aws-sdk-networkfirewall 1.15.0 → 1.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f14fddc5bbf86d65497b40e64b24109b7cd2edc702478aa0b6e95aa44540adee
-  data.tar.gz: e2b4f4078a7633e9f8060173269e4a260c46ab54f26e96537b77af93d991f9a9
+  metadata.gz: b13f43ce3588c6c4542cafe04c38770518df59d8ac1d51f4544ea0ef03bae8cb
+  data.tar.gz: 2e8adacc2451fe8f264e0b67b870a1bbd700c292a67bb1a9c528b96e4dc66020
 SHA512:
-  metadata.gz: 3ddb94799956134086a8f6af72802400103b4e0d7dd21fe7a7258163c82905d75db7374451861df64ad5bda51d300801e37b9eb9a645fd7a3a14ef6b9ad390f4
-  data.tar.gz: d1c30949e138d5838e46361fef1ec973939235785bfcdedfcd512ffe0b1411ccd708f438a8ac57aa7d6b9bb6a9ce4ed4531c9d84086e8996e6473cfce19db5fc
+  metadata.gz: 9204851dd108b726d1945b131d1c288ddec3987732d9ab6fe12b776b14fe107c607e4bc65dc69406c9edd03f5a319dc0e92728927563a94db9e740caf23809eb
+  data.tar.gz: 57ade2ad3ac3df5424ec6dab830ca3593855995dac31e88c0e6f97b1a5730d61359b2bca58873b7bce112c2a7270c69e0ae6886cc8662c3110711441ad19340a

data/CHANGELOG.md

@@ -1,6 +1,21 @@
 Unreleased Changes
 ------------------
 
+1.18.0 (2022-07-21)
+------------------
+
+* Feature - Network Firewall now supports referencing dynamic IP sets from stateful rule groups, for IP sets stored in Amazon VPC prefix lists.
+
+1.17.0 (2022-04-28)
+------------------
+
+* Feature - AWS Network Firewall adds support for stateful threat signature AWS managed rule groups.
+
+1.16.0 (2022-04-26)
+------------------
+
+* Feature - AWS Network Firewall now enables customers to use a customer managed AWS KMS key for the encryption of their firewall resources.
+
 1.15.0 (2022-02-24)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.15.0
+1.18.0

data/lib/aws-sdk-networkfirewall/client.rb

@@ -437,8 +437,8 @@ module Aws::NetworkFirewall
     # You can specify one subnet for each of the Availability Zones that the
     # VPC spans.
     #
-    # This request creates an AWS Network Firewall firewall endpoint in each
-    # of the subnets. To enable the firewall's protections, you must also
+    # This request creates an Network Firewall firewall endpoint in each of
+    # the subnets. To enable the firewall's protections, you must also
     # modify the VPC's route tables for each subnet's Availability Zone,
     # to redirect the traffic that's coming into and going out of the zone
     # through the firewall endpoint.
@@ -513,14 +513,14 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
 
-    # Creates an AWS Network Firewall Firewall and accompanying
-    # FirewallStatus for a VPC.
+    # Creates an Network Firewall Firewall and accompanying FirewallStatus
+    # for a VPC.
     #
-    # The firewall defines the configuration settings for an AWS Network
+    # The firewall defines the configuration settings for an Network
     # Firewall firewall. The settings that you can define at creation
     # include the firewall policy, the subnets in your VPC to use for the
-    # firewall endpoints, and any tags that are attached to the firewall AWS
-    # resource.
+    # firewall endpoints, and any tags that are attached to the firewall
+    # Amazon Web Services resource.
     #
     # After you create a firewall, you can provide additional settings, like
     # the logging configuration.
@@ -530,8 +530,9 @@ module Aws::NetworkFirewall
     # UpdateLoggingConfiguration, AssociateSubnets, and
     # UpdateFirewallDeleteProtection.
     #
-    # To manage a firewall's tags, use the standard AWS resource tagging
-    # operations, ListTagsForResource, TagResource, and UntagResource.
+    # To manage a firewall's tags, use the standard Amazon Web Services
+    # resource tagging operations, ListTagsForResource, TagResource, and
+    # UntagResource.
     #
     # To retrieve information about firewalls, use ListFirewalls and
     # DescribeFirewall.
@@ -582,6 +583,10 @@ module Aws::NetworkFirewall
     # @option params [Array<Types::Tag>] :tags
     #   The key:value pairs to associate with the resource.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your firewall
+    #   resources.
+    #
     # @return [Types::CreateFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateFirewallResponse#firewall #firewall} => Types::Firewall
@@ -608,6 +613,10 @@ module Aws::NetworkFirewall
     #         value: "TagValue", # required
     #       },
     #     ],
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -626,15 +635,21 @@ module Aws::NetworkFirewall
     #   resp.firewall.tags #=> Array
     #   resp.firewall.tags[0].key #=> String
     #   resp.firewall.tags[0].value #=> String
+    #   resp.firewall.encryption_configuration.key_id #=> String
+    #   resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #   resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
-    #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
+    #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
     #   resp.firewall_status.sync_states #=> Hash
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
     #   resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
-    #   resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC"
+    #   resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
     #   resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].update_token #=> String
+    #   resp.firewall_status.capacity_usage_summary.cid_rs.available_cidr_count #=> Integer
+    #   resp.firewall_status.capacity_usage_summary.cid_rs.utilized_cidr_count #=> Integer
+    #   resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references #=> Hash
+    #   resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references["IPSetArn"].resolved_cidr_count #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewall AWS API Documentation
     #
@@ -648,7 +663,7 @@ module Aws::NetworkFirewall
     # Creates the firewall policy for the firewall according to the
     # specifications.
     #
-    # An AWS Network Firewall firewall policy defines the behavior of a
+    # An Network Firewall firewall policy defines the behavior of a
     # firewall, in a collection of stateless and stateful rule groups and
     # other settings. You can use one firewall policy for multiple
     # firewalls.
@@ -681,6 +696,10 @@ module Aws::NetworkFirewall
     #   If set to `FALSE`, Network Firewall makes the requested changes to
     #   your resources.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your firewall
+    #   policy resources.
+    #
     # @return [Types::CreateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateFirewallPolicyResponse#update_token #update_token} => String
@@ -735,6 +754,10 @@ module Aws::NetworkFirewall
     #       },
     #     ],
     #     dry_run: false,
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -751,6 +774,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
     #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
     #   resp.firewall_policy_response.number_of_associations #=> Integer
+    #   resp.firewall_policy_response.encryption_configuration.key_id #=> String
+    #   resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.firewall_policy_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicy AWS API Documentation
     #
@@ -869,6 +895,15 @@ module Aws::NetworkFirewall
     #   If set to `FALSE`, Network Firewall makes the requested changes to
     #   your resources.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your rule
+    #   group resources.
+    #
+    # @option params [Types::SourceMetadata] :source_metadata
+    #   A complex type that contains metadata about the rule group that your
+    #   own rule group is copied from. You can use the metadata to keep track
+    #   of updates made to the originating rule group.
+    #
     # @return [Types::CreateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateRuleGroupResponse#update_token #update_token} => String
@@ -891,6 +926,13 @@ module Aws::NetworkFirewall
     #           },
     #         },
     #       },
+    #       reference_sets: {
+    #         ip_set_references: {
+    #           "IPSetReferenceName" => {
+    #             reference_arn: "ResourceArn",
+    #           },
+    #         },
+    #       },
     #       rules_source: { # required
     #         rules_string: "RulesString",
     #         rules_source_list: {
@@ -988,6 +1030,14 @@ module Aws::NetworkFirewall
     #       },
     #     ],
     #     dry_run: false,
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
+    #     source_metadata: {
+    #       source_arn: "ResourceArn",
+    #       source_update_token: "UpdateToken",
+    #     },
     #   })
     #
     # @example Response structure
@@ -1005,6 +1055,12 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags[0].value #=> String
     #   resp.rule_group_response.consumed_capacity #=> Integer
     #   resp.rule_group_response.number_of_associations #=> Integer
+    #   resp.rule_group_response.encryption_configuration.key_id #=> String
+    #   resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.rule_group_response.source_metadata.source_arn #=> String
+    #   resp.rule_group_response.source_metadata.source_update_token #=> String
+    #   resp.rule_group_response.sns_topic #=> String
+    #   resp.rule_group_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup AWS API Documentation
     #
@@ -1070,15 +1126,21 @@ module Aws::NetworkFirewall
     #   resp.firewall.tags #=> Array
     #   resp.firewall.tags[0].key #=> String
     #   resp.firewall.tags[0].value #=> String
+    #   resp.firewall.encryption_configuration.key_id #=> String
+    #   resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #   resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
-    #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
+    #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
     #   resp.firewall_status.sync_states #=> Hash
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
     #   resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
-    #   resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC"
+    #   resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
     #   resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].update_token #=> String
+    #   resp.firewall_status.capacity_usage_summary.cid_rs.available_cidr_count #=> Integer
+    #   resp.firewall_status.capacity_usage_summary.cid_rs.utilized_cidr_count #=> Integer
+    #   resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references #=> Hash
+    #   resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references["IPSetArn"].resolved_cidr_count #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewall AWS API Documentation
     #
@@ -1126,6 +1188,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
     #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
     #   resp.firewall_policy_response.number_of_associations #=> Integer
+    #   resp.firewall_policy_response.encryption_configuration.key_id #=> String
+    #   resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.firewall_policy_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallPolicy AWS API Documentation
     #
@@ -1209,6 +1274,12 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags[0].value #=> String
     #   resp.rule_group_response.consumed_capacity #=> Integer
     #   resp.rule_group_response.number_of_associations #=> Integer
+    #   resp.rule_group_response.encryption_configuration.key_id #=> String
+    #   resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.rule_group_response.source_metadata.source_arn #=> String
+    #   resp.rule_group_response.source_metadata.source_update_token #=> String
+    #   resp.rule_group_response.sns_topic #=> String
+    #   resp.rule_group_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup AWS API Documentation
     #
@@ -1262,15 +1333,21 @@ module Aws::NetworkFirewall
     #   resp.firewall.tags #=> Array
     #   resp.firewall.tags[0].key #=> String
     #   resp.firewall.tags[0].value #=> String
+    #   resp.firewall.encryption_configuration.key_id #=> String
+    #   resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #   resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
-    #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
+    #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
     #   resp.firewall_status.sync_states #=> Hash
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
     #   resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
-    #   resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC"
+    #   resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
     #   resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].update_token #=> String
+    #   resp.firewall_status.capacity_usage_summary.cid_rs.available_cidr_count #=> Integer
+    #   resp.firewall_status.capacity_usage_summary.cid_rs.utilized_cidr_count #=> Integer
+    #   resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references #=> Hash
+    #   resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references["IPSetArn"].resolved_cidr_count #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewall AWS API Documentation
     #
@@ -1321,6 +1398,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
     #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
     #   resp.firewall_policy_response.number_of_associations #=> Integer
+    #   resp.firewall_policy_response.encryption_configuration.key_id #=> String
+    #   resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.firewall_policy_response.last_modified_time #=> Time
     #   resp.firewall_policy.stateless_rule_group_references #=> Array
     #   resp.firewall_policy.stateless_rule_group_references[0].resource_arn #=> String
     #   resp.firewall_policy.stateless_rule_group_references[0].priority #=> Integer
@@ -1468,6 +1548,8 @@ module Aws::NetworkFirewall
     #   resp.rule_group.rule_variables.port_sets #=> Hash
     #   resp.rule_group.rule_variables.port_sets["RuleVariableName"].definition #=> Array
     #   resp.rule_group.rule_variables.port_sets["RuleVariableName"].definition[0] #=> String
+    #   resp.rule_group.reference_sets.ip_set_references #=> Hash
+    #   resp.rule_group.reference_sets.ip_set_references["IPSetReferenceName"].reference_arn #=> String
     #   resp.rule_group.rules_source.rules_string #=> String
     #   resp.rule_group.rules_source.rules_source_list.targets #=> Array
     #   resp.rule_group.rules_source.rules_source_list.targets[0] #=> String
@@ -1524,6 +1606,12 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags[0].value #=> String
     #   resp.rule_group_response.consumed_capacity #=> Integer
     #   resp.rule_group_response.number_of_associations #=> Integer
+    #   resp.rule_group_response.encryption_configuration.key_id #=> String
+    #   resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.rule_group_response.source_metadata.source_arn #=> String
+    #   resp.rule_group_response.source_metadata.source_update_token #=> String
+    #   resp.rule_group_response.sns_topic #=> String
+    #   resp.rule_group_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup AWS API Documentation
     #
@@ -1569,6 +1657,7 @@ module Aws::NetworkFirewall
     #   * {Types::DescribeRuleGroupMetadataResponse#type #type} => String
     #   * {Types::DescribeRuleGroupMetadataResponse#capacity #capacity} => Integer
     #   * {Types::DescribeRuleGroupMetadataResponse#stateful_rule_options #stateful_rule_options} => Types::StatefulRuleOptions
+    #   * {Types::DescribeRuleGroupMetadataResponse#last_modified_time #last_modified_time} => Time
     #
     # @example Request syntax with placeholder values
     #
@@ -1586,6 +1675,7 @@ module Aws::NetworkFirewall
     #   resp.type #=> String, one of "STATELESS", "STATEFUL"
     #   resp.capacity #=> Integer
     #   resp.stateful_rule_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
+    #   resp.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadata AWS API Documentation
     #
@@ -1791,6 +1881,15 @@ module Aws::NetworkFirewall
     #   setting of `NULL` returns all of the rule groups in your account. A
     #   setting of `MANAGED` returns all available managed rule groups.
     #
+    # @option params [String] :managed_type
+    #   Indicates the general category of the Amazon Web Services managed rule
+    #   group.
+    #
+    # @option params [String] :type
+    #   Indicates whether the rule group is stateless or stateful. If the rule
+    #   group is stateless, it contains stateless rules. If it is stateful, it
+    #   contains stateful rules.
+    #
     # @return [Types::ListRuleGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListRuleGroupsResponse#next_token #next_token} => String
@@ -1804,6 +1903,8 @@ module Aws::NetworkFirewall
     #     next_token: "PaginationToken",
     #     max_results: 1,
     #     scope: "MANAGED", # accepts MANAGED, ACCOUNT
+    #     managed_type: "AWS_MANAGED_THREAT_SIGNATURES", # accepts AWS_MANAGED_THREAT_SIGNATURES, AWS_MANAGED_DOMAIN_LISTS
+    #     type: "STATELESS", # accepts STATELESS, STATEFUL
     #   })
     #
     # @example Response structure
@@ -1826,11 +1927,11 @@ module Aws::NetworkFirewall
     # key:value pairs that you can use to categorize and manage your
     # resources, for purposes like billing. For example, you might set the
     # tag key to "customer" and the value to the customer name or ID. You
-    # can specify one or more tags to add to each AWS resource, up to 50
-    # tags for a resource.
+    # can specify one or more tags to add to each Amazon Web Services
+    # resource, up to 50 tags for a resource.
     #
-    # You can tag the AWS resources that you manage through AWS Network
-    # Firewall: firewalls, firewall policies, and rule groups.
+    # You can tag the Amazon Web Services resources that you manage through
+    # Network Firewall: firewalls, firewall policies, and rule groups.
     #
     # @option params [String] :next_token
     #   When you request a list of objects with a `MaxResults` setting, if the
@@ -1879,11 +1980,11 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
 
-    # Creates or updates an AWS Identity and Access Management policy for
-    # your rule group or firewall policy. Use this to share rule groups and
-    # firewall policies between accounts. This operation works in
-    # conjunction with the AWS Resource Access Manager (RAM) service to
-    # manage resource sharing for Network Firewall.
+    # Creates or updates an IAM policy for your rule group or firewall
+    # policy. Use this to share rule groups and firewall policies between
+    # accounts. This operation works in conjunction with the Amazon Web
+    # Services Resource Access Manager (RAM) service to manage resource
+    # sharing for Network Firewall.
     #
     # Use this operation to create or update a resource policy for your rule
     # group or firewall policy. In the policy, you specify the accounts that
@@ -1900,8 +2001,8 @@ module Aws::NetworkFirewall
     # * [AcceptResourceShareInvitation][2] - Accepts the share invitation
     #   for a specified resource share.
     #
-    # For additional information about resource sharing using RAM, see [AWS
-    # Resource Access Manager User Guide][3].
+    # For additional information about resource sharing using RAM, see
+    # [Resource Access Manager User Guide][3].
     #
     #
     #
@@ -1914,10 +2015,9 @@ module Aws::NetworkFirewall
     #   rule groups and firewall policies with.
     #
     # @option params [required, String] :policy
-    #   The AWS Identity and Access Management policy statement that lists the
-    #   accounts that you want to share your rule group or firewall policy
-    #   with and the operations that you want the accounts to be able to
-    #   perform.
+    #   The IAM policy statement that lists the accounts that you want to
+    #   share your rule group or firewall policy with and the operations that
+    #   you want the accounts to be able to perform.
     #
     #   For a rule group resource, you can specify the following operations in
     #   the Actions section of the statement:
@@ -1965,11 +2065,11 @@ module Aws::NetworkFirewall
     # pairs that you can use to categorize and manage your resources, for
     # purposes like billing. For example, you might set the tag key to
     # "customer" and the value to the customer name or ID. You can specify
-    # one or more tags to add to each AWS resource, up to 50 tags for a
-    # resource.
+    # one or more tags to add to each Amazon Web Services resource, up to 50
+    # tags for a resource.
     #
-    # You can tag the AWS resources that you manage through AWS Network
-    # Firewall: firewalls, firewall policies, and rule groups.
+    # You can tag the Amazon Web Services resources that you manage through
+    # Network Firewall: firewalls, firewall policies, and rule groups.
     #
     # @option params [required, String] :resource_arn
     #   The Amazon Resource Name (ARN) of the resource.
@@ -2003,11 +2103,12 @@ module Aws::NetworkFirewall
     # Tags are key:value pairs that you can use to categorize and manage
     # your resources, for purposes like billing. For example, you might set
     # the tag key to "customer" and the value to the customer name or ID.
-    # You can specify one or more tags to add to each AWS resource, up to 50
-    # tags for a resource.
+    # You can specify one or more tags to add to each Amazon Web Services
+    # resource, up to 50 tags for a resource.
     #
-    # You can manage tags for the AWS resources that you manage through AWS
-    # Network Firewall: firewalls, firewall policies, and rule groups.
+    # You can manage tags for the Amazon Web Services resources that you
+    # manage through Network Firewall: firewalls, firewall policies, and
+    # rule groups.
     #
     # @option params [required, String] :resource_arn
     #   The Amazon Resource Name (ARN) of the resource.
@@ -2176,6 +2277,86 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
 
+    # A complex type that contains settings for encryption of your firewall
+    # resources.
+    #
+    # @option params [String] :update_token
+    #   An optional token that you can use for optimistic locking. Network
+    #   Firewall returns a token to your requests that access the firewall.
+    #   The token marks the state of the firewall resource at the time of the
+    #   request.
+    #
+    #   To make an unconditional change to the firewall, omit the token in
+    #   your update request. Without the token, Network Firewall performs your
+    #   updates regardless of whether the firewall has changed since you last
+    #   retrieved it.
+    #
+    #   To make a conditional change to the firewall, provide the token in
+    #   your update request. Network Firewall uses the token to ensure that
+    #   the firewall hasn't changed since you last retrieved it. If it has
+    #   changed, the operation fails with an `InvalidTokenException`. If this
+    #   happens, retrieve the firewall again to get a current copy of it with
+    #   a new token. Reapply your changes as needed, then try the operation
+    #   again using the new token.
+    #
+    # @option params [String] :firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    # @option params [String] :firewall_name
+    #   The descriptive name of the firewall. You can't change the name of a
+    #   firewall after you create it.
+    #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains optional Amazon Web Services Key
+    #   Management Service (KMS) encryption settings for your Network Firewall
+    #   resources. Your data is encrypted by default with an Amazon Web
+    #   Services owned key that Amazon Web Services owns and manages for you.
+    #   You can use either the Amazon Web Services owned key, or provide your
+    #   own customer managed key. To learn more about KMS encryption of your
+    #   Network Firewall resources, see [Encryption at rest with Amazon Web
+    #   Services Key Managment Service][1] in the *Network Firewall Developer
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
+    #
+    # @return [Types::UpdateFirewallEncryptionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_arn #firewall_arn} => String
+    #   * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_name #firewall_name} => String
+    #   * {Types::UpdateFirewallEncryptionConfigurationResponse#update_token #update_token} => String
+    #   * {Types::UpdateFirewallEncryptionConfigurationResponse#encryption_configuration #encryption_configuration} => Types::EncryptionConfiguration
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_firewall_encryption_configuration({
+    #     update_token: "UpdateToken",
+    #     firewall_arn: "ResourceArn",
+    #     firewall_name: "ResourceName",
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_arn #=> String
+    #   resp.firewall_name #=> String
+    #   resp.update_token #=> String
+    #   resp.encryption_configuration.key_id #=> String
+    #   resp.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfiguration AWS API Documentation
+    #
+    # @overload update_firewall_encryption_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_firewall_encryption_configuration(params = {}, options = {})
+      req = build_request(:update_firewall_encryption_configuration, params)
+      req.send_request(options)
+    end
+
     # Updates the properties of the specified firewall policy.
     #
     # @option params [required, String] :update_token
@@ -2223,6 +2404,10 @@ module Aws::NetworkFirewall
     #   If set to `FALSE`, Network Firewall makes the requested changes to
     #   your resources.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your firewall
+    #   policy resources.
+    #
     # @return [Types::UpdateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateFirewallPolicyResponse#update_token #update_token} => String
@@ -2273,6 +2458,10 @@ module Aws::NetworkFirewall
     #     },
     #     description: "Description",
     #     dry_run: false,
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -2289,6 +2478,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
     #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
     #   resp.firewall_policy_response.number_of_associations #=> Integer
+    #   resp.firewall_policy_response.encryption_configuration.key_id #=> String
+    #   resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.firewall_policy_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicy AWS API Documentation
     #
@@ -2539,6 +2731,15 @@ module Aws::NetworkFirewall
     #   If set to `FALSE`, Network Firewall makes the requested changes to
     #   your resources.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your rule
+    #   group resources.
+    #
+    # @option params [Types::SourceMetadata] :source_metadata
+    #   A complex type that contains metadata about the rule group that your
+    #   own rule group is copied from. You can use the metadata to keep track
+    #   of updates made to the originating rule group.
+    #
     # @return [Types::UpdateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateRuleGroupResponse#update_token #update_token} => String
@@ -2563,6 +2764,13 @@ module Aws::NetworkFirewall
     #           },
     #         },
     #       },
+    #       reference_sets: {
+    #         ip_set_references: {
+    #           "IPSetReferenceName" => {
+    #             reference_arn: "ResourceArn",
+    #           },
+    #         },
+    #       },
     #       rules_source: { # required
     #         rules_string: "RulesString",
     #         rules_source_list: {
@@ -2653,6 +2861,14 @@ module Aws::NetworkFirewall
     #     type: "STATELESS", # accepts STATELESS, STATEFUL
     #     description: "Description",
     #     dry_run: false,
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
+    #     source_metadata: {
+    #       source_arn: "ResourceArn",
+    #       source_update_token: "UpdateToken",
+    #     },
     #   })
     #
     # @example Response structure
@@ -2670,6 +2886,12 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags[0].value #=> String
     #   resp.rule_group_response.consumed_capacity #=> Integer
     #   resp.rule_group_response.number_of_associations #=> Integer
+    #   resp.rule_group_response.encryption_configuration.key_id #=> String
+    #   resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.rule_group_response.source_metadata.source_arn #=> String
+    #   resp.rule_group_response.source_metadata.source_update_token #=> String
+    #   resp.rule_group_response.sns_topic #=> String
+    #   resp.rule_group_response.last_modified_time #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup AWS API Documentation
     #
@@ -2762,7 +2984,7 @@ module Aws::NetworkFirewall
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-networkfirewall'
-      context[:gem_version] = '1.15.0'
+      context[:gem_version] = '1.18.0'
       Seahorse::Client::Request.new(handlers, context)
     end