aws-sdk-networkfirewall 1.14.0 → 1.17.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-networkfirewall/client.rb +230 -34
- data/lib/aws-sdk-networkfirewall/client_api.rb +59 -0
- data/lib/aws-sdk-networkfirewall/types.rb +410 -54
- data/lib/aws-sdk-networkfirewall.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 60568c36adf25b6241c56a258da43d9508a482b29824db13da6fc88ea6c19954
|
4
|
+
data.tar.gz: a558af3d1058a75f0cadb7059cff44998938105e925af9cc7406e16736cd5666
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d6fb0da54ec27b4367ce6b01bae549d0345b4b308e6d62fa6eb604eabc3d8150894445a456abcf2463cfb614ea7c609eaedf96e1fe379d72d96e06cd7a2b9c17
|
7
|
+
data.tar.gz: 213ce4bcb8657bad5bc2e6b4c44197f13f10deafc02a9eb8ff5f6b4a25203b71ca0c748c79686f159b60cf8df70d7619321ba97c3f9b6a872e23977eaf804f02
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,21 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.17.0 (2022-04-28)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - AWS Network Firewall adds support for stateful threat signature AWS managed rule groups.
|
8
|
+
|
9
|
+
1.16.0 (2022-04-26)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - AWS Network Firewall now enables customers to use a customer managed AWS KMS key for the encryption of their firewall resources.
|
13
|
+
|
14
|
+
1.15.0 (2022-02-24)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
18
|
+
|
4
19
|
1.14.0 (2022-02-03)
|
5
20
|
------------------
|
6
21
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.17.0
|
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
30
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
31
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
32
33
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
@@ -75,6 +76,7 @@ module Aws::NetworkFirewall
|
|
75
76
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
76
77
|
add_plugin(Aws::Plugins::TransferEncoding)
|
77
78
|
add_plugin(Aws::Plugins::HttpChecksum)
|
79
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
78
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
79
81
|
add_plugin(Aws::Plugins::RecursionDetection)
|
80
82
|
add_plugin(Aws::Plugins::SignatureV4)
|
@@ -435,8 +437,8 @@ module Aws::NetworkFirewall
|
|
435
437
|
# You can specify one subnet for each of the Availability Zones that the
|
436
438
|
# VPC spans.
|
437
439
|
#
|
438
|
-
# This request creates an
|
439
|
-
#
|
440
|
+
# This request creates an Network Firewall firewall endpoint in each of
|
441
|
+
# the subnets. To enable the firewall's protections, you must also
|
440
442
|
# modify the VPC's route tables for each subnet's Availability Zone,
|
441
443
|
# to redirect the traffic that's coming into and going out of the zone
|
442
444
|
# through the firewall endpoint.
|
@@ -511,14 +513,14 @@ module Aws::NetworkFirewall
|
|
511
513
|
req.send_request(options)
|
512
514
|
end
|
513
515
|
|
514
|
-
# Creates an
|
515
|
-
#
|
516
|
+
# Creates an Network Firewall Firewall and accompanying FirewallStatus
|
517
|
+
# for a VPC.
|
516
518
|
#
|
517
|
-
# The firewall defines the configuration settings for an
|
519
|
+
# The firewall defines the configuration settings for an Network
|
518
520
|
# Firewall firewall. The settings that you can define at creation
|
519
521
|
# include the firewall policy, the subnets in your VPC to use for the
|
520
|
-
# firewall endpoints, and any tags that are attached to the firewall
|
521
|
-
# resource.
|
522
|
+
# firewall endpoints, and any tags that are attached to the firewall
|
523
|
+
# Amazon Web Services resource.
|
522
524
|
#
|
523
525
|
# After you create a firewall, you can provide additional settings, like
|
524
526
|
# the logging configuration.
|
@@ -528,8 +530,9 @@ module Aws::NetworkFirewall
|
|
528
530
|
# UpdateLoggingConfiguration, AssociateSubnets, and
|
529
531
|
# UpdateFirewallDeleteProtection.
|
530
532
|
#
|
531
|
-
# To manage a firewall's tags, use the standard
|
532
|
-
# operations, ListTagsForResource, TagResource, and
|
533
|
+
# To manage a firewall's tags, use the standard Amazon Web Services
|
534
|
+
# resource tagging operations, ListTagsForResource, TagResource, and
|
535
|
+
# UntagResource.
|
533
536
|
#
|
534
537
|
# To retrieve information about firewalls, use ListFirewalls and
|
535
538
|
# DescribeFirewall.
|
@@ -580,6 +583,10 @@ module Aws::NetworkFirewall
|
|
580
583
|
# @option params [Array<Types::Tag>] :tags
|
581
584
|
# The key:value pairs to associate with the resource.
|
582
585
|
#
|
586
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
587
|
+
# A complex type that contains settings for encryption of your firewall
|
588
|
+
# resources.
|
589
|
+
#
|
583
590
|
# @return [Types::CreateFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
584
591
|
#
|
585
592
|
# * {Types::CreateFirewallResponse#firewall #firewall} => Types::Firewall
|
@@ -606,6 +613,10 @@ module Aws::NetworkFirewall
|
|
606
613
|
# value: "TagValue", # required
|
607
614
|
# },
|
608
615
|
# ],
|
616
|
+
# encryption_configuration: {
|
617
|
+
# key_id: "KeyId",
|
618
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
619
|
+
# },
|
609
620
|
# })
|
610
621
|
#
|
611
622
|
# @example Response structure
|
@@ -624,6 +635,8 @@ module Aws::NetworkFirewall
|
|
624
635
|
# resp.firewall.tags #=> Array
|
625
636
|
# resp.firewall.tags[0].key #=> String
|
626
637
|
# resp.firewall.tags[0].value #=> String
|
638
|
+
# resp.firewall.encryption_configuration.key_id #=> String
|
639
|
+
# resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
627
640
|
# resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
|
628
641
|
# resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
|
629
642
|
# resp.firewall_status.sync_states #=> Hash
|
@@ -646,7 +659,7 @@ module Aws::NetworkFirewall
|
|
646
659
|
# Creates the firewall policy for the firewall according to the
|
647
660
|
# specifications.
|
648
661
|
#
|
649
|
-
# An
|
662
|
+
# An Network Firewall firewall policy defines the behavior of a
|
650
663
|
# firewall, in a collection of stateless and stateful rule groups and
|
651
664
|
# other settings. You can use one firewall policy for multiple
|
652
665
|
# firewalls.
|
@@ -679,6 +692,10 @@ module Aws::NetworkFirewall
|
|
679
692
|
# If set to `FALSE`, Network Firewall makes the requested changes to
|
680
693
|
# your resources.
|
681
694
|
#
|
695
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
696
|
+
# A complex type that contains settings for encryption of your firewall
|
697
|
+
# policy resources.
|
698
|
+
#
|
682
699
|
# @return [Types::CreateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
683
700
|
#
|
684
701
|
# * {Types::CreateFirewallPolicyResponse#update_token #update_token} => String
|
@@ -733,6 +750,10 @@ module Aws::NetworkFirewall
|
|
733
750
|
# },
|
734
751
|
# ],
|
735
752
|
# dry_run: false,
|
753
|
+
# encryption_configuration: {
|
754
|
+
# key_id: "KeyId",
|
755
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
756
|
+
# },
|
736
757
|
# })
|
737
758
|
#
|
738
759
|
# @example Response structure
|
@@ -749,6 +770,9 @@ module Aws::NetworkFirewall
|
|
749
770
|
# resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
|
750
771
|
# resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
|
751
772
|
# resp.firewall_policy_response.number_of_associations #=> Integer
|
773
|
+
# resp.firewall_policy_response.encryption_configuration.key_id #=> String
|
774
|
+
# resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
775
|
+
# resp.firewall_policy_response.last_modified_time #=> Time
|
752
776
|
#
|
753
777
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicy AWS API Documentation
|
754
778
|
#
|
@@ -867,6 +891,15 @@ module Aws::NetworkFirewall
|
|
867
891
|
# If set to `FALSE`, Network Firewall makes the requested changes to
|
868
892
|
# your resources.
|
869
893
|
#
|
894
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
895
|
+
# A complex type that contains settings for encryption of your rule
|
896
|
+
# group resources.
|
897
|
+
#
|
898
|
+
# @option params [Types::SourceMetadata] :source_metadata
|
899
|
+
# A complex type that contains metadata about the rule group that your
|
900
|
+
# own rule group is copied from. You can use the metadata to keep track
|
901
|
+
# of updates made to the originating rule group.
|
902
|
+
#
|
870
903
|
# @return [Types::CreateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
871
904
|
#
|
872
905
|
# * {Types::CreateRuleGroupResponse#update_token #update_token} => String
|
@@ -986,6 +1019,14 @@ module Aws::NetworkFirewall
|
|
986
1019
|
# },
|
987
1020
|
# ],
|
988
1021
|
# dry_run: false,
|
1022
|
+
# encryption_configuration: {
|
1023
|
+
# key_id: "KeyId",
|
1024
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
1025
|
+
# },
|
1026
|
+
# source_metadata: {
|
1027
|
+
# source_arn: "ResourceArn",
|
1028
|
+
# source_update_token: "UpdateToken",
|
1029
|
+
# },
|
989
1030
|
# })
|
990
1031
|
#
|
991
1032
|
# @example Response structure
|
@@ -1003,6 +1044,12 @@ module Aws::NetworkFirewall
|
|
1003
1044
|
# resp.rule_group_response.tags[0].value #=> String
|
1004
1045
|
# resp.rule_group_response.consumed_capacity #=> Integer
|
1005
1046
|
# resp.rule_group_response.number_of_associations #=> Integer
|
1047
|
+
# resp.rule_group_response.encryption_configuration.key_id #=> String
|
1048
|
+
# resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1049
|
+
# resp.rule_group_response.source_metadata.source_arn #=> String
|
1050
|
+
# resp.rule_group_response.source_metadata.source_update_token #=> String
|
1051
|
+
# resp.rule_group_response.sns_topic #=> String
|
1052
|
+
# resp.rule_group_response.last_modified_time #=> Time
|
1006
1053
|
#
|
1007
1054
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup AWS API Documentation
|
1008
1055
|
#
|
@@ -1068,6 +1115,8 @@ module Aws::NetworkFirewall
|
|
1068
1115
|
# resp.firewall.tags #=> Array
|
1069
1116
|
# resp.firewall.tags[0].key #=> String
|
1070
1117
|
# resp.firewall.tags[0].value #=> String
|
1118
|
+
# resp.firewall.encryption_configuration.key_id #=> String
|
1119
|
+
# resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1071
1120
|
# resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
|
1072
1121
|
# resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
|
1073
1122
|
# resp.firewall_status.sync_states #=> Hash
|
@@ -1124,6 +1173,9 @@ module Aws::NetworkFirewall
|
|
1124
1173
|
# resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
|
1125
1174
|
# resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
|
1126
1175
|
# resp.firewall_policy_response.number_of_associations #=> Integer
|
1176
|
+
# resp.firewall_policy_response.encryption_configuration.key_id #=> String
|
1177
|
+
# resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1178
|
+
# resp.firewall_policy_response.last_modified_time #=> Time
|
1127
1179
|
#
|
1128
1180
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallPolicy AWS API Documentation
|
1129
1181
|
#
|
@@ -1207,6 +1259,12 @@ module Aws::NetworkFirewall
|
|
1207
1259
|
# resp.rule_group_response.tags[0].value #=> String
|
1208
1260
|
# resp.rule_group_response.consumed_capacity #=> Integer
|
1209
1261
|
# resp.rule_group_response.number_of_associations #=> Integer
|
1262
|
+
# resp.rule_group_response.encryption_configuration.key_id #=> String
|
1263
|
+
# resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1264
|
+
# resp.rule_group_response.source_metadata.source_arn #=> String
|
1265
|
+
# resp.rule_group_response.source_metadata.source_update_token #=> String
|
1266
|
+
# resp.rule_group_response.sns_topic #=> String
|
1267
|
+
# resp.rule_group_response.last_modified_time #=> Time
|
1210
1268
|
#
|
1211
1269
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup AWS API Documentation
|
1212
1270
|
#
|
@@ -1260,6 +1318,8 @@ module Aws::NetworkFirewall
|
|
1260
1318
|
# resp.firewall.tags #=> Array
|
1261
1319
|
# resp.firewall.tags[0].key #=> String
|
1262
1320
|
# resp.firewall.tags[0].value #=> String
|
1321
|
+
# resp.firewall.encryption_configuration.key_id #=> String
|
1322
|
+
# resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1263
1323
|
# resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
|
1264
1324
|
# resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
|
1265
1325
|
# resp.firewall_status.sync_states #=> Hash
|
@@ -1319,6 +1379,9 @@ module Aws::NetworkFirewall
|
|
1319
1379
|
# resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
|
1320
1380
|
# resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
|
1321
1381
|
# resp.firewall_policy_response.number_of_associations #=> Integer
|
1382
|
+
# resp.firewall_policy_response.encryption_configuration.key_id #=> String
|
1383
|
+
# resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1384
|
+
# resp.firewall_policy_response.last_modified_time #=> Time
|
1322
1385
|
# resp.firewall_policy.stateless_rule_group_references #=> Array
|
1323
1386
|
# resp.firewall_policy.stateless_rule_group_references[0].resource_arn #=> String
|
1324
1387
|
# resp.firewall_policy.stateless_rule_group_references[0].priority #=> Integer
|
@@ -1522,6 +1585,12 @@ module Aws::NetworkFirewall
|
|
1522
1585
|
# resp.rule_group_response.tags[0].value #=> String
|
1523
1586
|
# resp.rule_group_response.consumed_capacity #=> Integer
|
1524
1587
|
# resp.rule_group_response.number_of_associations #=> Integer
|
1588
|
+
# resp.rule_group_response.encryption_configuration.key_id #=> String
|
1589
|
+
# resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1590
|
+
# resp.rule_group_response.source_metadata.source_arn #=> String
|
1591
|
+
# resp.rule_group_response.source_metadata.source_update_token #=> String
|
1592
|
+
# resp.rule_group_response.sns_topic #=> String
|
1593
|
+
# resp.rule_group_response.last_modified_time #=> Time
|
1525
1594
|
#
|
1526
1595
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup AWS API Documentation
|
1527
1596
|
#
|
@@ -1567,6 +1636,7 @@ module Aws::NetworkFirewall
|
|
1567
1636
|
# * {Types::DescribeRuleGroupMetadataResponse#type #type} => String
|
1568
1637
|
# * {Types::DescribeRuleGroupMetadataResponse#capacity #capacity} => Integer
|
1569
1638
|
# * {Types::DescribeRuleGroupMetadataResponse#stateful_rule_options #stateful_rule_options} => Types::StatefulRuleOptions
|
1639
|
+
# * {Types::DescribeRuleGroupMetadataResponse#last_modified_time #last_modified_time} => Time
|
1570
1640
|
#
|
1571
1641
|
# @example Request syntax with placeholder values
|
1572
1642
|
#
|
@@ -1584,6 +1654,7 @@ module Aws::NetworkFirewall
|
|
1584
1654
|
# resp.type #=> String, one of "STATELESS", "STATEFUL"
|
1585
1655
|
# resp.capacity #=> Integer
|
1586
1656
|
# resp.stateful_rule_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
|
1657
|
+
# resp.last_modified_time #=> Time
|
1587
1658
|
#
|
1588
1659
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadata AWS API Documentation
|
1589
1660
|
#
|
@@ -1789,6 +1860,15 @@ module Aws::NetworkFirewall
|
|
1789
1860
|
# setting of `NULL` returns all of the rule groups in your account. A
|
1790
1861
|
# setting of `MANAGED` returns all available managed rule groups.
|
1791
1862
|
#
|
1863
|
+
# @option params [String] :managed_type
|
1864
|
+
# Indicates the general category of the Amazon Web Services managed rule
|
1865
|
+
# group.
|
1866
|
+
#
|
1867
|
+
# @option params [String] :type
|
1868
|
+
# Indicates whether the rule group is stateless or stateful. If the rule
|
1869
|
+
# group is stateless, it contains stateless rules. If it is stateful, it
|
1870
|
+
# contains stateful rules.
|
1871
|
+
#
|
1792
1872
|
# @return [Types::ListRuleGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1793
1873
|
#
|
1794
1874
|
# * {Types::ListRuleGroupsResponse#next_token #next_token} => String
|
@@ -1802,6 +1882,8 @@ module Aws::NetworkFirewall
|
|
1802
1882
|
# next_token: "PaginationToken",
|
1803
1883
|
# max_results: 1,
|
1804
1884
|
# scope: "MANAGED", # accepts MANAGED, ACCOUNT
|
1885
|
+
# managed_type: "AWS_MANAGED_THREAT_SIGNATURES", # accepts AWS_MANAGED_THREAT_SIGNATURES, AWS_MANAGED_DOMAIN_LISTS
|
1886
|
+
# type: "STATELESS", # accepts STATELESS, STATEFUL
|
1805
1887
|
# })
|
1806
1888
|
#
|
1807
1889
|
# @example Response structure
|
@@ -1824,11 +1906,11 @@ module Aws::NetworkFirewall
|
|
1824
1906
|
# key:value pairs that you can use to categorize and manage your
|
1825
1907
|
# resources, for purposes like billing. For example, you might set the
|
1826
1908
|
# tag key to "customer" and the value to the customer name or ID. You
|
1827
|
-
# can specify one or more tags to add to each
|
1828
|
-
# tags for a resource.
|
1909
|
+
# can specify one or more tags to add to each Amazon Web Services
|
1910
|
+
# resource, up to 50 tags for a resource.
|
1829
1911
|
#
|
1830
|
-
# You can tag the
|
1831
|
-
# Firewall: firewalls, firewall policies, and rule groups.
|
1912
|
+
# You can tag the Amazon Web Services resources that you manage through
|
1913
|
+
# Network Firewall: firewalls, firewall policies, and rule groups.
|
1832
1914
|
#
|
1833
1915
|
# @option params [String] :next_token
|
1834
1916
|
# When you request a list of objects with a `MaxResults` setting, if the
|
@@ -1877,11 +1959,11 @@ module Aws::NetworkFirewall
|
|
1877
1959
|
req.send_request(options)
|
1878
1960
|
end
|
1879
1961
|
|
1880
|
-
# Creates or updates an
|
1881
|
-
#
|
1882
|
-
#
|
1883
|
-
#
|
1884
|
-
#
|
1962
|
+
# Creates or updates an IAM policy for your rule group or firewall
|
1963
|
+
# policy. Use this to share rule groups and firewall policies between
|
1964
|
+
# accounts. This operation works in conjunction with the Amazon Web
|
1965
|
+
# Services Resource Access Manager (RAM) service to manage resource
|
1966
|
+
# sharing for Network Firewall.
|
1885
1967
|
#
|
1886
1968
|
# Use this operation to create or update a resource policy for your rule
|
1887
1969
|
# group or firewall policy. In the policy, you specify the accounts that
|
@@ -1898,8 +1980,8 @@ module Aws::NetworkFirewall
|
|
1898
1980
|
# * [AcceptResourceShareInvitation][2] - Accepts the share invitation
|
1899
1981
|
# for a specified resource share.
|
1900
1982
|
#
|
1901
|
-
# For additional information about resource sharing using RAM, see
|
1902
|
-
# Resource Access Manager User Guide][3].
|
1983
|
+
# For additional information about resource sharing using RAM, see
|
1984
|
+
# [Resource Access Manager User Guide][3].
|
1903
1985
|
#
|
1904
1986
|
#
|
1905
1987
|
#
|
@@ -1912,10 +1994,9 @@ module Aws::NetworkFirewall
|
|
1912
1994
|
# rule groups and firewall policies with.
|
1913
1995
|
#
|
1914
1996
|
# @option params [required, String] :policy
|
1915
|
-
# The
|
1916
|
-
#
|
1917
|
-
#
|
1918
|
-
# perform.
|
1997
|
+
# The IAM policy statement that lists the accounts that you want to
|
1998
|
+
# share your rule group or firewall policy with and the operations that
|
1999
|
+
# you want the accounts to be able to perform.
|
1919
2000
|
#
|
1920
2001
|
# For a rule group resource, you can specify the following operations in
|
1921
2002
|
# the Actions section of the statement:
|
@@ -1963,11 +2044,11 @@ module Aws::NetworkFirewall
|
|
1963
2044
|
# pairs that you can use to categorize and manage your resources, for
|
1964
2045
|
# purposes like billing. For example, you might set the tag key to
|
1965
2046
|
# "customer" and the value to the customer name or ID. You can specify
|
1966
|
-
# one or more tags to add to each
|
1967
|
-
# resource.
|
2047
|
+
# one or more tags to add to each Amazon Web Services resource, up to 50
|
2048
|
+
# tags for a resource.
|
1968
2049
|
#
|
1969
|
-
# You can tag the
|
1970
|
-
# Firewall: firewalls, firewall policies, and rule groups.
|
2050
|
+
# You can tag the Amazon Web Services resources that you manage through
|
2051
|
+
# Network Firewall: firewalls, firewall policies, and rule groups.
|
1971
2052
|
#
|
1972
2053
|
# @option params [required, String] :resource_arn
|
1973
2054
|
# The Amazon Resource Name (ARN) of the resource.
|
@@ -2001,11 +2082,12 @@ module Aws::NetworkFirewall
|
|
2001
2082
|
# Tags are key:value pairs that you can use to categorize and manage
|
2002
2083
|
# your resources, for purposes like billing. For example, you might set
|
2003
2084
|
# the tag key to "customer" and the value to the customer name or ID.
|
2004
|
-
# You can specify one or more tags to add to each
|
2005
|
-
# tags for a resource.
|
2085
|
+
# You can specify one or more tags to add to each Amazon Web Services
|
2086
|
+
# resource, up to 50 tags for a resource.
|
2006
2087
|
#
|
2007
|
-
# You can manage tags for the
|
2008
|
-
# Network Firewall: firewalls, firewall policies, and
|
2088
|
+
# You can manage tags for the Amazon Web Services resources that you
|
2089
|
+
# manage through Network Firewall: firewalls, firewall policies, and
|
2090
|
+
# rule groups.
|
2009
2091
|
#
|
2010
2092
|
# @option params [required, String] :resource_arn
|
2011
2093
|
# The Amazon Resource Name (ARN) of the resource.
|
@@ -2174,6 +2256,86 @@ module Aws::NetworkFirewall
|
|
2174
2256
|
req.send_request(options)
|
2175
2257
|
end
|
2176
2258
|
|
2259
|
+
# A complex type that contains settings for encryption of your firewall
|
2260
|
+
# resources.
|
2261
|
+
#
|
2262
|
+
# @option params [String] :update_token
|
2263
|
+
# An optional token that you can use for optimistic locking. Network
|
2264
|
+
# Firewall returns a token to your requests that access the firewall.
|
2265
|
+
# The token marks the state of the firewall resource at the time of the
|
2266
|
+
# request.
|
2267
|
+
#
|
2268
|
+
# To make an unconditional change to the firewall, omit the token in
|
2269
|
+
# your update request. Without the token, Network Firewall performs your
|
2270
|
+
# updates regardless of whether the firewall has changed since you last
|
2271
|
+
# retrieved it.
|
2272
|
+
#
|
2273
|
+
# To make a conditional change to the firewall, provide the token in
|
2274
|
+
# your update request. Network Firewall uses the token to ensure that
|
2275
|
+
# the firewall hasn't changed since you last retrieved it. If it has
|
2276
|
+
# changed, the operation fails with an `InvalidTokenException`. If this
|
2277
|
+
# happens, retrieve the firewall again to get a current copy of it with
|
2278
|
+
# a new token. Reapply your changes as needed, then try the operation
|
2279
|
+
# again using the new token.
|
2280
|
+
#
|
2281
|
+
# @option params [String] :firewall_arn
|
2282
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
2283
|
+
#
|
2284
|
+
# @option params [String] :firewall_name
|
2285
|
+
# The descriptive name of the firewall. You can't change the name of a
|
2286
|
+
# firewall after you create it.
|
2287
|
+
#
|
2288
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
2289
|
+
# A complex type that contains optional Amazon Web Services Key
|
2290
|
+
# Management Service (KMS) encryption settings for your Network Firewall
|
2291
|
+
# resources. Your data is encrypted by default with an Amazon Web
|
2292
|
+
# Services owned key that Amazon Web Services owns and manages for you.
|
2293
|
+
# You can use either the Amazon Web Services owned key, or provide your
|
2294
|
+
# own customer managed key. To learn more about KMS encryption of your
|
2295
|
+
# Network Firewall resources, see [Encryption at rest with Amazon Web
|
2296
|
+
# Services Key Managment Service][1] in the *Network Firewall Developer
|
2297
|
+
# Guide*.
|
2298
|
+
#
|
2299
|
+
#
|
2300
|
+
#
|
2301
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
|
2302
|
+
#
|
2303
|
+
# @return [Types::UpdateFirewallEncryptionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2304
|
+
#
|
2305
|
+
# * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_arn #firewall_arn} => String
|
2306
|
+
# * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_name #firewall_name} => String
|
2307
|
+
# * {Types::UpdateFirewallEncryptionConfigurationResponse#update_token #update_token} => String
|
2308
|
+
# * {Types::UpdateFirewallEncryptionConfigurationResponse#encryption_configuration #encryption_configuration} => Types::EncryptionConfiguration
|
2309
|
+
#
|
2310
|
+
# @example Request syntax with placeholder values
|
2311
|
+
#
|
2312
|
+
# resp = client.update_firewall_encryption_configuration({
|
2313
|
+
# update_token: "UpdateToken",
|
2314
|
+
# firewall_arn: "ResourceArn",
|
2315
|
+
# firewall_name: "ResourceName",
|
2316
|
+
# encryption_configuration: {
|
2317
|
+
# key_id: "KeyId",
|
2318
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
2319
|
+
# },
|
2320
|
+
# })
|
2321
|
+
#
|
2322
|
+
# @example Response structure
|
2323
|
+
#
|
2324
|
+
# resp.firewall_arn #=> String
|
2325
|
+
# resp.firewall_name #=> String
|
2326
|
+
# resp.update_token #=> String
|
2327
|
+
# resp.encryption_configuration.key_id #=> String
|
2328
|
+
# resp.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
2329
|
+
#
|
2330
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfiguration AWS API Documentation
|
2331
|
+
#
|
2332
|
+
# @overload update_firewall_encryption_configuration(params = {})
|
2333
|
+
# @param [Hash] params ({})
|
2334
|
+
def update_firewall_encryption_configuration(params = {}, options = {})
|
2335
|
+
req = build_request(:update_firewall_encryption_configuration, params)
|
2336
|
+
req.send_request(options)
|
2337
|
+
end
|
2338
|
+
|
2177
2339
|
# Updates the properties of the specified firewall policy.
|
2178
2340
|
#
|
2179
2341
|
# @option params [required, String] :update_token
|
@@ -2221,6 +2383,10 @@ module Aws::NetworkFirewall
|
|
2221
2383
|
# If set to `FALSE`, Network Firewall makes the requested changes to
|
2222
2384
|
# your resources.
|
2223
2385
|
#
|
2386
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
2387
|
+
# A complex type that contains settings for encryption of your firewall
|
2388
|
+
# policy resources.
|
2389
|
+
#
|
2224
2390
|
# @return [Types::UpdateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2225
2391
|
#
|
2226
2392
|
# * {Types::UpdateFirewallPolicyResponse#update_token #update_token} => String
|
@@ -2271,6 +2437,10 @@ module Aws::NetworkFirewall
|
|
2271
2437
|
# },
|
2272
2438
|
# description: "Description",
|
2273
2439
|
# dry_run: false,
|
2440
|
+
# encryption_configuration: {
|
2441
|
+
# key_id: "KeyId",
|
2442
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
2443
|
+
# },
|
2274
2444
|
# })
|
2275
2445
|
#
|
2276
2446
|
# @example Response structure
|
@@ -2287,6 +2457,9 @@ module Aws::NetworkFirewall
|
|
2287
2457
|
# resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
|
2288
2458
|
# resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
|
2289
2459
|
# resp.firewall_policy_response.number_of_associations #=> Integer
|
2460
|
+
# resp.firewall_policy_response.encryption_configuration.key_id #=> String
|
2461
|
+
# resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
2462
|
+
# resp.firewall_policy_response.last_modified_time #=> Time
|
2290
2463
|
#
|
2291
2464
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicy AWS API Documentation
|
2292
2465
|
#
|
@@ -2537,6 +2710,15 @@ module Aws::NetworkFirewall
|
|
2537
2710
|
# If set to `FALSE`, Network Firewall makes the requested changes to
|
2538
2711
|
# your resources.
|
2539
2712
|
#
|
2713
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
2714
|
+
# A complex type that contains settings for encryption of your rule
|
2715
|
+
# group resources.
|
2716
|
+
#
|
2717
|
+
# @option params [Types::SourceMetadata] :source_metadata
|
2718
|
+
# A complex type that contains metadata about the rule group that your
|
2719
|
+
# own rule group is copied from. You can use the metadata to keep track
|
2720
|
+
# of updates made to the originating rule group.
|
2721
|
+
#
|
2540
2722
|
# @return [Types::UpdateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2541
2723
|
#
|
2542
2724
|
# * {Types::UpdateRuleGroupResponse#update_token #update_token} => String
|
@@ -2651,6 +2833,14 @@ module Aws::NetworkFirewall
|
|
2651
2833
|
# type: "STATELESS", # accepts STATELESS, STATEFUL
|
2652
2834
|
# description: "Description",
|
2653
2835
|
# dry_run: false,
|
2836
|
+
# encryption_configuration: {
|
2837
|
+
# key_id: "KeyId",
|
2838
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
2839
|
+
# },
|
2840
|
+
# source_metadata: {
|
2841
|
+
# source_arn: "ResourceArn",
|
2842
|
+
# source_update_token: "UpdateToken",
|
2843
|
+
# },
|
2654
2844
|
# })
|
2655
2845
|
#
|
2656
2846
|
# @example Response structure
|
@@ -2668,6 +2858,12 @@ module Aws::NetworkFirewall
|
|
2668
2858
|
# resp.rule_group_response.tags[0].value #=> String
|
2669
2859
|
# resp.rule_group_response.consumed_capacity #=> Integer
|
2670
2860
|
# resp.rule_group_response.number_of_associations #=> Integer
|
2861
|
+
# resp.rule_group_response.encryption_configuration.key_id #=> String
|
2862
|
+
# resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
2863
|
+
# resp.rule_group_response.source_metadata.source_arn #=> String
|
2864
|
+
# resp.rule_group_response.source_metadata.source_update_token #=> String
|
2865
|
+
# resp.rule_group_response.sns_topic #=> String
|
2866
|
+
# resp.rule_group_response.last_modified_time #=> Time
|
2671
2867
|
#
|
2672
2868
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup AWS API Documentation
|
2673
2869
|
#
|
@@ -2760,7 +2956,7 @@ module Aws::NetworkFirewall
|
|
2760
2956
|
params: params,
|
2761
2957
|
config: config)
|
2762
2958
|
context[:gem_name] = 'aws-sdk-networkfirewall'
|
2763
|
-
context[:gem_version] = '1.
|
2959
|
+
context[:gem_version] = '1.17.0'
|
2764
2960
|
Seahorse::Client::Request.new(handlers, context)
|
2765
2961
|
end
|
2766
2962
|
|