@aws-sdk/client-fms 3.128.0 → 3.130.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/dist-cjs/models/models_0.js +13 -2
- package/dist-cjs/protocols/Aws_json1_1.js +15 -0
- package/dist-es/models/models_0.js +9 -0
- package/dist-es/protocols/Aws_json1_1.js +15 -0
- package/dist-types/models/models_0.d.ts +141 -116
- package/dist-types/ts3.4/models/models_0.d.ts +19 -0
- package/package.json +6 -6
package/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,22 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
|
|
5
5
|
|
|
6
|
+
# [3.130.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.129.0...v3.130.0) (2022-07-14)
|
|
7
|
+
|
|
8
|
+
|
|
9
|
+
### Bug Fixes
|
|
10
|
+
|
|
11
|
+
* **codegen:** fix error code parsing when it's a number ([#3371](https://github.com/aws/aws-sdk-js-v3/issues/3371)) ([c2d8522](https://github.com/aws/aws-sdk-js-v3/commit/c2d852279a3d23958521a6ceb4f4c642b0cb1848))
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
### Features
|
|
15
|
+
|
|
16
|
+
* **client-fms:** Adds support for strict ordering in stateful rule groups in Network Firewall policies. ([b6f9a9f](https://github.com/aws/aws-sdk-js-v3/commit/b6f9a9f9e59ce61790e5832dd60e43fe0b622c67))
|
|
17
|
+
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
|
|
21
|
+
|
|
6
22
|
# [3.128.0](https://github.com/aws/aws-sdk-js-v3/compare/v3.127.0...v3.128.0) (2022-07-12)
|
|
7
23
|
|
|
8
24
|
**Note:** Version bump only for package @aws-sdk/client-fms
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.GetProtectionStatusResponse = exports.GetProtectionStatusRequest = exports.InvalidTypeException = exports.GetPolicyResponse = exports.Policy = exports.SecurityServicePolicyData = exports.SecurityServiceType = exports.PolicyOption = exports.ThirdPartyFirewallPolicy = exports.NetworkFirewallPolicy = exports.FirewallDeploymentModel = exports.ResourceTag = exports.CustomerPolicyScopeIdType = exports.GetPolicyRequest = exports.GetNotificationChannelResponse = exports.GetNotificationChannelRequest = exports.GetComplianceDetailResponse = exports.PolicyComplianceDetail = exports.ComplianceViolator = exports.ViolationReason = exports.DependentServiceName = exports.GetComplianceDetailRequest = exports.GetAppsListResponse = exports.GetAppsListRequest = exports.GetAdminAccountResponse = exports.GetAdminAccountRequest = exports.DisassociateThirdPartyFirewallResponse = exports.DisassociateThirdPartyFirewallRequest = exports.DisassociateAdminAccountRequest = exports.DeleteProtocolsListRequest = exports.DeletePolicyRequest = exports.DeleteNotificationChannelRequest = exports.DeleteAppsListRequest = exports.AwsEc2InstanceViolation = exports.AwsEc2NetworkInterfaceViolation = exports.AssociateThirdPartyFirewallResponse = exports.ThirdPartyFirewallAssociationStatus = exports.AssociateThirdPartyFirewallRequest = exports.ThirdPartyFirewall = exports.ResourceNotFoundException = exports.LimitExceededException = exports.InvalidOperationException = exports.InvalidInputException = exports.InternalErrorException = exports.AssociateAdminAccountRequest = exports.AppsListDataSummary = exports.AppsListData = exports.App = exports.ActionTarget = exports.AccountRoleStatus = void 0;
|
|
4
|
-
exports.
|
|
5
|
-
exports.UntagResourceResponse = exports.UntagResourceRequest = exports.TagResourceResponse = exports.TagResourceRequest = exports.PutProtocolsListResponse = exports.PutProtocolsListRequest = exports.PutPolicyResponse = exports.PutPolicyRequest = exports.PutNotificationChannelRequest = exports.PutAppsListResponse = exports.PutAppsListRequest = exports.ListThirdPartyFirewallFirewallPoliciesResponse = exports.ThirdPartyFirewallFirewallPolicy = exports.ListThirdPartyFirewallFirewallPoliciesRequest = exports.ListTagsForResourceResponse = exports.ListTagsForResourceRequest = exports.ListProtocolsListsResponse = exports.ProtocolsListDataSummary = exports.ListProtocolsListsRequest = exports.ListPoliciesResponse = exports.PolicySummary = exports.ListPoliciesRequest = exports.ListMemberAccountsResponse = exports.ListMemberAccountsRequest = exports.ListComplianceStatusResponse = exports.PolicyComplianceStatus = exports.EvaluationResult = exports.PolicyComplianceStatusType = exports.ListComplianceStatusRequest = exports.ListAppsListsResponse = exports.ListAppsListsRequest = exports.GetViolationDetailsResponse = exports.ViolationDetail = exports.ResourceViolation = exports.ThirdPartyFirewallMissingSubnetViolation = void 0;
|
|
4
|
+
exports.RouteHasOutOfScopeEndpointViolation = exports.PossibleRemediationActions = exports.PossibleRemediationAction = exports.RemediationActionWithOrder = exports.RemediationAction = exports.FMSPolicyUpdateFirewallCreationConfigAction = exports.EC2ReplaceRouteTableAssociationAction = exports.EC2ReplaceRouteAction = exports.EC2DeleteRouteAction = exports.EC2CreateRouteTableAction = exports.EC2CreateRouteAction = exports.EC2CopyRouteTableAction = exports.EC2AssociateRouteTableAction = exports.NetworkFirewallUnexpectedGatewayRoutesViolation = exports.NetworkFirewallUnexpectedFirewallRoutesViolation = exports.NetworkFirewallPolicyModifiedViolation = exports.NetworkFirewallPolicyDescription = exports.StatelessRuleGroup = exports.StatefulRuleGroup = exports.StatefulEngineOptions = exports.RuleOrder = exports.NetworkFirewallMissingSubnetViolation = exports.NetworkFirewallMissingFirewallViolation = exports.NetworkFirewallMissingExpectedRTViolation = exports.NetworkFirewallMissingExpectedRoutesViolation = exports.NetworkFirewallInvalidRouteConfigurationViolation = exports.NetworkFirewallInternetTrafficNotInspectedViolation = exports.ExpectedRoute = exports.NetworkFirewallBlackHoleRouteDetectedViolation = exports.Route = exports.TargetType = exports.DestinationType = exports.FirewallSubnetMissingVPCEndpointViolation = exports.FirewallSubnetIsOutOfScopeViolation = exports.DnsRuleGroupPriorityConflictViolation = exports.DnsRuleGroupLimitExceededViolation = exports.DnsDuplicateRuleGroupViolation = exports.AwsVPCSecurityGroupViolation = exports.SecurityGroupRemediationAction = exports.SecurityGroupRuleDescription = exports.RemediationActionType = exports.PartialMatch = exports.Tag = exports.GetViolationDetailsRequest = exports.GetThirdPartyFirewallAssociationStatusResponse = exports.MarketplaceSubscriptionOnboardingStatus = exports.GetThirdPartyFirewallAssociationStatusRequest = exports.GetProtocolsListResponse = exports.ProtocolsListData = exports.GetProtocolsListRequest = void 0;
|
|
5
|
+
exports.UntagResourceResponse = exports.UntagResourceRequest = exports.TagResourceResponse = exports.TagResourceRequest = exports.PutProtocolsListResponse = exports.PutProtocolsListRequest = exports.PutPolicyResponse = exports.PutPolicyRequest = exports.PutNotificationChannelRequest = exports.PutAppsListResponse = exports.PutAppsListRequest = exports.ListThirdPartyFirewallFirewallPoliciesResponse = exports.ThirdPartyFirewallFirewallPolicy = exports.ListThirdPartyFirewallFirewallPoliciesRequest = exports.ListTagsForResourceResponse = exports.ListTagsForResourceRequest = exports.ListProtocolsListsResponse = exports.ProtocolsListDataSummary = exports.ListProtocolsListsRequest = exports.ListPoliciesResponse = exports.PolicySummary = exports.ListPoliciesRequest = exports.ListMemberAccountsResponse = exports.ListMemberAccountsRequest = exports.ListComplianceStatusResponse = exports.PolicyComplianceStatus = exports.EvaluationResult = exports.PolicyComplianceStatusType = exports.ListComplianceStatusRequest = exports.ListAppsListsResponse = exports.ListAppsListsRequest = exports.GetViolationDetailsResponse = exports.ViolationDetail = exports.ResourceViolation = exports.ThirdPartyFirewallMissingSubnetViolation = exports.ThirdPartyFirewallMissingFirewallViolation = exports.ThirdPartyFirewallMissingExpectedRouteTableViolation = void 0;
|
|
6
6
|
const FMSServiceException_1 = require("./FMSServiceException");
|
|
7
7
|
var AccountRoleStatus;
|
|
8
8
|
(function (AccountRoleStatus) {
|
|
@@ -564,6 +564,17 @@ var NetworkFirewallMissingSubnetViolation;
|
|
|
564
564
|
...obj,
|
|
565
565
|
});
|
|
566
566
|
})(NetworkFirewallMissingSubnetViolation = exports.NetworkFirewallMissingSubnetViolation || (exports.NetworkFirewallMissingSubnetViolation = {}));
|
|
567
|
+
var RuleOrder;
|
|
568
|
+
(function (RuleOrder) {
|
|
569
|
+
RuleOrder["DEFAULT_ACTION_ORDER"] = "DEFAULT_ACTION_ORDER";
|
|
570
|
+
RuleOrder["STRICT_ORDER"] = "STRICT_ORDER";
|
|
571
|
+
})(RuleOrder = exports.RuleOrder || (exports.RuleOrder = {}));
|
|
572
|
+
var StatefulEngineOptions;
|
|
573
|
+
(function (StatefulEngineOptions) {
|
|
574
|
+
StatefulEngineOptions.filterSensitiveLog = (obj) => ({
|
|
575
|
+
...obj,
|
|
576
|
+
});
|
|
577
|
+
})(StatefulEngineOptions = exports.StatefulEngineOptions || (exports.StatefulEngineOptions = {}));
|
|
567
578
|
var StatefulRuleGroup;
|
|
568
579
|
(function (StatefulRuleGroup) {
|
|
569
580
|
StatefulRuleGroup.filterSensitiveLog = (obj) => ({
|
|
@@ -2661,6 +2661,12 @@ const deserializeAws_json1_1NetworkFirewallPolicy = (output, context) => {
|
|
|
2661
2661
|
};
|
|
2662
2662
|
const deserializeAws_json1_1NetworkFirewallPolicyDescription = (output, context) => {
|
|
2663
2663
|
return {
|
|
2664
|
+
StatefulDefaultActions: output.StatefulDefaultActions != null
|
|
2665
|
+
? deserializeAws_json1_1NetworkFirewallActionList(output.StatefulDefaultActions, context)
|
|
2666
|
+
: undefined,
|
|
2667
|
+
StatefulEngineOptions: output.StatefulEngineOptions != null
|
|
2668
|
+
? deserializeAws_json1_1StatefulEngineOptions(output.StatefulEngineOptions, context)
|
|
2669
|
+
: undefined,
|
|
2664
2670
|
StatefulRuleGroups: output.StatefulRuleGroups != null
|
|
2665
2671
|
? deserializeAws_json1_1StatefulRuleGroupList(output.StatefulRuleGroups, context)
|
|
2666
2672
|
: undefined,
|
|
@@ -3178,8 +3184,14 @@ const deserializeAws_json1_1SecurityServicePolicyData = (output, context) => {
|
|
|
3178
3184
|
Type: (0, smithy_client_1.expectString)(output.Type),
|
|
3179
3185
|
};
|
|
3180
3186
|
};
|
|
3187
|
+
const deserializeAws_json1_1StatefulEngineOptions = (output, context) => {
|
|
3188
|
+
return {
|
|
3189
|
+
RuleOrder: (0, smithy_client_1.expectString)(output.RuleOrder),
|
|
3190
|
+
};
|
|
3191
|
+
};
|
|
3181
3192
|
const deserializeAws_json1_1StatefulRuleGroup = (output, context) => {
|
|
3182
3193
|
return {
|
|
3194
|
+
Priority: (0, smithy_client_1.expectInt32)(output.Priority),
|
|
3183
3195
|
ResourceId: (0, smithy_client_1.expectString)(output.ResourceId),
|
|
3184
3196
|
RuleGroupName: (0, smithy_client_1.expectString)(output.RuleGroupName),
|
|
3185
3197
|
};
|
|
@@ -3351,6 +3363,9 @@ const loadRestJsonErrorCode = (output, data) => {
|
|
|
3351
3363
|
const findKey = (object, key) => Object.keys(object).find((k) => k.toLowerCase() === key.toLowerCase());
|
|
3352
3364
|
const sanitizeErrorCode = (rawValue) => {
|
|
3353
3365
|
let cleanValue = rawValue;
|
|
3366
|
+
if (typeof cleanValue === "number") {
|
|
3367
|
+
cleanValue = cleanValue.toString();
|
|
3368
|
+
}
|
|
3354
3369
|
if (cleanValue.indexOf(":") >= 0) {
|
|
3355
3370
|
cleanValue = cleanValue.split(":")[0];
|
|
3356
3371
|
}
|
|
@@ -432,6 +432,15 @@ export var NetworkFirewallMissingSubnetViolation;
|
|
|
432
432
|
(function (NetworkFirewallMissingSubnetViolation) {
|
|
433
433
|
NetworkFirewallMissingSubnetViolation.filterSensitiveLog = function (obj) { return (__assign({}, obj)); };
|
|
434
434
|
})(NetworkFirewallMissingSubnetViolation || (NetworkFirewallMissingSubnetViolation = {}));
|
|
435
|
+
export var RuleOrder;
|
|
436
|
+
(function (RuleOrder) {
|
|
437
|
+
RuleOrder["DEFAULT_ACTION_ORDER"] = "DEFAULT_ACTION_ORDER";
|
|
438
|
+
RuleOrder["STRICT_ORDER"] = "STRICT_ORDER";
|
|
439
|
+
})(RuleOrder || (RuleOrder = {}));
|
|
440
|
+
export var StatefulEngineOptions;
|
|
441
|
+
(function (StatefulEngineOptions) {
|
|
442
|
+
StatefulEngineOptions.filterSensitiveLog = function (obj) { return (__assign({}, obj)); };
|
|
443
|
+
})(StatefulEngineOptions || (StatefulEngineOptions = {}));
|
|
435
444
|
export var StatefulRuleGroup;
|
|
436
445
|
(function (StatefulRuleGroup) {
|
|
437
446
|
StatefulRuleGroup.filterSensitiveLog = function (obj) { return (__assign({}, obj)); };
|
|
@@ -3074,6 +3074,12 @@ var deserializeAws_json1_1NetworkFirewallPolicy = function (output, context) {
|
|
|
3074
3074
|
};
|
|
3075
3075
|
var deserializeAws_json1_1NetworkFirewallPolicyDescription = function (output, context) {
|
|
3076
3076
|
return {
|
|
3077
|
+
StatefulDefaultActions: output.StatefulDefaultActions != null
|
|
3078
|
+
? deserializeAws_json1_1NetworkFirewallActionList(output.StatefulDefaultActions, context)
|
|
3079
|
+
: undefined,
|
|
3080
|
+
StatefulEngineOptions: output.StatefulEngineOptions != null
|
|
3081
|
+
? deserializeAws_json1_1StatefulEngineOptions(output.StatefulEngineOptions, context)
|
|
3082
|
+
: undefined,
|
|
3077
3083
|
StatefulRuleGroups: output.StatefulRuleGroups != null
|
|
3078
3084
|
? deserializeAws_json1_1StatefulRuleGroupList(output.StatefulRuleGroups, context)
|
|
3079
3085
|
: undefined,
|
|
@@ -3589,8 +3595,14 @@ var deserializeAws_json1_1SecurityServicePolicyData = function (output, context)
|
|
|
3589
3595
|
Type: __expectString(output.Type),
|
|
3590
3596
|
};
|
|
3591
3597
|
};
|
|
3598
|
+
var deserializeAws_json1_1StatefulEngineOptions = function (output, context) {
|
|
3599
|
+
return {
|
|
3600
|
+
RuleOrder: __expectString(output.RuleOrder),
|
|
3601
|
+
};
|
|
3602
|
+
};
|
|
3592
3603
|
var deserializeAws_json1_1StatefulRuleGroup = function (output, context) {
|
|
3593
3604
|
return {
|
|
3605
|
+
Priority: __expectInt32(output.Priority),
|
|
3594
3606
|
ResourceId: __expectString(output.ResourceId),
|
|
3595
3607
|
RuleGroupName: __expectString(output.RuleGroupName),
|
|
3596
3608
|
};
|
|
@@ -3774,6 +3786,9 @@ var loadRestJsonErrorCode = function (output, data) {
|
|
|
3774
3786
|
var findKey = function (object, key) { return Object.keys(object).find(function (k) { return k.toLowerCase() === key.toLowerCase(); }); };
|
|
3775
3787
|
var sanitizeErrorCode = function (rawValue) {
|
|
3776
3788
|
var cleanValue = rawValue;
|
|
3789
|
+
if (typeof cleanValue === "number") {
|
|
3790
|
+
cleanValue = cleanValue.toString();
|
|
3791
|
+
}
|
|
3777
3792
|
if (cleanValue.indexOf(":") >= 0) {
|
|
3778
3793
|
cleanValue = cleanValue.split(":")[0];
|
|
3779
3794
|
}
|
|
@@ -693,11 +693,11 @@ export declare namespace NetworkFirewallPolicy {
|
|
|
693
693
|
const filterSensitiveLog: (obj: NetworkFirewallPolicy) => any;
|
|
694
694
|
}
|
|
695
695
|
/**
|
|
696
|
-
* <p>Configures the
|
|
696
|
+
* <p>Configures the deployment model for the third-party firewall.</p>
|
|
697
697
|
*/
|
|
698
698
|
export interface ThirdPartyFirewallPolicy {
|
|
699
699
|
/**
|
|
700
|
-
* <p>Defines the deployment model to use for the third-party firewall.</p>
|
|
700
|
+
* <p>Defines the deployment model to use for the third-party firewall policy.</p>
|
|
701
701
|
*/
|
|
702
702
|
FirewallDeploymentModel?: FirewallDeploymentModel | string;
|
|
703
703
|
}
|
|
@@ -708,8 +708,7 @@ export declare namespace ThirdPartyFirewallPolicy {
|
|
|
708
708
|
const filterSensitiveLog: (obj: ThirdPartyFirewallPolicy) => any;
|
|
709
709
|
}
|
|
710
710
|
/**
|
|
711
|
-
* <p>Contains the Network Firewall firewall policy options to configure
|
|
712
|
-
* model.</p>
|
|
711
|
+
* <p>Contains the Network Firewall firewall policy options to configure the policy's deployment model and third-party firewall policy settings.</p>
|
|
713
712
|
*/
|
|
714
713
|
export interface PolicyOption {
|
|
715
714
|
/**
|
|
@@ -761,144 +760,93 @@ export interface SecurityServicePolicyData {
|
|
|
761
760
|
* </p>
|
|
762
761
|
* <note>
|
|
763
762
|
* <p>Valid values for <code>preProcessRuleGroups</code> are between 1 and 99. Valid
|
|
764
|
-
*
|
|
763
|
+
* values for <code>postProcessRuleGroups</code> are between 9901 and 10000.</p>
|
|
765
764
|
* </note>
|
|
766
765
|
* </li>
|
|
767
766
|
* <li>
|
|
768
|
-
* <p>Example: <code>
|
|
769
|
-
*
|
|
767
|
+
* <p>Example: <code>NETWORK_FIREWALL</code> - Centralized deployment
|
|
768
|
+
* model</p>
|
|
770
769
|
* <p>
|
|
771
|
-
* <code>"{\"type\":\"
|
|
770
|
+
* <code>"{\"type\":\"NETWORK_FIREWALL\",\"awsNetworkFirewallConfig\":{\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}},\"firewallDeploymentModel\":{\"centralizedFirewallDeploymentModel\":{\"centralizedFirewallOrchestrationConfig\":{\"inspectionVpcIds\":[{\"resourceId\":\"vpc-1234\",\"accountId\":\"123456789011\"}],\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneId\":null,\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]}]}},\"allowedIPV4CidrList\":[]}}}}"</code>
|
|
772
771
|
* </p>
|
|
773
|
-
* <
|
|
774
|
-
*
|
|
775
|
-
* values for <code>postProcessRuleGroups</code> are between 9901 and 10000.</p>
|
|
776
|
-
* </note>
|
|
772
|
+
* <p> To use the centralized deployment model, you must set <a href="https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html">PolicyOption</a> to
|
|
773
|
+
* <code>CENTRALIZED</code>. </p>
|
|
777
774
|
* </li>
|
|
778
775
|
* <li>
|
|
779
776
|
* <p>Example: <code>NETWORK_FIREWALL</code> - Distributed deployment model with
|
|
780
|
-
* automatic Availability Zone configuration
|
|
781
|
-
* configuration, Firewall Manager chooses which Availability Zones to create the endpoints in. </p>
|
|
777
|
+
* automatic Availability Zone configuration</p>
|
|
782
778
|
* <p>
|
|
783
|
-
* <code>
|
|
784
|
-
*
|
|
785
|
-
*
|
|
786
|
-
* \"priority\": 1 } ], \"networkFirewallStatelessDefaultActions\": [
|
|
787
|
-
* \"aws:forward_to_sfe\", \"customActionName\" ],
|
|
788
|
-
* \"networkFirewallStatelessFragmentDefaultActions\": [ \"aws:forward_to_sfe\",
|
|
789
|
-
* \"customActionName\" ], \"networkFirewallStatelessCustomActions\": [ {
|
|
790
|
-
* \"actionName\": \"customActionName\", \"actionDefinition\": {
|
|
791
|
-
* \"publishMetricAction\": { \"dimensions\": [ { \"value\": \"metricdimensionvalue\"
|
|
792
|
-
* } ] } } } ], \"networkFirewallStatefulRuleGroupReferences\": [ { \"resourceARN\":
|
|
793
|
-
* \"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\" } ],
|
|
794
|
-
* \"networkFirewallOrchestrationConfig\": { \"singleFirewallEndpointPerVPC\": false,
|
|
795
|
-
* \"allowedIPV4CidrList\": [ \"10.0.0.0/28\", \"192.168.0.0/28\" ],
|
|
796
|
-
* \"routeManagementAction\": \"OFF\" }, \"networkFirewallLoggingConfiguration\": {
|
|
797
|
-
* \"logDestinationConfigs\": [ { \"logDestinationType\": \"S3\", \"logType\":
|
|
798
|
-
* \"ALERT\", \"logDestination\": { \"bucketName\": \"s3-bucket-name\" } }, {
|
|
799
|
-
* \"logDestinationType\": \"S3\", \"logType\": \"FLOW\", \"logDestination\": {
|
|
800
|
-
* \"bucketName\": \"s3-bucket-name\" } } ], \"overrideExistingConfig\": true }
|
|
801
|
-
* }"</code>
|
|
779
|
+
* <code>
|
|
780
|
+
* "{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"OFF\"},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}}"
|
|
781
|
+
* </code>
|
|
802
782
|
* </p>
|
|
803
|
-
* <p> To use the distributed deployment model, you must set <a href="https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html">PolicyOption</a> to
|
|
783
|
+
* <p> With automatic Availbility Zone configuration, Firewall Manager chooses which Availability Zones to create the endpoints in. To use the distributed deployment model, you must set <a href="https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html">PolicyOption</a> to
|
|
804
784
|
* <code>NULL</code>. </p>
|
|
805
785
|
* </li>
|
|
806
786
|
* <li>
|
|
807
787
|
* <p>Example: <code>NETWORK_FIREWALL</code> - Distributed deployment model with
|
|
808
|
-
* automatic Availability Zone configuration
|
|
788
|
+
* automatic Availability Zone configuration and route management</p>
|
|
809
789
|
* <p>
|
|
810
|
-
* <code>
|
|
811
|
-
*
|
|
812
|
-
*
|
|
813
|
-
* \"priority\": 1 } ], \"networkFirewallStatelessDefaultActions\": [
|
|
814
|
-
* \"aws:forward_to_sfe\", \"customActionName\" ],
|
|
815
|
-
* \"networkFirewallStatelessFragmentDefaultActions\": [ \"aws:forward_to_sfe\",
|
|
816
|
-
* \"customActionName\" ], \"networkFirewallStatelessCustomActions\": [ {
|
|
817
|
-
* \"actionName\": \"customActionName\", \"actionDefinition\": {
|
|
818
|
-
* \"publishMetricAction\": { \"dimensions\": [ { \"value\": \"metricdimensionvalue\"
|
|
819
|
-
* } ] } } } ], \"networkFirewallStatefulRuleGroupReferences\": [ { \"resourceARN\":
|
|
820
|
-
* \"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\" } ],
|
|
821
|
-
* \"networkFirewallOrchestrationConfig\": { \"singleFirewallEndpointPerVPC\": false,
|
|
822
|
-
* \"allowedIPV4CidrList\": [ \"10.0.0.0/28\", \"192.168.0.0/28\" ],
|
|
823
|
-
* \"routeManagementAction\": \"MONITOR\", \"routeManagementTargetTypes\": [
|
|
824
|
-
* \"InternetGateway\" ] }, \"networkFirewallLoggingConfiguration\": {
|
|
825
|
-
* \"logDestinationConfigs\": [ { \"logDestinationType\": \"S3\", \"logType\":
|
|
826
|
-
* \"ALERT\", \"logDestination\": { \"bucketName\": \"s3-bucket-name\" } }, {
|
|
827
|
-
* \"logDestinationType\": \"S3\", \"logType\": \"FLOW\", \"logDestination\": {
|
|
828
|
-
* \"bucketName\": \"s3-bucket-name\" } } ], \"overrideExistingConfig\": true }
|
|
829
|
-
* }"</code>
|
|
790
|
+
* <code>
|
|
791
|
+
* "{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"]},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\": \"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}}"
|
|
792
|
+
* </code>
|
|
830
793
|
* </p>
|
|
794
|
+
* <p>To use the distributed deployment model, you must set <a href="https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html">PolicyOption</a> to
|
|
795
|
+
* <code>NULL</code>. </p>
|
|
831
796
|
* </li>
|
|
832
797
|
* <li>
|
|
833
798
|
* <p>Example: <code>NETWORK_FIREWALL</code> - Distributed deployment model with
|
|
834
|
-
* custom Availability Zone configuration
|
|
835
|
-
* you define which specific Availability Zones to create endpoints in by configuring
|
|
836
|
-
* <code>firewallCreationConfig</code>. </p>
|
|
799
|
+
* custom Availability Zone configuration</p>
|
|
837
800
|
* <p>
|
|
838
|
-
* <code>"{
|
|
839
|
-
*
|
|
840
|
-
* \"networkFirewallStatelessDefaultActions\":[ \"aws:forward_to_sfe\",
|
|
841
|
-
* \"customActionName\" ], \"networkFirewallStatelessFragmentDefaultActions\":[
|
|
842
|
-
* \"aws:forward_to_sfe\", \"fragmentcustomactionname\" ],
|
|
843
|
-
* \"networkFirewallStatelessCustomActions\":[ { \"actionName\":\"customActionName\",
|
|
844
|
-
* \"actionDefinition\":{ \"publishMetricAction\":{ \"dimensions\":[ {
|
|
845
|
-
* \"value\":\"metricdimensionvalue\" } ] } } }, {
|
|
846
|
-
* \"actionName\":\"fragmentcustomactionname\", \"actionDefinition\":{
|
|
847
|
-
* \"publishMetricAction\":{ \"dimensions\":[ {
|
|
848
|
-
* \"value\":\"fragmentmetricdimensionvalue\" } ] } } } ],
|
|
849
|
-
* \"networkFirewallStatefulRuleGroupReferences\":[ {
|
|
850
|
-
* \"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"
|
|
851
|
-
* } ], \"networkFirewallOrchestrationConfig\":{ \"firewallCreationConfig\":{
|
|
852
|
-
* \"endpointLocation\":{ \"availabilityZoneConfigList\":[ {
|
|
853
|
-
* \"availabilityZoneId\":null, \"availabilityZoneName\":\"us-east-1a\",
|
|
854
|
-
* \"allowedIPV4CidrList\":[ \"10.0.0.0/28\" ] }, { ¯\"availabilityZoneId\":null,
|
|
855
|
-
* \"availabilityZoneName\":\"us-east-1b\", \"allowedIPV4CidrList\":[ \"10.0.0.0/28\"
|
|
856
|
-
* ] } ] } }, \"singleFirewallEndpointPerVPC\":false, \"allowedIPV4CidrList\":null,
|
|
857
|
-
* \"routeManagementAction\":\"OFF\", \"networkFirewallLoggingConfiguration\":{
|
|
858
|
-
* \"logDestinationConfigs\":[ { \"logDestinationType\":\"S3\",
|
|
859
|
-
* \"logType\":\"ALERT\", \"logDestination\":{ \"bucketName\":\"s3-bucket-name\" } },
|
|
860
|
-
* { \"logDestinationType\":\"S3\", \"logType\":\"FLOW\", \"logDestination\":{
|
|
861
|
-
* \"bucketName\":\"s3-bucket-name\" } } ], \"overrideExistingConfig\":boolean }
|
|
862
|
-
* }"</code>
|
|
801
|
+
* <code>"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\", \"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}},{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"fragmentmetricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"firewallCreationConfig\":{ \"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]},{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[ \"10.0.0.0/28\"]}]} },\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"OFF\",\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":boolean}}"
|
|
802
|
+
* </code>
|
|
863
803
|
* </p>
|
|
804
|
+
* <p>
|
|
805
|
+
* With custom Availability Zone configuration,
|
|
806
|
+
* you define which specific Availability Zones to create endpoints in by configuring
|
|
807
|
+
* <code>firewallCreationConfig</code>. To configure the Availability Zones in <code>firewallCreationConfig</code>, specify either the <code>availabilityZoneName</code> or <code>availabilityZoneId</code> parameter, not both parameters.
|
|
808
|
+
* </p>
|
|
809
|
+
* <p>To use the distributed deployment model, you must set <a href="https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html">PolicyOption</a> to
|
|
810
|
+
* <code>NULL</code>. </p>
|
|
864
811
|
* </li>
|
|
865
812
|
* <li>
|
|
866
813
|
* <p>Example: <code>NETWORK_FIREWALL</code> - Distributed deployment model with
|
|
867
|
-
* custom Availability Zone configuration
|
|
814
|
+
* custom Availability Zone configuration and route management</p>
|
|
868
815
|
* <p>
|
|
869
|
-
* <code>"{
|
|
870
|
-
*
|
|
871
|
-
* \"networkFirewallStatelessDefaultActions\":[ \"aws:forward_to_sfe\",
|
|
872
|
-
* \"customActionName\" ], \"networkFirewallStatelessFragmentDefaultActions\":[
|
|
873
|
-
* \"aws:forward_to_sfe\", \"fragmentcustomactionname\" ],
|
|
874
|
-
* \"networkFirewallStatelessCustomActions\":[ { \"actionName\":\"customActionName\",
|
|
875
|
-
* \"actionDefinition\":{ \"publishMetricAction\":{ \"dimensions\":[ {
|
|
876
|
-
* \"value\":\"metricdimensionvalue\" } ] } } }, {
|
|
877
|
-
* \"actionName\":\"fragmentcustomactionname\", \"actionDefinition\":{
|
|
878
|
-
* \"publishMetricAction\":{ \"dimensions\":[ {
|
|
879
|
-
* \"value\":\"fragmentmetricdimensionvalue\" } ] } } } ],
|
|
880
|
-
* \"networkFirewallStatefulRuleGroupReferences\":[ {
|
|
881
|
-
* \"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"
|
|
882
|
-
* } ], \"networkFirewallOrchestrationConfig\":{ \"firewallCreationConfig\":{
|
|
883
|
-
* \"endpointLocation\":{ \"availabilityZoneConfigList\":[ {
|
|
884
|
-
* \"availabilityZoneId\":null, \"availabilityZoneName\":\"us-east-1a\",
|
|
885
|
-
* \"allowedIPV4CidrList\":[ \"10.0.0.0/28\" ] }, { ¯\"availabilityZoneId\":null,
|
|
886
|
-
* \"availabilityZoneName\":\"us-east-1b\", \"allowedIPV4CidrList\":[ \"10.0.0.0/28\"
|
|
887
|
-
* ] } ] } }, \"singleFirewallEndpointPerVPC\":false, \"allowedIPV4CidrList\":null,
|
|
888
|
-
* \"routeManagementAction\":\"MONITOR\", \"routeManagementTargetTypes\":[
|
|
889
|
-
* \"InternetGateway\" ], \"routeManagementConfig\":{
|
|
890
|
-
* \"allowCrossAZTrafficIfNoEndpoint\":true } },
|
|
891
|
-
* \"networkFirewallLoggingConfiguration\":{ \"logDestinationConfigs\":[ {
|
|
892
|
-
* \"logDestinationType\":\"S3\", \"logType\":\"ALERT\", \"logDestination\":{
|
|
893
|
-
* \"bucketName\":\"s3-bucket-name\" } }, { \"logDestinationType\":\"S3\",
|
|
894
|
-
* \"logType\":\"FLOW\", \"logDestination\":{ \"bucketName\":\"s3-bucket-name\" } }
|
|
895
|
-
* ], \"overrideExistingConfig\":boolean } }"</code>
|
|
816
|
+
* <code>"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}},{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"fragmentmetricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]},{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]}]}},\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"],\"routeManagementConfig\":{\"allowCrossAZTrafficIfNoEndpoint\":true}},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":boolean}}"
|
|
817
|
+
* </code>
|
|
896
818
|
* </p>
|
|
819
|
+
* <p>To use the distributed deployment model, you must set <a href="https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html">PolicyOption</a> to
|
|
820
|
+
* <code>NULL</code>. </p>
|
|
897
821
|
* </li>
|
|
898
822
|
* <li>
|
|
899
|
-
* <p>Example: <code>
|
|
823
|
+
* <p>Example: <code>THIRD_PARTY_FIREWALL</code>
|
|
824
|
+
* </p>
|
|
900
825
|
* <p>
|
|
901
|
-
* <code>"{
|
|
826
|
+
* <code>"{
|
|
827
|
+
* "type":"THIRD_PARTY_FIREWALL",
|
|
828
|
+
* "thirdPartyFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW",
|
|
829
|
+
* "thirdPartyFirewallConfig":{
|
|
830
|
+
* "thirdPartyFirewallPolicyList":["global-1"]
|
|
831
|
+
* },
|
|
832
|
+
* "firewallDeploymentModel":{
|
|
833
|
+
* "distributedFirewallDeploymentModel":{
|
|
834
|
+
* "distributedFirewallOrchestrationConfig":{
|
|
835
|
+
* "firewallCreationConfig":{
|
|
836
|
+
* "endpointLocation":{
|
|
837
|
+
* "availabilityZoneConfigList":[
|
|
838
|
+
* {
|
|
839
|
+
* "availabilityZoneName":"${AvailabilityZone}"
|
|
840
|
+
* }
|
|
841
|
+
* ]
|
|
842
|
+
* }
|
|
843
|
+
* },
|
|
844
|
+
* "allowedIPV4CidrList":[
|
|
845
|
+
* ]
|
|
846
|
+
* }
|
|
847
|
+
* }
|
|
848
|
+
* }
|
|
849
|
+
* }"</code>
|
|
902
850
|
* </p>
|
|
903
851
|
* </li>
|
|
904
852
|
* <li>
|
|
@@ -963,6 +911,19 @@ export interface SecurityServicePolicyData {
|
|
|
963
911
|
* </p>
|
|
964
912
|
* </li>
|
|
965
913
|
* <li>
|
|
914
|
+
* <p>Example: <code>SECURITY_GROUPS_COMMON</code> - Security group tag distribution
|
|
915
|
+
* </p>
|
|
916
|
+
* <p>
|
|
917
|
+
* <code>""{\"type\":\"SECURITY_GROUPS_COMMON\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"revertManualSecurityGroupChanges\":true,\"exclusiveResourceSecurityGroupManagement\":false,\"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":false,\"enableTagDistribution\":true}""</code>
|
|
918
|
+
* </p>
|
|
919
|
+
* <p>
|
|
920
|
+
* Firewall Manager automatically distributes tags from the primary group to the security groups created by this policy. To use security group tag distribution, you must also set <code>revertManualSecurityGroupChanges</code> to <code>true</code>, otherwise Firewall Manager won't be able to create the policy. When you enable <code>revertManualSecurityGroupChanges</code>, Firewall Manager identifies and reports when the security groups created by this policy become non-compliant.
|
|
921
|
+
* </p>
|
|
922
|
+
* <p>
|
|
923
|
+
* Firewall Manager won't distrubute system tags added by Amazon Web Services services into the replica security groups. System tags begin with the <code>aws:</code> prefix.
|
|
924
|
+
* </p>
|
|
925
|
+
* </li>
|
|
926
|
+
* <li>
|
|
966
927
|
* <p>Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as
|
|
967
928
|
* well as to those in VPCs that the account owns </p>
|
|
968
929
|
* <p>
|
|
@@ -1363,11 +1324,11 @@ export interface GetThirdPartyFirewallAssociationStatusResponse {
|
|
|
1363
1324
|
*/
|
|
1364
1325
|
ThirdPartyFirewallStatus?: ThirdPartyFirewallAssociationStatus | string;
|
|
1365
1326
|
/**
|
|
1366
|
-
* <p>The status for subscribing to the third-party firewall vendor in the
|
|
1327
|
+
* <p>The status for subscribing to the third-party firewall vendor in the Amazon Web Services Marketplace.</p>
|
|
1367
1328
|
* <ul>
|
|
1368
1329
|
* <li>
|
|
1369
1330
|
* <p>
|
|
1370
|
-
* <code>NO_SUBSCRIPTION</code> - The Firewall Manager policy administrator isn't subscribed to the third-party firewall service in the
|
|
1331
|
+
* <code>NO_SUBSCRIPTION</code> - The Firewall Manager policy administrator isn't subscribed to the third-party firewall service in the Amazon Web Services Marketplace.</p>
|
|
1371
1332
|
* </li>
|
|
1372
1333
|
* <li>
|
|
1373
1334
|
* <p>
|
|
@@ -2048,6 +2009,28 @@ export declare namespace NetworkFirewallMissingSubnetViolation {
|
|
|
2048
2009
|
*/
|
|
2049
2010
|
const filterSensitiveLog: (obj: NetworkFirewallMissingSubnetViolation) => any;
|
|
2050
2011
|
}
|
|
2012
|
+
export declare enum RuleOrder {
|
|
2013
|
+
DEFAULT_ACTION_ORDER = "DEFAULT_ACTION_ORDER",
|
|
2014
|
+
STRICT_ORDER = "STRICT_ORDER"
|
|
2015
|
+
}
|
|
2016
|
+
/**
|
|
2017
|
+
* <p>Configuration settings for the handling of the stateful rule groups in a Network Firewall firewall policy.</p>
|
|
2018
|
+
*/
|
|
2019
|
+
export interface StatefulEngineOptions {
|
|
2020
|
+
/**
|
|
2021
|
+
* <p>Indicates how to manage the order of stateful rule evaluation for the policy.
|
|
2022
|
+
* <code>DEFAULT_ACTION_ORDER</code> is the default behavior. Stateful rules are provided to the rule engine
|
|
2023
|
+
* as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more
|
|
2024
|
+
* information, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html">Evaluation order for stateful rules</a> in the <i>Network Firewall Developer Guide</i>.</p>
|
|
2025
|
+
*/
|
|
2026
|
+
RuleOrder?: RuleOrder | string;
|
|
2027
|
+
}
|
|
2028
|
+
export declare namespace StatefulEngineOptions {
|
|
2029
|
+
/**
|
|
2030
|
+
* @internal
|
|
2031
|
+
*/
|
|
2032
|
+
const filterSensitiveLog: (obj: StatefulEngineOptions) => any;
|
|
2033
|
+
}
|
|
2051
2034
|
/**
|
|
2052
2035
|
* <p>Network Firewall stateful rule group, used in a <a>NetworkFirewallPolicyDescription</a>. </p>
|
|
2053
2036
|
*/
|
|
@@ -2060,6 +2043,20 @@ export interface StatefulRuleGroup {
|
|
|
2060
2043
|
* <p>The resource ID of the rule group.</p>
|
|
2061
2044
|
*/
|
|
2062
2045
|
ResourceId?: string;
|
|
2046
|
+
/**
|
|
2047
|
+
* <p>An integer setting that indicates the order in which to run the stateful rule groups in a single
|
|
2048
|
+
* Network Firewall firewall policy. This setting only applies to firewall policies that specify the <code>STRICT_ORDER</code>
|
|
2049
|
+
* rule order in the stateful engine options settings.</p>
|
|
2050
|
+
* <p>
|
|
2051
|
+
* Network Firewall evalutes each stateful rule group against a packet starting with the group that has
|
|
2052
|
+
* the lowest priority setting. You must ensure that the priority settings are unique within each policy. For information about
|
|
2053
|
+
* </p>
|
|
2054
|
+
* <p>
|
|
2055
|
+
* You can change the priority settings of your rule groups at any time. To make it easier to insert rule
|
|
2056
|
+
* groups later, number them so there's a wide range in between, for example use 100, 200, and so on.
|
|
2057
|
+
* </p>
|
|
2058
|
+
*/
|
|
2059
|
+
Priority?: number;
|
|
2063
2060
|
}
|
|
2064
2061
|
export declare namespace StatefulRuleGroup {
|
|
2065
2062
|
/**
|
|
@@ -2114,6 +2111,34 @@ export interface NetworkFirewallPolicyDescription {
|
|
|
2114
2111
|
* <p>The stateful rule groups that are used in the Network Firewall firewall policy. </p>
|
|
2115
2112
|
*/
|
|
2116
2113
|
StatefulRuleGroups?: StatefulRuleGroup[];
|
|
2114
|
+
/**
|
|
2115
|
+
* <p>The default actions to take on a packet that doesn't match any stateful rules. The stateful default
|
|
2116
|
+
* action is optional, and is only valid when using the strict rule order.</p>
|
|
2117
|
+
* <p>
|
|
2118
|
+
* Valid values of the stateful default action:
|
|
2119
|
+
* </p>
|
|
2120
|
+
* <ul>
|
|
2121
|
+
* <li>
|
|
2122
|
+
* <p>aws:drop_strict</p>
|
|
2123
|
+
* </li>
|
|
2124
|
+
* <li>
|
|
2125
|
+
* <p>aws:drop_established</p>
|
|
2126
|
+
* </li>
|
|
2127
|
+
* <li>
|
|
2128
|
+
* <p>aws:alert_strict</p>
|
|
2129
|
+
* </li>
|
|
2130
|
+
* <li>
|
|
2131
|
+
* <p>aws:alert_established</p>
|
|
2132
|
+
* </li>
|
|
2133
|
+
* </ul>
|
|
2134
|
+
*/
|
|
2135
|
+
StatefulDefaultActions?: string[];
|
|
2136
|
+
/**
|
|
2137
|
+
* <p>Additional options governing how Network Firewall handles stateful rules. The stateful rule groups
|
|
2138
|
+
* that you use in your policy must have stateful rule options settings that are compatible with these
|
|
2139
|
+
* settings.</p>
|
|
2140
|
+
*/
|
|
2141
|
+
StatefulEngineOptions?: StatefulEngineOptions;
|
|
2117
2142
|
}
|
|
2118
2143
|
export declare namespace NetworkFirewallPolicyDescription {
|
|
2119
2144
|
/**
|
|
@@ -3272,7 +3297,7 @@ export declare namespace ListThirdPartyFirewallFirewallPoliciesRequest {
|
|
|
3272
3297
|
const filterSensitiveLog: (obj: ListThirdPartyFirewallFirewallPoliciesRequest) => any;
|
|
3273
3298
|
}
|
|
3274
3299
|
/**
|
|
3275
|
-
* <p>Configures the
|
|
3300
|
+
* <p>Configures the third-party firewall's firewall policy.</p>
|
|
3276
3301
|
*/
|
|
3277
3302
|
export interface ThirdPartyFirewallFirewallPolicy {
|
|
3278
3303
|
/**
|
|
@@ -948,12 +948,27 @@ export declare namespace NetworkFirewallMissingSubnetViolation {
|
|
|
948
948
|
|
|
949
949
|
const filterSensitiveLog: (obj: NetworkFirewallMissingSubnetViolation) => any;
|
|
950
950
|
}
|
|
951
|
+
export declare enum RuleOrder {
|
|
952
|
+
DEFAULT_ACTION_ORDER = "DEFAULT_ACTION_ORDER",
|
|
953
|
+
STRICT_ORDER = "STRICT_ORDER"
|
|
954
|
+
}
|
|
955
|
+
|
|
956
|
+
export interface StatefulEngineOptions {
|
|
957
|
+
|
|
958
|
+
RuleOrder?: RuleOrder | string;
|
|
959
|
+
}
|
|
960
|
+
export declare namespace StatefulEngineOptions {
|
|
961
|
+
|
|
962
|
+
const filterSensitiveLog: (obj: StatefulEngineOptions) => any;
|
|
963
|
+
}
|
|
951
964
|
|
|
952
965
|
export interface StatefulRuleGroup {
|
|
953
966
|
|
|
954
967
|
RuleGroupName?: string;
|
|
955
968
|
|
|
956
969
|
ResourceId?: string;
|
|
970
|
+
|
|
971
|
+
Priority?: number;
|
|
957
972
|
}
|
|
958
973
|
export declare namespace StatefulRuleGroup {
|
|
959
974
|
|
|
@@ -984,6 +999,10 @@ export interface NetworkFirewallPolicyDescription {
|
|
|
984
999
|
StatelessCustomActions?: string[];
|
|
985
1000
|
|
|
986
1001
|
StatefulRuleGroups?: StatefulRuleGroup[];
|
|
1002
|
+
|
|
1003
|
+
StatefulDefaultActions?: string[];
|
|
1004
|
+
|
|
1005
|
+
StatefulEngineOptions?: StatefulEngineOptions;
|
|
987
1006
|
}
|
|
988
1007
|
export declare namespace NetworkFirewallPolicyDescription {
|
|
989
1008
|
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/client-fms",
|
|
3
3
|
"description": "AWS SDK for JavaScript Fms Client for Node.js, Browser and React Native",
|
|
4
|
-
"version": "3.
|
|
4
|
+
"version": "3.130.0",
|
|
5
5
|
"scripts": {
|
|
6
6
|
"build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
|
|
7
7
|
"build:cjs": "tsc -p tsconfig.cjs.json",
|
|
@@ -18,9 +18,9 @@
|
|
|
18
18
|
"dependencies": {
|
|
19
19
|
"@aws-crypto/sha256-browser": "2.0.0",
|
|
20
20
|
"@aws-crypto/sha256-js": "2.0.0",
|
|
21
|
-
"@aws-sdk/client-sts": "3.
|
|
22
|
-
"@aws-sdk/config-resolver": "3.
|
|
23
|
-
"@aws-sdk/credential-provider-node": "3.
|
|
21
|
+
"@aws-sdk/client-sts": "3.130.0",
|
|
22
|
+
"@aws-sdk/config-resolver": "3.130.0",
|
|
23
|
+
"@aws-sdk/credential-provider-node": "3.130.0",
|
|
24
24
|
"@aws-sdk/fetch-http-handler": "3.127.0",
|
|
25
25
|
"@aws-sdk/hash-node": "3.127.0",
|
|
26
26
|
"@aws-sdk/invalid-dependency": "3.127.0",
|
|
@@ -30,7 +30,7 @@
|
|
|
30
30
|
"@aws-sdk/middleware-recursion-detection": "3.127.0",
|
|
31
31
|
"@aws-sdk/middleware-retry": "3.127.0",
|
|
32
32
|
"@aws-sdk/middleware-serde": "3.127.0",
|
|
33
|
-
"@aws-sdk/middleware-signing": "3.
|
|
33
|
+
"@aws-sdk/middleware-signing": "3.130.0",
|
|
34
34
|
"@aws-sdk/middleware-stack": "3.127.0",
|
|
35
35
|
"@aws-sdk/middleware-user-agent": "3.127.0",
|
|
36
36
|
"@aws-sdk/node-config-provider": "3.127.0",
|
|
@@ -44,7 +44,7 @@
|
|
|
44
44
|
"@aws-sdk/util-body-length-browser": "3.55.0",
|
|
45
45
|
"@aws-sdk/util-body-length-node": "3.55.0",
|
|
46
46
|
"@aws-sdk/util-defaults-mode-browser": "3.127.0",
|
|
47
|
-
"@aws-sdk/util-defaults-mode-node": "3.
|
|
47
|
+
"@aws-sdk/util-defaults-mode-node": "3.130.0",
|
|
48
48
|
"@aws-sdk/util-user-agent-browser": "3.127.0",
|
|
49
49
|
"@aws-sdk/util-user-agent-node": "3.127.0",
|
|
50
50
|
"@aws-sdk/util-utf8-browser": "3.109.0",
|