aws-sdk-networkfirewall 1.19.0 → 1.21.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -13,19 +13,6 @@ module Aws::NetworkFirewall
13
13
  # A custom action to use in stateless rule actions settings. This is
14
14
  # used in CustomAction.
15
15
  #
16
- # @note When making an API call, you may pass ActionDefinition
17
- # data as a hash:
18
- #
19
- # {
20
- # publish_metric_action: {
21
- # dimensions: [ # required
22
- # {
23
- # value: "DimensionValue", # required
24
- # },
25
- # ],
26
- # },
27
- # }
28
- #
29
16
  # @!attribute [rw] publish_metric_action
30
17
  # Stateless inspection criteria that publishes the specified metrics
31
18
  # to Amazon CloudWatch for the matching packet. This setting defines a
@@ -49,13 +36,6 @@ module Aws::NetworkFirewall
49
36
  # A single IP address specification. This is used in the MatchAttributes
50
37
  # source and destination specifications.
51
38
  #
52
- # @note When making an API call, you may pass Address
53
- # data as a hash:
54
- #
55
- # {
56
- # address_definition: "AddressDefinition", # required
57
- # }
58
- #
59
39
  # @!attribute [rw] address_definition
60
40
  # Specify an IP address or a block of IP addresses in Classless
61
41
  # Inter-Domain Routing (CIDR) notation. Network Firewall supports all
@@ -85,16 +65,6 @@ module Aws::NetworkFirewall
85
65
  include Aws::Structure
86
66
  end
87
67
 
88
- # @note When making an API call, you may pass AssociateFirewallPolicyRequest
89
- # data as a hash:
90
- #
91
- # {
92
- # update_token: "UpdateToken",
93
- # firewall_arn: "ResourceArn",
94
- # firewall_name: "ResourceName",
95
- # firewall_policy_arn: "ResourceArn", # required
96
- # }
97
- #
98
68
  # @!attribute [rw] update_token
99
69
  # An optional token that you can use for optimistic locking. Network
100
70
  # Firewall returns a token to your requests that access the firewall.
@@ -187,20 +157,6 @@ module Aws::NetworkFirewall
187
157
  include Aws::Structure
188
158
  end
189
159
 
190
- # @note When making an API call, you may pass AssociateSubnetsRequest
191
- # data as a hash:
192
- #
193
- # {
194
- # update_token: "UpdateToken",
195
- # firewall_arn: "ResourceArn",
196
- # firewall_name: "ResourceName",
197
- # subnet_mappings: [ # required
198
- # {
199
- # subnet_id: "CollectionMember_String", # required
200
- # },
201
- # ],
202
- # }
203
- #
204
160
  # @!attribute [rw] update_token
205
161
  # An optional token that you can use for optimistic locking. Network
206
162
  # Firewall returns a token to your requests that access the firewall.
@@ -316,7 +272,21 @@ module Aws::NetworkFirewall
316
272
  # settings. When this value is `READY`, the endpoint is available and
317
273
  # configured properly to handle network traffic. When the endpoint
318
274
  # isn't available for traffic, this value will reflect its state, for
319
- # example `CREATING`, `DELETING`, or `FAILED`.
275
+ # example `CREATING` or `DELETING`.
276
+ # @return [String]
277
+ #
278
+ # @!attribute [rw] status_message
279
+ # If Network Firewall fails to create or delete the firewall endpoint
280
+ # in the subnet, it populates this with the reason for the failure and
281
+ # how to resolve it. Depending on the error, it can take as many as 15
282
+ # minutes to populate this field. For more information about the
283
+ # errors and solutions available for this field, see [Troubleshooting
284
+ # firewall endpoint failures][1] in the *Network Firewall Developer
285
+ # Guide*.
286
+ #
287
+ #
288
+ #
289
+ # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-troubleshooting-endpoint-failures.html
320
290
  # @return [String]
321
291
  #
322
292
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Attachment AWS API Documentation
@@ -324,7 +294,8 @@ module Aws::NetworkFirewall
324
294
  class Attachment < Struct.new(
325
295
  :subnet_id,
326
296
  :endpoint_id,
327
- :status)
297
+ :status,
298
+ :status_message)
328
299
  SENSITIVE = []
329
300
  include Aws::Structure
330
301
  end
@@ -373,63 +344,6 @@ module Aws::NetworkFirewall
373
344
  include Aws::Structure
374
345
  end
375
346
 
376
- # @note When making an API call, you may pass CreateFirewallPolicyRequest
377
- # data as a hash:
378
- #
379
- # {
380
- # firewall_policy_name: "ResourceName", # required
381
- # firewall_policy: { # required
382
- # stateless_rule_group_references: [
383
- # {
384
- # resource_arn: "ResourceArn", # required
385
- # priority: 1, # required
386
- # },
387
- # ],
388
- # stateless_default_actions: ["CollectionMember_String"], # required
389
- # stateless_fragment_default_actions: ["CollectionMember_String"], # required
390
- # stateless_custom_actions: [
391
- # {
392
- # action_name: "ActionName", # required
393
- # action_definition: { # required
394
- # publish_metric_action: {
395
- # dimensions: [ # required
396
- # {
397
- # value: "DimensionValue", # required
398
- # },
399
- # ],
400
- # },
401
- # },
402
- # },
403
- # ],
404
- # stateful_rule_group_references: [
405
- # {
406
- # resource_arn: "ResourceArn", # required
407
- # priority: 1,
408
- # override: {
409
- # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
410
- # },
411
- # },
412
- # ],
413
- # stateful_default_actions: ["CollectionMember_String"],
414
- # stateful_engine_options: {
415
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
416
- # stream_exception_policy: "DROP", # accepts DROP, CONTINUE
417
- # },
418
- # },
419
- # description: "Description",
420
- # tags: [
421
- # {
422
- # key: "TagKey", # required
423
- # value: "TagValue", # required
424
- # },
425
- # ],
426
- # dry_run: false,
427
- # encryption_configuration: {
428
- # key_id: "KeyId",
429
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
430
- # },
431
- # }
432
- #
433
347
  # @!attribute [rw] firewall_policy_name
434
348
  # The descriptive name of the firewall policy. You can't change the
435
349
  # name of a firewall policy after you create it.
@@ -510,34 +424,6 @@ module Aws::NetworkFirewall
510
424
  include Aws::Structure
511
425
  end
512
426
 
513
- # @note When making an API call, you may pass CreateFirewallRequest
514
- # data as a hash:
515
- #
516
- # {
517
- # firewall_name: "ResourceName", # required
518
- # firewall_policy_arn: "ResourceArn", # required
519
- # vpc_id: "VpcId", # required
520
- # subnet_mappings: [ # required
521
- # {
522
- # subnet_id: "CollectionMember_String", # required
523
- # },
524
- # ],
525
- # delete_protection: false,
526
- # subnet_change_protection: false,
527
- # firewall_policy_change_protection: false,
528
- # description: "Description",
529
- # tags: [
530
- # {
531
- # key: "TagKey", # required
532
- # value: "TagValue", # required
533
- # },
534
- # ],
535
- # encryption_configuration: {
536
- # key_id: "KeyId",
537
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
538
- # },
539
- # }
540
- #
541
427
  # @!attribute [rw] firewall_name
542
428
  # The descriptive name of the firewall. You can't change the name of
543
429
  # a firewall after you create it.
@@ -636,138 +522,6 @@ module Aws::NetworkFirewall
636
522
  include Aws::Structure
637
523
  end
638
524
 
639
- # @note When making an API call, you may pass CreateRuleGroupRequest
640
- # data as a hash:
641
- #
642
- # {
643
- # rule_group_name: "ResourceName", # required
644
- # rule_group: {
645
- # rule_variables: {
646
- # ip_sets: {
647
- # "RuleVariableName" => {
648
- # definition: ["VariableDefinition"], # required
649
- # },
650
- # },
651
- # port_sets: {
652
- # "RuleVariableName" => {
653
- # definition: ["VariableDefinition"],
654
- # },
655
- # },
656
- # },
657
- # reference_sets: {
658
- # ip_set_references: {
659
- # "IPSetReferenceName" => {
660
- # reference_arn: "ResourceArn",
661
- # },
662
- # },
663
- # },
664
- # rules_source: { # required
665
- # rules_string: "RulesString",
666
- # rules_source_list: {
667
- # targets: ["CollectionMember_String"], # required
668
- # target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
669
- # generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
670
- # },
671
- # stateful_rules: [
672
- # {
673
- # action: "PASS", # required, accepts PASS, DROP, ALERT
674
- # header: { # required
675
- # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
676
- # source: "Source", # required
677
- # source_port: "Port", # required
678
- # direction: "FORWARD", # required, accepts FORWARD, ANY
679
- # destination: "Destination", # required
680
- # destination_port: "Port", # required
681
- # },
682
- # rule_options: [ # required
683
- # {
684
- # keyword: "Keyword", # required
685
- # settings: ["Setting"],
686
- # },
687
- # ],
688
- # },
689
- # ],
690
- # stateless_rules_and_custom_actions: {
691
- # stateless_rules: [ # required
692
- # {
693
- # rule_definition: { # required
694
- # match_attributes: { # required
695
- # sources: [
696
- # {
697
- # address_definition: "AddressDefinition", # required
698
- # },
699
- # ],
700
- # destinations: [
701
- # {
702
- # address_definition: "AddressDefinition", # required
703
- # },
704
- # ],
705
- # source_ports: [
706
- # {
707
- # from_port: 1, # required
708
- # to_port: 1, # required
709
- # },
710
- # ],
711
- # destination_ports: [
712
- # {
713
- # from_port: 1, # required
714
- # to_port: 1, # required
715
- # },
716
- # ],
717
- # protocols: [1],
718
- # tcp_flags: [
719
- # {
720
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
721
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
722
- # },
723
- # ],
724
- # },
725
- # actions: ["CollectionMember_String"], # required
726
- # },
727
- # priority: 1, # required
728
- # },
729
- # ],
730
- # custom_actions: [
731
- # {
732
- # action_name: "ActionName", # required
733
- # action_definition: { # required
734
- # publish_metric_action: {
735
- # dimensions: [ # required
736
- # {
737
- # value: "DimensionValue", # required
738
- # },
739
- # ],
740
- # },
741
- # },
742
- # },
743
- # ],
744
- # },
745
- # },
746
- # stateful_rule_options: {
747
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
748
- # },
749
- # },
750
- # rules: "RulesString",
751
- # type: "STATELESS", # required, accepts STATELESS, STATEFUL
752
- # description: "Description",
753
- # capacity: 1, # required
754
- # tags: [
755
- # {
756
- # key: "TagKey", # required
757
- # value: "TagValue", # required
758
- # },
759
- # ],
760
- # dry_run: false,
761
- # encryption_configuration: {
762
- # key_id: "KeyId",
763
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
764
- # },
765
- # source_metadata: {
766
- # source_arn: "ResourceArn",
767
- # source_update_token: "UpdateToken",
768
- # },
769
- # }
770
- #
771
525
  # @!attribute [rw] rule_group_name
772
526
  # The descriptive name of the rule group. You can't change the name
773
527
  # of a rule group after you create it.
@@ -957,22 +711,6 @@ module Aws::NetworkFirewall
957
711
  # actions settings to specify what to do with packets that don't
958
712
  # match any of the policy's stateless rules.
959
713
  #
960
- # @note When making an API call, you may pass CustomAction
961
- # data as a hash:
962
- #
963
- # {
964
- # action_name: "ActionName", # required
965
- # action_definition: { # required
966
- # publish_metric_action: {
967
- # dimensions: [ # required
968
- # {
969
- # value: "DimensionValue", # required
970
- # },
971
- # ],
972
- # },
973
- # },
974
- # }
975
- #
976
714
  # @!attribute [rw] action_name
977
715
  # The descriptive name of the custom action. You can't change the
978
716
  # name of a custom action after you create it.
@@ -991,14 +729,6 @@ module Aws::NetworkFirewall
991
729
  include Aws::Structure
992
730
  end
993
731
 
994
- # @note When making an API call, you may pass DeleteFirewallPolicyRequest
995
- # data as a hash:
996
- #
997
- # {
998
- # firewall_policy_name: "ResourceName",
999
- # firewall_policy_arn: "ResourceArn",
1000
- # }
1001
- #
1002
732
  # @!attribute [rw] firewall_policy_name
1003
733
  # The descriptive name of the firewall policy. You can't change the
1004
734
  # name of a firewall policy after you create it.
@@ -1034,14 +764,6 @@ module Aws::NetworkFirewall
1034
764
  include Aws::Structure
1035
765
  end
1036
766
 
1037
- # @note When making an API call, you may pass DeleteFirewallRequest
1038
- # data as a hash:
1039
- #
1040
- # {
1041
- # firewall_name: "ResourceName",
1042
- # firewall_arn: "ResourceArn",
1043
- # }
1044
- #
1045
767
  # @!attribute [rw] firewall_name
1046
768
  # The descriptive name of the firewall. You can't change the name of
1047
769
  # a firewall after you create it.
@@ -1091,13 +813,6 @@ module Aws::NetworkFirewall
1091
813
  include Aws::Structure
1092
814
  end
1093
815
 
1094
- # @note When making an API call, you may pass DeleteResourcePolicyRequest
1095
- # data as a hash:
1096
- #
1097
- # {
1098
- # resource_arn: "ResourceArn", # required
1099
- # }
1100
- #
1101
816
  # @!attribute [rw] resource_arn
1102
817
  # The Amazon Resource Name (ARN) of the rule group or firewall policy
1103
818
  # whose resource policy you want to delete.
@@ -1115,15 +830,6 @@ module Aws::NetworkFirewall
1115
830
  #
1116
831
  class DeleteResourcePolicyResponse < Aws::EmptyStructure; end
1117
832
 
1118
- # @note When making an API call, you may pass DeleteRuleGroupRequest
1119
- # data as a hash:
1120
- #
1121
- # {
1122
- # rule_group_name: "ResourceName",
1123
- # rule_group_arn: "ResourceArn",
1124
- # type: "STATELESS", # accepts STATELESS, STATEFUL
1125
- # }
1126
- #
1127
833
  # @!attribute [rw] rule_group_name
1128
834
  # The descriptive name of the rule group. You can't change the name
1129
835
  # of a rule group after you create it.
@@ -1172,14 +878,6 @@ module Aws::NetworkFirewall
1172
878
  include Aws::Structure
1173
879
  end
1174
880
 
1175
- # @note When making an API call, you may pass DescribeFirewallPolicyRequest
1176
- # data as a hash:
1177
- #
1178
- # {
1179
- # firewall_policy_name: "ResourceName",
1180
- # firewall_policy_arn: "ResourceArn",
1181
- # }
1182
- #
1183
881
  # @!attribute [rw] firewall_policy_name
1184
882
  # The descriptive name of the firewall policy. You can't change the
1185
883
  # name of a firewall policy after you create it.
@@ -1236,14 +934,6 @@ module Aws::NetworkFirewall
1236
934
  include Aws::Structure
1237
935
  end
1238
936
 
1239
- # @note When making an API call, you may pass DescribeFirewallRequest
1240
- # data as a hash:
1241
- #
1242
- # {
1243
- # firewall_name: "ResourceName",
1244
- # firewall_arn: "ResourceArn",
1245
- # }
1246
- #
1247
937
  # @!attribute [rw] firewall_name
1248
938
  # The descriptive name of the firewall. You can't change the name of
1249
939
  # a firewall after you create it.
@@ -1308,14 +998,6 @@ module Aws::NetworkFirewall
1308
998
  include Aws::Structure
1309
999
  end
1310
1000
 
1311
- # @note When making an API call, you may pass DescribeLoggingConfigurationRequest
1312
- # data as a hash:
1313
- #
1314
- # {
1315
- # firewall_arn: "ResourceArn",
1316
- # firewall_name: "ResourceName",
1317
- # }
1318
- #
1319
1001
  # @!attribute [rw] firewall_arn
1320
1002
  # The Amazon Resource Name (ARN) of the firewall.
1321
1003
  #
@@ -1355,13 +1037,6 @@ module Aws::NetworkFirewall
1355
1037
  include Aws::Structure
1356
1038
  end
1357
1039
 
1358
- # @note When making an API call, you may pass DescribeResourcePolicyRequest
1359
- # data as a hash:
1360
- #
1361
- # {
1362
- # resource_arn: "ResourceArn", # required
1363
- # }
1364
- #
1365
1040
  # @!attribute [rw] resource_arn
1366
1041
  # The Amazon Resource Name (ARN) of the rule group or firewall policy
1367
1042
  # whose resource policy you want to retrieve.
@@ -1387,15 +1062,6 @@ module Aws::NetworkFirewall
1387
1062
  include Aws::Structure
1388
1063
  end
1389
1064
 
1390
- # @note When making an API call, you may pass DescribeRuleGroupMetadataRequest
1391
- # data as a hash:
1392
- #
1393
- # {
1394
- # rule_group_name: "ResourceName",
1395
- # rule_group_arn: "ResourceArn",
1396
- # type: "STATELESS", # accepts STATELESS, STATEFUL
1397
- # }
1398
- #
1399
1065
  # @!attribute [rw] rule_group_name
1400
1066
  # The descriptive name of the rule group. You can't change the name
1401
1067
  # of a rule group after you create it.
@@ -1495,15 +1161,6 @@ module Aws::NetworkFirewall
1495
1161
  include Aws::Structure
1496
1162
  end
1497
1163
 
1498
- # @note When making an API call, you may pass DescribeRuleGroupRequest
1499
- # data as a hash:
1500
- #
1501
- # {
1502
- # rule_group_name: "ResourceName",
1503
- # rule_group_arn: "ResourceArn",
1504
- # type: "STATELESS", # accepts STATELESS, STATEFUL
1505
- # }
1506
- #
1507
1164
  # @!attribute [rw] rule_group_name
1508
1165
  # The descriptive name of the rule group. You can't change the name
1509
1166
  # of a rule group after you create it.
@@ -1601,13 +1258,6 @@ module Aws::NetworkFirewall
1601
1258
  # [1]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html#usingDimensions
1602
1259
  # [2]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html
1603
1260
  #
1604
- # @note When making an API call, you may pass Dimension
1605
- # data as a hash:
1606
- #
1607
- # {
1608
- # value: "DimensionValue", # required
1609
- # }
1610
- #
1611
1261
  # @!attribute [rw] value
1612
1262
  # The value to use in the custom metric dimension.
1613
1263
  # @return [String]
@@ -1620,16 +1270,6 @@ module Aws::NetworkFirewall
1620
1270
  include Aws::Structure
1621
1271
  end
1622
1272
 
1623
- # @note When making an API call, you may pass DisassociateSubnetsRequest
1624
- # data as a hash:
1625
- #
1626
- # {
1627
- # update_token: "UpdateToken",
1628
- # firewall_arn: "ResourceArn",
1629
- # firewall_name: "ResourceName",
1630
- # subnet_ids: ["AzSubnet"], # required
1631
- # }
1632
- #
1633
1273
  # @!attribute [rw] update_token
1634
1274
  # An optional token that you can use for optimistic locking. Network
1635
1275
  # Firewall returns a token to your requests that access the firewall.
@@ -1737,14 +1377,6 @@ module Aws::NetworkFirewall
1737
1377
  #
1738
1378
  # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
1739
1379
  #
1740
- # @note When making an API call, you may pass EncryptionConfiguration
1741
- # data as a hash:
1742
- #
1743
- # {
1744
- # key_id: "KeyId",
1745
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
1746
- # }
1747
- #
1748
1380
  # @!attribute [rw] key_id
1749
1381
  # The ID of the Amazon Web Services Key Management Service (KMS)
1750
1382
  # customer managed key. You can use any of the key identifiers that
@@ -1896,48 +1528,6 @@ module Aws::NetworkFirewall
1896
1528
  # retrieve all objects for a firewall policy by calling
1897
1529
  # DescribeFirewallPolicy.
1898
1530
  #
1899
- # @note When making an API call, you may pass FirewallPolicy
1900
- # data as a hash:
1901
- #
1902
- # {
1903
- # stateless_rule_group_references: [
1904
- # {
1905
- # resource_arn: "ResourceArn", # required
1906
- # priority: 1, # required
1907
- # },
1908
- # ],
1909
- # stateless_default_actions: ["CollectionMember_String"], # required
1910
- # stateless_fragment_default_actions: ["CollectionMember_String"], # required
1911
- # stateless_custom_actions: [
1912
- # {
1913
- # action_name: "ActionName", # required
1914
- # action_definition: { # required
1915
- # publish_metric_action: {
1916
- # dimensions: [ # required
1917
- # {
1918
- # value: "DimensionValue", # required
1919
- # },
1920
- # ],
1921
- # },
1922
- # },
1923
- # },
1924
- # ],
1925
- # stateful_rule_group_references: [
1926
- # {
1927
- # resource_arn: "ResourceArn", # required
1928
- # priority: 1,
1929
- # override: {
1930
- # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
1931
- # },
1932
- # },
1933
- # ],
1934
- # stateful_default_actions: ["CollectionMember_String"],
1935
- # stateful_engine_options: {
1936
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
1937
- # stream_exception_policy: "DROP", # accepts DROP, CONTINUE
1938
- # },
1939
- # }
1940
- #
1941
1531
  # @!attribute [rw] stateless_rule_group_references
1942
1532
  # References to the stateless rule groups that are used in the policy.
1943
1533
  # These define the matching criteria in stateless rules.
@@ -2195,18 +1785,6 @@ module Aws::NetworkFirewall
2195
1785
  # headers in stateful traffic flow inspection. Traffic flows that match
2196
1786
  # the criteria are a match for the corresponding StatefulRule.
2197
1787
  #
2198
- # @note When making an API call, you may pass Header
2199
- # data as a hash:
2200
- #
2201
- # {
2202
- # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
2203
- # source: "Source", # required
2204
- # source_port: "Port", # required
2205
- # direction: "FORWARD", # required, accepts FORWARD, ANY
2206
- # destination: "Destination", # required
2207
- # destination_port: "Port", # required
2208
- # }
2209
- #
2210
1788
  # @!attribute [rw] protocol
2211
1789
  # The protocol to inspect for. To specify all, you can use `IP`,
2212
1790
  # because all traffic on Amazon Web Services and on the internet is
@@ -2297,13 +1875,6 @@ module Aws::NetworkFirewall
2297
1875
  # A list of IP addresses and address ranges, in CIDR notation. This is
2298
1876
  # part of a RuleVariables.
2299
1877
  #
2300
- # @note When making an API call, you may pass IPSet
2301
- # data as a hash:
2302
- #
2303
- # {
2304
- # definition: ["VariableDefinition"], # required
2305
- # }
2306
- #
2307
1878
  # @!attribute [rw] definition
2308
1879
  # The list of IP addresses and address ranges, in CIDR notation.
2309
1880
  # @return [Array<String>]
@@ -2353,13 +1924,6 @@ module Aws::NetworkFirewall
2353
1924
  # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references
2354
1925
  # [2]: https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html
2355
1926
  #
2356
- # @note When making an API call, you may pass IPSetReference
2357
- # data as a hash:
2358
- #
2359
- # {
2360
- # reference_arn: "ResourceArn",
2361
- # }
2362
- #
2363
1927
  # @!attribute [rw] reference_arn
2364
1928
  # The Amazon Resource Name (ARN) of the resource that you are
2365
1929
  # referencing in your rule group.
@@ -2477,14 +2041,6 @@ module Aws::NetworkFirewall
2477
2041
  include Aws::Structure
2478
2042
  end
2479
2043
 
2480
- # @note When making an API call, you may pass ListFirewallPoliciesRequest
2481
- # data as a hash:
2482
- #
2483
- # {
2484
- # next_token: "PaginationToken",
2485
- # max_results: 1,
2486
- # }
2487
- #
2488
2044
  # @!attribute [rw] next_token
2489
2045
  # When you request a list of objects with a `MaxResults` setting, if
2490
2046
  # the number of objects that are still available for retrieval exceeds
@@ -2532,15 +2088,6 @@ module Aws::NetworkFirewall
2532
2088
  include Aws::Structure
2533
2089
  end
2534
2090
 
2535
- # @note When making an API call, you may pass ListFirewallsRequest
2536
- # data as a hash:
2537
- #
2538
- # {
2539
- # next_token: "PaginationToken",
2540
- # vpc_ids: ["VpcId"],
2541
- # max_results: 1,
2542
- # }
2543
- #
2544
2091
  # @!attribute [rw] next_token
2545
2092
  # When you request a list of objects with a `MaxResults` setting, if
2546
2093
  # the number of objects that are still available for retrieval exceeds
@@ -2595,17 +2142,6 @@ module Aws::NetworkFirewall
2595
2142
  include Aws::Structure
2596
2143
  end
2597
2144
 
2598
- # @note When making an API call, you may pass ListRuleGroupsRequest
2599
- # data as a hash:
2600
- #
2601
- # {
2602
- # next_token: "PaginationToken",
2603
- # max_results: 1,
2604
- # scope: "MANAGED", # accepts MANAGED, ACCOUNT
2605
- # managed_type: "AWS_MANAGED_THREAT_SIGNATURES", # accepts AWS_MANAGED_THREAT_SIGNATURES, AWS_MANAGED_DOMAIN_LISTS
2606
- # type: "STATELESS", # accepts STATELESS, STATEFUL
2607
- # }
2608
- #
2609
2145
  # @!attribute [rw] next_token
2610
2146
  # When you request a list of objects with a `MaxResults` setting, if
2611
2147
  # the number of objects that are still available for retrieval exceeds
@@ -2673,15 +2209,6 @@ module Aws::NetworkFirewall
2673
2209
  include Aws::Structure
2674
2210
  end
2675
2211
 
2676
- # @note When making an API call, you may pass ListTagsForResourceRequest
2677
- # data as a hash:
2678
- #
2679
- # {
2680
- # next_token: "PaginationToken",
2681
- # max_results: 1,
2682
- # resource_arn: "ResourceArn", # required
2683
- # }
2684
- #
2685
2212
  # @!attribute [rw] next_token
2686
2213
  # When you request a list of objects with a `MaxResults` setting, if
2687
2214
  # the number of objects that are still available for retrieval exceeds
@@ -2743,17 +2270,6 @@ module Aws::NetworkFirewall
2743
2270
  # traffic that matches stateful rules that have the rule action set to
2744
2271
  # `DROP` or `ALERT`.
2745
2272
  #
2746
- # @note When making an API call, you may pass LogDestinationConfig
2747
- # data as a hash:
2748
- #
2749
- # {
2750
- # log_type: "ALERT", # required, accepts ALERT, FLOW
2751
- # log_destination_type: "S3", # required, accepts S3, CloudWatchLogs, KinesisDataFirehose
2752
- # log_destination: { # required
2753
- # "HashMapKey" => "HashMapValue",
2754
- # },
2755
- # }
2756
- #
2757
2273
  # @!attribute [rw] log_type
2758
2274
  # The type of log to send. Alert logs report traffic that matches a
2759
2275
  # StatefulRule with an action setting that sends an alert log message.
@@ -2818,21 +2334,6 @@ module Aws::NetworkFirewall
2818
2334
 
2819
2335
  # Defines how Network Firewall performs logging for a Firewall.
2820
2336
  #
2821
- # @note When making an API call, you may pass LoggingConfiguration
2822
- # data as a hash:
2823
- #
2824
- # {
2825
- # log_destination_configs: [ # required
2826
- # {
2827
- # log_type: "ALERT", # required, accepts ALERT, FLOW
2828
- # log_destination_type: "S3", # required, accepts S3, CloudWatchLogs, KinesisDataFirehose
2829
- # log_destination: { # required
2830
- # "HashMapKey" => "HashMapValue",
2831
- # },
2832
- # },
2833
- # ],
2834
- # }
2835
- #
2836
2337
  # @!attribute [rw] log_destination_configs
2837
2338
  # Defines the logging destinations for the logs for a firewall.
2838
2339
  # Network Firewall generates logs for stateful rule groups.
@@ -2851,41 +2352,6 @@ module Aws::NetworkFirewall
2851
2352
  # one or more items such as IP address, CIDR range, port number,
2852
2353
  # protocol, and TCP flags.
2853
2354
  #
2854
- # @note When making an API call, you may pass MatchAttributes
2855
- # data as a hash:
2856
- #
2857
- # {
2858
- # sources: [
2859
- # {
2860
- # address_definition: "AddressDefinition", # required
2861
- # },
2862
- # ],
2863
- # destinations: [
2864
- # {
2865
- # address_definition: "AddressDefinition", # required
2866
- # },
2867
- # ],
2868
- # source_ports: [
2869
- # {
2870
- # from_port: 1, # required
2871
- # to_port: 1, # required
2872
- # },
2873
- # ],
2874
- # destination_ports: [
2875
- # {
2876
- # from_port: 1, # required
2877
- # to_port: 1, # required
2878
- # },
2879
- # ],
2880
- # protocols: [1],
2881
- # tcp_flags: [
2882
- # {
2883
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
2884
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
2885
- # },
2886
- # ],
2887
- # }
2888
- #
2889
2355
  # @!attribute [rw] sources
2890
2356
  # The source IP addresses and address ranges to inspect for, in CIDR
2891
2357
  # notation. If not specified, this matches with any source address.
@@ -2971,14 +2437,6 @@ module Aws::NetworkFirewall
2971
2437
  # destination port ranges in the stateless rule MatchAttributes,
2972
2438
  # `SourcePorts`, and `DestinationPorts` settings.
2973
2439
  #
2974
- # @note When making an API call, you may pass PortRange
2975
- # data as a hash:
2976
- #
2977
- # {
2978
- # from_port: 1, # required
2979
- # to_port: 1, # required
2980
- # }
2981
- #
2982
2440
  # @!attribute [rw] from_port
2983
2441
  # The lower limit of the port range. This must be less than or equal
2984
2442
  # to the `ToPort` specification.
@@ -3000,13 +2458,6 @@ module Aws::NetworkFirewall
3000
2458
 
3001
2459
  # A set of port ranges for use in the rules in a rule group.
3002
2460
  #
3003
- # @note When making an API call, you may pass PortSet
3004
- # data as a hash:
3005
- #
3006
- # {
3007
- # definition: ["VariableDefinition"],
3008
- # }
3009
- #
3010
2461
  # @!attribute [rw] definition
3011
2462
  # The set of port ranges.
3012
2463
  # @return [Array<String>]
@@ -3023,17 +2474,6 @@ module Aws::NetworkFirewall
3023
2474
  # Amazon CloudWatch for the matching packet. This setting defines a
3024
2475
  # CloudWatch dimension value to be published.
3025
2476
  #
3026
- # @note When making an API call, you may pass PublishMetricAction
3027
- # data as a hash:
3028
- #
3029
- # {
3030
- # dimensions: [ # required
3031
- # {
3032
- # value: "DimensionValue", # required
3033
- # },
3034
- # ],
3035
- # }
3036
- #
3037
2477
  # @!attribute [rw] dimensions
3038
2478
  # @return [Array<Types::Dimension>]
3039
2479
  #
@@ -3045,14 +2485,6 @@ module Aws::NetworkFirewall
3045
2485
  include Aws::Structure
3046
2486
  end
3047
2487
 
3048
- # @note When making an API call, you may pass PutResourcePolicyRequest
3049
- # data as a hash:
3050
- #
3051
- # {
3052
- # resource_arn: "ResourceArn", # required
3053
- # policy: "PolicyString", # required
3054
- # }
3055
- #
3056
2488
  # @!attribute [rw] resource_arn
3057
2489
  # The Amazon Resource Name (ARN) of the account that you want to share
3058
2490
  # rule groups and firewall policies with.
@@ -3103,17 +2535,6 @@ module Aws::NetworkFirewall
3103
2535
 
3104
2536
  # Contains a set of IP set references.
3105
2537
  #
3106
- # @note When making an API call, you may pass ReferenceSets
3107
- # data as a hash:
3108
- #
3109
- # {
3110
- # ip_set_references: {
3111
- # "IPSetReferenceName" => {
3112
- # reference_arn: "ResourceArn",
3113
- # },
3114
- # },
3115
- # }
3116
- #
3117
2538
  # @!attribute [rw] ip_set_references
3118
2539
  # The list of IP set references.
3119
2540
  # @return [Hash<String,Types::IPSetReference>]
@@ -3157,44 +2578,6 @@ module Aws::NetworkFirewall
3157
2578
  # criteria. When a packet matches the criteria, Network Firewall
3158
2579
  # performs the rule's actions on the packet.
3159
2580
  #
3160
- # @note When making an API call, you may pass RuleDefinition
3161
- # data as a hash:
3162
- #
3163
- # {
3164
- # match_attributes: { # required
3165
- # sources: [
3166
- # {
3167
- # address_definition: "AddressDefinition", # required
3168
- # },
3169
- # ],
3170
- # destinations: [
3171
- # {
3172
- # address_definition: "AddressDefinition", # required
3173
- # },
3174
- # ],
3175
- # source_ports: [
3176
- # {
3177
- # from_port: 1, # required
3178
- # to_port: 1, # required
3179
- # },
3180
- # ],
3181
- # destination_ports: [
3182
- # {
3183
- # from_port: 1, # required
3184
- # to_port: 1, # required
3185
- # },
3186
- # ],
3187
- # protocols: [1],
3188
- # tcp_flags: [
3189
- # {
3190
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
3191
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
3192
- # },
3193
- # ],
3194
- # },
3195
- # actions: ["CollectionMember_String"], # required
3196
- # }
3197
- #
3198
2581
  # @!attribute [rw] match_attributes
3199
2582
  # Criteria for Network Firewall to use to inspect an individual packet
3200
2583
  # in stateless rule inspection. Each match attributes set can include
@@ -3263,116 +2646,6 @@ module Aws::NetworkFirewall
3263
2646
  # can reference a rule group from more than one firewall policy, and you
3264
2647
  # can use a firewall policy in more than one firewall.
3265
2648
  #
3266
- # @note When making an API call, you may pass RuleGroup
3267
- # data as a hash:
3268
- #
3269
- # {
3270
- # rule_variables: {
3271
- # ip_sets: {
3272
- # "RuleVariableName" => {
3273
- # definition: ["VariableDefinition"], # required
3274
- # },
3275
- # },
3276
- # port_sets: {
3277
- # "RuleVariableName" => {
3278
- # definition: ["VariableDefinition"],
3279
- # },
3280
- # },
3281
- # },
3282
- # reference_sets: {
3283
- # ip_set_references: {
3284
- # "IPSetReferenceName" => {
3285
- # reference_arn: "ResourceArn",
3286
- # },
3287
- # },
3288
- # },
3289
- # rules_source: { # required
3290
- # rules_string: "RulesString",
3291
- # rules_source_list: {
3292
- # targets: ["CollectionMember_String"], # required
3293
- # target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
3294
- # generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
3295
- # },
3296
- # stateful_rules: [
3297
- # {
3298
- # action: "PASS", # required, accepts PASS, DROP, ALERT
3299
- # header: { # required
3300
- # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
3301
- # source: "Source", # required
3302
- # source_port: "Port", # required
3303
- # direction: "FORWARD", # required, accepts FORWARD, ANY
3304
- # destination: "Destination", # required
3305
- # destination_port: "Port", # required
3306
- # },
3307
- # rule_options: [ # required
3308
- # {
3309
- # keyword: "Keyword", # required
3310
- # settings: ["Setting"],
3311
- # },
3312
- # ],
3313
- # },
3314
- # ],
3315
- # stateless_rules_and_custom_actions: {
3316
- # stateless_rules: [ # required
3317
- # {
3318
- # rule_definition: { # required
3319
- # match_attributes: { # required
3320
- # sources: [
3321
- # {
3322
- # address_definition: "AddressDefinition", # required
3323
- # },
3324
- # ],
3325
- # destinations: [
3326
- # {
3327
- # address_definition: "AddressDefinition", # required
3328
- # },
3329
- # ],
3330
- # source_ports: [
3331
- # {
3332
- # from_port: 1, # required
3333
- # to_port: 1, # required
3334
- # },
3335
- # ],
3336
- # destination_ports: [
3337
- # {
3338
- # from_port: 1, # required
3339
- # to_port: 1, # required
3340
- # },
3341
- # ],
3342
- # protocols: [1],
3343
- # tcp_flags: [
3344
- # {
3345
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
3346
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
3347
- # },
3348
- # ],
3349
- # },
3350
- # actions: ["CollectionMember_String"], # required
3351
- # },
3352
- # priority: 1, # required
3353
- # },
3354
- # ],
3355
- # custom_actions: [
3356
- # {
3357
- # action_name: "ActionName", # required
3358
- # action_definition: { # required
3359
- # publish_metric_action: {
3360
- # dimensions: [ # required
3361
- # {
3362
- # value: "DimensionValue", # required
3363
- # },
3364
- # ],
3365
- # },
3366
- # },
3367
- # },
3368
- # ],
3369
- # },
3370
- # },
3371
- # stateful_rule_options: {
3372
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
3373
- # },
3374
- # }
3375
- #
3376
2649
  # @!attribute [rw] rule_variables
3377
2650
  # Settings that are available for use in the rules in the rule group.
3378
2651
  # You can only use these for stateful rule groups.
@@ -3540,14 +2813,6 @@ module Aws::NetworkFirewall
3540
2813
  # Additional settings for a stateful rule. This is part of the
3541
2814
  # StatefulRule configuration.
3542
2815
  #
3543
- # @note When making an API call, you may pass RuleOption
3544
- # data as a hash:
3545
- #
3546
- # {
3547
- # keyword: "Keyword", # required
3548
- # settings: ["Setting"],
3549
- # }
3550
- #
3551
2816
  # @!attribute [rw] keyword
3552
2817
  # @return [String]
3553
2818
  #
@@ -3566,22 +2831,6 @@ module Aws::NetworkFirewall
3566
2831
  # Settings that are available for use in the rules in the RuleGroup
3567
2832
  # where this is defined.
3568
2833
  #
3569
- # @note When making an API call, you may pass RuleVariables
3570
- # data as a hash:
3571
- #
3572
- # {
3573
- # ip_sets: {
3574
- # "RuleVariableName" => {
3575
- # definition: ["VariableDefinition"], # required
3576
- # },
3577
- # },
3578
- # port_sets: {
3579
- # "RuleVariableName" => {
3580
- # definition: ["VariableDefinition"],
3581
- # },
3582
- # },
3583
- # }
3584
- #
3585
2834
  # @!attribute [rw] ip_sets
3586
2835
  # A list of IP addresses and address ranges, in CIDR notation.
3587
2836
  # @return [Hash<String,Types::IPSet>]
@@ -3603,92 +2852,6 @@ module Aws::NetworkFirewall
3603
2852
  # group. Each rule group requires a single `RulesSource`. You can use an
3604
2853
  # instance of this for either stateless rules or stateful rules.
3605
2854
  #
3606
- # @note When making an API call, you may pass RulesSource
3607
- # data as a hash:
3608
- #
3609
- # {
3610
- # rules_string: "RulesString",
3611
- # rules_source_list: {
3612
- # targets: ["CollectionMember_String"], # required
3613
- # target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
3614
- # generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
3615
- # },
3616
- # stateful_rules: [
3617
- # {
3618
- # action: "PASS", # required, accepts PASS, DROP, ALERT
3619
- # header: { # required
3620
- # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
3621
- # source: "Source", # required
3622
- # source_port: "Port", # required
3623
- # direction: "FORWARD", # required, accepts FORWARD, ANY
3624
- # destination: "Destination", # required
3625
- # destination_port: "Port", # required
3626
- # },
3627
- # rule_options: [ # required
3628
- # {
3629
- # keyword: "Keyword", # required
3630
- # settings: ["Setting"],
3631
- # },
3632
- # ],
3633
- # },
3634
- # ],
3635
- # stateless_rules_and_custom_actions: {
3636
- # stateless_rules: [ # required
3637
- # {
3638
- # rule_definition: { # required
3639
- # match_attributes: { # required
3640
- # sources: [
3641
- # {
3642
- # address_definition: "AddressDefinition", # required
3643
- # },
3644
- # ],
3645
- # destinations: [
3646
- # {
3647
- # address_definition: "AddressDefinition", # required
3648
- # },
3649
- # ],
3650
- # source_ports: [
3651
- # {
3652
- # from_port: 1, # required
3653
- # to_port: 1, # required
3654
- # },
3655
- # ],
3656
- # destination_ports: [
3657
- # {
3658
- # from_port: 1, # required
3659
- # to_port: 1, # required
3660
- # },
3661
- # ],
3662
- # protocols: [1],
3663
- # tcp_flags: [
3664
- # {
3665
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
3666
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
3667
- # },
3668
- # ],
3669
- # },
3670
- # actions: ["CollectionMember_String"], # required
3671
- # },
3672
- # priority: 1, # required
3673
- # },
3674
- # ],
3675
- # custom_actions: [
3676
- # {
3677
- # action_name: "ActionName", # required
3678
- # action_definition: { # required
3679
- # publish_metric_action: {
3680
- # dimensions: [ # required
3681
- # {
3682
- # value: "DimensionValue", # required
3683
- # },
3684
- # ],
3685
- # },
3686
- # },
3687
- # },
3688
- # ],
3689
- # },
3690
- # }
3691
- #
3692
2855
  # @!attribute [rw] rules_string
3693
2856
  # Stateful inspection criteria, provided in Suricata compatible
3694
2857
  # intrusion prevention system (IPS) rules. Suricata is an open-source
@@ -3748,15 +2911,6 @@ module Aws::NetworkFirewall
3748
2911
  #
3749
2912
  # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-domain-names.html
3750
2913
  #
3751
- # @note When making an API call, you may pass RulesSourceList
3752
- # data as a hash:
3753
- #
3754
- # {
3755
- # targets: ["CollectionMember_String"], # required
3756
- # target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
3757
- # generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
3758
- # }
3759
- #
3760
2914
  # @!attribute [rw] targets
3761
2915
  # The domains that you want to inspect for in your traffic flows.
3762
2916
  # Valid domain specifications are the following:
@@ -3799,14 +2953,6 @@ module Aws::NetworkFirewall
3799
2953
  #
3800
2954
  # [1]: https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html
3801
2955
  #
3802
- # @note When making an API call, you may pass SourceMetadata
3803
- # data as a hash:
3804
- #
3805
- # {
3806
- # source_arn: "ResourceArn",
3807
- # source_update_token: "UpdateToken",
3808
- # }
3809
- #
3810
2956
  # @!attribute [rw] source_arn
3811
2957
  # The Amazon Resource Name (ARN) of the rule group that your own rule
3812
2958
  # group is copied from.
@@ -3834,14 +2980,6 @@ module Aws::NetworkFirewall
3834
2980
  # Configuration settings for the handling of the stateful rule groups in
3835
2981
  # a firewall policy.
3836
2982
  #
3837
- # @note When making an API call, you may pass StatefulEngineOptions
3838
- # data as a hash:
3839
- #
3840
- # {
3841
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
3842
- # stream_exception_policy: "DROP", # accepts DROP, CONTINUE
3843
- # }
3844
- #
3845
2983
  # @!attribute [rw] rule_order
3846
2984
  # Indicates how to manage the order of stateful rule evaluation for
3847
2985
  # the policy. `DEFAULT_ACTION_ORDER` is the default behavior. Stateful
@@ -3894,27 +3032,6 @@ module Aws::NetworkFirewall
3894
3032
  #
3895
3033
  # [1]: https://suricata.readthedocs.io/rules/intro.html#
3896
3034
  #
3897
- # @note When making an API call, you may pass StatefulRule
3898
- # data as a hash:
3899
- #
3900
- # {
3901
- # action: "PASS", # required, accepts PASS, DROP, ALERT
3902
- # header: { # required
3903
- # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
3904
- # source: "Source", # required
3905
- # source_port: "Port", # required
3906
- # direction: "FORWARD", # required, accepts FORWARD, ANY
3907
- # destination: "Destination", # required
3908
- # destination_port: "Port", # required
3909
- # },
3910
- # rule_options: [ # required
3911
- # {
3912
- # keyword: "Keyword", # required
3913
- # settings: ["Setting"],
3914
- # },
3915
- # ],
3916
- # }
3917
- #
3918
3035
  # @!attribute [rw] action
3919
3036
  # Defines what Network Firewall should do with the packets in a
3920
3037
  # traffic flow when the flow matches the stateful rule criteria. For
@@ -3962,13 +3079,6 @@ module Aws::NetworkFirewall
3962
3079
  # The setting that allows the policy owner to change the behavior of the
3963
3080
  # rule group within a policy.
3964
3081
  #
3965
- # @note When making an API call, you may pass StatefulRuleGroupOverride
3966
- # data as a hash:
3967
- #
3968
- # {
3969
- # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
3970
- # }
3971
- #
3972
3082
  # @!attribute [rw] action
3973
3083
  # The action that changes the rule group from `DROP` to `ALERT`. This
3974
3084
  # only applies to managed rule groups.
@@ -3985,17 +3095,6 @@ module Aws::NetworkFirewall
3985
3095
  # Identifier for a single stateful rule group, used in a firewall policy
3986
3096
  # to refer to a rule group.
3987
3097
  #
3988
- # @note When making an API call, you may pass StatefulRuleGroupReference
3989
- # data as a hash:
3990
- #
3991
- # {
3992
- # resource_arn: "ResourceArn", # required
3993
- # priority: 1,
3994
- # override: {
3995
- # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
3996
- # },
3997
- # }
3998
- #
3999
3098
  # @!attribute [rw] resource_arn
4000
3099
  # The Amazon Resource Name (ARN) of the stateful rule group.
4001
3100
  # @return [String]
@@ -4035,13 +3134,6 @@ module Aws::NetworkFirewall
4035
3134
  # Additional options governing how Network Firewall handles the rule
4036
3135
  # group. You can only use these for stateful rule groups.
4037
3136
  #
4038
- # @note When making an API call, you may pass StatefulRuleOptions
4039
- # data as a hash:
4040
- #
4041
- # {
4042
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
4043
- # }
4044
- #
4045
3137
  # @!attribute [rw] rule_order
4046
3138
  # Indicates how to manage the order of the rule evaluation for the
4047
3139
  # rule group. `DEFAULT_ACTION_ORDER` is the default behavior. Stateful
@@ -4066,47 +3158,6 @@ module Aws::NetworkFirewall
4066
3158
  # A single stateless rule. This is used in
4067
3159
  # StatelessRulesAndCustomActions.
4068
3160
  #
4069
- # @note When making an API call, you may pass StatelessRule
4070
- # data as a hash:
4071
- #
4072
- # {
4073
- # rule_definition: { # required
4074
- # match_attributes: { # required
4075
- # sources: [
4076
- # {
4077
- # address_definition: "AddressDefinition", # required
4078
- # },
4079
- # ],
4080
- # destinations: [
4081
- # {
4082
- # address_definition: "AddressDefinition", # required
4083
- # },
4084
- # ],
4085
- # source_ports: [
4086
- # {
4087
- # from_port: 1, # required
4088
- # to_port: 1, # required
4089
- # },
4090
- # ],
4091
- # destination_ports: [
4092
- # {
4093
- # from_port: 1, # required
4094
- # to_port: 1, # required
4095
- # },
4096
- # ],
4097
- # protocols: [1],
4098
- # tcp_flags: [
4099
- # {
4100
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
4101
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
4102
- # },
4103
- # ],
4104
- # },
4105
- # actions: ["CollectionMember_String"], # required
4106
- # },
4107
- # priority: 1, # required
4108
- # }
4109
- #
4110
3161
  # @!attribute [rw] rule_definition
4111
3162
  # Defines the stateless 5-tuple packet inspection criteria and the
4112
3163
  # action to take on a packet that matches the criteria.
@@ -4143,14 +3194,6 @@ module Aws::NetworkFirewall
4143
3194
  # Identifier for a single stateless rule group, used in a firewall
4144
3195
  # policy to refer to the rule group.
4145
3196
  #
4146
- # @note When making an API call, you may pass StatelessRuleGroupReference
4147
- # data as a hash:
4148
- #
4149
- # {
4150
- # resource_arn: "ResourceArn", # required
4151
- # priority: 1, # required
4152
- # }
4153
- #
4154
3197
  # @!attribute [rw] resource_arn
4155
3198
  # The Amazon Resource Name (ARN) of the stateless rule group.
4156
3199
  # @return [String]
@@ -4175,65 +3218,6 @@ module Aws::NetworkFirewall
4175
3218
  # Stateless inspection criteria. Each stateless rule group uses exactly
4176
3219
  # one of these data types to define its stateless rules.
4177
3220
  #
4178
- # @note When making an API call, you may pass StatelessRulesAndCustomActions
4179
- # data as a hash:
4180
- #
4181
- # {
4182
- # stateless_rules: [ # required
4183
- # {
4184
- # rule_definition: { # required
4185
- # match_attributes: { # required
4186
- # sources: [
4187
- # {
4188
- # address_definition: "AddressDefinition", # required
4189
- # },
4190
- # ],
4191
- # destinations: [
4192
- # {
4193
- # address_definition: "AddressDefinition", # required
4194
- # },
4195
- # ],
4196
- # source_ports: [
4197
- # {
4198
- # from_port: 1, # required
4199
- # to_port: 1, # required
4200
- # },
4201
- # ],
4202
- # destination_ports: [
4203
- # {
4204
- # from_port: 1, # required
4205
- # to_port: 1, # required
4206
- # },
4207
- # ],
4208
- # protocols: [1],
4209
- # tcp_flags: [
4210
- # {
4211
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
4212
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
4213
- # },
4214
- # ],
4215
- # },
4216
- # actions: ["CollectionMember_String"], # required
4217
- # },
4218
- # priority: 1, # required
4219
- # },
4220
- # ],
4221
- # custom_actions: [
4222
- # {
4223
- # action_name: "ActionName", # required
4224
- # action_definition: { # required
4225
- # publish_metric_action: {
4226
- # dimensions: [ # required
4227
- # {
4228
- # value: "DimensionValue", # required
4229
- # },
4230
- # ],
4231
- # },
4232
- # },
4233
- # },
4234
- # ],
4235
- # }
4236
- #
4237
3221
  # @!attribute [rw] stateless_rules
4238
3222
  # Defines the set of stateless rules for use in a stateless rule
4239
3223
  # group.
@@ -4261,13 +3245,6 @@ module Aws::NetworkFirewall
4261
3245
  # creates an instance of the associated firewall in each subnet that you
4262
3246
  # specify, to filter traffic in the subnet's Availability Zone.
4263
3247
  #
4264
- # @note When making an API call, you may pass SubnetMapping
4265
- # data as a hash:
4266
- #
4267
- # {
4268
- # subnet_id: "CollectionMember_String", # required
4269
- # }
4270
- #
4271
3248
  # @!attribute [rw] subnet_id
4272
3249
  # The unique identifier for the subnet.
4273
3250
  # @return [String]
@@ -4326,14 +3303,6 @@ module Aws::NetworkFirewall
4326
3303
  # TCP flags and masks to inspect packets for, used in stateless rules
4327
3304
  # MatchAttributes settings.
4328
3305
  #
4329
- # @note When making an API call, you may pass TCPFlagField
4330
- # data as a hash:
4331
- #
4332
- # {
4333
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
4334
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
4335
- # }
4336
- #
4337
3306
  # @!attribute [rw] flags
4338
3307
  # Used in conjunction with the `Masks` setting to define the flags
4339
3308
  # that must be set and flags that must not be set in order for the
@@ -4371,14 +3340,6 @@ module Aws::NetworkFirewall
4371
3340
  # "development," or "production"). You can add up to 50 tags to each
4372
3341
  # Amazon Web Services resource.
4373
3342
  #
4374
- # @note When making an API call, you may pass Tag
4375
- # data as a hash:
4376
- #
4377
- # {
4378
- # key: "TagKey", # required
4379
- # value: "TagValue", # required
4380
- # }
4381
- #
4382
3343
  # @!attribute [rw] key
4383
3344
  # The part of the key:value pair that defines a tag. You can use a tag
4384
3345
  # key to describe a category of information, such as "customer." Tag
@@ -4400,19 +3361,6 @@ module Aws::NetworkFirewall
4400
3361
  include Aws::Structure
4401
3362
  end
4402
3363
 
4403
- # @note When making an API call, you may pass TagResourceRequest
4404
- # data as a hash:
4405
- #
4406
- # {
4407
- # resource_arn: "ResourceArn", # required
4408
- # tags: [ # required
4409
- # {
4410
- # key: "TagKey", # required
4411
- # value: "TagValue", # required
4412
- # },
4413
- # ],
4414
- # }
4415
- #
4416
3364
  # @!attribute [rw] resource_arn
4417
3365
  # The Amazon Resource Name (ARN) of the resource.
4418
3366
  # @return [String]
@@ -4459,14 +3407,6 @@ module Aws::NetworkFirewall
4459
3407
  include Aws::Structure
4460
3408
  end
4461
3409
 
4462
- # @note When making an API call, you may pass UntagResourceRequest
4463
- # data as a hash:
4464
- #
4465
- # {
4466
- # resource_arn: "ResourceArn", # required
4467
- # tag_keys: ["TagKey"], # required
4468
- # }
4469
- #
4470
3410
  # @!attribute [rw] resource_arn
4471
3411
  # The Amazon Resource Name (ARN) of the resource.
4472
3412
  # @return [String]
@@ -4487,16 +3427,6 @@ module Aws::NetworkFirewall
4487
3427
  #
4488
3428
  class UntagResourceResponse < Aws::EmptyStructure; end
4489
3429
 
4490
- # @note When making an API call, you may pass UpdateFirewallDeleteProtectionRequest
4491
- # data as a hash:
4492
- #
4493
- # {
4494
- # update_token: "UpdateToken",
4495
- # firewall_arn: "ResourceArn",
4496
- # firewall_name: "ResourceName",
4497
- # delete_protection: false, # required
4498
- # }
4499
- #
4500
3430
  # @!attribute [rw] update_token
4501
3431
  # An optional token that you can use for optimistic locking. Network
4502
3432
  # Firewall returns a token to your requests that access the firewall.
@@ -4597,16 +3527,6 @@ module Aws::NetworkFirewall
4597
3527
  include Aws::Structure
4598
3528
  end
4599
3529
 
4600
- # @note When making an API call, you may pass UpdateFirewallDescriptionRequest
4601
- # data as a hash:
4602
- #
4603
- # {
4604
- # update_token: "UpdateToken",
4605
- # firewall_arn: "ResourceArn",
4606
- # firewall_name: "ResourceName",
4607
- # description: "Description",
4608
- # }
4609
- #
4610
3530
  # @!attribute [rw] update_token
4611
3531
  # An optional token that you can use for optimistic locking. Network
4612
3532
  # Firewall returns a token to your requests that access the firewall.
@@ -4700,19 +3620,6 @@ module Aws::NetworkFirewall
4700
3620
  include Aws::Structure
4701
3621
  end
4702
3622
 
4703
- # @note When making an API call, you may pass UpdateFirewallEncryptionConfigurationRequest
4704
- # data as a hash:
4705
- #
4706
- # {
4707
- # update_token: "UpdateToken",
4708
- # firewall_arn: "ResourceArn",
4709
- # firewall_name: "ResourceName",
4710
- # encryption_configuration: {
4711
- # key_id: "KeyId",
4712
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
4713
- # },
4714
- # }
4715
- #
4716
3623
  # @!attribute [rw] update_token
4717
3624
  # An optional token that you can use for optimistic locking. Network
4718
3625
  # Firewall returns a token to your requests that access the firewall.
@@ -4825,16 +3732,6 @@ module Aws::NetworkFirewall
4825
3732
  include Aws::Structure
4826
3733
  end
4827
3734
 
4828
- # @note When making an API call, you may pass UpdateFirewallPolicyChangeProtectionRequest
4829
- # data as a hash:
4830
- #
4831
- # {
4832
- # update_token: "UpdateToken",
4833
- # firewall_arn: "ResourceArn",
4834
- # firewall_name: "ResourceName",
4835
- # firewall_policy_change_protection: false, # required
4836
- # }
4837
- #
4838
3735
  # @!attribute [rw] update_token
4839
3736
  # An optional token that you can use for optimistic locking. Network
4840
3737
  # Firewall returns a token to your requests that access the firewall.
@@ -4935,59 +3832,6 @@ module Aws::NetworkFirewall
4935
3832
  include Aws::Structure
4936
3833
  end
4937
3834
 
4938
- # @note When making an API call, you may pass UpdateFirewallPolicyRequest
4939
- # data as a hash:
4940
- #
4941
- # {
4942
- # update_token: "UpdateToken", # required
4943
- # firewall_policy_arn: "ResourceArn",
4944
- # firewall_policy_name: "ResourceName",
4945
- # firewall_policy: { # required
4946
- # stateless_rule_group_references: [
4947
- # {
4948
- # resource_arn: "ResourceArn", # required
4949
- # priority: 1, # required
4950
- # },
4951
- # ],
4952
- # stateless_default_actions: ["CollectionMember_String"], # required
4953
- # stateless_fragment_default_actions: ["CollectionMember_String"], # required
4954
- # stateless_custom_actions: [
4955
- # {
4956
- # action_name: "ActionName", # required
4957
- # action_definition: { # required
4958
- # publish_metric_action: {
4959
- # dimensions: [ # required
4960
- # {
4961
- # value: "DimensionValue", # required
4962
- # },
4963
- # ],
4964
- # },
4965
- # },
4966
- # },
4967
- # ],
4968
- # stateful_rule_group_references: [
4969
- # {
4970
- # resource_arn: "ResourceArn", # required
4971
- # priority: 1,
4972
- # override: {
4973
- # action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
4974
- # },
4975
- # },
4976
- # ],
4977
- # stateful_default_actions: ["CollectionMember_String"],
4978
- # stateful_engine_options: {
4979
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
4980
- # stream_exception_policy: "DROP", # accepts DROP, CONTINUE
4981
- # },
4982
- # },
4983
- # description: "Description",
4984
- # dry_run: false,
4985
- # encryption_configuration: {
4986
- # key_id: "KeyId",
4987
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
4988
- # },
4989
- # }
4990
- #
4991
3835
  # @!attribute [rw] update_token
4992
3836
  # A token used for optimistic locking. Network Firewall returns a
4993
3837
  # token to your requests that access the firewall policy. The token
@@ -5087,25 +3931,6 @@ module Aws::NetworkFirewall
5087
3931
  include Aws::Structure
5088
3932
  end
5089
3933
 
5090
- # @note When making an API call, you may pass UpdateLoggingConfigurationRequest
5091
- # data as a hash:
5092
- #
5093
- # {
5094
- # firewall_arn: "ResourceArn",
5095
- # firewall_name: "ResourceName",
5096
- # logging_configuration: {
5097
- # log_destination_configs: [ # required
5098
- # {
5099
- # log_type: "ALERT", # required, accepts ALERT, FLOW
5100
- # log_destination_type: "S3", # required, accepts S3, CloudWatchLogs, KinesisDataFirehose
5101
- # log_destination: { # required
5102
- # "HashMapKey" => "HashMapValue",
5103
- # },
5104
- # },
5105
- # ],
5106
- # },
5107
- # }
5108
- #
5109
3934
  # @!attribute [rw] firewall_arn
5110
3935
  # The Amazon Resource Name (ARN) of the firewall.
5111
3936
  #
@@ -5158,133 +3983,6 @@ module Aws::NetworkFirewall
5158
3983
  include Aws::Structure
5159
3984
  end
5160
3985
 
5161
- # @note When making an API call, you may pass UpdateRuleGroupRequest
5162
- # data as a hash:
5163
- #
5164
- # {
5165
- # update_token: "UpdateToken", # required
5166
- # rule_group_arn: "ResourceArn",
5167
- # rule_group_name: "ResourceName",
5168
- # rule_group: {
5169
- # rule_variables: {
5170
- # ip_sets: {
5171
- # "RuleVariableName" => {
5172
- # definition: ["VariableDefinition"], # required
5173
- # },
5174
- # },
5175
- # port_sets: {
5176
- # "RuleVariableName" => {
5177
- # definition: ["VariableDefinition"],
5178
- # },
5179
- # },
5180
- # },
5181
- # reference_sets: {
5182
- # ip_set_references: {
5183
- # "IPSetReferenceName" => {
5184
- # reference_arn: "ResourceArn",
5185
- # },
5186
- # },
5187
- # },
5188
- # rules_source: { # required
5189
- # rules_string: "RulesString",
5190
- # rules_source_list: {
5191
- # targets: ["CollectionMember_String"], # required
5192
- # target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
5193
- # generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
5194
- # },
5195
- # stateful_rules: [
5196
- # {
5197
- # action: "PASS", # required, accepts PASS, DROP, ALERT
5198
- # header: { # required
5199
- # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
5200
- # source: "Source", # required
5201
- # source_port: "Port", # required
5202
- # direction: "FORWARD", # required, accepts FORWARD, ANY
5203
- # destination: "Destination", # required
5204
- # destination_port: "Port", # required
5205
- # },
5206
- # rule_options: [ # required
5207
- # {
5208
- # keyword: "Keyword", # required
5209
- # settings: ["Setting"],
5210
- # },
5211
- # ],
5212
- # },
5213
- # ],
5214
- # stateless_rules_and_custom_actions: {
5215
- # stateless_rules: [ # required
5216
- # {
5217
- # rule_definition: { # required
5218
- # match_attributes: { # required
5219
- # sources: [
5220
- # {
5221
- # address_definition: "AddressDefinition", # required
5222
- # },
5223
- # ],
5224
- # destinations: [
5225
- # {
5226
- # address_definition: "AddressDefinition", # required
5227
- # },
5228
- # ],
5229
- # source_ports: [
5230
- # {
5231
- # from_port: 1, # required
5232
- # to_port: 1, # required
5233
- # },
5234
- # ],
5235
- # destination_ports: [
5236
- # {
5237
- # from_port: 1, # required
5238
- # to_port: 1, # required
5239
- # },
5240
- # ],
5241
- # protocols: [1],
5242
- # tcp_flags: [
5243
- # {
5244
- # flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
5245
- # masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
5246
- # },
5247
- # ],
5248
- # },
5249
- # actions: ["CollectionMember_String"], # required
5250
- # },
5251
- # priority: 1, # required
5252
- # },
5253
- # ],
5254
- # custom_actions: [
5255
- # {
5256
- # action_name: "ActionName", # required
5257
- # action_definition: { # required
5258
- # publish_metric_action: {
5259
- # dimensions: [ # required
5260
- # {
5261
- # value: "DimensionValue", # required
5262
- # },
5263
- # ],
5264
- # },
5265
- # },
5266
- # },
5267
- # ],
5268
- # },
5269
- # },
5270
- # stateful_rule_options: {
5271
- # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
5272
- # },
5273
- # },
5274
- # rules: "RulesString",
5275
- # type: "STATELESS", # accepts STATELESS, STATEFUL
5276
- # description: "Description",
5277
- # dry_run: false,
5278
- # encryption_configuration: {
5279
- # key_id: "KeyId",
5280
- # type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
5281
- # },
5282
- # source_metadata: {
5283
- # source_arn: "ResourceArn",
5284
- # source_update_token: "UpdateToken",
5285
- # },
5286
- # }
5287
- #
5288
3986
  # @!attribute [rw] update_token
5289
3987
  # A token used for optimistic locking. Network Firewall returns a
5290
3988
  # token to your requests that access the rule group. The token marks
@@ -5425,16 +4123,6 @@ module Aws::NetworkFirewall
5425
4123
  include Aws::Structure
5426
4124
  end
5427
4125
 
5428
- # @note When making an API call, you may pass UpdateSubnetChangeProtectionRequest
5429
- # data as a hash:
5430
- #
5431
- # {
5432
- # update_token: "UpdateToken",
5433
- # firewall_arn: "ResourceArn",
5434
- # firewall_name: "ResourceName",
5435
- # subnet_change_protection: false, # required
5436
- # }
5437
- #
5438
4126
  # @!attribute [rw] update_token
5439
4127
  # An optional token that you can use for optimistic locking. Network
5440
4128
  # Firewall returns a token to your requests that access the firewall.