@aws-sdk/client-network-firewall 3.395.0 → 3.403.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist-cjs/endpoint/ruleset.js +1 -1
- package/dist-cjs/protocols/Aws_json1_0.js +6 -0
- package/dist-cjs/runtimeExtensions.js +5 -5
- package/dist-es/endpoint/ruleset.js +1 -1
- package/dist-es/protocols/Aws_json1_0.js +6 -0
- package/dist-es/runtimeExtensions.js +5 -5
- package/dist-types/commands/CreateTLSInspectionConfigurationCommand.d.ts +8 -1
- package/dist-types/extensionConfiguration.d.ts +6 -0
- package/dist-types/models/models_0.d.ts +9 -16
- package/dist-types/runtimeExtensions.d.ts +2 -2
- package/dist-types/ts3.4/extensionConfiguration.d.ts +3 -0
- package/dist-types/ts3.4/runtimeExtensions.d.ts +2 -4
- package/package.json +29 -29
- package/dist-types/clientConfiguration.d.ts +0 -6
- package/dist-types/ts3.4/clientConfiguration.d.ts +0 -3
- /package/dist-cjs/{clientConfiguration.js → extensionConfiguration.js} +0 -0
- /package/dist-es/{clientConfiguration.js → extensionConfiguration.js} +0 -0
|
@@ -3,5 +3,5 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.ruleSet = void 0;
|
|
4
4
|
const q = "required", r = "fn", s = "argv", t = "ref";
|
|
5
5
|
const a = "isSet", b = "tree", c = "error", d = "endpoint", e = "PartitionResult", f = { [q]: false, "type": "String" }, g = { [q]: true, "default": false, "type": "Boolean" }, h = { [t]: "Endpoint" }, i = { [r]: "booleanEquals", [s]: [{ [t]: "UseFIPS" }, true] }, j = { [r]: "booleanEquals", [s]: [{ [t]: "UseDualStack" }, true] }, k = {}, l = { [r]: "booleanEquals", [s]: [true, { [r]: "getAttr", [s]: [{ [t]: e }, "supportsFIPS"] }] }, m = { [r]: "booleanEquals", [s]: [true, { [r]: "getAttr", [s]: [{ [t]: e }, "supportsDualStack"] }] }, n = [i], o = [j], p = [{ [t]: "Region" }];
|
|
6
|
-
const _data = { version: "1.0", parameters: { Region: f, UseDualStack: g, UseFIPS: g, Endpoint: f }, rules: [{ conditions: [{ [r]: a, [s]: [h] }], type: b, rules: [{ conditions: n, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: c }, {
|
|
6
|
+
const _data = { version: "1.0", parameters: { Region: f, UseDualStack: g, UseFIPS: g, Endpoint: f }, rules: [{ conditions: [{ [r]: a, [s]: [h] }], type: b, rules: [{ conditions: n, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: c }, { conditions: o, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: c }, { endpoint: { url: h, properties: k, headers: k }, type: d }] }, { conditions: [{ [r]: a, [s]: p }], type: b, rules: [{ conditions: [{ [r]: "aws.partition", [s]: p, assign: e }], type: b, rules: [{ conditions: [i, j], type: b, rules: [{ conditions: [l, m], type: b, rules: [{ endpoint: { url: "https://network-firewall-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: k, headers: k }, type: d }] }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: c }] }, { conditions: n, type: b, rules: [{ conditions: [l], type: b, rules: [{ endpoint: { url: "https://network-firewall-fips.{Region}.{PartitionResult#dnsSuffix}", properties: k, headers: k }, type: d }] }, { error: "FIPS is enabled but this partition does not support FIPS", type: c }] }, { conditions: o, type: b, rules: [{ conditions: [m], type: b, rules: [{ endpoint: { url: "https://network-firewall.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: k, headers: k }, type: d }] }, { error: "DualStack is enabled but this partition does not support DualStack", type: c }] }, { endpoint: { url: "https://network-firewall.{Region}.{PartitionResult#dnsSuffix}", properties: k, headers: k }, type: d }] }] }, { error: "Invalid Configuration: Missing Region", type: c }] };
|
|
7
7
|
exports.ruleSet = _data;
|
|
@@ -516,12 +516,18 @@ const de_CreateTLSInspectionConfigurationCommandError = async (output, context)
|
|
|
516
516
|
};
|
|
517
517
|
const errorCode = loadRestJsonErrorCode(output, parsedOutput.body);
|
|
518
518
|
switch (errorCode) {
|
|
519
|
+
case "InsufficientCapacityException":
|
|
520
|
+
case "com.amazonaws.networkfirewall#InsufficientCapacityException":
|
|
521
|
+
throw await de_InsufficientCapacityExceptionRes(parsedOutput, context);
|
|
519
522
|
case "InternalServerError":
|
|
520
523
|
case "com.amazonaws.networkfirewall#InternalServerError":
|
|
521
524
|
throw await de_InternalServerErrorRes(parsedOutput, context);
|
|
522
525
|
case "InvalidRequestException":
|
|
523
526
|
case "com.amazonaws.networkfirewall#InvalidRequestException":
|
|
524
527
|
throw await de_InvalidRequestExceptionRes(parsedOutput, context);
|
|
528
|
+
case "LimitExceededException":
|
|
529
|
+
case "com.amazonaws.networkfirewall#LimitExceededException":
|
|
530
|
+
throw await de_LimitExceededExceptionRes(parsedOutput, context);
|
|
525
531
|
case "ThrottlingException":
|
|
526
532
|
case "com.amazonaws.networkfirewall#ThrottlingException":
|
|
527
533
|
throw await de_ThrottlingExceptionRes(parsedOutput, context);
|
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.resolveRuntimeExtensions = void 0;
|
|
4
|
-
const
|
|
4
|
+
const smithy_client_1 = require("@smithy/smithy-client");
|
|
5
5
|
const asPartial = (t) => t;
|
|
6
6
|
const resolveRuntimeExtensions = (runtimeConfig, extensions) => {
|
|
7
|
-
const
|
|
8
|
-
...asPartial((0,
|
|
7
|
+
const extensionConfiguration = {
|
|
8
|
+
...asPartial((0, smithy_client_1.getDefaultExtensionConfiguration)(runtimeConfig)),
|
|
9
9
|
};
|
|
10
|
-
extensions.forEach((extension) => extension.
|
|
10
|
+
extensions.forEach((extension) => extension.configure(extensionConfiguration));
|
|
11
11
|
return {
|
|
12
12
|
...runtimeConfig,
|
|
13
|
-
...(0,
|
|
13
|
+
...(0, smithy_client_1.resolveDefaultRuntimeConfig)(extensionConfiguration),
|
|
14
14
|
};
|
|
15
15
|
};
|
|
16
16
|
exports.resolveRuntimeExtensions = resolveRuntimeExtensions;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
const q = "required", r = "fn", s = "argv", t = "ref";
|
|
2
2
|
const a = "isSet", b = "tree", c = "error", d = "endpoint", e = "PartitionResult", f = { [q]: false, "type": "String" }, g = { [q]: true, "default": false, "type": "Boolean" }, h = { [t]: "Endpoint" }, i = { [r]: "booleanEquals", [s]: [{ [t]: "UseFIPS" }, true] }, j = { [r]: "booleanEquals", [s]: [{ [t]: "UseDualStack" }, true] }, k = {}, l = { [r]: "booleanEquals", [s]: [true, { [r]: "getAttr", [s]: [{ [t]: e }, "supportsFIPS"] }] }, m = { [r]: "booleanEquals", [s]: [true, { [r]: "getAttr", [s]: [{ [t]: e }, "supportsDualStack"] }] }, n = [i], o = [j], p = [{ [t]: "Region" }];
|
|
3
|
-
const _data = { version: "1.0", parameters: { Region: f, UseDualStack: g, UseFIPS: g, Endpoint: f }, rules: [{ conditions: [{ [r]: a, [s]: [h] }], type: b, rules: [{ conditions: n, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: c }, {
|
|
3
|
+
const _data = { version: "1.0", parameters: { Region: f, UseDualStack: g, UseFIPS: g, Endpoint: f }, rules: [{ conditions: [{ [r]: a, [s]: [h] }], type: b, rules: [{ conditions: n, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: c }, { conditions: o, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: c }, { endpoint: { url: h, properties: k, headers: k }, type: d }] }, { conditions: [{ [r]: a, [s]: p }], type: b, rules: [{ conditions: [{ [r]: "aws.partition", [s]: p, assign: e }], type: b, rules: [{ conditions: [i, j], type: b, rules: [{ conditions: [l, m], type: b, rules: [{ endpoint: { url: "https://network-firewall-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: k, headers: k }, type: d }] }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: c }] }, { conditions: n, type: b, rules: [{ conditions: [l], type: b, rules: [{ endpoint: { url: "https://network-firewall-fips.{Region}.{PartitionResult#dnsSuffix}", properties: k, headers: k }, type: d }] }, { error: "FIPS is enabled but this partition does not support FIPS", type: c }] }, { conditions: o, type: b, rules: [{ conditions: [m], type: b, rules: [{ endpoint: { url: "https://network-firewall.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: k, headers: k }, type: d }] }, { error: "DualStack is enabled but this partition does not support DualStack", type: c }] }, { endpoint: { url: "https://network-firewall.{Region}.{PartitionResult#dnsSuffix}", properties: k, headers: k }, type: d }] }] }, { error: "Invalid Configuration: Missing Region", type: c }] };
|
|
4
4
|
export const ruleSet = _data;
|
|
@@ -470,12 +470,18 @@ const de_CreateTLSInspectionConfigurationCommandError = async (output, context)
|
|
|
470
470
|
};
|
|
471
471
|
const errorCode = loadRestJsonErrorCode(output, parsedOutput.body);
|
|
472
472
|
switch (errorCode) {
|
|
473
|
+
case "InsufficientCapacityException":
|
|
474
|
+
case "com.amazonaws.networkfirewall#InsufficientCapacityException":
|
|
475
|
+
throw await de_InsufficientCapacityExceptionRes(parsedOutput, context);
|
|
473
476
|
case "InternalServerError":
|
|
474
477
|
case "com.amazonaws.networkfirewall#InternalServerError":
|
|
475
478
|
throw await de_InternalServerErrorRes(parsedOutput, context);
|
|
476
479
|
case "InvalidRequestException":
|
|
477
480
|
case "com.amazonaws.networkfirewall#InvalidRequestException":
|
|
478
481
|
throw await de_InvalidRequestExceptionRes(parsedOutput, context);
|
|
482
|
+
case "LimitExceededException":
|
|
483
|
+
case "com.amazonaws.networkfirewall#LimitExceededException":
|
|
484
|
+
throw await de_LimitExceededExceptionRes(parsedOutput, context);
|
|
479
485
|
case "ThrottlingException":
|
|
480
486
|
case "com.amazonaws.networkfirewall#ThrottlingException":
|
|
481
487
|
throw await de_ThrottlingExceptionRes(parsedOutput, context);
|
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { getDefaultExtensionConfiguration, resolveDefaultRuntimeConfig } from "@smithy/smithy-client";
|
|
2
2
|
const asPartial = (t) => t;
|
|
3
3
|
export const resolveRuntimeExtensions = (runtimeConfig, extensions) => {
|
|
4
|
-
const
|
|
5
|
-
...asPartial(
|
|
4
|
+
const extensionConfiguration = {
|
|
5
|
+
...asPartial(getDefaultExtensionConfiguration(runtimeConfig)),
|
|
6
6
|
};
|
|
7
|
-
extensions.forEach((extension) => extension.
|
|
7
|
+
extensions.forEach((extension) => extension.configure(extensionConfiguration));
|
|
8
8
|
return {
|
|
9
9
|
...runtimeConfig,
|
|
10
|
-
...resolveDefaultRuntimeConfig(
|
|
10
|
+
...resolveDefaultRuntimeConfig(extensionConfiguration),
|
|
11
11
|
};
|
|
12
12
|
};
|
|
@@ -24,7 +24,7 @@ export interface CreateTLSInspectionConfigurationCommandOutput extends CreateTLS
|
|
|
24
24
|
/**
|
|
25
25
|
* @public
|
|
26
26
|
* <p>Creates an Network Firewall TLS inspection configuration. A TLS inspection configuration contains the Certificate Manager certificate references that Network Firewall uses to decrypt and re-encrypt inbound traffic.</p>
|
|
27
|
-
* <p>After you create a TLS inspection configuration, you associate it with a firewall policy.</p>
|
|
27
|
+
* <p>After you create a TLS inspection configuration, you associate it with a new firewall policy.</p>
|
|
28
28
|
* <p>To update the settings for a TLS inspection configuration, use <a>UpdateTLSInspectionConfiguration</a>.</p>
|
|
29
29
|
* <p>To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, <a>ListTagsForResource</a>, <a>TagResource</a>, and <a>UntagResource</a>.</p>
|
|
30
30
|
* <p>To retrieve information about TLS inspection configurations, use <a>ListTLSInspectionConfigurations</a> and <a>DescribeTLSInspectionConfiguration</a>.</p>
|
|
@@ -133,6 +133,10 @@ export interface CreateTLSInspectionConfigurationCommandOutput extends CreateTLS
|
|
|
133
133
|
* @see {@link CreateTLSInspectionConfigurationCommandOutput} for command's `response` shape.
|
|
134
134
|
* @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
|
|
135
135
|
*
|
|
136
|
+
* @throws {@link InsufficientCapacityException} (server fault)
|
|
137
|
+
* <p>Amazon Web Services doesn't currently have enough available capacity to fulfill your request. Try your
|
|
138
|
+
* request later. </p>
|
|
139
|
+
*
|
|
136
140
|
* @throws {@link InternalServerError} (server fault)
|
|
137
141
|
* <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
|
|
138
142
|
* system problem. Retry your request. </p>
|
|
@@ -153,6 +157,9 @@ export interface CreateTLSInspectionConfigurationCommandOutput extends CreateTLS
|
|
|
153
157
|
* </li>
|
|
154
158
|
* </ul>
|
|
155
159
|
*
|
|
160
|
+
* @throws {@link LimitExceededException} (client fault)
|
|
161
|
+
* <p>Unable to perform the operation because doing so would violate a limit setting. </p>
|
|
162
|
+
*
|
|
156
163
|
* @throws {@link ThrottlingException} (client fault)
|
|
157
164
|
* <p>Unable to process the request due to throttling limitations.</p>
|
|
158
165
|
*
|
|
@@ -1457,12 +1457,12 @@ export interface Header {
|
|
|
1457
1457
|
export interface RuleOption {
|
|
1458
1458
|
/**
|
|
1459
1459
|
* @public
|
|
1460
|
-
* <p
|
|
1460
|
+
* <p>The keyword for the Suricata compatible rule option. You must include a <code>sid</code> (signature ID), and can optionally include other keywords. For information about Suricata compatible keywords, see <a href="https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html#rule-options">Rule options</a> in the Suricata documentation.</p>
|
|
1461
1461
|
*/
|
|
1462
1462
|
Keyword: string | undefined;
|
|
1463
1463
|
/**
|
|
1464
1464
|
* @public
|
|
1465
|
-
* <p
|
|
1465
|
+
* <p>The settings of the Suricata compatible rule option. Rule options have zero or more setting values, and the number of possible and required settings depends on the <code>Keyword</code>. For more information about the settings for specific options, see <a href="https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html#rule-options">Rule options</a>.</p>
|
|
1466
1466
|
*/
|
|
1467
1467
|
Settings?: string[];
|
|
1468
1468
|
}
|
|
@@ -1471,7 +1471,7 @@ export interface RuleOption {
|
|
|
1471
1471
|
* <p>A single Suricata rules specification, for use in a stateful rule group.
|
|
1472
1472
|
* Use this option to specify a simple Suricata rule with protocol, source and destination, ports, direction, and rule options.
|
|
1473
1473
|
* For information about the Suricata <code>Rules</code> format, see
|
|
1474
|
-
* <a href="https://suricata.readthedocs.
|
|
1474
|
+
* <a href="https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html">Rules Format</a>. </p>
|
|
1475
1475
|
*/
|
|
1476
1476
|
export interface StatefulRule {
|
|
1477
1477
|
/**
|
|
@@ -1501,13 +1501,6 @@ export interface StatefulRule {
|
|
|
1501
1501
|
* can enable the rule with <code>ALERT</code> action, verify in the logs that the rule
|
|
1502
1502
|
* is filtering as you want, then change the action to <code>DROP</code>.</p>
|
|
1503
1503
|
* </li>
|
|
1504
|
-
* <li>
|
|
1505
|
-
* <p>
|
|
1506
|
-
* <b>REJECT</b> - Drops TCP traffic that matches the conditions of the stateful rule, and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and a <code>RST</code> bit contained in the TCP header flags. Also sends an alert log mesage if alert logging is configured in the <a>Firewall</a>
|
|
1507
|
-
* <a>LoggingConfiguration</a>.</p>
|
|
1508
|
-
* <p>
|
|
1509
|
-
* <code>REJECT</code> isn't currently available for use with IMAP and FTP protocols.</p>
|
|
1510
|
-
* </li>
|
|
1511
1504
|
* </ul>
|
|
1512
1505
|
*/
|
|
1513
1506
|
Action: StatefulAction | string | undefined;
|
|
@@ -1762,7 +1755,7 @@ export interface RulesSource {
|
|
|
1762
1755
|
* <p>An array of individual stateful rules inspection criteria to be used together in a stateful rule group.
|
|
1763
1756
|
* Use this option to specify simple Suricata rules with protocol, source and destination, ports, direction, and rule options.
|
|
1764
1757
|
* For information about the Suricata <code>Rules</code> format, see
|
|
1765
|
-
* <a href="https://suricata.readthedocs.
|
|
1758
|
+
* <a href="https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html">Rules Format</a>. </p>
|
|
1766
1759
|
*/
|
|
1767
1760
|
StatefulRules?: StatefulRule[];
|
|
1768
1761
|
/**
|
|
@@ -2161,7 +2154,7 @@ export interface ServerCertificateConfiguration {
|
|
|
2161
2154
|
* @public
|
|
2162
2155
|
* <p>The object that defines a TLS inspection configuration. This, along with <a>TLSInspectionConfigurationResponse</a>, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling <a>DescribeTLSInspectionConfiguration</a>. </p>
|
|
2163
2156
|
* <p>Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.</p>
|
|
2164
|
-
* <p>To use a TLS inspection configuration, you add it to a Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Decrypting SSL/TLS traffic with TLS
|
|
2157
|
+
* <p>To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Decrypting SSL/TLS traffic with TLS
|
|
2165
2158
|
* inspection configurations</a> in the <i>Network Firewall Developer Guide</i>.</p>
|
|
2166
2159
|
*/
|
|
2167
2160
|
export interface TLSInspectionConfiguration {
|
|
@@ -2184,7 +2177,7 @@ export interface CreateTLSInspectionConfigurationRequest {
|
|
|
2184
2177
|
* @public
|
|
2185
2178
|
* <p>The object that defines a TLS inspection configuration. This, along with <a>TLSInspectionConfigurationResponse</a>, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling <a>DescribeTLSInspectionConfiguration</a>. </p>
|
|
2186
2179
|
* <p>Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.</p>
|
|
2187
|
-
* <p>To use a TLS inspection configuration, you add it to a Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Decrypting SSL/TLS traffic with TLS
|
|
2180
|
+
* <p>To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Decrypting SSL/TLS traffic with TLS
|
|
2188
2181
|
* inspection configurations</a> in the <i>Network Firewall Developer Guide</i>.</p>
|
|
2189
2182
|
*/
|
|
2190
2183
|
TLSInspectionConfiguration: TLSInspectionConfiguration | undefined;
|
|
@@ -2827,7 +2820,7 @@ export interface DescribeTLSInspectionConfigurationResponse {
|
|
|
2827
2820
|
* @public
|
|
2828
2821
|
* <p>The object that defines a TLS inspection configuration. This, along with <a>TLSInspectionConfigurationResponse</a>, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling <a>DescribeTLSInspectionConfiguration</a>. </p>
|
|
2829
2822
|
* <p>Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.</p>
|
|
2830
|
-
* <p>To use a TLS inspection configuration, you add it to a Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Decrypting SSL/TLS traffic with TLS
|
|
2823
|
+
* <p>To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Decrypting SSL/TLS traffic with TLS
|
|
2831
2824
|
* inspection configurations</a> in the <i>Network Firewall Developer Guide</i>.</p>
|
|
2832
2825
|
*/
|
|
2833
2826
|
TLSInspectionConfiguration?: TLSInspectionConfiguration;
|
|
@@ -3503,7 +3496,7 @@ export interface UpdateFirewallPolicyRequest {
|
|
|
3503
3496
|
FirewallPolicyName?: string;
|
|
3504
3497
|
/**
|
|
3505
3498
|
* @public
|
|
3506
|
-
* <p>The updated firewall policy to use for the firewall. </p>
|
|
3499
|
+
* <p>The updated firewall policy to use for the firewall. You can't add or remove a <a>TLSInspectionConfiguration</a> after you create a firewall policy. However, you can replace an existing TLS inspection configuration with another <code>TLSInspectionConfiguration</code>.</p>
|
|
3507
3500
|
*/
|
|
3508
3501
|
FirewallPolicy: FirewallPolicy | undefined;
|
|
3509
3502
|
/**
|
|
@@ -3816,7 +3809,7 @@ export interface UpdateTLSInspectionConfigurationRequest {
|
|
|
3816
3809
|
* @public
|
|
3817
3810
|
* <p>The object that defines a TLS inspection configuration. This, along with <a>TLSInspectionConfigurationResponse</a>, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling <a>DescribeTLSInspectionConfiguration</a>. </p>
|
|
3818
3811
|
* <p>Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.</p>
|
|
3819
|
-
* <p>To use a TLS inspection configuration, you add it to a Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Decrypting SSL/TLS traffic with TLS
|
|
3812
|
+
* <p>To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Decrypting SSL/TLS traffic with TLS
|
|
3820
3813
|
* inspection configurations</a> in the <i>Network Firewall Developer Guide</i>.</p>
|
|
3821
3814
|
*/
|
|
3822
3815
|
TLSInspectionConfiguration: TLSInspectionConfiguration | undefined;
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { NetworkFirewallExtensionConfiguration } from "./extensionConfiguration";
|
|
2
2
|
/**
|
|
3
3
|
* @public
|
|
4
4
|
*/
|
|
5
5
|
export interface RuntimeExtension {
|
|
6
|
-
|
|
6
|
+
configure(clientConfiguration: NetworkFirewallExtensionConfiguration): void;
|
|
7
7
|
}
|
|
8
8
|
/**
|
|
9
9
|
* @public
|
|
@@ -1,8 +1,6 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { NetworkFirewallExtensionConfiguration } from "./extensionConfiguration";
|
|
2
2
|
export interface RuntimeExtension {
|
|
3
|
-
|
|
4
|
-
clientConfiguration: NetworkFirewallClientConfiguration
|
|
5
|
-
): void;
|
|
3
|
+
configure(clientConfiguration: NetworkFirewallExtensionConfiguration): void;
|
|
6
4
|
}
|
|
7
5
|
export interface RuntimeExtensionsConfig {
|
|
8
6
|
extensions: RuntimeExtension[];
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/client-network-firewall",
|
|
3
3
|
"description": "AWS SDK for JavaScript Network Firewall Client for Node.js, Browser and React Native",
|
|
4
|
-
"version": "3.
|
|
4
|
+
"version": "3.403.0",
|
|
5
5
|
"scripts": {
|
|
6
6
|
"build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
|
|
7
7
|
"build:cjs": "tsc -p tsconfig.cjs.json",
|
|
@@ -21,37 +21,37 @@
|
|
|
21
21
|
"dependencies": {
|
|
22
22
|
"@aws-crypto/sha256-browser": "3.0.0",
|
|
23
23
|
"@aws-crypto/sha256-js": "3.0.0",
|
|
24
|
-
"@aws-sdk/client-sts": "3.
|
|
25
|
-
"@aws-sdk/credential-provider-node": "3.
|
|
26
|
-
"@aws-sdk/middleware-host-header": "3.
|
|
27
|
-
"@aws-sdk/middleware-logger": "3.
|
|
28
|
-
"@aws-sdk/middleware-recursion-detection": "3.
|
|
29
|
-
"@aws-sdk/middleware-signing": "3.
|
|
30
|
-
"@aws-sdk/middleware-user-agent": "3.
|
|
31
|
-
"@aws-sdk/types": "3.
|
|
32
|
-
"@aws-sdk/util-endpoints": "3.
|
|
33
|
-
"@aws-sdk/util-user-agent-browser": "3.
|
|
34
|
-
"@aws-sdk/util-user-agent-node": "3.
|
|
35
|
-
"@smithy/config-resolver": "^2.0.
|
|
36
|
-
"@smithy/fetch-http-handler": "^2.0.
|
|
37
|
-
"@smithy/hash-node": "^2.0.
|
|
38
|
-
"@smithy/invalid-dependency": "^2.0.
|
|
39
|
-
"@smithy/middleware-content-length": "^2.0.
|
|
40
|
-
"@smithy/middleware-endpoint": "^2.0.
|
|
41
|
-
"@smithy/middleware-retry": "^2.0.
|
|
42
|
-
"@smithy/middleware-serde": "^2.0.
|
|
24
|
+
"@aws-sdk/client-sts": "3.398.0",
|
|
25
|
+
"@aws-sdk/credential-provider-node": "3.398.0",
|
|
26
|
+
"@aws-sdk/middleware-host-header": "3.398.0",
|
|
27
|
+
"@aws-sdk/middleware-logger": "3.398.0",
|
|
28
|
+
"@aws-sdk/middleware-recursion-detection": "3.398.0",
|
|
29
|
+
"@aws-sdk/middleware-signing": "3.398.0",
|
|
30
|
+
"@aws-sdk/middleware-user-agent": "3.398.0",
|
|
31
|
+
"@aws-sdk/types": "3.398.0",
|
|
32
|
+
"@aws-sdk/util-endpoints": "3.398.0",
|
|
33
|
+
"@aws-sdk/util-user-agent-browser": "3.398.0",
|
|
34
|
+
"@aws-sdk/util-user-agent-node": "3.398.0",
|
|
35
|
+
"@smithy/config-resolver": "^2.0.5",
|
|
36
|
+
"@smithy/fetch-http-handler": "^2.0.5",
|
|
37
|
+
"@smithy/hash-node": "^2.0.5",
|
|
38
|
+
"@smithy/invalid-dependency": "^2.0.5",
|
|
39
|
+
"@smithy/middleware-content-length": "^2.0.5",
|
|
40
|
+
"@smithy/middleware-endpoint": "^2.0.5",
|
|
41
|
+
"@smithy/middleware-retry": "^2.0.5",
|
|
42
|
+
"@smithy/middleware-serde": "^2.0.5",
|
|
43
43
|
"@smithy/middleware-stack": "^2.0.0",
|
|
44
|
-
"@smithy/node-config-provider": "^2.0.
|
|
45
|
-
"@smithy/node-http-handler": "^2.0.
|
|
46
|
-
"@smithy/protocol-http": "^2.0.
|
|
47
|
-
"@smithy/smithy-client": "^2.0.
|
|
48
|
-
"@smithy/types": "^2.2.
|
|
49
|
-
"@smithy/url-parser": "^2.0.
|
|
44
|
+
"@smithy/node-config-provider": "^2.0.5",
|
|
45
|
+
"@smithy/node-http-handler": "^2.0.5",
|
|
46
|
+
"@smithy/protocol-http": "^2.0.5",
|
|
47
|
+
"@smithy/smithy-client": "^2.0.5",
|
|
48
|
+
"@smithy/types": "^2.2.2",
|
|
49
|
+
"@smithy/url-parser": "^2.0.5",
|
|
50
50
|
"@smithy/util-base64": "^2.0.0",
|
|
51
51
|
"@smithy/util-body-length-browser": "^2.0.0",
|
|
52
|
-
"@smithy/util-body-length-node": "^2.
|
|
53
|
-
"@smithy/util-defaults-mode-browser": "^2.0.
|
|
54
|
-
"@smithy/util-defaults-mode-node": "^2.0.
|
|
52
|
+
"@smithy/util-body-length-node": "^2.1.0",
|
|
53
|
+
"@smithy/util-defaults-mode-browser": "^2.0.5",
|
|
54
|
+
"@smithy/util-defaults-mode-node": "^2.0.5",
|
|
55
55
|
"@smithy/util-retry": "^2.0.0",
|
|
56
56
|
"@smithy/util-utf8": "^2.0.0",
|
|
57
57
|
"tslib": "^2.5.0"
|
|
File without changes
|
|
File without changes
|