aws-sdk-networkfirewall 1.14.0 → 1.17.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-networkfirewall/client.rb +230 -34
- data/lib/aws-sdk-networkfirewall/client_api.rb +59 -0
- data/lib/aws-sdk-networkfirewall/types.rb +410 -54
- data/lib/aws-sdk-networkfirewall.rb +1 -1
- metadata +4 -4
@@ -294,8 +294,8 @@ module Aws::NetworkFirewall
|
|
294
294
|
end
|
295
295
|
|
296
296
|
# The configuration and status for a single subnet that you've
|
297
|
-
# specified for use by the
|
298
|
-
#
|
297
|
+
# specified for use by the Network Firewall firewall. This is part of
|
298
|
+
# the FirewallStatus.
|
299
299
|
#
|
300
300
|
# @!attribute [rw] subnet_id
|
301
301
|
# The unique identifier of the subnet that you've specified to be
|
@@ -379,6 +379,10 @@ module Aws::NetworkFirewall
|
|
379
379
|
# },
|
380
380
|
# ],
|
381
381
|
# dry_run: false,
|
382
|
+
# encryption_configuration: {
|
383
|
+
# key_id: "KeyId",
|
384
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
385
|
+
# },
|
382
386
|
# }
|
383
387
|
#
|
384
388
|
# @!attribute [rw] firewall_policy_name
|
@@ -414,6 +418,11 @@ module Aws::NetworkFirewall
|
|
414
418
|
# your resources.
|
415
419
|
# @return [Boolean]
|
416
420
|
#
|
421
|
+
# @!attribute [rw] encryption_configuration
|
422
|
+
# A complex type that contains settings for encryption of your
|
423
|
+
# firewall policy resources.
|
424
|
+
# @return [Types::EncryptionConfiguration]
|
425
|
+
#
|
417
426
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicyRequest AWS API Documentation
|
418
427
|
#
|
419
428
|
class CreateFirewallPolicyRequest < Struct.new(
|
@@ -421,7 +430,8 @@ module Aws::NetworkFirewall
|
|
421
430
|
:firewall_policy,
|
422
431
|
:description,
|
423
432
|
:tags,
|
424
|
-
:dry_run
|
433
|
+
:dry_run,
|
434
|
+
:encryption_configuration)
|
425
435
|
SENSITIVE = []
|
426
436
|
include Aws::Structure
|
427
437
|
end
|
@@ -477,6 +487,10 @@ module Aws::NetworkFirewall
|
|
477
487
|
# value: "TagValue", # required
|
478
488
|
# },
|
479
489
|
# ],
|
490
|
+
# encryption_configuration: {
|
491
|
+
# key_id: "KeyId",
|
492
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
493
|
+
# },
|
480
494
|
# }
|
481
495
|
#
|
482
496
|
# @!attribute [rw] firewall_name
|
@@ -534,6 +548,11 @@ module Aws::NetworkFirewall
|
|
534
548
|
# The key:value pairs to associate with the resource.
|
535
549
|
# @return [Array<Types::Tag>]
|
536
550
|
#
|
551
|
+
# @!attribute [rw] encryption_configuration
|
552
|
+
# A complex type that contains settings for encryption of your
|
553
|
+
# firewall resources.
|
554
|
+
# @return [Types::EncryptionConfiguration]
|
555
|
+
#
|
537
556
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallRequest AWS API Documentation
|
538
557
|
#
|
539
558
|
class CreateFirewallRequest < Struct.new(
|
@@ -545,7 +564,8 @@ module Aws::NetworkFirewall
|
|
545
564
|
:subnet_change_protection,
|
546
565
|
:firewall_policy_change_protection,
|
547
566
|
:description,
|
548
|
-
:tags
|
567
|
+
:tags,
|
568
|
+
:encryption_configuration)
|
549
569
|
SENSITIVE = []
|
550
570
|
include Aws::Structure
|
551
571
|
end
|
@@ -686,6 +706,14 @@ module Aws::NetworkFirewall
|
|
686
706
|
# },
|
687
707
|
# ],
|
688
708
|
# dry_run: false,
|
709
|
+
# encryption_configuration: {
|
710
|
+
# key_id: "KeyId",
|
711
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
712
|
+
# },
|
713
|
+
# source_metadata: {
|
714
|
+
# source_arn: "ResourceArn",
|
715
|
+
# source_update_token: "UpdateToken",
|
716
|
+
# },
|
689
717
|
# }
|
690
718
|
#
|
691
719
|
# @!attribute [rw] rule_group_name
|
@@ -799,6 +827,17 @@ module Aws::NetworkFirewall
|
|
799
827
|
# your resources.
|
800
828
|
# @return [Boolean]
|
801
829
|
#
|
830
|
+
# @!attribute [rw] encryption_configuration
|
831
|
+
# A complex type that contains settings for encryption of your rule
|
832
|
+
# group resources.
|
833
|
+
# @return [Types::EncryptionConfiguration]
|
834
|
+
#
|
835
|
+
# @!attribute [rw] source_metadata
|
836
|
+
# A complex type that contains metadata about the rule group that your
|
837
|
+
# own rule group is copied from. You can use the metadata to keep
|
838
|
+
# track of updates made to the originating rule group.
|
839
|
+
# @return [Types::SourceMetadata]
|
840
|
+
#
|
802
841
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroupRequest AWS API Documentation
|
803
842
|
#
|
804
843
|
class CreateRuleGroupRequest < Struct.new(
|
@@ -809,7 +848,9 @@ module Aws::NetworkFirewall
|
|
809
848
|
:description,
|
810
849
|
:capacity,
|
811
850
|
:tags,
|
812
|
-
:dry_run
|
851
|
+
:dry_run,
|
852
|
+
:encryption_configuration,
|
853
|
+
:source_metadata)
|
813
854
|
SENSITIVE = []
|
814
855
|
include Aws::Structure
|
815
856
|
end
|
@@ -972,10 +1013,10 @@ module Aws::NetworkFirewall
|
|
972
1013
|
end
|
973
1014
|
|
974
1015
|
# @!attribute [rw] firewall
|
975
|
-
# The firewall defines the configuration settings for an
|
1016
|
+
# The firewall defines the configuration settings for an Network
|
976
1017
|
# Firewall firewall. These settings include the firewall policy, the
|
977
1018
|
# subnets in your VPC to use for the firewall endpoints, and any tags
|
978
|
-
# that are attached to the firewall
|
1019
|
+
# that are attached to the firewall Amazon Web Services resource.
|
979
1020
|
#
|
980
1021
|
# The status of the firewall, for example whether it's ready to
|
981
1022
|
# filter network traffic, is provided in the corresponding
|
@@ -1250,7 +1291,7 @@ module Aws::NetworkFirewall
|
|
1250
1291
|
# @return [String]
|
1251
1292
|
#
|
1252
1293
|
# @!attribute [rw] logging_configuration
|
1253
|
-
# Defines how
|
1294
|
+
# Defines how Network Firewall performs logging for a Firewall.
|
1254
1295
|
# @return [Types::LoggingConfiguration]
|
1255
1296
|
#
|
1256
1297
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeLoggingConfigurationResponse AWS API Documentation
|
@@ -1283,7 +1324,7 @@ module Aws::NetworkFirewall
|
|
1283
1324
|
end
|
1284
1325
|
|
1285
1326
|
# @!attribute [rw] policy
|
1286
|
-
# The
|
1327
|
+
# The IAM policy for the resource.
|
1287
1328
|
# @return [String]
|
1288
1329
|
#
|
1289
1330
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeResourcePolicyResponse AWS API Documentation
|
@@ -1384,6 +1425,10 @@ module Aws::NetworkFirewall
|
|
1384
1425
|
# group. You can only use these for stateful rule groups.
|
1385
1426
|
# @return [Types::StatefulRuleOptions]
|
1386
1427
|
#
|
1428
|
+
# @!attribute [rw] last_modified_time
|
1429
|
+
# The last time that the rule group was changed.
|
1430
|
+
# @return [Time]
|
1431
|
+
#
|
1387
1432
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadataResponse AWS API Documentation
|
1388
1433
|
#
|
1389
1434
|
class DescribeRuleGroupMetadataResponse < Struct.new(
|
@@ -1392,7 +1437,8 @@ module Aws::NetworkFirewall
|
|
1392
1437
|
:description,
|
1393
1438
|
:type,
|
1394
1439
|
:capacity,
|
1395
|
-
:stateful_rule_options
|
1440
|
+
:stateful_rule_options,
|
1441
|
+
:last_modified_time)
|
1396
1442
|
SENSITIVE = []
|
1397
1443
|
include Aws::Structure
|
1398
1444
|
end
|
@@ -1459,10 +1505,10 @@ module Aws::NetworkFirewall
|
|
1459
1505
|
# RuleGroupResponse, define the rule group. You can retrieve all
|
1460
1506
|
# objects for a rule group by calling DescribeRuleGroup.
|
1461
1507
|
#
|
1462
|
-
#
|
1463
|
-
#
|
1464
|
-
#
|
1465
|
-
#
|
1508
|
+
# Network Firewall uses a rule group to inspect and control network
|
1509
|
+
# traffic. You define stateless rule groups to inspect individual
|
1510
|
+
# packets and you define stateful rule groups to inspect packets in
|
1511
|
+
# the context of their traffic flow.
|
1466
1512
|
#
|
1467
1513
|
# To use a rule group, you include it by reference in an Network
|
1468
1514
|
# Firewall firewall policy, then you use the policy in a firewall. You
|
@@ -1491,7 +1537,7 @@ module Aws::NetworkFirewall
|
|
1491
1537
|
# metric dimension is a name/value pair that's part of the identity of
|
1492
1538
|
# a metric.
|
1493
1539
|
#
|
1494
|
-
#
|
1540
|
+
# Network Firewall sets the dimension name to `CustomAction` and you
|
1495
1541
|
# provide the dimension value.
|
1496
1542
|
#
|
1497
1543
|
# For more information about CloudWatch custom metric dimensions, see
|
@@ -1625,10 +1671,59 @@ module Aws::NetworkFirewall
|
|
1625
1671
|
include Aws::Structure
|
1626
1672
|
end
|
1627
1673
|
|
1628
|
-
#
|
1674
|
+
# A complex type that contains optional Amazon Web Services Key
|
1675
|
+
# Management Service (KMS) encryption settings for your Network Firewall
|
1676
|
+
# resources. Your data is encrypted by default with an Amazon Web
|
1677
|
+
# Services owned key that Amazon Web Services owns and manages for you.
|
1678
|
+
# You can use either the Amazon Web Services owned key, or provide your
|
1679
|
+
# own customer managed key. To learn more about KMS encryption of your
|
1680
|
+
# Network Firewall resources, see [Encryption at rest with Amazon Web
|
1681
|
+
# Services Key Managment Service][1] in the *Network Firewall Developer
|
1682
|
+
# Guide*.
|
1683
|
+
#
|
1684
|
+
#
|
1685
|
+
#
|
1686
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
|
1687
|
+
#
|
1688
|
+
# @note When making an API call, you may pass EncryptionConfiguration
|
1689
|
+
# data as a hash:
|
1690
|
+
#
|
1691
|
+
# {
|
1692
|
+
# key_id: "KeyId",
|
1693
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
1694
|
+
# }
|
1695
|
+
#
|
1696
|
+
# @!attribute [rw] key_id
|
1697
|
+
# The ID of the Amazon Web Services Key Management Service (KMS)
|
1698
|
+
# customer managed key. You can use any of the key identifiers that
|
1699
|
+
# KMS supports, unless you're using a key that's managed by another
|
1700
|
+
# account. If you're using a key managed by another account, then
|
1701
|
+
# specify the key ARN. For more information, see [Key ID][1] in the
|
1702
|
+
# *Amazon Web Services KMS Developer Guide*.
|
1703
|
+
#
|
1704
|
+
#
|
1705
|
+
#
|
1706
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
|
1707
|
+
# @return [String]
|
1708
|
+
#
|
1709
|
+
# @!attribute [rw] type
|
1710
|
+
# The type of Amazon Web Services KMS key to use for encryption of
|
1711
|
+
# your Network Firewall resources.
|
1712
|
+
# @return [String]
|
1713
|
+
#
|
1714
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/EncryptionConfiguration AWS API Documentation
|
1715
|
+
#
|
1716
|
+
class EncryptionConfiguration < Struct.new(
|
1717
|
+
:key_id,
|
1718
|
+
:type)
|
1719
|
+
SENSITIVE = []
|
1720
|
+
include Aws::Structure
|
1721
|
+
end
|
1722
|
+
|
1723
|
+
# The firewall defines the configuration settings for an Network
|
1629
1724
|
# Firewall firewall. These settings include the firewall policy, the
|
1630
1725
|
# subnets in your VPC to use for the firewall endpoints, and any tags
|
1631
|
-
# that are attached to the firewall
|
1726
|
+
# that are attached to the firewall Amazon Web Services resource.
|
1632
1727
|
#
|
1633
1728
|
# The status of the firewall, for example whether it's ready to filter
|
1634
1729
|
# network traffic, is provided in the corresponding FirewallStatus. You
|
@@ -1695,6 +1790,11 @@ module Aws::NetworkFirewall
|
|
1695
1790
|
# @!attribute [rw] tags
|
1696
1791
|
# @return [Array<Types::Tag>]
|
1697
1792
|
#
|
1793
|
+
# @!attribute [rw] encryption_configuration
|
1794
|
+
# A complex type that contains the Amazon Web Services KMS encryption
|
1795
|
+
# configuration settings for your firewall.
|
1796
|
+
# @return [Types::EncryptionConfiguration]
|
1797
|
+
#
|
1698
1798
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Firewall AWS API Documentation
|
1699
1799
|
#
|
1700
1800
|
class Firewall < Struct.new(
|
@@ -1708,7 +1808,8 @@ module Aws::NetworkFirewall
|
|
1708
1808
|
:firewall_policy_change_protection,
|
1709
1809
|
:description,
|
1710
1810
|
:firewall_id,
|
1711
|
-
:tags
|
1811
|
+
:tags,
|
1812
|
+
:encryption_configuration)
|
1712
1813
|
SENSITIVE = []
|
1713
1814
|
include Aws::Structure
|
1714
1815
|
end
|
@@ -1850,12 +1951,12 @@ module Aws::NetworkFirewall
|
|
1850
1951
|
#
|
1851
1952
|
# * aws:alert\_established
|
1852
1953
|
#
|
1853
|
-
# For more information, see [Strict evaluation order][1] in the
|
1854
|
-
# Network Firewall Developer Guide*.
|
1954
|
+
# For more information, see [Strict evaluation order][1] in the
|
1955
|
+
# *Network Firewall Developer Guide*.
|
1855
1956
|
#
|
1856
1957
|
#
|
1857
1958
|
#
|
1858
|
-
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-strict-rule-evaluation-order.html
|
1959
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-strict-rule-evaluation-order.html
|
1859
1960
|
# @return [Array<String>]
|
1860
1961
|
#
|
1861
1962
|
# @!attribute [rw] stateful_engine_options
|
@@ -1954,6 +2055,15 @@ module Aws::NetworkFirewall
|
|
1954
2055
|
# policy.
|
1955
2056
|
# @return [Integer]
|
1956
2057
|
#
|
2058
|
+
# @!attribute [rw] encryption_configuration
|
2059
|
+
# A complex type that contains the Amazon Web Services KMS encryption
|
2060
|
+
# configuration settings for your firewall policy.
|
2061
|
+
# @return [Types::EncryptionConfiguration]
|
2062
|
+
#
|
2063
|
+
# @!attribute [rw] last_modified_time
|
2064
|
+
# The last time that the firewall policy was changed.
|
2065
|
+
# @return [Time]
|
2066
|
+
#
|
1957
2067
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicyResponse AWS API Documentation
|
1958
2068
|
#
|
1959
2069
|
class FirewallPolicyResponse < Struct.new(
|
@@ -1965,7 +2075,9 @@ module Aws::NetworkFirewall
|
|
1965
2075
|
:tags,
|
1966
2076
|
:consumed_stateless_rule_capacity,
|
1967
2077
|
:consumed_stateful_rule_capacity,
|
1968
|
-
:number_of_associations
|
2078
|
+
:number_of_associations,
|
2079
|
+
:encryption_configuration,
|
2080
|
+
:last_modified_time)
|
1969
2081
|
SENSITIVE = []
|
1970
2082
|
include Aws::Structure
|
1971
2083
|
end
|
@@ -2018,9 +2130,9 @@ module Aws::NetworkFirewall
|
|
2018
2130
|
include Aws::Structure
|
2019
2131
|
end
|
2020
2132
|
|
2021
|
-
# The basic rule criteria for
|
2022
|
-
#
|
2023
|
-
#
|
2133
|
+
# The basic rule criteria for Network Firewall to use to inspect packet
|
2134
|
+
# headers in stateful traffic flow inspection. Traffic flows that match
|
2135
|
+
# the criteria are a match for the corresponding StatefulRule.
|
2024
2136
|
#
|
2025
2137
|
# @note When making an API call, you may pass Header
|
2026
2138
|
# data as a hash:
|
@@ -2036,7 +2148,8 @@ module Aws::NetworkFirewall
|
|
2036
2148
|
#
|
2037
2149
|
# @!attribute [rw] protocol
|
2038
2150
|
# The protocol to inspect for. To specify all, you can use `IP`,
|
2039
|
-
# because all traffic on
|
2151
|
+
# because all traffic on Amazon Web Services and on the internet is
|
2152
|
+
# IP.
|
2040
2153
|
# @return [String]
|
2041
2154
|
#
|
2042
2155
|
# @!attribute [rw] source
|
@@ -2142,8 +2255,8 @@ module Aws::NetworkFirewall
|
|
2142
2255
|
include Aws::Structure
|
2143
2256
|
end
|
2144
2257
|
|
2145
|
-
#
|
2146
|
-
# request. Try your request later.
|
2258
|
+
# Amazon Web Services doesn't currently have enough available capacity
|
2259
|
+
# to fulfill your request. Try your request later.
|
2147
2260
|
#
|
2148
2261
|
# @!attribute [rw] message
|
2149
2262
|
# @return [String]
|
@@ -2371,6 +2484,8 @@ module Aws::NetworkFirewall
|
|
2371
2484
|
# next_token: "PaginationToken",
|
2372
2485
|
# max_results: 1,
|
2373
2486
|
# scope: "MANAGED", # accepts MANAGED, ACCOUNT
|
2487
|
+
# managed_type: "AWS_MANAGED_THREAT_SIGNATURES", # accepts AWS_MANAGED_THREAT_SIGNATURES, AWS_MANAGED_DOMAIN_LISTS
|
2488
|
+
# type: "STATELESS", # accepts STATELESS, STATEFUL
|
2374
2489
|
# }
|
2375
2490
|
#
|
2376
2491
|
# @!attribute [rw] next_token
|
@@ -2394,12 +2509,25 @@ module Aws::NetworkFirewall
|
|
2394
2509
|
# setting of `MANAGED` returns all available managed rule groups.
|
2395
2510
|
# @return [String]
|
2396
2511
|
#
|
2512
|
+
# @!attribute [rw] managed_type
|
2513
|
+
# Indicates the general category of the Amazon Web Services managed
|
2514
|
+
# rule group.
|
2515
|
+
# @return [String]
|
2516
|
+
#
|
2517
|
+
# @!attribute [rw] type
|
2518
|
+
# Indicates whether the rule group is stateless or stateful. If the
|
2519
|
+
# rule group is stateless, it contains stateless rules. If it is
|
2520
|
+
# stateful, it contains stateful rules.
|
2521
|
+
# @return [String]
|
2522
|
+
#
|
2397
2523
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListRuleGroupsRequest AWS API Documentation
|
2398
2524
|
#
|
2399
2525
|
class ListRuleGroupsRequest < Struct.new(
|
2400
2526
|
:next_token,
|
2401
2527
|
:max_results,
|
2402
|
-
:scope
|
2528
|
+
:scope,
|
2529
|
+
:managed_type,
|
2530
|
+
:type)
|
2403
2531
|
SENSITIVE = []
|
2404
2532
|
include Aws::Structure
|
2405
2533
|
end
|
@@ -2486,10 +2614,10 @@ module Aws::NetworkFirewall
|
|
2486
2614
|
include Aws::Structure
|
2487
2615
|
end
|
2488
2616
|
|
2489
|
-
# Defines where
|
2490
|
-
#
|
2491
|
-
#
|
2492
|
-
#
|
2617
|
+
# Defines where Network Firewall sends logs for the firewall for one log
|
2618
|
+
# type. This is used in LoggingConfiguration. You can send each type of
|
2619
|
+
# log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data
|
2620
|
+
# Firehose delivery stream.
|
2493
2621
|
#
|
2494
2622
|
# Network Firewall generates logs for stateful rule groups. You can save
|
2495
2623
|
# alert and flow log types. The stateful rules engine records flow logs
|
@@ -2570,7 +2698,7 @@ module Aws::NetworkFirewall
|
|
2570
2698
|
include Aws::Structure
|
2571
2699
|
end
|
2572
2700
|
|
2573
|
-
# Defines how
|
2701
|
+
# Defines how Network Firewall performs logging for a Firewall.
|
2574
2702
|
#
|
2575
2703
|
# @note When making an API call, you may pass LoggingConfiguration
|
2576
2704
|
# data as a hash:
|
@@ -2813,10 +2941,9 @@ module Aws::NetworkFirewall
|
|
2813
2941
|
# @return [String]
|
2814
2942
|
#
|
2815
2943
|
# @!attribute [rw] policy
|
2816
|
-
# The
|
2817
|
-
#
|
2818
|
-
#
|
2819
|
-
# to perform.
|
2944
|
+
# The IAM policy statement that lists the accounts that you want to
|
2945
|
+
# share your rule group or firewall policy with and the operations
|
2946
|
+
# that you want the accounts to be able to perform.
|
2820
2947
|
#
|
2821
2948
|
# For a rule group resource, you can specify the following operations
|
2822
2949
|
# in the Actions section of the statement:
|
@@ -2882,7 +3009,7 @@ module Aws::NetworkFirewall
|
|
2882
3009
|
include Aws::Structure
|
2883
3010
|
end
|
2884
3011
|
|
2885
|
-
# The inspection criteria and action for a single stateless rule.
|
3012
|
+
# The inspection criteria and action for a single stateless rule.
|
2886
3013
|
# Network Firewall inspects each packet for the specified matching
|
2887
3014
|
# criteria. When a packet matches the criteria, Network Firewall
|
2888
3015
|
# performs the rule's actions on the packet.
|
@@ -2983,7 +3110,7 @@ module Aws::NetworkFirewall
|
|
2983
3110
|
# RuleGroupResponse, define the rule group. You can retrieve all objects
|
2984
3111
|
# for a rule group by calling DescribeRuleGroup.
|
2985
3112
|
#
|
2986
|
-
#
|
3113
|
+
# Network Firewall uses a rule group to inspect and control network
|
2987
3114
|
# traffic. You define stateless rule groups to inspect individual
|
2988
3115
|
# packets and you define stateful rule groups to inspect packets in the
|
2989
3116
|
# context of their traffic flow.
|
@@ -3206,6 +3333,34 @@ module Aws::NetworkFirewall
|
|
3206
3333
|
# The number of firewall policies that use this rule group.
|
3207
3334
|
# @return [Integer]
|
3208
3335
|
#
|
3336
|
+
# @!attribute [rw] encryption_configuration
|
3337
|
+
# A complex type that contains the Amazon Web Services KMS encryption
|
3338
|
+
# configuration settings for your rule group.
|
3339
|
+
# @return [Types::EncryptionConfiguration]
|
3340
|
+
#
|
3341
|
+
# @!attribute [rw] source_metadata
|
3342
|
+
# A complex type that contains metadata about the rule group that your
|
3343
|
+
# own rule group is copied from. You can use the metadata to track the
|
3344
|
+
# version updates made to the originating rule group.
|
3345
|
+
# @return [Types::SourceMetadata]
|
3346
|
+
#
|
3347
|
+
# @!attribute [rw] sns_topic
|
3348
|
+
# The Amazon resource name (ARN) of the Amazon Simple Notification
|
3349
|
+
# Service SNS topic that's used to record changes to the managed rule
|
3350
|
+
# group. You can subscribe to the SNS topic to receive notifications
|
3351
|
+
# when the managed rule group is modified, such as for new versions
|
3352
|
+
# and for version expiration. For more information, see the [Amazon
|
3353
|
+
# Simple Notification Service Developer Guide.][1].
|
3354
|
+
#
|
3355
|
+
#
|
3356
|
+
#
|
3357
|
+
# [1]: https://docs.aws.amazon.com/sns/latest/dg/welcome.html
|
3358
|
+
# @return [String]
|
3359
|
+
#
|
3360
|
+
# @!attribute [rw] last_modified_time
|
3361
|
+
# The last time that the rule group was changed.
|
3362
|
+
# @return [Time]
|
3363
|
+
#
|
3209
3364
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroupResponse AWS API Documentation
|
3210
3365
|
#
|
3211
3366
|
class RuleGroupResponse < Struct.new(
|
@@ -3218,7 +3373,11 @@ module Aws::NetworkFirewall
|
|
3218
3373
|
:rule_group_status,
|
3219
3374
|
:tags,
|
3220
3375
|
:consumed_capacity,
|
3221
|
-
:number_of_associations
|
3376
|
+
:number_of_associations,
|
3377
|
+
:encryption_configuration,
|
3378
|
+
:source_metadata,
|
3379
|
+
:sns_topic,
|
3380
|
+
:last_modified_time)
|
3222
3381
|
SENSITIVE = []
|
3223
3382
|
include Aws::Structure
|
3224
3383
|
end
|
@@ -3428,7 +3587,7 @@ module Aws::NetworkFirewall
|
|
3428
3587
|
# `HOME_NET` rule variable to include the CIDR range of the deployment
|
3429
3588
|
# VPC plus the other CIDR ranges. For more information, see
|
3430
3589
|
# RuleVariables in this guide and [Stateful domain list rule groups in
|
3431
|
-
#
|
3590
|
+
# Network Firewall][1] in the *Network Firewall Developer Guide*.
|
3432
3591
|
#
|
3433
3592
|
#
|
3434
3593
|
#
|
@@ -3476,6 +3635,47 @@ module Aws::NetworkFirewall
|
|
3476
3635
|
include Aws::Structure
|
3477
3636
|
end
|
3478
3637
|
|
3638
|
+
# High-level information about the managed rule group that your own rule
|
3639
|
+
# group is copied from. You can use the the metadata to track version
|
3640
|
+
# updates made to the originating rule group. You can retrieve all
|
3641
|
+
# objects for a rule group by calling [DescribeRuleGroup][1].
|
3642
|
+
#
|
3643
|
+
#
|
3644
|
+
#
|
3645
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html
|
3646
|
+
#
|
3647
|
+
# @note When making an API call, you may pass SourceMetadata
|
3648
|
+
# data as a hash:
|
3649
|
+
#
|
3650
|
+
# {
|
3651
|
+
# source_arn: "ResourceArn",
|
3652
|
+
# source_update_token: "UpdateToken",
|
3653
|
+
# }
|
3654
|
+
#
|
3655
|
+
# @!attribute [rw] source_arn
|
3656
|
+
# The Amazon Resource Name (ARN) of the rule group that your own rule
|
3657
|
+
# group is copied from.
|
3658
|
+
# @return [String]
|
3659
|
+
#
|
3660
|
+
# @!attribute [rw] source_update_token
|
3661
|
+
# The update token of the Amazon Web Services managed rule group that
|
3662
|
+
# your own rule group is copied from. To determine the update token
|
3663
|
+
# for the managed rule group, call [DescribeRuleGroup][1].
|
3664
|
+
#
|
3665
|
+
#
|
3666
|
+
#
|
3667
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html#networkfirewall-DescribeRuleGroup-response-UpdateToken
|
3668
|
+
# @return [String]
|
3669
|
+
#
|
3670
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/SourceMetadata AWS API Documentation
|
3671
|
+
#
|
3672
|
+
class SourceMetadata < Struct.new(
|
3673
|
+
:source_arn,
|
3674
|
+
:source_update_token)
|
3675
|
+
SENSITIVE = []
|
3676
|
+
include Aws::Structure
|
3677
|
+
end
|
3678
|
+
|
3479
3679
|
# Configuration settings for the handling of the stateful rule groups in
|
3480
3680
|
# a firewall policy.
|
3481
3681
|
#
|
@@ -3492,7 +3692,7 @@ module Aws::NetworkFirewall
|
|
3492
3692
|
# rules are provided to the rule engine as Suricata compatible
|
3493
3693
|
# strings, and Suricata evaluates them based on certain settings. For
|
3494
3694
|
# more information, see [Evaluation order for stateful rules][1] in
|
3495
|
-
# the *
|
3695
|
+
# the *Network Firewall Developer Guide*.
|
3496
3696
|
#
|
3497
3697
|
#
|
3498
3698
|
#
|
@@ -3671,7 +3871,7 @@ module Aws::NetworkFirewall
|
|
3671
3871
|
# rules are provided to the rule engine as Suricata compatible
|
3672
3872
|
# strings, and Suricata evaluates them based on certain settings. For
|
3673
3873
|
# more information, see [Evaluation order for stateful rules][1] in
|
3674
|
-
# the *
|
3874
|
+
# the *Network Firewall Developer Guide*.
|
3675
3875
|
#
|
3676
3876
|
#
|
3677
3877
|
#
|
@@ -3880,7 +4080,7 @@ module Aws::NetworkFirewall
|
|
3880
4080
|
end
|
3881
4081
|
|
3882
4082
|
# The ID for a subnet that you want to associate with the firewall. This
|
3883
|
-
# is used with CreateFirewall and AssociateSubnets.
|
4083
|
+
# is used with CreateFirewall and AssociateSubnets. Network Firewall
|
3884
4084
|
# creates an instance of the associated firewall in each subnet that you
|
3885
4085
|
# specify, to filter traffic in the subnet's Availability Zone.
|
3886
4086
|
#
|
@@ -3906,7 +4106,7 @@ module Aws::NetworkFirewall
|
|
3906
4106
|
# The status of the firewall endpoint and firewall policy configuration
|
3907
4107
|
# for a single VPC subnet.
|
3908
4108
|
#
|
3909
|
-
# For each VPC subnet that you associate with a firewall,
|
4109
|
+
# For each VPC subnet that you associate with a firewall, Network
|
3910
4110
|
# Firewall does the following:
|
3911
4111
|
#
|
3912
4112
|
# * Instantiates a firewall endpoint in the subnet, ready to take
|
@@ -3987,12 +4187,12 @@ module Aws::NetworkFirewall
|
|
3987
4187
|
include Aws::Structure
|
3988
4188
|
end
|
3989
4189
|
|
3990
|
-
# A key:value pair associated with an
|
3991
|
-
# can be anything you define. Typically, the tag key
|
3992
|
-
# category (such as "environment") and the tag value
|
3993
|
-
# specific value within that category (such as "test,"
|
4190
|
+
# A key:value pair associated with an Amazon Web Services resource. The
|
4191
|
+
# key:value pair can be anything you define. Typically, the tag key
|
4192
|
+
# represents a category (such as "environment") and the tag value
|
4193
|
+
# represents a specific value within that category (such as "test,"
|
3994
4194
|
# "development," or "production"). You can add up to 50 tags to each
|
3995
|
-
#
|
4195
|
+
# Amazon Web Services resource.
|
3996
4196
|
#
|
3997
4197
|
# @note When making an API call, you may pass Tag
|
3998
4198
|
# data as a hash:
|
@@ -4323,6 +4523,131 @@ module Aws::NetworkFirewall
|
|
4323
4523
|
include Aws::Structure
|
4324
4524
|
end
|
4325
4525
|
|
4526
|
+
# @note When making an API call, you may pass UpdateFirewallEncryptionConfigurationRequest
|
4527
|
+
# data as a hash:
|
4528
|
+
#
|
4529
|
+
# {
|
4530
|
+
# update_token: "UpdateToken",
|
4531
|
+
# firewall_arn: "ResourceArn",
|
4532
|
+
# firewall_name: "ResourceName",
|
4533
|
+
# encryption_configuration: {
|
4534
|
+
# key_id: "KeyId",
|
4535
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
4536
|
+
# },
|
4537
|
+
# }
|
4538
|
+
#
|
4539
|
+
# @!attribute [rw] update_token
|
4540
|
+
# An optional token that you can use for optimistic locking. Network
|
4541
|
+
# Firewall returns a token to your requests that access the firewall.
|
4542
|
+
# The token marks the state of the firewall resource at the time of
|
4543
|
+
# the request.
|
4544
|
+
#
|
4545
|
+
# To make an unconditional change to the firewall, omit the token in
|
4546
|
+
# your update request. Without the token, Network Firewall performs
|
4547
|
+
# your updates regardless of whether the firewall has changed since
|
4548
|
+
# you last retrieved it.
|
4549
|
+
#
|
4550
|
+
# To make a conditional change to the firewall, provide the token in
|
4551
|
+
# your update request. Network Firewall uses the token to ensure that
|
4552
|
+
# the firewall hasn't changed since you last retrieved it. If it has
|
4553
|
+
# changed, the operation fails with an `InvalidTokenException`. If
|
4554
|
+
# this happens, retrieve the firewall again to get a current copy of
|
4555
|
+
# it with a new token. Reapply your changes as needed, then try the
|
4556
|
+
# operation again using the new token.
|
4557
|
+
# @return [String]
|
4558
|
+
#
|
4559
|
+
# @!attribute [rw] firewall_arn
|
4560
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
4561
|
+
# @return [String]
|
4562
|
+
#
|
4563
|
+
# @!attribute [rw] firewall_name
|
4564
|
+
# The descriptive name of the firewall. You can't change the name of
|
4565
|
+
# a firewall after you create it.
|
4566
|
+
# @return [String]
|
4567
|
+
#
|
4568
|
+
# @!attribute [rw] encryption_configuration
|
4569
|
+
# A complex type that contains optional Amazon Web Services Key
|
4570
|
+
# Management Service (KMS) encryption settings for your Network
|
4571
|
+
# Firewall resources. Your data is encrypted by default with an Amazon
|
4572
|
+
# Web Services owned key that Amazon Web Services owns and manages for
|
4573
|
+
# you. You can use either the Amazon Web Services owned key, or
|
4574
|
+
# provide your own customer managed key. To learn more about KMS
|
4575
|
+
# encryption of your Network Firewall resources, see [Encryption at
|
4576
|
+
# rest with Amazon Web Services Key Managment Service][1] in the
|
4577
|
+
# *Network Firewall Developer Guide*.
|
4578
|
+
#
|
4579
|
+
#
|
4580
|
+
#
|
4581
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
|
4582
|
+
# @return [Types::EncryptionConfiguration]
|
4583
|
+
#
|
4584
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfigurationRequest AWS API Documentation
|
4585
|
+
#
|
4586
|
+
class UpdateFirewallEncryptionConfigurationRequest < Struct.new(
|
4587
|
+
:update_token,
|
4588
|
+
:firewall_arn,
|
4589
|
+
:firewall_name,
|
4590
|
+
:encryption_configuration)
|
4591
|
+
SENSITIVE = []
|
4592
|
+
include Aws::Structure
|
4593
|
+
end
|
4594
|
+
|
4595
|
+
# @!attribute [rw] firewall_arn
|
4596
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
4597
|
+
# @return [String]
|
4598
|
+
#
|
4599
|
+
# @!attribute [rw] firewall_name
|
4600
|
+
# The descriptive name of the firewall. You can't change the name of
|
4601
|
+
# a firewall after you create it.
|
4602
|
+
# @return [String]
|
4603
|
+
#
|
4604
|
+
# @!attribute [rw] update_token
|
4605
|
+
# An optional token that you can use for optimistic locking. Network
|
4606
|
+
# Firewall returns a token to your requests that access the firewall.
|
4607
|
+
# The token marks the state of the firewall resource at the time of
|
4608
|
+
# the request.
|
4609
|
+
#
|
4610
|
+
# To make an unconditional change to the firewall, omit the token in
|
4611
|
+
# your update request. Without the token, Network Firewall performs
|
4612
|
+
# your updates regardless of whether the firewall has changed since
|
4613
|
+
# you last retrieved it.
|
4614
|
+
#
|
4615
|
+
# To make a conditional change to the firewall, provide the token in
|
4616
|
+
# your update request. Network Firewall uses the token to ensure that
|
4617
|
+
# the firewall hasn't changed since you last retrieved it. If it has
|
4618
|
+
# changed, the operation fails with an `InvalidTokenException`. If
|
4619
|
+
# this happens, retrieve the firewall again to get a current copy of
|
4620
|
+
# it with a new token. Reapply your changes as needed, then try the
|
4621
|
+
# operation again using the new token.
|
4622
|
+
# @return [String]
|
4623
|
+
#
|
4624
|
+
# @!attribute [rw] encryption_configuration
|
4625
|
+
# A complex type that contains optional Amazon Web Services Key
|
4626
|
+
# Management Service (KMS) encryption settings for your Network
|
4627
|
+
# Firewall resources. Your data is encrypted by default with an Amazon
|
4628
|
+
# Web Services owned key that Amazon Web Services owns and manages for
|
4629
|
+
# you. You can use either the Amazon Web Services owned key, or
|
4630
|
+
# provide your own customer managed key. To learn more about KMS
|
4631
|
+
# encryption of your Network Firewall resources, see [Encryption at
|
4632
|
+
# rest with Amazon Web Services Key Managment Service][1] in the
|
4633
|
+
# *Network Firewall Developer Guide*.
|
4634
|
+
#
|
4635
|
+
#
|
4636
|
+
#
|
4637
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
|
4638
|
+
# @return [Types::EncryptionConfiguration]
|
4639
|
+
#
|
4640
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfigurationResponse AWS API Documentation
|
4641
|
+
#
|
4642
|
+
class UpdateFirewallEncryptionConfigurationResponse < Struct.new(
|
4643
|
+
:firewall_arn,
|
4644
|
+
:firewall_name,
|
4645
|
+
:update_token,
|
4646
|
+
:encryption_configuration)
|
4647
|
+
SENSITIVE = []
|
4648
|
+
include Aws::Structure
|
4649
|
+
end
|
4650
|
+
|
4326
4651
|
# @note When making an API call, you may pass UpdateFirewallPolicyChangeProtectionRequest
|
4327
4652
|
# data as a hash:
|
4328
4653
|
#
|
@@ -4479,6 +4804,10 @@ module Aws::NetworkFirewall
|
|
4479
4804
|
# },
|
4480
4805
|
# description: "Description",
|
4481
4806
|
# dry_run: false,
|
4807
|
+
# encryption_configuration: {
|
4808
|
+
# key_id: "KeyId",
|
4809
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
4810
|
+
# },
|
4482
4811
|
# }
|
4483
4812
|
#
|
4484
4813
|
# @!attribute [rw] update_token
|
@@ -4532,6 +4861,11 @@ module Aws::NetworkFirewall
|
|
4532
4861
|
# your resources.
|
4533
4862
|
# @return [Boolean]
|
4534
4863
|
#
|
4864
|
+
# @!attribute [rw] encryption_configuration
|
4865
|
+
# A complex type that contains settings for encryption of your
|
4866
|
+
# firewall policy resources.
|
4867
|
+
# @return [Types::EncryptionConfiguration]
|
4868
|
+
#
|
4535
4869
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicyRequest AWS API Documentation
|
4536
4870
|
#
|
4537
4871
|
class UpdateFirewallPolicyRequest < Struct.new(
|
@@ -4540,7 +4874,8 @@ module Aws::NetworkFirewall
|
|
4540
4874
|
:firewall_policy_name,
|
4541
4875
|
:firewall_policy,
|
4542
4876
|
:description,
|
4543
|
-
:dry_run
|
4877
|
+
:dry_run,
|
4878
|
+
:encryption_configuration)
|
4544
4879
|
SENSITIVE = []
|
4545
4880
|
include Aws::Structure
|
4546
4881
|
end
|
@@ -4632,7 +4967,7 @@ module Aws::NetworkFirewall
|
|
4632
4967
|
# @return [String]
|
4633
4968
|
#
|
4634
4969
|
# @!attribute [rw] logging_configuration
|
4635
|
-
# Defines how
|
4970
|
+
# Defines how Network Firewall performs logging for a Firewall.
|
4636
4971
|
# @return [Types::LoggingConfiguration]
|
4637
4972
|
#
|
4638
4973
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateLoggingConfigurationResponse AWS API Documentation
|
@@ -4755,6 +5090,14 @@ module Aws::NetworkFirewall
|
|
4755
5090
|
# type: "STATELESS", # accepts STATELESS, STATEFUL
|
4756
5091
|
# description: "Description",
|
4757
5092
|
# dry_run: false,
|
5093
|
+
# encryption_configuration: {
|
5094
|
+
# key_id: "KeyId",
|
5095
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
5096
|
+
# },
|
5097
|
+
# source_metadata: {
|
5098
|
+
# source_arn: "ResourceArn",
|
5099
|
+
# source_update_token: "UpdateToken",
|
5100
|
+
# },
|
4758
5101
|
# }
|
4759
5102
|
#
|
4760
5103
|
# @!attribute [rw] update_token
|
@@ -4840,6 +5183,17 @@ module Aws::NetworkFirewall
|
|
4840
5183
|
# your resources.
|
4841
5184
|
# @return [Boolean]
|
4842
5185
|
#
|
5186
|
+
# @!attribute [rw] encryption_configuration
|
5187
|
+
# A complex type that contains settings for encryption of your rule
|
5188
|
+
# group resources.
|
5189
|
+
# @return [Types::EncryptionConfiguration]
|
5190
|
+
#
|
5191
|
+
# @!attribute [rw] source_metadata
|
5192
|
+
# A complex type that contains metadata about the rule group that your
|
5193
|
+
# own rule group is copied from. You can use the metadata to keep
|
5194
|
+
# track of updates made to the originating rule group.
|
5195
|
+
# @return [Types::SourceMetadata]
|
5196
|
+
#
|
4843
5197
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroupRequest AWS API Documentation
|
4844
5198
|
#
|
4845
5199
|
class UpdateRuleGroupRequest < Struct.new(
|
@@ -4850,7 +5204,9 @@ module Aws::NetworkFirewall
|
|
4850
5204
|
:rules,
|
4851
5205
|
:type,
|
4852
5206
|
:description,
|
4853
|
-
:dry_run
|
5207
|
+
:dry_run,
|
5208
|
+
:encryption_configuration,
|
5209
|
+
:source_metadata)
|
4854
5210
|
SENSITIVE = []
|
4855
5211
|
include Aws::Structure
|
4856
5212
|
end
|