Skip to content

Commit

Permalink
feat(client-network-firewall): AWS Network Firewall now enables custo…
Browse files Browse the repository at this point in the history 
…mers to use a customer managed AWS KMS key for the encryption of their firewall resources.
  • Loading branch information
awstools committed Apr 26, 2022
1 parent c70378d commit ba3e251
Show file tree
Hide file tree
Showing 15 changed files with 777 additions and 148 deletions.
14 changes: 7 additions & 7 deletions clients/client-network-firewall/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,21 @@

AWS SDK for JavaScript NetworkFirewall Client for Node.js, Browser and React Native.

<p>This is the API Reference for AWS Network Firewall. This guide is for developers who need
<p>This is the API Reference for Network Firewall. This guide is for developers who need
detailed information about the Network Firewall API actions, data types, and errors. </p>
<ul>
<li>
<p>The REST API requires you to handle connection details, such as calculating
signatures, handling request retries, and error handling. For general information
about using the AWS REST APIs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-apis.html">AWS APIs</a>. </p>
about using the Amazon Web Services REST APIs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-apis.html">Amazon Web Services APIs</a>. </p>
<p>To access Network Firewall using the REST API endpoint:
<code>https://network-firewall.<region>.amazonaws.com </code>
</p>
</li>
<li>
<p>Alternatively, you can use one of the AWS SDKs to access an API that's tailored to
<p>Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to
the programming language or platform that you're using. For more information, see
<a href="http://aws.amazon.com/tools/#SDKs">AWS SDKs</a>.</p>
<a href="http://aws.amazon.com/tools/#SDKs">Amazon Web Services SDKs</a>.</p>
</li>
<li>
<p>For descriptions of Network Firewall features, including and step-by-step
Expand All @@ -32,15 +32,15 @@ Guide</a>.</p>
<p>Network Firewall is a stateful, managed, network firewall and intrusion detection and
prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
perimeter of your VPC. This includes filtering traffic going to and coming from an internet
gateway, NAT gateway, or over VPN or AWS Direct Connect. Network Firewall uses rules that are compatible
gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible
with Suricata, a free, open source intrusion detection system (IDS) engine.
AWS Network Firewall supports Suricata version 5.0.2. For information about Suricata,
Network Firewall supports Suricata version 5.0.2. For information about Suricata,
see the <a href="https://suricata-ids.org/">Suricata website</a>.</p>
<p>You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
The following are just a few examples: </p>
<ul>
<li>
<p>Allow domains or IP addresses for known AWS service endpoints, such as Amazon S3, and
<p>Allow domains or IP addresses for known Amazon Web Services service endpoints, such as Amazon S3, and
block all other forms of traffic.</p>
</li>
<li>
Expand Down
79 changes: 59 additions & 20 deletions clients/client-network-firewall/src/NetworkFirewall.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,11 @@ import {
UpdateFirewallDescriptionCommandInput,
UpdateFirewallDescriptionCommandOutput,
} from "./commands/UpdateFirewallDescriptionCommand";
import {
UpdateFirewallEncryptionConfigurationCommand,
UpdateFirewallEncryptionConfigurationCommandInput,
UpdateFirewallEncryptionConfigurationCommandOutput,
} from "./commands/UpdateFirewallEncryptionConfigurationCommand";
import {
UpdateFirewallPolicyChangeProtectionCommand,
UpdateFirewallPolicyChangeProtectionCommandInput,
Expand Down Expand Up @@ -149,21 +154,21 @@ import {
import { NetworkFirewallClient } from "./NetworkFirewallClient";

/**
* <p>This is the API Reference for AWS Network Firewall. This guide is for developers who need
* <p>This is the API Reference for Network Firewall. This guide is for developers who need
* detailed information about the Network Firewall API actions, data types, and errors. </p>
* <ul>
* <li>
* <p>The REST API requires you to handle connection details, such as calculating
* signatures, handling request retries, and error handling. For general information
* about using the AWS REST APIs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-apis.html">AWS APIs</a>. </p>
* about using the Amazon Web Services REST APIs, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws-apis.html">Amazon Web Services APIs</a>. </p>
* <p>To access Network Firewall using the REST API endpoint:
* <code>https://network-firewall.<region>.amazonaws.com </code>
* </p>
* </li>
* <li>
* <p>Alternatively, you can use one of the AWS SDKs to access an API that's tailored to
* <p>Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to
* the programming language or platform that you're using. For more information, see
* <a href="http://aws.amazon.com/tools/#SDKs">AWS SDKs</a>.</p>
* <a href="http://aws.amazon.com/tools/#SDKs">Amazon Web Services SDKs</a>.</p>
* </li>
* <li>
* <p>For descriptions of Network Firewall features, including and step-by-step
Expand All @@ -174,15 +179,15 @@ import { NetworkFirewallClient } from "./NetworkFirewallClient";
* <p>Network Firewall is a stateful, managed, network firewall and intrusion detection and
* prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
* perimeter of your VPC. This includes filtering traffic going to and coming from an internet
* gateway, NAT gateway, or over VPN or AWS Direct Connect. Network Firewall uses rules that are compatible
* gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible
* with Suricata, a free, open source intrusion detection system (IDS) engine.
* AWS Network Firewall supports Suricata version 5.0.2. For information about Suricata,
* Network Firewall supports Suricata version 5.0.2. For information about Suricata,
* see the <a href="https://suricata-ids.org/">Suricata website</a>.</p>
* <p>You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
* The following are just a few examples: </p>
* <ul>
* <li>
* <p>Allow domains or IP addresses for known AWS service endpoints, such as Amazon S3, and
* <p>Allow domains or IP addresses for known Amazon Web Services service endpoints, such as Amazon S3, and
* block all other forms of traffic.</p>
* </li>
* <li>
Expand Down Expand Up @@ -268,7 +273,7 @@ export class NetworkFirewall extends NetworkFirewallClient {
/**
* <p>Associates the specified subnets in the Amazon VPC to the firewall. You can specify one
* subnet for each of the Availability Zones that the VPC spans. </p>
* <p>This request creates an AWS Network Firewall firewall endpoint in each of the subnets. To
* <p>This request creates an Network Firewall firewall endpoint in each of the subnets. To
* enable the firewall's protections, you must also modify the VPC's route tables for each
* subnet's Availability Zone, to redirect the traffic that's coming into and going out of the
* zone through the firewall endpoint. </p>
Expand Down Expand Up @@ -303,12 +308,12 @@ export class NetworkFirewall extends NetworkFirewallClient {
}

/**
* <p>Creates an AWS Network Firewall <a>Firewall</a> and accompanying <a>FirewallStatus</a> for a VPC. </p>
* <p>The firewall defines the configuration settings for an AWS Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource. </p>
* <p>Creates an Network Firewall <a>Firewall</a> and accompanying <a>FirewallStatus</a> for a VPC. </p>
* <p>The firewall defines the configuration settings for an Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource. </p>
* <p>After you create a firewall, you can provide additional settings, like the logging configuration. </p>
* <p>To update the settings for a firewall, you use the operations that apply to the settings
* themselves, for example <a>UpdateLoggingConfiguration</a>, <a>AssociateSubnets</a>, and <a>UpdateFirewallDeleteProtection</a>. </p>
* <p>To manage a firewall's tags, use the standard AWS resource tagging operations, <a>ListTagsForResource</a>, <a>TagResource</a>, and <a>UntagResource</a>.</p>
* <p>To manage a firewall's tags, use the standard Amazon Web Services resource tagging operations, <a>ListTagsForResource</a>, <a>TagResource</a>, and <a>UntagResource</a>.</p>
* <p>To retrieve information about firewalls, use <a>ListFirewalls</a> and <a>DescribeFirewall</a>.</p>
*/
public createFirewall(
Expand Down Expand Up @@ -342,7 +347,7 @@ export class NetworkFirewall extends NetworkFirewallClient {

/**
* <p>Creates the firewall policy for the firewall according to the specifications. </p>
* <p>An AWS Network Firewall firewall policy defines the behavior of a firewall, in a collection of
* <p>An Network Firewall firewall policy defines the behavior of a firewall, in a collection of
* stateless and stateful rule groups and other settings. You can use one firewall policy for
* multiple firewalls. </p>
*/
Expand Down Expand Up @@ -885,9 +890,9 @@ export class NetworkFirewall extends NetworkFirewallClient {
* <p>Retrieves the tags associated with the specified resource. Tags are key:value pairs that
* you can use to categorize and manage your resources, for purposes like billing. For
* example, you might set the tag key to "customer" and the value to the customer name or ID.
* You can specify one or more tags to add to each AWS resource, up to 50 tags for a
* You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a
* resource.</p>
* <p>You can tag the AWS resources that you manage through AWS Network Firewall: firewalls, firewall
* <p>You can tag the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall
* policies, and rule groups. </p>
*/
public listTagsForResource(
Expand Down Expand Up @@ -920,7 +925,7 @@ export class NetworkFirewall extends NetworkFirewallClient {
}

/**
* <p>Creates or updates an AWS Identity and Access Management policy for your rule group or firewall policy. Use this to share rule groups and firewall policies between accounts. This operation works in conjunction with the AWS Resource Access Manager (RAM) service
* <p>Creates or updates an IAM policy for your rule group or firewall policy. Use this to share rule groups and firewall policies between accounts. This operation works in conjunction with the Amazon Web Services Resource Access Manager (RAM) service
* to manage resource sharing for Network Firewall. </p>
* <p>Use this operation to create or update a resource policy for your rule group or firewall policy. In the policy, you specify the accounts that you want to share the resource with and the operations that you want the accounts to be able to perform. </p>
* <p>When you add an account in the resource policy, you then run the following Resource Access Manager (RAM) operations to access and accept the shared rule group or firewall policy. </p>
Expand All @@ -934,7 +939,7 @@ export class NetworkFirewall extends NetworkFirewallClient {
* <a href="https://docs.aws.amazon.com/ram/latest/APIReference/API_AcceptResourceShareInvitation.html">AcceptResourceShareInvitation</a> - Accepts the share invitation for a specified resource share. </p>
* </li>
* </ul>
* <p>For additional information about resource sharing using RAM, see <a href="https://docs.aws.amazon.com/ram/latest/userguide/what-is.html">AWS Resource Access Manager User Guide</a>.</p>
* <p>For additional information about resource sharing using RAM, see <a href="https://docs.aws.amazon.com/ram/latest/userguide/what-is.html">Resource Access Manager User Guide</a>.</p>
*/
public putResourcePolicy(
args: PutResourcePolicyCommandInput,
Expand Down Expand Up @@ -969,8 +974,8 @@ export class NetworkFirewall extends NetworkFirewallClient {
* <p>Adds the specified tags to the specified resource. Tags are key:value pairs that you can
* use to categorize and manage your resources, for purposes like billing. For example, you
* might set the tag key to "customer" and the value to the customer name or ID. You can
* specify one or more tags to add to each AWS resource, up to 50 tags for a resource.</p>
* <p>You can tag the AWS resources that you manage through AWS Network Firewall: firewalls, firewall
* specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.</p>
* <p>You can tag the Amazon Web Services resources that you manage through Network Firewall: firewalls, firewall
* policies, and rule groups. </p>
*/
public tagResource(args: TagResourceCommandInput, options?: __HttpHandlerOptions): Promise<TagResourceCommandOutput>;
Expand Down Expand Up @@ -1000,9 +1005,9 @@ export class NetworkFirewall extends NetworkFirewallClient {
* <p>Removes the tags with the specified keys from the specified resource. Tags are key:value
* pairs that you can use to categorize and manage your resources, for purposes like billing.
* For example, you might set the tag key to "customer" and the value to the customer name or
* ID. You can specify one or more tags to add to each AWS resource, up to 50 tags for a
* ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a
* resource.</p>
* <p>You can manage tags for the AWS resources that you manage through AWS Network Firewall:
* <p>You can manage tags for the Amazon Web Services resources that you manage through Network Firewall:
* firewalls, firewall policies, and rule groups. </p>
*/
public untagResource(
Expand Down Expand Up @@ -1102,6 +1107,40 @@ export class NetworkFirewall extends NetworkFirewallClient {
}
}

/**
* <p>A complex type that contains settings for encryption of your firewall resources.</p>
*/
public updateFirewallEncryptionConfiguration(
args: UpdateFirewallEncryptionConfigurationCommandInput,
options?: __HttpHandlerOptions
): Promise<UpdateFirewallEncryptionConfigurationCommandOutput>;
public updateFirewallEncryptionConfiguration(
args: UpdateFirewallEncryptionConfigurationCommandInput,
cb: (err: any, data?: UpdateFirewallEncryptionConfigurationCommandOutput) => void
): void;
public updateFirewallEncryptionConfiguration(
args: UpdateFirewallEncryptionConfigurationCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: UpdateFirewallEncryptionConfigurationCommandOutput) => void
): void;
public updateFirewallEncryptionConfiguration(
args: UpdateFirewallEncryptionConfigurationCommandInput,
optionsOrCb?:
| __HttpHandlerOptions
| ((err: any, data?: UpdateFirewallEncryptionConfigurationCommandOutput) => void),
cb?: (err: any, data?: UpdateFirewallEncryptionConfigurationCommandOutput) => void
): Promise<UpdateFirewallEncryptionConfigurationCommandOutput> | void {
const command = new UpdateFirewallEncryptionConfigurationCommand(args);
if (typeof optionsOrCb === "function") {
this.send(command, optionsOrCb);
} else if (typeof cb === "function") {
if (typeof optionsOrCb !== "object") throw new Error(`Expect http options but get ${typeof optionsOrCb}`);
this.send(command, optionsOrCb || {}, cb);
} else {
return this.send(command, optionsOrCb);
}
}

/**
* <p>Updates the properties of the specified firewall policy.</p>
*/
Expand Down
Loading

0 comments on commit ba3e251

Please sign in to comment.