aws-sdk-networkfirewall 1.47.0 → 1.49.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 236b86fb0f93cb63f18398e433a38ec1d696434ff30f26490e68276c62658fe8
4
- data.tar.gz: 48f41534081ff18382d44d26584bc0c772d7a12c93d040134fa41d405683386e
3
+ metadata.gz: dbbc6cefc3d6a78113372c5089303d2bdb79cc24d76647dfeabe514d9a4f9d01
4
+ data.tar.gz: 43db7087aa55578be2b5f29ee646eb32ad6bab6a1fcdab856df662a828bfd4b7
5
5
  SHA512:
6
- metadata.gz: 3012332b9a546ca2c383cb0225ea909eed738b3eb78c181653bb08867a4f8e3825f58d819c3d2f2d493227b54fb1aa3977478db5f0940db9b7b1da3bd083f1a5
7
- data.tar.gz: 2733810f4290b0b57e6abf51cf323194501ff38e17ea1341d28d484abf0cdcc0aa79a4ed55ae31bea52c06a54e5fd3a14f0e870733d0e0209916934d73129ad9
6
+ metadata.gz: 4bc15678cc261144e1b81cc98e1cc39a50787351059e4dd97d151059e01e8edaeba14497ab3fbe3320aed1347d482f633b9db169af1a9de013dd41b3308158cf
7
+ data.tar.gz: '08e782f5867dc238c37d4f5c3b6e773476e400dd94849e26837c8afd37c4e9a244e830ac8a3e142445bece30da2948e9849144c6d2015261d3d87d3bdd6459ba'
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.49.0 (2024-09-03)
5
+ ------------------
6
+
7
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
8
+
9
+ 1.48.0 (2024-07-25)
10
+ ------------------
11
+
12
+ * Feature - You can now log events that are related to TLS inspection, in addition to the existing alert and flow logging.
13
+
4
14
  1.47.0 (2024-07-02)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.47.0
1
+ 1.49.0
@@ -32,6 +32,7 @@ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
32
32
  require 'aws-sdk-core/plugins/request_compression.rb'
33
33
  require 'aws-sdk-core/plugins/defaults_mode.rb'
34
34
  require 'aws-sdk-core/plugins/recursion_detection.rb'
35
+ require 'aws-sdk-core/plugins/telemetry.rb'
35
36
  require 'aws-sdk-core/plugins/sign.rb'
36
37
  require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
37
38
 
@@ -83,6 +84,7 @@ module Aws::NetworkFirewall
83
84
  add_plugin(Aws::Plugins::RequestCompression)
84
85
  add_plugin(Aws::Plugins::DefaultsMode)
85
86
  add_plugin(Aws::Plugins::RecursionDetection)
87
+ add_plugin(Aws::Plugins::Telemetry)
86
88
  add_plugin(Aws::Plugins::Sign)
87
89
  add_plugin(Aws::Plugins::Protocols::JsonRpc)
88
90
  add_plugin(Aws::NetworkFirewall::Plugins::Endpoints)
@@ -337,6 +339,16 @@ module Aws::NetworkFirewall
337
339
  # ** Please note ** When response stubbing is enabled, no HTTP
338
340
  # requests are made, and retries are disabled.
339
341
  #
342
+ # @option options [Aws::Telemetry::TelemetryProviderBase] :telemetry_provider (Aws::Telemetry::NoOpTelemetryProvider)
343
+ # Allows you to provide a telemetry provider, which is used to
344
+ # emit telemetry data. By default, uses `NoOpTelemetryProvider` which
345
+ # will not record or emit any telemetry data. The SDK supports the
346
+ # following telemetry providers:
347
+ #
348
+ # * OpenTelemetry (OTel) - To use the OTel provider, install and require the
349
+ # `opentelemetry-sdk` gem and then, pass in an instance of a
350
+ # `Aws::Telemetry::OTelProvider` for telemetry provider.
351
+ #
340
352
  # @option options [Aws::TokenProvider] :token_provider
341
353
  # A Bearer Token Provider. This can be an instance of any one of the
342
354
  # following classes:
@@ -1169,14 +1181,16 @@ module Aws::NetworkFirewall
1169
1181
  req.send_request(options)
1170
1182
  end
1171
1183
 
1172
- # Creates an Network Firewall TLS inspection configuration. A TLS
1173
- # inspection configuration contains Certificate Manager certificate
1174
- # associations between and the scope configurations that Network
1175
- # Firewall uses to decrypt and re-encrypt traffic traveling through your
1176
- # firewall.
1177
- #
1178
- # After you create a TLS inspection configuration, you can associate it
1179
- # with a new firewall policy.
1184
+ # Creates an Network Firewall TLS inspection configuration. Network
1185
+ # Firewall uses TLS inspection configurations to decrypt your
1186
+ # firewall's inbound and outbound SSL/TLS traffic. After decryption,
1187
+ # Network Firewall inspects the traffic according to your firewall
1188
+ # policy's stateful rules, and then re-encrypts it before sending it to
1189
+ # its destination. You can enable inspection of your firewall's inbound
1190
+ # traffic, outbound traffic, or both. To use TLS inspection with your
1191
+ # firewall, you must first import or provision certificates using ACM,
1192
+ # create a TLS inspection configuration, add that configuration to a new
1193
+ # firewall policy, and then associate that policy with your firewall.
1180
1194
  #
1181
1195
  # To update the settings for a TLS inspection configuration, use
1182
1196
  # UpdateTLSInspectionConfiguration.
@@ -1803,7 +1817,7 @@ module Aws::NetworkFirewall
1803
1817
  #
1804
1818
  # resp.firewall_arn #=> String
1805
1819
  # resp.logging_configuration.log_destination_configs #=> Array
1806
- # resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW"
1820
+ # resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW", "TLS"
1807
1821
  # resp.logging_configuration.log_destination_configs[0].log_destination_type #=> String, one of "S3", "CloudWatchLogs", "KinesisDataFirehose"
1808
1822
  # resp.logging_configuration.log_destination_configs[0].log_destination #=> Hash
1809
1823
  # resp.logging_configuration.log_destination_configs[0].log_destination["HashMapKey"] #=> String
@@ -3112,7 +3126,7 @@ module Aws::NetworkFirewall
3112
3126
  # logging_configuration: {
3113
3127
  # log_destination_configs: [ # required
3114
3128
  # {
3115
- # log_type: "ALERT", # required, accepts ALERT, FLOW
3129
+ # log_type: "ALERT", # required, accepts ALERT, FLOW, TLS
3116
3130
  # log_destination_type: "S3", # required, accepts S3, CloudWatchLogs, KinesisDataFirehose
3117
3131
  # log_destination: { # required
3118
3132
  # "HashMapKey" => "HashMapValue",
@@ -3127,7 +3141,7 @@ module Aws::NetworkFirewall
3127
3141
  # resp.firewall_arn #=> String
3128
3142
  # resp.firewall_name #=> String
3129
3143
  # resp.logging_configuration.log_destination_configs #=> Array
3130
- # resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW"
3144
+ # resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW", "TLS"
3131
3145
  # resp.logging_configuration.log_destination_configs[0].log_destination_type #=> String, one of "S3", "CloudWatchLogs", "KinesisDataFirehose"
3132
3146
  # resp.logging_configuration.log_destination_configs[0].log_destination #=> Hash
3133
3147
  # resp.logging_configuration.log_destination_configs[0].log_destination["HashMapKey"] #=> String
@@ -3642,14 +3656,19 @@ module Aws::NetworkFirewall
3642
3656
  # @api private
3643
3657
  def build_request(operation_name, params = {})
3644
3658
  handlers = @handlers.for(operation_name)
3659
+ tracer = config.telemetry_provider.tracer_provider.tracer(
3660
+ Aws::Telemetry.module_to_tracer_name('Aws::NetworkFirewall')
3661
+ )
3645
3662
  context = Seahorse::Client::RequestContext.new(
3646
3663
  operation_name: operation_name,
3647
3664
  operation: config.api.operation(operation_name),
3648
3665
  client: self,
3649
3666
  params: params,
3650
- config: config)
3667
+ config: config,
3668
+ tracer: tracer
3669
+ )
3651
3670
  context[:gem_name] = 'aws-sdk-networkfirewall'
3652
- context[:gem_version] = '1.47.0'
3671
+ context[:gem_version] = '1.49.0'
3653
3672
  Seahorse::Client::Request.new(handlers, context)
3654
3673
  end
3655
3674
 
@@ -2696,25 +2696,40 @@ module Aws::NetworkFirewall
2696
2696
 
2697
2697
  # Defines where Network Firewall sends logs for the firewall for one log
2698
2698
  # type. This is used in LoggingConfiguration. You can send each type of
2699
- # log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data
2700
- # Firehose delivery stream.
2699
+ # log to an Amazon S3 bucket, a CloudWatch log group, or a Firehose
2700
+ # delivery stream.
2701
2701
  #
2702
2702
  # Network Firewall generates logs for stateful rule groups. You can save
2703
- # alert and flow log types. The stateful rules engine records flow logs
2704
- # for all network traffic that it receives. It records alert logs for
2705
- # traffic that matches stateful rules that have the rule action set to
2706
- # `DROP` or `ALERT`.
2703
+ # alert, flow, and TLS log types.
2707
2704
  #
2708
2705
  # @!attribute [rw] log_type
2709
- # The type of log to send. Alert logs report traffic that matches a
2710
- # StatefulRule with an action setting that sends an alert log message.
2711
- # Flow logs are standard network traffic flow logs.
2706
+ # The type of log to record. You can record the following types of
2707
+ # logs from your Network Firewall stateful engine.
2708
+ #
2709
+ # * `ALERT` - Logs for traffic that matches your stateful rules and
2710
+ # that have an action that sends an alert. A stateful rule sends
2711
+ # alerts for the rule actions DROP, ALERT, and REJECT. For more
2712
+ # information, see StatefulRule.
2713
+ #
2714
+ # * `FLOW` - Standard network traffic flow logs. The stateful rules
2715
+ # engine records flow logs for all network traffic that it receives.
2716
+ # Each flow log record captures the network flow for a specific
2717
+ # standard stateless rule group.
2718
+ #
2719
+ # * `TLS` - Logs for events that are related to TLS inspection. For
2720
+ # more information, see [Inspecting SSL/TLS traffic with TLS
2721
+ # inspection configurations][1] in the *Network Firewall Developer
2722
+ # Guide*.
2723
+ #
2724
+ #
2725
+ #
2726
+ # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-configurations.html
2712
2727
  # @return [String]
2713
2728
  #
2714
2729
  # @!attribute [rw] log_destination_type
2715
2730
  # The type of storage destination to send these logs to. You can send
2716
- # logs to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis
2717
- # Data Firehose delivery stream.
2731
+ # logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose
2732
+ # delivery stream.
2718
2733
  # @return [String]
2719
2734
  #
2720
2735
  # @!attribute [rw] log_destination
@@ -2723,6 +2738,7 @@ module Aws::NetworkFirewall
2723
2738
  #
2724
2739
  # * For an Amazon S3 bucket, provide the name of the bucket, with key
2725
2740
  # `bucketName`, and optionally provide a prefix, with key `prefix`.
2741
+ #
2726
2742
  # The following example specifies an Amazon S3 bucket named
2727
2743
  # `DOC-EXAMPLE-BUCKET` and the prefix `alerts`:
2728
2744
  #
@@ -2735,9 +2751,9 @@ module Aws::NetworkFirewall
2735
2751
  #
2736
2752
  # `"LogDestination": \{ "logGroup": "alert-log-group" \}`
2737
2753
  #
2738
- # * For a Kinesis Data Firehose delivery stream, provide the name of
2739
- # the delivery stream, with key `deliveryStream`. The following
2740
- # example specifies a delivery stream named `alert-delivery-stream`:
2754
+ # * For a Firehose delivery stream, provide the name of the delivery
2755
+ # stream, with key `deliveryStream`. The following example specifies
2756
+ # a delivery stream named `alert-delivery-stream`:
2741
2757
  #
2742
2758
  # `"LogDestination": \{ "deliveryStream": "alert-delivery-stream"
2743
2759
  # \}`
@@ -3711,6 +3727,13 @@ module Aws::NetworkFirewall
3711
3727
  # drop traffic. You can enable the rule with `ALERT` action, verify
3712
3728
  # in the logs that the rule is filtering as you want, then change
3713
3729
  # the action to `DROP`.
3730
+ #
3731
+ # * **REJECT** - Drops traffic that matches the conditions of the
3732
+ # stateful rule, and sends a TCP reset packet back to sender of the
3733
+ # packet. A TCP reset packet is a packet with no payload and an RST
3734
+ # bit contained in the TCP header flags. REJECT is available only
3735
+ # for TCP traffic. This option doesn't support FTP or IMAP
3736
+ # protocols.
3714
3737
  # @return [String]
3715
3738
  #
3716
3739
  # @!attribute [rw] header
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
52
52
  # @!group service
53
53
  module Aws::NetworkFirewall
54
54
 
55
- GEM_VERSION = '1.47.0'
55
+ GEM_VERSION = '1.49.0'
56
56
 
57
57
  end
data/sig/client.rbs CHANGED
@@ -51,6 +51,7 @@ module Aws
51
51
  ?sigv4a_signing_region_set: Array[String],
52
52
  ?simple_json: bool,
53
53
  ?stub_responses: untyped,
54
+ ?telemetry_provider: Aws::Telemetry::TelemetryProviderBase,
54
55
  ?token_provider: untyped,
55
56
  ?use_dualstack_endpoint: bool,
56
57
  ?use_fips_endpoint: bool,
@@ -815,7 +816,7 @@ module Aws
815
816
  ?logging_configuration: {
816
817
  log_destination_configs: Array[
817
818
  {
818
- log_type: ("ALERT" | "FLOW"),
819
+ log_type: ("ALERT" | "FLOW" | "TLS"),
819
820
  log_destination_type: ("S3" | "CloudWatchLogs" | "KinesisDataFirehose"),
820
821
  log_destination: Hash[::String, ::String]
821
822
  },
data/sig/resource.rbs CHANGED
@@ -51,6 +51,7 @@ module Aws
51
51
  ?sigv4a_signing_region_set: Array[String],
52
52
  ?simple_json: bool,
53
53
  ?stub_responses: untyped,
54
+ ?telemetry_provider: Aws::Telemetry::TelemetryProviderBase,
54
55
  ?token_provider: untyped,
55
56
  ?use_dualstack_endpoint: bool,
56
57
  ?use_fips_endpoint: bool,
data/sig/types.rbs CHANGED
@@ -526,7 +526,7 @@ module Aws::NetworkFirewall
526
526
  end
527
527
 
528
528
  class LogDestinationConfig
529
- attr_accessor log_type: ("ALERT" | "FLOW")
529
+ attr_accessor log_type: ("ALERT" | "FLOW" | "TLS")
530
530
  attr_accessor log_destination_type: ("S3" | "CloudWatchLogs" | "KinesisDataFirehose")
531
531
  attr_accessor log_destination: ::Hash[::String, ::String]
532
532
  SENSITIVE: []
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-networkfirewall
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.47.0
4
+ version: 1.49.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-02 00:00:00.000000000 Z
11
+ date: 2024-09-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '3'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
- version: 3.201.0
22
+ version: 3.203.0
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: '3'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
- version: 3.201.0
32
+ version: 3.203.0
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: aws-sigv4
35
35
  requirement: !ruby/object:Gem::Requirement