feat(client-network-firewall): AWS Network Firewall adds support for …

…stateful threat signature AWS managed rule groups.
aws · Apr 28, 2022 · 790c085 · 790c085
1 parent 61e9e39
commit 790c085
Show file tree

Hide file tree

Showing 3 changed files with 218 additions and 2 deletions.
diff --git a/clients/client-network-firewall/src/models/models_0.ts b/clients/client-network-firewall/src/models/models_0.ts
@@ -492,7 +492,7 @@ export interface EncryptionConfiguration {
   /**
    * <p>The type of Amazon Web Services KMS key to use for encryption of your Network Firewall resources.</p>
    */
-  Type?: EncryptionType | string;
+  Type: EncryptionType | string | undefined;
 }
 
 export namespace EncryptionConfiguration {
@@ -1230,6 +1230,11 @@ export interface FirewallPolicyResponse {
    * <p>A complex type that contains the Amazon Web Services KMS encryption configuration settings for your firewall policy.</p>
    */
   EncryptionConfiguration?: EncryptionConfiguration;
+
+  /**
+   * <p>The last time that the firewall policy was changed.</p>
+   */
+  LastModifiedTime?: Date;
 }
 
 export namespace FirewallPolicyResponse {
@@ -1930,6 +1935,30 @@ export namespace RuleGroup {
   });
 }
 
+/**
+ * <p>High-level information about the managed rule group that your own rule group is copied from. You can use the the metadata to track version updates made to the originating rule group. You can retrieve all objects for a rule group by calling <a href="https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html">DescribeRuleGroup</a>.</p>
+ */
+export interface SourceMetadata {
+  /**
+   * <p>The Amazon Resource Name (ARN) of the rule group that your own rule group is copied from.</p>
+   */
+  SourceArn?: string;
+
+  /**
+   * <p>The update token of the Amazon Web Services managed rule group that your own rule group is copied from. To determine the update token for the managed rule group, call <a href="https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html#networkfirewall-DescribeRuleGroup-response-UpdateToken">DescribeRuleGroup</a>.</p>
+   */
+  SourceUpdateToken?: string;
+}
+
+export namespace SourceMetadata {
+  /**
+   * @internal
+   */
+  export const filterSensitiveLog = (obj: SourceMetadata): any => ({
+    ...obj,
+  });
+}
+
 export enum RuleGroupType {
   STATEFUL = "STATEFUL",
   STATELESS = "STATELESS",
@@ -2035,6 +2064,11 @@ export interface CreateRuleGroupRequest {
    * <p>A complex type that contains settings for encryption of your rule group resources.</p>
    */
   EncryptionConfiguration?: EncryptionConfiguration;
+
+  /**
+   * <p>A complex type that contains metadata about the rule group that your own rule group is copied from. You can use the metadata to keep track of updates made to the originating rule group.</p>
+   */
+  SourceMetadata?: SourceMetadata;
 }
 
 export namespace CreateRuleGroupRequest {
@@ -2114,6 +2148,24 @@ export interface RuleGroupResponse {
    * <p>A complex type that contains the Amazon Web Services KMS encryption configuration settings for your rule group.</p>
    */
   EncryptionConfiguration?: EncryptionConfiguration;
+
+  /**
+   * <p>A complex type that contains metadata about the rule group that your own rule group is copied from. You can use the metadata to track the version updates made to the originating rule group.</p>
+   */
+  SourceMetadata?: SourceMetadata;
+
+  /**
+   * <p>The Amazon resource name (ARN) of the Amazon Simple Notification Service SNS topic that's
+   * used to record changes to the managed rule group. You can subscribe to the SNS topic to receive
+   * notifications when the managed rule group is modified, such as for new versions and for version
+   * expiration. For more information, see the <a href="https://docs.aws.amazon.com/sns/latest/dg/welcome.html">Amazon Simple Notification Service Developer Guide.</a>.</p>
+   */
+  SnsTopic?: string;
+
+  /**
+   * <p>The last time that the rule group was changed.</p>
+   */
+  LastModifiedTime?: Date;
 }
 
 export namespace RuleGroupResponse {
@@ -2762,6 +2814,11 @@ export interface DescribeRuleGroupMetadataResponse {
    * <p>Additional options governing how Network Firewall handles the rule group. You can only use these for stateful rule groups.</p>
    */
   StatefulRuleOptions?: StatefulRuleOptions;
+
+  /**
+   * <p>The last time that the rule group was changed.</p>
+   */
+  LastModifiedTime?: Date;
 }
 
 export namespace DescribeRuleGroupMetadataResponse {
@@ -2998,6 +3055,11 @@ export namespace ListFirewallsResponse {
   });
 }
 
+export enum ResourceManagedType {
+  AWS_MANAGED_DOMAIN_LISTS = "AWS_MANAGED_DOMAIN_LISTS",
+  AWS_MANAGED_THREAT_SIGNATURES = "AWS_MANAGED_THREAT_SIGNATURES",
+}
+
 export enum ResourceManagedStatus {
   ACCOUNT = "ACCOUNT",
   MANAGED = "MANAGED",
@@ -3024,6 +3086,16 @@ export interface ListRuleGroupsRequest {
    *          <code>MANAGED</code> returns all available managed rule groups.</p>
    */
   Scope?: ResourceManagedStatus | string;
+
+  /**
+   * <p>Indicates the general category of the Amazon Web Services managed rule group.</p>
+   */
+  ManagedType?: ResourceManagedType | string;
+
+  /**
+   * <p>Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.</p>
+   */
+  Type?: RuleGroupType | string;
 }
 
 export namespace ListRuleGroupsRequest {
@@ -3781,6 +3853,11 @@ export interface UpdateRuleGroupRequest {
    * <p>A complex type that contains settings for encryption of your rule group resources.</p>
    */
   EncryptionConfiguration?: EncryptionConfiguration;
+
+  /**
+   * <p>A complex type that contains metadata about the rule group that your own rule group is copied from. You can use the metadata to keep track of updates made to the originating rule group.</p>
+   */
+  SourceMetadata?: SourceMetadata;
 }
 
 export namespace UpdateRuleGroupRequest {

diff --git a/clients/client-network-firewall/src/protocols/Aws_json1_0.ts b/clients/client-network-firewall/src/protocols/Aws_json1_0.ts
@@ -3,7 +3,10 @@ import {
   decorateServiceException as __decorateServiceException,
   expectBoolean as __expectBoolean,
   expectInt32 as __expectInt32,
+  expectNonNull as __expectNonNull,
+  expectNumber as __expectNumber,
   expectString as __expectString,
+  parseEpochTimestamp as __parseEpochTimestamp,
 } from "@aws-sdk/smithy-client";
 import {
   Endpoint as __Endpoint,
@@ -179,6 +182,7 @@ import {
   RulesSource,
   RulesSourceList,
   RuleVariables,
+  SourceMetadata,
   StatefulEngineOptions,
   StatefulRule,
   StatefulRuleGroupOverride,
@@ -2600,6 +2604,10 @@ const serializeAws_json1_0CreateRuleGroupRequest = (input: CreateRuleGroupReques
       input.RuleGroup !== null && { RuleGroup: serializeAws_json1_0RuleGroup(input.RuleGroup, context) }),
     ...(input.RuleGroupName !== undefined && input.RuleGroupName !== null && { RuleGroupName: input.RuleGroupName }),
     ...(input.Rules !== undefined && input.Rules !== null && { Rules: input.Rules }),
+    ...(input.SourceMetadata !== undefined &&
+      input.SourceMetadata !== null && {
+        SourceMetadata: serializeAws_json1_0SourceMetadata(input.SourceMetadata, context),
+      }),
     ...(input.Tags !== undefined && input.Tags !== null && { Tags: serializeAws_json1_0TagList(input.Tags, context) }),
     ...(input.Type !== undefined && input.Type !== null && { Type: input.Type }),
   };
@@ -2866,9 +2874,11 @@ const serializeAws_json1_0ListFirewallsRequest = (input: ListFirewallsRequest, c
 
 const serializeAws_json1_0ListRuleGroupsRequest = (input: ListRuleGroupsRequest, context: __SerdeContext): any => {
   return {
+    ...(input.ManagedType !== undefined && input.ManagedType !== null && { ManagedType: input.ManagedType }),
     ...(input.MaxResults !== undefined && input.MaxResults !== null && { MaxResults: input.MaxResults }),
     ...(input.NextToken !== undefined && input.NextToken !== null && { NextToken: input.NextToken }),
     ...(input.Scope !== undefined && input.Scope !== null && { Scope: input.Scope }),
+    ...(input.Type !== undefined && input.Type !== null && { Type: input.Type }),
   };
 };
 
@@ -3121,6 +3131,14 @@ const serializeAws_json1_0Settings = (input: string[], context: __SerdeContext):
     });
 };
 
+const serializeAws_json1_0SourceMetadata = (input: SourceMetadata, context: __SerdeContext): any => {
+  return {
+    ...(input.SourceArn !== undefined && input.SourceArn !== null && { SourceArn: input.SourceArn }),
+    ...(input.SourceUpdateToken !== undefined &&
+      input.SourceUpdateToken !== null && { SourceUpdateToken: input.SourceUpdateToken }),
+  };
+};
+
 const serializeAws_json1_0StatefulActions = (input: string[], context: __SerdeContext): any => {
   return input
     .filter((e: any) => e != null)
@@ -3469,6 +3487,10 @@ const serializeAws_json1_0UpdateRuleGroupRequest = (input: UpdateRuleGroupReques
     ...(input.RuleGroupArn !== undefined && input.RuleGroupArn !== null && { RuleGroupArn: input.RuleGroupArn }),
     ...(input.RuleGroupName !== undefined && input.RuleGroupName !== null && { RuleGroupName: input.RuleGroupName }),
     ...(input.Rules !== undefined && input.Rules !== null && { Rules: input.Rules }),
+    ...(input.SourceMetadata !== undefined &&
+      input.SourceMetadata !== null && {
+        SourceMetadata: serializeAws_json1_0SourceMetadata(input.SourceMetadata, context),
+      }),
     ...(input.Type !== undefined && input.Type !== null && { Type: input.Type }),
     ...(input.UpdateToken !== undefined && input.UpdateToken !== null && { UpdateToken: input.UpdateToken }),
   };
@@ -3739,6 +3761,10 @@ const deserializeAws_json1_0DescribeRuleGroupMetadataResponse = (
   return {
     Capacity: __expectInt32(output.Capacity),
     Description: __expectString(output.Description),
+    LastModifiedTime:
+      output.LastModifiedTime !== undefined && output.LastModifiedTime !== null
+        ? __expectNonNull(__parseEpochTimestamp(__expectNumber(output.LastModifiedTime)))
+        : undefined,
     RuleGroupArn: __expectString(output.RuleGroupArn),
     RuleGroupName: __expectString(output.RuleGroupName),
     StatefulRuleOptions:
@@ -3907,6 +3933,10 @@ const deserializeAws_json1_0FirewallPolicyResponse = (output: any, context: __Se
     FirewallPolicyId: __expectString(output.FirewallPolicyId),
     FirewallPolicyName: __expectString(output.FirewallPolicyName),
     FirewallPolicyStatus: __expectString(output.FirewallPolicyStatus),
+    LastModifiedTime:
+      output.LastModifiedTime !== undefined && output.LastModifiedTime !== null
+        ? __expectNonNull(__parseEpochTimestamp(__expectNumber(output.LastModifiedTime)))
+        : undefined,
     NumberOfAssociations: __expectInt32(output.NumberOfAssociations),
     Tags:
       output.Tags !== undefined && output.Tags !== null
@@ -4303,11 +4333,20 @@ const deserializeAws_json1_0RuleGroupResponse = (output: any, context: __SerdeCo
       output.EncryptionConfiguration !== undefined && output.EncryptionConfiguration !== null
         ? deserializeAws_json1_0EncryptionConfiguration(output.EncryptionConfiguration, context)
         : undefined,
+    LastModifiedTime:
+      output.LastModifiedTime !== undefined && output.LastModifiedTime !== null
+        ? __expectNonNull(__parseEpochTimestamp(__expectNumber(output.LastModifiedTime)))
+        : undefined,
     NumberOfAssociations: __expectInt32(output.NumberOfAssociations),
     RuleGroupArn: __expectString(output.RuleGroupArn),
     RuleGroupId: __expectString(output.RuleGroupId),
     RuleGroupName: __expectString(output.RuleGroupName),
     RuleGroupStatus: __expectString(output.RuleGroupStatus),
+    SnsTopic: __expectString(output.SnsTopic),
+    SourceMetadata:
+      output.SourceMetadata !== undefined && output.SourceMetadata !== null
+        ? deserializeAws_json1_0SourceMetadata(output.SourceMetadata, context)
+        : undefined,
     Tags:
       output.Tags !== undefined && output.Tags !== null
         ? deserializeAws_json1_0TagList(output.Tags, context)
@@ -4419,6 +4458,13 @@ const deserializeAws_json1_0Settings = (output: any, context: __SerdeContext): s
   return retVal;
 };
 
+const deserializeAws_json1_0SourceMetadata = (output: any, context: __SerdeContext): SourceMetadata => {
+  return {
+    SourceArn: __expectString(output.SourceArn),
+    SourceUpdateToken: __expectString(output.SourceUpdateToken),
+  } as any;
+};
+
 const deserializeAws_json1_0StatefulActions = (output: any, context: __SerdeContext): string[] => {
   const retVal = (output || [])
     .filter((e: any) => e != null)