Struct aws_sdk_networkfirewall::Client

source · 
pub struct Client { /* private fields */ }
Expand description

Client for AWS Network Firewall

Client for invoking operations on AWS Network Firewall. Each operation on AWS Network Firewall is a method on this this struct. .send() MUST be invoked on the generated operations to dispatch the request to the service.

§Constructing a Client

A Config is required to construct a client. For most use cases, the aws-config crate should be used to automatically resolve this config using aws_config::load_from_env(), since this will resolve an SdkConfig which can be shared across multiple different AWS SDK clients. This config resolution process can be customized by calling aws_config::from_env() instead, which returns a ConfigLoader that uses the builder pattern to customize the default config.

In the simplest case, creating a client looks as follows:

let config = aws_config::load_from_env().await;
let client = aws_sdk_networkfirewall::Client::new(&config);

Occasionally, SDKs may have additional service-specific values that can be set on the Config that is absent from SdkConfig, or slightly different settings for a specific client may be desired. The Config struct implements From<&SdkConfig>, so setting these specific settings can be done as follows:

let sdk_config = ::aws_config::load_from_env().await;
let config = aws_sdk_networkfirewall::config::Builder::from(&sdk_config)
    .some_service_specific_setting("value")
    .build();

See the aws-config docs and Config for more information on customizing configuration.

Note: Client construction is expensive due to connection thread pool initialization, and should be done once at application start-up.

§Using the Client

A client has a function for every operation that can be performed by the service. For example, the AssociateFirewallPolicy operation has a Client::associate_firewall_policy, function which returns a builder for that operation. The fluent builder ultimately has a send() function that returns an async future that returns a result, as illustrated below:

let result = client.associate_firewall_policy()
    .update_token("example")
    .send()
    .await;

The underlying HTTP requests that get made by this can be modified with the customize_operation function on the fluent builder. See the customize module for more information.

Implementations§

source§

impl Client

source

pub fn associate_firewall_policy(&self) -> AssociateFirewallPolicyFluentBuilder

Constructs a fluent builder for the AssociateFirewallPolicy operation.

  • The fluent builder is configurable:
    • update_token(impl Into<String>) / set_update_token(Option<String>):
      required: false

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.


    • firewall_arn(impl Into<String>) / set_firewall_arn(Option<String>):
      required: false

      The Amazon Resource Name (ARN) of the firewall.

      You must specify the ARN or the name, and you can specify both.


    • firewall_name(impl Into<String>) / set_firewall_name(Option<String>):
      required: false

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

      You must specify the ARN or the name, and you can specify both.


    • firewall_policy_arn(impl Into<String>) / set_firewall_policy_arn(Option<String>):
      required: true

      The Amazon Resource Name (ARN) of the firewall policy.


  • On success, responds with AssociateFirewallPolicyOutput with field(s):
    • firewall_arn(Option<String>):

      The Amazon Resource Name (ARN) of the firewall.

    • firewall_name(Option<String>):

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

    • firewall_policy_arn(Option<String>):

      The Amazon Resource Name (ARN) of the firewall policy.

    • update_token(Option<String>):

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

  • On failure, responds with SdkError<AssociateFirewallPolicyError>
source§

impl Client

source

pub fn associate_subnets(&self) -> AssociateSubnetsFluentBuilder

Constructs a fluent builder for the AssociateSubnets operation.

  • The fluent builder is configurable:
    • update_token(impl Into<String>) / set_update_token(Option<String>):
      required: false

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.


    • firewall_arn(impl Into<String>) / set_firewall_arn(Option<String>):
      required: false

      The Amazon Resource Name (ARN) of the firewall.

      You must specify the ARN or the name, and you can specify both.


    • firewall_name(impl Into<String>) / set_firewall_name(Option<String>):
      required: false

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

      You must specify the ARN or the name, and you can specify both.


    • subnet_mappings(SubnetMapping) / set_subnet_mappings(Option<Vec::<SubnetMapping>>):
      required: true

      The IDs of the subnets that you want to associate with the firewall.


  • On success, responds with AssociateSubnetsOutput with field(s):
    • firewall_arn(Option<String>):

      The Amazon Resource Name (ARN) of the firewall.

    • firewall_name(Option<String>):

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

    • subnet_mappings(Option<Vec::<SubnetMapping>>):

      The IDs of the subnets that are associated with the firewall.

    • update_token(Option<String>):

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

  • On failure, responds with SdkError<AssociateSubnetsError>
source§

impl Client

source

pub fn create_firewall(&self) -> CreateFirewallFluentBuilder

Constructs a fluent builder for the CreateFirewall operation.

source§

impl Client

source

pub fn create_firewall_policy(&self) -> CreateFirewallPolicyFluentBuilder

Constructs a fluent builder for the CreateFirewallPolicy operation.

source§

impl Client

source

pub fn create_rule_group(&self) -> CreateRuleGroupFluentBuilder

Constructs a fluent builder for the CreateRuleGroup operation.

  • The fluent builder is configurable:
    • rule_group_name(impl Into<String>) / set_rule_group_name(Option<String>):
      required: true

      The descriptive name of the rule group. You can’t change the name of a rule group after you create it.


    • rule_group(RuleGroup) / set_rule_group(Option<RuleGroup>):
      required: false

      An object that defines the rule group rules.

      You must provide either this rule group setting or a Rules setting, but not both.


    • rules(impl Into<String>) / set_rules(Option<String>):
      required: false

      A string containing stateful rule group rules specifications in Suricata flat format, with one rule per line. Use this to import your existing Suricata compatible rule groups.

      You must provide either this rules setting or a populated RuleGroup setting, but not both.

      You can provide your rule group specification in Suricata flat format through this setting when you create or update your rule group. The call response returns a RuleGroup object that Network Firewall has populated from your string.


    • r#type(RuleGroupType) / set_type(Option<RuleGroupType>):
      required: true

      Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.


    • description(impl Into<String>) / set_description(Option<String>):
      required: false

      A description of the rule group.


    • capacity(i32) / set_capacity(Option<i32>):
      required: true

      The maximum operating resources that this rule group can use. Rule group capacity is fixed at creation. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.

      You can retrieve the capacity that would be required for a rule group before you create the rule group by calling CreateRuleGroup with DryRun set to TRUE.

      You can’t change or exceed this capacity when you update the rule group, so leave room for your rule group to grow.

      Capacity for a stateless rule group

      For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules that you expect to have in the rule group.

      To calculate the capacity requirement of a single rule, multiply the capacity requirement values of each of the rule’s match settings:

      • A match setting with no criteria specified has a value of 1.

      • A match setting with Any specified has a value of 1.

      • All other match settings have a value equal to the number of elements provided in the setting. For example, a protocol setting [“UDP”] and a source setting [“10.0.0.0/24”] each have a value of 1. A protocol setting [“UDP”,“TCP”] has a value of 2. A source setting [“10.0.0.0/24”,“10.0.0.1/24”,“10.0.0.2/24”] has a value of 3.

      A rule with no criteria specified in any of its match settings has a capacity requirement of 1. A rule with protocol setting [“UDP”,“TCP”], source setting [“10.0.0.0/24”,“10.0.0.1/24”,“10.0.0.2/24”], and a single specification or no specification for each of the other match settings has a capacity requirement of 6.

      Capacity for a stateful rule group

      For a stateful rule group, the minimum capacity required is the number of individual rules that you expect to have in the rule group.


    • tags(Tag) / set_tags(Option<Vec::<Tag>>):
      required: false

      The key:value pairs to associate with the resource.


    • dry_run(bool) / set_dry_run(Option<bool>):
      required: false

      Indicates whether you want Network Firewall to just check the validity of the request, rather than run the request.

      If set to TRUE, Network Firewall checks whether the request can run successfully, but doesn’t actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set to FALSE, but doesn’t make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.

      If set to FALSE, Network Firewall makes the requested changes to your resources.


    • encryption_configuration(EncryptionConfiguration) / set_encryption_configuration(Option<EncryptionConfiguration>):
      required: false

      A complex type that contains settings for encryption of your rule group resources.


    • source_metadata(SourceMetadata) / set_source_metadata(Option<SourceMetadata>):
      required: false

      A complex type that contains metadata about the rule group that your own rule group is copied from. You can use the metadata to keep track of updates made to the originating rule group.


    • analyze_rule_group(bool) / set_analyze_rule_group(Option<bool>):
      required: false

      Indicates whether you want Network Firewall to analyze the stateless rules in the rule group for rule behavior such as asymmetric routing. If set to TRUE, Network Firewall runs the analysis and then creates the rule group for you. To run the stateless rule group analyzer without creating the rule group, set DryRun to TRUE.


  • On success, responds with CreateRuleGroupOutput with field(s):
    • update_token(String):

      A token used for optimistic locking. Network Firewall returns a token to your requests that access the rule group. The token marks the state of the rule group resource at the time of the request.

      To make changes to the rule group, you provide the token in your request. Network Firewall uses the token to ensure that the rule group hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the rule group again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.

    • rule_group_response(Option<RuleGroupResponse>):

      The high-level properties of a rule group. This, along with the RuleGroup, define the rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.

  • On failure, responds with SdkError<CreateRuleGroupError>
source§

impl Client

source

pub fn create_tls_inspection_configuration( &self ) -> CreateTLSInspectionConfigurationFluentBuilder

Constructs a fluent builder for the CreateTLSInspectionConfiguration operation.

source§

impl Client

source

pub fn delete_firewall(&self) -> DeleteFirewallFluentBuilder

Constructs a fluent builder for the DeleteFirewall operation.

  • The fluent builder is configurable:
  • On success, responds with DeleteFirewallOutput with field(s):
    • firewall(Option<Firewall>):

      The firewall defines the configuration settings for an Network Firewall firewall. These settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource.

      The status of the firewall, for example whether it’s ready to filter network traffic, is provided in the corresponding FirewallStatus. You can retrieve both objects by calling DescribeFirewall.

    • firewall_status(Option<FirewallStatus>):

      Detailed information about the current status of a Firewall. You can retrieve this for a firewall by calling DescribeFirewall and providing the firewall name and ARN.

  • On failure, responds with SdkError<DeleteFirewallError>
source§

impl Client

source

pub fn delete_firewall_policy(&self) -> DeleteFirewallPolicyFluentBuilder

Constructs a fluent builder for the DeleteFirewallPolicy operation.

source§

impl Client

source

pub fn delete_resource_policy(&self) -> DeleteResourcePolicyFluentBuilder

Constructs a fluent builder for the DeleteResourcePolicy operation.

source§

impl Client

source

pub fn delete_rule_group(&self) -> DeleteRuleGroupFluentBuilder

Constructs a fluent builder for the DeleteRuleGroup operation.

source§

impl Client

source

pub fn delete_tls_inspection_configuration( &self ) -> DeleteTLSInspectionConfigurationFluentBuilder

Constructs a fluent builder for the DeleteTLSInspectionConfiguration operation.

source§

impl Client

source

pub fn describe_firewall(&self) -> DescribeFirewallFluentBuilder

Constructs a fluent builder for the DescribeFirewall operation.

  • The fluent builder is configurable:
  • On success, responds with DescribeFirewallOutput with field(s):
    • update_token(Option<String>):

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

    • firewall(Option<Firewall>):

      The configuration settings for the firewall. These settings include the firewall policy and the subnets in your VPC to use for the firewall endpoints.

    • firewall_status(Option<FirewallStatus>):

      Detailed information about the current status of a Firewall. You can retrieve this for a firewall by calling DescribeFirewall and providing the firewall name and ARN.

  • On failure, responds with SdkError<DescribeFirewallError>
source§

impl Client

source

pub fn describe_firewall_policy(&self) -> DescribeFirewallPolicyFluentBuilder

Constructs a fluent builder for the DescribeFirewallPolicy operation.

source§

impl Client

source

pub fn describe_logging_configuration( &self ) -> DescribeLoggingConfigurationFluentBuilder

Constructs a fluent builder for the DescribeLoggingConfiguration operation.

source§

impl Client

source

pub fn describe_resource_policy(&self) -> DescribeResourcePolicyFluentBuilder

Constructs a fluent builder for the DescribeResourcePolicy operation.

source§

impl Client

source

pub fn describe_rule_group(&self) -> DescribeRuleGroupFluentBuilder

Constructs a fluent builder for the DescribeRuleGroup operation.

  • The fluent builder is configurable:
  • On success, responds with DescribeRuleGroupOutput with field(s):
    • update_token(String):

      A token used for optimistic locking. Network Firewall returns a token to your requests that access the rule group. The token marks the state of the rule group resource at the time of the request.

      To make changes to the rule group, you provide the token in your request. Network Firewall uses the token to ensure that the rule group hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the rule group again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.

    • rule_group(Option<RuleGroup>):

      The object that defines the rules in a rule group. This, along with RuleGroupResponse, define the rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.

      Network Firewall uses a rule group to inspect and control network traffic. You define stateless rule groups to inspect individual packets and you define stateful rule groups to inspect packets in the context of their traffic flow.

      To use a rule group, you include it by reference in an Network Firewall firewall policy, then you use the policy in a firewall. You can reference a rule group from more than one firewall policy, and you can use a firewall policy in more than one firewall.

    • rule_group_response(Option<RuleGroupResponse>):

      The high-level properties of a rule group. This, along with the RuleGroup, define the rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.

  • On failure, responds with SdkError<DescribeRuleGroupError>
source§

impl Client

source

pub fn describe_rule_group_metadata( &self ) -> DescribeRuleGroupMetadataFluentBuilder

Constructs a fluent builder for the DescribeRuleGroupMetadata operation.

  • The fluent builder is configurable:
  • On success, responds with DescribeRuleGroupMetadataOutput with field(s):
    • rule_group_arn(String):

      The descriptive name of the rule group. You can’t change the name of a rule group after you create it.

      You must specify the ARN or the name, and you can specify both.

    • rule_group_name(String):

      The descriptive name of the rule group. You can’t change the name of a rule group after you create it.

      You must specify the ARN or the name, and you can specify both.

    • description(Option<String>):

      Returns the metadata objects for the specified rule group.

    • r#type(Option<RuleGroupType>):

      Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.

      This setting is required for requests that do not include the RuleGroupARN.

    • capacity(Option<i32>):

      The maximum operating resources that this rule group can use. Rule group capacity is fixed at creation. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.

      You can retrieve the capacity that would be required for a rule group before you create the rule group by calling CreateRuleGroup with DryRun set to TRUE.

    • stateful_rule_options(Option<StatefulRuleOptions>):

      Additional options governing how Network Firewall handles the rule group. You can only use these for stateful rule groups.

    • last_modified_time(Option<DateTime>):

      The last time that the rule group was changed.

  • On failure, responds with SdkError<DescribeRuleGroupMetadataError>
source§

impl Client

source

pub fn describe_tls_inspection_configuration( &self ) -> DescribeTLSInspectionConfigurationFluentBuilder

Constructs a fluent builder for the DescribeTLSInspectionConfiguration operation.

  • The fluent builder is configurable:
  • On success, responds with DescribeTlsInspectionConfigurationOutput with field(s):
    • update_token(String):

      A token used for optimistic locking. Network Firewall returns a token to your requests that access the TLS inspection configuration. The token marks the state of the TLS inspection configuration resource at the time of the request.

      To make changes to the TLS inspection configuration, you provide the token in your request. Network Firewall uses the token to ensure that the TLS inspection configuration hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the TLS inspection configuration again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.

    • tls_inspection_configuration(Option<TlsInspectionConfiguration>):

      The object that defines a TLS inspection configuration. This, along with TLSInspectionConfigurationResponse, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling DescribeTLSInspectionConfiguration.

      Network Firewall uses a TLS inspection configuration to decrypt traffic. Network Firewall re-encrypts the traffic before sending it to its destination.

      To use a TLS inspection configuration, you add it to a new Network Firewall firewall policy, then you apply the firewall policy to a firewall. Network Firewall acts as a proxy service to decrypt and inspect the traffic traveling through your firewalls. You can reference a TLS inspection configuration from more than one firewall policy, and you can use a firewall policy in more than one firewall. For more information about using TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.

    • tls_inspection_configuration_response(Option<TlsInspectionConfigurationResponse>):

      The high-level properties of a TLS inspection configuration. This, along with the TLSInspectionConfiguration, define the TLS inspection configuration. You can retrieve all objects for a TLS inspection configuration by calling DescribeTLSInspectionConfiguration.

  • On failure, responds with SdkError<DescribeTLSInspectionConfigurationError>
source§

impl Client

source

pub fn disassociate_subnets(&self) -> DisassociateSubnetsFluentBuilder

Constructs a fluent builder for the DisassociateSubnets operation.

  • The fluent builder is configurable:
    • update_token(impl Into<String>) / set_update_token(Option<String>):
      required: false

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.


    • firewall_arn(impl Into<String>) / set_firewall_arn(Option<String>):
      required: false

      The Amazon Resource Name (ARN) of the firewall.

      You must specify the ARN or the name, and you can specify both.


    • firewall_name(impl Into<String>) / set_firewall_name(Option<String>):
      required: false

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

      You must specify the ARN or the name, and you can specify both.


    • subnet_ids(impl Into<String>) / set_subnet_ids(Option<Vec::<String>>):
      required: true

      The unique identifiers for the subnets that you want to disassociate.


  • On success, responds with DisassociateSubnetsOutput with field(s):
    • firewall_arn(Option<String>):

      The Amazon Resource Name (ARN) of the firewall.

    • firewall_name(Option<String>):

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

    • subnet_mappings(Option<Vec::<SubnetMapping>>):

      The IDs of the subnets that are associated with the firewall.

    • update_token(Option<String>):

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

  • On failure, responds with SdkError<DisassociateSubnetsError>
source§

impl Client

source

pub fn list_firewall_policies(&self) -> ListFirewallPoliciesFluentBuilder

Constructs a fluent builder for the ListFirewallPolicies operation. This operation supports pagination; See into_paginator().

  • The fluent builder is configurable:
    • next_token(impl Into<String>) / set_next_token(Option<String>):
      required: false

      When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.


    • max_results(i32) / set_max_results(Option<i32>):
      required: false

      The maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a NextToken value that you can use in a subsequent call to get the next batch of objects.


  • On success, responds with ListFirewallPoliciesOutput with field(s):
    • next_token(Option<String>):

      When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    • firewall_policies(Option<Vec::<FirewallPolicyMetadata>>):

      The metadata for the firewall policies. Depending on your setting for max results and the number of firewall policies that you have, this might not be the full list.

  • On failure, responds with SdkError<ListFirewallPoliciesError>
source§

impl Client

source

pub fn list_firewalls(&self) -> ListFirewallsFluentBuilder

Constructs a fluent builder for the ListFirewalls operation. This operation supports pagination; See into_paginator().

  • The fluent builder is configurable:
    • next_token(impl Into<String>) / set_next_token(Option<String>):
      required: false

      When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.


    • vpc_ids(impl Into<String>) / set_vpc_ids(Option<Vec::<String>>):
      required: false

      The unique identifiers of the VPCs that you want Network Firewall to retrieve the firewalls for. Leave this blank to retrieve all firewalls that you have defined.


    • max_results(i32) / set_max_results(Option<i32>):
      required: false

      The maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a NextToken value that you can use in a subsequent call to get the next batch of objects.


  • On success, responds with ListFirewallsOutput with field(s):
    • next_token(Option<String>):

      When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    • firewalls(Option<Vec::<FirewallMetadata>>):

      The firewall metadata objects for the VPCs that you specified. Depending on your setting for max results and the number of firewalls you have, a single call might not be the full list.

  • On failure, responds with SdkError<ListFirewallsError>
source§

impl Client

source

pub fn list_rule_groups(&self) -> ListRuleGroupsFluentBuilder

Constructs a fluent builder for the ListRuleGroups operation. This operation supports pagination; See into_paginator().

  • The fluent builder is configurable:
  • On success, responds with ListRuleGroupsOutput with field(s):
    • next_token(Option<String>):

      When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    • rule_groups(Option<Vec::<RuleGroupMetadata>>):

      The rule group metadata objects that you’ve defined. Depending on your setting for max results and the number of rule groups, this might not be the full list.

  • On failure, responds with SdkError<ListRuleGroupsError>
source§

impl Client

source

pub fn list_tags_for_resource(&self) -> ListTagsForResourceFluentBuilder

Constructs a fluent builder for the ListTagsForResource operation. This operation supports pagination; See into_paginator().

  • The fluent builder is configurable:
    • next_token(impl Into<String>) / set_next_token(Option<String>):
      required: false

      When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.


    • max_results(i32) / set_max_results(Option<i32>):
      required: false

      The maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a NextToken value that you can use in a subsequent call to get the next batch of objects.


    • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
      required: true

      The Amazon Resource Name (ARN) of the resource.


  • On success, responds with ListTagsForResourceOutput with field(s):
    • next_token(Option<String>):

      When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    • tags(Option<Vec::<Tag>>):

      The tags that are associated with the resource.

  • On failure, responds with SdkError<ListTagsForResourceError>
source§

impl Client

source

pub fn list_tls_inspection_configurations( &self ) -> ListTLSInspectionConfigurationsFluentBuilder

Constructs a fluent builder for the ListTLSInspectionConfigurations operation. This operation supports pagination; See into_paginator().

  • The fluent builder is configurable:
    • next_token(impl Into<String>) / set_next_token(Option<String>):
      required: false

      When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.


    • max_results(i32) / set_max_results(Option<i32>):
      required: false

      The maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a NextToken value that you can use in a subsequent call to get the next batch of objects.


  • On success, responds with ListTlsInspectionConfigurationsOutput with field(s):
    • next_token(Option<String>):

      When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

    • tls_inspection_configurations(Option<Vec::<TlsInspectionConfigurationMetadata>>):

      The TLS inspection configuration metadata objects that you’ve defined. Depending on your setting for max results and the number of TLS inspection configurations, this might not be the full list.

  • On failure, responds with SdkError<ListTLSInspectionConfigurationsError>
source§

impl Client

source

pub fn put_resource_policy(&self) -> PutResourcePolicyFluentBuilder

Constructs a fluent builder for the PutResourcePolicy operation.

  • The fluent builder is configurable:
    • resource_arn(impl Into<String>) / set_resource_arn(Option<String>):
      required: true

      The Amazon Resource Name (ARN) of the account that you want to share rule groups and firewall policies with.


    • policy(impl Into<String>) / set_policy(Option<String>):
      required: true

      The IAM policy statement that lists the accounts that you want to share your rule group or firewall policy with and the operations that you want the accounts to be able to perform.

      For a rule group resource, you can specify the following operations in the Actions section of the statement:

      • network-firewall:CreateFirewallPolicy

      • network-firewall:UpdateFirewallPolicy

      • network-firewall:ListRuleGroups

      For a firewall policy resource, you can specify the following operations in the Actions section of the statement:

      • network-firewall:AssociateFirewallPolicy

      • network-firewall:ListFirewallPolicies

      In the Resource section of the statement, you specify the ARNs for the rule groups and firewall policies that you want to share with the account that you specified in Arn.


  • On success, responds with PutResourcePolicyOutput
  • On failure, responds with SdkError<PutResourcePolicyError>
source§

impl Client

source

pub fn tag_resource(&self) -> TagResourceFluentBuilder

Constructs a fluent builder for the TagResource operation.

source§

impl Client

source

pub fn untag_resource(&self) -> UntagResourceFluentBuilder

Constructs a fluent builder for the UntagResource operation.

source§

impl Client

source

pub fn update_firewall_delete_protection( &self ) -> UpdateFirewallDeleteProtectionFluentBuilder

Constructs a fluent builder for the UpdateFirewallDeleteProtection operation.

  • The fluent builder is configurable:
    • update_token(impl Into<String>) / set_update_token(Option<String>):
      required: false

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.


    • firewall_arn(impl Into<String>) / set_firewall_arn(Option<String>):
      required: false

      The Amazon Resource Name (ARN) of the firewall.

      You must specify the ARN or the name, and you can specify both.


    • firewall_name(impl Into<String>) / set_firewall_name(Option<String>):
      required: false

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

      You must specify the ARN or the name, and you can specify both.


    • delete_protection(bool) / set_delete_protection(Option<bool>):
      required: true

      A flag indicating whether it is possible to delete the firewall. A setting of TRUE indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to TRUE.


  • On success, responds with UpdateFirewallDeleteProtectionOutput with field(s):
    • firewall_arn(Option<String>):

      The Amazon Resource Name (ARN) of the firewall.

    • firewall_name(Option<String>):

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

    • delete_protection(bool):

      A flag indicating whether it is possible to delete the firewall. A setting of TRUE indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to TRUE.

    • update_token(Option<String>):

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

  • On failure, responds with SdkError<UpdateFirewallDeleteProtectionError>
source§

impl Client

source

pub fn update_firewall_description( &self ) -> UpdateFirewallDescriptionFluentBuilder

Constructs a fluent builder for the UpdateFirewallDescription operation.

  • The fluent builder is configurable:
    • update_token(impl Into<String>) / set_update_token(Option<String>):
      required: false

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.


    • firewall_arn(impl Into<String>) / set_firewall_arn(Option<String>):
      required: false

      The Amazon Resource Name (ARN) of the firewall.

      You must specify the ARN or the name, and you can specify both.


    • firewall_name(impl Into<String>) / set_firewall_name(Option<String>):
      required: false

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

      You must specify the ARN or the name, and you can specify both.


    • description(impl Into<String>) / set_description(Option<String>):
      required: false

      The new description for the firewall. If you omit this setting, Network Firewall removes the description for the firewall.


  • On success, responds with UpdateFirewallDescriptionOutput with field(s):
    • firewall_arn(Option<String>):

      The Amazon Resource Name (ARN) of the firewall.

    • firewall_name(Option<String>):

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

    • description(Option<String>):

      A description of the firewall.

    • update_token(Option<String>):

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

  • On failure, responds with SdkError<UpdateFirewallDescriptionError>
source§

impl Client

source

pub fn update_firewall_encryption_configuration( &self ) -> UpdateFirewallEncryptionConfigurationFluentBuilder

Constructs a fluent builder for the UpdateFirewallEncryptionConfiguration operation.

  • The fluent builder is configurable:
    • update_token(impl Into<String>) / set_update_token(Option<String>):
      required: false

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.


    • firewall_arn(impl Into<String>) / set_firewall_arn(Option<String>):
      required: false

      The Amazon Resource Name (ARN) of the firewall.


    • firewall_name(impl Into<String>) / set_firewall_name(Option<String>):
      required: false

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.


    • encryption_configuration(EncryptionConfiguration) / set_encryption_configuration(Option<EncryptionConfiguration>):
      required: false

      A complex type that contains optional Amazon Web Services Key Management Service (KMS) encryption settings for your Network Firewall resources. Your data is encrypted by default with an Amazon Web Services owned key that Amazon Web Services owns and manages for you. You can use either the Amazon Web Services owned key, or provide your own customer managed key. To learn more about KMS encryption of your Network Firewall resources, see Encryption at rest with Amazon Web Services Key Managment Service in the Network Firewall Developer Guide.


  • On success, responds with UpdateFirewallEncryptionConfigurationOutput with field(s):
    • firewall_arn(Option<String>):

      The Amazon Resource Name (ARN) of the firewall.

    • firewall_name(Option<String>):

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

    • update_token(Option<String>):

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

    • encryption_configuration(Option<EncryptionConfiguration>):

      A complex type that contains optional Amazon Web Services Key Management Service (KMS) encryption settings for your Network Firewall resources. Your data is encrypted by default with an Amazon Web Services owned key that Amazon Web Services owns and manages for you. You can use either the Amazon Web Services owned key, or provide your own customer managed key. To learn more about KMS encryption of your Network Firewall resources, see Encryption at rest with Amazon Web Services Key Managment Service in the Network Firewall Developer Guide.

  • On failure, responds with SdkError<UpdateFirewallEncryptionConfigurationError>
source§

impl Client

source

pub fn update_firewall_policy(&self) -> UpdateFirewallPolicyFluentBuilder

Constructs a fluent builder for the UpdateFirewallPolicy operation.

  • The fluent builder is configurable:
    • update_token(impl Into<String>) / set_update_token(Option<String>):
      required: true

      A token used for optimistic locking. Network Firewall returns a token to your requests that access the firewall policy. The token marks the state of the policy resource at the time of the request.

      To make changes to the policy, you provide the token in your request. Network Firewall uses the token to ensure that the policy hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall policy again to get a current copy of it with current token. Reapply your changes as needed, then try the operation again using the new token.


    • firewall_policy_arn(impl Into<String>) / set_firewall_policy_arn(Option<String>):
      required: false

      The Amazon Resource Name (ARN) of the firewall policy.

      You must specify the ARN or the name, and you can specify both.


    • firewall_policy_name(impl Into<String>) / set_firewall_policy_name(Option<String>):
      required: false

      The descriptive name of the firewall policy. You can’t change the name of a firewall policy after you create it.

      You must specify the ARN or the name, and you can specify both.


    • firewall_policy(FirewallPolicy) / set_firewall_policy(Option<FirewallPolicy>):
      required: true

      The updated firewall policy to use for the firewall. You can’t add or remove a TLSInspectionConfiguration after you create a firewall policy. However, you can replace an existing TLS inspection configuration with another TLSInspectionConfiguration.


    • description(impl Into<String>) / set_description(Option<String>):
      required: false

      A description of the firewall policy.


    • dry_run(bool) / set_dry_run(Option<bool>):
      required: false

      Indicates whether you want Network Firewall to just check the validity of the request, rather than run the request.

      If set to TRUE, Network Firewall checks whether the request can run successfully, but doesn’t actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set to FALSE, but doesn’t make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.

      If set to FALSE, Network Firewall makes the requested changes to your resources.


    • encryption_configuration(EncryptionConfiguration) / set_encryption_configuration(Option<EncryptionConfiguration>):
      required: false

      A complex type that contains settings for encryption of your firewall policy resources.


  • On success, responds with UpdateFirewallPolicyOutput with field(s):
    • update_token(String):

      A token used for optimistic locking. Network Firewall returns a token to your requests that access the firewall policy. The token marks the state of the policy resource at the time of the request.

      To make changes to the policy, you provide the token in your request. Network Firewall uses the token to ensure that the policy hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall policy again to get a current copy of it with current token. Reapply your changes as needed, then try the operation again using the new token.

    • firewall_policy_response(Option<FirewallPolicyResponse>):

      The high-level properties of a firewall policy. This, along with the FirewallPolicy, define the policy. You can retrieve all objects for a firewall policy by calling DescribeFirewallPolicy.

  • On failure, responds with SdkError<UpdateFirewallPolicyError>
source§

impl Client

source

pub fn update_firewall_policy_change_protection( &self ) -> UpdateFirewallPolicyChangeProtectionFluentBuilder

Constructs a fluent builder for the UpdateFirewallPolicyChangeProtection operation.

  • The fluent builder is configurable:
    • update_token(impl Into<String>) / set_update_token(Option<String>):
      required: false

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.


    • firewall_arn(impl Into<String>) / set_firewall_arn(Option<String>):
      required: false

      The Amazon Resource Name (ARN) of the firewall.

      You must specify the ARN or the name, and you can specify both.


    • firewall_name(impl Into<String>) / set_firewall_name(Option<String>):
      required: false

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

      You must specify the ARN or the name, and you can specify both.


    • firewall_policy_change_protection(bool) / set_firewall_policy_change_protection(Option<bool>):
      required: true

      A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.


  • On success, responds with UpdateFirewallPolicyChangeProtectionOutput with field(s):
    • update_token(Option<String>):

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

    • firewall_arn(Option<String>):

      The Amazon Resource Name (ARN) of the firewall.

    • firewall_name(Option<String>):

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

    • firewall_policy_change_protection(bool):

      A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.

  • On failure, responds with SdkError<UpdateFirewallPolicyChangeProtectionError>
source§

impl Client

source

pub fn update_logging_configuration( &self ) -> UpdateLoggingConfigurationFluentBuilder

Constructs a fluent builder for the UpdateLoggingConfiguration operation.

source§

impl Client

source

pub fn update_rule_group(&self) -> UpdateRuleGroupFluentBuilder

Constructs a fluent builder for the UpdateRuleGroup operation.

  • The fluent builder is configurable:
    • update_token(impl Into<String>) / set_update_token(Option<String>):
      required: true

      A token used for optimistic locking. Network Firewall returns a token to your requests that access the rule group. The token marks the state of the rule group resource at the time of the request.

      To make changes to the rule group, you provide the token in your request. Network Firewall uses the token to ensure that the rule group hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the rule group again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.


    • rule_group_arn(impl Into<String>) / set_rule_group_arn(Option<String>):
      required: false

      The Amazon Resource Name (ARN) of the rule group.

      You must specify the ARN or the name, and you can specify both.


    • rule_group_name(impl Into<String>) / set_rule_group_name(Option<String>):
      required: false

      The descriptive name of the rule group. You can’t change the name of a rule group after you create it.

      You must specify the ARN or the name, and you can specify both.


    • rule_group(RuleGroup) / set_rule_group(Option<RuleGroup>):
      required: false

      An object that defines the rule group rules.

      You must provide either this rule group setting or a Rules setting, but not both.


    • rules(impl Into<String>) / set_rules(Option<String>):
      required: false

      A string containing stateful rule group rules specifications in Suricata flat format, with one rule per line. Use this to import your existing Suricata compatible rule groups.

      You must provide either this rules setting or a populated RuleGroup setting, but not both.

      You can provide your rule group specification in Suricata flat format through this setting when you create or update your rule group. The call response returns a RuleGroup object that Network Firewall has populated from your string.


    • r#type(RuleGroupType) / set_type(Option<RuleGroupType>):
      required: false

      Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.

      This setting is required for requests that do not include the RuleGroupARN.


    • description(impl Into<String>) / set_description(Option<String>):
      required: false

      A description of the rule group.


    • dry_run(bool) / set_dry_run(Option<bool>):
      required: false

      Indicates whether you want Network Firewall to just check the validity of the request, rather than run the request.

      If set to TRUE, Network Firewall checks whether the request can run successfully, but doesn’t actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set to FALSE, but doesn’t make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.

      If set to FALSE, Network Firewall makes the requested changes to your resources.


    • encryption_configuration(EncryptionConfiguration) / set_encryption_configuration(Option<EncryptionConfiguration>):
      required: false

      A complex type that contains settings for encryption of your rule group resources.


    • source_metadata(SourceMetadata) / set_source_metadata(Option<SourceMetadata>):
      required: false

      A complex type that contains metadata about the rule group that your own rule group is copied from. You can use the metadata to keep track of updates made to the originating rule group.


    • analyze_rule_group(bool) / set_analyze_rule_group(Option<bool>):
      required: false

      Indicates whether you want Network Firewall to analyze the stateless rules in the rule group for rule behavior such as asymmetric routing. If set to TRUE, Network Firewall runs the analysis and then updates the rule group for you. To run the stateless rule group analyzer without updating the rule group, set DryRun to TRUE.


  • On success, responds with UpdateRuleGroupOutput with field(s):
    • update_token(String):

      A token used for optimistic locking. Network Firewall returns a token to your requests that access the rule group. The token marks the state of the rule group resource at the time of the request.

      To make changes to the rule group, you provide the token in your request. Network Firewall uses the token to ensure that the rule group hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the rule group again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.

    • rule_group_response(Option<RuleGroupResponse>):

      The high-level properties of a rule group. This, along with the RuleGroup, define the rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.

  • On failure, responds with SdkError<UpdateRuleGroupError>
source§

impl Client

source

pub fn update_subnet_change_protection( &self ) -> UpdateSubnetChangeProtectionFluentBuilder

Constructs a fluent builder for the UpdateSubnetChangeProtection operation.

  • The fluent builder is configurable:
    • update_token(impl Into<String>) / set_update_token(Option<String>):
      required: false

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.


    • firewall_arn(impl Into<String>) / set_firewall_arn(Option<String>):
      required: false

      The Amazon Resource Name (ARN) of the firewall.

      You must specify the ARN or the name, and you can specify both.


    • firewall_name(impl Into<String>) / set_firewall_name(Option<String>):
      required: false

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

      You must specify the ARN or the name, and you can specify both.


    • subnet_change_protection(bool) / set_subnet_change_protection(Option<bool>):
      required: true

      A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.


  • On success, responds with UpdateSubnetChangeProtectionOutput with field(s):
    • update_token(Option<String>):

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn’t changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException. If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

    • firewall_arn(Option<String>):

      The Amazon Resource Name (ARN) of the firewall.

    • firewall_name(Option<String>):

      The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

    • subnet_change_protection(bool):

      A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.

  • On failure, responds with SdkError<UpdateSubnetChangeProtectionError>
source§

impl Client

source

pub fn update_tls_inspection_configuration( &self ) -> UpdateTLSInspectionConfigurationFluentBuilder

Constructs a fluent builder for the UpdateTLSInspectionConfiguration operation.

source§

impl Client

source

pub fn from_conf(conf: Config) -> Self

Creates a new client from the service Config.

§Panics

This method will panic in the following cases:

  • Retries or timeouts are enabled without a sleep_impl configured.
  • Identity caching is enabled without a sleep_impl and time_source configured.
  • No behavior_version is provided.

The panic message for each of these will have instructions on how to resolve them.

source

pub fn config(&self) -> &Config

Returns the client’s configuration.

source§

impl Client

source

pub fn new(sdk_config: &SdkConfig) -> Self

Creates a new client from an SDK Config.

§Panics
  • This method will panic if the sdk_config is missing an async sleep implementation. If you experience this panic, set the sleep_impl on the Config passed into this function to fix it.
  • This method will panic if the sdk_config is missing an HTTP connector. If you experience this panic, set the http_connector on the Config passed into this function to fix it.
  • This method will panic if no BehaviorVersion is provided. If you experience this panic, set behavior_version on the Config or enable the behavior-version-latest Cargo feature.

Trait Implementations§

source§

impl Clone for Client

source§

fn clone(&self) -> Client

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for Client

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

§

impl Freeze for Client

§

impl !RefUnwindSafe for Client

§

impl Send for Client

§

impl Sync for Client

§

impl Unpin for Client

§

impl !UnwindSafe for Client

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T> Instrument for T

source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> IntoEither for T

source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
source§

impl<Unshared, Shared> IntoShared<Shared> for Unshared
where Shared: FromUnshared<Unshared>,

source§

fn into_shared(self) -> Shared

Creates a shared type from an unshared type.
source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<T> WithSubscriber for T

source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more