aws-sdk-networkfirewall 1.34.0 → 1.36.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fec980bb2effab94f68686a902121b505264c99ea051fb73ef785f4c5faa7bf7
4
- data.tar.gz: 399fcdae1c112b420ed040b6f2a74df426d5252afb8fba4d107e4a2f5e08aed1
3
+ metadata.gz: 5c5bf32a26450f873306ff092b4e1b4ece4508dedc0e8c60f8c90f683a9049a5
4
+ data.tar.gz: cc5d2460dadd157009ec50050cbcc928bfdf37c8ae47b09dffb13aa5eda1e272
5
5
  SHA512:
6
- metadata.gz: 01b470715bb8026036f44f17cc34141fc02f8798d05c49b1af1dac8498c7958d98cbad5db0d6e2119e6e23ad81ae562d851aaf00fa87980246176dcf7bb89106
7
- data.tar.gz: e45ad769bf991cf21766b32cd6534a399942c74d7dc8bba2c381900bce5b41a67ab47cdc435261b6c5eb8db8efd03fd5291acc89036fcff93eb1bcf0b81e2795
6
+ metadata.gz: 1e21e992ce09f252a6f004ab93349d8d4a66f7c08d1658e68a89d515a8f24db017fbeebb17110df25d4a8b89aac63b933f40cf486558490f17bc118db25183d9
7
+ data.tar.gz: b867ef794e837c2045c6ef228f5ae324f5b80844da2198c636c2b4733591ba676959ab4c29f1a82b411f085c0a359feb0edea732c8ba0c75c72d443d905115e4
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.36.0 (2023-10-26)
5
+ ------------------
6
+
7
+ * Feature - Network Firewall now supports inspection of outbound SSL/TLS traffic.
8
+
9
+ 1.35.0 (2023-09-27)
10
+ ------------------
11
+
12
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
13
+
4
14
  1.34.0 (2023-08-30)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.34.0
1
+ 1.36.0
@@ -818,7 +818,7 @@ module Aws::NetworkFirewall
818
818
  # resp.firewall_policy_response.firewall_policy_arn #=> String
819
819
  # resp.firewall_policy_response.firewall_policy_id #=> String
820
820
  # resp.firewall_policy_response.description #=> String
821
- # resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING"
821
+ # resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
822
822
  # resp.firewall_policy_response.tags #=> Array
823
823
  # resp.firewall_policy_response.tags[0].key #=> String
824
824
  # resp.firewall_policy_response.tags[0].value #=> String
@@ -1100,7 +1100,7 @@ module Aws::NetworkFirewall
1100
1100
  # resp.rule_group_response.description #=> String
1101
1101
  # resp.rule_group_response.type #=> String, one of "STATELESS", "STATEFUL"
1102
1102
  # resp.rule_group_response.capacity #=> Integer
1103
- # resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING"
1103
+ # resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
1104
1104
  # resp.rule_group_response.tags #=> Array
1105
1105
  # resp.rule_group_response.tags[0].key #=> String
1106
1106
  # resp.rule_group_response.tags[0].value #=> String
@@ -1124,11 +1124,11 @@ module Aws::NetworkFirewall
1124
1124
 
1125
1125
  # Creates an Network Firewall TLS inspection configuration. A TLS
1126
1126
  # inspection configuration contains the Certificate Manager certificate
1127
- # references that Network Firewall uses to decrypt and re-encrypt
1128
- # inbound traffic.
1127
+ # associations that Network Firewall uses to decrypt and re-encrypt
1128
+ # traffic traveling through your firewall.
1129
1129
  #
1130
- # After you create a TLS inspection configuration, you associate it with
1131
- # a new firewall policy.
1130
+ # After you create a TLS inspection configuration, you can associate it
1131
+ # with a new firewall policy.
1132
1132
  #
1133
1133
  # To update the settings for a TLS inspection configuration, use
1134
1134
  # UpdateTLSInspectionConfiguration.
@@ -1142,7 +1142,7 @@ module Aws::NetworkFirewall
1142
1142
  # DescribeTLSInspectionConfiguration.
1143
1143
  #
1144
1144
  # For more information about TLS inspection configurations, see
1145
- # [Decrypting SSL/TLS traffic with TLS inspection configurations][1] in
1145
+ # [Inspecting SSL/TLS traffic with TLS inspection configurations][1] in
1146
1146
  # the *Network Firewall Developer Guide*.
1147
1147
  #
1148
1148
  #
@@ -1166,12 +1166,12 @@ module Aws::NetworkFirewall
1166
1166
  # To use a TLS inspection configuration, you add it to a new Network
1167
1167
  # Firewall firewall policy, then you apply the firewall policy to a
1168
1168
  # firewall. Network Firewall acts as a proxy service to decrypt and
1169
- # inspect inbound traffic. You can reference a TLS inspection
1170
- # configuration from more than one firewall policy, and you can use a
1171
- # firewall policy in more than one firewall. For more information about
1172
- # using TLS inspection configurations, see [Decrypting SSL/TLS traffic
1173
- # with TLS inspection configurations][1] in the *Network Firewall
1174
- # Developer Guide*.
1169
+ # inspect the traffic traveling through your firewalls. You can
1170
+ # reference a TLS inspection configuration from more than one firewall
1171
+ # policy, and you can use a firewall policy in more than one firewall.
1172
+ # For more information about using TLS inspection configurations, see
1173
+ # [Inspecting SSL/TLS traffic with TLS inspection configurations][1] in
1174
+ # the *Network Firewall Developer Guide*.
1175
1175
  #
1176
1176
  #
1177
1177
  #
@@ -1242,6 +1242,11 @@ module Aws::NetworkFirewall
1242
1242
  # protocols: [1],
1243
1243
  # },
1244
1244
  # ],
1245
+ # certificate_authority_arn: "ResourceArn",
1246
+ # check_certificate_revocation_status: {
1247
+ # revoked_status_action: "PASS", # accepts PASS, DROP, REJECT
1248
+ # unknown_status_action: "PASS", # accepts PASS, DROP, REJECT
1249
+ # },
1245
1250
  # },
1246
1251
  # ],
1247
1252
  # },
@@ -1264,7 +1269,7 @@ module Aws::NetworkFirewall
1264
1269
  # resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
1265
1270
  # resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
1266
1271
  # resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
1267
- # resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
1272
+ # resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
1268
1273
  # resp.tls_inspection_configuration_response.description #=> String
1269
1274
  # resp.tls_inspection_configuration_response.tags #=> Array
1270
1275
  # resp.tls_inspection_configuration_response.tags[0].key #=> String
@@ -1278,6 +1283,10 @@ module Aws::NetworkFirewall
1278
1283
  # resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
1279
1284
  # resp.tls_inspection_configuration_response.certificates[0].status #=> String
1280
1285
  # resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
1286
+ # resp.tls_inspection_configuration_response.certificate_authority.certificate_arn #=> String
1287
+ # resp.tls_inspection_configuration_response.certificate_authority.certificate_serial #=> String
1288
+ # resp.tls_inspection_configuration_response.certificate_authority.status #=> String
1289
+ # resp.tls_inspection_configuration_response.certificate_authority.status_message #=> String
1281
1290
  #
1282
1291
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateTLSInspectionConfiguration AWS API Documentation
1283
1292
  #
@@ -1400,7 +1409,7 @@ module Aws::NetworkFirewall
1400
1409
  # resp.firewall_policy_response.firewall_policy_arn #=> String
1401
1410
  # resp.firewall_policy_response.firewall_policy_id #=> String
1402
1411
  # resp.firewall_policy_response.description #=> String
1403
- # resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING"
1412
+ # resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
1404
1413
  # resp.firewall_policy_response.tags #=> Array
1405
1414
  # resp.firewall_policy_response.tags[0].key #=> String
1406
1415
  # resp.firewall_policy_response.tags[0].value #=> String
@@ -1487,7 +1496,7 @@ module Aws::NetworkFirewall
1487
1496
  # resp.rule_group_response.description #=> String
1488
1497
  # resp.rule_group_response.type #=> String, one of "STATELESS", "STATEFUL"
1489
1498
  # resp.rule_group_response.capacity #=> Integer
1490
- # resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING"
1499
+ # resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
1491
1500
  # resp.rule_group_response.tags #=> Array
1492
1501
  # resp.rule_group_response.tags[0].key #=> String
1493
1502
  # resp.rule_group_response.tags[0].value #=> String
@@ -1538,7 +1547,7 @@ module Aws::NetworkFirewall
1538
1547
  # resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
1539
1548
  # resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
1540
1549
  # resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
1541
- # resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
1550
+ # resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
1542
1551
  # resp.tls_inspection_configuration_response.description #=> String
1543
1552
  # resp.tls_inspection_configuration_response.tags #=> Array
1544
1553
  # resp.tls_inspection_configuration_response.tags[0].key #=> String
@@ -1552,6 +1561,10 @@ module Aws::NetworkFirewall
1552
1561
  # resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
1553
1562
  # resp.tls_inspection_configuration_response.certificates[0].status #=> String
1554
1563
  # resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
1564
+ # resp.tls_inspection_configuration_response.certificate_authority.certificate_arn #=> String
1565
+ # resp.tls_inspection_configuration_response.certificate_authority.certificate_serial #=> String
1566
+ # resp.tls_inspection_configuration_response.certificate_authority.status #=> String
1567
+ # resp.tls_inspection_configuration_response.certificate_authority.status_message #=> String
1555
1568
  #
1556
1569
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteTLSInspectionConfiguration AWS API Documentation
1557
1570
  #
@@ -1665,7 +1678,7 @@ module Aws::NetworkFirewall
1665
1678
  # resp.firewall_policy_response.firewall_policy_arn #=> String
1666
1679
  # resp.firewall_policy_response.firewall_policy_id #=> String
1667
1680
  # resp.firewall_policy_response.description #=> String
1668
- # resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING"
1681
+ # resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
1669
1682
  # resp.firewall_policy_response.tags #=> Array
1670
1683
  # resp.firewall_policy_response.tags[0].key #=> String
1671
1684
  # resp.firewall_policy_response.tags[0].value #=> String
@@ -1879,7 +1892,7 @@ module Aws::NetworkFirewall
1879
1892
  # resp.rule_group_response.description #=> String
1880
1893
  # resp.rule_group_response.type #=> String, one of "STATELESS", "STATEFUL"
1881
1894
  # resp.rule_group_response.capacity #=> Integer
1882
- # resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING"
1895
+ # resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
1883
1896
  # resp.rule_group_response.tags #=> Array
1884
1897
  # resp.rule_group_response.tags[0].key #=> String
1885
1898
  # resp.rule_group_response.tags[0].value #=> String
@@ -2011,10 +2024,13 @@ module Aws::NetworkFirewall
2011
2024
  # resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].destination_ports[0].to_port #=> Integer
2012
2025
  # resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].protocols #=> Array
2013
2026
  # resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].protocols[0] #=> Integer
2027
+ # resp.tls_inspection_configuration.server_certificate_configurations[0].certificate_authority_arn #=> String
2028
+ # resp.tls_inspection_configuration.server_certificate_configurations[0].check_certificate_revocation_status.revoked_status_action #=> String, one of "PASS", "DROP", "REJECT"
2029
+ # resp.tls_inspection_configuration.server_certificate_configurations[0].check_certificate_revocation_status.unknown_status_action #=> String, one of "PASS", "DROP", "REJECT"
2014
2030
  # resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
2015
2031
  # resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
2016
2032
  # resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
2017
- # resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
2033
+ # resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
2018
2034
  # resp.tls_inspection_configuration_response.description #=> String
2019
2035
  # resp.tls_inspection_configuration_response.tags #=> Array
2020
2036
  # resp.tls_inspection_configuration_response.tags[0].key #=> String
@@ -2028,6 +2044,10 @@ module Aws::NetworkFirewall
2028
2044
  # resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
2029
2045
  # resp.tls_inspection_configuration_response.certificates[0].status #=> String
2030
2046
  # resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
2047
+ # resp.tls_inspection_configuration_response.certificate_authority.certificate_arn #=> String
2048
+ # resp.tls_inspection_configuration_response.certificate_authority.certificate_serial #=> String
2049
+ # resp.tls_inspection_configuration_response.certificate_authority.status #=> String
2050
+ # resp.tls_inspection_configuration_response.certificate_authority.status_message #=> String
2031
2051
  #
2032
2052
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeTLSInspectionConfiguration AWS API Documentation
2033
2053
  #
@@ -2880,7 +2900,7 @@ module Aws::NetworkFirewall
2880
2900
  # resp.firewall_policy_response.firewall_policy_arn #=> String
2881
2901
  # resp.firewall_policy_response.firewall_policy_id #=> String
2882
2902
  # resp.firewall_policy_response.description #=> String
2883
- # resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING"
2903
+ # resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
2884
2904
  # resp.firewall_policy_response.tags #=> Array
2885
2905
  # resp.firewall_policy_response.tags[0].key #=> String
2886
2906
  # resp.firewall_policy_response.tags[0].value #=> String
@@ -3289,7 +3309,7 @@ module Aws::NetworkFirewall
3289
3309
  # resp.rule_group_response.description #=> String
3290
3310
  # resp.rule_group_response.type #=> String, one of "STATELESS", "STATEFUL"
3291
3311
  # resp.rule_group_response.capacity #=> Integer
3292
- # resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING"
3312
+ # resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
3293
3313
  # resp.rule_group_response.tags #=> Array
3294
3314
  # resp.rule_group_response.tags[0].key #=> String
3295
3315
  # resp.rule_group_response.tags[0].value #=> String
@@ -3382,9 +3402,9 @@ module Aws::NetworkFirewall
3382
3402
 
3383
3403
  # Updates the TLS inspection configuration settings for the specified
3384
3404
  # TLS inspection configuration. You use a TLS inspection configuration
3385
- # by reference in one or more firewall policies. When you modify a TLS
3386
- # inspection configuration, you modify all firewall policies that use
3387
- # the TLS inspection configuration.
3405
+ # by referencing it in one or more firewall policies. When you modify a
3406
+ # TLS inspection configuration, you modify all firewall policies that
3407
+ # use the TLS inspection configuration.
3388
3408
  #
3389
3409
  # To update a TLS inspection configuration, first call
3390
3410
  # DescribeTLSInspectionConfiguration to retrieve the current
@@ -3411,12 +3431,12 @@ module Aws::NetworkFirewall
3411
3431
  # To use a TLS inspection configuration, you add it to a new Network
3412
3432
  # Firewall firewall policy, then you apply the firewall policy to a
3413
3433
  # firewall. Network Firewall acts as a proxy service to decrypt and
3414
- # inspect inbound traffic. You can reference a TLS inspection
3415
- # configuration from more than one firewall policy, and you can use a
3416
- # firewall policy in more than one firewall. For more information about
3417
- # using TLS inspection configurations, see [Decrypting SSL/TLS traffic
3418
- # with TLS inspection configurations][1] in the *Network Firewall
3419
- # Developer Guide*.
3434
+ # inspect the traffic traveling through your firewalls. You can
3435
+ # reference a TLS inspection configuration from more than one firewall
3436
+ # policy, and you can use a firewall policy in more than one firewall.
3437
+ # For more information about using TLS inspection configurations, see
3438
+ # [Inspecting SSL/TLS traffic with TLS inspection configurations][1] in
3439
+ # the *Network Firewall Developer Guide*.
3420
3440
  #
3421
3441
  #
3422
3442
  #
@@ -3489,6 +3509,11 @@ module Aws::NetworkFirewall
3489
3509
  # protocols: [1],
3490
3510
  # },
3491
3511
  # ],
3512
+ # certificate_authority_arn: "ResourceArn",
3513
+ # check_certificate_revocation_status: {
3514
+ # revoked_status_action: "PASS", # accepts PASS, DROP, REJECT
3515
+ # unknown_status_action: "PASS", # accepts PASS, DROP, REJECT
3516
+ # },
3492
3517
  # },
3493
3518
  # ],
3494
3519
  # },
@@ -3506,7 +3531,7 @@ module Aws::NetworkFirewall
3506
3531
  # resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
3507
3532
  # resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
3508
3533
  # resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
3509
- # resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
3534
+ # resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
3510
3535
  # resp.tls_inspection_configuration_response.description #=> String
3511
3536
  # resp.tls_inspection_configuration_response.tags #=> Array
3512
3537
  # resp.tls_inspection_configuration_response.tags[0].key #=> String
@@ -3520,6 +3545,10 @@ module Aws::NetworkFirewall
3520
3545
  # resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
3521
3546
  # resp.tls_inspection_configuration_response.certificates[0].status #=> String
3522
3547
  # resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
3548
+ # resp.tls_inspection_configuration_response.certificate_authority.certificate_arn #=> String
3549
+ # resp.tls_inspection_configuration_response.certificate_authority.certificate_serial #=> String
3550
+ # resp.tls_inspection_configuration_response.certificate_authority.status #=> String
3551
+ # resp.tls_inspection_configuration_response.certificate_authority.status_message #=> String
3523
3552
  #
3524
3553
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateTLSInspectionConfiguration AWS API Documentation
3525
3554
  #
@@ -3543,7 +3572,7 @@ module Aws::NetworkFirewall
3543
3572
  params: params,
3544
3573
  config: config)
3545
3574
  context[:gem_name] = 'aws-sdk-networkfirewall'
3546
- context[:gem_version] = '1.34.0'
3575
+ context[:gem_version] = '1.36.0'
3547
3576
  Seahorse::Client::Request.new(handlers, context)
3548
3577
  end
3549
3578
 
@@ -32,6 +32,7 @@ module Aws::NetworkFirewall
32
32
  CIDRSummary = Shapes::StructureShape.new(name: 'CIDRSummary')
33
33
  CapacityUsageSummary = Shapes::StructureShape.new(name: 'CapacityUsageSummary')
34
34
  Certificates = Shapes::ListShape.new(name: 'Certificates')
35
+ CheckCertificateRevocationStatusActions = Shapes::StructureShape.new(name: 'CheckCertificateRevocationStatusActions')
35
36
  CollectionMember_String = Shapes::StringShape.new(name: 'CollectionMember_String')
36
37
  ConfigurationSyncState = Shapes::StringShape.new(name: 'ConfigurationSyncState')
37
38
  CreateFirewallPolicyRequest = Shapes::StructureShape.new(name: 'CreateFirewallPolicyRequest')
@@ -159,6 +160,7 @@ module Aws::NetworkFirewall
159
160
  ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
160
161
  ResourceOwnerCheckException = Shapes::StructureShape.new(name: 'ResourceOwnerCheckException')
161
162
  ResourceStatus = Shapes::StringShape.new(name: 'ResourceStatus')
163
+ RevocationCheckAction = Shapes::StringShape.new(name: 'RevocationCheckAction')
162
164
  RuleCapacity = Shapes::IntegerShape.new(name: 'RuleCapacity')
163
165
  RuleDefinition = Shapes::StructureShape.new(name: 'RuleDefinition')
164
166
  RuleGroup = Shapes::StructureShape.new(name: 'RuleGroup')
@@ -306,6 +308,10 @@ module Aws::NetworkFirewall
306
308
 
307
309
  Certificates.member = Shapes::ShapeRef.new(shape: TlsCertificateData)
308
310
 
311
+ CheckCertificateRevocationStatusActions.add_member(:revoked_status_action, Shapes::ShapeRef.new(shape: RevocationCheckAction, location_name: "RevokedStatusAction"))
312
+ CheckCertificateRevocationStatusActions.add_member(:unknown_status_action, Shapes::ShapeRef.new(shape: RevocationCheckAction, location_name: "UnknownStatusAction"))
313
+ CheckCertificateRevocationStatusActions.struct_class = Types::CheckCertificateRevocationStatusActions
314
+
309
315
  CreateFirewallPolicyRequest.add_member(:firewall_policy_name, Shapes::ShapeRef.new(shape: ResourceName, required: true, location_name: "FirewallPolicyName"))
310
316
  CreateFirewallPolicyRequest.add_member(:firewall_policy, Shapes::ShapeRef.new(shape: FirewallPolicy, required: true, location_name: "FirewallPolicy"))
311
317
  CreateFirewallPolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
@@ -761,6 +767,8 @@ module Aws::NetworkFirewall
761
767
 
762
768
  ServerCertificateConfiguration.add_member(:server_certificates, Shapes::ShapeRef.new(shape: ServerCertificates, location_name: "ServerCertificates"))
763
769
  ServerCertificateConfiguration.add_member(:scopes, Shapes::ShapeRef.new(shape: ServerCertificateScopes, location_name: "Scopes"))
770
+ ServerCertificateConfiguration.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "CertificateAuthorityArn"))
771
+ ServerCertificateConfiguration.add_member(:check_certificate_revocation_status, Shapes::ShapeRef.new(shape: CheckCertificateRevocationStatusActions, location_name: "CheckCertificateRevocationStatus"))
764
772
  ServerCertificateConfiguration.struct_class = Types::ServerCertificateConfiguration
765
773
 
766
774
  ServerCertificateConfigurations.member = Shapes::ShapeRef.new(shape: ServerCertificateConfiguration)
@@ -865,6 +873,7 @@ module Aws::NetworkFirewall
865
873
  TLSInspectionConfigurationResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
866
874
  TLSInspectionConfigurationResponse.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
867
875
  TLSInspectionConfigurationResponse.add_member(:certificates, Shapes::ShapeRef.new(shape: Certificates, location_name: "Certificates"))
876
+ TLSInspectionConfigurationResponse.add_member(:certificate_authority, Shapes::ShapeRef.new(shape: TlsCertificateData, location_name: "CertificateAuthority"))
868
877
  TLSInspectionConfigurationResponse.struct_class = Types::TLSInspectionConfigurationResponse
869
878
 
870
879
  TLSInspectionConfigurations.member = Shapes::ShapeRef.new(shape: TLSInspectionConfigurationMetadata)
@@ -32,7 +32,7 @@ module Aws::NetworkFirewall
32
32
  raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
33
33
  end
34
34
  if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
35
- if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
35
+ if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
36
36
  return Aws::Endpoints::Endpoint.new(url: "https://network-firewall-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
37
37
  end
38
38
  raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
@@ -355,6 +355,55 @@ module Aws::NetworkFirewall
355
355
  include Aws::Structure
356
356
  end
357
357
 
358
+ # Defines the actions to take on the SSL/TLS connection if the
359
+ # certificate presented by the server in the connection has a revoked or
360
+ # unknown status.
361
+ #
362
+ # @!attribute [rw] revoked_status_action
363
+ # Configures how Network Firewall processes traffic when it determines
364
+ # that the certificate presented by the server in the SSL/TLS
365
+ # connection has a revoked status.
366
+ #
367
+ # * **PASS** - Allow the connection to continue, and pass subsequent
368
+ # packets to the stateful engine for inspection.
369
+ #
370
+ # * **DROP** - Network Firewall fails closed and drops all subsequent
371
+ # traffic.
372
+ #
373
+ # * **REJECT** - Network Firewall sends a TCP reject packet back to
374
+ # your client so that the client can immediately establish a new
375
+ # session. Network Firewall then fails closed and drops all
376
+ # subsequent traffic. `REJECT` is available only for TCP traffic.
377
+ # @return [String]
378
+ #
379
+ # @!attribute [rw] unknown_status_action
380
+ # Configures how Network Firewall processes traffic when it determines
381
+ # that the certificate presented by the server in the SSL/TLS
382
+ # connection has an unknown status, or a status that cannot be
383
+ # determined for any other reason, including when the service is
384
+ # unable to connect to the OCSP and CRL endpoints for the certificate.
385
+ #
386
+ # * **PASS** - Allow the connection to continue, and pass subsequent
387
+ # packets to the stateful engine for inspection.
388
+ #
389
+ # * **DROP** - Network Firewall fails closed and drops all subsequent
390
+ # traffic.
391
+ #
392
+ # * **REJECT** - Network Firewall sends a TCP reject packet back to
393
+ # your client so that the client can immediately establish a new
394
+ # session. Network Firewall then fails closed and drops all
395
+ # subsequent traffic. `REJECT` is available only for TCP traffic.
396
+ # @return [String]
397
+ #
398
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CheckCertificateRevocationStatusActions AWS API Documentation
399
+ #
400
+ class CheckCertificateRevocationStatusActions < Struct.new(
401
+ :revoked_status_action,
402
+ :unknown_status_action)
403
+ SENSITIVE = []
404
+ include Aws::Structure
405
+ end
406
+
358
407
  # @!attribute [rw] firewall_policy_name
359
408
  # The descriptive name of the firewall policy. You can't change the
360
409
  # name of a firewall policy after you create it.
@@ -720,12 +769,12 @@ module Aws::NetworkFirewall
720
769
  # To use a TLS inspection configuration, you add it to a new Network
721
770
  # Firewall firewall policy, then you apply the firewall policy to a
722
771
  # firewall. Network Firewall acts as a proxy service to decrypt and
723
- # inspect inbound traffic. You can reference a TLS inspection
724
- # configuration from more than one firewall policy, and you can use a
725
- # firewall policy in more than one firewall. For more information
726
- # about using TLS inspection configurations, see [Decrypting SSL/TLS
727
- # traffic with TLS inspection configurations][1] in the *Network
728
- # Firewall Developer Guide*.
772
+ # inspect the traffic traveling through your firewalls. You can
773
+ # reference a TLS inspection configuration from more than one firewall
774
+ # policy, and you can use a firewall policy in more than one firewall.
775
+ # For more information about using TLS inspection configurations, see
776
+ # [Inspecting SSL/TLS traffic with TLS inspection configurations][1]
777
+ # in the *Network Firewall Developer Guide*.
729
778
  #
730
779
  #
731
780
  #
@@ -1441,12 +1490,12 @@ module Aws::NetworkFirewall
1441
1490
  # To use a TLS inspection configuration, you add it to a new Network
1442
1491
  # Firewall firewall policy, then you apply the firewall policy to a
1443
1492
  # firewall. Network Firewall acts as a proxy service to decrypt and
1444
- # inspect inbound traffic. You can reference a TLS inspection
1445
- # configuration from more than one firewall policy, and you can use a
1446
- # firewall policy in more than one firewall. For more information
1447
- # about using TLS inspection configurations, see [Decrypting SSL/TLS
1448
- # traffic with TLS inspection configurations][1] in the *Network
1449
- # Firewall Developer Guide*.
1493
+ # inspect the traffic traveling through your firewalls. You can
1494
+ # reference a TLS inspection configuration from more than one firewall
1495
+ # policy, and you can use a firewall policy in more than one firewall.
1496
+ # For more information about using TLS inspection configurations, see
1497
+ # [Inspecting SSL/TLS traffic with TLS inspection configurations][1]
1498
+ # in the *Network Firewall Developer Guide*.
1450
1499
  #
1451
1500
  #
1452
1501
  #
@@ -2210,7 +2259,7 @@ module Aws::NetworkFirewall
2210
2259
  include Aws::Structure
2211
2260
  end
2212
2261
 
2213
- # Your request is valid, but Network Firewall couldnt perform the
2262
+ # Your request is valid, but Network Firewall couldn't perform the
2214
2263
  # operation because of a system problem. Retry your request.
2215
2264
  #
2216
2265
  # @!attribute [rw] message
@@ -3281,13 +3330,14 @@ module Aws::NetworkFirewall
3281
3330
  include Aws::Structure
3282
3331
  end
3283
3332
 
3284
- # Any Certificate Manager Secure Sockets Layer/Transport Layer Security
3285
- # (SSL/TLS) server certificate that's associated with a
3286
- # ServerCertificateConfiguration used in a TLSInspectionConfiguration.
3287
- # You must request or import a SSL/TLS certificate into ACM for each
3288
- # domain Network Firewall needs to decrypt and inspect. Network Firewall
3289
- # uses the SSL/TLS certificates to decrypt specified inbound SSL/TLS
3290
- # traffic going to your firewall. For information about working with
3333
+ # Any Certificate Manager (ACM) Secure Sockets Layer/Transport Layer
3334
+ # Security (SSL/TLS) server certificate that's associated with a
3335
+ # ServerCertificateConfiguration. Used in a TLSInspectionConfiguration
3336
+ # for inspection of inbound traffic to your firewall. You must request
3337
+ # or import a SSL/TLS certificate into ACM for each domain Network
3338
+ # Firewall needs to decrypt and inspect. Network Firewall uses the
3339
+ # SSL/TLS certificates to decrypt specified inbound SSL/TLS traffic
3340
+ # going to your firewall. For information about working with
3291
3341
  # certificates in Certificate Manager, see [Request a public certificate
3292
3342
  # ][1] or [Importing certificates][2] in the *Certificate Manager User
3293
3343
  # Guide*.
@@ -3299,7 +3349,7 @@ module Aws::NetworkFirewall
3299
3349
  #
3300
3350
  # @!attribute [rw] resource_arn
3301
3351
  # The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS
3302
- # server certificate.
3352
+ # server certificate that's used for inbound SSL/TLS inspection.
3303
3353
  # @return [String]
3304
3354
  #
3305
3355
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ServerCertificate AWS API Documentation
@@ -3310,10 +3360,11 @@ module Aws::NetworkFirewall
3310
3360
  include Aws::Structure
3311
3361
  end
3312
3362
 
3313
- # Configures the associated Certificate Manager Secure Sockets
3314
- # Layer/Transport Layer Security (SSL/TLS) server certificates and scope
3315
- # settings Network Firewall uses to decrypt traffic in a
3316
- # TLSInspectionConfiguration. For information about working with SSL/TLS
3363
+ # Configures the Certificate Manager certificates and scope that Network
3364
+ # Firewall uses to decrypt and re-encrypt traffic using a
3365
+ # TLSInspectionConfiguration. You can configure `ServerCertificates` for
3366
+ # inbound SSL/TLS inspection, a `CertificateAuthorityArn` for outbound
3367
+ # SSL/TLS inspection, or both. For information about working with
3317
3368
  # certificates for TLS inspection, see [ Requirements for using SSL/TLS
3318
3369
  # server certficiates with TLS inspection configurations][1] in the
3319
3370
  # *Network Firewall Developer Guide*.
@@ -3330,18 +3381,56 @@ module Aws::NetworkFirewall
3330
3381
  #
3331
3382
  # @!attribute [rw] server_certificates
3332
3383
  # The list of a server certificate configuration's Certificate
3333
- # Manager SSL/TLS certificates.
3384
+ # Manager certificates, used for inbound SSL/TLS inspection.
3334
3385
  # @return [Array<Types::ServerCertificate>]
3335
3386
  #
3336
3387
  # @!attribute [rw] scopes
3337
- # A list of a server certificate configuration's scopes.
3388
+ # A list of scopes.
3338
3389
  # @return [Array<Types::ServerCertificateScope>]
3339
3390
  #
3391
+ # @!attribute [rw] certificate_authority_arn
3392
+ # The Amazon Resource Name (ARN) of the imported certificate authority
3393
+ # (CA) certificate configured in Certificate Manager (ACM) to use for
3394
+ # outbound SSL/TLS inspection.
3395
+ #
3396
+ # The following limitations apply:
3397
+ #
3398
+ # * You can use CA certificates that you imported into ACM, but you
3399
+ # can't generate CA certificates with ACM.
3400
+ #
3401
+ # * You can't use certificates issued by Private Certificate
3402
+ # Authority.
3403
+ #
3404
+ # For more information about the certificate requirements for outbound
3405
+ # inspection, see [Requirements for using SSL/TLS certificates with
3406
+ # TLS inspection configurations][1] in the *Network Firewall Developer
3407
+ # Guide*.
3408
+ #
3409
+ # For information about working with certificates in ACM, see
3410
+ # [Importing certificates][2] in the *Certificate Manager User Guide*.
3411
+ #
3412
+ #
3413
+ #
3414
+ # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html
3415
+ # [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
3416
+ # @return [String]
3417
+ #
3418
+ # @!attribute [rw] check_certificate_revocation_status
3419
+ # When enabled, Network Firewall checks if the server certificate
3420
+ # presented by the server in the SSL/TLS connection has a revoked or
3421
+ # unkown status. If the certificate has an unknown or revoked status,
3422
+ # you must specify the actions that Network Firewall takes on outbound
3423
+ # traffic. To use this option, you must specify a
3424
+ # `CertificateAuthorityArn` in ServerCertificateConfiguration.
3425
+ # @return [Types::CheckCertificateRevocationStatusActions]
3426
+ #
3340
3427
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ServerCertificateConfiguration AWS API Documentation
3341
3428
  #
3342
3429
  class ServerCertificateConfiguration < Struct.new(
3343
3430
  :server_certificates,
3344
- :scopes)
3431
+ :scopes,
3432
+ :certificate_authority_arn,
3433
+ :check_certificate_revocation_status)
3345
3434
  SENSITIVE = []
3346
3435
  include Aws::Structure
3347
3436
  end
@@ -3812,12 +3901,12 @@ module Aws::NetworkFirewall
3812
3901
  # To use a TLS inspection configuration, you add it to a new Network
3813
3902
  # Firewall firewall policy, then you apply the firewall policy to a
3814
3903
  # firewall. Network Firewall acts as a proxy service to decrypt and
3815
- # inspect inbound traffic. You can reference a TLS inspection
3816
- # configuration from more than one firewall policy, and you can use a
3817
- # firewall policy in more than one firewall. For more information about
3818
- # using TLS inspection configurations, see [Decrypting SSL/TLS traffic
3819
- # with TLS inspection configurations][1] in the *Network Firewall
3820
- # Developer Guide*.
3904
+ # inspect the traffic traveling through your firewalls. You can
3905
+ # reference a TLS inspection configuration from more than one firewall
3906
+ # policy, and you can use a firewall policy in more than one firewall.
3907
+ # For more information about using TLS inspection configurations, see
3908
+ # [Inspecting SSL/TLS traffic with TLS inspection configurations][1] in
3909
+ # the *Network Firewall Developer Guide*.
3821
3910
  #
3822
3911
  #
3823
3912
  #
@@ -3915,6 +4004,10 @@ module Aws::NetworkFirewall
3915
4004
  # configuration.
3916
4005
  # @return [Array<Types::TlsCertificateData>]
3917
4006
  #
4007
+ # @!attribute [rw] certificate_authority
4008
+ # Contains metadata about an Certificate Manager certificate.
4009
+ # @return [Types::TlsCertificateData]
4010
+ #
3918
4011
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/TLSInspectionConfigurationResponse AWS API Documentation
3919
4012
  #
3920
4013
  class TLSInspectionConfigurationResponse < Struct.new(
@@ -3927,7 +4020,8 @@ module Aws::NetworkFirewall
3927
4020
  :last_modified_time,
3928
4021
  :number_of_associations,
3929
4022
  :encryption_configuration,
3930
- :certificates)
4023
+ :certificates,
4024
+ :certificate_authority)
3931
4025
  SENSITIVE = []
3932
4026
  include Aws::Structure
3933
4027
  end
@@ -4878,12 +4972,12 @@ module Aws::NetworkFirewall
4878
4972
  # To use a TLS inspection configuration, you add it to a new Network
4879
4973
  # Firewall firewall policy, then you apply the firewall policy to a
4880
4974
  # firewall. Network Firewall acts as a proxy service to decrypt and
4881
- # inspect inbound traffic. You can reference a TLS inspection
4882
- # configuration from more than one firewall policy, and you can use a
4883
- # firewall policy in more than one firewall. For more information
4884
- # about using TLS inspection configurations, see [Decrypting SSL/TLS
4885
- # traffic with TLS inspection configurations][1] in the *Network
4886
- # Firewall Developer Guide*.
4975
+ # inspect the traffic traveling through your firewalls. You can
4976
+ # reference a TLS inspection configuration from more than one firewall
4977
+ # policy, and you can use a firewall policy in more than one firewall.
4978
+ # For more information about using TLS inspection configurations, see
4979
+ # [Inspecting SSL/TLS traffic with TLS inspection configurations][1]
4980
+ # in the *Network Firewall Developer Guide*.
4887
4981
  #
4888
4982
  #
4889
4983
  #
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
52
52
  # @!group service
53
53
  module Aws::NetworkFirewall
54
54
 
55
- GEM_VERSION = '1.34.0'
55
+ GEM_VERSION = '1.36.0'
56
56
 
57
57
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-networkfirewall
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.34.0
4
+ version: 1.36.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-08-30 00:00:00.000000000 Z
11
+ date: 2023-10-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '3'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
- version: 3.177.0
22
+ version: 3.184.0
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: '3'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
- version: 3.177.0
32
+ version: 3.184.0
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: aws-sigv4
35
35
  requirement: !ruby/object:Gem::Requirement