aws-sdk-networkfirewall 1.7.0 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7fbd66b2c614a071383c54a79d815a002fc645b301d7753644373f51f614350e
-  data.tar.gz: 878c9322630d33432a1ff072de50e40a150792034347162d28ea4aac5e669216
+  metadata.gz: 419df2b90623fc3fb33b86871859f35dddc85c7f049a5f5c77425f8c32f402ab
+  data.tar.gz: 880c420195088c9808cf9b29ccabc802eec0b90e15480ed91e07c9fac2659d0f
 SHA512:
-  metadata.gz: '083f3daba271313c62e22bde5f6cafac97c1b63f22499c78bdc4424e4605848f07f7c6af80c9bf8b6e25a1a54e9ecb7024cdb0e54a5c3e70e38c0133a0ff6625'
-  data.tar.gz: 7cd39ff791c98b127fb9f2da3e008289b3b093eaf62578753366b8fa2e8ca20c68921f1badfc76c837d2658f177e64e0527cd3d888b3aa839832c385df7151b0
+  metadata.gz: 292e444fdac8f6fd48fb1bd19b320718da37b4cc09efbf5b14e61ae34b63bc096d1a4620585173542e6e5be588f5b17cbd069d1e64386647f5b45b73b709ad9a
+  data.tar.gz: dde76bb3cdaab959c0698ef7fb13c057a053b1dd0e2df157661d3f23dfbfcba9c61c51d60460b8c73c9ca720cd3b6e40b95640fd78c113900e48eddf0227c84a

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.8.0 (2021-09-30)
+------------------
+
+* Feature - This release adds support for strict ordering for stateful rule groups. Using strict ordering, stateful rules are evaluated in the exact order in which you provide them.
+
 1.7.0 (2021-09-01)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.7.0
+1.8.0

data/lib/aws-sdk-networkfirewall/client.rb

@@ -692,8 +692,13 @@ module Aws::NetworkFirewall
     #       stateful_rule_group_references: [
     #         {
     #           resource_arn: "ResourceArn", # required
+    #           priority: 1,
     #         },
     #       ],
+    #       stateful_default_actions: ["CollectionMember_String"],
+    #       stateful_engine_options: {
+    #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #       },
     #     },
     #     description: "Description",
     #     tags: [
@@ -716,6 +721,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.tags #=> Array
     #   resp.firewall_policy_response.tags[0].key #=> String
     #   resp.firewall_policy_response.tags[0].value #=> String
+    #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicy AWS API Documentation
     #
@@ -938,6 +946,9 @@ module Aws::NetworkFirewall
     #           ],
     #         },
     #       },
+    #       stateful_rule_options: {
+    #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #       },
     #     },
     #     rules: "RulesString",
     #     type: "STATELESS", # required, accepts STATELESS, STATEFUL
@@ -965,6 +976,8 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags #=> Array
     #   resp.rule_group_response.tags[0].key #=> String
     #   resp.rule_group_response.tags[0].value #=> String
+    #   resp.rule_group_response.consumed_capacity #=> Integer
+    #   resp.rule_group_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup AWS API Documentation
     #
@@ -1083,6 +1096,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.tags #=> Array
     #   resp.firewall_policy_response.tags[0].key #=> String
     #   resp.firewall_policy_response.tags[0].value #=> String
+    #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallPolicy AWS API Documentation
     #
@@ -1164,6 +1180,8 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags #=> Array
     #   resp.rule_group_response.tags[0].key #=> String
     #   resp.rule_group_response.tags[0].value #=> String
+    #   resp.rule_group_response.consumed_capacity #=> Integer
+    #   resp.rule_group_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup AWS API Documentation
     #
@@ -1273,6 +1291,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.tags #=> Array
     #   resp.firewall_policy_response.tags[0].key #=> String
     #   resp.firewall_policy_response.tags[0].value #=> String
+    #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.number_of_associations #=> Integer
     #   resp.firewall_policy.stateless_rule_group_references #=> Array
     #   resp.firewall_policy.stateless_rule_group_references[0].resource_arn #=> String
     #   resp.firewall_policy.stateless_rule_group_references[0].priority #=> Integer
@@ -1286,6 +1307,10 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy.stateless_custom_actions[0].action_definition.publish_metric_action.dimensions[0].value #=> String
     #   resp.firewall_policy.stateful_rule_group_references #=> Array
     #   resp.firewall_policy.stateful_rule_group_references[0].resource_arn #=> String
+    #   resp.firewall_policy.stateful_rule_group_references[0].priority #=> Integer
+    #   resp.firewall_policy.stateful_default_actions #=> Array
+    #   resp.firewall_policy.stateful_default_actions[0] #=> String
+    #   resp.firewall_policy.stateful_engine_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewallPolicy AWS API Documentation
     #
@@ -1458,6 +1483,7 @@ module Aws::NetworkFirewall
     #   resp.rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions[0].action_name #=> String
     #   resp.rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions[0].action_definition.publish_metric_action.dimensions #=> Array
     #   resp.rule_group.rules_source.stateless_rules_and_custom_actions.custom_actions[0].action_definition.publish_metric_action.dimensions[0].value #=> String
+    #   resp.rule_group.stateful_rule_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
     #   resp.rule_group_response.rule_group_arn #=> String
     #   resp.rule_group_response.rule_group_name #=> String
     #   resp.rule_group_response.rule_group_id #=> String
@@ -1468,6 +1494,8 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags #=> Array
     #   resp.rule_group_response.tags[0].key #=> String
     #   resp.rule_group_response.tags[0].value #=> String
+    #   resp.rule_group_response.consumed_capacity #=> Integer
+    #   resp.rule_group_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup AWS API Documentation
     #
@@ -2136,8 +2164,13 @@ module Aws::NetworkFirewall
     #       stateful_rule_group_references: [
     #         {
     #           resource_arn: "ResourceArn", # required
+    #           priority: 1,
     #         },
     #       ],
+    #       stateful_default_actions: ["CollectionMember_String"],
+    #       stateful_engine_options: {
+    #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #       },
     #     },
     #     description: "Description",
     #     dry_run: false,
@@ -2154,6 +2187,9 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy_response.tags #=> Array
     #   resp.firewall_policy_response.tags[0].key #=> String
     #   resp.firewall_policy_response.tags[0].value #=> String
+    #   resp.firewall_policy_response.consumed_stateless_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.consumed_stateful_rule_capacity #=> Integer
+    #   resp.firewall_policy_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicy AWS API Documentation
     #
@@ -2505,6 +2541,9 @@ module Aws::NetworkFirewall
     #           ],
     #         },
     #       },
+    #       stateful_rule_options: {
+    #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #       },
     #     },
     #     rules: "RulesString",
     #     type: "STATELESS", # accepts STATELESS, STATEFUL
@@ -2525,6 +2564,8 @@ module Aws::NetworkFirewall
     #   resp.rule_group_response.tags #=> Array
     #   resp.rule_group_response.tags[0].key #=> String
     #   resp.rule_group_response.tags[0].value #=> String
+    #   resp.rule_group_response.consumed_capacity #=> Integer
+    #   resp.rule_group_response.number_of_associations #=> Integer
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup AWS API Documentation
     #
@@ -2617,7 +2658,7 @@ module Aws::NetworkFirewall
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-networkfirewall'
-      context[:gem_version] = '1.7.0'
+      context[:gem_version] = '1.8.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-networkfirewall/client_api.rb

@@ -105,6 +105,7 @@ module Aws::NetworkFirewall
     LogType = Shapes::StringShape.new(name: 'LogType')
     LoggingConfiguration = Shapes::StructureShape.new(name: 'LoggingConfiguration')
     MatchAttributes = Shapes::StructureShape.new(name: 'MatchAttributes')
+    NumberOfAssociations = Shapes::IntegerShape.new(name: 'NumberOfAssociations')
     PaginationMaxResults = Shapes::IntegerShape.new(name: 'PaginationMaxResults')
     PaginationToken = Shapes::StringShape.new(name: 'PaginationToken')
     PerObjectStatus = Shapes::StructureShape.new(name: 'PerObjectStatus')
@@ -137,6 +138,7 @@ module Aws::NetworkFirewall
     RuleGroups = Shapes::ListShape.new(name: 'RuleGroups')
     RuleOption = Shapes::StructureShape.new(name: 'RuleOption')
     RuleOptions = Shapes::ListShape.new(name: 'RuleOptions')
+    RuleOrder = Shapes::StringShape.new(name: 'RuleOrder')
     RuleTargets = Shapes::ListShape.new(name: 'RuleTargets')
     RuleVariableName = Shapes::StringShape.new(name: 'RuleVariableName')
     RuleVariables = Shapes::StructureShape.new(name: 'RuleVariables')
@@ -147,10 +149,13 @@ module Aws::NetworkFirewall
     Settings = Shapes::ListShape.new(name: 'Settings')
     Source = Shapes::StringShape.new(name: 'Source')
     StatefulAction = Shapes::StringShape.new(name: 'StatefulAction')
+    StatefulActions = Shapes::ListShape.new(name: 'StatefulActions')
+    StatefulEngineOptions = Shapes::StructureShape.new(name: 'StatefulEngineOptions')
     StatefulRule = Shapes::StructureShape.new(name: 'StatefulRule')
     StatefulRuleDirection = Shapes::StringShape.new(name: 'StatefulRuleDirection')
     StatefulRuleGroupReference = Shapes::StructureShape.new(name: 'StatefulRuleGroupReference')
     StatefulRuleGroupReferences = Shapes::ListShape.new(name: 'StatefulRuleGroupReferences')
+    StatefulRuleOptions = Shapes::StructureShape.new(name: 'StatefulRuleOptions')
     StatefulRuleProtocol = Shapes::StringShape.new(name: 'StatefulRuleProtocol')
     StatefulRules = Shapes::ListShape.new(name: 'StatefulRules')
     StatelessActions = Shapes::ListShape.new(name: 'StatelessActions')
@@ -397,6 +402,8 @@ module Aws::NetworkFirewall
     FirewallPolicy.add_member(:stateless_fragment_default_actions, Shapes::ShapeRef.new(shape: StatelessActions, required: true, location_name: "StatelessFragmentDefaultActions"))
     FirewallPolicy.add_member(:stateless_custom_actions, Shapes::ShapeRef.new(shape: CustomActions, location_name: "StatelessCustomActions"))
     FirewallPolicy.add_member(:stateful_rule_group_references, Shapes::ShapeRef.new(shape: StatefulRuleGroupReferences, location_name: "StatefulRuleGroupReferences"))
+    FirewallPolicy.add_member(:stateful_default_actions, Shapes::ShapeRef.new(shape: StatefulActions, location_name: "StatefulDefaultActions"))
+    FirewallPolicy.add_member(:stateful_engine_options, Shapes::ShapeRef.new(shape: StatefulEngineOptions, location_name: "StatefulEngineOptions"))
     FirewallPolicy.struct_class = Types::FirewallPolicy
 
     FirewallPolicyMetadata.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "Name"))
@@ -409,6 +416,9 @@ module Aws::NetworkFirewall
     FirewallPolicyResponse.add_member(:description, Shapes::ShapeRef.new(shape: Description, location_name: "Description"))
     FirewallPolicyResponse.add_member(:firewall_policy_status, Shapes::ShapeRef.new(shape: ResourceStatus, location_name: "FirewallPolicyStatus"))
     FirewallPolicyResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
+    FirewallPolicyResponse.add_member(:consumed_stateless_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatelessRuleCapacity"))
+    FirewallPolicyResponse.add_member(:consumed_stateful_rule_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedStatefulRuleCapacity"))
+    FirewallPolicyResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
     FirewallPolicyResponse.struct_class = Types::FirewallPolicyResponse
 
     FirewallStatus.add_member(:status, Shapes::ShapeRef.new(shape: FirewallStatusValue, required: true, location_name: "Status"))
@@ -552,6 +562,7 @@ module Aws::NetworkFirewall
 
     RuleGroup.add_member(:rule_variables, Shapes::ShapeRef.new(shape: RuleVariables, location_name: "RuleVariables"))
     RuleGroup.add_member(:rules_source, Shapes::ShapeRef.new(shape: RulesSource, required: true, location_name: "RulesSource"))
+    RuleGroup.add_member(:stateful_rule_options, Shapes::ShapeRef.new(shape: StatefulRuleOptions, location_name: "StatefulRuleOptions"))
     RuleGroup.struct_class = Types::RuleGroup
 
     RuleGroupMetadata.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "Name"))
@@ -566,6 +577,8 @@ module Aws::NetworkFirewall
     RuleGroupResponse.add_member(:capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "Capacity"))
     RuleGroupResponse.add_member(:rule_group_status, Shapes::ShapeRef.new(shape: ResourceStatus, location_name: "RuleGroupStatus"))
     RuleGroupResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
+    RuleGroupResponse.add_member(:consumed_capacity, Shapes::ShapeRef.new(shape: RuleCapacity, location_name: "ConsumedCapacity"))
+    RuleGroupResponse.add_member(:number_of_associations, Shapes::ShapeRef.new(shape: NumberOfAssociations, location_name: "NumberOfAssociations"))
     RuleGroupResponse.struct_class = Types::RuleGroupResponse
 
     RuleGroups.member = Shapes::ShapeRef.new(shape: RuleGroupMetadata)
@@ -595,16 +608,25 @@ module Aws::NetworkFirewall
 
     Settings.member = Shapes::ShapeRef.new(shape: Setting)
 
+    StatefulActions.member = Shapes::ShapeRef.new(shape: CollectionMember_String)
+
+    StatefulEngineOptions.add_member(:rule_order, Shapes::ShapeRef.new(shape: RuleOrder, location_name: "RuleOrder"))
+    StatefulEngineOptions.struct_class = Types::StatefulEngineOptions
+
     StatefulRule.add_member(:action, Shapes::ShapeRef.new(shape: StatefulAction, required: true, location_name: "Action"))
     StatefulRule.add_member(:header, Shapes::ShapeRef.new(shape: Header, required: true, location_name: "Header"))
     StatefulRule.add_member(:rule_options, Shapes::ShapeRef.new(shape: RuleOptions, required: true, location_name: "RuleOptions"))
     StatefulRule.struct_class = Types::StatefulRule
 
     StatefulRuleGroupReference.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ResourceArn"))
+    StatefulRuleGroupReference.add_member(:priority, Shapes::ShapeRef.new(shape: Priority, location_name: "Priority", metadata: {"box"=>true}))
     StatefulRuleGroupReference.struct_class = Types::StatefulRuleGroupReference
 
     StatefulRuleGroupReferences.member = Shapes::ShapeRef.new(shape: StatefulRuleGroupReference)
 
+    StatefulRuleOptions.add_member(:rule_order, Shapes::ShapeRef.new(shape: RuleOrder, location_name: "RuleOrder"))
+    StatefulRuleOptions.struct_class = Types::StatefulRuleOptions
+
     StatefulRules.member = Shapes::ShapeRef.new(shape: StatefulRule)
 
     StatelessActions.member = Shapes::ShapeRef.new(shape: CollectionMember_String)
@@ -889,6 +911,7 @@ module Aws::NetworkFirewall
         o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidResourcePolicyException)
       end)
 
       api.add_operation(:delete_rule_group, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-networkfirewall/types.rb

@@ -360,8 +360,13 @@ module Aws::NetworkFirewall
     #           stateful_rule_group_references: [
     #             {
     #               resource_arn: "ResourceArn", # required
+    #               priority: 1,
     #             },
     #           ],
+    #           stateful_default_actions: ["CollectionMember_String"],
+    #           stateful_engine_options: {
+    #             rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #           },
     #         },
     #         description: "Description",
     #         tags: [
@@ -663,6 +668,9 @@ module Aws::NetworkFirewall
     #               ],
     #             },
     #           },
+    #           stateful_rule_options: {
+    #             rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #           },
     #         },
     #         rules: "RulesString",
     #         type: "STATELESS", # required, accepts STATELESS, STATEFUL
@@ -1658,8 +1666,13 @@ module Aws::NetworkFirewall
     #         stateful_rule_group_references: [
     #           {
     #             resource_arn: "ResourceArn", # required
+    #             priority: 1,
     #           },
     #         ],
+    #         stateful_default_actions: ["CollectionMember_String"],
+    #         stateful_engine_options: {
+    #           rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #         },
     #       }
     #
     # @!attribute [rw] stateless_rule_group_references
@@ -1709,10 +1722,22 @@ module Aws::NetworkFirewall
     #   @return [Array<Types::CustomAction>]
     #
     # @!attribute [rw] stateful_rule_group_references
-    #   References to the stateless rule groups that are used in the policy.
+    #   References to the stateful rule groups that are used in the policy.
     #   These define the inspection criteria in stateful rules.
     #   @return [Array<Types::StatefulRuleGroupReference>]
     #
+    # @!attribute [rw] stateful_default_actions
+    #   The default actions to take on a packet that doesn't match any
+    #   stateful rules.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] stateful_engine_options
+    #   Additional options governing how Network Firewall handles stateful
+    #   rules. The stateful rule groups that you use in your policy must
+    #   have stateful rule options settings that are compatible with these
+    #   settings.
+    #   @return [Types::StatefulEngineOptions]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicy AWS API Documentation
     #
     class FirewallPolicy < Struct.new(
@@ -1720,7 +1745,9 @@ module Aws::NetworkFirewall
       :stateless_default_actions,
       :stateless_fragment_default_actions,
       :stateless_custom_actions,
-      :stateful_rule_group_references)
+      :stateful_rule_group_references,
+      :stateful_default_actions,
+      :stateful_engine_options)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1785,6 +1812,21 @@ module Aws::NetworkFirewall
     #   The key:value pairs to associate with the resource.
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] consumed_stateless_rule_capacity
+    #   The number of capacity units currently consumed by the policy's
+    #   stateless rules.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] consumed_stateful_rule_capacity
+    #   The number of capacity units currently consumed by the policy's
+    #   stateful rules.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] number_of_associations
+    #   The number of firewalls that are associated with this firewall
+    #   policy.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/FirewallPolicyResponse AWS API Documentation
     #
     class FirewallPolicyResponse < Struct.new(
@@ -1793,7 +1835,10 @@ module Aws::NetworkFirewall
       :firewall_policy_id,
       :description,
       :firewall_policy_status,
-      :tags)
+      :tags,
+      :consumed_stateless_rule_capacity,
+      :consumed_stateful_rule_capacity,
+      :number_of_associations)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1846,9 +1891,9 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # The 5-tuple criteria for AWS Network Firewall to use to inspect packet
-    # headers in stateful traffic flow inspection. Traffic flows that match
-    # the criteria are a match for the corresponding StatefulRule.
+    # The basic rule criteria for AWS Network Firewall to use to inspect
+    # packet headers in stateful traffic flow inspection. Traffic flows that
+    # match the criteria are a match for the corresponding StatefulRule.
     #
     # @note When making an API call, you may pass Header
     #   data as a hash:
@@ -1894,7 +1939,7 @@ module Aws::NetworkFirewall
     # @!attribute [rw] source_port
     #   The source port to inspect for. You can specify an individual port,
     #   for example `1994` and you can specify a port range, for example
-    #   `1990-1994`. To match with any port, specify `ANY`.
+    #   `1990:1994`. To match with any port, specify `ANY`.
     #   @return [String]
     #
     # @!attribute [rw] direction
@@ -1932,7 +1977,7 @@ module Aws::NetworkFirewall
     # @!attribute [rw] destination_port
     #   The destination port to inspect for. You can specify an individual
     #   port, for example `1994` and you can specify a port range, for
-    #   example `1990-1994`. To match with any port, specify `ANY`.
+    #   example `1990:1994`. To match with any port, specify `ANY`.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Header AWS API Documentation
@@ -2034,6 +2079,8 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # The policy statement failed validation.
+    #
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -2475,7 +2522,7 @@ module Aws::NetworkFirewall
     #   17 (UDP).
     #
     #   You can specify individual ports, for example `1994` and you can
-    #   specify port ranges, for example `1990-1994`.
+    #   specify port ranges, for example `1990:1994`.
     #   @return [Array<Types::PortRange>]
     #
     # @!attribute [rw] destination_ports
@@ -2484,7 +2531,7 @@ module Aws::NetworkFirewall
     #   (TCP) and 17 (UDP).
     #
     #   You can specify individual ports, for example `1994` and you can
-    #   specify port ranges, for example `1990-1994`.
+    #   specify port ranges, for example `1990:1994`.
     #   @return [Array<Types::PortRange>]
     #
     # @!attribute [rw] protocols
@@ -2687,6 +2734,8 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
+    # Unable to change the resource because your account doesn't own it.
+    #
     # @!attribute [rw] message
     #   @return [String]
     #
@@ -2907,6 +2956,9 @@ module Aws::NetworkFirewall
     #             ],
     #           },
     #         },
+    #         stateful_rule_options: {
+    #           rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #         },
     #       }
     #
     # @!attribute [rw] rule_variables
@@ -2918,11 +2970,19 @@ module Aws::NetworkFirewall
     #   The stateful rules or stateless rules for the rule group.
     #   @return [Types::RulesSource]
     #
+    # @!attribute [rw] stateful_rule_options
+    #   Additional options governing how Network Firewall handles stateful
+    #   rules. The policies where you use your stateful rule group must have
+    #   stateful rule options settings that are compatible with these
+    #   settings.
+    #   @return [Types::StatefulRuleOptions]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroup AWS API Documentation
     #
     class RuleGroup < Struct.new(
       :rule_variables,
-      :rules_source)
+      :rules_source,
+      :stateful_rule_options)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3002,6 +3062,15 @@ module Aws::NetworkFirewall
     #   The key:value pairs to associate with the resource.
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] consumed_capacity
+    #   The number of capacity units currently consumed by the rule group
+    #   rules.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] number_of_associations
+    #   The number of firewall policies that use this rule group.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroupResponse AWS API Documentation
     #
     class RuleGroupResponse < Struct.new(
@@ -3012,7 +3081,9 @@ module Aws::NetworkFirewall
       :type,
       :capacity,
       :rule_group_status,
-      :tags)
+      :tags,
+      :consumed_capacity,
+      :number_of_associations)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3185,9 +3256,15 @@ module Aws::NetworkFirewall
     #   @return [Types::RulesSourceList]
     #
     # @!attribute [rw] stateful_rules
-    #   The 5-tuple stateful inspection criteria. This contains an array of
-    #   individual 5-tuple stateful rules to be used together in a stateful
-    #   rule group.
+    #   An array of individual stateful rules inspection criteria to be used
+    #   together in a stateful rule group. Use this option to specify simple
+    #   Suricata rules with protocol, source and destination, ports,
+    #   direction, and rule options. For information about the Suricata
+    #   `Rules` format, see [Rules Format][1].
+    #
+    #
+    #
+    #   [1]: https://suricata.readthedocs.io/en/suricata-5.0.0/rules/intro.html#
     #   @return [Array<Types::StatefulRule>]
     #
     # @!attribute [rw] stateless_rules_and_custom_actions
@@ -3216,7 +3293,7 @@ module Aws::NetworkFirewall
     # `HOME_NET` rule variable to include the CIDR range of the deployment
     # VPC plus the other CIDR ranges. For more information, see
     # RuleVariables in this guide and [Stateful domain list rule groups in
-    # AWS Network Firewall][1] in the *Network Firewall Developer Guide*
+    # AWS Network Firewall][1] in the *Network Firewall Developer Guide*.
     #
     #
     #
@@ -3247,7 +3324,7 @@ module Aws::NetworkFirewall
     #
     # @!attribute [rw] target_types
     #   The protocols you want to inspect. Specify `TLS_SNI` for `HTTPS`.
-    #   Specity `HTTP_HOST` for `HTTP`. You can specify either or both.
+    #   Specify `HTTP_HOST` for `HTTP`. You can specify either or both.
     #   @return [Array<String>]
     #
     # @!attribute [rw] generated_rules_type
@@ -3265,7 +3342,44 @@ module Aws::NetworkFirewall
       include Aws::Structure
     end
 
-    # A single 5-tuple stateful rule, for use in a stateful rule group.
+    # Configuration settings for the handling of the stateful rule groups in
+    # a firewall policy.
+    #
+    # @note When making an API call, you may pass StatefulEngineOptions
+    #   data as a hash:
+    #
+    #       {
+    #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #       }
+    #
+    # @!attribute [rw] rule_order
+    #   Indicates how to manage the order of stateful rule evaluation for
+    #   the policy. By default, Network Firewall leaves the rule evaluation
+    #   order up to the Suricata rule processing engine. If you set this to
+    #   `STRICT_ORDER`, your rules are evaluated in the exact order that you
+    #   provide them in the policy. With strict ordering, the rule groups
+    #   are evaluated by order of priority, starting from the lowest number,
+    #   and the rules in each rule group are processed in the order that
+    #   they're defined.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulEngineOptions AWS API Documentation
+    #
+    class StatefulEngineOptions < Struct.new(
+      :rule_order)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A single Suricata rules specification, for use in a stateful rule
+    # group. Use this option to specify a simple Suricata rule with
+    # protocol, source and destination, ports, direction, and rule options.
+    # For information about the Suricata `Rules` format, see [Rules
+    # Format][1].
+    #
+    #
+    #
+    # [1]: https://suricata.readthedocs.io/en/suricata-5.0.0/rules/intro.html#
     #
     # @note When making an API call, you may pass StatefulRule
     #   data as a hash:
@@ -3313,11 +3427,13 @@ module Aws::NetworkFirewall
     #   @return [String]
     #
     # @!attribute [rw] header
-    #   The stateful 5-tuple inspection criteria for this rule, used to
-    #   inspect traffic flows.
+    #   The stateful inspection criteria for this rule, used to inspect
+    #   traffic flows.
     #   @return [Types::Header]
     #
     # @!attribute [rw] rule_options
+    #   Additional options for the rule. These are the Suricata
+    #   `RuleOptions` settings.
     #   @return [Array<Types::RuleOption>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRule AWS API Documentation
@@ -3338,16 +3454,61 @@ module Aws::NetworkFirewall
     #
     #       {
     #         resource_arn: "ResourceArn", # required
+    #         priority: 1,
     #       }
     #
     # @!attribute [rw] resource_arn
     #   The Amazon Resource Name (ARN) of the stateful rule group.
     #   @return [String]
     #
+    # @!attribute [rw] priority
+    #   An integer setting that indicates the order in which to run the
+    #   stateful rule groups in a single FirewallPolicy. This setting only
+    #   applies to firewall policies that specify the `STRICT_ORDER` rule
+    #   order in the stateful engine options settings.
+    #
+    #   Network Firewall evalutes each stateful rule group against a packet
+    #   starting with the group that has the lowest priority setting. You
+    #   must ensure that the priority settings are unique within each
+    #   policy.
+    #
+    #   You can change the priority settings of your rule groups at any
+    #   time. To make it easier to insert rule groups later, number them so
+    #   there's a wide range in between, for example use 100, 200, and so
+    #   on.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleGroupReference AWS API Documentation
     #
     class StatefulRuleGroupReference < Struct.new(
-      :resource_arn)
+      :resource_arn,
+      :priority)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Additional options governing how Network Firewall handles the rule
+    # group. You can only use these for stateful rule groups.
+    #
+    # @note When making an API call, you may pass StatefulRuleOptions
+    #   data as a hash:
+    #
+    #       {
+    #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #       }
+    #
+    # @!attribute [rw] rule_order
+    #   Indicates how to manage the order of the rule evaluation for the
+    #   rule group. By default, Network Firewall leaves the rule evaluation
+    #   order up to the Suricata rule processing engine. If you set this to
+    #   `STRICT_ORDER`, your rules are evaluated in the exact order that
+    #   they're listed in your Suricata rules string.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRuleOptions AWS API Documentation
+    #
+    class StatefulRuleOptions < Struct.new(
+      :rule_order)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3402,11 +3563,11 @@ module Aws::NetworkFirewall
     #   @return [Types::RuleDefinition]
     #
     # @!attribute [rw] priority
-    #   A setting that indicates the order in which to run this rule
-    #   relative to all of the rules that are defined for a stateless rule
-    #   group. Network Firewall evaluates the rules in a rule group starting
-    #   with the lowest priority setting. You must ensure that the priority
-    #   settings are unique for the rule group.
+    #   Indicates the order in which to run this rule relative to all of the
+    #   rules that are defined for a stateless rule group. Network Firewall
+    #   evaluates the rules in a rule group starting with the lowest
+    #   priority setting. You must ensure that the priority settings are
+    #   unique for the rule group.
     #
     #   Each stateless rule group uses exactly one
     #   `StatelessRulesAndCustomActions` object, and each
@@ -4127,8 +4288,13 @@ module Aws::NetworkFirewall
     #           stateful_rule_group_references: [
     #             {
     #               resource_arn: "ResourceArn", # required
+    #               priority: 1,
     #             },
     #           ],
+    #           stateful_default_actions: ["CollectionMember_String"],
+    #           stateful_engine_options: {
+    #             rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #           },
     #         },
     #         description: "Description",
     #         dry_run: false,
@@ -4400,6 +4566,9 @@ module Aws::NetworkFirewall
     #               ],
     #             },
     #           },
+    #           stateful_rule_options: {
+    #             rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
+    #           },
     #         },
     #         rules: "RulesString",
     #         type: "STATELESS", # accepts STATELESS, STATEFUL

data/lib/aws-sdk-networkfirewall.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
 # @!group service
 module Aws::NetworkFirewall
 
-  GEM_VERSION = '1.7.0'
+  GEM_VERSION = '1.8.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-networkfirewall
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.8.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-01 00:00:00.000000000 Z
+date: 2021-09-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core