aws-sdk-networkfirewall 1.35.0 → 1.36.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 93f906c49425708a99fefe392ecc65c744ed614c3731a9449151acf53512963b
-  data.tar.gz: cba122ba325f3fc897c5d8303d76244f9b984114ab4ebdde8c6525a0c78bcc96
+  metadata.gz: 5c5bf32a26450f873306ff092b4e1b4ece4508dedc0e8c60f8c90f683a9049a5
+  data.tar.gz: cc5d2460dadd157009ec50050cbcc928bfdf37c8ae47b09dffb13aa5eda1e272
 SHA512:
-  metadata.gz: 43149af37997bf292ad1d3da81402f90a52e89f512b437300bd5778529a93413a02716ee61b0523da651d9af9909e402671124ecdc17753dfabe4e82b23a43fb
-  data.tar.gz: 29ff4749347cae6fa3d96730e7aab182271168077a16b8da3e9b4f27a9edaa89ebbc4a13c359f3079da293f1b0f0bae8ac6d2ab35e3f8bc2e6aa7d15f090b9da
+  metadata.gz: 1e21e992ce09f252a6f004ab93349d8d4a66f7c08d1658e68a89d515a8f24db017fbeebb17110df25d4a8b89aac63b933f40cf486558490f17bc118db25183d9
+  data.tar.gz: b867ef794e837c2045c6ef228f5ae324f5b80844da2198c636c2b4733591ba676959ab4c29f1a82b411f085c0a359feb0edea732c8ba0c75c72d443d905115e4

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.36.0 (2023-10-26)
+------------------
+
+* Feature - Network Firewall now supports inspection of outbound SSL/TLS traffic.
+
 1.35.0 (2023-09-27)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.35.0
+1.36.0

data/lib/aws-sdk-networkfirewall/client.rb

@@ -818,7 +818,7 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.firewall_policy_arn #=> String
     #   resp.firewall_policy_response.firewall_policy_id #=> String
     #   resp.firewall_policy_response.description #=> String
-    #   resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING"
+    #   resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
     #   resp.firewall_policy_response.tags #=> Array
     #   resp.firewall_policy_response.tags[0].key #=> String
     #   resp.firewall_policy_response.tags[0].value #=> String
@@ -1100,7 +1100,7 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.description #=> String
     #   resp.rule_group_response.type #=> String, one of "STATELESS", "STATEFUL"
     #   resp.rule_group_response.capacity #=> Integer
-    #   resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING"
+    #   resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
     #   resp.rule_group_response.tags #=> Array
     #   resp.rule_group_response.tags[0].key #=> String
     #   resp.rule_group_response.tags[0].value #=> String
@@ -1124,11 +1124,11 @@ module Aws::NetworkFirewall
 
     # Creates an Network Firewall TLS inspection configuration. A TLS
     # inspection configuration contains the Certificate Manager certificate
-    # references that Network Firewall uses to decrypt and re-encrypt
-    # inbound traffic.
+    # associations that Network Firewall uses to decrypt and re-encrypt
+    # traffic traveling through your firewall.
     #
-    # After you create a TLS inspection configuration, you associate it with
-    # a new firewall policy.
+    # After you create a TLS inspection configuration, you can associate it
+    # with a new firewall policy.
     #
     # To update the settings for a TLS inspection configuration, use
     # UpdateTLSInspectionConfiguration.
@@ -1142,7 +1142,7 @@ module Aws::NetworkFirewall
     # DescribeTLSInspectionConfiguration.
     #
     # For more information about TLS inspection configurations, see
-    # [Decrypting SSL/TLS traffic with TLS inspection configurations][1] in
+    # [Inspecting SSL/TLS traffic with TLS inspection configurations][1] in
     # the *Network Firewall Developer Guide*.
     #
     #
@@ -1166,12 +1166,12 @@ module Aws::NetworkFirewall
     #   To use a TLS inspection configuration, you add it to a new Network
     #   Firewall firewall policy, then you apply the firewall policy to a
     #   firewall. Network Firewall acts as a proxy service to decrypt and
-    #   inspect inbound traffic. You can reference a TLS inspection
-    #   configuration from more than one firewall policy, and you can use a
-    #   firewall policy in more than one firewall. For more information about
-    #   using TLS inspection configurations, see [Decrypting SSL/TLS traffic
-    #   with TLS inspection configurations][1] in the *Network Firewall
-    #   Developer Guide*.
+    #   inspect the traffic traveling through your firewalls. You can
+    #   reference a TLS inspection configuration from more than one firewall
+    #   policy, and you can use a firewall policy in more than one firewall.
+    #   For more information about using TLS inspection configurations, see
+    #   [Inspecting SSL/TLS traffic with TLS inspection configurations][1] in
+    #   the *Network Firewall Developer Guide*.
     #
     #
     #
@@ -1242,6 +1242,11 @@ module Aws::NetworkFirewall
     #               protocols: [1],
     #             },
     #           ],
+    #           certificate_authority_arn: "ResourceArn",
+    #           check_certificate_revocation_status: {
+    #             revoked_status_action: "PASS", # accepts PASS, DROP, REJECT
+    #             unknown_status_action: "PASS", # accepts PASS, DROP, REJECT
+    #           },
     #         },
     #       ],
     #     },
@@ -1264,7 +1269,7 @@ module Aws::NetworkFirewall
     #   resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
     #   resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
     #   resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
-    #   resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
+    #   resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
     #   resp.tls_inspection_configuration_response.description #=> String
     #   resp.tls_inspection_configuration_response.tags #=> Array
     #   resp.tls_inspection_configuration_response.tags[0].key #=> String
@@ -1278,6 +1283,10 @@ module Aws::NetworkFirewall
     #   resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
     #   resp.tls_inspection_configuration_response.certificates[0].status #=> String
     #   resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.certificate_arn #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.certificate_serial #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.status #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.status_message #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateTLSInspectionConfiguration AWS API Documentation
     #
@@ -1400,7 +1409,7 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.firewall_policy_arn #=> String
     #   resp.firewall_policy_response.firewall_policy_id #=> String
     #   resp.firewall_policy_response.description #=> String
-    #   resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING"
+    #   resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
     #   resp.firewall_policy_response.tags #=> Array
     #   resp.firewall_policy_response.tags[0].key #=> String
     #   resp.firewall_policy_response.tags[0].value #=> String
@@ -1487,7 +1496,7 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.description #=> String
     #   resp.rule_group_response.type #=> String, one of "STATELESS", "STATEFUL"
     #   resp.rule_group_response.capacity #=> Integer
-    #   resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING"
+    #   resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
     #   resp.rule_group_response.tags #=> Array
     #   resp.rule_group_response.tags[0].key #=> String
     #   resp.rule_group_response.tags[0].value #=> String
@@ -1538,7 +1547,7 @@ module Aws::NetworkFirewall
     #   resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
     #   resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
     #   resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
-    #   resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
+    #   resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
     #   resp.tls_inspection_configuration_response.description #=> String
     #   resp.tls_inspection_configuration_response.tags #=> Array
     #   resp.tls_inspection_configuration_response.tags[0].key #=> String
@@ -1552,6 +1561,10 @@ module Aws::NetworkFirewall
     #   resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
     #   resp.tls_inspection_configuration_response.certificates[0].status #=> String
     #   resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.certificate_arn #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.certificate_serial #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.status #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.status_message #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteTLSInspectionConfiguration AWS API Documentation
     #
@@ -1665,7 +1678,7 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.firewall_policy_arn #=> String
     #   resp.firewall_policy_response.firewall_policy_id #=> String
     #   resp.firewall_policy_response.description #=> String
-    #   resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING"
+    #   resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
     #   resp.firewall_policy_response.tags #=> Array
     #   resp.firewall_policy_response.tags[0].key #=> String
     #   resp.firewall_policy_response.tags[0].value #=> String
@@ -1879,7 +1892,7 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.description #=> String
     #   resp.rule_group_response.type #=> String, one of "STATELESS", "STATEFUL"
     #   resp.rule_group_response.capacity #=> Integer
-    #   resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING"
+    #   resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
     #   resp.rule_group_response.tags #=> Array
     #   resp.rule_group_response.tags[0].key #=> String
     #   resp.rule_group_response.tags[0].value #=> String
@@ -2011,10 +2024,13 @@ module Aws::NetworkFirewall
     #   resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].destination_ports[0].to_port #=> Integer
     #   resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].protocols #=> Array
     #   resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].protocols[0] #=> Integer
+    #   resp.tls_inspection_configuration.server_certificate_configurations[0].certificate_authority_arn #=> String
+    #   resp.tls_inspection_configuration.server_certificate_configurations[0].check_certificate_revocation_status.revoked_status_action #=> String, one of "PASS", "DROP", "REJECT"
+    #   resp.tls_inspection_configuration.server_certificate_configurations[0].check_certificate_revocation_status.unknown_status_action #=> String, one of "PASS", "DROP", "REJECT"
     #   resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
     #   resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
     #   resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
-    #   resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
+    #   resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
     #   resp.tls_inspection_configuration_response.description #=> String
     #   resp.tls_inspection_configuration_response.tags #=> Array
     #   resp.tls_inspection_configuration_response.tags[0].key #=> String
@@ -2028,6 +2044,10 @@ module Aws::NetworkFirewall
     #   resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
     #   resp.tls_inspection_configuration_response.certificates[0].status #=> String
     #   resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.certificate_arn #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.certificate_serial #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.status #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.status_message #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeTLSInspectionConfiguration AWS API Documentation
     #
@@ -2880,7 +2900,7 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.firewall_policy_arn #=> String
     #   resp.firewall_policy_response.firewall_policy_id #=> String
     #   resp.firewall_policy_response.description #=> String
-    #   resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING"
+    #   resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
     #   resp.firewall_policy_response.tags #=> Array
     #   resp.firewall_policy_response.tags[0].key #=> String
     #   resp.firewall_policy_response.tags[0].value #=> String
@@ -3289,7 +3309,7 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.description #=> String
     #   resp.rule_group_response.type #=> String, one of "STATELESS", "STATEFUL"
     #   resp.rule_group_response.capacity #=> Integer
-    #   resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING"
+    #   resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
     #   resp.rule_group_response.tags #=> Array
     #   resp.rule_group_response.tags[0].key #=> String
     #   resp.rule_group_response.tags[0].value #=> String
@@ -3382,9 +3402,9 @@ module Aws::NetworkFirewall
 
     # Updates the TLS inspection configuration settings for the specified
     # TLS inspection configuration. You use a TLS inspection configuration
-    # by reference in one or more firewall policies. When you modify a TLS
-    # inspection configuration, you modify all firewall policies that use
-    # the TLS inspection configuration.
+    # by referencing it in one or more firewall policies. When you modify a
+    # TLS inspection configuration, you modify all firewall policies that
+    # use the TLS inspection configuration.
     #
     # To update a TLS inspection configuration, first call
     # DescribeTLSInspectionConfiguration to retrieve the current
@@ -3411,12 +3431,12 @@ module Aws::NetworkFirewall
     #   To use a TLS inspection configuration, you add it to a new Network
     #   Firewall firewall policy, then you apply the firewall policy to a
     #   firewall. Network Firewall acts as a proxy service to decrypt and
-    #   inspect inbound traffic. You can reference a TLS inspection
-    #   configuration from more than one firewall policy, and you can use a
-    #   firewall policy in more than one firewall. For more information about
-    #   using TLS inspection configurations, see [Decrypting SSL/TLS traffic
-    #   with TLS inspection configurations][1] in the *Network Firewall
-    #   Developer Guide*.
+    #   inspect the traffic traveling through your firewalls. You can
+    #   reference a TLS inspection configuration from more than one firewall
+    #   policy, and you can use a firewall policy in more than one firewall.
+    #   For more information about using TLS inspection configurations, see
+    #   [Inspecting SSL/TLS traffic with TLS inspection configurations][1] in
+    #   the *Network Firewall Developer Guide*.
     #
     #
     #
@@ -3489,6 +3509,11 @@ module Aws::NetworkFirewall
     #               protocols: [1],
     #             },
     #           ],
+    #           certificate_authority_arn: "ResourceArn",
+    #           check_certificate_revocation_status: {
+    #             revoked_status_action: "PASS", # accepts PASS, DROP, REJECT
+    #             unknown_status_action: "PASS", # accepts PASS, DROP, REJECT
+    #           },
     #         },
     #       ],
     #     },
@@ -3506,7 +3531,7 @@ module Aws::NetworkFirewall
     #   resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
     #   resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
     #   resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
-    #   resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
+    #   resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
     #   resp.tls_inspection_configuration_response.description #=> String
     #   resp.tls_inspection_configuration_response.tags #=> Array
     #   resp.tls_inspection_configuration_response.tags[0].key #=> String
@@ -3520,6 +3545,10 @@ module Aws::NetworkFirewall
     #   resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
     #   resp.tls_inspection_configuration_response.certificates[0].status #=> String
     #   resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.certificate_arn #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.certificate_serial #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.status #=> String
+    #   resp.tls_inspection_configuration_response.certificate_authority.status_message #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateTLSInspectionConfiguration AWS API Documentation
     #
@@ -3543,7 +3572,7 @@ module Aws::NetworkFirewall
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-networkfirewall'
-      context[:gem_version] = '1.35.0'
+      context[:gem_version] = '1.36.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-networkfirewall/client_api.rb

@@ -32,6 +32,7 @@ module Aws::NetworkFirewall
     CIDRSummary = Shapes::StructureShape.new(name: 'CIDRSummary')
     CapacityUsageSummary = Shapes::StructureShape.new(name: 'CapacityUsageSummary')
     Certificates = Shapes::ListShape.new(name: 'Certificates')
+    CheckCertificateRevocationStatusActions = Shapes::StructureShape.new(name: 'CheckCertificateRevocationStatusActions')
     CollectionMember_String = Shapes::StringShape.new(name: 'CollectionMember_String')
     ConfigurationSyncState = Shapes::StringShape.new(name: 'ConfigurationSyncState')
     CreateFirewallPolicyRequest = Shapes::StructureShape.new(name: 'CreateFirewallPolicyRequest')
@@ -159,6 +160,7 @@ module Aws::NetworkFirewall
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
     ResourceOwnerCheckException = Shapes::StructureShape.new(name: 'ResourceOwnerCheckException')
     ResourceStatus = Shapes::StringShape.new(name: 'ResourceStatus')
+    RevocationCheckAction = Shapes::StringShape.new(name: 'RevocationCheckAction')
     RuleCapacity = Shapes::IntegerShape.new(name: 'RuleCapacity')
     RuleDefinition = Shapes::StructureShape.new(name: 'RuleDefinition')
     RuleGroup = Shapes::StructureShape.new(name: 'RuleGroup')
@@ -306,6 +308,10 @@ module Aws::NetworkFirewall
 
     Certificates.member = Shapes::ShapeRef.new(shape: TlsCertificateData)
 
+    CheckCertificateRevocationStatusActions.add_member(:revoked_status_action, Shapes::ShapeRef.new(shape: RevocationCheckAction, location_name: "RevokedStatusAction"))
+    CheckCertificateRevocationStatusActions.add_member(:unknown_status_action, Shapes::ShapeRef.new(shape: RevocationCheckAction, location_name: "UnknownStatusAction"))
+    CheckCertificateRevocationStatusActions.struct_class = Types::CheckCertificateRevocationStatusActions
+
     CreateFirewallPolicyRequest.add_member(:firewall_policy_name, Shapes::ShapeRef.new(shape: ResourceName, required: true, location_name: "FirewallPolicyName"))
     CreateFirewallPolicyRequest.add_member(:firewall_policy, Shapes::ShapeRef.new(shape: FirewallPolicy, required: true, location_name: "FirewallPolicy"))
     CreateFirewallPolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
@@ -761,6 +767,8 @@ module Aws::NetworkFirewall
 
     ServerCertificateConfiguration.add_member(:server_certificates, Shapes::ShapeRef.new(shape: ServerCertificates, location_name: "ServerCertificates"))
     ServerCertificateConfiguration.add_member(:scopes, Shapes::ShapeRef.new(shape: ServerCertificateScopes, location_name: "Scopes"))
+    ServerCertificateConfiguration.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "CertificateAuthorityArn"))
+    ServerCertificateConfiguration.add_member(:check_certificate_revocation_status, Shapes::ShapeRef.new(shape: CheckCertificateRevocationStatusActions, location_name: "CheckCertificateRevocationStatus"))
     ServerCertificateConfiguration.struct_class = Types::ServerCertificateConfiguration
 
     ServerCertificateConfigurations.member = Shapes::ShapeRef.new(shape: ServerCertificateConfiguration)
@@ -865,6 +873,7 @@ module Aws::NetworkFirewall
     TLSInspectionConfigurationResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
     TLSInspectionConfigurationResponse.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
     TLSInspectionConfigurationResponse.add_member(:certificates, Shapes::ShapeRef.new(shape: Certificates, location_name: "Certificates"))
+    TLSInspectionConfigurationResponse.add_member(:certificate_authority, Shapes::ShapeRef.new(shape: TlsCertificateData, location_name: "CertificateAuthority"))
     TLSInspectionConfigurationResponse.struct_class = Types::TLSInspectionConfigurationResponse
 
     TLSInspectionConfigurations.member = Shapes::ShapeRef.new(shape: TLSInspectionConfigurationMetadata)

data/lib/aws-sdk-networkfirewall/endpoint_provider.rb

@@ -32,7 +32,7 @@ module Aws::NetworkFirewall
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
               return Aws::Endpoints::Endpoint.new(url: "https://network-firewall-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"

data/lib/aws-sdk-networkfirewall/types.rb

@@ -355,6 +355,55 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # Defines the actions to take on the SSL/TLS connection if the
+    # certificate presented by the server in the connection has a revoked or
+    # unknown status.
+    #
+    # @!attribute [rw] revoked_status_action
+    #   Configures how Network Firewall processes traffic when it determines
+    #   that the certificate presented by the server in the SSL/TLS
+    #   connection has a revoked status.
+    #
+    #   * **PASS** - Allow the connection to continue, and pass subsequent
+    #     packets to the stateful engine for inspection.
+    #
+    #   * **DROP** - Network Firewall fails closed and drops all subsequent
+    #     traffic.
+    #
+    #   * **REJECT** - Network Firewall sends a TCP reject packet back to
+    #     your client so that the client can immediately establish a new
+    #     session. Network Firewall then fails closed and drops all
+    #     subsequent traffic. `REJECT` is available only for TCP traffic.
+    #   @return [String]
+    #
+    # @!attribute [rw] unknown_status_action
+    #   Configures how Network Firewall processes traffic when it determines
+    #   that the certificate presented by the server in the SSL/TLS
+    #   connection has an unknown status, or a status that cannot be
+    #   determined for any other reason, including when the service is
+    #   unable to connect to the OCSP and CRL endpoints for the certificate.
+    #
+    #   * **PASS** - Allow the connection to continue, and pass subsequent
+    #     packets to the stateful engine for inspection.
+    #
+    #   * **DROP** - Network Firewall fails closed and drops all subsequent
+    #     traffic.
+    #
+    #   * **REJECT** - Network Firewall sends a TCP reject packet back to
+    #     your client so that the client can immediately establish a new
+    #     session. Network Firewall then fails closed and drops all
+    #     subsequent traffic. `REJECT` is available only for TCP traffic.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CheckCertificateRevocationStatusActions AWS API Documentation
+    #
+    class CheckCertificateRevocationStatusActions < Struct.new(
+      :revoked_status_action,
+      :unknown_status_action)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] firewall_policy_name
     #   The descriptive name of the firewall policy. You can't change the
     #   name of a firewall policy after you create it.
@@ -720,12 +769,12 @@ module Aws::NetworkFirewall
     #   To use a TLS inspection configuration, you add it to a new Network
     #   Firewall firewall policy, then you apply the firewall policy to a
     #   firewall. Network Firewall acts as a proxy service to decrypt and
-    #   inspect inbound traffic. You can reference a TLS inspection
-    #   configuration from more than one firewall policy, and you can use a
-    #   firewall policy in more than one firewall. For more information
-    #   about using TLS inspection configurations, see [Decrypting SSL/TLS
-    #   traffic with TLS inspection configurations][1] in the *Network
-    #   Firewall Developer Guide*.
+    #   inspect the traffic traveling through your firewalls. You can
+    #   reference a TLS inspection configuration from more than one firewall
+    #   policy, and you can use a firewall policy in more than one firewall.
+    #   For more information about using TLS inspection configurations, see
+    #   [Inspecting SSL/TLS traffic with TLS inspection configurations][1]
+    #   in the *Network Firewall Developer Guide*.
     #
     #
     #
@@ -1441,12 +1490,12 @@ module Aws::NetworkFirewall
     #   To use a TLS inspection configuration, you add it to a new Network
     #   Firewall firewall policy, then you apply the firewall policy to a
     #   firewall. Network Firewall acts as a proxy service to decrypt and
-    #   inspect inbound traffic. You can reference a TLS inspection
-    #   configuration from more than one firewall policy, and you can use a
-    #   firewall policy in more than one firewall. For more information
-    #   about using TLS inspection configurations, see [Decrypting SSL/TLS
-    #   traffic with TLS inspection configurations][1] in the *Network
-    #   Firewall Developer Guide*.
+    #   inspect the traffic traveling through your firewalls. You can
+    #   reference a TLS inspection configuration from more than one firewall
+    #   policy, and you can use a firewall policy in more than one firewall.
+    #   For more information about using TLS inspection configurations, see
+    #   [Inspecting SSL/TLS traffic with TLS inspection configurations][1]
+    #   in the *Network Firewall Developer Guide*.
     #
     #
     #
@@ -2210,7 +2259,7 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # Your request is valid, but Network Firewall couldn’t perform the
+    # Your request is valid, but Network Firewall couldn't perform the
     # operation because of a system problem. Retry your request.
     #
     # @!attribute [rw] message
@@ -3281,13 +3330,14 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # Any Certificate Manager Secure Sockets Layer/Transport Layer Security
-    # (SSL/TLS) server certificate that's associated with a
-    # ServerCertificateConfiguration used in a TLSInspectionConfiguration.
-    # You must request or import a SSL/TLS certificate into ACM for each
-    # domain Network Firewall needs to decrypt and inspect. Network Firewall
-    # uses the SSL/TLS certificates to decrypt specified inbound SSL/TLS
-    # traffic going to your firewall. For information about working with
+    # Any Certificate Manager (ACM) Secure Sockets Layer/Transport Layer
+    # Security (SSL/TLS) server certificate that's associated with a
+    # ServerCertificateConfiguration. Used in a TLSInspectionConfiguration
+    # for inspection of inbound traffic to your firewall. You must request
+    # or import a SSL/TLS certificate into ACM for each domain Network
+    # Firewall needs to decrypt and inspect. Network Firewall uses the
+    # SSL/TLS certificates to decrypt specified inbound SSL/TLS traffic
+    # going to your firewall. For information about working with
     # certificates in Certificate Manager, see [Request a public certificate
     # ][1] or [Importing certificates][2] in the *Certificate Manager User
     # Guide*.
@@ -3299,7 +3349,7 @@ module Aws::NetworkFirewall
     #
     # @!attribute [rw] resource_arn
     #   The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS
-    #   server certificate.
+    #   server certificate that's used for inbound SSL/TLS inspection.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ServerCertificate AWS API Documentation
@@ -3310,10 +3360,11 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # Configures the associated Certificate Manager Secure Sockets
-    # Layer/Transport Layer Security (SSL/TLS) server certificates and scope
-    # settings Network Firewall uses to decrypt traffic in a
-    # TLSInspectionConfiguration. For information about working with SSL/TLS
+    # Configures the Certificate Manager certificates and scope that Network
+    # Firewall uses to decrypt and re-encrypt traffic using a
+    # TLSInspectionConfiguration. You can configure `ServerCertificates` for
+    # inbound SSL/TLS inspection, a `CertificateAuthorityArn` for outbound
+    # SSL/TLS inspection, or both. For information about working with
     # certificates for TLS inspection, see [ Requirements for using SSL/TLS
     # server certficiates with TLS inspection configurations][1] in the
     # *Network Firewall Developer Guide*.
@@ -3330,18 +3381,56 @@ module Aws::NetworkFirewall
     #
     # @!attribute [rw] server_certificates
     #   The list of a server certificate configuration's Certificate
-    #   Manager SSL/TLS certificates.
+    #   Manager certificates, used for inbound SSL/TLS inspection.
     #   @return [Array<Types::ServerCertificate>]
     #
     # @!attribute [rw] scopes
-    #   A list of a server certificate configuration's scopes.
+    #   A list of scopes.
     #   @return [Array<Types::ServerCertificateScope>]
     #
+    # @!attribute [rw] certificate_authority_arn
+    #   The Amazon Resource Name (ARN) of the imported certificate authority
+    #   (CA) certificate configured in Certificate Manager (ACM) to use for
+    #   outbound SSL/TLS inspection.
+    #
+    #   The following limitations apply:
+    #
+    #   * You can use CA certificates that you imported into ACM, but you
+    #     can't generate CA certificates with ACM.
+    #
+    #   * You can't use certificates issued by Private Certificate
+    #     Authority.
+    #
+    #   For more information about the certificate requirements for outbound
+    #   inspection, see [Requirements for using SSL/TLS certificates with
+    #   TLS inspection configurations][1] in the *Network Firewall Developer
+    #   Guide*.
+    #
+    #   For information about working with certificates in ACM, see
+    #   [Importing certificates][2] in the *Certificate Manager User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html
+    #   [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
+    #   @return [String]
+    #
+    # @!attribute [rw] check_certificate_revocation_status
+    #   When enabled, Network Firewall checks if the server certificate
+    #   presented by the server in the SSL/TLS connection has a revoked or
+    #   unkown status. If the certificate has an unknown or revoked status,
+    #   you must specify the actions that Network Firewall takes on outbound
+    #   traffic. To use this option, you must specify a
+    #   `CertificateAuthorityArn` in ServerCertificateConfiguration.
+    #   @return [Types::CheckCertificateRevocationStatusActions]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ServerCertificateConfiguration AWS API Documentation
     #
     class ServerCertificateConfiguration < Struct.new(
       :server_certificates,
-      :scopes)
+      :scopes,
+      :certificate_authority_arn,
+      :check_certificate_revocation_status)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3812,12 +3901,12 @@ module Aws::NetworkFirewall
     # To use a TLS inspection configuration, you add it to a new Network
     # Firewall firewall policy, then you apply the firewall policy to a
     # firewall. Network Firewall acts as a proxy service to decrypt and
-    # inspect inbound traffic. You can reference a TLS inspection
-    # configuration from more than one firewall policy, and you can use a
-    # firewall policy in more than one firewall. For more information about
-    # using TLS inspection configurations, see [Decrypting SSL/TLS traffic
-    # with TLS inspection configurations][1] in the *Network Firewall
-    # Developer Guide*.
+    # inspect the traffic traveling through your firewalls. You can
+    # reference a TLS inspection configuration from more than one firewall
+    # policy, and you can use a firewall policy in more than one firewall.
+    # For more information about using TLS inspection configurations, see
+    # [Inspecting SSL/TLS traffic with TLS inspection configurations][1] in
+    # the *Network Firewall Developer Guide*.
     #
     #
     #
@@ -3915,6 +4004,10 @@ module Aws::NetworkFirewall
     #   configuration.
     #   @return [Array<Types::TlsCertificateData>]
     #
+    # @!attribute [rw] certificate_authority
+    #   Contains metadata about an Certificate Manager certificate.
+    #   @return [Types::TlsCertificateData]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/TLSInspectionConfigurationResponse AWS API Documentation
     #
     class TLSInspectionConfigurationResponse < Struct.new(
@@ -3927,7 +4020,8 @@ module Aws::NetworkFirewall
       :last_modified_time,
       :number_of_associations,
       :encryption_configuration,
-      :certificates)
+      :certificates,
+      :certificate_authority)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4878,12 +4972,12 @@ module Aws::NetworkFirewall
     #   To use a TLS inspection configuration, you add it to a new Network
     #   Firewall firewall policy, then you apply the firewall policy to a
     #   firewall. Network Firewall acts as a proxy service to decrypt and
-    #   inspect inbound traffic. You can reference a TLS inspection
-    #   configuration from more than one firewall policy, and you can use a
-    #   firewall policy in more than one firewall. For more information
-    #   about using TLS inspection configurations, see [Decrypting SSL/TLS
-    #   traffic with TLS inspection configurations][1] in the *Network
-    #   Firewall Developer Guide*.
+    #   inspect the traffic traveling through your firewalls. You can
+    #   reference a TLS inspection configuration from more than one firewall
+    #   policy, and you can use a firewall policy in more than one firewall.
+    #   For more information about using TLS inspection configurations, see
+    #   [Inspecting SSL/TLS traffic with TLS inspection configurations][1]
+    #   in the *Network Firewall Developer Guide*.
     #
     #
     #

data/lib/aws-sdk-networkfirewall.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
 # @!group service
 module Aws::NetworkFirewall
 
-  GEM_VERSION = '1.35.0'
+  GEM_VERSION = '1.36.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-networkfirewall
 version: !ruby/object:Gem::Version
-  version: 1.35.0
+  version: 1.36.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-09-27 00:00:00.000000000 Z
+date: 2023-10-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core