aws-sdk-networkfirewall 1.15.0 → 1.16.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f14fddc5bbf86d65497b40e64b24109b7cd2edc702478aa0b6e95aa44540adee
-  data.tar.gz: e2b4f4078a7633e9f8060173269e4a260c46ab54f26e96537b77af93d991f9a9
+  metadata.gz: f66bf7c71cb11bf0af157ffcdbad8e7df68a441447cd7907b6d19dbba2d6bf1a
+  data.tar.gz: a307c7c73f68026af50870890e9e4e75f00767e05e4fec15368f1609ce5dcff2
 SHA512:
-  metadata.gz: 3ddb94799956134086a8f6af72802400103b4e0d7dd21fe7a7258163c82905d75db7374451861df64ad5bda51d300801e37b9eb9a645fd7a3a14ef6b9ad390f4
-  data.tar.gz: d1c30949e138d5838e46361fef1ec973939235785bfcdedfcd512ffe0b1411ccd708f438a8ac57aa7d6b9bb6a9ce4ed4531c9d84086e8996e6473cfce19db5fc
+  metadata.gz: 8e39869232f6ea4567b75c432c293f6e13bff33f7b0467d4c34f71ecf27124b254a8ac919e565bfafd8843268e9d3376e188c8084cd5bcf2f93f763f0d9467a1
+  data.tar.gz: 71f99b4fa4d00a371ed89c8e8291b51342f7662f3355c1c11e7fc09bc00f089e03329b1769fcdb206bac0a82360ddd25d93124d326c979129af3c130f36dee2b

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.16.0 (2022-04-26)
+------------------
+
+* Feature - AWS Network Firewall now enables customers to use a customer managed AWS KMS key for the encryption of their firewall resources.
+
 1.15.0 (2022-02-24)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.15.0
+1.16.0

data/lib/aws-sdk-networkfirewall/client.rb

@@ -437,8 +437,8 @@ module Aws::NetworkFirewall
     # You can specify one subnet for each of the Availability Zones that the
     # VPC spans.
     #
-    # This request creates an AWS Network Firewall firewall endpoint in each
-    # of the subnets. To enable the firewall's protections, you must also
+    # This request creates an Network Firewall firewall endpoint in each of
+    # the subnets. To enable the firewall's protections, you must also
     # modify the VPC's route tables for each subnet's Availability Zone,
     # to redirect the traffic that's coming into and going out of the zone
     # through the firewall endpoint.
@@ -513,14 +513,14 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
 
-    # Creates an AWS Network Firewall Firewall and accompanying
-    # FirewallStatus for a VPC.
+    # Creates an Network Firewall Firewall and accompanying FirewallStatus
+    # for a VPC.
     #
-    # The firewall defines the configuration settings for an AWS Network
+    # The firewall defines the configuration settings for an Network
     # Firewall firewall. The settings that you can define at creation
     # include the firewall policy, the subnets in your VPC to use for the
-    # firewall endpoints, and any tags that are attached to the firewall AWS
-    # resource.
+    # firewall endpoints, and any tags that are attached to the firewall
+    # Amazon Web Services resource.
     #
     # After you create a firewall, you can provide additional settings, like
     # the logging configuration.
@@ -530,8 +530,9 @@ module Aws::NetworkFirewall
     # UpdateLoggingConfiguration, AssociateSubnets, and
     # UpdateFirewallDeleteProtection.
     #
-    # To manage a firewall's tags, use the standard AWS resource tagging
-    # operations, ListTagsForResource, TagResource, and UntagResource.
+    # To manage a firewall's tags, use the standard Amazon Web Services
+    # resource tagging operations, ListTagsForResource, TagResource, and
+    # UntagResource.
     #
     # To retrieve information about firewalls, use ListFirewalls and
     # DescribeFirewall.
@@ -582,6 +583,10 @@ module Aws::NetworkFirewall
     # @option params [Array<Types::Tag>] :tags
     #   The key:value pairs to associate with the resource.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your firewall
+    #   resources.
+    #
     # @return [Types::CreateFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateFirewallResponse#firewall #firewall} => Types::Firewall
@@ -608,6 +613,10 @@ module Aws::NetworkFirewall
     #         value: "TagValue", # required
     #       },
     #     ],
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -626,6 +635,8 @@ module Aws::NetworkFirewall
     #   resp.firewall.tags #=> Array
     #   resp.firewall.tags[0].key #=> String
     #   resp.firewall.tags[0].value #=> String
+    #   resp.firewall.encryption_configuration.key_id #=> String
+    #   resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #   resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
     #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
     #   resp.firewall_status.sync_states #=> Hash
@@ -648,7 +659,7 @@ module Aws::NetworkFirewall
     # Creates the firewall policy for the firewall according to the
     # specifications.
     #
-    # An AWS Network Firewall firewall policy defines the behavior of a
+    # An Network Firewall firewall policy defines the behavior of a
     # firewall, in a collection of stateless and stateful rule groups and
     # other settings. You can use one firewall policy for multiple
     # firewalls.
@@ -681,6 +692,10 @@ module Aws::NetworkFirewall
     #   If set to `FALSE`, Network Firewall makes the requested changes to
     #   your resources.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your firewall
+    #   policy resources.
+    #
     # @return [Types::CreateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateFirewallPolicyResponse#update_token #update_token} => String
@@ -735,6 +750,10 @@ module Aws::NetworkFirewall
     #       },
     #     ],
     #     dry_run: false,
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -751,6 +770,8 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
     #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
     #   resp.firewall_policy_response.number_of_associations #=> Integer
+    #   resp.firewall_policy_response.encryption_configuration.key_id #=> String
+    #   resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicy AWS API Documentation
     #
@@ -869,6 +890,10 @@ module Aws::NetworkFirewall
     #   If set to `FALSE`, Network Firewall makes the requested changes to
     #   your resources.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your rule
+    #   group resources.
+    #
     # @return [Types::CreateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateRuleGroupResponse#update_token #update_token} => String
@@ -988,6 +1013,10 @@ module Aws::NetworkFirewall
     #       },
     #     ],
     #     dry_run: false,
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -1005,6 +1034,8 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags[0].value #=> String
     #   resp.rule_group_response.consumed_capacity #=> Integer
     #   resp.rule_group_response.number_of_associations #=> Integer
+    #   resp.rule_group_response.encryption_configuration.key_id #=> String
+    #   resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup AWS API Documentation
     #
@@ -1070,6 +1101,8 @@ module Aws::NetworkFirewall
     #   resp.firewall.tags #=> Array
     #   resp.firewall.tags[0].key #=> String
     #   resp.firewall.tags[0].value #=> String
+    #   resp.firewall.encryption_configuration.key_id #=> String
+    #   resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #   resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
     #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
     #   resp.firewall_status.sync_states #=> Hash
@@ -1126,6 +1159,8 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
     #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
     #   resp.firewall_policy_response.number_of_associations #=> Integer
+    #   resp.firewall_policy_response.encryption_configuration.key_id #=> String
+    #   resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallPolicy AWS API Documentation
     #
@@ -1209,6 +1244,8 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags[0].value #=> String
     #   resp.rule_group_response.consumed_capacity #=> Integer
     #   resp.rule_group_response.number_of_associations #=> Integer
+    #   resp.rule_group_response.encryption_configuration.key_id #=> String
+    #   resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup AWS API Documentation
     #
@@ -1262,6 +1299,8 @@ module Aws::NetworkFirewall
     #   resp.firewall.tags #=> Array
     #   resp.firewall.tags[0].key #=> String
     #   resp.firewall.tags[0].value #=> String
+    #   resp.firewall.encryption_configuration.key_id #=> String
+    #   resp.firewall.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #   resp.firewall_status.status #=> String, one of "PROVISIONING", "DELETING", "READY"
     #   resp.firewall_status.configuration_sync_state_summary #=> String, one of "PENDING", "IN_SYNC"
     #   resp.firewall_status.sync_states #=> Hash
@@ -1321,6 +1360,8 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
     #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
     #   resp.firewall_policy_response.number_of_associations #=> Integer
+    #   resp.firewall_policy_response.encryption_configuration.key_id #=> String
+    #   resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #   resp.firewall_policy.stateless_rule_group_references #=> Array
     #   resp.firewall_policy.stateless_rule_group_references[0].resource_arn #=> String
     #   resp.firewall_policy.stateless_rule_group_references[0].priority #=> Integer
@@ -1524,6 +1565,8 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags[0].value #=> String
     #   resp.rule_group_response.consumed_capacity #=> Integer
     #   resp.rule_group_response.number_of_associations #=> Integer
+    #   resp.rule_group_response.encryption_configuration.key_id #=> String
+    #   resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup AWS API Documentation
     #
@@ -1826,11 +1869,11 @@ module Aws::NetworkFirewall
     # key:value pairs that you can use to categorize and manage your
     # resources, for purposes like billing. For example, you might set the
     # tag key to "customer" and the value to the customer name or ID. You
-    # can specify one or more tags to add to each AWS resource, up to 50
-    # tags for a resource.
+    # can specify one or more tags to add to each Amazon Web Services
+    # resource, up to 50 tags for a resource.
     #
-    # You can tag the AWS resources that you manage through AWS Network
-    # Firewall: firewalls, firewall policies, and rule groups.
+    # You can tag the Amazon Web Services resources that you manage through
+    # Network Firewall: firewalls, firewall policies, and rule groups.
     #
     # @option params [String] :next_token
     #   When you request a list of objects with a `MaxResults` setting, if the
@@ -1879,11 +1922,11 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
 
-    # Creates or updates an AWS Identity and Access Management policy for
-    # your rule group or firewall policy. Use this to share rule groups and
-    # firewall policies between accounts. This operation works in
-    # conjunction with the AWS Resource Access Manager (RAM) service to
-    # manage resource sharing for Network Firewall.
+    # Creates or updates an IAM policy for your rule group or firewall
+    # policy. Use this to share rule groups and firewall policies between
+    # accounts. This operation works in conjunction with the Amazon Web
+    # Services Resource Access Manager (RAM) service to manage resource
+    # sharing for Network Firewall.
     #
     # Use this operation to create or update a resource policy for your rule
     # group or firewall policy. In the policy, you specify the accounts that
@@ -1900,8 +1943,8 @@ module Aws::NetworkFirewall
     # * [AcceptResourceShareInvitation][2] - Accepts the share invitation
     #   for a specified resource share.
     #
-    # For additional information about resource sharing using RAM, see [AWS
-    # Resource Access Manager User Guide][3].
+    # For additional information about resource sharing using RAM, see
+    # [Resource Access Manager User Guide][3].
     #
     #
     #
@@ -1914,10 +1957,9 @@ module Aws::NetworkFirewall
     #   rule groups and firewall policies with.
     #
     # @option params [required, String] :policy
-    #   The AWS Identity and Access Management policy statement that lists the
-    #   accounts that you want to share your rule group or firewall policy
-    #   with and the operations that you want the accounts to be able to
-    #   perform.
+    #   The IAM policy statement that lists the accounts that you want to
+    #   share your rule group or firewall policy with and the operations that
+    #   you want the accounts to be able to perform.
     #
     #   For a rule group resource, you can specify the following operations in
     #   the Actions section of the statement:
@@ -1965,11 +2007,11 @@ module Aws::NetworkFirewall
     # pairs that you can use to categorize and manage your resources, for
     # purposes like billing. For example, you might set the tag key to
     # "customer" and the value to the customer name or ID. You can specify
-    # one or more tags to add to each AWS resource, up to 50 tags for a
-    # resource.
+    # one or more tags to add to each Amazon Web Services resource, up to 50
+    # tags for a resource.
     #
-    # You can tag the AWS resources that you manage through AWS Network
-    # Firewall: firewalls, firewall policies, and rule groups.
+    # You can tag the Amazon Web Services resources that you manage through
+    # Network Firewall: firewalls, firewall policies, and rule groups.
     #
     # @option params [required, String] :resource_arn
     #   The Amazon Resource Name (ARN) of the resource.
@@ -2003,11 +2045,12 @@ module Aws::NetworkFirewall
     # Tags are key:value pairs that you can use to categorize and manage
     # your resources, for purposes like billing. For example, you might set
     # the tag key to "customer" and the value to the customer name or ID.
-    # You can specify one or more tags to add to each AWS resource, up to 50
-    # tags for a resource.
+    # You can specify one or more tags to add to each Amazon Web Services
+    # resource, up to 50 tags for a resource.
     #
-    # You can manage tags for the AWS resources that you manage through AWS
-    # Network Firewall: firewalls, firewall policies, and rule groups.
+    # You can manage tags for the Amazon Web Services resources that you
+    # manage through Network Firewall: firewalls, firewall policies, and
+    # rule groups.
     #
     # @option params [required, String] :resource_arn
     #   The Amazon Resource Name (ARN) of the resource.
@@ -2176,6 +2219,86 @@ module Aws::NetworkFirewall
       req.send_request(options)
     end
 
+    # A complex type that contains settings for encryption of your firewall
+    # resources.
+    #
+    # @option params [String] :update_token
+    #   An optional token that you can use for optimistic locking. Network
+    #   Firewall returns a token to your requests that access the firewall.
+    #   The token marks the state of the firewall resource at the time of the
+    #   request.
+    #
+    #   To make an unconditional change to the firewall, omit the token in
+    #   your update request. Without the token, Network Firewall performs your
+    #   updates regardless of whether the firewall has changed since you last
+    #   retrieved it.
+    #
+    #   To make a conditional change to the firewall, provide the token in
+    #   your update request. Network Firewall uses the token to ensure that
+    #   the firewall hasn't changed since you last retrieved it. If it has
+    #   changed, the operation fails with an `InvalidTokenException`. If this
+    #   happens, retrieve the firewall again to get a current copy of it with
+    #   a new token. Reapply your changes as needed, then try the operation
+    #   again using the new token.
+    #
+    # @option params [String] :firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #
+    # @option params [String] :firewall_name
+    #   The descriptive name of the firewall. You can't change the name of a
+    #   firewall after you create it.
+    #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains optional Amazon Web Services Key
+    #   Management Service (KMS) encryption settings for your Network Firewall
+    #   resources. Your data is encrypted by default with an Amazon Web
+    #   Services owned key that Amazon Web Services owns and manages for you.
+    #   You can use either the Amazon Web Services owned key, or provide your
+    #   own customer managed key. To learn more about KMS encryption of your
+    #   Network Firewall resources, see [Encryption at rest with Amazon Web
+    #   Services Key Managment Service][1] in the *Network Firewall Developer
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
+    #
+    # @return [Types::UpdateFirewallEncryptionConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_arn #firewall_arn} => String
+    #   * {Types::UpdateFirewallEncryptionConfigurationResponse#firewall_name #firewall_name} => String
+    #   * {Types::UpdateFirewallEncryptionConfigurationResponse#update_token #update_token} => String
+    #   * {Types::UpdateFirewallEncryptionConfigurationResponse#encryption_configuration #encryption_configuration} => Types::EncryptionConfiguration
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_firewall_encryption_configuration({
+    #     update_token: "UpdateToken",
+    #     firewall_arn: "ResourceArn",
+    #     firewall_name: "ResourceName",
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.firewall_arn #=> String
+    #   resp.firewall_name #=> String
+    #   resp.update_token #=> String
+    #   resp.encryption_configuration.key_id #=> String
+    #   resp.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfiguration AWS API Documentation
+    #
+    # @overload update_firewall_encryption_configuration(params = {})
+    # @param [Hash] params ({})
+    def update_firewall_encryption_configuration(params = {}, options = {})
+      req = build_request(:update_firewall_encryption_configuration, params)
+      req.send_request(options)
+    end
+
     # Updates the properties of the specified firewall policy.
     #
     # @option params [required, String] :update_token
@@ -2223,6 +2346,10 @@ module Aws::NetworkFirewall
     #   If set to `FALSE`, Network Firewall makes the requested changes to
     #   your resources.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your firewall
+    #   policy resources.
+    #
     # @return [Types::UpdateFirewallPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateFirewallPolicyResponse#update_token #update_token} => String
@@ -2273,6 +2400,10 @@ module Aws::NetworkFirewall
     #     },
     #     description: "Description",
     #     dry_run: false,
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -2289,6 +2420,8 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
     #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
     #   resp.firewall_policy_response.number_of_associations #=> Integer
+    #   resp.firewall_policy_response.encryption_configuration.key_id #=> String
+    #   resp.firewall_policy_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicy AWS API Documentation
     #
@@ -2539,6 +2672,10 @@ module Aws::NetworkFirewall
     #   If set to `FALSE`, Network Firewall makes the requested changes to
     #   your resources.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   A complex type that contains settings for encryption of your rule
+    #   group resources.
+    #
     # @return [Types::UpdateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateRuleGroupResponse#update_token #update_token} => String
@@ -2653,6 +2790,10 @@ module Aws::NetworkFirewall
     #     type: "STATELESS", # accepts STATELESS, STATEFUL
     #     description: "Description",
     #     dry_run: false,
+    #     encryption_configuration: {
+    #       key_id: "KeyId",
+    #       type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -2670,6 +2811,8 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags[0].value #=> String
     #   resp.rule_group_response.consumed_capacity #=> Integer
     #   resp.rule_group_response.number_of_associations #=> Integer
+    #   resp.rule_group_response.encryption_configuration.key_id #=> String
+    #   resp.rule_group_response.encryption_configuration.type #=> String, one of "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup AWS API Documentation
     #
@@ -2762,7 +2905,7 @@ module Aws::NetworkFirewall
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-networkfirewall'
-      context[:gem_version] = '1.15.0'
+      context[:gem_version] = '1.16.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-networkfirewall/client_api.rb

@@ -65,6 +65,8 @@ module Aws::NetworkFirewall
     Dimensions = Shapes::ListShape.new(name: 'Dimensions')
     DisassociateSubnetsRequest = Shapes::StructureShape.new(name: 'DisassociateSubnetsRequest')
     DisassociateSubnetsResponse = Shapes::StructureShape.new(name: 'DisassociateSubnetsResponse')
+    EncryptionConfiguration = Shapes::StructureShape.new(name: 'EncryptionConfiguration')
+    EncryptionType = Shapes::StringShape.new(name: 'EncryptionType')
     EndpointId = Shapes::StringShape.new(name: 'EndpointId')
     ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
     Firewall = Shapes::StructureShape.new(name: 'Firewall')
@@ -89,6 +91,7 @@ module Aws::NetworkFirewall
     InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
     InvalidResourcePolicyException = Shapes::StructureShape.new(name: 'InvalidResourcePolicyException')
     InvalidTokenException = Shapes::StructureShape.new(name: 'InvalidTokenException')
+    KeyId = Shapes::StringShape.new(name: 'KeyId')
     Keyword = Shapes::StringShape.new(name: 'Keyword')
     LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
     ListFirewallPoliciesRequest = Shapes::StructureShape.new(name: 'ListFirewallPoliciesRequest')
@@ -195,6 +198,8 @@ module Aws::NetworkFirewall
     UpdateFirewallDeleteProtectionResponse = Shapes::StructureShape.new(name: 'UpdateFirewallDeleteProtectionResponse')
     UpdateFirewallDescriptionRequest = Shapes::StructureShape.new(name: 'UpdateFirewallDescriptionRequest')
     UpdateFirewallDescriptionResponse = Shapes::StructureShape.new(name: 'UpdateFirewallDescriptionResponse')
+    UpdateFirewallEncryptionConfigurationRequest = Shapes::StructureShape.new(name: 'UpdateFirewallEncryptionConfigurationRequest')
+    UpdateFirewallEncryptionConfigurationResponse = Shapes::StructureShape.new(name: 'UpdateFirewallEncryptionConfigurationResponse')
     UpdateFirewallPolicyChangeProtectionRequest = Shapes::StructureShape.new(name: 'UpdateFirewallPolicyChangeProtectionRequest')
     UpdateFirewallPolicyChangeProtectionResponse = Shapes::StructureShape.new(name: 'UpdateFirewallPolicyChangeProtectionResponse')
     UpdateFirewallPolicyRequest = Shapes::StructureShape.new(name: 'UpdateFirewallPolicyRequest')
@@ -255,6 +260,7 @@ module Aws::NetworkFirewall
     CreateFirewallPolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
     CreateFirewallPolicyRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
     CreateFirewallPolicyRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
+    CreateFirewallPolicyRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
     CreateFirewallPolicyRequest.struct_class = Types::CreateFirewallPolicyRequest
 
     CreateFirewallPolicyResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
@@ -270,6 +276,7 @@ module Aws::NetworkFirewall
     CreateFirewallRequest.add_member(:firewall_policy_change_protection, Shapes::ShapeRef.new(shape: Boolean, location_name: "FirewallPolicyChangeProtection"))
     CreateFirewallRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
     CreateFirewallRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
+    CreateFirewallRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
     CreateFirewallRequest.struct_class = Types::CreateFirewallRequest
 
     CreateFirewallResponse.add_member(:firewall, Shapes::ShapeRef.new(shape: Firewall, location_name: "Firewall"))
@@ -284,6 +291,7 @@ module Aws::NetworkFirewall
     CreateRuleGroupRequest.add_member(:capacity, Shapes::ShapeRef.new(shape: RuleCapacity, required: true, location_name: "Capacity"))
     CreateRuleGroupRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
     CreateRuleGroupRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
+    CreateRuleGroupRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
     CreateRuleGroupRequest.struct_class = Types::CreateRuleGroupRequest
 
     CreateRuleGroupResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
@@ -396,6 +404,10 @@ module Aws::NetworkFirewall
     DisassociateSubnetsResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
     DisassociateSubnetsResponse.struct_class = Types::DisassociateSubnetsResponse
 
+    EncryptionConfiguration.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyId, location_name: "KeyId"))
+    EncryptionConfiguration.add_member(:type, Shapes::ShapeRef.new(shape: EncryptionType, location_name: "Type"))
+    EncryptionConfiguration.struct_class = Types::EncryptionConfiguration
+
     Firewall.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
     Firewall.add_member(:firewall_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "FirewallArn"))
     Firewall.add_member(:firewall_policy_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "FirewallPolicyArn"))
@@ -407,6 +419,7 @@ module Aws::NetworkFirewall
     Firewall.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
     Firewall.add_member(:firewall_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "FirewallId"))
     Firewall.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
+    Firewall.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
     Firewall.struct_class = Types::Firewall
 
     FirewallMetadata.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
@@ -437,6 +450,7 @@ module Aws::NetworkFirewall
     FirewallPolicyResponse.add_member(:consumed_stateless_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatelessRuleCapacity"))
     FirewallPolicyResponse.add_member(:consumed_stateful_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatefulRuleCapacity"))
     FirewallPolicyResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
+    FirewallPolicyResponse.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
     FirewallPolicyResponse.struct_class = Types::FirewallPolicyResponse
 
     FirewallStatus.add_member(:status, Shapes::ShapeRef.new(shape: FirewallStatusValue, required: true, location_name: "Status"))
@@ -598,6 +612,7 @@ module Aws::NetworkFirewall
     RuleGroupResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
     RuleGroupResponse.add_member(:consumed_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedCapacity"))
     RuleGroupResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
+    RuleGroupResponse.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
     RuleGroupResponse.struct_class = Types::RuleGroupResponse
 
     RuleGroups.member = Shapes::ShapeRef.new(shape: RuleGroupMetadata)
@@ -743,6 +758,18 @@ module Aws::NetworkFirewall
     UpdateFirewallDescriptionResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
     UpdateFirewallDescriptionResponse.struct_class = Types::UpdateFirewallDescriptionResponse
 
+    UpdateFirewallEncryptionConfigurationRequest.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
+    UpdateFirewallEncryptionConfigurationRequest.add_member(:firewall_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "FirewallArn"))
+    UpdateFirewallEncryptionConfigurationRequest.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
+    UpdateFirewallEncryptionConfigurationRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
+    UpdateFirewallEncryptionConfigurationRequest.struct_class = Types::UpdateFirewallEncryptionConfigurationRequest
+
+    UpdateFirewallEncryptionConfigurationResponse.add_member(:firewall_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "FirewallArn"))
+    UpdateFirewallEncryptionConfigurationResponse.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
+    UpdateFirewallEncryptionConfigurationResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
+    UpdateFirewallEncryptionConfigurationResponse.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
+    UpdateFirewallEncryptionConfigurationResponse.struct_class = Types::UpdateFirewallEncryptionConfigurationResponse
+
     UpdateFirewallPolicyChangeProtectionRequest.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, location_name: "UpdateToken"))
     UpdateFirewallPolicyChangeProtectionRequest.add_member(:firewall_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "FirewallArn"))
     UpdateFirewallPolicyChangeProtectionRequest.add_member(:firewall_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "FirewallName"))
@@ -761,6 +788,7 @@ module Aws::NetworkFirewall
     UpdateFirewallPolicyRequest.add_member(:firewall_policy, Shapes::ShapeRef.new(shape: FirewallPolicy, required: true, location_name: "FirewallPolicy"))
     UpdateFirewallPolicyRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
     UpdateFirewallPolicyRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
+    UpdateFirewallPolicyRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
     UpdateFirewallPolicyRequest.struct_class = Types::UpdateFirewallPolicyRequest
 
     UpdateFirewallPolicyResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
@@ -785,6 +813,7 @@ module Aws::NetworkFirewall
     UpdateRuleGroupRequest.add_member(:type, Shapes::ShapeRef.new(shape: RuleGroupType, location_name: "Type"))
     UpdateRuleGroupRequest.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
     UpdateRuleGroupRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: Boolean, location_name: "DryRun"))
+    UpdateRuleGroupRequest.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
     UpdateRuleGroupRequest.struct_class = Types::UpdateRuleGroupRequest
 
     UpdateRuleGroupResponse.add_member(:update_token, Shapes::ShapeRef.new(shape: UpdateToken, required: true, location_name: "UpdateToken"))
@@ -1170,6 +1199,20 @@ module Aws::NetworkFirewall
         o.errors << Shapes::ShapeRef.new(shape: InvalidTokenException)
       end)
 
+      api.add_operation(:update_firewall_encryption_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateFirewallEncryptionConfiguration"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: UpdateFirewallEncryptionConfigurationRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateFirewallEncryptionConfigurationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidTokenException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceOwnerCheckException)
+      end)
+
       api.add_operation(:update_firewall_policy, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateFirewallPolicy"
         o.http_method = "POST"

data/lib/aws-sdk-networkfirewall/types.rb

@@ -294,8 +294,8 @@ module Aws::NetworkFirewall
     end
 
     # The configuration and status for a single subnet that you've
-    # specified for use by the AWS Network Firewall firewall. This is part
-    # of the FirewallStatus.
+    # specified for use by the Network Firewall firewall. This is part of
+    # the FirewallStatus.
     #
     # @!attribute [rw] subnet_id
     #   The unique identifier of the subnet that you've specified to be
@@ -379,6 +379,10 @@ module Aws::NetworkFirewall
     #           },
     #         ],
     #         dry_run: false,
+    #         encryption_configuration: {
+    #           key_id: "KeyId",
+    #           type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #         },
     #       }
     #
     # @!attribute [rw] firewall_policy_name
@@ -414,6 +418,11 @@ module Aws::NetworkFirewall
     #   your resources.
     #   @return [Boolean]
     #
+    # @!attribute [rw] encryption_configuration
+    #   A complex type that contains settings for encryption of your
+    #   firewall policy resources.
+    #   @return [Types::EncryptionConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicyRequest AWS API Documentation
     #
     class CreateFirewallPolicyRequest < Struct.new(
@@ -421,7 +430,8 @@ module Aws::NetworkFirewall
       :firewall_policy,
       :description,
       :tags,
-      :dry_run)
+      :dry_run,
+      :encryption_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -477,6 +487,10 @@ module Aws::NetworkFirewall
     #             value: "TagValue", # required
     #           },
     #         ],
+    #         encryption_configuration: {
+    #           key_id: "KeyId",
+    #           type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #         },
     #       }
     #
     # @!attribute [rw] firewall_name
@@ -534,6 +548,11 @@ module Aws::NetworkFirewall
     #   The key:value pairs to associate with the resource.
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] encryption_configuration
+    #   A complex type that contains settings for encryption of your
+    #   firewall resources.
+    #   @return [Types::EncryptionConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallRequest AWS API Documentation
     #
     class CreateFirewallRequest < Struct.new(
@@ -545,7 +564,8 @@ module Aws::NetworkFirewall
       :subnet_change_protection,
       :firewall_policy_change_protection,
       :description,
-      :tags)
+      :tags,
+      :encryption_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -686,6 +706,10 @@ module Aws::NetworkFirewall
     #           },
     #         ],
     #         dry_run: false,
+    #         encryption_configuration: {
+    #           key_id: "KeyId",
+    #           type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #         },
     #       }
     #
     # @!attribute [rw] rule_group_name
@@ -799,6 +823,11 @@ module Aws::NetworkFirewall
     #   your resources.
     #   @return [Boolean]
     #
+    # @!attribute [rw] encryption_configuration
+    #   A complex type that contains settings for encryption of your rule
+    #   group resources.
+    #   @return [Types::EncryptionConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroupRequest AWS API Documentation
     #
     class CreateRuleGroupRequest < Struct.new(
@@ -809,7 +838,8 @@ module Aws::NetworkFirewall
       :description,
       :capacity,
       :tags,
-      :dry_run)
+      :dry_run,
+      :encryption_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -972,10 +1002,10 @@ module Aws::NetworkFirewall
     end
 
     # @!attribute [rw] firewall
-    #   The firewall defines the configuration settings for an AWS Network
+    #   The firewall defines the configuration settings for an Network
     #   Firewall firewall. These settings include the firewall policy, the
     #   subnets in your VPC to use for the firewall endpoints, and any tags
-    #   that are attached to the firewall AWS resource.
+    #   that are attached to the firewall Amazon Web Services resource.
     #
     #   The status of the firewall, for example whether it's ready to
     #   filter network traffic, is provided in the corresponding
@@ -1250,7 +1280,7 @@ module Aws::NetworkFirewall
     #   @return [String]
     #
     # @!attribute [rw] logging_configuration
-    #   Defines how AWS Network Firewall performs logging for a Firewall.
+    #   Defines how Network Firewall performs logging for a Firewall.
     #   @return [Types::LoggingConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeLoggingConfigurationResponse AWS API Documentation
@@ -1283,7 +1313,7 @@ module Aws::NetworkFirewall
     end
 
     # @!attribute [rw] policy
-    #   The AWS Identity and Access Management policy for the resource.
+    #   The IAM policy for the resource.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeResourcePolicyResponse AWS API Documentation
@@ -1459,10 +1489,10 @@ module Aws::NetworkFirewall
     #   RuleGroupResponse, define the rule group. You can retrieve all
     #   objects for a rule group by calling DescribeRuleGroup.
     #
-    #   AWS Network Firewall uses a rule group to inspect and control
-    #   network traffic. You define stateless rule groups to inspect
-    #   individual packets and you define stateful rule groups to inspect
-    #   packets in the context of their traffic flow.
+    #   Network Firewall uses a rule group to inspect and control network
+    #   traffic. You define stateless rule groups to inspect individual
+    #   packets and you define stateful rule groups to inspect packets in
+    #   the context of their traffic flow.
     #
     #   To use a rule group, you include it by reference in an Network
     #   Firewall firewall policy, then you use the policy in a firewall. You
@@ -1491,7 +1521,7 @@ module Aws::NetworkFirewall
     # metric dimension is a name/value pair that's part of the identity of
     # a metric.
     #
-    # AWS Network Firewall sets the dimension name to `CustomAction` and you
+    # Network Firewall sets the dimension name to `CustomAction` and you
     # provide the dimension value.
     #
     # For more information about CloudWatch custom metric dimensions, see
@@ -1625,10 +1655,59 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # The firewall defines the configuration settings for an AWS Network
+    # A complex type that contains optional Amazon Web Services Key
+    # Management Service (KMS) encryption settings for your Network Firewall
+    # resources. Your data is encrypted by default with an Amazon Web
+    # Services owned key that Amazon Web Services owns and manages for you.
+    # You can use either the Amazon Web Services owned key, or provide your
+    # own customer managed key. To learn more about KMS encryption of your
+    # Network Firewall resources, see [Encryption at rest with Amazon Web
+    # Services Key Managment Service][1] in the *Network Firewall Developer
+    # Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
+    #
+    # @note When making an API call, you may pass EncryptionConfiguration
+    #   data as a hash:
+    #
+    #       {
+    #         key_id: "KeyId",
+    #         type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #       }
+    #
+    # @!attribute [rw] key_id
+    #   The ID of the Amazon Web Services Key Management Service (KMS)
+    #   customer managed key. You can use any of the key identifiers that
+    #   KMS supports, unless you're using a key that's managed by another
+    #   account. If you're using a key managed by another account, then
+    #   specify the key ARN. For more information, see [Key ID][1] in the
+    #   *Amazon Web Services KMS Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of Amazon Web Services KMS key to use for encryption of
+    #   your Network Firewall resources.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/EncryptionConfiguration AWS API Documentation
+    #
+    class EncryptionConfiguration < Struct.new(
+      :key_id,
+      :type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The firewall defines the configuration settings for an Network
     # Firewall firewall. These settings include the firewall policy, the
     # subnets in your VPC to use for the firewall endpoints, and any tags
-    # that are attached to the firewall AWS resource.
+    # that are attached to the firewall Amazon Web Services resource.
     #
     # The status of the firewall, for example whether it's ready to filter
     # network traffic, is provided in the corresponding FirewallStatus. You
@@ -1695,6 +1774,11 @@ module Aws::NetworkFirewall
     # @!attribute [rw] tags
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] encryption_configuration
+    #   A complex type that contains the Amazon Web Services KMS encryption
+    #   configuration settings for your firewall.
+    #   @return [Types::EncryptionConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Firewall AWS API Documentation
     #
     class Firewall < Struct.new(
@@ -1708,7 +1792,8 @@ module Aws::NetworkFirewall
       :firewall_policy_change_protection,
       :description,
       :firewall_id,
-      :tags)
+      :tags,
+      :encryption_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1850,12 +1935,12 @@ module Aws::NetworkFirewall
     #
     #   * aws:alert\_established
     #
-    #   For more information, see [Strict evaluation order][1] in the *AWS
-    #   Network Firewall Developer Guide*.
+    #   For more information, see [Strict evaluation order][1] in the
+    #   *Network Firewall Developer Guide*.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-strict-rule-evaluation-order.html
+    #   [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-strict-rule-evaluation-order.html
     #   @return [Array<String>]
     #
     # @!attribute [rw] stateful_engine_options
@@ -1954,6 +2039,11 @@ module Aws::NetworkFirewall
     #   policy.
     #   @return [Integer]
     #
+    # @!attribute [rw] encryption_configuration
+    #   A complex type that contains the Amazon Web Services KMS encryption
+    #   configuration settings for your firewall policy.
+    #   @return [Types::EncryptionConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicyResponse AWS API Documentation
     #
     class FirewallPolicyResponse < Struct.new(
@@ -1965,7 +2055,8 @@ module Aws::NetworkFirewall
       :tags,
       :consumed_stateless_rule_capacity,
       :consumed_stateful_rule_capacity,
-      :number_of_associations)
+      :number_of_associations,
+      :encryption_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2018,9 +2109,9 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # The basic rule criteria for AWS Network Firewall to use to inspect
-    # packet headers in stateful traffic flow inspection. Traffic flows that
-    # match the criteria are a match for the corresponding StatefulRule.
+    # The basic rule criteria for Network Firewall to use to inspect packet
+    # headers in stateful traffic flow inspection. Traffic flows that match
+    # the criteria are a match for the corresponding StatefulRule.
     #
     # @note When making an API call, you may pass Header
     #   data as a hash:
@@ -2036,7 +2127,8 @@ module Aws::NetworkFirewall
     #
     # @!attribute [rw] protocol
     #   The protocol to inspect for. To specify all, you can use `IP`,
-    #   because all traffic on AWS and on the internet is IP.
+    #   because all traffic on Amazon Web Services and on the internet is
+    #   IP.
     #   @return [String]
     #
     # @!attribute [rw] source
@@ -2142,8 +2234,8 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # AWS doesn't currently have enough available capacity to fulfill your
-    # request. Try your request later.
+    # Amazon Web Services doesn't currently have enough available capacity
+    # to fulfill your request. Try your request later.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -2486,10 +2578,10 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # Defines where AWS Network Firewall sends logs for the firewall for one
-    # log type. This is used in LoggingConfiguration. You can send each type
-    # of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis
-    # Data Firehose delivery stream.
+    # Defines where Network Firewall sends logs for the firewall for one log
+    # type. This is used in LoggingConfiguration. You can send each type of
+    # log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data
+    # Firehose delivery stream.
     #
     # Network Firewall generates logs for stateful rule groups. You can save
     # alert and flow log types. The stateful rules engine records flow logs
@@ -2570,7 +2662,7 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # Defines how AWS Network Firewall performs logging for a Firewall.
+    # Defines how Network Firewall performs logging for a Firewall.
     #
     # @note When making an API call, you may pass LoggingConfiguration
     #   data as a hash:
@@ -2813,10 +2905,9 @@ module Aws::NetworkFirewall
     #   @return [String]
     #
     # @!attribute [rw] policy
-    #   The AWS Identity and Access Management policy statement that lists
-    #   the accounts that you want to share your rule group or firewall
-    #   policy with and the operations that you want the accounts to be able
-    #   to perform.
+    #   The IAM policy statement that lists the accounts that you want to
+    #   share your rule group or firewall policy with and the operations
+    #   that you want the accounts to be able to perform.
     #
     #   For a rule group resource, you can specify the following operations
     #   in the Actions section of the statement:
@@ -2882,7 +2973,7 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # The inspection criteria and action for a single stateless rule. AWS
+    # The inspection criteria and action for a single stateless rule.
     # Network Firewall inspects each packet for the specified matching
     # criteria. When a packet matches the criteria, Network Firewall
     # performs the rule's actions on the packet.
@@ -2983,7 +3074,7 @@ module Aws::NetworkFirewall
     # RuleGroupResponse, define the rule group. You can retrieve all objects
     # for a rule group by calling DescribeRuleGroup.
     #
-    # AWS Network Firewall uses a rule group to inspect and control network
+    # Network Firewall uses a rule group to inspect and control network
     # traffic. You define stateless rule groups to inspect individual
     # packets and you define stateful rule groups to inspect packets in the
     # context of their traffic flow.
@@ -3206,6 +3297,11 @@ module Aws::NetworkFirewall
     #   The number of firewall policies that use this rule group.
     #   @return [Integer]
     #
+    # @!attribute [rw] encryption_configuration
+    #   A complex type that contains the Amazon Web Services KMS encryption
+    #   configuration settings for your rule group.
+    #   @return [Types::EncryptionConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroupResponse AWS API Documentation
     #
     class RuleGroupResponse < Struct.new(
@@ -3218,7 +3314,8 @@ module Aws::NetworkFirewall
       :rule_group_status,
       :tags,
       :consumed_capacity,
-      :number_of_associations)
+      :number_of_associations,
+      :encryption_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3428,7 +3525,7 @@ module Aws::NetworkFirewall
     # `HOME_NET` rule variable to include the CIDR range of the deployment
     # VPC plus the other CIDR ranges. For more information, see
     # RuleVariables in this guide and [Stateful domain list rule groups in
-    # AWS Network Firewall][1] in the *Network Firewall Developer Guide*.
+    # Network Firewall][1] in the *Network Firewall Developer Guide*.
     #
     #
     #
@@ -3492,7 +3589,7 @@ module Aws::NetworkFirewall
     #   rules are provided to the rule engine as Suricata compatible
     #   strings, and Suricata evaluates them based on certain settings. For
     #   more information, see [Evaluation order for stateful rules][1] in
-    #   the *AWS Network Firewall Developer Guide*.
+    #   the *Network Firewall Developer Guide*.
     #
     #
     #
@@ -3671,7 +3768,7 @@ module Aws::NetworkFirewall
     #   rules are provided to the rule engine as Suricata compatible
     #   strings, and Suricata evaluates them based on certain settings. For
     #   more information, see [Evaluation order for stateful rules][1] in
-    #   the *AWS Network Firewall Developer Guide*.
+    #   the *Network Firewall Developer Guide*.
     #
     #
     #
@@ -3880,7 +3977,7 @@ module Aws::NetworkFirewall
     end
 
     # The ID for a subnet that you want to associate with the firewall. This
-    # is used with CreateFirewall and AssociateSubnets. AWS Network Firewall
+    # is used with CreateFirewall and AssociateSubnets. Network Firewall
     # creates an instance of the associated firewall in each subnet that you
     # specify, to filter traffic in the subnet's Availability Zone.
     #
@@ -3906,7 +4003,7 @@ module Aws::NetworkFirewall
     # The status of the firewall endpoint and firewall policy configuration
     # for a single VPC subnet.
     #
-    # For each VPC subnet that you associate with a firewall, AWS Network
+    # For each VPC subnet that you associate with a firewall, Network
     # Firewall does the following:
     #
     # * Instantiates a firewall endpoint in the subnet, ready to take
@@ -3987,12 +4084,12 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # A key:value pair associated with an AWS resource. The key:value pair
-    # can be anything you define. Typically, the tag key represents a
-    # category (such as "environment") and the tag value represents a
-    # specific value within that category (such as "test,"
+    # A key:value pair associated with an Amazon Web Services resource. The
+    # key:value pair can be anything you define. Typically, the tag key
+    # represents a category (such as "environment") and the tag value
+    # represents a specific value within that category (such as "test,"
     # "development," or "production"). You can add up to 50 tags to each
-    # AWS resource.
+    # Amazon Web Services resource.
     #
     # @note When making an API call, you may pass Tag
     #   data as a hash:
@@ -4323,6 +4420,131 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass UpdateFirewallEncryptionConfigurationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         update_token: "UpdateToken",
+    #         firewall_arn: "ResourceArn",
+    #         firewall_name: "ResourceName",
+    #         encryption_configuration: {
+    #           key_id: "KeyId",
+    #           type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #         },
+    #       }
+    #
+    # @!attribute [rw] update_token
+    #   An optional token that you can use for optimistic locking. Network
+    #   Firewall returns a token to your requests that access the firewall.
+    #   The token marks the state of the firewall resource at the time of
+    #   the request.
+    #
+    #   To make an unconditional change to the firewall, omit the token in
+    #   your update request. Without the token, Network Firewall performs
+    #   your updates regardless of whether the firewall has changed since
+    #   you last retrieved it.
+    #
+    #   To make a conditional change to the firewall, provide the token in
+    #   your update request. Network Firewall uses the token to ensure that
+    #   the firewall hasn't changed since you last retrieved it. If it has
+    #   changed, the operation fails with an `InvalidTokenException`. If
+    #   this happens, retrieve the firewall again to get a current copy of
+    #   it with a new token. Reapply your changes as needed, then try the
+    #   operation again using the new token.
+    #   @return [String]
+    #
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] firewall_name
+    #   The descriptive name of the firewall. You can't change the name of
+    #   a firewall after you create it.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_configuration
+    #   A complex type that contains optional Amazon Web Services Key
+    #   Management Service (KMS) encryption settings for your Network
+    #   Firewall resources. Your data is encrypted by default with an Amazon
+    #   Web Services owned key that Amazon Web Services owns and manages for
+    #   you. You can use either the Amazon Web Services owned key, or
+    #   provide your own customer managed key. To learn more about KMS
+    #   encryption of your Network Firewall resources, see [Encryption at
+    #   rest with Amazon Web Services Key Managment Service][1] in the
+    #   *Network Firewall Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
+    #   @return [Types::EncryptionConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfigurationRequest AWS API Documentation
+    #
+    class UpdateFirewallEncryptionConfigurationRequest < Struct.new(
+      :update_token,
+      :firewall_arn,
+      :firewall_name,
+      :encryption_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] firewall_arn
+    #   The Amazon Resource Name (ARN) of the firewall.
+    #   @return [String]
+    #
+    # @!attribute [rw] firewall_name
+    #   The descriptive name of the firewall. You can't change the name of
+    #   a firewall after you create it.
+    #   @return [String]
+    #
+    # @!attribute [rw] update_token
+    #   An optional token that you can use for optimistic locking. Network
+    #   Firewall returns a token to your requests that access the firewall.
+    #   The token marks the state of the firewall resource at the time of
+    #   the request.
+    #
+    #   To make an unconditional change to the firewall, omit the token in
+    #   your update request. Without the token, Network Firewall performs
+    #   your updates regardless of whether the firewall has changed since
+    #   you last retrieved it.
+    #
+    #   To make a conditional change to the firewall, provide the token in
+    #   your update request. Network Firewall uses the token to ensure that
+    #   the firewall hasn't changed since you last retrieved it. If it has
+    #   changed, the operation fails with an `InvalidTokenException`. If
+    #   this happens, retrieve the firewall again to get a current copy of
+    #   it with a new token. Reapply your changes as needed, then try the
+    #   operation again using the new token.
+    #   @return [String]
+    #
+    # @!attribute [rw] encryption_configuration
+    #   A complex type that contains optional Amazon Web Services Key
+    #   Management Service (KMS) encryption settings for your Network
+    #   Firewall resources. Your data is encrypted by default with an Amazon
+    #   Web Services owned key that Amazon Web Services owns and manages for
+    #   you. You can use either the Amazon Web Services owned key, or
+    #   provide your own customer managed key. To learn more about KMS
+    #   encryption of your Network Firewall resources, see [Encryption at
+    #   rest with Amazon Web Services Key Managment Service][1] in the
+    #   *Network Firewall Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html
+    #   @return [Types::EncryptionConfiguration]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfigurationResponse AWS API Documentation
+    #
+    class UpdateFirewallEncryptionConfigurationResponse < Struct.new(
+      :firewall_arn,
+      :firewall_name,
+      :update_token,
+      :encryption_configuration)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateFirewallPolicyChangeProtectionRequest
     #   data as a hash:
     #
@@ -4479,6 +4701,10 @@ module Aws::NetworkFirewall
     #         },
     #         description: "Description",
     #         dry_run: false,
+    #         encryption_configuration: {
+    #           key_id: "KeyId",
+    #           type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #         },
     #       }
     #
     # @!attribute [rw] update_token
@@ -4532,6 +4758,11 @@ module Aws::NetworkFirewall
     #   your resources.
     #   @return [Boolean]
     #
+    # @!attribute [rw] encryption_configuration
+    #   A complex type that contains settings for encryption of your
+    #   firewall policy resources.
+    #   @return [Types::EncryptionConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicyRequest AWS API Documentation
     #
     class UpdateFirewallPolicyRequest < Struct.new(
@@ -4540,7 +4771,8 @@ module Aws::NetworkFirewall
       :firewall_policy_name,
       :firewall_policy,
       :description,
-      :dry_run)
+      :dry_run,
+      :encryption_configuration)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4632,7 +4864,7 @@ module Aws::NetworkFirewall
     #   @return [String]
     #
     # @!attribute [rw] logging_configuration
-    #   Defines how AWS Network Firewall performs logging for a Firewall.
+    #   Defines how Network Firewall performs logging for a Firewall.
     #   @return [Types::LoggingConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateLoggingConfigurationResponse AWS API Documentation
@@ -4755,6 +4987,10 @@ module Aws::NetworkFirewall
     #         type: "STATELESS", # accepts STATELESS, STATEFUL
     #         description: "Description",
     #         dry_run: false,
+    #         encryption_configuration: {
+    #           key_id: "KeyId",
+    #           type: "CUSTOMER_KMS", # accepts CUSTOMER_KMS, AWS_OWNED_KMS_KEY
+    #         },
     #       }
     #
     # @!attribute [rw] update_token
@@ -4840,6 +5076,11 @@ module Aws::NetworkFirewall
     #   your resources.
     #   @return [Boolean]
     #
+    # @!attribute [rw] encryption_configuration
+    #   A complex type that contains settings for encryption of your rule
+    #   group resources.
+    #   @return [Types::EncryptionConfiguration]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroupRequest AWS API Documentation
     #
     class UpdateRuleGroupRequest < Struct.new(
@@ -4850,7 +5091,8 @@ module Aws::NetworkFirewall
       :rules,
       :type,
       :description,
-      :dry_run)
+      :dry_run,
+      :encryption_configuration)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-networkfirewall.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
 # @!group service
 module Aws::NetworkFirewall
 
-  GEM_VERSION = '1.15.0'
+  GEM_VERSION = '1.16.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-networkfirewall
 version: !ruby/object:Gem::Version
-  version: 1.15.0
+  version: 1.16.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-02-24 00:00:00.000000000 Z
+date: 2022-04-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core