@aws-sdk/client-network-firewall 3.682.0 → 3.683.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -4
- package/dist-types/NetworkFirewall.d.ts +1 -3
- package/dist-types/NetworkFirewallClient.d.ts +1 -3
- package/dist-types/commands/CreateFirewallPolicyCommand.d.ts +3 -0
- package/dist-types/commands/DescribeFirewallPolicyCommand.d.ts +3 -0
- package/dist-types/commands/UpdateFirewallPolicyCommand.d.ts +3 -0
- package/dist-types/index.d.ts +1 -3
- package/dist-types/models/models_0.d.ts +24 -0
- package/dist-types/ts3.4/models/models_0.d.ts +4 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -32,9 +32,7 @@ Guide</a>.</p>
|
|
|
32
32
|
prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
|
|
33
33
|
perimeter of your VPC. This includes filtering traffic going to and coming from an internet
|
|
34
34
|
gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible
|
|
35
|
-
with Suricata, a free, open source network analysis and threat detection engine.
|
|
36
|
-
Network Firewall supports Suricata version 6.0.9. For information about Suricata,
|
|
37
|
-
see the <a href="https://suricata.io/">Suricata website</a>.</p>
|
|
35
|
+
with Suricata, a free, open source network analysis and threat detection engine. </p>
|
|
38
36
|
<p>You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
|
|
39
37
|
The following are just a few examples: </p>
|
|
40
38
|
<ul>
|
|
@@ -87,7 +85,7 @@ endpoints.</p>
|
|
|
87
85
|
|
|
88
86
|
## Installing
|
|
89
87
|
|
|
90
|
-
To install
|
|
88
|
+
To install this package, simply type add or install @aws-sdk/client-network-firewall
|
|
91
89
|
using your favorite package manager:
|
|
92
90
|
|
|
93
91
|
- `npm install @aws-sdk/client-network-firewall`
|
|
@@ -298,9 +298,7 @@ export interface NetworkFirewall {
|
|
|
298
298
|
* prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
|
|
299
299
|
* perimeter of your VPC. This includes filtering traffic going to and coming from an internet
|
|
300
300
|
* gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible
|
|
301
|
-
* with Suricata, a free, open source network analysis and threat detection engine.
|
|
302
|
-
* Network Firewall supports Suricata version 6.0.9. For information about Suricata,
|
|
303
|
-
* see the <a href="https://suricata.io/">Suricata website</a>.</p>
|
|
301
|
+
* with Suricata, a free, open source network analysis and threat detection engine. </p>
|
|
304
302
|
* <p>You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
|
|
305
303
|
* The following are just a few examples: </p>
|
|
306
304
|
* <ul>
|
|
@@ -213,9 +213,7 @@ export interface NetworkFirewallClientResolvedConfig extends NetworkFirewallClie
|
|
|
213
213
|
* prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
|
|
214
214
|
* perimeter of your VPC. This includes filtering traffic going to and coming from an internet
|
|
215
215
|
* gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible
|
|
216
|
-
* with Suricata, a free, open source network analysis and threat detection engine.
|
|
217
|
-
* Network Firewall supports Suricata version 6.0.9. For information about Suricata,
|
|
218
|
-
* see the <a href="https://suricata.io/">Suricata website</a>.</p>
|
|
216
|
+
* with Suricata, a free, open source network analysis and threat detection engine. </p>
|
|
219
217
|
* <p>You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
|
|
220
218
|
* The following are just a few examples: </p>
|
|
221
219
|
* <ul>
|
|
@@ -81,6 +81,9 @@ declare const CreateFirewallPolicyCommand_base: {
|
|
|
81
81
|
* StatefulEngineOptions: { // StatefulEngineOptions
|
|
82
82
|
* RuleOrder: "DEFAULT_ACTION_ORDER" || "STRICT_ORDER",
|
|
83
83
|
* StreamExceptionPolicy: "DROP" || "CONTINUE" || "REJECT",
|
|
84
|
+
* FlowTimeouts: { // FlowTimeouts
|
|
85
|
+
* TcpIdleTimeoutSeconds: Number("int"),
|
|
86
|
+
* },
|
|
84
87
|
* },
|
|
85
88
|
* TLSInspectionConfigurationArn: "STRING_VALUE",
|
|
86
89
|
* PolicyVariables: { // PolicyVariables
|
|
@@ -105,6 +105,9 @@ declare const DescribeFirewallPolicyCommand_base: {
|
|
|
105
105
|
* // StatefulEngineOptions: { // StatefulEngineOptions
|
|
106
106
|
* // RuleOrder: "DEFAULT_ACTION_ORDER" || "STRICT_ORDER",
|
|
107
107
|
* // StreamExceptionPolicy: "DROP" || "CONTINUE" || "REJECT",
|
|
108
|
+
* // FlowTimeouts: { // FlowTimeouts
|
|
109
|
+
* // TcpIdleTimeoutSeconds: Number("int"),
|
|
110
|
+
* // },
|
|
108
111
|
* // },
|
|
109
112
|
* // TLSInspectionConfigurationArn: "STRING_VALUE",
|
|
110
113
|
* // PolicyVariables: { // PolicyVariables
|
|
@@ -80,6 +80,9 @@ declare const UpdateFirewallPolicyCommand_base: {
|
|
|
80
80
|
* StatefulEngineOptions: { // StatefulEngineOptions
|
|
81
81
|
* RuleOrder: "DEFAULT_ACTION_ORDER" || "STRICT_ORDER",
|
|
82
82
|
* StreamExceptionPolicy: "DROP" || "CONTINUE" || "REJECT",
|
|
83
|
+
* FlowTimeouts: { // FlowTimeouts
|
|
84
|
+
* TcpIdleTimeoutSeconds: Number("int"),
|
|
85
|
+
* },
|
|
83
86
|
* },
|
|
84
87
|
* TLSInspectionConfigurationArn: "STRING_VALUE",
|
|
85
88
|
* PolicyVariables: { // PolicyVariables
|
package/dist-types/index.d.ts
CHANGED
|
@@ -25,9 +25,7 @@
|
|
|
25
25
|
* prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
|
|
26
26
|
* perimeter of your VPC. This includes filtering traffic going to and coming from an internet
|
|
27
27
|
* gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible
|
|
28
|
-
* with Suricata, a free, open source network analysis and threat detection engine.
|
|
29
|
-
* Network Firewall supports Suricata version 6.0.9. For information about Suricata,
|
|
30
|
-
* see the <a href="https://suricata.io/">Suricata website</a>.</p>
|
|
28
|
+
* with Suricata, a free, open source network analysis and threat detection engine. </p>
|
|
31
29
|
* <p>You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
|
|
32
30
|
* The following are just a few examples: </p>
|
|
33
31
|
* <ul>
|
|
@@ -944,6 +944,24 @@ export interface PolicyVariables {
|
|
|
944
944
|
*/
|
|
945
945
|
RuleVariables?: Record<string, IPSet>;
|
|
946
946
|
}
|
|
947
|
+
/**
|
|
948
|
+
* <p>Describes the amount of time that can pass without any traffic sent through the firewall before the firewall determines that the connection is idle and Network Firewall removes the flow entry from its flow table.
|
|
949
|
+
* Existing connections and flows are not impacted when you update this value. Only new connections after you update this value are impacted.
|
|
950
|
+
* </p>
|
|
951
|
+
* @public
|
|
952
|
+
*/
|
|
953
|
+
export interface FlowTimeouts {
|
|
954
|
+
/**
|
|
955
|
+
* <p>The number of seconds that can pass without any TCP traffic sent through the firewall before the firewall determines that the connection is idle.
|
|
956
|
+
* After the idle timeout passes, data packets are dropped, however, the next TCP SYN packet is considered a new flow and is processed by the firewall.
|
|
957
|
+
* Clients or targets can use TCP keepalive packets to reset the idle timeout.
|
|
958
|
+
* </p>
|
|
959
|
+
* <p>You can define the <code>TcpIdleTimeoutSeconds</code> value to be between 60 and 6000 seconds. If no value is provided, it defaults to 350 seconds.
|
|
960
|
+
* </p>
|
|
961
|
+
* @public
|
|
962
|
+
*/
|
|
963
|
+
TcpIdleTimeoutSeconds?: number;
|
|
964
|
+
}
|
|
947
965
|
/**
|
|
948
966
|
* @public
|
|
949
967
|
* @enum
|
|
@@ -1002,6 +1020,12 @@ export interface StatefulEngineOptions {
|
|
|
1002
1020
|
* @public
|
|
1003
1021
|
*/
|
|
1004
1022
|
StreamExceptionPolicy?: StreamExceptionPolicy;
|
|
1023
|
+
/**
|
|
1024
|
+
* <p>Configures the amount of time that can pass without any traffic sent through the firewall before the firewall determines that the connection is idle.
|
|
1025
|
+
* </p>
|
|
1026
|
+
* @public
|
|
1027
|
+
*/
|
|
1028
|
+
FlowTimeouts?: FlowTimeouts;
|
|
1005
1029
|
}
|
|
1006
1030
|
/**
|
|
1007
1031
|
* @public
|
|
@@ -250,6 +250,9 @@ export interface IPSet {
|
|
|
250
250
|
export interface PolicyVariables {
|
|
251
251
|
RuleVariables?: Record<string, IPSet>;
|
|
252
252
|
}
|
|
253
|
+
export interface FlowTimeouts {
|
|
254
|
+
TcpIdleTimeoutSeconds?: number;
|
|
255
|
+
}
|
|
253
256
|
export declare const RuleOrder: {
|
|
254
257
|
readonly DEFAULT_ACTION_ORDER: "DEFAULT_ACTION_ORDER";
|
|
255
258
|
readonly STRICT_ORDER: "STRICT_ORDER";
|
|
@@ -265,6 +268,7 @@ export type StreamExceptionPolicy =
|
|
|
265
268
|
export interface StatefulEngineOptions {
|
|
266
269
|
RuleOrder?: RuleOrder;
|
|
267
270
|
StreamExceptionPolicy?: StreamExceptionPolicy;
|
|
271
|
+
FlowTimeouts?: FlowTimeouts;
|
|
268
272
|
}
|
|
269
273
|
export declare const OverrideAction: {
|
|
270
274
|
readonly DROP_TO_ALERT: "DROP_TO_ALERT";
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/client-network-firewall",
|
|
3
3
|
"description": "AWS SDK for JavaScript Network Firewall Client for Node.js, Browser and React Native",
|
|
4
|
-
"version": "3.
|
|
4
|
+
"version": "3.683.0",
|
|
5
5
|
"scripts": {
|
|
6
6
|
"build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
|
|
7
7
|
"build:cjs": "node ../../scripts/compilation/inline client-network-firewall",
|