1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
// Code generated by smithy-go-codegen DO NOT EDIT.
// Package networkfirewall provides the API client, operations, and parameter
// types for AWS Network Firewall.
//
// This is the API Reference for Network Firewall. This guide is for developers
// who need detailed information about the Network Firewall API actions, data
// types, and errors.
// - The REST API requires you to handle connection details, such as calculating
// signatures, handling request retries, and error handling. For general
// information about using the Amazon Web Services REST APIs, see Amazon Web
// Services APIs (https://docs.aws.amazon.com/general/latest/gr/aws-apis.html) .
// To access Network Firewall using the REST API endpoint:
// https://network-firewall..amazonaws.com
// - Alternatively, you can use one of the Amazon Web Services SDKs to access an
// API that's tailored to the programming language or platform that you're using.
// For more information, see Amazon Web Services SDKs (http://aws.amazon.com/tools/#SDKs)
// .
// - For descriptions of Network Firewall features, including and step-by-step
// instructions on how to use them through the Network Firewall console, see the
// Network Firewall Developer Guide (https://docs.aws.amazon.com/network-firewall/latest/developerguide/)
// .
//
// Network Firewall is a stateful, managed, network firewall and intrusion
// detection and prevention service for Amazon Virtual Private Cloud (Amazon VPC).
// With Network Firewall, you can filter traffic at the perimeter of your VPC. This
// includes filtering traffic going to and coming from an internet gateway, NAT
// gateway, or over VPN or Direct Connect. Network Firewall uses rules that are
// compatible with Suricata, a free, open source network analysis and threat
// detection engine. Network Firewall supports Suricata version 6.0.9. For
// information about Suricata, see the Suricata website (https://suricata.io/) .
// You can use Network Firewall to monitor and protect your VPC traffic in a number
// of ways. The following are just a few examples:
// - Allow domains or IP addresses for known Amazon Web Services service
// endpoints, such as Amazon S3, and block all other forms of traffic.
// - Use custom lists of known bad domains to limit the types of domain names
// that your applications can access.
// - Perform deep packet inspection on traffic entering or leaving your VPC.
// - Use stateful protocol detection to filter protocols like HTTPS, regardless
// of the port used.
//
// To enable Network Firewall for your VPCs, you perform steps in both Amazon VPC
// and in Network Firewall. For information about using Amazon VPC, see Amazon VPC
// User Guide (https://docs.aws.amazon.com/vpc/latest/userguide/) . To start using
// Network Firewall, do the following:
// - (Optional) If you don't already have a VPC that you want to protect, create
// it in Amazon VPC.
// - In Amazon VPC, in each Availability Zone where you want to have a firewall
// endpoint, create a subnet for the sole use of Network Firewall.
// - In Network Firewall, create stateless and stateful rule groups, to define
// the components of the network traffic filtering behavior that you want your
// firewall to have.
// - In Network Firewall, create a firewall policy that uses your rule groups
// and specifies additional default traffic filtering behavior.
// - In Network Firewall, create a firewall and specify your new firewall policy
// and VPC subnets. Network Firewall creates a firewall endpoint in each subnet
// that you specify, with the behavior that's defined in the firewall policy.
// - In Amazon VPC, use ingress routing enhancements to route traffic through
// the new firewall endpoints.
package networkfirewall
|
