aws-sdk-networkfirewall 1.35.0 → 1.37.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-networkfirewall/client.rb +106 -34
- data/lib/aws-sdk-networkfirewall/client_api.rb +26 -0
- data/lib/aws-sdk-networkfirewall/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-networkfirewall/types.rb +272 -62
- data/lib/aws-sdk-networkfirewall.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1ead7232a47e4248e5f8e27ffea9f25c2440d542fc0bfa6578c81b9486b7b07b
|
4
|
+
data.tar.gz: c85889a00b03ab03b4b4497d90bc5d43b820a91ed2138c8794e65bd58f5eba3e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0f9693651148e310a4006394e3381083ef03f7eff5d883e8cf5e9ac9957d55ec79b1cce56c4251feca36e702c1136804a58740568ccd3b7088a321edad22af15
|
7
|
+
data.tar.gz: dfc2ed10eb6ad18b5191eddc9c48ce7d233239c5fe911503882d981891d126e7a0c6ae6e2c189ee1ce8344051a4b8dfc3b44a7396a7cd5c97c878027e8831fbe
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,16 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.37.0 (2023-11-02)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - This release introduces the stateless rule analyzer, which enables you to analyze your stateless rules for asymmetric routing.
|
8
|
+
|
9
|
+
1.36.0 (2023-10-26)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Network Firewall now supports inspection of outbound SSL/TLS traffic.
|
13
|
+
|
4
14
|
1.35.0 (2023-09-27)
|
5
15
|
------------------
|
6
16
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.37.0
|
@@ -818,7 +818,7 @@ module Aws::NetworkFirewall
|
|
818
818
|
# resp.firewall_policy_response.firewall_policy_arn #=> String
|
819
819
|
# resp.firewall_policy_response.firewall_policy_id #=> String
|
820
820
|
# resp.firewall_policy_response.description #=> String
|
821
|
-
# resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING"
|
821
|
+
# resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
|
822
822
|
# resp.firewall_policy_response.tags #=> Array
|
823
823
|
# resp.firewall_policy_response.tags[0].key #=> String
|
824
824
|
# resp.firewall_policy_response.tags[0].value #=> String
|
@@ -955,6 +955,13 @@ module Aws::NetworkFirewall
|
|
955
955
|
# own rule group is copied from. You can use the metadata to keep track
|
956
956
|
# of updates made to the originating rule group.
|
957
957
|
#
|
958
|
+
# @option params [Boolean] :analyze_rule_group
|
959
|
+
# Indicates whether you want Network Firewall to analyze the stateless
|
960
|
+
# rules in the rule group for rule behavior such as asymmetric routing.
|
961
|
+
# If set to `TRUE`, Network Firewall runs the analysis and then creates
|
962
|
+
# the rule group for you. To run the stateless rule group analyzer
|
963
|
+
# without creating the rule group, set `DryRun` to `TRUE`.
|
964
|
+
#
|
958
965
|
# @return [Types::CreateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
959
966
|
#
|
960
967
|
# * {Types::CreateRuleGroupResponse#update_token #update_token} => String
|
@@ -1089,6 +1096,7 @@ module Aws::NetworkFirewall
|
|
1089
1096
|
# source_arn: "ResourceArn",
|
1090
1097
|
# source_update_token: "UpdateToken",
|
1091
1098
|
# },
|
1099
|
+
# analyze_rule_group: false,
|
1092
1100
|
# })
|
1093
1101
|
#
|
1094
1102
|
# @example Response structure
|
@@ -1100,7 +1108,7 @@ module Aws::NetworkFirewall
|
|
1100
1108
|
# resp.rule_group_response.description #=> String
|
1101
1109
|
# resp.rule_group_response.type #=> String, one of "STATELESS", "STATEFUL"
|
1102
1110
|
# resp.rule_group_response.capacity #=> Integer
|
1103
|
-
# resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING"
|
1111
|
+
# resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
|
1104
1112
|
# resp.rule_group_response.tags #=> Array
|
1105
1113
|
# resp.rule_group_response.tags[0].key #=> String
|
1106
1114
|
# resp.rule_group_response.tags[0].value #=> String
|
@@ -1112,6 +1120,11 @@ module Aws::NetworkFirewall
|
|
1112
1120
|
# resp.rule_group_response.source_metadata.source_update_token #=> String
|
1113
1121
|
# resp.rule_group_response.sns_topic #=> String
|
1114
1122
|
# resp.rule_group_response.last_modified_time #=> Time
|
1123
|
+
# resp.rule_group_response.analysis_results #=> Array
|
1124
|
+
# resp.rule_group_response.analysis_results[0].identified_rule_ids #=> Array
|
1125
|
+
# resp.rule_group_response.analysis_results[0].identified_rule_ids[0] #=> String
|
1126
|
+
# resp.rule_group_response.analysis_results[0].identified_type #=> String, one of "STATELESS_RULE_FORWARDING_ASYMMETRICALLY", "STATELESS_RULE_CONTAINS_TCP_FLAGS"
|
1127
|
+
# resp.rule_group_response.analysis_results[0].analysis_detail #=> String
|
1115
1128
|
#
|
1116
1129
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup AWS API Documentation
|
1117
1130
|
#
|
@@ -1123,12 +1136,13 @@ module Aws::NetworkFirewall
|
|
1123
1136
|
end
|
1124
1137
|
|
1125
1138
|
# Creates an Network Firewall TLS inspection configuration. A TLS
|
1126
|
-
# inspection configuration contains
|
1127
|
-
#
|
1128
|
-
#
|
1139
|
+
# inspection configuration contains Certificate Manager certificate
|
1140
|
+
# associations between and the scope configurations that Network
|
1141
|
+
# Firewall uses to decrypt and re-encrypt traffic traveling through your
|
1142
|
+
# firewall.
|
1129
1143
|
#
|
1130
|
-
# After you create a TLS inspection configuration, you associate it
|
1131
|
-
# a new firewall policy.
|
1144
|
+
# After you create a TLS inspection configuration, you can associate it
|
1145
|
+
# with a new firewall policy.
|
1132
1146
|
#
|
1133
1147
|
# To update the settings for a TLS inspection configuration, use
|
1134
1148
|
# UpdateTLSInspectionConfiguration.
|
@@ -1142,7 +1156,7 @@ module Aws::NetworkFirewall
|
|
1142
1156
|
# DescribeTLSInspectionConfiguration.
|
1143
1157
|
#
|
1144
1158
|
# For more information about TLS inspection configurations, see
|
1145
|
-
# [
|
1159
|
+
# [Inspecting SSL/TLS traffic with TLS inspection configurations][1] in
|
1146
1160
|
# the *Network Firewall Developer Guide*.
|
1147
1161
|
#
|
1148
1162
|
#
|
@@ -1166,12 +1180,12 @@ module Aws::NetworkFirewall
|
|
1166
1180
|
# To use a TLS inspection configuration, you add it to a new Network
|
1167
1181
|
# Firewall firewall policy, then you apply the firewall policy to a
|
1168
1182
|
# firewall. Network Firewall acts as a proxy service to decrypt and
|
1169
|
-
# inspect
|
1170
|
-
# configuration from more than one firewall
|
1171
|
-
# firewall policy in more than one firewall.
|
1172
|
-
# using TLS inspection configurations, see
|
1173
|
-
# with TLS inspection configurations][1] in
|
1174
|
-
# Developer Guide*.
|
1183
|
+
# inspect the traffic traveling through your firewalls. You can
|
1184
|
+
# reference a TLS inspection configuration from more than one firewall
|
1185
|
+
# policy, and you can use a firewall policy in more than one firewall.
|
1186
|
+
# For more information about using TLS inspection configurations, see
|
1187
|
+
# [Inspecting SSL/TLS traffic with TLS inspection configurations][1] in
|
1188
|
+
# the *Network Firewall Developer Guide*.
|
1175
1189
|
#
|
1176
1190
|
#
|
1177
1191
|
#
|
@@ -1242,6 +1256,11 @@ module Aws::NetworkFirewall
|
|
1242
1256
|
# protocols: [1],
|
1243
1257
|
# },
|
1244
1258
|
# ],
|
1259
|
+
# certificate_authority_arn: "ResourceArn",
|
1260
|
+
# check_certificate_revocation_status: {
|
1261
|
+
# revoked_status_action: "PASS", # accepts PASS, DROP, REJECT
|
1262
|
+
# unknown_status_action: "PASS", # accepts PASS, DROP, REJECT
|
1263
|
+
# },
|
1245
1264
|
# },
|
1246
1265
|
# ],
|
1247
1266
|
# },
|
@@ -1264,7 +1283,7 @@ module Aws::NetworkFirewall
|
|
1264
1283
|
# resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
|
1265
1284
|
# resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
|
1266
1285
|
# resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
|
1267
|
-
# resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
|
1286
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
|
1268
1287
|
# resp.tls_inspection_configuration_response.description #=> String
|
1269
1288
|
# resp.tls_inspection_configuration_response.tags #=> Array
|
1270
1289
|
# resp.tls_inspection_configuration_response.tags[0].key #=> String
|
@@ -1278,6 +1297,10 @@ module Aws::NetworkFirewall
|
|
1278
1297
|
# resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
|
1279
1298
|
# resp.tls_inspection_configuration_response.certificates[0].status #=> String
|
1280
1299
|
# resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
|
1300
|
+
# resp.tls_inspection_configuration_response.certificate_authority.certificate_arn #=> String
|
1301
|
+
# resp.tls_inspection_configuration_response.certificate_authority.certificate_serial #=> String
|
1302
|
+
# resp.tls_inspection_configuration_response.certificate_authority.status #=> String
|
1303
|
+
# resp.tls_inspection_configuration_response.certificate_authority.status_message #=> String
|
1281
1304
|
#
|
1282
1305
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateTLSInspectionConfiguration AWS API Documentation
|
1283
1306
|
#
|
@@ -1400,7 +1423,7 @@ module Aws::NetworkFirewall
|
|
1400
1423
|
# resp.firewall_policy_response.firewall_policy_arn #=> String
|
1401
1424
|
# resp.firewall_policy_response.firewall_policy_id #=> String
|
1402
1425
|
# resp.firewall_policy_response.description #=> String
|
1403
|
-
# resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING"
|
1426
|
+
# resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
|
1404
1427
|
# resp.firewall_policy_response.tags #=> Array
|
1405
1428
|
# resp.firewall_policy_response.tags[0].key #=> String
|
1406
1429
|
# resp.firewall_policy_response.tags[0].value #=> String
|
@@ -1487,7 +1510,7 @@ module Aws::NetworkFirewall
|
|
1487
1510
|
# resp.rule_group_response.description #=> String
|
1488
1511
|
# resp.rule_group_response.type #=> String, one of "STATELESS", "STATEFUL"
|
1489
1512
|
# resp.rule_group_response.capacity #=> Integer
|
1490
|
-
# resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING"
|
1513
|
+
# resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
|
1491
1514
|
# resp.rule_group_response.tags #=> Array
|
1492
1515
|
# resp.rule_group_response.tags[0].key #=> String
|
1493
1516
|
# resp.rule_group_response.tags[0].value #=> String
|
@@ -1499,6 +1522,11 @@ module Aws::NetworkFirewall
|
|
1499
1522
|
# resp.rule_group_response.source_metadata.source_update_token #=> String
|
1500
1523
|
# resp.rule_group_response.sns_topic #=> String
|
1501
1524
|
# resp.rule_group_response.last_modified_time #=> Time
|
1525
|
+
# resp.rule_group_response.analysis_results #=> Array
|
1526
|
+
# resp.rule_group_response.analysis_results[0].identified_rule_ids #=> Array
|
1527
|
+
# resp.rule_group_response.analysis_results[0].identified_rule_ids[0] #=> String
|
1528
|
+
# resp.rule_group_response.analysis_results[0].identified_type #=> String, one of "STATELESS_RULE_FORWARDING_ASYMMETRICALLY", "STATELESS_RULE_CONTAINS_TCP_FLAGS"
|
1529
|
+
# resp.rule_group_response.analysis_results[0].analysis_detail #=> String
|
1502
1530
|
#
|
1503
1531
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup AWS API Documentation
|
1504
1532
|
#
|
@@ -1538,7 +1566,7 @@ module Aws::NetworkFirewall
|
|
1538
1566
|
# resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
|
1539
1567
|
# resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
|
1540
1568
|
# resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
|
1541
|
-
# resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
|
1569
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
|
1542
1570
|
# resp.tls_inspection_configuration_response.description #=> String
|
1543
1571
|
# resp.tls_inspection_configuration_response.tags #=> Array
|
1544
1572
|
# resp.tls_inspection_configuration_response.tags[0].key #=> String
|
@@ -1552,6 +1580,10 @@ module Aws::NetworkFirewall
|
|
1552
1580
|
# resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
|
1553
1581
|
# resp.tls_inspection_configuration_response.certificates[0].status #=> String
|
1554
1582
|
# resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
|
1583
|
+
# resp.tls_inspection_configuration_response.certificate_authority.certificate_arn #=> String
|
1584
|
+
# resp.tls_inspection_configuration_response.certificate_authority.certificate_serial #=> String
|
1585
|
+
# resp.tls_inspection_configuration_response.certificate_authority.status #=> String
|
1586
|
+
# resp.tls_inspection_configuration_response.certificate_authority.status_message #=> String
|
1555
1587
|
#
|
1556
1588
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteTLSInspectionConfiguration AWS API Documentation
|
1557
1589
|
#
|
@@ -1665,7 +1697,7 @@ module Aws::NetworkFirewall
|
|
1665
1697
|
# resp.firewall_policy_response.firewall_policy_arn #=> String
|
1666
1698
|
# resp.firewall_policy_response.firewall_policy_id #=> String
|
1667
1699
|
# resp.firewall_policy_response.description #=> String
|
1668
|
-
# resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING"
|
1700
|
+
# resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
|
1669
1701
|
# resp.firewall_policy_response.tags #=> Array
|
1670
1702
|
# resp.firewall_policy_response.tags[0].key #=> String
|
1671
1703
|
# resp.firewall_policy_response.tags[0].value #=> String
|
@@ -1804,6 +1836,11 @@ module Aws::NetworkFirewall
|
|
1804
1836
|
#
|
1805
1837
|
# </note>
|
1806
1838
|
#
|
1839
|
+
# @option params [Boolean] :analyze_rule_group
|
1840
|
+
# Indicates whether you want Network Firewall to analyze the stateless
|
1841
|
+
# rules in the rule group for rule behavior such as asymmetric routing.
|
1842
|
+
# If set to `TRUE`, Network Firewall runs the analysis.
|
1843
|
+
#
|
1807
1844
|
# @return [Types::DescribeRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1808
1845
|
#
|
1809
1846
|
# * {Types::DescribeRuleGroupResponse#update_token #update_token} => String
|
@@ -1816,6 +1853,7 @@ module Aws::NetworkFirewall
|
|
1816
1853
|
# rule_group_name: "ResourceName",
|
1817
1854
|
# rule_group_arn: "ResourceArn",
|
1818
1855
|
# type: "STATELESS", # accepts STATELESS, STATEFUL
|
1856
|
+
# analyze_rule_group: false,
|
1819
1857
|
# })
|
1820
1858
|
#
|
1821
1859
|
# @example Response structure
|
@@ -1879,7 +1917,7 @@ module Aws::NetworkFirewall
|
|
1879
1917
|
# resp.rule_group_response.description #=> String
|
1880
1918
|
# resp.rule_group_response.type #=> String, one of "STATELESS", "STATEFUL"
|
1881
1919
|
# resp.rule_group_response.capacity #=> Integer
|
1882
|
-
# resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING"
|
1920
|
+
# resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
|
1883
1921
|
# resp.rule_group_response.tags #=> Array
|
1884
1922
|
# resp.rule_group_response.tags[0].key #=> String
|
1885
1923
|
# resp.rule_group_response.tags[0].value #=> String
|
@@ -1891,6 +1929,11 @@ module Aws::NetworkFirewall
|
|
1891
1929
|
# resp.rule_group_response.source_metadata.source_update_token #=> String
|
1892
1930
|
# resp.rule_group_response.sns_topic #=> String
|
1893
1931
|
# resp.rule_group_response.last_modified_time #=> Time
|
1932
|
+
# resp.rule_group_response.analysis_results #=> Array
|
1933
|
+
# resp.rule_group_response.analysis_results[0].identified_rule_ids #=> Array
|
1934
|
+
# resp.rule_group_response.analysis_results[0].identified_rule_ids[0] #=> String
|
1935
|
+
# resp.rule_group_response.analysis_results[0].identified_type #=> String, one of "STATELESS_RULE_FORWARDING_ASYMMETRICALLY", "STATELESS_RULE_CONTAINS_TCP_FLAGS"
|
1936
|
+
# resp.rule_group_response.analysis_results[0].analysis_detail #=> String
|
1894
1937
|
#
|
1895
1938
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup AWS API Documentation
|
1896
1939
|
#
|
@@ -2011,10 +2054,13 @@ module Aws::NetworkFirewall
|
|
2011
2054
|
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].destination_ports[0].to_port #=> Integer
|
2012
2055
|
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].protocols #=> Array
|
2013
2056
|
# resp.tls_inspection_configuration.server_certificate_configurations[0].scopes[0].protocols[0] #=> Integer
|
2057
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].certificate_authority_arn #=> String
|
2058
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].check_certificate_revocation_status.revoked_status_action #=> String, one of "PASS", "DROP", "REJECT"
|
2059
|
+
# resp.tls_inspection_configuration.server_certificate_configurations[0].check_certificate_revocation_status.unknown_status_action #=> String, one of "PASS", "DROP", "REJECT"
|
2014
2060
|
# resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
|
2015
2061
|
# resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
|
2016
2062
|
# resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
|
2017
|
-
# resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
|
2063
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
|
2018
2064
|
# resp.tls_inspection_configuration_response.description #=> String
|
2019
2065
|
# resp.tls_inspection_configuration_response.tags #=> Array
|
2020
2066
|
# resp.tls_inspection_configuration_response.tags[0].key #=> String
|
@@ -2028,6 +2074,10 @@ module Aws::NetworkFirewall
|
|
2028
2074
|
# resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
|
2029
2075
|
# resp.tls_inspection_configuration_response.certificates[0].status #=> String
|
2030
2076
|
# resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
|
2077
|
+
# resp.tls_inspection_configuration_response.certificate_authority.certificate_arn #=> String
|
2078
|
+
# resp.tls_inspection_configuration_response.certificate_authority.certificate_serial #=> String
|
2079
|
+
# resp.tls_inspection_configuration_response.certificate_authority.status #=> String
|
2080
|
+
# resp.tls_inspection_configuration_response.certificate_authority.status_message #=> String
|
2031
2081
|
#
|
2032
2082
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeTLSInspectionConfiguration AWS API Documentation
|
2033
2083
|
#
|
@@ -2880,7 +2930,7 @@ module Aws::NetworkFirewall
|
|
2880
2930
|
# resp.firewall_policy_response.firewall_policy_arn #=> String
|
2881
2931
|
# resp.firewall_policy_response.firewall_policy_id #=> String
|
2882
2932
|
# resp.firewall_policy_response.description #=> String
|
2883
|
-
# resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING"
|
2933
|
+
# resp.firewall_policy_response.firewall_policy_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
|
2884
2934
|
# resp.firewall_policy_response.tags #=> Array
|
2885
2935
|
# resp.firewall_policy_response.tags[0].key #=> String
|
2886
2936
|
# resp.firewall_policy_response.tags[0].value #=> String
|
@@ -3149,6 +3199,13 @@ module Aws::NetworkFirewall
|
|
3149
3199
|
# own rule group is copied from. You can use the metadata to keep track
|
3150
3200
|
# of updates made to the originating rule group.
|
3151
3201
|
#
|
3202
|
+
# @option params [Boolean] :analyze_rule_group
|
3203
|
+
# Indicates whether you want Network Firewall to analyze the stateless
|
3204
|
+
# rules in the rule group for rule behavior such as asymmetric routing.
|
3205
|
+
# If set to `TRUE`, Network Firewall runs the analysis and then updates
|
3206
|
+
# the rule group for you. To run the stateless rule group analyzer
|
3207
|
+
# without updating the rule group, set `DryRun` to `TRUE`.
|
3208
|
+
#
|
3152
3209
|
# @return [Types::UpdateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
3153
3210
|
#
|
3154
3211
|
# * {Types::UpdateRuleGroupResponse#update_token #update_token} => String
|
@@ -3278,6 +3335,7 @@ module Aws::NetworkFirewall
|
|
3278
3335
|
# source_arn: "ResourceArn",
|
3279
3336
|
# source_update_token: "UpdateToken",
|
3280
3337
|
# },
|
3338
|
+
# analyze_rule_group: false,
|
3281
3339
|
# })
|
3282
3340
|
#
|
3283
3341
|
# @example Response structure
|
@@ -3289,7 +3347,7 @@ module Aws::NetworkFirewall
|
|
3289
3347
|
# resp.rule_group_response.description #=> String
|
3290
3348
|
# resp.rule_group_response.type #=> String, one of "STATELESS", "STATEFUL"
|
3291
3349
|
# resp.rule_group_response.capacity #=> Integer
|
3292
|
-
# resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING"
|
3350
|
+
# resp.rule_group_response.rule_group_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
|
3293
3351
|
# resp.rule_group_response.tags #=> Array
|
3294
3352
|
# resp.rule_group_response.tags[0].key #=> String
|
3295
3353
|
# resp.rule_group_response.tags[0].value #=> String
|
@@ -3301,6 +3359,11 @@ module Aws::NetworkFirewall
|
|
3301
3359
|
# resp.rule_group_response.source_metadata.source_update_token #=> String
|
3302
3360
|
# resp.rule_group_response.sns_topic #=> String
|
3303
3361
|
# resp.rule_group_response.last_modified_time #=> Time
|
3362
|
+
# resp.rule_group_response.analysis_results #=> Array
|
3363
|
+
# resp.rule_group_response.analysis_results[0].identified_rule_ids #=> Array
|
3364
|
+
# resp.rule_group_response.analysis_results[0].identified_rule_ids[0] #=> String
|
3365
|
+
# resp.rule_group_response.analysis_results[0].identified_type #=> String, one of "STATELESS_RULE_FORWARDING_ASYMMETRICALLY", "STATELESS_RULE_CONTAINS_TCP_FLAGS"
|
3366
|
+
# resp.rule_group_response.analysis_results[0].analysis_detail #=> String
|
3304
3367
|
#
|
3305
3368
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup AWS API Documentation
|
3306
3369
|
#
|
@@ -3382,9 +3445,9 @@ module Aws::NetworkFirewall
|
|
3382
3445
|
|
3383
3446
|
# Updates the TLS inspection configuration settings for the specified
|
3384
3447
|
# TLS inspection configuration. You use a TLS inspection configuration
|
3385
|
-
# by
|
3386
|
-
# inspection configuration, you modify all firewall policies that
|
3387
|
-
# the TLS inspection configuration.
|
3448
|
+
# by referencing it in one or more firewall policies. When you modify a
|
3449
|
+
# TLS inspection configuration, you modify all firewall policies that
|
3450
|
+
# use the TLS inspection configuration.
|
3388
3451
|
#
|
3389
3452
|
# To update a TLS inspection configuration, first call
|
3390
3453
|
# DescribeTLSInspectionConfiguration to retrieve the current
|
@@ -3411,12 +3474,12 @@ module Aws::NetworkFirewall
|
|
3411
3474
|
# To use a TLS inspection configuration, you add it to a new Network
|
3412
3475
|
# Firewall firewall policy, then you apply the firewall policy to a
|
3413
3476
|
# firewall. Network Firewall acts as a proxy service to decrypt and
|
3414
|
-
# inspect
|
3415
|
-
# configuration from more than one firewall
|
3416
|
-
# firewall policy in more than one firewall.
|
3417
|
-
# using TLS inspection configurations, see
|
3418
|
-
# with TLS inspection configurations][1] in
|
3419
|
-
# Developer Guide*.
|
3477
|
+
# inspect the traffic traveling through your firewalls. You can
|
3478
|
+
# reference a TLS inspection configuration from more than one firewall
|
3479
|
+
# policy, and you can use a firewall policy in more than one firewall.
|
3480
|
+
# For more information about using TLS inspection configurations, see
|
3481
|
+
# [Inspecting SSL/TLS traffic with TLS inspection configurations][1] in
|
3482
|
+
# the *Network Firewall Developer Guide*.
|
3420
3483
|
#
|
3421
3484
|
#
|
3422
3485
|
#
|
@@ -3489,6 +3552,11 @@ module Aws::NetworkFirewall
|
|
3489
3552
|
# protocols: [1],
|
3490
3553
|
# },
|
3491
3554
|
# ],
|
3555
|
+
# certificate_authority_arn: "ResourceArn",
|
3556
|
+
# check_certificate_revocation_status: {
|
3557
|
+
# revoked_status_action: "PASS", # accepts PASS, DROP, REJECT
|
3558
|
+
# unknown_status_action: "PASS", # accepts PASS, DROP, REJECT
|
3559
|
+
# },
|
3492
3560
|
# },
|
3493
3561
|
# ],
|
3494
3562
|
# },
|
@@ -3506,7 +3574,7 @@ module Aws::NetworkFirewall
|
|
3506
3574
|
# resp.tls_inspection_configuration_response.tls_inspection_configuration_arn #=> String
|
3507
3575
|
# resp.tls_inspection_configuration_response.tls_inspection_configuration_name #=> String
|
3508
3576
|
# resp.tls_inspection_configuration_response.tls_inspection_configuration_id #=> String
|
3509
|
-
# resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING"
|
3577
|
+
# resp.tls_inspection_configuration_response.tls_inspection_configuration_status #=> String, one of "ACTIVE", "DELETING", "ERROR"
|
3510
3578
|
# resp.tls_inspection_configuration_response.description #=> String
|
3511
3579
|
# resp.tls_inspection_configuration_response.tags #=> Array
|
3512
3580
|
# resp.tls_inspection_configuration_response.tags[0].key #=> String
|
@@ -3520,6 +3588,10 @@ module Aws::NetworkFirewall
|
|
3520
3588
|
# resp.tls_inspection_configuration_response.certificates[0].certificate_serial #=> String
|
3521
3589
|
# resp.tls_inspection_configuration_response.certificates[0].status #=> String
|
3522
3590
|
# resp.tls_inspection_configuration_response.certificates[0].status_message #=> String
|
3591
|
+
# resp.tls_inspection_configuration_response.certificate_authority.certificate_arn #=> String
|
3592
|
+
# resp.tls_inspection_configuration_response.certificate_authority.certificate_serial #=> String
|
3593
|
+
# resp.tls_inspection_configuration_response.certificate_authority.status #=> String
|
3594
|
+
# resp.tls_inspection_configuration_response.certificate_authority.status_message #=> String
|
3523
3595
|
#
|
3524
3596
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateTLSInspectionConfiguration AWS API Documentation
|
3525
3597
|
#
|
@@ -3543,7 +3615,7 @@ module Aws::NetworkFirewall
|
|
3543
3615
|
params: params,
|
3544
3616
|
config: config)
|
3545
3617
|
context[:gem_name] = 'aws-sdk-networkfirewall'
|
3546
|
-
context[:gem_version] = '1.
|
3618
|
+
context[:gem_version] = '1.37.0'
|
3547
3619
|
Seahorse::Client::Request.new(handlers, context)
|
3548
3620
|
end
|
3549
3621
|
|
@@ -18,6 +18,8 @@ module Aws::NetworkFirewall
|
|
18
18
|
Address = Shapes::StructureShape.new(name: 'Address')
|
19
19
|
AddressDefinition = Shapes::StringShape.new(name: 'AddressDefinition')
|
20
20
|
Addresses = Shapes::ListShape.new(name: 'Addresses')
|
21
|
+
AnalysisResult = Shapes::StructureShape.new(name: 'AnalysisResult')
|
22
|
+
AnalysisResultList = Shapes::ListShape.new(name: 'AnalysisResultList')
|
21
23
|
AssociateFirewallPolicyRequest = Shapes::StructureShape.new(name: 'AssociateFirewallPolicyRequest')
|
22
24
|
AssociateFirewallPolicyResponse = Shapes::StructureShape.new(name: 'AssociateFirewallPolicyResponse')
|
23
25
|
AssociateSubnetsRequest = Shapes::StructureShape.new(name: 'AssociateSubnetsRequest')
|
@@ -32,6 +34,7 @@ module Aws::NetworkFirewall
|
|
32
34
|
CIDRSummary = Shapes::StructureShape.new(name: 'CIDRSummary')
|
33
35
|
CapacityUsageSummary = Shapes::StructureShape.new(name: 'CapacityUsageSummary')
|
34
36
|
Certificates = Shapes::ListShape.new(name: 'Certificates')
|
37
|
+
CheckCertificateRevocationStatusActions = Shapes::StructureShape.new(name: 'CheckCertificateRevocationStatusActions')
|
35
38
|
CollectionMember_String = Shapes::StringShape.new(name: 'CollectionMember_String')
|
36
39
|
ConfigurationSyncState = Shapes::StringShape.new(name: 'ConfigurationSyncState')
|
37
40
|
CreateFirewallPolicyRequest = Shapes::StructureShape.new(name: 'CreateFirewallPolicyRequest')
|
@@ -102,6 +105,7 @@ module Aws::NetworkFirewall
|
|
102
105
|
IPSetReferenceMap = Shapes::MapShape.new(name: 'IPSetReferenceMap')
|
103
106
|
IPSetReferenceName = Shapes::StringShape.new(name: 'IPSetReferenceName')
|
104
107
|
IPSets = Shapes::MapShape.new(name: 'IPSets')
|
108
|
+
IdentifiedType = Shapes::StringShape.new(name: 'IdentifiedType')
|
105
109
|
InsufficientCapacityException = Shapes::StructureShape.new(name: 'InsufficientCapacityException')
|
106
110
|
InternalServerError = Shapes::StructureShape.new(name: 'InternalServerError')
|
107
111
|
InvalidOperationException = Shapes::StructureShape.new(name: 'InvalidOperationException')
|
@@ -159,6 +163,7 @@ module Aws::NetworkFirewall
|
|
159
163
|
ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
|
160
164
|
ResourceOwnerCheckException = Shapes::StructureShape.new(name: 'ResourceOwnerCheckException')
|
161
165
|
ResourceStatus = Shapes::StringShape.new(name: 'ResourceStatus')
|
166
|
+
RevocationCheckAction = Shapes::StringShape.new(name: 'RevocationCheckAction')
|
162
167
|
RuleCapacity = Shapes::IntegerShape.new(name: 'RuleCapacity')
|
163
168
|
RuleDefinition = Shapes::StructureShape.new(name: 'RuleDefinition')
|
164
169
|
RuleGroup = Shapes::StructureShape.new(name: 'RuleGroup')
|
@@ -166,6 +171,7 @@ module Aws::NetworkFirewall
|
|
166
171
|
RuleGroupResponse = Shapes::StructureShape.new(name: 'RuleGroupResponse')
|
167
172
|
RuleGroupType = Shapes::StringShape.new(name: 'RuleGroupType')
|
168
173
|
RuleGroups = Shapes::ListShape.new(name: 'RuleGroups')
|
174
|
+
RuleIdList = Shapes::ListShape.new(name: 'RuleIdList')
|
169
175
|
RuleOption = Shapes::StructureShape.new(name: 'RuleOption')
|
170
176
|
RuleOptions = Shapes::ListShape.new(name: 'RuleOptions')
|
171
177
|
RuleOrder = Shapes::StringShape.new(name: 'RuleOrder')
|
@@ -264,6 +270,13 @@ module Aws::NetworkFirewall
|
|
264
270
|
|
265
271
|
Addresses.member = Shapes::ShapeRef.new(shape: Address)
|
266
272
|
|
273
|
+
AnalysisResult.add_member(:identified_rule_ids, Shapes::ShapeRef.new(shape: RuleIdList, location_name: "IdentifiedRuleIds"))
|
274
|
+
AnalysisResult.add_member(:identified_type, Shapes::ShapeRef.new(shape: IdentifiedType, location_name: "IdentifiedType"))
|
275
|
+
AnalysisResult.add_member(:analysis_detail, Shapes::ShapeRef.new(shape: CollectionMember_String, location_name: "AnalysisDetail"))
|
276
|
+
AnalysisResult.struct_class = Types::AnalysisResult
|
277
|
+
|
278
|
+
AnalysisResultList.member = Shapes::ShapeRef.new(shape: AnalysisResult)
|
279
|
+
|
267
280
|
AssociateFirewallPolicyRequest.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
|
268
281
|
AssociateFirewallPolicyRequest.add_member(:firewall_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "FirewallArn"))
|
269
282
|
AssociateFirewallPolicyRequest.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
|
@@ -306,6 +319,10 @@ module Aws::NetworkFirewall
|
|
306
319
|
|
307
320
|
Certificates.member = Shapes::ShapeRef.new(shape: TlsCertificateData)
|
308
321
|
|
322
|
+
CheckCertificateRevocationStatusActions.add_member(:revoked_status_action, Shapes::ShapeRef.new(shape: RevocationCheckAction, location_name: "RevokedStatusAction"))
|
323
|
+
CheckCertificateRevocationStatusActions.add_member(:unknown_status_action, Shapes::ShapeRef.new(shape: RevocationCheckAction, location_name: "UnknownStatusAction"))
|
324
|
+
CheckCertificateRevocationStatusActions.struct_class = Types::CheckCertificateRevocationStatusActions
|
325
|
+
|
309
326
|
CreateFirewallPolicyRequest.add_member(:firewall_policy_name, Shapes::ShapeRef.new(shape: ResourceName, required: true, location_name: "FirewallPolicyName"))
|
310
327
|
CreateFirewallPolicyRequest.add_member(:firewall_policy, Shapes::ShapeRef.new(shape: FirewallPolicy, required: true, location_name: "FirewallPolicy"))
|
311
328
|
CreateFirewallPolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
|
@@ -344,6 +361,7 @@ module Aws::NetworkFirewall
|
|
344
361
|
CreateRuleGroupRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
|
345
362
|
CreateRuleGroupRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
|
346
363
|
CreateRuleGroupRequest.add_member(:source_metadata, Shapes::ShapeRef.new(shape: SourceMetadata, location_name: "SourceMetadata"))
|
364
|
+
CreateRuleGroupRequest.add_member(:analyze_rule_group, Shapes::ShapeRef.new(shape: Boolean, location_name: "AnalyzeRuleGroup"))
|
347
365
|
CreateRuleGroupRequest.struct_class = Types::CreateRuleGroupRequest
|
348
366
|
|
349
367
|
CreateRuleGroupResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
|
@@ -451,6 +469,7 @@ module Aws::NetworkFirewall
|
|
451
469
|
DescribeRuleGroupRequest.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "RuleGroupName"))
|
452
470
|
DescribeRuleGroupRequest.add_member(:rule_group_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "RuleGroupArn"))
|
453
471
|
DescribeRuleGroupRequest.add_member(:type, Shapes::ShapeRef.new(shape: RuleGroupType, location_name: "Type"))
|
472
|
+
DescribeRuleGroupRequest.add_member(:analyze_rule_group, Shapes::ShapeRef.new(shape: Boolean, location_name: "AnalyzeRuleGroup"))
|
454
473
|
DescribeRuleGroupRequest.struct_class = Types::DescribeRuleGroupRequest
|
455
474
|
|
456
475
|
DescribeRuleGroupResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
|
@@ -729,10 +748,13 @@ module Aws::NetworkFirewall
|
|
729
748
|
RuleGroupResponse.add_member(:source_metadata, Shapes::ShapeRef.new(shape: SourceMetadata, location_name: "SourceMetadata"))
|
730
749
|
RuleGroupResponse.add_member(:sns_topic, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "SnsTopic"))
|
731
750
|
RuleGroupResponse.add_member(:last_modified_time, Shapes::ShapeRef.new(shape: LastUpdateTime, location_name: "LastModifiedTime"))
|
751
|
+
RuleGroupResponse.add_member(:analysis_results, Shapes::ShapeRef.new(shape: AnalysisResultList, location_name: "AnalysisResults"))
|
732
752
|
RuleGroupResponse.struct_class = Types::RuleGroupResponse
|
733
753
|
|
734
754
|
RuleGroups.member = Shapes::ShapeRef.new(shape: RuleGroupMetadata)
|
735
755
|
|
756
|
+
RuleIdList.member = Shapes::ShapeRef.new(shape: CollectionMember_String)
|
757
|
+
|
736
758
|
RuleOption.add_member(:keyword, Shapes::ShapeRef.new(shape: Keyword, required: true, location_name: "Keyword"))
|
737
759
|
RuleOption.add_member(:settings, Shapes::ShapeRef.new(shape: Settings, location_name: "Settings"))
|
738
760
|
RuleOption.struct_class = Types::RuleOption
|
@@ -761,6 +783,8 @@ module Aws::NetworkFirewall
|
|
761
783
|
|
762
784
|
ServerCertificateConfiguration.add_member(:server_certificates, Shapes::ShapeRef.new(shape: ServerCertificates, location_name: "ServerCertificates"))
|
763
785
|
ServerCertificateConfiguration.add_member(:scopes, Shapes::ShapeRef.new(shape: ServerCertificateScopes, location_name: "Scopes"))
|
786
|
+
ServerCertificateConfiguration.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "CertificateAuthorityArn"))
|
787
|
+
ServerCertificateConfiguration.add_member(:check_certificate_revocation_status, Shapes::ShapeRef.new(shape: CheckCertificateRevocationStatusActions, location_name: "CheckCertificateRevocationStatus"))
|
764
788
|
ServerCertificateConfiguration.struct_class = Types::ServerCertificateConfiguration
|
765
789
|
|
766
790
|
ServerCertificateConfigurations.member = Shapes::ShapeRef.new(shape: ServerCertificateConfiguration)
|
@@ -865,6 +889,7 @@ module Aws::NetworkFirewall
|
|
865
889
|
TLSInspectionConfigurationResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
|
866
890
|
TLSInspectionConfigurationResponse.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
|
867
891
|
TLSInspectionConfigurationResponse.add_member(:certificates, Shapes::ShapeRef.new(shape: Certificates, location_name: "Certificates"))
|
892
|
+
TLSInspectionConfigurationResponse.add_member(:certificate_authority, Shapes::ShapeRef.new(shape: TlsCertificateData, location_name: "CertificateAuthority"))
|
868
893
|
TLSInspectionConfigurationResponse.struct_class = Types::TLSInspectionConfigurationResponse
|
869
894
|
|
870
895
|
TLSInspectionConfigurations.member = Shapes::ShapeRef.new(shape: TLSInspectionConfigurationMetadata)
|
@@ -984,6 +1009,7 @@ module Aws::NetworkFirewall
|
|
984
1009
|
UpdateRuleGroupRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
|
985
1010
|
UpdateRuleGroupRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
|
986
1011
|
UpdateRuleGroupRequest.add_member(:source_metadata, Shapes::ShapeRef.new(shape: SourceMetadata, location_name: "SourceMetadata"))
|
1012
|
+
UpdateRuleGroupRequest.add_member(:analyze_rule_group, Shapes::ShapeRef.new(shape: Boolean, location_name: "AnalyzeRuleGroup"))
|
987
1013
|
UpdateRuleGroupRequest.struct_class = Types::UpdateRuleGroupRequest
|
988
1014
|
|
989
1015
|
UpdateRuleGroupResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
|
@@ -32,7 +32,7 @@ module Aws::NetworkFirewall
|
|
32
32
|
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
33
33
|
end
|
34
34
|
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
35
|
-
if Aws::Endpoints::Matchers.boolean_equals?(
|
35
|
+
if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
|
36
36
|
return Aws::Endpoints::Endpoint.new(url: "https://network-firewall-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
37
37
|
end
|
38
38
|
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
@@ -74,6 +74,70 @@ module Aws::NetworkFirewall
|
|
74
74
|
include Aws::Structure
|
75
75
|
end
|
76
76
|
|
77
|
+
# The analysis result for Network Firewall's stateless rule group
|
78
|
+
# analyzer. Every time you call CreateRuleGroup, UpdateRuleGroup, or
|
79
|
+
# DescribeRuleGroup on a stateless rule group, Network Firewall analyzes
|
80
|
+
# the stateless rule groups in your account and identifies the rules
|
81
|
+
# that might adversely effect your firewall's functionality. For
|
82
|
+
# example, if Network Firewall detects a rule that's routing traffic
|
83
|
+
# asymmetrically, which impacts the service's ability to properly
|
84
|
+
# process traffic, the service includes the rule in a list of analysis
|
85
|
+
# results.
|
86
|
+
#
|
87
|
+
# @!attribute [rw] identified_rule_ids
|
88
|
+
# The priority number of the stateless rules identified in the
|
89
|
+
# analysis.
|
90
|
+
# @return [Array<String>]
|
91
|
+
#
|
92
|
+
# @!attribute [rw] identified_type
|
93
|
+
# The types of rule configurations that Network Firewall analyzes your
|
94
|
+
# rule groups for. Network Firewall analyzes stateless rule groups for
|
95
|
+
# the following types of rule configurations:
|
96
|
+
#
|
97
|
+
# * `STATELESS_RULE_FORWARDING_ASYMMETRICALLY`
|
98
|
+
#
|
99
|
+
# Cause: One or more stateless rules with the action `pass` or
|
100
|
+
# `forward` are forwarding traffic asymmetrically. Specifically, the
|
101
|
+
# rule's set of source IP addresses or their associated port
|
102
|
+
# numbers, don't match the set of destination IP addresses or their
|
103
|
+
# associated port numbers.
|
104
|
+
#
|
105
|
+
# To mitigate: Make sure that there's an existing return path. For
|
106
|
+
# example, if the rule allows traffic from source 10.1.0.0/24 to
|
107
|
+
# destination 20.1.0.0/24, you should allow return traffic from
|
108
|
+
# source 20.1.0.0/24 to destination 10.1.0.0/24.
|
109
|
+
#
|
110
|
+
# * `STATELESS_RULE_CONTAINS_TCP_FLAGS`
|
111
|
+
#
|
112
|
+
# Cause: At least one stateless rule with the action `pass`
|
113
|
+
# or`forward` contains TCP flags that are inconsistent in the
|
114
|
+
# forward and return directions.
|
115
|
+
#
|
116
|
+
# To mitigate: Prevent asymmetric routing issues caused by TCP flags
|
117
|
+
# by following these actions:
|
118
|
+
#
|
119
|
+
# * Remove unnecessary TCP flag inspections from the rules.
|
120
|
+
#
|
121
|
+
# * If you need to inspect TCP flags, check that the rules correctly
|
122
|
+
# account for changes in TCP flags throughout the TCP connection
|
123
|
+
# cycle, for example `SYN` and `ACK` flags used in a 3-way TCP
|
124
|
+
# handshake.
|
125
|
+
# @return [String]
|
126
|
+
#
|
127
|
+
# @!attribute [rw] analysis_detail
|
128
|
+
# Provides analysis details for the identified rule.
|
129
|
+
# @return [String]
|
130
|
+
#
|
131
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AnalysisResult AWS API Documentation
|
132
|
+
#
|
133
|
+
class AnalysisResult < Struct.new(
|
134
|
+
:identified_rule_ids,
|
135
|
+
:identified_type,
|
136
|
+
:analysis_detail)
|
137
|
+
SENSITIVE = []
|
138
|
+
include Aws::Structure
|
139
|
+
end
|
140
|
+
|
77
141
|
# @!attribute [rw] update_token
|
78
142
|
# An optional token that you can use for optimistic locking. Network
|
79
143
|
# Firewall returns a token to your requests that access the firewall.
|
@@ -355,6 +419,55 @@ module Aws::NetworkFirewall
|
|
355
419
|
include Aws::Structure
|
356
420
|
end
|
357
421
|
|
422
|
+
# Defines the actions to take on the SSL/TLS connection if the
|
423
|
+
# certificate presented by the server in the connection has a revoked or
|
424
|
+
# unknown status.
|
425
|
+
#
|
426
|
+
# @!attribute [rw] revoked_status_action
|
427
|
+
# Configures how Network Firewall processes traffic when it determines
|
428
|
+
# that the certificate presented by the server in the SSL/TLS
|
429
|
+
# connection has a revoked status.
|
430
|
+
#
|
431
|
+
# * **PASS** - Allow the connection to continue, and pass subsequent
|
432
|
+
# packets to the stateful engine for inspection.
|
433
|
+
#
|
434
|
+
# * **DROP** - Network Firewall closes the connection and drops
|
435
|
+
# subsequent packets for that connection.
|
436
|
+
#
|
437
|
+
# * **REJECT** - Network Firewall sends a TCP reject packet back to
|
438
|
+
# your client. The service closes the connection and drops
|
439
|
+
# subsequent packets for that connection. `REJECT` is available only
|
440
|
+
# for TCP traffic.
|
441
|
+
# @return [String]
|
442
|
+
#
|
443
|
+
# @!attribute [rw] unknown_status_action
|
444
|
+
# Configures how Network Firewall processes traffic when it determines
|
445
|
+
# that the certificate presented by the server in the SSL/TLS
|
446
|
+
# connection has an unknown status, or a status that cannot be
|
447
|
+
# determined for any other reason, including when the service is
|
448
|
+
# unable to connect to the OCSP and CRL endpoints for the certificate.
|
449
|
+
#
|
450
|
+
# * **PASS** - Allow the connection to continue, and pass subsequent
|
451
|
+
# packets to the stateful engine for inspection.
|
452
|
+
#
|
453
|
+
# * **DROP** - Network Firewall closes the connection and drops
|
454
|
+
# subsequent packets for that connection.
|
455
|
+
#
|
456
|
+
# * **REJECT** - Network Firewall sends a TCP reject packet back to
|
457
|
+
# your client. The service closes the connection and drops
|
458
|
+
# subsequent packets for that connection. `REJECT` is available only
|
459
|
+
# for TCP traffic.
|
460
|
+
# @return [String]
|
461
|
+
#
|
462
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CheckCertificateRevocationStatusActions AWS API Documentation
|
463
|
+
#
|
464
|
+
class CheckCertificateRevocationStatusActions < Struct.new(
|
465
|
+
:revoked_status_action,
|
466
|
+
:unknown_status_action)
|
467
|
+
SENSITIVE = []
|
468
|
+
include Aws::Structure
|
469
|
+
end
|
470
|
+
|
358
471
|
# @!attribute [rw] firewall_policy_name
|
359
472
|
# The descriptive name of the firewall policy. You can't change the
|
360
473
|
# name of a firewall policy after you create it.
|
@@ -655,6 +768,14 @@ module Aws::NetworkFirewall
|
|
655
768
|
# track of updates made to the originating rule group.
|
656
769
|
# @return [Types::SourceMetadata]
|
657
770
|
#
|
771
|
+
# @!attribute [rw] analyze_rule_group
|
772
|
+
# Indicates whether you want Network Firewall to analyze the stateless
|
773
|
+
# rules in the rule group for rule behavior such as asymmetric
|
774
|
+
# routing. If set to `TRUE`, Network Firewall runs the analysis and
|
775
|
+
# then creates the rule group for you. To run the stateless rule group
|
776
|
+
# analyzer without creating the rule group, set `DryRun` to `TRUE`.
|
777
|
+
# @return [Boolean]
|
778
|
+
#
|
658
779
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroupRequest AWS API Documentation
|
659
780
|
#
|
660
781
|
class CreateRuleGroupRequest < Struct.new(
|
@@ -667,7 +788,8 @@ module Aws::NetworkFirewall
|
|
667
788
|
:tags,
|
668
789
|
:dry_run,
|
669
790
|
:encryption_configuration,
|
670
|
-
:source_metadata
|
791
|
+
:source_metadata,
|
792
|
+
:analyze_rule_group)
|
671
793
|
SENSITIVE = []
|
672
794
|
include Aws::Structure
|
673
795
|
end
|
@@ -720,12 +842,12 @@ module Aws::NetworkFirewall
|
|
720
842
|
# To use a TLS inspection configuration, you add it to a new Network
|
721
843
|
# Firewall firewall policy, then you apply the firewall policy to a
|
722
844
|
# firewall. Network Firewall acts as a proxy service to decrypt and
|
723
|
-
# inspect
|
724
|
-
# configuration from more than one firewall
|
725
|
-
# firewall policy in more than one firewall.
|
726
|
-
# about using TLS inspection configurations, see
|
727
|
-
# traffic with TLS inspection configurations][1]
|
728
|
-
# Firewall Developer Guide*.
|
845
|
+
# inspect the traffic traveling through your firewalls. You can
|
846
|
+
# reference a TLS inspection configuration from more than one firewall
|
847
|
+
# policy, and you can use a firewall policy in more than one firewall.
|
848
|
+
# For more information about using TLS inspection configurations, see
|
849
|
+
# [Inspecting SSL/TLS traffic with TLS inspection configurations][1]
|
850
|
+
# in the *Network Firewall Developer Guide*.
|
729
851
|
#
|
730
852
|
#
|
731
853
|
#
|
@@ -1333,12 +1455,19 @@ module Aws::NetworkFirewall
|
|
1333
1455
|
# </note>
|
1334
1456
|
# @return [String]
|
1335
1457
|
#
|
1458
|
+
# @!attribute [rw] analyze_rule_group
|
1459
|
+
# Indicates whether you want Network Firewall to analyze the stateless
|
1460
|
+
# rules in the rule group for rule behavior such as asymmetric
|
1461
|
+
# routing. If set to `TRUE`, Network Firewall runs the analysis.
|
1462
|
+
# @return [Boolean]
|
1463
|
+
#
|
1336
1464
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupRequest AWS API Documentation
|
1337
1465
|
#
|
1338
1466
|
class DescribeRuleGroupRequest < Struct.new(
|
1339
1467
|
:rule_group_name,
|
1340
1468
|
:rule_group_arn,
|
1341
|
-
:type
|
1469
|
+
:type,
|
1470
|
+
:analyze_rule_group)
|
1342
1471
|
SENSITIVE = []
|
1343
1472
|
include Aws::Structure
|
1344
1473
|
end
|
@@ -1441,12 +1570,12 @@ module Aws::NetworkFirewall
|
|
1441
1570
|
# To use a TLS inspection configuration, you add it to a new Network
|
1442
1571
|
# Firewall firewall policy, then you apply the firewall policy to a
|
1443
1572
|
# firewall. Network Firewall acts as a proxy service to decrypt and
|
1444
|
-
# inspect
|
1445
|
-
# configuration from more than one firewall
|
1446
|
-
# firewall policy in more than one firewall.
|
1447
|
-
# about using TLS inspection configurations, see
|
1448
|
-
# traffic with TLS inspection configurations][1]
|
1449
|
-
# Firewall Developer Guide*.
|
1573
|
+
# inspect the traffic traveling through your firewalls. You can
|
1574
|
+
# reference a TLS inspection configuration from more than one firewall
|
1575
|
+
# policy, and you can use a firewall policy in more than one firewall.
|
1576
|
+
# For more information about using TLS inspection configurations, see
|
1577
|
+
# [Inspecting SSL/TLS traffic with TLS inspection configurations][1]
|
1578
|
+
# in the *Network Firewall Developer Guide*.
|
1450
1579
|
#
|
1451
1580
|
#
|
1452
1581
|
#
|
@@ -2210,7 +2339,7 @@ module Aws::NetworkFirewall
|
|
2210
2339
|
include Aws::Structure
|
2211
2340
|
end
|
2212
2341
|
|
2213
|
-
# Your request is valid, but Network Firewall couldn
|
2342
|
+
# Your request is valid, but Network Firewall couldn't perform the
|
2214
2343
|
# operation because of a system problem. Retry your request.
|
2215
2344
|
#
|
2216
2345
|
# @!attribute [rw] message
|
@@ -2984,7 +3113,12 @@ module Aws::NetworkFirewall
|
|
2984
3113
|
# Additional options governing how Network Firewall handles stateful
|
2985
3114
|
# rules. The policies where you use your stateful rule group must have
|
2986
3115
|
# stateful rule options settings that are compatible with these
|
2987
|
-
# settings.
|
3116
|
+
# settings. Some limitations apply; for more information, see [Strict
|
3117
|
+
# evaluation order][1] in the *Network Firewall Developer Guide*.
|
3118
|
+
#
|
3119
|
+
#
|
3120
|
+
#
|
3121
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-limitations-caveats.html
|
2988
3122
|
# @return [Types::StatefulRuleOptions]
|
2989
3123
|
#
|
2990
3124
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroup AWS API Documentation
|
@@ -3110,6 +3244,17 @@ module Aws::NetworkFirewall
|
|
3110
3244
|
# The last time that the rule group was changed.
|
3111
3245
|
# @return [Time]
|
3112
3246
|
#
|
3247
|
+
# @!attribute [rw] analysis_results
|
3248
|
+
# The list of analysis results for `AnalyzeRuleGroup`. If you set
|
3249
|
+
# `AnalyzeRuleGroup` to `TRUE` in CreateRuleGroup, UpdateRuleGroup, or
|
3250
|
+
# DescribeRuleGroup, Network Firewall analyzes the rule group and
|
3251
|
+
# identifies the rules that might adversely effect your firewall's
|
3252
|
+
# functionality. For example, if Network Firewall detects a rule
|
3253
|
+
# that's routing traffic asymmetrically, which impacts the service's
|
3254
|
+
# ability to properly process traffic, the service includes the rule
|
3255
|
+
# in the list of analysis results.
|
3256
|
+
# @return [Array<Types::AnalysisResult>]
|
3257
|
+
#
|
3113
3258
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroupResponse AWS API Documentation
|
3114
3259
|
#
|
3115
3260
|
class RuleGroupResponse < Struct.new(
|
@@ -3126,7 +3271,8 @@ module Aws::NetworkFirewall
|
|
3126
3271
|
:encryption_configuration,
|
3127
3272
|
:source_metadata,
|
3128
3273
|
:sns_topic,
|
3129
|
-
:last_modified_time
|
3274
|
+
:last_modified_time,
|
3275
|
+
:analysis_results)
|
3130
3276
|
SENSITIVE = []
|
3131
3277
|
include Aws::Structure
|
3132
3278
|
end
|
@@ -3190,14 +3336,18 @@ module Aws::NetworkFirewall
|
|
3190
3336
|
# instance of this for either stateless rules or stateful rules.
|
3191
3337
|
#
|
3192
3338
|
# @!attribute [rw] rules_string
|
3193
|
-
# Stateful inspection criteria, provided in Suricata compatible
|
3194
|
-
#
|
3195
|
-
#
|
3196
|
-
# traffic inspection.
|
3339
|
+
# Stateful inspection criteria, provided in Suricata compatible rules.
|
3340
|
+
# Suricata is an open-source threat detection framework that includes
|
3341
|
+
# a standard rule-based language for network traffic inspection.
|
3197
3342
|
#
|
3198
3343
|
# These rules contain the inspection criteria and the action to take
|
3199
3344
|
# for traffic that matches the criteria, so this type of rule group
|
3200
3345
|
# doesn't have a separate action setting.
|
3346
|
+
#
|
3347
|
+
# <note markdown="1"> You can't use the `priority` keyword if the `RuleOrder` option in
|
3348
|
+
# StatefulRuleOptions is set to `STRICT_ORDER`.
|
3349
|
+
#
|
3350
|
+
# </note>
|
3201
3351
|
# @return [String]
|
3202
3352
|
#
|
3203
3353
|
# @!attribute [rw] rules_source_list
|
@@ -3281,13 +3431,14 @@ module Aws::NetworkFirewall
|
|
3281
3431
|
include Aws::Structure
|
3282
3432
|
end
|
3283
3433
|
|
3284
|
-
# Any Certificate Manager Secure Sockets Layer/Transport Layer
|
3285
|
-
# (SSL/TLS) server certificate that's associated with a
|
3286
|
-
# ServerCertificateConfiguration
|
3287
|
-
#
|
3288
|
-
#
|
3289
|
-
#
|
3290
|
-
#
|
3434
|
+
# Any Certificate Manager (ACM) Secure Sockets Layer/Transport Layer
|
3435
|
+
# Security (SSL/TLS) server certificate that's associated with a
|
3436
|
+
# ServerCertificateConfiguration. Used in a TLSInspectionConfiguration
|
3437
|
+
# for inspection of inbound traffic to your firewall. You must request
|
3438
|
+
# or import a SSL/TLS certificate into ACM for each domain Network
|
3439
|
+
# Firewall needs to decrypt and inspect. Network Firewall uses the
|
3440
|
+
# SSL/TLS certificates to decrypt specified inbound SSL/TLS traffic
|
3441
|
+
# going to your firewall. For information about working with
|
3291
3442
|
# certificates in Certificate Manager, see [Request a public certificate
|
3292
3443
|
# ][1] or [Importing certificates][2] in the *Certificate Manager User
|
3293
3444
|
# Guide*.
|
@@ -3299,7 +3450,7 @@ module Aws::NetworkFirewall
|
|
3299
3450
|
#
|
3300
3451
|
# @!attribute [rw] resource_arn
|
3301
3452
|
# The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS
|
3302
|
-
# server certificate.
|
3453
|
+
# server certificate that's used for inbound SSL/TLS inspection.
|
3303
3454
|
# @return [String]
|
3304
3455
|
#
|
3305
3456
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ServerCertificate AWS API Documentation
|
@@ -3310,13 +3461,14 @@ module Aws::NetworkFirewall
|
|
3310
3461
|
include Aws::Structure
|
3311
3462
|
end
|
3312
3463
|
|
3313
|
-
# Configures the
|
3314
|
-
#
|
3315
|
-
#
|
3316
|
-
#
|
3317
|
-
#
|
3318
|
-
#
|
3319
|
-
#
|
3464
|
+
# Configures the Certificate Manager certificates and scope that Network
|
3465
|
+
# Firewall uses to decrypt and re-encrypt traffic using a
|
3466
|
+
# TLSInspectionConfiguration. You can configure `ServerCertificates` for
|
3467
|
+
# inbound SSL/TLS inspection, a `CertificateAuthorityArn` for outbound
|
3468
|
+
# SSL/TLS inspection, or both. For information about working with
|
3469
|
+
# certificates for TLS inspection, see [ Using SSL/TLS server
|
3470
|
+
# certficiates with TLS inspection configurations][1] in the *Network
|
3471
|
+
# Firewall Developer Guide*.
|
3320
3472
|
#
|
3321
3473
|
# <note markdown="1"> If a server certificate that's associated with your
|
3322
3474
|
# TLSInspectionConfiguration is revoked, deleted, or expired it can
|
@@ -3329,19 +3481,58 @@ module Aws::NetworkFirewall
|
|
3329
3481
|
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html
|
3330
3482
|
#
|
3331
3483
|
# @!attribute [rw] server_certificates
|
3332
|
-
# The list of
|
3333
|
-
#
|
3484
|
+
# The list of server certificates to use for inbound SSL/TLS
|
3485
|
+
# inspection.
|
3334
3486
|
# @return [Array<Types::ServerCertificate>]
|
3335
3487
|
#
|
3336
3488
|
# @!attribute [rw] scopes
|
3337
|
-
# A list of
|
3489
|
+
# A list of scopes.
|
3338
3490
|
# @return [Array<Types::ServerCertificateScope>]
|
3339
3491
|
#
|
3492
|
+
# @!attribute [rw] certificate_authority_arn
|
3493
|
+
# The Amazon Resource Name (ARN) of the imported certificate authority
|
3494
|
+
# (CA) certificate within Certificate Manager (ACM) to use for
|
3495
|
+
# outbound SSL/TLS inspection.
|
3496
|
+
#
|
3497
|
+
# The following limitations apply:
|
3498
|
+
#
|
3499
|
+
# * You can use CA certificates that you imported into ACM, but you
|
3500
|
+
# can't generate CA certificates with ACM.
|
3501
|
+
#
|
3502
|
+
# * You can't use certificates issued by Private Certificate
|
3503
|
+
# Authority.
|
3504
|
+
#
|
3505
|
+
# For more information about configuring certificates for outbound
|
3506
|
+
# inspection, see [Using SSL/TLS certificates with certificates with
|
3507
|
+
# TLS inspection configurations][1] in the *Network Firewall Developer
|
3508
|
+
# Guide*.
|
3509
|
+
#
|
3510
|
+
# For information about working with certificates in ACM, see
|
3511
|
+
# [Importing certificates][2] in the *Certificate Manager User Guide*.
|
3512
|
+
#
|
3513
|
+
#
|
3514
|
+
#
|
3515
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html
|
3516
|
+
# [2]: https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
|
3517
|
+
# @return [String]
|
3518
|
+
#
|
3519
|
+
# @!attribute [rw] check_certificate_revocation_status
|
3520
|
+
# When enabled, Network Firewall checks if the server certificate
|
3521
|
+
# presented by the server in the SSL/TLS connection has a revoked or
|
3522
|
+
# unkown status. If the certificate has an unknown or revoked status,
|
3523
|
+
# you must specify the actions that Network Firewall takes on outbound
|
3524
|
+
# traffic. To check the certificate revocation status, you must also
|
3525
|
+
# specify a `CertificateAuthorityArn` in
|
3526
|
+
# ServerCertificateConfiguration.
|
3527
|
+
# @return [Types::CheckCertificateRevocationStatusActions]
|
3528
|
+
#
|
3340
3529
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ServerCertificateConfiguration AWS API Documentation
|
3341
3530
|
#
|
3342
3531
|
class ServerCertificateConfiguration < Struct.new(
|
3343
3532
|
:server_certificates,
|
3344
|
-
:scopes
|
3533
|
+
:scopes,
|
3534
|
+
:certificate_authority_arn,
|
3535
|
+
:check_certificate_revocation_status)
|
3345
3536
|
SENSITIVE = []
|
3346
3537
|
include Aws::Structure
|
3347
3538
|
end
|
@@ -3436,11 +3627,17 @@ module Aws::NetworkFirewall
|
|
3436
3627
|
#
|
3437
3628
|
# @!attribute [rw] rule_order
|
3438
3629
|
# Indicates how to manage the order of stateful rule evaluation for
|
3439
|
-
# the policy. `
|
3440
|
-
#
|
3441
|
-
#
|
3442
|
-
#
|
3443
|
-
# the
|
3630
|
+
# the policy. `STRICT_ORDER` is the default and recommended option.
|
3631
|
+
# With `STRICT_ORDER`, provide your rules in the order that you want
|
3632
|
+
# them to be evaluated. You can then choose one or more default
|
3633
|
+
# actions for packets that don't match any rules. Choose
|
3634
|
+
# `STRICT_ORDER` to have the stateful rules engine determine the
|
3635
|
+
# evaluation order of your rules. The default action for this rule
|
3636
|
+
# order is `PASS`, followed by `DROP`, `REJECT`, and `ALERT` actions.
|
3637
|
+
# Stateful rules are provided to the rule engine as Suricata
|
3638
|
+
# compatible strings, and Suricata evaluates them based on your
|
3639
|
+
# settings. For more information, see [Evaluation order for stateful
|
3640
|
+
# rules][1] in the *Network Firewall Developer Guide*.
|
3444
3641
|
#
|
3445
3642
|
#
|
3446
3643
|
#
|
@@ -3507,9 +3704,8 @@ module Aws::NetworkFirewall
|
|
3507
3704
|
# destination and sends an alert log message, if alert logging is
|
3508
3705
|
# configured in the Firewall LoggingConfiguration.
|
3509
3706
|
#
|
3510
|
-
# * **ALERT** -
|
3511
|
-
#
|
3512
|
-
# the Firewall LoggingConfiguration.
|
3707
|
+
# * **ALERT** - Sends an alert log message, if alert logging is
|
3708
|
+
# configured in the Firewall LoggingConfiguration.
|
3513
3709
|
#
|
3514
3710
|
# You can use this action to test a rule that you intend to use to
|
3515
3711
|
# drop traffic. You can enable the rule with `ALERT` action, verify
|
@@ -3812,12 +4008,12 @@ module Aws::NetworkFirewall
|
|
3812
4008
|
# To use a TLS inspection configuration, you add it to a new Network
|
3813
4009
|
# Firewall firewall policy, then you apply the firewall policy to a
|
3814
4010
|
# firewall. Network Firewall acts as a proxy service to decrypt and
|
3815
|
-
# inspect
|
3816
|
-
# configuration from more than one firewall
|
3817
|
-
# firewall policy in more than one firewall.
|
3818
|
-
# using TLS inspection configurations, see
|
3819
|
-
# with TLS inspection configurations][1] in
|
3820
|
-
# Developer Guide*.
|
4011
|
+
# inspect the traffic traveling through your firewalls. You can
|
4012
|
+
# reference a TLS inspection configuration from more than one firewall
|
4013
|
+
# policy, and you can use a firewall policy in more than one firewall.
|
4014
|
+
# For more information about using TLS inspection configurations, see
|
4015
|
+
# [Inspecting SSL/TLS traffic with TLS inspection configurations][1] in
|
4016
|
+
# the *Network Firewall Developer Guide*.
|
3821
4017
|
#
|
3822
4018
|
#
|
3823
4019
|
#
|
@@ -3915,6 +4111,10 @@ module Aws::NetworkFirewall
|
|
3915
4111
|
# configuration.
|
3916
4112
|
# @return [Array<Types::TlsCertificateData>]
|
3917
4113
|
#
|
4114
|
+
# @!attribute [rw] certificate_authority
|
4115
|
+
# Contains metadata about an Certificate Manager certificate.
|
4116
|
+
# @return [Types::TlsCertificateData]
|
4117
|
+
#
|
3918
4118
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/TLSInspectionConfigurationResponse AWS API Documentation
|
3919
4119
|
#
|
3920
4120
|
class TLSInspectionConfigurationResponse < Struct.new(
|
@@ -3927,7 +4127,8 @@ module Aws::NetworkFirewall
|
|
3927
4127
|
:last_modified_time,
|
3928
4128
|
:number_of_associations,
|
3929
4129
|
:encryption_configuration,
|
3930
|
-
:certificates
|
4130
|
+
:certificates,
|
4131
|
+
:certificate_authority)
|
3931
4132
|
SENSITIVE = []
|
3932
4133
|
include Aws::Structure
|
3933
4134
|
end
|
@@ -4709,6 +4910,14 @@ module Aws::NetworkFirewall
|
|
4709
4910
|
# track of updates made to the originating rule group.
|
4710
4911
|
# @return [Types::SourceMetadata]
|
4711
4912
|
#
|
4913
|
+
# @!attribute [rw] analyze_rule_group
|
4914
|
+
# Indicates whether you want Network Firewall to analyze the stateless
|
4915
|
+
# rules in the rule group for rule behavior such as asymmetric
|
4916
|
+
# routing. If set to `TRUE`, Network Firewall runs the analysis and
|
4917
|
+
# then updates the rule group for you. To run the stateless rule group
|
4918
|
+
# analyzer without updating the rule group, set `DryRun` to `TRUE`.
|
4919
|
+
# @return [Boolean]
|
4920
|
+
#
|
4712
4921
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroupRequest AWS API Documentation
|
4713
4922
|
#
|
4714
4923
|
class UpdateRuleGroupRequest < Struct.new(
|
@@ -4721,7 +4930,8 @@ module Aws::NetworkFirewall
|
|
4721
4930
|
:description,
|
4722
4931
|
:dry_run,
|
4723
4932
|
:encryption_configuration,
|
4724
|
-
:source_metadata
|
4933
|
+
:source_metadata,
|
4934
|
+
:analyze_rule_group)
|
4725
4935
|
SENSITIVE = []
|
4726
4936
|
include Aws::Structure
|
4727
4937
|
end
|
@@ -4878,12 +5088,12 @@ module Aws::NetworkFirewall
|
|
4878
5088
|
# To use a TLS inspection configuration, you add it to a new Network
|
4879
5089
|
# Firewall firewall policy, then you apply the firewall policy to a
|
4880
5090
|
# firewall. Network Firewall acts as a proxy service to decrypt and
|
4881
|
-
# inspect
|
4882
|
-
# configuration from more than one firewall
|
4883
|
-
# firewall policy in more than one firewall.
|
4884
|
-
# about using TLS inspection configurations, see
|
4885
|
-
# traffic with TLS inspection configurations][1]
|
4886
|
-
# Firewall Developer Guide*.
|
5091
|
+
# inspect the traffic traveling through your firewalls. You can
|
5092
|
+
# reference a TLS inspection configuration from more than one firewall
|
5093
|
+
# policy, and you can use a firewall policy in more than one firewall.
|
5094
|
+
# For more information about using TLS inspection configurations, see
|
5095
|
+
# [Inspecting SSL/TLS traffic with TLS inspection configurations][1]
|
5096
|
+
# in the *Network Firewall Developer Guide*.
|
4887
5097
|
#
|
4888
5098
|
#
|
4889
5099
|
#
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-networkfirewall
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.37.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-11-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|