aws-sdk-networkfirewall 1.7.0 → 1.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7fbd66b2c614a071383c54a79d815a002fc645b301d7753644373f51f614350e
-  data.tar.gz: 878c9322630d33432a1ff072de50e40a150792034347162d28ea4aac5e669216
+  metadata.gz: 6ccab61032781decb6d5f4dc880424249824ef1dca1669c6985c65bf4c3b8a13
+  data.tar.gz: f8a4f0fcb037edace6d2f15af90846b2161801c93006fb3b8be813153c7fd620
 SHA512:
-  metadata.gz: '083f3daba271313c62e22bde5f6cafac97c1b63f22499c78bdc4424e4605848f07f7c6af80c9bf8b6e25a1a54e9ecb7024cdb0e54a5c3e70e38c0133a0ff6625'
-  data.tar.gz: 7cd39ff791c98b127fb9f2da3e008289b3b093eaf62578753366b8fa2e8ca20c68921f1badfc76c837d2658f177e64e0527cd3d888b3aa839832c385df7151b0
+  metadata.gz: e79c16a8f3fea2e0ab53e0d85e4b37892fe7d914c700fcc4408a630f604eb04ca64ba5af9d53f35a60d583dd9427939ae55785dfa16116c93fe5ab2ba3d7b1e0
+  data.tar.gz: ad221e62dfa116b7de586c3078ede1a795bed53bb2c11960f01be63000dcb6df57afc92da76389acfead37e08d1e1103503bd44c8d074eff02ae3eaa36a87f80

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.11.0 (2021-11-30)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.10.0 (2021-11-04)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.9.0 (2021-10-18)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.8.0 (2021-09-30)
+------------------
+
+* Feature - This release adds support for strict ordering for stateful rule groups. Using strict ordering, stateful rules are evaluated in the exact order in which you provide them.
+
 1.7.0 (2021-09-01)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.7.0
+1.11.0

data/lib/aws-sdk-networkfirewall/client.rb

@@ -119,7 +119,9 @@ module Aws::NetworkFirewall
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts.
+    #       enable retries and extended timeouts. Instance profile credential
+    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
+    #       to true.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -285,6 +287,15 @@ module Aws::NetworkFirewall
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Boolean] :use_dualstack_endpoint
+    #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
+    #     will be used if available.
+    #
+    #   @option options [Boolean] :use_fips_endpoint
+    #     When set to `true`, fips compatible endpoints will be used if available.
+    #     When a `fips` region is used, the region is normalized and this config
+    #     is set to `true`.
+    #
     #   @option options [Boolean] :validate_params (true)
     #     When `true`, request parameters are validated before
     #     sending the request.
@@ -692,8 +703,13 @@ module Aws::NetworkFirewall
     #       stateful_rule_group_references: [
     #         {
     #           resource_arn: "ResourceArn", # required
+    #           priority: 1,
     #         },
     #       ],
+    #       stateful_default_actions: ["CollectionMember_String"],
+    #       stateful_engine_options: {
+    #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #       },
     #     },
     #     description: "Description",
     #     tags: [
@@ -716,6 +732,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.tags #=> Array
     #   resp.firewall_policy_response.tags[0].key #=> String
     #   resp.firewall_policy_response.tags[0].value #=> String
+    #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicy AWS API Documentation
     #
@@ -938,6 +957,9 @@ module Aws::NetworkFirewall
     #           ],
     #         },
     #       },
+    #       stateful_rule_options: {
+    #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #       },
     #     },
     #     rules: "RulesString",
     #     type: "STATELESS", # required, accepts STATELESS, STATEFUL
@@ -965,6 +987,8 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags #=> Array
     #   resp.rule_group_response.tags[0].key #=> String
     #   resp.rule_group_response.tags[0].value #=> String
+    #   resp.rule_group_response.consumed_capacity #=> Integer
+    #   resp.rule_group_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup AWS API Documentation
     #
@@ -1083,6 +1107,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.tags #=> Array
     #   resp.firewall_policy_response.tags[0].key #=> String
     #   resp.firewall_policy_response.tags[0].value #=> String
+    #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallPolicy AWS API Documentation
     #
@@ -1164,6 +1191,8 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags #=> Array
     #   resp.rule_group_response.tags[0].key #=> String
     #   resp.rule_group_response.tags[0].value #=> String
+    #   resp.rule_group_response.consumed_capacity #=> Integer
+    #   resp.rule_group_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup AWS API Documentation
     #
@@ -1273,6 +1302,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.tags #=> Array
     #   resp.firewall_policy_response.tags[0].key #=> String
     #   resp.firewall_policy_response.tags[0].value #=> String
+    #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.number_of_associations #=> Integer
     #   resp.firewall_policy.stateless_rule_group_references #=> Array
     #   resp.firewall_policy.stateless_rule_group_references[0].resource_arn #=> String
     #   resp.firewall_policy.stateless_rule_group_references[0].priority #=> Integer
@@ -1286,6 +1318,10 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy.stateless_custom_actions[0].action_definition.publish_metric_action.dimensions[0].value #=> String
     #   resp.firewall_policy.stateful_rule_group_references #=> Array
     #   resp.firewall_policy.stateful_rule_group_references[0].resource_arn #=> String
+    #   resp.firewall_policy.stateful_rule_group_references[0].priority #=> Integer
+    #   resp.firewall_policy.stateful_default_actions #=> Array
+    #   resp.firewall_policy.stateful_default_actions[0] #=> String
+    #   resp.firewall_policy.stateful_engine_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewallPolicy AWS API Documentation
     #
@@ -1458,6 +1494,7 @@ module Aws::NetworkFirewall
     #   resp.rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions[0].action_name #=> String
     #   resp.rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions[0].action_definition.publish_metric_action.dimensions #=> Array
     #   resp.rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions[0].action_definition.publish_metric_action.dimensions[0].value #=> String
+    #   resp.rule_group.stateful_rule_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
     #   resp.rule_group_response.rule_group_arn #=> String
     #   resp.rule_group_response.rule_group_name #=> String
     #   resp.rule_group_response.rule_group_id #=> String
@@ -1468,6 +1505,8 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags #=> Array
     #   resp.rule_group_response.tags[0].key #=> String
     #   resp.rule_group_response.tags[0].value #=> String
+    #   resp.rule_group_response.consumed_capacity #=> Integer
+    #   resp.rule_group_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup AWS API Documentation
     #
@@ -2136,8 +2175,13 @@ module Aws::NetworkFirewall
     #       stateful_rule_group_references: [
     #         {
     #           resource_arn: "ResourceArn", # required
+    #           priority: 1,
     #         },
     #       ],
+    #       stateful_default_actions: ["CollectionMember_String"],
+    #       stateful_engine_options: {
+    #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #       },
     #     },
     #     description: "Description",
     #     dry_run: false,
@@ -2154,6 +2198,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.tags #=> Array
     #   resp.firewall_policy_response.tags[0].key #=> String
     #   resp.firewall_policy_response.tags[0].value #=> String
+    #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicy AWS API Documentation
     #
@@ -2505,6 +2552,9 @@ module Aws::NetworkFirewall
     #           ],
     #         },
     #       },
+    #       stateful_rule_options: {
+    #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #       },
     #     },
     #     rules: "RulesString",
     #     type: "STATELESS", # accepts STATELESS, STATEFUL
@@ -2525,6 +2575,8 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags #=> Array
     #   resp.rule_group_response.tags[0].key #=> String
     #   resp.rule_group_response.tags[0].value #=> String
+    #   resp.rule_group_response.consumed_capacity #=> Integer
+    #   resp.rule_group_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup AWS API Documentation
     #
@@ -2617,7 +2669,7 @@ module Aws::NetworkFirewall
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-networkfirewall'
-      context[:gem_version] = '1.7.0'
+      context[:gem_version] = '1.11.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-networkfirewall/client_api.rb

@@ -105,6 +105,7 @@ module Aws::NetworkFirewall
     LogType = Shapes::StringShape.new(name: 'LogType')
     LoggingConfiguration = Shapes::StructureShape.new(name: 'LoggingConfiguration')
     MatchAttributes = Shapes::StructureShape.new(name: 'MatchAttributes')
+    NumberOfAssociations = Shapes::IntegerShape.new(name: 'NumberOfAssociations')
     PaginationMaxResults = Shapes::IntegerShape.new(name: 'PaginationMaxResults')
     PaginationToken = Shapes::StringShape.new(name: 'PaginationToken')
     PerObjectStatus = Shapes::StructureShape.new(name: 'PerObjectStatus')
@@ -137,6 +138,7 @@ module Aws::NetworkFirewall
     RuleGroups = Shapes::ListShape.new(name: 'RuleGroups')
     RuleOption = Shapes::StructureShape.new(name: 'RuleOption')
     RuleOptions = Shapes::ListShape.new(name: 'RuleOptions')
+    RuleOrder = Shapes::StringShape.new(name: 'RuleOrder')
     RuleTargets = Shapes::ListShape.new(name: 'RuleTargets')
     RuleVariableName = Shapes::StringShape.new(name: 'RuleVariableName')
     RuleVariables = Shapes::StructureShape.new(name: 'RuleVariables')
@@ -147,10 +149,13 @@ module Aws::NetworkFirewall
     Settings = Shapes::ListShape.new(name: 'Settings')
     Source = Shapes::StringShape.new(name: 'Source')
     StatefulAction = Shapes::StringShape.new(name: 'StatefulAction')
+    StatefulActions = Shapes::ListShape.new(name: 'StatefulActions')
+    StatefulEngineOptions = Shapes::StructureShape.new(name: 'StatefulEngineOptions')
     StatefulRule = Shapes::StructureShape.new(name: 'StatefulRule')
     StatefulRuleDirection = Shapes::StringShape.new(name: 'StatefulRuleDirection')
     StatefulRuleGroupReference = Shapes::StructureShape.new(name: 'StatefulRuleGroupReference')
     StatefulRuleGroupReferences = Shapes::ListShape.new(name: 'StatefulRuleGroupReferences')
+    StatefulRuleOptions = Shapes::StructureShape.new(name: 'StatefulRuleOptions')
     StatefulRuleProtocol = Shapes::StringShape.new(name: 'StatefulRuleProtocol')
     StatefulRules = Shapes::ListShape.new(name: 'StatefulRules')
     StatelessActions = Shapes::ListShape.new(name: 'StatelessActions')
@@ -397,6 +402,8 @@ module Aws::NetworkFirewall
     FirewallPolicy.add_member(:stateless_fragment_default_actions, Shapes::ShapeRef.new(shape: StatelessActions, required: true, location_name: "StatelessFragmentDefaultActions"))
     FirewallPolicy.add_member(:stateless_custom_actions, Shapes::ShapeRef.new(shape: CustomActions, location_name: "StatelessCustomActions"))
     FirewallPolicy.add_member(:stateful_rule_group_references, Shapes::ShapeRef.new(shape: StatefulRuleGroupReferences, location_name: "StatefulRuleGroupReferences"))
+    FirewallPolicy.add_member(:stateful_default_actions, Shapes::ShapeRef.new(shape: StatefulActions, location_name: "StatefulDefaultActions"))
+    FirewallPolicy.add_member(:stateful_engine_options, Shapes::ShapeRef.new(shape: StatefulEngineOptions, location_name: "StatefulEngineOptions"))
     FirewallPolicy.struct_class = Types::FirewallPolicy
 
     FirewallPolicyMetadata.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "Name"))
@@ -409,6 +416,9 @@ module Aws::NetworkFirewall
     FirewallPolicyResponse.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
     FirewallPolicyResponse.add_member(:firewall_policy_status, Shapes::ShapeRef.new(shape: ResourceStatus, location_name: "FirewallPolicyStatus"))
     FirewallPolicyResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
+    FirewallPolicyResponse.add_member(:consumed_stateless_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatelessRuleCapacity"))
+    FirewallPolicyResponse.add_member(:consumed_stateful_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatefulRuleCapacity"))
+    FirewallPolicyResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
     FirewallPolicyResponse.struct_class = Types::FirewallPolicyResponse
 
     FirewallStatus.add_member(:status, Shapes::ShapeRef.new(shape: FirewallStatusValue, required: true, location_name: "Status"))
@@ -552,6 +562,7 @@ module Aws::NetworkFirewall
 
     RuleGroup.add_member(:rule_variables, Shapes::ShapeRef.new(shape: RuleVariables, location_name: "RuleVariables"))
     RuleGroup.add_member(:rules_source, Shapes::ShapeRef.new(shape: RulesSource, required: true, location_name: "RulesSource"))
+    RuleGroup.add_member(:stateful_rule_options, Shapes::ShapeRef.new(shape: StatefulRuleOptions, location_name: "StatefulRuleOptions"))
     RuleGroup.struct_class = Types::RuleGroup
 
     RuleGroupMetadata.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "Name"))
@@ -566,6 +577,8 @@ module Aws::NetworkFirewall
     RuleGroupResponse.add_member(:capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "Capacity"))
     RuleGroupResponse.add_member(:rule_group_status, Shapes::ShapeRef.new(shape: ResourceStatus, location_name: "RuleGroupStatus"))
     RuleGroupResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
+    RuleGroupResponse.add_member(:consumed_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedCapacity"))
+    RuleGroupResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
     RuleGroupResponse.struct_class = Types::RuleGroupResponse
 
     RuleGroups.member = Shapes::ShapeRef.new(shape: RuleGroupMetadata)
@@ -595,16 +608,25 @@ module Aws::NetworkFirewall
 
     Settings.member = Shapes::ShapeRef.new(shape: Setting)
 
+    StatefulActions.member = Shapes::ShapeRef.new(shape: CollectionMember_String)
+
+    StatefulEngineOptions.add_member(:rule_order, Shapes::ShapeRef.new(shape: RuleOrder, location_name: "RuleOrder"))
+    StatefulEngineOptions.struct_class = Types::StatefulEngineOptions
+
     StatefulRule.add_member(:action, Shapes::ShapeRef.new(shape: StatefulAction, required: true, location_name: "Action"))
     StatefulRule.add_member(:header, Shapes::ShapeRef.new(shape: Header, required: true, location_name: "Header"))
     StatefulRule.add_member(:rule_options, Shapes::ShapeRef.new(shape: RuleOptions, required: true, location_name: "RuleOptions"))
     StatefulRule.struct_class = Types::StatefulRule
 
     StatefulRuleGroupReference.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ResourceArn"))
+    StatefulRuleGroupReference.add_member(:priority, Shapes::ShapeRef.new(shape: Priority, location_name: "Priority", metadata: {"box"=>true}))
     StatefulRuleGroupReference.struct_class = Types::StatefulRuleGroupReference
 
     StatefulRuleGroupReferences.member = Shapes::ShapeRef.new(shape: StatefulRuleGroupReference)
 
+    StatefulRuleOptions.add_member(:rule_order, Shapes::ShapeRef.new(shape: RuleOrder, location_name: "RuleOrder"))
+    StatefulRuleOptions.struct_class = Types::StatefulRuleOptions
+
     StatefulRules.member = Shapes::ShapeRef.new(shape: StatefulRule)
 
     StatelessActions.member = Shapes::ShapeRef.new(shape: CollectionMember_String)
@@ -889,6 +911,7 @@ module Aws::NetworkFirewall
         o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidResourcePolicyException)
       end)
 
       api.add_operation(:delete_rule_group, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-networkfirewall/types.rb

@@ -360,8 +360,13 @@ module Aws::NetworkFirewall
     #           stateful_rule_group_references: [
     #             {
     #               resource_arn: "ResourceArn", # required
+    #               priority: 1,
     #             },
     #           ],
+    #           stateful_default_actions: ["CollectionMember_String"],
+    #           stateful_engine_options: {
+    #             rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #           },
     #         },
     #         description: "Description",
     #         tags: [
@@ -663,6 +668,9 @@ module Aws::NetworkFirewall
     #               ],
     #             },
     #           },
+    #           stateful_rule_options: {
+    #             rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #           },
     #         },
     #         rules: "RulesString",
     #         type: "STATELESS", # required, accepts STATELESS, STATEFUL
@@ -1658,8 +1666,13 @@ module Aws::NetworkFirewall
     #         stateful_rule_group_references: [
     #           {
     #             resource_arn: "ResourceArn", # required
+    #             priority: 1,
     #           },
     #         ],
+    #         stateful_default_actions: ["CollectionMember_String"],
+    #         stateful_engine_options: {
+    #           rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #         },
     #       }
     #
     # @!attribute [rw] stateless_rule_group_references
@@ -1709,10 +1722,22 @@ module Aws::NetworkFirewall
     #   @return [Array<Types::CustomAction>]
     #
     # @!attribute [rw] stateful_rule_group_references
-    #   References to the stateless rule groups that are used in the policy.
+    #   References to the stateful rule groups that are used in the policy.
     #   These define the inspection criteria in stateful rules.
     #   @return [Array<Types::StatefulRuleGroupReference>]
     #
+    # @!attribute [rw] stateful_default_actions
+    #   The default actions to take on a packet that doesn't match any
+    #   stateful rules.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] stateful_engine_options
+    #   Additional options governing how Network Firewall handles stateful
+    #   rules. The stateful rule groups that you use in your policy must
+    #   have stateful rule options settings that are compatible with these
+    #   settings.
+    #   @return [Types::StatefulEngineOptions]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicy AWS API Documentation
     #
     class FirewallPolicy < Struct.new(
@@ -1720,7 +1745,9 @@ module Aws::NetworkFirewall
       :stateless_default_actions,
       :stateless_fragment_default_actions,
       :stateless_custom_actions,
-      :stateful_rule_group_references)
+      :stateful_rule_group_references,
+      :stateful_default_actions,
+      :stateful_engine_options)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1785,6 +1812,21 @@ module Aws::NetworkFirewall
     #   The key:value pairs to associate with the resource.
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] consumed_stateless_rule_capacity
+    #   The number of capacity units currently consumed by the policy's
+    #   stateless rules.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] consumed_stateful_rule_capacity
+    #   The number of capacity units currently consumed by the policy's
+    #   stateful rules.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] number_of_associations
+    #   The number of firewalls that are associated with this firewall
+    #   policy.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicyResponse AWS API Documentation
     #
     class FirewallPolicyResponse < Struct.new(
@@ -1793,7 +1835,10 @@ module Aws::NetworkFirewall
       :firewall_policy_id,
       :description,
       :firewall_policy_status,
-      :tags)
+      :tags,
+      :consumed_stateless_rule_capacity,
+      :consumed_stateful_rule_capacity,
+      :number_of_associations)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1846,9 +1891,9 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # The 5-tuple criteria for AWS Network Firewall to use to inspect packet
-    # headers in stateful traffic flow inspection. Traffic flows that match
-    # the criteria are a match for the corresponding StatefulRule.
+    # The basic rule criteria for AWS Network Firewall to use to inspect
+    # packet headers in stateful traffic flow inspection. Traffic flows that
+    # match the criteria are a match for the corresponding StatefulRule.
     #
     # @note When making an API call, you may pass Header
     #   data as a hash:
@@ -1894,7 +1939,7 @@ module Aws::NetworkFirewall
     # @!attribute [rw] source_port
     #   The source port to inspect for. You can specify an individual port,
     #   for example `1994` and you can specify a port range, for example
-    #   `1990-1994`. To match with any port, specify `ANY`.
+    #   `1990:1994`. To match with any port, specify `ANY`.
     #   @return [String]
     #
     # @!attribute [rw] direction
@@ -1932,7 +1977,7 @@ module Aws::NetworkFirewall
     # @!attribute [rw] destination_port
     #   The destination port to inspect for. You can specify an individual
     #   port, for example `1994` and you can specify a port range, for
-    #   example `1990-1994`. To match with any port, specify `ANY`.
+    #   example `1990:1994`. To match with any port, specify `ANY`.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Header AWS API Documentation
@@ -2034,6 +2079,8 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # The policy statement failed validation.
+    #
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -2475,7 +2522,7 @@ module Aws::NetworkFirewall
     #   17 (UDP).
     #
     #   You can specify individual ports, for example `1994` and you can
-    #   specify port ranges, for example `1990-1994`.
+    #   specify port ranges, for example `1990:1994`.
     #   @return [Array<Types::PortRange>]
     #
     # @!attribute [rw] destination_ports
@@ -2484,7 +2531,7 @@ module Aws::NetworkFirewall
     #   (TCP) and 17 (UDP).
     #
     #   You can specify individual ports, for example `1994` and you can
-    #   specify port ranges, for example `1990-1994`.
+    #   specify port ranges, for example `1990:1994`.
     #   @return [Array<Types::PortRange>]
     #
     # @!attribute [rw] protocols
@@ -2687,6 +2734,8 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # Unable to change the resource because your account doesn't own it.
+    #
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -2907,6 +2956,9 @@ module Aws::NetworkFirewall
     #             ],
     #           },
     #         },
+    #         stateful_rule_options: {
+    #           rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #         },
     #       }
     #
     # @!attribute [rw] rule_variables
@@ -2918,11 +2970,19 @@ module Aws::NetworkFirewall
     #   The stateful rules or stateless rules for the rule group.
     #   @return [Types::RulesSource]
     #
+    # @!attribute [rw] stateful_rule_options
+    #   Additional options governing how Network Firewall handles stateful
+    #   rules. The policies where you use your stateful rule group must have
+    #   stateful rule options settings that are compatible with these
+    #   settings.
+    #   @return [Types::StatefulRuleOptions]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroup AWS API Documentation
     #
     class RuleGroup < Struct.new(
       :rule_variables,
-      :rules_source)
+      :rules_source,
+      :stateful_rule_options)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3002,6 +3062,15 @@ module Aws::NetworkFirewall
     #   The key:value pairs to associate with the resource.
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] consumed_capacity
+    #   The number of capacity units currently consumed by the rule group
+    #   rules.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] number_of_associations
+    #   The number of firewall policies that use this rule group.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroupResponse AWS API Documentation
     #
     class RuleGroupResponse < Struct.new(
@@ -3012,7 +3081,9 @@ module Aws::NetworkFirewall
       :type,
       :capacity,
       :rule_group_status,
-      :tags)
+      :tags,
+      :consumed_capacity,
+      :number_of_associations)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3185,9 +3256,15 @@ module Aws::NetworkFirewall
     #   @return [Types::RulesSourceList]
     #
     # @!attribute [rw] stateful_rules
-    #   The 5-tuple stateful inspection criteria. This contains an array of
-    #   individual 5-tuple stateful rules to be used together in a stateful
-    #   rule group.
+    #   An array of individual stateful rules inspection criteria to be used
+    #   together in a stateful rule group. Use this option to specify simple
+    #   Suricata rules with protocol, source and destination, ports,
+    #   direction, and rule options. For information about the Suricata
+    #   `Rules` format, see [Rules Format][1].
+    #
+    #
+    #
+    #   [1]: https://suricata.readthedocs.io/en/suricata-5.0.0/rules/intro.html#
     #   @return [Array<Types::StatefulRule>]
     #
     # @!attribute [rw] stateless_rules_and_custom_actions
@@ -3216,7 +3293,7 @@ module Aws::NetworkFirewall
     # `HOME_NET` rule variable to include the CIDR range of the deployment
     # VPC plus the other CIDR ranges. For more information, see
     # RuleVariables in this guide and [Stateful domain list rule groups in
-    # AWS Network Firewall][1] in the *Network Firewall Developer Guide*
+    # AWS Network Firewall][1] in the *Network Firewall Developer Guide*.
     #
     #
     #
@@ -3247,7 +3324,7 @@ module Aws::NetworkFirewall
     #
     # @!attribute [rw] target_types
     #   The protocols you want to inspect. Specify `TLS_SNI` for `HTTPS`.
-    #   Specity `HTTP_HOST` for `HTTP`. You can specify either or both.
+    #   Specify `HTTP_HOST` for `HTTP`. You can specify either or both.
     #   @return [Array<String>]
     #
     # @!attribute [rw] generated_rules_type
@@ -3265,7 +3342,44 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # A single 5-tuple stateful rule, for use in a stateful rule group.
+    # Configuration settings for the handling of the stateful rule groups in
+    # a firewall policy.
+    #
+    # @note When making an API call, you may pass StatefulEngineOptions
+    #   data as a hash:
+    #
+    #       {
+    #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #       }
+    #
+    # @!attribute [rw] rule_order
+    #   Indicates how to manage the order of stateful rule evaluation for
+    #   the policy. By default, Network Firewall leaves the rule evaluation
+    #   order up to the Suricata rule processing engine. If you set this to
+    #   `STRICT_ORDER`, your rules are evaluated in the exact order that you
+    #   provide them in the policy. With strict ordering, the rule groups
+    #   are evaluated by order of priority, starting from the lowest number,
+    #   and the rules in each rule group are processed in the order that
+    #   they're defined.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulEngineOptions AWS API Documentation
+    #
+    class StatefulEngineOptions < Struct.new(
+      :rule_order)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A single Suricata rules specification, for use in a stateful rule
+    # group. Use this option to specify a simple Suricata rule with
+    # protocol, source and destination, ports, direction, and rule options.
+    # For information about the Suricata `Rules` format, see [Rules
+    # Format][1].
+    #
+    #
+    #
+    # [1]: https://suricata.readthedocs.io/en/suricata-5.0.0/rules/intro.html#
     #
     # @note When making an API call, you may pass StatefulRule
     #   data as a hash:
@@ -3313,11 +3427,13 @@ module Aws::NetworkFirewall
     #   @return [String]
     #
     # @!attribute [rw] header
-    #   The stateful 5-tuple inspection criteria for this rule, used to
-    #   inspect traffic flows.
+    #   The stateful inspection criteria for this rule, used to inspect
+    #   traffic flows.
     #   @return [Types::Header]
     #
     # @!attribute [rw] rule_options
+    #   Additional options for the rule. These are the Suricata
+    #   `RuleOptions` settings.
     #   @return [Array<Types::RuleOption>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRule AWS API Documentation
@@ -3338,16 +3454,61 @@ module Aws::NetworkFirewall
     #
     #       {
     #         resource_arn: "ResourceArn", # required
+    #         priority: 1,
     #       }
     #
     # @!attribute [rw] resource_arn
     #   The Amazon Resource Name (ARN) of the stateful rule group.
     #   @return [String]
     #
+    # @!attribute [rw] priority
+    #   An integer setting that indicates the order in which to run the
+    #   stateful rule groups in a single FirewallPolicy. This setting only
+    #   applies to firewall policies that specify the `STRICT_ORDER` rule
+    #   order in the stateful engine options settings.
+    #
+    #   Network Firewall evalutes each stateful rule group against a packet
+    #   starting with the group that has the lowest priority setting. You
+    #   must ensure that the priority settings are unique within each
+    #   policy.
+    #
+    #   You can change the priority settings of your rule groups at any
+    #   time. To make it easier to insert rule groups later, number them so
+    #   there's a wide range in between, for example use 100, 200, and so
+    #   on.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleGroupReference AWS API Documentation
     #
     class StatefulRuleGroupReference < Struct.new(
-      :resource_arn)
+      :resource_arn,
+      :priority)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Additional options governing how Network Firewall handles the rule
+    # group. You can only use these for stateful rule groups.
+    #
+    # @note When making an API call, you may pass StatefulRuleOptions
+    #   data as a hash:
+    #
+    #       {
+    #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #       }
+    #
+    # @!attribute [rw] rule_order
+    #   Indicates how to manage the order of the rule evaluation for the
+    #   rule group. By default, Network Firewall leaves the rule evaluation
+    #   order up to the Suricata rule processing engine. If you set this to
+    #   `STRICT_ORDER`, your rules are evaluated in the exact order that
+    #   they're listed in your Suricata rules string.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleOptions AWS API Documentation
+    #
+    class StatefulRuleOptions < Struct.new(
+      :rule_order)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3402,11 +3563,11 @@ module Aws::NetworkFirewall
     #   @return [Types::RuleDefinition]
     #
     # @!attribute [rw] priority
-    #   A setting that indicates the order in which to run this rule
-    #   relative to all of the rules that are defined for a stateless rule
-    #   group. Network Firewall evaluates the rules in a rule group starting
-    #   with the lowest priority setting. You must ensure that the priority
-    #   settings are unique for the rule group.
+    #   Indicates the order in which to run this rule relative to all of the
+    #   rules that are defined for a stateless rule group. Network Firewall
+    #   evaluates the rules in a rule group starting with the lowest
+    #   priority setting. You must ensure that the priority settings are
+    #   unique for the rule group.
     #
     #   Each stateless rule group uses exactly one
     #   `StatelessRulesAndCustomActions` object, and each
@@ -4127,8 +4288,13 @@ module Aws::NetworkFirewall
     #           stateful_rule_group_references: [
     #             {
     #               resource_arn: "ResourceArn", # required
+    #               priority: 1,
     #             },
     #           ],
+    #           stateful_default_actions: ["CollectionMember_String"],
+    #           stateful_engine_options: {
+    #             rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #           },
     #         },
     #         description: "Description",
     #         dry_run: false,
@@ -4400,6 +4566,9 @@ module Aws::NetworkFirewall
     #               ],
     #             },
     #           },
+    #           stateful_rule_options: {
+    #             rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #           },
     #         },
     #         rules: "RulesString",
     #         type: "STATELESS", # accepts STATELESS, STATEFUL

data/lib/aws-sdk-networkfirewall.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
 # @!group service
 module Aws::NetworkFirewall
 
-  GEM_VERSION = '1.7.0'
+  GEM_VERSION = '1.11.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-networkfirewall
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.11.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-01 00:00:00.000000000 Z
+date: 2021-11-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.120.0
+        version: 3.122.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.120.0
+        version: 3.122.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement