aws-sdk-networkfirewall 1.25.0 → 1.27.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f38dd42856bc8f7369bebbe6adf9d585877b4580cbd3107d47ffab1b79f0edda
4
- data.tar.gz: 06c4cf7cebb034b13357f05fa0c279e89c56d7fa62f7a0d696d5193a61d69916
3
+ metadata.gz: 848dc5acca2271ff27fe731050b218de6eb5bd90c5cf3f9238d2e7876bd779f1
4
+ data.tar.gz: 5020c9ed7a2fdde8c547c9e45989ae6c57531ebef798c35c69b18ca031845bf1
5
5
  SHA512:
6
- metadata.gz: 193eae1a0c783614c325b56ec7638cdd6a1786f2a65af6e066e372c16967585611370c1e30711e6bc2fa235c7f2d8704170b88ac4c2527fcb7dee8176f8e3a6c
7
- data.tar.gz: b3f4b1bb72271d701bc9df98879c1a5fa8db5829e38d4b635ada0fa249d6b6fff654238306251793dd6ccb456b1a1156d5a8225dca2b05dd66dfe3e96c725b88
6
+ metadata.gz: 198569d2c17cdc7db5247a1e39838ec54582a80bafb30946911c02ef36e3482a09a2288407e9bdc86dd9cc8e63914f4dcf4f2b2eb156e220db172cafb8d9d393
7
+ data.tar.gz: 56255332e20a9726aba325f3e512b28dad5dfcbd4cc7317df5be254aac4a2c5bddaa6f3ec11fb7d0539938866568997a93cf4c9615e1c83de9b4620f5101cbae
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.27.0 (2023-05-03)
5
+ ------------------
6
+
7
+ * Feature - AWS Network Firewall now supports policy level HOME_NET variable overrides.
8
+
9
+ 1.26.0 (2023-04-05)
10
+ ------------------
11
+
12
+ * Feature - AWS Network Firewall now supports IPv6-only subnets.
13
+
4
14
  1.25.0 (2023-03-30)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.25.0
1
+ 1.27.0
@@ -509,7 +509,7 @@ module Aws::NetworkFirewall
509
509
  # subnet_mappings: [ # required
510
510
  # {
511
511
  # subnet_id: "CollectionMember_String", # required
512
- # ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4
512
+ # ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4, IPV6
513
513
  # },
514
514
  # ],
515
515
  # })
@@ -520,7 +520,7 @@ module Aws::NetworkFirewall
520
520
  # resp.firewall_name #=> String
521
521
  # resp.subnet_mappings #=> Array
522
522
  # resp.subnet_mappings[0].subnet_id #=> String
523
- # resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
523
+ # resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4", "IPV6"
524
524
  # resp.update_token #=> String
525
525
  #
526
526
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AssociateSubnets AWS API Documentation
@@ -620,7 +620,7 @@ module Aws::NetworkFirewall
620
620
  # subnet_mappings: [ # required
621
621
  # {
622
622
  # subnet_id: "CollectionMember_String", # required
623
- # ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4
623
+ # ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4, IPV6
624
624
  # },
625
625
  # ],
626
626
  # delete_protection: false,
@@ -647,7 +647,7 @@ module Aws::NetworkFirewall
647
647
  # resp.firewall.vpc_id #=> String
648
648
  # resp.firewall.subnet_mappings #=> Array
649
649
  # resp.firewall.subnet_mappings[0].subnet_id #=> String
650
- # resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
650
+ # resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4", "IPV6"
651
651
  # resp.firewall.delete_protection #=> Boolean
652
652
  # resp.firewall.subnet_change_protection #=> Boolean
653
653
  # resp.firewall.firewall_policy_change_protection #=> Boolean
@@ -663,7 +663,7 @@ module Aws::NetworkFirewall
663
663
  # resp.firewall_status.sync_states #=> Hash
664
664
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
665
665
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
666
- # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
666
+ # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY", "FAILED", "ERROR"
667
667
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status_message #=> String
668
668
  # resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
669
669
  # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
@@ -769,6 +769,13 @@ module Aws::NetworkFirewall
769
769
  # stream_exception_policy: "DROP", # accepts DROP, CONTINUE
770
770
  # },
771
771
  # tls_inspection_configuration_arn: "ResourceArn",
772
+ # policy_variables: {
773
+ # rule_variables: {
774
+ # "RuleVariableName" => {
775
+ # definition: ["VariableDefinition"], # required
776
+ # },
777
+ # },
778
+ # },
772
779
  # },
773
780
  # description: "Description",
774
781
  # tags: [
@@ -1308,7 +1315,7 @@ module Aws::NetworkFirewall
1308
1315
  # resp.firewall.vpc_id #=> String
1309
1316
  # resp.firewall.subnet_mappings #=> Array
1310
1317
  # resp.firewall.subnet_mappings[0].subnet_id #=> String
1311
- # resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
1318
+ # resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4", "IPV6"
1312
1319
  # resp.firewall.delete_protection #=> Boolean
1313
1320
  # resp.firewall.subnet_change_protection #=> Boolean
1314
1321
  # resp.firewall.firewall_policy_change_protection #=> Boolean
@@ -1324,7 +1331,7 @@ module Aws::NetworkFirewall
1324
1331
  # resp.firewall_status.sync_states #=> Hash
1325
1332
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
1326
1333
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
1327
- # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
1334
+ # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY", "FAILED", "ERROR"
1328
1335
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status_message #=> String
1329
1336
  # resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
1330
1337
  # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
@@ -1570,7 +1577,7 @@ module Aws::NetworkFirewall
1570
1577
  # resp.firewall.vpc_id #=> String
1571
1578
  # resp.firewall.subnet_mappings #=> Array
1572
1579
  # resp.firewall.subnet_mappings[0].subnet_id #=> String
1573
- # resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
1580
+ # resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4", "IPV6"
1574
1581
  # resp.firewall.delete_protection #=> Boolean
1575
1582
  # resp.firewall.subnet_change_protection #=> Boolean
1576
1583
  # resp.firewall.firewall_policy_change_protection #=> Boolean
@@ -1586,7 +1593,7 @@ module Aws::NetworkFirewall
1586
1593
  # resp.firewall_status.sync_states #=> Hash
1587
1594
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
1588
1595
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
1589
- # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
1596
+ # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY", "FAILED", "ERROR"
1590
1597
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status_message #=> String
1591
1598
  # resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
1592
1599
  # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
@@ -1668,6 +1675,9 @@ module Aws::NetworkFirewall
1668
1675
  # resp.firewall_policy.stateful_engine_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
1669
1676
  # resp.firewall_policy.stateful_engine_options.stream_exception_policy #=> String, one of "DROP", "CONTINUE"
1670
1677
  # resp.firewall_policy.tls_inspection_configuration_arn #=> String
1678
+ # resp.firewall_policy.policy_variables.rule_variables #=> Hash
1679
+ # resp.firewall_policy.policy_variables.rule_variables["RuleVariableName"].definition #=> Array
1680
+ # resp.firewall_policy.policy_variables.rule_variables["RuleVariableName"].definition[0] #=> String
1671
1681
  #
1672
1682
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewallPolicy AWS API Documentation
1673
1683
  #
@@ -2067,7 +2077,7 @@ module Aws::NetworkFirewall
2067
2077
  # resp.firewall_name #=> String
2068
2078
  # resp.subnet_mappings #=> Array
2069
2079
  # resp.subnet_mappings[0].subnet_id #=> String
2070
- # resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
2080
+ # resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4", "IPV6"
2071
2081
  # resp.update_token #=> String
2072
2082
  #
2073
2083
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DisassociateSubnets AWS API Documentation
@@ -2402,10 +2412,6 @@ module Aws::NetworkFirewall
2402
2412
  # For a firewall policy resource, you can specify the following
2403
2413
  # operations in the Actions section of the statement:
2404
2414
  #
2405
- # * network-firewall:CreateFirewall
2406
- #
2407
- # * network-firewall:UpdateFirewall
2408
- #
2409
2415
  # * network-firewall:AssociateFirewallPolicy
2410
2416
  #
2411
2417
  # * network-firewall:ListFirewallPolicies
@@ -2828,6 +2834,13 @@ module Aws::NetworkFirewall
2828
2834
  # stream_exception_policy: "DROP", # accepts DROP, CONTINUE
2829
2835
  # },
2830
2836
  # tls_inspection_configuration_arn: "ResourceArn",
2837
+ # policy_variables: {
2838
+ # rule_variables: {
2839
+ # "RuleVariableName" => {
2840
+ # definition: ["VariableDefinition"], # required
2841
+ # },
2842
+ # },
2843
+ # },
2831
2844
  # },
2832
2845
  # description: "Description",
2833
2846
  # dry_run: false,
@@ -3507,7 +3520,7 @@ module Aws::NetworkFirewall
3507
3520
  params: params,
3508
3521
  config: config)
3509
3522
  context[:gem_name] = 'aws-sdk-networkfirewall'
3510
- context[:gem_version] = '1.25.0'
3523
+ context[:gem_version] = '1.27.0'
3511
3524
  Seahorse::Client::Request.new(handlers, context)
3512
3525
  end
3513
3526
 
@@ -137,6 +137,7 @@ module Aws::NetworkFirewall
137
137
  PerObjectStatus = Shapes::StructureShape.new(name: 'PerObjectStatus')
138
138
  PerObjectSyncStatus = Shapes::StringShape.new(name: 'PerObjectSyncStatus')
139
139
  PolicyString = Shapes::StringShape.new(name: 'PolicyString')
140
+ PolicyVariables = Shapes::StructureShape.new(name: 'PolicyVariables')
140
141
  Port = Shapes::StringShape.new(name: 'Port')
141
142
  PortRange = Shapes::StructureShape.new(name: 'PortRange')
142
143
  PortRangeBound = Shapes::IntegerShape.new(name: 'PortRangeBound')
@@ -515,6 +516,7 @@ module Aws::NetworkFirewall
515
516
  FirewallPolicy.add_member(:stateful_default_actions, Shapes::ShapeRef.new(shape: StatefulActions, location_name: "StatefulDefaultActions"))
516
517
  FirewallPolicy.add_member(:stateful_engine_options, Shapes::ShapeRef.new(shape: StatefulEngineOptions, location_name: "StatefulEngineOptions"))
517
518
  FirewallPolicy.add_member(:tls_inspection_configuration_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "TLSInspectionConfigurationArn"))
519
+ FirewallPolicy.add_member(:policy_variables, Shapes::ShapeRef.new(shape: PolicyVariables, location_name: "PolicyVariables"))
518
520
  FirewallPolicy.struct_class = Types::FirewallPolicy
519
521
 
520
522
  FirewallPolicyMetadata.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "Name"))
@@ -664,6 +666,9 @@ module Aws::NetworkFirewall
664
666
  PerObjectStatus.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
665
667
  PerObjectStatus.struct_class = Types::PerObjectStatus
666
668
 
669
+ PolicyVariables.add_member(:rule_variables, Shapes::ShapeRef.new(shape: IPSets, location_name: "RuleVariables"))
670
+ PolicyVariables.struct_class = Types::PolicyVariables
671
+
667
672
  PortRange.add_member(:from_port, Shapes::ShapeRef.new(shape: PortRangeBound, required: true, location_name: "FromPort"))
668
673
  PortRange.add_member(:to_port, Shapes::ShapeRef.new(shape: PortRangeBound, required: true, location_name: "ToPort"))
669
674
  PortRange.struct_class = Types::PortRange
@@ -286,12 +286,14 @@ module Aws::NetworkFirewall
286
286
  #
287
287
  # @!attribute [rw] status_message
288
288
  # If Network Firewall fails to create or delete the firewall endpoint
289
- # in the subnet, it populates this with the reason for the failure and
290
- # how to resolve it. Depending on the error, it can take as many as 15
289
+ # in the subnet, it populates this with the reason for the error or
290
+ # failure and how to resolve it. A `FAILED` status indicates a
291
+ # non-recoverable state, and a `ERROR` status indicates an issue that
292
+ # you can fix. Depending on the error, it can take as many as 15
291
293
  # minutes to populate this field. For more information about the
292
- # errors and solutions available for this field, see [Troubleshooting
293
- # firewall endpoint failures][1] in the *Network Firewall Developer
294
- # Guide*.
294
+ # causes for failiure or errors and solutions available for this
295
+ # field, see [Troubleshooting firewall endpoint failures][1] in the
296
+ # *Network Firewall Developer Guide*.
295
297
  #
296
298
  #
297
299
  #
@@ -1840,6 +1842,11 @@ module Aws::NetworkFirewall
1840
1842
  # The Amazon Resource Name (ARN) of the TLS inspection configuration.
1841
1843
  # @return [String]
1842
1844
  #
1845
+ # @!attribute [rw] policy_variables
1846
+ # Contains variables that you can use to override default Suricata
1847
+ # settings in your firewall policy.
1848
+ # @return [Types::PolicyVariables]
1849
+ #
1843
1850
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicy AWS API Documentation
1844
1851
  #
1845
1852
  class FirewallPolicy < Struct.new(
@@ -1850,7 +1857,8 @@ module Aws::NetworkFirewall
1850
1857
  :stateful_rule_group_references,
1851
1858
  :stateful_default_actions,
1852
1859
  :stateful_engine_options,
1853
- :tls_inspection_configuration_arn)
1860
+ :tls_inspection_configuration_arn,
1861
+ :policy_variables)
1854
1862
  SENSITIVE = []
1855
1863
  include Aws::Structure
1856
1864
  end
@@ -2730,6 +2738,26 @@ module Aws::NetworkFirewall
2730
2738
  include Aws::Structure
2731
2739
  end
2732
2740
 
2741
+ # Contains variables that you can use to override default Suricata
2742
+ # settings in your firewall policy.
2743
+ #
2744
+ # @!attribute [rw] rule_variables
2745
+ # The IPv4 or IPv6 addresses in CIDR notation to use for the Suricata
2746
+ # `HOME_NET` variable. If your firewall uses an inspection VPC, you
2747
+ # might want to override the `HOME_NET` variable with the CIDRs of
2748
+ # your home networks. If you don't override `HOME_NET` with your own
2749
+ # CIDRs, Network Firewall by default uses the CIDR of your inspection
2750
+ # VPC.
2751
+ # @return [Hash<String,Types::IPSet>]
2752
+ #
2753
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/PolicyVariables AWS API Documentation
2754
+ #
2755
+ class PolicyVariables < Struct.new(
2756
+ :rule_variables)
2757
+ SENSITIVE = []
2758
+ include Aws::Structure
2759
+ end
2760
+
2733
2761
  # A single port range specification. This is used for source and
2734
2762
  # destination port ranges in the stateless rule MatchAttributes,
2735
2763
  # `SourcePorts`, and `DestinationPorts` settings.
@@ -2804,10 +2832,6 @@ module Aws::NetworkFirewall
2804
2832
  # For a firewall policy resource, you can specify the following
2805
2833
  # operations in the Actions section of the statement:
2806
2834
  #
2807
- # * network-firewall:CreateFirewall
2808
- #
2809
- # * network-firewall:UpdateFirewall
2810
- #
2811
2835
  # * network-firewall:AssociateFirewallPolicy
2812
2836
  #
2813
2837
  # * network-firewall:ListFirewallPolicies
@@ -3173,7 +3197,7 @@ module Aws::NetworkFirewall
3173
3197
  #
3174
3198
  #
3175
3199
  #
3176
- # [1]: https://suricata.readthedocs.io/rules/intro.html#
3200
+ # [1]: https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html
3177
3201
  # @return [Array<Types::StatefulRule>]
3178
3202
  #
3179
3203
  # @!attribute [rw] stateless_rules_and_custom_actions
@@ -3444,7 +3468,7 @@ module Aws::NetworkFirewall
3444
3468
  #
3445
3469
  #
3446
3470
  #
3447
- # [1]: https://suricata.readthedocs.io/rules/intro.html#
3471
+ # [1]: https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html
3448
3472
  #
3449
3473
  # @!attribute [rw] action
3450
3474
  # Defines what Network Firewall should do with the packets in a
@@ -3468,16 +3492,6 @@ module Aws::NetworkFirewall
3468
3492
  # drop traffic. You can enable the rule with `ALERT` action, verify
3469
3493
  # in the logs that the rule is filtering as you want, then change
3470
3494
  # the action to `DROP`.
3471
- #
3472
- # * **REJECT** - Drops TCP traffic that matches the conditions of the
3473
- # stateful rule, and sends a TCP reset packet back to sender of the
3474
- # packet. A TCP reset packet is a packet with no payload and a `RST`
3475
- # bit contained in the TCP header flags. Also sends an alert log
3476
- # mesage if alert logging is configured in the Firewall
3477
- # LoggingConfiguration.
3478
- #
3479
- # `REJECT` isn't currently available for use with IMAP and FTP
3480
- # protocols.
3481
3495
  # @return [String]
3482
3496
  #
3483
3497
  # @!attribute [rw] header
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
52
52
  # @!group service
53
53
  module Aws::NetworkFirewall
54
54
 
55
- GEM_VERSION = '1.25.0'
55
+ GEM_VERSION = '1.27.0'
56
56
 
57
57
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-networkfirewall
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.25.0
4
+ version: 1.27.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-03-30 00:00:00.000000000 Z
11
+ date: 2023-05-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core