RubyGems - aws-sdk-networkfirewall - Versions diffs - 1.61.0 → 1.63.0 - Mend

aws-sdk-networkfirewall 1.61.0 → 1.63.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +10 -0
data/VERSION +1 -1
data/lib/aws-sdk-networkfirewall/client.rb +657 -5
data/lib/aws-sdk-networkfirewall/client_api.rb +360 -2
data/lib/aws-sdk-networkfirewall/types.rb +1024 -21
data/lib/aws-sdk-networkfirewall.rb +1 -1
data/sig/client.rbs +175 -3
data/sig/types.rbs +212 -0
metadata +2 -2

data/lib/aws-sdk-networkfirewall/client.rb CHANGED Viewed

@@ -655,6 +655,9 @@ module Aws::NetworkFirewall
     # To retrieve information about firewalls, use ListFirewalls and
     # DescribeFirewall.
     #
+    # To generate a report on the last 30 days of traffic monitored by a
+    # firewall, use StartAnalysisReport.
+    #
     # @option params [required, String] :firewall_name
     #   The descriptive name of the firewall. You can't change the name of a
     #   firewall after you create it.
@@ -663,13 +666,13 @@ module Aws::NetworkFirewall
     #   The Amazon Resource Name (ARN) of the FirewallPolicy that you want to
     #   use for the firewall.
     #
-    # @option params [required, String] :vpc_id
+    # @option params [String] :vpc_id
     #   The unique identifier of the VPC where Network Firewall should create
     #   the firewall.
     #
     #   You can't change this setting after you create the firewall.
     #
-    # @option params [required, Array<Types::SubnetMapping>] :subnet_mappings
+    # @option params [Array<Types::SubnetMapping>] :subnet_mappings
     #   The public subnets to use for your Network Firewall firewalls. Each
     #   subnet must belong to a different Availability Zone in the VPC.
     #   Network Firewall creates a firewall endpoint in each subnet.
@@ -705,6 +708,10 @@ module Aws::NetworkFirewall
     #   A complex type that contains settings for encryption of your firewall
     #   resources.
     #
+    # @option params [Array<String>] :enabled_analysis_types
+    #   An optional setting indicating the specific traffic analysis types to
+    #   enable on the firewall.
+    #
     # @return [Types::CreateFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateFirewallResponse#firewall #firewall} => Types::Firewall
@@ -715,8 +722,8 @@ module Aws::NetworkFirewall
     #   resp = client.create_firewall({
     #     firewall_name: "ResourceName", # required
     #     firewall_policy_arn: "ResourceArn", # required
-    #     vpc_id: "VpcId", # required
-    #     subnet_mappings: [ # required
+    #     vpc_id: "VpcId",
+    #     subnet_mappings: [
     #       {
     #         subnet_id: "CollectionMember_String", # required
     #         ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4, IPV6
@@ -736,6 +743,7 @@ module Aws::NetworkFirewall
     #       key_id: "KeyId",
     #       type: "CUSTOMER_KMS", # required, accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
     #     },
+    #     enabled_analysis_types: ["TLS_SNI"], # accepts TLS_SNI, HTTP_HOST
     #   })
     #
     # @example Response structure
@@ -757,6 +765,8 @@ module Aws::NetworkFirewall
     #   resp.firewall.tags[0].value #=> String
     #   resp.firewall.encryption_configuration.key_id #=> String
     #   resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.firewall.enabled_analysis_types #=> Array
+    #   resp.firewall.enabled_analysis_types[0] #=> String, one of "TLS_SNI", "HTTP_HOST"
     #   resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
     #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
     #   resp.firewall_status.sync_states #=> Hash
@@ -1453,6 +1463,8 @@ module Aws::NetworkFirewall
     #   resp.firewall.tags[0].value #=> String
     #   resp.firewall.encryption_configuration.key_id #=> String
     #   resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.firewall.enabled_analysis_types #=> Array
+    #   resp.firewall.enabled_analysis_types[0] #=> String, one of "TLS_SNI", "HTTP_HOST"
     #   resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
     #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
     #   resp.firewall_status.sync_states #=> Hash
@@ -1724,6 +1736,8 @@ module Aws::NetworkFirewall
     #   resp.firewall.tags[0].value #=> String
     #   resp.firewall.encryption_configuration.key_id #=> String
     #   resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #   resp.firewall.enabled_analysis_types #=> Array
+    #   resp.firewall.enabled_analysis_types[0] #=> String, one of "TLS_SNI", "HTTP_HOST"
     #   resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
     #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
     #   resp.firewall_status.sync_states #=> Hash
@@ -1825,6 +1839,69 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
+    # Returns key information about a specific flow operation.
+    #
+    # @option params [required, String] :firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    # @option params [String] :availability_zone
+    #   The ID of the Availability Zone where the firewall is located. For
+    #   example, `us-east-2a`.
+    #
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #
+    # @option params [required, String] :flow_operation_id
+    #   A unique identifier for the flow operation. This ID is returned in the
+    #   responses to start and list commands. You provide to describe
+    #   commands.
+    #
+    # @return [Types::DescribeFlowOperationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeFlowOperationResponse#firewall_arn #firewall_arn} => String
+    #   * {Types::DescribeFlowOperationResponse#availability_zone #availability_zone} => String
+    #   * {Types::DescribeFlowOperationResponse#flow_operation_id #flow_operation_id} => String
+    #   * {Types::DescribeFlowOperationResponse#flow_operation_type #flow_operation_type} => String
+    #   * {Types::DescribeFlowOperationResponse#flow_operation_status #flow_operation_status} => String
+    #   * {Types::DescribeFlowOperationResponse#status_message #status_message} => String
+    #   * {Types::DescribeFlowOperationResponse#flow_request_timestamp #flow_request_timestamp} => Time
+    #   * {Types::DescribeFlowOperationResponse#flow_operation #flow_operation} => Types::FlowOperation
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_flow_operation({
+    #     firewall_arn: "ResourceArn", # required
+    #     availability_zone: "AvailabilityZone",
+    #     flow_operation_id: "FlowOperationId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_arn #=> String
+    #   resp.availability_zone #=> String
+    #   resp.flow_operation_id #=> String
+    #   resp.flow_operation_type #=> String, one of "FLOW_FLUSH", "FLOW_CAPTURE"
+    #   resp.flow_operation_status #=> String, one of "COMPLETED", "IN_PROGRESS", "FAILED", "COMPLETED_WITH_ERRORS"
+    #   resp.status_message #=> String
+    #   resp.flow_request_timestamp #=> Time
+    #   resp.flow_operation.minimum_flow_age_in_seconds #=> Integer
+    #   resp.flow_operation.flow_filters #=> Array
+    #   resp.flow_operation.flow_filters[0].source_address.address_definition #=> String
+    #   resp.flow_operation.flow_filters[0].destination_address.address_definition #=> String
+    #   resp.flow_operation.flow_filters[0].source_port #=> String
+    #   resp.flow_operation.flow_filters[0].destination_port #=> String
+    #   resp.flow_operation.flow_filters[0].protocols #=> Array
+    #   resp.flow_operation.flow_filters[0].protocols[0] #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFlowOperation AWS API Documentation
+    #
+    # @overload describe_flow_operation(params = {})
+    # @param [Hash] params ({})
+    def describe_flow_operation(params = {}, options = {})
+      req = build_request(:describe_flow_operation, params)
+      req.send_request(options)
+    end
     # Returns the logging configuration for the specified firewall.
     #
     # @option params [String] :firewall_arn
@@ -2244,6 +2321,147 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
+    # The results of a `COMPLETED` analysis report generated with
+    # StartAnalysisReport.
+    #
+    # For more information, see AnalysisTypeReportResult.
+    #
+    # @option params [String] :firewall_name
+    #   The descriptive name of the firewall. You can't change the name of a
+    #   firewall after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #
+    # @option params [required, String] :analysis_report_id
+    #   The unique ID of the query that ran when you requested an analysis
+    #   report.
+    #
+    # @option params [String] :firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #
+    # @option params [String] :next_token
+    #   When you request a list of objects with a `MaxResults` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   maximum you requested, Network Firewall returns a `NextToken` value in
+    #   the response. To retrieve the next batch of objects, use the token
+    #   returned from the prior request in your next request.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Network Firewall to return
+    #   for this request. If more objects are available, in the response,
+    #   Network Firewall provides a `NextToken` value that you can use in a
+    #   subsequent call to get the next batch of objects.
+    #
+    # @return [Types::GetAnalysisReportResultsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetAnalysisReportResultsResponse#status #status} => String
+    #   * {Types::GetAnalysisReportResultsResponse#start_time #start_time} => Time
+    #   * {Types::GetAnalysisReportResultsResponse#end_time #end_time} => Time
+    #   * {Types::GetAnalysisReportResultsResponse#report_time #report_time} => Time
+    #   * {Types::GetAnalysisReportResultsResponse#analysis_type #analysis_type} => String
+    #   * {Types::GetAnalysisReportResultsResponse#next_token #next_token} => String
+    #   * {Types::GetAnalysisReportResultsResponse#analysis_report_results #analysis_report_results} => Array&lt;Types::AnalysisTypeReportResult&gt;
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_analysis_report_results({
+    #     firewall_name: "ResourceName",
+    #     analysis_report_id: "AnalysisReportId", # required
+    #     firewall_arn: "ResourceArn",
+    #     next_token: "AnalysisReportNextToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.status #=> String
+    #   resp.start_time #=> Time
+    #   resp.end_time #=> Time
+    #   resp.report_time #=> Time
+    #   resp.analysis_type #=> String, one of "TLS_SNI", "HTTP_HOST"
+    #   resp.next_token #=> String
+    #   resp.analysis_report_results #=> Array
+    #   resp.analysis_report_results[0].protocol #=> String
+    #   resp.analysis_report_results[0].first_accessed #=> Time
+    #   resp.analysis_report_results[0].last_accessed #=> Time
+    #   resp.analysis_report_results[0].domain #=> String
+    #   resp.analysis_report_results[0].hits.count #=> Integer
+    #   resp.analysis_report_results[0].unique_sources.count #=> Integer
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/GetAnalysisReportResults AWS API Documentation
+    #
+    # @overload get_analysis_report_results(params = {})
+    # @param [Hash] params ({})
+    def get_analysis_report_results(params = {}, options = {})
+      req = build_request(:get_analysis_report_results, params)
+      req.send_request(options)
+    end
+    # Returns a list of all traffic analysis reports generated within the
+    # last 30 days.
+    #
+    # @option params [String] :firewall_name
+    #   The descriptive name of the firewall. You can't change the name of a
+    #   firewall after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #
+    # @option params [String] :firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #
+    # @option params [String] :next_token
+    #   When you request a list of objects with a `MaxResults` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   maximum you requested, Network Firewall returns a `NextToken` value in
+    #   the response. To retrieve the next batch of objects, use the token
+    #   returned from the prior request in your next request.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Network Firewall to return
+    #   for this request. If more objects are available, in the response,
+    #   Network Firewall provides a `NextToken` value that you can use in a
+    #   subsequent call to get the next batch of objects.
+    #
+    # @return [Types::ListAnalysisReportsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListAnalysisReportsResponse#analysis_reports #analysis_reports} => Array&lt;Types::AnalysisReport&gt;
+    #   * {Types::ListAnalysisReportsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_analysis_reports({
+    #     firewall_name: "ResourceName",
+    #     firewall_arn: "ResourceArn",
+    #     next_token: "PaginationToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.analysis_reports #=> Array
+    #   resp.analysis_reports[0].analysis_report_id #=> String
+    #   resp.analysis_reports[0].analysis_type #=> String, one of "TLS_SNI", "HTTP_HOST"
+    #   resp.analysis_reports[0].report_time #=> Time
+    #   resp.analysis_reports[0].status #=> String
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListAnalysisReports AWS API Documentation
+    #
+    # @overload list_analysis_reports(params = {})
+    # @param [Hash] params ({})
+    def list_analysis_reports(params = {}, options = {})
+      req = build_request(:list_analysis_reports, params)
+      req.send_request(options)
+    end
     # Retrieves the metadata for the firewall policies that you have
     # defined. Depending on your setting for max results and the number of
     # firewall policies, a single call might not return the full list.
@@ -2347,6 +2565,170 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
+    # Returns the results of a specific flow operation.
+    #
+    # Flow operations let you manage the flows tracked in the flow table,
+    # also known as the firewall table.
+    #
+    # A flow is network traffic that is monitored by a firewall, either by
+    # stateful or stateless rules. For traffic to be considered part of a
+    # flow, it must share Destination, DestinationPort, Direction, Protocol,
+    # Source, and SourcePort.
+    #
+    # @option params [required, String] :firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    # @option params [required, String] :flow_operation_id
+    #   A unique identifier for the flow operation. This ID is returned in the
+    #   responses to start and list commands. You provide to describe
+    #   commands.
+    #
+    # @option params [String] :next_token
+    #   When you request a list of objects with a `MaxResults` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   maximum you requested, Network Firewall returns a `NextToken` value in
+    #   the response. To retrieve the next batch of objects, use the token
+    #   returned from the prior request in your next request.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Network Firewall to return
+    #   for this request. If more objects are available, in the response,
+    #   Network Firewall provides a `NextToken` value that you can use in a
+    #   subsequent call to get the next batch of objects.
+    #
+    # @option params [String] :availability_zone
+    #   The ID of the Availability Zone where the firewall is located. For
+    #   example, `us-east-2a`.
+    #
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #
+    # @return [Types::ListFlowOperationResultsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFlowOperationResultsResponse#firewall_arn #firewall_arn} => String
+    #   * {Types::ListFlowOperationResultsResponse#availability_zone #availability_zone} => String
+    #   * {Types::ListFlowOperationResultsResponse#flow_operation_id #flow_operation_id} => String
+    #   * {Types::ListFlowOperationResultsResponse#flow_operation_status #flow_operation_status} => String
+    #   * {Types::ListFlowOperationResultsResponse#status_message #status_message} => String
+    #   * {Types::ListFlowOperationResultsResponse#flow_request_timestamp #flow_request_timestamp} => Time
+    #   * {Types::ListFlowOperationResultsResponse#flows #flows} => Array&lt;Types::Flow&gt;
+    #   * {Types::ListFlowOperationResultsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_flow_operation_results({
+    #     firewall_arn: "ResourceArn", # required
+    #     flow_operation_id: "FlowOperationId", # required
+    #     next_token: "PaginationToken",
+    #     max_results: 1,
+    #     availability_zone: "AvailabilityZone",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_arn #=> String
+    #   resp.availability_zone #=> String
+    #   resp.flow_operation_id #=> String
+    #   resp.flow_operation_status #=> String, one of "COMPLETED", "IN_PROGRESS", "FAILED", "COMPLETED_WITH_ERRORS"
+    #   resp.status_message #=> String
+    #   resp.flow_request_timestamp #=> Time
+    #   resp.flows #=> Array
+    #   resp.flows[0].source_address.address_definition #=> String
+    #   resp.flows[0].destination_address.address_definition #=> String
+    #   resp.flows[0].source_port #=> String
+    #   resp.flows[0].destination_port #=> String
+    #   resp.flows[0].protocol #=> String
+    #   resp.flows[0].age #=> Integer
+    #   resp.flows[0].packet_count #=> Integer
+    #   resp.flows[0].byte_count #=> Integer
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListFlowOperationResults AWS API Documentation
+    #
+    # @overload list_flow_operation_results(params = {})
+    # @param [Hash] params ({})
+    def list_flow_operation_results(params = {}, options = {})
+      req = build_request(:list_flow_operation_results, params)
+      req.send_request(options)
+    end
+    # Returns a list of all flow operations ran in a specific firewall. You
+    # can optionally narrow the request scope by specifying the operation
+    # type or Availability Zone associated with a firewall's flow
+    # operations.
+    #
+    # Flow operations let you manage the flows tracked in the flow table,
+    # also known as the firewall table.
+    #
+    # A flow is network traffic that is monitored by a firewall, either by
+    # stateful or stateless rules. For traffic to be considered part of a
+    # flow, it must share Destination, DestinationPort, Direction, Protocol,
+    # Source, and SourcePort.
+    #
+    # @option params [required, String] :firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    # @option params [String] :availability_zone
+    #   The ID of the Availability Zone where the firewall is located. For
+    #   example, `us-east-2a`.
+    #
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #
+    # @option params [String] :flow_operation_type
+    #   An optional string that defines whether any or all operation types are
+    #   returned.
+    #
+    # @option params [String] :next_token
+    #   When you request a list of objects with a `MaxResults` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   maximum you requested, Network Firewall returns a `NextToken` value in
+    #   the response. To retrieve the next batch of objects, use the token
+    #   returned from the prior request in your next request.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of objects that you want Network Firewall to return
+    #   for this request. If more objects are available, in the response,
+    #   Network Firewall provides a `NextToken` value that you can use in a
+    #   subsequent call to get the next batch of objects.
+    #
+    # @return [Types::ListFlowOperationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListFlowOperationsResponse#flow_operations #flow_operations} => Array&lt;Types::FlowOperationMetadata&gt;
+    #   * {Types::ListFlowOperationsResponse#next_token #next_token} => String
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_flow_operations({
+    #     firewall_arn: "ResourceArn", # required
+    #     availability_zone: "AvailabilityZone",
+    #     flow_operation_type: "FLOW_FLUSH", # accepts FLOW_FLUSH, FLOW_CAPTURE
+    #     next_token: "PaginationToken",
+    #     max_results: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.flow_operations #=> Array
+    #   resp.flow_operations[0].flow_operation_id #=> String
+    #   resp.flow_operations[0].flow_operation_type #=> String, one of "FLOW_FLUSH", "FLOW_CAPTURE"
+    #   resp.flow_operations[0].flow_request_timestamp #=> Time
+    #   resp.flow_operations[0].flow_operation_status #=> String, one of "COMPLETED", "IN_PROGRESS", "FAILED", "COMPLETED_WITH_ERRORS"
+    #   resp.next_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListFlowOperations AWS API Documentation
+    #
+    # @overload list_flow_operations(params = {})
+    # @param [Hash] params ({})
+    def list_flow_operations(params = {}, options = {})
+      req = build_request(:list_flow_operations, params)
+      req.send_request(options)
+    end
     # Retrieves the metadata for the rule groups that you have defined.
     # Depending on your setting for max results and the number of rule
     # groups, a single call might not return the full list.
@@ -2593,6 +2975,206 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
+    # Generates a traffic analysis report for the timeframe and traffic type
+    # you specify.
+    #
+    # For information on the contents of a traffic analysis report, see
+    # AnalysisReport.
+    #
+    # @option params [String] :firewall_name
+    #   The descriptive name of the firewall. You can't change the name of a
+    #   firewall after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #
+    # @option params [String] :firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #
+    # @option params [required, String] :analysis_type
+    #   The type of traffic that will be used to generate a report.
+    #
+    # @return [Types::StartAnalysisReportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::StartAnalysisReportResponse#analysis_report_id #analysis_report_id} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.start_analysis_report({
+    #     firewall_name: "ResourceName",
+    #     firewall_arn: "ResourceArn",
+    #     analysis_type: "TLS_SNI", # required, accepts TLS_SNI, HTTP_HOST
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.analysis_report_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StartAnalysisReport AWS API Documentation
+    #
+    # @overload start_analysis_report(params = {})
+    # @param [Hash] params ({})
+    def start_analysis_report(params = {}, options = {})
+      req = build_request(:start_analysis_report, params)
+      req.send_request(options)
+    end
+    # Begins capturing the flows in a firewall, according to the filters you
+    # define. Captures are similar, but not identical to snapshots. Capture
+    # operations provide visibility into flows that are not closed and are
+    # tracked by a firewall's flow table. Unlike snapshots, captures are a
+    # time-boxed view.
+    #
+    # A flow is network traffic that is monitored by a firewall, either by
+    # stateful or stateless rules. For traffic to be considered part of a
+    # flow, it must share Destination, DestinationPort, Direction, Protocol,
+    # Source, and SourcePort.
+    #
+    # <note markdown="1"> To avoid encountering operation limits, you should avoid starting
+    # captures with broad filters, like wide IP ranges. Instead, we
+    # recommend you define more specific criteria with `FlowFilters`, like
+    # narrow IP ranges, ports, or protocols.
+    #
+    #  </note>
+    #
+    # @option params [required, String] :firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    # @option params [String] :availability_zone
+    #   The ID of the Availability Zone where the firewall is located. For
+    #   example, `us-east-2a`.
+    #
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #
+    # @option params [Integer] :minimum_flow_age_in_seconds
+    #   The reqested `FlowOperation` ignores flows with an age (in seconds)
+    #   lower than `MinimumFlowAgeInSeconds`. You provide this for start
+    #   commands.
+    #
+    #   <note markdown="1"> We recommend setting this value to at least 1 minute (60 seconds) to
+    #   reduce chance of capturing flows that are not yet established.
+    #
+    #    </note>
+    #
+    # @option params [required, Array<Types::FlowFilter>] :flow_filters
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #
+    # @return [Types::StartFlowCaptureResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::StartFlowCaptureResponse#firewall_arn #firewall_arn} => String
+    #   * {Types::StartFlowCaptureResponse#flow_operation_id #flow_operation_id} => String
+    #   * {Types::StartFlowCaptureResponse#flow_operation_status #flow_operation_status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.start_flow_capture({
+    #     firewall_arn: "ResourceArn", # required
+    #     availability_zone: "AvailabilityZone",
+    #     minimum_flow_age_in_seconds: 1,
+    #     flow_filters: [ # required
+    #       {
+    #         source_address: {
+    #           address_definition: "AddressDefinition", # required
+    #         },
+    #         destination_address: {
+    #           address_definition: "AddressDefinition", # required
+    #         },
+    #         source_port: "Port",
+    #         destination_port: "Port",
+    #         protocols: ["ProtocolString"],
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_arn #=> String
+    #   resp.flow_operation_id #=> String
+    #   resp.flow_operation_status #=> String, one of "COMPLETED", "IN_PROGRESS", "FAILED", "COMPLETED_WITH_ERRORS"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StartFlowCapture AWS API Documentation
+    #
+    # @overload start_flow_capture(params = {})
+    # @param [Hash] params ({})
+    def start_flow_capture(params = {}, options = {})
+      req = build_request(:start_flow_capture, params)
+      req.send_request(options)
+    end
+    # Begins the flushing of traffic from the firewall, according to the
+    # filters you define. When the operation starts, impacted flows are
+    # temporarily marked as timed out before the Suricata engine prunes, or
+    # flushes, the flows from the firewall table.
+    #
+    # While the flush completes, impacted flows are processed as midstream
+    # traffic. This may result in a temporary increase in midstream traffic
+    # metrics. We recommend that you double check your stream exception
+    # policy before you perform a flush operation.
+    #
+    # @option params [required, String] :firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    # @option params [String] :availability_zone
+    #   The ID of the Availability Zone where the firewall is located. For
+    #   example, `us-east-2a`.
+    #
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #
+    # @option params [Integer] :minimum_flow_age_in_seconds
+    #   The reqested `FlowOperation` ignores flows with an age (in seconds)
+    #   lower than `MinimumFlowAgeInSeconds`. You provide this for start
+    #   commands.
+    #
+    # @option params [required, Array<Types::FlowFilter>] :flow_filters
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #
+    # @return [Types::StartFlowFlushResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::StartFlowFlushResponse#firewall_arn #firewall_arn} => String
+    #   * {Types::StartFlowFlushResponse#flow_operation_id #flow_operation_id} => String
+    #   * {Types::StartFlowFlushResponse#flow_operation_status #flow_operation_status} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.start_flow_flush({
+    #     firewall_arn: "ResourceArn", # required
+    #     availability_zone: "AvailabilityZone",
+    #     minimum_flow_age_in_seconds: 1,
+    #     flow_filters: [ # required
+    #       {
+    #         source_address: {
+    #           address_definition: "AddressDefinition", # required
+    #         },
+    #         destination_address: {
+    #           address_definition: "AddressDefinition", # required
+    #         },
+    #         source_port: "Port",
+    #         destination_port: "Port",
+    #         protocols: ["ProtocolString"],
+    #       },
+    #     ],
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_arn #=> String
+    #   resp.flow_operation_id #=> String
+    #   resp.flow_operation_status #=> String, one of "COMPLETED", "IN_PROGRESS", "FAILED", "COMPLETED_WITH_ERRORS"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StartFlowFlush AWS API Documentation
+    #
+    # @overload start_flow_flush(params = {})
+    # @param [Hash] params ({})
+    def start_flow_flush(params = {}, options = {})
+      req = build_request(:start_flow_flush, params)
+      req.send_request(options)
+    end
     # Adds the specified tags to the specified resource. Tags are key:value
     # pairs that you can use to categorize and manage your resources, for
     # purposes like billing. For example, you might set the tag key to
@@ -2665,6 +3247,76 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
+    # Enables specific types of firewall analysis on a specific firewall you
+    # define.
+    #
+    # @option params [Array<String>] :enabled_analysis_types
+    #   An optional setting indicating the specific traffic analysis types to
+    #   enable on the firewall.
+    #
+    # @option params [String] :firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #
+    # @option params [String] :firewall_name
+    #   The descriptive name of the firewall. You can't change the name of a
+    #   firewall after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #
+    # @option params [String] :update_token
+    #   An optional token that you can use for optimistic locking. Network
+    #   Firewall returns a token to your requests that access the firewall.
+    #   The token marks the state of the firewall resource at the time of the
+    #   request.
+    #
+    #   To make an unconditional change to the firewall, omit the token in
+    #   your update request. Without the token, Network Firewall performs your
+    #   updates regardless of whether the firewall has changed since you last
+    #   retrieved it.
+    #
+    #   To make a conditional change to the firewall, provide the token in
+    #   your update request. Network Firewall uses the token to ensure that
+    #   the firewall hasn't changed since you last retrieved it. If it has
+    #   changed, the operation fails with an `InvalidTokenException`. If this
+    #   happens, retrieve the firewall again to get a current copy of it with
+    #   a new token. Reapply your changes as needed, then try the operation
+    #   again using the new token.
+    #
+    # @return [Types::UpdateFirewallAnalysisSettingsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateFirewallAnalysisSettingsResponse#enabled_analysis_types #enabled_analysis_types} => Array&lt;String&gt;
+    #   * {Types::UpdateFirewallAnalysisSettingsResponse#firewall_arn #firewall_arn} => String
+    #   * {Types::UpdateFirewallAnalysisSettingsResponse#firewall_name #firewall_name} => String
+    #   * {Types::UpdateFirewallAnalysisSettingsResponse#update_token #update_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_firewall_analysis_settings({
+    #     enabled_analysis_types: ["TLS_SNI"], # accepts TLS_SNI, HTTP_HOST
+    #     firewall_arn: "ResourceArn",
+    #     firewall_name: "ResourceName",
+    #     update_token: "UpdateToken",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.enabled_analysis_types #=> Array
+    #   resp.enabled_analysis_types[0] #=> String, one of "TLS_SNI", "HTTP_HOST"
+    #   resp.firewall_arn #=> String
+    #   resp.firewall_name #=> String
+    #   resp.update_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallAnalysisSettings AWS API Documentation
+    #
+    # @overload update_firewall_analysis_settings(params = {})
+    # @param [Hash] params ({})
+    def update_firewall_analysis_settings(params = {}, options = {})
+      req = build_request(:update_firewall_analysis_settings, params)
+      req.send_request(options)
+    end
     # Modifies the flag, `DeleteProtection`, which indicates whether it is
     # possible to delete the firewall. If the flag is set to `TRUE`, the
     # firewall is protected against deletion. This setting helps protect
@@ -3708,7 +4360,7 @@ module Aws::NetworkFirewall
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-networkfirewall'
-      context[:gem_version] = '1.61.0'
+      context[:gem_version] = '1.63.0'
       Seahorse::Client::Request.new(handlers, context)
     end