1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
// Code generated by smithy-go-codegen DO NOT EDIT.
// Package networkfirewall provides the API client, operations, and parameter types
// for AWS Network Firewall.
//
// This is the API Reference for Network Firewall. This guide is for developers who
// need detailed information about the Network Firewall API actions, data types,
// and errors.
//
// * The REST API requires you to handle connection details, such as
// calculating signatures, handling request retries, and error handling. For
// general information about using the Amazon Web Services REST APIs, see Amazon
// Web Services APIs (https://docs.aws.amazon.com/general/latest/gr/aws-apis.html).
// To access Network Firewall using the REST API endpoint:
// https://network-firewall..amazonaws.com
//
// * Alternatively, you can use one of the
// Amazon Web Services SDKs to access an API that's tailored to the programming
// language or platform that you're using. For more information, see Amazon Web
// Services SDKs (http://aws.amazon.com/tools/#SDKs).
//
// * For descriptions of
// Network Firewall features, including and step-by-step instructions on how to use
// them through the Network Firewall console, see the Network Firewall Developer
// Guide
// (https://docs.aws.amazon.com/network-firewall/latest/developerguide/).
//
// Network
// Firewall is a stateful, managed, network firewall and intrusion detection and
// prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network
// Firewall, you can filter traffic at the perimeter of your VPC. This includes
// filtering traffic going to and coming from an internet gateway, NAT gateway, or
// over VPN or Direct Connect. Network Firewall uses rules that are compatible with
// Suricata, a free, open source network analysis and threat detection engine.
// Network Firewall supports Suricata version 5.0.2. For information about
// Suricata, see the Suricata website (https://suricata.io/). You can use Network
// Firewall to monitor and protect your VPC traffic in a number of ways. The
// following are just a few examples:
//
// * Allow domains or IP addresses for known
// Amazon Web Services service endpoints, such as Amazon S3, and block all other
// forms of traffic.
//
// * Use custom lists of known bad domains to limit the types of
// domain names that your applications can access.
//
// * Perform deep packet
// inspection on traffic entering or leaving your VPC.
//
// * Use stateful protocol
// detection to filter protocols like HTTPS, regardless of the port used.
//
// To
// enable Network Firewall for your VPCs, you perform steps in both Amazon VPC and
// in Network Firewall. For information about using Amazon VPC, see Amazon VPC User
// Guide (https://docs.aws.amazon.com/vpc/latest/userguide/). To start using
// Network Firewall, do the following:
//
// * (Optional) If you don't already have a
// VPC that you want to protect, create it in Amazon VPC.
//
// * In Amazon VPC, in each
// Availability Zone where you want to have a firewall endpoint, create a subnet
// for the sole use of Network Firewall.
//
// * In Network Firewall, create stateless
// and stateful rule groups, to define the components of the network traffic
// filtering behavior that you want your firewall to have.
//
// * In Network Firewall,
// create a firewall policy that uses your rule groups and specifies additional
// default traffic filtering behavior.
//
// * In Network Firewall, create a firewall
// and specify your new firewall policy and VPC subnets. Network Firewall creates a
// firewall endpoint in each subnet that you specify, with the behavior that's
// defined in the firewall policy.
//
// * In Amazon VPC, use ingress routing
// enhancements to route traffic through the new firewall endpoints.
package networkfirewall
|
