aws-sdk-networkfirewall 1.14.0 → 1.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5952b132fa432ad88f6d142a594f248fbcab51ee2b8ca38646d33648540697c0
-  data.tar.gz: 8ae99d0ef1b50377b7d8bb6cd49b9d9821c1e7af1454f905bcb43bc77b7df08e
+  metadata.gz: 60568c36adf25b6241c56a258da43d9508a482b29824db13da6fc88ea6c19954
+  data.tar.gz: a558af3d1058a75f0cadb7059cff44998938105e925af9cc7406e16736cd5666
 SHA512:
-  metadata.gz: 3b787ca080d2221d65fc78ecc2deaffab39b4a690e04530d073359b79aed5e460b2bfacac57d18f57e25c27ca637cf0c3ca06109ac565a5d31fed6aab07e560d
-  data.tar.gz: 97dde2e7af7718934fb2d3da37899885f35288562996f13bbfcf893f07fe1cd6dc79de9d3227ecce0cf62e520c3c8190afaa0abe15424982b2b48f0c70ca7f0e
+  metadata.gz: d6fb0da54ec27b4367ce6b01bae549d0345b4b308e6d62fa6eb604eabc3d8150894445a456abcf2463cfb614ea7c609eaedf96e1fe379d72d96e06cd7a2b9c17
+  data.tar.gz: 213ce4bcb8657bad5bc2e6b4c44197f13f10deafc02a9eb8ff5f6b4a25203b71ca0c748c79686f159b60cf8df70d7619321ba97c3f9b6a872e23977eaf804f02

data/CHANGELOG.md

@@ -1,6 +1,21 @@
 Unreleased Changes
 ------------------
 
+1.17.0 (2022-04-28)
+------------------
+
+* Feature - AWS Network Firewall adds support for stateful threat signature AWS managed rule groups.
+
+1.16.0 (2022-04-26)
+------------------
+
+* Feature - AWS Network Firewall now enables customers to use a customer managed AWS KMS key for the encryption of their firewall resources.
+
+1.15.0 (2022-02-24)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.14.0 (2022-02-03)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.14.0
+1.17.0

data/lib/aws-sdk-networkfirewall/client.rb

@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
+require 'aws-sdk-core/plugins/checksum_algorithm.rb'
 require 'aws-sdk-core/plugins/defaults_mode.rb'
 require 'aws-sdk-core/plugins/recursion_detection.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
@@ -75,6 +76,7 @@ module Aws::NetworkFirewall
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
+    add_plugin(Aws::Plugins::ChecksumAlgorithm)
     add_plugin(Aws::Plugins::DefaultsMode)
     add_plugin(Aws::Plugins::RecursionDetection)
     add_plugin(Aws::Plugins::SignatureV4)
@@ -435,8 +437,8 @@ module Aws::NetworkFirewall
     # You can specify one subnet for each of the Availability Zones that the
     # VPC spans.
     #
-    # This request creates an AWS Network Firewall firewall endpoint in each
-    # of the subnets. To enable the firewall's protections, you must also
+    # This request creates an Network Firewall firewall endpoint in each of
+    # the subnets. To enable the firewall's protections, you must also
     # modify the VPC's route tables for each subnet's Availability Zone,
     # to redirect the traffic that's coming into and going out of the zone
     # through the firewall endpoint.
@@ -511,14 +513,14 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
 
-    # Creates an AWS Network Firewall Firewall and accompanying
-    # FirewallStatus for a VPC.
+    # Creates an Network Firewall Firewall and accompanying FirewallStatus
+    # for a VPC.
     #
-    # The firewall defines the configuration settings for an AWS Network
+    # The firewall defines the configuration settings for an Network
     # Firewall firewall. The settings that you can define at creation
     # include the firewall policy, the subnets in your VPC to use for the
-    # firewall endpoints, and any tags that are attached to the firewall AWS
-    # resource.
+    # firewall endpoints, and any tags that are attached to the firewall
+    # Amazon Web Services resource.
     #
     # After you create a firewall, you can provide additional settings, like
     # the logging configuration.
@@ -528,8 +530,9 @@ module Aws::NetworkFirewall
     # UpdateLoggingConfiguration, AssociateSubnets, and
     # UpdateFirewallDeleteProtection.
     #
-    # To manage a firewall's tags, use the standard AWS resource tagging
-    # operations, ListTagsForResource, TagResource, and UntagResource.
+    # To manage a firewall's tags, use the standard Amazon Web Services
+    # resource tagging operations, ListTagsForResource, TagResource, and
+    # UntagResource.
     #
     # To retrieve information about firewalls, use ListFirewalls and
     # DescribeFirewall.
@@ -580,6 +583,10 @@ module Aws::NetworkFirewall
     # @option params [Array<Types::Tag>] :tags
     #   The key:value pairs to associate with the resource.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your firewall
+    #   resources.
+    #
     # @return [Types::CreateFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateFirewallResponse#firewall #firewall} => Types::Firewall
@@ -606,6 +613,10 @@ module Aws::NetworkFirewall
     #         value: "TagValue", # required
     #       },
     #     ],
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -624,6 +635,8 @@ module Aws::NetworkFirewall
     #   resp.firewall.tags #=> Array
     #   resp.firewall.tags[0].key #=> String
     #   resp.firewall.tags[0].value #=> String
+    #   resp.firewall.encryption_configuration.key_id #=> String
+    #   resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #   resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
     #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
     #   resp.firewall_status.sync_states #=> Hash
@@ -646,7 +659,7 @@ module Aws::NetworkFirewall
     # Creates the firewall policy for the firewall according to the
     # specifications.
     #
-    # An AWS Network Firewall firewall policy defines the behavior of a
+    # An Network Firewall firewall policy defines the behavior of a
     # firewall, in a collection of stateless and stateful rule groups and
     # other settings. You can use one firewall policy for multiple
     # firewalls.
@@ -679,6 +692,10 @@ module Aws::NetworkFirewall
     #   If set to `FALSE`, Network Firewall makes the requested changes to
     #   your resources.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your firewall
+    #   policy resources.
+    #
     # @return [Types::CreateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateFirewallPolicyResponse#update_token #update_token} => String
@@ -733,6 +750,10 @@ module Aws::NetworkFirewall
     #       },
     #     ],
     #     dry_run: false,
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -749,6 +770,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
     #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
     #   resp.firewall_policy_response.number_of_associations #=> Integer
+    #   resp.firewall_policy_response.encryption_configuration.key_id #=> String
+    #   resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.firewall_policy_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicy AWS API Documentation
     #
@@ -867,6 +891,15 @@ module Aws::NetworkFirewall
     #   If set to `FALSE`, Network Firewall makes the requested changes to
     #   your resources.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your rule
+    #   group resources.
+    #
+    # @option params [Types::SourceMetadata] :source_metadata
+    #   A complex type that contains metadata about the rule group that your
+    #   own rule group is copied from. You can use the metadata to keep track
+    #   of updates made to the originating rule group.
+    #
     # @return [Types::CreateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateRuleGroupResponse#update_token #update_token} => String
@@ -986,6 +1019,14 @@ module Aws::NetworkFirewall
     #       },
     #     ],
     #     dry_run: false,
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
+    #     source_metadata: {
+    #       source_arn: "ResourceArn",
+    #       source_update_token: "UpdateToken",
+    #     },
     #   })
     #
     # @example Response structure
@@ -1003,6 +1044,12 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags[0].value #=> String
     #   resp.rule_group_response.consumed_capacity #=> Integer
     #   resp.rule_group_response.number_of_associations #=> Integer
+    #   resp.rule_group_response.encryption_configuration.key_id #=> String
+    #   resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.rule_group_response.source_metadata.source_arn #=> String
+    #   resp.rule_group_response.source_metadata.source_update_token #=> String
+    #   resp.rule_group_response.sns_topic #=> String
+    #   resp.rule_group_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup AWS API Documentation
     #
@@ -1068,6 +1115,8 @@ module Aws::NetworkFirewall
     #   resp.firewall.tags #=> Array
     #   resp.firewall.tags[0].key #=> String
     #   resp.firewall.tags[0].value #=> String
+    #   resp.firewall.encryption_configuration.key_id #=> String
+    #   resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #   resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
     #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
     #   resp.firewall_status.sync_states #=> Hash
@@ -1124,6 +1173,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
     #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
     #   resp.firewall_policy_response.number_of_associations #=> Integer
+    #   resp.firewall_policy_response.encryption_configuration.key_id #=> String
+    #   resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.firewall_policy_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallPolicy AWS API Documentation
     #
@@ -1207,6 +1259,12 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags[0].value #=> String
     #   resp.rule_group_response.consumed_capacity #=> Integer
     #   resp.rule_group_response.number_of_associations #=> Integer
+    #   resp.rule_group_response.encryption_configuration.key_id #=> String
+    #   resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.rule_group_response.source_metadata.source_arn #=> String
+    #   resp.rule_group_response.source_metadata.source_update_token #=> String
+    #   resp.rule_group_response.sns_topic #=> String
+    #   resp.rule_group_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup AWS API Documentation
     #
@@ -1260,6 +1318,8 @@ module Aws::NetworkFirewall
     #   resp.firewall.tags #=> Array
     #   resp.firewall.tags[0].key #=> String
     #   resp.firewall.tags[0].value #=> String
+    #   resp.firewall.encryption_configuration.key_id #=> String
+    #   resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #   resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
     #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
     #   resp.firewall_status.sync_states #=> Hash
@@ -1319,6 +1379,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
     #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
     #   resp.firewall_policy_response.number_of_associations #=> Integer
+    #   resp.firewall_policy_response.encryption_configuration.key_id #=> String
+    #   resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.firewall_policy_response.last_modified_time #=> Time
     #   resp.firewall_policy.stateless_rule_group_references #=> Array
     #   resp.firewall_policy.stateless_rule_group_references[0].resource_arn #=> String
     #   resp.firewall_policy.stateless_rule_group_references[0].priority #=> Integer
@@ -1522,6 +1585,12 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags[0].value #=> String
     #   resp.rule_group_response.consumed_capacity #=> Integer
     #   resp.rule_group_response.number_of_associations #=> Integer
+    #   resp.rule_group_response.encryption_configuration.key_id #=> String
+    #   resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.rule_group_response.source_metadata.source_arn #=> String
+    #   resp.rule_group_response.source_metadata.source_update_token #=> String
+    #   resp.rule_group_response.sns_topic #=> String
+    #   resp.rule_group_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup AWS API Documentation
     #
@@ -1567,6 +1636,7 @@ module Aws::NetworkFirewall
     #   * {Types::DescribeRuleGroupMetadataResponse#type #type} => String
     #   * {Types::DescribeRuleGroupMetadataResponse#capacity #capacity} => Integer
     #   * {Types::DescribeRuleGroupMetadataResponse#stateful_rule_options #stateful_rule_options} => Types::StatefulRuleOptions
+    #   * {Types::DescribeRuleGroupMetadataResponse#last_modified_time #last_modified_time} => Time
     #
     # @example Request syntax with placeholder values
     #
@@ -1584,6 +1654,7 @@ module Aws::NetworkFirewall
     #   resp.type #=> String, one of "STATELESS", "STATEFUL"
     #   resp.capacity #=> Integer
     #   resp.stateful_rule_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
+    #   resp.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadata AWS API Documentation
     #
@@ -1789,6 +1860,15 @@ module Aws::NetworkFirewall
     #   setting of `NULL` returns all of the rule groups in your account. A
     #   setting of `MANAGED` returns all available managed rule groups.
     #
+    # @option params [String] :managed_type
+    #   Indicates the general category of the Amazon Web Services managed rule
+    #   group.
+    #
+    # @option params [String] :type
+    #   Indicates whether the rule group is stateless or stateful. If the rule
+    #   group is stateless, it contains stateless rules. If it is stateful, it
+    #   contains stateful rules.
+    #
     # @return [Types::ListRuleGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListRuleGroupsResponse#next_token #next_token} => String
@@ -1802,6 +1882,8 @@ module Aws::NetworkFirewall
     #     next_token: "PaginationToken",
     #     max_results: 1,
     #     scope: "MANAGED", # accepts MANAGED, ACCOUNT
+    #     managed_type: "AWS_MANAGED_THREAT_SIGNATURES", # accepts AWS_MANAGED_THREAT_SIGNATURES, AWS_MANAGED_DOMAIN_LISTS
+    #     type: "STATELESS", # accepts STATELESS, STATEFUL
     #   })
     #
     # @example Response structure
@@ -1824,11 +1906,11 @@ module Aws::NetworkFirewall
     # key:value pairs that you can use to categorize and manage your
     # resources, for purposes like billing. For example, you might set the
     # tag key to "customer" and the value to the customer name or ID. You
-    # can specify one or more tags to add to each AWS resource, up to 50
-    # tags for a resource.
+    # can specify one or more tags to add to each Amazon Web Services
+    # resource, up to 50 tags for a resource.
     #
-    # You can tag the AWS resources that you manage through AWS Network
-    # Firewall: firewalls, firewall policies, and rule groups.
+    # You can tag the Amazon Web Services resources that you manage through
+    # Network Firewall: firewalls, firewall policies, and rule groups.
     #
     # @option params [String] :next_token
     #   When you request a list of objects with a `MaxResults` setting, if the
@@ -1877,11 +1959,11 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
 
-    # Creates or updates an AWS Identity and Access Management policy for
-    # your rule group or firewall policy. Use this to share rule groups and
-    # firewall policies between accounts. This operation works in
-    # conjunction with the AWS Resource Access Manager (RAM) service to
-    # manage resource sharing for Network Firewall.
+    # Creates or updates an IAM policy for your rule group or firewall
+    # policy. Use this to share rule groups and firewall policies between
+    # accounts. This operation works in conjunction with the Amazon Web
+    # Services Resource Access Manager (RAM) service to manage resource
+    # sharing for Network Firewall.
     #
     # Use this operation to create or update a resource policy for your rule
     # group or firewall policy. In the policy, you specify the accounts that
@@ -1898,8 +1980,8 @@ module Aws::NetworkFirewall
     # * [AcceptResourceShareInvitation][2] - Accepts the share invitation
     #   for a specified resource share.
     #
-    # For additional information about resource sharing using RAM, see [AWS
-    # Resource Access Manager User Guide][3].
+    # For additional information about resource sharing using RAM, see
+    # [Resource Access Manager User Guide][3].
     #
     #
     #
@@ -1912,10 +1994,9 @@ module Aws::NetworkFirewall
     #   rule groups and firewall policies with.
     #
     # @option params [required, String] :policy
-    #   The AWS Identity and Access Management policy statement that lists the
-    #   accounts that you want to share your rule group or firewall policy
-    #   with and the operations that you want the accounts to be able to
-    #   perform.
+    #   The IAM policy statement that lists the accounts that you want to
+    #   share your rule group or firewall policy with and the operations that
+    #   you want the accounts to be able to perform.
     #
     #   For a rule group resource, you can specify the following operations in
     #   the Actions section of the statement:
@@ -1963,11 +2044,11 @@ module Aws::NetworkFirewall
     # pairs that you can use to categorize and manage your resources, for
     # purposes like billing. For example, you might set the tag key to
     # "customer" and the value to the customer name or ID. You can specify
-    # one or more tags to add to each AWS resource, up to 50 tags for a
-    # resource.
+    # one or more tags to add to each Amazon Web Services resource, up to 50
+    # tags for a resource.
     #
-    # You can tag the AWS resources that you manage through AWS Network
-    # Firewall: firewalls, firewall policies, and rule groups.
+    # You can tag the Amazon Web Services resources that you manage through
+    # Network Firewall: firewalls, firewall policies, and rule groups.
     #
     # @option params [required, String] :resource_arn
     #   The Amazon Resource Name (ARN) of the resource.
@@ -2001,11 +2082,12 @@ module Aws::NetworkFirewall
     # Tags are key:value pairs that you can use to categorize and manage
     # your resources, for purposes like billing. For example, you might set
     # the tag key to "customer" and the value to the customer name or ID.
-    # You can specify one or more tags to add to each AWS resource, up to 50
-    # tags for a resource.
+    # You can specify one or more tags to add to each Amazon Web Services
+    # resource, up to 50 tags for a resource.
     #
-    # You can manage tags for the AWS resources that you manage through AWS
-    # Network Firewall: firewalls, firewall policies, and rule groups.
+    # You can manage tags for the Amazon Web Services resources that you
+    # manage through Network Firewall: firewalls, firewall policies, and
+    # rule groups.
     #
     # @option params [required, String] :resource_arn
     #   The Amazon Resource Name (ARN) of the resource.
@@ -2174,6 +2256,86 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
 
+    # A complex type that contains settings for encryption of your firewall
+    # resources.
+    #
+    # @option params [String] :update_token
+    #   An optional token that you can use for optimistic locking. Network
+    #   Firewall returns a token to your requests that access the firewall.
+    #   The token marks the state of the firewall resource at the time of the
+    #   request.
+    #
+    #   To make an unconditional change to the firewall, omit the token in
+    #   your update request. Without the token, Network Firewall performs your
+    #   updates regardless of whether the firewall has changed since you last
+    #   retrieved it.
+    #
+    #   To make a conditional change to the firewall, provide the token in
+    #   your update request. Network Firewall uses the token to ensure that
+    #   the firewall hasn't changed since you last retrieved it. If it has
+    #   changed, the operation fails with an `InvalidTokenException`. If this
+    #   happens, retrieve the firewall again to get a current copy of it with
+    #   a new token. Reapply your changes as needed, then try the operation
+    #   again using the new token.
+    #
+    # @option params [String] :firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    # @option params [String] :firewall_name
+    #   The descriptive name of the firewall. You can't change the name of a
+    #   firewall after you create it.
+    #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains optional Amazon Web Services Key
+    #   Management Service (KMS) encryption settings for your Network Firewall
+    #   resources. Your data is encrypted by default with an Amazon Web
+    #   Services owned key that Amazon Web Services owns and manages for you.
+    #   You can use either the Amazon Web Services owned key, or provide your
+    #   own customer managed key. To learn more about KMS encryption of your
+    #   Network Firewall resources, see [Encryption at rest with Amazon Web
+    #   Services Key Managment Service][1] in the *Network Firewall Developer
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
+    #
+    # @return [Types::UpdateFirewallEncryptionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_arn #firewall_arn} => String
+    #   * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_name #firewall_name} => String
+    #   * {Types::UpdateFirewallEncryptionConfigurationResponse#update_token #update_token} => String
+    #   * {Types::UpdateFirewallEncryptionConfigurationResponse#encryption_configuration #encryption_configuration} => Types::EncryptionConfiguration
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_firewall_encryption_configuration({
+    #     update_token: "UpdateToken",
+    #     firewall_arn: "ResourceArn",
+    #     firewall_name: "ResourceName",
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_arn #=> String
+    #   resp.firewall_name #=> String
+    #   resp.update_token #=> String
+    #   resp.encryption_configuration.key_id #=> String
+    #   resp.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfiguration AWS API Documentation
+    #
+    # @overload update_firewall_encryption_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_firewall_encryption_configuration(params = {}, options = {})
+      req = build_request(:update_firewall_encryption_configuration, params)
+      req.send_request(options)
+    end
+
     # Updates the properties of the specified firewall policy.
     #
     # @option params [required, String] :update_token
@@ -2221,6 +2383,10 @@ module Aws::NetworkFirewall
     #   If set to `FALSE`, Network Firewall makes the requested changes to
     #   your resources.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your firewall
+    #   policy resources.
+    #
     # @return [Types::UpdateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateFirewallPolicyResponse#update_token #update_token} => String
@@ -2271,6 +2437,10 @@ module Aws::NetworkFirewall
     #     },
     #     description: "Description",
     #     dry_run: false,
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -2287,6 +2457,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
     #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
     #   resp.firewall_policy_response.number_of_associations #=> Integer
+    #   resp.firewall_policy_response.encryption_configuration.key_id #=> String
+    #   resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.firewall_policy_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicy AWS API Documentation
     #
@@ -2537,6 +2710,15 @@ module Aws::NetworkFirewall
     #   If set to `FALSE`, Network Firewall makes the requested changes to
     #   your resources.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your rule
+    #   group resources.
+    #
+    # @option params [Types::SourceMetadata] :source_metadata
+    #   A complex type that contains metadata about the rule group that your
+    #   own rule group is copied from. You can use the metadata to keep track
+    #   of updates made to the originating rule group.
+    #
     # @return [Types::UpdateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateRuleGroupResponse#update_token #update_token} => String
@@ -2651,6 +2833,14 @@ module Aws::NetworkFirewall
     #     type: "STATELESS", # accepts STATELESS, STATEFUL
     #     description: "Description",
     #     dry_run: false,
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
+    #     source_metadata: {
+    #       source_arn: "ResourceArn",
+    #       source_update_token: "UpdateToken",
+    #     },
     #   })
     #
     # @example Response structure
@@ -2668,6 +2858,12 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags[0].value #=> String
     #   resp.rule_group_response.consumed_capacity #=> Integer
     #   resp.rule_group_response.number_of_associations #=> Integer
+    #   resp.rule_group_response.encryption_configuration.key_id #=> String
+    #   resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.rule_group_response.source_metadata.source_arn #=> String
+    #   resp.rule_group_response.source_metadata.source_update_token #=> String
+    #   resp.rule_group_response.sns_topic #=> String
+    #   resp.rule_group_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup AWS API Documentation
     #
@@ -2760,7 +2956,7 @@ module Aws::NetworkFirewall
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-networkfirewall'
-      context[:gem_version] = '1.14.0'
+      context[:gem_version] = '1.17.0'
       Seahorse::Client::Request.new(handlers, context)
     end