@aws-sdk/client-network-firewall 3.183.0 → 3.185.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +16 -0
- package/README.md +2 -2
- package/dist-cjs/models/models_0.js +8 -3
- package/dist-cjs/protocols/Aws_json1_0.js +4 -2
- package/dist-es/NetworkFirewall.js +133 -126
- package/dist-es/NetworkFirewallClient.js +28 -22
- package/dist-es/commands/AssociateFirewallPolicyCommand.js +28 -21
- package/dist-es/commands/AssociateSubnetsCommand.js +28 -21
- package/dist-es/commands/CreateFirewallCommand.js +28 -21
- package/dist-es/commands/CreateFirewallPolicyCommand.js +28 -21
- package/dist-es/commands/CreateRuleGroupCommand.js +28 -21
- package/dist-es/commands/DeleteFirewallCommand.js +28 -21
- package/dist-es/commands/DeleteFirewallPolicyCommand.js +28 -21
- package/dist-es/commands/DeleteResourcePolicyCommand.js +28 -21
- package/dist-es/commands/DeleteRuleGroupCommand.js +28 -21
- package/dist-es/commands/DescribeFirewallCommand.js +28 -21
- package/dist-es/commands/DescribeFirewallPolicyCommand.js +28 -21
- package/dist-es/commands/DescribeLoggingConfigurationCommand.js +28 -21
- package/dist-es/commands/DescribeResourcePolicyCommand.js +28 -21
- package/dist-es/commands/DescribeRuleGroupCommand.js +28 -21
- package/dist-es/commands/DescribeRuleGroupMetadataCommand.js +28 -21
- package/dist-es/commands/DisassociateSubnetsCommand.js +28 -21
- package/dist-es/commands/ListFirewallPoliciesCommand.js +28 -21
- package/dist-es/commands/ListFirewallsCommand.js +28 -21
- package/dist-es/commands/ListRuleGroupsCommand.js +28 -21
- package/dist-es/commands/ListTagsForResourceCommand.js +28 -21
- package/dist-es/commands/PutResourcePolicyCommand.js +28 -21
- package/dist-es/commands/TagResourceCommand.js +28 -21
- package/dist-es/commands/UntagResourceCommand.js +28 -21
- package/dist-es/commands/UpdateFirewallDeleteProtectionCommand.js +28 -21
- package/dist-es/commands/UpdateFirewallDescriptionCommand.js +28 -21
- package/dist-es/commands/UpdateFirewallEncryptionConfigurationCommand.js +28 -21
- package/dist-es/commands/UpdateFirewallPolicyChangeProtectionCommand.js +28 -21
- package/dist-es/commands/UpdateFirewallPolicyCommand.js +28 -21
- package/dist-es/commands/UpdateLoggingConfigurationCommand.js +28 -21
- package/dist-es/commands/UpdateRuleGroupCommand.js +28 -21
- package/dist-es/commands/UpdateSubnetChangeProtectionCommand.js +28 -21
- package/dist-es/endpoints.js +8 -8
- package/dist-es/models/NetworkFirewallServiceException.js +10 -5
- package/dist-es/models/models_0.js +259 -471
- package/dist-es/pagination/ListFirewallPoliciesPaginator.js +68 -25
- package/dist-es/pagination/ListFirewallsPaginator.js +68 -25
- package/dist-es/pagination/ListRuleGroupsPaginator.js +68 -25
- package/dist-es/pagination/ListTagsForResourcePaginator.js +68 -25
- package/dist-es/protocols/Aws_json1_0.js +3104 -2607
- package/dist-es/runtimeConfig.browser.js +12 -26
- package/dist-es/runtimeConfig.js +12 -30
- package/dist-es/runtimeConfig.native.js +5 -8
- package/dist-es/runtimeConfig.shared.js +11 -8
- package/dist-types/NetworkFirewall.d.ts +2 -2
- package/dist-types/NetworkFirewallClient.d.ts +2 -2
- package/dist-types/models/models_0.d.ts +20 -2
- package/dist-types/ts3.4/models/models_0.d.ts +5 -0
- package/package.json +5 -5
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { __assign, __awaiter, __generator } from "tslib";
|
|
1
2
|
import packageInfo from "../package.json";
|
|
2
3
|
import { Sha256 } from "@aws-crypto/sha256-browser";
|
|
3
4
|
import { DEFAULT_USE_DUALSTACK_ENDPOINT, DEFAULT_USE_FIPS_ENDPOINT } from "@aws-sdk/config-resolver";
|
|
@@ -11,30 +12,15 @@ import { fromUtf8, toUtf8 } from "@aws-sdk/util-utf8-browser";
|
|
|
11
12
|
import { getRuntimeConfig as getSharedRuntimeConfig } from "./runtimeConfig.shared";
|
|
12
13
|
import { loadConfigsForDefaultMode } from "@aws-sdk/smithy-client";
|
|
13
14
|
import { resolveDefaultsModeConfig } from "@aws-sdk/util-defaults-mode-browser";
|
|
14
|
-
export
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength,
|
|
26
|
-
credentialDefaultProvider: config?.credentialDefaultProvider ?? ((_) => () => Promise.reject(new Error("Credential is missing"))),
|
|
27
|
-
defaultUserAgentProvider: config?.defaultUserAgentProvider ??
|
|
28
|
-
defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }),
|
|
29
|
-
maxAttempts: config?.maxAttempts ?? DEFAULT_MAX_ATTEMPTS,
|
|
30
|
-
region: config?.region ?? invalidProvider("Region is missing"),
|
|
31
|
-
requestHandler: config?.requestHandler ?? new RequestHandler(defaultConfigProvider),
|
|
32
|
-
retryMode: config?.retryMode ?? (async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE),
|
|
33
|
-
sha256: config?.sha256 ?? Sha256,
|
|
34
|
-
streamCollector: config?.streamCollector ?? streamCollector,
|
|
35
|
-
useDualstackEndpoint: config?.useDualstackEndpoint ?? (() => Promise.resolve(DEFAULT_USE_DUALSTACK_ENDPOINT)),
|
|
36
|
-
useFipsEndpoint: config?.useFipsEndpoint ?? (() => Promise.resolve(DEFAULT_USE_FIPS_ENDPOINT)),
|
|
37
|
-
utf8Decoder: config?.utf8Decoder ?? fromUtf8,
|
|
38
|
-
utf8Encoder: config?.utf8Encoder ?? toUtf8,
|
|
39
|
-
};
|
|
15
|
+
export var getRuntimeConfig = function (config) {
|
|
16
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q;
|
|
17
|
+
var defaultsMode = resolveDefaultsModeConfig(config);
|
|
18
|
+
var defaultConfigProvider = function () { return defaultsMode().then(loadConfigsForDefaultMode); };
|
|
19
|
+
var clientSharedValues = getSharedRuntimeConfig(config);
|
|
20
|
+
return __assign(__assign(__assign({}, clientSharedValues), config), { runtime: "browser", defaultsMode: defaultsMode, base64Decoder: (_a = config === null || config === void 0 ? void 0 : config.base64Decoder) !== null && _a !== void 0 ? _a : fromBase64, base64Encoder: (_b = config === null || config === void 0 ? void 0 : config.base64Encoder) !== null && _b !== void 0 ? _b : toBase64, bodyLengthChecker: (_c = config === null || config === void 0 ? void 0 : config.bodyLengthChecker) !== null && _c !== void 0 ? _c : calculateBodyLength, credentialDefaultProvider: (_d = config === null || config === void 0 ? void 0 : config.credentialDefaultProvider) !== null && _d !== void 0 ? _d : (function (_) { return function () { return Promise.reject(new Error("Credential is missing")); }; }), defaultUserAgentProvider: (_e = config === null || config === void 0 ? void 0 : config.defaultUserAgentProvider) !== null && _e !== void 0 ? _e : defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }), maxAttempts: (_f = config === null || config === void 0 ? void 0 : config.maxAttempts) !== null && _f !== void 0 ? _f : DEFAULT_MAX_ATTEMPTS, region: (_g = config === null || config === void 0 ? void 0 : config.region) !== null && _g !== void 0 ? _g : invalidProvider("Region is missing"), requestHandler: (_h = config === null || config === void 0 ? void 0 : config.requestHandler) !== null && _h !== void 0 ? _h : new RequestHandler(defaultConfigProvider), retryMode: (_j = config === null || config === void 0 ? void 0 : config.retryMode) !== null && _j !== void 0 ? _j : (function () { return __awaiter(void 0, void 0, void 0, function () { return __generator(this, function (_a) {
|
|
21
|
+
switch (_a.label) {
|
|
22
|
+
case 0: return [4, defaultConfigProvider()];
|
|
23
|
+
case 1: return [2, (_a.sent()).retryMode || DEFAULT_RETRY_MODE];
|
|
24
|
+
}
|
|
25
|
+
}); }); }), sha256: (_k = config === null || config === void 0 ? void 0 : config.sha256) !== null && _k !== void 0 ? _k : Sha256, streamCollector: (_l = config === null || config === void 0 ? void 0 : config.streamCollector) !== null && _l !== void 0 ? _l : streamCollector, useDualstackEndpoint: (_m = config === null || config === void 0 ? void 0 : config.useDualstackEndpoint) !== null && _m !== void 0 ? _m : (function () { return Promise.resolve(DEFAULT_USE_DUALSTACK_ENDPOINT); }), useFipsEndpoint: (_o = config === null || config === void 0 ? void 0 : config.useFipsEndpoint) !== null && _o !== void 0 ? _o : (function () { return Promise.resolve(DEFAULT_USE_FIPS_ENDPOINT); }), utf8Decoder: (_p = config === null || config === void 0 ? void 0 : config.utf8Decoder) !== null && _p !== void 0 ? _p : fromUtf8, utf8Encoder: (_q = config === null || config === void 0 ? void 0 : config.utf8Encoder) !== null && _q !== void 0 ? _q : toUtf8 });
|
|
40
26
|
};
|
package/dist-es/runtimeConfig.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { __assign, __awaiter, __generator } from "tslib";
|
|
1
2
|
import packageInfo from "../package.json";
|
|
2
3
|
import { decorateDefaultCredentialProvider } from "@aws-sdk/client-sts";
|
|
3
4
|
import { NODE_REGION_CONFIG_FILE_OPTIONS, NODE_REGION_CONFIG_OPTIONS, NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, } from "@aws-sdk/config-resolver";
|
|
@@ -14,35 +15,16 @@ import { getRuntimeConfig as getSharedRuntimeConfig } from "./runtimeConfig.shar
|
|
|
14
15
|
import { loadConfigsForDefaultMode } from "@aws-sdk/smithy-client";
|
|
15
16
|
import { resolveDefaultsModeConfig } from "@aws-sdk/util-defaults-mode-node";
|
|
16
17
|
import { emitWarningIfUnsupportedVersion } from "@aws-sdk/smithy-client";
|
|
17
|
-
export
|
|
18
|
+
export var getRuntimeConfig = function (config) {
|
|
19
|
+
var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m, _o, _p, _q;
|
|
18
20
|
emitWarningIfUnsupportedVersion(process.version);
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
return {
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
base64Encoder: config?.base64Encoder ?? toBase64,
|
|
29
|
-
bodyLengthChecker: config?.bodyLengthChecker ?? calculateBodyLength,
|
|
30
|
-
credentialDefaultProvider: config?.credentialDefaultProvider ?? decorateDefaultCredentialProvider(credentialDefaultProvider),
|
|
31
|
-
defaultUserAgentProvider: config?.defaultUserAgentProvider ??
|
|
32
|
-
defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }),
|
|
33
|
-
maxAttempts: config?.maxAttempts ?? loadNodeConfig(NODE_MAX_ATTEMPT_CONFIG_OPTIONS),
|
|
34
|
-
region: config?.region ?? loadNodeConfig(NODE_REGION_CONFIG_OPTIONS, NODE_REGION_CONFIG_FILE_OPTIONS),
|
|
35
|
-
requestHandler: config?.requestHandler ?? new RequestHandler(defaultConfigProvider),
|
|
36
|
-
retryMode: config?.retryMode ??
|
|
37
|
-
loadNodeConfig({
|
|
38
|
-
...NODE_RETRY_MODE_CONFIG_OPTIONS,
|
|
39
|
-
default: async () => (await defaultConfigProvider()).retryMode || DEFAULT_RETRY_MODE,
|
|
40
|
-
}),
|
|
41
|
-
sha256: config?.sha256 ?? Hash.bind(null, "sha256"),
|
|
42
|
-
streamCollector: config?.streamCollector ?? streamCollector,
|
|
43
|
-
useDualstackEndpoint: config?.useDualstackEndpoint ?? loadNodeConfig(NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS),
|
|
44
|
-
useFipsEndpoint: config?.useFipsEndpoint ?? loadNodeConfig(NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS),
|
|
45
|
-
utf8Decoder: config?.utf8Decoder ?? fromUtf8,
|
|
46
|
-
utf8Encoder: config?.utf8Encoder ?? toUtf8,
|
|
47
|
-
};
|
|
21
|
+
var defaultsMode = resolveDefaultsModeConfig(config);
|
|
22
|
+
var defaultConfigProvider = function () { return defaultsMode().then(loadConfigsForDefaultMode); };
|
|
23
|
+
var clientSharedValues = getSharedRuntimeConfig(config);
|
|
24
|
+
return __assign(__assign(__assign({}, clientSharedValues), config), { runtime: "node", defaultsMode: defaultsMode, base64Decoder: (_a = config === null || config === void 0 ? void 0 : config.base64Decoder) !== null && _a !== void 0 ? _a : fromBase64, base64Encoder: (_b = config === null || config === void 0 ? void 0 : config.base64Encoder) !== null && _b !== void 0 ? _b : toBase64, bodyLengthChecker: (_c = config === null || config === void 0 ? void 0 : config.bodyLengthChecker) !== null && _c !== void 0 ? _c : calculateBodyLength, credentialDefaultProvider: (_d = config === null || config === void 0 ? void 0 : config.credentialDefaultProvider) !== null && _d !== void 0 ? _d : decorateDefaultCredentialProvider(credentialDefaultProvider), defaultUserAgentProvider: (_e = config === null || config === void 0 ? void 0 : config.defaultUserAgentProvider) !== null && _e !== void 0 ? _e : defaultUserAgent({ serviceId: clientSharedValues.serviceId, clientVersion: packageInfo.version }), maxAttempts: (_f = config === null || config === void 0 ? void 0 : config.maxAttempts) !== null && _f !== void 0 ? _f : loadNodeConfig(NODE_MAX_ATTEMPT_CONFIG_OPTIONS), region: (_g = config === null || config === void 0 ? void 0 : config.region) !== null && _g !== void 0 ? _g : loadNodeConfig(NODE_REGION_CONFIG_OPTIONS, NODE_REGION_CONFIG_FILE_OPTIONS), requestHandler: (_h = config === null || config === void 0 ? void 0 : config.requestHandler) !== null && _h !== void 0 ? _h : new RequestHandler(defaultConfigProvider), retryMode: (_j = config === null || config === void 0 ? void 0 : config.retryMode) !== null && _j !== void 0 ? _j : loadNodeConfig(__assign(__assign({}, NODE_RETRY_MODE_CONFIG_OPTIONS), { default: function () { return __awaiter(void 0, void 0, void 0, function () { return __generator(this, function (_a) {
|
|
25
|
+
switch (_a.label) {
|
|
26
|
+
case 0: return [4, defaultConfigProvider()];
|
|
27
|
+
case 1: return [2, (_a.sent()).retryMode || DEFAULT_RETRY_MODE];
|
|
28
|
+
}
|
|
29
|
+
}); }); } })), sha256: (_k = config === null || config === void 0 ? void 0 : config.sha256) !== null && _k !== void 0 ? _k : Hash.bind(null, "sha256"), streamCollector: (_l = config === null || config === void 0 ? void 0 : config.streamCollector) !== null && _l !== void 0 ? _l : streamCollector, useDualstackEndpoint: (_m = config === null || config === void 0 ? void 0 : config.useDualstackEndpoint) !== null && _m !== void 0 ? _m : loadNodeConfig(NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS), useFipsEndpoint: (_o = config === null || config === void 0 ? void 0 : config.useFipsEndpoint) !== null && _o !== void 0 ? _o : loadNodeConfig(NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS), utf8Decoder: (_p = config === null || config === void 0 ? void 0 : config.utf8Decoder) !== null && _p !== void 0 ? _p : fromUtf8, utf8Encoder: (_q = config === null || config === void 0 ? void 0 : config.utf8Encoder) !== null && _q !== void 0 ? _q : toUtf8 });
|
|
48
30
|
};
|
|
@@ -1,11 +1,8 @@
|
|
|
1
|
+
import { __assign } from "tslib";
|
|
1
2
|
import { Sha256 } from "@aws-crypto/sha256-js";
|
|
2
3
|
import { getRuntimeConfig as getBrowserRuntimeConfig } from "./runtimeConfig.browser";
|
|
3
|
-
export
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
...config,
|
|
8
|
-
runtime: "react-native",
|
|
9
|
-
sha256: config?.sha256 ?? Sha256,
|
|
10
|
-
};
|
|
4
|
+
export var getRuntimeConfig = function (config) {
|
|
5
|
+
var _a;
|
|
6
|
+
var browserDefaults = getBrowserRuntimeConfig(config);
|
|
7
|
+
return __assign(__assign(__assign({}, browserDefaults), config), { runtime: "react-native", sha256: (_a = config === null || config === void 0 ? void 0 : config.sha256) !== null && _a !== void 0 ? _a : Sha256 });
|
|
11
8
|
};
|
|
@@ -1,10 +1,13 @@
|
|
|
1
1
|
import { parseUrl } from "@aws-sdk/url-parser";
|
|
2
2
|
import { defaultRegionInfoProvider } from "./endpoints";
|
|
3
|
-
export
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
3
|
+
export var getRuntimeConfig = function (config) {
|
|
4
|
+
var _a, _b, _c, _d, _e;
|
|
5
|
+
return ({
|
|
6
|
+
apiVersion: "2020-11-12",
|
|
7
|
+
disableHostPrefix: (_a = config === null || config === void 0 ? void 0 : config.disableHostPrefix) !== null && _a !== void 0 ? _a : false,
|
|
8
|
+
logger: (_b = config === null || config === void 0 ? void 0 : config.logger) !== null && _b !== void 0 ? _b : {},
|
|
9
|
+
regionInfoProvider: (_c = config === null || config === void 0 ? void 0 : config.regionInfoProvider) !== null && _c !== void 0 ? _c : defaultRegionInfoProvider,
|
|
10
|
+
serviceId: (_d = config === null || config === void 0 ? void 0 : config.serviceId) !== null && _d !== void 0 ? _d : "Network Firewall",
|
|
11
|
+
urlParser: (_e = config === null || config === void 0 ? void 0 : config.urlParser) !== null && _e !== void 0 ? _e : parseUrl,
|
|
12
|
+
});
|
|
13
|
+
};
|
|
@@ -58,9 +58,9 @@ import { NetworkFirewallClient } from "./NetworkFirewallClient";
|
|
|
58
58
|
* prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
|
|
59
59
|
* perimeter of your VPC. This includes filtering traffic going to and coming from an internet
|
|
60
60
|
* gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible
|
|
61
|
-
* with Suricata, a free, open source
|
|
61
|
+
* with Suricata, a free, open source network analysis and threat detection engine.
|
|
62
62
|
* Network Firewall supports Suricata version 5.0.2. For information about Suricata,
|
|
63
|
-
* see the <a href="https://suricata
|
|
63
|
+
* see the <a href="https://suricata.io/">Suricata website</a>.</p>
|
|
64
64
|
* <p>You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
|
|
65
65
|
* The following are just a few examples: </p>
|
|
66
66
|
* <ul>
|
|
@@ -183,9 +183,9 @@ export interface NetworkFirewallClientResolvedConfig extends NetworkFirewallClie
|
|
|
183
183
|
* prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
|
|
184
184
|
* perimeter of your VPC. This includes filtering traffic going to and coming from an internet
|
|
185
185
|
* gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible
|
|
186
|
-
* with Suricata, a free, open source
|
|
186
|
+
* with Suricata, a free, open source network analysis and threat detection engine.
|
|
187
187
|
* Network Firewall supports Suricata version 5.0.2. For information about Suricata,
|
|
188
|
-
* see the <a href="https://suricata
|
|
188
|
+
* see the <a href="https://suricata.io/">Suricata website</a>.</p>
|
|
189
189
|
* <p>You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
|
|
190
190
|
* The following are just a few examples: </p>
|
|
191
191
|
* <ul>
|
|
@@ -607,6 +607,10 @@ export declare enum RuleOrder {
|
|
|
607
607
|
DEFAULT_ACTION_ORDER = "DEFAULT_ACTION_ORDER",
|
|
608
608
|
STRICT_ORDER = "STRICT_ORDER"
|
|
609
609
|
}
|
|
610
|
+
export declare enum StreamExceptionPolicy {
|
|
611
|
+
CONTINUE = "CONTINUE",
|
|
612
|
+
DROP = "DROP"
|
|
613
|
+
}
|
|
610
614
|
/**
|
|
611
615
|
* <p>Configuration settings for the handling of the stateful rule groups in a firewall policy. </p>
|
|
612
616
|
*/
|
|
@@ -619,6 +623,20 @@ export interface StatefulEngineOptions {
|
|
|
619
623
|
* </p>
|
|
620
624
|
*/
|
|
621
625
|
RuleOrder?: RuleOrder | string;
|
|
626
|
+
/**
|
|
627
|
+
* <p>Configures how Network Firewall processes traffic when a network connection breaks midstream. Network connections can break due to disruptions in external networks or within the firewall itself.</p>
|
|
628
|
+
* <ul>
|
|
629
|
+
* <li>
|
|
630
|
+
* <p>
|
|
631
|
+
* <code>DROP</code> - Network Firewall fails closed and drops all subsequent traffic going to the firewall. This is the default behavior.</p>
|
|
632
|
+
* </li>
|
|
633
|
+
* <li>
|
|
634
|
+
* <p>
|
|
635
|
+
* <code>CONTINUE</code> - Network Firewall continues to apply rules to the subsequent traffic without context from traffic before the break. This impacts the behavior of rules that depend on this context. For example, if you have a stateful rule to <code>drop http</code> traffic, Network Firewall won't match the traffic for this rule because the service won't have the context from session initialization defining the application layer protocol as HTTP. However, this behavior is rule dependent—a TCP-layer rule using a <code>flow:stateless</code> rule would still match, as would the <code>aws:drop_strict</code> default action.</p>
|
|
636
|
+
* </li>
|
|
637
|
+
* </ul>
|
|
638
|
+
*/
|
|
639
|
+
StreamExceptionPolicy?: StreamExceptionPolicy | string;
|
|
622
640
|
}
|
|
623
641
|
export declare enum OverrideAction {
|
|
624
642
|
DROP_TO_ALERT = "DROP_TO_ALERT"
|
|
@@ -1058,7 +1076,7 @@ export interface RuleOption {
|
|
|
1058
1076
|
* <p>A single Suricata rules specification, for use in a stateful rule group.
|
|
1059
1077
|
* Use this option to specify a simple Suricata rule with protocol, source and destination, ports, direction, and rule options.
|
|
1060
1078
|
* For information about the Suricata <code>Rules</code> format, see
|
|
1061
|
-
* <a href="https://suricata.readthedocs.io/
|
|
1079
|
+
* <a href="https://suricata.readthedocs.io/rules/intro.html#">Rules Format</a>. </p>
|
|
1062
1080
|
*/
|
|
1063
1081
|
export interface StatefulRule {
|
|
1064
1082
|
/**
|
|
@@ -1305,7 +1323,7 @@ export interface RulesSource {
|
|
|
1305
1323
|
* <p>An array of individual stateful rules inspection criteria to be used together in a stateful rule group.
|
|
1306
1324
|
* Use this option to specify simple Suricata rules with protocol, source and destination, ports, direction, and rule options.
|
|
1307
1325
|
* For information about the Suricata <code>Rules</code> format, see
|
|
1308
|
-
* <a href="https://suricata.readthedocs.io/
|
|
1326
|
+
* <a href="https://suricata.readthedocs.io/rules/intro.html#">Rules Format</a>. </p>
|
|
1309
1327
|
*/
|
|
1310
1328
|
StatefulRules?: StatefulRule[];
|
|
1311
1329
|
/**
|
|
@@ -200,8 +200,13 @@ export declare enum RuleOrder {
|
|
|
200
200
|
DEFAULT_ACTION_ORDER = "DEFAULT_ACTION_ORDER",
|
|
201
201
|
STRICT_ORDER = "STRICT_ORDER",
|
|
202
202
|
}
|
|
203
|
+
export declare enum StreamExceptionPolicy {
|
|
204
|
+
CONTINUE = "CONTINUE",
|
|
205
|
+
DROP = "DROP",
|
|
206
|
+
}
|
|
203
207
|
export interface StatefulEngineOptions {
|
|
204
208
|
RuleOrder?: RuleOrder | string;
|
|
209
|
+
StreamExceptionPolicy?: StreamExceptionPolicy | string;
|
|
205
210
|
}
|
|
206
211
|
export declare enum OverrideAction {
|
|
207
212
|
DROP_TO_ALERT = "DROP_TO_ALERT",
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/client-network-firewall",
|
|
3
3
|
"description": "AWS SDK for JavaScript Network Firewall Client for Node.js, Browser and React Native",
|
|
4
|
-
"version": "3.
|
|
4
|
+
"version": "3.185.0",
|
|
5
5
|
"scripts": {
|
|
6
6
|
"build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
|
|
7
7
|
"build:cjs": "tsc -p tsconfig.cjs.json",
|
|
@@ -19,9 +19,9 @@
|
|
|
19
19
|
"dependencies": {
|
|
20
20
|
"@aws-crypto/sha256-browser": "2.0.0",
|
|
21
21
|
"@aws-crypto/sha256-js": "2.0.0",
|
|
22
|
-
"@aws-sdk/client-sts": "3.
|
|
22
|
+
"@aws-sdk/client-sts": "3.185.0",
|
|
23
23
|
"@aws-sdk/config-resolver": "3.183.0",
|
|
24
|
-
"@aws-sdk/credential-provider-node": "3.
|
|
24
|
+
"@aws-sdk/credential-provider-node": "3.185.0",
|
|
25
25
|
"@aws-sdk/fetch-http-handler": "3.183.0",
|
|
26
26
|
"@aws-sdk/hash-node": "3.183.0",
|
|
27
27
|
"@aws-sdk/invalid-dependency": "3.183.0",
|
|
@@ -29,13 +29,13 @@
|
|
|
29
29
|
"@aws-sdk/middleware-host-header": "3.183.0",
|
|
30
30
|
"@aws-sdk/middleware-logger": "3.183.0",
|
|
31
31
|
"@aws-sdk/middleware-recursion-detection": "3.183.0",
|
|
32
|
-
"@aws-sdk/middleware-retry": "3.
|
|
32
|
+
"@aws-sdk/middleware-retry": "3.185.0",
|
|
33
33
|
"@aws-sdk/middleware-serde": "3.183.0",
|
|
34
34
|
"@aws-sdk/middleware-signing": "3.183.0",
|
|
35
35
|
"@aws-sdk/middleware-stack": "3.183.0",
|
|
36
36
|
"@aws-sdk/middleware-user-agent": "3.183.0",
|
|
37
37
|
"@aws-sdk/node-config-provider": "3.183.0",
|
|
38
|
-
"@aws-sdk/node-http-handler": "3.
|
|
38
|
+
"@aws-sdk/node-http-handler": "3.185.0",
|
|
39
39
|
"@aws-sdk/protocol-http": "3.183.0",
|
|
40
40
|
"@aws-sdk/smithy-client": "3.183.0",
|
|
41
41
|
"@aws-sdk/types": "3.183.0",
|