Network Firewall now prevents TLS handshakes with the target server until after the Server Name Indication (SNI) has been seen and verified. The monitoring dashboard now provides deeper insights into PrivateLink endpoint candidates and offers filters based on IP addresses and protocol.

Add support for Amazon EC2 Capacity Blocks for ML
Add mac-m4.metal and mac-m4pro.metal instance types.

Author: aws-sdk-cpp-automation

VERSION

@@ -1 +1 @@
-1.11.649
+1.11.650

generated/src/aws-cpp-sdk-ec2/include/aws/ec2/model/InstanceType.h

@@ -1031,7 +1031,9 @@ namespace Model
     i8ge_24xlarge,
     i8ge_48xlarge,
     i8ge_metal_24xl,
-    i8ge_metal_48xl
+    i8ge_metal_48xl,
+    mac_m4_metal,
+    mac_m4pro_metal
   };
 
 namespace InstanceTypeMapper

generated/src/aws-cpp-sdk-ec2/source/model/InstanceType.cpp

@@ -1036,6 +1036,8 @@ namespace Aws
         static const int i8ge_48xlarge_HASH = HashingUtils::HashString("i8ge.48xlarge");
         static const int i8ge_metal_24xl_HASH = HashingUtils::HashString("i8ge.metal-24xl");
         static const int i8ge_metal_48xl_HASH = HashingUtils::HashString("i8ge.metal-48xl");
+        static const int mac_m4_metal_HASH = HashingUtils::HashString("mac-m4.metal");
+        static const int mac_m4pro_metal_HASH = HashingUtils::HashString("mac-m4pro.metal");
 
         /*
         The if-else chains in this file are converted into a jump table by the compiler,
@@ -6156,6 +6158,16 @@ namespace Aws
             enumValue = InstanceType::i8ge_metal_48xl;
             return true;
           }
+          else if (hashCode == mac_m4_metal_HASH)
+          {
+            enumValue = InstanceType::mac_m4_metal;
+            return true;
+          }
+          else if (hashCode == mac_m4pro_metal_HASH)
+          {
+            enumValue = InstanceType::mac_m4pro_metal;
+            return true;
+          }
           return false;
         }
 
@@ -9275,6 +9287,12 @@ namespace Aws
           case InstanceType::i8ge_metal_48xl:
             value = "i8ge.metal-48xl";
             return true;
+          case InstanceType::mac_m4_metal:
+            value = "mac-m4.metal";
+            return true;
+          case InstanceType::mac_m4pro_metal:
+            value = "mac-m4pro.metal";
+            return true;
           default:
             return false;
           }

generated/src/aws-cpp-sdk-network-firewall/include/aws/network-firewall/NetworkFirewallClient.h

@@ -498,7 +498,7 @@ namespace NetworkFirewall
         /**
          * <p>Deletes a transit gateway attachment from a Network Firewall. Either the
          * firewall owner or the transit gateway owner can delete the attachment.</p>
-         *  <p>After you delete a transit gateway attachment, raffic will no
+         *  <p>After you delete a transit gateway attachment, traffic will no
          * longer flow through the firewall endpoints.</p>  <p>After you
          * initiate the delete operation, use <a>DescribeFirewall</a> to monitor the
          * deletion status.</p><p><h3>See Also:</h3>   <a
@@ -1325,8 +1325,8 @@ namespace NetworkFirewall
          * <p>Rejects a transit gateway attachment request for Network Firewall. When you
          * reject the attachment request, Network Firewall cancels the creation of routing
          * components between the transit gateway and firewall endpoints.</p> <p>Only the
-         * firewall owner can reject the attachment. After rejection, no traffic will flow
-         * through the firewall endpoints for this attachment.</p> <p>Use
+         * transit gateway owner can reject the attachment. After rejection, no traffic
+         * will flow through the firewall endpoints for this attachment.</p> <p>Use
          * <a>DescribeFirewall</a> to monitor the rejection status. To accept the
          * attachment instead of rejecting it, use
          * <a>AcceptNetworkFirewallTransitGatewayAttachment</a>.</p>  <p>Once

generated/src/aws-cpp-sdk-network-firewall/include/aws/network-firewall/model/CreateFirewallRequest.h

@@ -217,8 +217,8 @@ namespace Model
      * <p>Required. The Availability Zones where you want to create firewall endpoints
      * for a transit gateway-attached firewall. You must specify at least one
      * Availability Zone. Consider enabling the firewall in every Availability Zone
-     * where you have workloads to maintain Availability Zone independence.</p> <p>You
-     * can modify Availability Zones later using <a>AssociateAvailabilityZones</a> or
+     * where you have workloads to maintain Availability Zone isolation.</p> <p>You can
+     * modify Availability Zones later using <a>AssociateAvailabilityZones</a> or
      * <a>DisassociateAvailabilityZones</a>, but this may briefly disrupt traffic. The
      * <code>AvailabilityZoneChangeProtection</code> setting controls whether you can
      * make these modifications.</p>

generated/src/aws-cpp-sdk-network-firewall/include/aws/network-firewall/model/FirewallPolicy.h

@@ -201,6 +201,18 @@ namespace Model
     template<typename PolicyVariablesT = PolicyVariables>
     FirewallPolicy& WithPolicyVariables(PolicyVariablesT&& value) { SetPolicyVariables(std::forward<PolicyVariablesT>(value)); return *this;}
     ///@}
+
+    ///@{
+    /**
+     * <p>When true, prevents TCP and TLS packets from reaching destination servers
+     * until TLS Inspection has evaluated Server Name Indication (SNI) rules. Requires
+     * an associated TLS Inspection configuration.</p>
+     */
+    inline bool GetEnableTLSSessionHolding() const { return m_enableTLSSessionHolding; }
+    inline bool EnableTLSSessionHoldingHasBeenSet() const { return m_enableTLSSessionHoldingHasBeenSet; }
+    inline void SetEnableTLSSessionHolding(bool value) { m_enableTLSSessionHoldingHasBeenSet = true; m_enableTLSSessionHolding = value; }
+    inline FirewallPolicy& WithEnableTLSSessionHolding(bool value) { SetEnableTLSSessionHolding(value); return *this;}
+    ///@}
   private:
 
     Aws::Vector<StatelessRuleGroupReference> m_statelessRuleGroupReferences;
@@ -229,6 +241,9 @@ namespace Model
 
     PolicyVariables m_policyVariables;
     bool m_policyVariablesHasBeenSet = false;
+
+    bool m_enableTLSSessionHolding{false};
+    bool m_enableTLSSessionHoldingHasBeenSet = false;
   };
 
 } // namespace Model

generated/src/aws-cpp-sdk-network-firewall/source/model/FirewallPolicy.cpp

@@ -94,6 +94,11 @@ FirewallPolicy& FirewallPolicy::operator =(JsonView jsonValue)
     m_policyVariables = jsonValue.GetObject("PolicyVariables");
     m_policyVariablesHasBeenSet = true;
   }
+  if(jsonValue.ValueExists("EnableTLSSessionHolding"))
+  {
+    m_enableTLSSessionHolding = jsonValue.GetBool("EnableTLSSessionHolding");
+    m_enableTLSSessionHoldingHasBeenSet = true;
+  }
   return *this;
 }
 
@@ -185,6 +190,12 @@ JsonValue FirewallPolicy::Jsonize() const
 
   }
 
+  if(m_enableTLSSessionHoldingHasBeenSet)
+  {
+   payload.WithBool("EnableTLSSessionHolding", m_enableTLSSessionHolding);
+
+  }
+
   return payload;
 }
 

generated/src/aws-cpp-sdk-pcs/include/aws/pcs/model/ComputeNodeGroup.h

@@ -171,10 +171,15 @@ namespace Model
 
     ///@{
     /**
-     * <p>Specifies how EC2 instances are purchased on your behalf. Amazon Web Services
-     * PCS supports On-Demand and Spot instances. For more information, see <a
-     * href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html">Instance
-     * purchasing options</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>. If
+     * <p>Specifies how EC2 instances are purchased on your behalf. PCS supports
+     * On-Demand Instances, Spot Instances, and Amazon EC2 Capacity Blocks for ML. For
+     * more information, see <a
+     * href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html">Amazon
+     * EC2 billing and purchasing options</a> in the <i>Amazon Elastic Compute Cloud
+     * User Guide</i>. For more information about PCS support for Capacity Blocks, see
+     * <a
+     * href="https://docs.aws.amazon.com/pcs/latest/userguide/capacity-blocks.html">Using
+     * Amazon EC2 Capacity Blocks for ML with PCS</a> in the <i>PCS User Guide</i>. If
      * you don't provide this option, it defaults to On-Demand.</p>
      */
     inline PurchaseOption GetPurchaseOption() const { return m_purchaseOption; }
@@ -223,8 +228,8 @@ namespace Model
 
     ///@{
     /**
-     * <p>A list of EC2 instance configurations that Amazon Web Services PCS can
-     * provision in the compute node group.</p>
+     * <p>A list of EC2 instance configurations that PCS can provision in the compute
+     * node group.</p>
      */
     inline const Aws::Vector<InstanceConfig>& GetInstanceConfigs() const { return m_instanceConfigs; }
     inline bool InstanceConfigsHasBeenSet() const { return m_instanceConfigsHasBeenSet; }

generated/src/aws-cpp-sdk-pcs/include/aws/pcs/model/CreateComputeNodeGroupRequest.h

@@ -98,10 +98,15 @@ namespace Model
 
     ///@{
     /**
-     * <p>Specifies how EC2 instances are purchased on your behalf. Amazon Web Services
-     * PCS supports On-Demand and Spot instances. For more information, see <a
-     * href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html">Instance
-     * purchasing options</a> in the <i>Amazon Elastic Compute Cloud User Guide</i>. If
+     * <p>Specifies how EC2 instances are purchased on your behalf. PCS supports
+     * On-Demand Instances, Spot Instances, and Amazon EC2 Capacity Blocks for ML. For
+     * more information, see <a
+     * href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html">Amazon
+     * EC2 billing and purchasing options</a> in the <i>Amazon Elastic Compute Cloud
+     * User Guide</i>. For more information about PCS support for Capacity Blocks, see
+     * <a
+     * href="https://docs.aws.amazon.com/pcs/latest/userguide/capacity-blocks.html">Using
+     * Amazon EC2 Capacity Blocks for ML with PCS</a> in the <i>PCS User Guide</i>. If
      * you don't provide this option, it defaults to On-Demand.</p>
      */
     inline PurchaseOption GetPurchaseOption() const { return m_purchaseOption; }
@@ -152,8 +157,8 @@ namespace Model
 
     ///@{
     /**
-     * <p>A list of EC2 instance configurations that Amazon Web Services PCS can
-     * provision in the compute node group.</p>
+     * <p>A list of EC2 instance configurations that PCS can provision in the compute
+     * node group.</p>
      */
     inline const Aws::Vector<InstanceConfig>& GetInstanceConfigs() const { return m_instanceConfigs; }
     inline bool InstanceConfigsHasBeenSet() const { return m_instanceConfigsHasBeenSet; }

generated/src/aws-cpp-sdk-pcs/include/aws/pcs/model/NetworkingRequest.h

@@ -42,12 +42,11 @@ namespace Model
 
     ///@{
     /**
-     * <p>The list of subnet IDs where Amazon Web Services PCS creates an Elastic
-     * Network Interface (ENI) to enable communication between managed controllers and
-     * Amazon Web Services PCS resources. Subnet IDs have the form
-     * <code>subnet-0123456789abcdef0</code>.</p> <p>Subnets can't be in Outposts,
-     * Wavelength or an Amazon Web Services Local Zone.</p>  <p>Amazon Web
-     * Services PCS currently supports only 1 subnet in this list.</p> 
+     * <p>The list of subnet IDs where PCS creates an Elastic Network Interface (ENI)
+     * to enable communication between managed controllers and PCS resources. Subnet
+     * IDs have the form <code>subnet-0123456789abcdef0</code>.</p> <p>Subnets can't be
+     * in Outposts, Wavelength or an Amazon Web Services Local Zone.</p>  <p>PCS
+     * currently supports only 1 subnet in this list.</p> 
      */
     inline const Aws::Vector<Aws::String>& GetSubnetIds() const { return m_subnetIds; }
     inline bool SubnetIdsHasBeenSet() const { return m_subnetIdsHasBeenSet; }