npm - @aws-sdk/client-network-firewall - Versions diffs - 3.436.0 → 3.438.0 - Mend

@aws-sdk/client-network-firewall 3.436.0 → 3.438.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

package/dist-cjs/endpoint/endpointResolver.js CHANGED Viewed

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.defaultEndpointResolver = void 0;
-const util_endpoints_1 = require("@aws-sdk/util-endpoints");
+const util_endpoints_1 = require("@smithy/util-endpoints");
 const ruleset_1 = require("./ruleset");
 const defaultEndpointResolver = (endpointParams, context = {}) => {
     return (0, util_endpoints_1.resolveEndpoint)(ruleset_1.ruleSet, {

package/dist-cjs/index.js CHANGED Viewed

@@ -7,5 +7,6 @@ tslib_1.__exportStar(require("./NetworkFirewall"), exports);
 tslib_1.__exportStar(require("./commands"), exports);
 tslib_1.__exportStar(require("./pagination"), exports);
 tslib_1.__exportStar(require("./models"), exports);
+require("@aws-sdk/util-endpoints");
 var NetworkFirewallServiceException_1 = require("./models/NetworkFirewallServiceException");
 Object.defineProperty(exports, "NetworkFirewallServiceException", { enumerable: true, get: function () { return NetworkFirewallServiceException_1.NetworkFirewallServiceException; } });

package/dist-cjs/models/models_0.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ResourceOwnerCheckException = exports.LogDestinationPermissionException = exports.ResourceManagedStatus = exports.ResourceManagedType = exports.LogType = exports.LogDestinationType = exports.InvalidResourcePolicyException = exports.UnsupportedOperationException = exports.RuleGroupType = exports.TCPFlag = exports.StatefulRuleProtocol = exports.StatefulRuleDirection = exports.StatefulAction = exports.TargetType = exports.GeneratedRulesType = exports.ResourceStatus = exports.OverrideAction = exports.StreamExceptionPolicy = exports.RuleOrder = exports.LimitExceededException = exports.PerObjectSyncStatus = exports.FirewallStatusValue = exports.EncryptionType = exports.ConfigurationSyncState = exports.AttachmentStatus = exports.InsufficientCapacityException = exports.IPAddressType = exports.ThrottlingException = exports.ResourceNotFoundException = exports.InvalidTokenException = exports.InvalidRequestException = exports.InvalidOperationException = exports.InternalServerError = void 0;
+exports.ResourceOwnerCheckException = exports.LogDestinationPermissionException = exports.ResourceManagedStatus = exports.ResourceManagedType = exports.LogType = exports.LogDestinationType = exports.InvalidResourcePolicyException = exports.UnsupportedOperationException = exports.RuleGroupType = exports.TCPFlag = exports.StatefulRuleProtocol = exports.StatefulRuleDirection = exports.StatefulAction = exports.TargetType = exports.GeneratedRulesType = exports.ResourceStatus = exports.OverrideAction = exports.StreamExceptionPolicy = exports.RuleOrder = exports.LimitExceededException = exports.PerObjectSyncStatus = exports.FirewallStatusValue = exports.EncryptionType = exports.ConfigurationSyncState = exports.RevocationCheckAction = exports.AttachmentStatus = exports.InsufficientCapacityException = exports.IPAddressType = exports.ThrottlingException = exports.ResourceNotFoundException = exports.InvalidTokenException = exports.InvalidRequestException = exports.InvalidOperationException = exports.InternalServerError = void 0;
 const NetworkFirewallServiceException_1 = require("./NetworkFirewallServiceException");
 class InternalServerError extends NetworkFirewallServiceException_1.NetworkFirewallServiceException {
     constructor(opts) {
@@ -113,6 +113,11 @@ exports.AttachmentStatus = {
     READY: "READY",
     SCALING: "SCALING",
 };
+exports.RevocationCheckAction = {
+    DROP: "DROP",
+    PASS: "PASS",
+    REJECT: "REJECT",
+};
 exports.ConfigurationSyncState = {
     CAPACITY_CONSTRAINED: "CAPACITY_CONSTRAINED",
     IN_SYNC: "IN_SYNC",
@@ -161,6 +166,7 @@ exports.OverrideAction = {
 exports.ResourceStatus = {
     ACTIVE: "ACTIVE",
     DELETING: "DELETING",
+    ERROR: "ERROR",
 };
 exports.GeneratedRulesType = {
     ALLOWLIST: "ALLOWLIST",

package/dist-cjs/protocols/Aws_json1_0.js CHANGED Viewed

@@ -2099,6 +2099,7 @@ const de_RuleGroupResponse = (output, context) => {
 };
 const de_TLSInspectionConfigurationResponse = (output, context) => {
     return (0, smithy_client_1.take)(output, {
+        CertificateAuthority: smithy_client_1._json,
         Certificates: smithy_client_1._json,
         Description: smithy_client_1.expectString,
         EncryptionConfiguration: smithy_client_1._json,

package/dist-es/endpoint/endpointResolver.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { resolveEndpoint } from "@aws-sdk/util-endpoints";
+import { resolveEndpoint } from "@smithy/util-endpoints";
 import { ruleSet } from "./ruleset";
 export const defaultEndpointResolver = (endpointParams, context = {}) => {
     return resolveEndpoint(ruleSet, {

package/dist-es/index.js CHANGED Viewed

@@ -3,4 +3,5 @@ export * from "./NetworkFirewall";
 export * from "./commands";
 export * from "./pagination";
 export * from "./models";
+import "@aws-sdk/util-endpoints";
 export { NetworkFirewallServiceException } from "./models/NetworkFirewallServiceException";

package/dist-es/models/models_0.js CHANGED Viewed

@@ -103,6 +103,11 @@ export const AttachmentStatus = {
     READY: "READY",
     SCALING: "SCALING",
 };
+export const RevocationCheckAction = {
+    DROP: "DROP",
+    PASS: "PASS",
+    REJECT: "REJECT",
+};
 export const ConfigurationSyncState = {
     CAPACITY_CONSTRAINED: "CAPACITY_CONSTRAINED",
     IN_SYNC: "IN_SYNC",
@@ -150,6 +155,7 @@ export const OverrideAction = {
 export const ResourceStatus = {
     ACTIVE: "ACTIVE",
     DELETING: "DELETING",
+    ERROR: "ERROR",
 };
 export const GeneratedRulesType = {
     ALLOWLIST: "ALLOWLIST",

package/dist-es/protocols/Aws_json1_0.js CHANGED Viewed

@@ -2023,6 +2023,7 @@ const de_RuleGroupResponse = (output, context) => {
 };
 const de_TLSInspectionConfigurationResponse = (output, context) => {
     return take(output, {
+        CertificateAuthority: _json,
         Certificates: _json,
         Description: __expectString,
         EncryptionConfiguration: _json,

package/dist-types/commands/AssociateFirewallPolicyCommand.d.ts CHANGED Viewed

@@ -58,7 +58,7 @@ export interface AssociateFirewallPolicyCommandOutput extends AssociateFirewallP
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidOperationException} (client fault)

package/dist-types/commands/AssociateSubnetsCommand.d.ts CHANGED Viewed

@@ -73,7 +73,7 @@ export interface AssociateSubnetsCommandOutput extends AssociateSubnetsResponse,
  *          request later. </p>
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidOperationException} (client fault)

package/dist-types/commands/CreateFirewallCommand.d.ts CHANGED Viewed

@@ -137,7 +137,7 @@ export interface CreateFirewallCommandOutput extends CreateFirewallResponse, __M
  *          request later. </p>
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidOperationException} (client fault)

package/dist-types/commands/CreateFirewallPolicyCommand.d.ts CHANGED Viewed

@@ -111,7 +111,7 @@ export interface CreateFirewallPolicyCommandOutput extends CreateFirewallPolicyR
  * //     FirewallPolicyArn: "STRING_VALUE", // required
  * //     FirewallPolicyId: "STRING_VALUE", // required
  * //     Description: "STRING_VALUE",
- * //     FirewallPolicyStatus: "ACTIVE" || "DELETING",
+ * //     FirewallPolicyStatus: "ACTIVE" || "DELETING" || "ERROR",
  * //     Tags: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE", // required
@@ -142,7 +142,7 @@ export interface CreateFirewallPolicyCommandOutput extends CreateFirewallPolicyR
  *          request later. </p>
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/CreateRuleGroupCommand.d.ts CHANGED Viewed

@@ -190,7 +190,7 @@ export interface CreateRuleGroupCommandOutput extends CreateRuleGroupResponse, _
  * //     Description: "STRING_VALUE",
  * //     Type: "STATELESS" || "STATEFUL",
  * //     Capacity: Number("int"),
- * //     RuleGroupStatus: "ACTIVE" || "DELETING",
+ * //     RuleGroupStatus: "ACTIVE" || "DELETING" || "ERROR",
  * //     Tags: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE", // required
@@ -225,7 +225,7 @@ export interface CreateRuleGroupCommandOutput extends CreateRuleGroupResponse, _
  *          request later. </p>
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/CreateTLSInspectionConfigurationCommand.d.ts CHANGED Viewed

@@ -23,13 +23,13 @@ export interface CreateTLSInspectionConfigurationCommandOutput extends CreateTLS
 }
 /**
  * @public
- * <p>Creates an Network Firewall TLS inspection configuration. A TLS inspection configuration contains the Certificate Manager certificate references that Network Firewall uses to decrypt and re-encrypt inbound traffic.</p>
- *          <p>After you create a TLS inspection configuration, you associate it with a new firewall policy.</p>
+ * <p>Creates an Network Firewall TLS inspection configuration. A TLS inspection configuration contains the Certificate Manager certificate associations that Network Firewall uses to decrypt and re-encrypt traffic traveling through your firewall.</p>
+ *          <p>After you create a TLS inspection configuration, you can associate it with a new firewall policy.</p>
  *          <p>To update the settings for a TLS inspection configuration, use <a>UpdateTLSInspectionConfiguration</a>.</p>
  *          <p>To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, <a>ListTagsForResource</a>, <a>TagResource</a>, and <a>UntagResource</a>.</p>
  *          <p>To retrieve information about TLS inspection configurations, use <a>ListTLSInspectionConfigurations</a> and <a>DescribeTLSInspectionConfiguration</a>.</p>
  *          <p>
- *               For more information about TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Decrypting SSL/TLS traffic with TLS
+ *               For more information about TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Inspecting SSL/TLS traffic with TLS
  * inspection configurations</a> in the <i>Network Firewall Developer Guide</i>.
  *             </p>
  * @example
@@ -77,6 +77,11 @@ export interface CreateTLSInspectionConfigurationCommandOutput extends CreateTLS
  *             ],
  *           },
  *         ],
+ *         CertificateAuthorityArn: "STRING_VALUE",
+ *         CheckCertificateRevocationStatus: { // CheckCertificateRevocationStatusActions
+ *           RevokedStatusAction: "PASS" || "DROP" || "REJECT",
+ *           UnknownStatusAction: "PASS" || "DROP" || "REJECT",
+ *         },
  *       },
  *     ],
  *   },
@@ -100,7 +105,7 @@ export interface CreateTLSInspectionConfigurationCommandOutput extends CreateTLS
  * //     TLSInspectionConfigurationArn: "STRING_VALUE", // required
  * //     TLSInspectionConfigurationName: "STRING_VALUE", // required
  * //     TLSInspectionConfigurationId: "STRING_VALUE", // required
- * //     TLSInspectionConfigurationStatus: "ACTIVE" || "DELETING",
+ * //     TLSInspectionConfigurationStatus: "ACTIVE" || "DELETING" || "ERROR",
  * //     Description: "STRING_VALUE",
  * //     Tags: [ // TagList
  * //       { // Tag
@@ -122,6 +127,12 @@ export interface CreateTLSInspectionConfigurationCommandOutput extends CreateTLS
  * //         StatusMessage: "STRING_VALUE",
  * //       },
  * //     ],
+ * //     CertificateAuthority: {
+ * //       CertificateArn: "STRING_VALUE",
+ * //       CertificateSerial: "STRING_VALUE",
+ * //       Status: "STRING_VALUE",
+ * //       StatusMessage: "STRING_VALUE",
+ * //     },
  * //   },
  * // };
  *
@@ -138,7 +149,7 @@ export interface CreateTLSInspectionConfigurationCommandOutput extends CreateTLS
  *          request later. </p>
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/DeleteFirewallCommand.d.ts CHANGED Viewed

@@ -116,7 +116,7 @@ export interface DeleteFirewallCommandOutput extends DeleteFirewallResponse, __M
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidOperationException} (client fault)

package/dist-types/commands/DeleteFirewallPolicyCommand.d.ts CHANGED Viewed

@@ -42,7 +42,7 @@ export interface DeleteFirewallPolicyCommandOutput extends DeleteFirewallPolicyR
  * //     FirewallPolicyArn: "STRING_VALUE", // required
  * //     FirewallPolicyId: "STRING_VALUE", // required
  * //     Description: "STRING_VALUE",
- * //     FirewallPolicyStatus: "ACTIVE" || "DELETING",
+ * //     FirewallPolicyStatus: "ACTIVE" || "DELETING" || "ERROR",
  * //     Tags: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE", // required
@@ -69,7 +69,7 @@ export interface DeleteFirewallPolicyCommandOutput extends DeleteFirewallPolicyR
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidOperationException} (client fault)

package/dist-types/commands/DeleteResourcePolicyCommand.d.ts CHANGED Viewed

@@ -46,7 +46,7 @@ export interface DeleteResourcePolicyCommandOutput extends DeleteResourcePolicyR
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/DeleteRuleGroupCommand.d.ts CHANGED Viewed

@@ -45,7 +45,7 @@ export interface DeleteRuleGroupCommandOutput extends DeleteRuleGroupResponse, _
  * //     Description: "STRING_VALUE",
  * //     Type: "STATELESS" || "STATEFUL",
  * //     Capacity: Number("int"),
- * //     RuleGroupStatus: "ACTIVE" || "DELETING",
+ * //     RuleGroupStatus: "ACTIVE" || "DELETING" || "ERROR",
  * //     Tags: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE", // required
@@ -76,7 +76,7 @@ export interface DeleteRuleGroupCommandOutput extends DeleteRuleGroupResponse, _
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidOperationException} (client fault)

package/dist-types/commands/DeleteTLSInspectionConfigurationCommand.d.ts CHANGED Viewed

@@ -41,7 +41,7 @@ export interface DeleteTLSInspectionConfigurationCommandOutput extends DeleteTLS
  * //     TLSInspectionConfigurationArn: "STRING_VALUE", // required
  * //     TLSInspectionConfigurationName: "STRING_VALUE", // required
  * //     TLSInspectionConfigurationId: "STRING_VALUE", // required
- * //     TLSInspectionConfigurationStatus: "ACTIVE" || "DELETING",
+ * //     TLSInspectionConfigurationStatus: "ACTIVE" || "DELETING" || "ERROR",
  * //     Description: "STRING_VALUE",
  * //     Tags: [ // TagList
  * //       { // Tag
@@ -63,6 +63,12 @@ export interface DeleteTLSInspectionConfigurationCommandOutput extends DeleteTLS
  * //         StatusMessage: "STRING_VALUE",
  * //       },
  * //     ],
+ * //     CertificateAuthority: {
+ * //       CertificateArn: "STRING_VALUE",
+ * //       CertificateSerial: "STRING_VALUE",
+ * //       Status: "STRING_VALUE",
+ * //       StatusMessage: "STRING_VALUE",
+ * //     },
  * //   },
  * // };
  *
@@ -75,7 +81,7 @@ export interface DeleteTLSInspectionConfigurationCommandOutput extends DeleteTLS
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidOperationException} (client fault)

package/dist-types/commands/DescribeFirewallCommand.d.ts CHANGED Viewed

@@ -107,7 +107,7 @@ export interface DescribeFirewallCommandOutput extends DescribeFirewallResponse,
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/DescribeFirewallPolicyCommand.d.ts CHANGED Viewed

@@ -43,7 +43,7 @@ export interface DescribeFirewallPolicyCommandOutput extends DescribeFirewallPol
  * //     FirewallPolicyArn: "STRING_VALUE", // required
  * //     FirewallPolicyId: "STRING_VALUE", // required
  * //     Description: "STRING_VALUE",
- * //     FirewallPolicyStatus: "ACTIVE" || "DELETING",
+ * //     FirewallPolicyStatus: "ACTIVE" || "DELETING" || "ERROR",
  * //     Tags: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE", // required
@@ -124,7 +124,7 @@ export interface DescribeFirewallPolicyCommandOutput extends DescribeFirewallPol
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/DescribeLoggingConfigurationCommand.d.ts CHANGED Viewed

@@ -60,7 +60,7 @@ export interface DescribeLoggingConfigurationCommandOutput extends DescribeLoggi
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/DescribeResourcePolicyCommand.d.ts CHANGED Viewed

@@ -48,7 +48,7 @@ export interface DescribeResourcePolicyCommandOutput extends DescribeResourcePol
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/DescribeRuleGroupCommand.d.ts CHANGED Viewed

@@ -170,7 +170,7 @@ export interface DescribeRuleGroupCommandOutput extends DescribeRuleGroupRespons
  * //     Description: "STRING_VALUE",
  * //     Type: "STATELESS" || "STATEFUL",
  * //     Capacity: Number("int"),
- * //     RuleGroupStatus: "ACTIVE" || "DELETING",
+ * //     RuleGroupStatus: "ACTIVE" || "DELETING" || "ERROR",
  * //     Tags: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE", // required
@@ -201,7 +201,7 @@ export interface DescribeRuleGroupCommandOutput extends DescribeRuleGroupRespons
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/DescribeRuleGroupMetadataCommand.d.ts CHANGED Viewed

@@ -61,7 +61,7 @@ export interface DescribeRuleGroupMetadataCommandOutput extends DescribeRuleGrou
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/DescribeTLSInspectionConfigurationCommand.d.ts CHANGED Viewed

@@ -75,6 +75,11 @@ export interface DescribeTLSInspectionConfigurationCommandOutput extends Describ
  * //             ],
  * //           },
  * //         ],
+ * //         CertificateAuthorityArn: "STRING_VALUE",
+ * //         CheckCertificateRevocationStatus: { // CheckCertificateRevocationStatusActions
+ * //           RevokedStatusAction: "PASS" || "DROP" || "REJECT",
+ * //           UnknownStatusAction: "PASS" || "DROP" || "REJECT",
+ * //         },
  * //       },
  * //     ],
  * //   },
@@ -82,7 +87,7 @@ export interface DescribeTLSInspectionConfigurationCommandOutput extends Describ
  * //     TLSInspectionConfigurationArn: "STRING_VALUE", // required
  * //     TLSInspectionConfigurationName: "STRING_VALUE", // required
  * //     TLSInspectionConfigurationId: "STRING_VALUE", // required
- * //     TLSInspectionConfigurationStatus: "ACTIVE" || "DELETING",
+ * //     TLSInspectionConfigurationStatus: "ACTIVE" || "DELETING" || "ERROR",
  * //     Description: "STRING_VALUE",
  * //     Tags: [ // TagList
  * //       { // Tag
@@ -104,6 +109,12 @@ export interface DescribeTLSInspectionConfigurationCommandOutput extends Describ
  * //         StatusMessage: "STRING_VALUE",
  * //       },
  * //     ],
+ * //     CertificateAuthority: {
+ * //       CertificateArn: "STRING_VALUE",
+ * //       CertificateSerial: "STRING_VALUE",
+ * //       Status: "STRING_VALUE",
+ * //       StatusMessage: "STRING_VALUE",
+ * //     },
  * //   },
  * // };
  *
@@ -116,7 +127,7 @@ export interface DescribeTLSInspectionConfigurationCommandOutput extends Describ
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/DisassociateSubnetsCommand.d.ts CHANGED Viewed

@@ -64,7 +64,7 @@ export interface DisassociateSubnetsCommandOutput extends DisassociateSubnetsRes
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidOperationException} (client fault)

package/dist-types/commands/ListFirewallPoliciesCommand.d.ts CHANGED Viewed

@@ -57,7 +57,7 @@ export interface ListFirewallPoliciesCommandOutput extends ListFirewallPoliciesR
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/ListFirewallsCommand.d.ts CHANGED Viewed

@@ -61,7 +61,7 @@ export interface ListFirewallsCommandOutput extends ListFirewallsResponse, __Met
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/ListRuleGroupsCommand.d.ts CHANGED Viewed

@@ -60,7 +60,7 @@ export interface ListRuleGroupsCommandOutput extends ListRuleGroupsResponse, __M
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/ListTLSInspectionConfigurationsCommand.d.ts CHANGED Viewed

@@ -55,7 +55,7 @@ export interface ListTLSInspectionConfigurationsCommandOutput extends ListTLSIns
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/ListTagsForResourceCommand.d.ts CHANGED Viewed

@@ -62,7 +62,7 @@ export interface ListTagsForResourceCommandOutput extends ListTagsForResourceRes
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/PutResourcePolicyCommand.d.ts CHANGED Viewed

@@ -61,7 +61,7 @@ export interface PutResourcePolicyCommandOutput extends PutResourcePolicyRespons
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/TagResourceCommand.d.ts CHANGED Viewed

@@ -57,7 +57,7 @@ export interface TagResourceCommandOutput extends TagResourceResponse, __Metadat
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/UntagResourceCommand.d.ts CHANGED Viewed

@@ -55,7 +55,7 @@ export interface UntagResourceCommandOutput extends UntagResourceResponse, __Met
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/UpdateFirewallDeleteProtectionCommand.d.ts CHANGED Viewed

@@ -57,7 +57,7 @@ export interface UpdateFirewallDeleteProtectionCommandOutput extends UpdateFirew
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/UpdateFirewallDescriptionCommand.d.ts CHANGED Viewed

@@ -55,7 +55,7 @@ export interface UpdateFirewallDescriptionCommandOutput extends UpdateFirewallDe
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/UpdateFirewallEncryptionConfigurationCommand.d.ts CHANGED Viewed

@@ -60,7 +60,7 @@ export interface UpdateFirewallEncryptionConfigurationCommandOutput extends Upda
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/UpdateFirewallPolicyChangeProtectionCommand.d.ts CHANGED Viewed

@@ -56,7 +56,7 @@ export interface UpdateFirewallPolicyChangeProtectionCommandOutput extends Updat
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/UpdateFirewallPolicyCommand.d.ts CHANGED Viewed

@@ -104,7 +104,7 @@ export interface UpdateFirewallPolicyCommandOutput extends UpdateFirewallPolicyR
  * //     FirewallPolicyArn: "STRING_VALUE", // required
  * //     FirewallPolicyId: "STRING_VALUE", // required
  * //     Description: "STRING_VALUE",
- * //     FirewallPolicyStatus: "ACTIVE" || "DELETING",
+ * //     FirewallPolicyStatus: "ACTIVE" || "DELETING" || "ERROR",
  * //     Tags: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE", // required
@@ -131,7 +131,7 @@ export interface UpdateFirewallPolicyCommandOutput extends UpdateFirewallPolicyR
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/UpdateLoggingConfigurationCommand.d.ts CHANGED Viewed

@@ -97,7 +97,7 @@ export interface UpdateLoggingConfigurationCommandOutput extends UpdateLoggingCo
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/UpdateRuleGroupCommand.d.ts CHANGED Viewed

@@ -187,7 +187,7 @@ export interface UpdateRuleGroupCommandOutput extends UpdateRuleGroupResponse, _
  * //     Description: "STRING_VALUE",
  * //     Type: "STATELESS" || "STATEFUL",
  * //     Capacity: Number("int"),
- * //     RuleGroupStatus: "ACTIVE" || "DELETING",
+ * //     RuleGroupStatus: "ACTIVE" || "DELETING" || "ERROR",
  * //     Tags: [ // TagList
  * //       { // Tag
  * //         Key: "STRING_VALUE", // required
@@ -218,7 +218,7 @@ export interface UpdateRuleGroupCommandOutput extends UpdateRuleGroupResponse, _
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/UpdateSubnetChangeProtectionCommand.d.ts CHANGED Viewed

@@ -54,7 +54,7 @@ export interface UpdateSubnetChangeProtectionCommandOutput extends UpdateSubnetC
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/commands/UpdateTLSInspectionConfigurationCommand.d.ts CHANGED Viewed

@@ -24,7 +24,7 @@ export interface UpdateTLSInspectionConfigurationCommandOutput extends UpdateTLS
 /**
  * @public
  * <p>Updates the TLS inspection configuration settings for the specified TLS inspection configuration. You use a TLS inspection configuration by
- *         reference in one or more firewall policies. When you modify a TLS inspection configuration, you modify all
+ *         referencing it in one or more firewall policies. When you modify a TLS inspection configuration, you modify all
  *         firewall policies that use the TLS inspection configuration. </p>
  *          <p>To update a TLS inspection configuration, first call <a>DescribeTLSInspectionConfiguration</a> to retrieve the
  *         current <a>TLSInspectionConfiguration</a> object, update the object as needed, and then provide
@@ -75,6 +75,11 @@ export interface UpdateTLSInspectionConfigurationCommandOutput extends UpdateTLS
  *             ],
  *           },
  *         ],
+ *         CertificateAuthorityArn: "STRING_VALUE",
+ *         CheckCertificateRevocationStatus: { // CheckCertificateRevocationStatusActions
+ *           RevokedStatusAction: "PASS" || "DROP" || "REJECT",
+ *           UnknownStatusAction: "PASS" || "DROP" || "REJECT",
+ *         },
  *       },
  *     ],
  *   },
@@ -93,7 +98,7 @@ export interface UpdateTLSInspectionConfigurationCommandOutput extends UpdateTLS
  * //     TLSInspectionConfigurationArn: "STRING_VALUE", // required
  * //     TLSInspectionConfigurationName: "STRING_VALUE", // required
  * //     TLSInspectionConfigurationId: "STRING_VALUE", // required
- * //     TLSInspectionConfigurationStatus: "ACTIVE" || "DELETING",
+ * //     TLSInspectionConfigurationStatus: "ACTIVE" || "DELETING" || "ERROR",
  * //     Description: "STRING_VALUE",
  * //     Tags: [ // TagList
  * //       { // Tag
@@ -115,6 +120,12 @@ export interface UpdateTLSInspectionConfigurationCommandOutput extends UpdateTLS
  * //         StatusMessage: "STRING_VALUE",
  * //       },
  * //     ],
+ * //     CertificateAuthority: {
+ * //       CertificateArn: "STRING_VALUE",
+ * //       CertificateSerial: "STRING_VALUE",
+ * //       Status: "STRING_VALUE",
+ * //       StatusMessage: "STRING_VALUE",
+ * //     },
  * //   },
  * // };
  *
@@ -127,7 +138,7 @@ export interface UpdateTLSInspectionConfigurationCommandOutput extends UpdateTLS
  * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
  *
  * @throws {@link InternalServerError} (server fault)
- *  <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  *
  * @throws {@link InvalidRequestException} (client fault)

package/dist-types/index.d.ts CHANGED Viewed

@@ -86,4 +86,5 @@ export { ClientInputEndpointParameters } from "./endpoint/EndpointParameters";
 export * from "./commands";
 export * from "./pagination";
 export * from "./models";
+import "@aws-sdk/util-endpoints";
 export { NetworkFirewallServiceException } from "./models/NetworkFirewallServiceException";

package/dist-types/models/models_0.d.ts CHANGED Viewed

@@ -133,7 +133,7 @@ export interface AssociateFirewallPolicyResponse {
 }
 /**
  * @public
- * <p>Your request is valid, but Network Firewall couldn’t perform the operation because of a
+ * <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
  *          system problem. Retry your request. </p>
  */
 export declare class InternalServerError extends __BaseException {
@@ -446,6 +446,63 @@ export interface TlsCertificateData {
      */
     StatusMessage?: string;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const RevocationCheckAction: {
+    readonly DROP: "DROP";
+    readonly PASS: "PASS";
+    readonly REJECT: "REJECT";
+};
+/**
+ * @public
+ */
+export type RevocationCheckAction = (typeof RevocationCheckAction)[keyof typeof RevocationCheckAction];
+/**
+ * @public
+ * <p>Defines the actions to take on the SSL/TLS connection if the certificate presented by the server in the connection has a revoked or unknown status.</p>
+ */
+export interface CheckCertificateRevocationStatusActions {
+    /**
+     * @public
+     * <p>Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has a revoked status.</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <b>PASS</b> - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>DROP</b> - Network Firewall fails closed and drops all subsequent traffic.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>REJECT</b> - Network Firewall sends a TCP reject packet back to your client so that the client can immediately establish a new session. Network Firewall then fails closed and drops all subsequent traffic. <code>REJECT</code> is available only for TCP traffic.</p>
+     *             </li>
+     *          </ul>
+     */
+    RevokedStatusAction?: RevocationCheckAction;
+    /**
+     * @public
+     * <p>Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has an unknown status, or a status that cannot be determined for any other reason, including when the service is unable to connect to the OCSP and CRL endpoints for the certificate.</p>
+     *          <ul>
+     *             <li>
+     *                <p>
+     *                   <b>PASS</b> - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>DROP</b> - Network Firewall fails closed and drops all subsequent traffic.</p>
+     *             </li>
+     *             <li>
+     *                <p>
+     *                   <b>REJECT</b> - Network Firewall sends a TCP reject packet back to your client so that the client can immediately establish a new session. Network Firewall then fails closed and drops all subsequent traffic. <code>REJECT</code> is available only for TCP traffic. </p>
+     *             </li>
+     *          </ul>
+     */
+    UnknownStatusAction?: RevocationCheckAction;
+}
 /**
  * @public
  * @enum
@@ -1141,6 +1198,7 @@ export interface CreateFirewallPolicyRequest {
 export declare const ResourceStatus: {
     readonly ACTIVE: "ACTIVE";
     readonly DELETING: "DELETING";
+    readonly ERROR: "ERROR";
 };
 /**
  * @public
@@ -2122,18 +2180,18 @@ export interface ServerCertificateScope {
 }
 /**
  * @public
- * <p>Any Certificate Manager Secure Sockets Layer/Transport Layer Security (SSL/TLS) server certificate that's associated with a <a>ServerCertificateConfiguration</a> used in a <a>TLSInspectionConfiguration</a>. You must request or import a SSL/TLS certificate into ACM for each domain Network Firewall needs to decrypt and inspect. Network Firewall uses the SSL/TLS certificates to decrypt specified inbound SSL/TLS traffic going to your firewall. For information about working with certificates in Certificate Manager, see <a href="https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html">Request a public certificate </a> or <a href="https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html">Importing certificates</a> in the <i>Certificate Manager User Guide</i>.</p>
+ * <p>Any Certificate Manager (ACM) Secure Sockets Layer/Transport Layer Security (SSL/TLS) server certificate that's associated with a <a>ServerCertificateConfiguration</a>. Used in a <a>TLSInspectionConfiguration</a> for inspection of inbound traffic to your firewall. You must request or import a SSL/TLS certificate into ACM for each domain Network Firewall needs to decrypt and inspect. Network Firewall uses the SSL/TLS certificates to decrypt specified inbound SSL/TLS traffic going to your firewall. For information about working with certificates in Certificate Manager, see <a href="https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html">Request a public certificate </a> or <a href="https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html">Importing certificates</a> in the <i>Certificate Manager User Guide</i>.</p>
  */
 export interface ServerCertificate {
     /**
      * @public
-     * <p>The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS server certificate.</p>
+     * <p>The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.</p>
      */
     ResourceArn?: string;
 }
 /**
  * @public
- * <p>Configures the associated Certificate Manager Secure Sockets Layer/Transport Layer Security (SSL/TLS) server certificates and scope settings Network Firewall uses to decrypt traffic in a <a>TLSInspectionConfiguration</a>. For information about working with SSL/TLS certificates for TLS inspection, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html"> Requirements for using SSL/TLS server certficiates with TLS inspection configurations</a> in the <i>Network Firewall Developer Guide</i>.</p>
+ * <p>Configures the Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a <a>TLSInspectionConfiguration</a>. You can configure <code>ServerCertificates</code> for inbound SSL/TLS inspection, a <code>CertificateAuthorityArn</code> for outbound SSL/TLS inspection, or both. For information about working with certificates for TLS inspection, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html"> Requirements for using SSL/TLS server certficiates with TLS inspection configurations</a> in the <i>Network Firewall Developer Guide</i>.</p>
  *          <note>
  *             <p>If a server certificate that's associated with your <a>TLSInspectionConfiguration</a> is revoked, deleted, or expired it can result in client-side TLS errors.</p>
  *          </note>
@@ -2141,20 +2199,41 @@ export interface ServerCertificate {
 export interface ServerCertificateConfiguration {
     /**
      * @public
-     * <p>The list of a server certificate configuration's Certificate Manager SSL/TLS certificates.</p>
+     * <p>The list of a server certificate configuration's Certificate Manager certificates, used for inbound SSL/TLS inspection.</p>
      */
     ServerCertificates?: ServerCertificate[];
     /**
      * @public
-     * <p>A list of a server certificate configuration's scopes.</p>
+     * <p>A list of scopes.</p>
      */
     Scopes?: ServerCertificateScope[];
+    /**
+     * @public
+     * <p>The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate configured in Certificate Manager (ACM) to use for outbound SSL/TLS inspection.</p>
+     *          <p>The following limitations apply:</p>
+     *          <ul>
+     *             <li>
+     *                <p>You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.</p>
+     *             </li>
+     *             <li>
+     *                <p>You can't use certificates issued by Private Certificate Authority.</p>
+     *             </li>
+     *          </ul>
+     *          <p>For more information about the certificate requirements for outbound inspection, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html">Requirements for using SSL/TLS certificates with TLS inspection configurations</a> in the <i>Network Firewall Developer Guide</i>. </p>
+     *          <p>For information about working with certificates in ACM, see <a href="https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html">Importing certificates</a> in the <i>Certificate Manager User Guide</i>.</p>
+     */
+    CertificateAuthorityArn?: string;
+    /**
+     * @public
+     * <p>When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To use this option, you must specify a <code>CertificateAuthorityArn</code> in <a>ServerCertificateConfiguration</a>.</p>
+     */
+    CheckCertificateRevocationStatus?: CheckCertificateRevocationStatusActions;
 }
 /**
  * @public
  * <p>The object that defines a TLS inspection configuration. This, along with <a>TLSInspectionConfigurationResponse</a>, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling <a>DescribeTLSInspectionConfiguration</a>. </p>
  *          <p>Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.</p>
- *          <p>To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Decrypting SSL/TLS traffic with TLS
+ *          <p>To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Inspecting SSL/TLS traffic with TLS
  * inspection configurations</a> in the <i>Network Firewall Developer Guide</i>.</p>
  */
 export interface TLSInspectionConfiguration {
@@ -2177,7 +2256,7 @@ export interface CreateTLSInspectionConfigurationRequest {
      * @public
      * <p>The object that defines a TLS inspection configuration. This, along with <a>TLSInspectionConfigurationResponse</a>, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling <a>DescribeTLSInspectionConfiguration</a>. </p>
      *          <p>Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.</p>
-     *          <p>To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Decrypting SSL/TLS traffic with TLS
+     *          <p>To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Inspecting SSL/TLS traffic with TLS
      * inspection configurations</a> in the <i>Network Firewall Developer Guide</i>.</p>
      */
     TLSInspectionConfiguration: TLSInspectionConfiguration | undefined;
@@ -2252,6 +2331,11 @@ export interface TLSInspectionConfigurationResponse {
      * <p>A list of the certificates associated with the TLS inspection configuration.</p>
      */
     Certificates?: TlsCertificateData[];
+    /**
+     * @public
+     * <p>Contains metadata about an Certificate Manager certificate.</p>
+     */
+    CertificateAuthority?: TlsCertificateData;
 }
 /**
  * @public
@@ -2820,7 +2904,7 @@ export interface DescribeTLSInspectionConfigurationResponse {
      * @public
      * <p>The object that defines a TLS inspection configuration. This, along with <a>TLSInspectionConfigurationResponse</a>, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling <a>DescribeTLSInspectionConfiguration</a>. </p>
      *          <p>Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.</p>
-     *          <p>To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Decrypting SSL/TLS traffic with TLS
+     *          <p>To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Inspecting SSL/TLS traffic with TLS
      * inspection configurations</a> in the <i>Network Firewall Developer Guide</i>.</p>
      */
     TLSInspectionConfiguration?: TLSInspectionConfiguration;
@@ -3809,7 +3893,7 @@ export interface UpdateTLSInspectionConfigurationRequest {
      * @public
      * <p>The object that defines a TLS inspection configuration. This, along with <a>TLSInspectionConfigurationResponse</a>, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling <a>DescribeTLSInspectionConfiguration</a>. </p>
      *          <p>Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.</p>
-     *          <p>To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect inbound traffic. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Decrypting SSL/TLS traffic with TLS
+     *          <p>To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html">Inspecting SSL/TLS traffic with TLS
      * inspection configurations</a> in the <i>Network Firewall Developer Guide</i>.</p>
      */
     TLSInspectionConfiguration: TLSInspectionConfiguration | undefined;

package/dist-types/ts3.4/index.d.ts CHANGED Viewed

@@ -4,4 +4,5 @@ export { ClientInputEndpointParameters } from "./endpoint/EndpointParameters";
 export * from "./commands";
 export * from "./pagination";
 export * from "./models";
+import "@aws-sdk/util-endpoints";
 export { NetworkFirewallServiceException } from "./models/NetworkFirewallServiceException";

package/dist-types/ts3.4/models/models_0.d.ts CHANGED Viewed

@@ -135,6 +135,17 @@ export interface TlsCertificateData {
   Status?: string;
   StatusMessage?: string;
 }
+export declare const RevocationCheckAction: {
+  readonly DROP: "DROP";
+  readonly PASS: "PASS";
+  readonly REJECT: "REJECT";
+};
+export type RevocationCheckAction =
+  (typeof RevocationCheckAction)[keyof typeof RevocationCheckAction];
+export interface CheckCertificateRevocationStatusActions {
+  RevokedStatusAction?: RevocationCheckAction;
+  UnknownStatusAction?: RevocationCheckAction;
+}
 export declare const ConfigurationSyncState: {
   readonly CAPACITY_CONSTRAINED: "CAPACITY_CONSTRAINED";
   readonly IN_SYNC: "IN_SYNC";
@@ -287,6 +298,7 @@ export interface CreateFirewallPolicyRequest {
 export declare const ResourceStatus: {
   readonly ACTIVE: "ACTIVE";
   readonly DELETING: "DELETING";
+  readonly ERROR: "ERROR";
 };
 export type ResourceStatus =
   (typeof ResourceStatus)[keyof typeof ResourceStatus];
@@ -498,6 +510,8 @@ export interface ServerCertificate {
 export interface ServerCertificateConfiguration {
   ServerCertificates?: ServerCertificate[];
   Scopes?: ServerCertificateScope[];
+  CertificateAuthorityArn?: string;
+  CheckCertificateRevocationStatus?: CheckCertificateRevocationStatusActions;
 }
 export interface TLSInspectionConfiguration {
   ServerCertificateConfigurations?: ServerCertificateConfiguration[];
@@ -520,6 +534,7 @@ export interface TLSInspectionConfigurationResponse {
   NumberOfAssociations?: number;
   EncryptionConfiguration?: EncryptionConfiguration;
   Certificates?: TlsCertificateData[];
+  CertificateAuthority?: TlsCertificateData;
 }
 export interface CreateTLSInspectionConfigurationResponse {
   UpdateToken: string | undefined;

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-network-firewall",
   "description": "AWS SDK for JavaScript Network Firewall Client for Node.js, Browser and React Native",
-  "version": "3.436.0",
+  "version": "3.438.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "tsc -p tsconfig.cjs.json",
@@ -21,19 +21,19 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "3.0.0",
     "@aws-crypto/sha256-js": "3.0.0",
-    "@aws-sdk/client-sts": "3.436.0",
+    "@aws-sdk/client-sts": "3.438.0",
     "@aws-sdk/core": "3.436.0",
-    "@aws-sdk/credential-provider-node": "3.436.0",
+    "@aws-sdk/credential-provider-node": "3.438.0",
     "@aws-sdk/middleware-host-header": "3.433.0",
     "@aws-sdk/middleware-logger": "3.433.0",
     "@aws-sdk/middleware-recursion-detection": "3.433.0",
     "@aws-sdk/middleware-signing": "3.433.0",
-    "@aws-sdk/middleware-user-agent": "3.433.0",
+    "@aws-sdk/middleware-user-agent": "3.438.0",
     "@aws-sdk/region-config-resolver": "3.433.0",
     "@aws-sdk/types": "3.433.0",
-    "@aws-sdk/util-endpoints": "3.433.0",
+    "@aws-sdk/util-endpoints": "3.438.0",
     "@aws-sdk/util-user-agent-browser": "3.433.0",
-    "@aws-sdk/util-user-agent-node": "3.433.0",
+    "@aws-sdk/util-user-agent-node": "3.437.0",
     "@smithy/config-resolver": "^2.0.16",
     "@smithy/fetch-http-handler": "^2.2.4",
     "@smithy/hash-node": "^2.0.12",
@@ -54,6 +54,7 @@
     "@smithy/util-body-length-node": "^2.1.0",
     "@smithy/util-defaults-mode-browser": "^2.0.16",
     "@smithy/util-defaults-mode-node": "^2.0.21",
+    "@smithy/util-endpoints": "^1.0.2",
     "@smithy/util-retry": "^2.0.5",
     "@smithy/util-utf8": "^2.0.0",
     "tslib": "^2.5.0"