aws-sdk-networkfirewall 1.24.0 → 1.26.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-networkfirewall/client.rb +502 -9
- data/lib/aws-sdk-networkfirewall/client_api.rb +186 -0
- data/lib/aws-sdk-networkfirewall/endpoint_parameters.rb +0 -3
- data/lib/aws-sdk-networkfirewall/endpoint_provider.rb +27 -24
- data/lib/aws-sdk-networkfirewall/endpoints.rb +70 -0
- data/lib/aws-sdk-networkfirewall/plugins/endpoints.rb +10 -0
- data/lib/aws-sdk-networkfirewall/types.rb +669 -15
- data/lib/aws-sdk-networkfirewall.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f06525de7ab96ffab1dc74ee6cfb7629f37fade446430443a5e3fa6a6430e571
|
4
|
+
data.tar.gz: cdaf82868e449d14b6b626169486b4fd60346a3d3e98d36dbbbfeb76919c0647
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 04f2235e8fef3726e03bac04bcca56af77b3ad6055d70f68fd4284a213916edc9b73a901f6480cd4951407fd37df9380d8bf7f6e1b3bddb194074f2136c5d94b
|
7
|
+
data.tar.gz: 254bfefe094e643f56861d3444353792363e6fbfc1d89b51a9b9e0da8b9d064a449399120640d2d82762fd48d1c3b62428f72b6229475a78586410103c22f8b9
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,16 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.26.0 (2023-04-05)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - AWS Network Firewall now supports IPv6-only subnets.
|
8
|
+
|
9
|
+
1.25.0 (2023-03-30)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - AWS Network Firewall added TLS inspection configurations to allow TLS traffic inspection.
|
13
|
+
|
4
14
|
1.24.0 (2023-01-18)
|
5
15
|
------------------
|
6
16
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.26.0
|
@@ -509,7 +509,7 @@ module Aws::NetworkFirewall
|
|
509
509
|
# subnet_mappings: [ # required
|
510
510
|
# {
|
511
511
|
# subnet_id: "CollectionMember_String", # required
|
512
|
-
# ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4
|
512
|
+
# ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4, IPV6
|
513
513
|
# },
|
514
514
|
# ],
|
515
515
|
# })
|
@@ -520,7 +520,7 @@ module Aws::NetworkFirewall
|
|
520
520
|
# resp.firewall_name #=> String
|
521
521
|
# resp.subnet_mappings #=> Array
|
522
522
|
# resp.subnet_mappings[0].subnet_id #=> String
|
523
|
-
# resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
|
523
|
+
# resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4", "IPV6"
|
524
524
|
# resp.update_token #=> String
|
525
525
|
#
|
526
526
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AssociateSubnets AWS API Documentation
|
@@ -620,7 +620,7 @@ module Aws::NetworkFirewall
|
|
620
620
|
# subnet_mappings: [ # required
|
621
621
|
# {
|
622
622
|
# subnet_id: "CollectionMember_String", # required
|
623
|
-
# ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4
|
623
|
+
# ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4, IPV6
|
624
624
|
# },
|
625
625
|
# ],
|
626
626
|
# delete_protection: false,
|
@@ -647,7 +647,7 @@ module Aws::NetworkFirewall
|
|
647
647
|
# resp.firewall.vpc_id #=> String
|
648
648
|
# resp.firewall.subnet_mappings #=> Array
|
649
649
|
# resp.firewall.subnet_mappings[0].subnet_id #=> String
|
650
|
-
# resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
|
650
|
+
# resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4", "IPV6"
|
651
651
|
# resp.firewall.delete_protection #=> Boolean
|
652
652
|
# resp.firewall.subnet_change_protection #=> Boolean
|
653
653
|
# resp.firewall.firewall_policy_change_protection #=> Boolean
|
@@ -768,6 +768,7 @@ module Aws::NetworkFirewall
|
|
768
768
|
# rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
|
769
769
|
# stream_exception_policy: "DROP", # accepts DROP, CONTINUE
|
770
770
|
# },
|
771
|
+
# tls_inspection_configuration_arn: "ResourceArn",
|
771
772
|
# },
|
772
773
|
# description: "Description",
|
773
774
|
# tags: [
|
@@ -1094,6 +1095,172 @@ module Aws::NetworkFirewall
|
|
1094
1095
|
req.send_request(options)
|
1095
1096
|
end
|
1096
1097
|
|
1098
|
+
# Creates an Network Firewall TLS inspection configuration. A TLS
|
1099
|
+
# inspection configuration contains the Certificate Manager certificate
|
1100
|
+
# references that Network Firewall uses to decrypt and re-encrypt
|
1101
|
+
# inbound traffic.
|
1102
|
+
#
|
1103
|
+
# After you create a TLS inspection configuration, you associate it with
|
1104
|
+
# a firewall policy.
|
1105
|
+
#
|
1106
|
+
# To update the settings for a TLS inspection configuration, use
|
1107
|
+
# UpdateTLSInspectionConfiguration.
|
1108
|
+
#
|
1109
|
+
# To manage a TLS inspection configuration's tags, use the standard
|
1110
|
+
# Amazon Web Services resource tagging operations, ListTagsForResource,
|
1111
|
+
# TagResource, and UntagResource.
|
1112
|
+
#
|
1113
|
+
# To retrieve information about TLS inspection configurations, use
|
1114
|
+
# ListTLSInspectionConfigurations and
|
1115
|
+
# DescribeTLSInspectionConfiguration.
|
1116
|
+
#
|
1117
|
+
# For more information about TLS inspection configurations, see
|
1118
|
+
# [Decrypting SSL/TLS traffic with TLS inspection configurations][1] in
|
1119
|
+
# the *Network Firewall Developer Guide*.
|
1120
|
+
#
|
1121
|
+
#
|
1122
|
+
#
|
1123
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html
|
1124
|
+
#
|
1125
|
+
# @option params [required, String] :tls_inspection_configuration_name
|
1126
|
+
# The descriptive name of the TLS inspection configuration. You can't
|
1127
|
+
# change the name of a TLS inspection configuration after you create it.
|
1128
|
+
#
|
1129
|
+
# @option params [required, Types::TLSInspectionConfiguration] :tls_inspection_configuration
|
1130
|
+
# The object that defines a TLS inspection configuration. This, along
|
1131
|
+
# with TLSInspectionConfigurationResponse, define the TLS inspection
|
1132
|
+
# configuration. You can retrieve all objects for a TLS inspection
|
1133
|
+
# configuration by calling DescribeTLSInspectionConfiguration.
|
1134
|
+
#
|
1135
|
+
# Network Firewall uses a TLS inspection configuration to decrypt
|
1136
|
+
# traffic. Network Firewall re-encrypts the traffic before sending it to
|
1137
|
+
# its destination.
|
1138
|
+
#
|
1139
|
+
# To use a TLS inspection configuration, you add it to a Network
|
1140
|
+
# Firewall firewall policy, then you apply the firewall policy to a
|
1141
|
+
# firewall. Network Firewall acts as a proxy service to decrypt and
|
1142
|
+
# inspect inbound traffic. You can reference a TLS inspection
|
1143
|
+
# configuration from more than one firewall policy, and you can use a
|
1144
|
+
# firewall policy in more than one firewall. For more information about
|
1145
|
+
# using TLS inspection configurations, see [Decrypting SSL/TLS traffic
|
1146
|
+
# with TLS inspection configurations][1] in the *Network Firewall
|
1147
|
+
# Developer Guide*.
|
1148
|
+
#
|
1149
|
+
#
|
1150
|
+
#
|
1151
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html
|
1152
|
+
#
|
1153
|
+
# @option params [String] :description
|
1154
|
+
# A description of the TLS inspection configuration.
|
1155
|
+
#
|
1156
|
+
# @option params [Array<Types::Tag>] :tags
|
1157
|
+
# The key:value pairs to associate with the resource.
|
1158
|
+
#
|
1159
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
1160
|
+
# A complex type that contains optional Amazon Web Services Key
|
1161
|
+
# Management Service (KMS) encryption settings for your Network Firewall
|
1162
|
+
# resources. Your data is encrypted by default with an Amazon Web
|
1163
|
+
# Services owned key that Amazon Web Services owns and manages for you.
|
1164
|
+
# You can use either the Amazon Web Services owned key, or provide your
|
1165
|
+
# own customer managed key. To learn more about KMS encryption of your
|
1166
|
+
# Network Firewall resources, see [Encryption at rest with Amazon Web
|
1167
|
+
# Services Key Managment Service][1] in the *Network Firewall Developer
|
1168
|
+
# Guide*.
|
1169
|
+
#
|
1170
|
+
#
|
1171
|
+
#
|
1172
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
|
1173
|
+
#
|
1174
|
+
# @return [Types::CreateTLSInspectionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1175
|
+
#
|
1176
|
+
# * {Types::CreateTLSInspectionConfigurationResponse#update_token #update_token} => String
|
1177
|
+
# * {Types::CreateTLSInspectionConfigurationResponse#tls_inspection_configuration_response #tls_inspection_configuration_response} => Types::TLSInspectionConfigurationResponse
|
1178
|
+
#
|
1179
|
+
# @example Request syntax with placeholder values
|
1180
|
+
#
|
1181
|
+
# resp = client.create_tls_inspection_configuration({
|
1182
|
+
# tls_inspection_configuration_name: "ResourceName", # required
|
1183
|
+
# tls_inspection_configuration: { # required
|
1184
|
+
# server_certificate_configurations: [
|
1185
|
+
# {
|
1186
|
+
# server_certificates: [
|
1187
|
+
# {
|
1188
|
+
# resource_arn: "ResourceArn",
|
1189
|
+
# },
|
1190
|
+
# ],
|
1191
|
+
# scopes: [
|
1192
|
+
# {
|
1193
|
+
# sources: [
|
1194
|
+
# {
|
1195
|
+
# address_definition: "AddressDefinition", # required
|
1196
|
+
# },
|
1197
|
+
# ],
|
1198
|
+
# destinations: [
|
1199
|
+
# {
|
1200
|
+
# address_definition: "AddressDefinition", # required
|
1201
|
+
# },
|
1202
|
+
# ],
|
1203
|
+
# source_ports: [
|
1204
|
+
# {
|
1205
|
+
# from_port: 1, # required
|
1206
|
+
# to_port: 1, # required
|
1207
|
+
# },
|
1208
|
+
# ],
|
1209
|
+
# destination_ports: [
|
1210
|
+
# {
|
1211
|
+
# from_port: 1, # required
|
1212
|
+
# to_port: 1, # required
|
1213
|
+
# },
|
1214
|
+
# ],
|
1215
|
+
# protocols: [1],
|
1216
|
+
# },
|
1217
|
+
# ],
|
1218
|
+
# },
|
1219
|
+
# ],
|
1220
|
+
# },
|
1221
|
+
# description: "Description",
|
1222
|
+
# tags: [
|
1223
|
+
# {
|
1224
|
+
# key: "TagKey", # required
|
1225
|
+
# value: "TagValue", # required
|
1226
|
+
# },
|
1227
|
+
# ],
|
1228
|
+
# encryption_configuration: {
|
1229
|
+
# key_id: "KeyId",
|
1230
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
1231
|
+
# },
|
1232
|
+
# })
|
1233
|
+
#
|
1234
|
+
# @example Response structure
|
1235
|
+
#
|
1236
|
+
# resp.update_token #=> String
|
1237
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
|
1238
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
|
1239
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
|
1240
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
|
1241
|
+
# resp.tls_inspection_configuration_response.description #=> String
|
1242
|
+
# resp.tls_inspection_configuration_response.tags #=> Array
|
1243
|
+
# resp.tls_inspection_configuration_response.tags[0].key #=> String
|
1244
|
+
# resp.tls_inspection_configuration_response.tags[0].value #=> String
|
1245
|
+
# resp.tls_inspection_configuration_response.last_modified_time #=> Time
|
1246
|
+
# resp.tls_inspection_configuration_response.number_of_associations #=> Integer
|
1247
|
+
# resp.tls_inspection_configuration_response.encryption_configuration.key_id #=> String
|
1248
|
+
# resp.tls_inspection_configuration_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1249
|
+
# resp.tls_inspection_configuration_response.certificates #=> Array
|
1250
|
+
# resp.tls_inspection_configuration_response.certificates[0].certificate_arn #=> String
|
1251
|
+
# resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
|
1252
|
+
# resp.tls_inspection_configuration_response.certificates[0].status #=> String
|
1253
|
+
# resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
|
1254
|
+
#
|
1255
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateTLSInspectionConfiguration AWS API Documentation
|
1256
|
+
#
|
1257
|
+
# @overload create_tls_inspection_configuration(params = {})
|
1258
|
+
# @param [Hash] params ({})
|
1259
|
+
def create_tls_inspection_configuration(params = {}, options = {})
|
1260
|
+
req = build_request(:create_tls_inspection_configuration, params)
|
1261
|
+
req.send_request(options)
|
1262
|
+
end
|
1263
|
+
|
1097
1264
|
# Deletes the specified Firewall and its FirewallStatus. This operation
|
1098
1265
|
# requires the firewall's `DeleteProtection` flag to be `FALSE`. You
|
1099
1266
|
# can't revert this operation.
|
@@ -1141,7 +1308,7 @@ module Aws::NetworkFirewall
|
|
1141
1308
|
# resp.firewall.vpc_id #=> String
|
1142
1309
|
# resp.firewall.subnet_mappings #=> Array
|
1143
1310
|
# resp.firewall.subnet_mappings[0].subnet_id #=> String
|
1144
|
-
# resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
|
1311
|
+
# resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4", "IPV6"
|
1145
1312
|
# resp.firewall.delete_protection #=> Boolean
|
1146
1313
|
# resp.firewall.subnet_change_protection #=> Boolean
|
1147
1314
|
# resp.firewall.firewall_policy_change_protection #=> Boolean
|
@@ -1315,6 +1482,59 @@ module Aws::NetworkFirewall
|
|
1315
1482
|
req.send_request(options)
|
1316
1483
|
end
|
1317
1484
|
|
1485
|
+
# Deletes the specified TLSInspectionConfiguration.
|
1486
|
+
#
|
1487
|
+
# @option params [String] :tls_inspection_configuration_arn
|
1488
|
+
# The Amazon Resource Name (ARN) of the TLS inspection configuration.
|
1489
|
+
#
|
1490
|
+
# You must specify the ARN or the name, and you can specify both.
|
1491
|
+
#
|
1492
|
+
# @option params [String] :tls_inspection_configuration_name
|
1493
|
+
# The descriptive name of the TLS inspection configuration. You can't
|
1494
|
+
# change the name of a TLS inspection configuration after you create it.
|
1495
|
+
#
|
1496
|
+
# You must specify the ARN or the name, and you can specify both.
|
1497
|
+
#
|
1498
|
+
# @return [Types::DeleteTLSInspectionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1499
|
+
#
|
1500
|
+
# * {Types::DeleteTLSInspectionConfigurationResponse#tls_inspection_configuration_response #tls_inspection_configuration_response} => Types::TLSInspectionConfigurationResponse
|
1501
|
+
#
|
1502
|
+
# @example Request syntax with placeholder values
|
1503
|
+
#
|
1504
|
+
# resp = client.delete_tls_inspection_configuration({
|
1505
|
+
# tls_inspection_configuration_arn: "ResourceArn",
|
1506
|
+
# tls_inspection_configuration_name: "ResourceName",
|
1507
|
+
# })
|
1508
|
+
#
|
1509
|
+
# @example Response structure
|
1510
|
+
#
|
1511
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
|
1512
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
|
1513
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
|
1514
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
|
1515
|
+
# resp.tls_inspection_configuration_response.description #=> String
|
1516
|
+
# resp.tls_inspection_configuration_response.tags #=> Array
|
1517
|
+
# resp.tls_inspection_configuration_response.tags[0].key #=> String
|
1518
|
+
# resp.tls_inspection_configuration_response.tags[0].value #=> String
|
1519
|
+
# resp.tls_inspection_configuration_response.last_modified_time #=> Time
|
1520
|
+
# resp.tls_inspection_configuration_response.number_of_associations #=> Integer
|
1521
|
+
# resp.tls_inspection_configuration_response.encryption_configuration.key_id #=> String
|
1522
|
+
# resp.tls_inspection_configuration_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1523
|
+
# resp.tls_inspection_configuration_response.certificates #=> Array
|
1524
|
+
# resp.tls_inspection_configuration_response.certificates[0].certificate_arn #=> String
|
1525
|
+
# resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
|
1526
|
+
# resp.tls_inspection_configuration_response.certificates[0].status #=> String
|
1527
|
+
# resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
|
1528
|
+
#
|
1529
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteTLSInspectionConfiguration AWS API Documentation
|
1530
|
+
#
|
1531
|
+
# @overload delete_tls_inspection_configuration(params = {})
|
1532
|
+
# @param [Hash] params ({})
|
1533
|
+
def delete_tls_inspection_configuration(params = {}, options = {})
|
1534
|
+
req = build_request(:delete_tls_inspection_configuration, params)
|
1535
|
+
req.send_request(options)
|
1536
|
+
end
|
1537
|
+
|
1318
1538
|
# Returns the data objects for the specified firewall.
|
1319
1539
|
#
|
1320
1540
|
# @option params [String] :firewall_name
|
@@ -1350,7 +1570,7 @@ module Aws::NetworkFirewall
|
|
1350
1570
|
# resp.firewall.vpc_id #=> String
|
1351
1571
|
# resp.firewall.subnet_mappings #=> Array
|
1352
1572
|
# resp.firewall.subnet_mappings[0].subnet_id #=> String
|
1353
|
-
# resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
|
1573
|
+
# resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4", "IPV6"
|
1354
1574
|
# resp.firewall.delete_protection #=> Boolean
|
1355
1575
|
# resp.firewall.subnet_change_protection #=> Boolean
|
1356
1576
|
# resp.firewall.firewall_policy_change_protection #=> Boolean
|
@@ -1447,6 +1667,7 @@ module Aws::NetworkFirewall
|
|
1447
1667
|
# resp.firewall_policy.stateful_default_actions[0] #=> String
|
1448
1668
|
# resp.firewall_policy.stateful_engine_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
|
1449
1669
|
# resp.firewall_policy.stateful_engine_options.stream_exception_policy #=> String, one of "DROP", "CONTINUE"
|
1670
|
+
# resp.firewall_policy.tls_inspection_configuration_arn #=> String
|
1450
1671
|
#
|
1451
1672
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewallPolicy AWS API Documentation
|
1452
1673
|
#
|
@@ -1714,6 +1935,79 @@ module Aws::NetworkFirewall
|
|
1714
1935
|
req.send_request(options)
|
1715
1936
|
end
|
1716
1937
|
|
1938
|
+
# Returns the data objects for the specified TLS inspection
|
1939
|
+
# configuration.
|
1940
|
+
#
|
1941
|
+
# @option params [String] :tls_inspection_configuration_arn
|
1942
|
+
# The Amazon Resource Name (ARN) of the TLS inspection configuration.
|
1943
|
+
#
|
1944
|
+
# You must specify the ARN or the name, and you can specify both.
|
1945
|
+
#
|
1946
|
+
# @option params [String] :tls_inspection_configuration_name
|
1947
|
+
# The descriptive name of the TLS inspection configuration. You can't
|
1948
|
+
# change the name of a TLS inspection configuration after you create it.
|
1949
|
+
#
|
1950
|
+
# You must specify the ARN or the name, and you can specify both.
|
1951
|
+
#
|
1952
|
+
# @return [Types::DescribeTLSInspectionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1953
|
+
#
|
1954
|
+
# * {Types::DescribeTLSInspectionConfigurationResponse#update_token #update_token} => String
|
1955
|
+
# * {Types::DescribeTLSInspectionConfigurationResponse#tls_inspection_configuration #tls_inspection_configuration} => Types::TLSInspectionConfiguration
|
1956
|
+
# * {Types::DescribeTLSInspectionConfigurationResponse#tls_inspection_configuration_response #tls_inspection_configuration_response} => Types::TLSInspectionConfigurationResponse
|
1957
|
+
#
|
1958
|
+
# @example Request syntax with placeholder values
|
1959
|
+
#
|
1960
|
+
# resp = client.describe_tls_inspection_configuration({
|
1961
|
+
# tls_inspection_configuration_arn: "ResourceArn",
|
1962
|
+
# tls_inspection_configuration_name: "ResourceName",
|
1963
|
+
# })
|
1964
|
+
#
|
1965
|
+
# @example Response structure
|
1966
|
+
#
|
1967
|
+
# resp.update_token #=> String
|
1968
|
+
# resp.tls_inspection_configuration.server_certificate_configurations #=> Array
|
1969
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].server_certificates #=> Array
|
1970
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].server_certificates[0].resource_arn #=> String
|
1971
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes #=> Array
|
1972
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].sources #=> Array
|
1973
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].sources[0].address_definition #=> String
|
1974
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].destinations #=> Array
|
1975
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].destinations[0].address_definition #=> String
|
1976
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].source_ports #=> Array
|
1977
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].source_ports[0].from_port #=> Integer
|
1978
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].source_ports[0].to_port #=> Integer
|
1979
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].destination_ports #=> Array
|
1980
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].destination_ports[0].from_port #=> Integer
|
1981
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].destination_ports[0].to_port #=> Integer
|
1982
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].protocols #=> Array
|
1983
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].protocols[0] #=> Integer
|
1984
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
|
1985
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
|
1986
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
|
1987
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
|
1988
|
+
# resp.tls_inspection_configuration_response.description #=> String
|
1989
|
+
# resp.tls_inspection_configuration_response.tags #=> Array
|
1990
|
+
# resp.tls_inspection_configuration_response.tags[0].key #=> String
|
1991
|
+
# resp.tls_inspection_configuration_response.tags[0].value #=> String
|
1992
|
+
# resp.tls_inspection_configuration_response.last_modified_time #=> Time
|
1993
|
+
# resp.tls_inspection_configuration_response.number_of_associations #=> Integer
|
1994
|
+
# resp.tls_inspection_configuration_response.encryption_configuration.key_id #=> String
|
1995
|
+
# resp.tls_inspection_configuration_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
1996
|
+
# resp.tls_inspection_configuration_response.certificates #=> Array
|
1997
|
+
# resp.tls_inspection_configuration_response.certificates[0].certificate_arn #=> String
|
1998
|
+
# resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
|
1999
|
+
# resp.tls_inspection_configuration_response.certificates[0].status #=> String
|
2000
|
+
# resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
|
2001
|
+
#
|
2002
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeTLSInspectionConfiguration AWS API Documentation
|
2003
|
+
#
|
2004
|
+
# @overload describe_tls_inspection_configuration(params = {})
|
2005
|
+
# @param [Hash] params ({})
|
2006
|
+
def describe_tls_inspection_configuration(params = {}, options = {})
|
2007
|
+
req = build_request(:describe_tls_inspection_configuration, params)
|
2008
|
+
req.send_request(options)
|
2009
|
+
end
|
2010
|
+
|
1717
2011
|
# Removes the specified subnet associations from the firewall. This
|
1718
2012
|
# removes the firewall endpoints from the subnets and removes any
|
1719
2013
|
# network filtering protections that the endpoints were providing.
|
@@ -1773,7 +2067,7 @@ module Aws::NetworkFirewall
|
|
1773
2067
|
# resp.firewall_name #=> String
|
1774
2068
|
# resp.subnet_mappings #=> Array
|
1775
2069
|
# resp.subnet_mappings[0].subnet_id #=> String
|
1776
|
-
# resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
|
2070
|
+
# resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4", "IPV6"
|
1777
2071
|
# resp.update_token #=> String
|
1778
2072
|
#
|
1779
2073
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DisassociateSubnets AWS API Documentation
|
@@ -1952,6 +2246,54 @@ module Aws::NetworkFirewall
|
|
1952
2246
|
req.send_request(options)
|
1953
2247
|
end
|
1954
2248
|
|
2249
|
+
# Retrieves the metadata for the TLS inspection configurations that you
|
2250
|
+
# have defined. Depending on your setting for max results and the number
|
2251
|
+
# of TLS inspection configurations, a single call might not return the
|
2252
|
+
# full list.
|
2253
|
+
#
|
2254
|
+
# @option params [String] :next_token
|
2255
|
+
# When you request a list of objects with a `MaxResults` setting, if the
|
2256
|
+
# number of objects that are still available for retrieval exceeds the
|
2257
|
+
# maximum you requested, Network Firewall returns a `NextToken` value in
|
2258
|
+
# the response. To retrieve the next batch of objects, use the token
|
2259
|
+
# returned from the prior request in your next request.
|
2260
|
+
#
|
2261
|
+
# @option params [Integer] :max_results
|
2262
|
+
# The maximum number of objects that you want Network Firewall to return
|
2263
|
+
# for this request. If more objects are available, in the response,
|
2264
|
+
# Network Firewall provides a `NextToken` value that you can use in a
|
2265
|
+
# subsequent call to get the next batch of objects.
|
2266
|
+
#
|
2267
|
+
# @return [Types::ListTLSInspectionConfigurationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
2268
|
+
#
|
2269
|
+
# * {Types::ListTLSInspectionConfigurationsResponse#next_token #next_token} => String
|
2270
|
+
# * {Types::ListTLSInspectionConfigurationsResponse#tls_inspection_configurations #tls_inspection_configurations} => Array<Types::TLSInspectionConfigurationMetadata>
|
2271
|
+
#
|
2272
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
2273
|
+
#
|
2274
|
+
# @example Request syntax with placeholder values
|
2275
|
+
#
|
2276
|
+
# resp = client.list_tls_inspection_configurations({
|
2277
|
+
# next_token: "PaginationToken",
|
2278
|
+
# max_results: 1,
|
2279
|
+
# })
|
2280
|
+
#
|
2281
|
+
# @example Response structure
|
2282
|
+
#
|
2283
|
+
# resp.next_token #=> String
|
2284
|
+
# resp.tls_inspection_configurations #=> Array
|
2285
|
+
# resp.tls_inspection_configurations[0].name #=> String
|
2286
|
+
# resp.tls_inspection_configurations[0].arn #=> String
|
2287
|
+
#
|
2288
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListTLSInspectionConfigurations AWS API Documentation
|
2289
|
+
#
|
2290
|
+
# @overload list_tls_inspection_configurations(params = {})
|
2291
|
+
# @param [Hash] params ({})
|
2292
|
+
def list_tls_inspection_configurations(params = {}, options = {})
|
2293
|
+
req = build_request(:list_tls_inspection_configurations, params)
|
2294
|
+
req.send_request(options)
|
2295
|
+
end
|
2296
|
+
|
1955
2297
|
# Retrieves the tags associated with the specified resource. Tags are
|
1956
2298
|
# key:value pairs that you can use to categorize and manage your
|
1957
2299
|
# resources, for purposes like billing. For example, you might set the
|
@@ -2485,6 +2827,7 @@ module Aws::NetworkFirewall
|
|
2485
2827
|
# rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
|
2486
2828
|
# stream_exception_policy: "DROP", # accepts DROP, CONTINUE
|
2487
2829
|
# },
|
2830
|
+
# tls_inspection_configuration_arn: "ResourceArn",
|
2488
2831
|
# },
|
2489
2832
|
# description: "Description",
|
2490
2833
|
# dry_run: false,
|
@@ -2604,7 +2947,7 @@ module Aws::NetworkFirewall
|
|
2604
2947
|
# LoggingConfiguration object.
|
2605
2948
|
#
|
2606
2949
|
# You can perform only one of the following actions in any call to
|
2607
|
-
# `UpdateLoggingConfiguration
|
2950
|
+
# `UpdateLoggingConfiguration`:
|
2608
2951
|
#
|
2609
2952
|
# * Create a new log destination object by adding a single
|
2610
2953
|
# `LogDestinationConfig` array element to `LogDestinationConfigs`.
|
@@ -3001,6 +3344,156 @@ module Aws::NetworkFirewall
|
|
3001
3344
|
req.send_request(options)
|
3002
3345
|
end
|
3003
3346
|
|
3347
|
+
# Updates the TLS inspection configuration settings for the specified
|
3348
|
+
# TLS inspection configuration. You use a TLS inspection configuration
|
3349
|
+
# by reference in one or more firewall policies. When you modify a TLS
|
3350
|
+
# inspection configuration, you modify all firewall policies that use
|
3351
|
+
# the TLS inspection configuration.
|
3352
|
+
#
|
3353
|
+
# To update a TLS inspection configuration, first call
|
3354
|
+
# DescribeTLSInspectionConfiguration to retrieve the current
|
3355
|
+
# TLSInspectionConfiguration object, update the object as needed, and
|
3356
|
+
# then provide the updated object to this call.
|
3357
|
+
#
|
3358
|
+
# @option params [String] :tls_inspection_configuration_arn
|
3359
|
+
# The Amazon Resource Name (ARN) of the TLS inspection configuration.
|
3360
|
+
#
|
3361
|
+
# @option params [String] :tls_inspection_configuration_name
|
3362
|
+
# The descriptive name of the TLS inspection configuration. You can't
|
3363
|
+
# change the name of a TLS inspection configuration after you create it.
|
3364
|
+
#
|
3365
|
+
# @option params [required, Types::TLSInspectionConfiguration] :tls_inspection_configuration
|
3366
|
+
# The object that defines a TLS inspection configuration. This, along
|
3367
|
+
# with TLSInspectionConfigurationResponse, define the TLS inspection
|
3368
|
+
# configuration. You can retrieve all objects for a TLS inspection
|
3369
|
+
# configuration by calling DescribeTLSInspectionConfiguration.
|
3370
|
+
#
|
3371
|
+
# Network Firewall uses a TLS inspection configuration to decrypt
|
3372
|
+
# traffic. Network Firewall re-encrypts the traffic before sending it to
|
3373
|
+
# its destination.
|
3374
|
+
#
|
3375
|
+
# To use a TLS inspection configuration, you add it to a Network
|
3376
|
+
# Firewall firewall policy, then you apply the firewall policy to a
|
3377
|
+
# firewall. Network Firewall acts as a proxy service to decrypt and
|
3378
|
+
# inspect inbound traffic. You can reference a TLS inspection
|
3379
|
+
# configuration from more than one firewall policy, and you can use a
|
3380
|
+
# firewall policy in more than one firewall. For more information about
|
3381
|
+
# using TLS inspection configurations, see [Decrypting SSL/TLS traffic
|
3382
|
+
# with TLS inspection configurations][1] in the *Network Firewall
|
3383
|
+
# Developer Guide*.
|
3384
|
+
#
|
3385
|
+
#
|
3386
|
+
#
|
3387
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html
|
3388
|
+
#
|
3389
|
+
# @option params [String] :description
|
3390
|
+
# A description of the TLS inspection configuration.
|
3391
|
+
#
|
3392
|
+
# @option params [Types::EncryptionConfiguration] :encryption_configuration
|
3393
|
+
# A complex type that contains the Amazon Web Services KMS encryption
|
3394
|
+
# configuration settings for your TLS inspection configuration.
|
3395
|
+
#
|
3396
|
+
# @option params [required, String] :update_token
|
3397
|
+
# A token used for optimistic locking. Network Firewall returns a token
|
3398
|
+
# to your requests that access the TLS inspection configuration. The
|
3399
|
+
# token marks the state of the TLS inspection configuration resource at
|
3400
|
+
# the time of the request.
|
3401
|
+
#
|
3402
|
+
# To make changes to the TLS inspection configuration, you provide the
|
3403
|
+
# token in your request. Network Firewall uses the token to ensure that
|
3404
|
+
# the TLS inspection configuration hasn't changed since you last
|
3405
|
+
# retrieved it. If it has changed, the operation fails with an
|
3406
|
+
# `InvalidTokenException`. If this happens, retrieve the TLS inspection
|
3407
|
+
# configuration again to get a current copy of it with a current token.
|
3408
|
+
# Reapply your changes as needed, then try the operation again using the
|
3409
|
+
# new token.
|
3410
|
+
#
|
3411
|
+
# @return [Types::UpdateTLSInspectionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3412
|
+
#
|
3413
|
+
# * {Types::UpdateTLSInspectionConfigurationResponse#update_token #update_token} => String
|
3414
|
+
# * {Types::UpdateTLSInspectionConfigurationResponse#tls_inspection_configuration_response #tls_inspection_configuration_response} => Types::TLSInspectionConfigurationResponse
|
3415
|
+
#
|
3416
|
+
# @example Request syntax with placeholder values
|
3417
|
+
#
|
3418
|
+
# resp = client.update_tls_inspection_configuration({
|
3419
|
+
# tls_inspection_configuration_arn: "ResourceArn",
|
3420
|
+
# tls_inspection_configuration_name: "ResourceName",
|
3421
|
+
# tls_inspection_configuration: { # required
|
3422
|
+
# server_certificate_configurations: [
|
3423
|
+
# {
|
3424
|
+
# server_certificates: [
|
3425
|
+
# {
|
3426
|
+
# resource_arn: "ResourceArn",
|
3427
|
+
# },
|
3428
|
+
# ],
|
3429
|
+
# scopes: [
|
3430
|
+
# {
|
3431
|
+
# sources: [
|
3432
|
+
# {
|
3433
|
+
# address_definition: "AddressDefinition", # required
|
3434
|
+
# },
|
3435
|
+
# ],
|
3436
|
+
# destinations: [
|
3437
|
+
# {
|
3438
|
+
# address_definition: "AddressDefinition", # required
|
3439
|
+
# },
|
3440
|
+
# ],
|
3441
|
+
# source_ports: [
|
3442
|
+
# {
|
3443
|
+
# from_port: 1, # required
|
3444
|
+
# to_port: 1, # required
|
3445
|
+
# },
|
3446
|
+
# ],
|
3447
|
+
# destination_ports: [
|
3448
|
+
# {
|
3449
|
+
# from_port: 1, # required
|
3450
|
+
# to_port: 1, # required
|
3451
|
+
# },
|
3452
|
+
# ],
|
3453
|
+
# protocols: [1],
|
3454
|
+
# },
|
3455
|
+
# ],
|
3456
|
+
# },
|
3457
|
+
# ],
|
3458
|
+
# },
|
3459
|
+
# description: "Description",
|
3460
|
+
# encryption_configuration: {
|
3461
|
+
# key_id: "KeyId",
|
3462
|
+
# type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
|
3463
|
+
# },
|
3464
|
+
# update_token: "UpdateToken", # required
|
3465
|
+
# })
|
3466
|
+
#
|
3467
|
+
# @example Response structure
|
3468
|
+
#
|
3469
|
+
# resp.update_token #=> String
|
3470
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
|
3471
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
|
3472
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
|
3473
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
|
3474
|
+
# resp.tls_inspection_configuration_response.description #=> String
|
3475
|
+
# resp.tls_inspection_configuration_response.tags #=> Array
|
3476
|
+
# resp.tls_inspection_configuration_response.tags[0].key #=> String
|
3477
|
+
# resp.tls_inspection_configuration_response.tags[0].value #=> String
|
3478
|
+
# resp.tls_inspection_configuration_response.last_modified_time #=> Time
|
3479
|
+
# resp.tls_inspection_configuration_response.number_of_associations #=> Integer
|
3480
|
+
# resp.tls_inspection_configuration_response.encryption_configuration.key_id #=> String
|
3481
|
+
# resp.tls_inspection_configuration_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
|
3482
|
+
# resp.tls_inspection_configuration_response.certificates #=> Array
|
3483
|
+
# resp.tls_inspection_configuration_response.certificates[0].certificate_arn #=> String
|
3484
|
+
# resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
|
3485
|
+
# resp.tls_inspection_configuration_response.certificates[0].status #=> String
|
3486
|
+
# resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
|
3487
|
+
#
|
3488
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateTLSInspectionConfiguration AWS API Documentation
|
3489
|
+
#
|
3490
|
+
# @overload update_tls_inspection_configuration(params = {})
|
3491
|
+
# @param [Hash] params ({})
|
3492
|
+
def update_tls_inspection_configuration(params = {}, options = {})
|
3493
|
+
req = build_request(:update_tls_inspection_configuration, params)
|
3494
|
+
req.send_request(options)
|
3495
|
+
end
|
3496
|
+
|
3004
3497
|
# @!endgroup
|
3005
3498
|
|
3006
3499
|
# @param params ({})
|
@@ -3014,7 +3507,7 @@ module Aws::NetworkFirewall
|
|
3014
3507
|
params: params,
|
3015
3508
|
config: config)
|
3016
3509
|
context[:gem_name] = 'aws-sdk-networkfirewall'
|
3017
|
-
context[:gem_version] = '1.
|
3510
|
+
context[:gem_version] = '1.26.0'
|
3018
3511
|
Seahorse::Client::Request.new(handlers, context)
|
3019
3512
|
end
|
3020
3513
|
|