winterbaume-networkfirewall 0.2.0

AWS Network Firewall service implementation for winterbaume
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220

/// A subnet mapping for a firewall.
#[derive(Debug, Clone)]
pub struct SubnetMapping {
    pub subnet_id: String,
}

/// Sync state for a firewall attachment.
#[derive(Debug, Clone)]
pub struct SyncState {
    pub subnet_id: String,
    pub status: String,
}

/// Firewall status.
#[derive(Debug, Clone)]
pub struct FirewallStatus {
    pub status: String,
    pub configuration_sync_state_summary: String,
}

impl Default for FirewallStatus {
    fn default() -> Self {
        Self {
            status: "READY".to_string(),
            configuration_sync_state_summary: "IN_SYNC".to_string(),
        }
    }
}

/// A Network Firewall firewall resource.
#[derive(Debug, Clone)]
pub struct Firewall {
    pub firewall_name: String,
    pub firewall_arn: String,
    pub firewall_id: String,
    pub firewall_policy_arn: String,
    pub vpc_id: String,
    pub subnet_mappings: Vec<SubnetMapping>,
    pub delete_protection: bool,
    pub subnet_change_protection: bool,
    pub firewall_policy_change_protection: bool,
    pub availability_zone_change_protection: bool,
    pub description: Option<String>,
    pub tags: Vec<(String, String)>,
    pub encryption_configuration: Option<serde_json::Value>,
}

/// Metadata for listing firewalls.
#[derive(Debug, Clone)]
pub struct FirewallMetadata {
    pub firewall_name: String,
    pub firewall_arn: String,
}

/// A Network Firewall rule group resource.
#[derive(Debug, Clone)]
pub struct RuleGroup {
    pub rule_group_name: String,
    pub rule_group_arn: String,
    pub rule_group_id: String,
    pub rule_group_type: String,
    pub capacity: i32,
    pub description: Option<String>,
    pub tags: Vec<(String, String)>,
    /// Raw rule group body stored as JSON value.
    pub rule_group_body: Option<serde_json::Value>,
    /// Raw rules string (Suricata format).
    pub rules: Option<String>,
    pub encryption_configuration: Option<serde_json::Value>,
}

/// Metadata for listing rule groups.
#[derive(Debug, Clone)]
pub struct RuleGroupMetadata {
    pub name: String,
    pub arn: String,
}

/// A Network Firewall firewall policy resource.
#[derive(Debug, Clone)]
pub struct FirewallPolicy {
    pub firewall_policy_name: String,
    pub firewall_policy_arn: String,
    pub firewall_policy_id: String,
    pub description: Option<String>,
    pub tags: Vec<(String, String)>,
    /// Raw firewall policy body stored as JSON value.
    pub firewall_policy_body: serde_json::Value,
    pub encryption_configuration: Option<serde_json::Value>,
}

/// Metadata for listing firewall policies.
#[derive(Debug, Clone)]
pub struct FirewallPolicyMetadata {
    pub name: String,
    pub arn: String,
}

/// A resource policy (used for sharing rule groups / policies cross-account).
#[derive(Debug, Clone)]
pub struct ResourcePolicy {
    pub resource_arn: String,
    pub policy: String,
}

/// A TLS inspection configuration resource.
#[derive(Debug, Clone)]
pub struct TlsInspectionConfiguration {
    pub name: String,
    pub arn: String,
    pub id: String,
    pub description: Option<String>,
    pub tags: Vec<(String, String)>,
    /// Raw body stored as JSON value.
    pub body: serde_json::Value,
}

/// Metadata for listing TLS inspection configurations.
#[derive(Debug, Clone)]
pub struct TlsInspectionConfigurationMetadata {
    pub name: String,
    pub arn: String,
}

/// A VPC endpoint association resource.
#[derive(Debug, Clone)]
pub struct VpcEndpointAssociation {
    pub vpc_endpoint_association_arn: String,
    pub vpc_endpoint_association_id: String,
    pub firewall_arn: String,
    pub vpc_id: String,
    pub subnet_id: String,
    pub description: Option<String>,
    pub tags: Vec<(String, String)>,
}

/// An availability zone mapping for a firewall.
#[derive(Debug, Clone)]
pub struct AvailabilityZoneMapping {
    pub availability_zone: String,
}

/// A transit gateway attachment tracked by the firewall.
#[derive(Debug, Clone)]
pub struct TransitGatewayAttachment {
    pub transit_gateway_attachment_id: String,
    pub status: String,
}

/// A proxy resource.
#[derive(Debug, Clone)]
pub struct NfwProxy {
    pub proxy_name: String,
    pub proxy_arn: String,
    pub nat_gateway_id: String,
    pub proxy_configuration_arn: Option<String>,
    pub proxy_configuration_name: Option<String>,
    pub proxy_state: String,
    pub tags: Vec<(String, String)>,
    /// Raw body stored as JSON value.
    pub body: serde_json::Value,
}

/// A proxy configuration resource.
#[derive(Debug, Clone)]
pub struct NfwProxyConfiguration {
    pub proxy_configuration_name: String,
    pub proxy_configuration_arn: String,
    pub description: Option<String>,
    pub tags: Vec<(String, String)>,
    /// Raw body stored as JSON value.
    pub body: serde_json::Value,
}

/// A proxy rule group resource.
#[derive(Debug, Clone)]
pub struct NfwProxyRuleGroup {
    pub proxy_rule_group_name: String,
    pub proxy_rule_group_arn: String,
    pub description: Option<String>,
    pub tags: Vec<(String, String)>,
    /// Raw body stored as JSON value.
    pub body: serde_json::Value,
}

/// A flow operation resource.
#[derive(Debug, Clone)]
pub struct FlowOperation {
    pub flow_operation_id: String,
    pub firewall_arn: String,
    pub flow_operation_type: String,
    pub flow_operation_status: String,
    /// Raw body stored as JSON value.
    pub body: serde_json::Value,
}

/// An analysis report resource.
#[derive(Debug, Clone)]
pub struct AnalysisReport {
    pub analysis_report_id: String,
    pub firewall_arn: String,
    pub analysis_type: String,
    pub status: String,
}

/// Encryption configuration stored on a firewall.
#[derive(Debug, Clone)]
pub struct EncryptionConfig {
    pub key_id: Option<String>,
    pub config_type: String,
}

impl Default for EncryptionConfig {
    fn default() -> Self {
        Self {
            key_id: None,
            config_type: "AWS_OWNED_KMS_KEY".to_string(),
        }
    }
}