Struct aws_sdk_networkfirewall::Client
source · pub struct Client { /* private fields */ }
Expand description
Client for AWS Network Firewall
Client for invoking operations on AWS Network Firewall. Each operation on AWS Network Firewall is a method on this
this struct. .send()
MUST be invoked on the generated operations to dispatch the request to the service.
§Constructing a Client
A Config
is required to construct a client. For most use cases, the aws-config
crate should be used to automatically resolve this config using
aws_config::load_from_env()
, since this will resolve an SdkConfig
which can be shared
across multiple different AWS SDK clients. This config resolution process can be customized
by calling aws_config::from_env()
instead, which returns a ConfigLoader
that uses
the builder pattern to customize the default config.
In the simplest case, creating a client looks as follows:
let config = aws_config::load_from_env().await;
let client = aws_sdk_networkfirewall::Client::new(&config);
Occasionally, SDKs may have additional service-specific values that can be set on the Config
that
is absent from SdkConfig
, or slightly different settings for a specific client may be desired.
The Config
struct implements From<&SdkConfig>
, so setting these specific settings can be
done as follows:
let sdk_config = ::aws_config::load_from_env().await;
let config = aws_sdk_networkfirewall::config::Builder::from(&sdk_config)
.some_service_specific_setting("value")
.build();
See the aws-config
docs and Config
for more information on customizing configuration.
Note: Client construction is expensive due to connection thread pool initialization, and should be done once at application start-up.
§Using the Client
A client has a function for every operation that can be performed by the service.
For example, the AssociateFirewallPolicy
operation has
a Client::associate_firewall_policy
, function which returns a builder for that operation.
The fluent builder ultimately has a send()
function that returns an async future that
returns a result, as illustrated below:
let result = client.associate_firewall_policy()
.update_token("example")
.send()
.await;
The underlying HTTP requests that get made by this can be modified with the customize_operation
function on the fluent builder. See the customize
module for more
information.
Implementations§
source§impl Client
impl Client
sourcepub fn associate_firewall_policy(&self) -> AssociateFirewallPolicyFluentBuilder
pub fn associate_firewall_policy(&self) -> AssociateFirewallPolicyFluentBuilder
Constructs a fluent builder for the AssociateFirewallPolicy
operation.
- The fluent builder is configurable:
update_token(impl Into<String>)
/set_update_token(Option<String>)
:
required: falseAn optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.firewall_arn(impl Into<String>)
/set_firewall_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
firewall_name(impl Into<String>)
/set_firewall_name(Option<String>)
:
required: falseThe descriptive name of the firewall. You can’t change the name of a firewall after you create it.
You must specify the ARN or the name, and you can specify both.
firewall_policy_arn(impl Into<String>)
/set_firewall_policy_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the firewall policy.
- On success, responds with
AssociateFirewallPolicyOutput
with field(s):firewall_arn(Option<String>)
:The Amazon Resource Name (ARN) of the firewall.
firewall_name(Option<String>)
:The descriptive name of the firewall. You can’t change the name of a firewall after you create it.
firewall_policy_arn(Option<String>)
:The Amazon Resource Name (ARN) of the firewall policy.
update_token(Option<String>)
:An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.
- On failure, responds with
SdkError<AssociateFirewallPolicyError>
source§impl Client
impl Client
sourcepub fn associate_subnets(&self) -> AssociateSubnetsFluentBuilder
pub fn associate_subnets(&self) -> AssociateSubnetsFluentBuilder
Constructs a fluent builder for the AssociateSubnets
operation.
- The fluent builder is configurable:
update_token(impl Into<String>)
/set_update_token(Option<String>)
:
required: falseAn optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.firewall_arn(impl Into<String>)
/set_firewall_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
firewall_name(impl Into<String>)
/set_firewall_name(Option<String>)
:
required: falseThe descriptive name of the firewall. You can’t change the name of a firewall after you create it.
You must specify the ARN or the name, and you can specify both.
subnet_mappings(SubnetMapping)
/set_subnet_mappings(Option<Vec::<SubnetMapping>>)
:
required: trueThe IDs of the subnets that you want to associate with the firewall.
- On success, responds with
AssociateSubnetsOutput
with field(s):firewall_arn(Option<String>)
:The Amazon Resource Name (ARN) of the firewall.
firewall_name(Option<String>)
:The descriptive name of the firewall. You can’t change the name of a firewall after you create it.
subnet_mappings(Option<Vec::<SubnetMapping>>)
:The IDs of the subnets that are associated with the firewall.
update_token(Option<String>)
:An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.
- On failure, responds with
SdkError<AssociateSubnetsError>
source§impl Client
impl Client
sourcepub fn create_firewall(&self) -> CreateFirewallFluentBuilder
pub fn create_firewall(&self) -> CreateFirewallFluentBuilder
Constructs a fluent builder for the CreateFirewall
operation.
- The fluent builder is configurable:
firewall_name(impl Into<String>)
/set_firewall_name(Option<String>)
:
required: trueThe descriptive name of the firewall. You can’t change the name of a firewall after you create it.
firewall_policy_arn(impl Into<String>)
/set_firewall_policy_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the
FirewallPolicy
that you want to use for the firewall.vpc_id(impl Into<String>)
/set_vpc_id(Option<String>)
:
required: trueThe unique identifier of the VPC where Network Firewall should create the firewall.
You can’t change this setting after you create the firewall.
subnet_mappings(SubnetMapping)
/set_subnet_mappings(Option<Vec::<SubnetMapping>>)
:
required: trueThe public subnets to use for your Network Firewall firewalls. Each subnet must belong to a different Availability Zone in the VPC. Network Firewall creates a firewall endpoint in each subnet.
delete_protection(bool)
/set_delete_protection(Option<bool>)
:
required: falseA flag indicating whether it is possible to delete the firewall. A setting of
TRUE
indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag toTRUE
.subnet_change_protection(bool)
/set_subnet_change_protection(Option<bool>)
:
required: falseA setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to
TRUE
.firewall_policy_change_protection(bool)
/set_firewall_policy_change_protection(Option<bool>)
:
required: falseA setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to
TRUE
.description(impl Into<String>)
/set_description(Option<String>)
:
required: falseA description of the firewall.
tags(Tag)
/set_tags(Option<Vec::<Tag>>)
:
required: falseThe key:value pairs to associate with the resource.
encryption_configuration(EncryptionConfiguration)
/set_encryption_configuration(Option<EncryptionConfiguration>)
:
required: falseA complex type that contains settings for encryption of your firewall resources.
- On success, responds with
CreateFirewallOutput
with field(s):firewall(Option<Firewall>)
:The configuration settings for the firewall. These settings include the firewall policy and the subnets in your VPC to use for the firewall endpoints.
firewall_status(Option<FirewallStatus>)
:Detailed information about the current status of a
Firewall
. You can retrieve this for a firewall by callingDescribeFirewall
and providing the firewall name and ARN.
- On failure, responds with
SdkError<CreateFirewallError>
source§impl Client
impl Client
sourcepub fn create_firewall_policy(&self) -> CreateFirewallPolicyFluentBuilder
pub fn create_firewall_policy(&self) -> CreateFirewallPolicyFluentBuilder
Constructs a fluent builder for the CreateFirewallPolicy
operation.
- The fluent builder is configurable:
firewall_policy_name(impl Into<String>)
/set_firewall_policy_name(Option<String>)
:
required: trueThe descriptive name of the firewall policy. You can’t change the name of a firewall policy after you create it.
firewall_policy(FirewallPolicy)
/set_firewall_policy(Option<FirewallPolicy>)
:
required: trueThe rule groups and policy actions to use in the firewall policy.
description(impl Into<String>)
/set_description(Option<String>)
:
required: falseA description of the firewall policy.
tags(Tag)
/set_tags(Option<Vec::<Tag>>)
:
required: falseThe key:value pairs to associate with the resource.
dry_run(bool)
/set_dry_run(Option<bool>)
:
required: falseIndicates whether you want Network Firewall to just check the validity of the request, rather than run the request.
If set to
TRUE
, Network Firewall checks whether the request can run successfully, but doesn’t actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set toFALSE
, but doesn’t make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.If set to
FALSE
, Network Firewall makes the requested changes to your resources.encryption_configuration(EncryptionConfiguration)
/set_encryption_configuration(Option<EncryptionConfiguration>)
:
required: falseA complex type that contains settings for encryption of your firewall policy resources.
- On success, responds with
CreateFirewallPolicyOutput
with field(s):update_token(String)
:A token used for optimistic locking. Network Firewall returns a token to your requests that access the firewall policy. The token marks the state of the policy resource at the time of the request.
To make changes to the policy, you provide the token in your request. Network Firewall uses the token to ensure that the policy hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall policy again to get a current copy of it with current token. Reapply your changes as needed, then try the operation again using the new token.firewall_policy_response(Option<FirewallPolicyResponse>)
:The high-level properties of a firewall policy. This, along with the
FirewallPolicy
, define the policy. You can retrieve all objects for a firewall policy by callingDescribeFirewallPolicy
.
- On failure, responds with
SdkError<CreateFirewallPolicyError>
source§impl Client
impl Client
sourcepub fn create_rule_group(&self) -> CreateRuleGroupFluentBuilder
pub fn create_rule_group(&self) -> CreateRuleGroupFluentBuilder
Constructs a fluent builder for the CreateRuleGroup
operation.
- The fluent builder is configurable:
rule_group_name(impl Into<String>)
/set_rule_group_name(Option<String>)
:
required: trueThe descriptive name of the rule group. You can’t change the name of a rule group after you create it.
rule_group(RuleGroup)
/set_rule_group(Option<RuleGroup>)
:
required: falseAn object that defines the rule group rules.
You must provide either this rule group setting or a
Rules
setting, but not both.rules(impl Into<String>)
/set_rules(Option<String>)
:
required: falseA string containing stateful rule group rules specifications in Suricata flat format, with one rule per line. Use this to import your existing Suricata compatible rule groups.
You must provide either this rules setting or a populated
RuleGroup
setting, but not both.You can provide your rule group specification in Suricata flat format through this setting when you create or update your rule group. The call response returns a
RuleGroup
object that Network Firewall has populated from your string.r#type(RuleGroupType)
/set_type(Option<RuleGroupType>)
:
required: trueIndicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
description(impl Into<String>)
/set_description(Option<String>)
:
required: falseA description of the rule group.
capacity(i32)
/set_capacity(Option<i32>)
:
required: trueThe maximum operating resources that this rule group can use. Rule group capacity is fixed at creation. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.
You can retrieve the capacity that would be required for a rule group before you create the rule group by calling
CreateRuleGroup
withDryRun
set toTRUE
.You can’t change or exceed this capacity when you update the rule group, so leave room for your rule group to grow.
Capacity for a stateless rule group
For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules that you expect to have in the rule group.
To calculate the capacity requirement of a single rule, multiply the capacity requirement values of each of the rule’s match settings:
-
A match setting with no criteria specified has a value of 1.
-
A match setting with
Any
specified has a value of 1. -
All other match settings have a value equal to the number of elements provided in the setting. For example, a protocol setting [“UDP”] and a source setting [“10.0.0.0/24”] each have a value of 1. A protocol setting [“UDP”,“TCP”] has a value of 2. A source setting [“10.0.0.0/24”,“10.0.0.1/24”,“10.0.0.2/24”] has a value of 3.
A rule with no criteria specified in any of its match settings has a capacity requirement of 1. A rule with protocol setting [“UDP”,“TCP”], source setting [“10.0.0.0/24”,“10.0.0.1/24”,“10.0.0.2/24”], and a single specification or no specification for each of the other match settings has a capacity requirement of 6.
Capacity for a stateful rule group
For a stateful rule group, the minimum capacity required is the number of individual rules that you expect to have in the rule group.
-
tags(Tag)
/set_tags(Option<Vec::<Tag>>)
:
required: falseThe key:value pairs to associate with the resource.
dry_run(bool)
/set_dry_run(Option<bool>)
:
required: falseIndicates whether you want Network Firewall to just check the validity of the request, rather than run the request.
If set to
TRUE
, Network Firewall checks whether the request can run successfully, but doesn’t actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set toFALSE
, but doesn’t make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.If set to
FALSE
, Network Firewall makes the requested changes to your resources.encryption_configuration(EncryptionConfiguration)
/set_encryption_configuration(Option<EncryptionConfiguration>)
:
required: falseA complex type that contains settings for encryption of your rule group resources.
source_metadata(SourceMetadata)
/set_source_metadata(Option<SourceMetadata>)
:
required: falseA complex type that contains metadata about the rule group that your own rule group is copied from. You can use the metadata to keep track of updates made to the originating rule group.
analyze_rule_group(bool)
/set_analyze_rule_group(Option<bool>)
:
required: falseIndicates whether you want Network Firewall to analyze the stateless rules in the rule group for rule behavior such as asymmetric routing. If set to
TRUE
, Network Firewall runs the analysis and then creates the rule group for you. To run the stateless rule group analyzer without creating the rule group, setDryRun
toTRUE
.
- On success, responds with
CreateRuleGroupOutput
with field(s):update_token(String)
:A token used for optimistic locking. Network Firewall returns a token to your requests that access the rule group. The token marks the state of the rule group resource at the time of the request.
To make changes to the rule group, you provide the token in your request. Network Firewall uses the token to ensure that the rule group hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the rule group again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.rule_group_response(Option<RuleGroupResponse>)
:The high-level properties of a rule group. This, along with the
RuleGroup
, define the rule group. You can retrieve all objects for a rule group by callingDescribeRuleGroup
.
- On failure, responds with
SdkError<CreateRuleGroupError>
source§impl Client
impl Client
sourcepub fn create_tls_inspection_configuration(
&self
) -> CreateTLSInspectionConfigurationFluentBuilder
pub fn create_tls_inspection_configuration( &self ) -> CreateTLSInspectionConfigurationFluentBuilder
Constructs a fluent builder for the CreateTLSInspectionConfiguration
operation.
- The fluent builder is configurable:
tls_inspection_configuration_name(impl Into<String>)
/set_tls_inspection_configuration_name(Option<String>)
:
required: trueThe descriptive name of the TLS inspection configuration. You can’t change the name of a TLS inspection configuration after you create it.
tls_inspection_configuration(TlsInspectionConfiguration)
/set_tls_inspection_configuration(Option<TlsInspectionConfiguration>)
:
required: trueThe object that defines a TLS inspection configuration. This, along with
TLSInspectionConfigurationResponse
, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by callingDescribeTLSInspectionConfiguration
.Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.
To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
description(impl Into<String>)
/set_description(Option<String>)
:
required: falseA description of the TLS inspection configuration.
tags(Tag)
/set_tags(Option<Vec::<Tag>>)
:
required: falseThe key:value pairs to associate with the resource.
encryption_configuration(EncryptionConfiguration)
/set_encryption_configuration(Option<EncryptionConfiguration>)
:
required: falseA complex type that contains optional Amazon Web Services Key Management Service (KMS) encryption settings for your Network Firewall resources. Your data is encrypted by default with an Amazon Web Services owned key that Amazon Web Services owns and manages for you. You can use either the Amazon Web Services owned key, or provide your own customer managed key. To learn more about KMS encryption of your Network Firewall resources, see Encryption at rest with Amazon Web Services Key Managment Service in the Network Firewall Developer Guide.
- On success, responds with
CreateTlsInspectionConfigurationOutput
with field(s):update_token(String)
:A token used for optimistic locking. Network Firewall returns a token to your requests that access the TLS inspection configuration. The token marks the state of the TLS inspection configuration resource at the time of the request.
To make changes to the TLS inspection configuration, you provide the token in your request. Network Firewall uses the token to ensure that the TLS inspection configuration hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the TLS inspection configuration again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.tls_inspection_configuration_response(Option<TlsInspectionConfigurationResponse>)
:The high-level properties of a TLS inspection configuration. This, along with the
TLSInspectionConfiguration
, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by callingDescribeTLSInspectionConfiguration
.
- On failure, responds with
SdkError<CreateTLSInspectionConfigurationError>
source§impl Client
impl Client
sourcepub fn delete_firewall(&self) -> DeleteFirewallFluentBuilder
pub fn delete_firewall(&self) -> DeleteFirewallFluentBuilder
Constructs a fluent builder for the DeleteFirewall
operation.
- The fluent builder is configurable:
firewall_name(impl Into<String>)
/set_firewall_name(Option<String>)
:
required: falseThe descriptive name of the firewall. You can’t change the name of a firewall after you create it.
You must specify the ARN or the name, and you can specify both.
firewall_arn(impl Into<String>)
/set_firewall_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
- On success, responds with
DeleteFirewallOutput
with field(s):firewall(Option<Firewall>)
:The firewall defines the configuration settings for an Network Firewall firewall. These settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource.
The status of the firewall, for example whether it’s ready to filter network traffic, is provided in the corresponding
FirewallStatus
. You can retrieve both objects by callingDescribeFirewall
.firewall_status(Option<FirewallStatus>)
:Detailed information about the current status of a
Firewall
. You can retrieve this for a firewall by callingDescribeFirewall
and providing the firewall name and ARN.
- On failure, responds with
SdkError<DeleteFirewallError>
source§impl Client
impl Client
sourcepub fn delete_firewall_policy(&self) -> DeleteFirewallPolicyFluentBuilder
pub fn delete_firewall_policy(&self) -> DeleteFirewallPolicyFluentBuilder
Constructs a fluent builder for the DeleteFirewallPolicy
operation.
- The fluent builder is configurable:
firewall_policy_name(impl Into<String>)
/set_firewall_policy_name(Option<String>)
:
required: falseThe descriptive name of the firewall policy. You can’t change the name of a firewall policy after you create it.
You must specify the ARN or the name, and you can specify both.
firewall_policy_arn(impl Into<String>)
/set_firewall_policy_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall policy.
You must specify the ARN or the name, and you can specify both.
- On success, responds with
DeleteFirewallPolicyOutput
with field(s):firewall_policy_response(Option<FirewallPolicyResponse>)
:The object containing the definition of the
FirewallPolicyResponse
that you asked to delete.
- On failure, responds with
SdkError<DeleteFirewallPolicyError>
source§impl Client
impl Client
sourcepub fn delete_resource_policy(&self) -> DeleteResourcePolicyFluentBuilder
pub fn delete_resource_policy(&self) -> DeleteResourcePolicyFluentBuilder
Constructs a fluent builder for the DeleteResourcePolicy
operation.
- The fluent builder is configurable:
resource_arn(impl Into<String>)
/set_resource_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the rule group or firewall policy whose resource policy you want to delete.
- On success, responds with
DeleteResourcePolicyOutput
- On failure, responds with
SdkError<DeleteResourcePolicyError>
source§impl Client
impl Client
sourcepub fn delete_rule_group(&self) -> DeleteRuleGroupFluentBuilder
pub fn delete_rule_group(&self) -> DeleteRuleGroupFluentBuilder
Constructs a fluent builder for the DeleteRuleGroup
operation.
- The fluent builder is configurable:
rule_group_name(impl Into<String>)
/set_rule_group_name(Option<String>)
:
required: falseThe descriptive name of the rule group. You can’t change the name of a rule group after you create it.
You must specify the ARN or the name, and you can specify both.
rule_group_arn(impl Into<String>)
/set_rule_group_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the rule group.
You must specify the ARN or the name, and you can specify both.
r#type(RuleGroupType)
/set_type(Option<RuleGroupType>)
:
required: falseIndicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
This setting is required for requests that do not include the
RuleGroupARN
.
- On success, responds with
DeleteRuleGroupOutput
with field(s):rule_group_response(Option<RuleGroupResponse>)
:The high-level properties of a rule group. This, along with the
RuleGroup
, define the rule group. You can retrieve all objects for a rule group by callingDescribeRuleGroup
.
- On failure, responds with
SdkError<DeleteRuleGroupError>
source§impl Client
impl Client
sourcepub fn delete_tls_inspection_configuration(
&self
) -> DeleteTLSInspectionConfigurationFluentBuilder
pub fn delete_tls_inspection_configuration( &self ) -> DeleteTLSInspectionConfigurationFluentBuilder
Constructs a fluent builder for the DeleteTLSInspectionConfiguration
operation.
- The fluent builder is configurable:
tls_inspection_configuration_arn(impl Into<String>)
/set_tls_inspection_configuration_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the TLS inspection configuration.
You must specify the ARN or the name, and you can specify both.
tls_inspection_configuration_name(impl Into<String>)
/set_tls_inspection_configuration_name(Option<String>)
:
required: falseThe descriptive name of the TLS inspection configuration. You can’t change the name of a TLS inspection configuration after you create it.
You must specify the ARN or the name, and you can specify both.
- On success, responds with
DeleteTlsInspectionConfigurationOutput
with field(s):tls_inspection_configuration_response(Option<TlsInspectionConfigurationResponse>)
:The high-level properties of a TLS inspection configuration. This, along with the
TLSInspectionConfiguration
, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by callingDescribeTLSInspectionConfiguration
.
- On failure, responds with
SdkError<DeleteTLSInspectionConfigurationError>
source§impl Client
impl Client
sourcepub fn describe_firewall(&self) -> DescribeFirewallFluentBuilder
pub fn describe_firewall(&self) -> DescribeFirewallFluentBuilder
Constructs a fluent builder for the DescribeFirewall
operation.
- The fluent builder is configurable:
firewall_name(impl Into<String>)
/set_firewall_name(Option<String>)
:
required: falseThe descriptive name of the firewall. You can’t change the name of a firewall after you create it.
You must specify the ARN or the name, and you can specify both.
firewall_arn(impl Into<String>)
/set_firewall_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
- On success, responds with
DescribeFirewallOutput
with field(s):update_token(Option<String>)
:An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.firewall(Option<Firewall>)
:The configuration settings for the firewall. These settings include the firewall policy and the subnets in your VPC to use for the firewall endpoints.
firewall_status(Option<FirewallStatus>)
:Detailed information about the current status of a
Firewall
. You can retrieve this for a firewall by callingDescribeFirewall
and providing the firewall name and ARN.
- On failure, responds with
SdkError<DescribeFirewallError>
source§impl Client
impl Client
sourcepub fn describe_firewall_policy(&self) -> DescribeFirewallPolicyFluentBuilder
pub fn describe_firewall_policy(&self) -> DescribeFirewallPolicyFluentBuilder
Constructs a fluent builder for the DescribeFirewallPolicy
operation.
- The fluent builder is configurable:
firewall_policy_name(impl Into<String>)
/set_firewall_policy_name(Option<String>)
:
required: falseThe descriptive name of the firewall policy. You can’t change the name of a firewall policy after you create it.
You must specify the ARN or the name, and you can specify both.
firewall_policy_arn(impl Into<String>)
/set_firewall_policy_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall policy.
You must specify the ARN or the name, and you can specify both.
- On success, responds with
DescribeFirewallPolicyOutput
with field(s):update_token(String)
:A token used for optimistic locking. Network Firewall returns a token to your requests that access the firewall policy. The token marks the state of the policy resource at the time of the request.
To make changes to the policy, you provide the token in your request. Network Firewall uses the token to ensure that the policy hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall policy again to get a current copy of it with current token. Reapply your changes as needed, then try the operation again using the new token.firewall_policy_response(Option<FirewallPolicyResponse>)
:The high-level properties of a firewall policy. This, along with the
FirewallPolicy
, define the policy. You can retrieve all objects for a firewall policy by callingDescribeFirewallPolicy
.firewall_policy(Option<FirewallPolicy>)
:The policy for the specified firewall policy.
- On failure, responds with
SdkError<DescribeFirewallPolicyError>
source§impl Client
impl Client
sourcepub fn describe_logging_configuration(
&self
) -> DescribeLoggingConfigurationFluentBuilder
pub fn describe_logging_configuration( &self ) -> DescribeLoggingConfigurationFluentBuilder
Constructs a fluent builder for the DescribeLoggingConfiguration
operation.
- The fluent builder is configurable:
firewall_arn(impl Into<String>)
/set_firewall_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
firewall_name(impl Into<String>)
/set_firewall_name(Option<String>)
:
required: falseThe descriptive name of the firewall. You can’t change the name of a firewall after you create it.
You must specify the ARN or the name, and you can specify both.
- On success, responds with
DescribeLoggingConfigurationOutput
with field(s):firewall_arn(Option<String>)
:The Amazon Resource Name (ARN) of the firewall.
logging_configuration(Option<LoggingConfiguration>)
:Defines how Network Firewall performs logging for a
Firewall
.
- On failure, responds with
SdkError<DescribeLoggingConfigurationError>
source§impl Client
impl Client
sourcepub fn describe_resource_policy(&self) -> DescribeResourcePolicyFluentBuilder
pub fn describe_resource_policy(&self) -> DescribeResourcePolicyFluentBuilder
Constructs a fluent builder for the DescribeResourcePolicy
operation.
- The fluent builder is configurable:
resource_arn(impl Into<String>)
/set_resource_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the rule group or firewall policy whose resource policy you want to retrieve.
- On success, responds with
DescribeResourcePolicyOutput
with field(s):policy(Option<String>)
:The IAM policy for the resource.
- On failure, responds with
SdkError<DescribeResourcePolicyError>
source§impl Client
impl Client
sourcepub fn describe_rule_group(&self) -> DescribeRuleGroupFluentBuilder
pub fn describe_rule_group(&self) -> DescribeRuleGroupFluentBuilder
Constructs a fluent builder for the DescribeRuleGroup
operation.
- The fluent builder is configurable:
rule_group_name(impl Into<String>)
/set_rule_group_name(Option<String>)
:
required: falseThe descriptive name of the rule group. You can’t change the name of a rule group after you create it.
You must specify the ARN or the name, and you can specify both.
rule_group_arn(impl Into<String>)
/set_rule_group_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the rule group.
You must specify the ARN or the name, and you can specify both.
r#type(RuleGroupType)
/set_type(Option<RuleGroupType>)
:
required: falseIndicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
This setting is required for requests that do not include the
RuleGroupARN
.analyze_rule_group(bool)
/set_analyze_rule_group(Option<bool>)
:
required: falseIndicates whether you want Network Firewall to analyze the stateless rules in the rule group for rule behavior such as asymmetric routing. If set to
TRUE
, Network Firewall runs the analysis.
- On success, responds with
DescribeRuleGroupOutput
with field(s):update_token(String)
:A token used for optimistic locking. Network Firewall returns a token to your requests that access the rule group. The token marks the state of the rule group resource at the time of the request.
To make changes to the rule group, you provide the token in your request. Network Firewall uses the token to ensure that the rule group hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the rule group again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.rule_group(Option<RuleGroup>)
:The object that defines the rules in a rule group. This, along with
RuleGroupResponse
, define the rule group. You can retrieve all objects for a rule group by callingDescribeRuleGroup
.Network Firewall uses a rule group to inspect and control network traffic. You define stateless rule groups to inspect individual packets and you define stateful rule groups to inspect packets in the context of their traffic flow.
To use a rule group, you include it by reference in an Network Firewall firewall policy, then you use the policy in a firewall. You can reference a rule group from more than one firewall policy, and you can use a firewall policy in more than one firewall.
rule_group_response(Option<RuleGroupResponse>)
:The high-level properties of a rule group. This, along with the
RuleGroup
, define the rule group. You can retrieve all objects for a rule group by callingDescribeRuleGroup
.
- On failure, responds with
SdkError<DescribeRuleGroupError>
source§impl Client
impl Client
sourcepub fn describe_rule_group_metadata(
&self
) -> DescribeRuleGroupMetadataFluentBuilder
pub fn describe_rule_group_metadata( &self ) -> DescribeRuleGroupMetadataFluentBuilder
Constructs a fluent builder for the DescribeRuleGroupMetadata
operation.
- The fluent builder is configurable:
rule_group_name(impl Into<String>)
/set_rule_group_name(Option<String>)
:
required: falseThe descriptive name of the rule group. You can’t change the name of a rule group after you create it.
You must specify the ARN or the name, and you can specify both.
rule_group_arn(impl Into<String>)
/set_rule_group_arn(Option<String>)
:
required: falseThe descriptive name of the rule group. You can’t change the name of a rule group after you create it.
You must specify the ARN or the name, and you can specify both.
r#type(RuleGroupType)
/set_type(Option<RuleGroupType>)
:
required: falseIndicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
This setting is required for requests that do not include the
RuleGroupARN
.
- On success, responds with
DescribeRuleGroupMetadataOutput
with field(s):rule_group_arn(String)
:The descriptive name of the rule group. You can’t change the name of a rule group after you create it.
You must specify the ARN or the name, and you can specify both.
rule_group_name(String)
:The descriptive name of the rule group. You can’t change the name of a rule group after you create it.
You must specify the ARN or the name, and you can specify both.
description(Option<String>)
:Returns the metadata objects for the specified rule group.
r#type(Option<RuleGroupType>)
:Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
This setting is required for requests that do not include the
RuleGroupARN
.capacity(Option<i32>)
:The maximum operating resources that this rule group can use. Rule group capacity is fixed at creation. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.
You can retrieve the capacity that would be required for a rule group before you create the rule group by calling
CreateRuleGroup
withDryRun
set toTRUE
.stateful_rule_options(Option<StatefulRuleOptions>)
:Additional options governing how Network Firewall handles the rule group. You can only use these for stateful rule groups.
last_modified_time(Option<DateTime>)
:The last time that the rule group was changed.
- On failure, responds with
SdkError<DescribeRuleGroupMetadataError>
source§impl Client
impl Client
sourcepub fn describe_tls_inspection_configuration(
&self
) -> DescribeTLSInspectionConfigurationFluentBuilder
pub fn describe_tls_inspection_configuration( &self ) -> DescribeTLSInspectionConfigurationFluentBuilder
Constructs a fluent builder for the DescribeTLSInspectionConfiguration
operation.
- The fluent builder is configurable:
tls_inspection_configuration_arn(impl Into<String>)
/set_tls_inspection_configuration_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the TLS inspection configuration.
You must specify the ARN or the name, and you can specify both.
tls_inspection_configuration_name(impl Into<String>)
/set_tls_inspection_configuration_name(Option<String>)
:
required: falseThe descriptive name of the TLS inspection configuration. You can’t change the name of a TLS inspection configuration after you create it.
You must specify the ARN or the name, and you can specify both.
- On success, responds with
DescribeTlsInspectionConfigurationOutput
with field(s):update_token(String)
:A token used for optimistic locking. Network Firewall returns a token to your requests that access the TLS inspection configuration. The token marks the state of the TLS inspection configuration resource at the time of the request.
To make changes to the TLS inspection configuration, you provide the token in your request. Network Firewall uses the token to ensure that the TLS inspection configuration hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the TLS inspection configuration again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.tls_inspection_configuration(Option<TlsInspectionConfiguration>)
:The object that defines a TLS inspection configuration. This, along with
TLSInspectionConfigurationResponse
, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by callingDescribeTLSInspectionConfiguration
.Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.
To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
tls_inspection_configuration_response(Option<TlsInspectionConfigurationResponse>)
:The high-level properties of a TLS inspection configuration. This, along with the
TLSInspectionConfiguration
, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by callingDescribeTLSInspectionConfiguration
.
- On failure, responds with
SdkError<DescribeTLSInspectionConfigurationError>
source§impl Client
impl Client
sourcepub fn disassociate_subnets(&self) -> DisassociateSubnetsFluentBuilder
pub fn disassociate_subnets(&self) -> DisassociateSubnetsFluentBuilder
Constructs a fluent builder for the DisassociateSubnets
operation.
- The fluent builder is configurable:
update_token(impl Into<String>)
/set_update_token(Option<String>)
:
required: falseAn optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.firewall_arn(impl Into<String>)
/set_firewall_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
firewall_name(impl Into<String>)
/set_firewall_name(Option<String>)
:
required: falseThe descriptive name of the firewall. You can’t change the name of a firewall after you create it.
You must specify the ARN or the name, and you can specify both.
subnet_ids(impl Into<String>)
/set_subnet_ids(Option<Vec::<String>>)
:
required: trueThe unique identifiers for the subnets that you want to disassociate.
- On success, responds with
DisassociateSubnetsOutput
with field(s):firewall_arn(Option<String>)
:The Amazon Resource Name (ARN) of the firewall.
firewall_name(Option<String>)
:The descriptive name of the firewall. You can’t change the name of a firewall after you create it.
subnet_mappings(Option<Vec::<SubnetMapping>>)
:The IDs of the subnets that are associated with the firewall.
update_token(Option<String>)
:An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.
- On failure, responds with
SdkError<DisassociateSubnetsError>
source§impl Client
impl Client
sourcepub fn list_firewall_policies(&self) -> ListFirewallPoliciesFluentBuilder
pub fn list_firewall_policies(&self) -> ListFirewallPoliciesFluentBuilder
Constructs a fluent builder for the ListFirewallPolicies
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseWhen you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.max_results(i32)
/set_max_results(Option<i32>)
:
required: falseThe maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a
NextToken
value that you can use in a subsequent call to get the next batch of objects.
- On success, responds with
ListFirewallPoliciesOutput
with field(s):next_token(Option<String>)
:When you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.firewall_policies(Option<Vec::<FirewallPolicyMetadata>>)
:The metadata for the firewall policies. Depending on your setting for max results and the number of firewall policies that you have, this might not be the full list.
- On failure, responds with
SdkError<ListFirewallPoliciesError>
source§impl Client
impl Client
sourcepub fn list_firewalls(&self) -> ListFirewallsFluentBuilder
pub fn list_firewalls(&self) -> ListFirewallsFluentBuilder
Constructs a fluent builder for the ListFirewalls
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseWhen you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.vpc_ids(impl Into<String>)
/set_vpc_ids(Option<Vec::<String>>)
:
required: falseThe unique identifiers of the VPCs that you want Network Firewall to retrieve the firewalls for. Leave this blank to retrieve all firewalls that you have defined.
max_results(i32)
/set_max_results(Option<i32>)
:
required: falseThe maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a
NextToken
value that you can use in a subsequent call to get the next batch of objects.
- On success, responds with
ListFirewallsOutput
with field(s):next_token(Option<String>)
:When you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.firewalls(Option<Vec::<FirewallMetadata>>)
:The firewall metadata objects for the VPCs that you specified. Depending on your setting for max results and the number of firewalls you have, a single call might not be the full list.
- On failure, responds with
SdkError<ListFirewallsError>
source§impl Client
impl Client
sourcepub fn list_rule_groups(&self) -> ListRuleGroupsFluentBuilder
pub fn list_rule_groups(&self) -> ListRuleGroupsFluentBuilder
Constructs a fluent builder for the ListRuleGroups
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseWhen you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.max_results(i32)
/set_max_results(Option<i32>)
:
required: falseThe maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a
NextToken
value that you can use in a subsequent call to get the next batch of objects.scope(ResourceManagedStatus)
/set_scope(Option<ResourceManagedStatus>)
:
required: falseThe scope of the request. The default setting of
ACCOUNT
or a setting ofNULL
returns all of the rule groups in your account. A setting ofMANAGED
returns all available managed rule groups.managed_type(ResourceManagedType)
/set_managed_type(Option<ResourceManagedType>)
:
required: falseIndicates the general category of the Amazon Web Services managed rule group.
r#type(RuleGroupType)
/set_type(Option<RuleGroupType>)
:
required: falseIndicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
- On success, responds with
ListRuleGroupsOutput
with field(s):next_token(Option<String>)
:When you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.rule_groups(Option<Vec::<RuleGroupMetadata>>)
:The rule group metadata objects that you’ve defined. Depending on your setting for max results and the number of rule groups, this might not be the full list.
- On failure, responds with
SdkError<ListRuleGroupsError>
source§impl Client
impl Client
Constructs a fluent builder for the ListTagsForResource
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseWhen you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.max_results(i32)
/set_max_results(Option<i32>)
:
required: falseThe maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a
NextToken
value that you can use in a subsequent call to get the next batch of objects.resource_arn(impl Into<String>)
/set_resource_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the resource.
- On success, responds with
ListTagsForResourceOutput
with field(s):next_token(Option<String>)
:When you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.tags(Option<Vec::<Tag>>)
:The tags that are associated with the resource.
- On failure, responds with
SdkError<ListTagsForResourceError>
source§impl Client
impl Client
sourcepub fn list_tls_inspection_configurations(
&self
) -> ListTLSInspectionConfigurationsFluentBuilder
pub fn list_tls_inspection_configurations( &self ) -> ListTLSInspectionConfigurationsFluentBuilder
Constructs a fluent builder for the ListTLSInspectionConfigurations
operation.
This operation supports pagination; See into_paginator()
.
- The fluent builder is configurable:
next_token(impl Into<String>)
/set_next_token(Option<String>)
:
required: falseWhen you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.max_results(i32)
/set_max_results(Option<i32>)
:
required: falseThe maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a
NextToken
value that you can use in a subsequent call to get the next batch of objects.
- On success, responds with
ListTlsInspectionConfigurationsOutput
with field(s):next_token(Option<String>)
:When you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.tls_inspection_configurations(Option<Vec::<TlsInspectionConfigurationMetadata>>)
:The TLS inspection configuration metadata objects that you’ve defined. Depending on your setting for max results and the number of TLS inspection configurations, this might not be the full list.
- On failure, responds with
SdkError<ListTLSInspectionConfigurationsError>
source§impl Client
impl Client
sourcepub fn put_resource_policy(&self) -> PutResourcePolicyFluentBuilder
pub fn put_resource_policy(&self) -> PutResourcePolicyFluentBuilder
Constructs a fluent builder for the PutResourcePolicy
operation.
- The fluent builder is configurable:
resource_arn(impl Into<String>)
/set_resource_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the account that you want to share rule groups and firewall policies with.
policy(impl Into<String>)
/set_policy(Option<String>)
:
required: trueThe IAM policy statement that lists the accounts that you want to share your rule group or firewall policy with and the operations that you want the accounts to be able to perform.
For a rule group resource, you can specify the following operations in the Actions section of the statement:
-
network-firewall:CreateFirewallPolicy
-
network-firewall:UpdateFirewallPolicy
-
network-firewall:ListRuleGroups
For a firewall policy resource, you can specify the following operations in the Actions section of the statement:
-
network-firewall:AssociateFirewallPolicy
-
network-firewall:ListFirewallPolicies
In the Resource section of the statement, you specify the ARNs for the rule groups and firewall policies that you want to share with the account that you specified in
Arn
.-
- On success, responds with
PutResourcePolicyOutput
- On failure, responds with
SdkError<PutResourcePolicyError>
source§impl Client
impl Client
sourcepub fn tag_resource(&self) -> TagResourceFluentBuilder
pub fn tag_resource(&self) -> TagResourceFluentBuilder
Constructs a fluent builder for the TagResource
operation.
- The fluent builder is configurable:
resource_arn(impl Into<String>)
/set_resource_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the resource.
tags(Tag)
/set_tags(Option<Vec::<Tag>>)
:
required: true
- On success, responds with
TagResourceOutput
- On failure, responds with
SdkError<TagResourceError>
source§impl Client
impl Client
sourcepub fn untag_resource(&self) -> UntagResourceFluentBuilder
pub fn untag_resource(&self) -> UntagResourceFluentBuilder
Constructs a fluent builder for the UntagResource
operation.
- The fluent builder is configurable:
resource_arn(impl Into<String>)
/set_resource_arn(Option<String>)
:
required: trueThe Amazon Resource Name (ARN) of the resource.
tag_keys(impl Into<String>)
/set_tag_keys(Option<Vec::<String>>)
:
required: true
- On success, responds with
UntagResourceOutput
- On failure, responds with
SdkError<UntagResourceError>
source§impl Client
impl Client
sourcepub fn update_firewall_delete_protection(
&self
) -> UpdateFirewallDeleteProtectionFluentBuilder
pub fn update_firewall_delete_protection( &self ) -> UpdateFirewallDeleteProtectionFluentBuilder
Constructs a fluent builder for the UpdateFirewallDeleteProtection
operation.
- The fluent builder is configurable:
update_token(impl Into<String>)
/set_update_token(Option<String>)
:
required: falseAn optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.firewall_arn(impl Into<String>)
/set_firewall_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
firewall_name(impl Into<String>)
/set_firewall_name(Option<String>)
:
required: falseThe descriptive name of the firewall. You can’t change the name of a firewall after you create it.
You must specify the ARN or the name, and you can specify both.
delete_protection(bool)
/set_delete_protection(Option<bool>)
:
required: trueA flag indicating whether it is possible to delete the firewall. A setting of
TRUE
indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag toTRUE
.
- On success, responds with
UpdateFirewallDeleteProtectionOutput
with field(s):firewall_arn(Option<String>)
:The Amazon Resource Name (ARN) of the firewall.
firewall_name(Option<String>)
:The descriptive name of the firewall. You can’t change the name of a firewall after you create it.
delete_protection(bool)
:A flag indicating whether it is possible to delete the firewall. A setting of
TRUE
indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag toTRUE
.update_token(Option<String>)
:An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.
- On failure, responds with
SdkError<UpdateFirewallDeleteProtectionError>
source§impl Client
impl Client
sourcepub fn update_firewall_description(
&self
) -> UpdateFirewallDescriptionFluentBuilder
pub fn update_firewall_description( &self ) -> UpdateFirewallDescriptionFluentBuilder
Constructs a fluent builder for the UpdateFirewallDescription
operation.
- The fluent builder is configurable:
update_token(impl Into<String>)
/set_update_token(Option<String>)
:
required: falseAn optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.firewall_arn(impl Into<String>)
/set_firewall_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
firewall_name(impl Into<String>)
/set_firewall_name(Option<String>)
:
required: falseThe descriptive name of the firewall. You can’t change the name of a firewall after you create it.
You must specify the ARN or the name, and you can specify both.
description(impl Into<String>)
/set_description(Option<String>)
:
required: falseThe new description for the firewall. If you omit this setting, Network Firewall removes the description for the firewall.
- On success, responds with
UpdateFirewallDescriptionOutput
with field(s):firewall_arn(Option<String>)
:The Amazon Resource Name (ARN) of the firewall.
firewall_name(Option<String>)
:The descriptive name of the firewall. You can’t change the name of a firewall after you create it.
description(Option<String>)
:A description of the firewall.
update_token(Option<String>)
:An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.
- On failure, responds with
SdkError<UpdateFirewallDescriptionError>
source§impl Client
impl Client
sourcepub fn update_firewall_encryption_configuration(
&self
) -> UpdateFirewallEncryptionConfigurationFluentBuilder
pub fn update_firewall_encryption_configuration( &self ) -> UpdateFirewallEncryptionConfigurationFluentBuilder
Constructs a fluent builder for the UpdateFirewallEncryptionConfiguration
operation.
- The fluent builder is configurable:
update_token(impl Into<String>)
/set_update_token(Option<String>)
:
required: falseAn optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.firewall_arn(impl Into<String>)
/set_firewall_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall.
firewall_name(impl Into<String>)
/set_firewall_name(Option<String>)
:
required: falseThe descriptive name of the firewall. You can’t change the name of a firewall after you create it.
encryption_configuration(EncryptionConfiguration)
/set_encryption_configuration(Option<EncryptionConfiguration>)
:
required: falseA complex type that contains optional Amazon Web Services Key Management Service (KMS) encryption settings for your Network Firewall resources. Your data is encrypted by default with an Amazon Web Services owned key that Amazon Web Services owns and manages for you. You can use either the Amazon Web Services owned key, or provide your own customer managed key. To learn more about KMS encryption of your Network Firewall resources, see Encryption at rest with Amazon Web Services Key Managment Service in the Network Firewall Developer Guide.
- On success, responds with
UpdateFirewallEncryptionConfigurationOutput
with field(s):firewall_arn(Option<String>)
:The Amazon Resource Name (ARN) of the firewall.
firewall_name(Option<String>)
:The descriptive name of the firewall. You can’t change the name of a firewall after you create it.
update_token(Option<String>)
:An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.encryption_configuration(Option<EncryptionConfiguration>)
:A complex type that contains optional Amazon Web Services Key Management Service (KMS) encryption settings for your Network Firewall resources. Your data is encrypted by default with an Amazon Web Services owned key that Amazon Web Services owns and manages for you. You can use either the Amazon Web Services owned key, or provide your own customer managed key. To learn more about KMS encryption of your Network Firewall resources, see Encryption at rest with Amazon Web Services Key Managment Service in the Network Firewall Developer Guide.
- On failure, responds with
SdkError<UpdateFirewallEncryptionConfigurationError>
source§impl Client
impl Client
sourcepub fn update_firewall_policy(&self) -> UpdateFirewallPolicyFluentBuilder
pub fn update_firewall_policy(&self) -> UpdateFirewallPolicyFluentBuilder
Constructs a fluent builder for the UpdateFirewallPolicy
operation.
- The fluent builder is configurable:
update_token(impl Into<String>)
/set_update_token(Option<String>)
:
required: trueA token used for optimistic locking. Network Firewall returns a token to your requests that access the firewall policy. The token marks the state of the policy resource at the time of the request.
To make changes to the policy, you provide the token in your request. Network Firewall uses the token to ensure that the policy hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall policy again to get a current copy of it with current token. Reapply your changes as needed, then try the operation again using the new token.firewall_policy_arn(impl Into<String>)
/set_firewall_policy_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall policy.
You must specify the ARN or the name, and you can specify both.
firewall_policy_name(impl Into<String>)
/set_firewall_policy_name(Option<String>)
:
required: falseThe descriptive name of the firewall policy. You can’t change the name of a firewall policy after you create it.
You must specify the ARN or the name, and you can specify both.
firewall_policy(FirewallPolicy)
/set_firewall_policy(Option<FirewallPolicy>)
:
required: trueThe updated firewall policy to use for the firewall. You can’t add or remove a
TLSInspectionConfiguration
after you create a firewall policy. However, you can replace an existing TLS inspection configuration with anotherTLSInspectionConfiguration
.description(impl Into<String>)
/set_description(Option<String>)
:
required: falseA description of the firewall policy.
dry_run(bool)
/set_dry_run(Option<bool>)
:
required: falseIndicates whether you want Network Firewall to just check the validity of the request, rather than run the request.
If set to
TRUE
, Network Firewall checks whether the request can run successfully, but doesn’t actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set toFALSE
, but doesn’t make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.If set to
FALSE
, Network Firewall makes the requested changes to your resources.encryption_configuration(EncryptionConfiguration)
/set_encryption_configuration(Option<EncryptionConfiguration>)
:
required: falseA complex type that contains settings for encryption of your firewall policy resources.
- On success, responds with
UpdateFirewallPolicyOutput
with field(s):update_token(String)
:A token used for optimistic locking. Network Firewall returns a token to your requests that access the firewall policy. The token marks the state of the policy resource at the time of the request.
To make changes to the policy, you provide the token in your request. Network Firewall uses the token to ensure that the policy hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall policy again to get a current copy of it with current token. Reapply your changes as needed, then try the operation again using the new token.firewall_policy_response(Option<FirewallPolicyResponse>)
:The high-level properties of a firewall policy. This, along with the
FirewallPolicy
, define the policy. You can retrieve all objects for a firewall policy by callingDescribeFirewallPolicy
.
- On failure, responds with
SdkError<UpdateFirewallPolicyError>
source§impl Client
impl Client
sourcepub fn update_firewall_policy_change_protection(
&self
) -> UpdateFirewallPolicyChangeProtectionFluentBuilder
pub fn update_firewall_policy_change_protection( &self ) -> UpdateFirewallPolicyChangeProtectionFluentBuilder
Constructs a fluent builder for the UpdateFirewallPolicyChangeProtection
operation.
- The fluent builder is configurable:
update_token(impl Into<String>)
/set_update_token(Option<String>)
:
required: falseAn optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.firewall_arn(impl Into<String>)
/set_firewall_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
firewall_name(impl Into<String>)
/set_firewall_name(Option<String>)
:
required: falseThe descriptive name of the firewall. You can’t change the name of a firewall after you create it.
You must specify the ARN or the name, and you can specify both.
firewall_policy_change_protection(bool)
/set_firewall_policy_change_protection(Option<bool>)
:
required: trueA setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to
TRUE
.
- On success, responds with
UpdateFirewallPolicyChangeProtectionOutput
with field(s):update_token(Option<String>)
:An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.firewall_arn(Option<String>)
:The Amazon Resource Name (ARN) of the firewall.
firewall_name(Option<String>)
:The descriptive name of the firewall. You can’t change the name of a firewall after you create it.
firewall_policy_change_protection(bool)
:A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to
TRUE
.
- On failure, responds with
SdkError<UpdateFirewallPolicyChangeProtectionError>
source§impl Client
impl Client
sourcepub fn update_logging_configuration(
&self
) -> UpdateLoggingConfigurationFluentBuilder
pub fn update_logging_configuration( &self ) -> UpdateLoggingConfigurationFluentBuilder
Constructs a fluent builder for the UpdateLoggingConfiguration
operation.
- The fluent builder is configurable:
firewall_arn(impl Into<String>)
/set_firewall_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
firewall_name(impl Into<String>)
/set_firewall_name(Option<String>)
:
required: falseThe descriptive name of the firewall. You can’t change the name of a firewall after you create it.
You must specify the ARN or the name, and you can specify both.
logging_configuration(LoggingConfiguration)
/set_logging_configuration(Option<LoggingConfiguration>)
:
required: falseDefines how Network Firewall performs logging for a firewall. If you omit this setting, Network Firewall disables logging for the firewall.
- On success, responds with
UpdateLoggingConfigurationOutput
with field(s):firewall_arn(Option<String>)
:The Amazon Resource Name (ARN) of the firewall.
firewall_name(Option<String>)
:The descriptive name of the firewall. You can’t change the name of a firewall after you create it.
logging_configuration(Option<LoggingConfiguration>)
:Defines how Network Firewall performs logging for a
Firewall
.
- On failure, responds with
SdkError<UpdateLoggingConfigurationError>
source§impl Client
impl Client
sourcepub fn update_rule_group(&self) -> UpdateRuleGroupFluentBuilder
pub fn update_rule_group(&self) -> UpdateRuleGroupFluentBuilder
Constructs a fluent builder for the UpdateRuleGroup
operation.
- The fluent builder is configurable:
update_token(impl Into<String>)
/set_update_token(Option<String>)
:
required: trueA token used for optimistic locking. Network Firewall returns a token to your requests that access the rule group. The token marks the state of the rule group resource at the time of the request.
To make changes to the rule group, you provide the token in your request. Network Firewall uses the token to ensure that the rule group hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the rule group again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.rule_group_arn(impl Into<String>)
/set_rule_group_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the rule group.
You must specify the ARN or the name, and you can specify both.
rule_group_name(impl Into<String>)
/set_rule_group_name(Option<String>)
:
required: falseThe descriptive name of the rule group. You can’t change the name of a rule group after you create it.
You must specify the ARN or the name, and you can specify both.
rule_group(RuleGroup)
/set_rule_group(Option<RuleGroup>)
:
required: falseAn object that defines the rule group rules.
You must provide either this rule group setting or a
Rules
setting, but not both.rules(impl Into<String>)
/set_rules(Option<String>)
:
required: falseA string containing stateful rule group rules specifications in Suricata flat format, with one rule per line. Use this to import your existing Suricata compatible rule groups.
You must provide either this rules setting or a populated
RuleGroup
setting, but not both.You can provide your rule group specification in Suricata flat format through this setting when you create or update your rule group. The call response returns a
RuleGroup
object that Network Firewall has populated from your string.r#type(RuleGroupType)
/set_type(Option<RuleGroupType>)
:
required: falseIndicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
This setting is required for requests that do not include the
RuleGroupARN
.description(impl Into<String>)
/set_description(Option<String>)
:
required: falseA description of the rule group.
dry_run(bool)
/set_dry_run(Option<bool>)
:
required: falseIndicates whether you want Network Firewall to just check the validity of the request, rather than run the request.
If set to
TRUE
, Network Firewall checks whether the request can run successfully, but doesn’t actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set toFALSE
, but doesn’t make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.If set to
FALSE
, Network Firewall makes the requested changes to your resources.encryption_configuration(EncryptionConfiguration)
/set_encryption_configuration(Option<EncryptionConfiguration>)
:
required: falseA complex type that contains settings for encryption of your rule group resources.
source_metadata(SourceMetadata)
/set_source_metadata(Option<SourceMetadata>)
:
required: falseA complex type that contains metadata about the rule group that your own rule group is copied from. You can use the metadata to keep track of updates made to the originating rule group.
analyze_rule_group(bool)
/set_analyze_rule_group(Option<bool>)
:
required: falseIndicates whether you want Network Firewall to analyze the stateless rules in the rule group for rule behavior such as asymmetric routing. If set to
TRUE
, Network Firewall runs the analysis and then updates the rule group for you. To run the stateless rule group analyzer without updating the rule group, setDryRun
toTRUE
.
- On success, responds with
UpdateRuleGroupOutput
with field(s):update_token(String)
:A token used for optimistic locking. Network Firewall returns a token to your requests that access the rule group. The token marks the state of the rule group resource at the time of the request.
To make changes to the rule group, you provide the token in your request. Network Firewall uses the token to ensure that the rule group hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the rule group again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.rule_group_response(Option<RuleGroupResponse>)
:The high-level properties of a rule group. This, along with the
RuleGroup
, define the rule group. You can retrieve all objects for a rule group by callingDescribeRuleGroup
.
- On failure, responds with
SdkError<UpdateRuleGroupError>
source§impl Client
impl Client
sourcepub fn update_subnet_change_protection(
&self
) -> UpdateSubnetChangeProtectionFluentBuilder
pub fn update_subnet_change_protection( &self ) -> UpdateSubnetChangeProtectionFluentBuilder
Constructs a fluent builder for the UpdateSubnetChangeProtection
operation.
- The fluent builder is configurable:
update_token(impl Into<String>)
/set_update_token(Option<String>)
:
required: falseAn optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.firewall_arn(impl Into<String>)
/set_firewall_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
firewall_name(impl Into<String>)
/set_firewall_name(Option<String>)
:
required: falseThe descriptive name of the firewall. You can’t change the name of a firewall after you create it.
You must specify the ARN or the name, and you can specify both.
subnet_change_protection(bool)
/set_subnet_change_protection(Option<bool>)
:
required: trueA setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to
TRUE
.
- On success, responds with
UpdateSubnetChangeProtectionOutput
with field(s):update_token(Option<String>)
:An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.firewall_arn(Option<String>)
:The Amazon Resource Name (ARN) of the firewall.
firewall_name(Option<String>)
:The descriptive name of the firewall. You can’t change the name of a firewall after you create it.
subnet_change_protection(bool)
:A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to
TRUE
.
- On failure, responds with
SdkError<UpdateSubnetChangeProtectionError>
source§impl Client
impl Client
sourcepub fn update_tls_inspection_configuration(
&self
) -> UpdateTLSInspectionConfigurationFluentBuilder
pub fn update_tls_inspection_configuration( &self ) -> UpdateTLSInspectionConfigurationFluentBuilder
Constructs a fluent builder for the UpdateTLSInspectionConfiguration
operation.
- The fluent builder is configurable:
tls_inspection_configuration_arn(impl Into<String>)
/set_tls_inspection_configuration_arn(Option<String>)
:
required: falseThe Amazon Resource Name (ARN) of the TLS inspection configuration.
tls_inspection_configuration_name(impl Into<String>)
/set_tls_inspection_configuration_name(Option<String>)
:
required: falseThe descriptive name of the TLS inspection configuration. You can’t change the name of a TLS inspection configuration after you create it.
tls_inspection_configuration(TlsInspectionConfiguration)
/set_tls_inspection_configuration(Option<TlsInspectionConfiguration>)
:
required: trueThe object that defines a TLS inspection configuration. This, along with
TLSInspectionConfigurationResponse
, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by callingDescribeTLSInspectionConfiguration
.Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.
To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
description(impl Into<String>)
/set_description(Option<String>)
:
required: falseA description of the TLS inspection configuration.
encryption_configuration(EncryptionConfiguration)
/set_encryption_configuration(Option<EncryptionConfiguration>)
:
required: falseA complex type that contains the Amazon Web Services KMS encryption configuration settings for your TLS inspection configuration.
update_token(impl Into<String>)
/set_update_token(Option<String>)
:
required: trueA token used for optimistic locking. Network Firewall returns a token to your requests that access the TLS inspection configuration. The token marks the state of the TLS inspection configuration resource at the time of the request.
To make changes to the TLS inspection configuration, you provide the token in your request. Network Firewall uses the token to ensure that the TLS inspection configuration hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the TLS inspection configuration again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.
- On success, responds with
UpdateTlsInspectionConfigurationOutput
with field(s):update_token(String)
:A token used for optimistic locking. Network Firewall returns a token to your requests that access the TLS inspection configuration. The token marks the state of the TLS inspection configuration resource at the time of the request.
To make changes to the TLS inspection configuration, you provide the token in your request. Network Firewall uses the token to ensure that the TLS inspection configuration hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException
. If this happens, retrieve the TLS inspection configuration again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.tls_inspection_configuration_response(Option<TlsInspectionConfigurationResponse>)
:The high-level properties of a TLS inspection configuration. This, along with the
TLSInspectionConfiguration
, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by callingDescribeTLSInspectionConfiguration
.
- On failure, responds with
SdkError<UpdateTLSInspectionConfigurationError>
source§impl Client
impl Client
sourcepub fn from_conf(conf: Config) -> Self
pub fn from_conf(conf: Config) -> Self
Creates a new client from the service Config
.
§Panics
This method will panic in the following cases:
- Retries or timeouts are enabled without a
sleep_impl
configured. - Identity caching is enabled without a
sleep_impl
andtime_source
configured. - No
behavior_version
is provided.
The panic message for each of these will have instructions on how to resolve them.
source§impl Client
impl Client
sourcepub fn new(sdk_config: &SdkConfig) -> Self
pub fn new(sdk_config: &SdkConfig) -> Self
Creates a new client from an SDK Config.
§Panics
- This method will panic if the
sdk_config
is missing an async sleep implementation. If you experience this panic, set thesleep_impl
on the Config passed into this function to fix it. - This method will panic if the
sdk_config
is missing an HTTP connector. If you experience this panic, set thehttp_connector
on the Config passed into this function to fix it. - This method will panic if no
BehaviorVersion
is provided. If you experience this panic, setbehavior_version
on the Config or enable thebehavior-version-latest
Cargo feature.
Trait Implementations§
Auto Trait Implementations§
impl Freeze for Client
impl !RefUnwindSafe for Client
impl Send for Client
impl Sync for Client
impl Unpin for Client
impl !UnwindSafe for Client
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
source§impl<T> IntoEither for T
impl<T> IntoEither for T
source§fn into_either(self, into_left: bool) -> Either<Self, Self>
fn into_either(self, into_left: bool) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left
is true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read moresource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
self
into a Left
variant of Either<Self, Self>
if into_left(&self)
returns true
.
Converts self
into a Right
variant of Either<Self, Self>
otherwise. Read more