aws-sdk-networkfirewall 1.15.0 → 1.18.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-networkfirewall/client.rb +262 -40
- data/lib/aws-sdk-networkfirewall/client_api.rb +94 -0
- data/lib/aws-sdk-networkfirewall/types.rb +571 -55
- data/lib/aws-sdk-networkfirewall.rb +1 -1
- metadata +2 -2
@@ -294,8 +294,8 @@ module Aws::NetworkFirewall
|
|
294
294
|
end
|
295
295
|
|
296
296
|
# The configuration and status for a single subnet that you've
|
297
|
-
# specified for use by the
|
298
|
-
#
|
297
|
+
# specified for use by the Network Firewall firewall. This is part of
|
298
|
+
# the FirewallStatus.
|
299
299
|
#
|
300
300
|
# @!attribute [rw] subnet_id
|
301
301
|
# The unique identifier of the subnet that you've specified to be
|
@@ -329,6 +329,50 @@ module Aws::NetworkFirewall
|
|
329
329
|
include Aws::Structure
|
330
330
|
end
|
331
331
|
|
332
|
+
# Summarizes the CIDR blocks used by the IP set references in a
|
333
|
+
# firewall. Network Firewall calculates the number of CIDRs by taking an
|
334
|
+
# aggregated count of all CIDRs used by the IP sets you are referencing.
|
335
|
+
#
|
336
|
+
# @!attribute [rw] available_cidr_count
|
337
|
+
# The number of CIDR blocks available for use by the IP set references
|
338
|
+
# in a firewall.
|
339
|
+
# @return [Integer]
|
340
|
+
#
|
341
|
+
# @!attribute [rw] utilized_cidr_count
|
342
|
+
# The number of CIDR blocks used by the IP set references in a
|
343
|
+
# firewall.
|
344
|
+
# @return [Integer]
|
345
|
+
#
|
346
|
+
# @!attribute [rw] ip_set_references
|
347
|
+
# The list of the IP set references used by a firewall.
|
348
|
+
# @return [Hash<String,Types::IPSetMetadata>]
|
349
|
+
#
|
350
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CIDRSummary AWS API Documentation
|
351
|
+
#
|
352
|
+
class CIDRSummary < Struct.new(
|
353
|
+
:available_cidr_count,
|
354
|
+
:utilized_cidr_count,
|
355
|
+
:ip_set_references)
|
356
|
+
SENSITIVE = []
|
357
|
+
include Aws::Structure
|
358
|
+
end
|
359
|
+
|
360
|
+
# The capacity usage summary of the resources used by the ReferenceSets
|
361
|
+
# in a firewall.
|
362
|
+
#
|
363
|
+
# @!attribute [rw] cid_rs
|
364
|
+
# Describes the capacity usage of the CIDR blocks used by the IP set
|
365
|
+
# references in a firewall.
|
366
|
+
# @return [Types::CIDRSummary]
|
367
|
+
#
|
368
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CapacityUsageSummary AWS API Documentation
|
369
|
+
#
|
370
|
+
class CapacityUsageSummary < Struct.new(
|
371
|
+
:cid_rs)
|
372
|
+
SENSITIVE = []
|
373
|
+
include Aws::Structure
|
374
|
+
end
|
375
|
+
|
332
376
|
# @note When making an API call, you may pass CreateFirewallPolicyRequest
|
333
377
|
# data as a hash:
|
334
378
|
#
|
@@ -379,6 +423,10 @@ module Aws::NetworkFirewall
|
|
379
423
|
# },
|
380
424
|
# ],
|
381
425
|
# dry_run: false,
|
426
|
+
# encryption_configuration: {
|
427
|
+
# key_id: "KeyId",
|
428
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
429
|
+
# },
|
382
430
|
# }
|
383
431
|
#
|
384
432
|
# @!attribute [rw] firewall_policy_name
|
@@ -414,6 +462,11 @@ module Aws::NetworkFirewall
|
|
414
462
|
# your resources.
|
415
463
|
# @return [Boolean]
|
416
464
|
#
|
465
|
+
# @!attribute [rw] encryption_configuration
|
466
|
+
# A complex type that contains settings for encryption of your
|
467
|
+
# firewall policy resources.
|
468
|
+
# @return [Types::EncryptionConfiguration]
|
469
|
+
#
|
417
470
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicyRequest AWS API Documentation
|
418
471
|
#
|
419
472
|
class CreateFirewallPolicyRequest < Struct.new(
|
@@ -421,7 +474,8 @@ module Aws::NetworkFirewall
|
|
421
474
|
:firewall_policy,
|
422
475
|
:description,
|
423
476
|
:tags,
|
424
|
-
:dry_run
|
477
|
+
:dry_run,
|
478
|
+
:encryption_configuration)
|
425
479
|
SENSITIVE = []
|
426
480
|
include Aws::Structure
|
427
481
|
end
|
@@ -477,6 +531,10 @@ module Aws::NetworkFirewall
|
|
477
531
|
# value: "TagValue", # required
|
478
532
|
# },
|
479
533
|
# ],
|
534
|
+
# encryption_configuration: {
|
535
|
+
# key_id: "KeyId",
|
536
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
537
|
+
# },
|
480
538
|
# }
|
481
539
|
#
|
482
540
|
# @!attribute [rw] firewall_name
|
@@ -534,6 +592,11 @@ module Aws::NetworkFirewall
|
|
534
592
|
# The key:value pairs to associate with the resource.
|
535
593
|
# @return [Array<Types::Tag>]
|
536
594
|
#
|
595
|
+
# @!attribute [rw] encryption_configuration
|
596
|
+
# A complex type that contains settings for encryption of your
|
597
|
+
# firewall resources.
|
598
|
+
# @return [Types::EncryptionConfiguration]
|
599
|
+
#
|
537
600
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallRequest AWS API Documentation
|
538
601
|
#
|
539
602
|
class CreateFirewallRequest < Struct.new(
|
@@ -545,7 +608,8 @@ module Aws::NetworkFirewall
|
|
545
608
|
:subnet_change_protection,
|
546
609
|
:firewall_policy_change_protection,
|
547
610
|
:description,
|
548
|
-
:tags
|
611
|
+
:tags,
|
612
|
+
:encryption_configuration)
|
549
613
|
SENSITIVE = []
|
550
614
|
include Aws::Structure
|
551
615
|
end
|
@@ -589,6 +653,13 @@ module Aws::NetworkFirewall
|
|
589
653
|
# },
|
590
654
|
# },
|
591
655
|
# },
|
656
|
+
# reference_sets: {
|
657
|
+
# ip_set_references: {
|
658
|
+
# "IPSetReferenceName" => {
|
659
|
+
# reference_arn: "ResourceArn",
|
660
|
+
# },
|
661
|
+
# },
|
662
|
+
# },
|
592
663
|
# rules_source: { # required
|
593
664
|
# rules_string: "RulesString",
|
594
665
|
# rules_source_list: {
|
@@ -686,6 +757,14 @@ module Aws::NetworkFirewall
|
|
686
757
|
# },
|
687
758
|
# ],
|
688
759
|
# dry_run: false,
|
760
|
+
# encryption_configuration: {
|
761
|
+
# key_id: "KeyId",
|
762
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
763
|
+
# },
|
764
|
+
# source_metadata: {
|
765
|
+
# source_arn: "ResourceArn",
|
766
|
+
# source_update_token: "UpdateToken",
|
767
|
+
# },
|
689
768
|
# }
|
690
769
|
#
|
691
770
|
# @!attribute [rw] rule_group_name
|
@@ -799,6 +878,17 @@ module Aws::NetworkFirewall
|
|
799
878
|
# your resources.
|
800
879
|
# @return [Boolean]
|
801
880
|
#
|
881
|
+
# @!attribute [rw] encryption_configuration
|
882
|
+
# A complex type that contains settings for encryption of your rule
|
883
|
+
# group resources.
|
884
|
+
# @return [Types::EncryptionConfiguration]
|
885
|
+
#
|
886
|
+
# @!attribute [rw] source_metadata
|
887
|
+
# A complex type that contains metadata about the rule group that your
|
888
|
+
# own rule group is copied from. You can use the metadata to keep
|
889
|
+
# track of updates made to the originating rule group.
|
890
|
+
# @return [Types::SourceMetadata]
|
891
|
+
#
|
802
892
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroupRequest AWS API Documentation
|
803
893
|
#
|
804
894
|
class CreateRuleGroupRequest < Struct.new(
|
@@ -809,7 +899,9 @@ module Aws::NetworkFirewall
|
|
809
899
|
:description,
|
810
900
|
:capacity,
|
811
901
|
:tags,
|
812
|
-
:dry_run
|
902
|
+
:dry_run,
|
903
|
+
:encryption_configuration,
|
904
|
+
:source_metadata)
|
813
905
|
SENSITIVE = []
|
814
906
|
include Aws::Structure
|
815
907
|
end
|
@@ -972,10 +1064,10 @@ module Aws::NetworkFirewall
|
|
972
1064
|
end
|
973
1065
|
|
974
1066
|
# @!attribute [rw] firewall
|
975
|
-
# The firewall defines the configuration settings for an
|
1067
|
+
# The firewall defines the configuration settings for an Network
|
976
1068
|
# Firewall firewall. These settings include the firewall policy, the
|
977
1069
|
# subnets in your VPC to use for the firewall endpoints, and any tags
|
978
|
-
# that are attached to the firewall
|
1070
|
+
# that are attached to the firewall Amazon Web Services resource.
|
979
1071
|
#
|
980
1072
|
# The status of the firewall, for example whether it's ready to
|
981
1073
|
# filter network traffic, is provided in the corresponding
|
@@ -1250,7 +1342,7 @@ module Aws::NetworkFirewall
|
|
1250
1342
|
# @return [String]
|
1251
1343
|
#
|
1252
1344
|
# @!attribute [rw] logging_configuration
|
1253
|
-
# Defines how
|
1345
|
+
# Defines how Network Firewall performs logging for a Firewall.
|
1254
1346
|
# @return [Types::LoggingConfiguration]
|
1255
1347
|
#
|
1256
1348
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeLoggingConfigurationResponse AWS API Documentation
|
@@ -1283,7 +1375,7 @@ module Aws::NetworkFirewall
|
|
1283
1375
|
end
|
1284
1376
|
|
1285
1377
|
# @!attribute [rw] policy
|
1286
|
-
# The
|
1378
|
+
# The IAM policy for the resource.
|
1287
1379
|
# @return [String]
|
1288
1380
|
#
|
1289
1381
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeResourcePolicyResponse AWS API Documentation
|
@@ -1384,6 +1476,10 @@ module Aws::NetworkFirewall
|
|
1384
1476
|
# group. You can only use these for stateful rule groups.
|
1385
1477
|
# @return [Types::StatefulRuleOptions]
|
1386
1478
|
#
|
1479
|
+
# @!attribute [rw] last_modified_time
|
1480
|
+
# The last time that the rule group was changed.
|
1481
|
+
# @return [Time]
|
1482
|
+
#
|
1387
1483
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadataResponse AWS API Documentation
|
1388
1484
|
#
|
1389
1485
|
class DescribeRuleGroupMetadataResponse < Struct.new(
|
@@ -1392,7 +1488,8 @@ module Aws::NetworkFirewall
|
|
1392
1488
|
:description,
|
1393
1489
|
:type,
|
1394
1490
|
:capacity,
|
1395
|
-
:stateful_rule_options
|
1491
|
+
:stateful_rule_options,
|
1492
|
+
:last_modified_time)
|
1396
1493
|
SENSITIVE = []
|
1397
1494
|
include Aws::Structure
|
1398
1495
|
end
|
@@ -1459,10 +1556,10 @@ module Aws::NetworkFirewall
|
|
1459
1556
|
# RuleGroupResponse, define the rule group. You can retrieve all
|
1460
1557
|
# objects for a rule group by calling DescribeRuleGroup.
|
1461
1558
|
#
|
1462
|
-
#
|
1463
|
-
#
|
1464
|
-
#
|
1465
|
-
#
|
1559
|
+
# Network Firewall uses a rule group to inspect and control network
|
1560
|
+
# traffic. You define stateless rule groups to inspect individual
|
1561
|
+
# packets and you define stateful rule groups to inspect packets in
|
1562
|
+
# the context of their traffic flow.
|
1466
1563
|
#
|
1467
1564
|
# To use a rule group, you include it by reference in an Network
|
1468
1565
|
# Firewall firewall policy, then you use the policy in a firewall. You
|
@@ -1491,7 +1588,7 @@ module Aws::NetworkFirewall
|
|
1491
1588
|
# metric dimension is a name/value pair that's part of the identity of
|
1492
1589
|
# a metric.
|
1493
1590
|
#
|
1494
|
-
#
|
1591
|
+
# Network Firewall sets the dimension name to `CustomAction` and you
|
1495
1592
|
# provide the dimension value.
|
1496
1593
|
#
|
1497
1594
|
# For more information about CloudWatch custom metric dimensions, see
|
@@ -1625,10 +1722,59 @@ module Aws::NetworkFirewall
|
|
1625
1722
|
include Aws::Structure
|
1626
1723
|
end
|
1627
1724
|
|
1628
|
-
#
|
1725
|
+
# A complex type that contains optional Amazon Web Services Key
|
1726
|
+
# Management Service (KMS) encryption settings for your Network Firewall
|
1727
|
+
# resources. Your data is encrypted by default with an Amazon Web
|
1728
|
+
# Services owned key that Amazon Web Services owns and manages for you.
|
1729
|
+
# You can use either the Amazon Web Services owned key, or provide your
|
1730
|
+
# own customer managed key. To learn more about KMS encryption of your
|
1731
|
+
# Network Firewall resources, see [Encryption at rest with Amazon Web
|
1732
|
+
# Services Key Managment Service][1] in the *Network Firewall Developer
|
1733
|
+
# Guide*.
|
1734
|
+
#
|
1735
|
+
#
|
1736
|
+
#
|
1737
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
|
1738
|
+
#
|
1739
|
+
# @note When making an API call, you may pass EncryptionConfiguration
|
1740
|
+
# data as a hash:
|
1741
|
+
#
|
1742
|
+
# {
|
1743
|
+
# key_id: "KeyId",
|
1744
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
1745
|
+
# }
|
1746
|
+
#
|
1747
|
+
# @!attribute [rw] key_id
|
1748
|
+
# The ID of the Amazon Web Services Key Management Service (KMS)
|
1749
|
+
# customer managed key. You can use any of the key identifiers that
|
1750
|
+
# KMS supports, unless you're using a key that's managed by another
|
1751
|
+
# account. If you're using a key managed by another account, then
|
1752
|
+
# specify the key ARN. For more information, see [Key ID][1] in the
|
1753
|
+
# *Amazon Web Services KMS Developer Guide*.
|
1754
|
+
#
|
1755
|
+
#
|
1756
|
+
#
|
1757
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
|
1758
|
+
# @return [String]
|
1759
|
+
#
|
1760
|
+
# @!attribute [rw] type
|
1761
|
+
# The type of Amazon Web Services KMS key to use for encryption of
|
1762
|
+
# your Network Firewall resources.
|
1763
|
+
# @return [String]
|
1764
|
+
#
|
1765
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/EncryptionConfiguration AWS API Documentation
|
1766
|
+
#
|
1767
|
+
class EncryptionConfiguration < Struct.new(
|
1768
|
+
:key_id,
|
1769
|
+
:type)
|
1770
|
+
SENSITIVE = []
|
1771
|
+
include Aws::Structure
|
1772
|
+
end
|
1773
|
+
|
1774
|
+
# The firewall defines the configuration settings for an Network
|
1629
1775
|
# Firewall firewall. These settings include the firewall policy, the
|
1630
1776
|
# subnets in your VPC to use for the firewall endpoints, and any tags
|
1631
|
-
# that are attached to the firewall
|
1777
|
+
# that are attached to the firewall Amazon Web Services resource.
|
1632
1778
|
#
|
1633
1779
|
# The status of the firewall, for example whether it's ready to filter
|
1634
1780
|
# network traffic, is provided in the corresponding FirewallStatus. You
|
@@ -1695,6 +1841,11 @@ module Aws::NetworkFirewall
|
|
1695
1841
|
# @!attribute [rw] tags
|
1696
1842
|
# @return [Array<Types::Tag>]
|
1697
1843
|
#
|
1844
|
+
# @!attribute [rw] encryption_configuration
|
1845
|
+
# A complex type that contains the Amazon Web Services KMS encryption
|
1846
|
+
# configuration settings for your firewall.
|
1847
|
+
# @return [Types::EncryptionConfiguration]
|
1848
|
+
#
|
1698
1849
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Firewall AWS API Documentation
|
1699
1850
|
#
|
1700
1851
|
class Firewall < Struct.new(
|
@@ -1708,7 +1859,8 @@ module Aws::NetworkFirewall
|
|
1708
1859
|
:firewall_policy_change_protection,
|
1709
1860
|
:description,
|
1710
1861
|
:firewall_id,
|
1711
|
-
:tags
|
1862
|
+
:tags,
|
1863
|
+
:encryption_configuration)
|
1712
1864
|
SENSITIVE = []
|
1713
1865
|
include Aws::Structure
|
1714
1866
|
end
|
@@ -1850,12 +2002,12 @@ module Aws::NetworkFirewall
|
|
1850
2002
|
#
|
1851
2003
|
# * aws:alert\_established
|
1852
2004
|
#
|
1853
|
-
# For more information, see [Strict evaluation order][1] in the
|
1854
|
-
# Network Firewall Developer Guide*.
|
2005
|
+
# For more information, see [Strict evaluation order][1] in the
|
2006
|
+
# *Network Firewall Developer Guide*.
|
1855
2007
|
#
|
1856
2008
|
#
|
1857
2009
|
#
|
1858
|
-
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-strict-rule-evaluation-order.html
|
2010
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-strict-rule-evaluation-order.html
|
1859
2011
|
# @return [Array<String>]
|
1860
2012
|
#
|
1861
2013
|
# @!attribute [rw] stateful_engine_options
|
@@ -1954,6 +2106,15 @@ module Aws::NetworkFirewall
|
|
1954
2106
|
# policy.
|
1955
2107
|
# @return [Integer]
|
1956
2108
|
#
|
2109
|
+
# @!attribute [rw] encryption_configuration
|
2110
|
+
# A complex type that contains the Amazon Web Services KMS encryption
|
2111
|
+
# configuration settings for your firewall policy.
|
2112
|
+
# @return [Types::EncryptionConfiguration]
|
2113
|
+
#
|
2114
|
+
# @!attribute [rw] last_modified_time
|
2115
|
+
# The last time that the firewall policy was changed.
|
2116
|
+
# @return [Time]
|
2117
|
+
#
|
1957
2118
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicyResponse AWS API Documentation
|
1958
2119
|
#
|
1959
2120
|
class FirewallPolicyResponse < Struct.new(
|
@@ -1965,7 +2126,9 @@ module Aws::NetworkFirewall
|
|
1965
2126
|
:tags,
|
1966
2127
|
:consumed_stateless_rule_capacity,
|
1967
2128
|
:consumed_stateful_rule_capacity,
|
1968
|
-
:number_of_associations
|
2129
|
+
:number_of_associations,
|
2130
|
+
:encryption_configuration,
|
2131
|
+
:last_modified_time)
|
1969
2132
|
SENSITIVE = []
|
1970
2133
|
include Aws::Structure
|
1971
2134
|
end
|
@@ -2008,19 +2171,27 @@ module Aws::NetworkFirewall
|
|
2008
2171
|
# and configuration object.
|
2009
2172
|
# @return [Hash<String,Types::SyncState>]
|
2010
2173
|
#
|
2174
|
+
# @!attribute [rw] capacity_usage_summary
|
2175
|
+
# Describes the capacity usage of the resources contained in a
|
2176
|
+
# firewall's reference sets. Network Firewall calclulates the
|
2177
|
+
# capacity usage by taking an aggregated count of all of the resources
|
2178
|
+
# used by all of the reference sets in a firewall.
|
2179
|
+
# @return [Types::CapacityUsageSummary]
|
2180
|
+
#
|
2011
2181
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallStatus AWS API Documentation
|
2012
2182
|
#
|
2013
2183
|
class FirewallStatus < Struct.new(
|
2014
2184
|
:status,
|
2015
2185
|
:configuration_sync_state_summary,
|
2016
|
-
:sync_states
|
2186
|
+
:sync_states,
|
2187
|
+
:capacity_usage_summary)
|
2017
2188
|
SENSITIVE = []
|
2018
2189
|
include Aws::Structure
|
2019
2190
|
end
|
2020
2191
|
|
2021
|
-
# The basic rule criteria for
|
2022
|
-
#
|
2023
|
-
#
|
2192
|
+
# The basic rule criteria for Network Firewall to use to inspect packet
|
2193
|
+
# headers in stateful traffic flow inspection. Traffic flows that match
|
2194
|
+
# the criteria are a match for the corresponding StatefulRule.
|
2024
2195
|
#
|
2025
2196
|
# @note When making an API call, you may pass Header
|
2026
2197
|
# data as a hash:
|
@@ -2036,7 +2207,8 @@ module Aws::NetworkFirewall
|
|
2036
2207
|
#
|
2037
2208
|
# @!attribute [rw] protocol
|
2038
2209
|
# The protocol to inspect for. To specify all, you can use `IP`,
|
2039
|
-
# because all traffic on
|
2210
|
+
# because all traffic on Amazon Web Services and on the internet is
|
2211
|
+
# IP.
|
2040
2212
|
# @return [String]
|
2041
2213
|
#
|
2042
2214
|
# @!attribute [rw] source
|
@@ -2142,8 +2314,65 @@ module Aws::NetworkFirewall
|
|
2142
2314
|
include Aws::Structure
|
2143
2315
|
end
|
2144
2316
|
|
2145
|
-
#
|
2146
|
-
#
|
2317
|
+
# General information about the IP set.
|
2318
|
+
#
|
2319
|
+
# @!attribute [rw] resolved_cidr_count
|
2320
|
+
# Describes the total number of CIDR blocks currently in use by the IP
|
2321
|
+
# set references in a firewall. To determine how many CIDR blocks are
|
2322
|
+
# available for you to use in a firewall, you can call
|
2323
|
+
# `AvailableCIDRCount`.
|
2324
|
+
# @return [Integer]
|
2325
|
+
#
|
2326
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/IPSetMetadata AWS API Documentation
|
2327
|
+
#
|
2328
|
+
class IPSetMetadata < Struct.new(
|
2329
|
+
:resolved_cidr_count)
|
2330
|
+
SENSITIVE = []
|
2331
|
+
include Aws::Structure
|
2332
|
+
end
|
2333
|
+
|
2334
|
+
# Configures one or more IP set references for a Suricata-compatible
|
2335
|
+
# rule group. This is used in CreateRuleGroup or UpdateRuleGroup. An IP
|
2336
|
+
# set reference is a rule variable that references a resource that you
|
2337
|
+
# create and manage in another Amazon Web Services service, such as an
|
2338
|
+
# Amazon VPC prefix list. Network Firewall IP set references enable you
|
2339
|
+
# to dynamically update the contents of your rules. When you create,
|
2340
|
+
# update, or delete the IP set you are referencing in your rule, Network
|
2341
|
+
# Firewall automatically updates the rule's content with the changes.
|
2342
|
+
# For more information about IP set references in Network Firewall, see
|
2343
|
+
# [Using IP set references][1] in the *Network Firewall Developer
|
2344
|
+
# Guide*.
|
2345
|
+
#
|
2346
|
+
# Network Firewall currently supports only [Amazon VPC prefix lists][2]
|
2347
|
+
# as IP set references.
|
2348
|
+
#
|
2349
|
+
#
|
2350
|
+
#
|
2351
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references
|
2352
|
+
# [2]: https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html
|
2353
|
+
#
|
2354
|
+
# @note When making an API call, you may pass IPSetReference
|
2355
|
+
# data as a hash:
|
2356
|
+
#
|
2357
|
+
# {
|
2358
|
+
# reference_arn: "ResourceArn",
|
2359
|
+
# }
|
2360
|
+
#
|
2361
|
+
# @!attribute [rw] reference_arn
|
2362
|
+
# The Amazon Resource Name (ARN) of the resource that you are
|
2363
|
+
# referencing in your rule group.
|
2364
|
+
# @return [String]
|
2365
|
+
#
|
2366
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/IPSetReference AWS API Documentation
|
2367
|
+
#
|
2368
|
+
class IPSetReference < Struct.new(
|
2369
|
+
:reference_arn)
|
2370
|
+
SENSITIVE = []
|
2371
|
+
include Aws::Structure
|
2372
|
+
end
|
2373
|
+
|
2374
|
+
# Amazon Web Services doesn't currently have enough available capacity
|
2375
|
+
# to fulfill your request. Try your request later.
|
2147
2376
|
#
|
2148
2377
|
# @!attribute [rw] message
|
2149
2378
|
# @return [String]
|
@@ -2371,6 +2600,8 @@ module Aws::NetworkFirewall
|
|
2371
2600
|
# next_token: "PaginationToken",
|
2372
2601
|
# max_results: 1,
|
2373
2602
|
# scope: "MANAGED", # accepts MANAGED, ACCOUNT
|
2603
|
+
# managed_type: "AWS_MANAGED_THREAT_SIGNATURES", # accepts AWS_MANAGED_THREAT_SIGNATURES, AWS_MANAGED_DOMAIN_LISTS
|
2604
|
+
# type: "STATELESS", # accepts STATELESS, STATEFUL
|
2374
2605
|
# }
|
2375
2606
|
#
|
2376
2607
|
# @!attribute [rw] next_token
|
@@ -2394,12 +2625,25 @@ module Aws::NetworkFirewall
|
|
2394
2625
|
# setting of `MANAGED` returns all available managed rule groups.
|
2395
2626
|
# @return [String]
|
2396
2627
|
#
|
2628
|
+
# @!attribute [rw] managed_type
|
2629
|
+
# Indicates the general category of the Amazon Web Services managed
|
2630
|
+
# rule group.
|
2631
|
+
# @return [String]
|
2632
|
+
#
|
2633
|
+
# @!attribute [rw] type
|
2634
|
+
# Indicates whether the rule group is stateless or stateful. If the
|
2635
|
+
# rule group is stateless, it contains stateless rules. If it is
|
2636
|
+
# stateful, it contains stateful rules.
|
2637
|
+
# @return [String]
|
2638
|
+
#
|
2397
2639
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListRuleGroupsRequest AWS API Documentation
|
2398
2640
|
#
|
2399
2641
|
class ListRuleGroupsRequest < Struct.new(
|
2400
2642
|
:next_token,
|
2401
2643
|
:max_results,
|
2402
|
-
:scope
|
2644
|
+
:scope,
|
2645
|
+
:managed_type,
|
2646
|
+
:type)
|
2403
2647
|
SENSITIVE = []
|
2404
2648
|
include Aws::Structure
|
2405
2649
|
end
|
@@ -2486,10 +2730,10 @@ module Aws::NetworkFirewall
|
|
2486
2730
|
include Aws::Structure
|
2487
2731
|
end
|
2488
2732
|
|
2489
|
-
# Defines where
|
2490
|
-
#
|
2491
|
-
#
|
2492
|
-
#
|
2733
|
+
# Defines where Network Firewall sends logs for the firewall for one log
|
2734
|
+
# type. This is used in LoggingConfiguration. You can send each type of
|
2735
|
+
# log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data
|
2736
|
+
# Firehose delivery stream.
|
2493
2737
|
#
|
2494
2738
|
# Network Firewall generates logs for stateful rule groups. You can save
|
2495
2739
|
# alert and flow log types. The stateful rules engine records flow logs
|
@@ -2570,7 +2814,7 @@ module Aws::NetworkFirewall
|
|
2570
2814
|
include Aws::Structure
|
2571
2815
|
end
|
2572
2816
|
|
2573
|
-
# Defines how
|
2817
|
+
# Defines how Network Firewall performs logging for a Firewall.
|
2574
2818
|
#
|
2575
2819
|
# @note When making an API call, you may pass LoggingConfiguration
|
2576
2820
|
# data as a hash:
|
@@ -2813,10 +3057,9 @@ module Aws::NetworkFirewall
|
|
2813
3057
|
# @return [String]
|
2814
3058
|
#
|
2815
3059
|
# @!attribute [rw] policy
|
2816
|
-
# The
|
2817
|
-
#
|
2818
|
-
#
|
2819
|
-
# to perform.
|
3060
|
+
# The IAM policy statement that lists the accounts that you want to
|
3061
|
+
# share your rule group or firewall policy with and the operations
|
3062
|
+
# that you want the accounts to be able to perform.
|
2820
3063
|
#
|
2821
3064
|
# For a rule group resource, you can specify the following operations
|
2822
3065
|
# in the Actions section of the statement:
|
@@ -2856,6 +3099,31 @@ module Aws::NetworkFirewall
|
|
2856
3099
|
#
|
2857
3100
|
class PutResourcePolicyResponse < Aws::EmptyStructure; end
|
2858
3101
|
|
3102
|
+
# Contains a set of IP set references.
|
3103
|
+
#
|
3104
|
+
# @note When making an API call, you may pass ReferenceSets
|
3105
|
+
# data as a hash:
|
3106
|
+
#
|
3107
|
+
# {
|
3108
|
+
# ip_set_references: {
|
3109
|
+
# "IPSetReferenceName" => {
|
3110
|
+
# reference_arn: "ResourceArn",
|
3111
|
+
# },
|
3112
|
+
# },
|
3113
|
+
# }
|
3114
|
+
#
|
3115
|
+
# @!attribute [rw] ip_set_references
|
3116
|
+
# The list of IP set references.
|
3117
|
+
# @return [Hash<String,Types::IPSetReference>]
|
3118
|
+
#
|
3119
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ReferenceSets AWS API Documentation
|
3120
|
+
#
|
3121
|
+
class ReferenceSets < Struct.new(
|
3122
|
+
:ip_set_references)
|
3123
|
+
SENSITIVE = []
|
3124
|
+
include Aws::Structure
|
3125
|
+
end
|
3126
|
+
|
2859
3127
|
# Unable to locate a resource using the parameters that you provided.
|
2860
3128
|
#
|
2861
3129
|
# @!attribute [rw] message
|
@@ -2882,7 +3150,7 @@ module Aws::NetworkFirewall
|
|
2882
3150
|
include Aws::Structure
|
2883
3151
|
end
|
2884
3152
|
|
2885
|
-
# The inspection criteria and action for a single stateless rule.
|
3153
|
+
# The inspection criteria and action for a single stateless rule.
|
2886
3154
|
# Network Firewall inspects each packet for the specified matching
|
2887
3155
|
# criteria. When a packet matches the criteria, Network Firewall
|
2888
3156
|
# performs the rule's actions on the packet.
|
@@ -2983,7 +3251,7 @@ module Aws::NetworkFirewall
|
|
2983
3251
|
# RuleGroupResponse, define the rule group. You can retrieve all objects
|
2984
3252
|
# for a rule group by calling DescribeRuleGroup.
|
2985
3253
|
#
|
2986
|
-
#
|
3254
|
+
# Network Firewall uses a rule group to inspect and control network
|
2987
3255
|
# traffic. You define stateless rule groups to inspect individual
|
2988
3256
|
# packets and you define stateful rule groups to inspect packets in the
|
2989
3257
|
# context of their traffic flow.
|
@@ -3009,6 +3277,13 @@ module Aws::NetworkFirewall
|
|
3009
3277
|
# },
|
3010
3278
|
# },
|
3011
3279
|
# },
|
3280
|
+
# reference_sets: {
|
3281
|
+
# ip_set_references: {
|
3282
|
+
# "IPSetReferenceName" => {
|
3283
|
+
# reference_arn: "ResourceArn",
|
3284
|
+
# },
|
3285
|
+
# },
|
3286
|
+
# },
|
3012
3287
|
# rules_source: { # required
|
3013
3288
|
# rules_string: "RulesString",
|
3014
3289
|
# rules_source_list: {
|
@@ -3101,6 +3376,10 @@ module Aws::NetworkFirewall
|
|
3101
3376
|
# You can only use these for stateful rule groups.
|
3102
3377
|
# @return [Types::RuleVariables]
|
3103
3378
|
#
|
3379
|
+
# @!attribute [rw] reference_sets
|
3380
|
+
# The list of a rule group's reference sets.
|
3381
|
+
# @return [Types::ReferenceSets]
|
3382
|
+
#
|
3104
3383
|
# @!attribute [rw] rules_source
|
3105
3384
|
# The stateful rules or stateless rules for the rule group.
|
3106
3385
|
# @return [Types::RulesSource]
|
@@ -3116,6 +3395,7 @@ module Aws::NetworkFirewall
|
|
3116
3395
|
#
|
3117
3396
|
class RuleGroup < Struct.new(
|
3118
3397
|
:rule_variables,
|
3398
|
+
:reference_sets,
|
3119
3399
|
:rules_source,
|
3120
3400
|
:stateful_rule_options)
|
3121
3401
|
SENSITIVE = []
|
@@ -3206,6 +3486,34 @@ module Aws::NetworkFirewall
|
|
3206
3486
|
# The number of firewall policies that use this rule group.
|
3207
3487
|
# @return [Integer]
|
3208
3488
|
#
|
3489
|
+
# @!attribute [rw] encryption_configuration
|
3490
|
+
# A complex type that contains the Amazon Web Services KMS encryption
|
3491
|
+
# configuration settings for your rule group.
|
3492
|
+
# @return [Types::EncryptionConfiguration]
|
3493
|
+
#
|
3494
|
+
# @!attribute [rw] source_metadata
|
3495
|
+
# A complex type that contains metadata about the rule group that your
|
3496
|
+
# own rule group is copied from. You can use the metadata to track the
|
3497
|
+
# version updates made to the originating rule group.
|
3498
|
+
# @return [Types::SourceMetadata]
|
3499
|
+
#
|
3500
|
+
# @!attribute [rw] sns_topic
|
3501
|
+
# The Amazon resource name (ARN) of the Amazon Simple Notification
|
3502
|
+
# Service SNS topic that's used to record changes to the managed rule
|
3503
|
+
# group. You can subscribe to the SNS topic to receive notifications
|
3504
|
+
# when the managed rule group is modified, such as for new versions
|
3505
|
+
# and for version expiration. For more information, see the [Amazon
|
3506
|
+
# Simple Notification Service Developer Guide.][1].
|
3507
|
+
#
|
3508
|
+
#
|
3509
|
+
#
|
3510
|
+
# [1]: https://docs.aws.amazon.com/sns/latest/dg/welcome.html
|
3511
|
+
# @return [String]
|
3512
|
+
#
|
3513
|
+
# @!attribute [rw] last_modified_time
|
3514
|
+
# The last time that the rule group was changed.
|
3515
|
+
# @return [Time]
|
3516
|
+
#
|
3209
3517
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroupResponse AWS API Documentation
|
3210
3518
|
#
|
3211
3519
|
class RuleGroupResponse < Struct.new(
|
@@ -3218,7 +3526,11 @@ module Aws::NetworkFirewall
|
|
3218
3526
|
:rule_group_status,
|
3219
3527
|
:tags,
|
3220
3528
|
:consumed_capacity,
|
3221
|
-
:number_of_associations
|
3529
|
+
:number_of_associations,
|
3530
|
+
:encryption_configuration,
|
3531
|
+
:source_metadata,
|
3532
|
+
:sns_topic,
|
3533
|
+
:last_modified_time)
|
3222
3534
|
SENSITIVE = []
|
3223
3535
|
include Aws::Structure
|
3224
3536
|
end
|
@@ -3428,7 +3740,7 @@ module Aws::NetworkFirewall
|
|
3428
3740
|
# `HOME_NET` rule variable to include the CIDR range of the deployment
|
3429
3741
|
# VPC plus the other CIDR ranges. For more information, see
|
3430
3742
|
# RuleVariables in this guide and [Stateful domain list rule groups in
|
3431
|
-
#
|
3743
|
+
# Network Firewall][1] in the *Network Firewall Developer Guide*.
|
3432
3744
|
#
|
3433
3745
|
#
|
3434
3746
|
#
|
@@ -3476,6 +3788,47 @@ module Aws::NetworkFirewall
|
|
3476
3788
|
include Aws::Structure
|
3477
3789
|
end
|
3478
3790
|
|
3791
|
+
# High-level information about the managed rule group that your own rule
|
3792
|
+
# group is copied from. You can use the the metadata to track version
|
3793
|
+
# updates made to the originating rule group. You can retrieve all
|
3794
|
+
# objects for a rule group by calling [DescribeRuleGroup][1].
|
3795
|
+
#
|
3796
|
+
#
|
3797
|
+
#
|
3798
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html
|
3799
|
+
#
|
3800
|
+
# @note When making an API call, you may pass SourceMetadata
|
3801
|
+
# data as a hash:
|
3802
|
+
#
|
3803
|
+
# {
|
3804
|
+
# source_arn: "ResourceArn",
|
3805
|
+
# source_update_token: "UpdateToken",
|
3806
|
+
# }
|
3807
|
+
#
|
3808
|
+
# @!attribute [rw] source_arn
|
3809
|
+
# The Amazon Resource Name (ARN) of the rule group that your own rule
|
3810
|
+
# group is copied from.
|
3811
|
+
# @return [String]
|
3812
|
+
#
|
3813
|
+
# @!attribute [rw] source_update_token
|
3814
|
+
# The update token of the Amazon Web Services managed rule group that
|
3815
|
+
# your own rule group is copied from. To determine the update token
|
3816
|
+
# for the managed rule group, call [DescribeRuleGroup][1].
|
3817
|
+
#
|
3818
|
+
#
|
3819
|
+
#
|
3820
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html#networkfirewall-DescribeRuleGroup-response-UpdateToken
|
3821
|
+
# @return [String]
|
3822
|
+
#
|
3823
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/SourceMetadata AWS API Documentation
|
3824
|
+
#
|
3825
|
+
class SourceMetadata < Struct.new(
|
3826
|
+
:source_arn,
|
3827
|
+
:source_update_token)
|
3828
|
+
SENSITIVE = []
|
3829
|
+
include Aws::Structure
|
3830
|
+
end
|
3831
|
+
|
3479
3832
|
# Configuration settings for the handling of the stateful rule groups in
|
3480
3833
|
# a firewall policy.
|
3481
3834
|
#
|
@@ -3492,7 +3845,7 @@ module Aws::NetworkFirewall
|
|
3492
3845
|
# rules are provided to the rule engine as Suricata compatible
|
3493
3846
|
# strings, and Suricata evaluates them based on certain settings. For
|
3494
3847
|
# more information, see [Evaluation order for stateful rules][1] in
|
3495
|
-
# the *
|
3848
|
+
# the *Network Firewall Developer Guide*.
|
3496
3849
|
#
|
3497
3850
|
#
|
3498
3851
|
#
|
@@ -3671,7 +4024,7 @@ module Aws::NetworkFirewall
|
|
3671
4024
|
# rules are provided to the rule engine as Suricata compatible
|
3672
4025
|
# strings, and Suricata evaluates them based on certain settings. For
|
3673
4026
|
# more information, see [Evaluation order for stateful rules][1] in
|
3674
|
-
# the *
|
4027
|
+
# the *Network Firewall Developer Guide*.
|
3675
4028
|
#
|
3676
4029
|
#
|
3677
4030
|
#
|
@@ -3880,7 +4233,7 @@ module Aws::NetworkFirewall
|
|
3880
4233
|
end
|
3881
4234
|
|
3882
4235
|
# The ID for a subnet that you want to associate with the firewall. This
|
3883
|
-
# is used with CreateFirewall and AssociateSubnets.
|
4236
|
+
# is used with CreateFirewall and AssociateSubnets. Network Firewall
|
3884
4237
|
# creates an instance of the associated firewall in each subnet that you
|
3885
4238
|
# specify, to filter traffic in the subnet's Availability Zone.
|
3886
4239
|
#
|
@@ -3906,7 +4259,7 @@ module Aws::NetworkFirewall
|
|
3906
4259
|
# The status of the firewall endpoint and firewall policy configuration
|
3907
4260
|
# for a single VPC subnet.
|
3908
4261
|
#
|
3909
|
-
# For each VPC subnet that you associate with a firewall,
|
4262
|
+
# For each VPC subnet that you associate with a firewall, Network
|
3910
4263
|
# Firewall does the following:
|
3911
4264
|
#
|
3912
4265
|
# * Instantiates a firewall endpoint in the subnet, ready to take
|
@@ -3987,12 +4340,12 @@ module Aws::NetworkFirewall
|
|
3987
4340
|
include Aws::Structure
|
3988
4341
|
end
|
3989
4342
|
|
3990
|
-
# A key:value pair associated with an
|
3991
|
-
# can be anything you define. Typically, the tag key
|
3992
|
-
# category (such as "environment") and the tag value
|
3993
|
-
# specific value within that category (such as "test,"
|
4343
|
+
# A key:value pair associated with an Amazon Web Services resource. The
|
4344
|
+
# key:value pair can be anything you define. Typically, the tag key
|
4345
|
+
# represents a category (such as "environment") and the tag value
|
4346
|
+
# represents a specific value within that category (such as "test,"
|
3994
4347
|
# "development," or "production"). You can add up to 50 tags to each
|
3995
|
-
#
|
4348
|
+
# Amazon Web Services resource.
|
3996
4349
|
#
|
3997
4350
|
# @note When making an API call, you may pass Tag
|
3998
4351
|
# data as a hash:
|
@@ -4323,6 +4676,131 @@ module Aws::NetworkFirewall
|
|
4323
4676
|
include Aws::Structure
|
4324
4677
|
end
|
4325
4678
|
|
4679
|
+
# @note When making an API call, you may pass UpdateFirewallEncryptionConfigurationRequest
|
4680
|
+
# data as a hash:
|
4681
|
+
#
|
4682
|
+
# {
|
4683
|
+
# update_token: "UpdateToken",
|
4684
|
+
# firewall_arn: "ResourceArn",
|
4685
|
+
# firewall_name: "ResourceName",
|
4686
|
+
# encryption_configuration: {
|
4687
|
+
# key_id: "KeyId",
|
4688
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
4689
|
+
# },
|
4690
|
+
# }
|
4691
|
+
#
|
4692
|
+
# @!attribute [rw] update_token
|
4693
|
+
# An optional token that you can use for optimistic locking. Network
|
4694
|
+
# Firewall returns a token to your requests that access the firewall.
|
4695
|
+
# The token marks the state of the firewall resource at the time of
|
4696
|
+
# the request.
|
4697
|
+
#
|
4698
|
+
# To make an unconditional change to the firewall, omit the token in
|
4699
|
+
# your update request. Without the token, Network Firewall performs
|
4700
|
+
# your updates regardless of whether the firewall has changed since
|
4701
|
+
# you last retrieved it.
|
4702
|
+
#
|
4703
|
+
# To make a conditional change to the firewall, provide the token in
|
4704
|
+
# your update request. Network Firewall uses the token to ensure that
|
4705
|
+
# the firewall hasn't changed since you last retrieved it. If it has
|
4706
|
+
# changed, the operation fails with an `InvalidTokenException`. If
|
4707
|
+
# this happens, retrieve the firewall again to get a current copy of
|
4708
|
+
# it with a new token. Reapply your changes as needed, then try the
|
4709
|
+
# operation again using the new token.
|
4710
|
+
# @return [String]
|
4711
|
+
#
|
4712
|
+
# @!attribute [rw] firewall_arn
|
4713
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
4714
|
+
# @return [String]
|
4715
|
+
#
|
4716
|
+
# @!attribute [rw] firewall_name
|
4717
|
+
# The descriptive name of the firewall. You can't change the name of
|
4718
|
+
# a firewall after you create it.
|
4719
|
+
# @return [String]
|
4720
|
+
#
|
4721
|
+
# @!attribute [rw] encryption_configuration
|
4722
|
+
# A complex type that contains optional Amazon Web Services Key
|
4723
|
+
# Management Service (KMS) encryption settings for your Network
|
4724
|
+
# Firewall resources. Your data is encrypted by default with an Amazon
|
4725
|
+
# Web Services owned key that Amazon Web Services owns and manages for
|
4726
|
+
# you. You can use either the Amazon Web Services owned key, or
|
4727
|
+
# provide your own customer managed key. To learn more about KMS
|
4728
|
+
# encryption of your Network Firewall resources, see [Encryption at
|
4729
|
+
# rest with Amazon Web Services Key Managment Service][1] in the
|
4730
|
+
# *Network Firewall Developer Guide*.
|
4731
|
+
#
|
4732
|
+
#
|
4733
|
+
#
|
4734
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
|
4735
|
+
# @return [Types::EncryptionConfiguration]
|
4736
|
+
#
|
4737
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfigurationRequest AWS API Documentation
|
4738
|
+
#
|
4739
|
+
class UpdateFirewallEncryptionConfigurationRequest < Struct.new(
|
4740
|
+
:update_token,
|
4741
|
+
:firewall_arn,
|
4742
|
+
:firewall_name,
|
4743
|
+
:encryption_configuration)
|
4744
|
+
SENSITIVE = []
|
4745
|
+
include Aws::Structure
|
4746
|
+
end
|
4747
|
+
|
4748
|
+
# @!attribute [rw] firewall_arn
|
4749
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
4750
|
+
# @return [String]
|
4751
|
+
#
|
4752
|
+
# @!attribute [rw] firewall_name
|
4753
|
+
# The descriptive name of the firewall. You can't change the name of
|
4754
|
+
# a firewall after you create it.
|
4755
|
+
# @return [String]
|
4756
|
+
#
|
4757
|
+
# @!attribute [rw] update_token
|
4758
|
+
# An optional token that you can use for optimistic locking. Network
|
4759
|
+
# Firewall returns a token to your requests that access the firewall.
|
4760
|
+
# The token marks the state of the firewall resource at the time of
|
4761
|
+
# the request.
|
4762
|
+
#
|
4763
|
+
# To make an unconditional change to the firewall, omit the token in
|
4764
|
+
# your update request. Without the token, Network Firewall performs
|
4765
|
+
# your updates regardless of whether the firewall has changed since
|
4766
|
+
# you last retrieved it.
|
4767
|
+
#
|
4768
|
+
# To make a conditional change to the firewall, provide the token in
|
4769
|
+
# your update request. Network Firewall uses the token to ensure that
|
4770
|
+
# the firewall hasn't changed since you last retrieved it. If it has
|
4771
|
+
# changed, the operation fails with an `InvalidTokenException`. If
|
4772
|
+
# this happens, retrieve the firewall again to get a current copy of
|
4773
|
+
# it with a new token. Reapply your changes as needed, then try the
|
4774
|
+
# operation again using the new token.
|
4775
|
+
# @return [String]
|
4776
|
+
#
|
4777
|
+
# @!attribute [rw] encryption_configuration
|
4778
|
+
# A complex type that contains optional Amazon Web Services Key
|
4779
|
+
# Management Service (KMS) encryption settings for your Network
|
4780
|
+
# Firewall resources. Your data is encrypted by default with an Amazon
|
4781
|
+
# Web Services owned key that Amazon Web Services owns and manages for
|
4782
|
+
# you. You can use either the Amazon Web Services owned key, or
|
4783
|
+
# provide your own customer managed key. To learn more about KMS
|
4784
|
+
# encryption of your Network Firewall resources, see [Encryption at
|
4785
|
+
# rest with Amazon Web Services Key Managment Service][1] in the
|
4786
|
+
# *Network Firewall Developer Guide*.
|
4787
|
+
#
|
4788
|
+
#
|
4789
|
+
#
|
4790
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
|
4791
|
+
# @return [Types::EncryptionConfiguration]
|
4792
|
+
#
|
4793
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfigurationResponse AWS API Documentation
|
4794
|
+
#
|
4795
|
+
class UpdateFirewallEncryptionConfigurationResponse < Struct.new(
|
4796
|
+
:firewall_arn,
|
4797
|
+
:firewall_name,
|
4798
|
+
:update_token,
|
4799
|
+
:encryption_configuration)
|
4800
|
+
SENSITIVE = []
|
4801
|
+
include Aws::Structure
|
4802
|
+
end
|
4803
|
+
|
4326
4804
|
# @note When making an API call, you may pass UpdateFirewallPolicyChangeProtectionRequest
|
4327
4805
|
# data as a hash:
|
4328
4806
|
#
|
@@ -4479,6 +4957,10 @@ module Aws::NetworkFirewall
|
|
4479
4957
|
# },
|
4480
4958
|
# description: "Description",
|
4481
4959
|
# dry_run: false,
|
4960
|
+
# encryption_configuration: {
|
4961
|
+
# key_id: "KeyId",
|
4962
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
4963
|
+
# },
|
4482
4964
|
# }
|
4483
4965
|
#
|
4484
4966
|
# @!attribute [rw] update_token
|
@@ -4532,6 +5014,11 @@ module Aws::NetworkFirewall
|
|
4532
5014
|
# your resources.
|
4533
5015
|
# @return [Boolean]
|
4534
5016
|
#
|
5017
|
+
# @!attribute [rw] encryption_configuration
|
5018
|
+
# A complex type that contains settings for encryption of your
|
5019
|
+
# firewall policy resources.
|
5020
|
+
# @return [Types::EncryptionConfiguration]
|
5021
|
+
#
|
4535
5022
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicyRequest AWS API Documentation
|
4536
5023
|
#
|
4537
5024
|
class UpdateFirewallPolicyRequest < Struct.new(
|
@@ -4540,7 +5027,8 @@ module Aws::NetworkFirewall
|
|
4540
5027
|
:firewall_policy_name,
|
4541
5028
|
:firewall_policy,
|
4542
5029
|
:description,
|
4543
|
-
:dry_run
|
5030
|
+
:dry_run,
|
5031
|
+
:encryption_configuration)
|
4544
5032
|
SENSITIVE = []
|
4545
5033
|
include Aws::Structure
|
4546
5034
|
end
|
@@ -4632,7 +5120,7 @@ module Aws::NetworkFirewall
|
|
4632
5120
|
# @return [String]
|
4633
5121
|
#
|
4634
5122
|
# @!attribute [rw] logging_configuration
|
4635
|
-
# Defines how
|
5123
|
+
# Defines how Network Firewall performs logging for a Firewall.
|
4636
5124
|
# @return [Types::LoggingConfiguration]
|
4637
5125
|
#
|
4638
5126
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateLoggingConfigurationResponse AWS API Documentation
|
@@ -4665,6 +5153,13 @@ module Aws::NetworkFirewall
|
|
4665
5153
|
# },
|
4666
5154
|
# },
|
4667
5155
|
# },
|
5156
|
+
# reference_sets: {
|
5157
|
+
# ip_set_references: {
|
5158
|
+
# "IPSetReferenceName" => {
|
5159
|
+
# reference_arn: "ResourceArn",
|
5160
|
+
# },
|
5161
|
+
# },
|
5162
|
+
# },
|
4668
5163
|
# rules_source: { # required
|
4669
5164
|
# rules_string: "RulesString",
|
4670
5165
|
# rules_source_list: {
|
@@ -4755,6 +5250,14 @@ module Aws::NetworkFirewall
|
|
4755
5250
|
# type: "STATELESS", # accepts STATELESS, STATEFUL
|
4756
5251
|
# description: "Description",
|
4757
5252
|
# dry_run: false,
|
5253
|
+
# encryption_configuration: {
|
5254
|
+
# key_id: "KeyId",
|
5255
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
5256
|
+
# },
|
5257
|
+
# source_metadata: {
|
5258
|
+
# source_arn: "ResourceArn",
|
5259
|
+
# source_update_token: "UpdateToken",
|
5260
|
+
# },
|
4758
5261
|
# }
|
4759
5262
|
#
|
4760
5263
|
# @!attribute [rw] update_token
|
@@ -4840,6 +5343,17 @@ module Aws::NetworkFirewall
|
|
4840
5343
|
# your resources.
|
4841
5344
|
# @return [Boolean]
|
4842
5345
|
#
|
5346
|
+
# @!attribute [rw] encryption_configuration
|
5347
|
+
# A complex type that contains settings for encryption of your rule
|
5348
|
+
# group resources.
|
5349
|
+
# @return [Types::EncryptionConfiguration]
|
5350
|
+
#
|
5351
|
+
# @!attribute [rw] source_metadata
|
5352
|
+
# A complex type that contains metadata about the rule group that your
|
5353
|
+
# own rule group is copied from. You can use the metadata to keep
|
5354
|
+
# track of updates made to the originating rule group.
|
5355
|
+
# @return [Types::SourceMetadata]
|
5356
|
+
#
|
4843
5357
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroupRequest AWS API Documentation
|
4844
5358
|
#
|
4845
5359
|
class UpdateRuleGroupRequest < Struct.new(
|
@@ -4850,7 +5364,9 @@ module Aws::NetworkFirewall
|
|
4850
5364
|
:rules,
|
4851
5365
|
:type,
|
4852
5366
|
:description,
|
4853
|
-
:dry_run
|
5367
|
+
:dry_run,
|
5368
|
+
:encryption_configuration,
|
5369
|
+
:source_metadata)
|
4854
5370
|
SENSITIVE = []
|
4855
5371
|
include Aws::Structure
|
4856
5372
|
end
|