npm - @aws-sdk/client-network-firewall - Versions diffs - 3.295.0 → 3.297.0 - Mend

@aws-sdk/client-network-firewall 3.295.0 → 3.297.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (41) hide show

package/dist-types/models/models_0.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { ExceptionOptionType as __ExceptionOptionType } from "@aws-sdk/smithy-client";
 import { NetworkFirewallServiceException as __BaseException } from "./NetworkFirewallServiceException";
 /**
+ * @public
  * <p>The value to use in an Amazon CloudWatch custom metric dimension. This is used in the
  *             <code>PublishMetrics</code>
  *             <a>CustomAction</a>. A CloudWatch custom metric dimension is a name/value pair that's
@@ -17,6 +18,7 @@ export interface Dimension {
     Value: string | undefined;
 }
 /**
+ * @public
  * <p>Stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the
  *          matching packet. This setting defines a CloudWatch dimension value to be published.</p>
  */
@@ -27,6 +29,7 @@ export interface PublishMetricAction {
     Dimensions: Dimension[] | undefined;
 }
 /**
+ * @public
  * <p>A custom action to use in stateless rule actions settings. This is used in <a>CustomAction</a>.</p>
  */
 export interface ActionDefinition {
@@ -41,6 +44,7 @@ export interface ActionDefinition {
     PublishMetricAction?: PublishMetricAction;
 }
 /**
+ * @public
  * <p>A single IP address specification. This is used in the <a>MatchAttributes</a>
  *          source and destination specifications.</p>
  */
@@ -67,6 +71,9 @@ export interface Address {
      */
     AddressDefinition: string | undefined;
 }
+/**
+ * @public
+ */
 export interface AssociateFirewallPolicyRequest {
     /**
      * <p>An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request. </p>
@@ -89,6 +96,9 @@ export interface AssociateFirewallPolicyRequest {
      */
     FirewallPolicyArn: string | undefined;
 }
+/**
+ * @public
+ */
 export interface AssociateFirewallPolicyResponse {
     /**
      * <p>The Amazon Resource Name (ARN) of the firewall.</p>
@@ -110,6 +120,7 @@ export interface AssociateFirewallPolicyResponse {
     UpdateToken?: string;
 }
 /**
+ * @public
  * <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
  *          system problem. Retry your request. </p>
  */
@@ -123,6 +134,7 @@ export declare class InternalServerError extends __BaseException {
     constructor(opts: __ExceptionOptionType<InternalServerError, __BaseException>);
 }
 /**
+ * @public
  * <p>The operation failed because it's not valid. For example, you might have tried to delete
  *          a rule group or firewall policy that's in use.</p>
  */
@@ -136,6 +148,7 @@ export declare class InvalidOperationException extends __BaseException {
     constructor(opts: __ExceptionOptionType<InvalidOperationException, __BaseException>);
 }
 /**
+ * @public
  * <p>The operation failed because of a problem with your request. Examples include: </p>
  *          <ul>
  *             <li>
@@ -161,6 +174,7 @@ export declare class InvalidRequestException extends __BaseException {
     constructor(opts: __ExceptionOptionType<InvalidRequestException, __BaseException>);
 }
 /**
+ * @public
  * <p>The token you provided is stale or isn't valid for the operation. </p>
  */
 export declare class InvalidTokenException extends __BaseException {
@@ -173,6 +187,7 @@ export declare class InvalidTokenException extends __BaseException {
     constructor(opts: __ExceptionOptionType<InvalidTokenException, __BaseException>);
 }
 /**
+ * @public
  * <p>Unable to locate a resource using the parameters that you provided.</p>
  */
 export declare class ResourceNotFoundException extends __BaseException {
@@ -185,6 +200,7 @@ export declare class ResourceNotFoundException extends __BaseException {
     constructor(opts: __ExceptionOptionType<ResourceNotFoundException, __BaseException>);
 }
 /**
+ * @public
  * <p>Unable to process the request due to throttling limitations.</p>
  */
 export declare class ThrottlingException extends __BaseException {
@@ -196,11 +212,15 @@ export declare class ThrottlingException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<ThrottlingException, __BaseException>);
 }
+/**
+ * @public
+ */
 export declare enum IPAddressType {
     DUALSTACK = "DUALSTACK",
     IPV4 = "IPV4"
 }
 /**
+ * @public
  * <p>The ID for a subnet that you want to associate with the firewall. This is used with
  *             <a>CreateFirewall</a> and <a>AssociateSubnets</a>. Network Firewall
  *          creates an instance of the associated firewall in each subnet that you specify, to filter
@@ -216,6 +236,9 @@ export interface SubnetMapping {
      */
     IPAddressType?: IPAddressType | string;
 }
+/**
+ * @public
+ */
 export interface AssociateSubnetsRequest {
     /**
      * <p>An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request. </p>
@@ -238,6 +261,9 @@ export interface AssociateSubnetsRequest {
      */
     SubnetMappings: SubnetMapping[] | undefined;
 }
+/**
+ * @public
+ */
 export interface AssociateSubnetsResponse {
     /**
      * <p>The Amazon Resource Name (ARN) of the firewall.</p>
@@ -259,6 +285,7 @@ export interface AssociateSubnetsResponse {
     UpdateToken?: string;
 }
 /**
+ * @public
  * <p>Amazon Web Services doesn't currently have enough available capacity to fulfill your request. Try your
  *          request later. </p>
  */
@@ -271,6 +298,9 @@ export declare class InsufficientCapacityException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<InsufficientCapacityException, __BaseException>);
 }
+/**
+ * @public
+ */
 export declare enum AttachmentStatus {
     CREATING = "CREATING",
     DELETING = "DELETING",
@@ -278,6 +308,7 @@ export declare enum AttachmentStatus {
     SCALING = "SCALING"
 }
 /**
+ * @public
  * <p>The configuration and status for a single subnet that you've specified for use by the
  *          Network Firewall firewall. This is part of the <a>FirewallStatus</a>.</p>
  */
@@ -308,6 +339,7 @@ export interface Attachment {
     StatusMessage?: string;
 }
 /**
+ * @public
  * <p>General information about the IP set.</p>
  */
 export interface IPSetMetadata {
@@ -317,6 +349,7 @@ export interface IPSetMetadata {
     ResolvedCIDRCount?: number;
 }
 /**
+ * @public
  * <p>Summarizes the CIDR blocks used by the IP set references in a firewall. Network Firewall calculates the number of CIDRs by taking an aggregated count of all CIDRs used by the IP sets you are referencing.</p>
  */
 export interface CIDRSummary {
@@ -334,6 +367,7 @@ export interface CIDRSummary {
     IPSetReferences?: Record<string, IPSetMetadata>;
 }
 /**
+ * @public
  * <p>The capacity usage summary of the resources used by the <a>ReferenceSets</a> in a firewall.</p>
  */
 export interface CapacityUsageSummary {
@@ -342,16 +376,23 @@ export interface CapacityUsageSummary {
      */
     CIDRs?: CIDRSummary;
 }
+/**
+ * @public
+ */
 export declare enum ConfigurationSyncState {
     CAPACITY_CONSTRAINED = "CAPACITY_CONSTRAINED",
     IN_SYNC = "IN_SYNC",
     PENDING = "PENDING"
 }
+/**
+ * @public
+ */
 export declare enum EncryptionType {
     AWS_OWNED_KMS_KEY = "AWS_OWNED_KMS_KEY",
     CUSTOMER_KMS = "CUSTOMER_KMS"
 }
 /**
+ * @public
  * <p>A complex type that contains optional Amazon Web Services Key Management Service (KMS) encryption settings for your Network Firewall resources. Your data is encrypted by default with an Amazon Web Services owned key that Amazon Web Services owns and manages for you. You can use either the Amazon Web Services owned key, or provide your own customer managed key. To learn more about KMS encryption of your Network Firewall resources, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html">Encryption at rest with Amazon Web Services Key Managment Service</a> in the <i>Network Firewall Developer Guide</i>.</p>
  */
 export interface EncryptionConfiguration {
@@ -365,6 +406,7 @@ export interface EncryptionConfiguration {
     Type: EncryptionType | string | undefined;
 }
 /**
+ * @public
  * <p>A key:value pair associated with an Amazon Web Services resource. The key:value pair can be anything you
  *          define. Typically, the tag key represents a category (such as "environment") and the tag
  *          value represents a specific value within that category (such as "test," "development," or
@@ -383,6 +425,9 @@ export interface Tag {
      */
     Value: string | undefined;
 }
+/**
+ * @public
+ */
 export interface CreateFirewallRequest {
     /**
      * <p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p>
@@ -436,6 +481,7 @@ export interface CreateFirewallRequest {
     EncryptionConfiguration?: EncryptionConfiguration;
 }
 /**
+ * @public
  * <p>The firewall defines the configuration settings for an Network Firewall firewall. These settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource. </p>
  *          <p>The status of the firewall, for example whether it's ready to filter network traffic,
  *          is provided in the corresponding <a>FirewallStatus</a>. You can retrieve both
@@ -501,17 +547,24 @@ export interface Firewall {
      */
     EncryptionConfiguration?: EncryptionConfiguration;
 }
+/**
+ * @public
+ */
 export declare enum FirewallStatusValue {
     DELETING = "DELETING",
     PROVISIONING = "PROVISIONING",
     READY = "READY"
 }
+/**
+ * @public
+ */
 export declare enum PerObjectSyncStatus {
     CAPACITY_CONSTRAINED = "CAPACITY_CONSTRAINED",
     IN_SYNC = "IN_SYNC",
     PENDING = "PENDING"
 }
 /**
+ * @public
  * <p>Provides configuration status for a single policy or rule group that is used for a firewall endpoint. Network Firewall
  *          provides each endpoint with the rules that are configured in the firewall policy. Each time
  *          you add a subnet or modify the associated firewall policy, Network Firewall synchronizes the
@@ -528,6 +581,7 @@ export interface PerObjectStatus {
     UpdateToken?: string;
 }
 /**
+ * @public
  * <p>The status of the firewall endpoint and firewall policy configuration for a single VPC
  *          subnet. </p>
  *          <p>For each VPC subnet that you associate with a firewall, Network Firewall does the
@@ -561,6 +615,7 @@ export interface SyncState {
     Config?: Record<string, PerObjectStatus>;
 }
 /**
+ * @public
  * <p>Detailed information about the current status of a <a>Firewall</a>. You can retrieve this for a firewall by calling <a>DescribeFirewall</a> and providing the firewall name and ARN.</p>
  */
 export interface FirewallStatus {
@@ -599,6 +654,9 @@ export interface FirewallStatus {
      */
     CapacityUsageSummary?: CapacityUsageSummary;
 }
+/**
+ * @public
+ */
 export interface CreateFirewallResponse {
     /**
      * <p>The configuration settings for the firewall. These settings include the firewall policy and the subnets in your VPC to use for the firewall endpoints. </p>
@@ -610,6 +668,7 @@ export interface CreateFirewallResponse {
     FirewallStatus?: FirewallStatus;
 }
 /**
+ * @public
  * <p>Unable to perform the operation because doing so would violate a limit setting. </p>
  */
 export declare class LimitExceededException extends __BaseException {
@@ -621,15 +680,22 @@ export declare class LimitExceededException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<LimitExceededException, __BaseException>);
 }
+/**
+ * @public
+ */
 export declare enum RuleOrder {
     DEFAULT_ACTION_ORDER = "DEFAULT_ACTION_ORDER",
     STRICT_ORDER = "STRICT_ORDER"
 }
+/**
+ * @public
+ */
 export declare enum StreamExceptionPolicy {
     CONTINUE = "CONTINUE",
     DROP = "DROP"
 }
 /**
+ * @public
  * <p>Configuration settings for the handling of the stateful rule groups in a firewall policy. </p>
  */
 export interface StatefulEngineOptions {
@@ -656,10 +722,14 @@ export interface StatefulEngineOptions {
      */
     StreamExceptionPolicy?: StreamExceptionPolicy | string;
 }
+/**
+ * @public
+ */
 export declare enum OverrideAction {
     DROP_TO_ALERT = "DROP_TO_ALERT"
 }
 /**
+ * @public
  * <p>The setting that allows the policy owner to change the behavior of the rule group within a policy. </p>
  */
 export interface StatefulRuleGroupOverride {
@@ -670,6 +740,7 @@ export interface StatefulRuleGroupOverride {
     Action?: OverrideAction | string;
 }
 /**
+ * @public
  * <p>Identifier for a single stateful rule group, used in a firewall policy to refer to a
  *          rule group. </p>
  */
@@ -696,6 +767,7 @@ export interface StatefulRuleGroupReference {
     Override?: StatefulRuleGroupOverride;
 }
 /**
+ * @public
  * <p>An optional, non-standard action to use for stateless packet handling. You can define
  *          this in addition to the standard action that you must specify. </p>
  *          <p>You define and name the custom actions that you want to be able to use, and then you
@@ -729,6 +801,7 @@ export interface CustomAction {
     ActionDefinition: ActionDefinition | undefined;
 }
 /**
+ * @public
  * <p>Identifier for a single stateless rule group, used in a firewall policy to refer to the
  *          rule group. </p>
  */
@@ -746,6 +819,7 @@ export interface StatelessRuleGroupReference {
     Priority: number | undefined;
 }
 /**
+ * @public
  * <p>The firewall policy defines the behavior of a firewall using a collection of stateless
  *          and stateful rule groups and other settings. You can use one firewall policy for multiple
  *          firewalls. </p>
@@ -823,6 +897,9 @@ export interface FirewallPolicy {
      */
     StatefulEngineOptions?: StatefulEngineOptions;
 }
+/**
+ * @public
+ */
 export interface CreateFirewallPolicyRequest {
     /**
      * <p>The descriptive name of the firewall policy. You can't change the name of a firewall policy after you create it.</p>
@@ -854,11 +931,15 @@ export interface CreateFirewallPolicyRequest {
      */
     EncryptionConfiguration?: EncryptionConfiguration;
 }
+/**
+ * @public
+ */
 export declare enum ResourceStatus {
     ACTIVE = "ACTIVE",
     DELETING = "DELETING"
 }
 /**
+ * @public
  * <p>The high-level properties of a firewall policy. This, along with the <a>FirewallPolicy</a>, define the policy. You can retrieve all objects for a firewall policy by calling <a>DescribeFirewallPolicy</a>. </p>
  */
 export interface FirewallPolicyResponse {
@@ -914,6 +995,9 @@ export interface FirewallPolicyResponse {
      */
     LastModifiedTime?: Date;
 }
+/**
+ * @public
+ */
 export interface CreateFirewallPolicyResponse {
     /**
      * <p>A token used for optimistic locking. Network Firewall returns a token to your requests that access the firewall policy. The token marks the state of the policy resource at the time of the request. </p>
@@ -926,6 +1010,7 @@ export interface CreateFirewallPolicyResponse {
     FirewallPolicyResponse: FirewallPolicyResponse | undefined;
 }
 /**
+ * @public
  * <p>Configures one or more IP set references for a Suricata-compatible rule group. This is used in <a>CreateRuleGroup</a> or <a>UpdateRuleGroup</a>. An IP set reference is a rule variable that references a resource that you create and manage in another Amazon Web Services service, such as an Amazon VPC prefix list. Network Firewall IP set references enable you to dynamically update the contents of your rules. When you create, update, or delete the IP set you are referencing in your rule, Network Firewall automatically updates the rule's content with the changes. For more information about IP set references in Network Firewall, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references">Using IP set references</a> in the <i>Network Firewall Developer Guide</i>.</p>
  *          <p>
  *         Network Firewall currently supports only <a href="https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html">Amazon VPC prefix lists</a> as IP set references.
@@ -938,6 +1023,7 @@ export interface IPSetReference {
     ReferenceArn?: string;
 }
 /**
+ * @public
  * <p>Contains a set of IP set references.</p>
  */
 export interface ReferenceSets {
@@ -946,15 +1032,22 @@ export interface ReferenceSets {
      */
     IPSetReferences?: Record<string, IPSetReference>;
 }
+/**
+ * @public
+ */
 export declare enum GeneratedRulesType {
     ALLOWLIST = "ALLOWLIST",
     DENYLIST = "DENYLIST"
 }
+/**
+ * @public
+ */
 export declare enum TargetType {
     HTTP_HOST = "HTTP_HOST",
     TLS_SNI = "TLS_SNI"
 }
 /**
+ * @public
  * <p>Stateful inspection criteria for a domain list rule group. </p>
  *          <p>For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.</p>
  *          <p>By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the <code>HOME_NET</code> rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see <a>RuleVariables</a> in this guide and <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-domain-names.html">Stateful domain list rule groups in Network Firewall</a> in the <i>Network Firewall Developer Guide</i>.</p>
@@ -981,16 +1074,25 @@ export interface RulesSourceList {
      */
     GeneratedRulesType: GeneratedRulesType | string | undefined;
 }
+/**
+ * @public
+ */
 export declare enum StatefulAction {
     ALERT = "ALERT",
     DROP = "DROP",
     PASS = "PASS",
     REJECT = "REJECT"
 }
+/**
+ * @public
+ */
 export declare enum StatefulRuleDirection {
     ANY = "ANY",
     FORWARD = "FORWARD"
 }
+/**
+ * @public
+ */
 export declare enum StatefulRuleProtocol {
     ANY = "IP",
     DCERPC = "DCERPC",
@@ -1013,6 +1115,7 @@ export declare enum StatefulRuleProtocol {
     UDP = "UDP"
 }
 /**
+ * @public
  * <p>The basic rule criteria for Network Firewall to use to inspect packet headers in stateful
  *          traffic flow inspection. Traffic flows that match the criteria are a match for the
  *          corresponding <a>StatefulRule</a>. </p>
@@ -1091,6 +1194,7 @@ export interface Header {
     DestinationPort: string | undefined;
 }
 /**
+ * @public
  * <p>Additional settings for a stateful rule. This is part of the <a>StatefulRule</a> configuration.</p>
  */
 export interface RuleOption {
@@ -1104,6 +1208,7 @@ export interface RuleOption {
     Settings?: string[];
 }
 /**
+ * @public
  * <p>A single Suricata rules specification, for use in a stateful rule group.
  *        Use this option to specify a simple Suricata rule with protocol, source and destination, ports, direction, and rule options.
  *        For information about the Suricata <code>Rules</code> format, see
@@ -1157,6 +1262,7 @@ export interface StatefulRule {
     RuleOptions: RuleOption[] | undefined;
 }
 /**
+ * @public
  * <p>A single port range specification. This is used for source and destination port ranges
  *          in the stateless rule <a>MatchAttributes</a>, <code>SourcePorts</code>, and
  *             <code>DestinationPorts</code> settings. </p>
@@ -1173,6 +1279,9 @@ export interface PortRange {
      */
     ToPort: number | undefined;
 }
+/**
+ * @public
+ */
 export declare enum TCPFlag {
     ACK = "ACK",
     CWR = "CWR",
@@ -1184,6 +1293,7 @@ export declare enum TCPFlag {
     URG = "URG"
 }
 /**
+ * @public
  * <p>TCP flags and masks to inspect packets for, used in stateless rules <a>MatchAttributes</a> settings.</p>
  */
 export interface TCPFlagField {
@@ -1206,6 +1316,7 @@ export interface TCPFlagField {
     Masks?: (TCPFlag | string)[];
 }
 /**
+ * @public
  * <p>Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each match attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP flags. </p>
  */
 export interface MatchAttributes {
@@ -1245,6 +1356,7 @@ export interface MatchAttributes {
     TCPFlags?: TCPFlagField[];
 }
 /**
+ * @public
  * <p>The inspection criteria and action for a single stateless rule. Network Firewall inspects each packet for the specified matching
  *          criteria. When a packet matches the criteria, Network Firewall performs the rule's actions on
  *          the packet.</p>
@@ -1296,6 +1408,7 @@ export interface RuleDefinition {
     Actions: string[] | undefined;
 }
 /**
+ * @public
  * <p>A single stateless rule. This is used in <a>StatelessRulesAndCustomActions</a>.</p>
  */
 export interface StatelessRule {
@@ -1321,6 +1434,7 @@ export interface StatelessRule {
     Priority: number | undefined;
 }
 /**
+ * @public
  * <p>Stateless inspection criteria. Each stateless rule group uses exactly one of these data
  *          types to define its stateless rules. </p>
  */
@@ -1339,6 +1453,7 @@ export interface StatelessRulesAndCustomActions {
     CustomActions?: CustomAction[];
 }
 /**
+ * @public
  * <p>The stateless or stateful rules definitions for use in a single rule group. Each rule
  *          group requires a single <code>RulesSource</code>. You can use an instance of this for
  *          either stateless rules or stateful rules. </p>
@@ -1370,6 +1485,7 @@ export interface RulesSource {
     StatelessRulesAndCustomActions?: StatelessRulesAndCustomActions;
 }
 /**
+ * @public
  * <p>A list of IP addresses and address ranges, in CIDR notation. This is part of a <a>RuleVariables</a>. </p>
  */
 export interface IPSet {
@@ -1381,6 +1497,7 @@ export interface IPSet {
     Definition: string[] | undefined;
 }
 /**
+ * @public
  * <p>A set of port ranges for use in the rules in a rule group. </p>
  */
 export interface PortSet {
@@ -1391,6 +1508,7 @@ export interface PortSet {
     Definition?: string[];
 }
 /**
+ * @public
  * <p>Settings that are available for use in the rules in the <a>RuleGroup</a>
  *          where this is defined. </p>
  */
@@ -1405,6 +1523,7 @@ export interface RuleVariables {
     PortSets?: Record<string, PortSet>;
 }
 /**
+ * @public
  * <p>Additional options governing how Network Firewall handles the rule group. You can only use these for stateful rule groups.</p>
  */
 export interface StatefulRuleOptions {
@@ -1418,6 +1537,7 @@ export interface StatefulRuleOptions {
     RuleOrder?: RuleOrder | string;
 }
 /**
+ * @public
  * <p>The object that defines the rules in a rule group. This, along with <a>RuleGroupResponse</a>, define the rule group. You can retrieve all objects for a rule group by calling <a>DescribeRuleGroup</a>. </p>
  *          <p>Network Firewall uses a rule group to inspect and control network traffic.
  *     You define stateless rule groups to inspect individual packets and you define stateful rule groups to inspect packets in the context of their
@@ -1446,6 +1566,7 @@ export interface RuleGroup {
     StatefulRuleOptions?: StatefulRuleOptions;
 }
 /**
+ * @public
  * <p>High-level information about the managed rule group that your own rule group is copied from. You can use the the metadata to track version updates made to the originating rule group. You can retrieve all objects for a rule group by calling <a href="https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html">DescribeRuleGroup</a>.</p>
  */
 export interface SourceMetadata {
@@ -1458,10 +1579,16 @@ export interface SourceMetadata {
      */
     SourceUpdateToken?: string;
 }
+/**
+ * @public
+ */
 export declare enum RuleGroupType {
     STATEFUL = "STATEFUL",
     STATELESS = "STATELESS"
 }
+/**
+ * @public
+ */
 export interface CreateRuleGroupRequest {
     /**
      * <p>The descriptive name of the rule group. You can't change the name of a rule group after you create it.</p>
@@ -1560,6 +1687,7 @@ export interface CreateRuleGroupRequest {
     SourceMetadata?: SourceMetadata;
 }
 /**
+ * @public
  * <p>The high-level properties of a rule group. This, along with the <a>RuleGroup</a>, define the rule group. You can retrieve all objects for a rule group by calling <a>DescribeRuleGroup</a>. </p>
  */
 export interface RuleGroupResponse {
@@ -1633,6 +1761,9 @@ export interface RuleGroupResponse {
      */
     LastModifiedTime?: Date;
 }
+/**
+ * @public
+ */
 export interface CreateRuleGroupResponse {
     /**
      * <p>A token used for optimistic locking. Network Firewall returns a token to your requests that access the rule group. The token marks the state of the rule group resource at the time of the request. </p>
@@ -1644,6 +1775,9 @@ export interface CreateRuleGroupResponse {
      */
     RuleGroupResponse: RuleGroupResponse | undefined;
 }
+/**
+ * @public
+ */
 export interface DeleteFirewallRequest {
     /**
      * <p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p>
@@ -1656,6 +1790,9 @@ export interface DeleteFirewallRequest {
      */
     FirewallArn?: string;
 }
+/**
+ * @public
+ */
 export interface DeleteFirewallResponse {
     /**
      * <p>The firewall defines the configuration settings for an Network Firewall firewall. These settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource. </p>
@@ -1670,6 +1807,7 @@ export interface DeleteFirewallResponse {
     FirewallStatus?: FirewallStatus;
 }
 /**
+ * @public
  * <p>The operation you requested isn't supported by Network Firewall. </p>
  */
 export declare class UnsupportedOperationException extends __BaseException {
@@ -1681,6 +1819,9 @@ export declare class UnsupportedOperationException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<UnsupportedOperationException, __BaseException>);
 }
+/**
+ * @public
+ */
 export interface DeleteFirewallPolicyRequest {
     /**
      * <p>The descriptive name of the firewall policy. You can't change the name of a firewall policy after you create it.</p>
@@ -1693,6 +1834,9 @@ export interface DeleteFirewallPolicyRequest {
      */
     FirewallPolicyArn?: string;
 }
+/**
+ * @public
+ */
 export interface DeleteFirewallPolicyResponse {
     /**
      * <p>The object containing the definition of the <a>FirewallPolicyResponse</a>
@@ -1700,15 +1844,22 @@ export interface DeleteFirewallPolicyResponse {
      */
     FirewallPolicyResponse: FirewallPolicyResponse | undefined;
 }
+/**
+ * @public
+ */
 export interface DeleteResourcePolicyRequest {
     /**
      * <p>The Amazon Resource Name (ARN) of the rule group or firewall policy whose resource policy you want to delete. </p>
      */
     ResourceArn: string | undefined;
 }
+/**
+ * @public
+ */
 export interface DeleteResourcePolicyResponse {
 }
 /**
+ * @public
  * <p>The policy statement failed validation.</p>
  */
 export declare class InvalidResourcePolicyException extends __BaseException {
@@ -1720,6 +1871,9 @@ export declare class InvalidResourcePolicyException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<InvalidResourcePolicyException, __BaseException>);
 }
+/**
+ * @public
+ */
 export interface DeleteRuleGroupRequest {
     /**
      * <p>The descriptive name of the rule group. You can't change the name of a rule group after you create it.</p>
@@ -1740,12 +1894,18 @@ export interface DeleteRuleGroupRequest {
      */
     Type?: RuleGroupType | string;
 }
+/**
+ * @public
+ */
 export interface DeleteRuleGroupResponse {
     /**
      * <p>The high-level properties of a rule group. This, along with the <a>RuleGroup</a>, define the rule group. You can retrieve all objects for a rule group by calling <a>DescribeRuleGroup</a>. </p>
      */
     RuleGroupResponse: RuleGroupResponse | undefined;
 }
+/**
+ * @public
+ */
 export interface DescribeFirewallRequest {
     /**
      * <p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p>
@@ -1758,6 +1918,9 @@ export interface DescribeFirewallRequest {
      */
     FirewallArn?: string;
 }
+/**
+ * @public
+ */
 export interface DescribeFirewallResponse {
     /**
      * <p>An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request. </p>
@@ -1774,6 +1937,9 @@ export interface DescribeFirewallResponse {
      */
     FirewallStatus?: FirewallStatus;
 }
+/**
+ * @public
+ */
 export interface DescribeFirewallPolicyRequest {
     /**
      * <p>The descriptive name of the firewall policy. You can't change the name of a firewall policy after you create it.</p>
@@ -1786,6 +1952,9 @@ export interface DescribeFirewallPolicyRequest {
      */
     FirewallPolicyArn?: string;
 }
+/**
+ * @public
+ */
 export interface DescribeFirewallPolicyResponse {
     /**
      * <p>A token used for optimistic locking. Network Firewall returns a token to your requests that access the firewall policy. The token marks the state of the policy resource at the time of the request. </p>
@@ -1801,6 +1970,9 @@ export interface DescribeFirewallPolicyResponse {
      */
     FirewallPolicy?: FirewallPolicy;
 }
+/**
+ * @public
+ */
 export interface DescribeLoggingConfigurationRequest {
     /**
      * <p>The Amazon Resource Name (ARN) of the firewall.</p>
@@ -1813,16 +1985,23 @@ export interface DescribeLoggingConfigurationRequest {
      */
     FirewallName?: string;
 }
+/**
+ * @public
+ */
 export declare enum LogDestinationType {
     CLOUDWATCH_LOGS = "CloudWatchLogs",
     KINESIS_DATA_FIREHOSE = "KinesisDataFirehose",
     S3 = "S3"
 }
+/**
+ * @public
+ */
 export declare enum LogType {
     ALERT = "ALERT",
     FLOW = "FLOW"
 }
 /**
+ * @public
  * <p>Defines where Network Firewall sends logs for the firewall for one log type. This is used
  *          in <a>LoggingConfiguration</a>. You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.</p>
  *          <p>Network Firewall generates logs for stateful rule groups. You can save alert and flow log
@@ -1851,8 +2030,8 @@ export interface LogDestinationConfig {
      *                specifies an Amazon S3 bucket named
      *                <code>DOC-EXAMPLE-BUCKET</code> and the prefix <code>alerts</code>: </p>
      *                <p>
-     *                   <code>"LogDestination": { "bucketName": "DOC-EXAMPLE-BUCKET", "prefix": "alerts"
-     *                   }</code>
+     *                   <code>"LogDestination": \{ "bucketName": "DOC-EXAMPLE-BUCKET", "prefix": "alerts"
+     *                   \}</code>
      *                </p>
      *             </li>
      *             <li>
@@ -1860,7 +2039,7 @@ export interface LogDestinationConfig {
      *                   <code>logGroup</code>. The following example specifies a log group named
      *                   <code>alert-log-group</code>: </p>
      *                <p>
-     *                   <code>"LogDestination": { "logGroup": "alert-log-group" }</code>
+     *                   <code>"LogDestination": \{ "logGroup": "alert-log-group" \}</code>
      *                </p>
      *             </li>
      *             <li>
@@ -1868,8 +2047,8 @@ export interface LogDestinationConfig {
      *                   <code>deliveryStream</code>. The following example specifies a delivery stream
      *                named <code>alert-delivery-stream</code>: </p>
      *                <p>
-     *                   <code>"LogDestination": { "deliveryStream": "alert-delivery-stream"
-     *                }</code>
+     *                   <code>"LogDestination": \{ "deliveryStream": "alert-delivery-stream"
+     *                \}</code>
      *                </p>
      *             </li>
      *          </ul>
@@ -1877,6 +2056,7 @@ export interface LogDestinationConfig {
     LogDestination: Record<string, string> | undefined;
 }
 /**
+ * @public
  * <p>Defines how Network Firewall performs logging for a <a>Firewall</a>. </p>
  */
 export interface LoggingConfiguration {
@@ -1886,6 +2066,9 @@ export interface LoggingConfiguration {
      */
     LogDestinationConfigs: LogDestinationConfig[] | undefined;
 }
+/**
+ * @public
+ */
 export interface DescribeLoggingConfigurationResponse {
     /**
      * <p>The Amazon Resource Name (ARN) of the firewall.</p>
@@ -1896,18 +2079,27 @@ export interface DescribeLoggingConfigurationResponse {
      */
     LoggingConfiguration?: LoggingConfiguration;
 }
+/**
+ * @public
+ */
 export interface DescribeResourcePolicyRequest {
     /**
      * <p>The Amazon Resource Name (ARN) of the rule group or firewall policy whose resource policy you want to retrieve. </p>
      */
     ResourceArn: string | undefined;
 }
+/**
+ * @public
+ */
 export interface DescribeResourcePolicyResponse {
     /**
      * <p>The IAM policy for the resource. </p>
      */
     Policy?: string;
 }
+/**
+ * @public
+ */
 export interface DescribeRuleGroupRequest {
     /**
      * <p>The descriptive name of the rule group. You can't change the name of a rule group after you create it.</p>
@@ -1928,6 +2120,9 @@ export interface DescribeRuleGroupRequest {
      */
     Type?: RuleGroupType | string;
 }
+/**
+ * @public
+ */
 export interface DescribeRuleGroupResponse {
     /**
      * <p>A token used for optimistic locking. Network Firewall returns a token to your requests that access the rule group. The token marks the state of the rule group resource at the time of the request. </p>
@@ -1948,6 +2143,9 @@ export interface DescribeRuleGroupResponse {
      */
     RuleGroupResponse: RuleGroupResponse | undefined;
 }
+/**
+ * @public
+ */
 export interface DescribeRuleGroupMetadataRequest {
     /**
      * <p>The descriptive name of the rule group. You can't change the name of a rule group after you create it.</p>
@@ -1968,6 +2166,9 @@ export interface DescribeRuleGroupMetadataRequest {
      */
     Type?: RuleGroupType | string;
 }
+/**
+ * @public
+ */
 export interface DescribeRuleGroupMetadataResponse {
     /**
      * <p>The descriptive name of the rule group. You can't change the name of a rule group after you create it.</p>
@@ -2009,6 +2210,9 @@ export interface DescribeRuleGroupMetadataResponse {
      */
     LastModifiedTime?: Date;
 }
+/**
+ * @public
+ */
 export interface DisassociateSubnetsRequest {
     /**
      * <p>An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request. </p>
@@ -2031,6 +2235,9 @@ export interface DisassociateSubnetsRequest {
      */
     SubnetIds: string[] | undefined;
 }
+/**
+ * @public
+ */
 export interface DisassociateSubnetsResponse {
     /**
      * <p>The Amazon Resource Name (ARN) of the firewall.</p>
@@ -2052,6 +2259,7 @@ export interface DisassociateSubnetsResponse {
     UpdateToken?: string;
 }
 /**
+ * @public
  * <p>High-level information about a firewall, returned by operations like create and
  *          describe. You can use the information provided in the metadata to retrieve and manage a
  *          firewall.</p>
@@ -2067,6 +2275,7 @@ export interface FirewallMetadata {
     FirewallArn?: string;
 }
 /**
+ * @public
  * <p>High-level information about a firewall policy, returned by operations like create and
  *          describe. You can use the information provided in the metadata to retrieve and manage a
  *          firewall policy. You can retrieve all objects for a firewall policy by calling <a>DescribeFirewallPolicy</a>. </p>
@@ -2081,6 +2290,9 @@ export interface FirewallPolicyMetadata {
      */
     Arn?: string;
 }
+/**
+ * @public
+ */
 export interface ListFirewallPoliciesRequest {
     /**
      * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
@@ -2095,6 +2307,9 @@ export interface ListFirewallPoliciesRequest {
      */
     MaxResults?: number;
 }
+/**
+ * @public
+ */
 export interface ListFirewallPoliciesResponse {
     /**
      * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
@@ -2108,6 +2323,9 @@ export interface ListFirewallPoliciesResponse {
      */
     FirewallPolicies?: FirewallPolicyMetadata[];
 }
+/**
+ * @public
+ */
 export interface ListFirewallsRequest {
     /**
      * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
@@ -2127,6 +2345,9 @@ export interface ListFirewallsRequest {
      */
     MaxResults?: number;
 }
+/**
+ * @public
+ */
 export interface ListFirewallsResponse {
     /**
      * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
@@ -2141,14 +2362,23 @@ export interface ListFirewallsResponse {
      */
     Firewalls?: FirewallMetadata[];
 }
+/**
+ * @public
+ */
 export declare enum ResourceManagedType {
     AWS_MANAGED_DOMAIN_LISTS = "AWS_MANAGED_DOMAIN_LISTS",
     AWS_MANAGED_THREAT_SIGNATURES = "AWS_MANAGED_THREAT_SIGNATURES"
 }
+/**
+ * @public
+ */
 export declare enum ResourceManagedStatus {
     ACCOUNT = "ACCOUNT",
     MANAGED = "MANAGED"
 }
+/**
+ * @public
+ */
 export interface ListRuleGroupsRequest {
     /**
      * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
@@ -2178,6 +2408,7 @@ export interface ListRuleGroupsRequest {
     Type?: RuleGroupType | string;
 }
 /**
+ * @public
  * <p>High-level information about a rule group, returned by <a>ListRuleGroups</a>.
  *          You can use the information provided in the metadata to retrieve and manage a
  *          rule group.</p>
@@ -2192,6 +2423,9 @@ export interface RuleGroupMetadata {
      */
     Arn?: string;
 }
+/**
+ * @public
+ */
 export interface ListRuleGroupsResponse {
     /**
      * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
@@ -2205,6 +2439,9 @@ export interface ListRuleGroupsResponse {
      */
     RuleGroups?: RuleGroupMetadata[];
 }
+/**
+ * @public
+ */
 export interface ListTagsForResourceRequest {
     /**
      * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
@@ -2223,6 +2460,9 @@ export interface ListTagsForResourceRequest {
      */
     ResourceArn: string | undefined;
 }
+/**
+ * @public
+ */
 export interface ListTagsForResourceResponse {
     /**
      * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
@@ -2236,6 +2476,7 @@ export interface ListTagsForResourceResponse {
     Tags?: Tag[];
 }
 /**
+ * @public
  * <p>Unable to send logs to a configured logging destination. </p>
  */
 export declare class LogDestinationPermissionException extends __BaseException {
@@ -2247,6 +2488,9 @@ export declare class LogDestinationPermissionException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<LogDestinationPermissionException, __BaseException>);
 }
+/**
+ * @public
+ */
 export interface PutResourcePolicyRequest {
     /**
      * <p>The Amazon Resource Name (ARN) of the account that you want to share rule groups and firewall policies with.</p>
@@ -2286,8 +2530,14 @@ export interface PutResourcePolicyRequest {
      */
     Policy: string | undefined;
 }
+/**
+ * @public
+ */
 export interface PutResourcePolicyResponse {
 }
+/**
+ * @public
+ */
 export interface TagResourceRequest {
     /**
      * <p>The Amazon Resource Name (ARN) of the resource.</p>
@@ -2298,8 +2548,14 @@ export interface TagResourceRequest {
      */
     Tags: Tag[] | undefined;
 }
+/**
+ * @public
+ */
 export interface TagResourceResponse {
 }
+/**
+ * @public
+ */
 export interface UntagResourceRequest {
     /**
      * <p>The Amazon Resource Name (ARN) of the resource.</p>
@@ -2310,9 +2566,13 @@ export interface UntagResourceRequest {
      */
     TagKeys: string[] | undefined;
 }
+/**
+ * @public
+ */
 export interface UntagResourceResponse {
 }
 /**
+ * @public
  * <p>Unable to change the resource because your account doesn't own it. </p>
  */
 export declare class ResourceOwnerCheckException extends __BaseException {
@@ -2324,6 +2584,9 @@ export declare class ResourceOwnerCheckException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<ResourceOwnerCheckException, __BaseException>);
 }
+/**
+ * @public
+ */
 export interface UpdateFirewallDeleteProtectionRequest {
     /**
      * <p>An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request. </p>
@@ -2348,6 +2611,9 @@ export interface UpdateFirewallDeleteProtectionRequest {
      */
     DeleteProtection: boolean | undefined;
 }
+/**
+ * @public
+ */
 export interface UpdateFirewallDeleteProtectionResponse {
     /**
      * <p>The Amazon Resource Name (ARN) of the firewall.</p>
@@ -2370,6 +2636,9 @@ export interface UpdateFirewallDeleteProtectionResponse {
      */
     UpdateToken?: string;
 }
+/**
+ * @public
+ */
 export interface UpdateFirewallDescriptionRequest {
     /**
      * <p>An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request. </p>
@@ -2393,6 +2662,9 @@ export interface UpdateFirewallDescriptionRequest {
      */
     Description?: string;
 }
+/**
+ * @public
+ */
 export interface UpdateFirewallDescriptionResponse {
     /**
      * <p>The Amazon Resource Name (ARN) of the firewall.</p>
@@ -2413,6 +2685,9 @@ export interface UpdateFirewallDescriptionResponse {
      */
     UpdateToken?: string;
 }
+/**
+ * @public
+ */
 export interface UpdateFirewallEncryptionConfigurationRequest {
     /**
      * <p>An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request. </p>
@@ -2433,6 +2708,9 @@ export interface UpdateFirewallEncryptionConfigurationRequest {
      */
     EncryptionConfiguration?: EncryptionConfiguration;
 }
+/**
+ * @public
+ */
 export interface UpdateFirewallEncryptionConfigurationResponse {
     /**
      * <p>The Amazon Resource Name (ARN) of the firewall.</p>
@@ -2453,6 +2731,9 @@ export interface UpdateFirewallEncryptionConfigurationResponse {
      */
     EncryptionConfiguration?: EncryptionConfiguration;
 }
+/**
+ * @public
+ */
 export interface UpdateFirewallPolicyRequest {
     /**
      * <p>A token used for optimistic locking. Network Firewall returns a token to your requests that access the firewall policy. The token marks the state of the policy resource at the time of the request. </p>
@@ -2491,6 +2772,9 @@ export interface UpdateFirewallPolicyRequest {
      */
     EncryptionConfiguration?: EncryptionConfiguration;
 }
+/**
+ * @public
+ */
 export interface UpdateFirewallPolicyResponse {
     /**
      * <p>A token used for optimistic locking. Network Firewall returns a token to your requests that access the firewall policy. The token marks the state of the policy resource at the time of the request. </p>
@@ -2502,6 +2786,9 @@ export interface UpdateFirewallPolicyResponse {
      */
     FirewallPolicyResponse: FirewallPolicyResponse | undefined;
 }
+/**
+ * @public
+ */
 export interface UpdateFirewallPolicyChangeProtectionRequest {
     /**
      * <p>An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request. </p>
@@ -2526,6 +2813,9 @@ export interface UpdateFirewallPolicyChangeProtectionRequest {
      */
     FirewallPolicyChangeProtection: boolean | undefined;
 }
+/**
+ * @public
+ */
 export interface UpdateFirewallPolicyChangeProtectionResponse {
     /**
      * <p>An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request. </p>
@@ -2548,6 +2838,9 @@ export interface UpdateFirewallPolicyChangeProtectionResponse {
      */
     FirewallPolicyChangeProtection?: boolean;
 }
+/**
+ * @public
+ */
 export interface UpdateLoggingConfigurationRequest {
     /**
      * <p>The Amazon Resource Name (ARN) of the firewall.</p>
@@ -2565,6 +2858,9 @@ export interface UpdateLoggingConfigurationRequest {
      */
     LoggingConfiguration?: LoggingConfiguration;
 }
+/**
+ * @public
+ */
 export interface UpdateLoggingConfigurationResponse {
     /**
      * <p>The Amazon Resource Name (ARN) of the firewall.</p>
@@ -2579,6 +2875,9 @@ export interface UpdateLoggingConfigurationResponse {
      */
     LoggingConfiguration?: LoggingConfiguration;
 }
+/**
+ * @public
+ */
 export interface UpdateRuleGroupRequest {
     /**
      * <p>A token used for optimistic locking. Network Firewall returns a token to your requests that access the rule group. The token marks the state of the rule group resource at the time of the request. </p>
@@ -2642,6 +2941,9 @@ export interface UpdateRuleGroupRequest {
      */
     SourceMetadata?: SourceMetadata;
 }
+/**
+ * @public
+ */
 export interface UpdateRuleGroupResponse {
     /**
      * <p>A token used for optimistic locking. Network Firewall returns a token to your requests that access the rule group. The token marks the state of the rule group resource at the time of the request. </p>
@@ -2653,6 +2955,9 @@ export interface UpdateRuleGroupResponse {
      */
     RuleGroupResponse: RuleGroupResponse | undefined;
 }
+/**
+ * @public
+ */
 export interface UpdateSubnetChangeProtectionRequest {
     /**
      * <p>An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request. </p>
@@ -2677,6 +2982,9 @@ export interface UpdateSubnetChangeProtectionRequest {
      */
     SubnetChangeProtection: boolean | undefined;
 }
+/**
+ * @public
+ */
 export interface UpdateSubnetChangeProtectionResponse {
     /**
      * <p>An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request. </p>