npm - @aws-sdk/client-network-firewall - Versions diffs - 3.750.0 → 3.752.0 - Mend

@aws-sdk/client-network-firewall 3.750.0 → 3.752.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

package/dist-types/commands/StartAnalysisReportCommand.d.ts ADDED Viewed

@@ -0,0 +1,100 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { StartAnalysisReportRequest, StartAnalysisReportResponse } from "../models/models_0";
+import { NetworkFirewallClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../NetworkFirewallClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link StartAnalysisReportCommand}.
+ */
+export interface StartAnalysisReportCommandInput extends StartAnalysisReportRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link StartAnalysisReportCommand}.
+ */
+export interface StartAnalysisReportCommandOutput extends StartAnalysisReportResponse, __MetadataBearer {
+}
+declare const StartAnalysisReportCommand_base: {
+    new (input: StartAnalysisReportCommandInput): import("@smithy/smithy-client").CommandImpl<StartAnalysisReportCommandInput, StartAnalysisReportCommandOutput, NetworkFirewallClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (__0_0: StartAnalysisReportCommandInput): import("@smithy/smithy-client").CommandImpl<StartAnalysisReportCommandInput, StartAnalysisReportCommandOutput, NetworkFirewallClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Generates a traffic analysis report for the timeframe and traffic type you specify.</p>
+ *          <p>For information on the contents of a traffic analysis report, see <a>AnalysisReport</a>.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { NetworkFirewallClient, StartAnalysisReportCommand } from "@aws-sdk/client-network-firewall"; // ES Modules import
+ * // const { NetworkFirewallClient, StartAnalysisReportCommand } = require("@aws-sdk/client-network-firewall"); // CommonJS import
+ * const client = new NetworkFirewallClient(config);
+ * const input = { // StartAnalysisReportRequest
+ *   FirewallName: "STRING_VALUE",
+ *   FirewallArn: "STRING_VALUE",
+ *   AnalysisType: "TLS_SNI" || "HTTP_HOST", // required
+ * };
+ * const command = new StartAnalysisReportCommand(input);
+ * const response = await client.send(command);
+ * // { // StartAnalysisReportResponse
+ * //   AnalysisReportId: "STRING_VALUE", // required
+ * // };
+ *
+ * ```
+ *
+ * @param StartAnalysisReportCommandInput - {@link StartAnalysisReportCommandInput}
+ * @returns {@link StartAnalysisReportCommandOutput}
+ * @see {@link StartAnalysisReportCommandInput} for command's `input` shape.
+ * @see {@link StartAnalysisReportCommandOutput} for command's `response` shape.
+ * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
+ *
+ * @throws {@link InternalServerError} (server fault)
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
+ *          system problem. Retry your request. </p>
+ *
+ * @throws {@link InvalidRequestException} (client fault)
+ *  <p>The operation failed because of a problem with your request. Examples include: </p>
+ *          <ul>
+ *             <li>
+ *                <p>You specified an unsupported parameter name or value.</p>
+ *             </li>
+ *             <li>
+ *                <p>You tried to update a property with a value that isn't among the available
+ *                types.</p>
+ *             </li>
+ *             <li>
+ *                <p>Your request references an ARN that is malformed, or corresponds to a resource
+ *                that isn't valid in the context of the request.</p>
+ *             </li>
+ *          </ul>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>Unable to locate a resource using the parameters that you provided.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>Unable to process the request due to throttling limitations.</p>
+ *
+ * @throws {@link NetworkFirewallServiceException}
+ * <p>Base exception class for all service exceptions from NetworkFirewall service.</p>
+ *
+ * @public
+ */
+export declare class StartAnalysisReportCommand extends StartAnalysisReportCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: StartAnalysisReportRequest;
+            output: StartAnalysisReportResponse;
+        };
+        sdk: {
+            input: StartAnalysisReportCommandInput;
+            output: StartAnalysisReportCommandOutput;
+        };
+    };
+}

package/dist-types/commands/UpdateFirewallAnalysisSettingsCommand.d.ts ADDED Viewed

@@ -0,0 +1,107 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { UpdateFirewallAnalysisSettingsRequest, UpdateFirewallAnalysisSettingsResponse } from "../models/models_0";
+import { NetworkFirewallClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../NetworkFirewallClient";
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link UpdateFirewallAnalysisSettingsCommand}.
+ */
+export interface UpdateFirewallAnalysisSettingsCommandInput extends UpdateFirewallAnalysisSettingsRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link UpdateFirewallAnalysisSettingsCommand}.
+ */
+export interface UpdateFirewallAnalysisSettingsCommandOutput extends UpdateFirewallAnalysisSettingsResponse, __MetadataBearer {
+}
+declare const UpdateFirewallAnalysisSettingsCommand_base: {
+    new (input: UpdateFirewallAnalysisSettingsCommandInput): import("@smithy/smithy-client").CommandImpl<UpdateFirewallAnalysisSettingsCommandInput, UpdateFirewallAnalysisSettingsCommandOutput, NetworkFirewallClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (...[input]: [] | [UpdateFirewallAnalysisSettingsCommandInput]): import("@smithy/smithy-client").CommandImpl<UpdateFirewallAnalysisSettingsCommandInput, UpdateFirewallAnalysisSettingsCommandOutput, NetworkFirewallClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Enables specific types of firewall analysis on a specific firewall you define.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { NetworkFirewallClient, UpdateFirewallAnalysisSettingsCommand } from "@aws-sdk/client-network-firewall"; // ES Modules import
+ * // const { NetworkFirewallClient, UpdateFirewallAnalysisSettingsCommand } = require("@aws-sdk/client-network-firewall"); // CommonJS import
+ * const client = new NetworkFirewallClient(config);
+ * const input = { // UpdateFirewallAnalysisSettingsRequest
+ *   EnabledAnalysisTypes: [ // EnabledAnalysisTypes
+ *     "TLS_SNI" || "HTTP_HOST",
+ *   ],
+ *   FirewallArn: "STRING_VALUE",
+ *   FirewallName: "STRING_VALUE",
+ *   UpdateToken: "STRING_VALUE",
+ * };
+ * const command = new UpdateFirewallAnalysisSettingsCommand(input);
+ * const response = await client.send(command);
+ * // { // UpdateFirewallAnalysisSettingsResponse
+ * //   EnabledAnalysisTypes: [ // EnabledAnalysisTypes
+ * //     "TLS_SNI" || "HTTP_HOST",
+ * //   ],
+ * //   FirewallArn: "STRING_VALUE",
+ * //   FirewallName: "STRING_VALUE",
+ * //   UpdateToken: "STRING_VALUE",
+ * // };
+ *
+ * ```
+ *
+ * @param UpdateFirewallAnalysisSettingsCommandInput - {@link UpdateFirewallAnalysisSettingsCommandInput}
+ * @returns {@link UpdateFirewallAnalysisSettingsCommandOutput}
+ * @see {@link UpdateFirewallAnalysisSettingsCommandInput} for command's `input` shape.
+ * @see {@link UpdateFirewallAnalysisSettingsCommandOutput} for command's `response` shape.
+ * @see {@link NetworkFirewallClientResolvedConfig | config} for NetworkFirewallClient's `config` shape.
+ *
+ * @throws {@link InternalServerError} (server fault)
+ *  <p>Your request is valid, but Network Firewall couldn't perform the operation because of a
+ *          system problem. Retry your request. </p>
+ *
+ * @throws {@link InvalidRequestException} (client fault)
+ *  <p>The operation failed because of a problem with your request. Examples include: </p>
+ *          <ul>
+ *             <li>
+ *                <p>You specified an unsupported parameter name or value.</p>
+ *             </li>
+ *             <li>
+ *                <p>You tried to update a property with a value that isn't among the available
+ *                types.</p>
+ *             </li>
+ *             <li>
+ *                <p>Your request references an ARN that is malformed, or corresponds to a resource
+ *                that isn't valid in the context of the request.</p>
+ *             </li>
+ *          </ul>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>Unable to locate a resource using the parameters that you provided.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>Unable to process the request due to throttling limitations.</p>
+ *
+ * @throws {@link NetworkFirewallServiceException}
+ * <p>Base exception class for all service exceptions from NetworkFirewall service.</p>
+ *
+ * @public
+ */
+export declare class UpdateFirewallAnalysisSettingsCommand extends UpdateFirewallAnalysisSettingsCommand_base {
+    /** @internal type navigation helper, not in runtime. */
+    protected static __types: {
+        api: {
+            input: UpdateFirewallAnalysisSettingsRequest;
+            output: UpdateFirewallAnalysisSettingsResponse;
+        };
+        sdk: {
+            input: UpdateFirewallAnalysisSettingsCommandInput;
+            output: UpdateFirewallAnalysisSettingsCommandOutput;
+        };
+    };
+}

package/dist-types/commands/index.d.ts CHANGED Viewed

@@ -17,14 +17,18 @@ export * from "./DescribeRuleGroupCommand";
 export * from "./DescribeRuleGroupMetadataCommand";
 export * from "./DescribeTLSInspectionConfigurationCommand";
 export * from "./DisassociateSubnetsCommand";
+export * from "./GetAnalysisReportResultsCommand";
+export * from "./ListAnalysisReportsCommand";
 export * from "./ListFirewallPoliciesCommand";
 export * from "./ListFirewallsCommand";
 export * from "./ListRuleGroupsCommand";
 export * from "./ListTLSInspectionConfigurationsCommand";
 export * from "./ListTagsForResourceCommand";
 export * from "./PutResourcePolicyCommand";
+export * from "./StartAnalysisReportCommand";
 export * from "./TagResourceCommand";
 export * from "./UntagResourceCommand";
+export * from "./UpdateFirewallAnalysisSettingsCommand";
 export * from "./UpdateFirewallDeleteProtectionCommand";
 export * from "./UpdateFirewallDescriptionCommand";
 export * from "./UpdateFirewallEncryptionConfigurationCommand";

package/dist-types/index.d.ts CHANGED Viewed

@@ -25,7 +25,10 @@
  *          prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
  *          perimeter of your VPC. This includes filtering traffic going to and coming from an internet
  *          gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible
- *       with Suricata, a free, open source network analysis and threat detection engine. </p>
+ *       with Suricata, a free, open source network analysis and threat detection engine.
+ *       Network Firewall supports Suricata version 7.0.3. For information about Suricata,
+ *           see the <a href="https://suricata.io/">Suricata website</a> and the
+ *           <a href="https://suricata.readthedocs.io/en/suricata-7.0.3/">Suricata User Guide</a>. </p>
  *          <p>You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
  *          The following are just a few examples: </p>
  *          <ul>

package/dist-types/models/models_0.d.ts CHANGED Viewed

@@ -75,6 +75,106 @@ export interface Address {
      */
     AddressDefinition: string | undefined;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const EnabledAnalysisType: {
+    readonly HTTP_HOST: "HTTP_HOST";
+    readonly TLS_SNI: "TLS_SNI";
+};
+/**
+ * @public
+ */
+export type EnabledAnalysisType = (typeof EnabledAnalysisType)[keyof typeof EnabledAnalysisType];
+/**
+ * <p>A report that captures key activity from the last 30 days of network traffic monitored by your firewall.</p>
+ *          <p>You can generate up to one report per traffic type, per 30 day period. For example, when you successfully create an HTTP traffic report,
+ *          you cannot create another HTTP traffic report until 30 days pass. Alternatively, if you generate a report that combines metrics on both HTTP
+ *          and HTTPS traffic, you cannot create another report for either traffic type until 30 days pass.</p>
+ * @public
+ */
+export interface AnalysisReport {
+    /**
+     * <p>The unique ID of the query that ran when you requested an analysis report. </p>
+     * @public
+     */
+    AnalysisReportId?: string | undefined;
+    /**
+     * <p>The type of traffic that will be used to generate a report. </p>
+     * @public
+     */
+    AnalysisType?: EnabledAnalysisType | undefined;
+    /**
+     * <p>The date and time the analysis report was ran. </p>
+     * @public
+     */
+    ReportTime?: Date | undefined;
+    /**
+     * <p>The status of the analysis report you specify. Statuses include <code>RUNNING</code>, <code>COMPLETED</code>, or <code>FAILED</code>.</p>
+     * @public
+     */
+    Status?: string | undefined;
+}
+/**
+ * <p>Attempts made to a access domain.</p>
+ * @public
+ */
+export interface Hits {
+    /**
+     * <p>The number of attempts made to access a domain.</p>
+     * @public
+     */
+    Count?: number | undefined;
+}
+/**
+ * <p>A unique source IP address that connected to a domain.</p>
+ * @public
+ */
+export interface UniqueSources {
+    /**
+     * <p>The number of unique source IP addresses that connected to a domain.</p>
+     * @public
+     */
+    Count?: number | undefined;
+}
+/**
+ * <p>The results of a <code>COMPLETED</code> analysis report generated with <a>StartAnalysisReport</a>.</p>
+ *          <p>For an example of traffic analysis report results, see the response syntax of <a>GetAnalysisReportResults</a>.</p>
+ * @public
+ */
+export interface AnalysisTypeReportResult {
+    /**
+     * <p>The type of traffic captured by the analysis report.</p>
+     * @public
+     */
+    Protocol?: string | undefined;
+    /**
+     * <p>The date and time any domain was first accessed (within the last 30 day period).</p>
+     * @public
+     */
+    FirstAccessed?: Date | undefined;
+    /**
+     * <p>The date and time any domain was last accessed (within the last 30 day period).</p>
+     * @public
+     */
+    LastAccessed?: Date | undefined;
+    /**
+     * <p>The most frequently accessed domains.</p>
+     * @public
+     */
+    Domain?: string | undefined;
+    /**
+     * <p>The number of attempts made to access a observed domain.</p>
+     * @public
+     */
+    Hits?: Hits | undefined;
+    /**
+     * <p>The number of unique source IP addresses that connected to a domain.</p>
+     * @public
+     */
+    UniqueSources?: UniqueSources | undefined;
+}
 /**
  * @public
  * @enum
@@ -89,6 +189,7 @@ export declare const IdentifiedType: {
 export type IdentifiedType = (typeof IdentifiedType)[keyof typeof IdentifiedType];
 /**
  * <p>The analysis result for Network Firewall's stateless rule group analyzer. Every time you call <a>CreateRuleGroup</a>, <a>UpdateRuleGroup</a>, or <a>DescribeRuleGroup</a> on a stateless rule group, Network Firewall analyzes the stateless rule groups in your account and identifies the rules that might adversely effect your firewall's functionality. For example, if Network Firewall detects a rule that's routing traffic asymmetrically, which impacts the service's ability to properly process traffic, the service includes the rule in a list of analysis results.</p>
+ *          <p>The <code>AnalysisResult</code> data type is not related to traffic analysis reports you generate using <a>StartAnalysisReport</a>. For information on traffic analysis report results, see <a>AnalysisTypeReportResult</a>.</p>
  * @public
  */
 export interface AnalysisResult {
@@ -643,14 +744,14 @@ export interface CreateFirewallRequest {
      *          <p>You can't change this setting after you create the firewall. </p>
      * @public
      */
-    VpcId: string | undefined;
+    VpcId?: string | undefined;
     /**
      * <p>The public subnets to use for your Network Firewall firewalls. Each subnet must belong to a
      *          different Availability Zone in the VPC. Network Firewall creates a firewall endpoint in each
      *          subnet. </p>
      * @public
      */
-    SubnetMappings: SubnetMapping[] | undefined;
+    SubnetMappings?: SubnetMapping[] | undefined;
     /**
      * <p>A flag indicating whether it is possible to delete the firewall. A setting of <code>TRUE</code> indicates
      *          that the firewall is protected against deletion. Use this setting to protect against
@@ -687,6 +788,11 @@ export interface CreateFirewallRequest {
      * @public
      */
     EncryptionConfiguration?: EncryptionConfiguration | undefined;
+    /**
+     * <p>An optional setting indicating the specific traffic analysis types to enable on the firewall. </p>
+     * @public
+     */
+    EnabledAnalysisTypes?: EnabledAnalysisType[] | undefined;
 }
 /**
  * <p>The firewall defines the configuration settings for an Network Firewall firewall. These settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource. </p>
@@ -766,6 +872,11 @@ export interface Firewall {
      * @public
      */
     EncryptionConfiguration?: EncryptionConfiguration | undefined;
+    /**
+     * <p>An optional setting indicating the specific traffic analysis types to enable on the firewall. </p>
+     * @public
+     */
+    EnabledAnalysisTypes?: EnabledAnalysisType[] | undefined;
 }
 /**
  * @public
@@ -1596,12 +1707,12 @@ export interface Header {
  */
 export interface RuleOption {
     /**
-     * <p>The keyword for the Suricata compatible rule option. You must include a <code>sid</code> (signature ID), and can optionally include other keywords. For information about Suricata compatible keywords, see <a href="https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html#rule-options">Rule options</a> in the Suricata documentation.</p>
+     * <p>The keyword for the Suricata compatible rule option. You must include a <code>sid</code> (signature ID), and can optionally include other keywords. For information about Suricata compatible keywords, see <a href="https://suricata.readthedocs.io/en/suricata-7.0.3/rules/intro.html#rule-options">Rule options</a> in the Suricata documentation.</p>
      * @public
      */
     Keyword: string | undefined;
     /**
-     * <p>The settings of the Suricata compatible rule option. Rule options have zero or more setting values, and the number of possible and required settings depends on the <code>Keyword</code>. For more information about the settings for specific options, see <a href="https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html#rule-options">Rule options</a>.</p>
+     * <p>The settings of the Suricata compatible rule option. Rule options have zero or more setting values, and the number of possible and required settings depends on the <code>Keyword</code>. For more information about the settings for specific options, see <a href="https://suricata.readthedocs.io/en/suricata-7.0.3/rules/intro.html#rule-options">Rule options</a>.</p>
      * @public
      */
     Settings?: string[] | undefined;
@@ -1610,7 +1721,7 @@ export interface RuleOption {
  * <p>A single Suricata rules specification, for use in a stateful rule group.
  *        Use this option to specify a simple Suricata rule with protocol, source and destination, ports, direction, and rule options.
  *        For information about the Suricata <code>Rules</code> format, see
- *                                         <a href="https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html">Rules Format</a>. </p>
+ *                                         <a href="https://suricata.readthedocs.io/en/suricata-7.0.3/rules/intro.html">Rules Format</a>. </p>
  * @public
  */
 export interface StatefulRule {
@@ -1899,7 +2010,7 @@ export interface RulesSource {
      * <p>An array of individual stateful rules inspection criteria to be used together in a stateful rule group.
      *        Use this option to specify simple Suricata rules with protocol, source and destination, ports, direction, and rule options.
      *        For information about the Suricata <code>Rules</code> format, see
-     *                                         <a href="https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html">Rules Format</a>. </p>
+     *                                         <a href="https://suricata.readthedocs.io/en/suricata-7.0.3/rules/intro.html">Rules Format</a>. </p>
      * @public
      */
     StatefulRules?: StatefulRule[] | undefined;
@@ -3120,6 +3231,134 @@ export interface FirewallPolicyMetadata {
      */
     Arn?: string | undefined;
 }
+/**
+ * @public
+ */
+export interface GetAnalysisReportResultsRequest {
+    /**
+     * <p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p>
+     *          <p>You must specify the ARN or the name, and you can specify both. </p>
+     * @public
+     */
+    FirewallName?: string | undefined;
+    /**
+     * <p>The unique ID of the query that ran when you requested an analysis report. </p>
+     * @public
+     */
+    AnalysisReportId: string | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the firewall.</p>
+     *          <p>You must specify the ARN or the name, and you can specify both. </p>
+     * @public
+     */
+    FirewallArn?: string | undefined;
+    /**
+     * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
+     *          for retrieval exceeds the maximum you requested, Network Firewall returns a <code>NextToken</code>
+     *          value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
+     * @public
+     */
+    NextToken?: string | undefined;
+    /**
+     * <p>The maximum number of objects that you want Network Firewall to return for this request. If more
+     *           objects are available, in the response, Network Firewall provides a
+     *          <code>NextToken</code> value that you can use in a subsequent call to get the next batch of objects.</p>
+     * @public
+     */
+    MaxResults?: number | undefined;
+}
+/**
+ * @public
+ */
+export interface GetAnalysisReportResultsResponse {
+    /**
+     * <p>The status of the analysis report you specify. Statuses include <code>RUNNING</code>, <code>COMPLETED</code>, or <code>FAILED</code>.</p>
+     * @public
+     */
+    Status?: string | undefined;
+    /**
+     * <p> The date and time within the last 30 days from which to start retrieving analysis data,
+     *    in UTC format (for example, <code>YYYY-MM-DDTHH:MM:SSZ</code>. </p>
+     * @public
+     */
+    StartTime?: Date | undefined;
+    /**
+     * <p>The date and time, up to the current date, from which to stop retrieving analysis data,
+     *    in UTC format (for example, <code>YYYY-MM-DDTHH:MM:SSZ</code>). </p>
+     * @public
+     */
+    EndTime?: Date | undefined;
+    /**
+     * <p>The date and time the analysis report was ran. </p>
+     * @public
+     */
+    ReportTime?: Date | undefined;
+    /**
+     * <p>The type of traffic that will be used to generate a report. </p>
+     * @public
+     */
+    AnalysisType?: EnabledAnalysisType | undefined;
+    /**
+     * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
+     *          for retrieval exceeds the maximum you requested, Network Firewall returns a <code>NextToken</code>
+     *          value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
+     * @public
+     */
+    NextToken?: string | undefined;
+    /**
+     * <p>Retrieves the results of a traffic analysis report.</p>
+     * @public
+     */
+    AnalysisReportResults?: AnalysisTypeReportResult[] | undefined;
+}
+/**
+ * @public
+ */
+export interface ListAnalysisReportsRequest {
+    /**
+     * <p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p>
+     *          <p>You must specify the ARN or the name, and you can specify both. </p>
+     * @public
+     */
+    FirewallName?: string | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the firewall.</p>
+     *          <p>You must specify the ARN or the name, and you can specify both. </p>
+     * @public
+     */
+    FirewallArn?: string | undefined;
+    /**
+     * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
+     *          for retrieval exceeds the maximum you requested, Network Firewall returns a <code>NextToken</code>
+     *          value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
+     * @public
+     */
+    NextToken?: string | undefined;
+    /**
+     * <p>The maximum number of objects that you want Network Firewall to return for this request. If more
+     *           objects are available, in the response, Network Firewall provides a
+     *          <code>NextToken</code> value that you can use in a subsequent call to get the next batch of objects.</p>
+     * @public
+     */
+    MaxResults?: number | undefined;
+}
+/**
+ * @public
+ */
+export interface ListAnalysisReportsResponse {
+    /**
+     * <p>The <code>id</code> and <code>ReportTime</code> associated with a requested analysis report. Does not provide the status of the analysis report. </p>
+     * @public
+     */
+    AnalysisReports?: AnalysisReport[] | undefined;
+    /**
+     * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
+     *          for retrieval exceeds the maximum you requested, Network Firewall returns a <code>NextToken</code>
+     *          value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
+     * @public
+     */
+    NextToken?: string | undefined;
+}
 /**
  * @public
  */
@@ -3446,6 +3685,38 @@ export interface PutResourcePolicyRequest {
  */
 export interface PutResourcePolicyResponse {
 }
+/**
+ * @public
+ */
+export interface StartAnalysisReportRequest {
+    /**
+     * <p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p>
+     *          <p>You must specify the ARN or the name, and you can specify both. </p>
+     * @public
+     */
+    FirewallName?: string | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the firewall.</p>
+     *          <p>You must specify the ARN or the name, and you can specify both. </p>
+     * @public
+     */
+    FirewallArn?: string | undefined;
+    /**
+     * <p>The type of traffic that will be used to generate a report. </p>
+     * @public
+     */
+    AnalysisType: EnabledAnalysisType | undefined;
+}
+/**
+ * @public
+ */
+export interface StartAnalysisReportResponse {
+    /**
+     * <p>The unique ID of the query that ran when you requested an analysis report. </p>
+     * @public
+     */
+    AnalysisReportId: string | undefined;
+}
 /**
  * @public
  */
@@ -3486,6 +3757,64 @@ export interface UntagResourceRequest {
  */
 export interface UntagResourceResponse {
 }
+/**
+ * @public
+ */
+export interface UpdateFirewallAnalysisSettingsRequest {
+    /**
+     * <p>An optional setting indicating the specific traffic analysis types to enable on the firewall. </p>
+     * @public
+     */
+    EnabledAnalysisTypes?: EnabledAnalysisType[] | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the firewall.</p>
+     *          <p>You must specify the ARN or the name, and you can specify both. </p>
+     * @public
+     */
+    FirewallArn?: string | undefined;
+    /**
+     * <p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p>
+     *          <p>You must specify the ARN or the name, and you can specify both. </p>
+     * @public
+     */
+    FirewallName?: string | undefined;
+    /**
+     * <p>An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request. </p>
+     *          <p>To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.</p>
+     *          <p>To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an <code>InvalidTokenException</code>. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token. </p>
+     * @public
+     */
+    UpdateToken?: string | undefined;
+}
+/**
+ * @public
+ */
+export interface UpdateFirewallAnalysisSettingsResponse {
+    /**
+     * <p>An optional setting indicating the specific traffic analysis types to enable on the firewall. </p>
+     * @public
+     */
+    EnabledAnalysisTypes?: EnabledAnalysisType[] | undefined;
+    /**
+     * <p>The Amazon Resource Name (ARN) of the firewall.</p>
+     *          <p>You must specify the ARN or the name, and you can specify both. </p>
+     * @public
+     */
+    FirewallArn?: string | undefined;
+    /**
+     * <p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p>
+     *          <p>You must specify the ARN or the name, and you can specify both. </p>
+     * @public
+     */
+    FirewallName?: string | undefined;
+    /**
+     * <p>An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request. </p>
+     *          <p>To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.</p>
+     *          <p>To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an <code>InvalidTokenException</code>. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token. </p>
+     * @public
+     */
+    UpdateToken?: string | undefined;
+}
 /**
  * <p>Unable to change the resource because your account doesn't own it. </p>
  * @public