aws-sdk-networkfirewall 1.46.0 → 1.48.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0a76ef696d1a331f35f03d2a8e93e970488e81849bbbeb97eda0469a82cc4b8d
-  data.tar.gz: d15f354062995f93d191439ac608d2544cf65d5c96d93ed07ed0a46c5fede6dc
+  metadata.gz: b546797808123a231ff6fff93bed1db903297ffc984182fb23059b35d8f38933
+  data.tar.gz: 1db2f3de8ec6245f72beae7082b3834841b90ea4ffd9dfe59982f5e909510b5e
 SHA512:
-  metadata.gz: 896507096933b9dce4ef4c2b59af52d330310194d637060e91282eb670a58ba08dae04050c638bcdf8c6ce770aefd211119ebc5656d1fc5a765c3f77a5f6275b
-  data.tar.gz: 7b9c925c21ba50be1f984782f2664ffc105d908b971c8ab81aee6962ff35fb9bbb0b398e454bdecc4b95a60da924f0061729231670c95ff935ddfc6ac02e8864
+  metadata.gz: ef6611a4ffa9ba062aa5f9a4039567c00863abdf16ce68738eab60008ea3d3c49997db1e9c67b43306e7b2a531d03c8dfb41a45e002ace13f4406b0448711c1c
+  data.tar.gz: 421979f20e2e0c732c8a7fc2f2a78b3b3f7f5dd1e091662e71463fabf5ee2bb262eba7bb4cd60d89245a989585702527c5b11298117f121f8492d903d0a2779e

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.48.0 (2024-07-25)
+------------------
+
+* Feature - You can now log events that are related to TLS inspection, in addition to the existing alert and flow logging.
+
+1.47.0 (2024-07-02)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.46.0 (2024-06-28)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.46.0
+1.48.0

data/lib/aws-sdk-networkfirewall/client.rb

@@ -312,6 +312,15 @@ module Aws::NetworkFirewall
     #
     #   @option options [String] :session_token
     #
+    #   @option options [Array] :sigv4a_signing_region_set
+    #     A list of regions that should be signed with SigV4a signing. When
+    #     not passed, a default `:sigv4a_signing_region_set` is searched for
+    #     in the following locations:
+    #
+    #     * `Aws.config[:sigv4a_signing_region_set]`
+    #     * `ENV['AWS_SIGV4A_SIGNING_REGION_SET']`
+    #     * `~/.aws/config`
+    #
     #   @option options [Boolean] :simple_json (false)
     #     Disables request parameter conversion, validation, and formatting.
     #     Also disables response data type conversions. The request parameters
@@ -1160,14 +1169,16 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
 
-    # Creates an Network Firewall TLS inspection configuration. A TLS
-    # inspection configuration contains Certificate Manager certificate
-    # associations between and the scope configurations that Network
-    # Firewall uses to decrypt and re-encrypt traffic traveling through your
-    # firewall.
-    #
-    # After you create a TLS inspection configuration, you can associate it
-    # with a new firewall policy.
+    # Creates an Network Firewall TLS inspection configuration. Network
+    # Firewall uses TLS inspection configurations to decrypt your
+    # firewall's inbound and outbound SSL/TLS traffic. After decryption,
+    # Network Firewall inspects the traffic according to your firewall
+    # policy's stateful rules, and then re-encrypts it before sending it to
+    # its destination. You can enable inspection of your firewall's inbound
+    # traffic, outbound traffic, or both. To use TLS inspection with your
+    # firewall, you must first import or provision certificates using ACM,
+    # create a TLS inspection configuration, add that configuration to a new
+    # firewall policy, and then associate that policy with your firewall.
     #
     # To update the settings for a TLS inspection configuration, use
     # UpdateTLSInspectionConfiguration.
@@ -1794,7 +1805,7 @@ module Aws::NetworkFirewall
     #
     #   resp.firewall_arn #=> String
     #   resp.logging_configuration.log_destination_configs #=> Array
-    #   resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW"
+    #   resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW", "TLS"
     #   resp.logging_configuration.log_destination_configs[0].log_destination_type #=> String, one of "S3", "CloudWatchLogs", "KinesisDataFirehose"
     #   resp.logging_configuration.log_destination_configs[0].log_destination #=> Hash
     #   resp.logging_configuration.log_destination_configs[0].log_destination["HashMapKey"] #=> String
@@ -3103,7 +3114,7 @@ module Aws::NetworkFirewall
     #     logging_configuration: {
     #       log_destination_configs: [ # required
     #         {
-    #           log_type: "ALERT", # required, accepts ALERT, FLOW
+    #           log_type: "ALERT", # required, accepts ALERT, FLOW, TLS
     #           log_destination_type: "S3", # required, accepts S3, CloudWatchLogs, KinesisDataFirehose
     #           log_destination: { # required
     #             "HashMapKey" => "HashMapValue",
@@ -3118,7 +3129,7 @@ module Aws::NetworkFirewall
     #   resp.firewall_arn #=> String
     #   resp.firewall_name #=> String
     #   resp.logging_configuration.log_destination_configs #=> Array
-    #   resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW"
+    #   resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW", "TLS"
     #   resp.logging_configuration.log_destination_configs[0].log_destination_type #=> String, one of "S3", "CloudWatchLogs", "KinesisDataFirehose"
     #   resp.logging_configuration.log_destination_configs[0].log_destination #=> Hash
     #   resp.logging_configuration.log_destination_configs[0].log_destination["HashMapKey"] #=> String
@@ -3640,7 +3651,7 @@ module Aws::NetworkFirewall
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-networkfirewall'
-      context[:gem_version] = '1.46.0'
+      context[:gem_version] = '1.48.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-networkfirewall/types.rb

@@ -2696,25 +2696,40 @@ module Aws::NetworkFirewall
 
     # Defines where Network Firewall sends logs for the firewall for one log
     # type. This is used in LoggingConfiguration. You can send each type of
-    # log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data
-    # Firehose delivery stream.
+    # log to an Amazon S3 bucket, a CloudWatch log group, or a Firehose
+    # delivery stream.
     #
     # Network Firewall generates logs for stateful rule groups. You can save
-    # alert and flow log types. The stateful rules engine records flow logs
-    # for all network traffic that it receives. It records alert logs for
-    # traffic that matches stateful rules that have the rule action set to
-    # `DROP` or `ALERT`.
+    # alert, flow, and TLS log types.
     #
     # @!attribute [rw] log_type
-    #   The type of log to send. Alert logs report traffic that matches a
-    #   StatefulRule with an action setting that sends an alert log message.
-    #   Flow logs are standard network traffic flow logs.
+    #   The type of log to record. You can record the following types of
+    #   logs from your Network Firewall stateful engine.
+    #
+    #   * `ALERT` - Logs for traffic that matches your stateful rules and
+    #     that have an action that sends an alert. A stateful rule sends
+    #     alerts for the rule actions DROP, ALERT, and REJECT. For more
+    #     information, see StatefulRule.
+    #
+    #   * `FLOW` - Standard network traffic flow logs. The stateful rules
+    #     engine records flow logs for all network traffic that it receives.
+    #     Each flow log record captures the network flow for a specific
+    #     standard stateless rule group.
+    #
+    #   * `TLS` - Logs for events that are related to TLS inspection. For
+    #     more information, see [Inspecting SSL/TLS traffic with TLS
+    #     inspection configurations][1] in the *Network Firewall Developer
+    #     Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-configurations.html
     #   @return [String]
     #
     # @!attribute [rw] log_destination_type
     #   The type of storage destination to send these logs to. You can send
-    #   logs to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis
-    #   Data Firehose delivery stream.
+    #   logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose
+    #   delivery stream.
     #   @return [String]
     #
     # @!attribute [rw] log_destination
@@ -2723,6 +2738,7 @@ module Aws::NetworkFirewall
     #
     #   * For an Amazon S3 bucket, provide the name of the bucket, with key
     #     `bucketName`, and optionally provide a prefix, with key `prefix`.
+    #
     #     The following example specifies an Amazon S3 bucket named
     #     `DOC-EXAMPLE-BUCKET` and the prefix `alerts`:
     #
@@ -2735,9 +2751,9 @@ module Aws::NetworkFirewall
     #
     #     `"LogDestination": \{ "logGroup": "alert-log-group" \}`
     #
-    #   * For a Kinesis Data Firehose delivery stream, provide the name of
-    #     the delivery stream, with key `deliveryStream`. The following
-    #     example specifies a delivery stream named `alert-delivery-stream`:
+    #   * For a Firehose delivery stream, provide the name of the delivery
+    #     stream, with key `deliveryStream`. The following example specifies
+    #     a delivery stream named `alert-delivery-stream`:
     #
     #     `"LogDestination": \{ "deliveryStream": "alert-delivery-stream"
     #     \}`
@@ -3711,6 +3727,13 @@ module Aws::NetworkFirewall
     #     drop traffic. You can enable the rule with `ALERT` action, verify
     #     in the logs that the rule is filtering as you want, then change
     #     the action to `DROP`.
+    #
+    #   * **REJECT** - Drops traffic that matches the conditions of the
+    #     stateful rule, and sends a TCP reset packet back to sender of the
+    #     packet. A TCP reset packet is a packet with no payload and an RST
+    #     bit contained in the TCP header flags. REJECT is available only
+    #     for TCP traffic. This option doesn't support FTP or IMAP
+    #     protocols.
     #   @return [String]
     #
     # @!attribute [rw] header

data/lib/aws-sdk-networkfirewall.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
 # @!group service
 module Aws::NetworkFirewall
 
-  GEM_VERSION = '1.46.0'
+  GEM_VERSION = '1.48.0'
 
 end

data/sig/client.rbs

@@ -48,6 +48,7 @@ module Aws
                       ?sdk_ua_app_id: String,
                       ?secret_access_key: String,
                       ?session_token: String,
+                      ?sigv4a_signing_region_set: Array[String],
                       ?simple_json: bool,
                       ?stub_responses: untyped,
                       ?token_provider: untyped,
@@ -814,7 +815,7 @@ module Aws
                                           ?logging_configuration: {
                                             log_destination_configs: Array[
                                               {
-                                                log_type: ("ALERT" | "FLOW"),
+                                                log_type: ("ALERT" | "FLOW" | "TLS"),
                                                 log_destination_type: ("S3" | "CloudWatchLogs" | "KinesisDataFirehose"),
                                                 log_destination: Hash[::String, ::String]
                                               },

data/sig/resource.rbs

@@ -48,6 +48,7 @@ module Aws
                         ?sdk_ua_app_id: String,
                         ?secret_access_key: String,
                         ?session_token: String,
+                        ?sigv4a_signing_region_set: Array[String],
                         ?simple_json: bool,
                         ?stub_responses: untyped,
                         ?token_provider: untyped,

data/sig/types.rbs

@@ -526,7 +526,7 @@ module Aws::NetworkFirewall
     end
 
     class LogDestinationConfig
-      attr_accessor log_type: ("ALERT" | "FLOW")
+      attr_accessor log_type: ("ALERT" | "FLOW" | "TLS")
       attr_accessor log_destination_type: ("S3" | "CloudWatchLogs" | "KinesisDataFirehose")
       attr_accessor log_destination: ::Hash[::String, ::String]
       SENSITIVE: []

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-networkfirewall
 version: !ruby/object:Gem::Version
-  version: 1.46.0
+  version: 1.48.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-28 00:00:00.000000000 Z
+date: 2024-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.199.0
+        version: 3.201.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,21 +29,21 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.199.0
+        version: 3.201.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.5'
 description: Official AWS Ruby gem for AWS Network Firewall (Network Firewall). This
   gem is part of the AWS SDK for Ruby.
 email: