File: //proc/self/root/opt/go/pkg/mod/github.com/aws/
[email protected]/service/networkfirewall/api.go
// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
package networkfirewall
import (
"fmt"
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awsutil"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/private/protocol"
"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
)
const opAssociateFirewallPolicy = "AssociateFirewallPolicy"
// AssociateFirewallPolicyRequest generates a "aws/request.Request" representing the
// client's request for the AssociateFirewallPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See AssociateFirewallPolicy for more information on using the AssociateFirewallPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the AssociateFirewallPolicyRequest method.
// req, resp := client.AssociateFirewallPolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AssociateFirewallPolicy
func (c *NetworkFirewall) AssociateFirewallPolicyRequest(input *AssociateFirewallPolicyInput) (req *request.Request, output *AssociateFirewallPolicyOutput) {
op := &request.Operation{
Name: opAssociateFirewallPolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &AssociateFirewallPolicyInput{}
}
output = &AssociateFirewallPolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// AssociateFirewallPolicy API operation for AWS Network Firewall.
//
// Associates a FirewallPolicy to a Firewall.
//
// A firewall policy defines how to monitor and manage your VPC network traffic,
// using a collection of inspection rule groups and other settings. Each firewall
// requires one firewall policy association, and you can use the same firewall
// policy for multiple firewalls.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation AssociateFirewallPolicy for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InvalidTokenException
// The token you provided is stale or isn't valid for the operation.
//
// - InvalidOperationException
// The operation failed because it's not valid. For example, you might have
// tried to delete a rule group or firewall policy that's in use.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AssociateFirewallPolicy
func (c *NetworkFirewall) AssociateFirewallPolicy(input *AssociateFirewallPolicyInput) (*AssociateFirewallPolicyOutput, error) {
req, out := c.AssociateFirewallPolicyRequest(input)
return out, req.Send()
}
// AssociateFirewallPolicyWithContext is the same as AssociateFirewallPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See AssociateFirewallPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) AssociateFirewallPolicyWithContext(ctx aws.Context, input *AssociateFirewallPolicyInput, opts ...request.Option) (*AssociateFirewallPolicyOutput, error) {
req, out := c.AssociateFirewallPolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opAssociateSubnets = "AssociateSubnets"
// AssociateSubnetsRequest generates a "aws/request.Request" representing the
// client's request for the AssociateSubnets operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See AssociateSubnets for more information on using the AssociateSubnets
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the AssociateSubnetsRequest method.
// req, resp := client.AssociateSubnetsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AssociateSubnets
func (c *NetworkFirewall) AssociateSubnetsRequest(input *AssociateSubnetsInput) (req *request.Request, output *AssociateSubnetsOutput) {
op := &request.Operation{
Name: opAssociateSubnets,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &AssociateSubnetsInput{}
}
output = &AssociateSubnetsOutput{}
req = c.newRequest(op, input, output)
return
}
// AssociateSubnets API operation for AWS Network Firewall.
//
// Associates the specified subnets in the Amazon VPC to the firewall. You can
// specify one subnet for each of the Availability Zones that the VPC spans.
//
// This request creates an Network Firewall firewall endpoint in each of the
// subnets. To enable the firewall's protections, you must also modify the VPC's
// route tables for each subnet's Availability Zone, to redirect the traffic
// that's coming into and going out of the zone through the firewall endpoint.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation AssociateSubnets for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InvalidTokenException
// The token you provided is stale or isn't valid for the operation.
//
// - InvalidOperationException
// The operation failed because it's not valid. For example, you might have
// tried to delete a rule group or firewall policy that's in use.
//
// - InsufficientCapacityException
// Amazon Web Services doesn't currently have enough available capacity to fulfill
// your request. Try your request later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AssociateSubnets
func (c *NetworkFirewall) AssociateSubnets(input *AssociateSubnetsInput) (*AssociateSubnetsOutput, error) {
req, out := c.AssociateSubnetsRequest(input)
return out, req.Send()
}
// AssociateSubnetsWithContext is the same as AssociateSubnets with the addition of
// the ability to pass a context and additional request options.
//
// See AssociateSubnets for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) AssociateSubnetsWithContext(ctx aws.Context, input *AssociateSubnetsInput, opts ...request.Option) (*AssociateSubnetsOutput, error) {
req, out := c.AssociateSubnetsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCreateFirewall = "CreateFirewall"
// CreateFirewallRequest generates a "aws/request.Request" representing the
// client's request for the CreateFirewall operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateFirewall for more information on using the CreateFirewall
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CreateFirewallRequest method.
// req, resp := client.CreateFirewallRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewall
func (c *NetworkFirewall) CreateFirewallRequest(input *CreateFirewallInput) (req *request.Request, output *CreateFirewallOutput) {
op := &request.Operation{
Name: opCreateFirewall,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CreateFirewallInput{}
}
output = &CreateFirewallOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateFirewall API operation for AWS Network Firewall.
//
// Creates an Network Firewall Firewall and accompanying FirewallStatus for
// a VPC.
//
// The firewall defines the configuration settings for an Network Firewall firewall.
// The settings that you can define at creation include the firewall policy,
// the subnets in your VPC to use for the firewall endpoints, and any tags that
// are attached to the firewall Amazon Web Services resource.
//
// After you create a firewall, you can provide additional settings, like the
// logging configuration.
//
// To update the settings for a firewall, you use the operations that apply
// to the settings themselves, for example UpdateLoggingConfiguration, AssociateSubnets,
// and UpdateFirewallDeleteProtection.
//
// To manage a firewall's tags, use the standard Amazon Web Services resource
// tagging operations, ListTagsForResource, TagResource, and UntagResource.
//
// To retrieve information about firewalls, use ListFirewalls and DescribeFirewall.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation CreateFirewall for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - LimitExceededException
// Unable to perform the operation because doing so would violate a limit setting.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InsufficientCapacityException
// Amazon Web Services doesn't currently have enough available capacity to fulfill
// your request. Try your request later.
//
// - InvalidOperationException
// The operation failed because it's not valid. For example, you might have
// tried to delete a rule group or firewall policy that's in use.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewall
func (c *NetworkFirewall) CreateFirewall(input *CreateFirewallInput) (*CreateFirewallOutput, error) {
req, out := c.CreateFirewallRequest(input)
return out, req.Send()
}
// CreateFirewallWithContext is the same as CreateFirewall with the addition of
// the ability to pass a context and additional request options.
//
// See CreateFirewall for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) CreateFirewallWithContext(ctx aws.Context, input *CreateFirewallInput, opts ...request.Option) (*CreateFirewallOutput, error) {
req, out := c.CreateFirewallRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCreateFirewallPolicy = "CreateFirewallPolicy"
// CreateFirewallPolicyRequest generates a "aws/request.Request" representing the
// client's request for the CreateFirewallPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateFirewallPolicy for more information on using the CreateFirewallPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CreateFirewallPolicyRequest method.
// req, resp := client.CreateFirewallPolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicy
func (c *NetworkFirewall) CreateFirewallPolicyRequest(input *CreateFirewallPolicyInput) (req *request.Request, output *CreateFirewallPolicyOutput) {
op := &request.Operation{
Name: opCreateFirewallPolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CreateFirewallPolicyInput{}
}
output = &CreateFirewallPolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateFirewallPolicy API operation for AWS Network Firewall.
//
// Creates the firewall policy for the firewall according to the specifications.
//
// An Network Firewall firewall policy defines the behavior of a firewall, in
// a collection of stateless and stateful rule groups and other settings. You
// can use one firewall policy for multiple firewalls.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation CreateFirewallPolicy for usage and error information.
//
// Returned Error Types:
//
// - LimitExceededException
// Unable to perform the operation because doing so would violate a limit setting.
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - InsufficientCapacityException
// Amazon Web Services doesn't currently have enough available capacity to fulfill
// your request. Try your request later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateFirewallPolicy
func (c *NetworkFirewall) CreateFirewallPolicy(input *CreateFirewallPolicyInput) (*CreateFirewallPolicyOutput, error) {
req, out := c.CreateFirewallPolicyRequest(input)
return out, req.Send()
}
// CreateFirewallPolicyWithContext is the same as CreateFirewallPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See CreateFirewallPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) CreateFirewallPolicyWithContext(ctx aws.Context, input *CreateFirewallPolicyInput, opts ...request.Option) (*CreateFirewallPolicyOutput, error) {
req, out := c.CreateFirewallPolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCreateRuleGroup = "CreateRuleGroup"
// CreateRuleGroupRequest generates a "aws/request.Request" representing the
// client's request for the CreateRuleGroup operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateRuleGroup for more information on using the CreateRuleGroup
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CreateRuleGroupRequest method.
// req, resp := client.CreateRuleGroupRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup
func (c *NetworkFirewall) CreateRuleGroupRequest(input *CreateRuleGroupInput) (req *request.Request, output *CreateRuleGroupOutput) {
op := &request.Operation{
Name: opCreateRuleGroup,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CreateRuleGroupInput{}
}
output = &CreateRuleGroupOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateRuleGroup API operation for AWS Network Firewall.
//
// Creates the specified stateless or stateful rule group, which includes the
// rules for network traffic inspection, a capacity setting, and tags.
//
// You provide your rule group specification in your request using either RuleGroup
// or Rules.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation CreateRuleGroup for usage and error information.
//
// Returned Error Types:
//
// - LimitExceededException
// Unable to perform the operation because doing so would violate a limit setting.
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - InsufficientCapacityException
// Amazon Web Services doesn't currently have enough available capacity to fulfill
// your request. Try your request later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateRuleGroup
func (c *NetworkFirewall) CreateRuleGroup(input *CreateRuleGroupInput) (*CreateRuleGroupOutput, error) {
req, out := c.CreateRuleGroupRequest(input)
return out, req.Send()
}
// CreateRuleGroupWithContext is the same as CreateRuleGroup with the addition of
// the ability to pass a context and additional request options.
//
// See CreateRuleGroup for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) CreateRuleGroupWithContext(ctx aws.Context, input *CreateRuleGroupInput, opts ...request.Option) (*CreateRuleGroupOutput, error) {
req, out := c.CreateRuleGroupRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opCreateTLSInspectionConfiguration = "CreateTLSInspectionConfiguration"
// CreateTLSInspectionConfigurationRequest generates a "aws/request.Request" representing the
// client's request for the CreateTLSInspectionConfiguration operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See CreateTLSInspectionConfiguration for more information on using the CreateTLSInspectionConfiguration
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the CreateTLSInspectionConfigurationRequest method.
// req, resp := client.CreateTLSInspectionConfigurationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateTLSInspectionConfiguration
func (c *NetworkFirewall) CreateTLSInspectionConfigurationRequest(input *CreateTLSInspectionConfigurationInput) (req *request.Request, output *CreateTLSInspectionConfigurationOutput) {
op := &request.Operation{
Name: opCreateTLSInspectionConfiguration,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &CreateTLSInspectionConfigurationInput{}
}
output = &CreateTLSInspectionConfigurationOutput{}
req = c.newRequest(op, input, output)
return
}
// CreateTLSInspectionConfiguration API operation for AWS Network Firewall.
//
// Creates an Network Firewall TLS inspection configuration. Network Firewall
// uses TLS inspection configurations to decrypt your firewall's inbound and
// outbound SSL/TLS traffic. After decryption, Network Firewall inspects the
// traffic according to your firewall policy's stateful rules, and then re-encrypts
// it before sending it to its destination. You can enable inspection of your
// firewall's inbound traffic, outbound traffic, or both. To use TLS inspection
// with your firewall, you must first import or provision certificates using
// ACM, create a TLS inspection configuration, add that configuration to a new
// firewall policy, and then associate that policy with your firewall.
//
// To update the settings for a TLS inspection configuration, use UpdateTLSInspectionConfiguration.
//
// To manage a TLS inspection configuration's tags, use the standard Amazon
// Web Services resource tagging operations, ListTagsForResource, TagResource,
// and UntagResource.
//
// To retrieve information about TLS inspection configurations, use ListTLSInspectionConfigurations
// and DescribeTLSInspectionConfiguration.
//
// For more information about TLS inspection configurations, see Inspecting
// SSL/TLS traffic with TLS inspection configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html)
// in the Network Firewall Developer Guide.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation CreateTLSInspectionConfiguration for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - LimitExceededException
// Unable to perform the operation because doing so would violate a limit setting.
//
// - InsufficientCapacityException
// Amazon Web Services doesn't currently have enough available capacity to fulfill
// your request. Try your request later.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/CreateTLSInspectionConfiguration
func (c *NetworkFirewall) CreateTLSInspectionConfiguration(input *CreateTLSInspectionConfigurationInput) (*CreateTLSInspectionConfigurationOutput, error) {
req, out := c.CreateTLSInspectionConfigurationRequest(input)
return out, req.Send()
}
// CreateTLSInspectionConfigurationWithContext is the same as CreateTLSInspectionConfiguration with the addition of
// the ability to pass a context and additional request options.
//
// See CreateTLSInspectionConfiguration for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) CreateTLSInspectionConfigurationWithContext(ctx aws.Context, input *CreateTLSInspectionConfigurationInput, opts ...request.Option) (*CreateTLSInspectionConfigurationOutput, error) {
req, out := c.CreateTLSInspectionConfigurationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeleteFirewall = "DeleteFirewall"
// DeleteFirewallRequest generates a "aws/request.Request" representing the
// client's request for the DeleteFirewall operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteFirewall for more information on using the DeleteFirewall
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DeleteFirewallRequest method.
// req, resp := client.DeleteFirewallRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewall
func (c *NetworkFirewall) DeleteFirewallRequest(input *DeleteFirewallInput) (req *request.Request, output *DeleteFirewallOutput) {
op := &request.Operation{
Name: opDeleteFirewall,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeleteFirewallInput{}
}
output = &DeleteFirewallOutput{}
req = c.newRequest(op, input, output)
return
}
// DeleteFirewall API operation for AWS Network Firewall.
//
// Deletes the specified Firewall and its FirewallStatus. This operation requires
// the firewall's DeleteProtection flag to be FALSE. You can't revert this operation.
//
// You can check whether a firewall is in use by reviewing the route tables
// for the Availability Zones where you have firewall subnet mappings. Retrieve
// the subnet mappings by calling DescribeFirewall. You define and update the
// route tables through Amazon VPC. As needed, update the route tables for the
// zones to remove the firewall endpoints. When the route tables no longer use
// the firewall endpoints, you can remove the firewall safely.
//
// To delete a firewall, remove the delete protection if you need to using UpdateFirewallDeleteProtection,
// then delete the firewall by calling DeleteFirewall.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation DeleteFirewall for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - UnsupportedOperationException
// The operation you requested isn't supported by Network Firewall.
//
// - InvalidOperationException
// The operation failed because it's not valid. For example, you might have
// tried to delete a rule group or firewall policy that's in use.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewall
func (c *NetworkFirewall) DeleteFirewall(input *DeleteFirewallInput) (*DeleteFirewallOutput, error) {
req, out := c.DeleteFirewallRequest(input)
return out, req.Send()
}
// DeleteFirewallWithContext is the same as DeleteFirewall with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteFirewall for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) DeleteFirewallWithContext(ctx aws.Context, input *DeleteFirewallInput, opts ...request.Option) (*DeleteFirewallOutput, error) {
req, out := c.DeleteFirewallRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeleteFirewallPolicy = "DeleteFirewallPolicy"
// DeleteFirewallPolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteFirewallPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteFirewallPolicy for more information on using the DeleteFirewallPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DeleteFirewallPolicyRequest method.
// req, resp := client.DeleteFirewallPolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallPolicy
func (c *NetworkFirewall) DeleteFirewallPolicyRequest(input *DeleteFirewallPolicyInput) (req *request.Request, output *DeleteFirewallPolicyOutput) {
op := &request.Operation{
Name: opDeleteFirewallPolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeleteFirewallPolicyInput{}
}
output = &DeleteFirewallPolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// DeleteFirewallPolicy API operation for AWS Network Firewall.
//
// Deletes the specified FirewallPolicy.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation DeleteFirewallPolicy for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - UnsupportedOperationException
// The operation you requested isn't supported by Network Firewall.
//
// - InvalidOperationException
// The operation failed because it's not valid. For example, you might have
// tried to delete a rule group or firewall policy that's in use.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteFirewallPolicy
func (c *NetworkFirewall) DeleteFirewallPolicy(input *DeleteFirewallPolicyInput) (*DeleteFirewallPolicyOutput, error) {
req, out := c.DeleteFirewallPolicyRequest(input)
return out, req.Send()
}
// DeleteFirewallPolicyWithContext is the same as DeleteFirewallPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteFirewallPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) DeleteFirewallPolicyWithContext(ctx aws.Context, input *DeleteFirewallPolicyInput, opts ...request.Option) (*DeleteFirewallPolicyOutput, error) {
req, out := c.DeleteFirewallPolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeleteResourcePolicy = "DeleteResourcePolicy"
// DeleteResourcePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DeleteResourcePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteResourcePolicy for more information on using the DeleteResourcePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DeleteResourcePolicyRequest method.
// req, resp := client.DeleteResourcePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteResourcePolicy
func (c *NetworkFirewall) DeleteResourcePolicyRequest(input *DeleteResourcePolicyInput) (req *request.Request, output *DeleteResourcePolicyOutput) {
op := &request.Operation{
Name: opDeleteResourcePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeleteResourcePolicyInput{}
}
output = &DeleteResourcePolicyOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// DeleteResourcePolicy API operation for AWS Network Firewall.
//
// Deletes a resource policy that you created in a PutResourcePolicy request.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation DeleteResourcePolicy for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InvalidResourcePolicyException
// The policy statement failed validation.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteResourcePolicy
func (c *NetworkFirewall) DeleteResourcePolicy(input *DeleteResourcePolicyInput) (*DeleteResourcePolicyOutput, error) {
req, out := c.DeleteResourcePolicyRequest(input)
return out, req.Send()
}
// DeleteResourcePolicyWithContext is the same as DeleteResourcePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteResourcePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) DeleteResourcePolicyWithContext(ctx aws.Context, input *DeleteResourcePolicyInput, opts ...request.Option) (*DeleteResourcePolicyOutput, error) {
req, out := c.DeleteResourcePolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeleteRuleGroup = "DeleteRuleGroup"
// DeleteRuleGroupRequest generates a "aws/request.Request" representing the
// client's request for the DeleteRuleGroup operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteRuleGroup for more information on using the DeleteRuleGroup
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DeleteRuleGroupRequest method.
// req, resp := client.DeleteRuleGroupRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup
func (c *NetworkFirewall) DeleteRuleGroupRequest(input *DeleteRuleGroupInput) (req *request.Request, output *DeleteRuleGroupOutput) {
op := &request.Operation{
Name: opDeleteRuleGroup,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeleteRuleGroupInput{}
}
output = &DeleteRuleGroupOutput{}
req = c.newRequest(op, input, output)
return
}
// DeleteRuleGroup API operation for AWS Network Firewall.
//
// Deletes the specified RuleGroup.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation DeleteRuleGroup for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - UnsupportedOperationException
// The operation you requested isn't supported by Network Firewall.
//
// - InvalidOperationException
// The operation failed because it's not valid. For example, you might have
// tried to delete a rule group or firewall policy that's in use.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteRuleGroup
func (c *NetworkFirewall) DeleteRuleGroup(input *DeleteRuleGroupInput) (*DeleteRuleGroupOutput, error) {
req, out := c.DeleteRuleGroupRequest(input)
return out, req.Send()
}
// DeleteRuleGroupWithContext is the same as DeleteRuleGroup with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteRuleGroup for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) DeleteRuleGroupWithContext(ctx aws.Context, input *DeleteRuleGroupInput, opts ...request.Option) (*DeleteRuleGroupOutput, error) {
req, out := c.DeleteRuleGroupRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDeleteTLSInspectionConfiguration = "DeleteTLSInspectionConfiguration"
// DeleteTLSInspectionConfigurationRequest generates a "aws/request.Request" representing the
// client's request for the DeleteTLSInspectionConfiguration operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DeleteTLSInspectionConfiguration for more information on using the DeleteTLSInspectionConfiguration
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DeleteTLSInspectionConfigurationRequest method.
// req, resp := client.DeleteTLSInspectionConfigurationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteTLSInspectionConfiguration
func (c *NetworkFirewall) DeleteTLSInspectionConfigurationRequest(input *DeleteTLSInspectionConfigurationInput) (req *request.Request, output *DeleteTLSInspectionConfigurationOutput) {
op := &request.Operation{
Name: opDeleteTLSInspectionConfiguration,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DeleteTLSInspectionConfigurationInput{}
}
output = &DeleteTLSInspectionConfigurationOutput{}
req = c.newRequest(op, input, output)
return
}
// DeleteTLSInspectionConfiguration API operation for AWS Network Firewall.
//
// Deletes the specified TLSInspectionConfiguration.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation DeleteTLSInspectionConfiguration for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InvalidOperationException
// The operation failed because it's not valid. For example, you might have
// tried to delete a rule group or firewall policy that's in use.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DeleteTLSInspectionConfiguration
func (c *NetworkFirewall) DeleteTLSInspectionConfiguration(input *DeleteTLSInspectionConfigurationInput) (*DeleteTLSInspectionConfigurationOutput, error) {
req, out := c.DeleteTLSInspectionConfigurationRequest(input)
return out, req.Send()
}
// DeleteTLSInspectionConfigurationWithContext is the same as DeleteTLSInspectionConfiguration with the addition of
// the ability to pass a context and additional request options.
//
// See DeleteTLSInspectionConfiguration for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) DeleteTLSInspectionConfigurationWithContext(ctx aws.Context, input *DeleteTLSInspectionConfigurationInput, opts ...request.Option) (*DeleteTLSInspectionConfigurationOutput, error) {
req, out := c.DeleteTLSInspectionConfigurationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeFirewall = "DescribeFirewall"
// DescribeFirewallRequest generates a "aws/request.Request" representing the
// client's request for the DescribeFirewall operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeFirewall for more information on using the DescribeFirewall
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeFirewallRequest method.
// req, resp := client.DescribeFirewallRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewall
func (c *NetworkFirewall) DescribeFirewallRequest(input *DescribeFirewallInput) (req *request.Request, output *DescribeFirewallOutput) {
op := &request.Operation{
Name: opDescribeFirewall,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeFirewallInput{}
}
output = &DescribeFirewallOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeFirewall API operation for AWS Network Firewall.
//
// Returns the data objects for the specified firewall.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation DescribeFirewall for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewall
func (c *NetworkFirewall) DescribeFirewall(input *DescribeFirewallInput) (*DescribeFirewallOutput, error) {
req, out := c.DescribeFirewallRequest(input)
return out, req.Send()
}
// DescribeFirewallWithContext is the same as DescribeFirewall with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeFirewall for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) DescribeFirewallWithContext(ctx aws.Context, input *DescribeFirewallInput, opts ...request.Option) (*DescribeFirewallOutput, error) {
req, out := c.DescribeFirewallRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeFirewallPolicy = "DescribeFirewallPolicy"
// DescribeFirewallPolicyRequest generates a "aws/request.Request" representing the
// client's request for the DescribeFirewallPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeFirewallPolicy for more information on using the DescribeFirewallPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeFirewallPolicyRequest method.
// req, resp := client.DescribeFirewallPolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewallPolicy
func (c *NetworkFirewall) DescribeFirewallPolicyRequest(input *DescribeFirewallPolicyInput) (req *request.Request, output *DescribeFirewallPolicyOutput) {
op := &request.Operation{
Name: opDescribeFirewallPolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeFirewallPolicyInput{}
}
output = &DescribeFirewallPolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeFirewallPolicy API operation for AWS Network Firewall.
//
// Returns the data objects for the specified firewall policy.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation DescribeFirewallPolicy for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFirewallPolicy
func (c *NetworkFirewall) DescribeFirewallPolicy(input *DescribeFirewallPolicyInput) (*DescribeFirewallPolicyOutput, error) {
req, out := c.DescribeFirewallPolicyRequest(input)
return out, req.Send()
}
// DescribeFirewallPolicyWithContext is the same as DescribeFirewallPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeFirewallPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) DescribeFirewallPolicyWithContext(ctx aws.Context, input *DescribeFirewallPolicyInput, opts ...request.Option) (*DescribeFirewallPolicyOutput, error) {
req, out := c.DescribeFirewallPolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeLoggingConfiguration = "DescribeLoggingConfiguration"
// DescribeLoggingConfigurationRequest generates a "aws/request.Request" representing the
// client's request for the DescribeLoggingConfiguration operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeLoggingConfiguration for more information on using the DescribeLoggingConfiguration
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeLoggingConfigurationRequest method.
// req, resp := client.DescribeLoggingConfigurationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeLoggingConfiguration
func (c *NetworkFirewall) DescribeLoggingConfigurationRequest(input *DescribeLoggingConfigurationInput) (req *request.Request, output *DescribeLoggingConfigurationOutput) {
op := &request.Operation{
Name: opDescribeLoggingConfiguration,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeLoggingConfigurationInput{}
}
output = &DescribeLoggingConfigurationOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeLoggingConfiguration API operation for AWS Network Firewall.
//
// Returns the logging configuration for the specified firewall.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation DescribeLoggingConfiguration for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeLoggingConfiguration
func (c *NetworkFirewall) DescribeLoggingConfiguration(input *DescribeLoggingConfigurationInput) (*DescribeLoggingConfigurationOutput, error) {
req, out := c.DescribeLoggingConfigurationRequest(input)
return out, req.Send()
}
// DescribeLoggingConfigurationWithContext is the same as DescribeLoggingConfiguration with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeLoggingConfiguration for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) DescribeLoggingConfigurationWithContext(ctx aws.Context, input *DescribeLoggingConfigurationInput, opts ...request.Option) (*DescribeLoggingConfigurationOutput, error) {
req, out := c.DescribeLoggingConfigurationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeResourcePolicy = "DescribeResourcePolicy"
// DescribeResourcePolicyRequest generates a "aws/request.Request" representing the
// client's request for the DescribeResourcePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeResourcePolicy for more information on using the DescribeResourcePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeResourcePolicyRequest method.
// req, resp := client.DescribeResourcePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeResourcePolicy
func (c *NetworkFirewall) DescribeResourcePolicyRequest(input *DescribeResourcePolicyInput) (req *request.Request, output *DescribeResourcePolicyOutput) {
op := &request.Operation{
Name: opDescribeResourcePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeResourcePolicyInput{}
}
output = &DescribeResourcePolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeResourcePolicy API operation for AWS Network Firewall.
//
// Retrieves a resource policy that you created in a PutResourcePolicy request.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation DescribeResourcePolicy for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeResourcePolicy
func (c *NetworkFirewall) DescribeResourcePolicy(input *DescribeResourcePolicyInput) (*DescribeResourcePolicyOutput, error) {
req, out := c.DescribeResourcePolicyRequest(input)
return out, req.Send()
}
// DescribeResourcePolicyWithContext is the same as DescribeResourcePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeResourcePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) DescribeResourcePolicyWithContext(ctx aws.Context, input *DescribeResourcePolicyInput, opts ...request.Option) (*DescribeResourcePolicyOutput, error) {
req, out := c.DescribeResourcePolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeRuleGroup = "DescribeRuleGroup"
// DescribeRuleGroupRequest generates a "aws/request.Request" representing the
// client's request for the DescribeRuleGroup operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeRuleGroup for more information on using the DescribeRuleGroup
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeRuleGroupRequest method.
// req, resp := client.DescribeRuleGroupRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup
func (c *NetworkFirewall) DescribeRuleGroupRequest(input *DescribeRuleGroupInput) (req *request.Request, output *DescribeRuleGroupOutput) {
op := &request.Operation{
Name: opDescribeRuleGroup,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeRuleGroupInput{}
}
output = &DescribeRuleGroupOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeRuleGroup API operation for AWS Network Firewall.
//
// Returns the data objects for the specified rule group.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation DescribeRuleGroup for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroup
func (c *NetworkFirewall) DescribeRuleGroup(input *DescribeRuleGroupInput) (*DescribeRuleGroupOutput, error) {
req, out := c.DescribeRuleGroupRequest(input)
return out, req.Send()
}
// DescribeRuleGroupWithContext is the same as DescribeRuleGroup with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeRuleGroup for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) DescribeRuleGroupWithContext(ctx aws.Context, input *DescribeRuleGroupInput, opts ...request.Option) (*DescribeRuleGroupOutput, error) {
req, out := c.DescribeRuleGroupRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeRuleGroupMetadata = "DescribeRuleGroupMetadata"
// DescribeRuleGroupMetadataRequest generates a "aws/request.Request" representing the
// client's request for the DescribeRuleGroupMetadata operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeRuleGroupMetadata for more information on using the DescribeRuleGroupMetadata
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeRuleGroupMetadataRequest method.
// req, resp := client.DescribeRuleGroupMetadataRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadata
func (c *NetworkFirewall) DescribeRuleGroupMetadataRequest(input *DescribeRuleGroupMetadataInput) (req *request.Request, output *DescribeRuleGroupMetadataOutput) {
op := &request.Operation{
Name: opDescribeRuleGroupMetadata,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeRuleGroupMetadataInput{}
}
output = &DescribeRuleGroupMetadataOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeRuleGroupMetadata API operation for AWS Network Firewall.
//
// High-level information about a rule group, returned by operations like create
// and describe. You can use the information provided in the metadata to retrieve
// and manage a rule group. You can retrieve all objects for a rule group by
// calling DescribeRuleGroup.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation DescribeRuleGroupMetadata for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeRuleGroupMetadata
func (c *NetworkFirewall) DescribeRuleGroupMetadata(input *DescribeRuleGroupMetadataInput) (*DescribeRuleGroupMetadataOutput, error) {
req, out := c.DescribeRuleGroupMetadataRequest(input)
return out, req.Send()
}
// DescribeRuleGroupMetadataWithContext is the same as DescribeRuleGroupMetadata with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeRuleGroupMetadata for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) DescribeRuleGroupMetadataWithContext(ctx aws.Context, input *DescribeRuleGroupMetadataInput, opts ...request.Option) (*DescribeRuleGroupMetadataOutput, error) {
req, out := c.DescribeRuleGroupMetadataRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDescribeTLSInspectionConfiguration = "DescribeTLSInspectionConfiguration"
// DescribeTLSInspectionConfigurationRequest generates a "aws/request.Request" representing the
// client's request for the DescribeTLSInspectionConfiguration operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DescribeTLSInspectionConfiguration for more information on using the DescribeTLSInspectionConfiguration
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DescribeTLSInspectionConfigurationRequest method.
// req, resp := client.DescribeTLSInspectionConfigurationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeTLSInspectionConfiguration
func (c *NetworkFirewall) DescribeTLSInspectionConfigurationRequest(input *DescribeTLSInspectionConfigurationInput) (req *request.Request, output *DescribeTLSInspectionConfigurationOutput) {
op := &request.Operation{
Name: opDescribeTLSInspectionConfiguration,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DescribeTLSInspectionConfigurationInput{}
}
output = &DescribeTLSInspectionConfigurationOutput{}
req = c.newRequest(op, input, output)
return
}
// DescribeTLSInspectionConfiguration API operation for AWS Network Firewall.
//
// Returns the data objects for the specified TLS inspection configuration.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation DescribeTLSInspectionConfiguration for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeTLSInspectionConfiguration
func (c *NetworkFirewall) DescribeTLSInspectionConfiguration(input *DescribeTLSInspectionConfigurationInput) (*DescribeTLSInspectionConfigurationOutput, error) {
req, out := c.DescribeTLSInspectionConfigurationRequest(input)
return out, req.Send()
}
// DescribeTLSInspectionConfigurationWithContext is the same as DescribeTLSInspectionConfiguration with the addition of
// the ability to pass a context and additional request options.
//
// See DescribeTLSInspectionConfiguration for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) DescribeTLSInspectionConfigurationWithContext(ctx aws.Context, input *DescribeTLSInspectionConfigurationInput, opts ...request.Option) (*DescribeTLSInspectionConfigurationOutput, error) {
req, out := c.DescribeTLSInspectionConfigurationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opDisassociateSubnets = "DisassociateSubnets"
// DisassociateSubnetsRequest generates a "aws/request.Request" representing the
// client's request for the DisassociateSubnets operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See DisassociateSubnets for more information on using the DisassociateSubnets
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the DisassociateSubnetsRequest method.
// req, resp := client.DisassociateSubnetsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DisassociateSubnets
func (c *NetworkFirewall) DisassociateSubnetsRequest(input *DisassociateSubnetsInput) (req *request.Request, output *DisassociateSubnetsOutput) {
op := &request.Operation{
Name: opDisassociateSubnets,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &DisassociateSubnetsInput{}
}
output = &DisassociateSubnetsOutput{}
req = c.newRequest(op, input, output)
return
}
// DisassociateSubnets API operation for AWS Network Firewall.
//
// Removes the specified subnet associations from the firewall. This removes
// the firewall endpoints from the subnets and removes any network filtering
// protections that the endpoints were providing.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation DisassociateSubnets for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InvalidTokenException
// The token you provided is stale or isn't valid for the operation.
//
// - InvalidOperationException
// The operation failed because it's not valid. For example, you might have
// tried to delete a rule group or firewall policy that's in use.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DisassociateSubnets
func (c *NetworkFirewall) DisassociateSubnets(input *DisassociateSubnetsInput) (*DisassociateSubnetsOutput, error) {
req, out := c.DisassociateSubnetsRequest(input)
return out, req.Send()
}
// DisassociateSubnetsWithContext is the same as DisassociateSubnets with the addition of
// the ability to pass a context and additional request options.
//
// See DisassociateSubnets for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) DisassociateSubnetsWithContext(ctx aws.Context, input *DisassociateSubnetsInput, opts ...request.Option) (*DisassociateSubnetsOutput, error) {
req, out := c.DisassociateSubnetsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opListFirewallPolicies = "ListFirewallPolicies"
// ListFirewallPoliciesRequest generates a "aws/request.Request" representing the
// client's request for the ListFirewallPolicies operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListFirewallPolicies for more information on using the ListFirewallPolicies
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListFirewallPoliciesRequest method.
// req, resp := client.ListFirewallPoliciesRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListFirewallPolicies
func (c *NetworkFirewall) ListFirewallPoliciesRequest(input *ListFirewallPoliciesInput) (req *request.Request, output *ListFirewallPoliciesOutput) {
op := &request.Operation{
Name: opListFirewallPolicies,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListFirewallPoliciesInput{}
}
output = &ListFirewallPoliciesOutput{}
req = c.newRequest(op, input, output)
return
}
// ListFirewallPolicies API operation for AWS Network Firewall.
//
// Retrieves the metadata for the firewall policies that you have defined. Depending
// on your setting for max results and the number of firewall policies, a single
// call might not return the full list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation ListFirewallPolicies for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListFirewallPolicies
func (c *NetworkFirewall) ListFirewallPolicies(input *ListFirewallPoliciesInput) (*ListFirewallPoliciesOutput, error) {
req, out := c.ListFirewallPoliciesRequest(input)
return out, req.Send()
}
// ListFirewallPoliciesWithContext is the same as ListFirewallPolicies with the addition of
// the ability to pass a context and additional request options.
//
// See ListFirewallPolicies for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) ListFirewallPoliciesWithContext(ctx aws.Context, input *ListFirewallPoliciesInput, opts ...request.Option) (*ListFirewallPoliciesOutput, error) {
req, out := c.ListFirewallPoliciesRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListFirewallPoliciesPages iterates over the pages of a ListFirewallPolicies operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListFirewallPolicies method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListFirewallPolicies operation.
// pageNum := 0
// err := client.ListFirewallPoliciesPages(params,
// func(page *networkfirewall.ListFirewallPoliciesOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *NetworkFirewall) ListFirewallPoliciesPages(input *ListFirewallPoliciesInput, fn func(*ListFirewallPoliciesOutput, bool) bool) error {
return c.ListFirewallPoliciesPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListFirewallPoliciesPagesWithContext same as ListFirewallPoliciesPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) ListFirewallPoliciesPagesWithContext(ctx aws.Context, input *ListFirewallPoliciesInput, fn func(*ListFirewallPoliciesOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListFirewallPoliciesInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListFirewallPoliciesRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListFirewallPoliciesOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListFirewalls = "ListFirewalls"
// ListFirewallsRequest generates a "aws/request.Request" representing the
// client's request for the ListFirewalls operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListFirewalls for more information on using the ListFirewalls
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListFirewallsRequest method.
// req, resp := client.ListFirewallsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListFirewalls
func (c *NetworkFirewall) ListFirewallsRequest(input *ListFirewallsInput) (req *request.Request, output *ListFirewallsOutput) {
op := &request.Operation{
Name: opListFirewalls,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListFirewallsInput{}
}
output = &ListFirewallsOutput{}
req = c.newRequest(op, input, output)
return
}
// ListFirewalls API operation for AWS Network Firewall.
//
// Retrieves the metadata for the firewalls that you have defined. If you provide
// VPC identifiers in your request, this returns only the firewalls for those
// VPCs.
//
// Depending on your setting for max results and the number of firewalls, a
// single call might not return the full list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation ListFirewalls for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListFirewalls
func (c *NetworkFirewall) ListFirewalls(input *ListFirewallsInput) (*ListFirewallsOutput, error) {
req, out := c.ListFirewallsRequest(input)
return out, req.Send()
}
// ListFirewallsWithContext is the same as ListFirewalls with the addition of
// the ability to pass a context and additional request options.
//
// See ListFirewalls for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) ListFirewallsWithContext(ctx aws.Context, input *ListFirewallsInput, opts ...request.Option) (*ListFirewallsOutput, error) {
req, out := c.ListFirewallsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListFirewallsPages iterates over the pages of a ListFirewalls operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListFirewalls method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListFirewalls operation.
// pageNum := 0
// err := client.ListFirewallsPages(params,
// func(page *networkfirewall.ListFirewallsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *NetworkFirewall) ListFirewallsPages(input *ListFirewallsInput, fn func(*ListFirewallsOutput, bool) bool) error {
return c.ListFirewallsPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListFirewallsPagesWithContext same as ListFirewallsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) ListFirewallsPagesWithContext(ctx aws.Context, input *ListFirewallsInput, fn func(*ListFirewallsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListFirewallsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListFirewallsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListFirewallsOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListRuleGroups = "ListRuleGroups"
// ListRuleGroupsRequest generates a "aws/request.Request" representing the
// client's request for the ListRuleGroups operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListRuleGroups for more information on using the ListRuleGroups
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListRuleGroupsRequest method.
// req, resp := client.ListRuleGroupsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListRuleGroups
func (c *NetworkFirewall) ListRuleGroupsRequest(input *ListRuleGroupsInput) (req *request.Request, output *ListRuleGroupsOutput) {
op := &request.Operation{
Name: opListRuleGroups,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListRuleGroupsInput{}
}
output = &ListRuleGroupsOutput{}
req = c.newRequest(op, input, output)
return
}
// ListRuleGroups API operation for AWS Network Firewall.
//
// Retrieves the metadata for the rule groups that you have defined. Depending
// on your setting for max results and the number of rule groups, a single call
// might not return the full list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation ListRuleGroups for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListRuleGroups
func (c *NetworkFirewall) ListRuleGroups(input *ListRuleGroupsInput) (*ListRuleGroupsOutput, error) {
req, out := c.ListRuleGroupsRequest(input)
return out, req.Send()
}
// ListRuleGroupsWithContext is the same as ListRuleGroups with the addition of
// the ability to pass a context and additional request options.
//
// See ListRuleGroups for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) ListRuleGroupsWithContext(ctx aws.Context, input *ListRuleGroupsInput, opts ...request.Option) (*ListRuleGroupsOutput, error) {
req, out := c.ListRuleGroupsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListRuleGroupsPages iterates over the pages of a ListRuleGroups operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListRuleGroups method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListRuleGroups operation.
// pageNum := 0
// err := client.ListRuleGroupsPages(params,
// func(page *networkfirewall.ListRuleGroupsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *NetworkFirewall) ListRuleGroupsPages(input *ListRuleGroupsInput, fn func(*ListRuleGroupsOutput, bool) bool) error {
return c.ListRuleGroupsPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListRuleGroupsPagesWithContext same as ListRuleGroupsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) ListRuleGroupsPagesWithContext(ctx aws.Context, input *ListRuleGroupsInput, fn func(*ListRuleGroupsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListRuleGroupsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListRuleGroupsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListRuleGroupsOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListTLSInspectionConfigurations = "ListTLSInspectionConfigurations"
// ListTLSInspectionConfigurationsRequest generates a "aws/request.Request" representing the
// client's request for the ListTLSInspectionConfigurations operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListTLSInspectionConfigurations for more information on using the ListTLSInspectionConfigurations
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListTLSInspectionConfigurationsRequest method.
// req, resp := client.ListTLSInspectionConfigurationsRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListTLSInspectionConfigurations
func (c *NetworkFirewall) ListTLSInspectionConfigurationsRequest(input *ListTLSInspectionConfigurationsInput) (req *request.Request, output *ListTLSInspectionConfigurationsOutput) {
op := &request.Operation{
Name: opListTLSInspectionConfigurations,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListTLSInspectionConfigurationsInput{}
}
output = &ListTLSInspectionConfigurationsOutput{}
req = c.newRequest(op, input, output)
return
}
// ListTLSInspectionConfigurations API operation for AWS Network Firewall.
//
// Retrieves the metadata for the TLS inspection configurations that you have
// defined. Depending on your setting for max results and the number of TLS
// inspection configurations, a single call might not return the full list.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation ListTLSInspectionConfigurations for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListTLSInspectionConfigurations
func (c *NetworkFirewall) ListTLSInspectionConfigurations(input *ListTLSInspectionConfigurationsInput) (*ListTLSInspectionConfigurationsOutput, error) {
req, out := c.ListTLSInspectionConfigurationsRequest(input)
return out, req.Send()
}
// ListTLSInspectionConfigurationsWithContext is the same as ListTLSInspectionConfigurations with the addition of
// the ability to pass a context and additional request options.
//
// See ListTLSInspectionConfigurations for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) ListTLSInspectionConfigurationsWithContext(ctx aws.Context, input *ListTLSInspectionConfigurationsInput, opts ...request.Option) (*ListTLSInspectionConfigurationsOutput, error) {
req, out := c.ListTLSInspectionConfigurationsRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListTLSInspectionConfigurationsPages iterates over the pages of a ListTLSInspectionConfigurations operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListTLSInspectionConfigurations method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListTLSInspectionConfigurations operation.
// pageNum := 0
// err := client.ListTLSInspectionConfigurationsPages(params,
// func(page *networkfirewall.ListTLSInspectionConfigurationsOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *NetworkFirewall) ListTLSInspectionConfigurationsPages(input *ListTLSInspectionConfigurationsInput, fn func(*ListTLSInspectionConfigurationsOutput, bool) bool) error {
return c.ListTLSInspectionConfigurationsPagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListTLSInspectionConfigurationsPagesWithContext same as ListTLSInspectionConfigurationsPages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) ListTLSInspectionConfigurationsPagesWithContext(ctx aws.Context, input *ListTLSInspectionConfigurationsInput, fn func(*ListTLSInspectionConfigurationsOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListTLSInspectionConfigurationsInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListTLSInspectionConfigurationsRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListTLSInspectionConfigurationsOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opListTagsForResource = "ListTagsForResource"
// ListTagsForResourceRequest generates a "aws/request.Request" representing the
// client's request for the ListTagsForResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See ListTagsForResource for more information on using the ListTagsForResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the ListTagsForResourceRequest method.
// req, resp := client.ListTagsForResourceRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListTagsForResource
func (c *NetworkFirewall) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
op := &request.Operation{
Name: opListTagsForResource,
HTTPMethod: "POST",
HTTPPath: "/",
Paginator: &request.Paginator{
InputTokens: []string{"NextToken"},
OutputTokens: []string{"NextToken"},
LimitToken: "MaxResults",
TruncationToken: "",
},
}
if input == nil {
input = &ListTagsForResourceInput{}
}
output = &ListTagsForResourceOutput{}
req = c.newRequest(op, input, output)
return
}
// ListTagsForResource API operation for AWS Network Firewall.
//
// Retrieves the tags associated with the specified resource. Tags are key:value
// pairs that you can use to categorize and manage your resources, for purposes
// like billing. For example, you might set the tag key to "customer" and the
// value to the customer name or ID. You can specify one or more tags to add
// to each Amazon Web Services resource, up to 50 tags for a resource.
//
// You can tag the Amazon Web Services resources that you manage through Network
// Firewall: firewalls, firewall policies, and rule groups.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation ListTagsForResource for usage and error information.
//
// Returned Error Types:
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/ListTagsForResource
func (c *NetworkFirewall) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
req, out := c.ListTagsForResourceRequest(input)
return out, req.Send()
}
// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
// the ability to pass a context and additional request options.
//
// See ListTagsForResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
req, out := c.ListTagsForResourceRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// ListTagsForResourcePages iterates over the pages of a ListTagsForResource operation,
// calling the "fn" function with the response data for each page. To stop
// iterating, return false from the fn function.
//
// See ListTagsForResource method for more information on how to use this operation.
//
// Note: This operation can generate multiple requests to a service.
//
// // Example iterating over at most 3 pages of a ListTagsForResource operation.
// pageNum := 0
// err := client.ListTagsForResourcePages(params,
// func(page *networkfirewall.ListTagsForResourceOutput, lastPage bool) bool {
// pageNum++
// fmt.Println(page)
// return pageNum <= 3
// })
func (c *NetworkFirewall) ListTagsForResourcePages(input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool) error {
return c.ListTagsForResourcePagesWithContext(aws.BackgroundContext(), input, fn)
}
// ListTagsForResourcePagesWithContext same as ListTagsForResourcePages except
// it takes a Context and allows setting request options on the pages.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) ListTagsForResourcePagesWithContext(ctx aws.Context, input *ListTagsForResourceInput, fn func(*ListTagsForResourceOutput, bool) bool, opts ...request.Option) error {
p := request.Pagination{
NewRequest: func() (*request.Request, error) {
var inCpy *ListTagsForResourceInput
if input != nil {
tmp := *input
inCpy = &tmp
}
req, _ := c.ListTagsForResourceRequest(inCpy)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return req, nil
},
}
for p.Next() {
if !fn(p.Page().(*ListTagsForResourceOutput), !p.HasNextPage()) {
break
}
}
return p.Err()
}
const opPutResourcePolicy = "PutResourcePolicy"
// PutResourcePolicyRequest generates a "aws/request.Request" representing the
// client's request for the PutResourcePolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See PutResourcePolicy for more information on using the PutResourcePolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the PutResourcePolicyRequest method.
// req, resp := client.PutResourcePolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/PutResourcePolicy
func (c *NetworkFirewall) PutResourcePolicyRequest(input *PutResourcePolicyInput) (req *request.Request, output *PutResourcePolicyOutput) {
op := &request.Operation{
Name: opPutResourcePolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &PutResourcePolicyInput{}
}
output = &PutResourcePolicyOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// PutResourcePolicy API operation for AWS Network Firewall.
//
// Creates or updates an IAM policy for your rule group or firewall policy.
// Use this to share rule groups and firewall policies between accounts. This
// operation works in conjunction with the Amazon Web Services Resource Access
// Manager (RAM) service to manage resource sharing for Network Firewall.
//
// Use this operation to create or update a resource policy for your rule group
// or firewall policy. In the policy, you specify the accounts that you want
// to share the resource with and the operations that you want the accounts
// to be able to perform.
//
// When you add an account in the resource policy, you then run the following
// Resource Access Manager (RAM) operations to access and accept the shared
// rule group or firewall policy.
//
// - GetResourceShareInvitations (https://docs.aws.amazon.com/ram/latest/APIReference/API_GetResourceShareInvitations.html)
//
// - Returns the Amazon Resource Names (ARNs) of the resource share invitations.
//
// - AcceptResourceShareInvitation (https://docs.aws.amazon.com/ram/latest/APIReference/API_AcceptResourceShareInvitation.html)
//
// - Accepts the share invitation for a specified resource share.
//
// For additional information about resource sharing using RAM, see Resource
// Access Manager User Guide (https://docs.aws.amazon.com/ram/latest/userguide/what-is.html).
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation PutResourcePolicy for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InvalidResourcePolicyException
// The policy statement failed validation.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/PutResourcePolicy
func (c *NetworkFirewall) PutResourcePolicy(input *PutResourcePolicyInput) (*PutResourcePolicyOutput, error) {
req, out := c.PutResourcePolicyRequest(input)
return out, req.Send()
}
// PutResourcePolicyWithContext is the same as PutResourcePolicy with the addition of
// the ability to pass a context and additional request options.
//
// See PutResourcePolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) PutResourcePolicyWithContext(ctx aws.Context, input *PutResourcePolicyInput, opts ...request.Option) (*PutResourcePolicyOutput, error) {
req, out := c.PutResourcePolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opTagResource = "TagResource"
// TagResourceRequest generates a "aws/request.Request" representing the
// client's request for the TagResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See TagResource for more information on using the TagResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the TagResourceRequest method.
// req, resp := client.TagResourceRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/TagResource
func (c *NetworkFirewall) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
op := &request.Operation{
Name: opTagResource,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &TagResourceInput{}
}
output = &TagResourceOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// TagResource API operation for AWS Network Firewall.
//
// Adds the specified tags to the specified resource. Tags are key:value pairs
// that you can use to categorize and manage your resources, for purposes like
// billing. For example, you might set the tag key to "customer" and the value
// to the customer name or ID. You can specify one or more tags to add to each
// Amazon Web Services resource, up to 50 tags for a resource.
//
// You can tag the Amazon Web Services resources that you manage through Network
// Firewall: firewalls, firewall policies, and rule groups.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation TagResource for usage and error information.
//
// Returned Error Types:
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/TagResource
func (c *NetworkFirewall) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
req, out := c.TagResourceRequest(input)
return out, req.Send()
}
// TagResourceWithContext is the same as TagResource with the addition of
// the ability to pass a context and additional request options.
//
// See TagResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
req, out := c.TagResourceRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opUntagResource = "UntagResource"
// UntagResourceRequest generates a "aws/request.Request" representing the
// client's request for the UntagResource operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UntagResource for more information on using the UntagResource
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the UntagResourceRequest method.
// req, resp := client.UntagResourceRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UntagResource
func (c *NetworkFirewall) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
op := &request.Operation{
Name: opUntagResource,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &UntagResourceInput{}
}
output = &UntagResourceOutput{}
req = c.newRequest(op, input, output)
req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
return
}
// UntagResource API operation for AWS Network Firewall.
//
// Removes the tags with the specified keys from the specified resource. Tags
// are key:value pairs that you can use to categorize and manage your resources,
// for purposes like billing. For example, you might set the tag key to "customer"
// and the value to the customer name or ID. You can specify one or more tags
// to add to each Amazon Web Services resource, up to 50 tags for a resource.
//
// You can manage tags for the Amazon Web Services resources that you manage
// through Network Firewall: firewalls, firewall policies, and rule groups.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation UntagResource for usage and error information.
//
// Returned Error Types:
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UntagResource
func (c *NetworkFirewall) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
req, out := c.UntagResourceRequest(input)
return out, req.Send()
}
// UntagResourceWithContext is the same as UntagResource with the addition of
// the ability to pass a context and additional request options.
//
// See UntagResource for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
req, out := c.UntagResourceRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opUpdateFirewallDeleteProtection = "UpdateFirewallDeleteProtection"
// UpdateFirewallDeleteProtectionRequest generates a "aws/request.Request" representing the
// client's request for the UpdateFirewallDeleteProtection operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateFirewallDeleteProtection for more information on using the UpdateFirewallDeleteProtection
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the UpdateFirewallDeleteProtectionRequest method.
// req, resp := client.UpdateFirewallDeleteProtectionRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallDeleteProtection
func (c *NetworkFirewall) UpdateFirewallDeleteProtectionRequest(input *UpdateFirewallDeleteProtectionInput) (req *request.Request, output *UpdateFirewallDeleteProtectionOutput) {
op := &request.Operation{
Name: opUpdateFirewallDeleteProtection,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &UpdateFirewallDeleteProtectionInput{}
}
output = &UpdateFirewallDeleteProtectionOutput{}
req = c.newRequest(op, input, output)
return
}
// UpdateFirewallDeleteProtection API operation for AWS Network Firewall.
//
// Modifies the flag, DeleteProtection, which indicates whether it is possible
// to delete the firewall. If the flag is set to TRUE, the firewall is protected
// against deletion. This setting helps protect against accidentally deleting
// a firewall that's in use.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation UpdateFirewallDeleteProtection for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InvalidTokenException
// The token you provided is stale or isn't valid for the operation.
//
// - ResourceOwnerCheckException
// Unable to change the resource because your account doesn't own it.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallDeleteProtection
func (c *NetworkFirewall) UpdateFirewallDeleteProtection(input *UpdateFirewallDeleteProtectionInput) (*UpdateFirewallDeleteProtectionOutput, error) {
req, out := c.UpdateFirewallDeleteProtectionRequest(input)
return out, req.Send()
}
// UpdateFirewallDeleteProtectionWithContext is the same as UpdateFirewallDeleteProtection with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateFirewallDeleteProtection for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) UpdateFirewallDeleteProtectionWithContext(ctx aws.Context, input *UpdateFirewallDeleteProtectionInput, opts ...request.Option) (*UpdateFirewallDeleteProtectionOutput, error) {
req, out := c.UpdateFirewallDeleteProtectionRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opUpdateFirewallDescription = "UpdateFirewallDescription"
// UpdateFirewallDescriptionRequest generates a "aws/request.Request" representing the
// client's request for the UpdateFirewallDescription operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateFirewallDescription for more information on using the UpdateFirewallDescription
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the UpdateFirewallDescriptionRequest method.
// req, resp := client.UpdateFirewallDescriptionRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallDescription
func (c *NetworkFirewall) UpdateFirewallDescriptionRequest(input *UpdateFirewallDescriptionInput) (req *request.Request, output *UpdateFirewallDescriptionOutput) {
op := &request.Operation{
Name: opUpdateFirewallDescription,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &UpdateFirewallDescriptionInput{}
}
output = &UpdateFirewallDescriptionOutput{}
req = c.newRequest(op, input, output)
return
}
// UpdateFirewallDescription API operation for AWS Network Firewall.
//
// Modifies the description for the specified firewall. Use the description
// to help you identify the firewall when you're working with it.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation UpdateFirewallDescription for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InvalidTokenException
// The token you provided is stale or isn't valid for the operation.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallDescription
func (c *NetworkFirewall) UpdateFirewallDescription(input *UpdateFirewallDescriptionInput) (*UpdateFirewallDescriptionOutput, error) {
req, out := c.UpdateFirewallDescriptionRequest(input)
return out, req.Send()
}
// UpdateFirewallDescriptionWithContext is the same as UpdateFirewallDescription with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateFirewallDescription for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) UpdateFirewallDescriptionWithContext(ctx aws.Context, input *UpdateFirewallDescriptionInput, opts ...request.Option) (*UpdateFirewallDescriptionOutput, error) {
req, out := c.UpdateFirewallDescriptionRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opUpdateFirewallEncryptionConfiguration = "UpdateFirewallEncryptionConfiguration"
// UpdateFirewallEncryptionConfigurationRequest generates a "aws/request.Request" representing the
// client's request for the UpdateFirewallEncryptionConfiguration operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateFirewallEncryptionConfiguration for more information on using the UpdateFirewallEncryptionConfiguration
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the UpdateFirewallEncryptionConfigurationRequest method.
// req, resp := client.UpdateFirewallEncryptionConfigurationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfiguration
func (c *NetworkFirewall) UpdateFirewallEncryptionConfigurationRequest(input *UpdateFirewallEncryptionConfigurationInput) (req *request.Request, output *UpdateFirewallEncryptionConfigurationOutput) {
op := &request.Operation{
Name: opUpdateFirewallEncryptionConfiguration,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &UpdateFirewallEncryptionConfigurationInput{}
}
output = &UpdateFirewallEncryptionConfigurationOutput{}
req = c.newRequest(op, input, output)
return
}
// UpdateFirewallEncryptionConfiguration API operation for AWS Network Firewall.
//
// A complex type that contains settings for encryption of your firewall resources.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation UpdateFirewallEncryptionConfiguration for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InvalidTokenException
// The token you provided is stale or isn't valid for the operation.
//
// - ResourceOwnerCheckException
// Unable to change the resource because your account doesn't own it.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallEncryptionConfiguration
func (c *NetworkFirewall) UpdateFirewallEncryptionConfiguration(input *UpdateFirewallEncryptionConfigurationInput) (*UpdateFirewallEncryptionConfigurationOutput, error) {
req, out := c.UpdateFirewallEncryptionConfigurationRequest(input)
return out, req.Send()
}
// UpdateFirewallEncryptionConfigurationWithContext is the same as UpdateFirewallEncryptionConfiguration with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateFirewallEncryptionConfiguration for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) UpdateFirewallEncryptionConfigurationWithContext(ctx aws.Context, input *UpdateFirewallEncryptionConfigurationInput, opts ...request.Option) (*UpdateFirewallEncryptionConfigurationOutput, error) {
req, out := c.UpdateFirewallEncryptionConfigurationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opUpdateFirewallPolicy = "UpdateFirewallPolicy"
// UpdateFirewallPolicyRequest generates a "aws/request.Request" representing the
// client's request for the UpdateFirewallPolicy operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateFirewallPolicy for more information on using the UpdateFirewallPolicy
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the UpdateFirewallPolicyRequest method.
// req, resp := client.UpdateFirewallPolicyRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicy
func (c *NetworkFirewall) UpdateFirewallPolicyRequest(input *UpdateFirewallPolicyInput) (req *request.Request, output *UpdateFirewallPolicyOutput) {
op := &request.Operation{
Name: opUpdateFirewallPolicy,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &UpdateFirewallPolicyInput{}
}
output = &UpdateFirewallPolicyOutput{}
req = c.newRequest(op, input, output)
return
}
// UpdateFirewallPolicy API operation for AWS Network Firewall.
//
// Updates the properties of the specified firewall policy.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation UpdateFirewallPolicy for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - InvalidTokenException
// The token you provided is stale or isn't valid for the operation.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicy
func (c *NetworkFirewall) UpdateFirewallPolicy(input *UpdateFirewallPolicyInput) (*UpdateFirewallPolicyOutput, error) {
req, out := c.UpdateFirewallPolicyRequest(input)
return out, req.Send()
}
// UpdateFirewallPolicyWithContext is the same as UpdateFirewallPolicy with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateFirewallPolicy for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) UpdateFirewallPolicyWithContext(ctx aws.Context, input *UpdateFirewallPolicyInput, opts ...request.Option) (*UpdateFirewallPolicyOutput, error) {
req, out := c.UpdateFirewallPolicyRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opUpdateFirewallPolicyChangeProtection = "UpdateFirewallPolicyChangeProtection"
// UpdateFirewallPolicyChangeProtectionRequest generates a "aws/request.Request" representing the
// client's request for the UpdateFirewallPolicyChangeProtection operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateFirewallPolicyChangeProtection for more information on using the UpdateFirewallPolicyChangeProtection
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the UpdateFirewallPolicyChangeProtectionRequest method.
// req, resp := client.UpdateFirewallPolicyChangeProtectionRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicyChangeProtection
func (c *NetworkFirewall) UpdateFirewallPolicyChangeProtectionRequest(input *UpdateFirewallPolicyChangeProtectionInput) (req *request.Request, output *UpdateFirewallPolicyChangeProtectionOutput) {
op := &request.Operation{
Name: opUpdateFirewallPolicyChangeProtection,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &UpdateFirewallPolicyChangeProtectionInput{}
}
output = &UpdateFirewallPolicyChangeProtectionOutput{}
req = c.newRequest(op, input, output)
return
}
// UpdateFirewallPolicyChangeProtection API operation for AWS Network Firewall.
//
// Modifies the flag, ChangeProtection, which indicates whether it is possible
// to change the firewall. If the flag is set to TRUE, the firewall is protected
// from changes. This setting helps protect against accidentally changing a
// firewall that's in use.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation UpdateFirewallPolicyChangeProtection for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InvalidTokenException
// The token you provided is stale or isn't valid for the operation.
//
// - ResourceOwnerCheckException
// Unable to change the resource because your account doesn't own it.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateFirewallPolicyChangeProtection
func (c *NetworkFirewall) UpdateFirewallPolicyChangeProtection(input *UpdateFirewallPolicyChangeProtectionInput) (*UpdateFirewallPolicyChangeProtectionOutput, error) {
req, out := c.UpdateFirewallPolicyChangeProtectionRequest(input)
return out, req.Send()
}
// UpdateFirewallPolicyChangeProtectionWithContext is the same as UpdateFirewallPolicyChangeProtection with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateFirewallPolicyChangeProtection for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) UpdateFirewallPolicyChangeProtectionWithContext(ctx aws.Context, input *UpdateFirewallPolicyChangeProtectionInput, opts ...request.Option) (*UpdateFirewallPolicyChangeProtectionOutput, error) {
req, out := c.UpdateFirewallPolicyChangeProtectionRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opUpdateLoggingConfiguration = "UpdateLoggingConfiguration"
// UpdateLoggingConfigurationRequest generates a "aws/request.Request" representing the
// client's request for the UpdateLoggingConfiguration operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateLoggingConfiguration for more information on using the UpdateLoggingConfiguration
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the UpdateLoggingConfigurationRequest method.
// req, resp := client.UpdateLoggingConfigurationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateLoggingConfiguration
func (c *NetworkFirewall) UpdateLoggingConfigurationRequest(input *UpdateLoggingConfigurationInput) (req *request.Request, output *UpdateLoggingConfigurationOutput) {
op := &request.Operation{
Name: opUpdateLoggingConfiguration,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &UpdateLoggingConfigurationInput{}
}
output = &UpdateLoggingConfigurationOutput{}
req = c.newRequest(op, input, output)
return
}
// UpdateLoggingConfiguration API operation for AWS Network Firewall.
//
// Sets the logging configuration for the specified firewall.
//
// To change the logging configuration, retrieve the LoggingConfiguration by
// calling DescribeLoggingConfiguration, then change it and provide the modified
// object to this update call. You must change the logging configuration one
// LogDestinationConfig at a time inside the retrieved LoggingConfiguration
// object.
//
// You can perform only one of the following actions in any call to UpdateLoggingConfiguration:
//
// - Create a new log destination object by adding a single LogDestinationConfig
// array element to LogDestinationConfigs.
//
// - Delete a log destination object by removing a single LogDestinationConfig
// array element from LogDestinationConfigs.
//
// - Change the LogDestination setting in a single LogDestinationConfig array
// element.
//
// You can't change the LogDestinationType or LogType in a LogDestinationConfig.
// To change these settings, delete the existing LogDestinationConfig object
// and create a new one, using two separate calls to this update operation.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation UpdateLoggingConfiguration for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InvalidTokenException
// The token you provided is stale or isn't valid for the operation.
//
// - LogDestinationPermissionException
// Unable to send logs to a configured logging destination.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateLoggingConfiguration
func (c *NetworkFirewall) UpdateLoggingConfiguration(input *UpdateLoggingConfigurationInput) (*UpdateLoggingConfigurationOutput, error) {
req, out := c.UpdateLoggingConfigurationRequest(input)
return out, req.Send()
}
// UpdateLoggingConfigurationWithContext is the same as UpdateLoggingConfiguration with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateLoggingConfiguration for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) UpdateLoggingConfigurationWithContext(ctx aws.Context, input *UpdateLoggingConfigurationInput, opts ...request.Option) (*UpdateLoggingConfigurationOutput, error) {
req, out := c.UpdateLoggingConfigurationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opUpdateRuleGroup = "UpdateRuleGroup"
// UpdateRuleGroupRequest generates a "aws/request.Request" representing the
// client's request for the UpdateRuleGroup operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateRuleGroup for more information on using the UpdateRuleGroup
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the UpdateRuleGroupRequest method.
// req, resp := client.UpdateRuleGroupRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup
func (c *NetworkFirewall) UpdateRuleGroupRequest(input *UpdateRuleGroupInput) (req *request.Request, output *UpdateRuleGroupOutput) {
op := &request.Operation{
Name: opUpdateRuleGroup,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &UpdateRuleGroupInput{}
}
output = &UpdateRuleGroupOutput{}
req = c.newRequest(op, input, output)
return
}
// UpdateRuleGroup API operation for AWS Network Firewall.
//
// Updates the rule settings for the specified rule group. You use a rule group
// by reference in one or more firewall policies. When you modify a rule group,
// you modify all firewall policies that use the rule group.
//
// To update a rule group, first call DescribeRuleGroup to retrieve the current
// RuleGroup object, update the object as needed, and then provide the updated
// object to this call.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation UpdateRuleGroup for usage and error information.
//
// Returned Error Types:
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - InvalidTokenException
// The token you provided is stale or isn't valid for the operation.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateRuleGroup
func (c *NetworkFirewall) UpdateRuleGroup(input *UpdateRuleGroupInput) (*UpdateRuleGroupOutput, error) {
req, out := c.UpdateRuleGroupRequest(input)
return out, req.Send()
}
// UpdateRuleGroupWithContext is the same as UpdateRuleGroup with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateRuleGroup for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) UpdateRuleGroupWithContext(ctx aws.Context, input *UpdateRuleGroupInput, opts ...request.Option) (*UpdateRuleGroupOutput, error) {
req, out := c.UpdateRuleGroupRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opUpdateSubnetChangeProtection = "UpdateSubnetChangeProtection"
// UpdateSubnetChangeProtectionRequest generates a "aws/request.Request" representing the
// client's request for the UpdateSubnetChangeProtection operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateSubnetChangeProtection for more information on using the UpdateSubnetChangeProtection
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the UpdateSubnetChangeProtectionRequest method.
// req, resp := client.UpdateSubnetChangeProtectionRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateSubnetChangeProtection
func (c *NetworkFirewall) UpdateSubnetChangeProtectionRequest(input *UpdateSubnetChangeProtectionInput) (req *request.Request, output *UpdateSubnetChangeProtectionOutput) {
op := &request.Operation{
Name: opUpdateSubnetChangeProtection,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &UpdateSubnetChangeProtectionInput{}
}
output = &UpdateSubnetChangeProtectionOutput{}
req = c.newRequest(op, input, output)
return
}
// UpdateSubnetChangeProtection API operation for AWS Network Firewall.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation UpdateSubnetChangeProtection for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InvalidTokenException
// The token you provided is stale or isn't valid for the operation.
//
// - ResourceOwnerCheckException
// Unable to change the resource because your account doesn't own it.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateSubnetChangeProtection
func (c *NetworkFirewall) UpdateSubnetChangeProtection(input *UpdateSubnetChangeProtectionInput) (*UpdateSubnetChangeProtectionOutput, error) {
req, out := c.UpdateSubnetChangeProtectionRequest(input)
return out, req.Send()
}
// UpdateSubnetChangeProtectionWithContext is the same as UpdateSubnetChangeProtection with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateSubnetChangeProtection for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) UpdateSubnetChangeProtectionWithContext(ctx aws.Context, input *UpdateSubnetChangeProtectionInput, opts ...request.Option) (*UpdateSubnetChangeProtectionOutput, error) {
req, out := c.UpdateSubnetChangeProtectionRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
const opUpdateTLSInspectionConfiguration = "UpdateTLSInspectionConfiguration"
// UpdateTLSInspectionConfigurationRequest generates a "aws/request.Request" representing the
// client's request for the UpdateTLSInspectionConfiguration operation. The "output" return
// value will be populated with the request's response once the request completes
// successfully.
//
// Use "Send" method on the returned Request to send the API call to the service.
// the "output" return value is not valid until after Send returns without error.
//
// See UpdateTLSInspectionConfiguration for more information on using the UpdateTLSInspectionConfiguration
// API call, and error handling.
//
// This method is useful when you want to inject custom logic or configuration
// into the SDK's request lifecycle. Such as custom headers, or retry logic.
//
// // Example sending a request using the UpdateTLSInspectionConfigurationRequest method.
// req, resp := client.UpdateTLSInspectionConfigurationRequest(params)
//
// err := req.Send()
// if err == nil { // resp is now filled
// fmt.Println(resp)
// }
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateTLSInspectionConfiguration
func (c *NetworkFirewall) UpdateTLSInspectionConfigurationRequest(input *UpdateTLSInspectionConfigurationInput) (req *request.Request, output *UpdateTLSInspectionConfigurationOutput) {
op := &request.Operation{
Name: opUpdateTLSInspectionConfiguration,
HTTPMethod: "POST",
HTTPPath: "/",
}
if input == nil {
input = &UpdateTLSInspectionConfigurationInput{}
}
output = &UpdateTLSInspectionConfigurationOutput{}
req = c.newRequest(op, input, output)
return
}
// UpdateTLSInspectionConfiguration API operation for AWS Network Firewall.
//
// Updates the TLS inspection configuration settings for the specified TLS inspection
// configuration. You use a TLS inspection configuration by referencing it in
// one or more firewall policies. When you modify a TLS inspection configuration,
// you modify all firewall policies that use the TLS inspection configuration.
//
// To update a TLS inspection configuration, first call DescribeTLSInspectionConfiguration
// to retrieve the current TLSInspectionConfiguration object, update the object
// as needed, and then provide the updated object to this call.
//
// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
// with awserr.Error's Code and Message methods to get detailed information about
// the error.
//
// See the AWS API reference guide for AWS Network Firewall's
// API operation UpdateTLSInspectionConfiguration for usage and error information.
//
// Returned Error Types:
//
// - InvalidRequestException
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
//
// - ResourceNotFoundException
// Unable to locate a resource using the parameters that you provided.
//
// - ThrottlingException
// Unable to process the request due to throttling limitations.
//
// - InternalServerError
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
//
// - InvalidTokenException
// The token you provided is stale or isn't valid for the operation.
//
// See also, https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/UpdateTLSInspectionConfiguration
func (c *NetworkFirewall) UpdateTLSInspectionConfiguration(input *UpdateTLSInspectionConfigurationInput) (*UpdateTLSInspectionConfigurationOutput, error) {
req, out := c.UpdateTLSInspectionConfigurationRequest(input)
return out, req.Send()
}
// UpdateTLSInspectionConfigurationWithContext is the same as UpdateTLSInspectionConfiguration with the addition of
// the ability to pass a context and additional request options.
//
// See UpdateTLSInspectionConfiguration for details on how to use this API operation.
//
// The context must be non-nil and will be used for request cancellation. If
// the context is nil a panic will occur. In the future the SDK may create
// sub-contexts for http.Requests. See https://golang.org/pkg/context/
// for more information on using Contexts.
func (c *NetworkFirewall) UpdateTLSInspectionConfigurationWithContext(ctx aws.Context, input *UpdateTLSInspectionConfigurationInput, opts ...request.Option) (*UpdateTLSInspectionConfigurationOutput, error) {
req, out := c.UpdateTLSInspectionConfigurationRequest(input)
req.SetContext(ctx)
req.ApplyOptions(opts...)
return out, req.Send()
}
// A custom action to use in stateless rule actions settings. This is used in
// CustomAction.
type ActionDefinition struct {
_ struct{} `type:"structure"`
// Stateless inspection criteria that publishes the specified metrics to Amazon
// CloudWatch for the matching packet. This setting defines a CloudWatch dimension
// value to be published.
//
// You can pair this custom action with any of the standard stateless rule actions.
// For example, you could pair this in a rule action with the standard action
// that forwards the packet for stateful inspection. Then, when a packet matches
// the rule, Network Firewall publishes metrics for the packet and forwards
// it.
PublishMetricAction *PublishMetricAction `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ActionDefinition) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ActionDefinition) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ActionDefinition) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ActionDefinition"}
if s.PublishMetricAction != nil {
if err := s.PublishMetricAction.Validate(); err != nil {
invalidParams.AddNested("PublishMetricAction", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetPublishMetricAction sets the PublishMetricAction field's value.
func (s *ActionDefinition) SetPublishMetricAction(v *PublishMetricAction) *ActionDefinition {
s.PublishMetricAction = v
return s
}
// A single IP address specification. This is used in the MatchAttributes source
// and destination specifications.
type Address struct {
_ struct{} `type:"structure"`
// Specify an IP address or a block of IP addresses in Classless Inter-Domain
// Routing (CIDR) notation. Network Firewall supports all address ranges for
// IPv4 and IPv6.
//
// Examples:
//
// * To configure Network Firewall to inspect for the IP address 192.0.2.44,
// specify 192.0.2.44/32.
//
// * To configure Network Firewall to inspect for IP addresses from 192.0.2.0
// to 192.0.2.255, specify 192.0.2.0/24.
//
// * To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111,
// specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
//
// * To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000
// to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
//
// For more information about CIDR notation, see the Wikipedia entry Classless
// Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
//
// AddressDefinition is a required field
AddressDefinition *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Address) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Address) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *Address) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "Address"}
if s.AddressDefinition == nil {
invalidParams.Add(request.NewErrParamRequired("AddressDefinition"))
}
if s.AddressDefinition != nil && len(*s.AddressDefinition) < 1 {
invalidParams.Add(request.NewErrParamMinLen("AddressDefinition", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAddressDefinition sets the AddressDefinition field's value.
func (s *Address) SetAddressDefinition(v string) *Address {
s.AddressDefinition = &v
return s
}
// The analysis result for Network Firewall's stateless rule group analyzer.
// Every time you call CreateRuleGroup, UpdateRuleGroup, or DescribeRuleGroup
// on a stateless rule group, Network Firewall analyzes the stateless rule groups
// in your account and identifies the rules that might adversely effect your
// firewall's functionality. For example, if Network Firewall detects a rule
// that's routing traffic asymmetrically, which impacts the service's ability
// to properly process traffic, the service includes the rule in a list of analysis
// results.
type AnalysisResult struct {
_ struct{} `type:"structure"`
// Provides analysis details for the identified rule.
AnalysisDetail *string `type:"string"`
// The priority number of the stateless rules identified in the analysis.
IdentifiedRuleIds []*string `type:"list"`
// The types of rule configurations that Network Firewall analyzes your rule
// groups for. Network Firewall analyzes stateless rule groups for the following
// types of rule configurations:
//
// * STATELESS_RULE_FORWARDING_ASYMMETRICALLY Cause: One or more stateless
// rules with the action pass or forward are forwarding traffic asymmetrically.
// Specifically, the rule's set of source IP addresses or their associated
// port numbers, don't match the set of destination IP addresses or their
// associated port numbers. To mitigate: Make sure that there's an existing
// return path. For example, if the rule allows traffic from source 10.1.0.0/24
// to destination 20.1.0.0/24, you should allow return traffic from source
// 20.1.0.0/24 to destination 10.1.0.0/24.
//
// * STATELESS_RULE_CONTAINS_TCP_FLAGS Cause: At least one stateless rule
// with the action pass orforward contains TCP flags that are inconsistent
// in the forward and return directions. To mitigate: Prevent asymmetric
// routing issues caused by TCP flags by following these actions: Remove
// unnecessary TCP flag inspections from the rules. If you need to inspect
// TCP flags, check that the rules correctly account for changes in TCP flags
// throughout the TCP connection cycle, for example SYN and ACK flags used
// in a 3-way TCP handshake.
IdentifiedType *string `type:"string" enum:"IdentifiedType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AnalysisResult) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AnalysisResult) GoString() string {
return s.String()
}
// SetAnalysisDetail sets the AnalysisDetail field's value.
func (s *AnalysisResult) SetAnalysisDetail(v string) *AnalysisResult {
s.AnalysisDetail = &v
return s
}
// SetIdentifiedRuleIds sets the IdentifiedRuleIds field's value.
func (s *AnalysisResult) SetIdentifiedRuleIds(v []*string) *AnalysisResult {
s.IdentifiedRuleIds = v
return s
}
// SetIdentifiedType sets the IdentifiedType field's value.
func (s *AnalysisResult) SetIdentifiedType(v string) *AnalysisResult {
s.IdentifiedType = &v
return s
}
type AssociateFirewallPolicyInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
//
// You must specify the ARN or the name, and you can specify both.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallName *string `min:"1" type:"string"`
// The Amazon Resource Name (ARN) of the firewall policy.
//
// FirewallPolicyArn is a required field
FirewallPolicyArn *string `min:"1" type:"string" required:"true"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AssociateFirewallPolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AssociateFirewallPolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *AssociateFirewallPolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "AssociateFirewallPolicyInput"}
if s.FirewallArn != nil && len(*s.FirewallArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallArn", 1))
}
if s.FirewallName != nil && len(*s.FirewallName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallName", 1))
}
if s.FirewallPolicyArn == nil {
invalidParams.Add(request.NewErrParamRequired("FirewallPolicyArn"))
}
if s.FirewallPolicyArn != nil && len(*s.FirewallPolicyArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallPolicyArn", 1))
}
if s.UpdateToken != nil && len(*s.UpdateToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("UpdateToken", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *AssociateFirewallPolicyInput) SetFirewallArn(v string) *AssociateFirewallPolicyInput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *AssociateFirewallPolicyInput) SetFirewallName(v string) *AssociateFirewallPolicyInput {
s.FirewallName = &v
return s
}
// SetFirewallPolicyArn sets the FirewallPolicyArn field's value.
func (s *AssociateFirewallPolicyInput) SetFirewallPolicyArn(v string) *AssociateFirewallPolicyInput {
s.FirewallPolicyArn = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *AssociateFirewallPolicyInput) SetUpdateToken(v string) *AssociateFirewallPolicyInput {
s.UpdateToken = &v
return s
}
type AssociateFirewallPolicyOutput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
FirewallName *string `min:"1" type:"string"`
// The Amazon Resource Name (ARN) of the firewall policy.
FirewallPolicyArn *string `min:"1" type:"string"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AssociateFirewallPolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AssociateFirewallPolicyOutput) GoString() string {
return s.String()
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *AssociateFirewallPolicyOutput) SetFirewallArn(v string) *AssociateFirewallPolicyOutput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *AssociateFirewallPolicyOutput) SetFirewallName(v string) *AssociateFirewallPolicyOutput {
s.FirewallName = &v
return s
}
// SetFirewallPolicyArn sets the FirewallPolicyArn field's value.
func (s *AssociateFirewallPolicyOutput) SetFirewallPolicyArn(v string) *AssociateFirewallPolicyOutput {
s.FirewallPolicyArn = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *AssociateFirewallPolicyOutput) SetUpdateToken(v string) *AssociateFirewallPolicyOutput {
s.UpdateToken = &v
return s
}
type AssociateSubnetsInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
//
// You must specify the ARN or the name, and you can specify both.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallName *string `min:"1" type:"string"`
// The IDs of the subnets that you want to associate with the firewall.
//
// SubnetMappings is a required field
SubnetMappings []*SubnetMapping `type:"list" required:"true"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AssociateSubnetsInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AssociateSubnetsInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *AssociateSubnetsInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "AssociateSubnetsInput"}
if s.FirewallArn != nil && len(*s.FirewallArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallArn", 1))
}
if s.FirewallName != nil && len(*s.FirewallName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallName", 1))
}
if s.SubnetMappings == nil {
invalidParams.Add(request.NewErrParamRequired("SubnetMappings"))
}
if s.UpdateToken != nil && len(*s.UpdateToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("UpdateToken", 1))
}
if s.SubnetMappings != nil {
for i, v := range s.SubnetMappings {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "SubnetMappings", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *AssociateSubnetsInput) SetFirewallArn(v string) *AssociateSubnetsInput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *AssociateSubnetsInput) SetFirewallName(v string) *AssociateSubnetsInput {
s.FirewallName = &v
return s
}
// SetSubnetMappings sets the SubnetMappings field's value.
func (s *AssociateSubnetsInput) SetSubnetMappings(v []*SubnetMapping) *AssociateSubnetsInput {
s.SubnetMappings = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *AssociateSubnetsInput) SetUpdateToken(v string) *AssociateSubnetsInput {
s.UpdateToken = &v
return s
}
type AssociateSubnetsOutput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
FirewallName *string `min:"1" type:"string"`
// The IDs of the subnets that are associated with the firewall.
SubnetMappings []*SubnetMapping `type:"list"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AssociateSubnetsOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s AssociateSubnetsOutput) GoString() string {
return s.String()
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *AssociateSubnetsOutput) SetFirewallArn(v string) *AssociateSubnetsOutput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *AssociateSubnetsOutput) SetFirewallName(v string) *AssociateSubnetsOutput {
s.FirewallName = &v
return s
}
// SetSubnetMappings sets the SubnetMappings field's value.
func (s *AssociateSubnetsOutput) SetSubnetMappings(v []*SubnetMapping) *AssociateSubnetsOutput {
s.SubnetMappings = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *AssociateSubnetsOutput) SetUpdateToken(v string) *AssociateSubnetsOutput {
s.UpdateToken = &v
return s
}
// The configuration and status for a single subnet that you've specified for
// use by the Network Firewall firewall. This is part of the FirewallStatus.
type Attachment struct {
_ struct{} `type:"structure"`
// The identifier of the firewall endpoint that Network Firewall has instantiated
// in the subnet. You use this to identify the firewall endpoint in the VPC
// route tables, when you redirect the VPC traffic through the endpoint.
EndpointId *string `type:"string"`
// The current status of the firewall endpoint in the subnet. This value reflects
// both the instantiation of the endpoint in the VPC subnet and the sync states
// that are reported in the Config settings. When this value is READY, the endpoint
// is available and configured properly to handle network traffic. When the
// endpoint isn't available for traffic, this value will reflect its state,
// for example CREATING or DELETING.
Status *string `type:"string" enum:"AttachmentStatus"`
// If Network Firewall fails to create or delete the firewall endpoint in the
// subnet, it populates this with the reason for the error or failure and how
// to resolve it. A FAILED status indicates a non-recoverable state, and a ERROR
// status indicates an issue that you can fix. Depending on the error, it can
// take as many as 15 minutes to populate this field. For more information about
// the causes for failiure or errors and solutions available for this field,
// see Troubleshooting firewall endpoint failures (https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-troubleshooting-endpoint-failures.html)
// in the Network Firewall Developer Guide.
StatusMessage *string `type:"string"`
// The unique identifier of the subnet that you've specified to be used for
// a firewall endpoint.
SubnetId *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Attachment) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Attachment) GoString() string {
return s.String()
}
// SetEndpointId sets the EndpointId field's value.
func (s *Attachment) SetEndpointId(v string) *Attachment {
s.EndpointId = &v
return s
}
// SetStatus sets the Status field's value.
func (s *Attachment) SetStatus(v string) *Attachment {
s.Status = &v
return s
}
// SetStatusMessage sets the StatusMessage field's value.
func (s *Attachment) SetStatusMessage(v string) *Attachment {
s.StatusMessage = &v
return s
}
// SetSubnetId sets the SubnetId field's value.
func (s *Attachment) SetSubnetId(v string) *Attachment {
s.SubnetId = &v
return s
}
// Summarizes the CIDR blocks used by the IP set references in a firewall. Network
// Firewall calculates the number of CIDRs by taking an aggregated count of
// all CIDRs used by the IP sets you are referencing.
type CIDRSummary struct {
_ struct{} `type:"structure"`
// The number of CIDR blocks available for use by the IP set references in a
// firewall.
AvailableCIDRCount *int64 `type:"integer"`
// The list of the IP set references used by a firewall.
IPSetReferences map[string]*IPSetMetadata `type:"map"`
// The number of CIDR blocks used by the IP set references in a firewall.
UtilizedCIDRCount *int64 `type:"integer"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CIDRSummary) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CIDRSummary) GoString() string {
return s.String()
}
// SetAvailableCIDRCount sets the AvailableCIDRCount field's value.
func (s *CIDRSummary) SetAvailableCIDRCount(v int64) *CIDRSummary {
s.AvailableCIDRCount = &v
return s
}
// SetIPSetReferences sets the IPSetReferences field's value.
func (s *CIDRSummary) SetIPSetReferences(v map[string]*IPSetMetadata) *CIDRSummary {
s.IPSetReferences = v
return s
}
// SetUtilizedCIDRCount sets the UtilizedCIDRCount field's value.
func (s *CIDRSummary) SetUtilizedCIDRCount(v int64) *CIDRSummary {
s.UtilizedCIDRCount = &v
return s
}
// The capacity usage summary of the resources used by the ReferenceSets in
// a firewall.
type CapacityUsageSummary struct {
_ struct{} `type:"structure"`
// Describes the capacity usage of the CIDR blocks used by the IP set references
// in a firewall.
CIDRs *CIDRSummary `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CapacityUsageSummary) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CapacityUsageSummary) GoString() string {
return s.String()
}
// SetCIDRs sets the CIDRs field's value.
func (s *CapacityUsageSummary) SetCIDRs(v *CIDRSummary) *CapacityUsageSummary {
s.CIDRs = v
return s
}
// Defines the actions to take on the SSL/TLS connection if the certificate
// presented by the server in the connection has a revoked or unknown status.
type CheckCertificateRevocationStatusActions struct {
_ struct{} `type:"structure"`
// Configures how Network Firewall processes traffic when it determines that
// the certificate presented by the server in the SSL/TLS connection has a revoked
// status.
//
// * PASS - Allow the connection to continue, and pass subsequent packets
// to the stateful engine for inspection.
//
// * DROP - Network Firewall closes the connection and drops subsequent packets
// for that connection.
//
// * REJECT - Network Firewall sends a TCP reject packet back to your client.
// The service closes the connection and drops subsequent packets for that
// connection. REJECT is available only for TCP traffic.
RevokedStatusAction *string `type:"string" enum:"RevocationCheckAction"`
// Configures how Network Firewall processes traffic when it determines that
// the certificate presented by the server in the SSL/TLS connection has an
// unknown status, or a status that cannot be determined for any other reason,
// including when the service is unable to connect to the OCSP and CRL endpoints
// for the certificate.
//
// * PASS - Allow the connection to continue, and pass subsequent packets
// to the stateful engine for inspection.
//
// * DROP - Network Firewall closes the connection and drops subsequent packets
// for that connection.
//
// * REJECT - Network Firewall sends a TCP reject packet back to your client.
// The service closes the connection and drops subsequent packets for that
// connection. REJECT is available only for TCP traffic.
UnknownStatusAction *string `type:"string" enum:"RevocationCheckAction"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CheckCertificateRevocationStatusActions) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CheckCertificateRevocationStatusActions) GoString() string {
return s.String()
}
// SetRevokedStatusAction sets the RevokedStatusAction field's value.
func (s *CheckCertificateRevocationStatusActions) SetRevokedStatusAction(v string) *CheckCertificateRevocationStatusActions {
s.RevokedStatusAction = &v
return s
}
// SetUnknownStatusAction sets the UnknownStatusAction field's value.
func (s *CheckCertificateRevocationStatusActions) SetUnknownStatusAction(v string) *CheckCertificateRevocationStatusActions {
s.UnknownStatusAction = &v
return s
}
type CreateFirewallInput struct {
_ struct{} `type:"structure"`
// A flag indicating whether it is possible to delete the firewall. A setting
// of TRUE indicates that the firewall is protected against deletion. Use this
// setting to protect against accidentally deleting a firewall that is in use.
// When you create a firewall, the operation initializes this flag to TRUE.
DeleteProtection *bool `type:"boolean"`
// A description of the firewall.
Description *string `type:"string"`
// A complex type that contains settings for encryption of your firewall resources.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
//
// FirewallName is a required field
FirewallName *string `min:"1" type:"string" required:"true"`
// The Amazon Resource Name (ARN) of the FirewallPolicy that you want to use
// for the firewall.
//
// FirewallPolicyArn is a required field
FirewallPolicyArn *string `min:"1" type:"string" required:"true"`
// A setting indicating whether the firewall is protected against a change to
// the firewall policy association. Use this setting to protect against accidentally
// modifying the firewall policy for a firewall that is in use. When you create
// a firewall, the operation initializes this setting to TRUE.
FirewallPolicyChangeProtection *bool `type:"boolean"`
// A setting indicating whether the firewall is protected against changes to
// the subnet associations. Use this setting to protect against accidentally
// modifying the subnet associations for a firewall that is in use. When you
// create a firewall, the operation initializes this setting to TRUE.
SubnetChangeProtection *bool `type:"boolean"`
// The public subnets to use for your Network Firewall firewalls. Each subnet
// must belong to a different Availability Zone in the VPC. Network Firewall
// creates a firewall endpoint in each subnet.
//
// SubnetMappings is a required field
SubnetMappings []*SubnetMapping `type:"list" required:"true"`
// The key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
// The unique identifier of the VPC where Network Firewall should create the
// firewall.
//
// You can't change this setting after you create the firewall.
//
// VpcId is a required field
VpcId *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateFirewallInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateFirewallInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateFirewallInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CreateFirewallInput"}
if s.FirewallName == nil {
invalidParams.Add(request.NewErrParamRequired("FirewallName"))
}
if s.FirewallName != nil && len(*s.FirewallName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallName", 1))
}
if s.FirewallPolicyArn == nil {
invalidParams.Add(request.NewErrParamRequired("FirewallPolicyArn"))
}
if s.FirewallPolicyArn != nil && len(*s.FirewallPolicyArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallPolicyArn", 1))
}
if s.SubnetMappings == nil {
invalidParams.Add(request.NewErrParamRequired("SubnetMappings"))
}
if s.Tags != nil && len(s.Tags) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
}
if s.VpcId == nil {
invalidParams.Add(request.NewErrParamRequired("VpcId"))
}
if s.VpcId != nil && len(*s.VpcId) < 1 {
invalidParams.Add(request.NewErrParamMinLen("VpcId", 1))
}
if s.EncryptionConfiguration != nil {
if err := s.EncryptionConfiguration.Validate(); err != nil {
invalidParams.AddNested("EncryptionConfiguration", err.(request.ErrInvalidParams))
}
}
if s.SubnetMappings != nil {
for i, v := range s.SubnetMappings {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "SubnetMappings", i), err.(request.ErrInvalidParams))
}
}
}
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetDeleteProtection sets the DeleteProtection field's value.
func (s *CreateFirewallInput) SetDeleteProtection(v bool) *CreateFirewallInput {
s.DeleteProtection = &v
return s
}
// SetDescription sets the Description field's value.
func (s *CreateFirewallInput) SetDescription(v string) *CreateFirewallInput {
s.Description = &v
return s
}
// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
func (s *CreateFirewallInput) SetEncryptionConfiguration(v *EncryptionConfiguration) *CreateFirewallInput {
s.EncryptionConfiguration = v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *CreateFirewallInput) SetFirewallName(v string) *CreateFirewallInput {
s.FirewallName = &v
return s
}
// SetFirewallPolicyArn sets the FirewallPolicyArn field's value.
func (s *CreateFirewallInput) SetFirewallPolicyArn(v string) *CreateFirewallInput {
s.FirewallPolicyArn = &v
return s
}
// SetFirewallPolicyChangeProtection sets the FirewallPolicyChangeProtection field's value.
func (s *CreateFirewallInput) SetFirewallPolicyChangeProtection(v bool) *CreateFirewallInput {
s.FirewallPolicyChangeProtection = &v
return s
}
// SetSubnetChangeProtection sets the SubnetChangeProtection field's value.
func (s *CreateFirewallInput) SetSubnetChangeProtection(v bool) *CreateFirewallInput {
s.SubnetChangeProtection = &v
return s
}
// SetSubnetMappings sets the SubnetMappings field's value.
func (s *CreateFirewallInput) SetSubnetMappings(v []*SubnetMapping) *CreateFirewallInput {
s.SubnetMappings = v
return s
}
// SetTags sets the Tags field's value.
func (s *CreateFirewallInput) SetTags(v []*Tag) *CreateFirewallInput {
s.Tags = v
return s
}
// SetVpcId sets the VpcId field's value.
func (s *CreateFirewallInput) SetVpcId(v string) *CreateFirewallInput {
s.VpcId = &v
return s
}
type CreateFirewallOutput struct {
_ struct{} `type:"structure"`
// The configuration settings for the firewall. These settings include the firewall
// policy and the subnets in your VPC to use for the firewall endpoints.
Firewall *Firewall `type:"structure"`
// Detailed information about the current status of a Firewall. You can retrieve
// this for a firewall by calling DescribeFirewall and providing the firewall
// name and ARN.
FirewallStatus *FirewallStatus `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateFirewallOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateFirewallOutput) GoString() string {
return s.String()
}
// SetFirewall sets the Firewall field's value.
func (s *CreateFirewallOutput) SetFirewall(v *Firewall) *CreateFirewallOutput {
s.Firewall = v
return s
}
// SetFirewallStatus sets the FirewallStatus field's value.
func (s *CreateFirewallOutput) SetFirewallStatus(v *FirewallStatus) *CreateFirewallOutput {
s.FirewallStatus = v
return s
}
type CreateFirewallPolicyInput struct {
_ struct{} `type:"structure"`
// A description of the firewall policy.
Description *string `type:"string"`
// Indicates whether you want Network Firewall to just check the validity of
// the request, rather than run the request.
//
// If set to TRUE, Network Firewall checks whether the request can run successfully,
// but doesn't actually make the requested changes. The call returns the value
// that the request would return if you ran it with dry run set to FALSE, but
// doesn't make additions or changes to your resources. This option allows you
// to make sure that you have the required permissions to run the request and
// that your request parameters are valid.
//
// If set to FALSE, Network Firewall makes the requested changes to your resources.
DryRun *bool `type:"boolean"`
// A complex type that contains settings for encryption of your firewall policy
// resources.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
// The rule groups and policy actions to use in the firewall policy.
//
// FirewallPolicy is a required field
FirewallPolicy *FirewallPolicy `type:"structure" required:"true"`
// The descriptive name of the firewall policy. You can't change the name of
// a firewall policy after you create it.
//
// FirewallPolicyName is a required field
FirewallPolicyName *string `min:"1" type:"string" required:"true"`
// The key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateFirewallPolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateFirewallPolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateFirewallPolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CreateFirewallPolicyInput"}
if s.FirewallPolicy == nil {
invalidParams.Add(request.NewErrParamRequired("FirewallPolicy"))
}
if s.FirewallPolicyName == nil {
invalidParams.Add(request.NewErrParamRequired("FirewallPolicyName"))
}
if s.FirewallPolicyName != nil && len(*s.FirewallPolicyName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallPolicyName", 1))
}
if s.Tags != nil && len(s.Tags) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
}
if s.EncryptionConfiguration != nil {
if err := s.EncryptionConfiguration.Validate(); err != nil {
invalidParams.AddNested("EncryptionConfiguration", err.(request.ErrInvalidParams))
}
}
if s.FirewallPolicy != nil {
if err := s.FirewallPolicy.Validate(); err != nil {
invalidParams.AddNested("FirewallPolicy", err.(request.ErrInvalidParams))
}
}
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetDescription sets the Description field's value.
func (s *CreateFirewallPolicyInput) SetDescription(v string) *CreateFirewallPolicyInput {
s.Description = &v
return s
}
// SetDryRun sets the DryRun field's value.
func (s *CreateFirewallPolicyInput) SetDryRun(v bool) *CreateFirewallPolicyInput {
s.DryRun = &v
return s
}
// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
func (s *CreateFirewallPolicyInput) SetEncryptionConfiguration(v *EncryptionConfiguration) *CreateFirewallPolicyInput {
s.EncryptionConfiguration = v
return s
}
// SetFirewallPolicy sets the FirewallPolicy field's value.
func (s *CreateFirewallPolicyInput) SetFirewallPolicy(v *FirewallPolicy) *CreateFirewallPolicyInput {
s.FirewallPolicy = v
return s
}
// SetFirewallPolicyName sets the FirewallPolicyName field's value.
func (s *CreateFirewallPolicyInput) SetFirewallPolicyName(v string) *CreateFirewallPolicyInput {
s.FirewallPolicyName = &v
return s
}
// SetTags sets the Tags field's value.
func (s *CreateFirewallPolicyInput) SetTags(v []*Tag) *CreateFirewallPolicyInput {
s.Tags = v
return s
}
type CreateFirewallPolicyOutput struct {
_ struct{} `type:"structure"`
// The high-level properties of a firewall policy. This, along with the FirewallPolicy,
// define the policy. You can retrieve all objects for a firewall policy by
// calling DescribeFirewallPolicy.
//
// FirewallPolicyResponse is a required field
FirewallPolicyResponse *FirewallPolicyResponse `type:"structure" required:"true"`
// A token used for optimistic locking. Network Firewall returns a token to
// your requests that access the firewall policy. The token marks the state
// of the policy resource at the time of the request.
//
// To make changes to the policy, you provide the token in your request. Network
// Firewall uses the token to ensure that the policy hasn't changed since you
// last retrieved it. If it has changed, the operation fails with an InvalidTokenException.
// If this happens, retrieve the firewall policy again to get a current copy
// of it with current token. Reapply your changes as needed, then try the operation
// again using the new token.
//
// UpdateToken is a required field
UpdateToken *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateFirewallPolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateFirewallPolicyOutput) GoString() string {
return s.String()
}
// SetFirewallPolicyResponse sets the FirewallPolicyResponse field's value.
func (s *CreateFirewallPolicyOutput) SetFirewallPolicyResponse(v *FirewallPolicyResponse) *CreateFirewallPolicyOutput {
s.FirewallPolicyResponse = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *CreateFirewallPolicyOutput) SetUpdateToken(v string) *CreateFirewallPolicyOutput {
s.UpdateToken = &v
return s
}
type CreateRuleGroupInput struct {
_ struct{} `type:"structure"`
// Indicates whether you want Network Firewall to analyze the stateless rules
// in the rule group for rule behavior such as asymmetric routing. If set to
// TRUE, Network Firewall runs the analysis and then creates the rule group
// for you. To run the stateless rule group analyzer without creating the rule
// group, set DryRun to TRUE.
AnalyzeRuleGroup *bool `type:"boolean"`
// The maximum operating resources that this rule group can use. Rule group
// capacity is fixed at creation. When you update a rule group, you are limited
// to this capacity. When you reference a rule group from a firewall policy,
// Network Firewall reserves this capacity for the rule group.
//
// You can retrieve the capacity that would be required for a rule group before
// you create the rule group by calling CreateRuleGroup with DryRun set to TRUE.
//
// You can't change or exceed this capacity when you update the rule group,
// so leave room for your rule group to grow.
//
// Capacity for a stateless rule group
//
// For a stateless rule group, the capacity required is the sum of the capacity
// requirements of the individual rules that you expect to have in the rule
// group.
//
// To calculate the capacity requirement of a single rule, multiply the capacity
// requirement values of each of the rule's match settings:
//
// * A match setting with no criteria specified has a value of 1.
//
// * A match setting with Any specified has a value of 1.
//
// * All other match settings have a value equal to the number of elements
// provided in the setting. For example, a protocol setting ["UDP"] and a
// source setting ["10.0.0.0/24"] each have a value of 1. A protocol setting
// ["UDP","TCP"] has a value of 2. A source setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"]
// has a value of 3.
//
// A rule with no criteria specified in any of its match settings has a capacity
// requirement of 1. A rule with protocol setting ["UDP","TCP"], source setting
// ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"], and a single specification or
// no specification for each of the other match settings has a capacity requirement
// of 6.
//
// Capacity for a stateful rule group
//
// For a stateful rule group, the minimum capacity required is the number of
// individual rules that you expect to have in the rule group.
//
// Capacity is a required field
Capacity *int64 `type:"integer" required:"true"`
// A description of the rule group.
Description *string `type:"string"`
// Indicates whether you want Network Firewall to just check the validity of
// the request, rather than run the request.
//
// If set to TRUE, Network Firewall checks whether the request can run successfully,
// but doesn't actually make the requested changes. The call returns the value
// that the request would return if you ran it with dry run set to FALSE, but
// doesn't make additions or changes to your resources. This option allows you
// to make sure that you have the required permissions to run the request and
// that your request parameters are valid.
//
// If set to FALSE, Network Firewall makes the requested changes to your resources.
DryRun *bool `type:"boolean"`
// A complex type that contains settings for encryption of your rule group resources.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
// An object that defines the rule group rules.
//
// You must provide either this rule group setting or a Rules setting, but not
// both.
RuleGroup *RuleGroup `type:"structure"`
// The descriptive name of the rule group. You can't change the name of a rule
// group after you create it.
//
// RuleGroupName is a required field
RuleGroupName *string `min:"1" type:"string" required:"true"`
// A string containing stateful rule group rules specifications in Suricata
// flat format, with one rule per line. Use this to import your existing Suricata
// compatible rule groups.
//
// You must provide either this rules setting or a populated RuleGroup setting,
// but not both.
//
// You can provide your rule group specification in Suricata flat format through
// this setting when you create or update your rule group. The call response
// returns a RuleGroup object that Network Firewall has populated from your
// string.
Rules *string `type:"string"`
// A complex type that contains metadata about the rule group that your own
// rule group is copied from. You can use the metadata to keep track of updates
// made to the originating rule group.
SourceMetadata *SourceMetadata `type:"structure"`
// The key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
// Indicates whether the rule group is stateless or stateful. If the rule group
// is stateless, it contains stateless rules. If it is stateful, it contains
// stateful rules.
//
// Type is a required field
Type *string `type:"string" required:"true" enum:"RuleGroupType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateRuleGroupInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateRuleGroupInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateRuleGroupInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CreateRuleGroupInput"}
if s.Capacity == nil {
invalidParams.Add(request.NewErrParamRequired("Capacity"))
}
if s.RuleGroupName == nil {
invalidParams.Add(request.NewErrParamRequired("RuleGroupName"))
}
if s.RuleGroupName != nil && len(*s.RuleGroupName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("RuleGroupName", 1))
}
if s.Tags != nil && len(s.Tags) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
}
if s.Type == nil {
invalidParams.Add(request.NewErrParamRequired("Type"))
}
if s.EncryptionConfiguration != nil {
if err := s.EncryptionConfiguration.Validate(); err != nil {
invalidParams.AddNested("EncryptionConfiguration", err.(request.ErrInvalidParams))
}
}
if s.RuleGroup != nil {
if err := s.RuleGroup.Validate(); err != nil {
invalidParams.AddNested("RuleGroup", err.(request.ErrInvalidParams))
}
}
if s.SourceMetadata != nil {
if err := s.SourceMetadata.Validate(); err != nil {
invalidParams.AddNested("SourceMetadata", err.(request.ErrInvalidParams))
}
}
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAnalyzeRuleGroup sets the AnalyzeRuleGroup field's value.
func (s *CreateRuleGroupInput) SetAnalyzeRuleGroup(v bool) *CreateRuleGroupInput {
s.AnalyzeRuleGroup = &v
return s
}
// SetCapacity sets the Capacity field's value.
func (s *CreateRuleGroupInput) SetCapacity(v int64) *CreateRuleGroupInput {
s.Capacity = &v
return s
}
// SetDescription sets the Description field's value.
func (s *CreateRuleGroupInput) SetDescription(v string) *CreateRuleGroupInput {
s.Description = &v
return s
}
// SetDryRun sets the DryRun field's value.
func (s *CreateRuleGroupInput) SetDryRun(v bool) *CreateRuleGroupInput {
s.DryRun = &v
return s
}
// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
func (s *CreateRuleGroupInput) SetEncryptionConfiguration(v *EncryptionConfiguration) *CreateRuleGroupInput {
s.EncryptionConfiguration = v
return s
}
// SetRuleGroup sets the RuleGroup field's value.
func (s *CreateRuleGroupInput) SetRuleGroup(v *RuleGroup) *CreateRuleGroupInput {
s.RuleGroup = v
return s
}
// SetRuleGroupName sets the RuleGroupName field's value.
func (s *CreateRuleGroupInput) SetRuleGroupName(v string) *CreateRuleGroupInput {
s.RuleGroupName = &v
return s
}
// SetRules sets the Rules field's value.
func (s *CreateRuleGroupInput) SetRules(v string) *CreateRuleGroupInput {
s.Rules = &v
return s
}
// SetSourceMetadata sets the SourceMetadata field's value.
func (s *CreateRuleGroupInput) SetSourceMetadata(v *SourceMetadata) *CreateRuleGroupInput {
s.SourceMetadata = v
return s
}
// SetTags sets the Tags field's value.
func (s *CreateRuleGroupInput) SetTags(v []*Tag) *CreateRuleGroupInput {
s.Tags = v
return s
}
// SetType sets the Type field's value.
func (s *CreateRuleGroupInput) SetType(v string) *CreateRuleGroupInput {
s.Type = &v
return s
}
type CreateRuleGroupOutput struct {
_ struct{} `type:"structure"`
// The high-level properties of a rule group. This, along with the RuleGroup,
// define the rule group. You can retrieve all objects for a rule group by calling
// DescribeRuleGroup.
//
// RuleGroupResponse is a required field
RuleGroupResponse *RuleGroupResponse `type:"structure" required:"true"`
// A token used for optimistic locking. Network Firewall returns a token to
// your requests that access the rule group. The token marks the state of the
// rule group resource at the time of the request.
//
// To make changes to the rule group, you provide the token in your request.
// Network Firewall uses the token to ensure that the rule group hasn't changed
// since you last retrieved it. If it has changed, the operation fails with
// an InvalidTokenException. If this happens, retrieve the rule group again
// to get a current copy of it with a current token. Reapply your changes as
// needed, then try the operation again using the new token.
//
// UpdateToken is a required field
UpdateToken *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateRuleGroupOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateRuleGroupOutput) GoString() string {
return s.String()
}
// SetRuleGroupResponse sets the RuleGroupResponse field's value.
func (s *CreateRuleGroupOutput) SetRuleGroupResponse(v *RuleGroupResponse) *CreateRuleGroupOutput {
s.RuleGroupResponse = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *CreateRuleGroupOutput) SetUpdateToken(v string) *CreateRuleGroupOutput {
s.UpdateToken = &v
return s
}
type CreateTLSInspectionConfigurationInput struct {
_ struct{} `type:"structure"`
// A description of the TLS inspection configuration.
Description *string `type:"string"`
// A complex type that contains optional Amazon Web Services Key Management
// Service (KMS) encryption settings for your Network Firewall resources. Your
// data is encrypted by default with an Amazon Web Services owned key that Amazon
// Web Services owns and manages for you. You can use either the Amazon Web
// Services owned key, or provide your own customer managed key. To learn more
// about KMS encryption of your Network Firewall resources, see Encryption at
// rest with Amazon Web Services Key Managment Service (https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html)
// in the Network Firewall Developer Guide.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
// The object that defines a TLS inspection configuration. This, along with
// TLSInspectionConfigurationResponse, define the TLS inspection configuration.
// You can retrieve all objects for a TLS inspection configuration by calling
// DescribeTLSInspectionConfiguration.
//
// Network Firewall uses a TLS inspection configuration to decrypt traffic.
// Network Firewall re-encrypts the traffic before sending it to its destination.
//
// To use a TLS inspection configuration, you add it to a new Network Firewall
// firewall policy, then you apply the firewall policy to a firewall. Network
// Firewall acts as a proxy service to decrypt and inspect the traffic traveling
// through your firewalls. You can reference a TLS inspection configuration
// from more than one firewall policy, and you can use a firewall policy in
// more than one firewall. For more information about using TLS inspection configurations,
// see Inspecting SSL/TLS traffic with TLS inspection configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html)
// in the Network Firewall Developer Guide.
//
// TLSInspectionConfiguration is a required field
TLSInspectionConfiguration *TLSInspectionConfiguration `type:"structure" required:"true"`
// The descriptive name of the TLS inspection configuration. You can't change
// the name of a TLS inspection configuration after you create it.
//
// TLSInspectionConfigurationName is a required field
TLSInspectionConfigurationName *string `min:"1" type:"string" required:"true"`
// The key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTLSInspectionConfigurationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTLSInspectionConfigurationInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CreateTLSInspectionConfigurationInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CreateTLSInspectionConfigurationInput"}
if s.TLSInspectionConfiguration == nil {
invalidParams.Add(request.NewErrParamRequired("TLSInspectionConfiguration"))
}
if s.TLSInspectionConfigurationName == nil {
invalidParams.Add(request.NewErrParamRequired("TLSInspectionConfigurationName"))
}
if s.TLSInspectionConfigurationName != nil && len(*s.TLSInspectionConfigurationName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("TLSInspectionConfigurationName", 1))
}
if s.Tags != nil && len(s.Tags) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
}
if s.EncryptionConfiguration != nil {
if err := s.EncryptionConfiguration.Validate(); err != nil {
invalidParams.AddNested("EncryptionConfiguration", err.(request.ErrInvalidParams))
}
}
if s.TLSInspectionConfiguration != nil {
if err := s.TLSInspectionConfiguration.Validate(); err != nil {
invalidParams.AddNested("TLSInspectionConfiguration", err.(request.ErrInvalidParams))
}
}
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetDescription sets the Description field's value.
func (s *CreateTLSInspectionConfigurationInput) SetDescription(v string) *CreateTLSInspectionConfigurationInput {
s.Description = &v
return s
}
// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
func (s *CreateTLSInspectionConfigurationInput) SetEncryptionConfiguration(v *EncryptionConfiguration) *CreateTLSInspectionConfigurationInput {
s.EncryptionConfiguration = v
return s
}
// SetTLSInspectionConfiguration sets the TLSInspectionConfiguration field's value.
func (s *CreateTLSInspectionConfigurationInput) SetTLSInspectionConfiguration(v *TLSInspectionConfiguration) *CreateTLSInspectionConfigurationInput {
s.TLSInspectionConfiguration = v
return s
}
// SetTLSInspectionConfigurationName sets the TLSInspectionConfigurationName field's value.
func (s *CreateTLSInspectionConfigurationInput) SetTLSInspectionConfigurationName(v string) *CreateTLSInspectionConfigurationInput {
s.TLSInspectionConfigurationName = &v
return s
}
// SetTags sets the Tags field's value.
func (s *CreateTLSInspectionConfigurationInput) SetTags(v []*Tag) *CreateTLSInspectionConfigurationInput {
s.Tags = v
return s
}
type CreateTLSInspectionConfigurationOutput struct {
_ struct{} `type:"structure"`
// The high-level properties of a TLS inspection configuration. This, along
// with the TLSInspectionConfiguration, define the TLS inspection configuration.
// You can retrieve all objects for a TLS inspection configuration by calling
// DescribeTLSInspectionConfiguration.
//
// TLSInspectionConfigurationResponse is a required field
TLSInspectionConfigurationResponse *TLSInspectionConfigurationResponse `type:"structure" required:"true"`
// A token used for optimistic locking. Network Firewall returns a token to
// your requests that access the TLS inspection configuration. The token marks
// the state of the TLS inspection configuration resource at the time of the
// request.
//
// To make changes to the TLS inspection configuration, you provide the token
// in your request. Network Firewall uses the token to ensure that the TLS inspection
// configuration hasn't changed since you last retrieved it. If it has changed,
// the operation fails with an InvalidTokenException. If this happens, retrieve
// the TLS inspection configuration again to get a current copy of it with a
// current token. Reapply your changes as needed, then try the operation again
// using the new token.
//
// UpdateToken is a required field
UpdateToken *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTLSInspectionConfigurationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CreateTLSInspectionConfigurationOutput) GoString() string {
return s.String()
}
// SetTLSInspectionConfigurationResponse sets the TLSInspectionConfigurationResponse field's value.
func (s *CreateTLSInspectionConfigurationOutput) SetTLSInspectionConfigurationResponse(v *TLSInspectionConfigurationResponse) *CreateTLSInspectionConfigurationOutput {
s.TLSInspectionConfigurationResponse = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *CreateTLSInspectionConfigurationOutput) SetUpdateToken(v string) *CreateTLSInspectionConfigurationOutput {
s.UpdateToken = &v
return s
}
// An optional, non-standard action to use for stateless packet handling. You
// can define this in addition to the standard action that you must specify.
//
// You define and name the custom actions that you want to be able to use, and
// then you reference them by name in your actions settings.
//
// You can use custom actions in the following places:
//
// - In a rule group's StatelessRulesAndCustomActions specification. The
// custom actions are available for use by name inside the StatelessRulesAndCustomActions
// where you define them. You can use them for your stateless rule actions
// to specify what to do with a packet that matches the rule's match attributes.
//
// - In a FirewallPolicy specification, in StatelessCustomActions. The custom
// actions are available for use inside the policy where you define them.
// You can use them for the policy's default stateless actions settings to
// specify what to do with packets that don't match any of the policy's stateless
// rules.
type CustomAction struct {
_ struct{} `type:"structure"`
// The custom action associated with the action name.
//
// ActionDefinition is a required field
ActionDefinition *ActionDefinition `type:"structure" required:"true"`
// The descriptive name of the custom action. You can't change the name of a
// custom action after you create it.
//
// ActionName is a required field
ActionName *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CustomAction) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s CustomAction) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *CustomAction) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "CustomAction"}
if s.ActionDefinition == nil {
invalidParams.Add(request.NewErrParamRequired("ActionDefinition"))
}
if s.ActionName == nil {
invalidParams.Add(request.NewErrParamRequired("ActionName"))
}
if s.ActionName != nil && len(*s.ActionName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ActionName", 1))
}
if s.ActionDefinition != nil {
if err := s.ActionDefinition.Validate(); err != nil {
invalidParams.AddNested("ActionDefinition", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetActionDefinition sets the ActionDefinition field's value.
func (s *CustomAction) SetActionDefinition(v *ActionDefinition) *CustomAction {
s.ActionDefinition = v
return s
}
// SetActionName sets the ActionName field's value.
func (s *CustomAction) SetActionName(v string) *CustomAction {
s.ActionName = &v
return s
}
type DeleteFirewallInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
//
// You must specify the ARN or the name, and you can specify both.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallName *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteFirewallInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteFirewallInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteFirewallInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DeleteFirewallInput"}
if s.FirewallArn != nil && len(*s.FirewallArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallArn", 1))
}
if s.FirewallName != nil && len(*s.FirewallName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallName", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *DeleteFirewallInput) SetFirewallArn(v string) *DeleteFirewallInput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *DeleteFirewallInput) SetFirewallName(v string) *DeleteFirewallInput {
s.FirewallName = &v
return s
}
type DeleteFirewallOutput struct {
_ struct{} `type:"structure"`
// The firewall defines the configuration settings for an Network Firewall firewall.
// These settings include the firewall policy, the subnets in your VPC to use
// for the firewall endpoints, and any tags that are attached to the firewall
// Amazon Web Services resource.
//
// The status of the firewall, for example whether it's ready to filter network
// traffic, is provided in the corresponding FirewallStatus. You can retrieve
// both objects by calling DescribeFirewall.
Firewall *Firewall `type:"structure"`
// Detailed information about the current status of a Firewall. You can retrieve
// this for a firewall by calling DescribeFirewall and providing the firewall
// name and ARN.
FirewallStatus *FirewallStatus `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteFirewallOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteFirewallOutput) GoString() string {
return s.String()
}
// SetFirewall sets the Firewall field's value.
func (s *DeleteFirewallOutput) SetFirewall(v *Firewall) *DeleteFirewallOutput {
s.Firewall = v
return s
}
// SetFirewallStatus sets the FirewallStatus field's value.
func (s *DeleteFirewallOutput) SetFirewallStatus(v *FirewallStatus) *DeleteFirewallOutput {
s.FirewallStatus = v
return s
}
type DeleteFirewallPolicyInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall policy.
//
// You must specify the ARN or the name, and you can specify both.
FirewallPolicyArn *string `min:"1" type:"string"`
// The descriptive name of the firewall policy. You can't change the name of
// a firewall policy after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallPolicyName *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteFirewallPolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteFirewallPolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteFirewallPolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DeleteFirewallPolicyInput"}
if s.FirewallPolicyArn != nil && len(*s.FirewallPolicyArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallPolicyArn", 1))
}
if s.FirewallPolicyName != nil && len(*s.FirewallPolicyName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallPolicyName", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFirewallPolicyArn sets the FirewallPolicyArn field's value.
func (s *DeleteFirewallPolicyInput) SetFirewallPolicyArn(v string) *DeleteFirewallPolicyInput {
s.FirewallPolicyArn = &v
return s
}
// SetFirewallPolicyName sets the FirewallPolicyName field's value.
func (s *DeleteFirewallPolicyInput) SetFirewallPolicyName(v string) *DeleteFirewallPolicyInput {
s.FirewallPolicyName = &v
return s
}
type DeleteFirewallPolicyOutput struct {
_ struct{} `type:"structure"`
// The object containing the definition of the FirewallPolicyResponse that you
// asked to delete.
//
// FirewallPolicyResponse is a required field
FirewallPolicyResponse *FirewallPolicyResponse `type:"structure" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteFirewallPolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteFirewallPolicyOutput) GoString() string {
return s.String()
}
// SetFirewallPolicyResponse sets the FirewallPolicyResponse field's value.
func (s *DeleteFirewallPolicyOutput) SetFirewallPolicyResponse(v *FirewallPolicyResponse) *DeleteFirewallPolicyOutput {
s.FirewallPolicyResponse = v
return s
}
type DeleteResourcePolicyInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the rule group or firewall policy whose
// resource policy you want to delete.
//
// ResourceArn is a required field
ResourceArn *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteResourcePolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteResourcePolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteResourcePolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DeleteResourcePolicyInput"}
if s.ResourceArn == nil {
invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
}
if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetResourceArn sets the ResourceArn field's value.
func (s *DeleteResourcePolicyInput) SetResourceArn(v string) *DeleteResourcePolicyInput {
s.ResourceArn = &v
return s
}
type DeleteResourcePolicyOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteResourcePolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteResourcePolicyOutput) GoString() string {
return s.String()
}
type DeleteRuleGroupInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the rule group.
//
// You must specify the ARN or the name, and you can specify both.
RuleGroupArn *string `min:"1" type:"string"`
// The descriptive name of the rule group. You can't change the name of a rule
// group after you create it.
//
// You must specify the ARN or the name, and you can specify both.
RuleGroupName *string `min:"1" type:"string"`
// Indicates whether the rule group is stateless or stateful. If the rule group
// is stateless, it contains stateless rules. If it is stateful, it contains
// stateful rules.
//
// This setting is required for requests that do not include the RuleGroupARN.
Type *string `type:"string" enum:"RuleGroupType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRuleGroupInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRuleGroupInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteRuleGroupInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DeleteRuleGroupInput"}
if s.RuleGroupArn != nil && len(*s.RuleGroupArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("RuleGroupArn", 1))
}
if s.RuleGroupName != nil && len(*s.RuleGroupName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("RuleGroupName", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetRuleGroupArn sets the RuleGroupArn field's value.
func (s *DeleteRuleGroupInput) SetRuleGroupArn(v string) *DeleteRuleGroupInput {
s.RuleGroupArn = &v
return s
}
// SetRuleGroupName sets the RuleGroupName field's value.
func (s *DeleteRuleGroupInput) SetRuleGroupName(v string) *DeleteRuleGroupInput {
s.RuleGroupName = &v
return s
}
// SetType sets the Type field's value.
func (s *DeleteRuleGroupInput) SetType(v string) *DeleteRuleGroupInput {
s.Type = &v
return s
}
type DeleteRuleGroupOutput struct {
_ struct{} `type:"structure"`
// The high-level properties of a rule group. This, along with the RuleGroup,
// define the rule group. You can retrieve all objects for a rule group by calling
// DescribeRuleGroup.
//
// RuleGroupResponse is a required field
RuleGroupResponse *RuleGroupResponse `type:"structure" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRuleGroupOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteRuleGroupOutput) GoString() string {
return s.String()
}
// SetRuleGroupResponse sets the RuleGroupResponse field's value.
func (s *DeleteRuleGroupOutput) SetRuleGroupResponse(v *RuleGroupResponse) *DeleteRuleGroupOutput {
s.RuleGroupResponse = v
return s
}
type DeleteTLSInspectionConfigurationInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the TLS inspection configuration.
//
// You must specify the ARN or the name, and you can specify both.
TLSInspectionConfigurationArn *string `min:"1" type:"string"`
// The descriptive name of the TLS inspection configuration. You can't change
// the name of a TLS inspection configuration after you create it.
//
// You must specify the ARN or the name, and you can specify both.
TLSInspectionConfigurationName *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteTLSInspectionConfigurationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteTLSInspectionConfigurationInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DeleteTLSInspectionConfigurationInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DeleteTLSInspectionConfigurationInput"}
if s.TLSInspectionConfigurationArn != nil && len(*s.TLSInspectionConfigurationArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("TLSInspectionConfigurationArn", 1))
}
if s.TLSInspectionConfigurationName != nil && len(*s.TLSInspectionConfigurationName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("TLSInspectionConfigurationName", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetTLSInspectionConfigurationArn sets the TLSInspectionConfigurationArn field's value.
func (s *DeleteTLSInspectionConfigurationInput) SetTLSInspectionConfigurationArn(v string) *DeleteTLSInspectionConfigurationInput {
s.TLSInspectionConfigurationArn = &v
return s
}
// SetTLSInspectionConfigurationName sets the TLSInspectionConfigurationName field's value.
func (s *DeleteTLSInspectionConfigurationInput) SetTLSInspectionConfigurationName(v string) *DeleteTLSInspectionConfigurationInput {
s.TLSInspectionConfigurationName = &v
return s
}
type DeleteTLSInspectionConfigurationOutput struct {
_ struct{} `type:"structure"`
// The high-level properties of a TLS inspection configuration. This, along
// with the TLSInspectionConfiguration, define the TLS inspection configuration.
// You can retrieve all objects for a TLS inspection configuration by calling
// DescribeTLSInspectionConfiguration.
//
// TLSInspectionConfigurationResponse is a required field
TLSInspectionConfigurationResponse *TLSInspectionConfigurationResponse `type:"structure" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteTLSInspectionConfigurationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DeleteTLSInspectionConfigurationOutput) GoString() string {
return s.String()
}
// SetTLSInspectionConfigurationResponse sets the TLSInspectionConfigurationResponse field's value.
func (s *DeleteTLSInspectionConfigurationOutput) SetTLSInspectionConfigurationResponse(v *TLSInspectionConfigurationResponse) *DeleteTLSInspectionConfigurationOutput {
s.TLSInspectionConfigurationResponse = v
return s
}
type DescribeFirewallInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
//
// You must specify the ARN or the name, and you can specify both.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallName *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeFirewallInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeFirewallInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribeFirewallInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DescribeFirewallInput"}
if s.FirewallArn != nil && len(*s.FirewallArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallArn", 1))
}
if s.FirewallName != nil && len(*s.FirewallName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallName", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *DescribeFirewallInput) SetFirewallArn(v string) *DescribeFirewallInput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *DescribeFirewallInput) SetFirewallName(v string) *DescribeFirewallInput {
s.FirewallName = &v
return s
}
type DescribeFirewallOutput struct {
_ struct{} `type:"structure"`
// The configuration settings for the firewall. These settings include the firewall
// policy and the subnets in your VPC to use for the firewall endpoints.
Firewall *Firewall `type:"structure"`
// Detailed information about the current status of a Firewall. You can retrieve
// this for a firewall by calling DescribeFirewall and providing the firewall
// name and ARN.
FirewallStatus *FirewallStatus `type:"structure"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeFirewallOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeFirewallOutput) GoString() string {
return s.String()
}
// SetFirewall sets the Firewall field's value.
func (s *DescribeFirewallOutput) SetFirewall(v *Firewall) *DescribeFirewallOutput {
s.Firewall = v
return s
}
// SetFirewallStatus sets the FirewallStatus field's value.
func (s *DescribeFirewallOutput) SetFirewallStatus(v *FirewallStatus) *DescribeFirewallOutput {
s.FirewallStatus = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *DescribeFirewallOutput) SetUpdateToken(v string) *DescribeFirewallOutput {
s.UpdateToken = &v
return s
}
type DescribeFirewallPolicyInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall policy.
//
// You must specify the ARN or the name, and you can specify both.
FirewallPolicyArn *string `min:"1" type:"string"`
// The descriptive name of the firewall policy. You can't change the name of
// a firewall policy after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallPolicyName *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeFirewallPolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeFirewallPolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribeFirewallPolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DescribeFirewallPolicyInput"}
if s.FirewallPolicyArn != nil && len(*s.FirewallPolicyArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallPolicyArn", 1))
}
if s.FirewallPolicyName != nil && len(*s.FirewallPolicyName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallPolicyName", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFirewallPolicyArn sets the FirewallPolicyArn field's value.
func (s *DescribeFirewallPolicyInput) SetFirewallPolicyArn(v string) *DescribeFirewallPolicyInput {
s.FirewallPolicyArn = &v
return s
}
// SetFirewallPolicyName sets the FirewallPolicyName field's value.
func (s *DescribeFirewallPolicyInput) SetFirewallPolicyName(v string) *DescribeFirewallPolicyInput {
s.FirewallPolicyName = &v
return s
}
type DescribeFirewallPolicyOutput struct {
_ struct{} `type:"structure"`
// The policy for the specified firewall policy.
FirewallPolicy *FirewallPolicy `type:"structure"`
// The high-level properties of a firewall policy. This, along with the FirewallPolicy,
// define the policy. You can retrieve all objects for a firewall policy by
// calling DescribeFirewallPolicy.
//
// FirewallPolicyResponse is a required field
FirewallPolicyResponse *FirewallPolicyResponse `type:"structure" required:"true"`
// A token used for optimistic locking. Network Firewall returns a token to
// your requests that access the firewall policy. The token marks the state
// of the policy resource at the time of the request.
//
// To make changes to the policy, you provide the token in your request. Network
// Firewall uses the token to ensure that the policy hasn't changed since you
// last retrieved it. If it has changed, the operation fails with an InvalidTokenException.
// If this happens, retrieve the firewall policy again to get a current copy
// of it with current token. Reapply your changes as needed, then try the operation
// again using the new token.
//
// UpdateToken is a required field
UpdateToken *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeFirewallPolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeFirewallPolicyOutput) GoString() string {
return s.String()
}
// SetFirewallPolicy sets the FirewallPolicy field's value.
func (s *DescribeFirewallPolicyOutput) SetFirewallPolicy(v *FirewallPolicy) *DescribeFirewallPolicyOutput {
s.FirewallPolicy = v
return s
}
// SetFirewallPolicyResponse sets the FirewallPolicyResponse field's value.
func (s *DescribeFirewallPolicyOutput) SetFirewallPolicyResponse(v *FirewallPolicyResponse) *DescribeFirewallPolicyOutput {
s.FirewallPolicyResponse = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *DescribeFirewallPolicyOutput) SetUpdateToken(v string) *DescribeFirewallPolicyOutput {
s.UpdateToken = &v
return s
}
type DescribeLoggingConfigurationInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
//
// You must specify the ARN or the name, and you can specify both.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallName *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeLoggingConfigurationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeLoggingConfigurationInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribeLoggingConfigurationInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DescribeLoggingConfigurationInput"}
if s.FirewallArn != nil && len(*s.FirewallArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallArn", 1))
}
if s.FirewallName != nil && len(*s.FirewallName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallName", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *DescribeLoggingConfigurationInput) SetFirewallArn(v string) *DescribeLoggingConfigurationInput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *DescribeLoggingConfigurationInput) SetFirewallName(v string) *DescribeLoggingConfigurationInput {
s.FirewallName = &v
return s
}
type DescribeLoggingConfigurationOutput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
FirewallArn *string `min:"1" type:"string"`
// Defines how Network Firewall performs logging for a Firewall.
LoggingConfiguration *LoggingConfiguration `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeLoggingConfigurationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeLoggingConfigurationOutput) GoString() string {
return s.String()
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *DescribeLoggingConfigurationOutput) SetFirewallArn(v string) *DescribeLoggingConfigurationOutput {
s.FirewallArn = &v
return s
}
// SetLoggingConfiguration sets the LoggingConfiguration field's value.
func (s *DescribeLoggingConfigurationOutput) SetLoggingConfiguration(v *LoggingConfiguration) *DescribeLoggingConfigurationOutput {
s.LoggingConfiguration = v
return s
}
type DescribeResourcePolicyInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the rule group or firewall policy whose
// resource policy you want to retrieve.
//
// ResourceArn is a required field
ResourceArn *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeResourcePolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeResourcePolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribeResourcePolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DescribeResourcePolicyInput"}
if s.ResourceArn == nil {
invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
}
if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetResourceArn sets the ResourceArn field's value.
func (s *DescribeResourcePolicyInput) SetResourceArn(v string) *DescribeResourcePolicyInput {
s.ResourceArn = &v
return s
}
type DescribeResourcePolicyOutput struct {
_ struct{} `type:"structure"`
// The IAM policy for the resource.
Policy *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeResourcePolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeResourcePolicyOutput) GoString() string {
return s.String()
}
// SetPolicy sets the Policy field's value.
func (s *DescribeResourcePolicyOutput) SetPolicy(v string) *DescribeResourcePolicyOutput {
s.Policy = &v
return s
}
type DescribeRuleGroupInput struct {
_ struct{} `type:"structure"`
// Indicates whether you want Network Firewall to analyze the stateless rules
// in the rule group for rule behavior such as asymmetric routing. If set to
// TRUE, Network Firewall runs the analysis.
AnalyzeRuleGroup *bool `type:"boolean"`
// The Amazon Resource Name (ARN) of the rule group.
//
// You must specify the ARN or the name, and you can specify both.
RuleGroupArn *string `min:"1" type:"string"`
// The descriptive name of the rule group. You can't change the name of a rule
// group after you create it.
//
// You must specify the ARN or the name, and you can specify both.
RuleGroupName *string `min:"1" type:"string"`
// Indicates whether the rule group is stateless or stateful. If the rule group
// is stateless, it contains stateless rules. If it is stateful, it contains
// stateful rules.
//
// This setting is required for requests that do not include the RuleGroupARN.
Type *string `type:"string" enum:"RuleGroupType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeRuleGroupInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeRuleGroupInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribeRuleGroupInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DescribeRuleGroupInput"}
if s.RuleGroupArn != nil && len(*s.RuleGroupArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("RuleGroupArn", 1))
}
if s.RuleGroupName != nil && len(*s.RuleGroupName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("RuleGroupName", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAnalyzeRuleGroup sets the AnalyzeRuleGroup field's value.
func (s *DescribeRuleGroupInput) SetAnalyzeRuleGroup(v bool) *DescribeRuleGroupInput {
s.AnalyzeRuleGroup = &v
return s
}
// SetRuleGroupArn sets the RuleGroupArn field's value.
func (s *DescribeRuleGroupInput) SetRuleGroupArn(v string) *DescribeRuleGroupInput {
s.RuleGroupArn = &v
return s
}
// SetRuleGroupName sets the RuleGroupName field's value.
func (s *DescribeRuleGroupInput) SetRuleGroupName(v string) *DescribeRuleGroupInput {
s.RuleGroupName = &v
return s
}
// SetType sets the Type field's value.
func (s *DescribeRuleGroupInput) SetType(v string) *DescribeRuleGroupInput {
s.Type = &v
return s
}
type DescribeRuleGroupMetadataInput struct {
_ struct{} `type:"structure"`
// The descriptive name of the rule group. You can't change the name of a rule
// group after you create it.
//
// You must specify the ARN or the name, and you can specify both.
RuleGroupArn *string `min:"1" type:"string"`
// The descriptive name of the rule group. You can't change the name of a rule
// group after you create it.
//
// You must specify the ARN or the name, and you can specify both.
RuleGroupName *string `min:"1" type:"string"`
// Indicates whether the rule group is stateless or stateful. If the rule group
// is stateless, it contains stateless rules. If it is stateful, it contains
// stateful rules.
//
// This setting is required for requests that do not include the RuleGroupARN.
Type *string `type:"string" enum:"RuleGroupType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeRuleGroupMetadataInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeRuleGroupMetadataInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribeRuleGroupMetadataInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DescribeRuleGroupMetadataInput"}
if s.RuleGroupArn != nil && len(*s.RuleGroupArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("RuleGroupArn", 1))
}
if s.RuleGroupName != nil && len(*s.RuleGroupName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("RuleGroupName", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetRuleGroupArn sets the RuleGroupArn field's value.
func (s *DescribeRuleGroupMetadataInput) SetRuleGroupArn(v string) *DescribeRuleGroupMetadataInput {
s.RuleGroupArn = &v
return s
}
// SetRuleGroupName sets the RuleGroupName field's value.
func (s *DescribeRuleGroupMetadataInput) SetRuleGroupName(v string) *DescribeRuleGroupMetadataInput {
s.RuleGroupName = &v
return s
}
// SetType sets the Type field's value.
func (s *DescribeRuleGroupMetadataInput) SetType(v string) *DescribeRuleGroupMetadataInput {
s.Type = &v
return s
}
type DescribeRuleGroupMetadataOutput struct {
_ struct{} `type:"structure"`
// The maximum operating resources that this rule group can use. Rule group
// capacity is fixed at creation. When you update a rule group, you are limited
// to this capacity. When you reference a rule group from a firewall policy,
// Network Firewall reserves this capacity for the rule group.
//
// You can retrieve the capacity that would be required for a rule group before
// you create the rule group by calling CreateRuleGroup with DryRun set to TRUE.
Capacity *int64 `type:"integer"`
// Returns the metadata objects for the specified rule group.
Description *string `type:"string"`
// The last time that the rule group was changed.
LastModifiedTime *time.Time `type:"timestamp"`
// The descriptive name of the rule group. You can't change the name of a rule
// group after you create it.
//
// You must specify the ARN or the name, and you can specify both.
//
// RuleGroupArn is a required field
RuleGroupArn *string `min:"1" type:"string" required:"true"`
// The descriptive name of the rule group. You can't change the name of a rule
// group after you create it.
//
// You must specify the ARN or the name, and you can specify both.
//
// RuleGroupName is a required field
RuleGroupName *string `min:"1" type:"string" required:"true"`
// Additional options governing how Network Firewall handles the rule group.
// You can only use these for stateful rule groups.
StatefulRuleOptions *StatefulRuleOptions `type:"structure"`
// Indicates whether the rule group is stateless or stateful. If the rule group
// is stateless, it contains stateless rules. If it is stateful, it contains
// stateful rules.
//
// This setting is required for requests that do not include the RuleGroupARN.
Type *string `type:"string" enum:"RuleGroupType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeRuleGroupMetadataOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeRuleGroupMetadataOutput) GoString() string {
return s.String()
}
// SetCapacity sets the Capacity field's value.
func (s *DescribeRuleGroupMetadataOutput) SetCapacity(v int64) *DescribeRuleGroupMetadataOutput {
s.Capacity = &v
return s
}
// SetDescription sets the Description field's value.
func (s *DescribeRuleGroupMetadataOutput) SetDescription(v string) *DescribeRuleGroupMetadataOutput {
s.Description = &v
return s
}
// SetLastModifiedTime sets the LastModifiedTime field's value.
func (s *DescribeRuleGroupMetadataOutput) SetLastModifiedTime(v time.Time) *DescribeRuleGroupMetadataOutput {
s.LastModifiedTime = &v
return s
}
// SetRuleGroupArn sets the RuleGroupArn field's value.
func (s *DescribeRuleGroupMetadataOutput) SetRuleGroupArn(v string) *DescribeRuleGroupMetadataOutput {
s.RuleGroupArn = &v
return s
}
// SetRuleGroupName sets the RuleGroupName field's value.
func (s *DescribeRuleGroupMetadataOutput) SetRuleGroupName(v string) *DescribeRuleGroupMetadataOutput {
s.RuleGroupName = &v
return s
}
// SetStatefulRuleOptions sets the StatefulRuleOptions field's value.
func (s *DescribeRuleGroupMetadataOutput) SetStatefulRuleOptions(v *StatefulRuleOptions) *DescribeRuleGroupMetadataOutput {
s.StatefulRuleOptions = v
return s
}
// SetType sets the Type field's value.
func (s *DescribeRuleGroupMetadataOutput) SetType(v string) *DescribeRuleGroupMetadataOutput {
s.Type = &v
return s
}
type DescribeRuleGroupOutput struct {
_ struct{} `type:"structure"`
// The object that defines the rules in a rule group. This, along with RuleGroupResponse,
// define the rule group. You can retrieve all objects for a rule group by calling
// DescribeRuleGroup.
//
// Network Firewall uses a rule group to inspect and control network traffic.
// You define stateless rule groups to inspect individual packets and you define
// stateful rule groups to inspect packets in the context of their traffic flow.
//
// To use a rule group, you include it by reference in an Network Firewall firewall
// policy, then you use the policy in a firewall. You can reference a rule group
// from more than one firewall policy, and you can use a firewall policy in
// more than one firewall.
RuleGroup *RuleGroup `type:"structure"`
// The high-level properties of a rule group. This, along with the RuleGroup,
// define the rule group. You can retrieve all objects for a rule group by calling
// DescribeRuleGroup.
//
// RuleGroupResponse is a required field
RuleGroupResponse *RuleGroupResponse `type:"structure" required:"true"`
// A token used for optimistic locking. Network Firewall returns a token to
// your requests that access the rule group. The token marks the state of the
// rule group resource at the time of the request.
//
// To make changes to the rule group, you provide the token in your request.
// Network Firewall uses the token to ensure that the rule group hasn't changed
// since you last retrieved it. If it has changed, the operation fails with
// an InvalidTokenException. If this happens, retrieve the rule group again
// to get a current copy of it with a current token. Reapply your changes as
// needed, then try the operation again using the new token.
//
// UpdateToken is a required field
UpdateToken *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeRuleGroupOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeRuleGroupOutput) GoString() string {
return s.String()
}
// SetRuleGroup sets the RuleGroup field's value.
func (s *DescribeRuleGroupOutput) SetRuleGroup(v *RuleGroup) *DescribeRuleGroupOutput {
s.RuleGroup = v
return s
}
// SetRuleGroupResponse sets the RuleGroupResponse field's value.
func (s *DescribeRuleGroupOutput) SetRuleGroupResponse(v *RuleGroupResponse) *DescribeRuleGroupOutput {
s.RuleGroupResponse = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *DescribeRuleGroupOutput) SetUpdateToken(v string) *DescribeRuleGroupOutput {
s.UpdateToken = &v
return s
}
type DescribeTLSInspectionConfigurationInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the TLS inspection configuration.
//
// You must specify the ARN or the name, and you can specify both.
TLSInspectionConfigurationArn *string `min:"1" type:"string"`
// The descriptive name of the TLS inspection configuration. You can't change
// the name of a TLS inspection configuration after you create it.
//
// You must specify the ARN or the name, and you can specify both.
TLSInspectionConfigurationName *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeTLSInspectionConfigurationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeTLSInspectionConfigurationInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DescribeTLSInspectionConfigurationInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DescribeTLSInspectionConfigurationInput"}
if s.TLSInspectionConfigurationArn != nil && len(*s.TLSInspectionConfigurationArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("TLSInspectionConfigurationArn", 1))
}
if s.TLSInspectionConfigurationName != nil && len(*s.TLSInspectionConfigurationName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("TLSInspectionConfigurationName", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetTLSInspectionConfigurationArn sets the TLSInspectionConfigurationArn field's value.
func (s *DescribeTLSInspectionConfigurationInput) SetTLSInspectionConfigurationArn(v string) *DescribeTLSInspectionConfigurationInput {
s.TLSInspectionConfigurationArn = &v
return s
}
// SetTLSInspectionConfigurationName sets the TLSInspectionConfigurationName field's value.
func (s *DescribeTLSInspectionConfigurationInput) SetTLSInspectionConfigurationName(v string) *DescribeTLSInspectionConfigurationInput {
s.TLSInspectionConfigurationName = &v
return s
}
type DescribeTLSInspectionConfigurationOutput struct {
_ struct{} `type:"structure"`
// The object that defines a TLS inspection configuration. This, along with
// TLSInspectionConfigurationResponse, define the TLS inspection configuration.
// You can retrieve all objects for a TLS inspection configuration by calling
// DescribeTLSInspectionConfiguration.
//
// Network Firewall uses a TLS inspection configuration to decrypt traffic.
// Network Firewall re-encrypts the traffic before sending it to its destination.
//
// To use a TLS inspection configuration, you add it to a new Network Firewall
// firewall policy, then you apply the firewall policy to a firewall. Network
// Firewall acts as a proxy service to decrypt and inspect the traffic traveling
// through your firewalls. You can reference a TLS inspection configuration
// from more than one firewall policy, and you can use a firewall policy in
// more than one firewall. For more information about using TLS inspection configurations,
// see Inspecting SSL/TLS traffic with TLS inspection configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html)
// in the Network Firewall Developer Guide.
TLSInspectionConfiguration *TLSInspectionConfiguration `type:"structure"`
// The high-level properties of a TLS inspection configuration. This, along
// with the TLSInspectionConfiguration, define the TLS inspection configuration.
// You can retrieve all objects for a TLS inspection configuration by calling
// DescribeTLSInspectionConfiguration.
//
// TLSInspectionConfigurationResponse is a required field
TLSInspectionConfigurationResponse *TLSInspectionConfigurationResponse `type:"structure" required:"true"`
// A token used for optimistic locking. Network Firewall returns a token to
// your requests that access the TLS inspection configuration. The token marks
// the state of the TLS inspection configuration resource at the time of the
// request.
//
// To make changes to the TLS inspection configuration, you provide the token
// in your request. Network Firewall uses the token to ensure that the TLS inspection
// configuration hasn't changed since you last retrieved it. If it has changed,
// the operation fails with an InvalidTokenException. If this happens, retrieve
// the TLS inspection configuration again to get a current copy of it with a
// current token. Reapply your changes as needed, then try the operation again
// using the new token.
//
// UpdateToken is a required field
UpdateToken *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeTLSInspectionConfigurationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DescribeTLSInspectionConfigurationOutput) GoString() string {
return s.String()
}
// SetTLSInspectionConfiguration sets the TLSInspectionConfiguration field's value.
func (s *DescribeTLSInspectionConfigurationOutput) SetTLSInspectionConfiguration(v *TLSInspectionConfiguration) *DescribeTLSInspectionConfigurationOutput {
s.TLSInspectionConfiguration = v
return s
}
// SetTLSInspectionConfigurationResponse sets the TLSInspectionConfigurationResponse field's value.
func (s *DescribeTLSInspectionConfigurationOutput) SetTLSInspectionConfigurationResponse(v *TLSInspectionConfigurationResponse) *DescribeTLSInspectionConfigurationOutput {
s.TLSInspectionConfigurationResponse = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *DescribeTLSInspectionConfigurationOutput) SetUpdateToken(v string) *DescribeTLSInspectionConfigurationOutput {
s.UpdateToken = &v
return s
}
// The value to use in an Amazon CloudWatch custom metric dimension. This is
// used in the PublishMetrics CustomAction. A CloudWatch custom metric dimension
// is a name/value pair that's part of the identity of a metric.
//
// Network Firewall sets the dimension name to CustomAction and you provide
// the dimension value.
//
// For more information about CloudWatch custom metric dimensions, see Publishing
// Custom Metrics (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html#usingDimensions)
// in the Amazon CloudWatch User Guide (https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html).
type Dimension struct {
_ struct{} `type:"structure"`
// The value to use in the custom metric dimension.
//
// Value is a required field
Value *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Dimension) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Dimension) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *Dimension) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "Dimension"}
if s.Value == nil {
invalidParams.Add(request.NewErrParamRequired("Value"))
}
if s.Value != nil && len(*s.Value) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Value", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetValue sets the Value field's value.
func (s *Dimension) SetValue(v string) *Dimension {
s.Value = &v
return s
}
type DisassociateSubnetsInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
//
// You must specify the ARN or the name, and you can specify both.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallName *string `min:"1" type:"string"`
// The unique identifiers for the subnets that you want to disassociate.
//
// SubnetIds is a required field
SubnetIds []*string `type:"list" required:"true"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DisassociateSubnetsInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DisassociateSubnetsInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *DisassociateSubnetsInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "DisassociateSubnetsInput"}
if s.FirewallArn != nil && len(*s.FirewallArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallArn", 1))
}
if s.FirewallName != nil && len(*s.FirewallName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallName", 1))
}
if s.SubnetIds == nil {
invalidParams.Add(request.NewErrParamRequired("SubnetIds"))
}
if s.UpdateToken != nil && len(*s.UpdateToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("UpdateToken", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *DisassociateSubnetsInput) SetFirewallArn(v string) *DisassociateSubnetsInput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *DisassociateSubnetsInput) SetFirewallName(v string) *DisassociateSubnetsInput {
s.FirewallName = &v
return s
}
// SetSubnetIds sets the SubnetIds field's value.
func (s *DisassociateSubnetsInput) SetSubnetIds(v []*string) *DisassociateSubnetsInput {
s.SubnetIds = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *DisassociateSubnetsInput) SetUpdateToken(v string) *DisassociateSubnetsInput {
s.UpdateToken = &v
return s
}
type DisassociateSubnetsOutput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
FirewallName *string `min:"1" type:"string"`
// The IDs of the subnets that are associated with the firewall.
SubnetMappings []*SubnetMapping `type:"list"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DisassociateSubnetsOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s DisassociateSubnetsOutput) GoString() string {
return s.String()
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *DisassociateSubnetsOutput) SetFirewallArn(v string) *DisassociateSubnetsOutput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *DisassociateSubnetsOutput) SetFirewallName(v string) *DisassociateSubnetsOutput {
s.FirewallName = &v
return s
}
// SetSubnetMappings sets the SubnetMappings field's value.
func (s *DisassociateSubnetsOutput) SetSubnetMappings(v []*SubnetMapping) *DisassociateSubnetsOutput {
s.SubnetMappings = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *DisassociateSubnetsOutput) SetUpdateToken(v string) *DisassociateSubnetsOutput {
s.UpdateToken = &v
return s
}
// A complex type that contains optional Amazon Web Services Key Management
// Service (KMS) encryption settings for your Network Firewall resources. Your
// data is encrypted by default with an Amazon Web Services owned key that Amazon
// Web Services owns and manages for you. You can use either the Amazon Web
// Services owned key, or provide your own customer managed key. To learn more
// about KMS encryption of your Network Firewall resources, see Encryption at
// rest with Amazon Web Services Key Managment Service (https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html)
// in the Network Firewall Developer Guide.
type EncryptionConfiguration struct {
_ struct{} `type:"structure"`
// The ID of the Amazon Web Services Key Management Service (KMS) customer managed
// key. You can use any of the key identifiers that KMS supports, unless you're
// using a key that's managed by another account. If you're using a key managed
// by another account, then specify the key ARN. For more information, see Key
// ID (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id)
// in the Amazon Web Services KMS Developer Guide.
KeyId *string `min:"1" type:"string"`
// The type of Amazon Web Services KMS key to use for encryption of your Network
// Firewall resources.
//
// Type is a required field
Type *string `type:"string" required:"true" enum:"EncryptionType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EncryptionConfiguration) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s EncryptionConfiguration) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *EncryptionConfiguration) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "EncryptionConfiguration"}
if s.KeyId != nil && len(*s.KeyId) < 1 {
invalidParams.Add(request.NewErrParamMinLen("KeyId", 1))
}
if s.Type == nil {
invalidParams.Add(request.NewErrParamRequired("Type"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetKeyId sets the KeyId field's value.
func (s *EncryptionConfiguration) SetKeyId(v string) *EncryptionConfiguration {
s.KeyId = &v
return s
}
// SetType sets the Type field's value.
func (s *EncryptionConfiguration) SetType(v string) *EncryptionConfiguration {
s.Type = &v
return s
}
// The firewall defines the configuration settings for an Network Firewall firewall.
// These settings include the firewall policy, the subnets in your VPC to use
// for the firewall endpoints, and any tags that are attached to the firewall
// Amazon Web Services resource.
//
// The status of the firewall, for example whether it's ready to filter network
// traffic, is provided in the corresponding FirewallStatus. You can retrieve
// both objects by calling DescribeFirewall.
type Firewall struct {
_ struct{} `type:"structure"`
// A flag indicating whether it is possible to delete the firewall. A setting
// of TRUE indicates that the firewall is protected against deletion. Use this
// setting to protect against accidentally deleting a firewall that is in use.
// When you create a firewall, the operation initializes this flag to TRUE.
DeleteProtection *bool `type:"boolean"`
// A description of the firewall.
Description *string `type:"string"`
// A complex type that contains the Amazon Web Services KMS encryption configuration
// settings for your firewall.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
FirewallArn *string `min:"1" type:"string"`
// The unique identifier for the firewall.
//
// FirewallId is a required field
FirewallId *string `min:"36" type:"string" required:"true"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
FirewallName *string `min:"1" type:"string"`
// The Amazon Resource Name (ARN) of the firewall policy.
//
// The relationship of firewall to firewall policy is many to one. Each firewall
// requires one firewall policy association, and you can use the same firewall
// policy for multiple firewalls.
//
// FirewallPolicyArn is a required field
FirewallPolicyArn *string `min:"1" type:"string" required:"true"`
// A setting indicating whether the firewall is protected against a change to
// the firewall policy association. Use this setting to protect against accidentally
// modifying the firewall policy for a firewall that is in use. When you create
// a firewall, the operation initializes this setting to TRUE.
FirewallPolicyChangeProtection *bool `type:"boolean"`
// A setting indicating whether the firewall is protected against changes to
// the subnet associations. Use this setting to protect against accidentally
// modifying the subnet associations for a firewall that is in use. When you
// create a firewall, the operation initializes this setting to TRUE.
SubnetChangeProtection *bool `type:"boolean"`
// The public subnets that Network Firewall is using for the firewall. Each
// subnet must belong to a different Availability Zone.
//
// SubnetMappings is a required field
SubnetMappings []*SubnetMapping `type:"list" required:"true"`
Tags []*Tag `min:"1" type:"list"`
// The unique identifier of the VPC where the firewall is in use.
//
// VpcId is a required field
VpcId *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Firewall) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Firewall) GoString() string {
return s.String()
}
// SetDeleteProtection sets the DeleteProtection field's value.
func (s *Firewall) SetDeleteProtection(v bool) *Firewall {
s.DeleteProtection = &v
return s
}
// SetDescription sets the Description field's value.
func (s *Firewall) SetDescription(v string) *Firewall {
s.Description = &v
return s
}
// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
func (s *Firewall) SetEncryptionConfiguration(v *EncryptionConfiguration) *Firewall {
s.EncryptionConfiguration = v
return s
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *Firewall) SetFirewallArn(v string) *Firewall {
s.FirewallArn = &v
return s
}
// SetFirewallId sets the FirewallId field's value.
func (s *Firewall) SetFirewallId(v string) *Firewall {
s.FirewallId = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *Firewall) SetFirewallName(v string) *Firewall {
s.FirewallName = &v
return s
}
// SetFirewallPolicyArn sets the FirewallPolicyArn field's value.
func (s *Firewall) SetFirewallPolicyArn(v string) *Firewall {
s.FirewallPolicyArn = &v
return s
}
// SetFirewallPolicyChangeProtection sets the FirewallPolicyChangeProtection field's value.
func (s *Firewall) SetFirewallPolicyChangeProtection(v bool) *Firewall {
s.FirewallPolicyChangeProtection = &v
return s
}
// SetSubnetChangeProtection sets the SubnetChangeProtection field's value.
func (s *Firewall) SetSubnetChangeProtection(v bool) *Firewall {
s.SubnetChangeProtection = &v
return s
}
// SetSubnetMappings sets the SubnetMappings field's value.
func (s *Firewall) SetSubnetMappings(v []*SubnetMapping) *Firewall {
s.SubnetMappings = v
return s
}
// SetTags sets the Tags field's value.
func (s *Firewall) SetTags(v []*Tag) *Firewall {
s.Tags = v
return s
}
// SetVpcId sets the VpcId field's value.
func (s *Firewall) SetVpcId(v string) *Firewall {
s.VpcId = &v
return s
}
// High-level information about a firewall, returned by operations like create
// and describe. You can use the information provided in the metadata to retrieve
// and manage a firewall.
type FirewallMetadata struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
FirewallName *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s FirewallMetadata) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s FirewallMetadata) GoString() string {
return s.String()
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *FirewallMetadata) SetFirewallArn(v string) *FirewallMetadata {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *FirewallMetadata) SetFirewallName(v string) *FirewallMetadata {
s.FirewallName = &v
return s
}
// The firewall policy defines the behavior of a firewall using a collection
// of stateless and stateful rule groups and other settings. You can use one
// firewall policy for multiple firewalls.
//
// This, along with FirewallPolicyResponse, define the policy. You can retrieve
// all objects for a firewall policy by calling DescribeFirewallPolicy.
type FirewallPolicy struct {
_ struct{} `type:"structure"`
// Contains variables that you can use to override default Suricata settings
// in your firewall policy.
PolicyVariables *PolicyVariables `type:"structure"`
// The default actions to take on a packet that doesn't match any stateful rules.
// The stateful default action is optional, and is only valid when using the
// strict rule order.
//
// Valid values of the stateful default action:
//
// * aws:drop_strict
//
// * aws:drop_established
//
// * aws:alert_strict
//
// * aws:alert_established
//
// For more information, see Strict evaluation order (https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-strict-rule-evaluation-order.html)
// in the Network Firewall Developer Guide.
StatefulDefaultActions []*string `type:"list"`
// Additional options governing how Network Firewall handles stateful rules.
// The stateful rule groups that you use in your policy must have stateful rule
// options settings that are compatible with these settings.
StatefulEngineOptions *StatefulEngineOptions `type:"structure"`
// References to the stateful rule groups that are used in the policy. These
// define the inspection criteria in stateful rules.
StatefulRuleGroupReferences []*StatefulRuleGroupReference `type:"list"`
// The custom action definitions that are available for use in the firewall
// policy's StatelessDefaultActions setting. You name each custom action that
// you define, and then you can use it by name in your default actions specifications.
StatelessCustomActions []*CustomAction `type:"list"`
// The actions to take on a packet if it doesn't match any of the stateless
// rules in the policy. If you want non-matching packets to be forwarded for
// stateful inspection, specify aws:forward_to_sfe.
//
// You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe.
// In addition, you can specify custom actions that are compatible with your
// standard section choice.
//
// For example, you could specify ["aws:pass"] or you could specify ["aws:pass",
// “customActionName”]. For information about compatibility, see the custom
// action descriptions under CustomAction.
//
// StatelessDefaultActions is a required field
StatelessDefaultActions []*string `type:"list" required:"true"`
// The actions to take on a fragmented UDP packet if it doesn't match any of
// the stateless rules in the policy. Network Firewall only manages UDP packet
// fragments and silently drops packet fragments for other protocols. If you
// want non-matching fragmented UDP packets to be forwarded for stateful inspection,
// specify aws:forward_to_sfe.
//
// You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe.
// In addition, you can specify custom actions that are compatible with your
// standard section choice.
//
// For example, you could specify ["aws:pass"] or you could specify ["aws:pass",
// “customActionName”]. For information about compatibility, see the custom
// action descriptions under CustomAction.
//
// StatelessFragmentDefaultActions is a required field
StatelessFragmentDefaultActions []*string `type:"list" required:"true"`
// References to the stateless rule groups that are used in the policy. These
// define the matching criteria in stateless rules.
StatelessRuleGroupReferences []*StatelessRuleGroupReference `type:"list"`
// The Amazon Resource Name (ARN) of the TLS inspection configuration.
TLSInspectionConfigurationArn *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s FirewallPolicy) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s FirewallPolicy) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *FirewallPolicy) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "FirewallPolicy"}
if s.StatelessDefaultActions == nil {
invalidParams.Add(request.NewErrParamRequired("StatelessDefaultActions"))
}
if s.StatelessFragmentDefaultActions == nil {
invalidParams.Add(request.NewErrParamRequired("StatelessFragmentDefaultActions"))
}
if s.TLSInspectionConfigurationArn != nil && len(*s.TLSInspectionConfigurationArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("TLSInspectionConfigurationArn", 1))
}
if s.PolicyVariables != nil {
if err := s.PolicyVariables.Validate(); err != nil {
invalidParams.AddNested("PolicyVariables", err.(request.ErrInvalidParams))
}
}
if s.StatefulRuleGroupReferences != nil {
for i, v := range s.StatefulRuleGroupReferences {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "StatefulRuleGroupReferences", i), err.(request.ErrInvalidParams))
}
}
}
if s.StatelessCustomActions != nil {
for i, v := range s.StatelessCustomActions {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "StatelessCustomActions", i), err.(request.ErrInvalidParams))
}
}
}
if s.StatelessRuleGroupReferences != nil {
for i, v := range s.StatelessRuleGroupReferences {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "StatelessRuleGroupReferences", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetPolicyVariables sets the PolicyVariables field's value.
func (s *FirewallPolicy) SetPolicyVariables(v *PolicyVariables) *FirewallPolicy {
s.PolicyVariables = v
return s
}
// SetStatefulDefaultActions sets the StatefulDefaultActions field's value.
func (s *FirewallPolicy) SetStatefulDefaultActions(v []*string) *FirewallPolicy {
s.StatefulDefaultActions = v
return s
}
// SetStatefulEngineOptions sets the StatefulEngineOptions field's value.
func (s *FirewallPolicy) SetStatefulEngineOptions(v *StatefulEngineOptions) *FirewallPolicy {
s.StatefulEngineOptions = v
return s
}
// SetStatefulRuleGroupReferences sets the StatefulRuleGroupReferences field's value.
func (s *FirewallPolicy) SetStatefulRuleGroupReferences(v []*StatefulRuleGroupReference) *FirewallPolicy {
s.StatefulRuleGroupReferences = v
return s
}
// SetStatelessCustomActions sets the StatelessCustomActions field's value.
func (s *FirewallPolicy) SetStatelessCustomActions(v []*CustomAction) *FirewallPolicy {
s.StatelessCustomActions = v
return s
}
// SetStatelessDefaultActions sets the StatelessDefaultActions field's value.
func (s *FirewallPolicy) SetStatelessDefaultActions(v []*string) *FirewallPolicy {
s.StatelessDefaultActions = v
return s
}
// SetStatelessFragmentDefaultActions sets the StatelessFragmentDefaultActions field's value.
func (s *FirewallPolicy) SetStatelessFragmentDefaultActions(v []*string) *FirewallPolicy {
s.StatelessFragmentDefaultActions = v
return s
}
// SetStatelessRuleGroupReferences sets the StatelessRuleGroupReferences field's value.
func (s *FirewallPolicy) SetStatelessRuleGroupReferences(v []*StatelessRuleGroupReference) *FirewallPolicy {
s.StatelessRuleGroupReferences = v
return s
}
// SetTLSInspectionConfigurationArn sets the TLSInspectionConfigurationArn field's value.
func (s *FirewallPolicy) SetTLSInspectionConfigurationArn(v string) *FirewallPolicy {
s.TLSInspectionConfigurationArn = &v
return s
}
// High-level information about a firewall policy, returned by operations like
// create and describe. You can use the information provided in the metadata
// to retrieve and manage a firewall policy. You can retrieve all objects for
// a firewall policy by calling DescribeFirewallPolicy.
type FirewallPolicyMetadata struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall policy.
Arn *string `min:"1" type:"string"`
// The descriptive name of the firewall policy. You can't change the name of
// a firewall policy after you create it.
Name *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s FirewallPolicyMetadata) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s FirewallPolicyMetadata) GoString() string {
return s.String()
}
// SetArn sets the Arn field's value.
func (s *FirewallPolicyMetadata) SetArn(v string) *FirewallPolicyMetadata {
s.Arn = &v
return s
}
// SetName sets the Name field's value.
func (s *FirewallPolicyMetadata) SetName(v string) *FirewallPolicyMetadata {
s.Name = &v
return s
}
// The high-level properties of a firewall policy. This, along with the FirewallPolicy,
// define the policy. You can retrieve all objects for a firewall policy by
// calling DescribeFirewallPolicy.
type FirewallPolicyResponse struct {
_ struct{} `type:"structure"`
// The number of capacity units currently consumed by the policy's stateful
// rules.
ConsumedStatefulRuleCapacity *int64 `type:"integer"`
// The number of capacity units currently consumed by the policy's stateless
// rules.
ConsumedStatelessRuleCapacity *int64 `type:"integer"`
// A description of the firewall policy.
Description *string `type:"string"`
// A complex type that contains the Amazon Web Services KMS encryption configuration
// settings for your firewall policy.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall policy.
//
// If this response is for a create request that had DryRun set to TRUE, then
// this ARN is a placeholder that isn't attached to a valid resource.
//
// FirewallPolicyArn is a required field
FirewallPolicyArn *string `min:"1" type:"string" required:"true"`
// The unique identifier for the firewall policy.
//
// FirewallPolicyId is a required field
FirewallPolicyId *string `min:"36" type:"string" required:"true"`
// The descriptive name of the firewall policy. You can't change the name of
// a firewall policy after you create it.
//
// FirewallPolicyName is a required field
FirewallPolicyName *string `min:"1" type:"string" required:"true"`
// The current status of the firewall policy. You can retrieve this for a firewall
// policy by calling DescribeFirewallPolicy and providing the firewall policy's
// name or ARN.
FirewallPolicyStatus *string `type:"string" enum:"ResourceStatus"`
// The last time that the firewall policy was changed.
LastModifiedTime *time.Time `type:"timestamp"`
// The number of firewalls that are associated with this firewall policy.
NumberOfAssociations *int64 `type:"integer"`
// The key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s FirewallPolicyResponse) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s FirewallPolicyResponse) GoString() string {
return s.String()
}
// SetConsumedStatefulRuleCapacity sets the ConsumedStatefulRuleCapacity field's value.
func (s *FirewallPolicyResponse) SetConsumedStatefulRuleCapacity(v int64) *FirewallPolicyResponse {
s.ConsumedStatefulRuleCapacity = &v
return s
}
// SetConsumedStatelessRuleCapacity sets the ConsumedStatelessRuleCapacity field's value.
func (s *FirewallPolicyResponse) SetConsumedStatelessRuleCapacity(v int64) *FirewallPolicyResponse {
s.ConsumedStatelessRuleCapacity = &v
return s
}
// SetDescription sets the Description field's value.
func (s *FirewallPolicyResponse) SetDescription(v string) *FirewallPolicyResponse {
s.Description = &v
return s
}
// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
func (s *FirewallPolicyResponse) SetEncryptionConfiguration(v *EncryptionConfiguration) *FirewallPolicyResponse {
s.EncryptionConfiguration = v
return s
}
// SetFirewallPolicyArn sets the FirewallPolicyArn field's value.
func (s *FirewallPolicyResponse) SetFirewallPolicyArn(v string) *FirewallPolicyResponse {
s.FirewallPolicyArn = &v
return s
}
// SetFirewallPolicyId sets the FirewallPolicyId field's value.
func (s *FirewallPolicyResponse) SetFirewallPolicyId(v string) *FirewallPolicyResponse {
s.FirewallPolicyId = &v
return s
}
// SetFirewallPolicyName sets the FirewallPolicyName field's value.
func (s *FirewallPolicyResponse) SetFirewallPolicyName(v string) *FirewallPolicyResponse {
s.FirewallPolicyName = &v
return s
}
// SetFirewallPolicyStatus sets the FirewallPolicyStatus field's value.
func (s *FirewallPolicyResponse) SetFirewallPolicyStatus(v string) *FirewallPolicyResponse {
s.FirewallPolicyStatus = &v
return s
}
// SetLastModifiedTime sets the LastModifiedTime field's value.
func (s *FirewallPolicyResponse) SetLastModifiedTime(v time.Time) *FirewallPolicyResponse {
s.LastModifiedTime = &v
return s
}
// SetNumberOfAssociations sets the NumberOfAssociations field's value.
func (s *FirewallPolicyResponse) SetNumberOfAssociations(v int64) *FirewallPolicyResponse {
s.NumberOfAssociations = &v
return s
}
// SetTags sets the Tags field's value.
func (s *FirewallPolicyResponse) SetTags(v []*Tag) *FirewallPolicyResponse {
s.Tags = v
return s
}
// Detailed information about the current status of a Firewall. You can retrieve
// this for a firewall by calling DescribeFirewall and providing the firewall
// name and ARN.
type FirewallStatus struct {
_ struct{} `type:"structure"`
// Describes the capacity usage of the resources contained in a firewall's reference
// sets. Network Firewall calclulates the capacity usage by taking an aggregated
// count of all of the resources used by all of the reference sets in a firewall.
CapacityUsageSummary *CapacityUsageSummary `type:"structure"`
// The configuration sync state for the firewall. This summarizes the sync states
// reported in the Config settings for all of the Availability Zones where you
// have configured the firewall.
//
// When you create a firewall or update its configuration, for example by adding
// a rule group to its firewall policy, Network Firewall distributes the configuration
// changes to all zones where the firewall is in use. This summary indicates
// whether the configuration changes have been applied everywhere.
//
// This status must be IN_SYNC for the firewall to be ready for use, but it
// doesn't indicate that the firewall is ready. The Status setting indicates
// firewall readiness.
//
// ConfigurationSyncStateSummary is a required field
ConfigurationSyncStateSummary *string `type:"string" required:"true" enum:"ConfigurationSyncState"`
// The readiness of the configured firewall to handle network traffic across
// all of the Availability Zones where you've configured it. This setting is
// READY only when the ConfigurationSyncStateSummary value is IN_SYNC and the
// Attachment Status values for all of the configured subnets are READY.
//
// Status is a required field
Status *string `type:"string" required:"true" enum:"FirewallStatusValue"`
// The subnets that you've configured for use by the Network Firewall firewall.
// This contains one array element per Availability Zone where you've configured
// a subnet. These objects provide details of the information that is summarized
// in the ConfigurationSyncStateSummary and Status, broken down by zone and
// configuration object.
SyncStates map[string]*SyncState `type:"map"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s FirewallStatus) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s FirewallStatus) GoString() string {
return s.String()
}
// SetCapacityUsageSummary sets the CapacityUsageSummary field's value.
func (s *FirewallStatus) SetCapacityUsageSummary(v *CapacityUsageSummary) *FirewallStatus {
s.CapacityUsageSummary = v
return s
}
// SetConfigurationSyncStateSummary sets the ConfigurationSyncStateSummary field's value.
func (s *FirewallStatus) SetConfigurationSyncStateSummary(v string) *FirewallStatus {
s.ConfigurationSyncStateSummary = &v
return s
}
// SetStatus sets the Status field's value.
func (s *FirewallStatus) SetStatus(v string) *FirewallStatus {
s.Status = &v
return s
}
// SetSyncStates sets the SyncStates field's value.
func (s *FirewallStatus) SetSyncStates(v map[string]*SyncState) *FirewallStatus {
s.SyncStates = v
return s
}
// The basic rule criteria for Network Firewall to use to inspect packet headers
// in stateful traffic flow inspection. Traffic flows that match the criteria
// are a match for the corresponding StatefulRule.
type Header struct {
_ struct{} `type:"structure"`
// The destination IP address or address range to inspect for, in CIDR notation.
// To match with any address, specify ANY.
//
// Specify an IP address or a block of IP addresses in Classless Inter-Domain
// Routing (CIDR) notation. Network Firewall supports all address ranges for
// IPv4 and IPv6.
//
// Examples:
//
// * To configure Network Firewall to inspect for the IP address 192.0.2.44,
// specify 192.0.2.44/32.
//
// * To configure Network Firewall to inspect for IP addresses from 192.0.2.0
// to 192.0.2.255, specify 192.0.2.0/24.
//
// * To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111,
// specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
//
// * To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000
// to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
//
// For more information about CIDR notation, see the Wikipedia entry Classless
// Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
//
// Destination is a required field
Destination *string `min:"1" type:"string" required:"true"`
// The destination port to inspect for. You can specify an individual port,
// for example 1994 and you can specify a port range, for example 1990:1994.
// To match with any port, specify ANY.
//
// DestinationPort is a required field
DestinationPort *string `min:"1" type:"string" required:"true"`
// The direction of traffic flow to inspect. If set to ANY, the inspection matches
// bidirectional traffic, both from the source to the destination and from the
// destination to the source. If set to FORWARD, the inspection only matches
// traffic going from the source to the destination.
//
// Direction is a required field
Direction *string `type:"string" required:"true" enum:"StatefulRuleDirection"`
// The protocol to inspect for. To specify all, you can use IP, because all
// traffic on Amazon Web Services and on the internet is IP.
//
// Protocol is a required field
Protocol *string `type:"string" required:"true" enum:"StatefulRuleProtocol"`
// The source IP address or address range to inspect for, in CIDR notation.
// To match with any address, specify ANY.
//
// Specify an IP address or a block of IP addresses in Classless Inter-Domain
// Routing (CIDR) notation. Network Firewall supports all address ranges for
// IPv4 and IPv6.
//
// Examples:
//
// * To configure Network Firewall to inspect for the IP address 192.0.2.44,
// specify 192.0.2.44/32.
//
// * To configure Network Firewall to inspect for IP addresses from 192.0.2.0
// to 192.0.2.255, specify 192.0.2.0/24.
//
// * To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111,
// specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
//
// * To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000
// to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
//
// For more information about CIDR notation, see the Wikipedia entry Classless
// Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
//
// Source is a required field
Source *string `min:"1" type:"string" required:"true"`
// The source port to inspect for. You can specify an individual port, for example
// 1994 and you can specify a port range, for example 1990:1994. To match with
// any port, specify ANY.
//
// SourcePort is a required field
SourcePort *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Header) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Header) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *Header) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "Header"}
if s.Destination == nil {
invalidParams.Add(request.NewErrParamRequired("Destination"))
}
if s.Destination != nil && len(*s.Destination) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Destination", 1))
}
if s.DestinationPort == nil {
invalidParams.Add(request.NewErrParamRequired("DestinationPort"))
}
if s.DestinationPort != nil && len(*s.DestinationPort) < 1 {
invalidParams.Add(request.NewErrParamMinLen("DestinationPort", 1))
}
if s.Direction == nil {
invalidParams.Add(request.NewErrParamRequired("Direction"))
}
if s.Protocol == nil {
invalidParams.Add(request.NewErrParamRequired("Protocol"))
}
if s.Source == nil {
invalidParams.Add(request.NewErrParamRequired("Source"))
}
if s.Source != nil && len(*s.Source) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Source", 1))
}
if s.SourcePort == nil {
invalidParams.Add(request.NewErrParamRequired("SourcePort"))
}
if s.SourcePort != nil && len(*s.SourcePort) < 1 {
invalidParams.Add(request.NewErrParamMinLen("SourcePort", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetDestination sets the Destination field's value.
func (s *Header) SetDestination(v string) *Header {
s.Destination = &v
return s
}
// SetDestinationPort sets the DestinationPort field's value.
func (s *Header) SetDestinationPort(v string) *Header {
s.DestinationPort = &v
return s
}
// SetDirection sets the Direction field's value.
func (s *Header) SetDirection(v string) *Header {
s.Direction = &v
return s
}
// SetProtocol sets the Protocol field's value.
func (s *Header) SetProtocol(v string) *Header {
s.Protocol = &v
return s
}
// SetSource sets the Source field's value.
func (s *Header) SetSource(v string) *Header {
s.Source = &v
return s
}
// SetSourcePort sets the SourcePort field's value.
func (s *Header) SetSourcePort(v string) *Header {
s.SourcePort = &v
return s
}
// A list of IP addresses and address ranges, in CIDR notation. This is part
// of a RuleVariables.
type IPSet struct {
_ struct{} `type:"structure"`
// The list of IP addresses and address ranges, in CIDR notation.
//
// Definition is a required field
Definition []*string `type:"list" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IPSet) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IPSet) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *IPSet) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "IPSet"}
if s.Definition == nil {
invalidParams.Add(request.NewErrParamRequired("Definition"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetDefinition sets the Definition field's value.
func (s *IPSet) SetDefinition(v []*string) *IPSet {
s.Definition = v
return s
}
// General information about the IP set.
type IPSetMetadata struct {
_ struct{} `type:"structure"`
// Describes the total number of CIDR blocks currently in use by the IP set
// references in a firewall. To determine how many CIDR blocks are available
// for you to use in a firewall, you can call AvailableCIDRCount.
ResolvedCIDRCount *int64 `type:"integer"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IPSetMetadata) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IPSetMetadata) GoString() string {
return s.String()
}
// SetResolvedCIDRCount sets the ResolvedCIDRCount field's value.
func (s *IPSetMetadata) SetResolvedCIDRCount(v int64) *IPSetMetadata {
s.ResolvedCIDRCount = &v
return s
}
// Configures one or more IP set references for a Suricata-compatible rule group.
// This is used in CreateRuleGroup or UpdateRuleGroup. An IP set reference is
// a rule variable that references resources that you create and manage in another
// Amazon Web Services service, such as an Amazon VPC prefix list. Network Firewall
// IP set references enable you to dynamically update the contents of your rules.
// When you create, update, or delete the resource you are referencing in your
// rule, Network Firewall automatically updates the rule's content with the
// changes. For more information about IP set references in Network Firewall,
// see Using IP set references (https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references)
// in the Network Firewall Developer Guide.
//
// Network Firewall currently supports Amazon VPC prefix lists (https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html)
// and resource groups (https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references.html#rule-groups-referencing-resource-groups)
// in IP set references.
type IPSetReference struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the resource that you are referencing in
// your rule group.
ReferenceArn *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IPSetReference) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s IPSetReference) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *IPSetReference) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "IPSetReference"}
if s.ReferenceArn != nil && len(*s.ReferenceArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ReferenceArn", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetReferenceArn sets the ReferenceArn field's value.
func (s *IPSetReference) SetReferenceArn(v string) *IPSetReference {
s.ReferenceArn = &v
return s
}
// Amazon Web Services doesn't currently have enough available capacity to fulfill
// your request. Try your request later.
type InsufficientCapacityException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InsufficientCapacityException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InsufficientCapacityException) GoString() string {
return s.String()
}
func newErrorInsufficientCapacityException(v protocol.ResponseMetadata) error {
return &InsufficientCapacityException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *InsufficientCapacityException) Code() string {
return "InsufficientCapacityException"
}
// Message returns the exception's message.
func (s *InsufficientCapacityException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InsufficientCapacityException) OrigErr() error {
return nil
}
func (s *InsufficientCapacityException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *InsufficientCapacityException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *InsufficientCapacityException) RequestID() string {
return s.RespMetadata.RequestID
}
// Your request is valid, but Network Firewall couldn't perform the operation
// because of a system problem. Retry your request.
type InternalServerError struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InternalServerError) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InternalServerError) GoString() string {
return s.String()
}
func newErrorInternalServerError(v protocol.ResponseMetadata) error {
return &InternalServerError{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *InternalServerError) Code() string {
return "InternalServerError"
}
// Message returns the exception's message.
func (s *InternalServerError) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InternalServerError) OrigErr() error {
return nil
}
func (s *InternalServerError) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *InternalServerError) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *InternalServerError) RequestID() string {
return s.RespMetadata.RequestID
}
// The operation failed because it's not valid. For example, you might have
// tried to delete a rule group or firewall policy that's in use.
type InvalidOperationException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidOperationException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidOperationException) GoString() string {
return s.String()
}
func newErrorInvalidOperationException(v protocol.ResponseMetadata) error {
return &InvalidOperationException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *InvalidOperationException) Code() string {
return "InvalidOperationException"
}
// Message returns the exception's message.
func (s *InvalidOperationException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InvalidOperationException) OrigErr() error {
return nil
}
func (s *InvalidOperationException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *InvalidOperationException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *InvalidOperationException) RequestID() string {
return s.RespMetadata.RequestID
}
// The operation failed because of a problem with your request. Examples include:
//
// - You specified an unsupported parameter name or value.
//
// - You tried to update a property with a value that isn't among the available
// types.
//
// - Your request references an ARN that is malformed, or corresponds to
// a resource that isn't valid in the context of the request.
type InvalidRequestException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidRequestException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidRequestException) GoString() string {
return s.String()
}
func newErrorInvalidRequestException(v protocol.ResponseMetadata) error {
return &InvalidRequestException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *InvalidRequestException) Code() string {
return "InvalidRequestException"
}
// Message returns the exception's message.
func (s *InvalidRequestException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InvalidRequestException) OrigErr() error {
return nil
}
func (s *InvalidRequestException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *InvalidRequestException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *InvalidRequestException) RequestID() string {
return s.RespMetadata.RequestID
}
// The policy statement failed validation.
type InvalidResourcePolicyException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidResourcePolicyException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidResourcePolicyException) GoString() string {
return s.String()
}
func newErrorInvalidResourcePolicyException(v protocol.ResponseMetadata) error {
return &InvalidResourcePolicyException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *InvalidResourcePolicyException) Code() string {
return "InvalidResourcePolicyException"
}
// Message returns the exception's message.
func (s *InvalidResourcePolicyException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InvalidResourcePolicyException) OrigErr() error {
return nil
}
func (s *InvalidResourcePolicyException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *InvalidResourcePolicyException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *InvalidResourcePolicyException) RequestID() string {
return s.RespMetadata.RequestID
}
// The token you provided is stale or isn't valid for the operation.
type InvalidTokenException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidTokenException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s InvalidTokenException) GoString() string {
return s.String()
}
func newErrorInvalidTokenException(v protocol.ResponseMetadata) error {
return &InvalidTokenException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *InvalidTokenException) Code() string {
return "InvalidTokenException"
}
// Message returns the exception's message.
func (s *InvalidTokenException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *InvalidTokenException) OrigErr() error {
return nil
}
func (s *InvalidTokenException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *InvalidTokenException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *InvalidTokenException) RequestID() string {
return s.RespMetadata.RequestID
}
// Unable to perform the operation because doing so would violate a limit setting.
type LimitExceededException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LimitExceededException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LimitExceededException) GoString() string {
return s.String()
}
func newErrorLimitExceededException(v protocol.ResponseMetadata) error {
return &LimitExceededException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *LimitExceededException) Code() string {
return "LimitExceededException"
}
// Message returns the exception's message.
func (s *LimitExceededException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *LimitExceededException) OrigErr() error {
return nil
}
func (s *LimitExceededException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *LimitExceededException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *LimitExceededException) RequestID() string {
return s.RespMetadata.RequestID
}
type ListFirewallPoliciesInput struct {
_ struct{} `type:"structure"`
// The maximum number of objects that you want Network Firewall to return for
// this request. If more objects are available, in the response, Network Firewall
// provides a NextToken value that you can use in a subsequent call to get the
// next batch of objects.
MaxResults *int64 `min:"1" type:"integer"`
// When you request a list of objects with a MaxResults setting, if the number
// of objects that are still available for retrieval exceeds the maximum you
// requested, Network Firewall returns a NextToken value in the response. To
// retrieve the next batch of objects, use the token returned from the prior
// request in your next request.
NextToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListFirewallPoliciesInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListFirewallPoliciesInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListFirewallPoliciesInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListFirewallPoliciesInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if s.NextToken != nil && len(*s.NextToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListFirewallPoliciesInput) SetMaxResults(v int64) *ListFirewallPoliciesInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListFirewallPoliciesInput) SetNextToken(v string) *ListFirewallPoliciesInput {
s.NextToken = &v
return s
}
type ListFirewallPoliciesOutput struct {
_ struct{} `type:"structure"`
// The metadata for the firewall policies. Depending on your setting for max
// results and the number of firewall policies that you have, this might not
// be the full list.
FirewallPolicies []*FirewallPolicyMetadata `type:"list"`
// When you request a list of objects with a MaxResults setting, if the number
// of objects that are still available for retrieval exceeds the maximum you
// requested, Network Firewall returns a NextToken value in the response. To
// retrieve the next batch of objects, use the token returned from the prior
// request in your next request.
NextToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListFirewallPoliciesOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListFirewallPoliciesOutput) GoString() string {
return s.String()
}
// SetFirewallPolicies sets the FirewallPolicies field's value.
func (s *ListFirewallPoliciesOutput) SetFirewallPolicies(v []*FirewallPolicyMetadata) *ListFirewallPoliciesOutput {
s.FirewallPolicies = v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListFirewallPoliciesOutput) SetNextToken(v string) *ListFirewallPoliciesOutput {
s.NextToken = &v
return s
}
type ListFirewallsInput struct {
_ struct{} `type:"structure"`
// The maximum number of objects that you want Network Firewall to return for
// this request. If more objects are available, in the response, Network Firewall
// provides a NextToken value that you can use in a subsequent call to get the
// next batch of objects.
MaxResults *int64 `min:"1" type:"integer"`
// When you request a list of objects with a MaxResults setting, if the number
// of objects that are still available for retrieval exceeds the maximum you
// requested, Network Firewall returns a NextToken value in the response. To
// retrieve the next batch of objects, use the token returned from the prior
// request in your next request.
NextToken *string `min:"1" type:"string"`
// The unique identifiers of the VPCs that you want Network Firewall to retrieve
// the firewalls for. Leave this blank to retrieve all firewalls that you have
// defined.
VpcIds []*string `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListFirewallsInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListFirewallsInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListFirewallsInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListFirewallsInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if s.NextToken != nil && len(*s.NextToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListFirewallsInput) SetMaxResults(v int64) *ListFirewallsInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListFirewallsInput) SetNextToken(v string) *ListFirewallsInput {
s.NextToken = &v
return s
}
// SetVpcIds sets the VpcIds field's value.
func (s *ListFirewallsInput) SetVpcIds(v []*string) *ListFirewallsInput {
s.VpcIds = v
return s
}
type ListFirewallsOutput struct {
_ struct{} `type:"structure"`
// The firewall metadata objects for the VPCs that you specified. Depending
// on your setting for max results and the number of firewalls you have, a single
// call might not be the full list.
Firewalls []*FirewallMetadata `type:"list"`
// When you request a list of objects with a MaxResults setting, if the number
// of objects that are still available for retrieval exceeds the maximum you
// requested, Network Firewall returns a NextToken value in the response. To
// retrieve the next batch of objects, use the token returned from the prior
// request in your next request.
NextToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListFirewallsOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListFirewallsOutput) GoString() string {
return s.String()
}
// SetFirewalls sets the Firewalls field's value.
func (s *ListFirewallsOutput) SetFirewalls(v []*FirewallMetadata) *ListFirewallsOutput {
s.Firewalls = v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListFirewallsOutput) SetNextToken(v string) *ListFirewallsOutput {
s.NextToken = &v
return s
}
type ListRuleGroupsInput struct {
_ struct{} `type:"structure"`
// Indicates the general category of the Amazon Web Services managed rule group.
ManagedType *string `type:"string" enum:"ResourceManagedType"`
// The maximum number of objects that you want Network Firewall to return for
// this request. If more objects are available, in the response, Network Firewall
// provides a NextToken value that you can use in a subsequent call to get the
// next batch of objects.
MaxResults *int64 `min:"1" type:"integer"`
// When you request a list of objects with a MaxResults setting, if the number
// of objects that are still available for retrieval exceeds the maximum you
// requested, Network Firewall returns a NextToken value in the response. To
// retrieve the next batch of objects, use the token returned from the prior
// request in your next request.
NextToken *string `min:"1" type:"string"`
// The scope of the request. The default setting of ACCOUNT or a setting of
// NULL returns all of the rule groups in your account. A setting of MANAGED
// returns all available managed rule groups.
Scope *string `type:"string" enum:"ResourceManagedStatus"`
// Indicates whether the rule group is stateless or stateful. If the rule group
// is stateless, it contains stateless rules. If it is stateful, it contains
// stateful rules.
Type *string `type:"string" enum:"RuleGroupType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRuleGroupsInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRuleGroupsInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListRuleGroupsInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListRuleGroupsInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if s.NextToken != nil && len(*s.NextToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetManagedType sets the ManagedType field's value.
func (s *ListRuleGroupsInput) SetManagedType(v string) *ListRuleGroupsInput {
s.ManagedType = &v
return s
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListRuleGroupsInput) SetMaxResults(v int64) *ListRuleGroupsInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListRuleGroupsInput) SetNextToken(v string) *ListRuleGroupsInput {
s.NextToken = &v
return s
}
// SetScope sets the Scope field's value.
func (s *ListRuleGroupsInput) SetScope(v string) *ListRuleGroupsInput {
s.Scope = &v
return s
}
// SetType sets the Type field's value.
func (s *ListRuleGroupsInput) SetType(v string) *ListRuleGroupsInput {
s.Type = &v
return s
}
type ListRuleGroupsOutput struct {
_ struct{} `type:"structure"`
// When you request a list of objects with a MaxResults setting, if the number
// of objects that are still available for retrieval exceeds the maximum you
// requested, Network Firewall returns a NextToken value in the response. To
// retrieve the next batch of objects, use the token returned from the prior
// request in your next request.
NextToken *string `min:"1" type:"string"`
// The rule group metadata objects that you've defined. Depending on your setting
// for max results and the number of rule groups, this might not be the full
// list.
RuleGroups []*RuleGroupMetadata `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRuleGroupsOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListRuleGroupsOutput) GoString() string {
return s.String()
}
// SetNextToken sets the NextToken field's value.
func (s *ListRuleGroupsOutput) SetNextToken(v string) *ListRuleGroupsOutput {
s.NextToken = &v
return s
}
// SetRuleGroups sets the RuleGroups field's value.
func (s *ListRuleGroupsOutput) SetRuleGroups(v []*RuleGroupMetadata) *ListRuleGroupsOutput {
s.RuleGroups = v
return s
}
type ListTLSInspectionConfigurationsInput struct {
_ struct{} `type:"structure"`
// The maximum number of objects that you want Network Firewall to return for
// this request. If more objects are available, in the response, Network Firewall
// provides a NextToken value that you can use in a subsequent call to get the
// next batch of objects.
MaxResults *int64 `min:"1" type:"integer"`
// When you request a list of objects with a MaxResults setting, if the number
// of objects that are still available for retrieval exceeds the maximum you
// requested, Network Firewall returns a NextToken value in the response. To
// retrieve the next batch of objects, use the token returned from the prior
// request in your next request.
NextToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTLSInspectionConfigurationsInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTLSInspectionConfigurationsInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListTLSInspectionConfigurationsInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListTLSInspectionConfigurationsInput"}
if s.MaxResults != nil && *s.MaxResults < 1 {
invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
}
if s.NextToken != nil && len(*s.NextToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListTLSInspectionConfigurationsInput) SetMaxResults(v int64) *ListTLSInspectionConfigurationsInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListTLSInspectionConfigurationsInput) SetNextToken(v string) *ListTLSInspectionConfigurationsInput {
s.NextToken = &v
return s
}
type ListTLSInspectionConfigurationsOutput struct {
_ struct{} `type:"structure"`
// When you request a list of objects with a MaxResults setting, if the number
// of objects that are still available for retrieval exceeds the maximum you
// requested, Network Firewall returns a NextToken value in the response. To
// retrieve the next batch of objects, use the token returned from the prior
// request in your next request.
NextToken *string `min:"1" type:"string"`
// The TLS inspection configuration metadata objects that you've defined. Depending
// on your setting for max results and the number of TLS inspection configurations,
// this might not be the full list.
TLSInspectionConfigurations []*TLSInspectionConfigurationMetadata `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTLSInspectionConfigurationsOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTLSInspectionConfigurationsOutput) GoString() string {
return s.String()
}
// SetNextToken sets the NextToken field's value.
func (s *ListTLSInspectionConfigurationsOutput) SetNextToken(v string) *ListTLSInspectionConfigurationsOutput {
s.NextToken = &v
return s
}
// SetTLSInspectionConfigurations sets the TLSInspectionConfigurations field's value.
func (s *ListTLSInspectionConfigurationsOutput) SetTLSInspectionConfigurations(v []*TLSInspectionConfigurationMetadata) *ListTLSInspectionConfigurationsOutput {
s.TLSInspectionConfigurations = v
return s
}
type ListTagsForResourceInput struct {
_ struct{} `type:"structure"`
// The maximum number of objects that you want Network Firewall to return for
// this request. If more objects are available, in the response, Network Firewall
// provides a NextToken value that you can use in a subsequent call to get the
// next batch of objects.
MaxResults *int64 `type:"integer"`
// When you request a list of objects with a MaxResults setting, if the number
// of objects that are still available for retrieval exceeds the maximum you
// requested, Network Firewall returns a NextToken value in the response. To
// retrieve the next batch of objects, use the token returned from the prior
// request in your next request.
NextToken *string `min:"1" type:"string"`
// The Amazon Resource Name (ARN) of the resource.
//
// ResourceArn is a required field
ResourceArn *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ListTagsForResourceInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"}
if s.NextToken != nil && len(*s.NextToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
}
if s.ResourceArn == nil {
invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
}
if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetMaxResults sets the MaxResults field's value.
func (s *ListTagsForResourceInput) SetMaxResults(v int64) *ListTagsForResourceInput {
s.MaxResults = &v
return s
}
// SetNextToken sets the NextToken field's value.
func (s *ListTagsForResourceInput) SetNextToken(v string) *ListTagsForResourceInput {
s.NextToken = &v
return s
}
// SetResourceArn sets the ResourceArn field's value.
func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResourceInput {
s.ResourceArn = &v
return s
}
type ListTagsForResourceOutput struct {
_ struct{} `type:"structure"`
// When you request a list of objects with a MaxResults setting, if the number
// of objects that are still available for retrieval exceeds the maximum you
// requested, Network Firewall returns a NextToken value in the response. To
// retrieve the next batch of objects, use the token returned from the prior
// request in your next request.
NextToken *string `min:"1" type:"string"`
// The tags that are associated with the resource.
Tags []*Tag `min:"1" type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ListTagsForResourceOutput) GoString() string {
return s.String()
}
// SetNextToken sets the NextToken field's value.
func (s *ListTagsForResourceOutput) SetNextToken(v string) *ListTagsForResourceOutput {
s.NextToken = &v
return s
}
// SetTags sets the Tags field's value.
func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput {
s.Tags = v
return s
}
// Defines where Network Firewall sends logs for the firewall for one log type.
// This is used in LoggingConfiguration. You can send each type of log to an
// Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
//
// Network Firewall generates logs for stateful rule groups. You can save alert,
// flow, and TLS log types.
type LogDestinationConfig struct {
_ struct{} `type:"structure"`
// The named location for the logs, provided in a key:value mapping that is
// specific to the chosen destination type.
//
// * For an Amazon S3 bucket, provide the name of the bucket, with key bucketName,
// and optionally provide a prefix, with key prefix. The following example
// specifies an Amazon S3 bucket named DOC-EXAMPLE-BUCKET and the prefix
// alerts: "LogDestination": { "bucketName": "DOC-EXAMPLE-BUCKET", "prefix":
// "alerts" }
//
// * For a CloudWatch log group, provide the name of the CloudWatch log group,
// with key logGroup. The following example specifies a log group named alert-log-group:
// "LogDestination": { "logGroup": "alert-log-group" }
//
// * For a Firehose delivery stream, provide the name of the delivery stream,
// with key deliveryStream. The following example specifies a delivery stream
// named alert-delivery-stream: "LogDestination": { "deliveryStream": "alert-delivery-stream"
// }
//
// LogDestination is a required field
LogDestination map[string]*string `type:"map" required:"true"`
// The type of storage destination to send these logs to. You can send logs
// to an Amazon S3 bucket, a CloudWatch log group, or a Firehose delivery stream.
//
// LogDestinationType is a required field
LogDestinationType *string `min:"2" type:"string" required:"true" enum:"LogDestinationType"`
// The type of log to record. You can record the following types of logs from
// your Network Firewall stateful engine.
//
// * ALERT - Logs for traffic that matches your stateful rules and that have
// an action that sends an alert. A stateful rule sends alerts for the rule
// actions DROP, ALERT, and REJECT. For more information, see StatefulRule.
//
// * FLOW - Standard network traffic flow logs. The stateful rules engine
// records flow logs for all network traffic that it receives. Each flow
// log record captures the network flow for a specific standard stateless
// rule group.
//
// * TLS - Logs for events that are related to TLS inspection. For more information,
// see Inspecting SSL/TLS traffic with TLS inspection configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-configurations.html)
// in the Network Firewall Developer Guide.
//
// LogType is a required field
LogType *string `type:"string" required:"true" enum:"LogType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LogDestinationConfig) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LogDestinationConfig) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *LogDestinationConfig) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "LogDestinationConfig"}
if s.LogDestination == nil {
invalidParams.Add(request.NewErrParamRequired("LogDestination"))
}
if s.LogDestinationType == nil {
invalidParams.Add(request.NewErrParamRequired("LogDestinationType"))
}
if s.LogDestinationType != nil && len(*s.LogDestinationType) < 2 {
invalidParams.Add(request.NewErrParamMinLen("LogDestinationType", 2))
}
if s.LogType == nil {
invalidParams.Add(request.NewErrParamRequired("LogType"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetLogDestination sets the LogDestination field's value.
func (s *LogDestinationConfig) SetLogDestination(v map[string]*string) *LogDestinationConfig {
s.LogDestination = v
return s
}
// SetLogDestinationType sets the LogDestinationType field's value.
func (s *LogDestinationConfig) SetLogDestinationType(v string) *LogDestinationConfig {
s.LogDestinationType = &v
return s
}
// SetLogType sets the LogType field's value.
func (s *LogDestinationConfig) SetLogType(v string) *LogDestinationConfig {
s.LogType = &v
return s
}
// Unable to send logs to a configured logging destination.
type LogDestinationPermissionException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LogDestinationPermissionException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LogDestinationPermissionException) GoString() string {
return s.String()
}
func newErrorLogDestinationPermissionException(v protocol.ResponseMetadata) error {
return &LogDestinationPermissionException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *LogDestinationPermissionException) Code() string {
return "LogDestinationPermissionException"
}
// Message returns the exception's message.
func (s *LogDestinationPermissionException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *LogDestinationPermissionException) OrigErr() error {
return nil
}
func (s *LogDestinationPermissionException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *LogDestinationPermissionException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *LogDestinationPermissionException) RequestID() string {
return s.RespMetadata.RequestID
}
// Defines how Network Firewall performs logging for a Firewall.
type LoggingConfiguration struct {
_ struct{} `type:"structure"`
// Defines the logging destinations for the logs for a firewall. Network Firewall
// generates logs for stateful rule groups.
//
// LogDestinationConfigs is a required field
LogDestinationConfigs []*LogDestinationConfig `type:"list" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LoggingConfiguration) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s LoggingConfiguration) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *LoggingConfiguration) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "LoggingConfiguration"}
if s.LogDestinationConfigs == nil {
invalidParams.Add(request.NewErrParamRequired("LogDestinationConfigs"))
}
if s.LogDestinationConfigs != nil {
for i, v := range s.LogDestinationConfigs {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "LogDestinationConfigs", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetLogDestinationConfigs sets the LogDestinationConfigs field's value.
func (s *LoggingConfiguration) SetLogDestinationConfigs(v []*LogDestinationConfig) *LoggingConfiguration {
s.LogDestinationConfigs = v
return s
}
// Criteria for Network Firewall to use to inspect an individual packet in stateless
// rule inspection. Each match attributes set can include one or more items
// such as IP address, CIDR range, port number, protocol, and TCP flags.
type MatchAttributes struct {
_ struct{} `type:"structure"`
// The destination ports to inspect for. If not specified, this matches with
// any destination port. This setting is only used for protocols 6 (TCP) and
// 17 (UDP).
//
// You can specify individual ports, for example 1994 and you can specify port
// ranges, for example 1990:1994.
DestinationPorts []*PortRange `type:"list"`
// The destination IP addresses and address ranges to inspect for, in CIDR notation.
// If not specified, this matches with any destination address.
Destinations []*Address `type:"list"`
// The protocols to inspect for, specified using each protocol's assigned internet
// protocol number (IANA). If not specified, this matches with any protocol.
Protocols []*int64 `type:"list"`
// The source ports to inspect for. If not specified, this matches with any
// source port. This setting is only used for protocols 6 (TCP) and 17 (UDP).
//
// You can specify individual ports, for example 1994 and you can specify port
// ranges, for example 1990:1994.
SourcePorts []*PortRange `type:"list"`
// The source IP addresses and address ranges to inspect for, in CIDR notation.
// If not specified, this matches with any source address.
Sources []*Address `type:"list"`
// The TCP flags and masks to inspect for. If not specified, this matches with
// any settings. This setting is only used for protocol 6 (TCP).
TCPFlags []*TCPFlagField `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s MatchAttributes) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s MatchAttributes) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *MatchAttributes) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "MatchAttributes"}
if s.DestinationPorts != nil {
for i, v := range s.DestinationPorts {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "DestinationPorts", i), err.(request.ErrInvalidParams))
}
}
}
if s.Destinations != nil {
for i, v := range s.Destinations {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Destinations", i), err.(request.ErrInvalidParams))
}
}
}
if s.SourcePorts != nil {
for i, v := range s.SourcePorts {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "SourcePorts", i), err.(request.ErrInvalidParams))
}
}
}
if s.Sources != nil {
for i, v := range s.Sources {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Sources", i), err.(request.ErrInvalidParams))
}
}
}
if s.TCPFlags != nil {
for i, v := range s.TCPFlags {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "TCPFlags", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetDestinationPorts sets the DestinationPorts field's value.
func (s *MatchAttributes) SetDestinationPorts(v []*PortRange) *MatchAttributes {
s.DestinationPorts = v
return s
}
// SetDestinations sets the Destinations field's value.
func (s *MatchAttributes) SetDestinations(v []*Address) *MatchAttributes {
s.Destinations = v
return s
}
// SetProtocols sets the Protocols field's value.
func (s *MatchAttributes) SetProtocols(v []*int64) *MatchAttributes {
s.Protocols = v
return s
}
// SetSourcePorts sets the SourcePorts field's value.
func (s *MatchAttributes) SetSourcePorts(v []*PortRange) *MatchAttributes {
s.SourcePorts = v
return s
}
// SetSources sets the Sources field's value.
func (s *MatchAttributes) SetSources(v []*Address) *MatchAttributes {
s.Sources = v
return s
}
// SetTCPFlags sets the TCPFlags field's value.
func (s *MatchAttributes) SetTCPFlags(v []*TCPFlagField) *MatchAttributes {
s.TCPFlags = v
return s
}
// Provides configuration status for a single policy or rule group that is used
// for a firewall endpoint. Network Firewall provides each endpoint with the
// rules that are configured in the firewall policy. Each time you add a subnet
// or modify the associated firewall policy, Network Firewall synchronizes the
// rules in the endpoint, so it can properly filter network traffic. This is
// part of a SyncState for a firewall.
type PerObjectStatus struct {
_ struct{} `type:"structure"`
// Indicates whether this object is in sync with the version indicated in the
// update token.
SyncStatus *string `type:"string" enum:"PerObjectSyncStatus"`
// The current version of the object that is either in sync or pending synchronization.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PerObjectStatus) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PerObjectStatus) GoString() string {
return s.String()
}
// SetSyncStatus sets the SyncStatus field's value.
func (s *PerObjectStatus) SetSyncStatus(v string) *PerObjectStatus {
s.SyncStatus = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *PerObjectStatus) SetUpdateToken(v string) *PerObjectStatus {
s.UpdateToken = &v
return s
}
// Contains variables that you can use to override default Suricata settings
// in your firewall policy.
type PolicyVariables struct {
_ struct{} `type:"structure"`
// The IPv4 or IPv6 addresses in CIDR notation to use for the Suricata HOME_NET
// variable. If your firewall uses an inspection VPC, you might want to override
// the HOME_NET variable with the CIDRs of your home networks. If you don't
// override HOME_NET with your own CIDRs, Network Firewall by default uses the
// CIDR of your inspection VPC.
RuleVariables map[string]*IPSet `type:"map"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyVariables) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PolicyVariables) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *PolicyVariables) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "PolicyVariables"}
if s.RuleVariables != nil {
for i, v := range s.RuleVariables {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "RuleVariables", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetRuleVariables sets the RuleVariables field's value.
func (s *PolicyVariables) SetRuleVariables(v map[string]*IPSet) *PolicyVariables {
s.RuleVariables = v
return s
}
// A single port range specification. This is used for source and destination
// port ranges in the stateless rule MatchAttributes, SourcePorts, and DestinationPorts
// settings.
type PortRange struct {
_ struct{} `type:"structure"`
// The lower limit of the port range. This must be less than or equal to the
// ToPort specification.
//
// FromPort is a required field
FromPort *int64 `type:"integer" required:"true"`
// The upper limit of the port range. This must be greater than or equal to
// the FromPort specification.
//
// ToPort is a required field
ToPort *int64 `type:"integer" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PortRange) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PortRange) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *PortRange) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "PortRange"}
if s.FromPort == nil {
invalidParams.Add(request.NewErrParamRequired("FromPort"))
}
if s.ToPort == nil {
invalidParams.Add(request.NewErrParamRequired("ToPort"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFromPort sets the FromPort field's value.
func (s *PortRange) SetFromPort(v int64) *PortRange {
s.FromPort = &v
return s
}
// SetToPort sets the ToPort field's value.
func (s *PortRange) SetToPort(v int64) *PortRange {
s.ToPort = &v
return s
}
// A set of port ranges for use in the rules in a rule group.
type PortSet struct {
_ struct{} `type:"structure"`
// The set of port ranges.
Definition []*string `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PortSet) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PortSet) GoString() string {
return s.String()
}
// SetDefinition sets the Definition field's value.
func (s *PortSet) SetDefinition(v []*string) *PortSet {
s.Definition = v
return s
}
// Stateless inspection criteria that publishes the specified metrics to Amazon
// CloudWatch for the matching packet. This setting defines a CloudWatch dimension
// value to be published.
type PublishMetricAction struct {
_ struct{} `type:"structure"`
// Dimensions is a required field
Dimensions []*Dimension `min:"1" type:"list" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PublishMetricAction) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PublishMetricAction) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *PublishMetricAction) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "PublishMetricAction"}
if s.Dimensions == nil {
invalidParams.Add(request.NewErrParamRequired("Dimensions"))
}
if s.Dimensions != nil && len(s.Dimensions) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Dimensions", 1))
}
if s.Dimensions != nil {
for i, v := range s.Dimensions {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Dimensions", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetDimensions sets the Dimensions field's value.
func (s *PublishMetricAction) SetDimensions(v []*Dimension) *PublishMetricAction {
s.Dimensions = v
return s
}
type PutResourcePolicyInput struct {
_ struct{} `type:"structure"`
// The IAM policy statement that lists the accounts that you want to share your
// rule group or firewall policy with and the operations that you want the accounts
// to be able to perform.
//
// For a rule group resource, you can specify the following operations in the
// Actions section of the statement:
//
// * network-firewall:CreateFirewallPolicy
//
// * network-firewall:UpdateFirewallPolicy
//
// * network-firewall:ListRuleGroups
//
// For a firewall policy resource, you can specify the following operations
// in the Actions section of the statement:
//
// * network-firewall:AssociateFirewallPolicy
//
// * network-firewall:ListFirewallPolicies
//
// In the Resource section of the statement, you specify the ARNs for the rule
// groups and firewall policies that you want to share with the account that
// you specified in Arn.
//
// Policy is a required field
Policy *string `min:"1" type:"string" required:"true"`
// The Amazon Resource Name (ARN) of the account that you want to share rule
// groups and firewall policies with.
//
// ResourceArn is a required field
ResourceArn *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutResourcePolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutResourcePolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *PutResourcePolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "PutResourcePolicyInput"}
if s.Policy == nil {
invalidParams.Add(request.NewErrParamRequired("Policy"))
}
if s.Policy != nil && len(*s.Policy) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Policy", 1))
}
if s.ResourceArn == nil {
invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
}
if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetPolicy sets the Policy field's value.
func (s *PutResourcePolicyInput) SetPolicy(v string) *PutResourcePolicyInput {
s.Policy = &v
return s
}
// SetResourceArn sets the ResourceArn field's value.
func (s *PutResourcePolicyInput) SetResourceArn(v string) *PutResourcePolicyInput {
s.ResourceArn = &v
return s
}
type PutResourcePolicyOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutResourcePolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s PutResourcePolicyOutput) GoString() string {
return s.String()
}
// Contains a set of IP set references.
type ReferenceSets struct {
_ struct{} `type:"structure"`
// The list of IP set references.
IPSetReferences map[string]*IPSetReference `type:"map"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ReferenceSets) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ReferenceSets) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ReferenceSets) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ReferenceSets"}
if s.IPSetReferences != nil {
for i, v := range s.IPSetReferences {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "IPSetReferences", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetIPSetReferences sets the IPSetReferences field's value.
func (s *ReferenceSets) SetIPSetReferences(v map[string]*IPSetReference) *ReferenceSets {
s.IPSetReferences = v
return s
}
// Unable to locate a resource using the parameters that you provided.
type ResourceNotFoundException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceNotFoundException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceNotFoundException) GoString() string {
return s.String()
}
func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error {
return &ResourceNotFoundException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *ResourceNotFoundException) Code() string {
return "ResourceNotFoundException"
}
// Message returns the exception's message.
func (s *ResourceNotFoundException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ResourceNotFoundException) OrigErr() error {
return nil
}
func (s *ResourceNotFoundException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *ResourceNotFoundException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *ResourceNotFoundException) RequestID() string {
return s.RespMetadata.RequestID
}
// Unable to change the resource because your account doesn't own it.
type ResourceOwnerCheckException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceOwnerCheckException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ResourceOwnerCheckException) GoString() string {
return s.String()
}
func newErrorResourceOwnerCheckException(v protocol.ResponseMetadata) error {
return &ResourceOwnerCheckException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *ResourceOwnerCheckException) Code() string {
return "ResourceOwnerCheckException"
}
// Message returns the exception's message.
func (s *ResourceOwnerCheckException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ResourceOwnerCheckException) OrigErr() error {
return nil
}
func (s *ResourceOwnerCheckException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *ResourceOwnerCheckException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *ResourceOwnerCheckException) RequestID() string {
return s.RespMetadata.RequestID
}
// The inspection criteria and action for a single stateless rule. Network Firewall
// inspects each packet for the specified matching criteria. When a packet matches
// the criteria, Network Firewall performs the rule's actions on the packet.
type RuleDefinition struct {
_ struct{} `type:"structure"`
// The actions to take on a packet that matches one of the stateless rule definition's
// match attributes. You must specify a standard action and you can add custom
// actions.
//
// Network Firewall only forwards a packet for stateful rule inspection if you
// specify aws:forward_to_sfe for a rule that the packet matches, or if the
// packet doesn't match any stateless rule and you specify aws:forward_to_sfe
// for the StatelessDefaultActions setting for the FirewallPolicy.
//
// For every rule, you must specify exactly one of the following standard actions.
//
// * aws:pass - Discontinues all inspection of the packet and permits it
// to go to its intended destination.
//
// * aws:drop - Discontinues all inspection of the packet and blocks it from
// going to its intended destination.
//
// * aws:forward_to_sfe - Discontinues stateless inspection of the packet
// and forwards it to the stateful rule engine for inspection.
//
// Additionally, you can specify a custom action. To do this, you define a custom
// action by name and type, then provide the name you've assigned to the action
// in this Actions setting. For information about the options, see CustomAction.
//
// To provide more than one action in this setting, separate the settings with
// a comma. For example, if you have a custom PublishMetrics action that you've
// named MyMetricsAction, then you could specify the standard action aws:pass
// and the custom action with [“aws:pass”, “MyMetricsAction”].
//
// Actions is a required field
Actions []*string `type:"list" required:"true"`
// Criteria for Network Firewall to use to inspect an individual packet in stateless
// rule inspection. Each match attributes set can include one or more items
// such as IP address, CIDR range, port number, protocol, and TCP flags.
//
// MatchAttributes is a required field
MatchAttributes *MatchAttributes `type:"structure" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RuleDefinition) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RuleDefinition) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *RuleDefinition) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "RuleDefinition"}
if s.Actions == nil {
invalidParams.Add(request.NewErrParamRequired("Actions"))
}
if s.MatchAttributes == nil {
invalidParams.Add(request.NewErrParamRequired("MatchAttributes"))
}
if s.MatchAttributes != nil {
if err := s.MatchAttributes.Validate(); err != nil {
invalidParams.AddNested("MatchAttributes", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetActions sets the Actions field's value.
func (s *RuleDefinition) SetActions(v []*string) *RuleDefinition {
s.Actions = v
return s
}
// SetMatchAttributes sets the MatchAttributes field's value.
func (s *RuleDefinition) SetMatchAttributes(v *MatchAttributes) *RuleDefinition {
s.MatchAttributes = v
return s
}
// The object that defines the rules in a rule group. This, along with RuleGroupResponse,
// define the rule group. You can retrieve all objects for a rule group by calling
// DescribeRuleGroup.
//
// Network Firewall uses a rule group to inspect and control network traffic.
// You define stateless rule groups to inspect individual packets and you define
// stateful rule groups to inspect packets in the context of their traffic flow.
//
// To use a rule group, you include it by reference in an Network Firewall firewall
// policy, then you use the policy in a firewall. You can reference a rule group
// from more than one firewall policy, and you can use a firewall policy in
// more than one firewall.
type RuleGroup struct {
_ struct{} `type:"structure"`
// The list of a rule group's reference sets.
ReferenceSets *ReferenceSets `type:"structure"`
// Settings that are available for use in the rules in the rule group. You can
// only use these for stateful rule groups.
RuleVariables *RuleVariables `type:"structure"`
// The stateful rules or stateless rules for the rule group.
//
// RulesSource is a required field
RulesSource *RulesSource `type:"structure" required:"true"`
// Additional options governing how Network Firewall handles stateful rules.
// The policies where you use your stateful rule group must have stateful rule
// options settings that are compatible with these settings. Some limitations
// apply; for more information, see Strict evaluation order (https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-limitations-caveats.html)
// in the Network Firewall Developer Guide.
StatefulRuleOptions *StatefulRuleOptions `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RuleGroup) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RuleGroup) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *RuleGroup) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "RuleGroup"}
if s.RulesSource == nil {
invalidParams.Add(request.NewErrParamRequired("RulesSource"))
}
if s.ReferenceSets != nil {
if err := s.ReferenceSets.Validate(); err != nil {
invalidParams.AddNested("ReferenceSets", err.(request.ErrInvalidParams))
}
}
if s.RuleVariables != nil {
if err := s.RuleVariables.Validate(); err != nil {
invalidParams.AddNested("RuleVariables", err.(request.ErrInvalidParams))
}
}
if s.RulesSource != nil {
if err := s.RulesSource.Validate(); err != nil {
invalidParams.AddNested("RulesSource", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetReferenceSets sets the ReferenceSets field's value.
func (s *RuleGroup) SetReferenceSets(v *ReferenceSets) *RuleGroup {
s.ReferenceSets = v
return s
}
// SetRuleVariables sets the RuleVariables field's value.
func (s *RuleGroup) SetRuleVariables(v *RuleVariables) *RuleGroup {
s.RuleVariables = v
return s
}
// SetRulesSource sets the RulesSource field's value.
func (s *RuleGroup) SetRulesSource(v *RulesSource) *RuleGroup {
s.RulesSource = v
return s
}
// SetStatefulRuleOptions sets the StatefulRuleOptions field's value.
func (s *RuleGroup) SetStatefulRuleOptions(v *StatefulRuleOptions) *RuleGroup {
s.StatefulRuleOptions = v
return s
}
// High-level information about a rule group, returned by ListRuleGroups. You
// can use the information provided in the metadata to retrieve and manage a
// rule group.
type RuleGroupMetadata struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the rule group.
Arn *string `min:"1" type:"string"`
// The descriptive name of the rule group. You can't change the name of a rule
// group after you create it.
Name *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RuleGroupMetadata) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RuleGroupMetadata) GoString() string {
return s.String()
}
// SetArn sets the Arn field's value.
func (s *RuleGroupMetadata) SetArn(v string) *RuleGroupMetadata {
s.Arn = &v
return s
}
// SetName sets the Name field's value.
func (s *RuleGroupMetadata) SetName(v string) *RuleGroupMetadata {
s.Name = &v
return s
}
// The high-level properties of a rule group. This, along with the RuleGroup,
// define the rule group. You can retrieve all objects for a rule group by calling
// DescribeRuleGroup.
type RuleGroupResponse struct {
_ struct{} `type:"structure"`
// The list of analysis results for AnalyzeRuleGroup. If you set AnalyzeRuleGroup
// to TRUE in CreateRuleGroup, UpdateRuleGroup, or DescribeRuleGroup, Network
// Firewall analyzes the rule group and identifies the rules that might adversely
// effect your firewall's functionality. For example, if Network Firewall detects
// a rule that's routing traffic asymmetrically, which impacts the service's
// ability to properly process traffic, the service includes the rule in the
// list of analysis results.
AnalysisResults []*AnalysisResult `type:"list"`
// The maximum operating resources that this rule group can use. Rule group
// capacity is fixed at creation. When you update a rule group, you are limited
// to this capacity. When you reference a rule group from a firewall policy,
// Network Firewall reserves this capacity for the rule group.
//
// You can retrieve the capacity that would be required for a rule group before
// you create the rule group by calling CreateRuleGroup with DryRun set to TRUE.
Capacity *int64 `type:"integer"`
// The number of capacity units currently consumed by the rule group rules.
ConsumedCapacity *int64 `type:"integer"`
// A description of the rule group.
Description *string `type:"string"`
// A complex type that contains the Amazon Web Services KMS encryption configuration
// settings for your rule group.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
// The last time that the rule group was changed.
LastModifiedTime *time.Time `type:"timestamp"`
// The number of firewall policies that use this rule group.
NumberOfAssociations *int64 `type:"integer"`
// The Amazon Resource Name (ARN) of the rule group.
//
// If this response is for a create request that had DryRun set to TRUE, then
// this ARN is a placeholder that isn't attached to a valid resource.
//
// RuleGroupArn is a required field
RuleGroupArn *string `min:"1" type:"string" required:"true"`
// The unique identifier for the rule group.
//
// RuleGroupId is a required field
RuleGroupId *string `min:"36" type:"string" required:"true"`
// The descriptive name of the rule group. You can't change the name of a rule
// group after you create it.
//
// RuleGroupName is a required field
RuleGroupName *string `min:"1" type:"string" required:"true"`
// Detailed information about the current status of a rule group.
RuleGroupStatus *string `type:"string" enum:"ResourceStatus"`
// The Amazon resource name (ARN) of the Amazon Simple Notification Service
// SNS topic that's used to record changes to the managed rule group. You can
// subscribe to the SNS topic to receive notifications when the managed rule
// group is modified, such as for new versions and for version expiration. For
// more information, see the Amazon Simple Notification Service Developer Guide.
// (https://docs.aws.amazon.com/sns/latest/dg/welcome.html).
SnsTopic *string `min:"1" type:"string"`
// A complex type that contains metadata about the rule group that your own
// rule group is copied from. You can use the metadata to track the version
// updates made to the originating rule group.
SourceMetadata *SourceMetadata `type:"structure"`
// The key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
// Indicates whether the rule group is stateless or stateful. If the rule group
// is stateless, it contains stateless rules. If it is stateful, it contains
// stateful rules.
Type *string `type:"string" enum:"RuleGroupType"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RuleGroupResponse) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RuleGroupResponse) GoString() string {
return s.String()
}
// SetAnalysisResults sets the AnalysisResults field's value.
func (s *RuleGroupResponse) SetAnalysisResults(v []*AnalysisResult) *RuleGroupResponse {
s.AnalysisResults = v
return s
}
// SetCapacity sets the Capacity field's value.
func (s *RuleGroupResponse) SetCapacity(v int64) *RuleGroupResponse {
s.Capacity = &v
return s
}
// SetConsumedCapacity sets the ConsumedCapacity field's value.
func (s *RuleGroupResponse) SetConsumedCapacity(v int64) *RuleGroupResponse {
s.ConsumedCapacity = &v
return s
}
// SetDescription sets the Description field's value.
func (s *RuleGroupResponse) SetDescription(v string) *RuleGroupResponse {
s.Description = &v
return s
}
// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
func (s *RuleGroupResponse) SetEncryptionConfiguration(v *EncryptionConfiguration) *RuleGroupResponse {
s.EncryptionConfiguration = v
return s
}
// SetLastModifiedTime sets the LastModifiedTime field's value.
func (s *RuleGroupResponse) SetLastModifiedTime(v time.Time) *RuleGroupResponse {
s.LastModifiedTime = &v
return s
}
// SetNumberOfAssociations sets the NumberOfAssociations field's value.
func (s *RuleGroupResponse) SetNumberOfAssociations(v int64) *RuleGroupResponse {
s.NumberOfAssociations = &v
return s
}
// SetRuleGroupArn sets the RuleGroupArn field's value.
func (s *RuleGroupResponse) SetRuleGroupArn(v string) *RuleGroupResponse {
s.RuleGroupArn = &v
return s
}
// SetRuleGroupId sets the RuleGroupId field's value.
func (s *RuleGroupResponse) SetRuleGroupId(v string) *RuleGroupResponse {
s.RuleGroupId = &v
return s
}
// SetRuleGroupName sets the RuleGroupName field's value.
func (s *RuleGroupResponse) SetRuleGroupName(v string) *RuleGroupResponse {
s.RuleGroupName = &v
return s
}
// SetRuleGroupStatus sets the RuleGroupStatus field's value.
func (s *RuleGroupResponse) SetRuleGroupStatus(v string) *RuleGroupResponse {
s.RuleGroupStatus = &v
return s
}
// SetSnsTopic sets the SnsTopic field's value.
func (s *RuleGroupResponse) SetSnsTopic(v string) *RuleGroupResponse {
s.SnsTopic = &v
return s
}
// SetSourceMetadata sets the SourceMetadata field's value.
func (s *RuleGroupResponse) SetSourceMetadata(v *SourceMetadata) *RuleGroupResponse {
s.SourceMetadata = v
return s
}
// SetTags sets the Tags field's value.
func (s *RuleGroupResponse) SetTags(v []*Tag) *RuleGroupResponse {
s.Tags = v
return s
}
// SetType sets the Type field's value.
func (s *RuleGroupResponse) SetType(v string) *RuleGroupResponse {
s.Type = &v
return s
}
// Additional settings for a stateful rule. This is part of the StatefulRule
// configuration.
type RuleOption struct {
_ struct{} `type:"structure"`
// The keyword for the Suricata compatible rule option. You must include a sid
// (signature ID), and can optionally include other keywords. For information
// about Suricata compatible keywords, see Rule options (https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html#rule-options)
// in the Suricata documentation.
//
// Keyword is a required field
Keyword *string `min:"1" type:"string" required:"true"`
// The settings of the Suricata compatible rule option. Rule options have zero
// or more setting values, and the number of possible and required settings
// depends on the Keyword. For more information about the settings for specific
// options, see Rule options (https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html#rule-options).
Settings []*string `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RuleOption) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RuleOption) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *RuleOption) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "RuleOption"}
if s.Keyword == nil {
invalidParams.Add(request.NewErrParamRequired("Keyword"))
}
if s.Keyword != nil && len(*s.Keyword) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Keyword", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetKeyword sets the Keyword field's value.
func (s *RuleOption) SetKeyword(v string) *RuleOption {
s.Keyword = &v
return s
}
// SetSettings sets the Settings field's value.
func (s *RuleOption) SetSettings(v []*string) *RuleOption {
s.Settings = v
return s
}
// Settings that are available for use in the rules in the RuleGroup where this
// is defined.
type RuleVariables struct {
_ struct{} `type:"structure"`
// A list of IP addresses and address ranges, in CIDR notation.
IPSets map[string]*IPSet `type:"map"`
// A list of port ranges.
PortSets map[string]*PortSet `type:"map"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RuleVariables) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RuleVariables) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *RuleVariables) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "RuleVariables"}
if s.IPSets != nil {
for i, v := range s.IPSets {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "IPSets", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetIPSets sets the IPSets field's value.
func (s *RuleVariables) SetIPSets(v map[string]*IPSet) *RuleVariables {
s.IPSets = v
return s
}
// SetPortSets sets the PortSets field's value.
func (s *RuleVariables) SetPortSets(v map[string]*PortSet) *RuleVariables {
s.PortSets = v
return s
}
// The stateless or stateful rules definitions for use in a single rule group.
// Each rule group requires a single RulesSource. You can use an instance of
// this for either stateless rules or stateful rules.
type RulesSource struct {
_ struct{} `type:"structure"`
// Stateful inspection criteria for a domain list rule group.
RulesSourceList *RulesSourceList `type:"structure"`
// Stateful inspection criteria, provided in Suricata compatible rules. Suricata
// is an open-source threat detection framework that includes a standard rule-based
// language for network traffic inspection.
//
// These rules contain the inspection criteria and the action to take for traffic
// that matches the criteria, so this type of rule group doesn't have a separate
// action setting.
//
// You can't use the priority keyword if the RuleOrder option in StatefulRuleOptions
// is set to STRICT_ORDER.
RulesString *string `type:"string"`
// An array of individual stateful rules inspection criteria to be used together
// in a stateful rule group. Use this option to specify simple Suricata rules
// with protocol, source and destination, ports, direction, and rule options.
// For information about the Suricata Rules format, see Rules Format (https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html).
StatefulRules []*StatefulRule `type:"list"`
// Stateless inspection criteria to be used in a stateless rule group.
StatelessRulesAndCustomActions *StatelessRulesAndCustomActions `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RulesSource) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RulesSource) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *RulesSource) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "RulesSource"}
if s.RulesSourceList != nil {
if err := s.RulesSourceList.Validate(); err != nil {
invalidParams.AddNested("RulesSourceList", err.(request.ErrInvalidParams))
}
}
if s.StatefulRules != nil {
for i, v := range s.StatefulRules {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "StatefulRules", i), err.(request.ErrInvalidParams))
}
}
}
if s.StatelessRulesAndCustomActions != nil {
if err := s.StatelessRulesAndCustomActions.Validate(); err != nil {
invalidParams.AddNested("StatelessRulesAndCustomActions", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetRulesSourceList sets the RulesSourceList field's value.
func (s *RulesSource) SetRulesSourceList(v *RulesSourceList) *RulesSource {
s.RulesSourceList = v
return s
}
// SetRulesString sets the RulesString field's value.
func (s *RulesSource) SetRulesString(v string) *RulesSource {
s.RulesString = &v
return s
}
// SetStatefulRules sets the StatefulRules field's value.
func (s *RulesSource) SetStatefulRules(v []*StatefulRule) *RulesSource {
s.StatefulRules = v
return s
}
// SetStatelessRulesAndCustomActions sets the StatelessRulesAndCustomActions field's value.
func (s *RulesSource) SetStatelessRulesAndCustomActions(v *StatelessRulesAndCustomActions) *RulesSource {
s.StatelessRulesAndCustomActions = v
return s
}
// Stateful inspection criteria for a domain list rule group.
//
// For HTTPS traffic, domain filtering is SNI-based. It uses the server name
// indicator extension of the TLS handshake.
//
// By default, Network Firewall domain list inspection only includes traffic
// coming from the VPC where you deploy the firewall. To inspect traffic from
// IP addresses outside of the deployment VPC, you set the HOME_NET rule variable
// to include the CIDR range of the deployment VPC plus the other CIDR ranges.
// For more information, see RuleVariables in this guide and Stateful domain
// list rule groups in Network Firewall (https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-domain-names.html)
// in the Network Firewall Developer Guide.
type RulesSourceList struct {
_ struct{} `type:"structure"`
// Whether you want to allow or deny access to the domains in your target list.
//
// GeneratedRulesType is a required field
GeneratedRulesType *string `type:"string" required:"true" enum:"GeneratedRulesType"`
// The protocols you want to inspect. Specify TLS_SNI for HTTPS. Specify HTTP_HOST
// for HTTP. You can specify either or both.
//
// TargetTypes is a required field
TargetTypes []*string `type:"list" required:"true" enum:"TargetType"`
// The domains that you want to inspect for in your traffic flows. Valid domain
// specifications are the following:
//
// * Explicit names. For example, abc.example.com matches only the domain
// abc.example.com.
//
// * Names that use a domain wildcard, which you indicate with an initial
// '.'. For example,.example.com matches example.com and matches all subdomains
// of example.com, such as abc.example.com and www.example.com.
//
// Targets is a required field
Targets []*string `type:"list" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RulesSourceList) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s RulesSourceList) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *RulesSourceList) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "RulesSourceList"}
if s.GeneratedRulesType == nil {
invalidParams.Add(request.NewErrParamRequired("GeneratedRulesType"))
}
if s.TargetTypes == nil {
invalidParams.Add(request.NewErrParamRequired("TargetTypes"))
}
if s.Targets == nil {
invalidParams.Add(request.NewErrParamRequired("Targets"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetGeneratedRulesType sets the GeneratedRulesType field's value.
func (s *RulesSourceList) SetGeneratedRulesType(v string) *RulesSourceList {
s.GeneratedRulesType = &v
return s
}
// SetTargetTypes sets the TargetTypes field's value.
func (s *RulesSourceList) SetTargetTypes(v []*string) *RulesSourceList {
s.TargetTypes = v
return s
}
// SetTargets sets the Targets field's value.
func (s *RulesSourceList) SetTargets(v []*string) *RulesSourceList {
s.Targets = v
return s
}
// Any Certificate Manager (ACM) Secure Sockets Layer/Transport Layer Security
// (SSL/TLS) server certificate that's associated with a ServerCertificateConfiguration.
// Used in a TLSInspectionConfiguration for inspection of inbound traffic to
// your firewall. You must request or import a SSL/TLS certificate into ACM
// for each domain Network Firewall needs to decrypt and inspect. Network Firewall
// uses the SSL/TLS certificates to decrypt specified inbound SSL/TLS traffic
// going to your firewall. For information about working with certificates in
// Certificate Manager, see Request a public certificate (https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html)
// or Importing certificates (https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html)
// in the Certificate Manager User Guide.
type ServerCertificate struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS server
// certificate that's used for inbound SSL/TLS inspection.
ResourceArn *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServerCertificate) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServerCertificate) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ServerCertificate) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ServerCertificate"}
if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetResourceArn sets the ResourceArn field's value.
func (s *ServerCertificate) SetResourceArn(v string) *ServerCertificate {
s.ResourceArn = &v
return s
}
// Configures the Certificate Manager certificates and scope that Network Firewall
// uses to decrypt and re-encrypt traffic using a TLSInspectionConfiguration.
// You can configure ServerCertificates for inbound SSL/TLS inspection, a CertificateAuthorityArn
// for outbound SSL/TLS inspection, or both. For information about working with
// certificates for TLS inspection, see Using SSL/TLS server certficiates with
// TLS inspection configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html)
// in the Network Firewall Developer Guide.
//
// If a server certificate that's associated with your TLSInspectionConfiguration
// is revoked, deleted, or expired it can result in client-side TLS errors.
type ServerCertificateConfiguration struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the imported certificate authority (CA)
// certificate within Certificate Manager (ACM) to use for outbound SSL/TLS
// inspection.
//
// The following limitations apply:
//
// * You can use CA certificates that you imported into ACM, but you can't
// generate CA certificates with ACM.
//
// * You can't use certificates issued by Private Certificate Authority.
//
// For more information about configuring certificates for outbound inspection,
// see Using SSL/TLS certificates with certificates with TLS inspection configurations
// (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html)
// in the Network Firewall Developer Guide.
//
// For information about working with certificates in ACM, see Importing certificates
// (https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html)
// in the Certificate Manager User Guide.
CertificateAuthorityArn *string `min:"1" type:"string"`
// When enabled, Network Firewall checks if the server certificate presented
// by the server in the SSL/TLS connection has a revoked or unkown status. If
// the certificate has an unknown or revoked status, you must specify the actions
// that Network Firewall takes on outbound traffic. To check the certificate
// revocation status, you must also specify a CertificateAuthorityArn in ServerCertificateConfiguration.
CheckCertificateRevocationStatus *CheckCertificateRevocationStatusActions `type:"structure"`
// A list of scopes.
Scopes []*ServerCertificateScope `type:"list"`
// The list of server certificates to use for inbound SSL/TLS inspection.
ServerCertificates []*ServerCertificate `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServerCertificateConfiguration) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServerCertificateConfiguration) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ServerCertificateConfiguration) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ServerCertificateConfiguration"}
if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 1))
}
if s.Scopes != nil {
for i, v := range s.Scopes {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Scopes", i), err.(request.ErrInvalidParams))
}
}
}
if s.ServerCertificates != nil {
for i, v := range s.ServerCertificates {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ServerCertificates", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value.
func (s *ServerCertificateConfiguration) SetCertificateAuthorityArn(v string) *ServerCertificateConfiguration {
s.CertificateAuthorityArn = &v
return s
}
// SetCheckCertificateRevocationStatus sets the CheckCertificateRevocationStatus field's value.
func (s *ServerCertificateConfiguration) SetCheckCertificateRevocationStatus(v *CheckCertificateRevocationStatusActions) *ServerCertificateConfiguration {
s.CheckCertificateRevocationStatus = v
return s
}
// SetScopes sets the Scopes field's value.
func (s *ServerCertificateConfiguration) SetScopes(v []*ServerCertificateScope) *ServerCertificateConfiguration {
s.Scopes = v
return s
}
// SetServerCertificates sets the ServerCertificates field's value.
func (s *ServerCertificateConfiguration) SetServerCertificates(v []*ServerCertificate) *ServerCertificateConfiguration {
s.ServerCertificates = v
return s
}
// Settings that define the Secure Sockets Layer/Transport Layer Security (SSL/TLS)
// traffic that Network Firewall should decrypt for inspection by the stateful
// rule engine.
type ServerCertificateScope struct {
_ struct{} `type:"structure"`
// The destination ports to decrypt for inspection, in Transmission Control
// Protocol (TCP) format. If not specified, this matches with any destination
// port.
//
// You can specify individual ports, for example 1994, and you can specify port
// ranges, such as 1990:1994.
DestinationPorts []*PortRange `type:"list"`
// The destination IP addresses and address ranges to decrypt for inspection,
// in CIDR notation. If not specified, this matches with any destination address.
Destinations []*Address `type:"list"`
// The protocols to decrypt for inspection, specified using each protocol's
// assigned internet protocol number (IANA). Network Firewall currently supports
// only TCP.
Protocols []*int64 `type:"list"`
// The source ports to decrypt for inspection, in Transmission Control Protocol
// (TCP) format. If not specified, this matches with any source port.
//
// You can specify individual ports, for example 1994, and you can specify port
// ranges, such as 1990:1994.
SourcePorts []*PortRange `type:"list"`
// The source IP addresses and address ranges to decrypt for inspection, in
// CIDR notation. If not specified, this matches with any source address.
Sources []*Address `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServerCertificateScope) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ServerCertificateScope) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *ServerCertificateScope) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "ServerCertificateScope"}
if s.DestinationPorts != nil {
for i, v := range s.DestinationPorts {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "DestinationPorts", i), err.(request.ErrInvalidParams))
}
}
}
if s.Destinations != nil {
for i, v := range s.Destinations {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Destinations", i), err.(request.ErrInvalidParams))
}
}
}
if s.SourcePorts != nil {
for i, v := range s.SourcePorts {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "SourcePorts", i), err.(request.ErrInvalidParams))
}
}
}
if s.Sources != nil {
for i, v := range s.Sources {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Sources", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetDestinationPorts sets the DestinationPorts field's value.
func (s *ServerCertificateScope) SetDestinationPorts(v []*PortRange) *ServerCertificateScope {
s.DestinationPorts = v
return s
}
// SetDestinations sets the Destinations field's value.
func (s *ServerCertificateScope) SetDestinations(v []*Address) *ServerCertificateScope {
s.Destinations = v
return s
}
// SetProtocols sets the Protocols field's value.
func (s *ServerCertificateScope) SetProtocols(v []*int64) *ServerCertificateScope {
s.Protocols = v
return s
}
// SetSourcePorts sets the SourcePorts field's value.
func (s *ServerCertificateScope) SetSourcePorts(v []*PortRange) *ServerCertificateScope {
s.SourcePorts = v
return s
}
// SetSources sets the Sources field's value.
func (s *ServerCertificateScope) SetSources(v []*Address) *ServerCertificateScope {
s.Sources = v
return s
}
// High-level information about the managed rule group that your own rule group
// is copied from. You can use the the metadata to track version updates made
// to the originating rule group. You can retrieve all objects for a rule group
// by calling DescribeRuleGroup (https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html).
type SourceMetadata struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the rule group that your own rule group
// is copied from.
SourceArn *string `min:"1" type:"string"`
// The update token of the Amazon Web Services managed rule group that your
// own rule group is copied from. To determine the update token for the managed
// rule group, call DescribeRuleGroup (https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html#networkfirewall-DescribeRuleGroup-response-UpdateToken).
SourceUpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SourceMetadata) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SourceMetadata) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *SourceMetadata) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "SourceMetadata"}
if s.SourceArn != nil && len(*s.SourceArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("SourceArn", 1))
}
if s.SourceUpdateToken != nil && len(*s.SourceUpdateToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("SourceUpdateToken", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetSourceArn sets the SourceArn field's value.
func (s *SourceMetadata) SetSourceArn(v string) *SourceMetadata {
s.SourceArn = &v
return s
}
// SetSourceUpdateToken sets the SourceUpdateToken field's value.
func (s *SourceMetadata) SetSourceUpdateToken(v string) *SourceMetadata {
s.SourceUpdateToken = &v
return s
}
// Configuration settings for the handling of the stateful rule groups in a
// firewall policy.
type StatefulEngineOptions struct {
_ struct{} `type:"structure"`
// Indicates how to manage the order of stateful rule evaluation for the policy.
// STRICT_ORDER is the default and recommended option. With STRICT_ORDER, provide
// your rules in the order that you want them to be evaluated. You can then
// choose one or more default actions for packets that don't match any rules.
// Choose STRICT_ORDER to have the stateful rules engine determine the evaluation
// order of your rules. The default action for this rule order is PASS, followed
// by DROP, REJECT, and ALERT actions. Stateful rules are provided to the rule
// engine as Suricata compatible strings, and Suricata evaluates them based
// on your settings. For more information, see Evaluation order for stateful
// rules (https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html)
// in the Network Firewall Developer Guide.
RuleOrder *string `type:"string" enum:"RuleOrder"`
// Configures how Network Firewall processes traffic when a network connection
// breaks midstream. Network connections can break due to disruptions in external
// networks or within the firewall itself.
//
// * DROP - Network Firewall fails closed and drops all subsequent traffic
// going to the firewall. This is the default behavior.
//
// * CONTINUE - Network Firewall continues to apply rules to the subsequent
// traffic without context from traffic before the break. This impacts the
// behavior of rules that depend on this context. For example, if you have
// a stateful rule to drop http traffic, Network Firewall won't match the
// traffic for this rule because the service won't have the context from
// session initialization defining the application layer protocol as HTTP.
// However, this behavior is rule dependent—a TCP-layer rule using a flow:stateless
// rule would still match, as would the aws:drop_strict default action.
//
// * REJECT - Network Firewall fails closed and drops all subsequent traffic
// going to the firewall. Network Firewall also sends a TCP reject packet
// back to your client so that the client can immediately establish a new
// session. Network Firewall will have context about the new session and
// will apply rules to the subsequent traffic.
StreamExceptionPolicy *string `type:"string" enum:"StreamExceptionPolicy"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatefulEngineOptions) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatefulEngineOptions) GoString() string {
return s.String()
}
// SetRuleOrder sets the RuleOrder field's value.
func (s *StatefulEngineOptions) SetRuleOrder(v string) *StatefulEngineOptions {
s.RuleOrder = &v
return s
}
// SetStreamExceptionPolicy sets the StreamExceptionPolicy field's value.
func (s *StatefulEngineOptions) SetStreamExceptionPolicy(v string) *StatefulEngineOptions {
s.StreamExceptionPolicy = &v
return s
}
// A single Suricata rules specification, for use in a stateful rule group.
// Use this option to specify a simple Suricata rule with protocol, source and
// destination, ports, direction, and rule options. For information about the
// Suricata Rules format, see Rules Format (https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html).
type StatefulRule struct {
_ struct{} `type:"structure"`
// Defines what Network Firewall should do with the packets in a traffic flow
// when the flow matches the stateful rule criteria. For all actions, Network
// Firewall performs the specified action and discontinues stateful inspection
// of the traffic flow.
//
// The actions for a stateful rule are defined as follows:
//
// * PASS - Permits the packets to go to the intended destination.
//
// * DROP - Blocks the packets from going to the intended destination and
// sends an alert log message, if alert logging is configured in the Firewall
// LoggingConfiguration.
//
// * ALERT - Sends an alert log message, if alert logging is configured in
// the Firewall LoggingConfiguration. You can use this action to test a rule
// that you intend to use to drop traffic. You can enable the rule with ALERT
// action, verify in the logs that the rule is filtering as you want, then
// change the action to DROP.
//
// * REJECT - Drops traffic that matches the conditions of the stateful rule,
// and sends a TCP reset packet back to sender of the packet. A TCP reset
// packet is a packet with no payload and an RST bit contained in the TCP
// header flags. REJECT is available only for TCP traffic. This option doesn't
// support FTP or IMAP protocols.
//
// Action is a required field
Action *string `type:"string" required:"true" enum:"StatefulAction"`
// The stateful inspection criteria for this rule, used to inspect traffic flows.
//
// Header is a required field
Header *Header `type:"structure" required:"true"`
// Additional options for the rule. These are the Suricata RuleOptions settings.
//
// RuleOptions is a required field
RuleOptions []*RuleOption `type:"list" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatefulRule) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatefulRule) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *StatefulRule) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "StatefulRule"}
if s.Action == nil {
invalidParams.Add(request.NewErrParamRequired("Action"))
}
if s.Header == nil {
invalidParams.Add(request.NewErrParamRequired("Header"))
}
if s.RuleOptions == nil {
invalidParams.Add(request.NewErrParamRequired("RuleOptions"))
}
if s.Header != nil {
if err := s.Header.Validate(); err != nil {
invalidParams.AddNested("Header", err.(request.ErrInvalidParams))
}
}
if s.RuleOptions != nil {
for i, v := range s.RuleOptions {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "RuleOptions", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAction sets the Action field's value.
func (s *StatefulRule) SetAction(v string) *StatefulRule {
s.Action = &v
return s
}
// SetHeader sets the Header field's value.
func (s *StatefulRule) SetHeader(v *Header) *StatefulRule {
s.Header = v
return s
}
// SetRuleOptions sets the RuleOptions field's value.
func (s *StatefulRule) SetRuleOptions(v []*RuleOption) *StatefulRule {
s.RuleOptions = v
return s
}
// The setting that allows the policy owner to change the behavior of the rule
// group within a policy.
type StatefulRuleGroupOverride struct {
_ struct{} `type:"structure"`
// The action that changes the rule group from DROP to ALERT. This only applies
// to managed rule groups.
Action *string `type:"string" enum:"OverrideAction"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatefulRuleGroupOverride) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatefulRuleGroupOverride) GoString() string {
return s.String()
}
// SetAction sets the Action field's value.
func (s *StatefulRuleGroupOverride) SetAction(v string) *StatefulRuleGroupOverride {
s.Action = &v
return s
}
// Identifier for a single stateful rule group, used in a firewall policy to
// refer to a rule group.
type StatefulRuleGroupReference struct {
_ struct{} `type:"structure"`
// The action that allows the policy owner to override the behavior of the rule
// group within a policy.
Override *StatefulRuleGroupOverride `type:"structure"`
// An integer setting that indicates the order in which to run the stateful
// rule groups in a single FirewallPolicy. This setting only applies to firewall
// policies that specify the STRICT_ORDER rule order in the stateful engine
// options settings.
//
// Network Firewall evalutes each stateful rule group against a packet starting
// with the group that has the lowest priority setting. You must ensure that
// the priority settings are unique within each policy.
//
// You can change the priority settings of your rule groups at any time. To
// make it easier to insert rule groups later, number them so there's a wide
// range in between, for example use 100, 200, and so on.
Priority *int64 `min:"1" type:"integer"`
// The Amazon Resource Name (ARN) of the stateful rule group.
//
// ResourceArn is a required field
ResourceArn *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatefulRuleGroupReference) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatefulRuleGroupReference) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *StatefulRuleGroupReference) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "StatefulRuleGroupReference"}
if s.Priority != nil && *s.Priority < 1 {
invalidParams.Add(request.NewErrParamMinValue("Priority", 1))
}
if s.ResourceArn == nil {
invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
}
if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetOverride sets the Override field's value.
func (s *StatefulRuleGroupReference) SetOverride(v *StatefulRuleGroupOverride) *StatefulRuleGroupReference {
s.Override = v
return s
}
// SetPriority sets the Priority field's value.
func (s *StatefulRuleGroupReference) SetPriority(v int64) *StatefulRuleGroupReference {
s.Priority = &v
return s
}
// SetResourceArn sets the ResourceArn field's value.
func (s *StatefulRuleGroupReference) SetResourceArn(v string) *StatefulRuleGroupReference {
s.ResourceArn = &v
return s
}
// Additional options governing how Network Firewall handles the rule group.
// You can only use these for stateful rule groups.
type StatefulRuleOptions struct {
_ struct{} `type:"structure"`
// Indicates how to manage the order of the rule evaluation for the rule group.
// DEFAULT_ACTION_ORDER is the default behavior. Stateful rules are provided
// to the rule engine as Suricata compatible strings, and Suricata evaluates
// them based on certain settings. For more information, see Evaluation order
// for stateful rules (https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html)
// in the Network Firewall Developer Guide.
RuleOrder *string `type:"string" enum:"RuleOrder"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatefulRuleOptions) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatefulRuleOptions) GoString() string {
return s.String()
}
// SetRuleOrder sets the RuleOrder field's value.
func (s *StatefulRuleOptions) SetRuleOrder(v string) *StatefulRuleOptions {
s.RuleOrder = &v
return s
}
// A single stateless rule. This is used in StatelessRulesAndCustomActions.
type StatelessRule struct {
_ struct{} `type:"structure"`
// Indicates the order in which to run this rule relative to all of the rules
// that are defined for a stateless rule group. Network Firewall evaluates the
// rules in a rule group starting with the lowest priority setting. You must
// ensure that the priority settings are unique for the rule group.
//
// Each stateless rule group uses exactly one StatelessRulesAndCustomActions
// object, and each StatelessRulesAndCustomActions contains exactly one StatelessRules
// object. To ensure unique priority settings for your rule groups, set unique
// priorities for the stateless rules that you define inside any single StatelessRules
// object.
//
// You can change the priority settings of your rules at any time. To make it
// easier to insert rules later, number them so there's a wide range in between,
// for example use 100, 200, and so on.
//
// Priority is a required field
Priority *int64 `min:"1" type:"integer" required:"true"`
// Defines the stateless 5-tuple packet inspection criteria and the action to
// take on a packet that matches the criteria.
//
// RuleDefinition is a required field
RuleDefinition *RuleDefinition `type:"structure" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatelessRule) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatelessRule) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *StatelessRule) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "StatelessRule"}
if s.Priority == nil {
invalidParams.Add(request.NewErrParamRequired("Priority"))
}
if s.Priority != nil && *s.Priority < 1 {
invalidParams.Add(request.NewErrParamMinValue("Priority", 1))
}
if s.RuleDefinition == nil {
invalidParams.Add(request.NewErrParamRequired("RuleDefinition"))
}
if s.RuleDefinition != nil {
if err := s.RuleDefinition.Validate(); err != nil {
invalidParams.AddNested("RuleDefinition", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetPriority sets the Priority field's value.
func (s *StatelessRule) SetPriority(v int64) *StatelessRule {
s.Priority = &v
return s
}
// SetRuleDefinition sets the RuleDefinition field's value.
func (s *StatelessRule) SetRuleDefinition(v *RuleDefinition) *StatelessRule {
s.RuleDefinition = v
return s
}
// Identifier for a single stateless rule group, used in a firewall policy to
// refer to the rule group.
type StatelessRuleGroupReference struct {
_ struct{} `type:"structure"`
// An integer setting that indicates the order in which to run the stateless
// rule groups in a single FirewallPolicy. Network Firewall applies each stateless
// rule group to a packet starting with the group that has the lowest priority
// setting. You must ensure that the priority settings are unique within each
// policy.
//
// Priority is a required field
Priority *int64 `min:"1" type:"integer" required:"true"`
// The Amazon Resource Name (ARN) of the stateless rule group.
//
// ResourceArn is a required field
ResourceArn *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatelessRuleGroupReference) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatelessRuleGroupReference) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *StatelessRuleGroupReference) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "StatelessRuleGroupReference"}
if s.Priority == nil {
invalidParams.Add(request.NewErrParamRequired("Priority"))
}
if s.Priority != nil && *s.Priority < 1 {
invalidParams.Add(request.NewErrParamMinValue("Priority", 1))
}
if s.ResourceArn == nil {
invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
}
if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetPriority sets the Priority field's value.
func (s *StatelessRuleGroupReference) SetPriority(v int64) *StatelessRuleGroupReference {
s.Priority = &v
return s
}
// SetResourceArn sets the ResourceArn field's value.
func (s *StatelessRuleGroupReference) SetResourceArn(v string) *StatelessRuleGroupReference {
s.ResourceArn = &v
return s
}
// Stateless inspection criteria. Each stateless rule group uses exactly one
// of these data types to define its stateless rules.
type StatelessRulesAndCustomActions struct {
_ struct{} `type:"structure"`
// Defines an array of individual custom action definitions that are available
// for use by the stateless rules in this StatelessRulesAndCustomActions specification.
// You name each custom action that you define, and then you can use it by name
// in your StatelessRule RuleDefinition Actions specification.
CustomActions []*CustomAction `type:"list"`
// Defines the set of stateless rules for use in a stateless rule group.
//
// StatelessRules is a required field
StatelessRules []*StatelessRule `type:"list" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatelessRulesAndCustomActions) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s StatelessRulesAndCustomActions) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *StatelessRulesAndCustomActions) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "StatelessRulesAndCustomActions"}
if s.StatelessRules == nil {
invalidParams.Add(request.NewErrParamRequired("StatelessRules"))
}
if s.CustomActions != nil {
for i, v := range s.CustomActions {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "CustomActions", i), err.(request.ErrInvalidParams))
}
}
}
if s.StatelessRules != nil {
for i, v := range s.StatelessRules {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "StatelessRules", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetCustomActions sets the CustomActions field's value.
func (s *StatelessRulesAndCustomActions) SetCustomActions(v []*CustomAction) *StatelessRulesAndCustomActions {
s.CustomActions = v
return s
}
// SetStatelessRules sets the StatelessRules field's value.
func (s *StatelessRulesAndCustomActions) SetStatelessRules(v []*StatelessRule) *StatelessRulesAndCustomActions {
s.StatelessRules = v
return s
}
// The ID for a subnet that you want to associate with the firewall. This is
// used with CreateFirewall and AssociateSubnets. Network Firewall creates an
// instance of the associated firewall in each subnet that you specify, to filter
// traffic in the subnet's Availability Zone.
type SubnetMapping struct {
_ struct{} `type:"structure"`
// The subnet's IP address type. You can't change the IP address type after
// you create the subnet.
IPAddressType *string `type:"string" enum:"IPAddressType"`
// The unique identifier for the subnet.
//
// SubnetId is a required field
SubnetId *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SubnetMapping) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SubnetMapping) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *SubnetMapping) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "SubnetMapping"}
if s.SubnetId == nil {
invalidParams.Add(request.NewErrParamRequired("SubnetId"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetIPAddressType sets the IPAddressType field's value.
func (s *SubnetMapping) SetIPAddressType(v string) *SubnetMapping {
s.IPAddressType = &v
return s
}
// SetSubnetId sets the SubnetId field's value.
func (s *SubnetMapping) SetSubnetId(v string) *SubnetMapping {
s.SubnetId = &v
return s
}
// The status of the firewall endpoint and firewall policy configuration for
// a single VPC subnet.
//
// For each VPC subnet that you associate with a firewall, Network Firewall
// does the following:
//
// - Instantiates a firewall endpoint in the subnet, ready to take traffic.
//
// - Configures the endpoint with the current firewall policy settings, to
// provide the filtering behavior for the endpoint.
//
// When you update a firewall, for example to add a subnet association or change
// a rule group in the firewall policy, the affected sync states reflect out-of-sync
// or not ready status until the changes are complete.
type SyncState struct {
_ struct{} `type:"structure"`
// The attachment status of the firewall's association with a single VPC subnet.
// For each configured subnet, Network Firewall creates the attachment by instantiating
// the firewall endpoint in the subnet so that it's ready to take traffic. This
// is part of the FirewallStatus.
Attachment *Attachment `type:"structure"`
// The configuration status of the firewall endpoint in a single VPC subnet.
// Network Firewall provides each endpoint with the rules that are configured
// in the firewall policy. Each time you add a subnet or modify the associated
// firewall policy, Network Firewall synchronizes the rules in the endpoint,
// so it can properly filter network traffic. This is part of the FirewallStatus.
Config map[string]*PerObjectStatus `type:"map"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SyncState) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s SyncState) GoString() string {
return s.String()
}
// SetAttachment sets the Attachment field's value.
func (s *SyncState) SetAttachment(v *Attachment) *SyncState {
s.Attachment = v
return s
}
// SetConfig sets the Config field's value.
func (s *SyncState) SetConfig(v map[string]*PerObjectStatus) *SyncState {
s.Config = v
return s
}
// TCP flags and masks to inspect packets for, used in stateless rules MatchAttributes
// settings.
type TCPFlagField struct {
_ struct{} `type:"structure"`
// Used in conjunction with the Masks setting to define the flags that must
// be set and flags that must not be set in order for the packet to match. This
// setting can only specify values that are also specified in the Masks setting.
//
// For the flags that are specified in the masks setting, the following must
// be true for the packet to match:
//
// * The ones that are set in this flags setting must be set in the packet.
//
// * The ones that are not set in this flags setting must also not be set
// in the packet.
//
// Flags is a required field
Flags []*string `type:"list" required:"true" enum:"TCPFlag"`
// The set of flags to consider in the inspection. To inspect all flags in the
// valid values list, leave this with no setting.
Masks []*string `type:"list" enum:"TCPFlag"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TCPFlagField) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TCPFlagField) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *TCPFlagField) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "TCPFlagField"}
if s.Flags == nil {
invalidParams.Add(request.NewErrParamRequired("Flags"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFlags sets the Flags field's value.
func (s *TCPFlagField) SetFlags(v []*string) *TCPFlagField {
s.Flags = v
return s
}
// SetMasks sets the Masks field's value.
func (s *TCPFlagField) SetMasks(v []*string) *TCPFlagField {
s.Masks = v
return s
}
// The object that defines a TLS inspection configuration. This, along with
// TLSInspectionConfigurationResponse, define the TLS inspection configuration.
// You can retrieve all objects for a TLS inspection configuration by calling
// DescribeTLSInspectionConfiguration.
//
// Network Firewall uses a TLS inspection configuration to decrypt traffic.
// Network Firewall re-encrypts the traffic before sending it to its destination.
//
// To use a TLS inspection configuration, you add it to a new Network Firewall
// firewall policy, then you apply the firewall policy to a firewall. Network
// Firewall acts as a proxy service to decrypt and inspect the traffic traveling
// through your firewalls. You can reference a TLS inspection configuration
// from more than one firewall policy, and you can use a firewall policy in
// more than one firewall. For more information about using TLS inspection configurations,
// see Inspecting SSL/TLS traffic with TLS inspection configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html)
// in the Network Firewall Developer Guide.
type TLSInspectionConfiguration struct {
_ struct{} `type:"structure"`
// Lists the server certificate configurations that are associated with the
// TLS configuration.
ServerCertificateConfigurations []*ServerCertificateConfiguration `type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TLSInspectionConfiguration) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TLSInspectionConfiguration) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *TLSInspectionConfiguration) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "TLSInspectionConfiguration"}
if s.ServerCertificateConfigurations != nil {
for i, v := range s.ServerCertificateConfigurations {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ServerCertificateConfigurations", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetServerCertificateConfigurations sets the ServerCertificateConfigurations field's value.
func (s *TLSInspectionConfiguration) SetServerCertificateConfigurations(v []*ServerCertificateConfiguration) *TLSInspectionConfiguration {
s.ServerCertificateConfigurations = v
return s
}
// High-level information about a TLS inspection configuration, returned by
// ListTLSInspectionConfigurations. You can use the information provided in
// the metadata to retrieve and manage a TLS configuration.
type TLSInspectionConfigurationMetadata struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the TLS inspection configuration.
Arn *string `min:"1" type:"string"`
// The descriptive name of the TLS inspection configuration. You can't change
// the name of a TLS inspection configuration after you create it.
Name *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TLSInspectionConfigurationMetadata) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TLSInspectionConfigurationMetadata) GoString() string {
return s.String()
}
// SetArn sets the Arn field's value.
func (s *TLSInspectionConfigurationMetadata) SetArn(v string) *TLSInspectionConfigurationMetadata {
s.Arn = &v
return s
}
// SetName sets the Name field's value.
func (s *TLSInspectionConfigurationMetadata) SetName(v string) *TLSInspectionConfigurationMetadata {
s.Name = &v
return s
}
// The high-level properties of a TLS inspection configuration. This, along
// with the TLSInspectionConfiguration, define the TLS inspection configuration.
// You can retrieve all objects for a TLS inspection configuration by calling
// DescribeTLSInspectionConfiguration.
type TLSInspectionConfigurationResponse struct {
_ struct{} `type:"structure"`
// Contains metadata about an Certificate Manager certificate.
CertificateAuthority *TlsCertificateData `type:"structure"`
// A list of the certificates associated with the TLS inspection configuration.
Certificates []*TlsCertificateData `type:"list"`
// A description of the TLS inspection configuration.
Description *string `type:"string"`
// A complex type that contains the Amazon Web Services KMS encryption configuration
// settings for your TLS inspection configuration.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
// The last time that the TLS inspection configuration was changed.
LastModifiedTime *time.Time `type:"timestamp"`
// The number of firewall policies that use this TLS inspection configuration.
NumberOfAssociations *int64 `type:"integer"`
// The Amazon Resource Name (ARN) of the TLS inspection configuration.
//
// TLSInspectionConfigurationArn is a required field
TLSInspectionConfigurationArn *string `min:"1" type:"string" required:"true"`
// A unique identifier for the TLS inspection configuration. This ID is returned
// in the responses to create and list commands. You provide it to operations
// such as update and delete.
//
// TLSInspectionConfigurationId is a required field
TLSInspectionConfigurationId *string `min:"36" type:"string" required:"true"`
// The descriptive name of the TLS inspection configuration. You can't change
// the name of a TLS inspection configuration after you create it.
//
// TLSInspectionConfigurationName is a required field
TLSInspectionConfigurationName *string `min:"1" type:"string" required:"true"`
// Detailed information about the current status of a TLSInspectionConfiguration.
// You can retrieve this for a TLS inspection configuration by calling DescribeTLSInspectionConfiguration
// and providing the TLS inspection configuration name and ARN.
TLSInspectionConfigurationStatus *string `type:"string" enum:"ResourceStatus"`
// The key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TLSInspectionConfigurationResponse) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TLSInspectionConfigurationResponse) GoString() string {
return s.String()
}
// SetCertificateAuthority sets the CertificateAuthority field's value.
func (s *TLSInspectionConfigurationResponse) SetCertificateAuthority(v *TlsCertificateData) *TLSInspectionConfigurationResponse {
s.CertificateAuthority = v
return s
}
// SetCertificates sets the Certificates field's value.
func (s *TLSInspectionConfigurationResponse) SetCertificates(v []*TlsCertificateData) *TLSInspectionConfigurationResponse {
s.Certificates = v
return s
}
// SetDescription sets the Description field's value.
func (s *TLSInspectionConfigurationResponse) SetDescription(v string) *TLSInspectionConfigurationResponse {
s.Description = &v
return s
}
// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
func (s *TLSInspectionConfigurationResponse) SetEncryptionConfiguration(v *EncryptionConfiguration) *TLSInspectionConfigurationResponse {
s.EncryptionConfiguration = v
return s
}
// SetLastModifiedTime sets the LastModifiedTime field's value.
func (s *TLSInspectionConfigurationResponse) SetLastModifiedTime(v time.Time) *TLSInspectionConfigurationResponse {
s.LastModifiedTime = &v
return s
}
// SetNumberOfAssociations sets the NumberOfAssociations field's value.
func (s *TLSInspectionConfigurationResponse) SetNumberOfAssociations(v int64) *TLSInspectionConfigurationResponse {
s.NumberOfAssociations = &v
return s
}
// SetTLSInspectionConfigurationArn sets the TLSInspectionConfigurationArn field's value.
func (s *TLSInspectionConfigurationResponse) SetTLSInspectionConfigurationArn(v string) *TLSInspectionConfigurationResponse {
s.TLSInspectionConfigurationArn = &v
return s
}
// SetTLSInspectionConfigurationId sets the TLSInspectionConfigurationId field's value.
func (s *TLSInspectionConfigurationResponse) SetTLSInspectionConfigurationId(v string) *TLSInspectionConfigurationResponse {
s.TLSInspectionConfigurationId = &v
return s
}
// SetTLSInspectionConfigurationName sets the TLSInspectionConfigurationName field's value.
func (s *TLSInspectionConfigurationResponse) SetTLSInspectionConfigurationName(v string) *TLSInspectionConfigurationResponse {
s.TLSInspectionConfigurationName = &v
return s
}
// SetTLSInspectionConfigurationStatus sets the TLSInspectionConfigurationStatus field's value.
func (s *TLSInspectionConfigurationResponse) SetTLSInspectionConfigurationStatus(v string) *TLSInspectionConfigurationResponse {
s.TLSInspectionConfigurationStatus = &v
return s
}
// SetTags sets the Tags field's value.
func (s *TLSInspectionConfigurationResponse) SetTags(v []*Tag) *TLSInspectionConfigurationResponse {
s.Tags = v
return s
}
// A key:value pair associated with an Amazon Web Services resource. The key:value
// pair can be anything you define. Typically, the tag key represents a category
// (such as "environment") and the tag value represents a specific value within
// that category (such as "test," "development," or "production"). You can add
// up to 50 tags to each Amazon Web Services resource.
type Tag struct {
_ struct{} `type:"structure"`
// The part of the key:value pair that defines a tag. You can use a tag key
// to describe a category of information, such as "customer." Tag keys are case-sensitive.
//
// Key is a required field
Key *string `min:"1" type:"string" required:"true"`
// The part of the key:value pair that defines a tag. You can use a tag value
// to describe a specific value within a category, such as "companyA" or "companyB."
// Tag values are case-sensitive.
//
// Value is a required field
Value *string `type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Tag) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s Tag) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *Tag) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "Tag"}
if s.Key == nil {
invalidParams.Add(request.NewErrParamRequired("Key"))
}
if s.Key != nil && len(*s.Key) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Key", 1))
}
if s.Value == nil {
invalidParams.Add(request.NewErrParamRequired("Value"))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetKey sets the Key field's value.
func (s *Tag) SetKey(v string) *Tag {
s.Key = &v
return s
}
// SetValue sets the Value field's value.
func (s *Tag) SetValue(v string) *Tag {
s.Value = &v
return s
}
type TagResourceInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the resource.
//
// ResourceArn is a required field
ResourceArn *string `min:"1" type:"string" required:"true"`
// Tags is a required field
Tags []*Tag `min:"1" type:"list" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *TagResourceInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
if s.ResourceArn == nil {
invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
}
if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
}
if s.Tags == nil {
invalidParams.Add(request.NewErrParamRequired("Tags"))
}
if s.Tags != nil && len(s.Tags) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
}
if s.Tags != nil {
for i, v := range s.Tags {
if v == nil {
continue
}
if err := v.Validate(); err != nil {
invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams))
}
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetResourceArn sets the ResourceArn field's value.
func (s *TagResourceInput) SetResourceArn(v string) *TagResourceInput {
s.ResourceArn = &v
return s
}
// SetTags sets the Tags field's value.
func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput {
s.Tags = v
return s
}
type TagResourceOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TagResourceOutput) GoString() string {
return s.String()
}
// Unable to process the request due to throttling limitations.
type ThrottlingException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ThrottlingException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s ThrottlingException) GoString() string {
return s.String()
}
func newErrorThrottlingException(v protocol.ResponseMetadata) error {
return &ThrottlingException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *ThrottlingException) Code() string {
return "ThrottlingException"
}
// Message returns the exception's message.
func (s *ThrottlingException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *ThrottlingException) OrigErr() error {
return nil
}
func (s *ThrottlingException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *ThrottlingException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *ThrottlingException) RequestID() string {
return s.RespMetadata.RequestID
}
// Contains metadata about an Certificate Manager certificate.
type TlsCertificateData struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the certificate.
CertificateArn *string `min:"1" type:"string"`
// The serial number of the certificate.
CertificateSerial *string `type:"string"`
// The status of the certificate.
Status *string `type:"string"`
// Contains details about the certificate status, including information about
// certificate errors.
StatusMessage *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TlsCertificateData) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s TlsCertificateData) GoString() string {
return s.String()
}
// SetCertificateArn sets the CertificateArn field's value.
func (s *TlsCertificateData) SetCertificateArn(v string) *TlsCertificateData {
s.CertificateArn = &v
return s
}
// SetCertificateSerial sets the CertificateSerial field's value.
func (s *TlsCertificateData) SetCertificateSerial(v string) *TlsCertificateData {
s.CertificateSerial = &v
return s
}
// SetStatus sets the Status field's value.
func (s *TlsCertificateData) SetStatus(v string) *TlsCertificateData {
s.Status = &v
return s
}
// SetStatusMessage sets the StatusMessage field's value.
func (s *TlsCertificateData) SetStatusMessage(v string) *TlsCertificateData {
s.StatusMessage = &v
return s
}
// The operation you requested isn't supported by Network Firewall.
type UnsupportedOperationException struct {
_ struct{} `type:"structure"`
RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
Message_ *string `locationName:"Message" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UnsupportedOperationException) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UnsupportedOperationException) GoString() string {
return s.String()
}
func newErrorUnsupportedOperationException(v protocol.ResponseMetadata) error {
return &UnsupportedOperationException{
RespMetadata: v,
}
}
// Code returns the exception type name.
func (s *UnsupportedOperationException) Code() string {
return "UnsupportedOperationException"
}
// Message returns the exception's message.
func (s *UnsupportedOperationException) Message() string {
if s.Message_ != nil {
return *s.Message_
}
return ""
}
// OrigErr always returns nil, satisfies awserr.Error interface.
func (s *UnsupportedOperationException) OrigErr() error {
return nil
}
func (s *UnsupportedOperationException) Error() string {
return fmt.Sprintf("%s: %s", s.Code(), s.Message())
}
// Status code returns the HTTP status code for the request's response error.
func (s *UnsupportedOperationException) StatusCode() int {
return s.RespMetadata.StatusCode
}
// RequestID returns the service's response RequestID for request.
func (s *UnsupportedOperationException) RequestID() string {
return s.RespMetadata.RequestID
}
type UntagResourceInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the resource.
//
// ResourceArn is a required field
ResourceArn *string `min:"1" type:"string" required:"true"`
// TagKeys is a required field
TagKeys []*string `min:"1" type:"list" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *UntagResourceInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
if s.ResourceArn == nil {
invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
}
if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
}
if s.TagKeys == nil {
invalidParams.Add(request.NewErrParamRequired("TagKeys"))
}
if s.TagKeys != nil && len(s.TagKeys) < 1 {
invalidParams.Add(request.NewErrParamMinLen("TagKeys", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetResourceArn sets the ResourceArn field's value.
func (s *UntagResourceInput) SetResourceArn(v string) *UntagResourceInput {
s.ResourceArn = &v
return s
}
// SetTagKeys sets the TagKeys field's value.
func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput {
s.TagKeys = v
return s
}
type UntagResourceOutput struct {
_ struct{} `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UntagResourceOutput) GoString() string {
return s.String()
}
type UpdateFirewallDeleteProtectionInput struct {
_ struct{} `type:"structure"`
// A flag indicating whether it is possible to delete the firewall. A setting
// of TRUE indicates that the firewall is protected against deletion. Use this
// setting to protect against accidentally deleting a firewall that is in use.
// When you create a firewall, the operation initializes this flag to TRUE.
//
// DeleteProtection is a required field
DeleteProtection *bool `type:"boolean" required:"true"`
// The Amazon Resource Name (ARN) of the firewall.
//
// You must specify the ARN or the name, and you can specify both.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallName *string `min:"1" type:"string"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallDeleteProtectionInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallDeleteProtectionInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateFirewallDeleteProtectionInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UpdateFirewallDeleteProtectionInput"}
if s.DeleteProtection == nil {
invalidParams.Add(request.NewErrParamRequired("DeleteProtection"))
}
if s.FirewallArn != nil && len(*s.FirewallArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallArn", 1))
}
if s.FirewallName != nil && len(*s.FirewallName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallName", 1))
}
if s.UpdateToken != nil && len(*s.UpdateToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("UpdateToken", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetDeleteProtection sets the DeleteProtection field's value.
func (s *UpdateFirewallDeleteProtectionInput) SetDeleteProtection(v bool) *UpdateFirewallDeleteProtectionInput {
s.DeleteProtection = &v
return s
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *UpdateFirewallDeleteProtectionInput) SetFirewallArn(v string) *UpdateFirewallDeleteProtectionInput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *UpdateFirewallDeleteProtectionInput) SetFirewallName(v string) *UpdateFirewallDeleteProtectionInput {
s.FirewallName = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateFirewallDeleteProtectionInput) SetUpdateToken(v string) *UpdateFirewallDeleteProtectionInput {
s.UpdateToken = &v
return s
}
type UpdateFirewallDeleteProtectionOutput struct {
_ struct{} `type:"structure"`
// A flag indicating whether it is possible to delete the firewall. A setting
// of TRUE indicates that the firewall is protected against deletion. Use this
// setting to protect against accidentally deleting a firewall that is in use.
// When you create a firewall, the operation initializes this flag to TRUE.
DeleteProtection *bool `type:"boolean"`
// The Amazon Resource Name (ARN) of the firewall.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
FirewallName *string `min:"1" type:"string"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallDeleteProtectionOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallDeleteProtectionOutput) GoString() string {
return s.String()
}
// SetDeleteProtection sets the DeleteProtection field's value.
func (s *UpdateFirewallDeleteProtectionOutput) SetDeleteProtection(v bool) *UpdateFirewallDeleteProtectionOutput {
s.DeleteProtection = &v
return s
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *UpdateFirewallDeleteProtectionOutput) SetFirewallArn(v string) *UpdateFirewallDeleteProtectionOutput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *UpdateFirewallDeleteProtectionOutput) SetFirewallName(v string) *UpdateFirewallDeleteProtectionOutput {
s.FirewallName = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateFirewallDeleteProtectionOutput) SetUpdateToken(v string) *UpdateFirewallDeleteProtectionOutput {
s.UpdateToken = &v
return s
}
type UpdateFirewallDescriptionInput struct {
_ struct{} `type:"structure"`
// The new description for the firewall. If you omit this setting, Network Firewall
// removes the description for the firewall.
Description *string `type:"string"`
// The Amazon Resource Name (ARN) of the firewall.
//
// You must specify the ARN or the name, and you can specify both.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallName *string `min:"1" type:"string"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallDescriptionInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallDescriptionInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateFirewallDescriptionInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UpdateFirewallDescriptionInput"}
if s.FirewallArn != nil && len(*s.FirewallArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallArn", 1))
}
if s.FirewallName != nil && len(*s.FirewallName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallName", 1))
}
if s.UpdateToken != nil && len(*s.UpdateToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("UpdateToken", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetDescription sets the Description field's value.
func (s *UpdateFirewallDescriptionInput) SetDescription(v string) *UpdateFirewallDescriptionInput {
s.Description = &v
return s
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *UpdateFirewallDescriptionInput) SetFirewallArn(v string) *UpdateFirewallDescriptionInput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *UpdateFirewallDescriptionInput) SetFirewallName(v string) *UpdateFirewallDescriptionInput {
s.FirewallName = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateFirewallDescriptionInput) SetUpdateToken(v string) *UpdateFirewallDescriptionInput {
s.UpdateToken = &v
return s
}
type UpdateFirewallDescriptionOutput struct {
_ struct{} `type:"structure"`
// A description of the firewall.
Description *string `type:"string"`
// The Amazon Resource Name (ARN) of the firewall.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
FirewallName *string `min:"1" type:"string"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallDescriptionOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallDescriptionOutput) GoString() string {
return s.String()
}
// SetDescription sets the Description field's value.
func (s *UpdateFirewallDescriptionOutput) SetDescription(v string) *UpdateFirewallDescriptionOutput {
s.Description = &v
return s
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *UpdateFirewallDescriptionOutput) SetFirewallArn(v string) *UpdateFirewallDescriptionOutput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *UpdateFirewallDescriptionOutput) SetFirewallName(v string) *UpdateFirewallDescriptionOutput {
s.FirewallName = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateFirewallDescriptionOutput) SetUpdateToken(v string) *UpdateFirewallDescriptionOutput {
s.UpdateToken = &v
return s
}
type UpdateFirewallEncryptionConfigurationInput struct {
_ struct{} `type:"structure"`
// A complex type that contains optional Amazon Web Services Key Management
// Service (KMS) encryption settings for your Network Firewall resources. Your
// data is encrypted by default with an Amazon Web Services owned key that Amazon
// Web Services owns and manages for you. You can use either the Amazon Web
// Services owned key, or provide your own customer managed key. To learn more
// about KMS encryption of your Network Firewall resources, see Encryption at
// rest with Amazon Web Services Key Managment Service (https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html)
// in the Network Firewall Developer Guide.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
FirewallName *string `min:"1" type:"string"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallEncryptionConfigurationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallEncryptionConfigurationInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateFirewallEncryptionConfigurationInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UpdateFirewallEncryptionConfigurationInput"}
if s.FirewallArn != nil && len(*s.FirewallArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallArn", 1))
}
if s.FirewallName != nil && len(*s.FirewallName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallName", 1))
}
if s.UpdateToken != nil && len(*s.UpdateToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("UpdateToken", 1))
}
if s.EncryptionConfiguration != nil {
if err := s.EncryptionConfiguration.Validate(); err != nil {
invalidParams.AddNested("EncryptionConfiguration", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
func (s *UpdateFirewallEncryptionConfigurationInput) SetEncryptionConfiguration(v *EncryptionConfiguration) *UpdateFirewallEncryptionConfigurationInput {
s.EncryptionConfiguration = v
return s
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *UpdateFirewallEncryptionConfigurationInput) SetFirewallArn(v string) *UpdateFirewallEncryptionConfigurationInput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *UpdateFirewallEncryptionConfigurationInput) SetFirewallName(v string) *UpdateFirewallEncryptionConfigurationInput {
s.FirewallName = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateFirewallEncryptionConfigurationInput) SetUpdateToken(v string) *UpdateFirewallEncryptionConfigurationInput {
s.UpdateToken = &v
return s
}
type UpdateFirewallEncryptionConfigurationOutput struct {
_ struct{} `type:"structure"`
// A complex type that contains optional Amazon Web Services Key Management
// Service (KMS) encryption settings for your Network Firewall resources. Your
// data is encrypted by default with an Amazon Web Services owned key that Amazon
// Web Services owns and manages for you. You can use either the Amazon Web
// Services owned key, or provide your own customer managed key. To learn more
// about KMS encryption of your Network Firewall resources, see Encryption at
// rest with Amazon Web Services Key Managment Service (https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html)
// in the Network Firewall Developer Guide.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
FirewallName *string `min:"1" type:"string"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallEncryptionConfigurationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallEncryptionConfigurationOutput) GoString() string {
return s.String()
}
// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
func (s *UpdateFirewallEncryptionConfigurationOutput) SetEncryptionConfiguration(v *EncryptionConfiguration) *UpdateFirewallEncryptionConfigurationOutput {
s.EncryptionConfiguration = v
return s
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *UpdateFirewallEncryptionConfigurationOutput) SetFirewallArn(v string) *UpdateFirewallEncryptionConfigurationOutput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *UpdateFirewallEncryptionConfigurationOutput) SetFirewallName(v string) *UpdateFirewallEncryptionConfigurationOutput {
s.FirewallName = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateFirewallEncryptionConfigurationOutput) SetUpdateToken(v string) *UpdateFirewallEncryptionConfigurationOutput {
s.UpdateToken = &v
return s
}
type UpdateFirewallPolicyChangeProtectionInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
//
// You must specify the ARN or the name, and you can specify both.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallName *string `min:"1" type:"string"`
// A setting indicating whether the firewall is protected against a change to
// the firewall policy association. Use this setting to protect against accidentally
// modifying the firewall policy for a firewall that is in use. When you create
// a firewall, the operation initializes this setting to TRUE.
//
// FirewallPolicyChangeProtection is a required field
FirewallPolicyChangeProtection *bool `type:"boolean" required:"true"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallPolicyChangeProtectionInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallPolicyChangeProtectionInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateFirewallPolicyChangeProtectionInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UpdateFirewallPolicyChangeProtectionInput"}
if s.FirewallArn != nil && len(*s.FirewallArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallArn", 1))
}
if s.FirewallName != nil && len(*s.FirewallName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallName", 1))
}
if s.FirewallPolicyChangeProtection == nil {
invalidParams.Add(request.NewErrParamRequired("FirewallPolicyChangeProtection"))
}
if s.UpdateToken != nil && len(*s.UpdateToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("UpdateToken", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *UpdateFirewallPolicyChangeProtectionInput) SetFirewallArn(v string) *UpdateFirewallPolicyChangeProtectionInput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *UpdateFirewallPolicyChangeProtectionInput) SetFirewallName(v string) *UpdateFirewallPolicyChangeProtectionInput {
s.FirewallName = &v
return s
}
// SetFirewallPolicyChangeProtection sets the FirewallPolicyChangeProtection field's value.
func (s *UpdateFirewallPolicyChangeProtectionInput) SetFirewallPolicyChangeProtection(v bool) *UpdateFirewallPolicyChangeProtectionInput {
s.FirewallPolicyChangeProtection = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateFirewallPolicyChangeProtectionInput) SetUpdateToken(v string) *UpdateFirewallPolicyChangeProtectionInput {
s.UpdateToken = &v
return s
}
type UpdateFirewallPolicyChangeProtectionOutput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
FirewallName *string `min:"1" type:"string"`
// A setting indicating whether the firewall is protected against a change to
// the firewall policy association. Use this setting to protect against accidentally
// modifying the firewall policy for a firewall that is in use. When you create
// a firewall, the operation initializes this setting to TRUE.
FirewallPolicyChangeProtection *bool `type:"boolean"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallPolicyChangeProtectionOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallPolicyChangeProtectionOutput) GoString() string {
return s.String()
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *UpdateFirewallPolicyChangeProtectionOutput) SetFirewallArn(v string) *UpdateFirewallPolicyChangeProtectionOutput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *UpdateFirewallPolicyChangeProtectionOutput) SetFirewallName(v string) *UpdateFirewallPolicyChangeProtectionOutput {
s.FirewallName = &v
return s
}
// SetFirewallPolicyChangeProtection sets the FirewallPolicyChangeProtection field's value.
func (s *UpdateFirewallPolicyChangeProtectionOutput) SetFirewallPolicyChangeProtection(v bool) *UpdateFirewallPolicyChangeProtectionOutput {
s.FirewallPolicyChangeProtection = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateFirewallPolicyChangeProtectionOutput) SetUpdateToken(v string) *UpdateFirewallPolicyChangeProtectionOutput {
s.UpdateToken = &v
return s
}
type UpdateFirewallPolicyInput struct {
_ struct{} `type:"structure"`
// A description of the firewall policy.
Description *string `type:"string"`
// Indicates whether you want Network Firewall to just check the validity of
// the request, rather than run the request.
//
// If set to TRUE, Network Firewall checks whether the request can run successfully,
// but doesn't actually make the requested changes. The call returns the value
// that the request would return if you ran it with dry run set to FALSE, but
// doesn't make additions or changes to your resources. This option allows you
// to make sure that you have the required permissions to run the request and
// that your request parameters are valid.
//
// If set to FALSE, Network Firewall makes the requested changes to your resources.
DryRun *bool `type:"boolean"`
// A complex type that contains settings for encryption of your firewall policy
// resources.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
// The updated firewall policy to use for the firewall. You can't add or remove
// a TLSInspectionConfiguration after you create a firewall policy. However,
// you can replace an existing TLS inspection configuration with another TLSInspectionConfiguration.
//
// FirewallPolicy is a required field
FirewallPolicy *FirewallPolicy `type:"structure" required:"true"`
// The Amazon Resource Name (ARN) of the firewall policy.
//
// You must specify the ARN or the name, and you can specify both.
FirewallPolicyArn *string `min:"1" type:"string"`
// The descriptive name of the firewall policy. You can't change the name of
// a firewall policy after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallPolicyName *string `min:"1" type:"string"`
// A token used for optimistic locking. Network Firewall returns a token to
// your requests that access the firewall policy. The token marks the state
// of the policy resource at the time of the request.
//
// To make changes to the policy, you provide the token in your request. Network
// Firewall uses the token to ensure that the policy hasn't changed since you
// last retrieved it. If it has changed, the operation fails with an InvalidTokenException.
// If this happens, retrieve the firewall policy again to get a current copy
// of it with current token. Reapply your changes as needed, then try the operation
// again using the new token.
//
// UpdateToken is a required field
UpdateToken *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallPolicyInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallPolicyInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateFirewallPolicyInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UpdateFirewallPolicyInput"}
if s.FirewallPolicy == nil {
invalidParams.Add(request.NewErrParamRequired("FirewallPolicy"))
}
if s.FirewallPolicyArn != nil && len(*s.FirewallPolicyArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallPolicyArn", 1))
}
if s.FirewallPolicyName != nil && len(*s.FirewallPolicyName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallPolicyName", 1))
}
if s.UpdateToken == nil {
invalidParams.Add(request.NewErrParamRequired("UpdateToken"))
}
if s.UpdateToken != nil && len(*s.UpdateToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("UpdateToken", 1))
}
if s.EncryptionConfiguration != nil {
if err := s.EncryptionConfiguration.Validate(); err != nil {
invalidParams.AddNested("EncryptionConfiguration", err.(request.ErrInvalidParams))
}
}
if s.FirewallPolicy != nil {
if err := s.FirewallPolicy.Validate(); err != nil {
invalidParams.AddNested("FirewallPolicy", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetDescription sets the Description field's value.
func (s *UpdateFirewallPolicyInput) SetDescription(v string) *UpdateFirewallPolicyInput {
s.Description = &v
return s
}
// SetDryRun sets the DryRun field's value.
func (s *UpdateFirewallPolicyInput) SetDryRun(v bool) *UpdateFirewallPolicyInput {
s.DryRun = &v
return s
}
// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
func (s *UpdateFirewallPolicyInput) SetEncryptionConfiguration(v *EncryptionConfiguration) *UpdateFirewallPolicyInput {
s.EncryptionConfiguration = v
return s
}
// SetFirewallPolicy sets the FirewallPolicy field's value.
func (s *UpdateFirewallPolicyInput) SetFirewallPolicy(v *FirewallPolicy) *UpdateFirewallPolicyInput {
s.FirewallPolicy = v
return s
}
// SetFirewallPolicyArn sets the FirewallPolicyArn field's value.
func (s *UpdateFirewallPolicyInput) SetFirewallPolicyArn(v string) *UpdateFirewallPolicyInput {
s.FirewallPolicyArn = &v
return s
}
// SetFirewallPolicyName sets the FirewallPolicyName field's value.
func (s *UpdateFirewallPolicyInput) SetFirewallPolicyName(v string) *UpdateFirewallPolicyInput {
s.FirewallPolicyName = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateFirewallPolicyInput) SetUpdateToken(v string) *UpdateFirewallPolicyInput {
s.UpdateToken = &v
return s
}
type UpdateFirewallPolicyOutput struct {
_ struct{} `type:"structure"`
// The high-level properties of a firewall policy. This, along with the FirewallPolicy,
// define the policy. You can retrieve all objects for a firewall policy by
// calling DescribeFirewallPolicy.
//
// FirewallPolicyResponse is a required field
FirewallPolicyResponse *FirewallPolicyResponse `type:"structure" required:"true"`
// A token used for optimistic locking. Network Firewall returns a token to
// your requests that access the firewall policy. The token marks the state
// of the policy resource at the time of the request.
//
// To make changes to the policy, you provide the token in your request. Network
// Firewall uses the token to ensure that the policy hasn't changed since you
// last retrieved it. If it has changed, the operation fails with an InvalidTokenException.
// If this happens, retrieve the firewall policy again to get a current copy
// of it with current token. Reapply your changes as needed, then try the operation
// again using the new token.
//
// UpdateToken is a required field
UpdateToken *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallPolicyOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateFirewallPolicyOutput) GoString() string {
return s.String()
}
// SetFirewallPolicyResponse sets the FirewallPolicyResponse field's value.
func (s *UpdateFirewallPolicyOutput) SetFirewallPolicyResponse(v *FirewallPolicyResponse) *UpdateFirewallPolicyOutput {
s.FirewallPolicyResponse = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateFirewallPolicyOutput) SetUpdateToken(v string) *UpdateFirewallPolicyOutput {
s.UpdateToken = &v
return s
}
type UpdateLoggingConfigurationInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
//
// You must specify the ARN or the name, and you can specify both.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallName *string `min:"1" type:"string"`
// Defines how Network Firewall performs logging for a firewall. If you omit
// this setting, Network Firewall disables logging for the firewall.
LoggingConfiguration *LoggingConfiguration `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateLoggingConfigurationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateLoggingConfigurationInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateLoggingConfigurationInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UpdateLoggingConfigurationInput"}
if s.FirewallArn != nil && len(*s.FirewallArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallArn", 1))
}
if s.FirewallName != nil && len(*s.FirewallName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallName", 1))
}
if s.LoggingConfiguration != nil {
if err := s.LoggingConfiguration.Validate(); err != nil {
invalidParams.AddNested("LoggingConfiguration", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *UpdateLoggingConfigurationInput) SetFirewallArn(v string) *UpdateLoggingConfigurationInput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *UpdateLoggingConfigurationInput) SetFirewallName(v string) *UpdateLoggingConfigurationInput {
s.FirewallName = &v
return s
}
// SetLoggingConfiguration sets the LoggingConfiguration field's value.
func (s *UpdateLoggingConfigurationInput) SetLoggingConfiguration(v *LoggingConfiguration) *UpdateLoggingConfigurationInput {
s.LoggingConfiguration = v
return s
}
type UpdateLoggingConfigurationOutput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
FirewallName *string `min:"1" type:"string"`
// Defines how Network Firewall performs logging for a Firewall.
LoggingConfiguration *LoggingConfiguration `type:"structure"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateLoggingConfigurationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateLoggingConfigurationOutput) GoString() string {
return s.String()
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *UpdateLoggingConfigurationOutput) SetFirewallArn(v string) *UpdateLoggingConfigurationOutput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *UpdateLoggingConfigurationOutput) SetFirewallName(v string) *UpdateLoggingConfigurationOutput {
s.FirewallName = &v
return s
}
// SetLoggingConfiguration sets the LoggingConfiguration field's value.
func (s *UpdateLoggingConfigurationOutput) SetLoggingConfiguration(v *LoggingConfiguration) *UpdateLoggingConfigurationOutput {
s.LoggingConfiguration = v
return s
}
type UpdateRuleGroupInput struct {
_ struct{} `type:"structure"`
// Indicates whether you want Network Firewall to analyze the stateless rules
// in the rule group for rule behavior such as asymmetric routing. If set to
// TRUE, Network Firewall runs the analysis and then updates the rule group
// for you. To run the stateless rule group analyzer without updating the rule
// group, set DryRun to TRUE.
AnalyzeRuleGroup *bool `type:"boolean"`
// A description of the rule group.
Description *string `type:"string"`
// Indicates whether you want Network Firewall to just check the validity of
// the request, rather than run the request.
//
// If set to TRUE, Network Firewall checks whether the request can run successfully,
// but doesn't actually make the requested changes. The call returns the value
// that the request would return if you ran it with dry run set to FALSE, but
// doesn't make additions or changes to your resources. This option allows you
// to make sure that you have the required permissions to run the request and
// that your request parameters are valid.
//
// If set to FALSE, Network Firewall makes the requested changes to your resources.
DryRun *bool `type:"boolean"`
// A complex type that contains settings for encryption of your rule group resources.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
// An object that defines the rule group rules.
//
// You must provide either this rule group setting or a Rules setting, but not
// both.
RuleGroup *RuleGroup `type:"structure"`
// The Amazon Resource Name (ARN) of the rule group.
//
// You must specify the ARN or the name, and you can specify both.
RuleGroupArn *string `min:"1" type:"string"`
// The descriptive name of the rule group. You can't change the name of a rule
// group after you create it.
//
// You must specify the ARN or the name, and you can specify both.
RuleGroupName *string `min:"1" type:"string"`
// A string containing stateful rule group rules specifications in Suricata
// flat format, with one rule per line. Use this to import your existing Suricata
// compatible rule groups.
//
// You must provide either this rules setting or a populated RuleGroup setting,
// but not both.
//
// You can provide your rule group specification in Suricata flat format through
// this setting when you create or update your rule group. The call response
// returns a RuleGroup object that Network Firewall has populated from your
// string.
Rules *string `type:"string"`
// A complex type that contains metadata about the rule group that your own
// rule group is copied from. You can use the metadata to keep track of updates
// made to the originating rule group.
SourceMetadata *SourceMetadata `type:"structure"`
// Indicates whether the rule group is stateless or stateful. If the rule group
// is stateless, it contains stateless rules. If it is stateful, it contains
// stateful rules.
//
// This setting is required for requests that do not include the RuleGroupARN.
Type *string `type:"string" enum:"RuleGroupType"`
// A token used for optimistic locking. Network Firewall returns a token to
// your requests that access the rule group. The token marks the state of the
// rule group resource at the time of the request.
//
// To make changes to the rule group, you provide the token in your request.
// Network Firewall uses the token to ensure that the rule group hasn't changed
// since you last retrieved it. If it has changed, the operation fails with
// an InvalidTokenException. If this happens, retrieve the rule group again
// to get a current copy of it with a current token. Reapply your changes as
// needed, then try the operation again using the new token.
//
// UpdateToken is a required field
UpdateToken *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateRuleGroupInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateRuleGroupInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateRuleGroupInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UpdateRuleGroupInput"}
if s.RuleGroupArn != nil && len(*s.RuleGroupArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("RuleGroupArn", 1))
}
if s.RuleGroupName != nil && len(*s.RuleGroupName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("RuleGroupName", 1))
}
if s.UpdateToken == nil {
invalidParams.Add(request.NewErrParamRequired("UpdateToken"))
}
if s.UpdateToken != nil && len(*s.UpdateToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("UpdateToken", 1))
}
if s.EncryptionConfiguration != nil {
if err := s.EncryptionConfiguration.Validate(); err != nil {
invalidParams.AddNested("EncryptionConfiguration", err.(request.ErrInvalidParams))
}
}
if s.RuleGroup != nil {
if err := s.RuleGroup.Validate(); err != nil {
invalidParams.AddNested("RuleGroup", err.(request.ErrInvalidParams))
}
}
if s.SourceMetadata != nil {
if err := s.SourceMetadata.Validate(); err != nil {
invalidParams.AddNested("SourceMetadata", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetAnalyzeRuleGroup sets the AnalyzeRuleGroup field's value.
func (s *UpdateRuleGroupInput) SetAnalyzeRuleGroup(v bool) *UpdateRuleGroupInput {
s.AnalyzeRuleGroup = &v
return s
}
// SetDescription sets the Description field's value.
func (s *UpdateRuleGroupInput) SetDescription(v string) *UpdateRuleGroupInput {
s.Description = &v
return s
}
// SetDryRun sets the DryRun field's value.
func (s *UpdateRuleGroupInput) SetDryRun(v bool) *UpdateRuleGroupInput {
s.DryRun = &v
return s
}
// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
func (s *UpdateRuleGroupInput) SetEncryptionConfiguration(v *EncryptionConfiguration) *UpdateRuleGroupInput {
s.EncryptionConfiguration = v
return s
}
// SetRuleGroup sets the RuleGroup field's value.
func (s *UpdateRuleGroupInput) SetRuleGroup(v *RuleGroup) *UpdateRuleGroupInput {
s.RuleGroup = v
return s
}
// SetRuleGroupArn sets the RuleGroupArn field's value.
func (s *UpdateRuleGroupInput) SetRuleGroupArn(v string) *UpdateRuleGroupInput {
s.RuleGroupArn = &v
return s
}
// SetRuleGroupName sets the RuleGroupName field's value.
func (s *UpdateRuleGroupInput) SetRuleGroupName(v string) *UpdateRuleGroupInput {
s.RuleGroupName = &v
return s
}
// SetRules sets the Rules field's value.
func (s *UpdateRuleGroupInput) SetRules(v string) *UpdateRuleGroupInput {
s.Rules = &v
return s
}
// SetSourceMetadata sets the SourceMetadata field's value.
func (s *UpdateRuleGroupInput) SetSourceMetadata(v *SourceMetadata) *UpdateRuleGroupInput {
s.SourceMetadata = v
return s
}
// SetType sets the Type field's value.
func (s *UpdateRuleGroupInput) SetType(v string) *UpdateRuleGroupInput {
s.Type = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateRuleGroupInput) SetUpdateToken(v string) *UpdateRuleGroupInput {
s.UpdateToken = &v
return s
}
type UpdateRuleGroupOutput struct {
_ struct{} `type:"structure"`
// The high-level properties of a rule group. This, along with the RuleGroup,
// define the rule group. You can retrieve all objects for a rule group by calling
// DescribeRuleGroup.
//
// RuleGroupResponse is a required field
RuleGroupResponse *RuleGroupResponse `type:"structure" required:"true"`
// A token used for optimistic locking. Network Firewall returns a token to
// your requests that access the rule group. The token marks the state of the
// rule group resource at the time of the request.
//
// To make changes to the rule group, you provide the token in your request.
// Network Firewall uses the token to ensure that the rule group hasn't changed
// since you last retrieved it. If it has changed, the operation fails with
// an InvalidTokenException. If this happens, retrieve the rule group again
// to get a current copy of it with a current token. Reapply your changes as
// needed, then try the operation again using the new token.
//
// UpdateToken is a required field
UpdateToken *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateRuleGroupOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateRuleGroupOutput) GoString() string {
return s.String()
}
// SetRuleGroupResponse sets the RuleGroupResponse field's value.
func (s *UpdateRuleGroupOutput) SetRuleGroupResponse(v *RuleGroupResponse) *UpdateRuleGroupOutput {
s.RuleGroupResponse = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateRuleGroupOutput) SetUpdateToken(v string) *UpdateRuleGroupOutput {
s.UpdateToken = &v
return s
}
type UpdateSubnetChangeProtectionInput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
//
// You must specify the ARN or the name, and you can specify both.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
//
// You must specify the ARN or the name, and you can specify both.
FirewallName *string `min:"1" type:"string"`
// A setting indicating whether the firewall is protected against changes to
// the subnet associations. Use this setting to protect against accidentally
// modifying the subnet associations for a firewall that is in use. When you
// create a firewall, the operation initializes this setting to TRUE.
//
// SubnetChangeProtection is a required field
SubnetChangeProtection *bool `type:"boolean" required:"true"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSubnetChangeProtectionInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSubnetChangeProtectionInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateSubnetChangeProtectionInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UpdateSubnetChangeProtectionInput"}
if s.FirewallArn != nil && len(*s.FirewallArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallArn", 1))
}
if s.FirewallName != nil && len(*s.FirewallName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("FirewallName", 1))
}
if s.SubnetChangeProtection == nil {
invalidParams.Add(request.NewErrParamRequired("SubnetChangeProtection"))
}
if s.UpdateToken != nil && len(*s.UpdateToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("UpdateToken", 1))
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *UpdateSubnetChangeProtectionInput) SetFirewallArn(v string) *UpdateSubnetChangeProtectionInput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *UpdateSubnetChangeProtectionInput) SetFirewallName(v string) *UpdateSubnetChangeProtectionInput {
s.FirewallName = &v
return s
}
// SetSubnetChangeProtection sets the SubnetChangeProtection field's value.
func (s *UpdateSubnetChangeProtectionInput) SetSubnetChangeProtection(v bool) *UpdateSubnetChangeProtectionInput {
s.SubnetChangeProtection = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateSubnetChangeProtectionInput) SetUpdateToken(v string) *UpdateSubnetChangeProtectionInput {
s.UpdateToken = &v
return s
}
type UpdateSubnetChangeProtectionOutput struct {
_ struct{} `type:"structure"`
// The Amazon Resource Name (ARN) of the firewall.
FirewallArn *string `min:"1" type:"string"`
// The descriptive name of the firewall. You can't change the name of a firewall
// after you create it.
FirewallName *string `min:"1" type:"string"`
// A setting indicating whether the firewall is protected against changes to
// the subnet associations. Use this setting to protect against accidentally
// modifying the subnet associations for a firewall that is in use. When you
// create a firewall, the operation initializes this setting to TRUE.
SubnetChangeProtection *bool `type:"boolean"`
// An optional token that you can use for optimistic locking. Network Firewall
// returns a token to your requests that access the firewall. The token marks
// the state of the firewall resource at the time of the request.
//
// To make an unconditional change to the firewall, omit the token in your update
// request. Without the token, Network Firewall performs your updates regardless
// of whether the firewall has changed since you last retrieved it.
//
// To make a conditional change to the firewall, provide the token in your update
// request. Network Firewall uses the token to ensure that the firewall hasn't
// changed since you last retrieved it. If it has changed, the operation fails
// with an InvalidTokenException. If this happens, retrieve the firewall again
// to get a current copy of it with a new token. Reapply your changes as needed,
// then try the operation again using the new token.
UpdateToken *string `min:"1" type:"string"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSubnetChangeProtectionOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateSubnetChangeProtectionOutput) GoString() string {
return s.String()
}
// SetFirewallArn sets the FirewallArn field's value.
func (s *UpdateSubnetChangeProtectionOutput) SetFirewallArn(v string) *UpdateSubnetChangeProtectionOutput {
s.FirewallArn = &v
return s
}
// SetFirewallName sets the FirewallName field's value.
func (s *UpdateSubnetChangeProtectionOutput) SetFirewallName(v string) *UpdateSubnetChangeProtectionOutput {
s.FirewallName = &v
return s
}
// SetSubnetChangeProtection sets the SubnetChangeProtection field's value.
func (s *UpdateSubnetChangeProtectionOutput) SetSubnetChangeProtection(v bool) *UpdateSubnetChangeProtectionOutput {
s.SubnetChangeProtection = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateSubnetChangeProtectionOutput) SetUpdateToken(v string) *UpdateSubnetChangeProtectionOutput {
s.UpdateToken = &v
return s
}
type UpdateTLSInspectionConfigurationInput struct {
_ struct{} `type:"structure"`
// A description of the TLS inspection configuration.
Description *string `type:"string"`
// A complex type that contains the Amazon Web Services KMS encryption configuration
// settings for your TLS inspection configuration.
EncryptionConfiguration *EncryptionConfiguration `type:"structure"`
// The object that defines a TLS inspection configuration. This, along with
// TLSInspectionConfigurationResponse, define the TLS inspection configuration.
// You can retrieve all objects for a TLS inspection configuration by calling
// DescribeTLSInspectionConfiguration.
//
// Network Firewall uses a TLS inspection configuration to decrypt traffic.
// Network Firewall re-encrypts the traffic before sending it to its destination.
//
// To use a TLS inspection configuration, you add it to a new Network Firewall
// firewall policy, then you apply the firewall policy to a firewall. Network
// Firewall acts as a proxy service to decrypt and inspect the traffic traveling
// through your firewalls. You can reference a TLS inspection configuration
// from more than one firewall policy, and you can use a firewall policy in
// more than one firewall. For more information about using TLS inspection configurations,
// see Inspecting SSL/TLS traffic with TLS inspection configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html)
// in the Network Firewall Developer Guide.
//
// TLSInspectionConfiguration is a required field
TLSInspectionConfiguration *TLSInspectionConfiguration `type:"structure" required:"true"`
// The Amazon Resource Name (ARN) of the TLS inspection configuration.
TLSInspectionConfigurationArn *string `min:"1" type:"string"`
// The descriptive name of the TLS inspection configuration. You can't change
// the name of a TLS inspection configuration after you create it.
TLSInspectionConfigurationName *string `min:"1" type:"string"`
// A token used for optimistic locking. Network Firewall returns a token to
// your requests that access the TLS inspection configuration. The token marks
// the state of the TLS inspection configuration resource at the time of the
// request.
//
// To make changes to the TLS inspection configuration, you provide the token
// in your request. Network Firewall uses the token to ensure that the TLS inspection
// configuration hasn't changed since you last retrieved it. If it has changed,
// the operation fails with an InvalidTokenException. If this happens, retrieve
// the TLS inspection configuration again to get a current copy of it with a
// current token. Reapply your changes as needed, then try the operation again
// using the new token.
//
// UpdateToken is a required field
UpdateToken *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateTLSInspectionConfigurationInput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateTLSInspectionConfigurationInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
func (s *UpdateTLSInspectionConfigurationInput) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "UpdateTLSInspectionConfigurationInput"}
if s.TLSInspectionConfiguration == nil {
invalidParams.Add(request.NewErrParamRequired("TLSInspectionConfiguration"))
}
if s.TLSInspectionConfigurationArn != nil && len(*s.TLSInspectionConfigurationArn) < 1 {
invalidParams.Add(request.NewErrParamMinLen("TLSInspectionConfigurationArn", 1))
}
if s.TLSInspectionConfigurationName != nil && len(*s.TLSInspectionConfigurationName) < 1 {
invalidParams.Add(request.NewErrParamMinLen("TLSInspectionConfigurationName", 1))
}
if s.UpdateToken == nil {
invalidParams.Add(request.NewErrParamRequired("UpdateToken"))
}
if s.UpdateToken != nil && len(*s.UpdateToken) < 1 {
invalidParams.Add(request.NewErrParamMinLen("UpdateToken", 1))
}
if s.EncryptionConfiguration != nil {
if err := s.EncryptionConfiguration.Validate(); err != nil {
invalidParams.AddNested("EncryptionConfiguration", err.(request.ErrInvalidParams))
}
}
if s.TLSInspectionConfiguration != nil {
if err := s.TLSInspectionConfiguration.Validate(); err != nil {
invalidParams.AddNested("TLSInspectionConfiguration", err.(request.ErrInvalidParams))
}
}
if invalidParams.Len() > 0 {
return invalidParams
}
return nil
}
// SetDescription sets the Description field's value.
func (s *UpdateTLSInspectionConfigurationInput) SetDescription(v string) *UpdateTLSInspectionConfigurationInput {
s.Description = &v
return s
}
// SetEncryptionConfiguration sets the EncryptionConfiguration field's value.
func (s *UpdateTLSInspectionConfigurationInput) SetEncryptionConfiguration(v *EncryptionConfiguration) *UpdateTLSInspectionConfigurationInput {
s.EncryptionConfiguration = v
return s
}
// SetTLSInspectionConfiguration sets the TLSInspectionConfiguration field's value.
func (s *UpdateTLSInspectionConfigurationInput) SetTLSInspectionConfiguration(v *TLSInspectionConfiguration) *UpdateTLSInspectionConfigurationInput {
s.TLSInspectionConfiguration = v
return s
}
// SetTLSInspectionConfigurationArn sets the TLSInspectionConfigurationArn field's value.
func (s *UpdateTLSInspectionConfigurationInput) SetTLSInspectionConfigurationArn(v string) *UpdateTLSInspectionConfigurationInput {
s.TLSInspectionConfigurationArn = &v
return s
}
// SetTLSInspectionConfigurationName sets the TLSInspectionConfigurationName field's value.
func (s *UpdateTLSInspectionConfigurationInput) SetTLSInspectionConfigurationName(v string) *UpdateTLSInspectionConfigurationInput {
s.TLSInspectionConfigurationName = &v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateTLSInspectionConfigurationInput) SetUpdateToken(v string) *UpdateTLSInspectionConfigurationInput {
s.UpdateToken = &v
return s
}
type UpdateTLSInspectionConfigurationOutput struct {
_ struct{} `type:"structure"`
// The high-level properties of a TLS inspection configuration. This, along
// with the TLSInspectionConfiguration, define the TLS inspection configuration.
// You can retrieve all objects for a TLS inspection configuration by calling
// DescribeTLSInspectionConfiguration.
//
// TLSInspectionConfigurationResponse is a required field
TLSInspectionConfigurationResponse *TLSInspectionConfigurationResponse `type:"structure" required:"true"`
// A token used for optimistic locking. Network Firewall returns a token to
// your requests that access the TLS inspection configuration. The token marks
// the state of the TLS inspection configuration resource at the time of the
// request.
//
// To make changes to the TLS inspection configuration, you provide the token
// in your request. Network Firewall uses the token to ensure that the TLS inspection
// configuration hasn't changed since you last retrieved it. If it has changed,
// the operation fails with an InvalidTokenException. If this happens, retrieve
// the TLS inspection configuration again to get a current copy of it with a
// current token. Reapply your changes as needed, then try the operation again
// using the new token.
//
// UpdateToken is a required field
UpdateToken *string `min:"1" type:"string" required:"true"`
}
// String returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateTLSInspectionConfigurationOutput) String() string {
return awsutil.Prettify(s)
}
// GoString returns the string representation.
//
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
func (s UpdateTLSInspectionConfigurationOutput) GoString() string {
return s.String()
}
// SetTLSInspectionConfigurationResponse sets the TLSInspectionConfigurationResponse field's value.
func (s *UpdateTLSInspectionConfigurationOutput) SetTLSInspectionConfigurationResponse(v *TLSInspectionConfigurationResponse) *UpdateTLSInspectionConfigurationOutput {
s.TLSInspectionConfigurationResponse = v
return s
}
// SetUpdateToken sets the UpdateToken field's value.
func (s *UpdateTLSInspectionConfigurationOutput) SetUpdateToken(v string) *UpdateTLSInspectionConfigurationOutput {
s.UpdateToken = &v
return s
}
const (
// AttachmentStatusCreating is a AttachmentStatus enum value
AttachmentStatusCreating = "CREATING"
// AttachmentStatusDeleting is a AttachmentStatus enum value
AttachmentStatusDeleting = "DELETING"
// AttachmentStatusFailed is a AttachmentStatus enum value
AttachmentStatusFailed = "FAILED"
// AttachmentStatusError is a AttachmentStatus enum value
AttachmentStatusError = "ERROR"
// AttachmentStatusScaling is a AttachmentStatus enum value
AttachmentStatusScaling = "SCALING"
// AttachmentStatusReady is a AttachmentStatus enum value
AttachmentStatusReady = "READY"
)
// AttachmentStatus_Values returns all elements of the AttachmentStatus enum
func AttachmentStatus_Values() []string {
return []string{
AttachmentStatusCreating,
AttachmentStatusDeleting,
AttachmentStatusFailed,
AttachmentStatusError,
AttachmentStatusScaling,
AttachmentStatusReady,
}
}
const (
// ConfigurationSyncStatePending is a ConfigurationSyncState enum value
ConfigurationSyncStatePending = "PENDING"
// ConfigurationSyncStateInSync is a ConfigurationSyncState enum value
ConfigurationSyncStateInSync = "IN_SYNC"
// ConfigurationSyncStateCapacityConstrained is a ConfigurationSyncState enum value
ConfigurationSyncStateCapacityConstrained = "CAPACITY_CONSTRAINED"
)
// ConfigurationSyncState_Values returns all elements of the ConfigurationSyncState enum
func ConfigurationSyncState_Values() []string {
return []string{
ConfigurationSyncStatePending,
ConfigurationSyncStateInSync,
ConfigurationSyncStateCapacityConstrained,
}
}
const (
// EncryptionTypeCustomerKms is a EncryptionType enum value
EncryptionTypeCustomerKms = "CUSTOMER_KMS"
// EncryptionTypeAwsOwnedKmsKey is a EncryptionType enum value
EncryptionTypeAwsOwnedKmsKey = "AWS_OWNED_KMS_KEY"
)
// EncryptionType_Values returns all elements of the EncryptionType enum
func EncryptionType_Values() []string {
return []string{
EncryptionTypeCustomerKms,
EncryptionTypeAwsOwnedKmsKey,
}
}
const (
// FirewallStatusValueProvisioning is a FirewallStatusValue enum value
FirewallStatusValueProvisioning = "PROVISIONING"
// FirewallStatusValueDeleting is a FirewallStatusValue enum value
FirewallStatusValueDeleting = "DELETING"
// FirewallStatusValueReady is a FirewallStatusValue enum value
FirewallStatusValueReady = "READY"
)
// FirewallStatusValue_Values returns all elements of the FirewallStatusValue enum
func FirewallStatusValue_Values() []string {
return []string{
FirewallStatusValueProvisioning,
FirewallStatusValueDeleting,
FirewallStatusValueReady,
}
}
const (
// GeneratedRulesTypeAllowlist is a GeneratedRulesType enum value
GeneratedRulesTypeAllowlist = "ALLOWLIST"
// GeneratedRulesTypeDenylist is a GeneratedRulesType enum value
GeneratedRulesTypeDenylist = "DENYLIST"
)
// GeneratedRulesType_Values returns all elements of the GeneratedRulesType enum
func GeneratedRulesType_Values() []string {
return []string{
GeneratedRulesTypeAllowlist,
GeneratedRulesTypeDenylist,
}
}
const (
// IPAddressTypeDualstack is a IPAddressType enum value
IPAddressTypeDualstack = "DUALSTACK"
// IPAddressTypeIpv4 is a IPAddressType enum value
IPAddressTypeIpv4 = "IPV4"
// IPAddressTypeIpv6 is a IPAddressType enum value
IPAddressTypeIpv6 = "IPV6"
)
// IPAddressType_Values returns all elements of the IPAddressType enum
func IPAddressType_Values() []string {
return []string{
IPAddressTypeDualstack,
IPAddressTypeIpv4,
IPAddressTypeIpv6,
}
}
const (
// IdentifiedTypeStatelessRuleForwardingAsymmetrically is a IdentifiedType enum value
IdentifiedTypeStatelessRuleForwardingAsymmetrically = "STATELESS_RULE_FORWARDING_ASYMMETRICALLY"
// IdentifiedTypeStatelessRuleContainsTcpFlags is a IdentifiedType enum value
IdentifiedTypeStatelessRuleContainsTcpFlags = "STATELESS_RULE_CONTAINS_TCP_FLAGS"
)
// IdentifiedType_Values returns all elements of the IdentifiedType enum
func IdentifiedType_Values() []string {
return []string{
IdentifiedTypeStatelessRuleForwardingAsymmetrically,
IdentifiedTypeStatelessRuleContainsTcpFlags,
}
}
const (
// LogDestinationTypeS3 is a LogDestinationType enum value
LogDestinationTypeS3 = "S3"
// LogDestinationTypeCloudWatchLogs is a LogDestinationType enum value
LogDestinationTypeCloudWatchLogs = "CloudWatchLogs"
// LogDestinationTypeKinesisDataFirehose is a LogDestinationType enum value
LogDestinationTypeKinesisDataFirehose = "KinesisDataFirehose"
)
// LogDestinationType_Values returns all elements of the LogDestinationType enum
func LogDestinationType_Values() []string {
return []string{
LogDestinationTypeS3,
LogDestinationTypeCloudWatchLogs,
LogDestinationTypeKinesisDataFirehose,
}
}
const (
// LogTypeAlert is a LogType enum value
LogTypeAlert = "ALERT"
// LogTypeFlow is a LogType enum value
LogTypeFlow = "FLOW"
// LogTypeTls is a LogType enum value
LogTypeTls = "TLS"
)
// LogType_Values returns all elements of the LogType enum
func LogType_Values() []string {
return []string{
LogTypeAlert,
LogTypeFlow,
LogTypeTls,
}
}
const (
// OverrideActionDropToAlert is a OverrideAction enum value
OverrideActionDropToAlert = "DROP_TO_ALERT"
)
// OverrideAction_Values returns all elements of the OverrideAction enum
func OverrideAction_Values() []string {
return []string{
OverrideActionDropToAlert,
}
}
const (
// PerObjectSyncStatusPending is a PerObjectSyncStatus enum value
PerObjectSyncStatusPending = "PENDING"
// PerObjectSyncStatusInSync is a PerObjectSyncStatus enum value
PerObjectSyncStatusInSync = "IN_SYNC"
// PerObjectSyncStatusCapacityConstrained is a PerObjectSyncStatus enum value
PerObjectSyncStatusCapacityConstrained = "CAPACITY_CONSTRAINED"
)
// PerObjectSyncStatus_Values returns all elements of the PerObjectSyncStatus enum
func PerObjectSyncStatus_Values() []string {
return []string{
PerObjectSyncStatusPending,
PerObjectSyncStatusInSync,
PerObjectSyncStatusCapacityConstrained,
}
}
const (
// ResourceManagedStatusManaged is a ResourceManagedStatus enum value
ResourceManagedStatusManaged = "MANAGED"
// ResourceManagedStatusAccount is a ResourceManagedStatus enum value
ResourceManagedStatusAccount = "ACCOUNT"
)
// ResourceManagedStatus_Values returns all elements of the ResourceManagedStatus enum
func ResourceManagedStatus_Values() []string {
return []string{
ResourceManagedStatusManaged,
ResourceManagedStatusAccount,
}
}
const (
// ResourceManagedTypeAwsManagedThreatSignatures is a ResourceManagedType enum value
ResourceManagedTypeAwsManagedThreatSignatures = "AWS_MANAGED_THREAT_SIGNATURES"
// ResourceManagedTypeAwsManagedDomainLists is a ResourceManagedType enum value
ResourceManagedTypeAwsManagedDomainLists = "AWS_MANAGED_DOMAIN_LISTS"
)
// ResourceManagedType_Values returns all elements of the ResourceManagedType enum
func ResourceManagedType_Values() []string {
return []string{
ResourceManagedTypeAwsManagedThreatSignatures,
ResourceManagedTypeAwsManagedDomainLists,
}
}
const (
// ResourceStatusActive is a ResourceStatus enum value
ResourceStatusActive = "ACTIVE"
// ResourceStatusDeleting is a ResourceStatus enum value
ResourceStatusDeleting = "DELETING"
// ResourceStatusError is a ResourceStatus enum value
ResourceStatusError = "ERROR"
)
// ResourceStatus_Values returns all elements of the ResourceStatus enum
func ResourceStatus_Values() []string {
return []string{
ResourceStatusActive,
ResourceStatusDeleting,
ResourceStatusError,
}
}
const (
// RevocationCheckActionPass is a RevocationCheckAction enum value
RevocationCheckActionPass = "PASS"
// RevocationCheckActionDrop is a RevocationCheckAction enum value
RevocationCheckActionDrop = "DROP"
// RevocationCheckActionReject is a RevocationCheckAction enum value
RevocationCheckActionReject = "REJECT"
)
// RevocationCheckAction_Values returns all elements of the RevocationCheckAction enum
func RevocationCheckAction_Values() []string {
return []string{
RevocationCheckActionPass,
RevocationCheckActionDrop,
RevocationCheckActionReject,
}
}
const (
// RuleGroupTypeStateless is a RuleGroupType enum value
RuleGroupTypeStateless = "STATELESS"
// RuleGroupTypeStateful is a RuleGroupType enum value
RuleGroupTypeStateful = "STATEFUL"
)
// RuleGroupType_Values returns all elements of the RuleGroupType enum
func RuleGroupType_Values() []string {
return []string{
RuleGroupTypeStateless,
RuleGroupTypeStateful,
}
}
const (
// RuleOrderDefaultActionOrder is a RuleOrder enum value
RuleOrderDefaultActionOrder = "DEFAULT_ACTION_ORDER"
// RuleOrderStrictOrder is a RuleOrder enum value
RuleOrderStrictOrder = "STRICT_ORDER"
)
// RuleOrder_Values returns all elements of the RuleOrder enum
func RuleOrder_Values() []string {
return []string{
RuleOrderDefaultActionOrder,
RuleOrderStrictOrder,
}
}
const (
// StatefulActionPass is a StatefulAction enum value
StatefulActionPass = "PASS"
// StatefulActionDrop is a StatefulAction enum value
StatefulActionDrop = "DROP"
// StatefulActionAlert is a StatefulAction enum value
StatefulActionAlert = "ALERT"
// StatefulActionReject is a StatefulAction enum value
StatefulActionReject = "REJECT"
)
// StatefulAction_Values returns all elements of the StatefulAction enum
func StatefulAction_Values() []string {
return []string{
StatefulActionPass,
StatefulActionDrop,
StatefulActionAlert,
StatefulActionReject,
}
}
const (
// StatefulRuleDirectionForward is a StatefulRuleDirection enum value
StatefulRuleDirectionForward = "FORWARD"
// StatefulRuleDirectionAny is a StatefulRuleDirection enum value
StatefulRuleDirectionAny = "ANY"
)
// StatefulRuleDirection_Values returns all elements of the StatefulRuleDirection enum
func StatefulRuleDirection_Values() []string {
return []string{
StatefulRuleDirectionForward,
StatefulRuleDirectionAny,
}
}
const (
// StatefulRuleProtocolIp is a StatefulRuleProtocol enum value
StatefulRuleProtocolIp = "IP"
// StatefulRuleProtocolTcp is a StatefulRuleProtocol enum value
StatefulRuleProtocolTcp = "TCP"
// StatefulRuleProtocolUdp is a StatefulRuleProtocol enum value
StatefulRuleProtocolUdp = "UDP"
// StatefulRuleProtocolIcmp is a StatefulRuleProtocol enum value
StatefulRuleProtocolIcmp = "ICMP"
// StatefulRuleProtocolHttp is a StatefulRuleProtocol enum value
StatefulRuleProtocolHttp = "HTTP"
// StatefulRuleProtocolFtp is a StatefulRuleProtocol enum value
StatefulRuleProtocolFtp = "FTP"
// StatefulRuleProtocolTls is a StatefulRuleProtocol enum value
StatefulRuleProtocolTls = "TLS"
// StatefulRuleProtocolSmb is a StatefulRuleProtocol enum value
StatefulRuleProtocolSmb = "SMB"
// StatefulRuleProtocolDns is a StatefulRuleProtocol enum value
StatefulRuleProtocolDns = "DNS"
// StatefulRuleProtocolDcerpc is a StatefulRuleProtocol enum value
StatefulRuleProtocolDcerpc = "DCERPC"
// StatefulRuleProtocolSsh is a StatefulRuleProtocol enum value
StatefulRuleProtocolSsh = "SSH"
// StatefulRuleProtocolSmtp is a StatefulRuleProtocol enum value
StatefulRuleProtocolSmtp = "SMTP"
// StatefulRuleProtocolImap is a StatefulRuleProtocol enum value
StatefulRuleProtocolImap = "IMAP"
// StatefulRuleProtocolMsn is a StatefulRuleProtocol enum value
StatefulRuleProtocolMsn = "MSN"
// StatefulRuleProtocolKrb5 is a StatefulRuleProtocol enum value
StatefulRuleProtocolKrb5 = "KRB5"
// StatefulRuleProtocolIkev2 is a StatefulRuleProtocol enum value
StatefulRuleProtocolIkev2 = "IKEV2"
// StatefulRuleProtocolTftp is a StatefulRuleProtocol enum value
StatefulRuleProtocolTftp = "TFTP"
// StatefulRuleProtocolNtp is a StatefulRuleProtocol enum value
StatefulRuleProtocolNtp = "NTP"
// StatefulRuleProtocolDhcp is a StatefulRuleProtocol enum value
StatefulRuleProtocolDhcp = "DHCP"
)
// StatefulRuleProtocol_Values returns all elements of the StatefulRuleProtocol enum
func StatefulRuleProtocol_Values() []string {
return []string{
StatefulRuleProtocolIp,
StatefulRuleProtocolTcp,
StatefulRuleProtocolUdp,
StatefulRuleProtocolIcmp,
StatefulRuleProtocolHttp,
StatefulRuleProtocolFtp,
StatefulRuleProtocolTls,
StatefulRuleProtocolSmb,
StatefulRuleProtocolDns,
StatefulRuleProtocolDcerpc,
StatefulRuleProtocolSsh,
StatefulRuleProtocolSmtp,
StatefulRuleProtocolImap,
StatefulRuleProtocolMsn,
StatefulRuleProtocolKrb5,
StatefulRuleProtocolIkev2,
StatefulRuleProtocolTftp,
StatefulRuleProtocolNtp,
StatefulRuleProtocolDhcp,
}
}
const (
// StreamExceptionPolicyDrop is a StreamExceptionPolicy enum value
StreamExceptionPolicyDrop = "DROP"
// StreamExceptionPolicyContinue is a StreamExceptionPolicy enum value
StreamExceptionPolicyContinue = "CONTINUE"
// StreamExceptionPolicyReject is a StreamExceptionPolicy enum value
StreamExceptionPolicyReject = "REJECT"
)
// StreamExceptionPolicy_Values returns all elements of the StreamExceptionPolicy enum
func StreamExceptionPolicy_Values() []string {
return []string{
StreamExceptionPolicyDrop,
StreamExceptionPolicyContinue,
StreamExceptionPolicyReject,
}
}
const (
// TCPFlagFin is a TCPFlag enum value
TCPFlagFin = "FIN"
// TCPFlagSyn is a TCPFlag enum value
TCPFlagSyn = "SYN"
// TCPFlagRst is a TCPFlag enum value
TCPFlagRst = "RST"
// TCPFlagPsh is a TCPFlag enum value
TCPFlagPsh = "PSH"
// TCPFlagAck is a TCPFlag enum value
TCPFlagAck = "ACK"
// TCPFlagUrg is a TCPFlag enum value
TCPFlagUrg = "URG"
// TCPFlagEce is a TCPFlag enum value
TCPFlagEce = "ECE"
// TCPFlagCwr is a TCPFlag enum value
TCPFlagCwr = "CWR"
)
// TCPFlag_Values returns all elements of the TCPFlag enum
func TCPFlag_Values() []string {
return []string{
TCPFlagFin,
TCPFlagSyn,
TCPFlagRst,
TCPFlagPsh,
TCPFlagAck,
TCPFlagUrg,
TCPFlagEce,
TCPFlagCwr,
}
}
const (
// TargetTypeTlsSni is a TargetType enum value
TargetTypeTlsSni = "TLS_SNI"
// TargetTypeHttpHost is a TargetType enum value
TargetTypeHttpHost = "HTTP_HOST"
)
// TargetType_Values returns all elements of the TargetType enum
func TargetType_Values() []string {
return []string{
TargetTypeTlsSni,
TargetTypeHttpHost,
}
}