Class: Aws::NetworkFirewall::Client
- Inherits:
-
Seahorse::Client::Base
- Object
- Seahorse::Client::Base
- Aws::NetworkFirewall::Client
- Includes:
- ClientStubs
- Defined in:
- gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb
Overview
An API client for NetworkFirewall. To construct a client, you need to configure a :region and :credentials.
client = Aws::NetworkFirewall::Client.new(
region: region_name,
credentials: credentials,
# ...
)
For details on configuring region and credentials see the developer guide.
See #initialize for a full list of supported configuration options.
Instance Attribute Summary
Attributes inherited from Seahorse::Client::Base
API Operations collapse
-
#accept_network_firewall_transit_gateway_attachment(params = {}) ⇒ Types::AcceptNetworkFirewallTransitGatewayAttachmentResponse
Accepts a transit gateway attachment request for Network Firewall.
-
#associate_availability_zones(params = {}) ⇒ Types::AssociateAvailabilityZonesResponse
Associates the specified Availability Zones with a transit gateway-attached firewall.
-
#associate_firewall_policy(params = {}) ⇒ Types::AssociateFirewallPolicyResponse
Associates a FirewallPolicy to a Firewall.
-
#associate_subnets(params = {}) ⇒ Types::AssociateSubnetsResponse
Associates the specified subnets in the Amazon VPC to the firewall.
-
#attach_rule_groups_to_proxy_configuration(params = {}) ⇒ Types::AttachRuleGroupsToProxyConfigurationResponse
Attaches ProxyRuleGroup resources to a ProxyConfiguration.
-
#create_container_association(params = {}) ⇒ Types::CreateContainerAssociationResponse
Creates a container association for Network Firewall.
-
#create_firewall(params = {}) ⇒ Types::CreateFirewallResponse
Creates an Network Firewall Firewall and accompanying FirewallStatus for a VPC.
-
#create_firewall_policy(params = {}) ⇒ Types::CreateFirewallPolicyResponse
Creates the firewall policy for the firewall according to the specifications.
-
#create_proxy(params = {}) ⇒ Types::CreateProxyResponse
Creates an Network Firewall Proxy.
-
#create_proxy_configuration(params = {}) ⇒ Types::CreateProxyConfigurationResponse
Creates an Network Firewall ProxyConfiguration.
-
#create_proxy_rule_group(params = {}) ⇒ Types::CreateProxyRuleGroupResponse
Creates an Network Firewall ProxyRuleGroup.
-
#create_proxy_rules(params = {}) ⇒ Types::CreateProxyRulesResponse
Creates Network Firewall ProxyRule resources.
-
#create_rule_group(params = {}) ⇒ Types::CreateRuleGroupResponse
Creates the specified stateless or stateful rule group, which includes the rules for network traffic inspection, a capacity setting, and tags.
-
#create_tls_inspection_configuration(params = {}) ⇒ Types::CreateTLSInspectionConfigurationResponse
Creates an Network Firewall TLS inspection configuration.
-
#create_vpc_endpoint_association(params = {}) ⇒ Types::CreateVpcEndpointAssociationResponse
Creates a firewall endpoint for an Network Firewall firewall.
-
#delete_container_association(params = {}) ⇒ Types::DeleteContainerAssociationResponse
Deletes the specified container association.
-
#delete_firewall(params = {}) ⇒ Types::DeleteFirewallResponse
Deletes the specified Firewall and its FirewallStatus.
-
#delete_firewall_policy(params = {}) ⇒ Types::DeleteFirewallPolicyResponse
Deletes the specified FirewallPolicy.
-
#delete_network_firewall_transit_gateway_attachment(params = {}) ⇒ Types::DeleteNetworkFirewallTransitGatewayAttachmentResponse
Deletes a transit gateway attachment from a Network Firewall.
-
#delete_proxy(params = {}) ⇒ Types::DeleteProxyResponse
Deletes the specified Proxy.
-
#delete_proxy_configuration(params = {}) ⇒ Types::DeleteProxyConfigurationResponse
Deletes the specified ProxyConfiguration.
-
#delete_proxy_rule_group(params = {}) ⇒ Types::DeleteProxyRuleGroupResponse
Deletes the specified ProxyRuleGroup.
-
#delete_proxy_rules(params = {}) ⇒ Types::DeleteProxyRulesResponse
Deletes the specified ProxyRule(s).
-
#delete_resource_policy(params = {}) ⇒ Struct
Deletes a resource policy that you created in a PutResourcePolicy request.
-
#delete_rule_group(params = {}) ⇒ Types::DeleteRuleGroupResponse
Deletes the specified RuleGroup.
-
#delete_tls_inspection_configuration(params = {}) ⇒ Types::DeleteTLSInspectionConfigurationResponse
Deletes the specified TLSInspectionConfiguration.
-
#delete_vpc_endpoint_association(params = {}) ⇒ Types::DeleteVpcEndpointAssociationResponse
Deletes the specified VpcEndpointAssociation.
-
#describe_container_association(params = {}) ⇒ Types::DescribeContainerAssociationResponse
Returns the properties of a container association.
-
#describe_firewall(params = {}) ⇒ Types::DescribeFirewallResponse
Returns the data objects for the specified firewall.
-
#describe_firewall_metadata(params = {}) ⇒ Types::DescribeFirewallMetadataResponse
Returns the high-level information about a firewall, including the Availability Zones where the Firewall is currently in use.
-
#describe_firewall_policy(params = {}) ⇒ Types::DescribeFirewallPolicyResponse
Returns the data objects for the specified firewall policy.
-
#describe_flow_operation(params = {}) ⇒ Types::DescribeFlowOperationResponse
Returns key information about a specific flow operation.
-
#describe_logging_configuration(params = {}) ⇒ Types::DescribeLoggingConfigurationResponse
Returns the logging configuration for the specified firewall.
-
#describe_proxy(params = {}) ⇒ Types::DescribeProxyResponse
Returns the data objects for the specified proxy.
-
#describe_proxy_configuration(params = {}) ⇒ Types::DescribeProxyConfigurationResponse
Returns the data objects for the specified proxy configuration.
-
#describe_proxy_rule(params = {}) ⇒ Types::DescribeProxyRuleResponse
Returns the data objects for the specified proxy configuration for the specified proxy rule group.
-
#describe_proxy_rule_group(params = {}) ⇒ Types::DescribeProxyRuleGroupResponse
Returns the data objects for the specified proxy rule group.
-
#describe_resource_policy(params = {}) ⇒ Types::DescribeResourcePolicyResponse
Retrieves a resource policy that you created in a PutResourcePolicy request.
-
#describe_rule_group(params = {}) ⇒ Types::DescribeRuleGroupResponse
Returns the data objects for the specified rule group.
-
#describe_rule_group_metadata(params = {}) ⇒ Types::DescribeRuleGroupMetadataResponse
High-level information about a rule group, returned by operations like create and describe.
-
#describe_rule_group_summary(params = {}) ⇒ Types::DescribeRuleGroupSummaryResponse
Returns detailed information for a stateful rule group.
-
#describe_tls_inspection_configuration(params = {}) ⇒ Types::DescribeTLSInspectionConfigurationResponse
Returns the data objects for the specified TLS inspection configuration.
-
#describe_vpc_endpoint_association(params = {}) ⇒ Types::DescribeVpcEndpointAssociationResponse
Returns the data object for the specified VPC endpoint association.
-
#detach_rule_groups_from_proxy_configuration(params = {}) ⇒ Types::DetachRuleGroupsFromProxyConfigurationResponse
Detaches ProxyRuleGroup resources from a ProxyConfiguration.
-
#disassociate_availability_zones(params = {}) ⇒ Types::DisassociateAvailabilityZonesResponse
Removes the specified Availability Zone associations from a transit gateway-attached firewall.
-
#disassociate_subnets(params = {}) ⇒ Types::DisassociateSubnetsResponse
Removes the specified subnet associations from the firewall.
-
#get_analysis_report_results(params = {}) ⇒ Types::GetAnalysisReportResultsResponse
The results of a
COMPLETEDanalysis report generated with StartAnalysisReport. -
#list_analysis_reports(params = {}) ⇒ Types::ListAnalysisReportsResponse
Returns a list of all traffic analysis reports generated within the last 30 days.
-
#list_container_associations(params = {}) ⇒ Types::ListContainerAssociationsResponse
Retrieves the metadata for the container associations that you have defined.
-
#list_firewall_policies(params = {}) ⇒ Types::ListFirewallPoliciesResponse
Retrieves the metadata for the firewall policies that you have defined.
-
#list_firewalls(params = {}) ⇒ Types::ListFirewallsResponse
Retrieves the metadata for the firewalls that you have defined.
-
#list_flow_operation_results(params = {}) ⇒ Types::ListFlowOperationResultsResponse
Returns the results of a specific flow operation.
-
#list_flow_operations(params = {}) ⇒ Types::ListFlowOperationsResponse
Returns a list of all flow operations ran in a specific firewall.
-
#list_proxies(params = {}) ⇒ Types::ListProxiesResponse
Retrieves the metadata for the proxies that you have defined.
-
#list_proxy_configurations(params = {}) ⇒ Types::ListProxyConfigurationsResponse
Retrieves the metadata for the proxy configuration that you have defined.
-
#list_proxy_rule_groups(params = {}) ⇒ Types::ListProxyRuleGroupsResponse
Retrieves the metadata for the proxy rule groups that you have defined.
-
#list_rule_groups(params = {}) ⇒ Types::ListRuleGroupsResponse
Retrieves the metadata for the rule groups that you have defined.
-
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Retrieves the tags associated with the specified resource.
-
#list_tls_inspection_configurations(params = {}) ⇒ Types::ListTLSInspectionConfigurationsResponse
Retrieves the metadata for the TLS inspection configurations that you have defined.
-
#list_vpc_endpoint_associations(params = {}) ⇒ Types::ListVpcEndpointAssociationsResponse
Retrieves the metadata for the VPC endpoint associations that you have defined.
-
#put_resource_policy(params = {}) ⇒ Struct
Creates or updates an IAM policy for your rule group, firewall policy, or firewall.
-
#reject_network_firewall_transit_gateway_attachment(params = {}) ⇒ Types::RejectNetworkFirewallTransitGatewayAttachmentResponse
Rejects a transit gateway attachment request for Network Firewall.
-
#start_analysis_report(params = {}) ⇒ Types::StartAnalysisReportResponse
Generates a traffic analysis report for the timeframe and traffic type you specify.
-
#start_flow_capture(params = {}) ⇒ Types::StartFlowCaptureResponse
Begins capturing the flows in a firewall, according to the filters you define.
-
#start_flow_flush(params = {}) ⇒ Types::StartFlowFlushResponse
Begins the flushing of traffic from the firewall, according to the filters you define.
-
#tag_resource(params = {}) ⇒ Struct
Adds the specified tags to the specified resource.
-
#untag_resource(params = {}) ⇒ Struct
Removes the tags with the specified keys from the specified resource.
-
#update_availability_zone_change_protection(params = {}) ⇒ Types::UpdateAvailabilityZoneChangeProtectionResponse
Modifies the
AvailabilityZoneChangeProtectionsetting for a transit gateway-attached firewall. -
#update_container_association(params = {}) ⇒ Types::UpdateContainerAssociationResponse
Updates the properties of an existing container association.
-
#update_firewall_analysis_settings(params = {}) ⇒ Types::UpdateFirewallAnalysisSettingsResponse
Enables specific types of firewall analysis on a specific firewall you define.
-
#update_firewall_delete_protection(params = {}) ⇒ Types::UpdateFirewallDeleteProtectionResponse
Modifies the flag,
DeleteProtection, which indicates whether it is possible to delete the firewall. -
#update_firewall_description(params = {}) ⇒ Types::UpdateFirewallDescriptionResponse
Modifies the description for the specified firewall.
-
#update_firewall_encryption_configuration(params = {}) ⇒ Types::UpdateFirewallEncryptionConfigurationResponse
A complex type that contains settings for encryption of your firewall resources.
-
#update_firewall_policy(params = {}) ⇒ Types::UpdateFirewallPolicyResponse
Updates the properties of the specified firewall policy.
-
#update_firewall_policy_change_protection(params = {}) ⇒ Types::UpdateFirewallPolicyChangeProtectionResponse
Modifies the flag,
ChangeProtection, which indicates whether it is possible to change the firewall. -
#update_logging_configuration(params = {}) ⇒ Types::UpdateLoggingConfigurationResponse
Sets the logging configuration for the specified firewall.
-
#update_proxy(params = {}) ⇒ Types::UpdateProxyResponse
Updates the properties of the specified proxy.
-
#update_proxy_configuration(params = {}) ⇒ Types::UpdateProxyConfigurationResponse
Updates the properties of the specified proxy configuration.
-
#update_proxy_rule(params = {}) ⇒ Types::UpdateProxyRuleResponse
Updates the properties of the specified proxy rule.
-
#update_proxy_rule_group_priorities(params = {}) ⇒ Types::UpdateProxyRuleGroupPrioritiesResponse
Updates proxy rule group priorities within a proxy configuration.
-
#update_proxy_rule_priorities(params = {}) ⇒ Types::UpdateProxyRulePrioritiesResponse
Updates proxy rule priorities within a proxy rule group.
-
#update_rule_group(params = {}) ⇒ Types::UpdateRuleGroupResponse
Updates the rule settings for the specified rule group.
-
#update_subnet_change_protection(params = {}) ⇒ Types::UpdateSubnetChangeProtectionResponse
Returns a response object which responds to the following methods:.
-
#update_tls_inspection_configuration(params = {}) ⇒ Types::UpdateTLSInspectionConfigurationResponse
Updates the TLS inspection configuration settings for the specified TLS inspection configuration.
Instance Method Summary collapse
-
#initialize(options) ⇒ Client
constructor
A new instance of Client.
Methods included from ClientStubs
#api_requests, #stub_data, #stub_responses
Methods inherited from Seahorse::Client::Base
add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins
Methods included from Seahorse::Client::HandlerBuilder
#handle, #handle_request, #handle_response
Constructor Details
#initialize(options) ⇒ Client
Returns a new instance of Client.
478 479 480 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 478 def initialize(*args) super end |
Instance Method Details
#accept_network_firewall_transit_gateway_attachment(params = {}) ⇒ Types::AcceptNetworkFirewallTransitGatewayAttachmentResponse
Accepts a transit gateway attachment request for Network Firewall. When you accept the attachment request, Network Firewall creates the necessary routing components to enable traffic flow between the transit gateway and firewall endpoints.
You must accept a transit gateway attachment to complete the creation of a transit gateway-attached firewall, unless auto-accept is enabled on the transit gateway. After acceptance, use DescribeFirewall to verify the firewall status.
To reject an attachment instead of accepting it, use RejectNetworkFirewallTransitGatewayAttachment.
527 528 529 530 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 527 def (params = {}, = {}) req = build_request(:accept_network_firewall_transit_gateway_attachment, params) req.send_request() end |
#associate_availability_zones(params = {}) ⇒ Types::AssociateAvailabilityZonesResponse
Associates the specified Availability Zones with a transit gateway-attached firewall. For each Availability Zone, Network Firewall creates a firewall endpoint to process traffic. You can specify one or more Availability Zones where you want to deploy the firewall.
After adding Availability Zones, you must update your transit gateway route tables to direct traffic through the new firewall endpoints. Use DescribeFirewall to monitor the status of the new endpoints.
608 609 610 611 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 608 def associate_availability_zones(params = {}, = {}) req = build_request(:associate_availability_zones, params) req.send_request() end |
#associate_firewall_policy(params = {}) ⇒ Types::AssociateFirewallPolicyResponse
Associates a FirewallPolicy to a Firewall.
A firewall policy defines how to monitor and manage your VPC network traffic, using a collection of inspection rule groups and other settings. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls.
680 681 682 683 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 680 def associate_firewall_policy(params = {}, = {}) req = build_request(:associate_firewall_policy, params) req.send_request() end |
#associate_subnets(params = {}) ⇒ Types::AssociateSubnetsResponse
Associates the specified subnets in the Amazon VPC to the firewall. You can specify one subnet for each of the Availability Zones that the VPC spans.
This request creates an Network Firewall firewall endpoint in each of the subnets. To enable the firewall's protections, you must also modify the VPC's route tables for each subnet's Availability Zone, to redirect the traffic that's coming into and going out of the zone through the firewall endpoint.
762 763 764 765 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 762 def associate_subnets(params = {}, = {}) req = build_request(:associate_subnets, params) req.send_request() end |
#attach_rule_groups_to_proxy_configuration(params = {}) ⇒ Types::AttachRuleGroupsToProxyConfigurationResponse
Attaches ProxyRuleGroup resources to a ProxyConfiguration
A Proxy Configuration defines the monitoring and protection behavior for a Proxy. The details of the behavior are defined in the rule groups that you add to your configuration.
844 845 846 847 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 844 def attach_rule_groups_to_proxy_configuration(params = {}, = {}) req = build_request(:attach_rule_groups_to_proxy_configuration, params) req.send_request() end |
#create_container_association(params = {}) ⇒ Types::CreateContainerAssociationResponse
Creates a container association for Network Firewall. A container association links container clusters (ECS or EKS) to Network Firewall, enabling dynamic IP resolution for firewall rules based on container attributes.
To manage a container association's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.
To retrieve information about container associations, use ListContainerAssociations and DescribeContainerAssociation.
937 938 939 940 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 937 def create_container_association(params = {}, = {}) req = build_request(:create_container_association, params) req.send_request() end |
#create_firewall(params = {}) ⇒ Types::CreateFirewallResponse
Creates an Network Firewall Firewall and accompanying FirewallStatus for a VPC.
The firewall defines the configuration settings for an Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource.
After you create a firewall, you can provide additional settings, like the logging configuration.
To update the settings for a firewall, you use the operations that apply to the settings themselves, for example UpdateLoggingConfiguration, AssociateSubnets, and UpdateFirewallDeleteProtection.
To manage a firewall's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.
To retrieve information about firewalls, use ListFirewalls and DescribeFirewall.
To generate a report on the last 30 days of traffic monitored by a firewall, use StartAnalysisReport.
1153 1154 1155 1156 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 1153 def create_firewall(params = {}, = {}) req = build_request(:create_firewall, params) req.send_request() end |
#create_firewall_policy(params = {}) ⇒ Types::CreateFirewallPolicyResponse
Creates the firewall policy for the firewall according to the specifications.
An Network Firewall firewall policy defines the behavior of a firewall, in a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls.
1295 1296 1297 1298 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 1295 def create_firewall_policy(params = {}, = {}) req = build_request(:create_firewall_policy, params) req.send_request() end |
#create_proxy(params = {}) ⇒ Types::CreateProxyResponse
Creates an Network Firewall Proxy
Attaches a Proxy configuration to a NAT Gateway.
To manage a proxy's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.
To retrieve information about proxies, use ListProxies and DescribeProxy.
1396 1397 1398 1399 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 1396 def create_proxy(params = {}, = {}) req = build_request(:create_proxy, params) req.send_request() end |
#create_proxy_configuration(params = {}) ⇒ Types::CreateProxyConfigurationResponse
Creates an Network Firewall ProxyConfiguration
A Proxy Configuration defines the monitoring and protection behavior for a Proxy. The details of the behavior are defined in the rule groups that you add to your configuration.
To manage a proxy configuration's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.
To retrieve information about proxies, use ListProxyConfigurations and DescribeProxyConfiguration.
1487 1488 1489 1490 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 1487 def create_proxy_configuration(params = {}, = {}) req = build_request(:create_proxy_configuration, params) req.send_request() end |
#create_proxy_rule_group(params = {}) ⇒ Types::CreateProxyRuleGroupResponse
Creates an Network Firewall ProxyRuleGroup
Collections of related proxy filtering rules. Rule groups help you manage and reuse sets of rules across multiple proxy configurations.
To manage a proxy rule group's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.
To retrieve information about proxy rule groups, use ListProxyRuleGroups and DescribeProxyRuleGroup.
To retrieve information about individual proxy rules, use DescribeProxyRuleGroup and DescribeProxyRule.
1627 1628 1629 1630 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 1627 def create_proxy_rule_group(params = {}, = {}) req = build_request(:create_proxy_rule_group, params) req.send_request() end |
#create_proxy_rules(params = {}) ⇒ Types::CreateProxyRulesResponse
Creates Network Firewall ProxyRule resources.
Attaches new proxy rule(s) to an existing proxy rule group.
To retrieve information about individual proxy rules, use DescribeProxyRuleGroup and DescribeProxyRule.
1757 1758 1759 1760 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 1757 def create_proxy_rules(params = {}, = {}) req = build_request(:create_proxy_rules, params) req.send_request() end |
#create_rule_group(params = {}) ⇒ Types::CreateRuleGroupResponse
Creates the specified stateless or stateful rule group, which includes the rules for network traffic inspection, a capacity setting, and tags.
You provide your rule group specification in your request using either
RuleGroup or Rules.
2070 2071 2072 2073 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2070 def create_rule_group(params = {}, = {}) req = build_request(:create_rule_group, params) req.send_request() end |
#create_tls_inspection_configuration(params = {}) ⇒ Types::CreateTLSInspectionConfigurationResponse
Creates an Network Firewall TLS inspection configuration. Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using ACM, create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall.
To update the settings for a TLS inspection configuration, use UpdateTLSInspectionConfiguration.
To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.
To retrieve information about TLS inspection configurations, use ListTLSInspectionConfigurations and DescribeTLSInspectionConfiguration.
For more information about TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
2248 2249 2250 2251 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2248 def create_tls_inspection_configuration(params = {}, = {}) req = build_request(:create_tls_inspection_configuration, params) req.send_request() end |
#create_vpc_endpoint_association(params = {}) ⇒ Types::CreateVpcEndpointAssociationResponse
Creates a firewall endpoint for an Network Firewall firewall. This
type of firewall endpoint is independent of the firewall endpoints
that you specify in the Firewall itself, and you define it in
addition to those endpoints after the firewall has been created. You
can define a VPC endpoint association using a different VPC than the
one you used in the firewall specifications.
2326 2327 2328 2329 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2326 def create_vpc_endpoint_association(params = {}, = {}) req = build_request(:create_vpc_endpoint_association, params) req.send_request() end |
#delete_container_association(params = {}) ⇒ Types::DeleteContainerAssociationResponse
Deletes the specified container association. When you delete a container association, Network Firewall stops monitoring the associated container clusters and removes the resolved IP addresses from firewall rules.
2367 2368 2369 2370 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2367 def delete_container_association(params = {}, = {}) req = build_request(:delete_container_association, params) req.send_request() end |
#delete_firewall(params = {}) ⇒ Types::DeleteFirewallResponse
Deletes the specified Firewall and its FirewallStatus. This operation
requires the firewall's DeleteProtection flag to be FALSE. You
can't revert this operation.
You can check whether a firewall is in use by reviewing the route tables for the Availability Zones where you have firewall subnet mappings. Retrieve the subnet mappings by calling DescribeFirewall. You define and update the route tables through Amazon VPC. As needed, update the route tables for the zones to remove the firewall endpoints. When the route tables no longer use the firewall endpoints, you can remove the firewall safely.
To delete a firewall, remove the delete protection if you need to using UpdateFirewallDeleteProtection, then delete the firewall by calling DeleteFirewall.
2460 2461 2462 2463 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2460 def delete_firewall(params = {}, = {}) req = build_request(:delete_firewall, params) req.send_request() end |
#delete_firewall_policy(params = {}) ⇒ Types::DeleteFirewallPolicyResponse
Deletes the specified FirewallPolicy.
2511 2512 2513 2514 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2511 def delete_firewall_policy(params = {}, = {}) req = build_request(:delete_firewall_policy, params) req.send_request() end |
#delete_network_firewall_transit_gateway_attachment(params = {}) ⇒ Types::DeleteNetworkFirewallTransitGatewayAttachmentResponse
Deletes a transit gateway attachment from a Network Firewall. Either the firewall owner or the transit gateway owner can delete the attachment.
After you delete a transit gateway attachment, traffic will no longer flow through the firewall endpoints.
After you initiate the delete operation, use DescribeFirewall to monitor the deletion status.
2550 2551 2552 2553 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2550 def (params = {}, = {}) req = build_request(:delete_network_firewall_transit_gateway_attachment, params) req.send_request() end |
#delete_proxy(params = {}) ⇒ Types::DeleteProxyResponse
Deletes the specified Proxy.
Detaches a Proxy configuration from a NAT Gateway.
2597 2598 2599 2600 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2597 def delete_proxy(params = {}, = {}) req = build_request(:delete_proxy, params) req.send_request() end |
#delete_proxy_configuration(params = {}) ⇒ Types::DeleteProxyConfigurationResponse
Deletes the specified ProxyConfiguration.
2636 2637 2638 2639 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2636 def delete_proxy_configuration(params = {}, = {}) req = build_request(:delete_proxy_configuration, params) req.send_request() end |
#delete_proxy_rule_group(params = {}) ⇒ Types::DeleteProxyRuleGroupResponse
Deletes the specified ProxyRuleGroup.
2675 2676 2677 2678 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2675 def delete_proxy_rule_group(params = {}, = {}) req = build_request(:delete_proxy_rule_group, params) req.send_request() end |
#delete_proxy_rules(params = {}) ⇒ Types::DeleteProxyRulesResponse
Deletes the specified ProxyRule(s). currently attached to a ProxyRuleGroup
2751 2752 2753 2754 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2751 def delete_proxy_rules(params = {}, = {}) req = build_request(:delete_proxy_rules, params) req.send_request() end |
#delete_resource_policy(params = {}) ⇒ Struct
Deletes a resource policy that you created in a PutResourcePolicy request.
2775 2776 2777 2778 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2775 def delete_resource_policy(params = {}, = {}) req = build_request(:delete_resource_policy, params) req.send_request() end |
#delete_rule_group(params = {}) ⇒ Types::DeleteRuleGroupResponse
Deletes the specified RuleGroup.
2847 2848 2849 2850 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2847 def delete_rule_group(params = {}, = {}) req = build_request(:delete_rule_group, params) req.send_request() end |
#delete_tls_inspection_configuration(params = {}) ⇒ Types::DeleteTLSInspectionConfigurationResponse
Deletes the specified TLSInspectionConfiguration.
2904 2905 2906 2907 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2904 def delete_tls_inspection_configuration(params = {}, = {}) req = build_request(:delete_tls_inspection_configuration, params) req.send_request() end |
#delete_vpc_endpoint_association(params = {}) ⇒ Types::DeleteVpcEndpointAssociationResponse
Deletes the specified VpcEndpointAssociation.
You can check whether an endpoint association is in use by reviewing the route tables for the Availability Zones where you have the endpoint subnet mapping. You can retrieve the subnet mapping by calling DescribeVpcEndpointAssociation. You define and update the route tables through Amazon VPC. As needed, update the route tables for the Availability Zone to remove the firewall endpoint for the association. When the route tables no longer use the firewall endpoint, you can remove the endpoint association safely.
2957 2958 2959 2960 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 2957 def delete_vpc_endpoint_association(params = {}, = {}) req = build_request(:delete_vpc_endpoint_association, params) req.send_request() end |
#describe_container_association(params = {}) ⇒ Types::DescribeContainerAssociationResponse
Returns the properties of a container association.
3015 3016 3017 3018 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3015 def describe_container_association(params = {}, = {}) req = build_request(:describe_container_association, params) req.send_request() end |
#describe_firewall(params = {}) ⇒ Types::DescribeFirewallResponse
Returns the data objects for the specified firewall.
3096 3097 3098 3099 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3096 def describe_firewall(params = {}, = {}) req = build_request(:describe_firewall, params) req.send_request() end |
#describe_firewall_metadata(params = {}) ⇒ Types::DescribeFirewallMetadataResponse
Returns the high-level information about a firewall, including the Availability Zones where the Firewall is currently in use.
3136 3137 3138 3139 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3136 def (params = {}, = {}) req = build_request(:describe_firewall_metadata, params) req.send_request() end |
#describe_firewall_policy(params = {}) ⇒ Types::DescribeFirewallPolicyResponse
Returns the data objects for the specified firewall policy.
3216 3217 3218 3219 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3216 def describe_firewall_policy(params = {}, = {}) req = build_request(:describe_firewall_policy, params) req.send_request() end |
#describe_flow_operation(params = {}) ⇒ Types::DescribeFlowOperationResponse
Returns key information about a specific flow operation.
3292 3293 3294 3295 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3292 def describe_flow_operation(params = {}, = {}) req = build_request(:describe_flow_operation, params) req.send_request() end |
#describe_logging_configuration(params = {}) ⇒ Types::DescribeLoggingConfigurationResponse
Returns the logging configuration for the specified firewall.
3337 3338 3339 3340 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3337 def describe_logging_configuration(params = {}, = {}) req = build_request(:describe_logging_configuration, params) req.send_request() end |
#describe_proxy(params = {}) ⇒ Types::DescribeProxyResponse
Returns the data objects for the specified proxy.
3397 3398 3399 3400 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3397 def describe_proxy(params = {}, = {}) req = build_request(:describe_proxy, params) req.send_request() end |
#describe_proxy_configuration(params = {}) ⇒ Types::DescribeProxyConfigurationResponse
Returns the data objects for the specified proxy configuration.
3451 3452 3453 3454 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3451 def describe_proxy_configuration(params = {}, = {}) req = build_request(:describe_proxy_configuration, params) req.send_request() end |
#describe_proxy_rule(params = {}) ⇒ Types::DescribeProxyRuleResponse
Returns the data objects for the specified proxy configuration for the specified proxy rule group.
3503 3504 3505 3506 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3503 def describe_proxy_rule(params = {}, = {}) req = build_request(:describe_proxy_rule, params) req.send_request() end |
#describe_proxy_rule_group(params = {}) ⇒ Types::DescribeProxyRuleGroupResponse
Returns the data objects for the specified proxy rule group.
3576 3577 3578 3579 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3576 def describe_proxy_rule_group(params = {}, = {}) req = build_request(:describe_proxy_rule_group, params) req.send_request() end |
#describe_resource_policy(params = {}) ⇒ Types::DescribeResourcePolicyResponse
Retrieves a resource policy that you created in a PutResourcePolicy request.
3606 3607 3608 3609 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3606 def describe_resource_policy(params = {}, = {}) req = build_request(:describe_resource_policy, params) req.send_request() end |
#describe_rule_group(params = {}) ⇒ Types::DescribeRuleGroupResponse
Returns the data objects for the specified rule group.
3739 3740 3741 3742 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3739 def describe_rule_group(params = {}, = {}) req = build_request(:describe_rule_group, params) req.send_request() end |
#describe_rule_group_metadata(params = {}) ⇒ Types::DescribeRuleGroupMetadataResponse
High-level information about a rule group, returned by operations like create and describe. You can use the information provided in the metadata to retrieve and manage a rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.
3809 3810 3811 3812 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3809 def (params = {}, = {}) req = build_request(:describe_rule_group_metadata, params) req.send_request() end |
#describe_rule_group_summary(params = {}) ⇒ Types::DescribeRuleGroupSummaryResponse
Returns detailed information for a stateful rule group.
For active threat defense Amazon Web Services managed rule groups, this operation provides insight into the protections enabled by the rule group, based on Suricata rule metadata fields. Summaries are available for rule groups you manage and for active threat defense Amazon Web Services managed rule groups.
To modify how threat information appears in summaries, use the
SummaryConfiguration parameter in UpdateRuleGroup.
3872 3873 3874 3875 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3872 def describe_rule_group_summary(params = {}, = {}) req = build_request(:describe_rule_group_summary, params) req.send_request() end |
#describe_tls_inspection_configuration(params = {}) ⇒ Types::DescribeTLSInspectionConfigurationResponse
Returns the data objects for the specified TLS inspection configuration.
3952 3953 3954 3955 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3952 def describe_tls_inspection_configuration(params = {}, = {}) req = build_request(:describe_tls_inspection_configuration, params) req.send_request() end |
#describe_vpc_endpoint_association(params = {}) ⇒ Types::DescribeVpcEndpointAssociationResponse
Returns the data object for the specified VPC endpoint association.
3996 3997 3998 3999 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 3996 def describe_vpc_endpoint_association(params = {}, = {}) req = build_request(:describe_vpc_endpoint_association, params) req.send_request() end |
#detach_rule_groups_from_proxy_configuration(params = {}) ⇒ Types::DetachRuleGroupsFromProxyConfigurationResponse
Detaches ProxyRuleGroup resources from a ProxyConfiguration
A Proxy Configuration defines the monitoring and protection behavior for a Proxy. The details of the behavior are defined in the rule groups that you add to your configuration.
4077 4078 4079 4080 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4077 def detach_rule_groups_from_proxy_configuration(params = {}, = {}) req = build_request(:detach_rule_groups_from_proxy_configuration, params) req.send_request() end |
#disassociate_availability_zones(params = {}) ⇒ Types::DisassociateAvailabilityZonesResponse
Removes the specified Availability Zone associations from a transit gateway-attached firewall. This removes the firewall endpoints from these Availability Zones and stops traffic filtering in those zones. Before removing an Availability Zone, ensure you've updated your transit gateway route tables to redirect traffic appropriately.
AvailabilityZoneChangeProtection is enabled, you must first
disable it using UpdateAvailabilityZoneChangeProtection.
To verify the status of your Availability Zone changes, use DescribeFirewall.
4162 4163 4164 4165 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4162 def disassociate_availability_zones(params = {}, = {}) req = build_request(:disassociate_availability_zones, params) req.send_request() end |
#disassociate_subnets(params = {}) ⇒ Types::DisassociateSubnetsResponse
Removes the specified subnet associations from the firewall. This removes the firewall endpoints from the subnets and removes any network filtering protections that the endpoints were providing.
4233 4234 4235 4236 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4233 def disassociate_subnets(params = {}, = {}) req = build_request(:disassociate_subnets, params) req.send_request() end |
#get_analysis_report_results(params = {}) ⇒ Types::GetAnalysisReportResultsResponse
The results of a COMPLETED analysis report generated with
StartAnalysisReport.
For more information, see AnalysisTypeReportResult.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
4313 4314 4315 4316 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4313 def get_analysis_report_results(params = {}, = {}) req = build_request(:get_analysis_report_results, params) req.send_request() end |
#list_analysis_reports(params = {}) ⇒ Types::ListAnalysisReportsResponse
Returns a list of all traffic analysis reports generated within the last 30 days.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
4374 4375 4376 4377 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4374 def list_analysis_reports(params = {}, = {}) req = build_request(:list_analysis_reports, params) req.send_request() end |
#list_container_associations(params = {}) ⇒ Types::ListContainerAssociationsResponse
Retrieves the metadata for the container associations that you have defined. You can optionally page through results.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
4420 4421 4422 4423 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4420 def list_container_associations(params = {}, = {}) req = build_request(:list_container_associations, params) req.send_request() end |
#list_firewall_policies(params = {}) ⇒ Types::ListFirewallPoliciesResponse
Retrieves the metadata for the firewall policies that you have defined. Depending on your setting for max results and the number of firewall policies, a single call might not return the full list.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
4467 4468 4469 4470 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4467 def list_firewall_policies(params = {}, = {}) req = build_request(:list_firewall_policies, params) req.send_request() end |
#list_firewalls(params = {}) ⇒ Types::ListFirewallsResponse
Retrieves the metadata for the firewalls that you have defined. If you provide VPC identifiers in your request, this returns only the firewalls for those VPCs.
Depending on your setting for max results and the number of firewalls, a single call might not return the full list.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
4524 4525 4526 4527 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4524 def list_firewalls(params = {}, = {}) req = build_request(:list_firewalls, params) req.send_request() end |
#list_flow_operation_results(params = {}) ⇒ Types::ListFlowOperationResultsResponse
Returns the results of a specific flow operation.
Flow operations let you manage the flows tracked in the flow table, also known as the firewall table.
A flow is network traffic that is monitored by a firewall, either by stateful or stateless rules. For traffic to be considered part of a flow, it must share Destination, DestinationPort, Direction, Protocol, Source, and SourcePort.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
4626 4627 4628 4629 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4626 def list_flow_operation_results(params = {}, = {}) req = build_request(:list_flow_operation_results, params) req.send_request() end |
#list_flow_operations(params = {}) ⇒ Types::ListFlowOperationsResponse
Returns a list of all flow operations ran in a specific firewall. You can optionally narrow the request scope by specifying the operation type or Availability Zone associated with a firewall's flow operations.
Flow operations let you manage the flows tracked in the flow table, also known as the firewall table.
A flow is network traffic that is monitored by a firewall, either by stateful or stateless rules. For traffic to be considered part of a flow, it must share Destination, DestinationPort, Direction, Protocol, Source, and SourcePort.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
4710 4711 4712 4713 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4710 def list_flow_operations(params = {}, = {}) req = build_request(:list_flow_operations, params) req.send_request() end |
#list_proxies(params = {}) ⇒ Types::ListProxiesResponse
Retrieves the metadata for the proxies that you have defined. Depending on your setting for max results and the number of proxies, a single call might not return the full list.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
4757 4758 4759 4760 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4757 def list_proxies(params = {}, = {}) req = build_request(:list_proxies, params) req.send_request() end |
#list_proxy_configurations(params = {}) ⇒ Types::ListProxyConfigurationsResponse
Retrieves the metadata for the proxy configuration that you have defined. Depending on your setting for max results and the number of proxy configurations, a single call might not return the full list.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
4804 4805 4806 4807 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4804 def list_proxy_configurations(params = {}, = {}) req = build_request(:list_proxy_configurations, params) req.send_request() end |
#list_proxy_rule_groups(params = {}) ⇒ Types::ListProxyRuleGroupsResponse
Retrieves the metadata for the proxy rule groups that you have defined. Depending on your setting for max results and the number of proxy rule groups, a single call might not return the full list.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
4851 4852 4853 4854 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4851 def list_proxy_rule_groups(params = {}, = {}) req = build_request(:list_proxy_rule_groups, params) req.send_request() end |
#list_rule_groups(params = {}) ⇒ Types::ListRuleGroupsResponse
Retrieves the metadata for the rule groups that you have defined. Depending on your setting for max results and the number of rule groups, a single call might not return the full list.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
4922 4923 4924 4925 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4922 def list_rule_groups(params = {}, = {}) req = build_request(:list_rule_groups, params) req.send_request() end |
#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse
Retrieves the tags associated with the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
You can tag the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
5027 5028 5029 5030 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5027 def (params = {}, = {}) req = build_request(:list_tags_for_resource, params) req.send_request() end |
#list_tls_inspection_configurations(params = {}) ⇒ Types::ListTLSInspectionConfigurationsResponse
Retrieves the metadata for the TLS inspection configurations that you have defined. Depending on your setting for max results and the number of TLS inspection configurations, a single call might not return the full list.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
4970 4971 4972 4973 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 4970 def list_tls_inspection_configurations(params = {}, = {}) req = build_request(:list_tls_inspection_configurations, params) req.send_request() end |
#list_vpc_endpoint_associations(params = {}) ⇒ Types::ListVpcEndpointAssociationsResponse
Retrieves the metadata for the VPC endpoint associations that you have defined. If you specify a fireawll, this returns only the endpoint associations for that firewall.
Depending on your setting for max results and the number of associations, a single call might not return the full list.
The returned response is a pageable response and is Enumerable. For details on usage see PageableResponse.
5083 5084 5085 5086 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5083 def list_vpc_endpoint_associations(params = {}, = {}) req = build_request(:list_vpc_endpoint_associations, params) req.send_request() end |
#put_resource_policy(params = {}) ⇒ Struct
Creates or updates an IAM policy for your rule group, firewall policy, or firewall. Use this to share these resources between accounts. This operation works in conjunction with the Amazon Web Services Resource Access Manager (RAM) service to manage resource sharing for Network Firewall.
For information about using sharing with Network Firewall resources, see Sharing Network Firewall resources in the Network Firewall Developer Guide.
Use this operation to create or update a resource policy for your Network Firewall rule group, firewall policy, or firewall. In the resource policy, you specify the accounts that you want to share the Network Firewall resource with and the operations that you want the accounts to be able to perform.
When you add an account in the resource policy, you then run the following Resource Access Manager (RAM) operations to access and accept the shared resource.
GetResourceShareInvitations - Returns the Amazon Resource Names (ARNs) of the resource share invitations.
AcceptResourceShareInvitation - Accepts the share invitation for a specified resource share.
For additional information about resource sharing using RAM, see Resource Access Manager User Guide.
5175 5176 5177 5178 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5175 def put_resource_policy(params = {}, = {}) req = build_request(:put_resource_policy, params) req.send_request() end |
#reject_network_firewall_transit_gateway_attachment(params = {}) ⇒ Types::RejectNetworkFirewallTransitGatewayAttachmentResponse
Rejects a transit gateway attachment request for Network Firewall. When you reject the attachment request, Network Firewall cancels the creation of routing components between the transit gateway and firewall endpoints.
Only the transit gateway owner can reject the attachment. After rejection, no traffic will flow through the firewall endpoints for this attachment.
Use DescribeFirewall to monitor the rejection status. To accept the attachment instead of rejecting it, use AcceptNetworkFirewallTransitGatewayAttachment.
5223 5224 5225 5226 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5223 def (params = {}, = {}) req = build_request(:reject_network_firewall_transit_gateway_attachment, params) req.send_request() end |
#start_analysis_report(params = {}) ⇒ Types::StartAnalysisReportResponse
Generates a traffic analysis report for the timeframe and traffic type you specify.
For information on the contents of a traffic analysis report, see AnalysisReport.
5268 5269 5270 5271 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5268 def start_analysis_report(params = {}, = {}) req = build_request(:start_analysis_report, params) req.send_request() end |
#start_flow_capture(params = {}) ⇒ Types::StartFlowCaptureResponse
Begins capturing the flows in a firewall, according to the filters you define. Captures are similar, but not identical to snapshots. Capture operations provide visibility into flows that are not closed and are tracked by a firewall's flow table. Unlike snapshots, captures are a time-boxed view.
A flow is network traffic that is monitored by a firewall, either by stateful or stateless rules. For traffic to be considered part of a flow, it must share Destination, DestinationPort, Direction, Protocol, Source, and SourcePort.
FlowFilters, like
narrow IP ranges, ports, or protocols.
5361 5362 5363 5364 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5361 def start_flow_capture(params = {}, = {}) req = build_request(:start_flow_capture, params) req.send_request() end |
#start_flow_flush(params = {}) ⇒ Types::StartFlowFlushResponse
Begins the flushing of traffic from the firewall, according to the filters you define. When the operation starts, impacted flows are temporarily marked as timed out before the Suricata engine prunes, or flushes, the flows from the firewall table.
While the flush completes, impacted flows are processed as midstream traffic. This may result in a temporary increase in midstream traffic metrics. We recommend that you double check your stream exception policy before you perform a flush operation.
5441 5442 5443 5444 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5441 def start_flow_flush(params = {}, = {}) req = build_request(:start_flow_flush, params) req.send_request() end |
#tag_resource(params = {}) ⇒ Struct
Adds the specified tags to the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
You can tag the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups.
5479 5480 5481 5482 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5479 def tag_resource(params = {}, = {}) req = build_request(:tag_resource, params) req.send_request() end |
#untag_resource(params = {}) ⇒ Struct
Removes the tags with the specified keys from the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
You can manage tags for the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall policies, and rule groups.
5513 5514 5515 5516 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5513 def untag_resource(params = {}, = {}) req = build_request(:untag_resource, params) req.send_request() end |
#update_availability_zone_change_protection(params = {}) ⇒ Types::UpdateAvailabilityZoneChangeProtectionResponse
Modifies the AvailabilityZoneChangeProtection setting for a transit
gateway-attached firewall. When enabled, this setting prevents
accidental changes to the firewall's Availability Zone configuration.
This helps protect against disrupting traffic flow in production
environments.
When enabled, you must disable this protection before using AssociateAvailabilityZones or DisassociateAvailabilityZones to modify the firewall's Availability Zone configuration.
5592 5593 5594 5595 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5592 def update_availability_zone_change_protection(params = {}, = {}) req = build_request(:update_availability_zone_change_protection, params) req.send_request() end |
#update_container_association(params = {}) ⇒ Types::UpdateContainerAssociationResponse
Updates the properties of an existing container association. Use this to modify the container monitoring configurations or description.
5694 5695 5696 5697 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5694 def update_container_association(params = {}, = {}) req = build_request(:update_container_association, params) req.send_request() end |
#update_firewall_analysis_settings(params = {}) ⇒ Types::UpdateFirewallAnalysisSettingsResponse
Enables specific types of firewall analysis on a specific firewall you define.
5764 5765 5766 5767 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5764 def update_firewall_analysis_settings(params = {}, = {}) req = build_request(:update_firewall_analysis_settings, params) req.send_request() end |
#update_firewall_delete_protection(params = {}) ⇒ Types::UpdateFirewallDeleteProtectionResponse
Modifies the flag, DeleteProtection, which indicates whether it is
possible to delete the firewall. If the flag is set to TRUE, the
firewall is protected against deletion. This setting helps protect
against accidentally deleting a firewall that's in use.
5838 5839 5840 5841 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5838 def update_firewall_delete_protection(params = {}, = {}) req = build_request(:update_firewall_delete_protection, params) req.send_request() end |
#update_firewall_description(params = {}) ⇒ Types::UpdateFirewallDescriptionResponse
Modifies the description for the specified firewall. Use the description to help you identify the firewall when you're working with it.
5908 5909 5910 5911 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5908 def update_firewall_description(params = {}, = {}) req = build_request(:update_firewall_description, params) req.send_request() end |
#update_firewall_encryption_configuration(params = {}) ⇒ Types::UpdateFirewallEncryptionConfigurationResponse
A complex type that contains settings for encryption of your firewall resources.
5988 5989 5990 5991 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 5988 def update_firewall_encryption_configuration(params = {}, = {}) req = build_request(:update_firewall_encryption_configuration, params) req.send_request() end |
#update_firewall_policy(params = {}) ⇒ Types::UpdateFirewallPolicyResponse
Updates the properties of the specified firewall policy.
6140 6141 6142 6143 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 6140 def update_firewall_policy(params = {}, = {}) req = build_request(:update_firewall_policy, params) req.send_request() end |
#update_firewall_policy_change_protection(params = {}) ⇒ Types::UpdateFirewallPolicyChangeProtectionResponse
Modifies the flag, ChangeProtection, which indicates whether it is
possible to change the firewall. If the flag is set to TRUE, the
firewall is protected from changes. This setting helps protect against
accidentally changing a firewall that's in use.
6214 6215 6216 6217 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 6214 def update_firewall_policy_change_protection(params = {}, = {}) req = build_request(:update_firewall_policy_change_protection, params) req.send_request() end |
#update_logging_configuration(params = {}) ⇒ Types::UpdateLoggingConfigurationResponse
Sets the logging configuration for the specified firewall.
To change the logging configuration, retrieve the LoggingConfiguration by calling DescribeLoggingConfiguration, then change it and provide the modified object to this update call. You must change the logging configuration one LogDestinationConfig at a time inside the retrieved LoggingConfiguration object.
You can perform only one of the following actions in any call to
UpdateLoggingConfiguration:
Create a new log destination object by adding a single
LogDestinationConfigarray element toLogDestinationConfigs.Delete a log destination object by removing a single
LogDestinationConfigarray element fromLogDestinationConfigs.Change the
LogDestinationsetting in a singleLogDestinationConfigarray element.
You can't change the LogDestinationType or LogType in a
LogDestinationConfig. To change these settings, delete the existing
LogDestinationConfig object and create a new one, using two separate
calls to this update operation.
6313 6314 6315 6316 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 6313 def update_logging_configuration(params = {}, = {}) req = build_request(:update_logging_configuration, params) req.send_request() end |
#update_proxy(params = {}) ⇒ Types::UpdateProxyResponse
Updates the properties of the specified proxy.
6414 6415 6416 6417 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 6414 def update_proxy(params = {}, = {}) req = build_request(:update_proxy, params) req.send_request() end |
#update_proxy_configuration(params = {}) ⇒ Types::UpdateProxyConfigurationResponse
Updates the properties of the specified proxy configuration.
6492 6493 6494 6495 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 6492 def update_proxy_configuration(params = {}, = {}) req = build_request(:update_proxy_configuration, params) req.send_request() end |
#update_proxy_rule(params = {}) ⇒ Types::UpdateProxyRuleResponse
Updates the properties of the specified proxy rule.
6597 6598 6599 6600 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 6597 def update_proxy_rule(params = {}, = {}) req = build_request(:update_proxy_rule, params) req.send_request() end |
#update_proxy_rule_group_priorities(params = {}) ⇒ Types::UpdateProxyRuleGroupPrioritiesResponse
Updates proxy rule group priorities within a proxy configuration.
6662 6663 6664 6665 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 6662 def update_proxy_rule_group_priorities(params = {}, = {}) req = build_request(:update_proxy_rule_group_priorities, params) req.send_request() end |
#update_proxy_rule_priorities(params = {}) ⇒ Types::UpdateProxyRulePrioritiesResponse
Updates proxy rule priorities within a proxy rule group.
6737 6738 6739 6740 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 6737 def update_proxy_rule_priorities(params = {}, = {}) req = build_request(:update_proxy_rule_priorities, params) req.send_request() end |
#update_rule_group(params = {}) ⇒ Types::UpdateRuleGroupResponse
Updates the rule settings for the specified rule group. You use a rule group by reference in one or more firewall policies. When you modify a rule group, you modify all firewall policies that use the rule group.
To update a rule group, first call DescribeRuleGroup to retrieve the current RuleGroup object, update the object as needed, and then provide the updated object to this call.
7014 7015 7016 7017 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 7014 def update_rule_group(params = {}, = {}) req = build_request(:update_rule_group, params) req.send_request() end |
#update_subnet_change_protection(params = {}) ⇒ Types::UpdateSubnetChangeProtectionResponse
Returns a response object which responds to the following methods:
- #update_token => String
- #firewall_arn => String
- #firewall_name => String
- #subnet_change_protection => Boolean
7083 7084 7085 7086 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 7083 def update_subnet_change_protection(params = {}, = {}) req = build_request(:update_subnet_change_protection, params) req.send_request() end |
#update_tls_inspection_configuration(params = {}) ⇒ Types::UpdateTLSInspectionConfigurationResponse
Updates the TLS inspection configuration settings for the specified TLS inspection configuration. You use a TLS inspection configuration by referencing it in one or more firewall policies. When you modify a TLS inspection configuration, you modify all firewall policies that use the TLS inspection configuration.
To update a TLS inspection configuration, first call DescribeTLSInspectionConfiguration to retrieve the current TLSInspectionConfiguration object, update the object as needed, and then provide the updated object to this call.
7242 7243 7244 7245 |
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/client.rb', line 7242 def update_tls_inspection_configuration(params = {}, = {}) req = build_request(:update_tls_inspection_configuration, params) req.send_request() end |