aws-sdk-networkfirewall 1.9.0 → 1.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 860a02054447f553368b182daf83b50ba650cdc13914e3ad94fd7864824a7c6d
-  data.tar.gz: 9fc65ff6595ee9816d7ecfbafc9b1d5755e0e17307660299620ca0864b4fe980
+  metadata.gz: bd44678eaff90fe9184784a43266ba888534c3c6a9e6fe678820ab58da6f50d0
+  data.tar.gz: 4db552e1670c4aee1534576d1a69e59f5e90334f2c1a59c77950d15c0869b168
 SHA512:
-  metadata.gz: db672804df64fef21dfeb886df3263e885594a41f9a385b03cb0059103b89671a1dc992708af0cb5c7930dc5890869b206c177a4f1b6f262f3849d58b1bb6f85
-  data.tar.gz: b988aad2ee18fc784f04f12587fa5e9b98b8fe6f2bf3cb7ea78dc2bd0470b95871be8a9dc65933030d87a73f00a701ddb301d346c39779f0ed0fd25501eb4d6e
+  metadata.gz: 8b97cc56988f976c497469e73d8ddc1f71edb737386793825df186cc1abad6808727cf096de8554b6dbac8a8d2a338ffbdb62831a4f196bcc34c22d44a1ce37c
+  data.tar.gz: 73e1630ad55f48b62a16d2d7de0900b1a6220ef9ab4f79f8e60bf20d7667a6502158ec4907a33a4ac33fa74ebd4de81702083c3ebf3c48fc6f791e970ea4b10d

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.13.0 (2021-12-21)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.12.0 (2021-12-09)
+------------------
+
+* Feature - This release adds support for managed rule groups.
+
+1.11.0 (2021-11-30)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.10.0 (2021-11-04)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
 1.9.0 (2021-10-18)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.9.0
+1.13.0

data/lib/aws-sdk-networkfirewall/client.rb

@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
 require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
 require 'aws-sdk-core/plugins/transfer_encoding.rb'
 require 'aws-sdk-core/plugins/http_checksum.rb'
+require 'aws-sdk-core/plugins/defaults_mode.rb'
 require 'aws-sdk-core/plugins/signature_v4.rb'
 require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
 
@@ -73,6 +74,7 @@ module Aws::NetworkFirewall
     add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
     add_plugin(Aws::Plugins::TransferEncoding)
     add_plugin(Aws::Plugins::HttpChecksum)
+    add_plugin(Aws::Plugins::DefaultsMode)
     add_plugin(Aws::Plugins::SignatureV4)
     add_plugin(Aws::Plugins::Protocols::JsonRpc)
 
@@ -119,7 +121,9 @@ module Aws::NetworkFirewall
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
-    #       enable retries and extended timeouts.
+    #       enable retries and extended timeouts. Instance profile credential
+    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
+    #       to true.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -173,6 +177,10 @@ module Aws::NetworkFirewall
     #     Used only in `standard` and adaptive retry modes. Specifies whether to apply
     #     a clock skew correction and retry requests with skewed client clocks.
     #
+    #   @option options [String] :defaults_mode ("legacy")
+    #     See {Aws::DefaultsModeConfiguration} for a list of the
+    #     accepted modes and the configuration defaults that are included.
+    #
     #   @option options [Boolean] :disable_host_prefix_injection (false)
     #     Set to true to disable SDK automatically adding host prefix
     #     to default service endpoint when available.
@@ -285,6 +293,15 @@ module Aws::NetworkFirewall
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Boolean] :use_dualstack_endpoint
+    #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
+    #     will be used if available.
+    #
+    #   @option options [Boolean] :use_fips_endpoint
+    #     When set to `true`, fips compatible endpoints will be used if available.
+    #     When a `fips` region is used, the region is normalized and this config
+    #     is set to `true`.
+    #
     #   @option options [Boolean] :validate_params (true)
     #     When `true`, request parameters are validated before
     #     sending the request.
@@ -296,7 +313,7 @@ module Aws::NetworkFirewall
     #     seconds to wait when opening a HTTP session before raising a
     #     `Timeout::Error`.
     #
-    #   @option options [Integer] :http_read_timeout (60) The default
+    #   @option options [Float] :http_read_timeout (60) The default
     #     number of seconds to wait for response data.  This value can
     #     safely be set per-request on the session.
     #
@@ -312,6 +329,9 @@ module Aws::NetworkFirewall
     #     disables this behaviour.  This value can safely be set per
     #     request on the session.
     #
+    #   @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
+    #     in seconds.
+    #
     #   @option options [Boolean] :http_wire_trace (false) When `true`,
     #     HTTP debug output will be sent to the `:logger`.
     #
@@ -693,6 +713,9 @@ module Aws::NetworkFirewall
     #         {
     #           resource_arn: "ResourceArn", # required
     #           priority: 1,
+    #           override: {
+    #             action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
+    #           },
     #         },
     #       ],
     #       stateful_default_actions: ["CollectionMember_String"],
@@ -1308,6 +1331,7 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy.stateful_rule_group_references #=> Array
     #   resp.firewall_policy.stateful_rule_group_references[0].resource_arn #=> String
     #   resp.firewall_policy.stateful_rule_group_references[0].priority #=> Integer
+    #   resp.firewall_policy.stateful_rule_group_references[0].override.action #=> String, one of "DROP_TO_ALERT"
     #   resp.firewall_policy.stateful_default_actions #=> Array
     #   resp.firewall_policy.stateful_default_actions[0] #=> String
     #   resp.firewall_policy.stateful_engine_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
@@ -1506,6 +1530,68 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
 
+    # High-level information about a rule group, returned by operations like
+    # create and describe. You can use the information provided in the
+    # metadata to retrieve and manage a rule group. You can retrieve all
+    # objects for a rule group by calling DescribeRuleGroup.
+    #
+    # @option params [String] :rule_group_name
+    #   The descriptive name of the rule group. You can't change the name of
+    #   a rule group after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #
+    # @option params [String] :rule_group_arn
+    #   The descriptive name of the rule group. You can't change the name of
+    #   a rule group after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #
+    # @option params [String] :type
+    #   Indicates whether the rule group is stateless or stateful. If the rule
+    #   group is stateless, it contains stateless rules. If it is stateful, it
+    #   contains stateful rules.
+    #
+    #   <note markdown="1"> This setting is required for requests that do not include the
+    #   `RuleGroupARN`.
+    #
+    #    </note>
+    #
+    # @return [Types::DescribeRuleGroupMetadataResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DescribeRuleGroupMetadataResponse#rule_group_arn #rule_group_arn} => String
+    #   * {Types::DescribeRuleGroupMetadataResponse#rule_group_name #rule_group_name} => String
+    #   * {Types::DescribeRuleGroupMetadataResponse#description #description} => String
+    #   * {Types::DescribeRuleGroupMetadataResponse#type #type} => String
+    #   * {Types::DescribeRuleGroupMetadataResponse#capacity #capacity} => Integer
+    #   * {Types::DescribeRuleGroupMetadataResponse#stateful_rule_options #stateful_rule_options} => Types::StatefulRuleOptions
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.describe_rule_group_metadata({
+    #     rule_group_name: "ResourceName",
+    #     rule_group_arn: "ResourceArn",
+    #     type: "STATELESS", # accepts STATELESS, STATEFUL
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.rule_group_arn #=> String
+    #   resp.rule_group_name #=> String
+    #   resp.description #=> String
+    #   resp.type #=> String, one of "STATELESS", "STATEFUL"
+    #   resp.capacity #=> Integer
+    #   resp.stateful_rule_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadata AWS API Documentation
+    #
+    # @overload describe_rule_group_metadata(params = {})
+    # @param [Hash] params ({})
+    def describe_rule_group_metadata(params = {}, options = {})
+      req = build_request(:describe_rule_group_metadata, params)
+      req.send_request(options)
+    end
+
     # Removes the specified subnet associations from the firewall. This
     # removes the firewall endpoints from the subnets and removes any
     # network filtering protections that the endpoints were providing.
@@ -1696,6 +1782,11 @@ module Aws::NetworkFirewall
     #   Network Firewall provides a `NextToken` value that you can use in a
     #   subsequent call to get the next batch of objects.
     #
+    # @option params [String] :scope
+    #   The scope of the request. The default setting of `ACCOUNT` or a
+    #   setting of `NULL` returns all of the rule groups in your account. A
+    #   setting of `MANAGED` returns all available managed rule groups.
+    #
     # @return [Types::ListRuleGroupsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ListRuleGroupsResponse#next_token #next_token} => String
@@ -1708,6 +1799,7 @@ module Aws::NetworkFirewall
     #   resp = client.list_rule_groups({
     #     next_token: "PaginationToken",
     #     max_results: 1,
+    #     scope: "MANAGED", # accepts MANAGED, ACCOUNT
     #   })
     #
     # @example Response structure
@@ -2165,6 +2257,9 @@ module Aws::NetworkFirewall
     #         {
     #           resource_arn: "ResourceArn", # required
     #           priority: 1,
+    #           override: {
+    #             action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
+    #           },
     #         },
     #       ],
     #       stateful_default_actions: ["CollectionMember_String"],
@@ -2200,6 +2295,11 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
 
+    # Modifies the flag, `ChangeProtection`, which indicates whether it is
+    # possible to change the firewall. If the flag is set to `TRUE`, the
+    # firewall is protected from changes. This setting helps protect against
+    # accidentally changing a firewall that's in use.
+    #
     # @option params [String] :update_token
     #   An optional token that you can use for optimistic locking. Network
     #   Firewall returns a token to your requests that access the firewall.
@@ -2658,7 +2758,7 @@ module Aws::NetworkFirewall
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-networkfirewall'
-      context[:gem_version] = '1.9.0'
+      context[:gem_version] = '1.13.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-networkfirewall/client_api.rb

@@ -54,6 +54,8 @@ module Aws::NetworkFirewall
     DescribeLoggingConfigurationResponse = Shapes::StructureShape.new(name: 'DescribeLoggingConfigurationResponse')
     DescribeResourcePolicyRequest = Shapes::StructureShape.new(name: 'DescribeResourcePolicyRequest')
     DescribeResourcePolicyResponse = Shapes::StructureShape.new(name: 'DescribeResourcePolicyResponse')
+    DescribeRuleGroupMetadataRequest = Shapes::StructureShape.new(name: 'DescribeRuleGroupMetadataRequest')
+    DescribeRuleGroupMetadataResponse = Shapes::StructureShape.new(name: 'DescribeRuleGroupMetadataResponse')
     DescribeRuleGroupRequest = Shapes::StructureShape.new(name: 'DescribeRuleGroupRequest')
     DescribeRuleGroupResponse = Shapes::StructureShape.new(name: 'DescribeRuleGroupResponse')
     Description = Shapes::StringShape.new(name: 'Description')
@@ -106,6 +108,7 @@ module Aws::NetworkFirewall
     LoggingConfiguration = Shapes::StructureShape.new(name: 'LoggingConfiguration')
     MatchAttributes = Shapes::StructureShape.new(name: 'MatchAttributes')
     NumberOfAssociations = Shapes::IntegerShape.new(name: 'NumberOfAssociations')
+    OverrideAction = Shapes::StringShape.new(name: 'OverrideAction')
     PaginationMaxResults = Shapes::IntegerShape.new(name: 'PaginationMaxResults')
     PaginationToken = Shapes::StringShape.new(name: 'PaginationToken')
     PerObjectStatus = Shapes::StructureShape.new(name: 'PerObjectStatus')
@@ -125,6 +128,7 @@ module Aws::NetworkFirewall
     PutResourcePolicyResponse = Shapes::StructureShape.new(name: 'PutResourcePolicyResponse')
     ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
     ResourceId = Shapes::StringShape.new(name: 'ResourceId')
+    ResourceManagedStatus = Shapes::StringShape.new(name: 'ResourceManagedStatus')
     ResourceName = Shapes::StringShape.new(name: 'ResourceName')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
     ResourceOwnerCheckException = Shapes::StructureShape.new(name: 'ResourceOwnerCheckException')
@@ -153,6 +157,7 @@ module Aws::NetworkFirewall
     StatefulEngineOptions = Shapes::StructureShape.new(name: 'StatefulEngineOptions')
     StatefulRule = Shapes::StructureShape.new(name: 'StatefulRule')
     StatefulRuleDirection = Shapes::StringShape.new(name: 'StatefulRuleDirection')
+    StatefulRuleGroupOverride = Shapes::StructureShape.new(name: 'StatefulRuleGroupOverride')
     StatefulRuleGroupReference = Shapes::StructureShape.new(name: 'StatefulRuleGroupReference')
     StatefulRuleGroupReferences = Shapes::ListShape.new(name: 'StatefulRuleGroupReferences')
     StatefulRuleOptions = Shapes::StructureShape.new(name: 'StatefulRuleOptions')
@@ -351,6 +356,19 @@ module Aws::NetworkFirewall
     DescribeResourcePolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: PolicyString, location_name: "Policy"))
     DescribeResourcePolicyResponse.struct_class = Types::DescribeResourcePolicyResponse
 
+    DescribeRuleGroupMetadataRequest.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "RuleGroupName"))
+    DescribeRuleGroupMetadataRequest.add_member(:rule_group_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "RuleGroupArn"))
+    DescribeRuleGroupMetadataRequest.add_member(:type, Shapes::ShapeRef.new(shape: RuleGroupType, location_name: "Type"))
+    DescribeRuleGroupMetadataRequest.struct_class = Types::DescribeRuleGroupMetadataRequest
+
+    DescribeRuleGroupMetadataResponse.add_member(:rule_group_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "RuleGroupArn"))
+    DescribeRuleGroupMetadataResponse.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: ResourceName, required: true, location_name: "RuleGroupName"))
+    DescribeRuleGroupMetadataResponse.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
+    DescribeRuleGroupMetadataResponse.add_member(:type, Shapes::ShapeRef.new(shape: RuleGroupType, location_name: "Type"))
+    DescribeRuleGroupMetadataResponse.add_member(:capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "Capacity"))
+    DescribeRuleGroupMetadataResponse.add_member(:stateful_rule_options, Shapes::ShapeRef.new(shape: StatefulRuleOptions, location_name: "StatefulRuleOptions"))
+    DescribeRuleGroupMetadataResponse.struct_class = Types::DescribeRuleGroupMetadataResponse
+
     DescribeRuleGroupRequest.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "RuleGroupName"))
     DescribeRuleGroupRequest.add_member(:rule_group_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "RuleGroupArn"))
     DescribeRuleGroupRequest.add_member(:type, Shapes::ShapeRef.new(shape: RuleGroupType, location_name: "Type"))
@@ -484,6 +502,7 @@ module Aws::NetworkFirewall
 
     ListRuleGroupsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
     ListRuleGroupsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: PaginationMaxResults, location_name: "MaxResults"))
+    ListRuleGroupsRequest.add_member(:scope, Shapes::ShapeRef.new(shape: ResourceManagedStatus, location_name: "Scope"))
     ListRuleGroupsRequest.struct_class = Types::ListRuleGroupsRequest
 
     ListRuleGroupsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: PaginationToken, location_name: "NextToken"))
@@ -618,8 +637,12 @@ module Aws::NetworkFirewall
     StatefulRule.add_member(:rule_options, Shapes::ShapeRef.new(shape: RuleOptions, required: true, location_name: "RuleOptions"))
     StatefulRule.struct_class = Types::StatefulRule
 
+    StatefulRuleGroupOverride.add_member(:action, Shapes::ShapeRef.new(shape: OverrideAction, location_name: "Action"))
+    StatefulRuleGroupOverride.struct_class = Types::StatefulRuleGroupOverride
+
     StatefulRuleGroupReference.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ResourceArn"))
     StatefulRuleGroupReference.add_member(:priority, Shapes::ShapeRef.new(shape: Priority, location_name: "Priority", metadata: {"box"=>true}))
+    StatefulRuleGroupReference.add_member(:override, Shapes::ShapeRef.new(shape: StatefulRuleGroupOverride, location_name: "Override"))
     StatefulRuleGroupReference.struct_class = Types::StatefulRuleGroupReference
 
     StatefulRuleGroupReferences.member = Shapes::ShapeRef.new(shape: StatefulRuleGroupReference)
@@ -988,6 +1011,18 @@ module Aws::NetworkFirewall
         o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
       end)
 
+      api.add_operation(:describe_rule_group_metadata, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DescribeRuleGroupMetadata"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DescribeRuleGroupMetadataRequest)
+        o.output = Shapes::ShapeRef.new(shape: DescribeRuleGroupMetadataResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
+      end)
+
       api.add_operation(:disassociate_subnets, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DisassociateSubnets"
         o.http_method = "POST"
@@ -1059,6 +1094,8 @@ module Aws::NetworkFirewall
         o.http_request_uri = "/"
         o.input = Shapes::ShapeRef.new(shape: ListTagsForResourceRequest)
         o.output = Shapes::ShapeRef.new(shape: ListTagsForResourceResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
         o[:pager] = Aws::Pager.new(
@@ -1088,6 +1125,8 @@ module Aws::NetworkFirewall
         o.http_request_uri = "/"
         o.input = Shapes::ShapeRef.new(shape: TagResourceRequest)
         o.output = Shapes::ShapeRef.new(shape: TagResourceResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
       end)
@@ -1098,6 +1137,8 @@ module Aws::NetworkFirewall
         o.http_request_uri = "/"
         o.input = Shapes::ShapeRef.new(shape: UntagResourceRequest)
         o.output = Shapes::ShapeRef.new(shape: UntagResourceResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
       end)

data/lib/aws-sdk-networkfirewall/types.rb

@@ -361,6 +361,9 @@ module Aws::NetworkFirewall
     #             {
     #               resource_arn: "ResourceArn", # required
     #               priority: 1,
+    #               override: {
+    #                 action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
+    #               },
     #             },
     #           ],
     #           stateful_default_actions: ["CollectionMember_String"],
@@ -1291,6 +1294,109 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DescribeRuleGroupMetadataRequest
+    #   data as a hash:
+    #
+    #       {
+    #         rule_group_name: "ResourceName",
+    #         rule_group_arn: "ResourceArn",
+    #         type: "STATELESS", # accepts STATELESS, STATEFUL
+    #       }
+    #
+    # @!attribute [rw] rule_group_name
+    #   The descriptive name of the rule group. You can't change the name
+    #   of a rule group after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] rule_group_arn
+    #   The descriptive name of the rule group. You can't change the name
+    #   of a rule group after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   Indicates whether the rule group is stateless or stateful. If the
+    #   rule group is stateless, it contains stateless rules. If it is
+    #   stateful, it contains stateful rules.
+    #
+    #   <note markdown="1"> This setting is required for requests that do not include the
+    #   `RuleGroupARN`.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadataRequest AWS API Documentation
+    #
+    class DescribeRuleGroupMetadataRequest < Struct.new(
+      :rule_group_name,
+      :rule_group_arn,
+      :type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] rule_group_arn
+    #   The descriptive name of the rule group. You can't change the name
+    #   of a rule group after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] rule_group_name
+    #   The descriptive name of the rule group. You can't change the name
+    #   of a rule group after you create it.
+    #
+    #   You must specify the ARN or the name, and you can specify both.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   Returns the metadata objects for the specified rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   Indicates whether the rule group is stateless or stateful. If the
+    #   rule group is stateless, it contains stateless rules. If it is
+    #   stateful, it contains stateful rules.
+    #
+    #   <note markdown="1"> This setting is required for requests that do not include the
+    #   `RuleGroupARN`.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] capacity
+    #   The maximum operating resources that this rule group can use. Rule
+    #   group capacity is fixed at creation. When you update a rule group,
+    #   you are limited to this capacity. When you reference a rule group
+    #   from a firewall policy, Network Firewall reserves this capacity for
+    #   the rule group.
+    #
+    #   You can retrieve the capacity that would be required for a rule
+    #   group before you create the rule group by calling CreateRuleGroup
+    #   with `DryRun` set to `TRUE`.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] stateful_rule_options
+    #   Additional options governing how Network Firewall handles the rule
+    #   group. You can only use these for stateful rule groups.
+    #   @return [Types::StatefulRuleOptions]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadataResponse AWS API Documentation
+    #
+    class DescribeRuleGroupMetadataResponse < Struct.new(
+      :rule_group_arn,
+      :rule_group_name,
+      :description,
+      :type,
+      :capacity,
+      :stateful_rule_options)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DescribeRuleGroupRequest
     #   data as a hash:
     #
@@ -1667,6 +1773,9 @@ module Aws::NetworkFirewall
     #           {
     #             resource_arn: "ResourceArn", # required
     #             priority: 1,
+    #             override: {
+    #               action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
+    #             },
     #           },
     #         ],
     #         stateful_default_actions: ["CollectionMember_String"],
@@ -1728,7 +1837,25 @@ module Aws::NetworkFirewall
     #
     # @!attribute [rw] stateful_default_actions
     #   The default actions to take on a packet that doesn't match any
-    #   stateful rules.
+    #   stateful rules. The stateful default action is optional, and is only
+    #   valid when using the strict rule order.
+    #
+    #   Valid values of the stateful default action:
+    #
+    #   * aws:drop\_strict
+    #
+    #   * aws:drop\_established
+    #
+    #   * aws:alert\_strict
+    #
+    #   * aws:alert\_established
+    #
+    #   For more information, see [Strict evaluation order][1] in the *AWS
+    #   Network Firewall Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-strict-rule-evaluation-order.html
     #   @return [Array<String>]
     #
     # @!attribute [rw] stateful_engine_options
@@ -2243,6 +2370,7 @@ module Aws::NetworkFirewall
     #       {
     #         next_token: "PaginationToken",
     #         max_results: 1,
+    #         scope: "MANAGED", # accepts MANAGED, ACCOUNT
     #       }
     #
     # @!attribute [rw] next_token
@@ -2260,11 +2388,18 @@ module Aws::NetworkFirewall
     #   use in a subsequent call to get the next batch of objects.
     #   @return [Integer]
     #
+    # @!attribute [rw] scope
+    #   The scope of the request. The default setting of `ACCOUNT` or a
+    #   setting of `NULL` returns all of the rule groups in your account. A
+    #   setting of `MANAGED` returns all available managed rule groups.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListRuleGroupsRequest AWS API Documentation
     #
     class ListRuleGroupsRequest < Struct.new(
       :next_token,
-      :max_results)
+      :max_results,
+      :scope)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3309,9 +3444,8 @@ module Aws::NetworkFirewall
     #       }
     #
     # @!attribute [rw] targets
-    #   The domains that you want to inspect for in your traffic flows. To
-    #   provide multiple domains, separate them with commas. Valid domain
-    #   specifications are the following:
+    #   The domains that you want to inspect for in your traffic flows.
+    #   Valid domain specifications are the following:
     #
     #   * Explicit names. For example, `abc.example.com` matches only the
     #     domain `abc.example.com`.
@@ -3354,13 +3488,15 @@ module Aws::NetworkFirewall
     #
     # @!attribute [rw] rule_order
     #   Indicates how to manage the order of stateful rule evaluation for
-    #   the policy. By default, Network Firewall leaves the rule evaluation
-    #   order up to the Suricata rule processing engine. If you set this to
-    #   `STRICT_ORDER`, your rules are evaluated in the exact order that you
-    #   provide them in the policy. With strict ordering, the rule groups
-    #   are evaluated by order of priority, starting from the lowest number,
-    #   and the rules in each rule group are processed in the order that
-    #   they're defined.
+    #   the policy. `DEFAULT_ACTION_ORDER` is the default behavior. Stateful
+    #   rules are provided to the rule engine as Suricata compatible
+    #   strings, and Suricata evaluates them based on certain settings. For
+    #   more information, see [Evaluation order for stateful rules][1] in
+    #   the *AWS Network Firewall Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulEngineOptions AWS API Documentation
@@ -3446,6 +3582,29 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # The setting that allows the policy owner to change the behavior of the
+    # rule group within a policy.
+    #
+    # @note When making an API call, you may pass StatefulRuleGroupOverride
+    #   data as a hash:
+    #
+    #       {
+    #         action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
+    #       }
+    #
+    # @!attribute [rw] action
+    #   The action that changes the rule group from `DROP` to `ALERT`. This
+    #   only applies to managed rule groups.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleGroupOverride AWS API Documentation
+    #
+    class StatefulRuleGroupOverride < Struct.new(
+      :action)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Identifier for a single stateful rule group, used in a firewall policy
     # to refer to a rule group.
     #
@@ -3455,6 +3614,9 @@ module Aws::NetworkFirewall
     #       {
     #         resource_arn: "ResourceArn", # required
     #         priority: 1,
+    #         override: {
+    #           action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
+    #         },
     #       }
     #
     # @!attribute [rw] resource_arn
@@ -3478,11 +3640,17 @@ module Aws::NetworkFirewall
     #   on.
     #   @return [Integer]
     #
+    # @!attribute [rw] override
+    #   The action that allows the policy owner to override the behavior of
+    #   the rule group within a policy.
+    #   @return [Types::StatefulRuleGroupOverride]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleGroupReference AWS API Documentation
     #
     class StatefulRuleGroupReference < Struct.new(
       :resource_arn,
-      :priority)
+      :priority,
+      :override)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3499,10 +3667,15 @@ module Aws::NetworkFirewall
     #
     # @!attribute [rw] rule_order
     #   Indicates how to manage the order of the rule evaluation for the
-    #   rule group. By default, Network Firewall leaves the rule evaluation
-    #   order up to the Suricata rule processing engine. If you set this to
-    #   `STRICT_ORDER`, your rules are evaluated in the exact order that
-    #   they're listed in your Suricata rules string.
+    #   rule group. `DEFAULT_ACTION_ORDER` is the default behavior. Stateful
+    #   rules are provided to the rule engine as Suricata compatible
+    #   strings, and Suricata evaluates them based on certain settings. For
+    #   more information, see [Evaluation order for stateful rules][1] in
+    #   the *AWS Network Firewall Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleOptions AWS API Documentation
@@ -4009,6 +4182,11 @@ module Aws::NetworkFirewall
     #   @return [String]
     #
     # @!attribute [rw] delete_protection
+    #   A flag indicating whether it is possible to delete the firewall. A
+    #   setting of `TRUE` indicates that the firewall is protected against
+    #   deletion. Use this setting to protect against accidentally deleting
+    #   a firewall that is in use. When you create a firewall, the operation
+    #   initializes this flag to `TRUE`.
     #   @return [Boolean]
     #
     # @!attribute [rw] update_token
@@ -4289,6 +4467,9 @@ module Aws::NetworkFirewall
     #             {
     #               resource_arn: "ResourceArn", # required
     #               priority: 1,
+    #               override: {
+    #                 action: "DROP_TO_ALERT", # accepts DROP_TO_ALERT
+    #               },
     #             },
     #           ],
     #           stateful_default_actions: ["CollectionMember_String"],

data/lib/aws-sdk-networkfirewall.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
 # @!group service
 module Aws::NetworkFirewall
 
-  GEM_VERSION = '1.9.0'
+  GEM_VERSION = '1.13.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-networkfirewall
 version: !ruby/object:Gem::Version
-  version: 1.9.0
+  version: 1.13.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-10-18 00:00:00.000000000 Z
+date: 2021-12-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.121.2
+        version: 3.125.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.121.2
+        version: 3.125.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement