pulumi-aws-native 1.38.0a1760940079__py3-none-any.whl → 1.38.0a1762272920__py3-none-any.whl

pulumi_aws_native/neptune/get_db_instance.py

@@ -24,7 +24,7 @@ __all__ = [
 
 @pulumi.output_type
 class GetDbInstanceResult:
-    def __init__(__self__, auto_minor_version_upgrade=None, db_instance_class=None, db_parameter_group_name=None, endpoint=None, port=None, preferred_maintenance_window=None, tags=None):
+    def __init__(__self__, auto_minor_version_upgrade=None, db_instance_class=None, db_parameter_group_name=None, endpoint=None, port=None, preferred_maintenance_window=None, publicly_accessible=None, tags=None):
         if auto_minor_version_upgrade and not isinstance(auto_minor_version_upgrade, bool):
             raise TypeError("Expected argument 'auto_minor_version_upgrade' to be a bool")
         pulumi.set(__self__, "auto_minor_version_upgrade", auto_minor_version_upgrade)
@@ -43,6 +43,9 @@ class GetDbInstanceResult:
         if preferred_maintenance_window and not isinstance(preferred_maintenance_window, str):
             raise TypeError("Expected argument 'preferred_maintenance_window' to be a str")
         pulumi.set(__self__, "preferred_maintenance_window", preferred_maintenance_window)
+        if publicly_accessible and not isinstance(publicly_accessible, bool):
+            raise TypeError("Expected argument 'publicly_accessible' to be a bool")
+        pulumi.set(__self__, "publicly_accessible", publicly_accessible)
         if tags and not isinstance(tags, list):
             raise TypeError("Expected argument 'tags' to be a list")
         pulumi.set(__self__, "tags", tags)
@@ -99,6 +102,14 @@ class GetDbInstanceResult:
         """
         return pulumi.get(self, "preferred_maintenance_window")
 
+    @_builtins.property
+    @pulumi.getter(name="publiclyAccessible")
+    def publicly_accessible(self) -> Optional[_builtins.bool]:
+        """
+        Indicates that public accessibility is enabled. This should be enabled in combination with IAM Auth enabled on the DBCluster
+        """
+        return pulumi.get(self, "publicly_accessible")
+
     @_builtins.property
     @pulumi.getter
     def tags(self) -> Optional[Sequence['_root_outputs.Tag']]:
@@ -120,6 +131,7 @@ class AwaitableGetDbInstanceResult(GetDbInstanceResult):
             endpoint=self.endpoint,
             port=self.port,
             preferred_maintenance_window=self.preferred_maintenance_window,
+            publicly_accessible=self.publicly_accessible,
             tags=self.tags)
 
 
@@ -143,6 +155,7 @@ def get_db_instance(db_instance_identifier: Optional[_builtins.str] = None,
         endpoint=pulumi.get(__ret__, 'endpoint'),
         port=pulumi.get(__ret__, 'port'),
         preferred_maintenance_window=pulumi.get(__ret__, 'preferred_maintenance_window'),
+        publicly_accessible=pulumi.get(__ret__, 'publicly_accessible'),
         tags=pulumi.get(__ret__, 'tags'))
 def get_db_instance_output(db_instance_identifier: Optional[pulumi.Input[_builtins.str]] = None,
                            opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetDbInstanceResult]:
@@ -163,4 +176,5 @@ def get_db_instance_output(db_instance_identifier: Optional[pulumi.Input[_builti
         endpoint=pulumi.get(__response__, 'endpoint'),
         port=pulumi.get(__response__, 'port'),
         preferred_maintenance_window=pulumi.get(__response__, 'preferred_maintenance_window'),
+        publicly_accessible=pulumi.get(__response__, 'publicly_accessible'),
         tags=pulumi.get(__response__, 'tags')))

pulumi_aws_native/networkfirewall/_enums.py

@@ -82,6 +82,8 @@ class LoggingConfigurationLogDestinationConfigLogType(_builtins.str, Enum):
 class RuleGroupGeneratedRulesType(_builtins.str, Enum):
     ALLOWLIST = "ALLOWLIST"
     DENYLIST = "DENYLIST"
+    ALERTLIST = "ALERTLIST"
+    REJECTLIST = "REJECTLIST"
 
 
 @pulumi.type_token("aws-native:networkfirewall:RuleGroupHeaderDirection")

pulumi_aws_native/networkfirewall/_inputs.py

@@ -671,6 +671,10 @@ if not MYPY:
 
         For example, you could specify `["aws:pass"]` or you could specify `["aws:pass", "customActionName"]` . For information about compatibility, see the custom action descriptions.
         """
+        enable_tls_session_holding: NotRequired[pulumi.Input[_builtins.bool]]
+        """
+        When true, prevents TCP and TLS packets from reaching destination servers until TLS Inspection has evaluated Server Name Indication (SNI) rules. Requires an associated TLS Inspection configuration.
+        """
         policy_variables: NotRequired[pulumi.Input['FirewallPolicyPolicyVariablesPropertiesArgsDict']]
         """
         Contains variables that you can use to override default Suricata settings in your firewall policy.
@@ -716,6 +720,7 @@ class FirewallPolicyArgs:
     def __init__(__self__, *,
                  stateless_default_actions: pulumi.Input[Sequence[pulumi.Input[_builtins.str]]],
                  stateless_fragment_default_actions: pulumi.Input[Sequence[pulumi.Input[_builtins.str]]],
+                 enable_tls_session_holding: Optional[pulumi.Input[_builtins.bool]] = None,
                  policy_variables: Optional[pulumi.Input['FirewallPolicyPolicyVariablesPropertiesArgs']] = None,
                  stateful_default_actions: Optional[pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]] = None,
                  stateful_engine_options: Optional[pulumi.Input['FirewallPolicyStatefulEngineOptionsArgs']] = None,
@@ -734,6 +739,7 @@ class FirewallPolicyArgs:
                You must specify one of the standard actions: `aws:pass` , `aws:drop` , or `aws:forward_to_sfe` . In addition, you can specify custom actions that are compatible with your standard section choice.
                
                For example, you could specify `["aws:pass"]` or you could specify `["aws:pass", "customActionName"]` . For information about compatibility, see the custom action descriptions.
+        :param pulumi.Input[_builtins.bool] enable_tls_session_holding: When true, prevents TCP and TLS packets from reaching destination servers until TLS Inspection has evaluated Server Name Indication (SNI) rules. Requires an associated TLS Inspection configuration.
         :param pulumi.Input['FirewallPolicyPolicyVariablesPropertiesArgs'] policy_variables: Contains variables that you can use to override default Suricata settings in your firewall policy.
         :param pulumi.Input[Sequence[pulumi.Input[_builtins.str]]] stateful_default_actions: The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is optional, and is only valid when using the strict rule order.
                
@@ -753,6 +759,8 @@ class FirewallPolicyArgs:
         """
         pulumi.set(__self__, "stateless_default_actions", stateless_default_actions)
         pulumi.set(__self__, "stateless_fragment_default_actions", stateless_fragment_default_actions)
+        if enable_tls_session_holding is not None:
+            pulumi.set(__self__, "enable_tls_session_holding", enable_tls_session_holding)
         if policy_variables is not None:
             pulumi.set(__self__, "policy_variables", policy_variables)
         if stateful_default_actions is not None:
@@ -800,6 +808,18 @@ class FirewallPolicyArgs:
     def stateless_fragment_default_actions(self, value: pulumi.Input[Sequence[pulumi.Input[_builtins.str]]]):
         pulumi.set(self, "stateless_fragment_default_actions", value)
 
+    @_builtins.property
+    @pulumi.getter(name="enableTlsSessionHolding")
+    def enable_tls_session_holding(self) -> Optional[pulumi.Input[_builtins.bool]]:
+        """
+        When true, prevents TCP and TLS packets from reaching destination servers until TLS Inspection has evaluated Server Name Indication (SNI) rules. Requires an associated TLS Inspection configuration.
+        """
+        return pulumi.get(self, "enable_tls_session_holding")
+
+    @enable_tls_session_holding.setter
+    def enable_tls_session_holding(self, value: Optional[pulumi.Input[_builtins.bool]]):
+        pulumi.set(self, "enable_tls_session_holding", value)
+
     @_builtins.property
     @pulumi.getter(name="policyVariables")
     def policy_variables(self) -> Optional[pulumi.Input['FirewallPolicyPolicyVariablesPropertiesArgs']]:

pulumi_aws_native/networkfirewall/firewall.py

@@ -363,6 +363,7 @@ class Firewall(pulumi.CustomResource):
             __props__.__dict__["endpoint_ids"] = None
             __props__.__dict__["firewall_arn"] = None
             __props__.__dict__["firewall_id"] = None
+            __props__.__dict__["transit_gateway_attachment_id"] = None
         replace_on_changes = pulumi.ResourceOptions(replace_on_changes=["firewallName", "vpcId"])
         opts = pulumi.ResourceOptions.merge(opts, replace_on_changes)
         super(Firewall, __self__).__init__(
@@ -401,6 +402,7 @@ class Firewall(pulumi.CustomResource):
         __props__.__dict__["subnet_change_protection"] = None
         __props__.__dict__["subnet_mappings"] = None
         __props__.__dict__["tags"] = None
+        __props__.__dict__["transit_gateway_attachment_id"] = None
         __props__.__dict__["transit_gateway_id"] = None
         __props__.__dict__["vpc_id"] = None
         return Firewall(resource_name, opts=opts, __props__=__props__)
@@ -525,6 +527,14 @@ class Firewall(pulumi.CustomResource):
         """
         return pulumi.get(self, "tags")
 
+    @_builtins.property
+    @pulumi.getter(name="transitGatewayAttachmentId")
+    def transit_gateway_attachment_id(self) -> pulumi.Output[_builtins.str]:
+        """
+        The unique identifier of the transit gateway attachment associated with this firewall. This field is only present for transit gateway-attached firewalls.
+        """
+        return pulumi.get(self, "transit_gateway_attachment_id")
+
     @_builtins.property
     @pulumi.getter(name="transitGatewayId")
     def transit_gateway_id(self) -> pulumi.Output[Optional[_builtins.str]]:

pulumi_aws_native/networkfirewall/get_firewall.py

@@ -26,7 +26,7 @@ __all__ = [
 
 @pulumi.output_type
 class GetFirewallResult:
-    def __init__(__self__, availability_zone_change_protection=None, availability_zone_mappings=None, delete_protection=None, description=None, enabled_analysis_types=None, endpoint_ids=None, firewall_arn=None, firewall_id=None, firewall_policy_arn=None, firewall_policy_change_protection=None, subnet_change_protection=None, subnet_mappings=None, tags=None, transit_gateway_id=None):
+    def __init__(__self__, availability_zone_change_protection=None, availability_zone_mappings=None, delete_protection=None, description=None, enabled_analysis_types=None, endpoint_ids=None, firewall_arn=None, firewall_id=None, firewall_policy_arn=None, firewall_policy_change_protection=None, subnet_change_protection=None, subnet_mappings=None, tags=None, transit_gateway_attachment_id=None, transit_gateway_id=None):
         if availability_zone_change_protection and not isinstance(availability_zone_change_protection, bool):
             raise TypeError("Expected argument 'availability_zone_change_protection' to be a bool")
         pulumi.set(__self__, "availability_zone_change_protection", availability_zone_change_protection)
@@ -66,6 +66,9 @@ class GetFirewallResult:
         if tags and not isinstance(tags, list):
             raise TypeError("Expected argument 'tags' to be a list")
         pulumi.set(__self__, "tags", tags)
+        if transit_gateway_attachment_id and not isinstance(transit_gateway_attachment_id, str):
+            raise TypeError("Expected argument 'transit_gateway_attachment_id' to be a str")
+        pulumi.set(__self__, "transit_gateway_attachment_id", transit_gateway_attachment_id)
         if transit_gateway_id and not isinstance(transit_gateway_id, str):
             raise TypeError("Expected argument 'transit_gateway_id' to be a str")
         pulumi.set(__self__, "transit_gateway_id", transit_gateway_id)
@@ -182,6 +185,14 @@ class GetFirewallResult:
         """
         return pulumi.get(self, "tags")
 
+    @_builtins.property
+    @pulumi.getter(name="transitGatewayAttachmentId")
+    def transit_gateway_attachment_id(self) -> Optional[_builtins.str]:
+        """
+        The unique identifier of the transit gateway attachment associated with this firewall. This field is only present for transit gateway-attached firewalls.
+        """
+        return pulumi.get(self, "transit_gateway_attachment_id")
+
     @_builtins.property
     @pulumi.getter(name="transitGatewayId")
     def transit_gateway_id(self) -> Optional[_builtins.str]:
@@ -210,6 +221,7 @@ class AwaitableGetFirewallResult(GetFirewallResult):
             subnet_change_protection=self.subnet_change_protection,
             subnet_mappings=self.subnet_mappings,
             tags=self.tags,
+            transit_gateway_attachment_id=self.transit_gateway_attachment_id,
             transit_gateway_id=self.transit_gateway_id)
 
 
@@ -240,6 +252,7 @@ def get_firewall(firewall_arn: Optional[_builtins.str] = None,
         subnet_change_protection=pulumi.get(__ret__, 'subnet_change_protection'),
         subnet_mappings=pulumi.get(__ret__, 'subnet_mappings'),
         tags=pulumi.get(__ret__, 'tags'),
+        transit_gateway_attachment_id=pulumi.get(__ret__, 'transit_gateway_attachment_id'),
         transit_gateway_id=pulumi.get(__ret__, 'transit_gateway_id'))
 def get_firewall_output(firewall_arn: Optional[pulumi.Input[_builtins.str]] = None,
                         opts: Optional[Union[pulumi.InvokeOptions, pulumi.InvokeOutputOptions]] = None) -> pulumi.Output[GetFirewallResult]:
@@ -267,4 +280,5 @@ def get_firewall_output(firewall_arn: Optional[pulumi.Input[_builtins.str]] = No
         subnet_change_protection=pulumi.get(__response__, 'subnet_change_protection'),
         subnet_mappings=pulumi.get(__response__, 'subnet_mappings'),
         tags=pulumi.get(__response__, 'tags'),
+        transit_gateway_attachment_id=pulumi.get(__response__, 'transit_gateway_attachment_id'),
         transit_gateway_id=pulumi.get(__response__, 'transit_gateway_id')))

pulumi_aws_native/networkfirewall/outputs.py

@@ -111,6 +111,8 @@ class FirewallPolicy(dict):
             suggest = "stateless_default_actions"
         elif key == "statelessFragmentDefaultActions":
             suggest = "stateless_fragment_default_actions"
+        elif key == "enableTlsSessionHolding":
+            suggest = "enable_tls_session_holding"
         elif key == "policyVariables":
             suggest = "policy_variables"
         elif key == "statefulDefaultActions":
@@ -140,6 +142,7 @@ class FirewallPolicy(dict):
     def __init__(__self__, *,
                  stateless_default_actions: Sequence[_builtins.str],
                  stateless_fragment_default_actions: Sequence[_builtins.str],
+                 enable_tls_session_holding: Optional[_builtins.bool] = None,
                  policy_variables: Optional['outputs.FirewallPolicyPolicyVariablesProperties'] = None,
                  stateful_default_actions: Optional[Sequence[_builtins.str]] = None,
                  stateful_engine_options: Optional['outputs.FirewallPolicyStatefulEngineOptions'] = None,
@@ -158,6 +161,7 @@ class FirewallPolicy(dict):
                You must specify one of the standard actions: `aws:pass` , `aws:drop` , or `aws:forward_to_sfe` . In addition, you can specify custom actions that are compatible with your standard section choice.
                
                For example, you could specify `["aws:pass"]` or you could specify `["aws:pass", "customActionName"]` . For information about compatibility, see the custom action descriptions.
+        :param _builtins.bool enable_tls_session_holding: When true, prevents TCP and TLS packets from reaching destination servers until TLS Inspection has evaluated Server Name Indication (SNI) rules. Requires an associated TLS Inspection configuration.
         :param 'FirewallPolicyPolicyVariablesProperties' policy_variables: Contains variables that you can use to override default Suricata settings in your firewall policy.
         :param Sequence[_builtins.str] stateful_default_actions: The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is optional, and is only valid when using the strict rule order.
                
@@ -177,6 +181,8 @@ class FirewallPolicy(dict):
         """
         pulumi.set(__self__, "stateless_default_actions", stateless_default_actions)
         pulumi.set(__self__, "stateless_fragment_default_actions", stateless_fragment_default_actions)
+        if enable_tls_session_holding is not None:
+            pulumi.set(__self__, "enable_tls_session_holding", enable_tls_session_holding)
         if policy_variables is not None:
             pulumi.set(__self__, "policy_variables", policy_variables)
         if stateful_default_actions is not None:
@@ -216,6 +222,14 @@ class FirewallPolicy(dict):
         """
         return pulumi.get(self, "stateless_fragment_default_actions")
 
+    @_builtins.property
+    @pulumi.getter(name="enableTlsSessionHolding")
+    def enable_tls_session_holding(self) -> Optional[_builtins.bool]:
+        """
+        When true, prevents TCP and TLS packets from reaching destination servers until TLS Inspection has evaluated Server Name Indication (SNI) rules. Requires an associated TLS Inspection configuration.
+        """
+        return pulumi.get(self, "enable_tls_session_holding")
+
     @_builtins.property
     @pulumi.getter(name="policyVariables")
     def policy_variables(self) -> Optional['outputs.FirewallPolicyPolicyVariablesProperties']:

pulumi_aws_native/observabilityadmin/_enums.py

@@ -21,18 +21,27 @@ __all__ = [
 
 @pulumi.type_token("aws-native:observabilityadmin:OrganizationCentralizationRuleLogsEncryptionConfigurationEncryptionConflictResolutionStrategy")
 class OrganizationCentralizationRuleLogsEncryptionConfigurationEncryptionConflictResolutionStrategy(_builtins.str, Enum):
+    """
+    Conflict resolution strategy for centralization if the encryption strategy is set to CUSTOMER_MANAGED and the destination log group is encrypted with an AWS_OWNED KMS Key. ALLOW lets centralization go through while SKIP prevents centralization into the destination log group.
+    """
     ALLOW = "ALLOW"
     SKIP = "SKIP"
 
 
 @pulumi.type_token("aws-native:observabilityadmin:OrganizationCentralizationRuleLogsEncryptionConfigurationEncryptionStrategy")
 class OrganizationCentralizationRuleLogsEncryptionConfigurationEncryptionStrategy(_builtins.str, Enum):
+    """
+    Configuration that determines the encryption strategy of the destination log groups. CUSTOMER_MANAGED uses the configured KmsKeyArn to encrypt newly created destination log groups.
+    """
     CUSTOMER_MANAGED = "CUSTOMER_MANAGED"
     AWS_OWNED = "AWS_OWNED"
 
 
 @pulumi.type_token("aws-native:observabilityadmin:OrganizationCentralizationRuleSourceLogsConfigurationEncryptedLogGroupStrategy")
 class OrganizationCentralizationRuleSourceLogsConfigurationEncryptedLogGroupStrategy(_builtins.str, Enum):
+    """
+    A strategy determining whether to centralize source log groups that are encrypted with customer managed KMS keys (CMK). ALLOW will consider CMK encrypted source log groups for centralization while SKIP will skip CMK encrypted source log groups from centralization.
+    """
     ALLOW = "ALLOW"
     SKIP = "SKIP"