aws-sdk-networkfirewall 1.65.0 → 1.66.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-networkfirewall/client.rb +362 -22
- data/lib/aws-sdk-networkfirewall/client_api.rb +177 -0
- data/lib/aws-sdk-networkfirewall/types.rb +618 -55
- data/lib/aws-sdk-networkfirewall.rb +1 -1
- data/sig/client.rbs +87 -1
- data/sig/types.rbs +111 -0
- metadata +1 -1
@@ -10,6 +10,33 @@
|
|
10
10
|
module Aws::NetworkFirewall
|
11
11
|
module Types
|
12
12
|
|
13
|
+
# The status of the firewall endpoint defined by a
|
14
|
+
# `VpcEndpointAssociation`.
|
15
|
+
#
|
16
|
+
# @!attribute [rw] attachment
|
17
|
+
# The definition and status of the firewall endpoint for a single
|
18
|
+
# subnet. In each configured subnet, Network Firewall instantiates a
|
19
|
+
# firewall endpoint to handle network traffic.
|
20
|
+
#
|
21
|
+
# This data type is used for any firewall endpoint type:
|
22
|
+
#
|
23
|
+
# * For `Firewall.SubnetMappings`, this `Attachment` is part of the
|
24
|
+
# `FirewallStatus` sync states information. You define firewall
|
25
|
+
# subnets using `CreateFirewall` and `AssociateSubnets`.
|
26
|
+
#
|
27
|
+
# * For `VpcEndpointAssociation`, this `Attachment` is part of the
|
28
|
+
# `VpcEndpointAssociationStatus` sync states information. You define
|
29
|
+
# these subnets using `CreateVpcEndpointAssociation`.
|
30
|
+
# @return [Types::Attachment]
|
31
|
+
#
|
32
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AZSyncState AWS API Documentation
|
33
|
+
#
|
34
|
+
class AZSyncState < Struct.new(
|
35
|
+
:attachment)
|
36
|
+
SENSITIVE = []
|
37
|
+
include Aws::Structure
|
38
|
+
end
|
39
|
+
|
13
40
|
# A custom action to use in stateless rule actions settings. This is
|
14
41
|
# used in CustomAction.
|
15
42
|
#
|
@@ -410,9 +437,19 @@ module Aws::NetworkFirewall
|
|
410
437
|
include Aws::Structure
|
411
438
|
end
|
412
439
|
|
413
|
-
# The
|
414
|
-
#
|
415
|
-
#
|
440
|
+
# The definition and status of the firewall endpoint for a single
|
441
|
+
# subnet. In each configured subnet, Network Firewall instantiates a
|
442
|
+
# firewall endpoint to handle network traffic.
|
443
|
+
#
|
444
|
+
# This data type is used for any firewall endpoint type:
|
445
|
+
#
|
446
|
+
# * For `Firewall.SubnetMappings`, this `Attachment` is part of the
|
447
|
+
# `FirewallStatus` sync states information. You define firewall
|
448
|
+
# subnets using `CreateFirewall` and `AssociateSubnets`.
|
449
|
+
#
|
450
|
+
# * For `VpcEndpointAssociation`, this `Attachment` is part of the
|
451
|
+
# `VpcEndpointAssociationStatus` sync states information. You define
|
452
|
+
# these subnets using `CreateVpcEndpointAssociation`.
|
416
453
|
#
|
417
454
|
# @!attribute [rw] subnet_id
|
418
455
|
# The unique identifier of the subnet that you've specified to be
|
@@ -427,12 +464,11 @@ module Aws::NetworkFirewall
|
|
427
464
|
# @return [String]
|
428
465
|
#
|
429
466
|
# @!attribute [rw] status
|
430
|
-
# The current status of the firewall endpoint in the
|
431
|
-
#
|
432
|
-
#
|
433
|
-
#
|
434
|
-
#
|
435
|
-
# isn't available for traffic, this value will reflect its state, for
|
467
|
+
# The current status of the firewall endpoint instantiation in the
|
468
|
+
# subnet.
|
469
|
+
#
|
470
|
+
# When this value is `READY`, the endpoint is available to handle
|
471
|
+
# network traffic. Otherwise, this value reflects its state, for
|
436
472
|
# example `CREATING` or `DELETING`.
|
437
473
|
# @return [String]
|
438
474
|
#
|
@@ -463,6 +499,22 @@ module Aws::NetworkFirewall
|
|
463
499
|
include Aws::Structure
|
464
500
|
end
|
465
501
|
|
502
|
+
# High-level information about an Availability Zone where the firewall
|
503
|
+
# has an endpoint defined.
|
504
|
+
#
|
505
|
+
# @!attribute [rw] ip_address_type
|
506
|
+
# The IP address type of the Firewall subnet in the Availability Zone.
|
507
|
+
# You can't change the IP address type after you create the subnet.
|
508
|
+
# @return [String]
|
509
|
+
#
|
510
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AvailabilityZoneMetadata AWS API Documentation
|
511
|
+
#
|
512
|
+
class AvailabilityZoneMetadata < Struct.new(
|
513
|
+
:ip_address_type)
|
514
|
+
SENSITIVE = []
|
515
|
+
include Aws::Structure
|
516
|
+
end
|
517
|
+
|
466
518
|
# Summarizes the CIDR blocks used by the IP set references in a
|
467
519
|
# firewall. Network Firewall calculates the number of CIDRs by taking an
|
468
520
|
# aggregated count of all CIDRs used by the IP sets you are referencing.
|
@@ -729,6 +781,12 @@ module Aws::NetworkFirewall
|
|
729
781
|
# Detailed information about the current status of a Firewall. You can
|
730
782
|
# retrieve this for a firewall by calling DescribeFirewall and
|
731
783
|
# providing the firewall name and ARN.
|
784
|
+
#
|
785
|
+
# The firewall status indicates a combined status. It indicates
|
786
|
+
# whether all subnets are up-to-date with the latest firewall
|
787
|
+
# configurations, which is based on the sync states config values, and
|
788
|
+
# also whether all subnets have their endpoints fully enabled, based
|
789
|
+
# on their sync states attachment values.
|
732
790
|
# @return [Types::FirewallStatus]
|
733
791
|
#
|
734
792
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallResponse AWS API Documentation
|
@@ -1016,6 +1074,65 @@ module Aws::NetworkFirewall
|
|
1016
1074
|
include Aws::Structure
|
1017
1075
|
end
|
1018
1076
|
|
1077
|
+
# @!attribute [rw] firewall_arn
|
1078
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
1079
|
+
# @return [String]
|
1080
|
+
#
|
1081
|
+
# @!attribute [rw] vpc_id
|
1082
|
+
# The unique identifier of the VPC where you want to create a firewall
|
1083
|
+
# endpoint.
|
1084
|
+
# @return [String]
|
1085
|
+
#
|
1086
|
+
# @!attribute [rw] subnet_mapping
|
1087
|
+
# The ID for a subnet that's used in an association with a firewall.
|
1088
|
+
# This is used in CreateFirewall, AssociateSubnets, and
|
1089
|
+
# CreateVpcEndpointAssociation. Network Firewall creates an instance
|
1090
|
+
# of the associated firewall in each subnet that you specify, to
|
1091
|
+
# filter traffic in the subnet's Availability Zone.
|
1092
|
+
# @return [Types::SubnetMapping]
|
1093
|
+
#
|
1094
|
+
# @!attribute [rw] description
|
1095
|
+
# A description of the VPC endpoint association.
|
1096
|
+
# @return [String]
|
1097
|
+
#
|
1098
|
+
# @!attribute [rw] tags
|
1099
|
+
# The key:value pairs to associate with the resource.
|
1100
|
+
# @return [Array<Types::Tag>]
|
1101
|
+
#
|
1102
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateVpcEndpointAssociationRequest AWS API Documentation
|
1103
|
+
#
|
1104
|
+
class CreateVpcEndpointAssociationRequest < Struct.new(
|
1105
|
+
:firewall_arn,
|
1106
|
+
:vpc_id,
|
1107
|
+
:subnet_mapping,
|
1108
|
+
:description,
|
1109
|
+
:tags)
|
1110
|
+
SENSITIVE = []
|
1111
|
+
include Aws::Structure
|
1112
|
+
end
|
1113
|
+
|
1114
|
+
# @!attribute [rw] vpc_endpoint_association
|
1115
|
+
# The configuration settings for the VPC endpoint association. These
|
1116
|
+
# settings include the firewall and the VPC and subnet to use for the
|
1117
|
+
# firewall endpoint.
|
1118
|
+
# @return [Types::VpcEndpointAssociation]
|
1119
|
+
#
|
1120
|
+
# @!attribute [rw] vpc_endpoint_association_status
|
1121
|
+
# Detailed information about the current status of a
|
1122
|
+
# VpcEndpointAssociation. You can retrieve this by calling
|
1123
|
+
# DescribeVpcEndpointAssociation and providing the VPC endpoint
|
1124
|
+
# association ARN.
|
1125
|
+
# @return [Types::VpcEndpointAssociationStatus]
|
1126
|
+
#
|
1127
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateVpcEndpointAssociationResponse AWS API Documentation
|
1128
|
+
#
|
1129
|
+
class CreateVpcEndpointAssociationResponse < Struct.new(
|
1130
|
+
:vpc_endpoint_association,
|
1131
|
+
:vpc_endpoint_association_status)
|
1132
|
+
SENSITIVE = []
|
1133
|
+
include Aws::Structure
|
1134
|
+
end
|
1135
|
+
|
1019
1136
|
# An optional, non-standard action to use for stateless packet handling.
|
1020
1137
|
# You can define this in addition to the standard action that you must
|
1021
1138
|
# specify.
|
@@ -1113,21 +1230,33 @@ module Aws::NetworkFirewall
|
|
1113
1230
|
end
|
1114
1231
|
|
1115
1232
|
# @!attribute [rw] firewall
|
1116
|
-
#
|
1117
|
-
#
|
1118
|
-
#
|
1119
|
-
#
|
1233
|
+
# A firewall defines the behavior of a firewall, the main VPC where
|
1234
|
+
# the firewall is used, the Availability Zones where the firewall can
|
1235
|
+
# be used, and one subnet to use for a firewall endpoint within each
|
1236
|
+
# of the Availability Zones. The Availability Zones are defined
|
1237
|
+
# implicitly in the subnet specifications.
|
1238
|
+
#
|
1239
|
+
# In addition to the firewall endpoints that you define in this
|
1240
|
+
# `Firewall` specification, you can create firewall endpoints in
|
1241
|
+
# `VpcEndpointAssociation` resources for any VPC, in any Availability
|
1242
|
+
# Zone where the firewall is already in use.
|
1120
1243
|
#
|
1121
1244
|
# The status of the firewall, for example whether it's ready to
|
1122
1245
|
# filter network traffic, is provided in the corresponding
|
1123
|
-
# FirewallStatus. You can retrieve both
|
1124
|
-
# DescribeFirewall.
|
1246
|
+
# FirewallStatus. You can retrieve both the firewall and firewall
|
1247
|
+
# status by calling DescribeFirewall.
|
1125
1248
|
# @return [Types::Firewall]
|
1126
1249
|
#
|
1127
1250
|
# @!attribute [rw] firewall_status
|
1128
1251
|
# Detailed information about the current status of a Firewall. You can
|
1129
1252
|
# retrieve this for a firewall by calling DescribeFirewall and
|
1130
1253
|
# providing the firewall name and ARN.
|
1254
|
+
#
|
1255
|
+
# The firewall status indicates a combined status. It indicates
|
1256
|
+
# whether all subnets are up-to-date with the latest firewall
|
1257
|
+
# configurations, which is based on the sync states config values, and
|
1258
|
+
# also whether all subnets have their endpoints fully enabled, based
|
1259
|
+
# on their sync states attachment values.
|
1131
1260
|
# @return [Types::FirewallStatus]
|
1132
1261
|
#
|
1133
1262
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallResponse AWS API Documentation
|
@@ -1242,6 +1371,91 @@ module Aws::NetworkFirewall
|
|
1242
1371
|
include Aws::Structure
|
1243
1372
|
end
|
1244
1373
|
|
1374
|
+
# @!attribute [rw] vpc_endpoint_association_arn
|
1375
|
+
# The Amazon Resource Name (ARN) of a VPC endpoint association.
|
1376
|
+
# @return [String]
|
1377
|
+
#
|
1378
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteVpcEndpointAssociationRequest AWS API Documentation
|
1379
|
+
#
|
1380
|
+
class DeleteVpcEndpointAssociationRequest < Struct.new(
|
1381
|
+
:vpc_endpoint_association_arn)
|
1382
|
+
SENSITIVE = []
|
1383
|
+
include Aws::Structure
|
1384
|
+
end
|
1385
|
+
|
1386
|
+
# @!attribute [rw] vpc_endpoint_association
|
1387
|
+
# The configuration settings for the VPC endpoint association. These
|
1388
|
+
# settings include the firewall and the VPC and subnet to use for the
|
1389
|
+
# firewall endpoint.
|
1390
|
+
# @return [Types::VpcEndpointAssociation]
|
1391
|
+
#
|
1392
|
+
# @!attribute [rw] vpc_endpoint_association_status
|
1393
|
+
# Detailed information about the current status of a
|
1394
|
+
# VpcEndpointAssociation. You can retrieve this by calling
|
1395
|
+
# DescribeVpcEndpointAssociation and providing the VPC endpoint
|
1396
|
+
# association ARN.
|
1397
|
+
# @return [Types::VpcEndpointAssociationStatus]
|
1398
|
+
#
|
1399
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteVpcEndpointAssociationResponse AWS API Documentation
|
1400
|
+
#
|
1401
|
+
class DeleteVpcEndpointAssociationResponse < Struct.new(
|
1402
|
+
:vpc_endpoint_association,
|
1403
|
+
:vpc_endpoint_association_status)
|
1404
|
+
SENSITIVE = []
|
1405
|
+
include Aws::Structure
|
1406
|
+
end
|
1407
|
+
|
1408
|
+
# @!attribute [rw] firewall_arn
|
1409
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
1410
|
+
# @return [String]
|
1411
|
+
#
|
1412
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewallMetadataRequest AWS API Documentation
|
1413
|
+
#
|
1414
|
+
class DescribeFirewallMetadataRequest < Struct.new(
|
1415
|
+
:firewall_arn)
|
1416
|
+
SENSITIVE = []
|
1417
|
+
include Aws::Structure
|
1418
|
+
end
|
1419
|
+
|
1420
|
+
# @!attribute [rw] firewall_arn
|
1421
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
1422
|
+
# @return [String]
|
1423
|
+
#
|
1424
|
+
# @!attribute [rw] firewall_policy_arn
|
1425
|
+
# The Amazon Resource Name (ARN) of the firewall policy.
|
1426
|
+
# @return [String]
|
1427
|
+
#
|
1428
|
+
# @!attribute [rw] description
|
1429
|
+
# A description of the firewall.
|
1430
|
+
# @return [String]
|
1431
|
+
#
|
1432
|
+
# @!attribute [rw] status
|
1433
|
+
# The readiness of the configured firewall to handle network traffic
|
1434
|
+
# across all of the Availability Zones where you have it configured.
|
1435
|
+
# This setting is `READY` only when the
|
1436
|
+
# `ConfigurationSyncStateSummary` value is `IN_SYNC` and the
|
1437
|
+
# `Attachment` `Status` values for all of the configured subnets are
|
1438
|
+
# `READY`.
|
1439
|
+
# @return [String]
|
1440
|
+
#
|
1441
|
+
# @!attribute [rw] supported_availability_zones
|
1442
|
+
# The Availability Zones that the firewall currently supports. This
|
1443
|
+
# includes all Availability Zones for which the firewall has a subnet
|
1444
|
+
# defined.
|
1445
|
+
# @return [Hash<String,Types::AvailabilityZoneMetadata>]
|
1446
|
+
#
|
1447
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewallMetadataResponse AWS API Documentation
|
1448
|
+
#
|
1449
|
+
class DescribeFirewallMetadataResponse < Struct.new(
|
1450
|
+
:firewall_arn,
|
1451
|
+
:firewall_policy_arn,
|
1452
|
+
:description,
|
1453
|
+
:status,
|
1454
|
+
:supported_availability_zones)
|
1455
|
+
SENSITIVE = []
|
1456
|
+
include Aws::Structure
|
1457
|
+
end
|
1458
|
+
|
1245
1459
|
# @!attribute [rw] firewall_policy_name
|
1246
1460
|
# The descriptive name of the firewall policy. You can't change the
|
1247
1461
|
# name of a firewall policy after you create it.
|
@@ -1350,6 +1564,12 @@ module Aws::NetworkFirewall
|
|
1350
1564
|
# Detailed information about the current status of a Firewall. You can
|
1351
1565
|
# retrieve this for a firewall by calling DescribeFirewall and
|
1352
1566
|
# providing the firewall name and ARN.
|
1567
|
+
#
|
1568
|
+
# The firewall status indicates a combined status. It indicates
|
1569
|
+
# whether all subnets are up-to-date with the latest firewall
|
1570
|
+
# configurations, which is based on the sync states config values, and
|
1571
|
+
# also whether all subnets have their endpoints fully enabled, based
|
1572
|
+
# on their sync states attachment values.
|
1353
1573
|
# @return [Types::FirewallStatus]
|
1354
1574
|
#
|
1355
1575
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewallResponse AWS API Documentation
|
@@ -1374,6 +1594,15 @@ module Aws::NetworkFirewall
|
|
1374
1594
|
# configure a single flow operation.
|
1375
1595
|
# @return [String]
|
1376
1596
|
#
|
1597
|
+
# @!attribute [rw] vpc_endpoint_association_arn
|
1598
|
+
# The Amazon Resource Name (ARN) of a VPC endpoint association.
|
1599
|
+
# @return [String]
|
1600
|
+
#
|
1601
|
+
# @!attribute [rw] vpc_endpoint_id
|
1602
|
+
# A unique identifier for the primary endpoint associated with a
|
1603
|
+
# firewall.
|
1604
|
+
# @return [String]
|
1605
|
+
#
|
1377
1606
|
# @!attribute [rw] flow_operation_id
|
1378
1607
|
# A unique identifier for the flow operation. This ID is returned in
|
1379
1608
|
# the responses to start and list commands. You provide to describe
|
@@ -1385,6 +1614,8 @@ module Aws::NetworkFirewall
|
|
1385
1614
|
class DescribeFlowOperationRequest < Struct.new(
|
1386
1615
|
:firewall_arn,
|
1387
1616
|
:availability_zone,
|
1617
|
+
:vpc_endpoint_association_arn,
|
1618
|
+
:vpc_endpoint_id,
|
1388
1619
|
:flow_operation_id)
|
1389
1620
|
SENSITIVE = []
|
1390
1621
|
include Aws::Structure
|
@@ -1402,6 +1633,15 @@ module Aws::NetworkFirewall
|
|
1402
1633
|
# configure a single flow operation.
|
1403
1634
|
# @return [String]
|
1404
1635
|
#
|
1636
|
+
# @!attribute [rw] vpc_endpoint_association_arn
|
1637
|
+
# The Amazon Resource Name (ARN) of a VPC endpoint association.
|
1638
|
+
# @return [String]
|
1639
|
+
#
|
1640
|
+
# @!attribute [rw] vpc_endpoint_id
|
1641
|
+
# A unique identifier for the primary endpoint associated with a
|
1642
|
+
# firewall.
|
1643
|
+
# @return [String]
|
1644
|
+
#
|
1405
1645
|
# @!attribute [rw] flow_operation_id
|
1406
1646
|
# A unique identifier for the flow operation. This ID is returned in
|
1407
1647
|
# the responses to start and list commands. You provide to describe
|
@@ -1443,6 +1683,8 @@ module Aws::NetworkFirewall
|
|
1443
1683
|
class DescribeFlowOperationResponse < Struct.new(
|
1444
1684
|
:firewall_arn,
|
1445
1685
|
:availability_zone,
|
1686
|
+
:vpc_endpoint_association_arn,
|
1687
|
+
:vpc_endpoint_id,
|
1446
1688
|
:flow_operation_id,
|
1447
1689
|
:flow_operation_type,
|
1448
1690
|
:flow_operation_status,
|
@@ -1784,6 +2026,40 @@ module Aws::NetworkFirewall
|
|
1784
2026
|
include Aws::Structure
|
1785
2027
|
end
|
1786
2028
|
|
2029
|
+
# @!attribute [rw] vpc_endpoint_association_arn
|
2030
|
+
# The Amazon Resource Name (ARN) of a VPC endpoint association.
|
2031
|
+
# @return [String]
|
2032
|
+
#
|
2033
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeVpcEndpointAssociationRequest AWS API Documentation
|
2034
|
+
#
|
2035
|
+
class DescribeVpcEndpointAssociationRequest < Struct.new(
|
2036
|
+
:vpc_endpoint_association_arn)
|
2037
|
+
SENSITIVE = []
|
2038
|
+
include Aws::Structure
|
2039
|
+
end
|
2040
|
+
|
2041
|
+
# @!attribute [rw] vpc_endpoint_association
|
2042
|
+
# The configuration settings for the VPC endpoint association. These
|
2043
|
+
# settings include the firewall and the VPC and subnet to use for the
|
2044
|
+
# firewall endpoint.
|
2045
|
+
# @return [Types::VpcEndpointAssociation]
|
2046
|
+
#
|
2047
|
+
# @!attribute [rw] vpc_endpoint_association_status
|
2048
|
+
# Detailed information about the current status of a
|
2049
|
+
# VpcEndpointAssociation. You can retrieve this by calling
|
2050
|
+
# DescribeVpcEndpointAssociation and providing the VPC endpoint
|
2051
|
+
# association ARN.
|
2052
|
+
# @return [Types::VpcEndpointAssociationStatus]
|
2053
|
+
#
|
2054
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeVpcEndpointAssociationResponse AWS API Documentation
|
2055
|
+
#
|
2056
|
+
class DescribeVpcEndpointAssociationResponse < Struct.new(
|
2057
|
+
:vpc_endpoint_association,
|
2058
|
+
:vpc_endpoint_association_status)
|
2059
|
+
SENSITIVE = []
|
2060
|
+
include Aws::Structure
|
2061
|
+
end
|
2062
|
+
|
1787
2063
|
# The value to use in an Amazon CloudWatch custom metric dimension. This
|
1788
2064
|
# is used in the `PublishMetrics` CustomAction. A CloudWatch custom
|
1789
2065
|
# metric dimension is a name/value pair that's part of the identity of
|
@@ -1947,14 +2223,21 @@ module Aws::NetworkFirewall
|
|
1947
2223
|
include Aws::Structure
|
1948
2224
|
end
|
1949
2225
|
|
1950
|
-
#
|
1951
|
-
#
|
1952
|
-
#
|
1953
|
-
#
|
2226
|
+
# A firewall defines the behavior of a firewall, the main VPC where the
|
2227
|
+
# firewall is used, the Availability Zones where the firewall can be
|
2228
|
+
# used, and one subnet to use for a firewall endpoint within each of the
|
2229
|
+
# Availability Zones. The Availability Zones are defined implicitly in
|
2230
|
+
# the subnet specifications.
|
2231
|
+
#
|
2232
|
+
# In addition to the firewall endpoints that you define in this
|
2233
|
+
# `Firewall` specification, you can create firewall endpoints in
|
2234
|
+
# `VpcEndpointAssociation` resources for any VPC, in any Availability
|
2235
|
+
# Zone where the firewall is already in use.
|
1954
2236
|
#
|
1955
2237
|
# The status of the firewall, for example whether it's ready to filter
|
1956
2238
|
# network traffic, is provided in the corresponding FirewallStatus. You
|
1957
|
-
# can retrieve both
|
2239
|
+
# can retrieve both the firewall and firewall status by calling
|
2240
|
+
# DescribeFirewall.
|
1958
2241
|
#
|
1959
2242
|
# @!attribute [rw] firewall_name
|
1960
2243
|
# The descriptive name of the firewall. You can't change the name of
|
@@ -1978,8 +2261,23 @@ module Aws::NetworkFirewall
|
|
1978
2261
|
# @return [String]
|
1979
2262
|
#
|
1980
2263
|
# @!attribute [rw] subnet_mappings
|
1981
|
-
# The public subnets that Network Firewall is using for the
|
1982
|
-
#
|
2264
|
+
# The primary public subnets that Network Firewall is using for the
|
2265
|
+
# firewall. Network Firewall creates a firewall endpoint in each
|
2266
|
+
# subnet. Create a subnet mapping for each Availability Zone where you
|
2267
|
+
# want to use the firewall.
|
2268
|
+
#
|
2269
|
+
# These subnets are all defined for a single, primary VPC, and each
|
2270
|
+
# must belong to a different Availability Zone. Each of these subnets
|
2271
|
+
# establishes the availability of the firewall in its Availability
|
2272
|
+
# Zone.
|
2273
|
+
#
|
2274
|
+
# In addition to these subnets, you can define other endpoints for the
|
2275
|
+
# firewall in `VpcEndpointAssociation` resources. You can define these
|
2276
|
+
# additional endpoints for any VPC, and for any of the Availability
|
2277
|
+
# Zones where the firewall resource already has a subnet mapping. VPC
|
2278
|
+
# endpoint associations give you the ability to protect multiple VPCs
|
2279
|
+
# using a single firewall, and to define multiple firewall endpoints
|
2280
|
+
# for a VPC in a single Availability Zone.
|
1983
2281
|
# @return [Array<Types::SubnetMapping>]
|
1984
2282
|
#
|
1985
2283
|
# @!attribute [rw] delete_protection
|
@@ -2022,6 +2320,11 @@ module Aws::NetworkFirewall
|
|
2022
2320
|
# configuration settings for your firewall.
|
2023
2321
|
# @return [Types::EncryptionConfiguration]
|
2024
2322
|
#
|
2323
|
+
# @!attribute [rw] number_of_associations
|
2324
|
+
# The number of `VpcEndpointAssociation` resources that use this
|
2325
|
+
# firewall.
|
2326
|
+
# @return [Integer]
|
2327
|
+
#
|
2025
2328
|
# @!attribute [rw] enabled_analysis_types
|
2026
2329
|
# An optional setting indicating the specific traffic analysis types
|
2027
2330
|
# to enable on the firewall.
|
@@ -2042,6 +2345,7 @@ module Aws::NetworkFirewall
|
|
2042
2345
|
:firewall_id,
|
2043
2346
|
:tags,
|
2044
2347
|
:encryption_configuration,
|
2348
|
+
:number_of_associations,
|
2045
2349
|
:enabled_analysis_types)
|
2046
2350
|
SENSITIVE = []
|
2047
2351
|
include Aws::Structure
|
@@ -2289,9 +2593,15 @@ module Aws::NetworkFirewall
|
|
2289
2593
|
# retrieve this for a firewall by calling DescribeFirewall and providing
|
2290
2594
|
# the firewall name and ARN.
|
2291
2595
|
#
|
2596
|
+
# The firewall status indicates a combined status. It indicates whether
|
2597
|
+
# all subnets are up-to-date with the latest firewall configurations,
|
2598
|
+
# which is based on the sync states config values, and also whether all
|
2599
|
+
# subnets have their endpoints fully enabled, based on their sync states
|
2600
|
+
# attachment values.
|
2601
|
+
#
|
2292
2602
|
# @!attribute [rw] status
|
2293
2603
|
# The readiness of the configured firewall to handle network traffic
|
2294
|
-
# across all of the Availability Zones where you
|
2604
|
+
# across all of the Availability Zones where you have it configured.
|
2295
2605
|
# This setting is `READY` only when the
|
2296
2606
|
# `ConfigurationSyncStateSummary` value is `IN_SYNC` and the
|
2297
2607
|
# `Attachment` `Status` values for all of the configured subnets are
|
@@ -2300,34 +2610,35 @@ module Aws::NetworkFirewall
|
|
2300
2610
|
#
|
2301
2611
|
# @!attribute [rw] configuration_sync_state_summary
|
2302
2612
|
# The configuration sync state for the firewall. This summarizes the
|
2303
|
-
#
|
2304
|
-
#
|
2613
|
+
# `Config` settings in the `SyncStates` for this firewall status
|
2614
|
+
# object.
|
2305
2615
|
#
|
2306
2616
|
# When you create a firewall or update its configuration, for example
|
2307
2617
|
# by adding a rule group to its firewall policy, Network Firewall
|
2308
|
-
# distributes the configuration changes to all
|
2309
|
-
#
|
2310
|
-
# changes have been applied everywhere.
|
2618
|
+
# distributes the configuration changes to all Availability Zones that
|
2619
|
+
# have subnets defined for the firewall. This summary indicates
|
2620
|
+
# whether the configuration changes have been applied everywhere.
|
2311
2621
|
#
|
2312
2622
|
# This status must be `IN_SYNC` for the firewall to be ready for use,
|
2313
2623
|
# but it doesn't indicate that the firewall is ready. The `Status`
|
2314
|
-
# setting indicates firewall readiness.
|
2624
|
+
# setting indicates firewall readiness. It's based on this setting
|
2625
|
+
# and the readiness of the firewall endpoints to take traffic.
|
2315
2626
|
# @return [String]
|
2316
2627
|
#
|
2317
2628
|
# @!attribute [rw] sync_states
|
2318
|
-
#
|
2319
|
-
#
|
2320
|
-
#
|
2321
|
-
#
|
2322
|
-
#
|
2323
|
-
# and
|
2629
|
+
# Status for the subnets that you've configured in the firewall. This
|
2630
|
+
# contains one array element per Availability Zone where you've
|
2631
|
+
# configured a subnet in the firewall.
|
2632
|
+
#
|
2633
|
+
# These objects provide detailed information for the settings
|
2634
|
+
# `ConfigurationSyncStateSummary` and `Status`.
|
2324
2635
|
# @return [Hash<String,Types::SyncState>]
|
2325
2636
|
#
|
2326
2637
|
# @!attribute [rw] capacity_usage_summary
|
2327
2638
|
# Describes the capacity usage of the resources contained in a
|
2328
|
-
# firewall's reference sets. Network Firewall
|
2329
|
-
#
|
2330
|
-
#
|
2639
|
+
# firewall's reference sets. Network Firewall calculates the capacity
|
2640
|
+
# usage by taking an aggregated count of all of the resources used by
|
2641
|
+
# all of the reference sets in a firewall.
|
2331
2642
|
# @return [Types::CapacityUsageSummary]
|
2332
2643
|
#
|
2333
2644
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallStatus AWS API Documentation
|
@@ -3126,6 +3437,15 @@ module Aws::NetworkFirewall
|
|
3126
3437
|
# configure a single flow operation.
|
3127
3438
|
# @return [String]
|
3128
3439
|
#
|
3440
|
+
# @!attribute [rw] vpc_endpoint_id
|
3441
|
+
# A unique identifier for the primary endpoint associated with a
|
3442
|
+
# firewall.
|
3443
|
+
# @return [String]
|
3444
|
+
#
|
3445
|
+
# @!attribute [rw] vpc_endpoint_association_arn
|
3446
|
+
# The Amazon Resource Name (ARN) of a VPC endpoint association.
|
3447
|
+
# @return [String]
|
3448
|
+
#
|
3129
3449
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListFlowOperationResultsRequest AWS API Documentation
|
3130
3450
|
#
|
3131
3451
|
class ListFlowOperationResultsRequest < Struct.new(
|
@@ -3133,7 +3453,9 @@ module Aws::NetworkFirewall
|
|
3133
3453
|
:flow_operation_id,
|
3134
3454
|
:next_token,
|
3135
3455
|
:max_results,
|
3136
|
-
:availability_zone
|
3456
|
+
:availability_zone,
|
3457
|
+
:vpc_endpoint_id,
|
3458
|
+
:vpc_endpoint_association_arn)
|
3137
3459
|
SENSITIVE = []
|
3138
3460
|
include Aws::Structure
|
3139
3461
|
end
|
@@ -3150,6 +3472,12 @@ module Aws::NetworkFirewall
|
|
3150
3472
|
# configure a single flow operation.
|
3151
3473
|
# @return [String]
|
3152
3474
|
#
|
3475
|
+
# @!attribute [rw] vpc_endpoint_association_arn
|
3476
|
+
# @return [String]
|
3477
|
+
#
|
3478
|
+
# @!attribute [rw] vpc_endpoint_id
|
3479
|
+
# @return [String]
|
3480
|
+
#
|
3153
3481
|
# @!attribute [rw] flow_operation_id
|
3154
3482
|
# A unique identifier for the flow operation. This ID is returned in
|
3155
3483
|
# the responses to start and list commands. You provide to describe
|
@@ -3195,6 +3523,8 @@ module Aws::NetworkFirewall
|
|
3195
3523
|
class ListFlowOperationResultsResponse < Struct.new(
|
3196
3524
|
:firewall_arn,
|
3197
3525
|
:availability_zone,
|
3526
|
+
:vpc_endpoint_association_arn,
|
3527
|
+
:vpc_endpoint_id,
|
3198
3528
|
:flow_operation_id,
|
3199
3529
|
:flow_operation_status,
|
3200
3530
|
:status_message,
|
@@ -3217,6 +3547,15 @@ module Aws::NetworkFirewall
|
|
3217
3547
|
# configure a single flow operation.
|
3218
3548
|
# @return [String]
|
3219
3549
|
#
|
3550
|
+
# @!attribute [rw] vpc_endpoint_association_arn
|
3551
|
+
# The Amazon Resource Name (ARN) of a VPC endpoint association.
|
3552
|
+
# @return [String]
|
3553
|
+
#
|
3554
|
+
# @!attribute [rw] vpc_endpoint_id
|
3555
|
+
# A unique identifier for the primary endpoint associated with a
|
3556
|
+
# firewall.
|
3557
|
+
# @return [String]
|
3558
|
+
#
|
3220
3559
|
# @!attribute [rw] flow_operation_type
|
3221
3560
|
# An optional string that defines whether any or all operation types
|
3222
3561
|
# are returned.
|
@@ -3242,6 +3581,8 @@ module Aws::NetworkFirewall
|
|
3242
3581
|
class ListFlowOperationsRequest < Struct.new(
|
3243
3582
|
:firewall_arn,
|
3244
3583
|
:availability_zone,
|
3584
|
+
:vpc_endpoint_association_arn,
|
3585
|
+
:vpc_endpoint_id,
|
3245
3586
|
:flow_operation_type,
|
3246
3587
|
:next_token,
|
3247
3588
|
:max_results)
|
@@ -3440,6 +3781,64 @@ module Aws::NetworkFirewall
|
|
3440
3781
|
include Aws::Structure
|
3441
3782
|
end
|
3442
3783
|
|
3784
|
+
# @!attribute [rw] next_token
|
3785
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
3786
|
+
# the number of objects that are still available for retrieval exceeds
|
3787
|
+
# the maximum you requested, Network Firewall returns a `NextToken`
|
3788
|
+
# value in the response. To retrieve the next batch of objects, use
|
3789
|
+
# the token returned from the prior request in your next request.
|
3790
|
+
# @return [String]
|
3791
|
+
#
|
3792
|
+
# @!attribute [rw] max_results
|
3793
|
+
# The maximum number of objects that you want Network Firewall to
|
3794
|
+
# return for this request. If more objects are available, in the
|
3795
|
+
# response, Network Firewall provides a `NextToken` value that you can
|
3796
|
+
# use in a subsequent call to get the next batch of objects.
|
3797
|
+
# @return [Integer]
|
3798
|
+
#
|
3799
|
+
# @!attribute [rw] firewall_arn
|
3800
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
3801
|
+
#
|
3802
|
+
# If you don't specify this, Network Firewall retrieves all VPC
|
3803
|
+
# endpoint associations that you have defined.
|
3804
|
+
# @return [String]
|
3805
|
+
#
|
3806
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListVpcEndpointAssociationsRequest AWS API Documentation
|
3807
|
+
#
|
3808
|
+
class ListVpcEndpointAssociationsRequest < Struct.new(
|
3809
|
+
:next_token,
|
3810
|
+
:max_results,
|
3811
|
+
:firewall_arn)
|
3812
|
+
SENSITIVE = []
|
3813
|
+
include Aws::Structure
|
3814
|
+
end
|
3815
|
+
|
3816
|
+
# @!attribute [rw] next_token
|
3817
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
3818
|
+
# the number of objects that are still available for retrieval exceeds
|
3819
|
+
# the maximum you requested, Network Firewall returns a `NextToken`
|
3820
|
+
# value in the response. To retrieve the next batch of objects, use
|
3821
|
+
# the token returned from the prior request in your next request.
|
3822
|
+
# @return [String]
|
3823
|
+
#
|
3824
|
+
# @!attribute [rw] vpc_endpoint_associations
|
3825
|
+
# The VPC endpoint assocation metadata objects for the firewall that
|
3826
|
+
# you specified. If you didn't specify a firewall, this is all VPC
|
3827
|
+
# endpoint associations that you have defined.
|
3828
|
+
#
|
3829
|
+
# Depending on your setting for max results and the number of
|
3830
|
+
# firewalls you have, a single call might not be the full list.
|
3831
|
+
# @return [Array<Types::VpcEndpointAssociationMetadata>]
|
3832
|
+
#
|
3833
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListVpcEndpointAssociationsResponse AWS API Documentation
|
3834
|
+
#
|
3835
|
+
class ListVpcEndpointAssociationsResponse < Struct.new(
|
3836
|
+
:next_token,
|
3837
|
+
:vpc_endpoint_associations)
|
3838
|
+
SENSITIVE = []
|
3839
|
+
include Aws::Structure
|
3840
|
+
end
|
3841
|
+
|
3443
3842
|
# Defines where Network Firewall sends logs for the firewall for one log
|
3444
3843
|
# type. This is used in LoggingConfiguration. You can send each type of
|
3445
3844
|
# log to an Amazon S3 bucket, a CloudWatch log group, or a Firehose
|
@@ -3702,13 +4101,13 @@ module Aws::NetworkFirewall
|
|
3702
4101
|
|
3703
4102
|
# @!attribute [rw] resource_arn
|
3704
4103
|
# The Amazon Resource Name (ARN) of the account that you want to share
|
3705
|
-
#
|
4104
|
+
# your Network Firewall resources with.
|
3706
4105
|
# @return [String]
|
3707
4106
|
#
|
3708
4107
|
# @!attribute [rw] policy
|
3709
4108
|
# The IAM policy statement that lists the accounts that you want to
|
3710
|
-
# share your
|
3711
|
-
#
|
4109
|
+
# share your Network Firewall resources with and the operations that
|
4110
|
+
# you want the accounts to be able to perform.
|
3712
4111
|
#
|
3713
4112
|
# For a rule group resource, you can specify the following operations
|
3714
4113
|
# in the Actions section of the statement:
|
@@ -3726,9 +4125,18 @@ module Aws::NetworkFirewall
|
|
3726
4125
|
#
|
3727
4126
|
# * network-firewall:ListFirewallPolicies
|
3728
4127
|
#
|
4128
|
+
# For a firewall resource, you can specify the following operations in
|
4129
|
+
# the Actions section of the statement:
|
4130
|
+
#
|
4131
|
+
# * network-firewall:CreateVpcEndpointAssociation
|
4132
|
+
#
|
4133
|
+
# * network-firewall:DescribeFirewallMetadata
|
4134
|
+
#
|
4135
|
+
# * network-firewall:ListFirewalls
|
4136
|
+
#
|
3729
4137
|
# In the Resource section of the statement, you specify the ARNs for
|
3730
|
-
# the
|
3731
|
-
#
|
4138
|
+
# the Network Firewall resources that you want to share with the
|
4139
|
+
# account that you specified in `Arn`.
|
3732
4140
|
# @return [String]
|
3733
4141
|
#
|
3734
4142
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/PutResourcePolicyRequest AWS API Documentation
|
@@ -4437,6 +4845,15 @@ module Aws::NetworkFirewall
|
|
4437
4845
|
# configure a single flow operation.
|
4438
4846
|
# @return [String]
|
4439
4847
|
#
|
4848
|
+
# @!attribute [rw] vpc_endpoint_association_arn
|
4849
|
+
# The Amazon Resource Name (ARN) of a VPC endpoint association.
|
4850
|
+
# @return [String]
|
4851
|
+
#
|
4852
|
+
# @!attribute [rw] vpc_endpoint_id
|
4853
|
+
# A unique identifier for the primary endpoint associated with a
|
4854
|
+
# firewall.
|
4855
|
+
# @return [String]
|
4856
|
+
#
|
4440
4857
|
# @!attribute [rw] minimum_flow_age_in_seconds
|
4441
4858
|
# The reqested `FlowOperation` ignores flows with an age (in seconds)
|
4442
4859
|
# lower than `MinimumFlowAgeInSeconds`. You provide this for start
|
@@ -4458,6 +4875,8 @@ module Aws::NetworkFirewall
|
|
4458
4875
|
class StartFlowCaptureRequest < Struct.new(
|
4459
4876
|
:firewall_arn,
|
4460
4877
|
:availability_zone,
|
4878
|
+
:vpc_endpoint_association_arn,
|
4879
|
+
:vpc_endpoint_id,
|
4461
4880
|
:minimum_flow_age_in_seconds,
|
4462
4881
|
:flow_filters)
|
4463
4882
|
SENSITIVE = []
|
@@ -4505,6 +4924,15 @@ module Aws::NetworkFirewall
|
|
4505
4924
|
# configure a single flow operation.
|
4506
4925
|
# @return [String]
|
4507
4926
|
#
|
4927
|
+
# @!attribute [rw] vpc_endpoint_association_arn
|
4928
|
+
# The Amazon Resource Name (ARN) of a VPC endpoint association.
|
4929
|
+
# @return [String]
|
4930
|
+
#
|
4931
|
+
# @!attribute [rw] vpc_endpoint_id
|
4932
|
+
# A unique identifier for the primary endpoint associated with a
|
4933
|
+
# firewall.
|
4934
|
+
# @return [String]
|
4935
|
+
#
|
4508
4936
|
# @!attribute [rw] minimum_flow_age_in_seconds
|
4509
4937
|
# The reqested `FlowOperation` ignores flows with an age (in seconds)
|
4510
4938
|
# lower than `MinimumFlowAgeInSeconds`. You provide this for start
|
@@ -4521,6 +4949,8 @@ module Aws::NetworkFirewall
|
|
4521
4949
|
class StartFlowFlushRequest < Struct.new(
|
4522
4950
|
:firewall_arn,
|
4523
4951
|
:availability_zone,
|
4952
|
+
:vpc_endpoint_association_arn,
|
4953
|
+
:vpc_endpoint_id,
|
4524
4954
|
:minimum_flow_age_in_seconds,
|
4525
4955
|
:flow_filters)
|
4526
4956
|
SENSITIVE = []
|
@@ -4845,10 +5275,11 @@ module Aws::NetworkFirewall
|
|
4845
5275
|
include Aws::Structure
|
4846
5276
|
end
|
4847
5277
|
|
4848
|
-
# The ID for a subnet that
|
4849
|
-
# is used
|
4850
|
-
# creates an instance of
|
4851
|
-
#
|
5278
|
+
# The ID for a subnet that's used in an association with a firewall.
|
5279
|
+
# This is used in CreateFirewall, AssociateSubnets, and
|
5280
|
+
# CreateVpcEndpointAssociation. Network Firewall creates an instance of
|
5281
|
+
# the associated firewall in each subnet that you specify, to filter
|
5282
|
+
# traffic in the subnet's Availability Zone.
|
4852
5283
|
#
|
4853
5284
|
# @!attribute [rw] subnet_id
|
4854
5285
|
# The unique identifier for the subnet.
|
@@ -4869,7 +5300,7 @@ module Aws::NetworkFirewall
|
|
4869
5300
|
end
|
4870
5301
|
|
4871
5302
|
# The status of the firewall endpoint and firewall policy configuration
|
4872
|
-
# for a single VPC subnet.
|
5303
|
+
# for a single VPC subnet. This is part of the FirewallStatus.
|
4873
5304
|
#
|
4874
5305
|
# For each VPC subnet that you associate with a firewall, Network
|
4875
5306
|
# Firewall does the following:
|
@@ -4886,11 +5317,10 @@ module Aws::NetworkFirewall
|
|
4886
5317
|
# complete.
|
4887
5318
|
#
|
4888
5319
|
# @!attribute [rw] attachment
|
4889
|
-
# The
|
4890
|
-
#
|
4891
|
-
#
|
4892
|
-
#
|
4893
|
-
# FirewallStatus.
|
5320
|
+
# The configuration and status for a single firewall subnet. For each
|
5321
|
+
# configured subnet, Network Firewall creates the attachment by
|
5322
|
+
# instantiating the firewall endpoint in the subnet so that it's
|
5323
|
+
# ready to take traffic.
|
4894
5324
|
# @return [Types::Attachment]
|
4895
5325
|
#
|
4896
5326
|
# @!attribute [rw] config
|
@@ -4899,7 +5329,7 @@ module Aws::NetworkFirewall
|
|
4899
5329
|
# are configured in the firewall policy. Each time you add a subnet or
|
4900
5330
|
# modify the associated firewall policy, Network Firewall synchronizes
|
4901
5331
|
# the rules in the endpoint, so it can properly filter network
|
4902
|
-
# traffic.
|
5332
|
+
# traffic.
|
4903
5333
|
# @return [Hash<String,Types::PerObjectStatus>]
|
4904
5334
|
#
|
4905
5335
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/SyncState AWS API Documentation
|
@@ -6230,6 +6660,139 @@ module Aws::NetworkFirewall
|
|
6230
6660
|
include Aws::Structure
|
6231
6661
|
end
|
6232
6662
|
|
6663
|
+
# A VPC endpoint association defines a single subnet to use for a
|
6664
|
+
# firewall endpoint for a `Firewall`. You can define VPC endpoint
|
6665
|
+
# associations only in the Availability Zones that already have a subnet
|
6666
|
+
# mapping defined in the `Firewall` resource.
|
6667
|
+
#
|
6668
|
+
# <note markdown="1"> You can retrieve the list of Availability Zones that are available for
|
6669
|
+
# use by calling `DescribeFirewallMetadata`.
|
6670
|
+
#
|
6671
|
+
# </note>
|
6672
|
+
#
|
6673
|
+
# To manage firewall endpoints, first, in the `Firewall` specification,
|
6674
|
+
# you specify a single VPC and one subnet for each of the Availability
|
6675
|
+
# Zones where you want to use the firewall. Then you can define
|
6676
|
+
# additional endpoints as VPC endpoint associations.
|
6677
|
+
#
|
6678
|
+
# You can use VPC endpoint associations to expand the protections of the
|
6679
|
+
# firewall as follows:
|
6680
|
+
#
|
6681
|
+
# * **Protect multiple VPCs with a single firewall** - You can use the
|
6682
|
+
# firewall to protect other VPCs, either in your account or in
|
6683
|
+
# accounts where the firewall is shared. You can only specify
|
6684
|
+
# Availability Zones that already have a firewall endpoint defined in
|
6685
|
+
# the `Firewall` subnet mappings.
|
6686
|
+
#
|
6687
|
+
# * **Define multiple firewall endpoints for a VPC in an Availability
|
6688
|
+
# Zone** - You can create additional firewall endpoints for the VPC
|
6689
|
+
# that you have defined in the firewall, in any Availability Zone that
|
6690
|
+
# already has an endpoint defined in the `Firewall` subnet mappings.
|
6691
|
+
# You can create multiple VPC endpoint associations for any other VPC
|
6692
|
+
# where you use the firewall.
|
6693
|
+
#
|
6694
|
+
# You can use Resource Access Manager to share a `Firewall` that you own
|
6695
|
+
# with other accounts, which gives them the ability to use the firewall
|
6696
|
+
# to create VPC endpoint associations. For information about sharing a
|
6697
|
+
# firewall, see `PutResourcePolicy` in this guide and see [Sharing
|
6698
|
+
# Network Firewall resources][1] in the *Network Firewall Developer
|
6699
|
+
# Guide*.
|
6700
|
+
#
|
6701
|
+
# The status of the VPC endpoint association, which indicates whether
|
6702
|
+
# it's ready to filter network traffic, is provided in the
|
6703
|
+
# corresponding VpcEndpointAssociationStatus. You can retrieve both the
|
6704
|
+
# association and its status by calling DescribeVpcEndpointAssociation.
|
6705
|
+
#
|
6706
|
+
#
|
6707
|
+
#
|
6708
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/sharing.html
|
6709
|
+
#
|
6710
|
+
# @!attribute [rw] vpc_endpoint_association_id
|
6711
|
+
# The unique identifier of the VPC endpoint association.
|
6712
|
+
# @return [String]
|
6713
|
+
#
|
6714
|
+
# @!attribute [rw] vpc_endpoint_association_arn
|
6715
|
+
# The Amazon Resource Name (ARN) of a VPC endpoint association.
|
6716
|
+
# @return [String]
|
6717
|
+
#
|
6718
|
+
# @!attribute [rw] firewall_arn
|
6719
|
+
# The Amazon Resource Name (ARN) of the firewall.
|
6720
|
+
# @return [String]
|
6721
|
+
#
|
6722
|
+
# @!attribute [rw] vpc_id
|
6723
|
+
# The unique identifier of the VPC for the endpoint association.
|
6724
|
+
# @return [String]
|
6725
|
+
#
|
6726
|
+
# @!attribute [rw] subnet_mapping
|
6727
|
+
# The ID for a subnet that's used in an association with a firewall.
|
6728
|
+
# This is used in CreateFirewall, AssociateSubnets, and
|
6729
|
+
# CreateVpcEndpointAssociation. Network Firewall creates an instance
|
6730
|
+
# of the associated firewall in each subnet that you specify, to
|
6731
|
+
# filter traffic in the subnet's Availability Zone.
|
6732
|
+
# @return [Types::SubnetMapping]
|
6733
|
+
#
|
6734
|
+
# @!attribute [rw] description
|
6735
|
+
# A description of the VPC endpoint association.
|
6736
|
+
# @return [String]
|
6737
|
+
#
|
6738
|
+
# @!attribute [rw] tags
|
6739
|
+
# The key:value pairs to associate with the resource.
|
6740
|
+
# @return [Array<Types::Tag>]
|
6741
|
+
#
|
6742
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/VpcEndpointAssociation AWS API Documentation
|
6743
|
+
#
|
6744
|
+
class VpcEndpointAssociation < Struct.new(
|
6745
|
+
:vpc_endpoint_association_id,
|
6746
|
+
:vpc_endpoint_association_arn,
|
6747
|
+
:firewall_arn,
|
6748
|
+
:vpc_id,
|
6749
|
+
:subnet_mapping,
|
6750
|
+
:description,
|
6751
|
+
:tags)
|
6752
|
+
SENSITIVE = []
|
6753
|
+
include Aws::Structure
|
6754
|
+
end
|
6755
|
+
|
6756
|
+
# High-level information about a VPC endpoint association, returned by
|
6757
|
+
# `ListVpcEndpointAssociations`. You can use the information provided in
|
6758
|
+
# the metadata to retrieve and manage a VPC endpoint association.
|
6759
|
+
#
|
6760
|
+
# @!attribute [rw] vpc_endpoint_association_arn
|
6761
|
+
# The Amazon Resource Name (ARN) of a VPC endpoint association.
|
6762
|
+
# @return [String]
|
6763
|
+
#
|
6764
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/VpcEndpointAssociationMetadata AWS API Documentation
|
6765
|
+
#
|
6766
|
+
class VpcEndpointAssociationMetadata < Struct.new(
|
6767
|
+
:vpc_endpoint_association_arn)
|
6768
|
+
SENSITIVE = []
|
6769
|
+
include Aws::Structure
|
6770
|
+
end
|
6771
|
+
|
6772
|
+
# Detailed information about the current status of a
|
6773
|
+
# VpcEndpointAssociation. You can retrieve this by calling
|
6774
|
+
# DescribeVpcEndpointAssociation and providing the VPC endpoint
|
6775
|
+
# association ARN.
|
6776
|
+
#
|
6777
|
+
# @!attribute [rw] status
|
6778
|
+
# The readiness of the configured firewall endpoint to handle network
|
6779
|
+
# traffic.
|
6780
|
+
# @return [String]
|
6781
|
+
#
|
6782
|
+
# @!attribute [rw] association_sync_state
|
6783
|
+
# The list of the Availability Zone sync states for all subnets that
|
6784
|
+
# are defined by the firewall.
|
6785
|
+
# @return [Hash<String,Types::AZSyncState>]
|
6786
|
+
#
|
6787
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/VpcEndpointAssociationStatus AWS API Documentation
|
6788
|
+
#
|
6789
|
+
class VpcEndpointAssociationStatus < Struct.new(
|
6790
|
+
:status,
|
6791
|
+
:association_sync_state)
|
6792
|
+
SENSITIVE = []
|
6793
|
+
include Aws::Structure
|
6794
|
+
end
|
6795
|
+
|
6233
6796
|
end
|
6234
6797
|
end
|
6235
6798
|
|