aws-sdk-networkfirewall 1.5.0 → 1.9.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6979b556714fa988df548a4cab699d696e6973d6d82688f34414489e5e4d230d
4
- data.tar.gz: 972f38fe34b4cd61de0aae1d9995ae65c61edc920743e3226fba90f0da3d5ad8
3
+ metadata.gz: 860a02054447f553368b182daf83b50ba650cdc13914e3ad94fd7864824a7c6d
4
+ data.tar.gz: 9fc65ff6595ee9816d7ecfbafc9b1d5755e0e17307660299620ca0864b4fe980
5
5
  SHA512:
6
- metadata.gz: 6be53a9cb6c6e071951c0d5ad0c489e1ad30c9f2b9f2f789493f03720ee79d46a13e67cc86dd96664d945d1f484392338772f899b9bfb675de710dc11f8d1077
7
- data.tar.gz: f18e61b3c80505ed01dc08fcbd0b7ea2dcaea538b2d38ccdb57efcb3a8e938425d90baf03734b4e7042c33fd8d247f1fca03a3dd174cfa503875905f1795c685
6
+ metadata.gz: db672804df64fef21dfeb886df3263e885594a41f9a385b03cb0059103b89671a1dc992708af0cb5c7930dc5890869b206c177a4f1b6f262f3849d58b1bb6f85
7
+ data.tar.gz: b988aad2ee18fc784f04f12587fa5e9b98b8fe6f2bf3cb7ea78dc2bd0470b95871be8a9dc65933030d87a73f00a701ddb301d346c39779f0ed0fd25501eb4d6e
data/CHANGELOG.md CHANGED
@@ -1,6 +1,26 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.9.0 (2021-10-18)
5
+ ------------------
6
+
7
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
8
+
9
+ 1.8.0 (2021-09-30)
10
+ ------------------
11
+
12
+ * Feature - This release adds support for strict ordering for stateful rule groups. Using strict ordering, stateful rules are evaluated in the exact order in which you provide them.
13
+
14
+ 1.7.0 (2021-09-01)
15
+ ------------------
16
+
17
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
18
+
19
+ 1.6.0 (2021-07-30)
20
+ ------------------
21
+
22
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
23
+
4
24
  1.5.0 (2021-07-28)
5
25
  ------------------
6
26
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.5.0
1
+ 1.9.0
@@ -692,8 +692,13 @@ module Aws::NetworkFirewall
692
692
  # stateful_rule_group_references: [
693
693
  # {
694
694
  # resource_arn: "ResourceArn", # required
695
+ # priority: 1,
695
696
  # },
696
697
  # ],
698
+ # stateful_default_actions: ["CollectionMember_String"],
699
+ # stateful_engine_options: {
700
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
701
+ # },
697
702
  # },
698
703
  # description: "Description",
699
704
  # tags: [
@@ -716,6 +721,9 @@ module Aws::NetworkFirewall
716
721
  # resp.firewall_policy_response.tags #=> Array
717
722
  # resp.firewall_policy_response.tags[0].key #=> String
718
723
  # resp.firewall_policy_response.tags[0].value #=> String
724
+ # resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
725
+ # resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
726
+ # resp.firewall_policy_response.number_of_associations #=> Integer
719
727
  #
720
728
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicy AWS API Documentation
721
729
  #
@@ -938,6 +946,9 @@ module Aws::NetworkFirewall
938
946
  # ],
939
947
  # },
940
948
  # },
949
+ # stateful_rule_options: {
950
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
951
+ # },
941
952
  # },
942
953
  # rules: "RulesString",
943
954
  # type: "STATELESS", # required, accepts STATELESS, STATEFUL
@@ -965,6 +976,8 @@ module Aws::NetworkFirewall
965
976
  # resp.rule_group_response.tags #=> Array
966
977
  # resp.rule_group_response.tags[0].key #=> String
967
978
  # resp.rule_group_response.tags[0].value #=> String
979
+ # resp.rule_group_response.consumed_capacity #=> Integer
980
+ # resp.rule_group_response.number_of_associations #=> Integer
968
981
  #
969
982
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup AWS API Documentation
970
983
  #
@@ -1083,6 +1096,9 @@ module Aws::NetworkFirewall
1083
1096
  # resp.firewall_policy_response.tags #=> Array
1084
1097
  # resp.firewall_policy_response.tags[0].key #=> String
1085
1098
  # resp.firewall_policy_response.tags[0].value #=> String
1099
+ # resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
1100
+ # resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
1101
+ # resp.firewall_policy_response.number_of_associations #=> Integer
1086
1102
  #
1087
1103
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallPolicy AWS API Documentation
1088
1104
  #
@@ -1164,6 +1180,8 @@ module Aws::NetworkFirewall
1164
1180
  # resp.rule_group_response.tags #=> Array
1165
1181
  # resp.rule_group_response.tags[0].key #=> String
1166
1182
  # resp.rule_group_response.tags[0].value #=> String
1183
+ # resp.rule_group_response.consumed_capacity #=> Integer
1184
+ # resp.rule_group_response.number_of_associations #=> Integer
1167
1185
  #
1168
1186
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup AWS API Documentation
1169
1187
  #
@@ -1273,6 +1291,9 @@ module Aws::NetworkFirewall
1273
1291
  # resp.firewall_policy_response.tags #=> Array
1274
1292
  # resp.firewall_policy_response.tags[0].key #=> String
1275
1293
  # resp.firewall_policy_response.tags[0].value #=> String
1294
+ # resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
1295
+ # resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
1296
+ # resp.firewall_policy_response.number_of_associations #=> Integer
1276
1297
  # resp.firewall_policy.stateless_rule_group_references #=> Array
1277
1298
  # resp.firewall_policy.stateless_rule_group_references[0].resource_arn #=> String
1278
1299
  # resp.firewall_policy.stateless_rule_group_references[0].priority #=> Integer
@@ -1286,6 +1307,10 @@ module Aws::NetworkFirewall
1286
1307
  # resp.firewall_policy.stateless_custom_actions[0].action_definition.publish_metric_action.dimensions[0].value #=> String
1287
1308
  # resp.firewall_policy.stateful_rule_group_references #=> Array
1288
1309
  # resp.firewall_policy.stateful_rule_group_references[0].resource_arn #=> String
1310
+ # resp.firewall_policy.stateful_rule_group_references[0].priority #=> Integer
1311
+ # resp.firewall_policy.stateful_default_actions #=> Array
1312
+ # resp.firewall_policy.stateful_default_actions[0] #=> String
1313
+ # resp.firewall_policy.stateful_engine_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
1289
1314
  #
1290
1315
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewallPolicy AWS API Documentation
1291
1316
  #
@@ -1458,6 +1483,7 @@ module Aws::NetworkFirewall
1458
1483
  # resp.rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions[0].action_name #=> String
1459
1484
  # resp.rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions[0].action_definition.publish_metric_action.dimensions #=> Array
1460
1485
  # resp.rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions[0].action_definition.publish_metric_action.dimensions[0].value #=> String
1486
+ # resp.rule_group.stateful_rule_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
1461
1487
  # resp.rule_group_response.rule_group_arn #=> String
1462
1488
  # resp.rule_group_response.rule_group_name #=> String
1463
1489
  # resp.rule_group_response.rule_group_id #=> String
@@ -1468,6 +1494,8 @@ module Aws::NetworkFirewall
1468
1494
  # resp.rule_group_response.tags #=> Array
1469
1495
  # resp.rule_group_response.tags[0].key #=> String
1470
1496
  # resp.rule_group_response.tags[0].value #=> String
1497
+ # resp.rule_group_response.consumed_capacity #=> Integer
1498
+ # resp.rule_group_response.number_of_associations #=> Integer
1471
1499
  #
1472
1500
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup AWS API Documentation
1473
1501
  #
@@ -2136,8 +2164,13 @@ module Aws::NetworkFirewall
2136
2164
  # stateful_rule_group_references: [
2137
2165
  # {
2138
2166
  # resource_arn: "ResourceArn", # required
2167
+ # priority: 1,
2139
2168
  # },
2140
2169
  # ],
2170
+ # stateful_default_actions: ["CollectionMember_String"],
2171
+ # stateful_engine_options: {
2172
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
2173
+ # },
2141
2174
  # },
2142
2175
  # description: "Description",
2143
2176
  # dry_run: false,
@@ -2154,6 +2187,9 @@ module Aws::NetworkFirewall
2154
2187
  # resp.firewall_policy_response.tags #=> Array
2155
2188
  # resp.firewall_policy_response.tags[0].key #=> String
2156
2189
  # resp.firewall_policy_response.tags[0].value #=> String
2190
+ # resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
2191
+ # resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
2192
+ # resp.firewall_policy_response.number_of_associations #=> Integer
2157
2193
  #
2158
2194
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicy AWS API Documentation
2159
2195
  #
@@ -2505,6 +2541,9 @@ module Aws::NetworkFirewall
2505
2541
  # ],
2506
2542
  # },
2507
2543
  # },
2544
+ # stateful_rule_options: {
2545
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
2546
+ # },
2508
2547
  # },
2509
2548
  # rules: "RulesString",
2510
2549
  # type: "STATELESS", # accepts STATELESS, STATEFUL
@@ -2525,6 +2564,8 @@ module Aws::NetworkFirewall
2525
2564
  # resp.rule_group_response.tags #=> Array
2526
2565
  # resp.rule_group_response.tags[0].key #=> String
2527
2566
  # resp.rule_group_response.tags[0].value #=> String
2567
+ # resp.rule_group_response.consumed_capacity #=> Integer
2568
+ # resp.rule_group_response.number_of_associations #=> Integer
2528
2569
  #
2529
2570
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup AWS API Documentation
2530
2571
  #
@@ -2617,7 +2658,7 @@ module Aws::NetworkFirewall
2617
2658
  params: params,
2618
2659
  config: config)
2619
2660
  context[:gem_name] = 'aws-sdk-networkfirewall'
2620
- context[:gem_version] = '1.5.0'
2661
+ context[:gem_version] = '1.9.0'
2621
2662
  Seahorse::Client::Request.new(handlers, context)
2622
2663
  end
2623
2664
 
@@ -105,6 +105,7 @@ module Aws::NetworkFirewall
105
105
  LogType = Shapes::StringShape.new(name: 'LogType')
106
106
  LoggingConfiguration = Shapes::StructureShape.new(name: 'LoggingConfiguration')
107
107
  MatchAttributes = Shapes::StructureShape.new(name: 'MatchAttributes')
108
+ NumberOfAssociations = Shapes::IntegerShape.new(name: 'NumberOfAssociations')
108
109
  PaginationMaxResults = Shapes::IntegerShape.new(name: 'PaginationMaxResults')
109
110
  PaginationToken = Shapes::StringShape.new(name: 'PaginationToken')
110
111
  PerObjectStatus = Shapes::StructureShape.new(name: 'PerObjectStatus')
@@ -137,6 +138,7 @@ module Aws::NetworkFirewall
137
138
  RuleGroups = Shapes::ListShape.new(name: 'RuleGroups')
138
139
  RuleOption = Shapes::StructureShape.new(name: 'RuleOption')
139
140
  RuleOptions = Shapes::ListShape.new(name: 'RuleOptions')
141
+ RuleOrder = Shapes::StringShape.new(name: 'RuleOrder')
140
142
  RuleTargets = Shapes::ListShape.new(name: 'RuleTargets')
141
143
  RuleVariableName = Shapes::StringShape.new(name: 'RuleVariableName')
142
144
  RuleVariables = Shapes::StructureShape.new(name: 'RuleVariables')
@@ -147,10 +149,13 @@ module Aws::NetworkFirewall
147
149
  Settings = Shapes::ListShape.new(name: 'Settings')
148
150
  Source = Shapes::StringShape.new(name: 'Source')
149
151
  StatefulAction = Shapes::StringShape.new(name: 'StatefulAction')
152
+ StatefulActions = Shapes::ListShape.new(name: 'StatefulActions')
153
+ StatefulEngineOptions = Shapes::StructureShape.new(name: 'StatefulEngineOptions')
150
154
  StatefulRule = Shapes::StructureShape.new(name: 'StatefulRule')
151
155
  StatefulRuleDirection = Shapes::StringShape.new(name: 'StatefulRuleDirection')
152
156
  StatefulRuleGroupReference = Shapes::StructureShape.new(name: 'StatefulRuleGroupReference')
153
157
  StatefulRuleGroupReferences = Shapes::ListShape.new(name: 'StatefulRuleGroupReferences')
158
+ StatefulRuleOptions = Shapes::StructureShape.new(name: 'StatefulRuleOptions')
154
159
  StatefulRuleProtocol = Shapes::StringShape.new(name: 'StatefulRuleProtocol')
155
160
  StatefulRules = Shapes::ListShape.new(name: 'StatefulRules')
156
161
  StatelessActions = Shapes::ListShape.new(name: 'StatelessActions')
@@ -397,6 +402,8 @@ module Aws::NetworkFirewall
397
402
  FirewallPolicy.add_member(:stateless_fragment_default_actions, Shapes::ShapeRef.new(shape: StatelessActions, required: true, location_name: "StatelessFragmentDefaultActions"))
398
403
  FirewallPolicy.add_member(:stateless_custom_actions, Shapes::ShapeRef.new(shape: CustomActions, location_name: "StatelessCustomActions"))
399
404
  FirewallPolicy.add_member(:stateful_rule_group_references, Shapes::ShapeRef.new(shape: StatefulRuleGroupReferences, location_name: "StatefulRuleGroupReferences"))
405
+ FirewallPolicy.add_member(:stateful_default_actions, Shapes::ShapeRef.new(shape: StatefulActions, location_name: "StatefulDefaultActions"))
406
+ FirewallPolicy.add_member(:stateful_engine_options, Shapes::ShapeRef.new(shape: StatefulEngineOptions, location_name: "StatefulEngineOptions"))
400
407
  FirewallPolicy.struct_class = Types::FirewallPolicy
401
408
 
402
409
  FirewallPolicyMetadata.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "Name"))
@@ -409,6 +416,9 @@ module Aws::NetworkFirewall
409
416
  FirewallPolicyResponse.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
410
417
  FirewallPolicyResponse.add_member(:firewall_policy_status, Shapes::ShapeRef.new(shape: ResourceStatus, location_name: "FirewallPolicyStatus"))
411
418
  FirewallPolicyResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
419
+ FirewallPolicyResponse.add_member(:consumed_stateless_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatelessRuleCapacity"))
420
+ FirewallPolicyResponse.add_member(:consumed_stateful_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatefulRuleCapacity"))
421
+ FirewallPolicyResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
412
422
  FirewallPolicyResponse.struct_class = Types::FirewallPolicyResponse
413
423
 
414
424
  FirewallStatus.add_member(:status, Shapes::ShapeRef.new(shape: FirewallStatusValue, required: true, location_name: "Status"))
@@ -552,6 +562,7 @@ module Aws::NetworkFirewall
552
562
 
553
563
  RuleGroup.add_member(:rule_variables, Shapes::ShapeRef.new(shape: RuleVariables, location_name: "RuleVariables"))
554
564
  RuleGroup.add_member(:rules_source, Shapes::ShapeRef.new(shape: RulesSource, required: true, location_name: "RulesSource"))
565
+ RuleGroup.add_member(:stateful_rule_options, Shapes::ShapeRef.new(shape: StatefulRuleOptions, location_name: "StatefulRuleOptions"))
555
566
  RuleGroup.struct_class = Types::RuleGroup
556
567
 
557
568
  RuleGroupMetadata.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "Name"))
@@ -566,6 +577,8 @@ module Aws::NetworkFirewall
566
577
  RuleGroupResponse.add_member(:capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "Capacity"))
567
578
  RuleGroupResponse.add_member(:rule_group_status, Shapes::ShapeRef.new(shape: ResourceStatus, location_name: "RuleGroupStatus"))
568
579
  RuleGroupResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
580
+ RuleGroupResponse.add_member(:consumed_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedCapacity"))
581
+ RuleGroupResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
569
582
  RuleGroupResponse.struct_class = Types::RuleGroupResponse
570
583
 
571
584
  RuleGroups.member = Shapes::ShapeRef.new(shape: RuleGroupMetadata)
@@ -595,16 +608,25 @@ module Aws::NetworkFirewall
595
608
 
596
609
  Settings.member = Shapes::ShapeRef.new(shape: Setting)
597
610
 
611
+ StatefulActions.member = Shapes::ShapeRef.new(shape: CollectionMember_String)
612
+
613
+ StatefulEngineOptions.add_member(:rule_order, Shapes::ShapeRef.new(shape: RuleOrder, location_name: "RuleOrder"))
614
+ StatefulEngineOptions.struct_class = Types::StatefulEngineOptions
615
+
598
616
  StatefulRule.add_member(:action, Shapes::ShapeRef.new(shape: StatefulAction, required: true, location_name: "Action"))
599
617
  StatefulRule.add_member(:header, Shapes::ShapeRef.new(shape: Header, required: true, location_name: "Header"))
600
618
  StatefulRule.add_member(:rule_options, Shapes::ShapeRef.new(shape: RuleOptions, required: true, location_name: "RuleOptions"))
601
619
  StatefulRule.struct_class = Types::StatefulRule
602
620
 
603
621
  StatefulRuleGroupReference.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ResourceArn"))
622
+ StatefulRuleGroupReference.add_member(:priority, Shapes::ShapeRef.new(shape: Priority, location_name: "Priority", metadata: {"box"=>true}))
604
623
  StatefulRuleGroupReference.struct_class = Types::StatefulRuleGroupReference
605
624
 
606
625
  StatefulRuleGroupReferences.member = Shapes::ShapeRef.new(shape: StatefulRuleGroupReference)
607
626
 
627
+ StatefulRuleOptions.add_member(:rule_order, Shapes::ShapeRef.new(shape: RuleOrder, location_name: "RuleOrder"))
628
+ StatefulRuleOptions.struct_class = Types::StatefulRuleOptions
629
+
608
630
  StatefulRules.member = Shapes::ShapeRef.new(shape: StatefulRule)
609
631
 
610
632
  StatelessActions.member = Shapes::ShapeRef.new(shape: CollectionMember_String)
@@ -889,6 +911,7 @@ module Aws::NetworkFirewall
889
911
  o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
890
912
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
891
913
  o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
914
+ o.errors << Shapes::ShapeRef.new(shape: InvalidResourcePolicyException)
892
915
  end)
893
916
 
894
917
  api.add_operation(:delete_rule_group, Seahorse::Model::Operation.new.tap do |o|
@@ -360,8 +360,13 @@ module Aws::NetworkFirewall
360
360
  # stateful_rule_group_references: [
361
361
  # {
362
362
  # resource_arn: "ResourceArn", # required
363
+ # priority: 1,
363
364
  # },
364
365
  # ],
366
+ # stateful_default_actions: ["CollectionMember_String"],
367
+ # stateful_engine_options: {
368
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
369
+ # },
365
370
  # },
366
371
  # description: "Description",
367
372
  # tags: [
@@ -663,6 +668,9 @@ module Aws::NetworkFirewall
663
668
  # ],
664
669
  # },
665
670
  # },
671
+ # stateful_rule_options: {
672
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
673
+ # },
666
674
  # },
667
675
  # rules: "RulesString",
668
676
  # type: "STATELESS", # required, accepts STATELESS, STATEFUL
@@ -1658,8 +1666,13 @@ module Aws::NetworkFirewall
1658
1666
  # stateful_rule_group_references: [
1659
1667
  # {
1660
1668
  # resource_arn: "ResourceArn", # required
1669
+ # priority: 1,
1661
1670
  # },
1662
1671
  # ],
1672
+ # stateful_default_actions: ["CollectionMember_String"],
1673
+ # stateful_engine_options: {
1674
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
1675
+ # },
1663
1676
  # }
1664
1677
  #
1665
1678
  # @!attribute [rw] stateless_rule_group_references
@@ -1709,10 +1722,22 @@ module Aws::NetworkFirewall
1709
1722
  # @return [Array<Types::CustomAction>]
1710
1723
  #
1711
1724
  # @!attribute [rw] stateful_rule_group_references
1712
- # References to the stateless rule groups that are used in the policy.
1725
+ # References to the stateful rule groups that are used in the policy.
1713
1726
  # These define the inspection criteria in stateful rules.
1714
1727
  # @return [Array<Types::StatefulRuleGroupReference>]
1715
1728
  #
1729
+ # @!attribute [rw] stateful_default_actions
1730
+ # The default actions to take on a packet that doesn't match any
1731
+ # stateful rules.
1732
+ # @return [Array<String>]
1733
+ #
1734
+ # @!attribute [rw] stateful_engine_options
1735
+ # Additional options governing how Network Firewall handles stateful
1736
+ # rules. The stateful rule groups that you use in your policy must
1737
+ # have stateful rule options settings that are compatible with these
1738
+ # settings.
1739
+ # @return [Types::StatefulEngineOptions]
1740
+ #
1716
1741
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicy AWS API Documentation
1717
1742
  #
1718
1743
  class FirewallPolicy < Struct.new(
@@ -1720,7 +1745,9 @@ module Aws::NetworkFirewall
1720
1745
  :stateless_default_actions,
1721
1746
  :stateless_fragment_default_actions,
1722
1747
  :stateless_custom_actions,
1723
- :stateful_rule_group_references)
1748
+ :stateful_rule_group_references,
1749
+ :stateful_default_actions,
1750
+ :stateful_engine_options)
1724
1751
  SENSITIVE = []
1725
1752
  include Aws::Structure
1726
1753
  end
@@ -1785,6 +1812,21 @@ module Aws::NetworkFirewall
1785
1812
  # The key:value pairs to associate with the resource.
1786
1813
  # @return [Array<Types::Tag>]
1787
1814
  #
1815
+ # @!attribute [rw] consumed_stateless_rule_capacity
1816
+ # The number of capacity units currently consumed by the policy's
1817
+ # stateless rules.
1818
+ # @return [Integer]
1819
+ #
1820
+ # @!attribute [rw] consumed_stateful_rule_capacity
1821
+ # The number of capacity units currently consumed by the policy's
1822
+ # stateful rules.
1823
+ # @return [Integer]
1824
+ #
1825
+ # @!attribute [rw] number_of_associations
1826
+ # The number of firewalls that are associated with this firewall
1827
+ # policy.
1828
+ # @return [Integer]
1829
+ #
1788
1830
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicyResponse AWS API Documentation
1789
1831
  #
1790
1832
  class FirewallPolicyResponse < Struct.new(
@@ -1793,7 +1835,10 @@ module Aws::NetworkFirewall
1793
1835
  :firewall_policy_id,
1794
1836
  :description,
1795
1837
  :firewall_policy_status,
1796
- :tags)
1838
+ :tags,
1839
+ :consumed_stateless_rule_capacity,
1840
+ :consumed_stateful_rule_capacity,
1841
+ :number_of_associations)
1797
1842
  SENSITIVE = []
1798
1843
  include Aws::Structure
1799
1844
  end
@@ -1846,9 +1891,9 @@ module Aws::NetworkFirewall
1846
1891
  include Aws::Structure
1847
1892
  end
1848
1893
 
1849
- # The 5-tuple criteria for AWS Network Firewall to use to inspect packet
1850
- # headers in stateful traffic flow inspection. Traffic flows that match
1851
- # the criteria are a match for the corresponding StatefulRule.
1894
+ # The basic rule criteria for AWS Network Firewall to use to inspect
1895
+ # packet headers in stateful traffic flow inspection. Traffic flows that
1896
+ # match the criteria are a match for the corresponding StatefulRule.
1852
1897
  #
1853
1898
  # @note When making an API call, you may pass Header
1854
1899
  # data as a hash:
@@ -1894,7 +1939,7 @@ module Aws::NetworkFirewall
1894
1939
  # @!attribute [rw] source_port
1895
1940
  # The source port to inspect for. You can specify an individual port,
1896
1941
  # for example `1994` and you can specify a port range, for example
1897
- # `1990-1994`. To match with any port, specify `ANY`.
1942
+ # `1990:1994`. To match with any port, specify `ANY`.
1898
1943
  # @return [String]
1899
1944
  #
1900
1945
  # @!attribute [rw] direction
@@ -1932,7 +1977,7 @@ module Aws::NetworkFirewall
1932
1977
  # @!attribute [rw] destination_port
1933
1978
  # The destination port to inspect for. You can specify an individual
1934
1979
  # port, for example `1994` and you can specify a port range, for
1935
- # example `1990-1994`. To match with any port, specify `ANY`.
1980
+ # example `1990:1994`. To match with any port, specify `ANY`.
1936
1981
  # @return [String]
1937
1982
  #
1938
1983
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Header AWS API Documentation
@@ -2034,6 +2079,8 @@ module Aws::NetworkFirewall
2034
2079
  include Aws::Structure
2035
2080
  end
2036
2081
 
2082
+ # The policy statement failed validation.
2083
+ #
2037
2084
  # @!attribute [rw] message
2038
2085
  # @return [String]
2039
2086
  #
@@ -2475,7 +2522,7 @@ module Aws::NetworkFirewall
2475
2522
  # 17 (UDP).
2476
2523
  #
2477
2524
  # You can specify individual ports, for example `1994` and you can
2478
- # specify port ranges, for example `1990-1994`.
2525
+ # specify port ranges, for example `1990:1994`.
2479
2526
  # @return [Array<Types::PortRange>]
2480
2527
  #
2481
2528
  # @!attribute [rw] destination_ports
@@ -2484,7 +2531,7 @@ module Aws::NetworkFirewall
2484
2531
  # (TCP) and 17 (UDP).
2485
2532
  #
2486
2533
  # You can specify individual ports, for example `1994` and you can
2487
- # specify port ranges, for example `1990-1994`.
2534
+ # specify port ranges, for example `1990:1994`.
2488
2535
  # @return [Array<Types::PortRange>]
2489
2536
  #
2490
2537
  # @!attribute [rw] protocols
@@ -2687,6 +2734,8 @@ module Aws::NetworkFirewall
2687
2734
  include Aws::Structure
2688
2735
  end
2689
2736
 
2737
+ # Unable to change the resource because your account doesn't own it.
2738
+ #
2690
2739
  # @!attribute [rw] message
2691
2740
  # @return [String]
2692
2741
  #
@@ -2907,6 +2956,9 @@ module Aws::NetworkFirewall
2907
2956
  # ],
2908
2957
  # },
2909
2958
  # },
2959
+ # stateful_rule_options: {
2960
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
2961
+ # },
2910
2962
  # }
2911
2963
  #
2912
2964
  # @!attribute [rw] rule_variables
@@ -2918,11 +2970,19 @@ module Aws::NetworkFirewall
2918
2970
  # The stateful rules or stateless rules for the rule group.
2919
2971
  # @return [Types::RulesSource]
2920
2972
  #
2973
+ # @!attribute [rw] stateful_rule_options
2974
+ # Additional options governing how Network Firewall handles stateful
2975
+ # rules. The policies where you use your stateful rule group must have
2976
+ # stateful rule options settings that are compatible with these
2977
+ # settings.
2978
+ # @return [Types::StatefulRuleOptions]
2979
+ #
2921
2980
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroup AWS API Documentation
2922
2981
  #
2923
2982
  class RuleGroup < Struct.new(
2924
2983
  :rule_variables,
2925
- :rules_source)
2984
+ :rules_source,
2985
+ :stateful_rule_options)
2926
2986
  SENSITIVE = []
2927
2987
  include Aws::Structure
2928
2988
  end
@@ -3002,6 +3062,15 @@ module Aws::NetworkFirewall
3002
3062
  # The key:value pairs to associate with the resource.
3003
3063
  # @return [Array<Types::Tag>]
3004
3064
  #
3065
+ # @!attribute [rw] consumed_capacity
3066
+ # The number of capacity units currently consumed by the rule group
3067
+ # rules.
3068
+ # @return [Integer]
3069
+ #
3070
+ # @!attribute [rw] number_of_associations
3071
+ # The number of firewall policies that use this rule group.
3072
+ # @return [Integer]
3073
+ #
3005
3074
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroupResponse AWS API Documentation
3006
3075
  #
3007
3076
  class RuleGroupResponse < Struct.new(
@@ -3012,7 +3081,9 @@ module Aws::NetworkFirewall
3012
3081
  :type,
3013
3082
  :capacity,
3014
3083
  :rule_group_status,
3015
- :tags)
3084
+ :tags,
3085
+ :consumed_capacity,
3086
+ :number_of_associations)
3016
3087
  SENSITIVE = []
3017
3088
  include Aws::Structure
3018
3089
  end
@@ -3185,9 +3256,15 @@ module Aws::NetworkFirewall
3185
3256
  # @return [Types::RulesSourceList]
3186
3257
  #
3187
3258
  # @!attribute [rw] stateful_rules
3188
- # The 5-tuple stateful inspection criteria. This contains an array of
3189
- # individual 5-tuple stateful rules to be used together in a stateful
3190
- # rule group.
3259
+ # An array of individual stateful rules inspection criteria to be used
3260
+ # together in a stateful rule group. Use this option to specify simple
3261
+ # Suricata rules with protocol, source and destination, ports,
3262
+ # direction, and rule options. For information about the Suricata
3263
+ # `Rules` format, see [Rules Format][1].
3264
+ #
3265
+ #
3266
+ #
3267
+ # [1]: https://suricata.readthedocs.io/en/suricata-5.0.0/rules/intro.html#
3191
3268
  # @return [Array<Types::StatefulRule>]
3192
3269
  #
3193
3270
  # @!attribute [rw] stateless_rules_and_custom_actions
@@ -3216,7 +3293,7 @@ module Aws::NetworkFirewall
3216
3293
  # `HOME_NET` rule variable to include the CIDR range of the deployment
3217
3294
  # VPC plus the other CIDR ranges. For more information, see
3218
3295
  # RuleVariables in this guide and [Stateful domain list rule groups in
3219
- # AWS Network Firewall][1] in the *Network Firewall Developer Guide*
3296
+ # AWS Network Firewall][1] in the *Network Firewall Developer Guide*.
3220
3297
  #
3221
3298
  #
3222
3299
  #
@@ -3247,7 +3324,7 @@ module Aws::NetworkFirewall
3247
3324
  #
3248
3325
  # @!attribute [rw] target_types
3249
3326
  # The protocols you want to inspect. Specify `TLS_SNI` for `HTTPS`.
3250
- # Specity `HTTP_HOST` for `HTTP`. You can specify either or both.
3327
+ # Specify `HTTP_HOST` for `HTTP`. You can specify either or both.
3251
3328
  # @return [Array<String>]
3252
3329
  #
3253
3330
  # @!attribute [rw] generated_rules_type
@@ -3265,7 +3342,44 @@ module Aws::NetworkFirewall
3265
3342
  include Aws::Structure
3266
3343
  end
3267
3344
 
3268
- # A single 5-tuple stateful rule, for use in a stateful rule group.
3345
+ # Configuration settings for the handling of the stateful rule groups in
3346
+ # a firewall policy.
3347
+ #
3348
+ # @note When making an API call, you may pass StatefulEngineOptions
3349
+ # data as a hash:
3350
+ #
3351
+ # {
3352
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
3353
+ # }
3354
+ #
3355
+ # @!attribute [rw] rule_order
3356
+ # Indicates how to manage the order of stateful rule evaluation for
3357
+ # the policy. By default, Network Firewall leaves the rule evaluation
3358
+ # order up to the Suricata rule processing engine. If you set this to
3359
+ # `STRICT_ORDER`, your rules are evaluated in the exact order that you
3360
+ # provide them in the policy. With strict ordering, the rule groups
3361
+ # are evaluated by order of priority, starting from the lowest number,
3362
+ # and the rules in each rule group are processed in the order that
3363
+ # they're defined.
3364
+ # @return [String]
3365
+ #
3366
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulEngineOptions AWS API Documentation
3367
+ #
3368
+ class StatefulEngineOptions < Struct.new(
3369
+ :rule_order)
3370
+ SENSITIVE = []
3371
+ include Aws::Structure
3372
+ end
3373
+
3374
+ # A single Suricata rules specification, for use in a stateful rule
3375
+ # group. Use this option to specify a simple Suricata rule with
3376
+ # protocol, source and destination, ports, direction, and rule options.
3377
+ # For information about the Suricata `Rules` format, see [Rules
3378
+ # Format][1].
3379
+ #
3380
+ #
3381
+ #
3382
+ # [1]: https://suricata.readthedocs.io/en/suricata-5.0.0/rules/intro.html#
3269
3383
  #
3270
3384
  # @note When making an API call, you may pass StatefulRule
3271
3385
  # data as a hash:
@@ -3313,11 +3427,13 @@ module Aws::NetworkFirewall
3313
3427
  # @return [String]
3314
3428
  #
3315
3429
  # @!attribute [rw] header
3316
- # The stateful 5-tuple inspection criteria for this rule, used to
3317
- # inspect traffic flows.
3430
+ # The stateful inspection criteria for this rule, used to inspect
3431
+ # traffic flows.
3318
3432
  # @return [Types::Header]
3319
3433
  #
3320
3434
  # @!attribute [rw] rule_options
3435
+ # Additional options for the rule. These are the Suricata
3436
+ # `RuleOptions` settings.
3321
3437
  # @return [Array<Types::RuleOption>]
3322
3438
  #
3323
3439
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRule AWS API Documentation
@@ -3338,16 +3454,61 @@ module Aws::NetworkFirewall
3338
3454
  #
3339
3455
  # {
3340
3456
  # resource_arn: "ResourceArn", # required
3457
+ # priority: 1,
3341
3458
  # }
3342
3459
  #
3343
3460
  # @!attribute [rw] resource_arn
3344
3461
  # The Amazon Resource Name (ARN) of the stateful rule group.
3345
3462
  # @return [String]
3346
3463
  #
3464
+ # @!attribute [rw] priority
3465
+ # An integer setting that indicates the order in which to run the
3466
+ # stateful rule groups in a single FirewallPolicy. This setting only
3467
+ # applies to firewall policies that specify the `STRICT_ORDER` rule
3468
+ # order in the stateful engine options settings.
3469
+ #
3470
+ # Network Firewall evalutes each stateful rule group against a packet
3471
+ # starting with the group that has the lowest priority setting. You
3472
+ # must ensure that the priority settings are unique within each
3473
+ # policy.
3474
+ #
3475
+ # You can change the priority settings of your rule groups at any
3476
+ # time. To make it easier to insert rule groups later, number them so
3477
+ # there's a wide range in between, for example use 100, 200, and so
3478
+ # on.
3479
+ # @return [Integer]
3480
+ #
3347
3481
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleGroupReference AWS API Documentation
3348
3482
  #
3349
3483
  class StatefulRuleGroupReference < Struct.new(
3350
- :resource_arn)
3484
+ :resource_arn,
3485
+ :priority)
3486
+ SENSITIVE = []
3487
+ include Aws::Structure
3488
+ end
3489
+
3490
+ # Additional options governing how Network Firewall handles the rule
3491
+ # group. You can only use these for stateful rule groups.
3492
+ #
3493
+ # @note When making an API call, you may pass StatefulRuleOptions
3494
+ # data as a hash:
3495
+ #
3496
+ # {
3497
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
3498
+ # }
3499
+ #
3500
+ # @!attribute [rw] rule_order
3501
+ # Indicates how to manage the order of the rule evaluation for the
3502
+ # rule group. By default, Network Firewall leaves the rule evaluation
3503
+ # order up to the Suricata rule processing engine. If you set this to
3504
+ # `STRICT_ORDER`, your rules are evaluated in the exact order that
3505
+ # they're listed in your Suricata rules string.
3506
+ # @return [String]
3507
+ #
3508
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleOptions AWS API Documentation
3509
+ #
3510
+ class StatefulRuleOptions < Struct.new(
3511
+ :rule_order)
3351
3512
  SENSITIVE = []
3352
3513
  include Aws::Structure
3353
3514
  end
@@ -3402,11 +3563,11 @@ module Aws::NetworkFirewall
3402
3563
  # @return [Types::RuleDefinition]
3403
3564
  #
3404
3565
  # @!attribute [rw] priority
3405
- # A setting that indicates the order in which to run this rule
3406
- # relative to all of the rules that are defined for a stateless rule
3407
- # group. Network Firewall evaluates the rules in a rule group starting
3408
- # with the lowest priority setting. You must ensure that the priority
3409
- # settings are unique for the rule group.
3566
+ # Indicates the order in which to run this rule relative to all of the
3567
+ # rules that are defined for a stateless rule group. Network Firewall
3568
+ # evaluates the rules in a rule group starting with the lowest
3569
+ # priority setting. You must ensure that the priority settings are
3570
+ # unique for the rule group.
3410
3571
  #
3411
3572
  # Each stateless rule group uses exactly one
3412
3573
  # `StatelessRulesAndCustomActions` object, and each
@@ -4127,8 +4288,13 @@ module Aws::NetworkFirewall
4127
4288
  # stateful_rule_group_references: [
4128
4289
  # {
4129
4290
  # resource_arn: "ResourceArn", # required
4291
+ # priority: 1,
4130
4292
  # },
4131
4293
  # ],
4294
+ # stateful_default_actions: ["CollectionMember_String"],
4295
+ # stateful_engine_options: {
4296
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
4297
+ # },
4132
4298
  # },
4133
4299
  # description: "Description",
4134
4300
  # dry_run: false,
@@ -4400,6 +4566,9 @@ module Aws::NetworkFirewall
4400
4566
  # ],
4401
4567
  # },
4402
4568
  # },
4569
+ # stateful_rule_options: {
4570
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
4571
+ # },
4403
4572
  # },
4404
4573
  # rules: "RulesString",
4405
4574
  # type: "STATELESS", # accepts STATELESS, STATEFUL
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
48
48
  # @!group service
49
49
  module Aws::NetworkFirewall
50
50
 
51
- GEM_VERSION = '1.5.0'
51
+ GEM_VERSION = '1.9.0'
52
52
 
53
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-networkfirewall
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.0
4
+ version: 1.9.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-07-28 00:00:00.000000000 Z
11
+ date: 2021-10-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '3'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
- version: 3.118.0
22
+ version: 3.121.2
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: '3'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
- version: 3.118.0
32
+ version: 3.121.2
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: aws-sigv4
35
35
  requirement: !ruby/object:Gem::Requirement
@@ -76,7 +76,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
76
76
  requirements:
77
77
  - - ">="
78
78
  - !ruby/object:Gem::Version
79
- version: '0'
79
+ version: '2.3'
80
80
  required_rubygems_version: !ruby/object:Gem::Requirement
81
81
  requirements:
82
82
  - - ">="