aws-sdk-networkfirewall 1.47.0 → 1.49.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-networkfirewall/client.rb +32 -13
- data/lib/aws-sdk-networkfirewall/types.rb +37 -14
- data/lib/aws-sdk-networkfirewall.rb +1 -1
- data/sig/client.rbs +2 -1
- data/sig/resource.rbs +1 -0
- data/sig/types.rbs +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dbbc6cefc3d6a78113372c5089303d2bdb79cc24d76647dfeabe514d9a4f9d01
|
4
|
+
data.tar.gz: 43db7087aa55578be2b5f29ee646eb32ad6bab6a1fcdab856df662a828bfd4b7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4bc15678cc261144e1b81cc98e1cc39a50787351059e4dd97d151059e01e8edaeba14497ab3fbe3320aed1347d482f633b9db169af1a9de013dd41b3308158cf
|
7
|
+
data.tar.gz: '08e782f5867dc238c37d4f5c3b6e773476e400dd94849e26837c8afd37c4e9a244e830ac8a3e142445bece30da2948e9849144c6d2015261d3d87d3bdd6459ba'
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,16 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.49.0 (2024-09-03)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
8
|
+
|
9
|
+
1.48.0 (2024-07-25)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - You can now log events that are related to TLS inspection, in addition to the existing alert and flow logging.
|
13
|
+
|
4
14
|
1.47.0 (2024-07-02)
|
5
15
|
------------------
|
6
16
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.49.0
|
@@ -32,6 +32,7 @@ require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
|
32
32
|
require 'aws-sdk-core/plugins/request_compression.rb'
|
33
33
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
34
34
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
35
|
+
require 'aws-sdk-core/plugins/telemetry.rb'
|
35
36
|
require 'aws-sdk-core/plugins/sign.rb'
|
36
37
|
require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
|
37
38
|
|
@@ -83,6 +84,7 @@ module Aws::NetworkFirewall
|
|
83
84
|
add_plugin(Aws::Plugins::RequestCompression)
|
84
85
|
add_plugin(Aws::Plugins::DefaultsMode)
|
85
86
|
add_plugin(Aws::Plugins::RecursionDetection)
|
87
|
+
add_plugin(Aws::Plugins::Telemetry)
|
86
88
|
add_plugin(Aws::Plugins::Sign)
|
87
89
|
add_plugin(Aws::Plugins::Protocols::JsonRpc)
|
88
90
|
add_plugin(Aws::NetworkFirewall::Plugins::Endpoints)
|
@@ -337,6 +339,16 @@ module Aws::NetworkFirewall
|
|
337
339
|
# ** Please note ** When response stubbing is enabled, no HTTP
|
338
340
|
# requests are made, and retries are disabled.
|
339
341
|
#
|
342
|
+
# @option options [Aws::Telemetry::TelemetryProviderBase] :telemetry_provider (Aws::Telemetry::NoOpTelemetryProvider)
|
343
|
+
# Allows you to provide a telemetry provider, which is used to
|
344
|
+
# emit telemetry data. By default, uses `NoOpTelemetryProvider` which
|
345
|
+
# will not record or emit any telemetry data. The SDK supports the
|
346
|
+
# following telemetry providers:
|
347
|
+
#
|
348
|
+
# * OpenTelemetry (OTel) - To use the OTel provider, install and require the
|
349
|
+
# `opentelemetry-sdk` gem and then, pass in an instance of a
|
350
|
+
# `Aws::Telemetry::OTelProvider` for telemetry provider.
|
351
|
+
#
|
340
352
|
# @option options [Aws::TokenProvider] :token_provider
|
341
353
|
# A Bearer Token Provider. This can be an instance of any one of the
|
342
354
|
# following classes:
|
@@ -1169,14 +1181,16 @@ module Aws::NetworkFirewall
|
|
1169
1181
|
req.send_request(options)
|
1170
1182
|
end
|
1171
1183
|
|
1172
|
-
# Creates an Network Firewall TLS inspection configuration.
|
1173
|
-
# inspection
|
1174
|
-
#
|
1175
|
-
# Firewall
|
1176
|
-
#
|
1177
|
-
#
|
1178
|
-
#
|
1179
|
-
#
|
1184
|
+
# Creates an Network Firewall TLS inspection configuration. Network
|
1185
|
+
# Firewall uses TLS inspection configurations to decrypt your
|
1186
|
+
# firewall's inbound and outbound SSL/TLS traffic. After decryption,
|
1187
|
+
# Network Firewall inspects the traffic according to your firewall
|
1188
|
+
# policy's stateful rules, and then re-encrypts it before sending it to
|
1189
|
+
# its destination. You can enable inspection of your firewall's inbound
|
1190
|
+
# traffic, outbound traffic, or both. To use TLS inspection with your
|
1191
|
+
# firewall, you must first import or provision certificates using ACM,
|
1192
|
+
# create a TLS inspection configuration, add that configuration to a new
|
1193
|
+
# firewall policy, and then associate that policy with your firewall.
|
1180
1194
|
#
|
1181
1195
|
# To update the settings for a TLS inspection configuration, use
|
1182
1196
|
# UpdateTLSInspectionConfiguration.
|
@@ -1803,7 +1817,7 @@ module Aws::NetworkFirewall
|
|
1803
1817
|
#
|
1804
1818
|
# resp.firewall_arn #=> String
|
1805
1819
|
# resp.logging_configuration.log_destination_configs #=> Array
|
1806
|
-
# resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW"
|
1820
|
+
# resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW", "TLS"
|
1807
1821
|
# resp.logging_configuration.log_destination_configs[0].log_destination_type #=> String, one of "S3", "CloudWatchLogs", "KinesisDataFirehose"
|
1808
1822
|
# resp.logging_configuration.log_destination_configs[0].log_destination #=> Hash
|
1809
1823
|
# resp.logging_configuration.log_destination_configs[0].log_destination["HashMapKey"] #=> String
|
@@ -3112,7 +3126,7 @@ module Aws::NetworkFirewall
|
|
3112
3126
|
# logging_configuration: {
|
3113
3127
|
# log_destination_configs: [ # required
|
3114
3128
|
# {
|
3115
|
-
# log_type: "ALERT", # required, accepts ALERT, FLOW
|
3129
|
+
# log_type: "ALERT", # required, accepts ALERT, FLOW, TLS
|
3116
3130
|
# log_destination_type: "S3", # required, accepts S3, CloudWatchLogs, KinesisDataFirehose
|
3117
3131
|
# log_destination: { # required
|
3118
3132
|
# "HashMapKey" => "HashMapValue",
|
@@ -3127,7 +3141,7 @@ module Aws::NetworkFirewall
|
|
3127
3141
|
# resp.firewall_arn #=> String
|
3128
3142
|
# resp.firewall_name #=> String
|
3129
3143
|
# resp.logging_configuration.log_destination_configs #=> Array
|
3130
|
-
# resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW"
|
3144
|
+
# resp.logging_configuration.log_destination_configs[0].log_type #=> String, one of "ALERT", "FLOW", "TLS"
|
3131
3145
|
# resp.logging_configuration.log_destination_configs[0].log_destination_type #=> String, one of "S3", "CloudWatchLogs", "KinesisDataFirehose"
|
3132
3146
|
# resp.logging_configuration.log_destination_configs[0].log_destination #=> Hash
|
3133
3147
|
# resp.logging_configuration.log_destination_configs[0].log_destination["HashMapKey"] #=> String
|
@@ -3642,14 +3656,19 @@ module Aws::NetworkFirewall
|
|
3642
3656
|
# @api private
|
3643
3657
|
def build_request(operation_name, params = {})
|
3644
3658
|
handlers = @handlers.for(operation_name)
|
3659
|
+
tracer = config.telemetry_provider.tracer_provider.tracer(
|
3660
|
+
Aws::Telemetry.module_to_tracer_name('Aws::NetworkFirewall')
|
3661
|
+
)
|
3645
3662
|
context = Seahorse::Client::RequestContext.new(
|
3646
3663
|
operation_name: operation_name,
|
3647
3664
|
operation: config.api.operation(operation_name),
|
3648
3665
|
client: self,
|
3649
3666
|
params: params,
|
3650
|
-
config: config
|
3667
|
+
config: config,
|
3668
|
+
tracer: tracer
|
3669
|
+
)
|
3651
3670
|
context[:gem_name] = 'aws-sdk-networkfirewall'
|
3652
|
-
context[:gem_version] = '1.
|
3671
|
+
context[:gem_version] = '1.49.0'
|
3653
3672
|
Seahorse::Client::Request.new(handlers, context)
|
3654
3673
|
end
|
3655
3674
|
|
@@ -2696,25 +2696,40 @@ module Aws::NetworkFirewall
|
|
2696
2696
|
|
2697
2697
|
# Defines where Network Firewall sends logs for the firewall for one log
|
2698
2698
|
# type. This is used in LoggingConfiguration. You can send each type of
|
2699
|
-
# log to an Amazon S3 bucket, a CloudWatch log group, or a
|
2700
|
-
#
|
2699
|
+
# log to an Amazon S3 bucket, a CloudWatch log group, or a Firehose
|
2700
|
+
# delivery stream.
|
2701
2701
|
#
|
2702
2702
|
# Network Firewall generates logs for stateful rule groups. You can save
|
2703
|
-
# alert and
|
2704
|
-
# for all network traffic that it receives. It records alert logs for
|
2705
|
-
# traffic that matches stateful rules that have the rule action set to
|
2706
|
-
# `DROP` or `ALERT`.
|
2703
|
+
# alert, flow, and TLS log types.
|
2707
2704
|
#
|
2708
2705
|
# @!attribute [rw] log_type
|
2709
|
-
# The type of log to
|
2710
|
-
#
|
2711
|
-
#
|
2706
|
+
# The type of log to record. You can record the following types of
|
2707
|
+
# logs from your Network Firewall stateful engine.
|
2708
|
+
#
|
2709
|
+
# * `ALERT` - Logs for traffic that matches your stateful rules and
|
2710
|
+
# that have an action that sends an alert. A stateful rule sends
|
2711
|
+
# alerts for the rule actions DROP, ALERT, and REJECT. For more
|
2712
|
+
# information, see StatefulRule.
|
2713
|
+
#
|
2714
|
+
# * `FLOW` - Standard network traffic flow logs. The stateful rules
|
2715
|
+
# engine records flow logs for all network traffic that it receives.
|
2716
|
+
# Each flow log record captures the network flow for a specific
|
2717
|
+
# standard stateless rule group.
|
2718
|
+
#
|
2719
|
+
# * `TLS` - Logs for events that are related to TLS inspection. For
|
2720
|
+
# more information, see [Inspecting SSL/TLS traffic with TLS
|
2721
|
+
# inspection configurations][1] in the *Network Firewall Developer
|
2722
|
+
# Guide*.
|
2723
|
+
#
|
2724
|
+
#
|
2725
|
+
#
|
2726
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-configurations.html
|
2712
2727
|
# @return [String]
|
2713
2728
|
#
|
2714
2729
|
# @!attribute [rw] log_destination_type
|
2715
2730
|
# The type of storage destination to send these logs to. You can send
|
2716
|
-
# logs to an Amazon S3 bucket, a CloudWatch log group, or a
|
2717
|
-
#
|
2731
|
+
# logs to an Amazon S3 bucket, a CloudWatch log group, or a Firehose
|
2732
|
+
# delivery stream.
|
2718
2733
|
# @return [String]
|
2719
2734
|
#
|
2720
2735
|
# @!attribute [rw] log_destination
|
@@ -2723,6 +2738,7 @@ module Aws::NetworkFirewall
|
|
2723
2738
|
#
|
2724
2739
|
# * For an Amazon S3 bucket, provide the name of the bucket, with key
|
2725
2740
|
# `bucketName`, and optionally provide a prefix, with key `prefix`.
|
2741
|
+
#
|
2726
2742
|
# The following example specifies an Amazon S3 bucket named
|
2727
2743
|
# `DOC-EXAMPLE-BUCKET` and the prefix `alerts`:
|
2728
2744
|
#
|
@@ -2735,9 +2751,9 @@ module Aws::NetworkFirewall
|
|
2735
2751
|
#
|
2736
2752
|
# `"LogDestination": \{ "logGroup": "alert-log-group" \}`
|
2737
2753
|
#
|
2738
|
-
# * For a
|
2739
|
-
#
|
2740
|
-
#
|
2754
|
+
# * For a Firehose delivery stream, provide the name of the delivery
|
2755
|
+
# stream, with key `deliveryStream`. The following example specifies
|
2756
|
+
# a delivery stream named `alert-delivery-stream`:
|
2741
2757
|
#
|
2742
2758
|
# `"LogDestination": \{ "deliveryStream": "alert-delivery-stream"
|
2743
2759
|
# \}`
|
@@ -3711,6 +3727,13 @@ module Aws::NetworkFirewall
|
|
3711
3727
|
# drop traffic. You can enable the rule with `ALERT` action, verify
|
3712
3728
|
# in the logs that the rule is filtering as you want, then change
|
3713
3729
|
# the action to `DROP`.
|
3730
|
+
#
|
3731
|
+
# * **REJECT** - Drops traffic that matches the conditions of the
|
3732
|
+
# stateful rule, and sends a TCP reset packet back to sender of the
|
3733
|
+
# packet. A TCP reset packet is a packet with no payload and an RST
|
3734
|
+
# bit contained in the TCP header flags. REJECT is available only
|
3735
|
+
# for TCP traffic. This option doesn't support FTP or IMAP
|
3736
|
+
# protocols.
|
3714
3737
|
# @return [String]
|
3715
3738
|
#
|
3716
3739
|
# @!attribute [rw] header
|
data/sig/client.rbs
CHANGED
@@ -51,6 +51,7 @@ module Aws
|
|
51
51
|
?sigv4a_signing_region_set: Array[String],
|
52
52
|
?simple_json: bool,
|
53
53
|
?stub_responses: untyped,
|
54
|
+
?telemetry_provider: Aws::Telemetry::TelemetryProviderBase,
|
54
55
|
?token_provider: untyped,
|
55
56
|
?use_dualstack_endpoint: bool,
|
56
57
|
?use_fips_endpoint: bool,
|
@@ -815,7 +816,7 @@ module Aws
|
|
815
816
|
?logging_configuration: {
|
816
817
|
log_destination_configs: Array[
|
817
818
|
{
|
818
|
-
log_type: ("ALERT" | "FLOW"),
|
819
|
+
log_type: ("ALERT" | "FLOW" | "TLS"),
|
819
820
|
log_destination_type: ("S3" | "CloudWatchLogs" | "KinesisDataFirehose"),
|
820
821
|
log_destination: Hash[::String, ::String]
|
821
822
|
},
|
data/sig/resource.rbs
CHANGED
@@ -51,6 +51,7 @@ module Aws
|
|
51
51
|
?sigv4a_signing_region_set: Array[String],
|
52
52
|
?simple_json: bool,
|
53
53
|
?stub_responses: untyped,
|
54
|
+
?telemetry_provider: Aws::Telemetry::TelemetryProviderBase,
|
54
55
|
?token_provider: untyped,
|
55
56
|
?use_dualstack_endpoint: bool,
|
56
57
|
?use_fips_endpoint: bool,
|
data/sig/types.rbs
CHANGED
@@ -526,7 +526,7 @@ module Aws::NetworkFirewall
|
|
526
526
|
end
|
527
527
|
|
528
528
|
class LogDestinationConfig
|
529
|
-
attr_accessor log_type: ("ALERT" | "FLOW")
|
529
|
+
attr_accessor log_type: ("ALERT" | "FLOW" | "TLS")
|
530
530
|
attr_accessor log_destination_type: ("S3" | "CloudWatchLogs" | "KinesisDataFirehose")
|
531
531
|
attr_accessor log_destination: ::Hash[::String, ::String]
|
532
532
|
SENSITIVE: []
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-networkfirewall
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.49.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-09-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.203.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.203.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|