RubyGems - aws-sdk-networkfirewall - Versions diffs - 1.47.0 → 1.48.0 - Mend

aws-sdk-networkfirewall 1.47.0 → 1.48.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/VERSION +1 -1
data/lib/aws-sdk-networkfirewall/client.rb +14 -12
data/lib/aws-sdk-networkfirewall/types.rb +37 -14
data/lib/aws-sdk-networkfirewall.rb +1 -1
data/sig/client.rbs +1 -1
data/sig/types.rbs +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 236b86fb0f93cb63f18398e433a38ec1d696434ff30f26490e68276c62658fe8
-  data.tar.gz: 48f41534081ff18382d44d26584bc0c772d7a12c93d040134fa41d405683386e
+  metadata.gz: b546797808123a231ff6fff93bed1db903297ffc984182fb23059b35d8f38933
+  data.tar.gz: 1db2f3de8ec6245f72beae7082b3834841b90ea4ffd9dfe59982f5e909510b5e
 SHA512:
-  metadata.gz: 3012332b9a546ca2c383cb0225ea909eed738b3eb78c181653bb08867a4f8e3825f58d819c3d2f2d493227b54fb1aa3977478db5f0940db9b7b1da3bd083f1a5
-  data.tar.gz: 2733810f4290b0b57e6abf51cf323194501ff38e17ea1341d28d484abf0cdcc0aa79a4ed55ae31bea52c06a54e5fd3a14f0e870733d0e0209916934d73129ad9
+  metadata.gz: ef6611a4ffa9ba062aa5f9a4039567c00863abdf16ce68738eab60008ea3d3c49997db1e9c67b43306e7b2a531d03c8dfb41a45e002ace13f4406b0448711c1c
+  data.tar.gz: 421979f20e2e0c732c8a7fc2f2a78b3b3f7f5dd1e091662e71463fabf5ee2bb262eba7bb4cd60d89245a989585702527c5b11298117f121f8492d903d0a2779e

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
+1.48.0 (2024-07-25)
+------------------
+* Feature - You can now log events that are related to TLS inspection, in addition to the existing alert and flow logging.
 1.47.0 (2024-07-02)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.47.0
1	+ 1.48.0

data/lib/aws-sdk-networkfirewall/client.rb CHANGED Viewed

@@ -1169,14 +1169,16 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
-    # Creates an Network Firewall TLS inspection configuration. A TLS
-    # inspection configuration contains Certificate Manager certificate
-    # associations between and the scope configurations that Network
-    # Firewall uses to decrypt and re-encrypt traffic traveling through your
-    # firewall.
-    #
-    # After you create a TLS inspection configuration, you can associate it
-    # with a new firewall policy.
+    # Creates an Network Firewall TLS inspection configuration. Network
+    # Firewall uses TLS inspection configurations to decrypt your
+    # firewall's inbound and outbound SSL/TLS traffic. After decryption,
+    # Network Firewall inspects the traffic according to your firewall
+    # policy's stateful rules, and then re-encrypts it before sending it to
+    # its destination. You can enable inspection of your firewall's inbound
+    # traffic, outbound traffic, or both. To use TLS inspection with your
+    # firewall, you must first import or provision certificates using ACM,
+    # create a TLS inspection configuration, add that configuration to a new
+    # firewall policy, and then associate that policy with your firewall.
     #
     # To update the settings for a TLS inspection configuration, use
     # UpdateTLSInspectionConfiguration.
@@ -1803,7 +1805,7 @@ module Aws::NetworkFirewall
     #
     #   resp.firewall_arn #=> String
     #   resp.logging_configuration.log_destination_configs #=> Array
-    #   resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW"
+    #   resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW", "TLS"
     #   resp.logging_configuration.log_destination_configs[0].log_destination_type #=> String, one of "S3", "CloudWatchLogs", "KinesisDataFirehose"
     #   resp.logging_configuration.log_destination_configs[0].log_destination #=> Hash
     #   resp.logging_configuration.log_destination_configs[0].log_destination["HashMapKey"] #=> String
@@ -3112,7 +3114,7 @@ module Aws::NetworkFirewall
     #     logging_configuration: {
     #       log_destination_configs: [ # required
     #         {
-    #           log_type: "ALERT", # required, accepts ALERT, FLOW
+    #           log_type: "ALERT", # required, accepts ALERT, FLOW, TLS
     #           log_destination_type: "S3", # required, accepts S3, CloudWatchLogs, KinesisDataFirehose
     #           log_destination: { # required
     #             "HashMapKey" => "HashMapValue",
@@ -3127,7 +3129,7 @@ module Aws::NetworkFirewall
     #   resp.firewall_arn #=> String
     #   resp.firewall_name #=> String
     #   resp.logging_configuration.log_destination_configs #=> Array
-    #   resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW"
+    #   resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW", "TLS"
     #   resp.logging_configuration.log_destination_configs[0].log_destination_type #=> String, one of "S3", "CloudWatchLogs", "KinesisDataFirehose"
     #   resp.logging_configuration.log_destination_configs[0].log_destination #=> Hash
     #   resp.logging_configuration.log_destination_configs[0].log_destination["HashMapKey"] #=> String
@@ -3649,7 +3651,7 @@ module Aws::NetworkFirewall
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-networkfirewall'
-      context[:gem_version] = '1.47.0'
+      context[:gem_version] = '1.48.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-networkfirewall/types.rb CHANGED Viewed

@@ -2696,25 +2696,40 @@ module Aws::NetworkFirewall
     # Defines where Network Firewall sends logs for the firewall for one log
     # type. This is used in LoggingConfiguration. You can send each type of
-    # log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data
-    # Firehose delivery stream.
+    # log to an Amazon S3 bucket, a CloudWatch log group, or a Firehose
+    # delivery stream.
     #
     # Network Firewall generates logs for stateful rule groups. You can save
-    # alert and flow log types. The stateful rules engine records flow logs
-    # for all network traffic that it receives. It records alert logs for
-    # traffic that matches stateful rules that have the rule action set to
-    # `DROP` or `ALERT`.
+    # alert, flow, and TLS log types.
     #
     # @!attribute [rw] log_type
-    #   The type of log to send. Alert logs report traffic that matches a
-    #   StatefulRule with an action setting that sends an alert log message.
-    #   Flow logs are standard network traffic flow logs.
+    #   The type of log to record. You can record the following types of
+    #   logs from your Network Firewall stateful engine.
+    #
+    #   * `ALERT` - Logs for traffic that matches your stateful rules and
+    #     that have an action that sends an alert. A stateful rule sends
+    #     alerts for the rule actions DROP, ALERT, and REJECT. For more
+    #     information, see StatefulRule.
+    #
+    #   * `FLOW` - Standard network traffic flow logs. The stateful rules
+    #     engine records flow logs for all network traffic that it receives.
+    #     Each flow log record captures the network flow for a specific
+    #     standard stateless rule group.
+    #
+    #   * `TLS` - Logs for events that are related to TLS inspection. For
+    #     more information, see [Inspecting SSL/TLS traffic with TLS
+    #     inspection configurations][1] in the *Network Firewall Developer
+    #     Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-configurations.html
     #   @return [String]
     #
     # @!attribute [rw] log_destination_type
     #   The type of storage destination to send these logs to. You can send
-    #   logs to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis
-    #   Data Firehose delivery stream.
+    #   logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose
+    #   delivery stream.
     #   @return [String]
     #
     # @!attribute [rw] log_destination
@@ -2723,6 +2738,7 @@ module Aws::NetworkFirewall
     #
     #   * For an Amazon S3 bucket, provide the name of the bucket, with key
     #     `bucketName`, and optionally provide a prefix, with key `prefix`.
+    #
     #     The following example specifies an Amazon S3 bucket named
     #     `DOC-EXAMPLE-BUCKET` and the prefix `alerts`:
     #
@@ -2735,9 +2751,9 @@ module Aws::NetworkFirewall
     #
     #     `"LogDestination": \{ "logGroup": "alert-log-group" \}`
     #
-    #   * For a Kinesis Data Firehose delivery stream, provide the name of
-    #     the delivery stream, with key `deliveryStream`. The following
-    #     example specifies a delivery stream named `alert-delivery-stream`:
+    #   * For a Firehose delivery stream, provide the name of the delivery
+    #     stream, with key `deliveryStream`. The following example specifies
+    #     a delivery stream named `alert-delivery-stream`:
     #
     #     `"LogDestination": \{ "deliveryStream": "alert-delivery-stream"
     #     \}`
@@ -3711,6 +3727,13 @@ module Aws::NetworkFirewall
     #     drop traffic. You can enable the rule with `ALERT` action, verify
     #     in the logs that the rule is filtering as you want, then change
     #     the action to `DROP`.
+    #
+    #   * **REJECT** - Drops traffic that matches the conditions of the
+    #     stateful rule, and sends a TCP reset packet back to sender of the
+    #     packet. A TCP reset packet is a packet with no payload and an RST
+    #     bit contained in the TCP header flags. REJECT is available only
+    #     for TCP traffic. This option doesn't support FTP or IMAP
+    #     protocols.
     #   @return [String]
     #
     # @!attribute [rw] header

data/lib/aws-sdk-networkfirewall.rb CHANGED Viewed

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
 # @!group service
 module Aws::NetworkFirewall
-  GEM_VERSION = '1.47.0'
+  GEM_VERSION = '1.48.0'
 end

data/sig/client.rbs CHANGED Viewed

@@ -815,7 +815,7 @@ module Aws
                                           ?logging_configuration: {
                                             log_destination_configs: Array[
                                               {
-                                                log_type: ("ALERT" | "FLOW"),
+                                                log_type: ("ALERT" | "FLOW" | "TLS"),
                                                 log_destination_type: ("S3" | "CloudWatchLogs" | "KinesisDataFirehose"),
                                                 log_destination: Hash[::String, ::String]
                                               },

data/sig/types.rbs CHANGED Viewed

@@ -526,7 +526,7 @@ module Aws::NetworkFirewall
     end
     class LogDestinationConfig
-      attr_accessor log_type: ("ALERT" | "FLOW")
+      attr_accessor log_type: ("ALERT" | "FLOW" | "TLS")
       attr_accessor log_destination_type: ("S3" | "CloudWatchLogs" | "KinesisDataFirehose")
       attr_accessor log_destination: ::Hash[::String, ::String]
       SENSITIVE: []

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-networkfirewall
 version: !ruby/object:Gem::Version
-  version: 1.47.0
+  version: 1.48.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-07-02 00:00:00.000000000 Z
+date: 2024-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core