aws-sdk-networkfirewall 1.26.0 → 1.28.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f06525de7ab96ffab1dc74ee6cfb7629f37fade446430443a5e3fa6a6430e571
4
- data.tar.gz: cdaf82868e449d14b6b626169486b4fd60346a3d3e98d36dbbbfeb76919c0647
3
+ metadata.gz: 0777bee33353956140748399c259f21e1da2819f69f84f0353b438725e003c62
4
+ data.tar.gz: b3e1cf9cde792809cc2963d6b3293aca1915965a1be408eeb21ee22b4ba2db7f
5
5
  SHA512:
6
- metadata.gz: 04f2235e8fef3726e03bac04bcca56af77b3ad6055d70f68fd4284a213916edc9b73a901f6480cd4951407fd37df9380d8bf7f6e1b3bddb194074f2136c5d94b
7
- data.tar.gz: 254bfefe094e643f56861d3444353792363e6fbfc1d89b51a9b9e0da8b9d064a449399120640d2d82762fd48d1c3b62428f72b6229475a78586410103c22f8b9
6
+ metadata.gz: b50dc676821f92c9b96e1e41536c72c770c294240907afb2508d9c8001621dd797921395222c3e8d632dddd0415b68a883b6784a2d93f0142ac53089c72cb9ea
7
+ data.tar.gz: d8ce58d223868c23b80041a606de67df91f313f6adbf17066cb11d5b3d4a814a3ac1d294b413371ae371be9faf215d98bb85fa169d4cb13e0ddc9266da6002fb
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.28.0 (2023-05-04)
5
+ ------------------
6
+
7
+ * Feature - This release adds support for the Suricata REJECT option in midstream exception configurations.
8
+
9
+ 1.27.0 (2023-05-03)
10
+ ------------------
11
+
12
+ * Feature - AWS Network Firewall now supports policy level HOME_NET variable overrides.
13
+
4
14
  1.26.0 (2023-04-05)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.26.0
1
+ 1.28.0
@@ -663,7 +663,7 @@ module Aws::NetworkFirewall
663
663
  # resp.firewall_status.sync_states #=> Hash
664
664
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
665
665
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
666
- # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
666
+ # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "FAILED", "ERROR", "SCALING", "READY"
667
667
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status_message #=> String
668
668
  # resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
669
669
  # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
@@ -766,9 +766,16 @@ module Aws::NetworkFirewall
766
766
  # stateful_default_actions: ["CollectionMember_String"],
767
767
  # stateful_engine_options: {
768
768
  # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
769
- # stream_exception_policy: "DROP", # accepts DROP, CONTINUE
769
+ # stream_exception_policy: "DROP", # accepts DROP, CONTINUE, REJECT
770
770
  # },
771
771
  # tls_inspection_configuration_arn: "ResourceArn",
772
+ # policy_variables: {
773
+ # rule_variables: {
774
+ # "RuleVariableName" => {
775
+ # definition: ["VariableDefinition"], # required
776
+ # },
777
+ # },
778
+ # },
772
779
  # },
773
780
  # description: "Description",
774
781
  # tags: [
@@ -1324,7 +1331,7 @@ module Aws::NetworkFirewall
1324
1331
  # resp.firewall_status.sync_states #=> Hash
1325
1332
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
1326
1333
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
1327
- # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
1334
+ # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "FAILED", "ERROR", "SCALING", "READY"
1328
1335
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status_message #=> String
1329
1336
  # resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
1330
1337
  # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
@@ -1586,7 +1593,7 @@ module Aws::NetworkFirewall
1586
1593
  # resp.firewall_status.sync_states #=> Hash
1587
1594
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
1588
1595
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
1589
- # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY"
1596
+ # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "FAILED", "ERROR", "SCALING", "READY"
1590
1597
  # resp.firewall_status.sync_states["AvailabilityZone"].attachment.status_message #=> String
1591
1598
  # resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
1592
1599
  # resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
@@ -1666,8 +1673,11 @@ module Aws::NetworkFirewall
1666
1673
  # resp.firewall_policy.stateful_default_actions #=> Array
1667
1674
  # resp.firewall_policy.stateful_default_actions[0] #=> String
1668
1675
  # resp.firewall_policy.stateful_engine_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
1669
- # resp.firewall_policy.stateful_engine_options.stream_exception_policy #=> String, one of "DROP", "CONTINUE"
1676
+ # resp.firewall_policy.stateful_engine_options.stream_exception_policy #=> String, one of "DROP", "CONTINUE", "REJECT"
1670
1677
  # resp.firewall_policy.tls_inspection_configuration_arn #=> String
1678
+ # resp.firewall_policy.policy_variables.rule_variables #=> Hash
1679
+ # resp.firewall_policy.policy_variables.rule_variables["RuleVariableName"].definition #=> Array
1680
+ # resp.firewall_policy.policy_variables.rule_variables["RuleVariableName"].definition[0] #=> String
1671
1681
  #
1672
1682
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewallPolicy AWS API Documentation
1673
1683
  #
@@ -2402,10 +2412,6 @@ module Aws::NetworkFirewall
2402
2412
  # For a firewall policy resource, you can specify the following
2403
2413
  # operations in the Actions section of the statement:
2404
2414
  #
2405
- # * network-firewall:CreateFirewall
2406
- #
2407
- # * network-firewall:UpdateFirewall
2408
- #
2409
2415
  # * network-firewall:AssociateFirewallPolicy
2410
2416
  #
2411
2417
  # * network-firewall:ListFirewallPolicies
@@ -2825,9 +2831,16 @@ module Aws::NetworkFirewall
2825
2831
  # stateful_default_actions: ["CollectionMember_String"],
2826
2832
  # stateful_engine_options: {
2827
2833
  # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
2828
- # stream_exception_policy: "DROP", # accepts DROP, CONTINUE
2834
+ # stream_exception_policy: "DROP", # accepts DROP, CONTINUE, REJECT
2829
2835
  # },
2830
2836
  # tls_inspection_configuration_arn: "ResourceArn",
2837
+ # policy_variables: {
2838
+ # rule_variables: {
2839
+ # "RuleVariableName" => {
2840
+ # definition: ["VariableDefinition"], # required
2841
+ # },
2842
+ # },
2843
+ # },
2831
2844
  # },
2832
2845
  # description: "Description",
2833
2846
  # dry_run: false,
@@ -3507,7 +3520,7 @@ module Aws::NetworkFirewall
3507
3520
  params: params,
3508
3521
  config: config)
3509
3522
  context[:gem_name] = 'aws-sdk-networkfirewall'
3510
- context[:gem_version] = '1.26.0'
3523
+ context[:gem_version] = '1.28.0'
3511
3524
  Seahorse::Client::Request.new(handlers, context)
3512
3525
  end
3513
3526
 
@@ -137,6 +137,7 @@ module Aws::NetworkFirewall
137
137
  PerObjectStatus = Shapes::StructureShape.new(name: 'PerObjectStatus')
138
138
  PerObjectSyncStatus = Shapes::StringShape.new(name: 'PerObjectSyncStatus')
139
139
  PolicyString = Shapes::StringShape.new(name: 'PolicyString')
140
+ PolicyVariables = Shapes::StructureShape.new(name: 'PolicyVariables')
140
141
  Port = Shapes::StringShape.new(name: 'Port')
141
142
  PortRange = Shapes::StructureShape.new(name: 'PortRange')
142
143
  PortRangeBound = Shapes::IntegerShape.new(name: 'PortRangeBound')
@@ -515,6 +516,7 @@ module Aws::NetworkFirewall
515
516
  FirewallPolicy.add_member(:stateful_default_actions, Shapes::ShapeRef.new(shape: StatefulActions, location_name: "StatefulDefaultActions"))
516
517
  FirewallPolicy.add_member(:stateful_engine_options, Shapes::ShapeRef.new(shape: StatefulEngineOptions, location_name: "StatefulEngineOptions"))
517
518
  FirewallPolicy.add_member(:tls_inspection_configuration_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "TLSInspectionConfigurationArn"))
519
+ FirewallPolicy.add_member(:policy_variables, Shapes::ShapeRef.new(shape: PolicyVariables, location_name: "PolicyVariables"))
518
520
  FirewallPolicy.struct_class = Types::FirewallPolicy
519
521
 
520
522
  FirewallPolicyMetadata.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "Name"))
@@ -664,6 +666,9 @@ module Aws::NetworkFirewall
664
666
  PerObjectStatus.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
665
667
  PerObjectStatus.struct_class = Types::PerObjectStatus
666
668
 
669
+ PolicyVariables.add_member(:rule_variables, Shapes::ShapeRef.new(shape: IPSets, location_name: "RuleVariables"))
670
+ PolicyVariables.struct_class = Types::PolicyVariables
671
+
667
672
  PortRange.add_member(:from_port, Shapes::ShapeRef.new(shape: PortRangeBound, required: true, location_name: "FromPort"))
668
673
  PortRange.add_member(:to_port, Shapes::ShapeRef.new(shape: PortRangeBound, required: true, location_name: "ToPort"))
669
674
  PortRange.struct_class = Types::PortRange
@@ -286,12 +286,14 @@ module Aws::NetworkFirewall
286
286
  #
287
287
  # @!attribute [rw] status_message
288
288
  # If Network Firewall fails to create or delete the firewall endpoint
289
- # in the subnet, it populates this with the reason for the failure and
290
- # how to resolve it. Depending on the error, it can take as many as 15
289
+ # in the subnet, it populates this with the reason for the error or
290
+ # failure and how to resolve it. A `FAILED` status indicates a
291
+ # non-recoverable state, and a `ERROR` status indicates an issue that
292
+ # you can fix. Depending on the error, it can take as many as 15
291
293
  # minutes to populate this field. For more information about the
292
- # errors and solutions available for this field, see [Troubleshooting
293
- # firewall endpoint failures][1] in the *Network Firewall Developer
294
- # Guide*.
294
+ # causes for failiure or errors and solutions available for this
295
+ # field, see [Troubleshooting firewall endpoint failures][1] in the
296
+ # *Network Firewall Developer Guide*.
295
297
  #
296
298
  #
297
299
  #
@@ -1840,6 +1842,11 @@ module Aws::NetworkFirewall
1840
1842
  # The Amazon Resource Name (ARN) of the TLS inspection configuration.
1841
1843
  # @return [String]
1842
1844
  #
1845
+ # @!attribute [rw] policy_variables
1846
+ # Contains variables that you can use to override default Suricata
1847
+ # settings in your firewall policy.
1848
+ # @return [Types::PolicyVariables]
1849
+ #
1843
1850
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicy AWS API Documentation
1844
1851
  #
1845
1852
  class FirewallPolicy < Struct.new(
@@ -1850,7 +1857,8 @@ module Aws::NetworkFirewall
1850
1857
  :stateful_rule_group_references,
1851
1858
  :stateful_default_actions,
1852
1859
  :stateful_engine_options,
1853
- :tls_inspection_configuration_arn)
1860
+ :tls_inspection_configuration_arn,
1861
+ :policy_variables)
1854
1862
  SENSITIVE = []
1855
1863
  include Aws::Structure
1856
1864
  end
@@ -2730,6 +2738,26 @@ module Aws::NetworkFirewall
2730
2738
  include Aws::Structure
2731
2739
  end
2732
2740
 
2741
+ # Contains variables that you can use to override default Suricata
2742
+ # settings in your firewall policy.
2743
+ #
2744
+ # @!attribute [rw] rule_variables
2745
+ # The IPv4 or IPv6 addresses in CIDR notation to use for the Suricata
2746
+ # `HOME_NET` variable. If your firewall uses an inspection VPC, you
2747
+ # might want to override the `HOME_NET` variable with the CIDRs of
2748
+ # your home networks. If you don't override `HOME_NET` with your own
2749
+ # CIDRs, Network Firewall by default uses the CIDR of your inspection
2750
+ # VPC.
2751
+ # @return [Hash<String,Types::IPSet>]
2752
+ #
2753
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/PolicyVariables AWS API Documentation
2754
+ #
2755
+ class PolicyVariables < Struct.new(
2756
+ :rule_variables)
2757
+ SENSITIVE = []
2758
+ include Aws::Structure
2759
+ end
2760
+
2733
2761
  # A single port range specification. This is used for source and
2734
2762
  # destination port ranges in the stateless rule MatchAttributes,
2735
2763
  # `SourcePorts`, and `DestinationPorts` settings.
@@ -2804,10 +2832,6 @@ module Aws::NetworkFirewall
2804
2832
  # For a firewall policy resource, you can specify the following
2805
2833
  # operations in the Actions section of the statement:
2806
2834
  #
2807
- # * network-firewall:CreateFirewall
2808
- #
2809
- # * network-firewall:UpdateFirewall
2810
- #
2811
2835
  # * network-firewall:AssociateFirewallPolicy
2812
2836
  #
2813
2837
  # * network-firewall:ListFirewallPolicies
@@ -3425,6 +3449,13 @@ module Aws::NetworkFirewall
3425
3449
  # behavior is rule dependent—a TCP-layer rule using a
3426
3450
  # `flow:stateless` rule would still match, as would the
3427
3451
  # `aws:drop_strict` default action.
3452
+ #
3453
+ # * `REJECT` - Network Firewall fails closed and drops all subsequent
3454
+ # traffic going to the firewall. Network Firewall also sends a TCP
3455
+ # reject packet back to your client so that the client can
3456
+ # immediately establish a new session. Network Firewall will have
3457
+ # context about the new session and will apply rules to the
3458
+ # subsequent traffic.
3428
3459
  # @return [String]
3429
3460
  #
3430
3461
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulEngineOptions AWS API Documentation
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
52
52
  # @!group service
53
53
  module Aws::NetworkFirewall
54
54
 
55
- GEM_VERSION = '1.26.0'
55
+ GEM_VERSION = '1.28.0'
56
56
 
57
57
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-networkfirewall
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.26.0
4
+ version: 1.28.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-04-05 00:00:00.000000000 Z
11
+ date: 2023-05-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core