aws-sdk-networkfirewall 1.13.0 → 1.16.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bd44678eaff90fe9184784a43266ba888534c3c6a9e6fe678820ab58da6f50d0
4
- data.tar.gz: 4db552e1670c4aee1534576d1a69e59f5e90334f2c1a59c77950d15c0869b168
3
+ metadata.gz: f66bf7c71cb11bf0af157ffcdbad8e7df68a441447cd7907b6d19dbba2d6bf1a
4
+ data.tar.gz: a307c7c73f68026af50870890e9e4e75f00767e05e4fec15368f1609ce5dcff2
5
5
  SHA512:
6
- metadata.gz: 8b97cc56988f976c497469e73d8ddc1f71edb737386793825df186cc1abad6808727cf096de8554b6dbac8a8d2a338ffbdb62831a4f196bcc34c22d44a1ce37c
7
- data.tar.gz: 73e1630ad55f48b62a16d2d7de0900b1a6220ef9ab4f79f8e60bf20d7667a6502158ec4907a33a4ac33fa74ebd4de81702083c3ebf3c48fc6f791e970ea4b10d
6
+ metadata.gz: 8e39869232f6ea4567b75c432c293f6e13bff33f7b0467d4c34f71ecf27124b254a8ac919e565bfafd8843268e9d3376e188c8084cd5bcf2f93f763f0d9467a1
7
+ data.tar.gz: 71f99b4fa4d00a371ed89c8e8291b51342f7662f3355c1c11e7fc09bc00f089e03329b1769fcdb206bac0a82360ddd25d93124d326c979129af3c130f36dee2b
data/CHANGELOG.md CHANGED
@@ -1,6 +1,21 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.16.0 (2022-04-26)
5
+ ------------------
6
+
7
+ * Feature - AWS Network Firewall now enables customers to use a customer managed AWS KMS key for the encryption of their firewall resources.
8
+
9
+ 1.15.0 (2022-02-24)
10
+ ------------------
11
+
12
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
13
+
14
+ 1.14.0 (2022-02-03)
15
+ ------------------
16
+
17
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
18
+
4
19
  1.13.0 (2021-12-21)
5
20
  ------------------
6
21
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.13.0
1
+ 1.16.0
@@ -27,7 +27,9 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
27
27
  require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
28
28
  require 'aws-sdk-core/plugins/transfer_encoding.rb'
29
29
  require 'aws-sdk-core/plugins/http_checksum.rb'
30
+ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
30
31
  require 'aws-sdk-core/plugins/defaults_mode.rb'
32
+ require 'aws-sdk-core/plugins/recursion_detection.rb'
31
33
  require 'aws-sdk-core/plugins/signature_v4.rb'
32
34
  require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
33
35
 
@@ -74,7 +76,9 @@ module Aws::NetworkFirewall
74
76
  add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
75
77
  add_plugin(Aws::Plugins::TransferEncoding)
76
78
  add_plugin(Aws::Plugins::HttpChecksum)
79
+ add_plugin(Aws::Plugins::ChecksumAlgorithm)
77
80
  add_plugin(Aws::Plugins::DefaultsMode)
81
+ add_plugin(Aws::Plugins::RecursionDetection)
78
82
  add_plugin(Aws::Plugins::SignatureV4)
79
83
  add_plugin(Aws::Plugins::Protocols::JsonRpc)
80
84
 
@@ -433,8 +437,8 @@ module Aws::NetworkFirewall
433
437
  # You can specify one subnet for each of the Availability Zones that the
434
438
  # VPC spans.
435
439
  #
436
- # This request creates an AWS Network Firewall firewall endpoint in each
437
- # of the subnets. To enable the firewall's protections, you must also
440
+ # This request creates an Network Firewall firewall endpoint in each of
441
+ # the subnets. To enable the firewall's protections, you must also
438
442
  # modify the VPC's route tables for each subnet's Availability Zone,
439
443
  # to redirect the traffic that's coming into and going out of the zone
440
444
  # through the firewall endpoint.
@@ -509,14 +513,14 @@ module Aws::NetworkFirewall
509
513
  req.send_request(options)
510
514
  end
511
515
 
512
- # Creates an AWS Network Firewall Firewall and accompanying
513
- # FirewallStatus for a VPC.
516
+ # Creates an Network Firewall Firewall and accompanying FirewallStatus
517
+ # for a VPC.
514
518
  #
515
- # The firewall defines the configuration settings for an AWS Network
519
+ # The firewall defines the configuration settings for an Network
516
520
  # Firewall firewall. The settings that you can define at creation
517
521
  # include the firewall policy, the subnets in your VPC to use for the
518
- # firewall endpoints, and any tags that are attached to the firewall AWS
519
- # resource.
522
+ # firewall endpoints, and any tags that are attached to the firewall
523
+ # Amazon Web Services resource.
520
524
  #
521
525
  # After you create a firewall, you can provide additional settings, like
522
526
  # the logging configuration.
@@ -526,8 +530,9 @@ module Aws::NetworkFirewall
526
530
  # UpdateLoggingConfiguration, AssociateSubnets, and
527
531
  # UpdateFirewallDeleteProtection.
528
532
  #
529
- # To manage a firewall's tags, use the standard AWS resource tagging
530
- # operations, ListTagsForResource, TagResource, and UntagResource.
533
+ # To manage a firewall's tags, use the standard Amazon Web Services
534
+ # resource tagging operations, ListTagsForResource, TagResource, and
535
+ # UntagResource.
531
536
  #
532
537
  # To retrieve information about firewalls, use ListFirewalls and
533
538
  # DescribeFirewall.
@@ -578,6 +583,10 @@ module Aws::NetworkFirewall
578
583
  # @option params [Array<Types::Tag>] :tags
579
584
  # The key:value pairs to associate with the resource.
580
585
  #
586
+ # @option params [Types::EncryptionConfiguration] :encryption_configuration
587
+ # A complex type that contains settings for encryption of your firewall
588
+ # resources.
589
+ #
581
590
  # @return [Types::CreateFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
582
591
  #
583
592
  # * {Types::CreateFirewallResponse#firewall #firewall} => Types::Firewall
@@ -604,6 +613,10 @@ module Aws::NetworkFirewall
604
613
  # value: "TagValue", # required
605
614
  # },
606
615
  # ],
616
+ # encryption_configuration: {
617
+ # key_id: "KeyId",
618
+ # type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
619
+ # },
607
620
  # })
608
621
  #
609
622
  # @example Response structure
@@ -622,6 +635,8 @@ module Aws::NetworkFirewall
622
635
  # resp.firewall.tags #=> Array
623
636
  # resp.firewall.tags[0].key #=> String
624
637
  # resp.firewall.tags[0].value #=> String
638
+ # resp.firewall.encryption_configuration.key_id #=> String
639
+ # resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
625
640
  # resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
626
641
  # resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
627
642
  # resp.firewall_status.sync_states #=> Hash
@@ -644,7 +659,7 @@ module Aws::NetworkFirewall
644
659
  # Creates the firewall policy for the firewall according to the
645
660
  # specifications.
646
661
  #
647
- # An AWS Network Firewall firewall policy defines the behavior of a
662
+ # An Network Firewall firewall policy defines the behavior of a
648
663
  # firewall, in a collection of stateless and stateful rule groups and
649
664
  # other settings. You can use one firewall policy for multiple
650
665
  # firewalls.
@@ -677,6 +692,10 @@ module Aws::NetworkFirewall
677
692
  # If set to `FALSE`, Network Firewall makes the requested changes to
678
693
  # your resources.
679
694
  #
695
+ # @option params [Types::EncryptionConfiguration] :encryption_configuration
696
+ # A complex type that contains settings for encryption of your firewall
697
+ # policy resources.
698
+ #
680
699
  # @return [Types::CreateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
681
700
  #
682
701
  # * {Types::CreateFirewallPolicyResponse#update_token #update_token} => String
@@ -731,6 +750,10 @@ module Aws::NetworkFirewall
731
750
  # },
732
751
  # ],
733
752
  # dry_run: false,
753
+ # encryption_configuration: {
754
+ # key_id: "KeyId",
755
+ # type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
756
+ # },
734
757
  # })
735
758
  #
736
759
  # @example Response structure
@@ -747,6 +770,8 @@ module Aws::NetworkFirewall
747
770
  # resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
748
771
  # resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
749
772
  # resp.firewall_policy_response.number_of_associations #=> Integer
773
+ # resp.firewall_policy_response.encryption_configuration.key_id #=> String
774
+ # resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
750
775
  #
751
776
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicy AWS API Documentation
752
777
  #
@@ -865,6 +890,10 @@ module Aws::NetworkFirewall
865
890
  # If set to `FALSE`, Network Firewall makes the requested changes to
866
891
  # your resources.
867
892
  #
893
+ # @option params [Types::EncryptionConfiguration] :encryption_configuration
894
+ # A complex type that contains settings for encryption of your rule
895
+ # group resources.
896
+ #
868
897
  # @return [Types::CreateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
869
898
  #
870
899
  # * {Types::CreateRuleGroupResponse#update_token #update_token} => String
@@ -984,6 +1013,10 @@ module Aws::NetworkFirewall
984
1013
  # },
985
1014
  # ],
986
1015
  # dry_run: false,
1016
+ # encryption_configuration: {
1017
+ # key_id: "KeyId",
1018
+ # type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
1019
+ # },
987
1020
  # })
988
1021
  #
989
1022
  # @example Response structure
@@ -1001,6 +1034,8 @@ module Aws::NetworkFirewall
1001
1034
  # resp.rule_group_response.tags[0].value #=> String
1002
1035
  # resp.rule_group_response.consumed_capacity #=> Integer
1003
1036
  # resp.rule_group_response.number_of_associations #=> Integer
1037
+ # resp.rule_group_response.encryption_configuration.key_id #=> String
1038
+ # resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
1004
1039
  #
1005
1040
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup AWS API Documentation
1006
1041
  #
@@ -1066,6 +1101,8 @@ module Aws::NetworkFirewall
1066
1101
  # resp.firewall.tags #=> Array
1067
1102
  # resp.firewall.tags[0].key #=> String
1068
1103
  # resp.firewall.tags[0].value #=> String
1104
+ # resp.firewall.encryption_configuration.key_id #=> String
1105
+ # resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
1069
1106
  # resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
1070
1107
  # resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
1071
1108
  # resp.firewall_status.sync_states #=> Hash
@@ -1122,6 +1159,8 @@ module Aws::NetworkFirewall
1122
1159
  # resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
1123
1160
  # resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
1124
1161
  # resp.firewall_policy_response.number_of_associations #=> Integer
1162
+ # resp.firewall_policy_response.encryption_configuration.key_id #=> String
1163
+ # resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
1125
1164
  #
1126
1165
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallPolicy AWS API Documentation
1127
1166
  #
@@ -1205,6 +1244,8 @@ module Aws::NetworkFirewall
1205
1244
  # resp.rule_group_response.tags[0].value #=> String
1206
1245
  # resp.rule_group_response.consumed_capacity #=> Integer
1207
1246
  # resp.rule_group_response.number_of_associations #=> Integer
1247
+ # resp.rule_group_response.encryption_configuration.key_id #=> String
1248
+ # resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
1208
1249
  #
1209
1250
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup AWS API Documentation
1210
1251
  #
@@ -1258,6 +1299,8 @@ module Aws::NetworkFirewall
1258
1299
  # resp.firewall.tags #=> Array
1259
1300
  # resp.firewall.tags[0].key #=> String
1260
1301
  # resp.firewall.tags[0].value #=> String
1302
+ # resp.firewall.encryption_configuration.key_id #=> String
1303
+ # resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
1261
1304
  # resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
1262
1305
  # resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
1263
1306
  # resp.firewall_status.sync_states #=> Hash
@@ -1317,6 +1360,8 @@ module Aws::NetworkFirewall
1317
1360
  # resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
1318
1361
  # resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
1319
1362
  # resp.firewall_policy_response.number_of_associations #=> Integer
1363
+ # resp.firewall_policy_response.encryption_configuration.key_id #=> String
1364
+ # resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
1320
1365
  # resp.firewall_policy.stateless_rule_group_references #=> Array
1321
1366
  # resp.firewall_policy.stateless_rule_group_references[0].resource_arn #=> String
1322
1367
  # resp.firewall_policy.stateless_rule_group_references[0].priority #=> Integer
@@ -1520,6 +1565,8 @@ module Aws::NetworkFirewall
1520
1565
  # resp.rule_group_response.tags[0].value #=> String
1521
1566
  # resp.rule_group_response.consumed_capacity #=> Integer
1522
1567
  # resp.rule_group_response.number_of_associations #=> Integer
1568
+ # resp.rule_group_response.encryption_configuration.key_id #=> String
1569
+ # resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
1523
1570
  #
1524
1571
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup AWS API Documentation
1525
1572
  #
@@ -1822,11 +1869,11 @@ module Aws::NetworkFirewall
1822
1869
  # key:value pairs that you can use to categorize and manage your
1823
1870
  # resources, for purposes like billing. For example, you might set the
1824
1871
  # tag key to "customer" and the value to the customer name or ID. You
1825
- # can specify one or more tags to add to each AWS resource, up to 50
1826
- # tags for a resource.
1872
+ # can specify one or more tags to add to each Amazon Web Services
1873
+ # resource, up to 50 tags for a resource.
1827
1874
  #
1828
- # You can tag the AWS resources that you manage through AWS Network
1829
- # Firewall: firewalls, firewall policies, and rule groups.
1875
+ # You can tag the Amazon Web Services resources that you manage through
1876
+ # Network Firewall: firewalls, firewall policies, and rule groups.
1830
1877
  #
1831
1878
  # @option params [String] :next_token
1832
1879
  # When you request a list of objects with a `MaxResults` setting, if the
@@ -1875,11 +1922,11 @@ module Aws::NetworkFirewall
1875
1922
  req.send_request(options)
1876
1923
  end
1877
1924
 
1878
- # Creates or updates an AWS Identity and Access Management policy for
1879
- # your rule group or firewall policy. Use this to share rule groups and
1880
- # firewall policies between accounts. This operation works in
1881
- # conjunction with the AWS Resource Access Manager (RAM) service to
1882
- # manage resource sharing for Network Firewall.
1925
+ # Creates or updates an IAM policy for your rule group or firewall
1926
+ # policy. Use this to share rule groups and firewall policies between
1927
+ # accounts. This operation works in conjunction with the Amazon Web
1928
+ # Services Resource Access Manager (RAM) service to manage resource
1929
+ # sharing for Network Firewall.
1883
1930
  #
1884
1931
  # Use this operation to create or update a resource policy for your rule
1885
1932
  # group or firewall policy. In the policy, you specify the accounts that
@@ -1896,8 +1943,8 @@ module Aws::NetworkFirewall
1896
1943
  # * [AcceptResourceShareInvitation][2] - Accepts the share invitation
1897
1944
  # for a specified resource share.
1898
1945
  #
1899
- # For additional information about resource sharing using RAM, see [AWS
1900
- # Resource Access Manager User Guide][3].
1946
+ # For additional information about resource sharing using RAM, see
1947
+ # [Resource Access Manager User Guide][3].
1901
1948
  #
1902
1949
  #
1903
1950
  #
@@ -1910,10 +1957,9 @@ module Aws::NetworkFirewall
1910
1957
  # rule groups and firewall policies with.
1911
1958
  #
1912
1959
  # @option params [required, String] :policy
1913
- # The AWS Identity and Access Management policy statement that lists the
1914
- # accounts that you want to share your rule group or firewall policy
1915
- # with and the operations that you want the accounts to be able to
1916
- # perform.
1960
+ # The IAM policy statement that lists the accounts that you want to
1961
+ # share your rule group or firewall policy with and the operations that
1962
+ # you want the accounts to be able to perform.
1917
1963
  #
1918
1964
  # For a rule group resource, you can specify the following operations in
1919
1965
  # the Actions section of the statement:
@@ -1961,11 +2007,11 @@ module Aws::NetworkFirewall
1961
2007
  # pairs that you can use to categorize and manage your resources, for
1962
2008
  # purposes like billing. For example, you might set the tag key to
1963
2009
  # "customer" and the value to the customer name or ID. You can specify
1964
- # one or more tags to add to each AWS resource, up to 50 tags for a
1965
- # resource.
2010
+ # one or more tags to add to each Amazon Web Services resource, up to 50
2011
+ # tags for a resource.
1966
2012
  #
1967
- # You can tag the AWS resources that you manage through AWS Network
1968
- # Firewall: firewalls, firewall policies, and rule groups.
2013
+ # You can tag the Amazon Web Services resources that you manage through
2014
+ # Network Firewall: firewalls, firewall policies, and rule groups.
1969
2015
  #
1970
2016
  # @option params [required, String] :resource_arn
1971
2017
  # The Amazon Resource Name (ARN) of the resource.
@@ -1999,11 +2045,12 @@ module Aws::NetworkFirewall
1999
2045
  # Tags are key:value pairs that you can use to categorize and manage
2000
2046
  # your resources, for purposes like billing. For example, you might set
2001
2047
  # the tag key to "customer" and the value to the customer name or ID.
2002
- # You can specify one or more tags to add to each AWS resource, up to 50
2003
- # tags for a resource.
2048
+ # You can specify one or more tags to add to each Amazon Web Services
2049
+ # resource, up to 50 tags for a resource.
2004
2050
  #
2005
- # You can manage tags for the AWS resources that you manage through AWS
2006
- # Network Firewall: firewalls, firewall policies, and rule groups.
2051
+ # You can manage tags for the Amazon Web Services resources that you
2052
+ # manage through Network Firewall: firewalls, firewall policies, and
2053
+ # rule groups.
2007
2054
  #
2008
2055
  # @option params [required, String] :resource_arn
2009
2056
  # The Amazon Resource Name (ARN) of the resource.
@@ -2172,6 +2219,86 @@ module Aws::NetworkFirewall
2172
2219
  req.send_request(options)
2173
2220
  end
2174
2221
 
2222
+ # A complex type that contains settings for encryption of your firewall
2223
+ # resources.
2224
+ #
2225
+ # @option params [String] :update_token
2226
+ # An optional token that you can use for optimistic locking. Network
2227
+ # Firewall returns a token to your requests that access the firewall.
2228
+ # The token marks the state of the firewall resource at the time of the
2229
+ # request.
2230
+ #
2231
+ # To make an unconditional change to the firewall, omit the token in
2232
+ # your update request. Without the token, Network Firewall performs your
2233
+ # updates regardless of whether the firewall has changed since you last
2234
+ # retrieved it.
2235
+ #
2236
+ # To make a conditional change to the firewall, provide the token in
2237
+ # your update request. Network Firewall uses the token to ensure that
2238
+ # the firewall hasn't changed since you last retrieved it. If it has
2239
+ # changed, the operation fails with an `InvalidTokenException`. If this
2240
+ # happens, retrieve the firewall again to get a current copy of it with
2241
+ # a new token. Reapply your changes as needed, then try the operation
2242
+ # again using the new token.
2243
+ #
2244
+ # @option params [String] :firewall_arn
2245
+ # The Amazon Resource Name (ARN) of the firewall.
2246
+ #
2247
+ # @option params [String] :firewall_name
2248
+ # The descriptive name of the firewall. You can't change the name of a
2249
+ # firewall after you create it.
2250
+ #
2251
+ # @option params [Types::EncryptionConfiguration] :encryption_configuration
2252
+ # A complex type that contains optional Amazon Web Services Key
2253
+ # Management Service (KMS) encryption settings for your Network Firewall
2254
+ # resources. Your data is encrypted by default with an Amazon Web
2255
+ # Services owned key that Amazon Web Services owns and manages for you.
2256
+ # You can use either the Amazon Web Services owned key, or provide your
2257
+ # own customer managed key. To learn more about KMS encryption of your
2258
+ # Network Firewall resources, see [Encryption at rest with Amazon Web
2259
+ # Services Key Managment Service][1] in the *Network Firewall Developer
2260
+ # Guide*.
2261
+ #
2262
+ #
2263
+ #
2264
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
2265
+ #
2266
+ # @return [Types::UpdateFirewallEncryptionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2267
+ #
2268
+ # * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_arn #firewall_arn} => String
2269
+ # * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_name #firewall_name} => String
2270
+ # * {Types::UpdateFirewallEncryptionConfigurationResponse#update_token #update_token} => String
2271
+ # * {Types::UpdateFirewallEncryptionConfigurationResponse#encryption_configuration #encryption_configuration} => Types::EncryptionConfiguration
2272
+ #
2273
+ # @example Request syntax with placeholder values
2274
+ #
2275
+ # resp = client.update_firewall_encryption_configuration({
2276
+ # update_token: "UpdateToken",
2277
+ # firewall_arn: "ResourceArn",
2278
+ # firewall_name: "ResourceName",
2279
+ # encryption_configuration: {
2280
+ # key_id: "KeyId",
2281
+ # type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
2282
+ # },
2283
+ # })
2284
+ #
2285
+ # @example Response structure
2286
+ #
2287
+ # resp.firewall_arn #=> String
2288
+ # resp.firewall_name #=> String
2289
+ # resp.update_token #=> String
2290
+ # resp.encryption_configuration.key_id #=> String
2291
+ # resp.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
2292
+ #
2293
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfiguration AWS API Documentation
2294
+ #
2295
+ # @overload update_firewall_encryption_configuration(params = {})
2296
+ # @param [Hash] params ({})
2297
+ def update_firewall_encryption_configuration(params = {}, options = {})
2298
+ req = build_request(:update_firewall_encryption_configuration, params)
2299
+ req.send_request(options)
2300
+ end
2301
+
2175
2302
  # Updates the properties of the specified firewall policy.
2176
2303
  #
2177
2304
  # @option params [required, String] :update_token
@@ -2219,6 +2346,10 @@ module Aws::NetworkFirewall
2219
2346
  # If set to `FALSE`, Network Firewall makes the requested changes to
2220
2347
  # your resources.
2221
2348
  #
2349
+ # @option params [Types::EncryptionConfiguration] :encryption_configuration
2350
+ # A complex type that contains settings for encryption of your firewall
2351
+ # policy resources.
2352
+ #
2222
2353
  # @return [Types::UpdateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2223
2354
  #
2224
2355
  # * {Types::UpdateFirewallPolicyResponse#update_token #update_token} => String
@@ -2269,6 +2400,10 @@ module Aws::NetworkFirewall
2269
2400
  # },
2270
2401
  # description: "Description",
2271
2402
  # dry_run: false,
2403
+ # encryption_configuration: {
2404
+ # key_id: "KeyId",
2405
+ # type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
2406
+ # },
2272
2407
  # })
2273
2408
  #
2274
2409
  # @example Response structure
@@ -2285,6 +2420,8 @@ module Aws::NetworkFirewall
2285
2420
  # resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
2286
2421
  # resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
2287
2422
  # resp.firewall_policy_response.number_of_associations #=> Integer
2423
+ # resp.firewall_policy_response.encryption_configuration.key_id #=> String
2424
+ # resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
2288
2425
  #
2289
2426
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicy AWS API Documentation
2290
2427
  #
@@ -2535,6 +2672,10 @@ module Aws::NetworkFirewall
2535
2672
  # If set to `FALSE`, Network Firewall makes the requested changes to
2536
2673
  # your resources.
2537
2674
  #
2675
+ # @option params [Types::EncryptionConfiguration] :encryption_configuration
2676
+ # A complex type that contains settings for encryption of your rule
2677
+ # group resources.
2678
+ #
2538
2679
  # @return [Types::UpdateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2539
2680
  #
2540
2681
  # * {Types::UpdateRuleGroupResponse#update_token #update_token} => String
@@ -2649,6 +2790,10 @@ module Aws::NetworkFirewall
2649
2790
  # type: "STATELESS", # accepts STATELESS, STATEFUL
2650
2791
  # description: "Description",
2651
2792
  # dry_run: false,
2793
+ # encryption_configuration: {
2794
+ # key_id: "KeyId",
2795
+ # type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
2796
+ # },
2652
2797
  # })
2653
2798
  #
2654
2799
  # @example Response structure
@@ -2666,6 +2811,8 @@ module Aws::NetworkFirewall
2666
2811
  # resp.rule_group_response.tags[0].value #=> String
2667
2812
  # resp.rule_group_response.consumed_capacity #=> Integer
2668
2813
  # resp.rule_group_response.number_of_associations #=> Integer
2814
+ # resp.rule_group_response.encryption_configuration.key_id #=> String
2815
+ # resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
2669
2816
  #
2670
2817
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup AWS API Documentation
2671
2818
  #
@@ -2758,7 +2905,7 @@ module Aws::NetworkFirewall
2758
2905
  params: params,
2759
2906
  config: config)
2760
2907
  context[:gem_name] = 'aws-sdk-networkfirewall'
2761
- context[:gem_version] = '1.13.0'
2908
+ context[:gem_version] = '1.16.0'
2762
2909
  Seahorse::Client::Request.new(handlers, context)
2763
2910
  end
2764
2911
 
@@ -65,6 +65,8 @@ module Aws::NetworkFirewall
65
65
  Dimensions = Shapes::ListShape.new(name: 'Dimensions')
66
66
  DisassociateSubnetsRequest = Shapes::StructureShape.new(name: 'DisassociateSubnetsRequest')
67
67
  DisassociateSubnetsResponse = Shapes::StructureShape.new(name: 'DisassociateSubnetsResponse')
68
+ EncryptionConfiguration = Shapes::StructureShape.new(name: 'EncryptionConfiguration')
69
+ EncryptionType = Shapes::StringShape.new(name: 'EncryptionType')
68
70
  EndpointId = Shapes::StringShape.new(name: 'EndpointId')
69
71
  ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
70
72
  Firewall = Shapes::StructureShape.new(name: 'Firewall')
@@ -89,6 +91,7 @@ module Aws::NetworkFirewall
89
91
  InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
90
92
  InvalidResourcePolicyException = Shapes::StructureShape.new(name: 'InvalidResourcePolicyException')
91
93
  InvalidTokenException = Shapes::StructureShape.new(name: 'InvalidTokenException')
94
+ KeyId = Shapes::StringShape.new(name: 'KeyId')
92
95
  Keyword = Shapes::StringShape.new(name: 'Keyword')
93
96
  LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
94
97
  ListFirewallPoliciesRequest = Shapes::StructureShape.new(name: 'ListFirewallPoliciesRequest')
@@ -195,6 +198,8 @@ module Aws::NetworkFirewall
195
198
  UpdateFirewallDeleteProtectionResponse = Shapes::StructureShape.new(name: 'UpdateFirewallDeleteProtectionResponse')
196
199
  UpdateFirewallDescriptionRequest = Shapes::StructureShape.new(name: 'UpdateFirewallDescriptionRequest')
197
200
  UpdateFirewallDescriptionResponse = Shapes::StructureShape.new(name: 'UpdateFirewallDescriptionResponse')
201
+ UpdateFirewallEncryptionConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateFirewallEncryptionConfigurationRequest')
202
+ UpdateFirewallEncryptionConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateFirewallEncryptionConfigurationResponse')
198
203
  UpdateFirewallPolicyChangeProtectionRequest = Shapes::StructureShape.new(name: 'UpdateFirewallPolicyChangeProtectionRequest')
199
204
  UpdateFirewallPolicyChangeProtectionResponse = Shapes::StructureShape.new(name: 'UpdateFirewallPolicyChangeProtectionResponse')
200
205
  UpdateFirewallPolicyRequest = Shapes::StructureShape.new(name: 'UpdateFirewallPolicyRequest')
@@ -255,6 +260,7 @@ module Aws::NetworkFirewall
255
260
  CreateFirewallPolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
256
261
  CreateFirewallPolicyRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
257
262
  CreateFirewallPolicyRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
263
+ CreateFirewallPolicyRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
258
264
  CreateFirewallPolicyRequest.struct_class = Types::CreateFirewallPolicyRequest
259
265
 
260
266
  CreateFirewallPolicyResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
@@ -270,6 +276,7 @@ module Aws::NetworkFirewall
270
276
  CreateFirewallRequest.add_member(:firewall_policy_change_protection, Shapes::ShapeRef.new(shape: Boolean, location_name: "FirewallPolicyChangeProtection"))
271
277
  CreateFirewallRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
272
278
  CreateFirewallRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
279
+ CreateFirewallRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
273
280
  CreateFirewallRequest.struct_class = Types::CreateFirewallRequest
274
281
 
275
282
  CreateFirewallResponse.add_member(:firewall, Shapes::ShapeRef.new(shape: Firewall, location_name: "Firewall"))
@@ -284,6 +291,7 @@ module Aws::NetworkFirewall
284
291
  CreateRuleGroupRequest.add_member(:capacity, Shapes::ShapeRef.new(shape: RuleCapacity, required: true, location_name: "Capacity"))
285
292
  CreateRuleGroupRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
286
293
  CreateRuleGroupRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
294
+ CreateRuleGroupRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
287
295
  CreateRuleGroupRequest.struct_class = Types::CreateRuleGroupRequest
288
296
 
289
297
  CreateRuleGroupResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
@@ -396,6 +404,10 @@ module Aws::NetworkFirewall
396
404
  DisassociateSubnetsResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
397
405
  DisassociateSubnetsResponse.struct_class = Types::DisassociateSubnetsResponse
398
406
 
407
+ EncryptionConfiguration.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyId, location_name: "KeyId"))
408
+ EncryptionConfiguration.add_member(:type, Shapes::ShapeRef.new(shape: EncryptionType, location_name: "Type"))
409
+ EncryptionConfiguration.struct_class = Types::EncryptionConfiguration
410
+
399
411
  Firewall.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
400
412
  Firewall.add_member(:firewall_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "FirewallArn"))
401
413
  Firewall.add_member(:firewall_policy_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "FirewallPolicyArn"))
@@ -407,6 +419,7 @@ module Aws::NetworkFirewall
407
419
  Firewall.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
408
420
  Firewall.add_member(:firewall_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "FirewallId"))
409
421
  Firewall.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
422
+ Firewall.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
410
423
  Firewall.struct_class = Types::Firewall
411
424
 
412
425
  FirewallMetadata.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
@@ -437,6 +450,7 @@ module Aws::NetworkFirewall
437
450
  FirewallPolicyResponse.add_member(:consumed_stateless_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatelessRuleCapacity"))
438
451
  FirewallPolicyResponse.add_member(:consumed_stateful_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatefulRuleCapacity"))
439
452
  FirewallPolicyResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
453
+ FirewallPolicyResponse.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
440
454
  FirewallPolicyResponse.struct_class = Types::FirewallPolicyResponse
441
455
 
442
456
  FirewallStatus.add_member(:status, Shapes::ShapeRef.new(shape: FirewallStatusValue, required: true, location_name: "Status"))
@@ -598,6 +612,7 @@ module Aws::NetworkFirewall
598
612
  RuleGroupResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
599
613
  RuleGroupResponse.add_member(:consumed_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedCapacity"))
600
614
  RuleGroupResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
615
+ RuleGroupResponse.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
601
616
  RuleGroupResponse.struct_class = Types::RuleGroupResponse
602
617
 
603
618
  RuleGroups.member = Shapes::ShapeRef.new(shape: RuleGroupMetadata)
@@ -743,6 +758,18 @@ module Aws::NetworkFirewall
743
758
  UpdateFirewallDescriptionResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
744
759
  UpdateFirewallDescriptionResponse.struct_class = Types::UpdateFirewallDescriptionResponse
745
760
 
761
+ UpdateFirewallEncryptionConfigurationRequest.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
762
+ UpdateFirewallEncryptionConfigurationRequest.add_member(:firewall_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "FirewallArn"))
763
+ UpdateFirewallEncryptionConfigurationRequest.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
764
+ UpdateFirewallEncryptionConfigurationRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
765
+ UpdateFirewallEncryptionConfigurationRequest.struct_class = Types::UpdateFirewallEncryptionConfigurationRequest
766
+
767
+ UpdateFirewallEncryptionConfigurationResponse.add_member(:firewall_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "FirewallArn"))
768
+ UpdateFirewallEncryptionConfigurationResponse.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
769
+ UpdateFirewallEncryptionConfigurationResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
770
+ UpdateFirewallEncryptionConfigurationResponse.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
771
+ UpdateFirewallEncryptionConfigurationResponse.struct_class = Types::UpdateFirewallEncryptionConfigurationResponse
772
+
746
773
  UpdateFirewallPolicyChangeProtectionRequest.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
747
774
  UpdateFirewallPolicyChangeProtectionRequest.add_member(:firewall_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "FirewallArn"))
748
775
  UpdateFirewallPolicyChangeProtectionRequest.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
@@ -761,6 +788,7 @@ module Aws::NetworkFirewall
761
788
  UpdateFirewallPolicyRequest.add_member(:firewall_policy, Shapes::ShapeRef.new(shape: FirewallPolicy, required: true, location_name: "FirewallPolicy"))
762
789
  UpdateFirewallPolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
763
790
  UpdateFirewallPolicyRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
791
+ UpdateFirewallPolicyRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
764
792
  UpdateFirewallPolicyRequest.struct_class = Types::UpdateFirewallPolicyRequest
765
793
 
766
794
  UpdateFirewallPolicyResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
@@ -785,6 +813,7 @@ module Aws::NetworkFirewall
785
813
  UpdateRuleGroupRequest.add_member(:type, Shapes::ShapeRef.new(shape: RuleGroupType, location_name: "Type"))
786
814
  UpdateRuleGroupRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
787
815
  UpdateRuleGroupRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
816
+ UpdateRuleGroupRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
788
817
  UpdateRuleGroupRequest.struct_class = Types::UpdateRuleGroupRequest
789
818
 
790
819
  UpdateRuleGroupResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
@@ -1170,6 +1199,20 @@ module Aws::NetworkFirewall
1170
1199
  o.errors << Shapes::ShapeRef.new(shape: InvalidTokenException)
1171
1200
  end)
1172
1201
 
1202
+ api.add_operation(:update_firewall_encryption_configuration, Seahorse::Model::Operation.new.tap do |o|
1203
+ o.name = "UpdateFirewallEncryptionConfiguration"
1204
+ o.http_method = "POST"
1205
+ o.http_request_uri = "/"
1206
+ o.input = Shapes::ShapeRef.new(shape: UpdateFirewallEncryptionConfigurationRequest)
1207
+ o.output = Shapes::ShapeRef.new(shape: UpdateFirewallEncryptionConfigurationResponse)
1208
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
1209
+ o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
1210
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
1211
+ o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
1212
+ o.errors << Shapes::ShapeRef.new(shape: InvalidTokenException)
1213
+ o.errors << Shapes::ShapeRef.new(shape: ResourceOwnerCheckException)
1214
+ end)
1215
+
1173
1216
  api.add_operation(:update_firewall_policy, Seahorse::Model::Operation.new.tap do |o|
1174
1217
  o.name = "UpdateFirewallPolicy"
1175
1218
  o.http_method = "POST"
@@ -294,8 +294,8 @@ module Aws::NetworkFirewall
294
294
  end
295
295
 
296
296
  # The configuration and status for a single subnet that you've
297
- # specified for use by the AWS Network Firewall firewall. This is part
298
- # of the FirewallStatus.
297
+ # specified for use by the Network Firewall firewall. This is part of
298
+ # the FirewallStatus.
299
299
  #
300
300
  # @!attribute [rw] subnet_id
301
301
  # The unique identifier of the subnet that you've specified to be
@@ -379,6 +379,10 @@ module Aws::NetworkFirewall
379
379
  # },
380
380
  # ],
381
381
  # dry_run: false,
382
+ # encryption_configuration: {
383
+ # key_id: "KeyId",
384
+ # type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
385
+ # },
382
386
  # }
383
387
  #
384
388
  # @!attribute [rw] firewall_policy_name
@@ -414,6 +418,11 @@ module Aws::NetworkFirewall
414
418
  # your resources.
415
419
  # @return [Boolean]
416
420
  #
421
+ # @!attribute [rw] encryption_configuration
422
+ # A complex type that contains settings for encryption of your
423
+ # firewall policy resources.
424
+ # @return [Types::EncryptionConfiguration]
425
+ #
417
426
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicyRequest AWS API Documentation
418
427
  #
419
428
  class CreateFirewallPolicyRequest < Struct.new(
@@ -421,7 +430,8 @@ module Aws::NetworkFirewall
421
430
  :firewall_policy,
422
431
  :description,
423
432
  :tags,
424
- :dry_run)
433
+ :dry_run,
434
+ :encryption_configuration)
425
435
  SENSITIVE = []
426
436
  include Aws::Structure
427
437
  end
@@ -477,6 +487,10 @@ module Aws::NetworkFirewall
477
487
  # value: "TagValue", # required
478
488
  # },
479
489
  # ],
490
+ # encryption_configuration: {
491
+ # key_id: "KeyId",
492
+ # type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
493
+ # },
480
494
  # }
481
495
  #
482
496
  # @!attribute [rw] firewall_name
@@ -534,6 +548,11 @@ module Aws::NetworkFirewall
534
548
  # The key:value pairs to associate with the resource.
535
549
  # @return [Array<Types::Tag>]
536
550
  #
551
+ # @!attribute [rw] encryption_configuration
552
+ # A complex type that contains settings for encryption of your
553
+ # firewall resources.
554
+ # @return [Types::EncryptionConfiguration]
555
+ #
537
556
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallRequest AWS API Documentation
538
557
  #
539
558
  class CreateFirewallRequest < Struct.new(
@@ -545,7 +564,8 @@ module Aws::NetworkFirewall
545
564
  :subnet_change_protection,
546
565
  :firewall_policy_change_protection,
547
566
  :description,
548
- :tags)
567
+ :tags,
568
+ :encryption_configuration)
549
569
  SENSITIVE = []
550
570
  include Aws::Structure
551
571
  end
@@ -686,6 +706,10 @@ module Aws::NetworkFirewall
686
706
  # },
687
707
  # ],
688
708
  # dry_run: false,
709
+ # encryption_configuration: {
710
+ # key_id: "KeyId",
711
+ # type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
712
+ # },
689
713
  # }
690
714
  #
691
715
  # @!attribute [rw] rule_group_name
@@ -799,6 +823,11 @@ module Aws::NetworkFirewall
799
823
  # your resources.
800
824
  # @return [Boolean]
801
825
  #
826
+ # @!attribute [rw] encryption_configuration
827
+ # A complex type that contains settings for encryption of your rule
828
+ # group resources.
829
+ # @return [Types::EncryptionConfiguration]
830
+ #
802
831
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroupRequest AWS API Documentation
803
832
  #
804
833
  class CreateRuleGroupRequest < Struct.new(
@@ -809,7 +838,8 @@ module Aws::NetworkFirewall
809
838
  :description,
810
839
  :capacity,
811
840
  :tags,
812
- :dry_run)
841
+ :dry_run,
842
+ :encryption_configuration)
813
843
  SENSITIVE = []
814
844
  include Aws::Structure
815
845
  end
@@ -972,10 +1002,10 @@ module Aws::NetworkFirewall
972
1002
  end
973
1003
 
974
1004
  # @!attribute [rw] firewall
975
- # The firewall defines the configuration settings for an AWS Network
1005
+ # The firewall defines the configuration settings for an Network
976
1006
  # Firewall firewall. These settings include the firewall policy, the
977
1007
  # subnets in your VPC to use for the firewall endpoints, and any tags
978
- # that are attached to the firewall AWS resource.
1008
+ # that are attached to the firewall Amazon Web Services resource.
979
1009
  #
980
1010
  # The status of the firewall, for example whether it's ready to
981
1011
  # filter network traffic, is provided in the corresponding
@@ -1250,7 +1280,7 @@ module Aws::NetworkFirewall
1250
1280
  # @return [String]
1251
1281
  #
1252
1282
  # @!attribute [rw] logging_configuration
1253
- # Defines how AWS Network Firewall performs logging for a Firewall.
1283
+ # Defines how Network Firewall performs logging for a Firewall.
1254
1284
  # @return [Types::LoggingConfiguration]
1255
1285
  #
1256
1286
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeLoggingConfigurationResponse AWS API Documentation
@@ -1283,7 +1313,7 @@ module Aws::NetworkFirewall
1283
1313
  end
1284
1314
 
1285
1315
  # @!attribute [rw] policy
1286
- # The AWS Identity and Access Management policy for the resource.
1316
+ # The IAM policy for the resource.
1287
1317
  # @return [String]
1288
1318
  #
1289
1319
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeResourcePolicyResponse AWS API Documentation
@@ -1459,10 +1489,10 @@ module Aws::NetworkFirewall
1459
1489
  # RuleGroupResponse, define the rule group. You can retrieve all
1460
1490
  # objects for a rule group by calling DescribeRuleGroup.
1461
1491
  #
1462
- # AWS Network Firewall uses a rule group to inspect and control
1463
- # network traffic. You define stateless rule groups to inspect
1464
- # individual packets and you define stateful rule groups to inspect
1465
- # packets in the context of their traffic flow.
1492
+ # Network Firewall uses a rule group to inspect and control network
1493
+ # traffic. You define stateless rule groups to inspect individual
1494
+ # packets and you define stateful rule groups to inspect packets in
1495
+ # the context of their traffic flow.
1466
1496
  #
1467
1497
  # To use a rule group, you include it by reference in an Network
1468
1498
  # Firewall firewall policy, then you use the policy in a firewall. You
@@ -1491,7 +1521,7 @@ module Aws::NetworkFirewall
1491
1521
  # metric dimension is a name/value pair that's part of the identity of
1492
1522
  # a metric.
1493
1523
  #
1494
- # AWS Network Firewall sets the dimension name to `CustomAction` and you
1524
+ # Network Firewall sets the dimension name to `CustomAction` and you
1495
1525
  # provide the dimension value.
1496
1526
  #
1497
1527
  # For more information about CloudWatch custom metric dimensions, see
@@ -1625,10 +1655,59 @@ module Aws::NetworkFirewall
1625
1655
  include Aws::Structure
1626
1656
  end
1627
1657
 
1628
- # The firewall defines the configuration settings for an AWS Network
1658
+ # A complex type that contains optional Amazon Web Services Key
1659
+ # Management Service (KMS) encryption settings for your Network Firewall
1660
+ # resources. Your data is encrypted by default with an Amazon Web
1661
+ # Services owned key that Amazon Web Services owns and manages for you.
1662
+ # You can use either the Amazon Web Services owned key, or provide your
1663
+ # own customer managed key. To learn more about KMS encryption of your
1664
+ # Network Firewall resources, see [Encryption at rest with Amazon Web
1665
+ # Services Key Managment Service][1] in the *Network Firewall Developer
1666
+ # Guide*.
1667
+ #
1668
+ #
1669
+ #
1670
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
1671
+ #
1672
+ # @note When making an API call, you may pass EncryptionConfiguration
1673
+ # data as a hash:
1674
+ #
1675
+ # {
1676
+ # key_id: "KeyId",
1677
+ # type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
1678
+ # }
1679
+ #
1680
+ # @!attribute [rw] key_id
1681
+ # The ID of the Amazon Web Services Key Management Service (KMS)
1682
+ # customer managed key. You can use any of the key identifiers that
1683
+ # KMS supports, unless you're using a key that's managed by another
1684
+ # account. If you're using a key managed by another account, then
1685
+ # specify the key ARN. For more information, see [Key ID][1] in the
1686
+ # *Amazon Web Services KMS Developer Guide*.
1687
+ #
1688
+ #
1689
+ #
1690
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
1691
+ # @return [String]
1692
+ #
1693
+ # @!attribute [rw] type
1694
+ # The type of Amazon Web Services KMS key to use for encryption of
1695
+ # your Network Firewall resources.
1696
+ # @return [String]
1697
+ #
1698
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/EncryptionConfiguration AWS API Documentation
1699
+ #
1700
+ class EncryptionConfiguration < Struct.new(
1701
+ :key_id,
1702
+ :type)
1703
+ SENSITIVE = []
1704
+ include Aws::Structure
1705
+ end
1706
+
1707
+ # The firewall defines the configuration settings for an Network
1629
1708
  # Firewall firewall. These settings include the firewall policy, the
1630
1709
  # subnets in your VPC to use for the firewall endpoints, and any tags
1631
- # that are attached to the firewall AWS resource.
1710
+ # that are attached to the firewall Amazon Web Services resource.
1632
1711
  #
1633
1712
  # The status of the firewall, for example whether it's ready to filter
1634
1713
  # network traffic, is provided in the corresponding FirewallStatus. You
@@ -1695,6 +1774,11 @@ module Aws::NetworkFirewall
1695
1774
  # @!attribute [rw] tags
1696
1775
  # @return [Array<Types::Tag>]
1697
1776
  #
1777
+ # @!attribute [rw] encryption_configuration
1778
+ # A complex type that contains the Amazon Web Services KMS encryption
1779
+ # configuration settings for your firewall.
1780
+ # @return [Types::EncryptionConfiguration]
1781
+ #
1698
1782
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Firewall AWS API Documentation
1699
1783
  #
1700
1784
  class Firewall < Struct.new(
@@ -1708,7 +1792,8 @@ module Aws::NetworkFirewall
1708
1792
  :firewall_policy_change_protection,
1709
1793
  :description,
1710
1794
  :firewall_id,
1711
- :tags)
1795
+ :tags,
1796
+ :encryption_configuration)
1712
1797
  SENSITIVE = []
1713
1798
  include Aws::Structure
1714
1799
  end
@@ -1850,12 +1935,12 @@ module Aws::NetworkFirewall
1850
1935
  #
1851
1936
  # * aws:alert\_established
1852
1937
  #
1853
- # For more information, see [Strict evaluation order][1] in the *AWS
1854
- # Network Firewall Developer Guide*.
1938
+ # For more information, see [Strict evaluation order][1] in the
1939
+ # *Network Firewall Developer Guide*.
1855
1940
  #
1856
1941
  #
1857
1942
  #
1858
- # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-strict-rule-evaluation-order.html
1943
+ # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-strict-rule-evaluation-order.html
1859
1944
  # @return [Array<String>]
1860
1945
  #
1861
1946
  # @!attribute [rw] stateful_engine_options
@@ -1954,6 +2039,11 @@ module Aws::NetworkFirewall
1954
2039
  # policy.
1955
2040
  # @return [Integer]
1956
2041
  #
2042
+ # @!attribute [rw] encryption_configuration
2043
+ # A complex type that contains the Amazon Web Services KMS encryption
2044
+ # configuration settings for your firewall policy.
2045
+ # @return [Types::EncryptionConfiguration]
2046
+ #
1957
2047
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicyResponse AWS API Documentation
1958
2048
  #
1959
2049
  class FirewallPolicyResponse < Struct.new(
@@ -1965,7 +2055,8 @@ module Aws::NetworkFirewall
1965
2055
  :tags,
1966
2056
  :consumed_stateless_rule_capacity,
1967
2057
  :consumed_stateful_rule_capacity,
1968
- :number_of_associations)
2058
+ :number_of_associations,
2059
+ :encryption_configuration)
1969
2060
  SENSITIVE = []
1970
2061
  include Aws::Structure
1971
2062
  end
@@ -2018,9 +2109,9 @@ module Aws::NetworkFirewall
2018
2109
  include Aws::Structure
2019
2110
  end
2020
2111
 
2021
- # The basic rule criteria for AWS Network Firewall to use to inspect
2022
- # packet headers in stateful traffic flow inspection. Traffic flows that
2023
- # match the criteria are a match for the corresponding StatefulRule.
2112
+ # The basic rule criteria for Network Firewall to use to inspect packet
2113
+ # headers in stateful traffic flow inspection. Traffic flows that match
2114
+ # the criteria are a match for the corresponding StatefulRule.
2024
2115
  #
2025
2116
  # @note When making an API call, you may pass Header
2026
2117
  # data as a hash:
@@ -2036,7 +2127,8 @@ module Aws::NetworkFirewall
2036
2127
  #
2037
2128
  # @!attribute [rw] protocol
2038
2129
  # The protocol to inspect for. To specify all, you can use `IP`,
2039
- # because all traffic on AWS and on the internet is IP.
2130
+ # because all traffic on Amazon Web Services and on the internet is
2131
+ # IP.
2040
2132
  # @return [String]
2041
2133
  #
2042
2134
  # @!attribute [rw] source
@@ -2142,8 +2234,8 @@ module Aws::NetworkFirewall
2142
2234
  include Aws::Structure
2143
2235
  end
2144
2236
 
2145
- # AWS doesn't currently have enough available capacity to fulfill your
2146
- # request. Try your request later.
2237
+ # Amazon Web Services doesn't currently have enough available capacity
2238
+ # to fulfill your request. Try your request later.
2147
2239
  #
2148
2240
  # @!attribute [rw] message
2149
2241
  # @return [String]
@@ -2486,10 +2578,10 @@ module Aws::NetworkFirewall
2486
2578
  include Aws::Structure
2487
2579
  end
2488
2580
 
2489
- # Defines where AWS Network Firewall sends logs for the firewall for one
2490
- # log type. This is used in LoggingConfiguration. You can send each type
2491
- # of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis
2492
- # Data Firehose delivery stream.
2581
+ # Defines where Network Firewall sends logs for the firewall for one log
2582
+ # type. This is used in LoggingConfiguration. You can send each type of
2583
+ # log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data
2584
+ # Firehose delivery stream.
2493
2585
  #
2494
2586
  # Network Firewall generates logs for stateful rule groups. You can save
2495
2587
  # alert and flow log types. The stateful rules engine records flow logs
@@ -2570,7 +2662,7 @@ module Aws::NetworkFirewall
2570
2662
  include Aws::Structure
2571
2663
  end
2572
2664
 
2573
- # Defines how AWS Network Firewall performs logging for a Firewall.
2665
+ # Defines how Network Firewall performs logging for a Firewall.
2574
2666
  #
2575
2667
  # @note When making an API call, you may pass LoggingConfiguration
2576
2668
  # data as a hash:
@@ -2813,10 +2905,9 @@ module Aws::NetworkFirewall
2813
2905
  # @return [String]
2814
2906
  #
2815
2907
  # @!attribute [rw] policy
2816
- # The AWS Identity and Access Management policy statement that lists
2817
- # the accounts that you want to share your rule group or firewall
2818
- # policy with and the operations that you want the accounts to be able
2819
- # to perform.
2908
+ # The IAM policy statement that lists the accounts that you want to
2909
+ # share your rule group or firewall policy with and the operations
2910
+ # that you want the accounts to be able to perform.
2820
2911
  #
2821
2912
  # For a rule group resource, you can specify the following operations
2822
2913
  # in the Actions section of the statement:
@@ -2882,7 +2973,7 @@ module Aws::NetworkFirewall
2882
2973
  include Aws::Structure
2883
2974
  end
2884
2975
 
2885
- # The inspection criteria and action for a single stateless rule. AWS
2976
+ # The inspection criteria and action for a single stateless rule.
2886
2977
  # Network Firewall inspects each packet for the specified matching
2887
2978
  # criteria. When a packet matches the criteria, Network Firewall
2888
2979
  # performs the rule's actions on the packet.
@@ -2983,7 +3074,7 @@ module Aws::NetworkFirewall
2983
3074
  # RuleGroupResponse, define the rule group. You can retrieve all objects
2984
3075
  # for a rule group by calling DescribeRuleGroup.
2985
3076
  #
2986
- # AWS Network Firewall uses a rule group to inspect and control network
3077
+ # Network Firewall uses a rule group to inspect and control network
2987
3078
  # traffic. You define stateless rule groups to inspect individual
2988
3079
  # packets and you define stateful rule groups to inspect packets in the
2989
3080
  # context of their traffic flow.
@@ -3206,6 +3297,11 @@ module Aws::NetworkFirewall
3206
3297
  # The number of firewall policies that use this rule group.
3207
3298
  # @return [Integer]
3208
3299
  #
3300
+ # @!attribute [rw] encryption_configuration
3301
+ # A complex type that contains the Amazon Web Services KMS encryption
3302
+ # configuration settings for your rule group.
3303
+ # @return [Types::EncryptionConfiguration]
3304
+ #
3209
3305
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroupResponse AWS API Documentation
3210
3306
  #
3211
3307
  class RuleGroupResponse < Struct.new(
@@ -3218,7 +3314,8 @@ module Aws::NetworkFirewall
3218
3314
  :rule_group_status,
3219
3315
  :tags,
3220
3316
  :consumed_capacity,
3221
- :number_of_associations)
3317
+ :number_of_associations,
3318
+ :encryption_configuration)
3222
3319
  SENSITIVE = []
3223
3320
  include Aws::Structure
3224
3321
  end
@@ -3428,7 +3525,7 @@ module Aws::NetworkFirewall
3428
3525
  # `HOME_NET` rule variable to include the CIDR range of the deployment
3429
3526
  # VPC plus the other CIDR ranges. For more information, see
3430
3527
  # RuleVariables in this guide and [Stateful domain list rule groups in
3431
- # AWS Network Firewall][1] in the *Network Firewall Developer Guide*.
3528
+ # Network Firewall][1] in the *Network Firewall Developer Guide*.
3432
3529
  #
3433
3530
  #
3434
3531
  #
@@ -3492,7 +3589,7 @@ module Aws::NetworkFirewall
3492
3589
  # rules are provided to the rule engine as Suricata compatible
3493
3590
  # strings, and Suricata evaluates them based on certain settings. For
3494
3591
  # more information, see [Evaluation order for stateful rules][1] in
3495
- # the *AWS Network Firewall Developer Guide*.
3592
+ # the *Network Firewall Developer Guide*.
3496
3593
  #
3497
3594
  #
3498
3595
  #
@@ -3671,7 +3768,7 @@ module Aws::NetworkFirewall
3671
3768
  # rules are provided to the rule engine as Suricata compatible
3672
3769
  # strings, and Suricata evaluates them based on certain settings. For
3673
3770
  # more information, see [Evaluation order for stateful rules][1] in
3674
- # the *AWS Network Firewall Developer Guide*.
3771
+ # the *Network Firewall Developer Guide*.
3675
3772
  #
3676
3773
  #
3677
3774
  #
@@ -3880,7 +3977,7 @@ module Aws::NetworkFirewall
3880
3977
  end
3881
3978
 
3882
3979
  # The ID for a subnet that you want to associate with the firewall. This
3883
- # is used with CreateFirewall and AssociateSubnets. AWS Network Firewall
3980
+ # is used with CreateFirewall and AssociateSubnets. Network Firewall
3884
3981
  # creates an instance of the associated firewall in each subnet that you
3885
3982
  # specify, to filter traffic in the subnet's Availability Zone.
3886
3983
  #
@@ -3906,7 +4003,7 @@ module Aws::NetworkFirewall
3906
4003
  # The status of the firewall endpoint and firewall policy configuration
3907
4004
  # for a single VPC subnet.
3908
4005
  #
3909
- # For each VPC subnet that you associate with a firewall, AWS Network
4006
+ # For each VPC subnet that you associate with a firewall, Network
3910
4007
  # Firewall does the following:
3911
4008
  #
3912
4009
  # * Instantiates a firewall endpoint in the subnet, ready to take
@@ -3987,12 +4084,12 @@ module Aws::NetworkFirewall
3987
4084
  include Aws::Structure
3988
4085
  end
3989
4086
 
3990
- # A key:value pair associated with an AWS resource. The key:value pair
3991
- # can be anything you define. Typically, the tag key represents a
3992
- # category (such as "environment") and the tag value represents a
3993
- # specific value within that category (such as "test,"
4087
+ # A key:value pair associated with an Amazon Web Services resource. The
4088
+ # key:value pair can be anything you define. Typically, the tag key
4089
+ # represents a category (such as "environment") and the tag value
4090
+ # represents a specific value within that category (such as "test,"
3994
4091
  # "development," or "production"). You can add up to 50 tags to each
3995
- # AWS resource.
4092
+ # Amazon Web Services resource.
3996
4093
  #
3997
4094
  # @note When making an API call, you may pass Tag
3998
4095
  # data as a hash:
@@ -4323,6 +4420,131 @@ module Aws::NetworkFirewall
4323
4420
  include Aws::Structure
4324
4421
  end
4325
4422
 
4423
+ # @note When making an API call, you may pass UpdateFirewallEncryptionConfigurationRequest
4424
+ # data as a hash:
4425
+ #
4426
+ # {
4427
+ # update_token: "UpdateToken",
4428
+ # firewall_arn: "ResourceArn",
4429
+ # firewall_name: "ResourceName",
4430
+ # encryption_configuration: {
4431
+ # key_id: "KeyId",
4432
+ # type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
4433
+ # },
4434
+ # }
4435
+ #
4436
+ # @!attribute [rw] update_token
4437
+ # An optional token that you can use for optimistic locking. Network
4438
+ # Firewall returns a token to your requests that access the firewall.
4439
+ # The token marks the state of the firewall resource at the time of
4440
+ # the request.
4441
+ #
4442
+ # To make an unconditional change to the firewall, omit the token in
4443
+ # your update request. Without the token, Network Firewall performs
4444
+ # your updates regardless of whether the firewall has changed since
4445
+ # you last retrieved it.
4446
+ #
4447
+ # To make a conditional change to the firewall, provide the token in
4448
+ # your update request. Network Firewall uses the token to ensure that
4449
+ # the firewall hasn't changed since you last retrieved it. If it has
4450
+ # changed, the operation fails with an `InvalidTokenException`. If
4451
+ # this happens, retrieve the firewall again to get a current copy of
4452
+ # it with a new token. Reapply your changes as needed, then try the
4453
+ # operation again using the new token.
4454
+ # @return [String]
4455
+ #
4456
+ # @!attribute [rw] firewall_arn
4457
+ # The Amazon Resource Name (ARN) of the firewall.
4458
+ # @return [String]
4459
+ #
4460
+ # @!attribute [rw] firewall_name
4461
+ # The descriptive name of the firewall. You can't change the name of
4462
+ # a firewall after you create it.
4463
+ # @return [String]
4464
+ #
4465
+ # @!attribute [rw] encryption_configuration
4466
+ # A complex type that contains optional Amazon Web Services Key
4467
+ # Management Service (KMS) encryption settings for your Network
4468
+ # Firewall resources. Your data is encrypted by default with an Amazon
4469
+ # Web Services owned key that Amazon Web Services owns and manages for
4470
+ # you. You can use either the Amazon Web Services owned key, or
4471
+ # provide your own customer managed key. To learn more about KMS
4472
+ # encryption of your Network Firewall resources, see [Encryption at
4473
+ # rest with Amazon Web Services Key Managment Service][1] in the
4474
+ # *Network Firewall Developer Guide*.
4475
+ #
4476
+ #
4477
+ #
4478
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
4479
+ # @return [Types::EncryptionConfiguration]
4480
+ #
4481
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfigurationRequest AWS API Documentation
4482
+ #
4483
+ class UpdateFirewallEncryptionConfigurationRequest < Struct.new(
4484
+ :update_token,
4485
+ :firewall_arn,
4486
+ :firewall_name,
4487
+ :encryption_configuration)
4488
+ SENSITIVE = []
4489
+ include Aws::Structure
4490
+ end
4491
+
4492
+ # @!attribute [rw] firewall_arn
4493
+ # The Amazon Resource Name (ARN) of the firewall.
4494
+ # @return [String]
4495
+ #
4496
+ # @!attribute [rw] firewall_name
4497
+ # The descriptive name of the firewall. You can't change the name of
4498
+ # a firewall after you create it.
4499
+ # @return [String]
4500
+ #
4501
+ # @!attribute [rw] update_token
4502
+ # An optional token that you can use for optimistic locking. Network
4503
+ # Firewall returns a token to your requests that access the firewall.
4504
+ # The token marks the state of the firewall resource at the time of
4505
+ # the request.
4506
+ #
4507
+ # To make an unconditional change to the firewall, omit the token in
4508
+ # your update request. Without the token, Network Firewall performs
4509
+ # your updates regardless of whether the firewall has changed since
4510
+ # you last retrieved it.
4511
+ #
4512
+ # To make a conditional change to the firewall, provide the token in
4513
+ # your update request. Network Firewall uses the token to ensure that
4514
+ # the firewall hasn't changed since you last retrieved it. If it has
4515
+ # changed, the operation fails with an `InvalidTokenException`. If
4516
+ # this happens, retrieve the firewall again to get a current copy of
4517
+ # it with a new token. Reapply your changes as needed, then try the
4518
+ # operation again using the new token.
4519
+ # @return [String]
4520
+ #
4521
+ # @!attribute [rw] encryption_configuration
4522
+ # A complex type that contains optional Amazon Web Services Key
4523
+ # Management Service (KMS) encryption settings for your Network
4524
+ # Firewall resources. Your data is encrypted by default with an Amazon
4525
+ # Web Services owned key that Amazon Web Services owns and manages for
4526
+ # you. You can use either the Amazon Web Services owned key, or
4527
+ # provide your own customer managed key. To learn more about KMS
4528
+ # encryption of your Network Firewall resources, see [Encryption at
4529
+ # rest with Amazon Web Services Key Managment Service][1] in the
4530
+ # *Network Firewall Developer Guide*.
4531
+ #
4532
+ #
4533
+ #
4534
+ # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
4535
+ # @return [Types::EncryptionConfiguration]
4536
+ #
4537
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfigurationResponse AWS API Documentation
4538
+ #
4539
+ class UpdateFirewallEncryptionConfigurationResponse < Struct.new(
4540
+ :firewall_arn,
4541
+ :firewall_name,
4542
+ :update_token,
4543
+ :encryption_configuration)
4544
+ SENSITIVE = []
4545
+ include Aws::Structure
4546
+ end
4547
+
4326
4548
  # @note When making an API call, you may pass UpdateFirewallPolicyChangeProtectionRequest
4327
4549
  # data as a hash:
4328
4550
  #
@@ -4479,6 +4701,10 @@ module Aws::NetworkFirewall
4479
4701
  # },
4480
4702
  # description: "Description",
4481
4703
  # dry_run: false,
4704
+ # encryption_configuration: {
4705
+ # key_id: "KeyId",
4706
+ # type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
4707
+ # },
4482
4708
  # }
4483
4709
  #
4484
4710
  # @!attribute [rw] update_token
@@ -4532,6 +4758,11 @@ module Aws::NetworkFirewall
4532
4758
  # your resources.
4533
4759
  # @return [Boolean]
4534
4760
  #
4761
+ # @!attribute [rw] encryption_configuration
4762
+ # A complex type that contains settings for encryption of your
4763
+ # firewall policy resources.
4764
+ # @return [Types::EncryptionConfiguration]
4765
+ #
4535
4766
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicyRequest AWS API Documentation
4536
4767
  #
4537
4768
  class UpdateFirewallPolicyRequest < Struct.new(
@@ -4540,7 +4771,8 @@ module Aws::NetworkFirewall
4540
4771
  :firewall_policy_name,
4541
4772
  :firewall_policy,
4542
4773
  :description,
4543
- :dry_run)
4774
+ :dry_run,
4775
+ :encryption_configuration)
4544
4776
  SENSITIVE = []
4545
4777
  include Aws::Structure
4546
4778
  end
@@ -4632,7 +4864,7 @@ module Aws::NetworkFirewall
4632
4864
  # @return [String]
4633
4865
  #
4634
4866
  # @!attribute [rw] logging_configuration
4635
- # Defines how AWS Network Firewall performs logging for a Firewall.
4867
+ # Defines how Network Firewall performs logging for a Firewall.
4636
4868
  # @return [Types::LoggingConfiguration]
4637
4869
  #
4638
4870
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateLoggingConfigurationResponse AWS API Documentation
@@ -4755,6 +4987,10 @@ module Aws::NetworkFirewall
4755
4987
  # type: "STATELESS", # accepts STATELESS, STATEFUL
4756
4988
  # description: "Description",
4757
4989
  # dry_run: false,
4990
+ # encryption_configuration: {
4991
+ # key_id: "KeyId",
4992
+ # type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
4993
+ # },
4758
4994
  # }
4759
4995
  #
4760
4996
  # @!attribute [rw] update_token
@@ -4840,6 +5076,11 @@ module Aws::NetworkFirewall
4840
5076
  # your resources.
4841
5077
  # @return [Boolean]
4842
5078
  #
5079
+ # @!attribute [rw] encryption_configuration
5080
+ # A complex type that contains settings for encryption of your rule
5081
+ # group resources.
5082
+ # @return [Types::EncryptionConfiguration]
5083
+ #
4843
5084
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroupRequest AWS API Documentation
4844
5085
  #
4845
5086
  class UpdateRuleGroupRequest < Struct.new(
@@ -4850,7 +5091,8 @@ module Aws::NetworkFirewall
4850
5091
  :rules,
4851
5092
  :type,
4852
5093
  :description,
4853
- :dry_run)
5094
+ :dry_run,
5095
+ :encryption_configuration)
4854
5096
  SENSITIVE = []
4855
5097
  include Aws::Structure
4856
5098
  end
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
48
48
  # @!group service
49
49
  module Aws::NetworkFirewall
50
50
 
51
- GEM_VERSION = '1.13.0'
51
+ GEM_VERSION = '1.16.0'
52
52
 
53
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-networkfirewall
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.13.0
4
+ version: 1.16.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-12-21 00:00:00.000000000 Z
11
+ date: 2022-04-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '3'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
- version: 3.125.0
22
+ version: 3.127.0
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: '3'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
- version: 3.125.0
32
+ version: 3.127.0
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: aws-sigv4
35
35
  requirement: !ruby/object:Gem::Requirement