aws-sdk-networkfirewall 1.6.0 → 1.10.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 0a918d5adb83b379e4372d76f7daae33c3a3c9630a66070075bf57381b87aed3
4
- data.tar.gz: 3207e1372fe4452e9efb1576c7311160c7f66687dffce1cb30b0a23ebb97654d
3
+ metadata.gz: c214b92e8533c598b8b59e26b3f5f568b764139b0c1529f1b651cd5ddc4bb581
4
+ data.tar.gz: 385d81aa5c513ad5191695ae677f71d95bc364e1f9d22f350dcc9442054d7dc0
5
5
  SHA512:
6
- metadata.gz: ff2127549109005136efbd56b15d2954de917fe2748f65f8bf4deabb5760930c152e4e4ece2916f9457ff931b46ed39bf3f45dbc4074419682d83ded86e165c3
7
- data.tar.gz: c5d4348eefd2d0ee5b802c3acac620bfbb127958799e6adeabf62b02b282c165de816ee52be5c81f7b30554489f4b0d73ad5664980e959cb29abb41ee0bca28c
6
+ metadata.gz: c7d052801d322cb0bb18a67d9a853e8e3eba57ac64fbf3c18c3b85741bfdfbd38d5e06f9fef8072e04ec64c81b03fcf1eb7b7dfaaa31408ff868eb505b50517f
7
+ data.tar.gz: ab026d0b0dbe4e03968d7283b5de36356adcabaf2d13518d6af48ad4f7416f14f7881a4528e0a0e5a49dc2c8e9cf316d468197f4f17dc190999b42fd1bfa73ef
data/CHANGELOG.md CHANGED
@@ -1,6 +1,26 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.10.0 (2021-11-04)
5
+ ------------------
6
+
7
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
8
+
9
+ 1.9.0 (2021-10-18)
10
+ ------------------
11
+
12
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
13
+
14
+ 1.8.0 (2021-09-30)
15
+ ------------------
16
+
17
+ * Feature - This release adds support for strict ordering for stateful rule groups. Using strict ordering, stateful rules are evaluated in the exact order in which you provide them.
18
+
19
+ 1.7.0 (2021-09-01)
20
+ ------------------
21
+
22
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
23
+
4
24
  1.6.0 (2021-07-30)
5
25
  ------------------
6
26
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.6.0
1
+ 1.10.0
@@ -285,6 +285,15 @@ module Aws::NetworkFirewall
285
285
  # ** Please note ** When response stubbing is enabled, no HTTP
286
286
  # requests are made, and retries are disabled.
287
287
  #
288
+ # @option options [Boolean] :use_dualstack_endpoint
289
+ # When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
290
+ # will be used if available.
291
+ #
292
+ # @option options [Boolean] :use_fips_endpoint
293
+ # When set to `true`, fips compatible endpoints will be used if available.
294
+ # When a `fips` region is used, the region is normalized and this config
295
+ # is set to `true`.
296
+ #
288
297
  # @option options [Boolean] :validate_params (true)
289
298
  # When `true`, request parameters are validated before
290
299
  # sending the request.
@@ -692,8 +701,13 @@ module Aws::NetworkFirewall
692
701
  # stateful_rule_group_references: [
693
702
  # {
694
703
  # resource_arn: "ResourceArn", # required
704
+ # priority: 1,
695
705
  # },
696
706
  # ],
707
+ # stateful_default_actions: ["CollectionMember_String"],
708
+ # stateful_engine_options: {
709
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
710
+ # },
697
711
  # },
698
712
  # description: "Description",
699
713
  # tags: [
@@ -716,6 +730,9 @@ module Aws::NetworkFirewall
716
730
  # resp.firewall_policy_response.tags #=> Array
717
731
  # resp.firewall_policy_response.tags[0].key #=> String
718
732
  # resp.firewall_policy_response.tags[0].value #=> String
733
+ # resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
734
+ # resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
735
+ # resp.firewall_policy_response.number_of_associations #=> Integer
719
736
  #
720
737
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicy AWS API Documentation
721
738
  #
@@ -938,6 +955,9 @@ module Aws::NetworkFirewall
938
955
  # ],
939
956
  # },
940
957
  # },
958
+ # stateful_rule_options: {
959
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
960
+ # },
941
961
  # },
942
962
  # rules: "RulesString",
943
963
  # type: "STATELESS", # required, accepts STATELESS, STATEFUL
@@ -965,6 +985,8 @@ module Aws::NetworkFirewall
965
985
  # resp.rule_group_response.tags #=> Array
966
986
  # resp.rule_group_response.tags[0].key #=> String
967
987
  # resp.rule_group_response.tags[0].value #=> String
988
+ # resp.rule_group_response.consumed_capacity #=> Integer
989
+ # resp.rule_group_response.number_of_associations #=> Integer
968
990
  #
969
991
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup AWS API Documentation
970
992
  #
@@ -1083,6 +1105,9 @@ module Aws::NetworkFirewall
1083
1105
  # resp.firewall_policy_response.tags #=> Array
1084
1106
  # resp.firewall_policy_response.tags[0].key #=> String
1085
1107
  # resp.firewall_policy_response.tags[0].value #=> String
1108
+ # resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
1109
+ # resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
1110
+ # resp.firewall_policy_response.number_of_associations #=> Integer
1086
1111
  #
1087
1112
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallPolicy AWS API Documentation
1088
1113
  #
@@ -1164,6 +1189,8 @@ module Aws::NetworkFirewall
1164
1189
  # resp.rule_group_response.tags #=> Array
1165
1190
  # resp.rule_group_response.tags[0].key #=> String
1166
1191
  # resp.rule_group_response.tags[0].value #=> String
1192
+ # resp.rule_group_response.consumed_capacity #=> Integer
1193
+ # resp.rule_group_response.number_of_associations #=> Integer
1167
1194
  #
1168
1195
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup AWS API Documentation
1169
1196
  #
@@ -1273,6 +1300,9 @@ module Aws::NetworkFirewall
1273
1300
  # resp.firewall_policy_response.tags #=> Array
1274
1301
  # resp.firewall_policy_response.tags[0].key #=> String
1275
1302
  # resp.firewall_policy_response.tags[0].value #=> String
1303
+ # resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
1304
+ # resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
1305
+ # resp.firewall_policy_response.number_of_associations #=> Integer
1276
1306
  # resp.firewall_policy.stateless_rule_group_references #=> Array
1277
1307
  # resp.firewall_policy.stateless_rule_group_references[0].resource_arn #=> String
1278
1308
  # resp.firewall_policy.stateless_rule_group_references[0].priority #=> Integer
@@ -1286,6 +1316,10 @@ module Aws::NetworkFirewall
1286
1316
  # resp.firewall_policy.stateless_custom_actions[0].action_definition.publish_metric_action.dimensions[0].value #=> String
1287
1317
  # resp.firewall_policy.stateful_rule_group_references #=> Array
1288
1318
  # resp.firewall_policy.stateful_rule_group_references[0].resource_arn #=> String
1319
+ # resp.firewall_policy.stateful_rule_group_references[0].priority #=> Integer
1320
+ # resp.firewall_policy.stateful_default_actions #=> Array
1321
+ # resp.firewall_policy.stateful_default_actions[0] #=> String
1322
+ # resp.firewall_policy.stateful_engine_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
1289
1323
  #
1290
1324
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewallPolicy AWS API Documentation
1291
1325
  #
@@ -1458,6 +1492,7 @@ module Aws::NetworkFirewall
1458
1492
  # resp.rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions[0].action_name #=> String
1459
1493
  # resp.rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions[0].action_definition.publish_metric_action.dimensions #=> Array
1460
1494
  # resp.rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions[0].action_definition.publish_metric_action.dimensions[0].value #=> String
1495
+ # resp.rule_group.stateful_rule_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
1461
1496
  # resp.rule_group_response.rule_group_arn #=> String
1462
1497
  # resp.rule_group_response.rule_group_name #=> String
1463
1498
  # resp.rule_group_response.rule_group_id #=> String
@@ -1468,6 +1503,8 @@ module Aws::NetworkFirewall
1468
1503
  # resp.rule_group_response.tags #=> Array
1469
1504
  # resp.rule_group_response.tags[0].key #=> String
1470
1505
  # resp.rule_group_response.tags[0].value #=> String
1506
+ # resp.rule_group_response.consumed_capacity #=> Integer
1507
+ # resp.rule_group_response.number_of_associations #=> Integer
1471
1508
  #
1472
1509
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup AWS API Documentation
1473
1510
  #
@@ -2136,8 +2173,13 @@ module Aws::NetworkFirewall
2136
2173
  # stateful_rule_group_references: [
2137
2174
  # {
2138
2175
  # resource_arn: "ResourceArn", # required
2176
+ # priority: 1,
2139
2177
  # },
2140
2178
  # ],
2179
+ # stateful_default_actions: ["CollectionMember_String"],
2180
+ # stateful_engine_options: {
2181
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
2182
+ # },
2141
2183
  # },
2142
2184
  # description: "Description",
2143
2185
  # dry_run: false,
@@ -2154,6 +2196,9 @@ module Aws::NetworkFirewall
2154
2196
  # resp.firewall_policy_response.tags #=> Array
2155
2197
  # resp.firewall_policy_response.tags[0].key #=> String
2156
2198
  # resp.firewall_policy_response.tags[0].value #=> String
2199
+ # resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
2200
+ # resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
2201
+ # resp.firewall_policy_response.number_of_associations #=> Integer
2157
2202
  #
2158
2203
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicy AWS API Documentation
2159
2204
  #
@@ -2505,6 +2550,9 @@ module Aws::NetworkFirewall
2505
2550
  # ],
2506
2551
  # },
2507
2552
  # },
2553
+ # stateful_rule_options: {
2554
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
2555
+ # },
2508
2556
  # },
2509
2557
  # rules: "RulesString",
2510
2558
  # type: "STATELESS", # accepts STATELESS, STATEFUL
@@ -2525,6 +2573,8 @@ module Aws::NetworkFirewall
2525
2573
  # resp.rule_group_response.tags #=> Array
2526
2574
  # resp.rule_group_response.tags[0].key #=> String
2527
2575
  # resp.rule_group_response.tags[0].value #=> String
2576
+ # resp.rule_group_response.consumed_capacity #=> Integer
2577
+ # resp.rule_group_response.number_of_associations #=> Integer
2528
2578
  #
2529
2579
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup AWS API Documentation
2530
2580
  #
@@ -2617,7 +2667,7 @@ module Aws::NetworkFirewall
2617
2667
  params: params,
2618
2668
  config: config)
2619
2669
  context[:gem_name] = 'aws-sdk-networkfirewall'
2620
- context[:gem_version] = '1.6.0'
2670
+ context[:gem_version] = '1.10.0'
2621
2671
  Seahorse::Client::Request.new(handlers, context)
2622
2672
  end
2623
2673
 
@@ -105,6 +105,7 @@ module Aws::NetworkFirewall
105
105
  LogType = Shapes::StringShape.new(name: 'LogType')
106
106
  LoggingConfiguration = Shapes::StructureShape.new(name: 'LoggingConfiguration')
107
107
  MatchAttributes = Shapes::StructureShape.new(name: 'MatchAttributes')
108
+ NumberOfAssociations = Shapes::IntegerShape.new(name: 'NumberOfAssociations')
108
109
  PaginationMaxResults = Shapes::IntegerShape.new(name: 'PaginationMaxResults')
109
110
  PaginationToken = Shapes::StringShape.new(name: 'PaginationToken')
110
111
  PerObjectStatus = Shapes::StructureShape.new(name: 'PerObjectStatus')
@@ -137,6 +138,7 @@ module Aws::NetworkFirewall
137
138
  RuleGroups = Shapes::ListShape.new(name: 'RuleGroups')
138
139
  RuleOption = Shapes::StructureShape.new(name: 'RuleOption')
139
140
  RuleOptions = Shapes::ListShape.new(name: 'RuleOptions')
141
+ RuleOrder = Shapes::StringShape.new(name: 'RuleOrder')
140
142
  RuleTargets = Shapes::ListShape.new(name: 'RuleTargets')
141
143
  RuleVariableName = Shapes::StringShape.new(name: 'RuleVariableName')
142
144
  RuleVariables = Shapes::StructureShape.new(name: 'RuleVariables')
@@ -147,10 +149,13 @@ module Aws::NetworkFirewall
147
149
  Settings = Shapes::ListShape.new(name: 'Settings')
148
150
  Source = Shapes::StringShape.new(name: 'Source')
149
151
  StatefulAction = Shapes::StringShape.new(name: 'StatefulAction')
152
+ StatefulActions = Shapes::ListShape.new(name: 'StatefulActions')
153
+ StatefulEngineOptions = Shapes::StructureShape.new(name: 'StatefulEngineOptions')
150
154
  StatefulRule = Shapes::StructureShape.new(name: 'StatefulRule')
151
155
  StatefulRuleDirection = Shapes::StringShape.new(name: 'StatefulRuleDirection')
152
156
  StatefulRuleGroupReference = Shapes::StructureShape.new(name: 'StatefulRuleGroupReference')
153
157
  StatefulRuleGroupReferences = Shapes::ListShape.new(name: 'StatefulRuleGroupReferences')
158
+ StatefulRuleOptions = Shapes::StructureShape.new(name: 'StatefulRuleOptions')
154
159
  StatefulRuleProtocol = Shapes::StringShape.new(name: 'StatefulRuleProtocol')
155
160
  StatefulRules = Shapes::ListShape.new(name: 'StatefulRules')
156
161
  StatelessActions = Shapes::ListShape.new(name: 'StatelessActions')
@@ -397,6 +402,8 @@ module Aws::NetworkFirewall
397
402
  FirewallPolicy.add_member(:stateless_fragment_default_actions, Shapes::ShapeRef.new(shape: StatelessActions, required: true, location_name: "StatelessFragmentDefaultActions"))
398
403
  FirewallPolicy.add_member(:stateless_custom_actions, Shapes::ShapeRef.new(shape: CustomActions, location_name: "StatelessCustomActions"))
399
404
  FirewallPolicy.add_member(:stateful_rule_group_references, Shapes::ShapeRef.new(shape: StatefulRuleGroupReferences, location_name: "StatefulRuleGroupReferences"))
405
+ FirewallPolicy.add_member(:stateful_default_actions, Shapes::ShapeRef.new(shape: StatefulActions, location_name: "StatefulDefaultActions"))
406
+ FirewallPolicy.add_member(:stateful_engine_options, Shapes::ShapeRef.new(shape: StatefulEngineOptions, location_name: "StatefulEngineOptions"))
400
407
  FirewallPolicy.struct_class = Types::FirewallPolicy
401
408
 
402
409
  FirewallPolicyMetadata.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "Name"))
@@ -409,6 +416,9 @@ module Aws::NetworkFirewall
409
416
  FirewallPolicyResponse.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
410
417
  FirewallPolicyResponse.add_member(:firewall_policy_status, Shapes::ShapeRef.new(shape: ResourceStatus, location_name: "FirewallPolicyStatus"))
411
418
  FirewallPolicyResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
419
+ FirewallPolicyResponse.add_member(:consumed_stateless_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatelessRuleCapacity"))
420
+ FirewallPolicyResponse.add_member(:consumed_stateful_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatefulRuleCapacity"))
421
+ FirewallPolicyResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
412
422
  FirewallPolicyResponse.struct_class = Types::FirewallPolicyResponse
413
423
 
414
424
  FirewallStatus.add_member(:status, Shapes::ShapeRef.new(shape: FirewallStatusValue, required: true, location_name: "Status"))
@@ -552,6 +562,7 @@ module Aws::NetworkFirewall
552
562
 
553
563
  RuleGroup.add_member(:rule_variables, Shapes::ShapeRef.new(shape: RuleVariables, location_name: "RuleVariables"))
554
564
  RuleGroup.add_member(:rules_source, Shapes::ShapeRef.new(shape: RulesSource, required: true, location_name: "RulesSource"))
565
+ RuleGroup.add_member(:stateful_rule_options, Shapes::ShapeRef.new(shape: StatefulRuleOptions, location_name: "StatefulRuleOptions"))
555
566
  RuleGroup.struct_class = Types::RuleGroup
556
567
 
557
568
  RuleGroupMetadata.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "Name"))
@@ -566,6 +577,8 @@ module Aws::NetworkFirewall
566
577
  RuleGroupResponse.add_member(:capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "Capacity"))
567
578
  RuleGroupResponse.add_member(:rule_group_status, Shapes::ShapeRef.new(shape: ResourceStatus, location_name: "RuleGroupStatus"))
568
579
  RuleGroupResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
580
+ RuleGroupResponse.add_member(:consumed_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedCapacity"))
581
+ RuleGroupResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
569
582
  RuleGroupResponse.struct_class = Types::RuleGroupResponse
570
583
 
571
584
  RuleGroups.member = Shapes::ShapeRef.new(shape: RuleGroupMetadata)
@@ -595,16 +608,25 @@ module Aws::NetworkFirewall
595
608
 
596
609
  Settings.member = Shapes::ShapeRef.new(shape: Setting)
597
610
 
611
+ StatefulActions.member = Shapes::ShapeRef.new(shape: CollectionMember_String)
612
+
613
+ StatefulEngineOptions.add_member(:rule_order, Shapes::ShapeRef.new(shape: RuleOrder, location_name: "RuleOrder"))
614
+ StatefulEngineOptions.struct_class = Types::StatefulEngineOptions
615
+
598
616
  StatefulRule.add_member(:action, Shapes::ShapeRef.new(shape: StatefulAction, required: true, location_name: "Action"))
599
617
  StatefulRule.add_member(:header, Shapes::ShapeRef.new(shape: Header, required: true, location_name: "Header"))
600
618
  StatefulRule.add_member(:rule_options, Shapes::ShapeRef.new(shape: RuleOptions, required: true, location_name: "RuleOptions"))
601
619
  StatefulRule.struct_class = Types::StatefulRule
602
620
 
603
621
  StatefulRuleGroupReference.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ResourceArn"))
622
+ StatefulRuleGroupReference.add_member(:priority, Shapes::ShapeRef.new(shape: Priority, location_name: "Priority", metadata: {"box"=>true}))
604
623
  StatefulRuleGroupReference.struct_class = Types::StatefulRuleGroupReference
605
624
 
606
625
  StatefulRuleGroupReferences.member = Shapes::ShapeRef.new(shape: StatefulRuleGroupReference)
607
626
 
627
+ StatefulRuleOptions.add_member(:rule_order, Shapes::ShapeRef.new(shape: RuleOrder, location_name: "RuleOrder"))
628
+ StatefulRuleOptions.struct_class = Types::StatefulRuleOptions
629
+
608
630
  StatefulRules.member = Shapes::ShapeRef.new(shape: StatefulRule)
609
631
 
610
632
  StatelessActions.member = Shapes::ShapeRef.new(shape: CollectionMember_String)
@@ -889,6 +911,7 @@ module Aws::NetworkFirewall
889
911
  o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
890
912
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
891
913
  o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
914
+ o.errors << Shapes::ShapeRef.new(shape: InvalidResourcePolicyException)
892
915
  end)
893
916
 
894
917
  api.add_operation(:delete_rule_group, Seahorse::Model::Operation.new.tap do |o|
@@ -360,8 +360,13 @@ module Aws::NetworkFirewall
360
360
  # stateful_rule_group_references: [
361
361
  # {
362
362
  # resource_arn: "ResourceArn", # required
363
+ # priority: 1,
363
364
  # },
364
365
  # ],
366
+ # stateful_default_actions: ["CollectionMember_String"],
367
+ # stateful_engine_options: {
368
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
369
+ # },
365
370
  # },
366
371
  # description: "Description",
367
372
  # tags: [
@@ -663,6 +668,9 @@ module Aws::NetworkFirewall
663
668
  # ],
664
669
  # },
665
670
  # },
671
+ # stateful_rule_options: {
672
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
673
+ # },
666
674
  # },
667
675
  # rules: "RulesString",
668
676
  # type: "STATELESS", # required, accepts STATELESS, STATEFUL
@@ -1658,8 +1666,13 @@ module Aws::NetworkFirewall
1658
1666
  # stateful_rule_group_references: [
1659
1667
  # {
1660
1668
  # resource_arn: "ResourceArn", # required
1669
+ # priority: 1,
1661
1670
  # },
1662
1671
  # ],
1672
+ # stateful_default_actions: ["CollectionMember_String"],
1673
+ # stateful_engine_options: {
1674
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
1675
+ # },
1663
1676
  # }
1664
1677
  #
1665
1678
  # @!attribute [rw] stateless_rule_group_references
@@ -1709,10 +1722,22 @@ module Aws::NetworkFirewall
1709
1722
  # @return [Array<Types::CustomAction>]
1710
1723
  #
1711
1724
  # @!attribute [rw] stateful_rule_group_references
1712
- # References to the stateless rule groups that are used in the policy.
1725
+ # References to the stateful rule groups that are used in the policy.
1713
1726
  # These define the inspection criteria in stateful rules.
1714
1727
  # @return [Array<Types::StatefulRuleGroupReference>]
1715
1728
  #
1729
+ # @!attribute [rw] stateful_default_actions
1730
+ # The default actions to take on a packet that doesn't match any
1731
+ # stateful rules.
1732
+ # @return [Array<String>]
1733
+ #
1734
+ # @!attribute [rw] stateful_engine_options
1735
+ # Additional options governing how Network Firewall handles stateful
1736
+ # rules. The stateful rule groups that you use in your policy must
1737
+ # have stateful rule options settings that are compatible with these
1738
+ # settings.
1739
+ # @return [Types::StatefulEngineOptions]
1740
+ #
1716
1741
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicy AWS API Documentation
1717
1742
  #
1718
1743
  class FirewallPolicy < Struct.new(
@@ -1720,7 +1745,9 @@ module Aws::NetworkFirewall
1720
1745
  :stateless_default_actions,
1721
1746
  :stateless_fragment_default_actions,
1722
1747
  :stateless_custom_actions,
1723
- :stateful_rule_group_references)
1748
+ :stateful_rule_group_references,
1749
+ :stateful_default_actions,
1750
+ :stateful_engine_options)
1724
1751
  SENSITIVE = []
1725
1752
  include Aws::Structure
1726
1753
  end
@@ -1785,6 +1812,21 @@ module Aws::NetworkFirewall
1785
1812
  # The key:value pairs to associate with the resource.
1786
1813
  # @return [Array<Types::Tag>]
1787
1814
  #
1815
+ # @!attribute [rw] consumed_stateless_rule_capacity
1816
+ # The number of capacity units currently consumed by the policy's
1817
+ # stateless rules.
1818
+ # @return [Integer]
1819
+ #
1820
+ # @!attribute [rw] consumed_stateful_rule_capacity
1821
+ # The number of capacity units currently consumed by the policy's
1822
+ # stateful rules.
1823
+ # @return [Integer]
1824
+ #
1825
+ # @!attribute [rw] number_of_associations
1826
+ # The number of firewalls that are associated with this firewall
1827
+ # policy.
1828
+ # @return [Integer]
1829
+ #
1788
1830
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicyResponse AWS API Documentation
1789
1831
  #
1790
1832
  class FirewallPolicyResponse < Struct.new(
@@ -1793,7 +1835,10 @@ module Aws::NetworkFirewall
1793
1835
  :firewall_policy_id,
1794
1836
  :description,
1795
1837
  :firewall_policy_status,
1796
- :tags)
1838
+ :tags,
1839
+ :consumed_stateless_rule_capacity,
1840
+ :consumed_stateful_rule_capacity,
1841
+ :number_of_associations)
1797
1842
  SENSITIVE = []
1798
1843
  include Aws::Structure
1799
1844
  end
@@ -1846,9 +1891,9 @@ module Aws::NetworkFirewall
1846
1891
  include Aws::Structure
1847
1892
  end
1848
1893
 
1849
- # The 5-tuple criteria for AWS Network Firewall to use to inspect packet
1850
- # headers in stateful traffic flow inspection. Traffic flows that match
1851
- # the criteria are a match for the corresponding StatefulRule.
1894
+ # The basic rule criteria for AWS Network Firewall to use to inspect
1895
+ # packet headers in stateful traffic flow inspection. Traffic flows that
1896
+ # match the criteria are a match for the corresponding StatefulRule.
1852
1897
  #
1853
1898
  # @note When making an API call, you may pass Header
1854
1899
  # data as a hash:
@@ -1894,7 +1939,7 @@ module Aws::NetworkFirewall
1894
1939
  # @!attribute [rw] source_port
1895
1940
  # The source port to inspect for. You can specify an individual port,
1896
1941
  # for example `1994` and you can specify a port range, for example
1897
- # `1990-1994`. To match with any port, specify `ANY`.
1942
+ # `1990:1994`. To match with any port, specify `ANY`.
1898
1943
  # @return [String]
1899
1944
  #
1900
1945
  # @!attribute [rw] direction
@@ -1932,7 +1977,7 @@ module Aws::NetworkFirewall
1932
1977
  # @!attribute [rw] destination_port
1933
1978
  # The destination port to inspect for. You can specify an individual
1934
1979
  # port, for example `1994` and you can specify a port range, for
1935
- # example `1990-1994`. To match with any port, specify `ANY`.
1980
+ # example `1990:1994`. To match with any port, specify `ANY`.
1936
1981
  # @return [String]
1937
1982
  #
1938
1983
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Header AWS API Documentation
@@ -2034,6 +2079,8 @@ module Aws::NetworkFirewall
2034
2079
  include Aws::Structure
2035
2080
  end
2036
2081
 
2082
+ # The policy statement failed validation.
2083
+ #
2037
2084
  # @!attribute [rw] message
2038
2085
  # @return [String]
2039
2086
  #
@@ -2475,7 +2522,7 @@ module Aws::NetworkFirewall
2475
2522
  # 17 (UDP).
2476
2523
  #
2477
2524
  # You can specify individual ports, for example `1994` and you can
2478
- # specify port ranges, for example `1990-1994`.
2525
+ # specify port ranges, for example `1990:1994`.
2479
2526
  # @return [Array<Types::PortRange>]
2480
2527
  #
2481
2528
  # @!attribute [rw] destination_ports
@@ -2484,7 +2531,7 @@ module Aws::NetworkFirewall
2484
2531
  # (TCP) and 17 (UDP).
2485
2532
  #
2486
2533
  # You can specify individual ports, for example `1994` and you can
2487
- # specify port ranges, for example `1990-1994`.
2534
+ # specify port ranges, for example `1990:1994`.
2488
2535
  # @return [Array<Types::PortRange>]
2489
2536
  #
2490
2537
  # @!attribute [rw] protocols
@@ -2687,6 +2734,8 @@ module Aws::NetworkFirewall
2687
2734
  include Aws::Structure
2688
2735
  end
2689
2736
 
2737
+ # Unable to change the resource because your account doesn't own it.
2738
+ #
2690
2739
  # @!attribute [rw] message
2691
2740
  # @return [String]
2692
2741
  #
@@ -2907,6 +2956,9 @@ module Aws::NetworkFirewall
2907
2956
  # ],
2908
2957
  # },
2909
2958
  # },
2959
+ # stateful_rule_options: {
2960
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
2961
+ # },
2910
2962
  # }
2911
2963
  #
2912
2964
  # @!attribute [rw] rule_variables
@@ -2918,11 +2970,19 @@ module Aws::NetworkFirewall
2918
2970
  # The stateful rules or stateless rules for the rule group.
2919
2971
  # @return [Types::RulesSource]
2920
2972
  #
2973
+ # @!attribute [rw] stateful_rule_options
2974
+ # Additional options governing how Network Firewall handles stateful
2975
+ # rules. The policies where you use your stateful rule group must have
2976
+ # stateful rule options settings that are compatible with these
2977
+ # settings.
2978
+ # @return [Types::StatefulRuleOptions]
2979
+ #
2921
2980
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroup AWS API Documentation
2922
2981
  #
2923
2982
  class RuleGroup < Struct.new(
2924
2983
  :rule_variables,
2925
- :rules_source)
2984
+ :rules_source,
2985
+ :stateful_rule_options)
2926
2986
  SENSITIVE = []
2927
2987
  include Aws::Structure
2928
2988
  end
@@ -3002,6 +3062,15 @@ module Aws::NetworkFirewall
3002
3062
  # The key:value pairs to associate with the resource.
3003
3063
  # @return [Array<Types::Tag>]
3004
3064
  #
3065
+ # @!attribute [rw] consumed_capacity
3066
+ # The number of capacity units currently consumed by the rule group
3067
+ # rules.
3068
+ # @return [Integer]
3069
+ #
3070
+ # @!attribute [rw] number_of_associations
3071
+ # The number of firewall policies that use this rule group.
3072
+ # @return [Integer]
3073
+ #
3005
3074
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroupResponse AWS API Documentation
3006
3075
  #
3007
3076
  class RuleGroupResponse < Struct.new(
@@ -3012,7 +3081,9 @@ module Aws::NetworkFirewall
3012
3081
  :type,
3013
3082
  :capacity,
3014
3083
  :rule_group_status,
3015
- :tags)
3084
+ :tags,
3085
+ :consumed_capacity,
3086
+ :number_of_associations)
3016
3087
  SENSITIVE = []
3017
3088
  include Aws::Structure
3018
3089
  end
@@ -3185,9 +3256,15 @@ module Aws::NetworkFirewall
3185
3256
  # @return [Types::RulesSourceList]
3186
3257
  #
3187
3258
  # @!attribute [rw] stateful_rules
3188
- # The 5-tuple stateful inspection criteria. This contains an array of
3189
- # individual 5-tuple stateful rules to be used together in a stateful
3190
- # rule group.
3259
+ # An array of individual stateful rules inspection criteria to be used
3260
+ # together in a stateful rule group. Use this option to specify simple
3261
+ # Suricata rules with protocol, source and destination, ports,
3262
+ # direction, and rule options. For information about the Suricata
3263
+ # `Rules` format, see [Rules Format][1].
3264
+ #
3265
+ #
3266
+ #
3267
+ # [1]: https://suricata.readthedocs.io/en/suricata-5.0.0/rules/intro.html#
3191
3268
  # @return [Array<Types::StatefulRule>]
3192
3269
  #
3193
3270
  # @!attribute [rw] stateless_rules_and_custom_actions
@@ -3216,7 +3293,7 @@ module Aws::NetworkFirewall
3216
3293
  # `HOME_NET` rule variable to include the CIDR range of the deployment
3217
3294
  # VPC plus the other CIDR ranges. For more information, see
3218
3295
  # RuleVariables in this guide and [Stateful domain list rule groups in
3219
- # AWS Network Firewall][1] in the *Network Firewall Developer Guide*
3296
+ # AWS Network Firewall][1] in the *Network Firewall Developer Guide*.
3220
3297
  #
3221
3298
  #
3222
3299
  #
@@ -3247,7 +3324,7 @@ module Aws::NetworkFirewall
3247
3324
  #
3248
3325
  # @!attribute [rw] target_types
3249
3326
  # The protocols you want to inspect. Specify `TLS_SNI` for `HTTPS`.
3250
- # Specity `HTTP_HOST` for `HTTP`. You can specify either or both.
3327
+ # Specify `HTTP_HOST` for `HTTP`. You can specify either or both.
3251
3328
  # @return [Array<String>]
3252
3329
  #
3253
3330
  # @!attribute [rw] generated_rules_type
@@ -3265,7 +3342,44 @@ module Aws::NetworkFirewall
3265
3342
  include Aws::Structure
3266
3343
  end
3267
3344
 
3268
- # A single 5-tuple stateful rule, for use in a stateful rule group.
3345
+ # Configuration settings for the handling of the stateful rule groups in
3346
+ # a firewall policy.
3347
+ #
3348
+ # @note When making an API call, you may pass StatefulEngineOptions
3349
+ # data as a hash:
3350
+ #
3351
+ # {
3352
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
3353
+ # }
3354
+ #
3355
+ # @!attribute [rw] rule_order
3356
+ # Indicates how to manage the order of stateful rule evaluation for
3357
+ # the policy. By default, Network Firewall leaves the rule evaluation
3358
+ # order up to the Suricata rule processing engine. If you set this to
3359
+ # `STRICT_ORDER`, your rules are evaluated in the exact order that you
3360
+ # provide them in the policy. With strict ordering, the rule groups
3361
+ # are evaluated by order of priority, starting from the lowest number,
3362
+ # and the rules in each rule group are processed in the order that
3363
+ # they're defined.
3364
+ # @return [String]
3365
+ #
3366
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulEngineOptions AWS API Documentation
3367
+ #
3368
+ class StatefulEngineOptions < Struct.new(
3369
+ :rule_order)
3370
+ SENSITIVE = []
3371
+ include Aws::Structure
3372
+ end
3373
+
3374
+ # A single Suricata rules specification, for use in a stateful rule
3375
+ # group. Use this option to specify a simple Suricata rule with
3376
+ # protocol, source and destination, ports, direction, and rule options.
3377
+ # For information about the Suricata `Rules` format, see [Rules
3378
+ # Format][1].
3379
+ #
3380
+ #
3381
+ #
3382
+ # [1]: https://suricata.readthedocs.io/en/suricata-5.0.0/rules/intro.html#
3269
3383
  #
3270
3384
  # @note When making an API call, you may pass StatefulRule
3271
3385
  # data as a hash:
@@ -3313,11 +3427,13 @@ module Aws::NetworkFirewall
3313
3427
  # @return [String]
3314
3428
  #
3315
3429
  # @!attribute [rw] header
3316
- # The stateful 5-tuple inspection criteria for this rule, used to
3317
- # inspect traffic flows.
3430
+ # The stateful inspection criteria for this rule, used to inspect
3431
+ # traffic flows.
3318
3432
  # @return [Types::Header]
3319
3433
  #
3320
3434
  # @!attribute [rw] rule_options
3435
+ # Additional options for the rule. These are the Suricata
3436
+ # `RuleOptions` settings.
3321
3437
  # @return [Array<Types::RuleOption>]
3322
3438
  #
3323
3439
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRule AWS API Documentation
@@ -3338,16 +3454,61 @@ module Aws::NetworkFirewall
3338
3454
  #
3339
3455
  # {
3340
3456
  # resource_arn: "ResourceArn", # required
3457
+ # priority: 1,
3341
3458
  # }
3342
3459
  #
3343
3460
  # @!attribute [rw] resource_arn
3344
3461
  # The Amazon Resource Name (ARN) of the stateful rule group.
3345
3462
  # @return [String]
3346
3463
  #
3464
+ # @!attribute [rw] priority
3465
+ # An integer setting that indicates the order in which to run the
3466
+ # stateful rule groups in a single FirewallPolicy. This setting only
3467
+ # applies to firewall policies that specify the `STRICT_ORDER` rule
3468
+ # order in the stateful engine options settings.
3469
+ #
3470
+ # Network Firewall evalutes each stateful rule group against a packet
3471
+ # starting with the group that has the lowest priority setting. You
3472
+ # must ensure that the priority settings are unique within each
3473
+ # policy.
3474
+ #
3475
+ # You can change the priority settings of your rule groups at any
3476
+ # time. To make it easier to insert rule groups later, number them so
3477
+ # there's a wide range in between, for example use 100, 200, and so
3478
+ # on.
3479
+ # @return [Integer]
3480
+ #
3347
3481
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleGroupReference AWS API Documentation
3348
3482
  #
3349
3483
  class StatefulRuleGroupReference < Struct.new(
3350
- :resource_arn)
3484
+ :resource_arn,
3485
+ :priority)
3486
+ SENSITIVE = []
3487
+ include Aws::Structure
3488
+ end
3489
+
3490
+ # Additional options governing how Network Firewall handles the rule
3491
+ # group. You can only use these for stateful rule groups.
3492
+ #
3493
+ # @note When making an API call, you may pass StatefulRuleOptions
3494
+ # data as a hash:
3495
+ #
3496
+ # {
3497
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
3498
+ # }
3499
+ #
3500
+ # @!attribute [rw] rule_order
3501
+ # Indicates how to manage the order of the rule evaluation for the
3502
+ # rule group. By default, Network Firewall leaves the rule evaluation
3503
+ # order up to the Suricata rule processing engine. If you set this to
3504
+ # `STRICT_ORDER`, your rules are evaluated in the exact order that
3505
+ # they're listed in your Suricata rules string.
3506
+ # @return [String]
3507
+ #
3508
+ # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleOptions AWS API Documentation
3509
+ #
3510
+ class StatefulRuleOptions < Struct.new(
3511
+ :rule_order)
3351
3512
  SENSITIVE = []
3352
3513
  include Aws::Structure
3353
3514
  end
@@ -3402,11 +3563,11 @@ module Aws::NetworkFirewall
3402
3563
  # @return [Types::RuleDefinition]
3403
3564
  #
3404
3565
  # @!attribute [rw] priority
3405
- # A setting that indicates the order in which to run this rule
3406
- # relative to all of the rules that are defined for a stateless rule
3407
- # group. Network Firewall evaluates the rules in a rule group starting
3408
- # with the lowest priority setting. You must ensure that the priority
3409
- # settings are unique for the rule group.
3566
+ # Indicates the order in which to run this rule relative to all of the
3567
+ # rules that are defined for a stateless rule group. Network Firewall
3568
+ # evaluates the rules in a rule group starting with the lowest
3569
+ # priority setting. You must ensure that the priority settings are
3570
+ # unique for the rule group.
3410
3571
  #
3411
3572
  # Each stateless rule group uses exactly one
3412
3573
  # `StatelessRulesAndCustomActions` object, and each
@@ -4127,8 +4288,13 @@ module Aws::NetworkFirewall
4127
4288
  # stateful_rule_group_references: [
4128
4289
  # {
4129
4290
  # resource_arn: "ResourceArn", # required
4291
+ # priority: 1,
4130
4292
  # },
4131
4293
  # ],
4294
+ # stateful_default_actions: ["CollectionMember_String"],
4295
+ # stateful_engine_options: {
4296
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
4297
+ # },
4132
4298
  # },
4133
4299
  # description: "Description",
4134
4300
  # dry_run: false,
@@ -4400,6 +4566,9 @@ module Aws::NetworkFirewall
4400
4566
  # ],
4401
4567
  # },
4402
4568
  # },
4569
+ # stateful_rule_options: {
4570
+ # rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
4571
+ # },
4403
4572
  # },
4404
4573
  # rules: "RulesString",
4405
4574
  # type: "STATELESS", # accepts STATELESS, STATEFUL
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
48
48
  # @!group service
49
49
  module Aws::NetworkFirewall
50
50
 
51
- GEM_VERSION = '1.6.0'
51
+ GEM_VERSION = '1.10.0'
52
52
 
53
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-networkfirewall
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.0
4
+ version: 1.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-07-30 00:00:00.000000000 Z
11
+ date: 2021-11-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
19
19
  version: '3'
20
20
  - - ">="
21
21
  - !ruby/object:Gem::Version
22
- version: 3.119.0
22
+ version: 3.122.0
23
23
  type: :runtime
24
24
  prerelease: false
25
25
  version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
29
29
  version: '3'
30
30
  - - ">="
31
31
  - !ruby/object:Gem::Version
32
- version: 3.119.0
32
+ version: 3.122.0
33
33
  - !ruby/object:Gem::Dependency
34
34
  name: aws-sigv4
35
35
  requirement: !ruby/object:Gem::Requirement
@@ -76,7 +76,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
76
76
  requirements:
77
77
  - - ">="
78
78
  - !ruby/object:Gem::Version
79
- version: '0'
79
+ version: '2.3'
80
80
  required_rubygems_version: !ruby/object:Gem::Requirement
81
81
  requirements:
82
82
  - - ">="