aws-sdk-networkfirewall 1.19.0 → 1.21.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-networkfirewall/client.rb +23 -3
  5. data/lib/aws-sdk-networkfirewall/client_api.rb +2 -0
  6. data/lib/aws-sdk-networkfirewall/endpoint_parameters.rb +69 -0
  7. data/lib/aws-sdk-networkfirewall/endpoint_provider.rb +111 -0
  8. data/lib/aws-sdk-networkfirewall/endpoints.rb +449 -0
  9. data/lib/aws-sdk-networkfirewall/plugins/endpoints.rb +130 -0
  10. data/lib/aws-sdk-networkfirewall/types.rb +17 -1329
  11. data/lib/aws-sdk-networkfirewall.rb +5 -1
  12. metadata +8 -4
data/lib/aws-sdk-networkfirewall/types.rb CHANGED
@@ -13,19 +13,6 @@ module Aws::NetworkFirewall
13
13
  # A custom action to use in stateless rule actions settings. This is
14
14
  # used in CustomAction.
15
15
  #
16
- # @note When making an API call, you may pass ActionDefinition
17
- # data as a hash:
18
- #
19
- # {
20
- # publish_metric_action: {
21
- # dimensions: [ # required
22
- # {
23
- # value: "DimensionValue", # required
24
- # },
25
- # ],
26
- # },
27
- # }
28
- #
29
16
  # @!attribute [rw] publish_metric_action
30
17
  # Stateless inspection criteria that publishes the specified metrics
31
18
  # to Amazon CloudWatch for the matching packet. This setting defines a
@@ -49,13 +36,6 @@ module Aws::NetworkFirewall
49
36
  # A single IP address specification. This is used in the MatchAttributes
50
37
  # source and destination specifications.
51
38
  #
52
- # @note When making an API call, you may pass Address
53
- # data as a hash:
54
- #
55
- # {
56
- # address_definition: "AddressDefinition", # required
57
- # }
58
- #
59
39
  # @!attribute [rw] address_definition
60
40
  # Specify an IP address or a block of IP addresses in Classless
61
41
  # Inter-Domain Routing (CIDR) notation. Network Firewall supports all
@@ -85,16 +65,6 @@ module Aws::NetworkFirewall
85
65
  include Aws::Structure
86
66
  end
87
67
 
88
- # @note When making an API call, you may pass AssociateFirewallPolicyRequest
89
- # data as a hash:
90
- #
91
- # {
92
- # update_token: "UpdateToken",
93
- # firewall_arn: "ResourceArn",
94
- # firewall_name: "ResourceName",
95
- # firewall_policy_arn: "ResourceArn", # required
96
- # }
97
- #
98
68
  # @!attribute [rw] update_token
99
69
  # An optional token that you can use for optimistic locking. Network
100
70
  # Firewall returns a token to your requests that access the firewall.
@@ -187,20 +157,6 @@ module Aws::NetworkFirewall
187
157
  include Aws::Structure
188
158
  end
189
159
 
190
- # @note When making an API call, you may pass AssociateSubnetsRequest
191
- # data as a hash:
192
- #
193
- # {
194
- # update_token: "UpdateToken",
195
- # firewall_arn: "ResourceArn",
196
- # firewall_name: "ResourceName",
197
- # subnet_mappings: [ # required
198
- # {
199
- # subnet_id: "CollectionMember_String", # required
200
- # },
201
- # ],
202
- # }
203
- #
204
160
  # @!attribute [rw] update_token
205
161
  # An optional token that you can use for optimistic locking. Network
206
162
  # Firewall returns a token to your requests that access the firewall.
@@ -316,7 +272,21 @@ module Aws::NetworkFirewall
316
272
  # settings. When this value is `READY`, the endpoint is available and
317
273
  # configured properly to handle network traffic. When the endpoint
318
274
  # isn't available for traffic, this value will reflect its state, for
319
- # example `CREATING`, `DELETING`, or `FAILED`.
275
+ # example `CREATING` or `DELETING`.
276
+ # @return [String]
277
+ #
278
+ # @!attribute [rw] status_message
279
+ # If Network Firewall fails to create or delete the firewall endpoint
280
+ # in the subnet, it populates this with the reason for the failure and
281
+ # how to resolve it. Depending on the error, it can take as many as 15
282
+ # minutes to populate this field. For more information about the
283
+ # errors and solutions available for this field, see [Troubleshooting
284
+ # firewall endpoint failures][1] in the *Network Firewall Developer
285
+ # Guide*.
286
+ #
287
+ #
288
+ #
289
+ # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-troubleshooting-endpoint-failures.html
320
290
  # @return [String]
321
291
  #
322
292
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Attachment AWS API Documentation
@@ -324,7 +294,8 @@ module Aws::NetworkFirewall
324
294
  class Attachment < Struct.new(
325
295
  :subnet_id,
326
296
  :endpoint_id,
327
- :status)
297
+ :status,
298
+ :status_message)
328
299
  SENSITIVE = []
329
300
  include Aws::Structure
330
301
  end
@@ -373,63 +344,6 @@ module Aws::NetworkFirewall
373
344
  include Aws::Structure
374
345
  end
375
346
 
376
- # @note When making an API call, you may pass CreateFirewallPolicyRequest
377
- # data as a hash:
378
- #
379
- # {
380
- # firewall_policy_name: "ResourceName", # required
381
- # firewall_policy: { # required
382
- # stateless_rule_group_references: [
383
- # {
384
- # resource_arn: "ResourceArn", # required
385
- # priority: 1, # required
386
- # },
387
- # ],
388
- # stateless_default_actions: ["CollectionMember_String"], # required
389
- # stateless_fragment_default_actions: ["CollectionMember_String"], # required
390
- # stateless_custom_actions: [
391
- # {
392
- # action_name: "ActionName", # required
393
- # action_definition: { # required
394
- # publish_metric_action: {
395
- # dimensions: [ # required
396
- # {
397
- # value: "DimensionValue", # required
398
- # },
399
- # ],
400
- # },
401
- # },
402
- # },
403
- # ],
404
- # stateful_rule_group_references: [
405
- # {
406
- # resource_arn: "ResourceArn", # required
407
- # priority: 1,
408
- # override: {
409
- # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
410
- # },
411
- # },
412
- # ],
413
- # stateful_default_actions: ["CollectionMember_String"],
414
- # stateful_engine_options: {
415
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
416
- # stream_exception_policy: "DROP", # accepts DROP, CONTINUE
417
- # },
418
- # },
419
- # description: "Description",
420
- # tags: [
421
- # {
422
- # key: "TagKey", # required
423
- # value: "TagValue", # required
424
- # },
425
- # ],
426
- # dry_run: false,
427
- # encryption_configuration: {
428
- # key_id: "KeyId",
429
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
430
- # },
431
- # }
432
- #
433
347
  # @!attribute [rw] firewall_policy_name
434
348
  # The descriptive name of the firewall policy. You can't change the
435
349
  # name of a firewall policy after you create it.
@@ -510,34 +424,6 @@ module Aws::NetworkFirewall
510
424
  include Aws::Structure
511
425
  end
512
426
 
513
- # @note When making an API call, you may pass CreateFirewallRequest
514
- # data as a hash:
515
- #
516
- # {
517
- # firewall_name: "ResourceName", # required
518
- # firewall_policy_arn: "ResourceArn", # required
519
- # vpc_id: "VpcId", # required
520
- # subnet_mappings: [ # required
521
- # {
522
- # subnet_id: "CollectionMember_String", # required
523
- # },
524
- # ],
525
- # delete_protection: false,
526
- # subnet_change_protection: false,
527
- # firewall_policy_change_protection: false,
528
- # description: "Description",
529
- # tags: [
530
- # {
531
- # key: "TagKey", # required
532
- # value: "TagValue", # required
533
- # },
534
- # ],
535
- # encryption_configuration: {
536
- # key_id: "KeyId",
537
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
538
- # },
539
- # }
540
- #
541
427
  # @!attribute [rw] firewall_name
542
428
  # The descriptive name of the firewall. You can't change the name of
543
429
  # a firewall after you create it.
@@ -636,138 +522,6 @@ module Aws::NetworkFirewall
636
522
  include Aws::Structure
637
523
  end
638
524
 
639
- # @note When making an API call, you may pass CreateRuleGroupRequest
640
- # data as a hash:
641
- #
642
- # {
643
- # rule_group_name: "ResourceName", # required
644
- # rule_group: {
645
- # rule_variables: {
646
- # ip_sets: {
647
- # "RuleVariableName" => {
648
- # definition: ["VariableDefinition"], # required
649
- # },
650
- # },
651
- # port_sets: {
652
- # "RuleVariableName" => {
653
- # definition: ["VariableDefinition"],
654
- # },
655
- # },
656
- # },
657
- # reference_sets: {
658
- # ip_set_references: {
659
- # "IPSetReferenceName" => {
660
- # reference_arn: "ResourceArn",
661
- # },
662
- # },
663
- # },
664
- # rules_source: { # required
665
- # rules_string: "RulesString",
666
- # rules_source_list: {
667
- # targets: ["CollectionMember_String"], # required
668
- # target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
669
- # generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
670
- # },
671
- # stateful_rules: [
672
- # {
673
- # action: "PASS", # required, accepts PASS, DROP, ALERT
674
- # header: { # required
675
- # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
676
- # source: "Source", # required
677
- # source_port: "Port", # required
678
- # direction: "FORWARD", # required, accepts FORWARD, ANY
679
- # destination: "Destination", # required
680
- # destination_port: "Port", # required
681
- # },
682
- # rule_options: [ # required
683
- # {
684
- # keyword: "Keyword", # required
685
- # settings: ["Setting"],
686
- # },
687
- # ],
688
- # },
689
- # ],
690
- # stateless_rules_and_custom_actions: {
691
- # stateless_rules: [ # required
692
- # {
693
- # rule_definition: { # required
694
- # match_attributes: { # required
695
- # sources: [
696
- # {
697
- # address_definition: "AddressDefinition", # required
698
- # },
699
- # ],
700
- # destinations: [
701
- # {
702
- # address_definition: "AddressDefinition", # required
703
- # },
704
- # ],
705
- # source_ports: [
706
- # {
707
- # from_port: 1, # required
708
- # to_port: 1, # required
709
- # },
710
- # ],
711
- # destination_ports: [
712
- # {
713
- # from_port: 1, # required
714
- # to_port: 1, # required
715
- # },
716
- # ],
717
- # protocols: [1],
718
- # tcp_flags: [
719
- # {
720
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
721
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
722
- # },
723
- # ],
724
- # },
725
- # actions: ["CollectionMember_String"], # required
726
- # },
727
- # priority: 1, # required
728
- # },
729
- # ],
730
- # custom_actions: [
731
- # {
732
- # action_name: "ActionName", # required
733
- # action_definition: { # required
734
- # publish_metric_action: {
735
- # dimensions: [ # required
736
- # {
737
- # value: "DimensionValue", # required
738
- # },
739
- # ],
740
- # },
741
- # },
742
- # },
743
- # ],
744
- # },
745
- # },
746
- # stateful_rule_options: {
747
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
748
- # },
749
- # },
750
- # rules: "RulesString",
751
- # type: "STATELESS", # required, accepts STATELESS, STATEFUL
752
- # description: "Description",
753
- # capacity: 1, # required
754
- # tags: [
755
- # {
756
- # key: "TagKey", # required
757
- # value: "TagValue", # required
758
- # },
759
- # ],
760
- # dry_run: false,
761
- # encryption_configuration: {
762
- # key_id: "KeyId",
763
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
764
- # },
765
- # source_metadata: {
766
- # source_arn: "ResourceArn",
767
- # source_update_token: "UpdateToken",
768
- # },
769
- # }
770
- #
771
525
  # @!attribute [rw] rule_group_name
772
526
  # The descriptive name of the rule group. You can't change the name
773
527
  # of a rule group after you create it.
@@ -957,22 +711,6 @@ module Aws::NetworkFirewall
957
711
  # actions settings to specify what to do with packets that don't
958
712
  # match any of the policy's stateless rules.
959
713
  #
960
- # @note When making an API call, you may pass CustomAction
961
- # data as a hash:
962
- #
963
- # {
964
- # action_name: "ActionName", # required
965
- # action_definition: { # required
966
- # publish_metric_action: {
967
- # dimensions: [ # required
968
- # {
969
- # value: "DimensionValue", # required
970
- # },
971
- # ],
972
- # },
973
- # },
974
- # }
975
- #
976
714
  # @!attribute [rw] action_name
977
715
  # The descriptive name of the custom action. You can't change the
978
716
  # name of a custom action after you create it.
@@ -991,14 +729,6 @@ module Aws::NetworkFirewall
991
729
  include Aws::Structure
992
730
  end
993
731
 
994
- # @note When making an API call, you may pass DeleteFirewallPolicyRequest
995
- # data as a hash:
996
- #
997
- # {
998
- # firewall_policy_name: "ResourceName",
999
- # firewall_policy_arn: "ResourceArn",
1000
- # }
1001
- #
1002
732
  # @!attribute [rw] firewall_policy_name
1003
733
  # The descriptive name of the firewall policy. You can't change the
1004
734
  # name of a firewall policy after you create it.
@@ -1034,14 +764,6 @@ module Aws::NetworkFirewall
1034
764
  include Aws::Structure
1035
765
  end
1036
766
 
1037
- # @note When making an API call, you may pass DeleteFirewallRequest
1038
- # data as a hash:
1039
- #
1040
- # {
1041
- # firewall_name: "ResourceName",
1042
- # firewall_arn: "ResourceArn",
1043
- # }
1044
- #
1045
767
  # @!attribute [rw] firewall_name
1046
768
  # The descriptive name of the firewall. You can't change the name of
1047
769
  # a firewall after you create it.
@@ -1091,13 +813,6 @@ module Aws::NetworkFirewall
1091
813
  include Aws::Structure
1092
814
  end
1093
815
 
1094
- # @note When making an API call, you may pass DeleteResourcePolicyRequest
1095
- # data as a hash:
1096
- #
1097
- # {
1098
- # resource_arn: "ResourceArn", # required
1099
- # }
1100
- #
1101
816
  # @!attribute [rw] resource_arn
1102
817
  # The Amazon Resource Name (ARN) of the rule group or firewall policy
1103
818
  # whose resource policy you want to delete.
@@ -1115,15 +830,6 @@ module Aws::NetworkFirewall
1115
830
  #
1116
831
  class DeleteResourcePolicyResponse < Aws::EmptyStructure; end
1117
832
 
1118
- # @note When making an API call, you may pass DeleteRuleGroupRequest
1119
- # data as a hash:
1120
- #
1121
- # {
1122
- # rule_group_name: "ResourceName",
1123
- # rule_group_arn: "ResourceArn",
1124
- # type: "STATELESS", # accepts STATELESS, STATEFUL
1125
- # }
1126
- #
1127
833
  # @!attribute [rw] rule_group_name
1128
834
  # The descriptive name of the rule group. You can't change the name
1129
835
  # of a rule group after you create it.
@@ -1172,14 +878,6 @@ module Aws::NetworkFirewall
1172
878
  include Aws::Structure
1173
879
  end
1174
880
 
1175
- # @note When making an API call, you may pass DescribeFirewallPolicyRequest
1176
- # data as a hash:
1177
- #
1178
- # {
1179
- # firewall_policy_name: "ResourceName",
1180
- # firewall_policy_arn: "ResourceArn",
1181
- # }
1182
- #
1183
881
  # @!attribute [rw] firewall_policy_name
1184
882
  # The descriptive name of the firewall policy. You can't change the
1185
883
  # name of a firewall policy after you create it.
@@ -1236,14 +934,6 @@ module Aws::NetworkFirewall
1236
934
  include Aws::Structure
1237
935
  end
1238
936
 
1239
- # @note When making an API call, you may pass DescribeFirewallRequest
1240
- # data as a hash:
1241
- #
1242
- # {
1243
- # firewall_name: "ResourceName",
1244
- # firewall_arn: "ResourceArn",
1245
- # }
1246
- #
1247
937
  # @!attribute [rw] firewall_name
1248
938
  # The descriptive name of the firewall. You can't change the name of
1249
939
  # a firewall after you create it.
@@ -1308,14 +998,6 @@ module Aws::NetworkFirewall
1308
998
  include Aws::Structure
1309
999
  end
1310
1000
 
1311
- # @note When making an API call, you may pass DescribeLoggingConfigurationRequest
1312
- # data as a hash:
1313
- #
1314
- # {
1315
- # firewall_arn: "ResourceArn",
1316
- # firewall_name: "ResourceName",
1317
- # }
1318
- #
1319
1001
  # @!attribute [rw] firewall_arn
1320
1002
  # The Amazon Resource Name (ARN) of the firewall.
1321
1003
  #
@@ -1355,13 +1037,6 @@ module Aws::NetworkFirewall
1355
1037
  include Aws::Structure
1356
1038
  end
1357
1039
 
1358
- # @note When making an API call, you may pass DescribeResourcePolicyRequest
1359
- # data as a hash:
1360
- #
1361
- # {
1362
- # resource_arn: "ResourceArn", # required
1363
- # }
1364
- #
1365
1040
  # @!attribute [rw] resource_arn
1366
1041
  # The Amazon Resource Name (ARN) of the rule group or firewall policy
1367
1042
  # whose resource policy you want to retrieve.
@@ -1387,15 +1062,6 @@ module Aws::NetworkFirewall
1387
1062
  include Aws::Structure
1388
1063
  end
1389
1064
 
1390
- # @note When making an API call, you may pass DescribeRuleGroupMetadataRequest
1391
- # data as a hash:
1392
- #
1393
- # {
1394
- # rule_group_name: "ResourceName",
1395
- # rule_group_arn: "ResourceArn",
1396
- # type: "STATELESS", # accepts STATELESS, STATEFUL
1397
- # }
1398
- #
1399
1065
  # @!attribute [rw] rule_group_name
1400
1066
  # The descriptive name of the rule group. You can't change the name
1401
1067
  # of a rule group after you create it.
@@ -1495,15 +1161,6 @@ module Aws::NetworkFirewall
1495
1161
  include Aws::Structure
1496
1162
  end
1497
1163
 
1498
- # @note When making an API call, you may pass DescribeRuleGroupRequest
1499
- # data as a hash:
1500
- #
1501
- # {
1502
- # rule_group_name: "ResourceName",
1503
- # rule_group_arn: "ResourceArn",
1504
- # type: "STATELESS", # accepts STATELESS, STATEFUL
1505
- # }
1506
- #
1507
1164
  # @!attribute [rw] rule_group_name
1508
1165
  # The descriptive name of the rule group. You can't change the name
1509
1166
  # of a rule group after you create it.
@@ -1601,13 +1258,6 @@ module Aws::NetworkFirewall
1601
1258
  # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html#usingDimensions
1602
1259
  # [2]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html
1603
1260
  #
1604
- # @note When making an API call, you may pass Dimension
1605
- # data as a hash:
1606
- #
1607
- # {
1608
- # value: "DimensionValue", # required
1609
- # }
1610
- #
1611
1261
  # @!attribute [rw] value
1612
1262
  # The value to use in the custom metric dimension.
1613
1263
  # @return [String]
@@ -1620,16 +1270,6 @@ module Aws::NetworkFirewall
1620
1270
  include Aws::Structure
1621
1271
  end
1622
1272
 
1623
- # @note When making an API call, you may pass DisassociateSubnetsRequest
1624
- # data as a hash:
1625
- #
1626
- # {
1627
- # update_token: "UpdateToken",
1628
- # firewall_arn: "ResourceArn",
1629
- # firewall_name: "ResourceName",
1630
- # subnet_ids: ["AzSubnet"], # required
1631
- # }
1632
- #
1633
1273
  # @!attribute [rw] update_token
1634
1274
  # An optional token that you can use for optimistic locking. Network
1635
1275
  # Firewall returns a token to your requests that access the firewall.
@@ -1737,14 +1377,6 @@ module Aws::NetworkFirewall
1737
1377
  #
1738
1378
  # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
1739
1379
  #
1740
- # @note When making an API call, you may pass EncryptionConfiguration
1741
- # data as a hash:
1742
- #
1743
- # {
1744
- # key_id: "KeyId",
1745
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
1746
- # }
1747
- #
1748
1380
  # @!attribute [rw] key_id
1749
1381
  # The ID of the Amazon Web Services Key Management Service (KMS)
1750
1382
  # customer managed key. You can use any of the key identifiers that
@@ -1896,48 +1528,6 @@ module Aws::NetworkFirewall
1896
1528
  # retrieve all objects for a firewall policy by calling
1897
1529
  # DescribeFirewallPolicy.
1898
1530
  #
1899
- # @note When making an API call, you may pass FirewallPolicy
1900
- # data as a hash:
1901
- #
1902
- # {
1903
- # stateless_rule_group_references: [
1904
- # {
1905
- # resource_arn: "ResourceArn", # required
1906
- # priority: 1, # required
1907
- # },
1908
- # ],
1909
- # stateless_default_actions: ["CollectionMember_String"], # required
1910
- # stateless_fragment_default_actions: ["CollectionMember_String"], # required
1911
- # stateless_custom_actions: [
1912
- # {
1913
- # action_name: "ActionName", # required
1914
- # action_definition: { # required
1915
- # publish_metric_action: {
1916
- # dimensions: [ # required
1917
- # {
1918
- # value: "DimensionValue", # required
1919
- # },
1920
- # ],
1921
- # },
1922
- # },
1923
- # },
1924
- # ],
1925
- # stateful_rule_group_references: [
1926
- # {
1927
- # resource_arn: "ResourceArn", # required
1928
- # priority: 1,
1929
- # override: {
1930
- # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
1931
- # },
1932
- # },
1933
- # ],
1934
- # stateful_default_actions: ["CollectionMember_String"],
1935
- # stateful_engine_options: {
1936
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
1937
- # stream_exception_policy: "DROP", # accepts DROP, CONTINUE
1938
- # },
1939
- # }
1940
- #
1941
1531
  # @!attribute [rw] stateless_rule_group_references
1942
1532
  # References to the stateless rule groups that are used in the policy.
1943
1533
  # These define the matching criteria in stateless rules.
@@ -2195,18 +1785,6 @@ module Aws::NetworkFirewall
2195
1785
  # headers in stateful traffic flow inspection. Traffic flows that match
2196
1786
  # the criteria are a match for the corresponding StatefulRule.
2197
1787
  #
2198
- # @note When making an API call, you may pass Header
2199
- # data as a hash:
2200
- #
2201
- # {
2202
- # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
2203
- # source: "Source", # required
2204
- # source_port: "Port", # required
2205
- # direction: "FORWARD", # required, accepts FORWARD, ANY
2206
- # destination: "Destination", # required
2207
- # destination_port: "Port", # required
2208
- # }
2209
- #
2210
1788
  # @!attribute [rw] protocol
2211
1789
  # The protocol to inspect for. To specify all, you can use `IP`,
2212
1790
  # because all traffic on Amazon Web Services and on the internet is
@@ -2297,13 +1875,6 @@ module Aws::NetworkFirewall
2297
1875
  # A list of IP addresses and address ranges, in CIDR notation. This is
2298
1876
  # part of a RuleVariables.
2299
1877
  #
2300
- # @note When making an API call, you may pass IPSet
2301
- # data as a hash:
2302
- #
2303
- # {
2304
- # definition: ["VariableDefinition"], # required
2305
- # }
2306
- #
2307
1878
  # @!attribute [rw] definition
2308
1879
  # The list of IP addresses and address ranges, in CIDR notation.
2309
1880
  # @return [Array<String>]
@@ -2353,13 +1924,6 @@ module Aws::NetworkFirewall
2353
1924
  # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references
2354
1925
  # [2]: https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html
2355
1926
  #
2356
- # @note When making an API call, you may pass IPSetReference
2357
- # data as a hash:
2358
- #
2359
- # {
2360
- # reference_arn: "ResourceArn",
2361
- # }
2362
- #
2363
1927
  # @!attribute [rw] reference_arn
2364
1928
  # The Amazon Resource Name (ARN) of the resource that you are
2365
1929
  # referencing in your rule group.
@@ -2477,14 +2041,6 @@ module Aws::NetworkFirewall
2477
2041
  include Aws::Structure
2478
2042
  end
2479
2043
 
2480
- # @note When making an API call, you may pass ListFirewallPoliciesRequest
2481
- # data as a hash:
2482
- #
2483
- # {
2484
- # next_token: "PaginationToken",
2485
- # max_results: 1,
2486
- # }
2487
- #
2488
2044
  # @!attribute [rw] next_token
2489
2045
  # When you request a list of objects with a `MaxResults` setting, if
2490
2046
  # the number of objects that are still available for retrieval exceeds
@@ -2532,15 +2088,6 @@ module Aws::NetworkFirewall
2532
2088
  include Aws::Structure
2533
2089
  end
2534
2090
 
2535
- # @note When making an API call, you may pass ListFirewallsRequest
2536
- # data as a hash:
2537
- #
2538
- # {
2539
- # next_token: "PaginationToken",
2540
- # vpc_ids: ["VpcId"],
2541
- # max_results: 1,
2542
- # }
2543
- #
2544
2091
  # @!attribute [rw] next_token
2545
2092
  # When you request a list of objects with a `MaxResults` setting, if
2546
2093
  # the number of objects that are still available for retrieval exceeds
@@ -2595,17 +2142,6 @@ module Aws::NetworkFirewall
2595
2142
  include Aws::Structure
2596
2143
  end
2597
2144
 
2598
- # @note When making an API call, you may pass ListRuleGroupsRequest
2599
- # data as a hash:
2600
- #
2601
- # {
2602
- # next_token: "PaginationToken",
2603
- # max_results: 1,
2604
- # scope: "MANAGED", # accepts MANAGED, ACCOUNT
2605
- # managed_type: "AWS_MANAGED_THREAT_SIGNATURES", # accepts AWS_MANAGED_THREAT_SIGNATURES, AWS_MANAGED_DOMAIN_LISTS
2606
- # type: "STATELESS", # accepts STATELESS, STATEFUL
2607
- # }
2608
- #
2609
2145
  # @!attribute [rw] next_token
2610
2146
  # When you request a list of objects with a `MaxResults` setting, if
2611
2147
  # the number of objects that are still available for retrieval exceeds
@@ -2673,15 +2209,6 @@ module Aws::NetworkFirewall
2673
2209
  include Aws::Structure
2674
2210
  end
2675
2211
 
2676
- # @note When making an API call, you may pass ListTagsForResourceRequest
2677
- # data as a hash:
2678
- #
2679
- # {
2680
- # next_token: "PaginationToken",
2681
- # max_results: 1,
2682
- # resource_arn: "ResourceArn", # required
2683
- # }
2684
- #
2685
2212
  # @!attribute [rw] next_token
2686
2213
  # When you request a list of objects with a `MaxResults` setting, if
2687
2214
  # the number of objects that are still available for retrieval exceeds
@@ -2743,17 +2270,6 @@ module Aws::NetworkFirewall
2743
2270
  # traffic that matches stateful rules that have the rule action set to
2744
2271
  # `DROP` or `ALERT`.
2745
2272
  #
2746
- # @note When making an API call, you may pass LogDestinationConfig
2747
- # data as a hash:
2748
- #
2749
- # {
2750
- # log_type: "ALERT", # required, accepts ALERT, FLOW
2751
- # log_destination_type: "S3", # required, accepts S3, CloudWatchLogs, KinesisDataFirehose
2752
- # log_destination: { # required
2753
- # "HashMapKey" => "HashMapValue",
2754
- # },
2755
- # }
2756
- #
2757
2273
  # @!attribute [rw] log_type
2758
2274
  # The type of log to send. Alert logs report traffic that matches a
2759
2275
  # StatefulRule with an action setting that sends an alert log message.
@@ -2818,21 +2334,6 @@ module Aws::NetworkFirewall
2818
2334
 
2819
2335
  # Defines how Network Firewall performs logging for a Firewall.
2820
2336
  #
2821
- # @note When making an API call, you may pass LoggingConfiguration
2822
- # data as a hash:
2823
- #
2824
- # {
2825
- # log_destination_configs: [ # required
2826
- # {
2827
- # log_type: "ALERT", # required, accepts ALERT, FLOW
2828
- # log_destination_type: "S3", # required, accepts S3, CloudWatchLogs, KinesisDataFirehose
2829
- # log_destination: { # required
2830
- # "HashMapKey" => "HashMapValue",
2831
- # },
2832
- # },
2833
- # ],
2834
- # }
2835
- #
2836
2337
  # @!attribute [rw] log_destination_configs
2837
2338
  # Defines the logging destinations for the logs for a firewall.
2838
2339
  # Network Firewall generates logs for stateful rule groups.
@@ -2851,41 +2352,6 @@ module Aws::NetworkFirewall
2851
2352
  # one or more items such as IP address, CIDR range, port number,
2852
2353
  # protocol, and TCP flags.
2853
2354
  #
2854
- # @note When making an API call, you may pass MatchAttributes
2855
- # data as a hash:
2856
- #
2857
- # {
2858
- # sources: [
2859
- # {
2860
- # address_definition: "AddressDefinition", # required
2861
- # },
2862
- # ],
2863
- # destinations: [
2864
- # {
2865
- # address_definition: "AddressDefinition", # required
2866
- # },
2867
- # ],
2868
- # source_ports: [
2869
- # {
2870
- # from_port: 1, # required
2871
- # to_port: 1, # required
2872
- # },
2873
- # ],
2874
- # destination_ports: [
2875
- # {
2876
- # from_port: 1, # required
2877
- # to_port: 1, # required
2878
- # },
2879
- # ],
2880
- # protocols: [1],
2881
- # tcp_flags: [
2882
- # {
2883
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
2884
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
2885
- # },
2886
- # ],
2887
- # }
2888
- #
2889
2355
  # @!attribute [rw] sources
2890
2356
  # The source IP addresses and address ranges to inspect for, in CIDR
2891
2357
  # notation. If not specified, this matches with any source address.
@@ -2971,14 +2437,6 @@ module Aws::NetworkFirewall
2971
2437
  # destination port ranges in the stateless rule MatchAttributes,
2972
2438
  # `SourcePorts`, and `DestinationPorts` settings.
2973
2439
  #
2974
- # @note When making an API call, you may pass PortRange
2975
- # data as a hash:
2976
- #
2977
- # {
2978
- # from_port: 1, # required
2979
- # to_port: 1, # required
2980
- # }
2981
- #
2982
2440
  # @!attribute [rw] from_port
2983
2441
  # The lower limit of the port range. This must be less than or equal
2984
2442
  # to the `ToPort` specification.
@@ -3000,13 +2458,6 @@ module Aws::NetworkFirewall
3000
2458
 
3001
2459
  # A set of port ranges for use in the rules in a rule group.
3002
2460
  #
3003
- # @note When making an API call, you may pass PortSet
3004
- # data as a hash:
3005
- #
3006
- # {
3007
- # definition: ["VariableDefinition"],
3008
- # }
3009
- #
3010
2461
  # @!attribute [rw] definition
3011
2462
  # The set of port ranges.
3012
2463
  # @return [Array<String>]
@@ -3023,17 +2474,6 @@ module Aws::NetworkFirewall
3023
2474
  # Amazon CloudWatch for the matching packet. This setting defines a
3024
2475
  # CloudWatch dimension value to be published.
3025
2476
  #
3026
- # @note When making an API call, you may pass PublishMetricAction
3027
- # data as a hash:
3028
- #
3029
- # {
3030
- # dimensions: [ # required
3031
- # {
3032
- # value: "DimensionValue", # required
3033
- # },
3034
- # ],
3035
- # }
3036
- #
3037
2477
  # @!attribute [rw] dimensions
3038
2478
  # @return [Array<Types::Dimension>]
3039
2479
  #
@@ -3045,14 +2485,6 @@ module Aws::NetworkFirewall
3045
2485
  include Aws::Structure
3046
2486
  end
3047
2487
 
3048
- # @note When making an API call, you may pass PutResourcePolicyRequest
3049
- # data as a hash:
3050
- #
3051
- # {
3052
- # resource_arn: "ResourceArn", # required
3053
- # policy: "PolicyString", # required
3054
- # }
3055
- #
3056
2488
  # @!attribute [rw] resource_arn
3057
2489
  # The Amazon Resource Name (ARN) of the account that you want to share
3058
2490
  # rule groups and firewall policies with.
@@ -3103,17 +2535,6 @@ module Aws::NetworkFirewall
3103
2535
 
3104
2536
  # Contains a set of IP set references.
3105
2537
  #
3106
- # @note When making an API call, you may pass ReferenceSets
3107
- # data as a hash:
3108
- #
3109
- # {
3110
- # ip_set_references: {
3111
- # "IPSetReferenceName" => {
3112
- # reference_arn: "ResourceArn",
3113
- # },
3114
- # },
3115
- # }
3116
- #
3117
2538
  # @!attribute [rw] ip_set_references
3118
2539
  # The list of IP set references.
3119
2540
  # @return [Hash<String,Types::IPSetReference>]
@@ -3157,44 +2578,6 @@ module Aws::NetworkFirewall
3157
2578
  # criteria. When a packet matches the criteria, Network Firewall
3158
2579
  # performs the rule's actions on the packet.
3159
2580
  #
3160
- # @note When making an API call, you may pass RuleDefinition
3161
- # data as a hash:
3162
- #
3163
- # {
3164
- # match_attributes: { # required
3165
- # sources: [
3166
- # {
3167
- # address_definition: "AddressDefinition", # required
3168
- # },
3169
- # ],
3170
- # destinations: [
3171
- # {
3172
- # address_definition: "AddressDefinition", # required
3173
- # },
3174
- # ],
3175
- # source_ports: [
3176
- # {
3177
- # from_port: 1, # required
3178
- # to_port: 1, # required
3179
- # },
3180
- # ],
3181
- # destination_ports: [
3182
- # {
3183
- # from_port: 1, # required
3184
- # to_port: 1, # required
3185
- # },
3186
- # ],
3187
- # protocols: [1],
3188
- # tcp_flags: [
3189
- # {
3190
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
3191
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
3192
- # },
3193
- # ],
3194
- # },
3195
- # actions: ["CollectionMember_String"], # required
3196
- # }
3197
- #
3198
2581
  # @!attribute [rw] match_attributes
3199
2582
  # Criteria for Network Firewall to use to inspect an individual packet
3200
2583
  # in stateless rule inspection. Each match attributes set can include
@@ -3263,116 +2646,6 @@ module Aws::NetworkFirewall
3263
2646
  # can reference a rule group from more than one firewall policy, and you
3264
2647
  # can use a firewall policy in more than one firewall.
3265
2648
  #
3266
- # @note When making an API call, you may pass RuleGroup
3267
- # data as a hash:
3268
- #
3269
- # {
3270
- # rule_variables: {
3271
- # ip_sets: {
3272
- # "RuleVariableName" => {
3273
- # definition: ["VariableDefinition"], # required
3274
- # },
3275
- # },
3276
- # port_sets: {
3277
- # "RuleVariableName" => {
3278
- # definition: ["VariableDefinition"],
3279
- # },
3280
- # },
3281
- # },
3282
- # reference_sets: {
3283
- # ip_set_references: {
3284
- # "IPSetReferenceName" => {
3285
- # reference_arn: "ResourceArn",
3286
- # },
3287
- # },
3288
- # },
3289
- # rules_source: { # required
3290
- # rules_string: "RulesString",
3291
- # rules_source_list: {
3292
- # targets: ["CollectionMember_String"], # required
3293
- # target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
3294
- # generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
3295
- # },
3296
- # stateful_rules: [
3297
- # {
3298
- # action: "PASS", # required, accepts PASS, DROP, ALERT
3299
- # header: { # required
3300
- # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
3301
- # source: "Source", # required
3302
- # source_port: "Port", # required
3303
- # direction: "FORWARD", # required, accepts FORWARD, ANY
3304
- # destination: "Destination", # required
3305
- # destination_port: "Port", # required
3306
- # },
3307
- # rule_options: [ # required
3308
- # {
3309
- # keyword: "Keyword", # required
3310
- # settings: ["Setting"],
3311
- # },
3312
- # ],
3313
- # },
3314
- # ],
3315
- # stateless_rules_and_custom_actions: {
3316
- # stateless_rules: [ # required
3317
- # {
3318
- # rule_definition: { # required
3319
- # match_attributes: { # required
3320
- # sources: [
3321
- # {
3322
- # address_definition: "AddressDefinition", # required
3323
- # },
3324
- # ],
3325
- # destinations: [
3326
- # {
3327
- # address_definition: "AddressDefinition", # required
3328
- # },
3329
- # ],
3330
- # source_ports: [
3331
- # {
3332
- # from_port: 1, # required
3333
- # to_port: 1, # required
3334
- # },
3335
- # ],
3336
- # destination_ports: [
3337
- # {
3338
- # from_port: 1, # required
3339
- # to_port: 1, # required
3340
- # },
3341
- # ],
3342
- # protocols: [1],
3343
- # tcp_flags: [
3344
- # {
3345
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
3346
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
3347
- # },
3348
- # ],
3349
- # },
3350
- # actions: ["CollectionMember_String"], # required
3351
- # },
3352
- # priority: 1, # required
3353
- # },
3354
- # ],
3355
- # custom_actions: [
3356
- # {
3357
- # action_name: "ActionName", # required
3358
- # action_definition: { # required
3359
- # publish_metric_action: {
3360
- # dimensions: [ # required
3361
- # {
3362
- # value: "DimensionValue", # required
3363
- # },
3364
- # ],
3365
- # },
3366
- # },
3367
- # },
3368
- # ],
3369
- # },
3370
- # },
3371
- # stateful_rule_options: {
3372
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
3373
- # },
3374
- # }
3375
- #
3376
2649
  # @!attribute [rw] rule_variables
3377
2650
  # Settings that are available for use in the rules in the rule group.
3378
2651
  # You can only use these for stateful rule groups.
@@ -3540,14 +2813,6 @@ module Aws::NetworkFirewall
3540
2813
  # Additional settings for a stateful rule. This is part of the
3541
2814
  # StatefulRule configuration.
3542
2815
  #
3543
- # @note When making an API call, you may pass RuleOption
3544
- # data as a hash:
3545
- #
3546
- # {
3547
- # keyword: "Keyword", # required
3548
- # settings: ["Setting"],
3549
- # }
3550
- #
3551
2816
  # @!attribute [rw] keyword
3552
2817
  # @return [String]
3553
2818
  #
@@ -3566,22 +2831,6 @@ module Aws::NetworkFirewall
3566
2831
  # Settings that are available for use in the rules in the RuleGroup
3567
2832
  # where this is defined.
3568
2833
  #
3569
- # @note When making an API call, you may pass RuleVariables
3570
- # data as a hash:
3571
- #
3572
- # {
3573
- # ip_sets: {
3574
- # "RuleVariableName" => {
3575
- # definition: ["VariableDefinition"], # required
3576
- # },
3577
- # },
3578
- # port_sets: {
3579
- # "RuleVariableName" => {
3580
- # definition: ["VariableDefinition"],
3581
- # },
3582
- # },
3583
- # }
3584
- #
3585
2834
  # @!attribute [rw] ip_sets
3586
2835
  # A list of IP addresses and address ranges, in CIDR notation.
3587
2836
  # @return [Hash<String,Types::IPSet>]
@@ -3603,92 +2852,6 @@ module Aws::NetworkFirewall
3603
2852
  # group. Each rule group requires a single `RulesSource`. You can use an
3604
2853
  # instance of this for either stateless rules or stateful rules.
3605
2854
  #
3606
- # @note When making an API call, you may pass RulesSource
3607
- # data as a hash:
3608
- #
3609
- # {
3610
- # rules_string: "RulesString",
3611
- # rules_source_list: {
3612
- # targets: ["CollectionMember_String"], # required
3613
- # target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
3614
- # generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
3615
- # },
3616
- # stateful_rules: [
3617
- # {
3618
- # action: "PASS", # required, accepts PASS, DROP, ALERT
3619
- # header: { # required
3620
- # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
3621
- # source: "Source", # required
3622
- # source_port: "Port", # required
3623
- # direction: "FORWARD", # required, accepts FORWARD, ANY
3624
- # destination: "Destination", # required
3625
- # destination_port: "Port", # required
3626
- # },
3627
- # rule_options: [ # required
3628
- # {
3629
- # keyword: "Keyword", # required
3630
- # settings: ["Setting"],
3631
- # },
3632
- # ],
3633
- # },
3634
- # ],
3635
- # stateless_rules_and_custom_actions: {
3636
- # stateless_rules: [ # required
3637
- # {
3638
- # rule_definition: { # required
3639
- # match_attributes: { # required
3640
- # sources: [
3641
- # {
3642
- # address_definition: "AddressDefinition", # required
3643
- # },
3644
- # ],
3645
- # destinations: [
3646
- # {
3647
- # address_definition: "AddressDefinition", # required
3648
- # },
3649
- # ],
3650
- # source_ports: [
3651
- # {
3652
- # from_port: 1, # required
3653
- # to_port: 1, # required
3654
- # },
3655
- # ],
3656
- # destination_ports: [
3657
- # {
3658
- # from_port: 1, # required
3659
- # to_port: 1, # required
3660
- # },
3661
- # ],
3662
- # protocols: [1],
3663
- # tcp_flags: [
3664
- # {
3665
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
3666
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
3667
- # },
3668
- # ],
3669
- # },
3670
- # actions: ["CollectionMember_String"], # required
3671
- # },
3672
- # priority: 1, # required
3673
- # },
3674
- # ],
3675
- # custom_actions: [
3676
- # {
3677
- # action_name: "ActionName", # required
3678
- # action_definition: { # required
3679
- # publish_metric_action: {
3680
- # dimensions: [ # required
3681
- # {
3682
- # value: "DimensionValue", # required
3683
- # },
3684
- # ],
3685
- # },
3686
- # },
3687
- # },
3688
- # ],
3689
- # },
3690
- # }
3691
- #
3692
2855
  # @!attribute [rw] rules_string
3693
2856
  # Stateful inspection criteria, provided in Suricata compatible
3694
2857
  # intrusion prevention system (IPS) rules. Suricata is an open-source
@@ -3748,15 +2911,6 @@ module Aws::NetworkFirewall
3748
2911
  #
3749
2912
  # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-domain-names.html
3750
2913
  #
3751
- # @note When making an API call, you may pass RulesSourceList
3752
- # data as a hash:
3753
- #
3754
- # {
3755
- # targets: ["CollectionMember_String"], # required
3756
- # target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
3757
- # generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
3758
- # }
3759
- #
3760
2914
  # @!attribute [rw] targets
3761
2915
  # The domains that you want to inspect for in your traffic flows.
3762
2916
  # Valid domain specifications are the following:
@@ -3799,14 +2953,6 @@ module Aws::NetworkFirewall
3799
2953
  #
3800
2954
  # [1]: https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html
3801
2955
  #
3802
- # @note When making an API call, you may pass SourceMetadata
3803
- # data as a hash:
3804
- #
3805
- # {
3806
- # source_arn: "ResourceArn",
3807
- # source_update_token: "UpdateToken",
3808
- # }
3809
- #
3810
2956
  # @!attribute [rw] source_arn
3811
2957
  # The Amazon Resource Name (ARN) of the rule group that your own rule
3812
2958
  # group is copied from.
@@ -3834,14 +2980,6 @@ module Aws::NetworkFirewall
3834
2980
  # Configuration settings for the handling of the stateful rule groups in
3835
2981
  # a firewall policy.
3836
2982
  #
3837
- # @note When making an API call, you may pass StatefulEngineOptions
3838
- # data as a hash:
3839
- #
3840
- # {
3841
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
3842
- # stream_exception_policy: "DROP", # accepts DROP, CONTINUE
3843
- # }
3844
- #
3845
2983
  # @!attribute [rw] rule_order
3846
2984
  # Indicates how to manage the order of stateful rule evaluation for
3847
2985
  # the policy. `DEFAULT_ACTION_ORDER` is the default behavior. Stateful
@@ -3894,27 +3032,6 @@ module Aws::NetworkFirewall
3894
3032
  #
3895
3033
  # [1]: https://suricata.readthedocs.io/rules/intro.html#
3896
3034
  #
3897
- # @note When making an API call, you may pass StatefulRule
3898
- # data as a hash:
3899
- #
3900
- # {
3901
- # action: "PASS", # required, accepts PASS, DROP, ALERT
3902
- # header: { # required
3903
- # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
3904
- # source: "Source", # required
3905
- # source_port: "Port", # required
3906
- # direction: "FORWARD", # required, accepts FORWARD, ANY
3907
- # destination: "Destination", # required
3908
- # destination_port: "Port", # required
3909
- # },
3910
- # rule_options: [ # required
3911
- # {
3912
- # keyword: "Keyword", # required
3913
- # settings: ["Setting"],
3914
- # },
3915
- # ],
3916
- # }
3917
- #
3918
3035
  # @!attribute [rw] action
3919
3036
  # Defines what Network Firewall should do with the packets in a
3920
3037
  # traffic flow when the flow matches the stateful rule criteria. For
@@ -3962,13 +3079,6 @@ module Aws::NetworkFirewall
3962
3079
  # The setting that allows the policy owner to change the behavior of the
3963
3080
  # rule group within a policy.
3964
3081
  #
3965
- # @note When making an API call, you may pass StatefulRuleGroupOverride
3966
- # data as a hash:
3967
- #
3968
- # {
3969
- # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
3970
- # }
3971
- #
3972
3082
  # @!attribute [rw] action
3973
3083
  # The action that changes the rule group from `DROP` to `ALERT`. This
3974
3084
  # only applies to managed rule groups.
@@ -3985,17 +3095,6 @@ module Aws::NetworkFirewall
3985
3095
  # Identifier for a single stateful rule group, used in a firewall policy
3986
3096
  # to refer to a rule group.
3987
3097
  #
3988
- # @note When making an API call, you may pass StatefulRuleGroupReference
3989
- # data as a hash:
3990
- #
3991
- # {
3992
- # resource_arn: "ResourceArn", # required
3993
- # priority: 1,
3994
- # override: {
3995
- # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
3996
- # },
3997
- # }
3998
- #
3999
3098
  # @!attribute [rw] resource_arn
4000
3099
  # The Amazon Resource Name (ARN) of the stateful rule group.
4001
3100
  # @return [String]
@@ -4035,13 +3134,6 @@ module Aws::NetworkFirewall
4035
3134
  # Additional options governing how Network Firewall handles the rule
4036
3135
  # group. You can only use these for stateful rule groups.
4037
3136
  #
4038
- # @note When making an API call, you may pass StatefulRuleOptions
4039
- # data as a hash:
4040
- #
4041
- # {
4042
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
4043
- # }
4044
- #
4045
3137
  # @!attribute [rw] rule_order
4046
3138
  # Indicates how to manage the order of the rule evaluation for the
4047
3139
  # rule group. `DEFAULT_ACTION_ORDER` is the default behavior. Stateful
@@ -4066,47 +3158,6 @@ module Aws::NetworkFirewall
4066
3158
  # A single stateless rule. This is used in
4067
3159
  # StatelessRulesAndCustomActions.
4068
3160
  #
4069
- # @note When making an API call, you may pass StatelessRule
4070
- # data as a hash:
4071
- #
4072
- # {
4073
- # rule_definition: { # required
4074
- # match_attributes: { # required
4075
- # sources: [
4076
- # {
4077
- # address_definition: "AddressDefinition", # required
4078
- # },
4079
- # ],
4080
- # destinations: [
4081
- # {
4082
- # address_definition: "AddressDefinition", # required
4083
- # },
4084
- # ],
4085
- # source_ports: [
4086
- # {
4087
- # from_port: 1, # required
4088
- # to_port: 1, # required
4089
- # },
4090
- # ],
4091
- # destination_ports: [
4092
- # {
4093
- # from_port: 1, # required
4094
- # to_port: 1, # required
4095
- # },
4096
- # ],
4097
- # protocols: [1],
4098
- # tcp_flags: [
4099
- # {
4100
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
4101
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
4102
- # },
4103
- # ],
4104
- # },
4105
- # actions: ["CollectionMember_String"], # required
4106
- # },
4107
- # priority: 1, # required
4108
- # }
4109
- #
4110
3161
  # @!attribute [rw] rule_definition
4111
3162
  # Defines the stateless 5-tuple packet inspection criteria and the
4112
3163
  # action to take on a packet that matches the criteria.
@@ -4143,14 +3194,6 @@ module Aws::NetworkFirewall
4143
3194
  # Identifier for a single stateless rule group, used in a firewall
4144
3195
  # policy to refer to the rule group.
4145
3196
  #
4146
- # @note When making an API call, you may pass StatelessRuleGroupReference
4147
- # data as a hash:
4148
- #
4149
- # {
4150
- # resource_arn: "ResourceArn", # required
4151
- # priority: 1, # required
4152
- # }
4153
- #
4154
3197
  # @!attribute [rw] resource_arn
4155
3198
  # The Amazon Resource Name (ARN) of the stateless rule group.
4156
3199
  # @return [String]
@@ -4175,65 +3218,6 @@ module Aws::NetworkFirewall
4175
3218
  # Stateless inspection criteria. Each stateless rule group uses exactly
4176
3219
  # one of these data types to define its stateless rules.
4177
3220
  #
4178
- # @note When making an API call, you may pass StatelessRulesAndCustomActions
4179
- # data as a hash:
4180
- #
4181
- # {
4182
- # stateless_rules: [ # required
4183
- # {
4184
- # rule_definition: { # required
4185
- # match_attributes: { # required
4186
- # sources: [
4187
- # {
4188
- # address_definition: "AddressDefinition", # required
4189
- # },
4190
- # ],
4191
- # destinations: [
4192
- # {
4193
- # address_definition: "AddressDefinition", # required
4194
- # },
4195
- # ],
4196
- # source_ports: [
4197
- # {
4198
- # from_port: 1, # required
4199
- # to_port: 1, # required
4200
- # },
4201
- # ],
4202
- # destination_ports: [
4203
- # {
4204
- # from_port: 1, # required
4205
- # to_port: 1, # required
4206
- # },
4207
- # ],
4208
- # protocols: [1],
4209
- # tcp_flags: [
4210
- # {
4211
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
4212
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
4213
- # },
4214
- # ],
4215
- # },
4216
- # actions: ["CollectionMember_String"], # required
4217
- # },
4218
- # priority: 1, # required
4219
- # },
4220
- # ],
4221
- # custom_actions: [
4222
- # {
4223
- # action_name: "ActionName", # required
4224
- # action_definition: { # required
4225
- # publish_metric_action: {
4226
- # dimensions: [ # required
4227
- # {
4228
- # value: "DimensionValue", # required
4229
- # },
4230
- # ],
4231
- # },
4232
- # },
4233
- # },
4234
- # ],
4235
- # }
4236
- #
4237
3221
  # @!attribute [rw] stateless_rules
4238
3222
  # Defines the set of stateless rules for use in a stateless rule
4239
3223
  # group.
@@ -4261,13 +3245,6 @@ module Aws::NetworkFirewall
4261
3245
  # creates an instance of the associated firewall in each subnet that you
4262
3246
  # specify, to filter traffic in the subnet's Availability Zone.
4263
3247
  #
4264
- # @note When making an API call, you may pass SubnetMapping
4265
- # data as a hash:
4266
- #
4267
- # {
4268
- # subnet_id: "CollectionMember_String", # required
4269
- # }
4270
- #
4271
3248
  # @!attribute [rw] subnet_id
4272
3249
  # The unique identifier for the subnet.
4273
3250
  # @return [String]
@@ -4326,14 +3303,6 @@ module Aws::NetworkFirewall
4326
3303
  # TCP flags and masks to inspect packets for, used in stateless rules
4327
3304
  # MatchAttributes settings.
4328
3305
  #
4329
- # @note When making an API call, you may pass TCPFlagField
4330
- # data as a hash:
4331
- #
4332
- # {
4333
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
4334
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
4335
- # }
4336
- #
4337
3306
  # @!attribute [rw] flags
4338
3307
  # Used in conjunction with the `Masks` setting to define the flags
4339
3308
  # that must be set and flags that must not be set in order for the
@@ -4371,14 +3340,6 @@ module Aws::NetworkFirewall
4371
3340
  # "development," or "production"). You can add up to 50 tags to each
4372
3341
  # Amazon Web Services resource.
4373
3342
  #
4374
- # @note When making an API call, you may pass Tag
4375
- # data as a hash:
4376
- #
4377
- # {
4378
- # key: "TagKey", # required
4379
- # value: "TagValue", # required
4380
- # }
4381
- #
4382
3343
  # @!attribute [rw] key
4383
3344
  # The part of the key:value pair that defines a tag. You can use a tag
4384
3345
  # key to describe a category of information, such as "customer." Tag
@@ -4400,19 +3361,6 @@ module Aws::NetworkFirewall
4400
3361
  include Aws::Structure
4401
3362
  end
4402
3363
 
4403
- # @note When making an API call, you may pass TagResourceRequest
4404
- # data as a hash:
4405
- #
4406
- # {
4407
- # resource_arn: "ResourceArn", # required
4408
- # tags: [ # required
4409
- # {
4410
- # key: "TagKey", # required
4411
- # value: "TagValue", # required
4412
- # },
4413
- # ],
4414
- # }
4415
- #
4416
3364
  # @!attribute [rw] resource_arn
4417
3365
  # The Amazon Resource Name (ARN) of the resource.
4418
3366
  # @return [String]
@@ -4459,14 +3407,6 @@ module Aws::NetworkFirewall
4459
3407
  include Aws::Structure
4460
3408
  end
4461
3409
 
4462
- # @note When making an API call, you may pass UntagResourceRequest
4463
- # data as a hash:
4464
- #
4465
- # {
4466
- # resource_arn: "ResourceArn", # required
4467
- # tag_keys: ["TagKey"], # required
4468
- # }
4469
- #
4470
3410
  # @!attribute [rw] resource_arn
4471
3411
  # The Amazon Resource Name (ARN) of the resource.
4472
3412
  # @return [String]
@@ -4487,16 +3427,6 @@ module Aws::NetworkFirewall
4487
3427
  #
4488
3428
  class UntagResourceResponse < Aws::EmptyStructure; end
4489
3429
 
4490
- # @note When making an API call, you may pass UpdateFirewallDeleteProtectionRequest
4491
- # data as a hash:
4492
- #
4493
- # {
4494
- # update_token: "UpdateToken",
4495
- # firewall_arn: "ResourceArn",
4496
- # firewall_name: "ResourceName",
4497
- # delete_protection: false, # required
4498
- # }
4499
- #
4500
3430
  # @!attribute [rw] update_token
4501
3431
  # An optional token that you can use for optimistic locking. Network
4502
3432
  # Firewall returns a token to your requests that access the firewall.
@@ -4597,16 +3527,6 @@ module Aws::NetworkFirewall
4597
3527
  include Aws::Structure
4598
3528
  end
4599
3529
 
4600
- # @note When making an API call, you may pass UpdateFirewallDescriptionRequest
4601
- # data as a hash:
4602
- #
4603
- # {
4604
- # update_token: "UpdateToken",
4605
- # firewall_arn: "ResourceArn",
4606
- # firewall_name: "ResourceName",
4607
- # description: "Description",
4608
- # }
4609
- #
4610
3530
  # @!attribute [rw] update_token
4611
3531
  # An optional token that you can use for optimistic locking. Network
4612
3532
  # Firewall returns a token to your requests that access the firewall.
@@ -4700,19 +3620,6 @@ module Aws::NetworkFirewall
4700
3620
  include Aws::Structure
4701
3621
  end
4702
3622
 
4703
- # @note When making an API call, you may pass UpdateFirewallEncryptionConfigurationRequest
4704
- # data as a hash:
4705
- #
4706
- # {
4707
- # update_token: "UpdateToken",
4708
- # firewall_arn: "ResourceArn",
4709
- # firewall_name: "ResourceName",
4710
- # encryption_configuration: {
4711
- # key_id: "KeyId",
4712
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
4713
- # },
4714
- # }
4715
- #
4716
3623
  # @!attribute [rw] update_token
4717
3624
  # An optional token that you can use for optimistic locking. Network
4718
3625
  # Firewall returns a token to your requests that access the firewall.
@@ -4825,16 +3732,6 @@ module Aws::NetworkFirewall
4825
3732
  include Aws::Structure
4826
3733
  end
4827
3734
 
4828
- # @note When making an API call, you may pass UpdateFirewallPolicyChangeProtectionRequest
4829
- # data as a hash:
4830
- #
4831
- # {
4832
- # update_token: "UpdateToken",
4833
- # firewall_arn: "ResourceArn",
4834
- # firewall_name: "ResourceName",
4835
- # firewall_policy_change_protection: false, # required
4836
- # }
4837
- #
4838
3735
  # @!attribute [rw] update_token
4839
3736
  # An optional token that you can use for optimistic locking. Network
4840
3737
  # Firewall returns a token to your requests that access the firewall.
@@ -4935,59 +3832,6 @@ module Aws::NetworkFirewall
4935
3832
  include Aws::Structure
4936
3833
  end
4937
3834
 
4938
- # @note When making an API call, you may pass UpdateFirewallPolicyRequest
4939
- # data as a hash:
4940
- #
4941
- # {
4942
- # update_token: "UpdateToken", # required
4943
- # firewall_policy_arn: "ResourceArn",
4944
- # firewall_policy_name: "ResourceName",
4945
- # firewall_policy: { # required
4946
- # stateless_rule_group_references: [
4947
- # {
4948
- # resource_arn: "ResourceArn", # required
4949
- # priority: 1, # required
4950
- # },
4951
- # ],
4952
- # stateless_default_actions: ["CollectionMember_String"], # required
4953
- # stateless_fragment_default_actions: ["CollectionMember_String"], # required
4954
- # stateless_custom_actions: [
4955
- # {
4956
- # action_name: "ActionName", # required
4957
- # action_definition: { # required
4958
- # publish_metric_action: {
4959
- # dimensions: [ # required
4960
- # {
4961
- # value: "DimensionValue", # required
4962
- # },
4963
- # ],
4964
- # },
4965
- # },
4966
- # },
4967
- # ],
4968
- # stateful_rule_group_references: [
4969
- # {
4970
- # resource_arn: "ResourceArn", # required
4971
- # priority: 1,
4972
- # override: {
4973
- # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
4974
- # },
4975
- # },
4976
- # ],
4977
- # stateful_default_actions: ["CollectionMember_String"],
4978
- # stateful_engine_options: {
4979
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
4980
- # stream_exception_policy: "DROP", # accepts DROP, CONTINUE
4981
- # },
4982
- # },
4983
- # description: "Description",
4984
- # dry_run: false,
4985
- # encryption_configuration: {
4986
- # key_id: "KeyId",
4987
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
4988
- # },
4989
- # }
4990
- #
4991
3835
  # @!attribute [rw] update_token
4992
3836
  # A token used for optimistic locking. Network Firewall returns a
4993
3837
  # token to your requests that access the firewall policy. The token
@@ -5087,25 +3931,6 @@ module Aws::NetworkFirewall
5087
3931
  include Aws::Structure
5088
3932
  end
5089
3933
 
5090
- # @note When making an API call, you may pass UpdateLoggingConfigurationRequest
5091
- # data as a hash:
5092
- #
5093
- # {
5094
- # firewall_arn: "ResourceArn",
5095
- # firewall_name: "ResourceName",
5096
- # logging_configuration: {
5097
- # log_destination_configs: [ # required
5098
- # {
5099
- # log_type: "ALERT", # required, accepts ALERT, FLOW
5100
- # log_destination_type: "S3", # required, accepts S3, CloudWatchLogs, KinesisDataFirehose
5101
- # log_destination: { # required
5102
- # "HashMapKey" => "HashMapValue",
5103
- # },
5104
- # },
5105
- # ],
5106
- # },
5107
- # }
5108
- #
5109
3934
  # @!attribute [rw] firewall_arn
5110
3935
  # The Amazon Resource Name (ARN) of the firewall.
5111
3936
  #
@@ -5158,133 +3983,6 @@ module Aws::NetworkFirewall
5158
3983
  include Aws::Structure
5159
3984
  end
5160
3985
 
5161
- # @note When making an API call, you may pass UpdateRuleGroupRequest
5162
- # data as a hash:
5163
- #
5164
- # {
5165
- # update_token: "UpdateToken", # required
5166
- # rule_group_arn: "ResourceArn",
5167
- # rule_group_name: "ResourceName",
5168
- # rule_group: {
5169
- # rule_variables: {
5170
- # ip_sets: {
5171
- # "RuleVariableName" => {
5172
- # definition: ["VariableDefinition"], # required
5173
- # },
5174
- # },
5175
- # port_sets: {
5176
- # "RuleVariableName" => {
5177
- # definition: ["VariableDefinition"],
5178
- # },
5179
- # },
5180
- # },
5181
- # reference_sets: {
5182
- # ip_set_references: {
5183
- # "IPSetReferenceName" => {
5184
- # reference_arn: "ResourceArn",
5185
- # },
5186
- # },
5187
- # },
5188
- # rules_source: { # required
5189
- # rules_string: "RulesString",
5190
- # rules_source_list: {
5191
- # targets: ["CollectionMember_String"], # required
5192
- # target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
5193
- # generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
5194
- # },
5195
- # stateful_rules: [
5196
- # {
5197
- # action: "PASS", # required, accepts PASS, DROP, ALERT
5198
- # header: { # required
5199
- # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
5200
- # source: "Source", # required
5201
- # source_port: "Port", # required
5202
- # direction: "FORWARD", # required, accepts FORWARD, ANY
5203
- # destination: "Destination", # required
5204
- # destination_port: "Port", # required
5205
- # },
5206
- # rule_options: [ # required
5207
- # {
5208
- # keyword: "Keyword", # required
5209
- # settings: ["Setting"],
5210
- # },
5211
- # ],
5212
- # },
5213
- # ],
5214
- # stateless_rules_and_custom_actions: {
5215
- # stateless_rules: [ # required
5216
- # {
5217
- # rule_definition: { # required
5218
- # match_attributes: { # required
5219
- # sources: [
5220
- # {
5221
- # address_definition: "AddressDefinition", # required
5222
- # },
5223
- # ],
5224
- # destinations: [
5225
- # {
5226
- # address_definition: "AddressDefinition", # required
5227
- # },
5228
- # ],
5229
- # source_ports: [
5230
- # {
5231
- # from_port: 1, # required
5232
- # to_port: 1, # required
5233
- # },
5234
- # ],
5235
- # destination_ports: [
5236
- # {
5237
- # from_port: 1, # required
5238
- # to_port: 1, # required
5239
- # },
5240
- # ],
5241
- # protocols: [1],
5242
- # tcp_flags: [
5243
- # {
5244
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
5245
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
5246
- # },
5247
- # ],
5248
- # },
5249
- # actions: ["CollectionMember_String"], # required
5250
- # },
5251
- # priority: 1, # required
5252
- # },
5253
- # ],
5254
- # custom_actions: [
5255
- # {
5256
- # action_name: "ActionName", # required
5257
- # action_definition: { # required
5258
- # publish_metric_action: {
5259
- # dimensions: [ # required
5260
- # {
5261
- # value: "DimensionValue", # required
5262
- # },
5263
- # ],
5264
- # },
5265
- # },
5266
- # },
5267
- # ],
5268
- # },
5269
- # },
5270
- # stateful_rule_options: {
5271
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
5272
- # },
5273
- # },
5274
- # rules: "RulesString",
5275
- # type: "STATELESS", # accepts STATELESS, STATEFUL
5276
- # description: "Description",
5277
- # dry_run: false,
5278
- # encryption_configuration: {
5279
- # key_id: "KeyId",
5280
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
5281
- # },
5282
- # source_metadata: {
5283
- # source_arn: "ResourceArn",
5284
- # source_update_token: "UpdateToken",
5285
- # },
5286
- # }
5287
- #
5288
3986
  # @!attribute [rw] update_token
5289
3987
  # A token used for optimistic locking. Network Firewall returns a
5290
3988
  # token to your requests that access the rule group. The token marks
@@ -5425,16 +4123,6 @@ module Aws::NetworkFirewall
5425
4123
  include Aws::Structure
5426
4124
  end
5427
4125
 
5428
- # @note When making an API call, you may pass UpdateSubnetChangeProtectionRequest
5429
- # data as a hash:
5430
- #
5431
- # {
5432
- # update_token: "UpdateToken",
5433
- # firewall_arn: "ResourceArn",
5434
- # firewall_name: "ResourceName",
5435
- # subnet_change_protection: false, # required
5436
- # }
5437
- #
5438
4126
  # @!attribute [rw] update_token
5439
4127
  # An optional token that you can use for optimistic locking. Network
5440
4128
  # Firewall returns a token to your requests that access the firewall.