aws-sdk-networkfirewall 1.15.0 → 1.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-networkfirewall/client.rb +262 -40
- data/lib/aws-sdk-networkfirewall/client_api.rb +94 -0
- data/lib/aws-sdk-networkfirewall/types.rb +571 -55
- data/lib/aws-sdk-networkfirewall.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b13f43ce3588c6c4542cafe04c38770518df59d8ac1d51f4544ea0ef03bae8cb
|
4
|
+
data.tar.gz: 2e8adacc2451fe8f264e0b67b870a1bbd700c292a67bb1a9c528b96e4dc66020
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9204851dd108b726d1945b131d1c288ddec3987732d9ab6fe12b776b14fe107c607e4bc65dc69406c9edd03f5a319dc0e92728927563a94db9e740caf23809eb
|
7
|
+
data.tar.gz: 57ade2ad3ac3df5424ec6dab830ca3593855995dac31e88c0e6f97b1a5730d61359b2bca58873b7bce112c2a7270c69e0ae6886cc8662c3110711441ad19340a
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,21 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.18.0 (2022-07-21)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Network Firewall now supports referencing dynamic IP sets from stateful rule groups, for IP sets stored in Amazon VPC prefix lists.
|
8
|
+
|
9
|
+
1.17.0 (2022-04-28)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - AWS Network Firewall adds support for stateful threat signature AWS managed rule groups.
|
13
|
+
|
14
|
+
1.16.0 (2022-04-26)
|
15
|
+
------------------
|
16
|
+
|
17
|
+
* Feature - AWS Network Firewall now enables customers to use a customer managed AWS KMS key for the encryption of their firewall resources.
|
18
|
+
|
4
19
|
1.15.0 (2022-02-24)
|
5
20
|
------------------
|
6
21
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.18.0
|
@@ -437,8 +437,8 @@ module Aws::NetworkFirewall
|
|
437
437
|
# You can specify one subnet for each of the Availability Zones that the
|
438
438
|
# VPC spans.
|
439
439
|
#
|
440
|
-
# This request creates an
|
441
|
-
#
|
440
|
+
# This request creates an Network Firewall firewall endpoint in each of
|
441
|
+
# the subnets. To enable the firewall's protections, you must also
|
442
442
|
# modify the VPC's route tables for each subnet's Availability Zone,
|
443
443
|
# to redirect the traffic that's coming into and going out of the zone
|
444
444
|
# through the firewall endpoint.
|
@@ -513,14 +513,14 @@ module Aws::NetworkFirewall
|
|
513
513
|
req.send_request(options)
|
514
514
|
end
|
515
515
|
|
516
|
-
# Creates an
|
517
|
-
#
|
516
|
+
# Creates an Network Firewall Firewall and accompanying FirewallStatus
|
517
|
+
# for a VPC.
|
518
518
|
#
|
519
|
-
# The firewall defines the configuration settings for an
|
519
|
+
# The firewall defines the configuration settings for an Network
|
520
520
|
# Firewall firewall. The settings that you can define at creation
|
521
521
|
# include the firewall policy, the subnets in your VPC to use for the
|
522
|
-
# firewall endpoints, and any tags that are attached to the firewall
|
523
|
-
# resource.
|
522
|
+
# firewall endpoints, and any tags that are attached to the firewall
|
523
|
+
# Amazon Web Services resource.
|
524
524
|
#
|
525
525
|
# After you create a firewall, you can provide additional settings, like
|
526
526
|
# the logging configuration.
|
@@ -530,8 +530,9 @@ module Aws::NetworkFirewall
|
|
530
530
|
# UpdateLoggingConfiguration, AssociateSubnets, and
|
531
531
|
# UpdateFirewallDeleteProtection.
|
532
532
|
#
|
533
|
-
# To manage a firewall's tags, use the standard
|
534
|
-
# operations, ListTagsForResource, TagResource, and
|
533
|
+
# To manage a firewall's tags, use the standard Amazon Web Services
|
534
|
+
# resource tagging operations, ListTagsForResource, TagResource, and
|
535
|
+
# UntagResource.
|
535
536
|
#
|
536
537
|
# To retrieve information about firewalls, use ListFirewalls and
|
537
538
|
# DescribeFirewall.
|
@@ -582,6 +583,10 @@ module Aws::NetworkFirewall
|
|
582
583
|
# @option params [Array<Types::Tag>] :tags
|
583
584
|
# The key:value pairs to associate with the resource.
|
584
585
|
#
|
586
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
587
|
+
# A complex type that contains settings for encryption of your firewall
|
588
|
+
# resources.
|
589
|
+
#
|
585
590
|
# @return [Types::CreateFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
586
591
|
#
|
587
592
|
# * {Types::CreateFirewallResponse#firewall #firewall} => Types::Firewall
|
@@ -608,6 +613,10 @@ module Aws::NetworkFirewall
|
|
608
613
|
# value: "TagValue", # required
|
609
614
|
# },
|
610
615
|
# ],
|
616
|
+
# encryption_configuration: {
|
617
|
+
# key_id: "KeyId",
|
618
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
619
|
+
# },
|
611
620
|
# })
|
612
621
|
#
|
613
622
|
# @example Response structure
|
@@ -626,15 +635,21 @@ module Aws::NetworkFirewall
|
|
626
635
|
# resp.firewall.tags #=> Array
|
627
636
|
# resp.firewall.tags[0].key #=> String
|
628
637
|
# resp.firewall.tags[0].value #=> String
|
638
|
+
# resp.firewall.encryption_configuration.key_id #=> String
|
639
|
+
# resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
629
640
|
# resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
|
630
|
-
# resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
|
641
|
+
# resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
|
631
642
|
# resp.firewall_status.sync_states #=> Hash
|
632
643
|
# resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
|
633
644
|
# resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
|
634
645
|
# resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
|
635
646
|
# resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
|
636
|
-
# resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC"
|
647
|
+
# resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
|
637
648
|
# resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].update_token #=> String
|
649
|
+
# resp.firewall_status.capacity_usage_summary.cid_rs.available_cidr_count #=> Integer
|
650
|
+
# resp.firewall_status.capacity_usage_summary.cid_rs.utilized_cidr_count #=> Integer
|
651
|
+
# resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references #=> Hash
|
652
|
+
# resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references["IPSetArn"].resolved_cidr_count #=> Integer
|
638
653
|
#
|
639
654
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewall AWS API Documentation
|
640
655
|
#
|
@@ -648,7 +663,7 @@ module Aws::NetworkFirewall
|
|
648
663
|
# Creates the firewall policy for the firewall according to the
|
649
664
|
# specifications.
|
650
665
|
#
|
651
|
-
# An
|
666
|
+
# An Network Firewall firewall policy defines the behavior of a
|
652
667
|
# firewall, in a collection of stateless and stateful rule groups and
|
653
668
|
# other settings. You can use one firewall policy for multiple
|
654
669
|
# firewalls.
|
@@ -681,6 +696,10 @@ module Aws::NetworkFirewall
|
|
681
696
|
# If set to `FALSE`, Network Firewall makes the requested changes to
|
682
697
|
# your resources.
|
683
698
|
#
|
699
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
700
|
+
# A complex type that contains settings for encryption of your firewall
|
701
|
+
# policy resources.
|
702
|
+
#
|
684
703
|
# @return [Types::CreateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
685
704
|
#
|
686
705
|
# * {Types::CreateFirewallPolicyResponse#update_token #update_token} => String
|
@@ -735,6 +754,10 @@ module Aws::NetworkFirewall
|
|
735
754
|
# },
|
736
755
|
# ],
|
737
756
|
# dry_run: false,
|
757
|
+
# encryption_configuration: {
|
758
|
+
# key_id: "KeyId",
|
759
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
760
|
+
# },
|
738
761
|
# })
|
739
762
|
#
|
740
763
|
# @example Response structure
|
@@ -751,6 +774,9 @@ module Aws::NetworkFirewall
|
|
751
774
|
# resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
|
752
775
|
# resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
|
753
776
|
# resp.firewall_policy_response.number_of_associations #=> Integer
|
777
|
+
# resp.firewall_policy_response.encryption_configuration.key_id #=> String
|
778
|
+
# resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
779
|
+
# resp.firewall_policy_response.last_modified_time #=> Time
|
754
780
|
#
|
755
781
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicy AWS API Documentation
|
756
782
|
#
|
@@ -869,6 +895,15 @@ module Aws::NetworkFirewall
|
|
869
895
|
# If set to `FALSE`, Network Firewall makes the requested changes to
|
870
896
|
# your resources.
|
871
897
|
#
|
898
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
899
|
+
# A complex type that contains settings for encryption of your rule
|
900
|
+
# group resources.
|
901
|
+
#
|
902
|
+
# @option params [Types::SourceMetadata] :source_metadata
|
903
|
+
# A complex type that contains metadata about the rule group that your
|
904
|
+
# own rule group is copied from. You can use the metadata to keep track
|
905
|
+
# of updates made to the originating rule group.
|
906
|
+
#
|
872
907
|
# @return [Types::CreateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
873
908
|
#
|
874
909
|
# * {Types::CreateRuleGroupResponse#update_token #update_token} => String
|
@@ -891,6 +926,13 @@ module Aws::NetworkFirewall
|
|
891
926
|
# },
|
892
927
|
# },
|
893
928
|
# },
|
929
|
+
# reference_sets: {
|
930
|
+
# ip_set_references: {
|
931
|
+
# "IPSetReferenceName" => {
|
932
|
+
# reference_arn: "ResourceArn",
|
933
|
+
# },
|
934
|
+
# },
|
935
|
+
# },
|
894
936
|
# rules_source: { # required
|
895
937
|
# rules_string: "RulesString",
|
896
938
|
# rules_source_list: {
|
@@ -988,6 +1030,14 @@ module Aws::NetworkFirewall
|
|
988
1030
|
# },
|
989
1031
|
# ],
|
990
1032
|
# dry_run: false,
|
1033
|
+
# encryption_configuration: {
|
1034
|
+
# key_id: "KeyId",
|
1035
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
1036
|
+
# },
|
1037
|
+
# source_metadata: {
|
1038
|
+
# source_arn: "ResourceArn",
|
1039
|
+
# source_update_token: "UpdateToken",
|
1040
|
+
# },
|
991
1041
|
# })
|
992
1042
|
#
|
993
1043
|
# @example Response structure
|
@@ -1005,6 +1055,12 @@ module Aws::NetworkFirewall
|
|
1005
1055
|
# resp.rule_group_response.tags[0].value #=> String
|
1006
1056
|
# resp.rule_group_response.consumed_capacity #=> Integer
|
1007
1057
|
# resp.rule_group_response.number_of_associations #=> Integer
|
1058
|
+
# resp.rule_group_response.encryption_configuration.key_id #=> String
|
1059
|
+
# resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1060
|
+
# resp.rule_group_response.source_metadata.source_arn #=> String
|
1061
|
+
# resp.rule_group_response.source_metadata.source_update_token #=> String
|
1062
|
+
# resp.rule_group_response.sns_topic #=> String
|
1063
|
+
# resp.rule_group_response.last_modified_time #=> Time
|
1008
1064
|
#
|
1009
1065
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup AWS API Documentation
|
1010
1066
|
#
|
@@ -1070,15 +1126,21 @@ module Aws::NetworkFirewall
|
|
1070
1126
|
# resp.firewall.tags #=> Array
|
1071
1127
|
# resp.firewall.tags[0].key #=> String
|
1072
1128
|
# resp.firewall.tags[0].value #=> String
|
1129
|
+
# resp.firewall.encryption_configuration.key_id #=> String
|
1130
|
+
# resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1073
1131
|
# resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
|
1074
|
-
# resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
|
1132
|
+
# resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
|
1075
1133
|
# resp.firewall_status.sync_states #=> Hash
|
1076
1134
|
# resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
|
1077
1135
|
# resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
|
1078
1136
|
# resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
|
1079
1137
|
# resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
|
1080
|
-
# resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC"
|
1138
|
+
# resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
|
1081
1139
|
# resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].update_token #=> String
|
1140
|
+
# resp.firewall_status.capacity_usage_summary.cid_rs.available_cidr_count #=> Integer
|
1141
|
+
# resp.firewall_status.capacity_usage_summary.cid_rs.utilized_cidr_count #=> Integer
|
1142
|
+
# resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references #=> Hash
|
1143
|
+
# resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references["IPSetArn"].resolved_cidr_count #=> Integer
|
1082
1144
|
#
|
1083
1145
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewall AWS API Documentation
|
1084
1146
|
#
|
@@ -1126,6 +1188,9 @@ module Aws::NetworkFirewall
|
|
1126
1188
|
# resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
|
1127
1189
|
# resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
|
1128
1190
|
# resp.firewall_policy_response.number_of_associations #=> Integer
|
1191
|
+
# resp.firewall_policy_response.encryption_configuration.key_id #=> String
|
1192
|
+
# resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1193
|
+
# resp.firewall_policy_response.last_modified_time #=> Time
|
1129
1194
|
#
|
1130
1195
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallPolicy AWS API Documentation
|
1131
1196
|
#
|
@@ -1209,6 +1274,12 @@ module Aws::NetworkFirewall
|
|
1209
1274
|
# resp.rule_group_response.tags[0].value #=> String
|
1210
1275
|
# resp.rule_group_response.consumed_capacity #=> Integer
|
1211
1276
|
# resp.rule_group_response.number_of_associations #=> Integer
|
1277
|
+
# resp.rule_group_response.encryption_configuration.key_id #=> String
|
1278
|
+
# resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1279
|
+
# resp.rule_group_response.source_metadata.source_arn #=> String
|
1280
|
+
# resp.rule_group_response.source_metadata.source_update_token #=> String
|
1281
|
+
# resp.rule_group_response.sns_topic #=> String
|
1282
|
+
# resp.rule_group_response.last_modified_time #=> Time
|
1212
1283
|
#
|
1213
1284
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup AWS API Documentation
|
1214
1285
|
#
|
@@ -1262,15 +1333,21 @@ module Aws::NetworkFirewall
|
|
1262
1333
|
# resp.firewall.tags #=> Array
|
1263
1334
|
# resp.firewall.tags[0].key #=> String
|
1264
1335
|
# resp.firewall.tags[0].value #=> String
|
1336
|
+
# resp.firewall.encryption_configuration.key_id #=> String
|
1337
|
+
# resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1265
1338
|
# resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
|
1266
|
-
# resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
|
1339
|
+
# resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
|
1267
1340
|
# resp.firewall_status.sync_states #=> Hash
|
1268
1341
|
# resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
|
1269
1342
|
# resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
|
1270
1343
|
# resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
|
1271
1344
|
# resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
|
1272
|
-
# resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC"
|
1345
|
+
# resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
|
1273
1346
|
# resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].update_token #=> String
|
1347
|
+
# resp.firewall_status.capacity_usage_summary.cid_rs.available_cidr_count #=> Integer
|
1348
|
+
# resp.firewall_status.capacity_usage_summary.cid_rs.utilized_cidr_count #=> Integer
|
1349
|
+
# resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references #=> Hash
|
1350
|
+
# resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references["IPSetArn"].resolved_cidr_count #=> Integer
|
1274
1351
|
#
|
1275
1352
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewall AWS API Documentation
|
1276
1353
|
#
|
@@ -1321,6 +1398,9 @@ module Aws::NetworkFirewall
|
|
1321
1398
|
# resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
|
1322
1399
|
# resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
|
1323
1400
|
# resp.firewall_policy_response.number_of_associations #=> Integer
|
1401
|
+
# resp.firewall_policy_response.encryption_configuration.key_id #=> String
|
1402
|
+
# resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1403
|
+
# resp.firewall_policy_response.last_modified_time #=> Time
|
1324
1404
|
# resp.firewall_policy.stateless_rule_group_references #=> Array
|
1325
1405
|
# resp.firewall_policy.stateless_rule_group_references[0].resource_arn #=> String
|
1326
1406
|
# resp.firewall_policy.stateless_rule_group_references[0].priority #=> Integer
|
@@ -1468,6 +1548,8 @@ module Aws::NetworkFirewall
|
|
1468
1548
|
# resp.rule_group.rule_variables.port_sets #=> Hash
|
1469
1549
|
# resp.rule_group.rule_variables.port_sets["RuleVariableName"].definition #=> Array
|
1470
1550
|
# resp.rule_group.rule_variables.port_sets["RuleVariableName"].definition[0] #=> String
|
1551
|
+
# resp.rule_group.reference_sets.ip_set_references #=> Hash
|
1552
|
+
# resp.rule_group.reference_sets.ip_set_references["IPSetReferenceName"].reference_arn #=> String
|
1471
1553
|
# resp.rule_group.rules_source.rules_string #=> String
|
1472
1554
|
# resp.rule_group.rules_source.rules_source_list.targets #=> Array
|
1473
1555
|
# resp.rule_group.rules_source.rules_source_list.targets[0] #=> String
|
@@ -1524,6 +1606,12 @@ module Aws::NetworkFirewall
|
|
1524
1606
|
# resp.rule_group_response.tags[0].value #=> String
|
1525
1607
|
# resp.rule_group_response.consumed_capacity #=> Integer
|
1526
1608
|
# resp.rule_group_response.number_of_associations #=> Integer
|
1609
|
+
# resp.rule_group_response.encryption_configuration.key_id #=> String
|
1610
|
+
# resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1611
|
+
# resp.rule_group_response.source_metadata.source_arn #=> String
|
1612
|
+
# resp.rule_group_response.source_metadata.source_update_token #=> String
|
1613
|
+
# resp.rule_group_response.sns_topic #=> String
|
1614
|
+
# resp.rule_group_response.last_modified_time #=> Time
|
1527
1615
|
#
|
1528
1616
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup AWS API Documentation
|
1529
1617
|
#
|
@@ -1569,6 +1657,7 @@ module Aws::NetworkFirewall
|
|
1569
1657
|
# * {Types::DescribeRuleGroupMetadataResponse#type #type} => String
|
1570
1658
|
# * {Types::DescribeRuleGroupMetadataResponse#capacity #capacity} => Integer
|
1571
1659
|
# * {Types::DescribeRuleGroupMetadataResponse#stateful_rule_options #stateful_rule_options} => Types::StatefulRuleOptions
|
1660
|
+
# * {Types::DescribeRuleGroupMetadataResponse#last_modified_time #last_modified_time} => Time
|
1572
1661
|
#
|
1573
1662
|
# @example Request syntax with placeholder values
|
1574
1663
|
#
|
@@ -1586,6 +1675,7 @@ module Aws::NetworkFirewall
|
|
1586
1675
|
# resp.type #=> String, one of "STATELESS", "STATEFUL"
|
1587
1676
|
# resp.capacity #=> Integer
|
1588
1677
|
# resp.stateful_rule_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
|
1678
|
+
# resp.last_modified_time #=> Time
|
1589
1679
|
#
|
1590
1680
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadata AWS API Documentation
|
1591
1681
|
#
|
@@ -1791,6 +1881,15 @@ module Aws::NetworkFirewall
|
|
1791
1881
|
# setting of `NULL` returns all of the rule groups in your account. A
|
1792
1882
|
# setting of `MANAGED` returns all available managed rule groups.
|
1793
1883
|
#
|
1884
|
+
# @option params [String] :managed_type
|
1885
|
+
# Indicates the general category of the Amazon Web Services managed rule
|
1886
|
+
# group.
|
1887
|
+
#
|
1888
|
+
# @option params [String] :type
|
1889
|
+
# Indicates whether the rule group is stateless or stateful. If the rule
|
1890
|
+
# group is stateless, it contains stateless rules. If it is stateful, it
|
1891
|
+
# contains stateful rules.
|
1892
|
+
#
|
1794
1893
|
# @return [Types::ListRuleGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1795
1894
|
#
|
1796
1895
|
# * {Types::ListRuleGroupsResponse#next_token #next_token} => String
|
@@ -1804,6 +1903,8 @@ module Aws::NetworkFirewall
|
|
1804
1903
|
# next_token: "PaginationToken",
|
1805
1904
|
# max_results: 1,
|
1806
1905
|
# scope: "MANAGED", # accepts MANAGED, ACCOUNT
|
1906
|
+
# managed_type: "AWS_MANAGED_THREAT_SIGNATURES", # accepts AWS_MANAGED_THREAT_SIGNATURES, AWS_MANAGED_DOMAIN_LISTS
|
1907
|
+
# type: "STATELESS", # accepts STATELESS, STATEFUL
|
1807
1908
|
# })
|
1808
1909
|
#
|
1809
1910
|
# @example Response structure
|
@@ -1826,11 +1927,11 @@ module Aws::NetworkFirewall
|
|
1826
1927
|
# key:value pairs that you can use to categorize and manage your
|
1827
1928
|
# resources, for purposes like billing. For example, you might set the
|
1828
1929
|
# tag key to "customer" and the value to the customer name or ID. You
|
1829
|
-
# can specify one or more tags to add to each
|
1830
|
-
# tags for a resource.
|
1930
|
+
# can specify one or more tags to add to each Amazon Web Services
|
1931
|
+
# resource, up to 50 tags for a resource.
|
1831
1932
|
#
|
1832
|
-
# You can tag the
|
1833
|
-
# Firewall: firewalls, firewall policies, and rule groups.
|
1933
|
+
# You can tag the Amazon Web Services resources that you manage through
|
1934
|
+
# Network Firewall: firewalls, firewall policies, and rule groups.
|
1834
1935
|
#
|
1835
1936
|
# @option params [String] :next_token
|
1836
1937
|
# When you request a list of objects with a `MaxResults` setting, if the
|
@@ -1879,11 +1980,11 @@ module Aws::NetworkFirewall
|
|
1879
1980
|
req.send_request(options)
|
1880
1981
|
end
|
1881
1982
|
|
1882
|
-
# Creates or updates an
|
1883
|
-
#
|
1884
|
-
#
|
1885
|
-
#
|
1886
|
-
#
|
1983
|
+
# Creates or updates an IAM policy for your rule group or firewall
|
1984
|
+
# policy. Use this to share rule groups and firewall policies between
|
1985
|
+
# accounts. This operation works in conjunction with the Amazon Web
|
1986
|
+
# Services Resource Access Manager (RAM) service to manage resource
|
1987
|
+
# sharing for Network Firewall.
|
1887
1988
|
#
|
1888
1989
|
# Use this operation to create or update a resource policy for your rule
|
1889
1990
|
# group or firewall policy. In the policy, you specify the accounts that
|
@@ -1900,8 +2001,8 @@ module Aws::NetworkFirewall
|
|
1900
2001
|
# * [AcceptResourceShareInvitation][2] - Accepts the share invitation
|
1901
2002
|
# for a specified resource share.
|
1902
2003
|
#
|
1903
|
-
# For additional information about resource sharing using RAM, see
|
1904
|
-
# Resource Access Manager User Guide][3].
|
2004
|
+
# For additional information about resource sharing using RAM, see
|
2005
|
+
# [Resource Access Manager User Guide][3].
|
1905
2006
|
#
|
1906
2007
|
#
|
1907
2008
|
#
|
@@ -1914,10 +2015,9 @@ module Aws::NetworkFirewall
|
|
1914
2015
|
# rule groups and firewall policies with.
|
1915
2016
|
#
|
1916
2017
|
# @option params [required, String] :policy
|
1917
|
-
# The
|
1918
|
-
#
|
1919
|
-
#
|
1920
|
-
# perform.
|
2018
|
+
# The IAM policy statement that lists the accounts that you want to
|
2019
|
+
# share your rule group or firewall policy with and the operations that
|
2020
|
+
# you want the accounts to be able to perform.
|
1921
2021
|
#
|
1922
2022
|
# For a rule group resource, you can specify the following operations in
|
1923
2023
|
# the Actions section of the statement:
|
@@ -1965,11 +2065,11 @@ module Aws::NetworkFirewall
|
|
1965
2065
|
# pairs that you can use to categorize and manage your resources, for
|
1966
2066
|
# purposes like billing. For example, you might set the tag key to
|
1967
2067
|
# "customer" and the value to the customer name or ID. You can specify
|
1968
|
-
# one or more tags to add to each
|
1969
|
-
# resource.
|
2068
|
+
# one or more tags to add to each Amazon Web Services resource, up to 50
|
2069
|
+
# tags for a resource.
|
1970
2070
|
#
|
1971
|
-
# You can tag the
|
1972
|
-
# Firewall: firewalls, firewall policies, and rule groups.
|
2071
|
+
# You can tag the Amazon Web Services resources that you manage through
|
2072
|
+
# Network Firewall: firewalls, firewall policies, and rule groups.
|
1973
2073
|
#
|
1974
2074
|
# @option params [required, String] :resource_arn
|
1975
2075
|
# The Amazon Resource Name (ARN) of the resource.
|
@@ -2003,11 +2103,12 @@ module Aws::NetworkFirewall
|
|
2003
2103
|
# Tags are key:value pairs that you can use to categorize and manage
|
2004
2104
|
# your resources, for purposes like billing. For example, you might set
|
2005
2105
|
# the tag key to "customer" and the value to the customer name or ID.
|
2006
|
-
# You can specify one or more tags to add to each
|
2007
|
-
# tags for a resource.
|
2106
|
+
# You can specify one or more tags to add to each Amazon Web Services
|
2107
|
+
# resource, up to 50 tags for a resource.
|
2008
2108
|
#
|
2009
|
-
# You can manage tags for the
|
2010
|
-
# Network Firewall: firewalls, firewall policies, and
|
2109
|
+
# You can manage tags for the Amazon Web Services resources that you
|
2110
|
+
# manage through Network Firewall: firewalls, firewall policies, and
|
2111
|
+
# rule groups.
|
2011
2112
|
#
|
2012
2113
|
# @option params [required, String] :resource_arn
|
2013
2114
|
# The Amazon Resource Name (ARN) of the resource.
|
@@ -2176,6 +2277,86 @@ module Aws::NetworkFirewall
|
|
2176
2277
|
req.send_request(options)
|
2177
2278
|
end
|
2178
2279
|
|
2280
|
+
# A complex type that contains settings for encryption of your firewall
|
2281
|
+
# resources.
|
2282
|
+
#
|
2283
|
+
# @option params [String] :update_token
|
2284
|
+
# An optional token that you can use for optimistic locking. Network
|
2285
|
+
# Firewall returns a token to your requests that access the firewall.
|
2286
|
+
# The token marks the state of the firewall resource at the time of the
|
2287
|
+
# request.
|
2288
|
+
#
|
2289
|
+
# To make an unconditional change to the firewall, omit the token in
|
2290
|
+
# your update request. Without the token, Network Firewall performs your
|
2291
|
+
# updates regardless of whether the firewall has changed since you last
|
2292
|
+
# retrieved it.
|
2293
|
+
#
|
2294
|
+
# To make a conditional change to the firewall, provide the token in
|
2295
|
+
# your update request. Network Firewall uses the token to ensure that
|
2296
|
+
# the firewall hasn't changed since you last retrieved it. If it has
|
2297
|
+
# changed, the operation fails with an `InvalidTokenException`. If this
|
2298
|
+
# happens, retrieve the firewall again to get a current copy of it with
|
2299
|
+
# a new token. Reapply your changes as needed, then try the operation
|
2300
|
+
# again using the new token.
|
2301
|
+
#
|
2302
|
+
# @option params [String] :firewall_arn
|
2303
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
2304
|
+
#
|
2305
|
+
# @option params [String] :firewall_name
|
2306
|
+
# The descriptive name of the firewall. You can't change the name of a
|
2307
|
+
# firewall after you create it.
|
2308
|
+
#
|
2309
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
2310
|
+
# A complex type that contains optional Amazon Web Services Key
|
2311
|
+
# Management Service (KMS) encryption settings for your Network Firewall
|
2312
|
+
# resources. Your data is encrypted by default with an Amazon Web
|
2313
|
+
# Services owned key that Amazon Web Services owns and manages for you.
|
2314
|
+
# You can use either the Amazon Web Services owned key, or provide your
|
2315
|
+
# own customer managed key. To learn more about KMS encryption of your
|
2316
|
+
# Network Firewall resources, see [Encryption at rest with Amazon Web
|
2317
|
+
# Services Key Managment Service][1] in the *Network Firewall Developer
|
2318
|
+
# Guide*.
|
2319
|
+
#
|
2320
|
+
#
|
2321
|
+
#
|
2322
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
|
2323
|
+
#
|
2324
|
+
# @return [Types::UpdateFirewallEncryptionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2325
|
+
#
|
2326
|
+
# * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_arn #firewall_arn} => String
|
2327
|
+
# * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_name #firewall_name} => String
|
2328
|
+
# * {Types::UpdateFirewallEncryptionConfigurationResponse#update_token #update_token} => String
|
2329
|
+
# * {Types::UpdateFirewallEncryptionConfigurationResponse#encryption_configuration #encryption_configuration} => Types::EncryptionConfiguration
|
2330
|
+
#
|
2331
|
+
# @example Request syntax with placeholder values
|
2332
|
+
#
|
2333
|
+
# resp = client.update_firewall_encryption_configuration({
|
2334
|
+
# update_token: "UpdateToken",
|
2335
|
+
# firewall_arn: "ResourceArn",
|
2336
|
+
# firewall_name: "ResourceName",
|
2337
|
+
# encryption_configuration: {
|
2338
|
+
# key_id: "KeyId",
|
2339
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
2340
|
+
# },
|
2341
|
+
# })
|
2342
|
+
#
|
2343
|
+
# @example Response structure
|
2344
|
+
#
|
2345
|
+
# resp.firewall_arn #=> String
|
2346
|
+
# resp.firewall_name #=> String
|
2347
|
+
# resp.update_token #=> String
|
2348
|
+
# resp.encryption_configuration.key_id #=> String
|
2349
|
+
# resp.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
2350
|
+
#
|
2351
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfiguration AWS API Documentation
|
2352
|
+
#
|
2353
|
+
# @overload update_firewall_encryption_configuration(params = {})
|
2354
|
+
# @param [Hash] params ({})
|
2355
|
+
def update_firewall_encryption_configuration(params = {}, options = {})
|
2356
|
+
req = build_request(:update_firewall_encryption_configuration, params)
|
2357
|
+
req.send_request(options)
|
2358
|
+
end
|
2359
|
+
|
2179
2360
|
# Updates the properties of the specified firewall policy.
|
2180
2361
|
#
|
2181
2362
|
# @option params [required, String] :update_token
|
@@ -2223,6 +2404,10 @@ module Aws::NetworkFirewall
|
|
2223
2404
|
# If set to `FALSE`, Network Firewall makes the requested changes to
|
2224
2405
|
# your resources.
|
2225
2406
|
#
|
2407
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
2408
|
+
# A complex type that contains settings for encryption of your firewall
|
2409
|
+
# policy resources.
|
2410
|
+
#
|
2226
2411
|
# @return [Types::UpdateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2227
2412
|
#
|
2228
2413
|
# * {Types::UpdateFirewallPolicyResponse#update_token #update_token} => String
|
@@ -2273,6 +2458,10 @@ module Aws::NetworkFirewall
|
|
2273
2458
|
# },
|
2274
2459
|
# description: "Description",
|
2275
2460
|
# dry_run: false,
|
2461
|
+
# encryption_configuration: {
|
2462
|
+
# key_id: "KeyId",
|
2463
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
2464
|
+
# },
|
2276
2465
|
# })
|
2277
2466
|
#
|
2278
2467
|
# @example Response structure
|
@@ -2289,6 +2478,9 @@ module Aws::NetworkFirewall
|
|
2289
2478
|
# resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
|
2290
2479
|
# resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
|
2291
2480
|
# resp.firewall_policy_response.number_of_associations #=> Integer
|
2481
|
+
# resp.firewall_policy_response.encryption_configuration.key_id #=> String
|
2482
|
+
# resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
2483
|
+
# resp.firewall_policy_response.last_modified_time #=> Time
|
2292
2484
|
#
|
2293
2485
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicy AWS API Documentation
|
2294
2486
|
#
|
@@ -2539,6 +2731,15 @@ module Aws::NetworkFirewall
|
|
2539
2731
|
# If set to `FALSE`, Network Firewall makes the requested changes to
|
2540
2732
|
# your resources.
|
2541
2733
|
#
|
2734
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
2735
|
+
# A complex type that contains settings for encryption of your rule
|
2736
|
+
# group resources.
|
2737
|
+
#
|
2738
|
+
# @option params [Types::SourceMetadata] :source_metadata
|
2739
|
+
# A complex type that contains metadata about the rule group that your
|
2740
|
+
# own rule group is copied from. You can use the metadata to keep track
|
2741
|
+
# of updates made to the originating rule group.
|
2742
|
+
#
|
2542
2743
|
# @return [Types::UpdateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2543
2744
|
#
|
2544
2745
|
# * {Types::UpdateRuleGroupResponse#update_token #update_token} => String
|
@@ -2563,6 +2764,13 @@ module Aws::NetworkFirewall
|
|
2563
2764
|
# },
|
2564
2765
|
# },
|
2565
2766
|
# },
|
2767
|
+
# reference_sets: {
|
2768
|
+
# ip_set_references: {
|
2769
|
+
# "IPSetReferenceName" => {
|
2770
|
+
# reference_arn: "ResourceArn",
|
2771
|
+
# },
|
2772
|
+
# },
|
2773
|
+
# },
|
2566
2774
|
# rules_source: { # required
|
2567
2775
|
# rules_string: "RulesString",
|
2568
2776
|
# rules_source_list: {
|
@@ -2653,6 +2861,14 @@ module Aws::NetworkFirewall
|
|
2653
2861
|
# type: "STATELESS", # accepts STATELESS, STATEFUL
|
2654
2862
|
# description: "Description",
|
2655
2863
|
# dry_run: false,
|
2864
|
+
# encryption_configuration: {
|
2865
|
+
# key_id: "KeyId",
|
2866
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
2867
|
+
# },
|
2868
|
+
# source_metadata: {
|
2869
|
+
# source_arn: "ResourceArn",
|
2870
|
+
# source_update_token: "UpdateToken",
|
2871
|
+
# },
|
2656
2872
|
# })
|
2657
2873
|
#
|
2658
2874
|
# @example Response structure
|
@@ -2670,6 +2886,12 @@ module Aws::NetworkFirewall
|
|
2670
2886
|
# resp.rule_group_response.tags[0].value #=> String
|
2671
2887
|
# resp.rule_group_response.consumed_capacity #=> Integer
|
2672
2888
|
# resp.rule_group_response.number_of_associations #=> Integer
|
2889
|
+
# resp.rule_group_response.encryption_configuration.key_id #=> String
|
2890
|
+
# resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
2891
|
+
# resp.rule_group_response.source_metadata.source_arn #=> String
|
2892
|
+
# resp.rule_group_response.source_metadata.source_update_token #=> String
|
2893
|
+
# resp.rule_group_response.sns_topic #=> String
|
2894
|
+
# resp.rule_group_response.last_modified_time #=> Time
|
2673
2895
|
#
|
2674
2896
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup AWS API Documentation
|
2675
2897
|
#
|
@@ -2762,7 +2984,7 @@ module Aws::NetworkFirewall
|
|
2762
2984
|
params: params,
|
2763
2985
|
config: config)
|
2764
2986
|
context[:gem_name] = 'aws-sdk-networkfirewall'
|
2765
|
-
context[:gem_version] = '1.
|
2987
|
+
context[:gem_version] = '1.18.0'
|
2766
2988
|
Seahorse::Client::Request.new(handlers, context)
|
2767
2989
|
end
|
2768
2990
|
|