aws-sdk-networkfirewall 1.75.0 → 1.76.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-networkfirewall/client.rb +9 -5
- data/lib/aws-sdk-networkfirewall/client_api.rb +2 -0
- data/lib/aws-sdk-networkfirewall/types.rb +9 -2
- data/lib/aws-sdk-networkfirewall.rb +1 -1
- data/sig/client.rbs +4 -2
- data/sig/types.rbs +1 -0
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d936459df2b08a670efa388fb6cc4cf7f12e94826bbdac256af86b3a11538e94
|
|
4
|
+
data.tar.gz: 8d0fd2bab8a5e15f155b791dd3e01d30449f09127c46be8d4fd033b1881a9bd0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 86d75b7c026a73450f5084e8b87e04af2d6ba3d67ae46797bea0d12099894b3c395c439780b7e9a54ae488827c3b9b3ef0cdd4ae56d2883be957842165a9ca32
|
|
7
|
+
data.tar.gz: 258b2c22dba477d6ac2601ae020b6218b50bc06d6222b831df98bd1ca405f6339091550d39c08bfa9de52310ecd9013af7579f62c8105f022211c667ca289fb8
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
1.76.0 (2025-09-17)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Network Firewall now prevents TLS handshakes with the target server until after the Server Name Indication (SNI) has been seen and verified. The monitoring dashboard now provides deeper insights into PrivateLink endpoint candidates and offers filters based on IP addresses and protocol.
|
|
8
|
+
|
|
4
9
|
1.75.0 (2025-08-28)
|
|
5
10
|
------------------
|
|
6
11
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.76.0
|
|
@@ -871,7 +871,7 @@ module Aws::NetworkFirewall
|
|
|
871
871
|
# endpoints for a transit gateway-attached firewall. You must specify at
|
|
872
872
|
# least one Availability Zone. Consider enabling the firewall in every
|
|
873
873
|
# Availability Zone where you have workloads to maintain Availability
|
|
874
|
-
# Zone
|
|
874
|
+
# Zone isolation.
|
|
875
875
|
#
|
|
876
876
|
# You can modify Availability Zones later using
|
|
877
877
|
# AssociateAvailabilityZones or DisassociateAvailabilityZones, but this
|
|
@@ -1080,6 +1080,7 @@ module Aws::NetworkFirewall
|
|
|
1080
1080
|
# },
|
|
1081
1081
|
# },
|
|
1082
1082
|
# },
|
|
1083
|
+
# enable_tls_session_holding: false,
|
|
1083
1084
|
# },
|
|
1084
1085
|
# description: "Description",
|
|
1085
1086
|
# tags: [
|
|
@@ -1838,7 +1839,7 @@ module Aws::NetworkFirewall
|
|
|
1838
1839
|
# the firewall owner or the transit gateway owner can delete the
|
|
1839
1840
|
# attachment.
|
|
1840
1841
|
#
|
|
1841
|
-
# After you delete a transit gateway attachment,
|
|
1842
|
+
# After you delete a transit gateway attachment, traffic will no longer
|
|
1842
1843
|
# flow through the firewall endpoints.
|
|
1843
1844
|
#
|
|
1844
1845
|
# After you initiate the delete operation, use DescribeFirewall to
|
|
@@ -2268,6 +2269,7 @@ module Aws::NetworkFirewall
|
|
|
2268
2269
|
# resp.firewall_policy.policy_variables.rule_variables #=> Hash
|
|
2269
2270
|
# resp.firewall_policy.policy_variables.rule_variables["RuleVariableName"].definition #=> Array
|
|
2270
2271
|
# resp.firewall_policy.policy_variables.rule_variables["RuleVariableName"].definition[0] #=> String
|
|
2272
|
+
# resp.firewall_policy.enable_tls_session_holding #=> Boolean
|
|
2271
2273
|
#
|
|
2272
2274
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewallPolicy AWS API Documentation
|
|
2273
2275
|
#
|
|
@@ -3722,8 +3724,9 @@ module Aws::NetworkFirewall
|
|
|
3722
3724
|
# creation of routing components between the transit gateway and
|
|
3723
3725
|
# firewall endpoints.
|
|
3724
3726
|
#
|
|
3725
|
-
# Only the
|
|
3726
|
-
# traffic will flow through the firewall endpoints for
|
|
3727
|
+
# Only the transit gateway owner can reject the attachment. After
|
|
3728
|
+
# rejection, no traffic will flow through the firewall endpoints for
|
|
3729
|
+
# this attachment.
|
|
3727
3730
|
#
|
|
3728
3731
|
# Use DescribeFirewall to monitor the rejection status. To accept the
|
|
3729
3732
|
# attachment instead of rejecting it, use
|
|
@@ -4541,6 +4544,7 @@ module Aws::NetworkFirewall
|
|
|
4541
4544
|
# },
|
|
4542
4545
|
# },
|
|
4543
4546
|
# },
|
|
4547
|
+
# enable_tls_session_holding: false,
|
|
4544
4548
|
# },
|
|
4545
4549
|
# description: "Description",
|
|
4546
4550
|
# dry_run: false,
|
|
@@ -5273,7 +5277,7 @@ module Aws::NetworkFirewall
|
|
|
5273
5277
|
tracer: tracer
|
|
5274
5278
|
)
|
|
5275
5279
|
context[:gem_name] = 'aws-sdk-networkfirewall'
|
|
5276
|
-
context[:gem_version] = '1.
|
|
5280
|
+
context[:gem_version] = '1.76.0'
|
|
5277
5281
|
Seahorse::Client::Request.new(handlers, context)
|
|
5278
5282
|
end
|
|
5279
5283
|
|
|
@@ -119,6 +119,7 @@ module Aws::NetworkFirewall
|
|
|
119
119
|
DisassociateSubnetsResponse = Shapes::StructureShape.new(name: 'DisassociateSubnetsResponse')
|
|
120
120
|
Domain = Shapes::StringShape.new(name: 'Domain')
|
|
121
121
|
EnableMonitoringDashboard = Shapes::BooleanShape.new(name: 'EnableMonitoringDashboard')
|
|
122
|
+
EnableTLSSessionHolding = Shapes::BooleanShape.new(name: 'EnableTLSSessionHolding')
|
|
122
123
|
EnabledAnalysisType = Shapes::StringShape.new(name: 'EnabledAnalysisType')
|
|
123
124
|
EnabledAnalysisTypes = Shapes::ListShape.new(name: 'EnabledAnalysisTypes')
|
|
124
125
|
EncryptionConfiguration = Shapes::StructureShape.new(name: 'EncryptionConfiguration')
|
|
@@ -792,6 +793,7 @@ module Aws::NetworkFirewall
|
|
|
792
793
|
FirewallPolicy.add_member(:stateful_engine_options, Shapes::ShapeRef.new(shape: StatefulEngineOptions, location_name: "StatefulEngineOptions"))
|
|
793
794
|
FirewallPolicy.add_member(:tls_inspection_configuration_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "TLSInspectionConfigurationArn"))
|
|
794
795
|
FirewallPolicy.add_member(:policy_variables, Shapes::ShapeRef.new(shape: PolicyVariables, location_name: "PolicyVariables"))
|
|
796
|
+
FirewallPolicy.add_member(:enable_tls_session_holding, Shapes::ShapeRef.new(shape: EnableTLSSessionHolding, location_name: "EnableTLSSessionHolding"))
|
|
795
797
|
FirewallPolicy.struct_class = Types::FirewallPolicy
|
|
796
798
|
|
|
797
799
|
FirewallPolicyMetadata.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "Name"))
|
|
@@ -949,7 +949,7 @@ module Aws::NetworkFirewall
|
|
|
949
949
|
# endpoints for a transit gateway-attached firewall. You must specify
|
|
950
950
|
# at least one Availability Zone. Consider enabling the firewall in
|
|
951
951
|
# every Availability Zone where you have workloads to maintain
|
|
952
|
-
# Availability Zone
|
|
952
|
+
# Availability Zone isolation.
|
|
953
953
|
#
|
|
954
954
|
# You can modify Availability Zones later using
|
|
955
955
|
# AssociateAvailabilityZones or DisassociateAvailabilityZones, but
|
|
@@ -2969,6 +2969,12 @@ module Aws::NetworkFirewall
|
|
|
2969
2969
|
# settings in your firewall policy.
|
|
2970
2970
|
# @return [Types::PolicyVariables]
|
|
2971
2971
|
#
|
|
2972
|
+
# @!attribute [rw] enable_tls_session_holding
|
|
2973
|
+
# When true, prevents TCP and TLS packets from reaching destination
|
|
2974
|
+
# servers until TLS Inspection has evaluated Server Name Indication
|
|
2975
|
+
# (SNI) rules. Requires an associated TLS Inspection configuration.
|
|
2976
|
+
# @return [Boolean]
|
|
2977
|
+
#
|
|
2972
2978
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicy AWS API Documentation
|
|
2973
2979
|
#
|
|
2974
2980
|
class FirewallPolicy < Struct.new(
|
|
@@ -2980,7 +2986,8 @@ module Aws::NetworkFirewall
|
|
|
2980
2986
|
:stateful_default_actions,
|
|
2981
2987
|
:stateful_engine_options,
|
|
2982
2988
|
:tls_inspection_configuration_arn,
|
|
2983
|
-
:policy_variables
|
|
2989
|
+
:policy_variables,
|
|
2990
|
+
:enable_tls_session_holding)
|
|
2984
2991
|
SENSITIVE = []
|
|
2985
2992
|
include Aws::Structure
|
|
2986
2993
|
end
|
data/sig/client.rbs
CHANGED
|
@@ -242,7 +242,8 @@ module Aws
|
|
|
242
242
|
rule_variables: Hash[::String, {
|
|
243
243
|
definition: Array[::String]
|
|
244
244
|
}]?
|
|
245
|
-
}
|
|
245
|
+
}?,
|
|
246
|
+
enable_tls_session_holding: bool?
|
|
246
247
|
},
|
|
247
248
|
?description: ::String,
|
|
248
249
|
?tags: Array[
|
|
@@ -1161,7 +1162,8 @@ module Aws
|
|
|
1161
1162
|
rule_variables: Hash[::String, {
|
|
1162
1163
|
definition: Array[::String]
|
|
1163
1164
|
}]?
|
|
1164
|
-
}
|
|
1165
|
+
}?,
|
|
1166
|
+
enable_tls_session_holding: bool?
|
|
1165
1167
|
},
|
|
1166
1168
|
?description: ::String,
|
|
1167
1169
|
?dry_run: bool,
|
data/sig/types.rbs
CHANGED
|
@@ -557,6 +557,7 @@ module Aws::NetworkFirewall
|
|
|
557
557
|
attr_accessor stateful_engine_options: Types::StatefulEngineOptions
|
|
558
558
|
attr_accessor tls_inspection_configuration_arn: ::String
|
|
559
559
|
attr_accessor policy_variables: Types::PolicyVariables
|
|
560
|
+
attr_accessor enable_tls_session_holding: bool
|
|
560
561
|
SENSITIVE: []
|
|
561
562
|
end
|
|
562
563
|
|