aws-sdk-networkfirewall 1.17.0 → 1.18.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 60568c36adf25b6241c56a258da43d9508a482b29824db13da6fc88ea6c19954
4
- data.tar.gz: a558af3d1058a75f0cadb7059cff44998938105e925af9cc7406e16736cd5666
3
+ metadata.gz: b13f43ce3588c6c4542cafe04c38770518df59d8ac1d51f4544ea0ef03bae8cb
4
+ data.tar.gz: 2e8adacc2451fe8f264e0b67b870a1bbd700c292a67bb1a9c528b96e4dc66020
5
5
  SHA512:
6
- metadata.gz: d6fb0da54ec27b4367ce6b01bae549d0345b4b308e6d62fa6eb604eabc3d8150894445a456abcf2463cfb614ea7c609eaedf96e1fe379d72d96e06cd7a2b9c17
7
- data.tar.gz: 213ce4bcb8657bad5bc2e6b4c44197f13f10deafc02a9eb8ff5f6b4a25203b71ca0c748c79686f159b60cf8df70d7619321ba97c3f9b6a872e23977eaf804f02
6
+ metadata.gz: 9204851dd108b726d1945b131d1c288ddec3987732d9ab6fe12b776b14fe107c607e4bc65dc69406c9edd03f5a319dc0e92728927563a94db9e740caf23809eb
7
+ data.tar.gz: 57ade2ad3ac3df5424ec6dab830ca3593855995dac31e88c0e6f97b1a5730d61359b2bca58873b7bce112c2a7270c69e0ae6886cc8662c3110711441ad19340a
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.18.0 (2022-07-21)
5
+ ------------------
6
+
7
+ * Feature - Network Firewall now supports referencing dynamic IP sets from stateful rule groups, for IP sets stored in Amazon VPC prefix lists.
8
+
4
9
  1.17.0 (2022-04-28)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.17.0
1
+ 1.18.0
@@ -638,14 +638,18 @@ module Aws::NetworkFirewall
638
638
  # resp.firewall.encryption_configuration.key_id #=> String
639
639
  # resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
640
640
  # resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
641
- # resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
641
+ # resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
642
642
  # resp.firewall_status.sync_states #=> Hash
643
643
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
644
644
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
645
645
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
646
646
  # resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
647
- # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC"
647
+ # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
648
648
  # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].update_token #=> String
649
+ # resp.firewall_status.capacity_usage_summary.cid_rs.available_cidr_count #=> Integer
650
+ # resp.firewall_status.capacity_usage_summary.cid_rs.utilized_cidr_count #=> Integer
651
+ # resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references #=> Hash
652
+ # resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references["IPSetArn"].resolved_cidr_count #=> Integer
649
653
  #
650
654
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewall AWS API Documentation
651
655
  #
@@ -922,6 +926,13 @@ module Aws::NetworkFirewall
922
926
  # },
923
927
  # },
924
928
  # },
929
+ # reference_sets: {
930
+ # ip_set_references: {
931
+ # "IPSetReferenceName" => {
932
+ # reference_arn: "ResourceArn",
933
+ # },
934
+ # },
935
+ # },
925
936
  # rules_source: { # required
926
937
  # rules_string: "RulesString",
927
938
  # rules_source_list: {
@@ -1118,14 +1129,18 @@ module Aws::NetworkFirewall
1118
1129
  # resp.firewall.encryption_configuration.key_id #=> String
1119
1130
  # resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
1120
1131
  # resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
1121
- # resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
1132
+ # resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
1122
1133
  # resp.firewall_status.sync_states #=> Hash
1123
1134
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
1124
1135
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
1125
1136
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
1126
1137
  # resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
1127
- # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC"
1138
+ # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
1128
1139
  # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].update_token #=> String
1140
+ # resp.firewall_status.capacity_usage_summary.cid_rs.available_cidr_count #=> Integer
1141
+ # resp.firewall_status.capacity_usage_summary.cid_rs.utilized_cidr_count #=> Integer
1142
+ # resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references #=> Hash
1143
+ # resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references["IPSetArn"].resolved_cidr_count #=> Integer
1129
1144
  #
1130
1145
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewall AWS API Documentation
1131
1146
  #
@@ -1321,14 +1336,18 @@ module Aws::NetworkFirewall
1321
1336
  # resp.firewall.encryption_configuration.key_id #=> String
1322
1337
  # resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
1323
1338
  # resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
1324
- # resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
1339
+ # resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
1325
1340
  # resp.firewall_status.sync_states #=> Hash
1326
1341
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
1327
1342
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
1328
1343
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
1329
1344
  # resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
1330
- # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC"
1345
+ # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
1331
1346
  # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].update_token #=> String
1347
+ # resp.firewall_status.capacity_usage_summary.cid_rs.available_cidr_count #=> Integer
1348
+ # resp.firewall_status.capacity_usage_summary.cid_rs.utilized_cidr_count #=> Integer
1349
+ # resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references #=> Hash
1350
+ # resp.firewall_status.capacity_usage_summary.cid_rs.ip_set_references["IPSetArn"].resolved_cidr_count #=> Integer
1332
1351
  #
1333
1352
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewall AWS API Documentation
1334
1353
  #
@@ -1529,6 +1548,8 @@ module Aws::NetworkFirewall
1529
1548
  # resp.rule_group.rule_variables.port_sets #=> Hash
1530
1549
  # resp.rule_group.rule_variables.port_sets["RuleVariableName"].definition #=> Array
1531
1550
  # resp.rule_group.rule_variables.port_sets["RuleVariableName"].definition[0] #=> String
1551
+ # resp.rule_group.reference_sets.ip_set_references #=> Hash
1552
+ # resp.rule_group.reference_sets.ip_set_references["IPSetReferenceName"].reference_arn #=> String
1532
1553
  # resp.rule_group.rules_source.rules_string #=> String
1533
1554
  # resp.rule_group.rules_source.rules_source_list.targets #=> Array
1534
1555
  # resp.rule_group.rules_source.rules_source_list.targets[0] #=> String
@@ -2743,6 +2764,13 @@ module Aws::NetworkFirewall
2743
2764
  # },
2744
2765
  # },
2745
2766
  # },
2767
+ # reference_sets: {
2768
+ # ip_set_references: {
2769
+ # "IPSetReferenceName" => {
2770
+ # reference_arn: "ResourceArn",
2771
+ # },
2772
+ # },
2773
+ # },
2746
2774
  # rules_source: { # required
2747
2775
  # rules_string: "RulesString",
2748
2776
  # rules_source_list: {
@@ -2956,7 +2984,7 @@ module Aws::NetworkFirewall
2956
2984
  params: params,
2957
2985
  config: config)
2958
2986
  context[:gem_name] = 'aws-sdk-networkfirewall'
2959
- context[:gem_version] = '1.17.0'
2987
+ context[:gem_version] = '1.18.0'
2960
2988
  Seahorse::Client::Request.new(handlers, context)
2961
2989
  end
2962
2990
 
@@ -28,6 +28,9 @@ module Aws::NetworkFirewall
28
28
  AzSubnet = Shapes::StringShape.new(name: 'AzSubnet')
29
29
  AzSubnets = Shapes::ListShape.new(name: 'AzSubnets')
30
30
  Boolean = Shapes::BooleanShape.new(name: 'Boolean')
31
+ CIDRCount = Shapes::IntegerShape.new(name: 'CIDRCount')
32
+ CIDRSummary = Shapes::StructureShape.new(name: 'CIDRSummary')
33
+ CapacityUsageSummary = Shapes::StructureShape.new(name: 'CapacityUsageSummary')
31
34
  CollectionMember_String = Shapes::StringShape.new(name: 'CollectionMember_String')
32
35
  ConfigurationSyncState = Shapes::StringShape.new(name: 'ConfigurationSyncState')
33
36
  CreateFirewallPolicyRequest = Shapes::StructureShape.new(name: 'CreateFirewallPolicyRequest')
@@ -84,6 +87,12 @@ module Aws::NetworkFirewall
84
87
  HashMapValue = Shapes::StringShape.new(name: 'HashMapValue')
85
88
  Header = Shapes::StructureShape.new(name: 'Header')
86
89
  IPSet = Shapes::StructureShape.new(name: 'IPSet')
90
+ IPSetArn = Shapes::StringShape.new(name: 'IPSetArn')
91
+ IPSetMetadata = Shapes::StructureShape.new(name: 'IPSetMetadata')
92
+ IPSetMetadataMap = Shapes::MapShape.new(name: 'IPSetMetadataMap')
93
+ IPSetReference = Shapes::StructureShape.new(name: 'IPSetReference')
94
+ IPSetReferenceMap = Shapes::MapShape.new(name: 'IPSetReferenceMap')
95
+ IPSetReferenceName = Shapes::StringShape.new(name: 'IPSetReferenceName')
87
96
  IPSets = Shapes::MapShape.new(name: 'IPSets')
88
97
  InsufficientCapacityException = Shapes::StructureShape.new(name: 'InsufficientCapacityException')
89
98
  InternalServerError = Shapes::StructureShape.new(name: 'InternalServerError')
@@ -130,6 +139,7 @@ module Aws::NetworkFirewall
130
139
  PublishMetricAction = Shapes::StructureShape.new(name: 'PublishMetricAction')
131
140
  PutResourcePolicyRequest = Shapes::StructureShape.new(name: 'PutResourcePolicyRequest')
132
141
  PutResourcePolicyResponse = Shapes::StructureShape.new(name: 'PutResourcePolicyResponse')
142
+ ReferenceSets = Shapes::StructureShape.new(name: 'ReferenceSets')
133
143
  ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
134
144
  ResourceId = Shapes::StringShape.new(name: 'ResourceId')
135
145
  ResourceManagedStatus = Shapes::StringShape.new(name: 'ResourceManagedStatus')
@@ -258,6 +268,14 @@ module Aws::NetworkFirewall
258
268
 
259
269
  AzSubnets.member = Shapes::ShapeRef.new(shape: AzSubnet)
260
270
 
271
+ CIDRSummary.add_member(:available_cidr_count, Shapes::ShapeRef.new(shape: CIDRCount, location_name: "AvailableCIDRCount"))
272
+ CIDRSummary.add_member(:utilized_cidr_count, Shapes::ShapeRef.new(shape: CIDRCount, location_name: "UtilizedCIDRCount"))
273
+ CIDRSummary.add_member(:ip_set_references, Shapes::ShapeRef.new(shape: IPSetMetadataMap, location_name: "IPSetReferences"))
274
+ CIDRSummary.struct_class = Types::CIDRSummary
275
+
276
+ CapacityUsageSummary.add_member(:cid_rs, Shapes::ShapeRef.new(shape: CIDRSummary, location_name: "CIDRs"))
277
+ CapacityUsageSummary.struct_class = Types::CapacityUsageSummary
278
+
261
279
  CreateFirewallPolicyRequest.add_member(:firewall_policy_name, Shapes::ShapeRef.new(shape: ResourceName, required: true, location_name: "FirewallPolicyName"))
262
280
  CreateFirewallPolicyRequest.add_member(:firewall_policy, Shapes::ShapeRef.new(shape: FirewallPolicy, required: true, location_name: "FirewallPolicy"))
263
281
  CreateFirewallPolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
@@ -462,6 +480,7 @@ module Aws::NetworkFirewall
462
480
  FirewallStatus.add_member(:status, Shapes::ShapeRef.new(shape: FirewallStatusValue, required: true, location_name: "Status"))
463
481
  FirewallStatus.add_member(:configuration_sync_state_summary, Shapes::ShapeRef.new(shape: ConfigurationSyncState, required: true, location_name: "ConfigurationSyncStateSummary"))
464
482
  FirewallStatus.add_member(:sync_states, Shapes::ShapeRef.new(shape: SyncStates, location_name: "SyncStates"))
483
+ FirewallStatus.add_member(:capacity_usage_summary, Shapes::ShapeRef.new(shape: CapacityUsageSummary, location_name: "CapacityUsageSummary"))
465
484
  FirewallStatus.struct_class = Types::FirewallStatus
466
485
 
467
486
  Firewalls.member = Shapes::ShapeRef.new(shape: FirewallMetadata)
@@ -479,6 +498,18 @@ module Aws::NetworkFirewall
479
498
  IPSet.add_member(:definition, Shapes::ShapeRef.new(shape: VariableDefinitionList, required: true, location_name: "Definition"))
480
499
  IPSet.struct_class = Types::IPSet
481
500
 
501
+ IPSetMetadata.add_member(:resolved_cidr_count, Shapes::ShapeRef.new(shape: CIDRCount, location_name: "ResolvedCIDRCount"))
502
+ IPSetMetadata.struct_class = Types::IPSetMetadata
503
+
504
+ IPSetMetadataMap.key = Shapes::ShapeRef.new(shape: IPSetArn)
505
+ IPSetMetadataMap.value = Shapes::ShapeRef.new(shape: IPSetMetadata)
506
+
507
+ IPSetReference.add_member(:reference_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "ReferenceArn"))
508
+ IPSetReference.struct_class = Types::IPSetReference
509
+
510
+ IPSetReferenceMap.key = Shapes::ShapeRef.new(shape: IPSetReferenceName)
511
+ IPSetReferenceMap.value = Shapes::ShapeRef.new(shape: IPSetReference)
512
+
482
513
  IPSets.key = Shapes::ShapeRef.new(shape: RuleVariableName)
483
514
  IPSets.value = Shapes::ShapeRef.new(shape: IPSet)
484
515
 
@@ -591,6 +622,9 @@ module Aws::NetworkFirewall
591
622
 
592
623
  PutResourcePolicyResponse.struct_class = Types::PutResourcePolicyResponse
593
624
 
625
+ ReferenceSets.add_member(:ip_set_references, Shapes::ShapeRef.new(shape: IPSetReferenceMap, location_name: "IPSetReferences"))
626
+ ReferenceSets.struct_class = Types::ReferenceSets
627
+
594
628
  ResourceNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
595
629
  ResourceNotFoundException.struct_class = Types::ResourceNotFoundException
596
630
 
@@ -602,6 +636,7 @@ module Aws::NetworkFirewall
602
636
  RuleDefinition.struct_class = Types::RuleDefinition
603
637
 
604
638
  RuleGroup.add_member(:rule_variables, Shapes::ShapeRef.new(shape: RuleVariables, location_name: "RuleVariables"))
639
+ RuleGroup.add_member(:reference_sets, Shapes::ShapeRef.new(shape: ReferenceSets, location_name: "ReferenceSets"))
605
640
  RuleGroup.add_member(:rules_source, Shapes::ShapeRef.new(shape: RulesSource, required: true, location_name: "RulesSource"))
606
641
  RuleGroup.add_member(:stateful_rule_options, Shapes::ShapeRef.new(shape: StatefulRuleOptions, location_name: "StatefulRuleOptions"))
607
642
  RuleGroup.struct_class = Types::RuleGroup
@@ -329,6 +329,50 @@ module Aws::NetworkFirewall
329
329
  include Aws::Structure
330
330
  end
331
331
 
332
+ # Summarizes the CIDR blocks used by the IP set references in a
333
+ # firewall. Network Firewall calculates the number of CIDRs by taking an
334
+ # aggregated count of all CIDRs used by the IP sets you are referencing.
335
+ #
336
+ # @!attribute [rw] available_cidr_count
337
+ # The number of CIDR blocks available for use by the IP set references
338
+ # in a firewall.
339
+ # @return [Integer]
340
+ #
341
+ # @!attribute [rw] utilized_cidr_count
342
+ # The number of CIDR blocks used by the IP set references in a
343
+ # firewall.
344
+ # @return [Integer]
345
+ #
346
+ # @!attribute [rw] ip_set_references
347
+ # The list of the IP set references used by a firewall.
348
+ # @return [Hash<String,Types::IPSetMetadata>]
349
+ #
350
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CIDRSummary AWS API Documentation
351
+ #
352
+ class CIDRSummary < Struct.new(
353
+ :available_cidr_count,
354
+ :utilized_cidr_count,
355
+ :ip_set_references)
356
+ SENSITIVE = []
357
+ include Aws::Structure
358
+ end
359
+
360
+ # The capacity usage summary of the resources used by the ReferenceSets
361
+ # in a firewall.
362
+ #
363
+ # @!attribute [rw] cid_rs
364
+ # Describes the capacity usage of the CIDR blocks used by the IP set
365
+ # references in a firewall.
366
+ # @return [Types::CIDRSummary]
367
+ #
368
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CapacityUsageSummary AWS API Documentation
369
+ #
370
+ class CapacityUsageSummary < Struct.new(
371
+ :cid_rs)
372
+ SENSITIVE = []
373
+ include Aws::Structure
374
+ end
375
+
332
376
  # @note When making an API call, you may pass CreateFirewallPolicyRequest
333
377
  # data as a hash:
334
378
  #
@@ -609,6 +653,13 @@ module Aws::NetworkFirewall
609
653
  # },
610
654
  # },
611
655
  # },
656
+ # reference_sets: {
657
+ # ip_set_references: {
658
+ # "IPSetReferenceName" => {
659
+ # reference_arn: "ResourceArn",
660
+ # },
661
+ # },
662
+ # },
612
663
  # rules_source: { # required
613
664
  # rules_string: "RulesString",
614
665
  # rules_source_list: {
@@ -2120,12 +2171,20 @@ module Aws::NetworkFirewall
2120
2171
  # and configuration object.
2121
2172
  # @return [Hash<String,Types::SyncState>]
2122
2173
  #
2174
+ # @!attribute [rw] capacity_usage_summary
2175
+ # Describes the capacity usage of the resources contained in a
2176
+ # firewall's reference sets. Network Firewall calclulates the
2177
+ # capacity usage by taking an aggregated count of all of the resources
2178
+ # used by all of the reference sets in a firewall.
2179
+ # @return [Types::CapacityUsageSummary]
2180
+ #
2123
2181
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallStatus AWS API Documentation
2124
2182
  #
2125
2183
  class FirewallStatus < Struct.new(
2126
2184
  :status,
2127
2185
  :configuration_sync_state_summary,
2128
- :sync_states)
2186
+ :sync_states,
2187
+ :capacity_usage_summary)
2129
2188
  SENSITIVE = []
2130
2189
  include Aws::Structure
2131
2190
  end
@@ -2255,6 +2314,63 @@ module Aws::NetworkFirewall
2255
2314
  include Aws::Structure
2256
2315
  end
2257
2316
 
2317
+ # General information about the IP set.
2318
+ #
2319
+ # @!attribute [rw] resolved_cidr_count
2320
+ # Describes the total number of CIDR blocks currently in use by the IP
2321
+ # set references in a firewall. To determine how many CIDR blocks are
2322
+ # available for you to use in a firewall, you can call
2323
+ # `AvailableCIDRCount`.
2324
+ # @return [Integer]
2325
+ #
2326
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/IPSetMetadata AWS API Documentation
2327
+ #
2328
+ class IPSetMetadata < Struct.new(
2329
+ :resolved_cidr_count)
2330
+ SENSITIVE = []
2331
+ include Aws::Structure
2332
+ end
2333
+
2334
+ # Configures one or more IP set references for a Suricata-compatible
2335
+ # rule group. This is used in CreateRuleGroup or UpdateRuleGroup. An IP
2336
+ # set reference is a rule variable that references a resource that you
2337
+ # create and manage in another Amazon Web Services service, such as an
2338
+ # Amazon VPC prefix list. Network Firewall IP set references enable you
2339
+ # to dynamically update the contents of your rules. When you create,
2340
+ # update, or delete the IP set you are referencing in your rule, Network
2341
+ # Firewall automatically updates the rule's content with the changes.
2342
+ # For more information about IP set references in Network Firewall, see
2343
+ # [Using IP set references][1] in the *Network Firewall Developer
2344
+ # Guide*.
2345
+ #
2346
+ # Network Firewall currently supports only [Amazon VPC prefix lists][2]
2347
+ # as IP set references.
2348
+ #
2349
+ #
2350
+ #
2351
+ # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references
2352
+ # [2]: https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html
2353
+ #
2354
+ # @note When making an API call, you may pass IPSetReference
2355
+ # data as a hash:
2356
+ #
2357
+ # {
2358
+ # reference_arn: "ResourceArn",
2359
+ # }
2360
+ #
2361
+ # @!attribute [rw] reference_arn
2362
+ # The Amazon Resource Name (ARN) of the resource that you are
2363
+ # referencing in your rule group.
2364
+ # @return [String]
2365
+ #
2366
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/IPSetReference AWS API Documentation
2367
+ #
2368
+ class IPSetReference < Struct.new(
2369
+ :reference_arn)
2370
+ SENSITIVE = []
2371
+ include Aws::Structure
2372
+ end
2373
+
2258
2374
  # Amazon Web Services doesn't currently have enough available capacity
2259
2375
  # to fulfill your request. Try your request later.
2260
2376
  #
@@ -2983,6 +3099,31 @@ module Aws::NetworkFirewall
2983
3099
  #
2984
3100
  class PutResourcePolicyResponse < Aws::EmptyStructure; end
2985
3101
 
3102
+ # Contains a set of IP set references.
3103
+ #
3104
+ # @note When making an API call, you may pass ReferenceSets
3105
+ # data as a hash:
3106
+ #
3107
+ # {
3108
+ # ip_set_references: {
3109
+ # "IPSetReferenceName" => {
3110
+ # reference_arn: "ResourceArn",
3111
+ # },
3112
+ # },
3113
+ # }
3114
+ #
3115
+ # @!attribute [rw] ip_set_references
3116
+ # The list of IP set references.
3117
+ # @return [Hash<String,Types::IPSetReference>]
3118
+ #
3119
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ReferenceSets AWS API Documentation
3120
+ #
3121
+ class ReferenceSets < Struct.new(
3122
+ :ip_set_references)
3123
+ SENSITIVE = []
3124
+ include Aws::Structure
3125
+ end
3126
+
2986
3127
  # Unable to locate a resource using the parameters that you provided.
2987
3128
  #
2988
3129
  # @!attribute [rw] message
@@ -3136,6 +3277,13 @@ module Aws::NetworkFirewall
3136
3277
  # },
3137
3278
  # },
3138
3279
  # },
3280
+ # reference_sets: {
3281
+ # ip_set_references: {
3282
+ # "IPSetReferenceName" => {
3283
+ # reference_arn: "ResourceArn",
3284
+ # },
3285
+ # },
3286
+ # },
3139
3287
  # rules_source: { # required
3140
3288
  # rules_string: "RulesString",
3141
3289
  # rules_source_list: {
@@ -3228,6 +3376,10 @@ module Aws::NetworkFirewall
3228
3376
  # You can only use these for stateful rule groups.
3229
3377
  # @return [Types::RuleVariables]
3230
3378
  #
3379
+ # @!attribute [rw] reference_sets
3380
+ # The list of a rule group's reference sets.
3381
+ # @return [Types::ReferenceSets]
3382
+ #
3231
3383
  # @!attribute [rw] rules_source
3232
3384
  # The stateful rules or stateless rules for the rule group.
3233
3385
  # @return [Types::RulesSource]
@@ -3243,6 +3395,7 @@ module Aws::NetworkFirewall
3243
3395
  #
3244
3396
  class RuleGroup < Struct.new(
3245
3397
  :rule_variables,
3398
+ :reference_sets,
3246
3399
  :rules_source,
3247
3400
  :stateful_rule_options)
3248
3401
  SENSITIVE = []
@@ -5000,6 +5153,13 @@ module Aws::NetworkFirewall
5000
5153
  # },
5001
5154
  # },
5002
5155
  # },
5156
+ # reference_sets: {
5157
+ # ip_set_references: {
5158
+ # "IPSetReferenceName" => {
5159
+ # reference_arn: "ResourceArn",
5160
+ # },
5161
+ # },
5162
+ # },
5003
5163
  # rules_source: { # required
5004
5164
  # rules_string: "RulesString",
5005
5165
  # rules_source_list: {
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
48
48
  # @!group service
49
49
  module Aws::NetworkFirewall
50
50
 
51
- GEM_VERSION = '1.17.0'
51
+ GEM_VERSION = '1.18.0'
52
52
 
53
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-networkfirewall
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.17.0
4
+ version: 1.18.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-28 00:00:00.000000000 Z
11
+ date: 2022-07-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core