
441
|
+
# the subnets. To enable the firewall's protections, you must also
|
438
442
|
# modify the VPC's route tables for each subnet's Availability Zone,
|
439
443
|
# to redirect the traffic that's coming into and going out of the zone
|
440
444
|
# through the firewall endpoint.
|
@@ -509,14 +513,14 @@ module Aws::NetworkFirewall
|
|
509
513
|
req.send_request(options)
|
510
514
|
end
|
511
515
|
|
512
|
-
# Creates an
|
513
|
-
#
|
516
|
+
# Creates an Network Firewall Firewall and accompanying FirewallStatus
|
517
|
+
# for a VPC.
|
514
518
|
#
|
515
|
-
# The firewall defines the configuration settings for an
|
519
|
+
# The firewall defines the configuration settings for an Network
|
516
520
|
# Firewall firewall. The settings that you can define at creation
|
517
521
|
# include the firewall policy, the subnets in your VPC to use for the
|
518
|
-
# firewall endpoints, and any tags that are attached to the firewall
|
519
|
-
# resource.
|
522
|
+
# firewall endpoints, and any tags that are attached to the firewall
|
523
|
+
# Amazon Web Services resource.
|
520
524
|
#
|
521
525
|
# After you create a firewall, you can provide additional settings, like
|
522
526
|
# the logging configuration.
|
@@ -526,8 +530,9 @@ module Aws::NetworkFirewall
|
|
526
530
|
# UpdateLoggingConfiguration, AssociateSubnets, and
|
527
531
|
# UpdateFirewallDeleteProtection.
|
528
532
|
#
|
529
|
-
# To manage a firewall's tags, use the standard
|
530
|
-
# operations, ListTagsForResource, TagResource, and
|
533
|
+
# To manage a firewall's tags, use the standard Amazon Web Services
|
534
|
+
# resource tagging operations, ListTagsForResource, TagResource, and
|
535
|
+
# UntagResource.
|
531
536
|
#
|
532
537
|
# To retrieve information about firewalls, use ListFirewalls and
|
533
538
|
# DescribeFirewall.
|
@@ -578,6 +583,10 @@ module Aws::NetworkFirewall
|
|
578
583
|
# @option params [Array<Types::Tag>] :tags
|
579
584
|
# The key:value pairs to associate with the resource.
|
580
585
|
#
|
586
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
587
|
+
# A complex type that contains settings for encryption of your firewall
|
588
|
+
# resources.
|
589
|
+
#
|
581
590
|
# @return [Types::CreateFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
582
591
|
#
|
583
592
|
# * {Types::CreateFirewallResponse#firewall #firewall} => Types::Firewall
|
@@ -604,6 +613,10 @@ module Aws::NetworkFirewall
|
|
604
613
|
# value: "TagValue", # required
|
605
614
|
# },
|
606
615
|
# ],
|
616
|
+
# encryption_configuration: {
|
617
|
+
# key_id: "KeyId",
|
618
|
+
# type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
619
|
+
# },
|
607
620
|
# })
|
608
621
|
#
|
609
622
|
# @example Response structure
|
@@ -622,6 +635,8 @@ module Aws::NetworkFirewall
|
|
622
635
|
# resp.firewall.tags #=> Array
|
623
636
|
# resp.firewall.tags[0].key #=> String
|
624
637
|
# resp.firewall.tags[0].value #=> String
|
638
|
+
# resp.firewall.encryption_configuration.key_id #=> String
|
639
|
+
# resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
625
640
|
# resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
|
626
641
|
# resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
|
627
642
|
# resp.firewall_status.sync_states #=> Hash
|
@@ -644,7 +659,7 @@ module Aws::NetworkFirewall
|
|
644
659
|
# Creates the firewall policy for the firewall according to the
|
645
660
|
# specifications.
|
646
661
|
#
|
647
|
-
# An
|
662
|
+
# An Network Firewall firewall policy defines the behavior of a
|
648
663
|
# firewall, in a collection of stateless and stateful rule groups and
|
649
664
|
# other settings. You can use one firewall policy for multiple
|
650
665
|
# firewalls.
|
@@ -677,6 +692,10 @@ module Aws::NetworkFirewall
|
|
677
692
|
# If set to `FALSE`, Network Firewall makes the requested changes to
|
678
693
|
# your resources.
|
679
694
|
#
|
695
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
696
|
+
# A complex type that contains settings for encryption of your firewall
|
697
|
+
# policy resources.
|
698
|
+
#
|
680
699
|
# @return [Types::CreateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
681
700
|
#
|
682
701
|
# * {Types::CreateFirewallPolicyResponse#update_token #update_token} => String
|
@@ -731,6 +750,10 @@ module Aws::NetworkFirewall
|
|
731
750
|
# },
|
732
751
|
# ],
|
733
752
|
# dry_run: false,
|
753
|
+
# encryption_configuration: {
|
754
|
+
# key_id: "KeyId",
|
755
|
+
# type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
756
|
+
# },
|
734
757
|
# })
|
735
758
|
#
|
736
759
|
# @example Response structure
|
@@ -747,6 +770,8 @@ module Aws::NetworkFirewall
|
|
747
770
|
# resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
|
748
771
|
# resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
|
749
772
|
# resp.firewall_policy_response.number_of_associations #=> Integer
|
773
|
+
# resp.firewall_policy_response.encryption_configuration.key_id #=> String
|
774
|
+
# resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
750
775
|
#
|
751
776
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicy AWS API Documentation
|
752
777
|
#
|
@@ -865,6 +890,10 @@ module Aws::NetworkFirewall
|
|
865
890
|
# If set to `FALSE`, Network Firewall makes the requested changes to
|
866
891
|
# your resources.
|
867
892
|
#
|
893
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
894
|
+
# A complex type that contains settings for encryption of your rule
|
895
|
+
# group resources.
|
896
|
+
#
|
868
897
|
# @return [Types::CreateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
869
898
|
#
|
870
899
|
# * {Types::CreateRuleGroupResponse#update_token #update_token} => String
|
@@ -984,6 +1013,10 @@ module Aws::NetworkFirewall
|
|
984
1013
|
# },
|
985
1014
|
# ],
|
986
1015
|
# dry_run: false,
|
1016
|
+
# encryption_configuration: {
|
1017
|
+
# key_id: "KeyId",
|
1018
|
+
# type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
1019
|
+
# },
|
987
1020
|
# })
|
988
1021
|
#
|
989
1022
|
# @example Response structure
|
@@ -1001,6 +1034,8 @@ module Aws::NetworkFirewall
|
|
1001
1034
|
# resp.rule_group_response.tags[0].value #=> String
|
1002
1035
|
# resp.rule_group_response.consumed_capacity #=> Integer
|
1003
1036
|
# resp.rule_group_response.number_of_associations #=> Integer
|
1037
|
+
# resp.rule_group_response.encryption_configuration.key_id #=> String
|
1038
|
+
# resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1004
1039
|
#
|
1005
1040
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup AWS API Documentation
|
1006
1041
|
#
|
@@ -1066,6 +1101,8 @@ module Aws::NetworkFirewall
|
|
1066
1101
|
# resp.firewall.tags #=> Array
|
1067
1102
|
# resp.firewall.tags[0].key #=> String
|
1068
1103
|
# resp.firewall.tags[0].value #=> String
|
1104
|
+
# resp.firewall.encryption_configuration.key_id #=> String
|
1105
|
+
# resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1069
1106
|
# resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
|
1070
1107
|
# resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
|
1071
1108
|
# resp.firewall_status.sync_states #=> Hash
|
@@ -1122,6 +1159,8 @@ module Aws::NetworkFirewall
|
|
1122
1159
|
# resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
|
1123
1160
|
# resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
|
1124
1161
|
# resp.firewall_policy_response.number_of_associations #=> Integer
|
1162
|
+
# resp.firewall_policy_response.encryption_configuration.key_id #=> String
|
1163
|
+
# resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1125
1164
|
#
|
1126
1165
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallPolicy AWS API Documentation
|
1127
1166
|
#
|
@@ -1205,6 +1244,8 @@ module Aws::NetworkFirewall
|
|
1205
1244
|
# resp.rule_group_response.tags[0].value #=> String
|
1206
1245
|
# resp.rule_group_response.consumed_capacity #=> Integer
|
1207
1246
|
# resp.rule_group_response.number_of_associations #=> Integer
|
1247
|
+
# resp.rule_group_response.encryption_configuration.key_id #=> String
|
1248
|
+
# resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1208
1249
|
#
|
1209
1250
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup AWS API Documentation
|
1210
1251
|
#
|
@@ -1258,6 +1299,8 @@ module Aws::NetworkFirewall
|
|
1258
1299
|
# resp.firewall.tags #=> Array
|
1259
1300
|
# resp.firewall.tags[0].key #=> String
|
1260
1301
|
# resp.firewall.tags[0].value #=> String
|
1302
|
+
# resp.firewall.encryption_configuration.key_id #=> String
|
1303
|
+
# resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1261
1304
|
# resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
|
1262
1305
|
# resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
|
1263
1306
|
# resp.firewall_status.sync_states #=> Hash
|
@@ -1317,6 +1360,8 @@ module Aws::NetworkFirewall
|
|
1317
1360
|
# resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
|
1318
1361
|
# resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
|
1319
1362
|
# resp.firewall_policy_response.number_of_associations #=> Integer
|
1363
|
+
# resp.firewall_policy_response.encryption_configuration.key_id #=> String
|
1364
|
+
# resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1320
1365
|
# resp.firewall_policy.stateless_rule_group_references #=> Array
|
1321
1366
|
# resp.firewall_policy.stateless_rule_group_references[0].resource_arn #=> String
|
1322
1367
|
# resp.firewall_policy.stateless_rule_group_references[0].priority #=> Integer
|
@@ -1520,6 +1565,8 @@ module Aws::NetworkFirewall
|
|
1520
1565
|
# resp.rule_group_response.tags[0].value #=> String
|
1521
1566
|
# resp.rule_group_response.consumed_capacity #=> Integer
|
1522
1567
|
# resp.rule_group_response.number_of_associations #=> Integer
|
1568
|
+
# resp.rule_group_response.encryption_configuration.key_id #=> String
|
1569
|
+
# resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1523
1570
|
#
|
1524
1571
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup AWS API Documentation
|
1525
1572
|
#
|
@@ -1822,11 +1869,11 @@ module Aws::NetworkFirewall
|
|
1822
1869
|
# key:value pairs that you can use to categorize and manage your
|
1823
1870
|
# resources, for purposes like billing. For example, you might set the
|
1824
1871
|
# tag key to "customer" and the value to the customer name or ID. You
|
1825
|
-
# can specify one or more tags to add to each
|
1826
|
-
# tags for a resource.
|
1872
|
+
# can specify one or more tags to add to each Amazon Web Services
|
1873
|
+
# resource, up to 50 tags for a resource.
|
1827
1874
|
#
|
1828
|
-
# You can tag the
|
1829
|
-
# Firewall: firewalls, firewall policies, and rule groups.
|
1875
|
+
# You can tag the Amazon Web Services resources that you manage through
|
1876
|
+
# Network Firewall: firewalls, firewall policies, and rule groups.
|
1830
1877
|
#
|
1831
1878
|
# @option params [String] :next_token
|
1832
1879
|
# When you request a list of objects with a `MaxResults` setting, if the
|
@@ -1875,11 +1922,11 @@ module Aws::NetworkFirewall
|
|
1875
1922
|
req.send_request(options)
|
1876
1923
|
end
|
1877
1924
|
|
1878
|
-
# Creates or updates an
|
1879
|
-
#
|
1880
|
-
#
|
1881
|
-
#
|
1882
|
-
#
|
1925
|
+
# Creates or updates an IAM policy for your rule group or firewall
|
1926
|
+
# policy. Use this to share rule groups and firewall policies between
|
1927
|
+
# accounts. This operation works in conjunction with the Amazon Web
|
1928
|
+
# Services Resource Access Manager (RAM) service to manage resource
|
1929
|
+
# sharing for Network Firewall.
|
1883
1930
|
#
|
1884
1931
|
# Use this operation to create or update a resource policy for your rule
|
1885
1932
|
# group or firewall policy. In the policy, you specify the accounts that
|
@@ -1896,8 +1943,8 @@ module Aws::NetworkFirewall
|
|
1896
1943
|
# * [AcceptResourceShareInvitation][2] - Accepts the share invitation
|
1897
1944
|
# for a specified resource share.
|
1898
1945
|
#
|
1899
|
-
# For additional information about resource sharing using RAM, see
|
1900
|
-
# Resource Access Manager User Guide][3].
|
1946
|
+
# For additional information about resource sharing using RAM, see
|
1947
|
+
# [Resource Access Manager User Guide][3].
|
1901
1948
|
#
|
1902
1949
|
#
|
1903
1950
|
#
|
@@ -1910,10 +1957,9 @@ module Aws::NetworkFirewall
|
|
1910
1957
|
# rule groups and firewall policies with.
|
1911
1958
|
#
|
1912
1959
|
# @option params [required, String] :policy
|
1913
|
-
# The
|
1914
|
-
#
|
1915
|
-
#
|
1916
|
-
# perform.
|
1960
|
+
# The IAM policy statement that lists the accounts that you want to
|
1961
|
+
# share your rule group or firewall policy with and the operations that
|
1962
|
+
# you want the accounts to be able to perform.
|
1917
1963
|
#
|
1918
1964
|
# For a rule group resource, you can specify the following operations in
|
1919
1965
|
# the Actions section of the statement:
|
@@ -1961,11 +2007,11 @@ module Aws::NetworkFirewall
|
|
1961
2007
|
# pairs that you can use to categorize and manage your resources, for
|
1962
2008
|
# purposes like billing. For example, you might set the tag key to
|
1963
2009
|
# "customer" and the value to the customer name or ID. You can specify
|
1964
|
-
# one or more tags to add to each
|
1965
|
-
# resource.
|
2010
|
+
# one or more tags to add to each Amazon Web Services resource, up to 50
|
2011
|
+
# tags for a resource.
|
1966
2012
|
#
|
1967
|
-
# You can tag the
|
1968
|
-
# Firewall: firewalls, firewall policies, and rule groups.
|
2013
|
+
# You can tag the Amazon Web Services resources that you manage through
|
2014
|
+
# Network Firewall: firewalls, firewall policies, and rule groups.
|
1969
2015
|
#
|
1970
2016
|
# @option params [required, String] :resource_arn
|
1971
2017
|
# The Amazon Resource Name (ARN) of the resource.
|
@@ -1999,11 +2045,12 @@ module Aws::NetworkFirewall
|
|
1999
2045
|
# Tags are key:value pairs that you can use to categorize and manage
|
2000
2046
|
# your resources, for purposes like billing. For example, you might set
|
2001
2047
|
# the tag key to "customer" and the value to the customer name or ID.
|
2002
|
-
# You can specify one or more tags to add to each
|
2003
|
-
# tags for a resource.
|
2048
|
+
# You can specify one or more tags to add to each Amazon Web Services
|
2049
|
+
# resource, up to 50 tags for a resource.
|
2004
2050
|
#
|
2005
|
-
# You can manage tags for the
|
2006
|
-
# Network Firewall: firewalls, firewall policies, and
|
2051
|
+
# You can manage tags for the Amazon Web Services resources that you
|
2052
|
+
# manage through Network Firewall: firewalls, firewall policies, and
|
2053
|
+
# rule groups.
|
2007
2054
|
#
|
2008
2055
|
# @option params [required, String] :resource_arn
|
2009
2056
|
# The Amazon Resource Name (ARN) of the resource.
|
@@ -2172,6 +2219,86 @@ module Aws::NetworkFirewall
|
|
2172
2219
|
req.send_request(options)
|
2173
2220
|
end
|
2174
2221
|
|
2222
|
+
# A complex type that contains settings for encryption of your firewall
|
2223
|
+
# resources.
|
2224
|
+
#
|
2225
|
+
# @option params [String] :update_token
|
2226
|
+
# An optional token that you can use for optimistic locking. Network
|
2227
|
+
# Firewall returns a token to your requests that access the firewall.
|
2228
|
+
# The token marks the state of the firewall resource at the time of the
|
2229
|
+
# request.
|
2230
|
+
#
|
2231
|
+
# To make an unconditional change to the firewall, omit the token in
|
2232
|
+
# your update request. Without the token, Network Firewall performs your
|
2233
|
+
# updates regardless of whether the firewall has changed since you last
|
2234
|
+
# retrieved it.
|
2235
|
+
#
|
2236
|
+
# To make a conditional change to the firewall, provide the token in
|
2237
|
+
# your update request. Network Firewall uses the token to ensure that
|
2238
|
+
# the firewall hasn't changed since you last retrieved it. If it has
|
2239
|
+
# changed, the operation fails with an `InvalidTokenException`. If this
|
2240
|
+
# happens, retrieve the firewall again to get a current copy of it with
|
2241
|
+
# a new token. Reapply your changes as needed, then try the operation
|
2242
|
+
# again using the new token.
|
2243
|
+
#
|
2244
|
+
# @option params [String] :firewall_arn
|
2245
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
2246
|
+
#
|
2247
|
+
# @option params [String] :firewall_name
|
2248
|
+
# The descriptive name of the firewall. You can't change the name of a
|
2249
|
+
# firewall after you create it.
|
2250
|
+
#
|
2251
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
2252
|
+
# A complex type that contains optional Amazon Web Services Key
|
2253
|
+
# Management Service (KMS) encryption settings for your Network Firewall
|
2254
|
+
# resources. Your data is encrypted by default with an Amazon Web
|
2255
|
+
# Services owned key that Amazon Web Services owns and manages for you.
|
2256
|
+
# You can use either the Amazon Web Services owned key, or provide your
|
2257
|
+
# own customer managed key. To learn more about KMS encryption of your
|
2258
|
+
# Network Firewall resources, see [Encryption at rest with Amazon Web
|
2259
|
+
# Services Key Managment Service][1] in the *Network Firewall Developer
|
2260
|
+
# Guide*.
|
2261
|
+
#
|
2262
|
+
#
|
2263
|
+
#
|
2264
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
|
2265
|
+
#
|
2266
|
+
# @return [Types::UpdateFirewallEncryptionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2267
|
+
#
|
2268
|
+
# * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_arn #firewall_arn} => String
|
2269
|
+
# * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_name #firewall_name} => String
|
2270
|
+
# * {Types::UpdateFirewallEncryptionConfigurationResponse#update_token #update_token} => String
|
2271
|
+
# * {Types::UpdateFirewallEncryptionConfigurationResponse#encryption_configuration #encryption_configuration} => Types::EncryptionConfiguration
|
2272
|
+
#
|
2273
|
+
# @example Request syntax with placeholder values
|
2274
|
+
#
|
2275
|
+
# resp = client.update_firewall_encryption_configuration({
|
2276
|
+
# update_token: "UpdateToken",
|
2277
|
+
# firewall_arn: "ResourceArn",
|
2278
|
+
# firewall_name: "ResourceName",
|
2279
|
+
# encryption_configuration: {
|
2280
|
+
# key_id: "KeyId",
|
2281
|
+
# type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
2282
|
+
# },
|
2283
|
+
# })
|
2284
|
+
#
|
2285
|
+
# @example Response structure
|
2286
|
+
#
|
2287
|
+
# resp.firewall_arn #=> String
|
2288
|
+
# resp.firewall_name #=> String
|
2289
|
+
# resp.update_token #=> String
|
2290
|
+
# resp.encryption_configuration.key_id #=> String
|
2291
|
+
# resp.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
2292
|
+
#
|
2293
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfiguration AWS API Documentation
|
2294
|
+
#
|
2295
|
+
# @overload update_firewall_encryption_configuration(params = {})
|
2296
|
+
# @param [Hash] params ({})
|
2297
|
+
def update_firewall_encryption_configuration(params = {}, options = {})
|
2298
|
+
req = build_request(:update_firewall_encryption_configuration, params)
|
2299
|
+
req.send_request(options)
|
2300
|
+
end
|
2301
|
+
|
2175
2302
|
# Updates the properties of the specified firewall policy.
|
2176
2303
|
#
|
2177
2304
|
# @option params [required, String] :update_token
|
@@ -2219,6 +2346,10 @@ module Aws::NetworkFirewall
|
|
2219
2346
|
# If set to `FALSE`, Network Firewall makes the requested changes to
|
2220
2347
|
# your resources.
|
2221
2348
|
#
|
2349
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
2350
|
+
# A complex type that contains settings for encryption of your firewall
|
2351
|
+
# policy resources.
|
2352
|
+
#
|
2222
2353
|
# @return [Types::UpdateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2223
2354
|
#
|
2224
2355
|
# * {Types::UpdateFirewallPolicyResponse#update_token #update_token} => String
|
@@ -2269,6 +2400,10 @@ module Aws::NetworkFirewall
|
|
2269
2400
|
# },
|
2270
2401
|
# description: "Description",
|
2271
2402
|
# dry_run: false,
|
2403
|
+
# encryption_configuration: {
|
2404
|
+
# key_id: "KeyId",
|
2405
|
+
# type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
2406
|
+
# },
|
2272
2407
|
# })
|
2273
2408
|
#
|
2274
2409
|
# @example Response structure
|
@@ -2285,6 +2420,8 @@ module Aws::NetworkFirewall
|
|
2285
2420
|
# resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
|
2286
2421
|
# resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
|
2287
2422
|
# resp.firewall_policy_response.number_of_associations #=> Integer
|
2423
|
+
# resp.firewall_policy_response.encryption_configuration.key_id #=> String
|
2424
|
+
# resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
2288
2425
|
#
|
2289
2426
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicy AWS API Documentation
|
2290
2427
|
#
|
@@ -2535,6 +2672,10 @@ module Aws::NetworkFirewall
|
|
2535
2672
|
# If set to `FALSE`, Network Firewall makes the requested changes to
|
2536
2673
|
# your resources.
|
2537
2674
|
#
|
2675
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
2676
|
+
# A complex type that contains settings for encryption of your rule
|
2677
|
+
# group resources.
|
2678
|
+
#
|
2538
2679
|
# @return [Types::UpdateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2539
2680
|
#
|
2540
2681
|
# * {Types::UpdateRuleGroupResponse#update_token #update_token} => String
|
@@ -2649,6 +2790,10 @@ module Aws::NetworkFirewall
|
|
2649
2790
|
# type: "STATELESS", # accepts STATELESS, STATEFUL
|
2650
2791
|
# description: "Description",
|
2651
2792
|
# dry_run: false,
|
2793
|
+
# encryption_configuration: {
|
2794
|
+
# key_id: "KeyId",
|
2795
|
+
# type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
2796
|
+
# },
|
2652
2797
|
# })
|
2653
2798
|
#
|
2654
2799
|
# @example Response structure
|
@@ -2666,6 +2811,8 @@ module Aws::NetworkFirewall
|
|
2666
2811
|
# resp.rule_group_response.tags[0].value #=> String
|
2667
2812
|
# resp.rule_group_response.consumed_capacity #=> Integer
|
2668
2813
|
# resp.rule_group_response.number_of_associations #=> Integer
|
2814
|
+
# resp.rule_group_response.encryption_configuration.key_id #=> String
|
2815
|
+
# resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
2669
2816
|
#
|
2670
2817
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup AWS API Documentation
|
2671
2818
|
#
|
@@ -2758,7 +2905,7 @@ module Aws::NetworkFirewall
|
|
2758
2905
|
params: params,
|
2759
2906
|
config: config)
|
2760
2907
|
context[:gem_name] = 'aws-sdk-networkfirewall'
|
2761
|
-
context[:gem_version] = '1.
|
2908
|
+
context[:gem_version] = '1.16.0'
|
2762
2909
|
Seahorse::Client::Request.new(handlers, context)
|
2763
2910
|
end
|
2764
2911
|
|
@@ -65,6 +65,8 @@ module Aws::NetworkFirewall
|
|
65
65
|
Dimensions = Shapes::ListShape.new(name: 'Dimensions')
|
66
66
|
DisassociateSubnetsRequest = Shapes::StructureShape.new(name: 'DisassociateSubnetsRequest')
|
67
67
|
DisassociateSubnetsResponse = Shapes::StructureShape.new(name: 'DisassociateSubnetsResponse')
|
68
|
+
EncryptionConfiguration = Shapes::StructureShape.new(name: 'EncryptionConfiguration')
|
69
|
+
EncryptionType = Shapes::StringShape.new(name: 'EncryptionType')
|
68
70
|
EndpointId = Shapes::StringShape.new(name: 'EndpointId')
|
69
71
|
ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
|
70
72
|
Firewall = Shapes::StructureShape.new(name: 'Firewall')
|
@@ -89,6 +91,7 @@ module Aws::NetworkFirewall
|
|
89
91
|
InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
|
90
92
|
InvalidResourcePolicyException = Shapes::StructureShape.new(name: 'InvalidResourcePolicyException')
|
91
93
|
InvalidTokenException = Shapes::StructureShape.new(name: 'InvalidTokenException')
|
94
|
+
KeyId = Shapes::StringShape.new(name: 'KeyId')
|
92
95
|
Keyword = Shapes::StringShape.new(name: 'Keyword')
|
93
96
|
LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
|
94
97
|
ListFirewallPoliciesRequest = Shapes::StructureShape.new(name: 'ListFirewallPoliciesRequest')
|
@@ -195,6 +198,8 @@ module Aws::NetworkFirewall
|
|
195
198
|
UpdateFirewallDeleteProtectionResponse = Shapes::StructureShape.new(name: 'UpdateFirewallDeleteProtectionResponse')
|
196
199
|
UpdateFirewallDescriptionRequest = Shapes::StructureShape.new(name: 'UpdateFirewallDescriptionRequest')
|
197
200
|
UpdateFirewallDescriptionResponse = Shapes::StructureShape.new(name: 'UpdateFirewallDescriptionResponse')
|
201
|
+
UpdateFirewallEncryptionConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateFirewallEncryptionConfigurationRequest')
|
202
|
+
UpdateFirewallEncryptionConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateFirewallEncryptionConfigurationResponse')
|
198
203
|
UpdateFirewallPolicyChangeProtectionRequest = Shapes::StructureShape.new(name: 'UpdateFirewallPolicyChangeProtectionRequest')
|
199
204
|
UpdateFirewallPolicyChangeProtectionResponse = Shapes::StructureShape.new(name: 'UpdateFirewallPolicyChangeProtectionResponse')
|
200
205
|
UpdateFirewallPolicyRequest = Shapes::StructureShape.new(name: 'UpdateFirewallPolicyRequest')
|
@@ -255,6 +260,7 @@ module Aws::NetworkFirewall
|
|
255
260
|
CreateFirewallPolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
|
256
261
|
CreateFirewallPolicyRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
|
257
262
|
CreateFirewallPolicyRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
|
263
|
+
CreateFirewallPolicyRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
|
258
264
|
CreateFirewallPolicyRequest.struct_class = Types::CreateFirewallPolicyRequest
|
259
265
|
|
260
266
|
CreateFirewallPolicyResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
|
@@ -270,6 +276,7 @@ module Aws::NetworkFirewall
|
|
270
276
|
CreateFirewallRequest.add_member(:firewall_policy_change_protection, Shapes::ShapeRef.new(shape: Boolean, location_name: "FirewallPolicyChangeProtection"))
|
271
277
|
CreateFirewallRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
|
272
278
|
CreateFirewallRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
|
279
|
+
CreateFirewallRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
|
273
280
|
CreateFirewallRequest.struct_class = Types::CreateFirewallRequest
|
274
281
|
|
275
282
|
CreateFirewallResponse.add_member(:firewall, Shapes::ShapeRef.new(shape: Firewall, location_name: "Firewall"))
|
@@ -284,6 +291,7 @@ module Aws::NetworkFirewall
|
|
284
291
|
CreateRuleGroupRequest.add_member(:capacity, Shapes::ShapeRef.new(shape: RuleCapacity, required: true, location_name: "Capacity"))
|
285
292
|
CreateRuleGroupRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
|
286
293
|
CreateRuleGroupRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
|
294
|
+
CreateRuleGroupRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
|
287
295
|
CreateRuleGroupRequest.struct_class = Types::CreateRuleGroupRequest
|
288
296
|
|
289
297
|
CreateRuleGroupResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
|
@@ -396,6 +404,10 @@ module Aws::NetworkFirewall
|
|
396
404
|
DisassociateSubnetsResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
|
397
405
|
DisassociateSubnetsResponse.struct_class = Types::DisassociateSubnetsResponse
|
398
406
|
|
407
|
+
EncryptionConfiguration.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyId, location_name: "KeyId"))
|
408
|
+
EncryptionConfiguration.add_member(:type, Shapes::ShapeRef.new(shape: EncryptionType, location_name: "Type"))
|
409
|
+
EncryptionConfiguration.struct_class = Types::EncryptionConfiguration
|
410
|
+
|
399
411
|
Firewall.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
|
400
412
|
Firewall.add_member(:firewall_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "FirewallArn"))
|
401
413
|
Firewall.add_member(:firewall_policy_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "FirewallPolicyArn"))
|
@@ -407,6 +419,7 @@ module Aws::NetworkFirewall
|
|
407
419
|
Firewall.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
|
408
420
|
Firewall.add_member(:firewall_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "FirewallId"))
|
409
421
|
Firewall.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
|
422
|
+
Firewall.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
|
410
423
|
Firewall.struct_class = Types::Firewall
|
411
424
|
|
412
425
|
FirewallMetadata.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
|
@@ -437,6 +450,7 @@ module Aws::NetworkFirewall
|
|
437
450
|
FirewallPolicyResponse.add_member(:consumed_stateless_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatelessRuleCapacity"))
|
438
451
|
FirewallPolicyResponse.add_member(:consumed_stateful_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatefulRuleCapacity"))
|
439
452
|
FirewallPolicyResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
|
453
|
+
FirewallPolicyResponse.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
|
440
454
|
FirewallPolicyResponse.struct_class = Types::FirewallPolicyResponse
|
441
455
|
|
442
456
|
FirewallStatus.add_member(:status, Shapes::ShapeRef.new(shape: FirewallStatusValue, required: true, location_name: "Status"))
|
@@ -598,6 +612,7 @@ module Aws::NetworkFirewall
|
|
598
612
|
RuleGroupResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
|
599
613
|
RuleGroupResponse.add_member(:consumed_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedCapacity"))
|
600
614
|
RuleGroupResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
|
615
|
+
RuleGroupResponse.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
|
601
616
|
RuleGroupResponse.struct_class = Types::RuleGroupResponse
|
602
617
|
|
603
618
|
RuleGroups.member = Shapes::ShapeRef.new(shape: RuleGroupMetadata)
|
@@ -743,6 +758,18 @@ module Aws::NetworkFirewall
|
|
743
758
|
UpdateFirewallDescriptionResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
|
744
759
|
UpdateFirewallDescriptionResponse.struct_class = Types::UpdateFirewallDescriptionResponse
|
745
760
|
|
761
|
+
UpdateFirewallEncryptionConfigurationRequest.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
|
762
|
+
UpdateFirewallEncryptionConfigurationRequest.add_member(:firewall_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "FirewallArn"))
|
763
|
+
UpdateFirewallEncryptionConfigurationRequest.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
|
764
|
+
UpdateFirewallEncryptionConfigurationRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
|
765
|
+
UpdateFirewallEncryptionConfigurationRequest.struct_class = Types::UpdateFirewallEncryptionConfigurationRequest
|
766
|
+
|
767
|
+
UpdateFirewallEncryptionConfigurationResponse.add_member(:firewall_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "FirewallArn"))
|
768
|
+
UpdateFirewallEncryptionConfigurationResponse.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
|
769
|
+
UpdateFirewallEncryptionConfigurationResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
|
770
|
+
UpdateFirewallEncryptionConfigurationResponse.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
|
771
|
+
UpdateFirewallEncryptionConfigurationResponse.struct_class = Types::UpdateFirewallEncryptionConfigurationResponse
|
772
|
+
|
746
773
|
UpdateFirewallPolicyChangeProtectionRequest.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
|
747
774
|
UpdateFirewallPolicyChangeProtectionRequest.add_member(:firewall_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "FirewallArn"))
|
748
775
|
UpdateFirewallPolicyChangeProtectionRequest.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
|
@@ -761,6 +788,7 @@ module Aws::NetworkFirewall
|
|
761
788
|
UpdateFirewallPolicyRequest.add_member(:firewall_policy, Shapes::ShapeRef.new(shape: FirewallPolicy, required: true, location_name: "FirewallPolicy"))
|
762
789
|
UpdateFirewallPolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
|
763
790
|
UpdateFirewallPolicyRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
|
791
|
+
UpdateFirewallPolicyRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
|
764
792
|
UpdateFirewallPolicyRequest.struct_class = Types::UpdateFirewallPolicyRequest
|
765
793
|
|
766
794
|
UpdateFirewallPolicyResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
|
@@ -785,6 +813,7 @@ module Aws::NetworkFirewall
|
|
785
813
|
UpdateRuleGroupRequest.add_member(:type, Shapes::ShapeRef.new(shape: RuleGroupType, location_name: "Type"))
|
786
814
|
UpdateRuleGroupRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
|
787
815
|
UpdateRuleGroupRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
|
816
|
+
UpdateRuleGroupRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
|
788
817
|
UpdateRuleGroupRequest.struct_class = Types::UpdateRuleGroupRequest
|
789
818
|
|
790
819
|
UpdateRuleGroupResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
|
@@ -1170,6 +1199,20 @@ module Aws::NetworkFirewall
|
|
1170
1199
|
o.errors << Shapes::ShapeRef.new(shape: InvalidTokenException)
|
1171
1200
|
end)
|
1172
1201
|
|
1202
|
+
api.add_operation(:update_firewall_encryption_configuration, Seahorse::Model::Operation.new.tap do |o|
|
1203
|
+
o.name = "UpdateFirewallEncryptionConfiguration"
|
1204
|
+
o.http_method = "POST"
|
1205
|
+
o.http_request_uri = "/"
|
1206
|
+
o.input = Shapes::ShapeRef.new(shape: UpdateFirewallEncryptionConfigurationRequest)
|
1207
|
+
o.output = Shapes::ShapeRef.new(shape: UpdateFirewallEncryptionConfigurationResponse)
|
1208
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
1209
|
+
o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
|
1210
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
1211
|
+
o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
|
1212
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidTokenException)
|
1213
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceOwnerCheckException)
|
1214
|
+
end)
|
1215
|
+
|
1173
1216
|
api.add_operation(:update_firewall_policy, Seahorse::Model::Operation.new.tap do |o|
|
1174
1217
|
o.name = "UpdateFirewallPolicy"
|
1175
1218
|
o.http_method = "POST"
|
@@ -294,8 +294,8 @@ module Aws::NetworkFirewall
|
|
294
294
|
end
|
295
295
|
|
296
296
|
# The configuration and status for a single subnet that you've
|
297
|
-
# specified for use by the
|
298
|
-
#
|
297
|
+
# specified for use by the Network Firewall firewall. This is part of
|
298
|
+
# the FirewallStatus.
|
299
299
|
#
|
300
300
|
# @!attribute [rw] subnet_id
|
301
301
|
# The unique identifier of the subnet that you've specified to be
|
@@ -379,6 +379,10 @@ module Aws::NetworkFirewall
|
|
379
379
|
# },
|
380
380
|
# ],
|
381
381
|
# dry_run: false,
|
382
|
+
# encryption_configuration: {
|
383
|
+
# key_id: "KeyId",
|
384
|
+
# type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
385
|
+
# },
|
382
386
|
# }
|
383
387
|
#
|
384
388
|
# @!attribute [rw] firewall_policy_name
|
@@ -414,6 +418,11 @@ module Aws::NetworkFirewall
|
|
414
418
|
# your resources.
|
415
419
|
# @return [Boolean]
|
416
420
|
#
|
421
|
+
# @!attribute [rw] encryption_configuration
|
422
|
+
# A complex type that contains settings for encryption of your
|
423
|
+
# firewall policy resources.
|
424
|
+
# @return [Types::EncryptionConfiguration]
|
425
|
+
#
|
417
426
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicyRequest AWS API Documentation
|
418
427
|
#
|
419
428
|
class CreateFirewallPolicyRequest < Struct.new(
|
@@ -421,7 +430,8 @@ module Aws::NetworkFirewall
|
|
421
430
|
:firewall_policy,
|
422
431
|
:description,
|
423
432
|
:tags,
|
424
|
-
:dry_run
|
433
|
+
:dry_run,
|
434
|
+
:encryption_configuration)
|
425
435
|
SENSITIVE = []
|
426
436
|
include Aws::Structure
|
427
437
|
end
|
@@ -477,6 +487,10 @@ module Aws::NetworkFirewall
|
|
477
487
|
# value: "TagValue", # required
|
478
488
|
# },
|
479
489
|
# ],
|
490
|
+
# encryption_configuration: {
|
491
|
+
# key_id: "KeyId",
|
492
|
+
# type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
493
|
+
# },
|
480
494
|
# }
|
481
495
|
#
|
482
496
|
# @!attribute [rw] firewall_name
|
@@ -534,6 +548,11 @@ module Aws::NetworkFirewall
|
|
534
548
|
# The key:value pairs to associate with the resource.
|
535
549
|
# @return [Array<Types::Tag>]
|
536
550
|
#
|
551
|
+
# @!attribute [rw] encryption_configuration
|
552
|
+
# A complex type that contains settings for encryption of your
|
553
|
+
# firewall resources.
|
554
|
+
# @return [Types::EncryptionConfiguration]
|
555
|
+
#
|
537
556
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallRequest AWS API Documentation
|
538
557
|
#
|
539
558
|
class CreateFirewallRequest < Struct.new(
|
@@ -545,7 +564,8 @@ module Aws::NetworkFirewall
|
|
545
564
|
:subnet_change_protection,
|
546
565
|
:firewall_policy_change_protection,
|
547
566
|
:description,
|
548
|
-
:tags
|
567
|
+
:tags,
|
568
|
+
:encryption_configuration)
|
549
569
|
SENSITIVE = []
|
550
570
|
include Aws::Structure
|
551
571
|
end
|
@@ -686,6 +706,10 @@ module Aws::NetworkFirewall
|
|
686
706
|
# },
|
687
707
|
# ],
|
688
708
|
# dry_run: false,
|
709
|
+
# encryption_configuration: {
|
710
|
+
# key_id: "KeyId",
|
711
|
+
# type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
712
|
+
# },
|
689
713
|
# }
|
690
714
|
#
|
691
715
|
# @!attribute [rw] rule_group_name
|
@@ -799,6 +823,11 @@ module Aws::NetworkFirewall
|
|
799
823
|
# your resources.
|
800
824
|
# @return [Boolean]
|
801
825
|
#
|
826
|
+
# @!attribute [rw] encryption_configuration
|
827
|
+
# A complex type that contains settings for encryption of your rule
|
828
|
+
# group resources.
|
829
|
+
# @return [Types::EncryptionConfiguration]
|
830
|
+
#
|
802
831
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroupRequest AWS API Documentation
|
803
832
|
#
|
804
833
|
class CreateRuleGroupRequest < Struct.new(
|
@@ -809,7 +838,8 @@ module Aws::NetworkFirewall
|
|
809
838
|
:description,
|
810
839
|
:capacity,
|
811
840
|
:tags,
|
812
|
-
:dry_run
|
841
|
+
:dry_run,
|
842
|
+
:encryption_configuration)
|
813
843
|
SENSITIVE = []
|
814
844
|
include Aws::Structure
|
815
845
|
end
|
@@ -972,10 +1002,10 @@ module Aws::NetworkFirewall
|
|
972
1002
|
end
|
973
1003
|
|
974
1004
|
# @!attribute [rw] firewall
|
975
|
-
# The firewall defines the configuration settings for an
|
1005
|
+
# The firewall defines the configuration settings for an Network
|
976
1006
|
# Firewall firewall. These settings include the firewall policy, the
|
977
1007
|
# subnets in your VPC to use for the firewall endpoints, and any tags
|
978
|
-
# that are attached to the firewall
|
1008
|
+
# that are attached to the firewall Amazon Web Services resource.
|
979
1009
|
#
|
980
1010
|
# The status of the firewall, for example whether it's ready to
|
981
1011
|
# filter network traffic, is provided in the corresponding
|
@@ -1250,7 +1280,7 @@ module Aws::NetworkFirewall
|
|
1250
1280
|
# @return [String]
|
1251
1281
|
#
|
1252
1282
|
# @!attribute [rw] logging_configuration
|
1253
|
-
# Defines how
|
1283
|
+
# Defines how Network Firewall performs logging for a Firewall.
|
1254
1284
|
# @return [Types::LoggingConfiguration]
|
1255
1285
|
#
|
1256
1286
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeLoggingConfigurationResponse AWS API Documentation
|
@@ -1283,7 +1313,7 @@ module Aws::NetworkFirewall
|
|
1283
1313
|
end
|
1284
1314
|
|
1285
1315
|
# @!attribute [rw] policy
|
1286
|
-
# The
|
1316
|
+
# The IAM policy for the resource.
|
1287
1317
|
# @return [String]
|
1288
1318
|
#
|
1289
1319
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeResourcePolicyResponse AWS API Documentation
|
@@ -1459,10 +1489,10 @@ module Aws::NetworkFirewall
|
|
1459
1489
|
# RuleGroupResponse, define the rule group. You can retrieve all
|
1460
1490
|
# objects for a rule group by calling DescribeRuleGroup.
|
1461
1491
|
#
|
1462
|
-
#
|
1463
|
-
#
|
1464
|
-
#
|
1465
|
-
#
|
1492
|
+
# Network Firewall uses a rule group to inspect and control network
|
1493
|
+
# traffic. You define stateless rule groups to inspect individual
|
1494
|
+
# packets and you define stateful rule groups to inspect packets in
|
1495
|
+
# the context of their traffic flow.
|
1466
1496
|
#
|
1467
1497
|
# To use a rule group, you include it by reference in an Network
|
1468
1498
|
# Firewall firewall policy, then you use the policy in a firewall. You
|
@@ -1491,7 +1521,7 @@ module Aws::NetworkFirewall
|
|
1491
1521
|
# metric dimension is a name/value pair that's part of the identity of
|
1492
1522
|
# a metric.
|
1493
1523
|
#
|
1494
|
-
#
|
1524
|
+
# Network Firewall sets the dimension name to `CustomAction` and you
|
1495
1525
|
# provide the dimension value.
|
1496
1526
|
#
|
1497
1527
|
# For more information about CloudWatch custom metric dimensions, see
|
@@ -1625,10 +1655,59 @@ module Aws::NetworkFirewall
|
|
1625
1655
|
include Aws::Structure
|
1626
1656
|
end
|
1627
1657
|
|
1628
|
-
#
|
1658
|
+
# A complex type that contains optional Amazon Web Services Key
|
1659
|
+
# Management Service (KMS) encryption settings for your Network Firewall
|
1660
|
+
# resources. Your data is encrypted by default with an Amazon Web
|
1661
|
+
# Services owned key that Amazon Web Services owns and manages for you.
|
1662
|
+
# You can use either the Amazon Web Services owned key, or provide your
|
1663
|
+
# own customer managed key. To learn more about KMS encryption of your
|
1664
|
+
# Network Firewall resources, see [Encryption at rest with Amazon Web
|
1665
|
+
# Services Key Managment Service][1] in the *Network Firewall Developer
|
1666
|
+
# Guide*.
|
1667
|
+
#
|
1668
|
+
#
|
1669
|
+
#
|
1670
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
|
1671
|
+
#
|
1672
|
+
# @note When making an API call, you may pass EncryptionConfiguration
|
1673
|
+
# data as a hash:
|
1674
|
+
#
|
1675
|
+
# {
|
1676
|
+
# key_id: "KeyId",
|
1677
|
+
# type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
1678
|
+
# }
|
1679
|
+
#
|
1680
|
+
# @!attribute [rw] key_id
|
1681
|
+
# The ID of the Amazon Web Services Key Management Service (KMS)
|
1682
|
+
# customer managed key. You can use any of the key identifiers that
|
1683
|
+
# KMS supports, unless you're using a key that's managed by another
|
1684
|
+
# account. If you're using a key managed by another account, then
|
1685
|
+
# specify the key ARN. For more information, see [Key ID][1] in the
|
1686
|
+
# *Amazon Web Services KMS Developer Guide*.
|
1687
|
+
#
|
1688
|
+
#
|
1689
|
+
#
|
1690
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
|
1691
|
+
# @return [String]
|
1692
|
+
#
|
1693
|
+
# @!attribute [rw] type
|
1694
|
+
# The type of Amazon Web Services KMS key to use for encryption of
|
1695
|
+
# your Network Firewall resources.
|
1696
|
+
# @return [String]
|
1697
|
+
#
|
1698
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/EncryptionConfiguration AWS API Documentation
|
1699
|
+
#
|
1700
|
+
class EncryptionConfiguration < Struct.new(
|
1701
|
+
:key_id,
|
1702
|
+
:type)
|
1703
|
+
SENSITIVE = []
|
1704
|
+
include Aws::Structure
|
1705
|
+
end
|
1706
|
+
|
1707
|
+
# The firewall defines the configuration settings for an Network
|
1629
1708
|
# Firewall firewall. These settings include the firewall policy, the
|
1630
1709
|
# subnets in your VPC to use for the firewall endpoints, and any tags
|
1631
|
-
# that are attached to the firewall
|
1710
|
+
# that are attached to the firewall Amazon Web Services resource.
|
1632
1711
|
#
|
1633
1712
|
# The status of the firewall, for example whether it's ready to filter
|
1634
1713
|
# network traffic, is provided in the corresponding FirewallStatus. You
|
@@ -1695,6 +1774,11 @@ module Aws::NetworkFirewall
|
|
1695
1774
|
# @!attribute [rw] tags
|
1696
1775
|
# @return [Array<Types::Tag>]
|
1697
1776
|
#
|
1777
|
+
# @!attribute [rw] encryption_configuration
|
1778
|
+
# A complex type that contains the Amazon Web Services KMS encryption
|
1779
|
+
# configuration settings for your firewall.
|
1780
|
+
# @return [Types::EncryptionConfiguration]
|
1781
|
+
#
|
1698
1782
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Firewall AWS API Documentation
|
1699
1783
|
#
|
1700
1784
|
class Firewall < Struct.new(
|
@@ -1708,7 +1792,8 @@ module Aws::NetworkFirewall
|
|
1708
1792
|
:firewall_policy_change_protection,
|
1709
1793
|
:description,
|
1710
1794
|
:firewall_id,
|
1711
|
-
:tags
|
1795
|
+
:tags,
|
1796
|
+
:encryption_configuration)
|
1712
1797
|
SENSITIVE = []
|
1713
1798
|
include Aws::Structure
|
1714
1799
|
end
|
@@ -1850,12 +1935,12 @@ module Aws::NetworkFirewall
|
|
1850
1935
|
#
|
1851
1936
|
# * aws:alert\_established
|
1852
1937
|
#
|
1853
|
-
# For more information, see [Strict evaluation order][1] in the
|
1854
|
-
# Network Firewall Developer Guide*.
|
1938
|
+
# For more information, see [Strict evaluation order][1] in the
|
1939
|
+
# *Network Firewall Developer Guide*.
|
1855
1940
|
#
|
1856
1941
|
#
|
1857
1942
|
#
|
1858
|
-
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-strict-rule-evaluation-order.html
|
1943
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-strict-rule-evaluation-order.html
|
1859
1944
|
# @return [Array<String>]
|
1860
1945
|
#
|
1861
1946
|
# @!attribute [rw] stateful_engine_options
|
@@ -1954,6 +2039,11 @@ module Aws::NetworkFirewall
|
|
1954
2039
|
# policy.
|
1955
2040
|
# @return [Integer]
|
1956
2041
|
#
|
2042
|
+
# @!attribute [rw] encryption_configuration
|
2043
|
+
# A complex type that contains the Amazon Web Services KMS encryption
|
2044
|
+
# configuration settings for your firewall policy.
|
2045
|
+
# @return [Types::EncryptionConfiguration]
|
2046
|
+
#
|
1957
2047
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicyResponse AWS API Documentation
|
1958
2048
|
#
|
1959
2049
|
class FirewallPolicyResponse < Struct.new(
|
@@ -1965,7 +2055,8 @@ module Aws::NetworkFirewall
|
|
1965
2055
|
:tags,
|
1966
2056
|
:consumed_stateless_rule_capacity,
|
1967
2057
|
:consumed_stateful_rule_capacity,
|
1968
|
-
:number_of_associations
|
2058
|
+
:number_of_associations,
|
2059
|
+
:encryption_configuration)
|
1969
2060
|
SENSITIVE = []
|
1970
2061
|
include Aws::Structure
|
1971
2062
|
end
|
@@ -2018,9 +2109,9 @@ module Aws::NetworkFirewall
|
|
2018
2109
|
include Aws::Structure
|
2019
2110
|
end
|
2020
2111
|
|
2021
|
-
# The basic rule criteria for
|
2022
|
-
#
|
2023
|
-
#
|
2112
|
+
# The basic rule criteria for Network Firewall to use to inspect packet
|
2113
|
+
# headers in stateful traffic flow inspection. Traffic flows that match
|
2114
|
+
# the criteria are a match for the corresponding StatefulRule.
|
2024
2115
|
#
|
2025
2116
|
# @note When making an API call, you may pass Header
|
2026
2117
|
# data as a hash:
|
@@ -2036,7 +2127,8 @@ module Aws::NetworkFirewall
|
|
2036
2127
|
#
|
2037
2128
|
# @!attribute [rw] protocol
|
2038
2129
|
# The protocol to inspect for. To specify all, you can use `IP`,
|
2039
|
-
# because all traffic on
|
2130
|
+
# because all traffic on Amazon Web Services and on the internet is
|
2131
|
+
# IP.
|
2040
2132
|
# @return [String]
|
2041
2133
|
#
|
2042
2134
|
# @!attribute [rw] source
|
@@ -2142,8 +2234,8 @@ module Aws::NetworkFirewall
|
|
2142
2234
|
include Aws::Structure
|
2143
2235
|
end
|
2144
2236
|
|
2145
|
-
#
|
2146
|
-
# request. Try your request later.
|
2237
|
+
# Amazon Web Services doesn't currently have enough available capacity
|
2238
|
+
# to fulfill your request. Try your request later.
|
2147
2239
|
#
|
2148
2240
|
# @!attribute [rw] message
|
2149
2241
|
# @return [String]
|
@@ -2486,10 +2578,10 @@ module Aws::NetworkFirewall
|
|
2486
2578
|
include Aws::Structure
|
2487
2579
|
end
|
2488
2580
|
|
2489
|
-
# Defines where
|
2490
|
-
#
|
2491
|
-
#
|
2492
|
-
#
|
2581
|
+
# Defines where Network Firewall sends logs for the firewall for one log
|
2582
|
+
# type. This is used in LoggingConfiguration. You can send each type of
|
2583
|
+
# log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data
|
2584
|
+
# Firehose delivery stream.
|
2493
2585
|
#
|
2494
2586
|
# Network Firewall generates logs for stateful rule groups. You can save
|
2495
2587
|
# alert and flow log types. The stateful rules engine records flow logs
|
@@ -2570,7 +2662,7 @@ module Aws::NetworkFirewall
|
|
2570
2662
|
include Aws::Structure
|
2571
2663
|
end
|
2572
2664
|
|
2573
|
-
# Defines how
|
2665
|
+
# Defines how Network Firewall performs logging for a Firewall.
|
2574
2666
|
#
|
2575
2667
|
# @note When making an API call, you may pass LoggingConfiguration
|
2576
2668
|
# data as a hash:
|
@@ -2813,10 +2905,9 @@ module Aws::NetworkFirewall
|
|
2813
2905
|
# @return [String]
|
2814
2906
|
#
|
2815
2907
|
# @!attribute [rw] policy
|
2816
|
-
# The
|
2817
|
-
#
|
2818
|
-
#
|
2819
|
-
# to perform.
|
2908
|
+
# The IAM policy statement that lists the accounts that you want to
|
2909
|
+
# share your rule group or firewall policy with and the operations
|
2910
|
+
# that you want the accounts to be able to perform.
|
2820
2911
|
#
|
2821
2912
|
# For a rule group resource, you can specify the following operations
|
2822
2913
|
# in the Actions section of the statement:
|
@@ -2882,7 +2973,7 @@ module Aws::NetworkFirewall
|
|
2882
2973
|
include Aws::Structure
|
2883
2974
|
end
|
2884
2975
|
|
2885
|
-
# The inspection criteria and action for a single stateless rule.
|
2976
|
+
# The inspection criteria and action for a single stateless rule.
|
2886
2977
|
# Network Firewall inspects each packet for the specified matching
|
2887
2978
|
# criteria. When a packet matches the criteria, Network Firewall
|
2888
2979
|
# performs the rule's actions on the packet.
|
@@ -2983,7 +3074,7 @@ module Aws::NetworkFirewall
|
|
2983
3074
|
# RuleGroupResponse, define the rule group. You can retrieve all objects
|
2984
3075
|
# for a rule group by calling DescribeRuleGroup.
|
2985
3076
|
#
|
2986
|
-
#
|
3077
|
+
# Network Firewall uses a rule group to inspect and control network
|
2987
3078
|
# traffic. You define stateless rule groups to inspect individual
|
2988
3079
|
# packets and you define stateful rule groups to inspect packets in the
|
2989
3080
|
# context of their traffic flow.
|
@@ -3206,6 +3297,11 @@ module Aws::NetworkFirewall
|
|
3206
3297
|
# The number of firewall policies that use this rule group.
|
3207
3298
|
# @return [Integer]
|
3208
3299
|
#
|
3300
|
+
# @!attribute [rw] encryption_configuration
|
3301
|
+
# A complex type that contains the Amazon Web Services KMS encryption
|
3302
|
+
# configuration settings for your rule group.
|
3303
|
+
# @return [Types::EncryptionConfiguration]
|
3304
|
+
#
|
3209
3305
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroupResponse AWS API Documentation
|
3210
3306
|
#
|
3211
3307
|
class RuleGroupResponse < Struct.new(
|
@@ -3218,7 +3314,8 @@ module Aws::NetworkFirewall
|
|
3218
3314
|
:rule_group_status,
|
3219
3315
|
:tags,
|
3220
3316
|
:consumed_capacity,
|
3221
|
-
:number_of_associations
|
3317
|
+
:number_of_associations,
|
3318
|
+
:encryption_configuration)
|
3222
3319
|
SENSITIVE = []
|
3223
3320
|
include Aws::Structure
|
3224
3321
|
end
|
@@ -3428,7 +3525,7 @@ module Aws::NetworkFirewall
|
|
3428
3525
|
# `HOME_NET` rule variable to include the CIDR range of the deployment
|
3429
3526
|
# VPC plus the other CIDR ranges. For more information, see
|
3430
3527
|
# RuleVariables in this guide and [Stateful domain list rule groups in
|
3431
|
-
#
|
3528
|
+
# Network Firewall][1] in the *Network Firewall Developer Guide*.
|
3432
3529
|
#
|
3433
3530
|
#
|
3434
3531
|
#
|
@@ -3492,7 +3589,7 @@ module Aws::NetworkFirewall
|
|
3492
3589
|
# rules are provided to the rule engine as Suricata compatible
|
3493
3590
|
# strings, and Suricata evaluates them based on certain settings. For
|
3494
3591
|
# more information, see [Evaluation order for stateful rules][1] in
|
3495
|
-
# the *
|
3592
|
+
# the *Network Firewall Developer Guide*.
|
3496
3593
|
#
|
3497
3594
|
#
|
3498
3595
|
#
|
@@ -3671,7 +3768,7 @@ module Aws::NetworkFirewall
|
|
3671
3768
|
# rules are provided to the rule engine as Suricata compatible
|
3672
3769
|
# strings, and Suricata evaluates them based on certain settings. For
|
3673
3770
|
# more information, see [Evaluation order for stateful rules][1] in
|
3674
|
-
# the *
|
3771
|
+
# the *Network Firewall Developer Guide*.
|
3675
3772
|
#
|
3676
3773
|
#
|
3677
3774
|
#
|
@@ -3880,7 +3977,7 @@ module Aws::NetworkFirewall
|
|
3880
3977
|
end
|
3881
3978
|
|
3882
3979
|
# The ID for a subnet that you want to associate with the firewall. This
|
3883
|
-
# is used with CreateFirewall and AssociateSubnets.
|
3980
|
+
# is used with CreateFirewall and AssociateSubnets. Network Firewall
|
3884
3981
|
# creates an instance of the associated firewall in each subnet that you
|
3885
3982
|
# specify, to filter traffic in the subnet's Availability Zone.
|
3886
3983
|
#
|
@@ -3906,7 +4003,7 @@ module Aws::NetworkFirewall
|
|
3906
4003
|
# The status of the firewall endpoint and firewall policy configuration
|
3907
4004
|
# for a single VPC subnet.
|
3908
4005
|
#
|
3909
|
-
# For each VPC subnet that you associate with a firewall,
|
4006
|
+
# For each VPC subnet that you associate with a firewall, Network
|
3910
4007
|
# Firewall does the following:
|
3911
4008
|
#
|
3912
4009
|
# * Instantiates a firewall endpoint in the subnet, ready to take
|
@@ -3987,12 +4084,12 @@ module Aws::NetworkFirewall
|
|
3987
4084
|
include Aws::Structure
|
3988
4085
|
end
|
3989
4086
|
|
3990
|
-
# A key:value pair associated with an
|
3991
|
-
# can be anything you define. Typically, the tag key
|
3992
|
-
# category (such as "environment") and the tag value
|
3993
|
-
# specific value within that category (such as "test,"
|
4087
|
+
# A key:value pair associated with an Amazon Web Services resource. The
|
4088
|
+
# key:value pair can be anything you define. Typically, the tag key
|
4089
|
+
# represents a category (such as "environment") and the tag value
|
4090
|
+
# represents a specific value within that category (such as "test,"
|
3994
4091
|
# "development," or "production"). You can add up to 50 tags to each
|
3995
|
-
#
|
4092
|
+
# Amazon Web Services resource.
|
3996
4093
|
#
|
3997
4094
|
# @note When making an API call, you may pass Tag
|
3998
4095
|
# data as a hash:
|
@@ -4323,6 +4420,131 @@ module Aws::NetworkFirewall
|
|
4323
4420
|
include Aws::Structure
|
4324
4421
|
end
|
4325
4422
|
|
4423
|
+
# @note When making an API call, you may pass UpdateFirewallEncryptionConfigurationRequest
|
4424
|
+
# data as a hash:
|
4425
|
+
#
|
4426
|
+
# {
|
4427
|
+
# update_token: "UpdateToken",
|
4428
|
+
# firewall_arn: "ResourceArn",
|
4429
|
+
# firewall_name: "ResourceName",
|
4430
|
+
# encryption_configuration: {
|
4431
|
+
# key_id: "KeyId",
|
4432
|
+
# type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
4433
|
+
# },
|
4434
|
+
# }
|
4435
|
+
#
|
4436
|
+
# @!attribute [rw] update_token
|
4437
|
+
# An optional token that you can use for optimistic locking. Network
|
4438
|
+
# Firewall returns a token to your requests that access the firewall.
|
4439
|
+
# The token marks the state of the firewall resource at the time of
|
4440
|
+
# the request.
|
4441
|
+
#
|
4442
|
+
# To make an unconditional change to the firewall, omit the token in
|
4443
|
+
# your update request. Without the token, Network Firewall performs
|
4444
|
+
# your updates regardless of whether the firewall has changed since
|
4445
|
+
# you last retrieved it.
|
4446
|
+
#
|
4447
|
+
# To make a conditional change to the firewall, provide the token in
|
4448
|
+
# your update request. Network Firewall uses the token to ensure that
|
4449
|
+
# the firewall hasn't changed since you last retrieved it. If it has
|
4450
|
+
# changed, the operation fails with an `InvalidTokenException`. If
|
4451
|
+
# this happens, retrieve the firewall again to get a current copy of
|
4452
|
+
# it with a new token. Reapply your changes as needed, then try the
|
4453
|
+
# operation again using the new token.
|
4454
|
+
# @return [String]
|
4455
|
+
#
|
4456
|
+
# @!attribute [rw] firewall_arn
|
4457
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
4458
|
+
# @return [String]
|
4459
|
+
#
|
4460
|
+
# @!attribute [rw] firewall_name
|
4461
|
+
# The descriptive name of the firewall. You can't change the name of
|
4462
|
+
# a firewall after you create it.
|
4463
|
+
# @return [String]
|
4464
|
+
#
|
4465
|
+
# @!attribute [rw] encryption_configuration
|
4466
|
+
# A complex type that contains optional Amazon Web Services Key
|
4467
|
+
# Management Service (KMS) encryption settings for your Network
|
4468
|
+
# Firewall resources. Your data is encrypted by default with an Amazon
|
4469
|
+
# Web Services owned key that Amazon Web Services owns and manages for
|
4470
|
+
# you. You can use either the Amazon Web Services owned key, or
|
4471
|
+
# provide your own customer managed key. To learn more about KMS
|
4472
|
+
# encryption of your Network Firewall resources, see [Encryption at
|
4473
|
+
# rest with Amazon Web Services Key Managment Service][1] in the
|
4474
|
+
# *Network Firewall Developer Guide*.
|
4475
|
+
#
|
4476
|
+
#
|
4477
|
+
#
|
4478
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
|
4479
|
+
# @return [Types::EncryptionConfiguration]
|
4480
|
+
#
|
4481
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfigurationRequest AWS API Documentation
|
4482
|
+
#
|
4483
|
+
class UpdateFirewallEncryptionConfigurationRequest < Struct.new(
|
4484
|
+
:update_token,
|
4485
|
+
:firewall_arn,
|
4486
|
+
:firewall_name,
|
4487
|
+
:encryption_configuration)
|
4488
|
+
SENSITIVE = []
|
4489
|
+
include Aws::Structure
|
4490
|
+
end
|
4491
|
+
|
4492
|
+
# @!attribute [rw] firewall_arn
|
4493
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
4494
|
+
# @return [String]
|
4495
|
+
#
|
4496
|
+
# @!attribute [rw] firewall_name
|
4497
|
+
# The descriptive name of the firewall. You can't change the name of
|
4498
|
+
# a firewall after you create it.
|
4499
|
+
# @return [String]
|
4500
|
+
#
|
4501
|
+
# @!attribute [rw] update_token
|
4502
|
+
# An optional token that you can use for optimistic locking. Network
|
4503
|
+
# Firewall returns a token to your requests that access the firewall.
|
4504
|
+
# The token marks the state of the firewall resource at the time of
|
4505
|
+
# the request.
|
4506
|
+
#
|
4507
|
+
# To make an unconditional change to the firewall, omit the token in
|
4508
|
+
# your update request. Without the token, Network Firewall performs
|
4509
|
+
# your updates regardless of whether the firewall has changed since
|
4510
|
+
# you last retrieved it.
|
4511
|
+
#
|
4512
|
+
# To make a conditional change to the firewall, provide the token in
|
4513
|
+
# your update request. Network Firewall uses the token to ensure that
|
4514
|
+
# the firewall hasn't changed since you last retrieved it. If it has
|
4515
|
+
# changed, the operation fails with an `InvalidTokenException`. If
|
4516
|
+
# this happens, retrieve the firewall again to get a current copy of
|
4517
|
+
# it with a new token. Reapply your changes as needed, then try the
|
4518
|
+
# operation again using the new token.
|
4519
|
+
# @return [String]
|
4520
|
+
#
|
4521
|
+
# @!attribute [rw] encryption_configuration
|
4522
|
+
# A complex type that contains optional Amazon Web Services Key
|
4523
|
+
# Management Service (KMS) encryption settings for your Network
|
4524
|
+
# Firewall resources. Your data is encrypted by default with an Amazon
|
4525
|
+
# Web Services owned key that Amazon Web Services owns and manages for
|
4526
|
+
# you. You can use either the Amazon Web Services owned key, or
|
4527
|
+
# provide your own customer managed key. To learn more about KMS
|
4528
|
+
# encryption of your Network Firewall resources, see [Encryption at
|
4529
|
+
# rest with Amazon Web Services Key Managment Service][1] in the
|
4530
|
+
# *Network Firewall Developer Guide*.
|
4531
|
+
#
|
4532
|
+
#
|
4533
|
+
#
|
4534
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
|
4535
|
+
# @return [Types::EncryptionConfiguration]
|
4536
|
+
#
|
4537
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfigurationResponse AWS API Documentation
|
4538
|
+
#
|
4539
|
+
class UpdateFirewallEncryptionConfigurationResponse < Struct.new(
|
4540
|
+
:firewall_arn,
|
4541
|
+
:firewall_name,
|
4542
|
+
:update_token,
|
4543
|
+
:encryption_configuration)
|
4544
|
+
SENSITIVE = []
|
4545
|
+
include Aws::Structure
|
4546
|
+
end
|
4547
|
+
|
4326
4548
|
# @note When making an API call, you may pass UpdateFirewallPolicyChangeProtectionRequest
|
4327
4549
|
# data as a hash:
|
4328
4550
|
#
|
@@ -4479,6 +4701,10 @@ module Aws::NetworkFirewall
|
|
4479
4701
|
# },
|
4480
4702
|
# description: "Description",
|
4481
4703
|
# dry_run: false,
|
4704
|
+
# encryption_configuration: {
|
4705
|
+
# key_id: "KeyId",
|
4706
|
+
# type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
4707
|
+
# },
|
4482
4708
|
# }
|
4483
4709
|
#
|
4484
4710
|
# @!attribute [rw] update_token
|
@@ -4532,6 +4758,11 @@ module Aws::NetworkFirewall
|
|
4532
4758
|
# your resources.
|
4533
4759
|
# @return [Boolean]
|
4534
4760
|
#
|
4761
|
+
# @!attribute [rw] encryption_configuration
|
4762
|
+
# A complex type that contains settings for encryption of your
|
4763
|
+
# firewall policy resources.
|
4764
|
+
# @return [Types::EncryptionConfiguration]
|
4765
|
+
#
|
4535
4766
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicyRequest AWS API Documentation
|
4536
4767
|
#
|
4537
4768
|
class UpdateFirewallPolicyRequest < Struct.new(
|
@@ -4540,7 +4771,8 @@ module Aws::NetworkFirewall
|
|
4540
4771
|
:firewall_policy_name,
|
4541
4772
|
:firewall_policy,
|
4542
4773
|
:description,
|
4543
|
-
:dry_run
|
4774
|
+
:dry_run,
|
4775
|
+
:encryption_configuration)
|
4544
4776
|
SENSITIVE = []
|
4545
4777
|
include Aws::Structure
|
4546
4778
|
end
|
@@ -4632,7 +4864,7 @@ module Aws::NetworkFirewall
|
|
4632
4864
|
# @return [String]
|
4633
4865
|
#
|
4634
4866
|
# @!attribute [rw] logging_configuration
|
4635
|
-
# Defines how
|
4867
|
+
# Defines how Network Firewall performs logging for a Firewall.
|
4636
4868
|
# @return [Types::LoggingConfiguration]
|
4637
4869
|
#
|
4638
4870
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateLoggingConfigurationResponse AWS API Documentation
|
@@ -4755,6 +4987,10 @@ module Aws::NetworkFirewall
|
|
4755
4987
|
# type: "STATELESS", # accepts STATELESS, STATEFUL
|
4756
4988
|
# description: "Description",
|
4757
4989
|
# dry_run: false,
|
4990
|
+
# encryption_configuration: {
|
4991
|
+
# key_id: "KeyId",
|
4992
|
+
# type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
4993
|
+
# },
|
4758
4994
|
# }
|
4759
4995
|
#
|
4760
4996
|
# @!attribute [rw] update_token
|
@@ -4840,6 +5076,11 @@ module Aws::NetworkFirewall
|
|
4840
5076
|
# your resources.
|
4841
5077
|
# @return [Boolean]
|
4842
5078
|
#
|
5079
|
+
# @!attribute [rw] encryption_configuration
|
5080
|
+
# A complex type that contains settings for encryption of your rule
|
5081
|
+
# group resources.
|
5082
|
+
# @return [Types::EncryptionConfiguration]
|
5083
|
+
#
|
4843
5084
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroupRequest AWS API Documentation
|
4844
5085
|
#
|
4845
5086
|
class UpdateRuleGroupRequest < Struct.new(
|
@@ -4850,7 +5091,8 @@ module Aws::NetworkFirewall
|
|
4850
5091
|
:rules,
|
4851
5092
|
:type,
|
4852
5093
|
:description,
|
4853
|
-
:dry_run
|
5094
|
+
:dry_run,
|
5095
|
+
:encryption_configuration)
|
4854
5096
|
SENSITIVE = []
|
4855
5097
|
include Aws::Structure
|
4856
5098
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-networkfirewall
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.16.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-04-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.127.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.127.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|