aws-sdk-networkfirewall 1.61.0 → 1.63.0

data/lib/aws-sdk-networkfirewall/types.rb

@@ -74,6 +74,45 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # A report that captures key activity from the last 30 days of network
+    # traffic monitored by your firewall.
+    #
+    # You can generate up to one report per traffic type, per 30 day period.
+    # For example, when you successfully create an HTTP traffic report, you
+    # cannot create another HTTP traffic report until 30 days pass.
+    # Alternatively, if you generate a report that combines metrics on both
+    # HTTP and HTTPS traffic, you cannot create another report for either
+    # traffic type until 30 days pass.
+    #
+    # @!attribute [rw] analysis_report_id
+    #   The unique ID of the query that ran when you requested an analysis
+    #   report.
+    #   @return [String]
+    #
+    # @!attribute [rw] analysis_type
+    #   The type of traffic that will be used to generate a report.
+    #   @return [String]
+    #
+    # @!attribute [rw] report_time
+    #   The date and time the analysis report was ran.
+    #   @return [Time]
+    #
+    # @!attribute [rw] status
+    #   The status of the analysis report you specify. Statuses include
+    #   `RUNNING`, `COMPLETED`, or `FAILED`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AnalysisReport AWS API Documentation
+    #
+    class AnalysisReport < Struct.new(
+      :analysis_report_id,
+      :analysis_type,
+      :report_time,
+      :status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The analysis result for Network Firewall's stateless rule group
     # analyzer. Every time you call CreateRuleGroup, UpdateRuleGroup, or
     # DescribeRuleGroup on a stateless rule group, Network Firewall analyzes
@@ -84,6 +123,10 @@ module Aws::NetworkFirewall
     # process traffic, the service includes the rule in a list of analysis
     # results.
     #
+    # The `AnalysisResult` data type is not related to traffic analysis
+    # reports you generate using StartAnalysisReport. For information on
+    # traffic analysis report results, see AnalysisTypeReportResult.
+    #
     # @!attribute [rw] identified_rule_ids
     #   The priority number of the stateless rules identified in the
     #   analysis.
@@ -138,6 +181,51 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # The results of a `COMPLETED` analysis report generated with
+    # StartAnalysisReport.
+    #
+    # For an example of traffic analysis report results, see the response
+    # syntax of GetAnalysisReportResults.
+    #
+    # @!attribute [rw] protocol
+    #   The type of traffic captured by the analysis report.
+    #   @return [String]
+    #
+    # @!attribute [rw] first_accessed
+    #   The date and time any domain was first accessed (within the last 30
+    #   day period).
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_accessed
+    #   The date and time any domain was last accessed (within the last 30
+    #   day period).
+    #   @return [Time]
+    #
+    # @!attribute [rw] domain
+    #   The most frequently accessed domains.
+    #   @return [String]
+    #
+    # @!attribute [rw] hits
+    #   The number of attempts made to access a observed domain.
+    #   @return [Types::Hits]
+    #
+    # @!attribute [rw] unique_sources
+    #   The number of unique source IP addresses that connected to a domain.
+    #   @return [Types::UniqueSources]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AnalysisTypeReportResult AWS API Documentation
+    #
+    class AnalysisTypeReportResult < Struct.new(
+      :protocol,
+      :first_accessed,
+      :last_accessed,
+      :domain,
+      :hits,
+      :unique_sources)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] update_token
     #   An optional token that you can use for optimistic locking. Network
     #   Firewall returns a token to your requests that access the firewall.
@@ -608,6 +696,11 @@ module Aws::NetworkFirewall
     #   firewall resources.
     #   @return [Types::EncryptionConfiguration]
     #
+    # @!attribute [rw] enabled_analysis_types
+    #   An optional setting indicating the specific traffic analysis types
+    #   to enable on the firewall.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallRequest AWS API Documentation
     #
     class CreateFirewallRequest < Struct.new(
@@ -620,7 +713,8 @@ module Aws::NetworkFirewall
       :firewall_policy_change_protection,
       :description,
       :tags,
-      :encryption_configuration)
+      :encryption_configuration,
+      :enabled_analysis_types)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1268,6 +1362,97 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The ID of the Availability Zone where the firewall is located. For
+    #   example, `us-east-2a`.
+    #
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_operation_id
+    #   A unique identifier for the flow operation. This ID is returned in
+    #   the responses to start and list commands. You provide to describe
+    #   commands.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFlowOperationRequest AWS API Documentation
+    #
+    class DescribeFlowOperationRequest < Struct.new(
+      :firewall_arn,
+      :availability_zone,
+      :flow_operation_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The ID of the Availability Zone where the firewall is located. For
+    #   example, `us-east-2a`.
+    #
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_operation_id
+    #   A unique identifier for the flow operation. This ID is returned in
+    #   the responses to start and list commands. You provide to describe
+    #   commands.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_operation_type
+    #   Defines the type of `FlowOperation`.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_operation_status
+    #   Returns the status of the flow operation. This string is returned in
+    #   the responses to start, list, and describe commands.
+    #
+    #   If the status is `COMPLETED_WITH_ERRORS`, results may be returned
+    #   with any number of `Flows` missing from the response. If the status
+    #   is `FAILED`, `Flows` returned will be empty.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_message
+    #   If the asynchronous operation fails, Network Firewall populates this
+    #   with the reason for the error or failure. Options include `Flow
+    #   operation error` and `Flow timeout`.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_request_timestamp
+    #   A timestamp indicating when the Suricata engine identified flows
+    #   impacted by an operation.
+    #   @return [Time]
+    #
+    # @!attribute [rw] flow_operation
+    #   Returns key information about a flow operation, such as related
+    #   statuses, unique identifiers, and all filters defined in the
+    #   operation.
+    #   @return [Types::FlowOperation]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFlowOperationResponse AWS API Documentation
+    #
+    class DescribeFlowOperationResponse < Struct.new(
+      :firewall_arn,
+      :availability_zone,
+      :flow_operation_id,
+      :flow_operation_type,
+      :flow_operation_status,
+      :status_message,
+      :flow_request_timestamp,
+      :flow_operation)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] firewall_arn
     #   The Amazon Resource Name (ARN) of the firewall.
     #
@@ -1837,6 +2022,11 @@ module Aws::NetworkFirewall
     #   configuration settings for your firewall.
     #   @return [Types::EncryptionConfiguration]
     #
+    # @!attribute [rw] enabled_analysis_types
+    #   An optional setting indicating the specific traffic analysis types
+    #   to enable on the firewall.
+    #   @return [Array<String>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Firewall AWS API Documentation
     #
     class Firewall < Struct.new(
@@ -1851,7 +2041,8 @@ module Aws::NetworkFirewall
       :description,
       :firewall_id,
       :tags,
-      :encryption_configuration)
+      :encryption_configuration,
+      :enabled_analysis_types)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2150,6 +2341,179 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # Any number of arrays, where each array is a single flow identified in
+    # the scope of the operation. If multiple flows were in the scope of the
+    # operation, multiple `Flows` arrays are returned.
+    #
+    # @!attribute [rw] source_address
+    #   A single IP address specification. This is used in the
+    #   MatchAttributes source and destination specifications.
+    #   @return [Types::Address]
+    #
+    # @!attribute [rw] destination_address
+    #   A single IP address specification. This is used in the
+    #   MatchAttributes source and destination specifications.
+    #   @return [Types::Address]
+    #
+    # @!attribute [rw] source_port
+    #   The source port to inspect for. You can specify an individual port,
+    #   for example `1994` and you can specify a port range, for example
+    #   `1990:1994`. To match with any port, specify `ANY`.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_port
+    #   The destination port to inspect for. You can specify an individual
+    #   port, for example `1994` and you can specify a port range, for
+    #   example `1990:1994`. To match with any port, specify `ANY`.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocol
+    #   The protocols to inspect for, specified using the assigned internet
+    #   protocol number (IANA) for each protocol. If not specified, this
+    #   matches with any protocol.
+    #   @return [String]
+    #
+    # @!attribute [rw] age
+    #   Returned as info about age of the flows identified by the flow
+    #   operation.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] packet_count
+    #   Returns the total number of data packets received or transmitted in
+    #   a flow.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] byte_count
+    #   Returns the number of bytes received or transmitted in a specific
+    #   flow.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Flow AWS API Documentation
+    #
+    class Flow < Struct.new(
+      :source_address,
+      :destination_address,
+      :source_port,
+      :destination_port,
+      :protocol,
+      :age,
+      :packet_count,
+      :byte_count)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Defines the scope a flow operation. You can use up to 20 filters to
+    # configure a single flow operation.
+    #
+    # @!attribute [rw] source_address
+    #   A single IP address specification. This is used in the
+    #   MatchAttributes source and destination specifications.
+    #   @return [Types::Address]
+    #
+    # @!attribute [rw] destination_address
+    #   A single IP address specification. This is used in the
+    #   MatchAttributes source and destination specifications.
+    #   @return [Types::Address]
+    #
+    # @!attribute [rw] source_port
+    #   The source port to inspect for. You can specify an individual port,
+    #   for example `1994` and you can specify a port range, for example
+    #   `1990:1994`. To match with any port, specify `ANY`.
+    #   @return [String]
+    #
+    # @!attribute [rw] destination_port
+    #   The destination port to inspect for. You can specify an individual
+    #   port, for example `1994` and you can specify a port range, for
+    #   example `1990:1994`. To match with any port, specify `ANY`.
+    #   @return [String]
+    #
+    # @!attribute [rw] protocols
+    #   The protocols to inspect for, specified using the assigned internet
+    #   protocol number (IANA) for each protocol. If not specified, this
+    #   matches with any protocol.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FlowFilter AWS API Documentation
+    #
+    class FlowFilter < Struct.new(
+      :source_address,
+      :destination_address,
+      :source_port,
+      :destination_port,
+      :protocols)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about a flow operation, such as related statuses,
+    # unique identifiers, and all filters defined in the operation.
+    #
+    # Flow operations let you manage the flows tracked in the flow table,
+    # also known as the firewall table.
+    #
+    # A flow is network traffic that is monitored by a firewall, either by
+    # stateful or stateless rules. For traffic to be considered part of a
+    # flow, it must share Destination, DestinationPort, Direction, Protocol,
+    # Source, and SourcePort.
+    #
+    # @!attribute [rw] minimum_flow_age_in_seconds
+    #   The reqested `FlowOperation` ignores flows with an age (in seconds)
+    #   lower than `MinimumFlowAgeInSeconds`. You provide this for start
+    #   commands.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] flow_filters
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #   @return [Array<Types::FlowFilter>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FlowOperation AWS API Documentation
+    #
+    class FlowOperation < Struct.new(
+      :minimum_flow_age_in_seconds,
+      :flow_filters)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # An array of objects with metadata about the requested `FlowOperation`.
+    #
+    # @!attribute [rw] flow_operation_id
+    #   A unique identifier for the flow operation. This ID is returned in
+    #   the responses to start and list commands. You provide to describe
+    #   commands.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_operation_type
+    #   Defines the type of `FlowOperation`.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_request_timestamp
+    #   A timestamp indicating when the Suricata engine identified flows
+    #   impacted by an operation.
+    #   @return [Time]
+    #
+    # @!attribute [rw] flow_operation_status
+    #   Returns the status of the flow operation. This string is returned in
+    #   the responses to start, list, and describe commands.
+    #
+    #   If the status is `COMPLETED_WITH_ERRORS`, results may be returned
+    #   with any number of `Flows` missing from the response. If the status
+    #   is `FAILED`, `Flows` returned will be empty.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FlowOperationMetadata AWS API Documentation
+    #
+    class FlowOperationMetadata < Struct.new(
+      :flow_operation_id,
+      :flow_operation_type,
+      :flow_request_timestamp,
+      :flow_operation_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes the amount of time that can pass without any traffic sent
     # through the firewall before the firewall determines that the
     # connection is idle and Network Firewall removes the flow entry from
@@ -2178,6 +2542,102 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # @!attribute [rw] firewall_name
+    #   The descriptive name of the firewall. You can't change the name of
+    #   a firewall after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] analysis_report_id
+    #   The unique ID of the query that ran when you requested an analysis
+    #   report.
+    #   @return [String]
+    #
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Network Firewall returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of objects that you want Network Firewall to
+    #   return for this request. If more objects are available, in the
+    #   response, Network Firewall provides a `NextToken` value that you can
+    #   use in a subsequent call to get the next batch of objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/GetAnalysisReportResultsRequest AWS API Documentation
+    #
+    class GetAnalysisReportResultsRequest < Struct.new(
+      :firewall_name,
+      :analysis_report_id,
+      :firewall_arn,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] status
+    #   The status of the analysis report you specify. Statuses include
+    #   `RUNNING`, `COMPLETED`, or `FAILED`.
+    #   @return [String]
+    #
+    # @!attribute [rw] start_time
+    #   The date and time within the last 30 days from which to start
+    #   retrieving analysis data, in UTC format (for example,
+    #   `YYYY-MM-DDTHH:MM:SSZ`.
+    #   @return [Time]
+    #
+    # @!attribute [rw] end_time
+    #   The date and time, up to the current date, from which to stop
+    #   retrieving analysis data, in UTC format (for example,
+    #   `YYYY-MM-DDTHH:MM:SSZ`).
+    #   @return [Time]
+    #
+    # @!attribute [rw] report_time
+    #   The date and time the analysis report was ran.
+    #   @return [Time]
+    #
+    # @!attribute [rw] analysis_type
+    #   The type of traffic that will be used to generate a report.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Network Firewall returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] analysis_report_results
+    #   Retrieves the results of a traffic analysis report.
+    #   @return [Array<Types::AnalysisTypeReportResult>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/GetAnalysisReportResultsResponse AWS API Documentation
+    #
+    class GetAnalysisReportResultsResponse < Struct.new(
+      :status,
+      :start_time,
+      :end_time,
+      :report_time,
+      :analysis_type,
+      :next_token,
+      :analysis_report_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The basic rule criteria for Network Firewall to use to inspect packet
     # headers in stateful traffic flow inspection. Traffic flows that match
     # the criteria are a match for the corresponding StatefulRule.
@@ -2287,6 +2747,20 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # Attempts made to a access domain.
+    #
+    # @!attribute [rw] count
+    #   The number of attempts made to access a domain.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Hits AWS API Documentation
+    #
+    class Hits < Struct.new(
+      :count)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A list of IP addresses and address ranges, in CIDR notation. This is
     # part of a RuleVariables.
     #
@@ -2457,6 +2931,67 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # @!attribute [rw] firewall_name
+    #   The descriptive name of the firewall. You can't change the name of
+    #   a firewall after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Network Firewall returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of objects that you want Network Firewall to
+    #   return for this request. If more objects are available, in the
+    #   response, Network Firewall provides a `NextToken` value that you can
+    #   use in a subsequent call to get the next batch of objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListAnalysisReportsRequest AWS API Documentation
+    #
+    class ListAnalysisReportsRequest < Struct.new(
+      :firewall_name,
+      :firewall_arn,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] analysis_reports
+    #   The `id` and `ReportTime` associated with a requested analysis
+    #   report. Does not provide the status of the analysis report.
+    #   @return [Array<Types::AnalysisReport>]
+    #
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Network Firewall returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListAnalysisReportsResponse AWS API Documentation
+    #
+    class ListAnalysisReportsResponse < Struct.new(
+      :analysis_reports,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] next_token
     #   When you request a list of objects with a `MaxResults` setting, if
     #   the number of objects that are still available for retrieval exceeds
@@ -2558,6 +3093,189 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_operation_id
+    #   A unique identifier for the flow operation. This ID is returned in
+    #   the responses to start and list commands. You provide to describe
+    #   commands.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Network Firewall returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of objects that you want Network Firewall to
+    #   return for this request. If more objects are available, in the
+    #   response, Network Firewall provides a `NextToken` value that you can
+    #   use in a subsequent call to get the next batch of objects.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] availability_zone
+    #   The ID of the Availability Zone where the firewall is located. For
+    #   example, `us-east-2a`.
+    #
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListFlowOperationResultsRequest AWS API Documentation
+    #
+    class ListFlowOperationResultsRequest < Struct.new(
+      :firewall_arn,
+      :flow_operation_id,
+      :next_token,
+      :max_results,
+      :availability_zone)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The ID of the Availability Zone where the firewall is located. For
+    #   example, `us-east-2a`.
+    #
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_operation_id
+    #   A unique identifier for the flow operation. This ID is returned in
+    #   the responses to start and list commands. You provide to describe
+    #   commands.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_operation_status
+    #   Returns the status of the flow operation. This string is returned in
+    #   the responses to start, list, and describe commands.
+    #
+    #   If the status is `COMPLETED_WITH_ERRORS`, results may be returned
+    #   with any number of `Flows` missing from the response. If the status
+    #   is `FAILED`, `Flows` returned will be empty.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_message
+    #   If the asynchronous operation fails, Network Firewall populates this
+    #   with the reason for the error or failure. Options include `Flow
+    #   operation error` and `Flow timeout`.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_request_timestamp
+    #   A timestamp indicating when the Suricata engine identified flows
+    #   impacted by an operation.
+    #   @return [Time]
+    #
+    # @!attribute [rw] flows
+    #   Any number of arrays, where each array is a single flow identified
+    #   in the scope of the operation. If multiple flows were in the scope
+    #   of the operation, multiple `Flows` arrays are returned.
+    #   @return [Array<Types::Flow>]
+    #
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Network Firewall returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListFlowOperationResultsResponse AWS API Documentation
+    #
+    class ListFlowOperationResultsResponse < Struct.new(
+      :firewall_arn,
+      :availability_zone,
+      :flow_operation_id,
+      :flow_operation_status,
+      :status_message,
+      :flow_request_timestamp,
+      :flows,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The ID of the Availability Zone where the firewall is located. For
+    #   example, `us-east-2a`.
+    #
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_operation_type
+    #   An optional string that defines whether any or all operation types
+    #   are returned.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Network Firewall returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] max_results
+    #   The maximum number of objects that you want Network Firewall to
+    #   return for this request. If more objects are available, in the
+    #   response, Network Firewall provides a `NextToken` value that you can
+    #   use in a subsequent call to get the next batch of objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListFlowOperationsRequest AWS API Documentation
+    #
+    class ListFlowOperationsRequest < Struct.new(
+      :firewall_arn,
+      :availability_zone,
+      :flow_operation_type,
+      :next_token,
+      :max_results)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] flow_operations
+    #   Flow operations let you manage the flows tracked in the flow table,
+    #   also known as the firewall table.
+    #
+    #   A flow is network traffic that is monitored by a firewall, either by
+    #   stateful or stateless rules. For traffic to be considered part of a
+    #   flow, it must share Destination, DestinationPort, Direction,
+    #   Protocol, Source, and SourcePort.
+    #   @return [Array<Types::FlowOperationMetadata>]
+    #
+    # @!attribute [rw] next_token
+    #   When you request a list of objects with a `MaxResults` setting, if
+    #   the number of objects that are still available for retrieval exceeds
+    #   the maximum you requested, Network Firewall returns a `NextToken`
+    #   value in the response. To retrieve the next batch of objects, use
+    #   the token returned from the prior request in your next request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListFlowOperationsResponse AWS API Documentation
+    #
+    class ListFlowOperationsResponse < Struct.new(
+      :flow_operations,
+      :next_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] next_token
     #   When you request a list of objects with a `MaxResults` setting, if
     #   the number of objects that are still available for retrieval exceeds
@@ -2841,26 +3559,26 @@ module Aws::NetworkFirewall
     #   @return [Array<Types::Address>]
     #
     # @!attribute [rw] source_ports
-    #   The source ports to inspect for. If not specified, this matches with
-    #   any source port. This setting is only used for protocols 6 (TCP) and
-    #   17 (UDP).
+    #   The source port to inspect for. You can specify an individual port,
+    #   for example `1994` and you can specify a port range, for example
+    #   `1990:1994`. To match with any port, specify `ANY`.
     #
-    #   You can specify individual ports, for example `1994` and you can
-    #   specify port ranges, for example `1990:1994`.
+    #   If not specified, this matches with any source port.
+    #
+    #   This setting is only used for protocols 6 (TCP) and 17 (UDP).
     #   @return [Array<Types::PortRange>]
     #
     # @!attribute [rw] destination_ports
-    #   The destination ports to inspect for. If not specified, this matches
-    #   with any destination port. This setting is only used for protocols 6
-    #   (TCP) and 17 (UDP).
+    #   The destination port to inspect for. You can specify an individual
+    #   port, for example `1994` and you can specify a port range, for
+    #   example `1990:1994`. To match with any port, specify `ANY`.
     #
-    #   You can specify individual ports, for example `1994` and you can
-    #   specify port ranges, for example `1990:1994`.
+    #   This setting is only used for protocols 6 (TCP) and 17 (UDP).
     #   @return [Array<Types::PortRange>]
     #
     # @!attribute [rw] protocols
-    #   The protocols to inspect for, specified using each protocol's
-    #   assigned internet protocol number (IANA). If not specified, this
+    #   The protocols to inspect for, specified using the assigned internet
+    #   protocol number (IANA) for each protocol. If not specified, this
     #   matches with any protocol.
     #   @return [Array<Integer>]
     #
@@ -3331,7 +4049,7 @@ module Aws::NetworkFirewall
     #
     #
     #
-    #   [1]: https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html#rule-options
+    #   [1]: https://suricata.readthedocs.io/en/suricata-7.0.3/rules/intro.html#rule-options
     #   @return [String]
     #
     # @!attribute [rw] settings
@@ -3342,7 +4060,7 @@ module Aws::NetworkFirewall
     #
     #
     #
-    #   [1]: https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html#rule-options
+    #   [1]: https://suricata.readthedocs.io/en/suricata-7.0.3/rules/intro.html#rule-options
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleOption AWS API Documentation
@@ -3406,7 +4124,7 @@ module Aws::NetworkFirewall
     #
     #
     #
-    #   [1]: https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html
+    #   [1]: https://suricata.readthedocs.io/en/suricata-7.0.3/rules/intro.html
     #   @return [Array<Types::StatefulRule>]
     #
     # @!attribute [rw] stateless_rules_and_custom_actions
@@ -3615,9 +4333,11 @@ module Aws::NetworkFirewall
     #   @return [Array<Types::PortRange>]
     #
     # @!attribute [rw] protocols
-    #   The protocols to decrypt for inspection, specified using each
-    #   protocol's assigned internet protocol number (IANA). Network
-    #   Firewall currently supports only TCP.
+    #   The protocols to inspect for, specified using the assigned internet
+    #   protocol number (IANA) for each protocol. If not specified, this
+    #   matches with any protocol.
+    #
+    #   Network Firewall currently supports only TCP.
     #   @return [Array<Integer>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ServerCertificateScope AWS API Documentation
@@ -3665,6 +4385,177 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # @!attribute [rw] firewall_name
+    #   The descriptive name of the firewall. You can't change the name of
+    #   a firewall after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] analysis_type
+    #   The type of traffic that will be used to generate a report.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StartAnalysisReportRequest AWS API Documentation
+    #
+    class StartAnalysisReportRequest < Struct.new(
+      :firewall_name,
+      :firewall_arn,
+      :analysis_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] analysis_report_id
+    #   The unique ID of the query that ran when you requested an analysis
+    #   report.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StartAnalysisReportResponse AWS API Documentation
+    #
+    class StartAnalysisReportResponse < Struct.new(
+      :analysis_report_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The ID of the Availability Zone where the firewall is located. For
+    #   example, `us-east-2a`.
+    #
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] minimum_flow_age_in_seconds
+    #   The reqested `FlowOperation` ignores flows with an age (in seconds)
+    #   lower than `MinimumFlowAgeInSeconds`. You provide this for start
+    #   commands.
+    #
+    #   <note markdown="1"> We recommend setting this value to at least 1 minute (60 seconds) to
+    #   reduce chance of capturing flows that are not yet established.
+    #
+    #    </note>
+    #   @return [Integer]
+    #
+    # @!attribute [rw] flow_filters
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #   @return [Array<Types::FlowFilter>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StartFlowCaptureRequest AWS API Documentation
+    #
+    class StartFlowCaptureRequest < Struct.new(
+      :firewall_arn,
+      :availability_zone,
+      :minimum_flow_age_in_seconds,
+      :flow_filters)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_operation_id
+    #   A unique identifier for the flow operation. This ID is returned in
+    #   the responses to start and list commands. You provide to describe
+    #   commands.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_operation_status
+    #   Returns the status of the flow operation. This string is returned in
+    #   the responses to start, list, and describe commands.
+    #
+    #   If the status is `COMPLETED_WITH_ERRORS`, results may be returned
+    #   with any number of `Flows` missing from the response. If the status
+    #   is `FAILED`, `Flows` returned will be empty.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StartFlowCaptureResponse AWS API Documentation
+    #
+    class StartFlowCaptureResponse < Struct.new(
+      :firewall_arn,
+      :flow_operation_id,
+      :flow_operation_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] availability_zone
+    #   The ID of the Availability Zone where the firewall is located. For
+    #   example, `us-east-2a`.
+    #
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] minimum_flow_age_in_seconds
+    #   The reqested `FlowOperation` ignores flows with an age (in seconds)
+    #   lower than `MinimumFlowAgeInSeconds`. You provide this for start
+    #   commands.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] flow_filters
+    #   Defines the scope a flow operation. You can use up to 20 filters to
+    #   configure a single flow operation.
+    #   @return [Array<Types::FlowFilter>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StartFlowFlushRequest AWS API Documentation
+    #
+    class StartFlowFlushRequest < Struct.new(
+      :firewall_arn,
+      :availability_zone,
+      :minimum_flow_age_in_seconds,
+      :flow_filters)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_operation_id
+    #   A unique identifier for the flow operation. This ID is returned in
+    #   the responses to start and list commands. You provide to describe
+    #   commands.
+    #   @return [String]
+    #
+    # @!attribute [rw] flow_operation_status
+    #   Returns the status of the flow operation. This string is returned in
+    #   the responses to start, list, and describe commands.
+    #
+    #   If the status is `COMPLETED_WITH_ERRORS`, results may be returned
+    #   with any number of `Flows` missing from the response. If the status
+    #   is `FAILED`, `Flows` returned will be empty.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StartFlowFlushResponse AWS API Documentation
+    #
+    class StartFlowFlushResponse < Struct.new(
+      :firewall_arn,
+      :flow_operation_id,
+      :flow_operation_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Configuration settings for the handling of the stateful rule groups in
     # a firewall policy.
     #
@@ -3738,7 +4629,7 @@ module Aws::NetworkFirewall
     #
     #
     #
-    # [1]: https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html
+    # [1]: https://suricata.readthedocs.io/en/suricata-7.0.3/rules/intro.html
     #
     # @!attribute [rw] action
     #   Defines what Network Firewall should do with the packets in a
@@ -4281,6 +5172,20 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # A unique source IP address that connected to a domain.
+    #
+    # @!attribute [rw] count
+    #   The number of unique source IP addresses that connected to a domain.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UniqueSources AWS API Documentation
+    #
+    class UniqueSources < Struct.new(
+      :count)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The operation you requested isn't supported by Network Firewall.
     #
     # @!attribute [rw] message
@@ -4314,6 +5219,104 @@ module Aws::NetworkFirewall
     #
     class UntagResourceResponse < Aws::EmptyStructure; end
 
+    # @!attribute [rw] enabled_analysis_types
+    #   An optional setting indicating the specific traffic analysis types
+    #   to enable on the firewall.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] firewall_name
+    #   The descriptive name of the firewall. You can't change the name of
+    #   a firewall after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] update_token
+    #   An optional token that you can use for optimistic locking. Network
+    #   Firewall returns a token to your requests that access the firewall.
+    #   The token marks the state of the firewall resource at the time of
+    #   the request.
+    #
+    #   To make an unconditional change to the firewall, omit the token in
+    #   your update request. Without the token, Network Firewall performs
+    #   your updates regardless of whether the firewall has changed since
+    #   you last retrieved it.
+    #
+    #   To make a conditional change to the firewall, provide the token in
+    #   your update request. Network Firewall uses the token to ensure that
+    #   the firewall hasn't changed since you last retrieved it. If it has
+    #   changed, the operation fails with an `InvalidTokenException`. If
+    #   this happens, retrieve the firewall again to get a current copy of
+    #   it with a new token. Reapply your changes as needed, then try the
+    #   operation again using the new token.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallAnalysisSettingsRequest AWS API Documentation
+    #
+    class UpdateFirewallAnalysisSettingsRequest < Struct.new(
+      :enabled_analysis_types,
+      :firewall_arn,
+      :firewall_name,
+      :update_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] enabled_analysis_types
+    #   An optional setting indicating the specific traffic analysis types
+    #   to enable on the firewall.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] firewall_name
+    #   The descriptive name of the firewall. You can't change the name of
+    #   a firewall after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] update_token
+    #   An optional token that you can use for optimistic locking. Network
+    #   Firewall returns a token to your requests that access the firewall.
+    #   The token marks the state of the firewall resource at the time of
+    #   the request.
+    #
+    #   To make an unconditional change to the firewall, omit the token in
+    #   your update request. Without the token, Network Firewall performs
+    #   your updates regardless of whether the firewall has changed since
+    #   you last retrieved it.
+    #
+    #   To make a conditional change to the firewall, provide the token in
+    #   your update request. Network Firewall uses the token to ensure that
+    #   the firewall hasn't changed since you last retrieved it. If it has
+    #   changed, the operation fails with an `InvalidTokenException`. If
+    #   this happens, retrieve the firewall again to get a current copy of
+    #   it with a new token. Reapply your changes as needed, then try the
+    #   operation again using the new token.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallAnalysisSettingsResponse AWS API Documentation
+    #
+    class UpdateFirewallAnalysisSettingsResponse < Struct.new(
+      :enabled_analysis_types,
+      :firewall_arn,
+      :firewall_name,
+      :update_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] update_token
     #   An optional token that you can use for optimistic locking. Network
     #   Firewall returns a token to your requests that access the firewall.