feat(client-network-firewall): This release introduces Network Firewall's Automated Domain List feature. New APIs include UpdateFirewallAnalysisSettings, StartAnalysisReport, GetAnalysisReportResults, and ListAnalysisReports. These allow customers to enable analysis on firewalls to identify and report frequently accessed domain.

Author: awstools

clients/client-network-firewall/README.md

@@ -32,7 +32,10 @@ Guide</a>.</p>
 prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
 perimeter of your VPC. This includes filtering traffic going to and coming from an internet
 gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible
-with Suricata, a free, open source network analysis and threat detection engine. </p>
+with Suricata, a free, open source network analysis and threat detection engine.
+Network Firewall supports Suricata version 7.0.3. For information about Suricata,
+see the <a href="https://suricata.io/">Suricata website</a> and the
+<a href="https://suricata.readthedocs.io/en/suricata-7.0.3/">Suricata User Guide</a>. </p>
 <p>You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
 The following are just a few examples: </p>
 <ul>
@@ -429,6 +432,22 @@ DisassociateSubnets
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/DisassociateSubnetsCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DisassociateSubnetsCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DisassociateSubnetsCommandOutput/)
 
+</details>
+<details>
+<summary>
+GetAnalysisReportResults
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/GetAnalysisReportResultsCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/GetAnalysisReportResultsCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/GetAnalysisReportResultsCommandOutput/)
+
+</details>
+<details>
+<summary>
+ListAnalysisReports
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/ListAnalysisReportsCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/ListAnalysisReportsCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/ListAnalysisReportsCommandOutput/)
+
 </details>
 <details>
 <summary>
@@ -477,6 +496,14 @@ PutResourcePolicy
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/PutResourcePolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/PutResourcePolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/PutResourcePolicyCommandOutput/)
 
+</details>
+<details>
+<summary>
+StartAnalysisReport
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/StartAnalysisReportCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/StartAnalysisReportCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/StartAnalysisReportCommandOutput/)
+
 </details>
 <details>
 <summary>
@@ -493,6 +520,14 @@ UntagResource
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/UntagResourceCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/UntagResourceCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/UntagResourceCommandOutput/)
 
+</details>
+<details>
+<summary>
+UpdateFirewallAnalysisSettings
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/UpdateFirewallAnalysisSettingsCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/UpdateFirewallAnalysisSettingsCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/UpdateFirewallAnalysisSettingsCommandOutput/)
+
 </details>
 <details>
 <summary>

clients/client-network-firewall/src/NetworkFirewall.ts

@@ -97,6 +97,16 @@ import {
   DisassociateSubnetsCommandInput,
   DisassociateSubnetsCommandOutput,
 } from "./commands/DisassociateSubnetsCommand";
+import {
+  GetAnalysisReportResultsCommand,
+  GetAnalysisReportResultsCommandInput,
+  GetAnalysisReportResultsCommandOutput,
+} from "./commands/GetAnalysisReportResultsCommand";
+import {
+  ListAnalysisReportsCommand,
+  ListAnalysisReportsCommandInput,
+  ListAnalysisReportsCommandOutput,
+} from "./commands/ListAnalysisReportsCommand";
 import {
   ListFirewallPoliciesCommand,
   ListFirewallPoliciesCommandInput,
@@ -127,12 +137,22 @@ import {
   PutResourcePolicyCommandInput,
   PutResourcePolicyCommandOutput,
 } from "./commands/PutResourcePolicyCommand";
+import {
+  StartAnalysisReportCommand,
+  StartAnalysisReportCommandInput,
+  StartAnalysisReportCommandOutput,
+} from "./commands/StartAnalysisReportCommand";
 import { TagResourceCommand, TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
 import {
   UntagResourceCommand,
   UntagResourceCommandInput,
   UntagResourceCommandOutput,
 } from "./commands/UntagResourceCommand";
+import {
+  UpdateFirewallAnalysisSettingsCommand,
+  UpdateFirewallAnalysisSettingsCommandInput,
+  UpdateFirewallAnalysisSettingsCommandOutput,
+} from "./commands/UpdateFirewallAnalysisSettingsCommand";
 import {
   UpdateFirewallDeleteProtectionCommand,
   UpdateFirewallDeleteProtectionCommandInput,
@@ -200,14 +220,18 @@ const commands = {
   DescribeRuleGroupMetadataCommand,
   DescribeTLSInspectionConfigurationCommand,
   DisassociateSubnetsCommand,
+  GetAnalysisReportResultsCommand,
+  ListAnalysisReportsCommand,
   ListFirewallPoliciesCommand,
   ListFirewallsCommand,
   ListRuleGroupsCommand,
   ListTagsForResourceCommand,
   ListTLSInspectionConfigurationsCommand,
   PutResourcePolicyCommand,
+  StartAnalysisReportCommand,
   TagResourceCommand,
   UntagResourceCommand,
+  UpdateFirewallAnalysisSettingsCommand,
   UpdateFirewallDeleteProtectionCommand,
   UpdateFirewallDescriptionCommand,
   UpdateFirewallEncryptionConfigurationCommand,
@@ -541,6 +565,41 @@ export interface NetworkFirewall {
     cb: (err: any, data?: DisassociateSubnetsCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link GetAnalysisReportResultsCommand}
+   */
+  getAnalysisReportResults(
+    args: GetAnalysisReportResultsCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<GetAnalysisReportResultsCommandOutput>;
+  getAnalysisReportResults(
+    args: GetAnalysisReportResultsCommandInput,
+    cb: (err: any, data?: GetAnalysisReportResultsCommandOutput) => void
+  ): void;
+  getAnalysisReportResults(
+    args: GetAnalysisReportResultsCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetAnalysisReportResultsCommandOutput) => void
+  ): void;
+
+  /**
+   * @see {@link ListAnalysisReportsCommand}
+   */
+  listAnalysisReports(): Promise<ListAnalysisReportsCommandOutput>;
+  listAnalysisReports(
+    args: ListAnalysisReportsCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<ListAnalysisReportsCommandOutput>;
+  listAnalysisReports(
+    args: ListAnalysisReportsCommandInput,
+    cb: (err: any, data?: ListAnalysisReportsCommandOutput) => void
+  ): void;
+  listAnalysisReports(
+    args: ListAnalysisReportsCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: ListAnalysisReportsCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link ListFirewallPoliciesCommand}
    */
@@ -638,6 +697,23 @@ export interface NetworkFirewall {
     cb: (err: any, data?: PutResourcePolicyCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link StartAnalysisReportCommand}
+   */
+  startAnalysisReport(
+    args: StartAnalysisReportCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<StartAnalysisReportCommandOutput>;
+  startAnalysisReport(
+    args: StartAnalysisReportCommandInput,
+    cb: (err: any, data?: StartAnalysisReportCommandOutput) => void
+  ): void;
+  startAnalysisReport(
+    args: StartAnalysisReportCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: StartAnalysisReportCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link TagResourceCommand}
    */
@@ -660,6 +736,24 @@ export interface NetworkFirewall {
     cb: (err: any, data?: UntagResourceCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link UpdateFirewallAnalysisSettingsCommand}
+   */
+  updateFirewallAnalysisSettings(): Promise<UpdateFirewallAnalysisSettingsCommandOutput>;
+  updateFirewallAnalysisSettings(
+    args: UpdateFirewallAnalysisSettingsCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<UpdateFirewallAnalysisSettingsCommandOutput>;
+  updateFirewallAnalysisSettings(
+    args: UpdateFirewallAnalysisSettingsCommandInput,
+    cb: (err: any, data?: UpdateFirewallAnalysisSettingsCommandOutput) => void
+  ): void;
+  updateFirewallAnalysisSettings(
+    args: UpdateFirewallAnalysisSettingsCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: UpdateFirewallAnalysisSettingsCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link UpdateFirewallDeleteProtectionCommand}
    */
@@ -841,7 +935,10 @@ export interface NetworkFirewall {
  *          prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
  *          perimeter of your VPC. This includes filtering traffic going to and coming from an internet
  *          gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible
- *       with Suricata, a free, open source network analysis and threat detection engine. </p>
+ *       with Suricata, a free, open source network analysis and threat detection engine.
+ *       Network Firewall supports Suricata version 7.0.3. For information about Suricata,
+ *           see the <a href="https://suricata.io/">Suricata website</a> and the
+ *           <a href="https://suricata.readthedocs.io/en/suricata-7.0.3/">Suricata User Guide</a>. </p>
  *          <p>You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
  *          The following are just a few examples: </p>
  *          <ul>

clients/client-network-firewall/src/NetworkFirewallClient.ts

@@ -108,6 +108,14 @@ import {
   DisassociateSubnetsCommandInput,
   DisassociateSubnetsCommandOutput,
 } from "./commands/DisassociateSubnetsCommand";
+import {
+  GetAnalysisReportResultsCommandInput,
+  GetAnalysisReportResultsCommandOutput,
+} from "./commands/GetAnalysisReportResultsCommand";
+import {
+  ListAnalysisReportsCommandInput,
+  ListAnalysisReportsCommandOutput,
+} from "./commands/ListAnalysisReportsCommand";
 import {
   ListFirewallPoliciesCommandInput,
   ListFirewallPoliciesCommandOutput,
@@ -123,8 +131,16 @@ import {
   ListTLSInspectionConfigurationsCommandOutput,
 } from "./commands/ListTLSInspectionConfigurationsCommand";
 import { PutResourcePolicyCommandInput, PutResourcePolicyCommandOutput } from "./commands/PutResourcePolicyCommand";
+import {
+  StartAnalysisReportCommandInput,
+  StartAnalysisReportCommandOutput,
+} from "./commands/StartAnalysisReportCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
 import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
+import {
+  UpdateFirewallAnalysisSettingsCommandInput,
+  UpdateFirewallAnalysisSettingsCommandOutput,
+} from "./commands/UpdateFirewallAnalysisSettingsCommand";
 import {
   UpdateFirewallDeleteProtectionCommandInput,
   UpdateFirewallDeleteProtectionCommandOutput,
@@ -192,14 +208,18 @@ export type ServiceInputTypes =
   | DescribeRuleGroupMetadataCommandInput
   | DescribeTLSInspectionConfigurationCommandInput
   | DisassociateSubnetsCommandInput
+  | GetAnalysisReportResultsCommandInput
+  | ListAnalysisReportsCommandInput
   | ListFirewallPoliciesCommandInput
   | ListFirewallsCommandInput
   | ListRuleGroupsCommandInput
   | ListTLSInspectionConfigurationsCommandInput
   | ListTagsForResourceCommandInput
   | PutResourcePolicyCommandInput
+  | StartAnalysisReportCommandInput
   | TagResourceCommandInput
   | UntagResourceCommandInput
+  | UpdateFirewallAnalysisSettingsCommandInput
   | UpdateFirewallDeleteProtectionCommandInput
   | UpdateFirewallDescriptionCommandInput
   | UpdateFirewallEncryptionConfigurationCommandInput
@@ -233,14 +253,18 @@ export type ServiceOutputTypes =
   | DescribeRuleGroupMetadataCommandOutput
   | DescribeTLSInspectionConfigurationCommandOutput
   | DisassociateSubnetsCommandOutput
+  | GetAnalysisReportResultsCommandOutput
+  | ListAnalysisReportsCommandOutput
   | ListFirewallPoliciesCommandOutput
   | ListFirewallsCommandOutput
   | ListRuleGroupsCommandOutput
   | ListTLSInspectionConfigurationsCommandOutput
   | ListTagsForResourceCommandOutput
   | PutResourcePolicyCommandOutput
+  | StartAnalysisReportCommandOutput
   | TagResourceCommandOutput
   | UntagResourceCommandOutput
+  | UpdateFirewallAnalysisSettingsCommandOutput
   | UpdateFirewallDeleteProtectionCommandOutput
   | UpdateFirewallDescriptionCommandOutput
   | UpdateFirewallEncryptionConfigurationCommandOutput
@@ -468,7 +492,10 @@ export interface NetworkFirewallClientResolvedConfig extends NetworkFirewallClie
  *          prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the
  *          perimeter of your VPC. This includes filtering traffic going to and coming from an internet
  *          gateway, NAT gateway, or over VPN or Direct Connect. Network Firewall uses rules that are compatible
- *       with Suricata, a free, open source network analysis and threat detection engine. </p>
+ *       with Suricata, a free, open source network analysis and threat detection engine.
+ *       Network Firewall supports Suricata version 7.0.3. For information about Suricata,
+ *           see the <a href="https://suricata.io/">Suricata website</a> and the
+ *           <a href="https://suricata.readthedocs.io/en/suricata-7.0.3/">Suricata User Guide</a>. </p>
  *          <p>You can use Network Firewall to monitor and protect your VPC traffic in a number of ways.
  *          The following are just a few examples: </p>
  *          <ul>

clients/client-network-firewall/src/commands/CreateFirewallCommand.ts

@@ -35,6 +35,7 @@ export interface CreateFirewallCommandOutput extends CreateFirewallResponse, __M
  *          themselves, for example <a>UpdateLoggingConfiguration</a>, <a>AssociateSubnets</a>, and <a>UpdateFirewallDeleteProtection</a>. </p>
  *          <p>To manage a firewall's tags, use the standard Amazon Web Services resource tagging operations, <a>ListTagsForResource</a>, <a>TagResource</a>, and <a>UntagResource</a>.</p>
  *          <p>To retrieve information about firewalls, use <a>ListFirewalls</a> and <a>DescribeFirewall</a>.</p>
+ *          <p>To generate a report on the last 30 days of traffic monitored by a firewall, use <a>StartAnalysisReport</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -44,8 +45,8 @@ export interface CreateFirewallCommandOutput extends CreateFirewallResponse, __M
  * const input = { // CreateFirewallRequest
  *   FirewallName: "STRING_VALUE", // required
  *   FirewallPolicyArn: "STRING_VALUE", // required
- *   VpcId: "STRING_VALUE", // required
- *   SubnetMappings: [ // SubnetMappings // required
+ *   VpcId: "STRING_VALUE",
+ *   SubnetMappings: [ // SubnetMappings
  *     { // SubnetMapping
  *       SubnetId: "STRING_VALUE", // required
  *       IPAddressType: "DUALSTACK" || "IPV4" || "IPV6",
@@ -65,6 +66,9 @@ export interface CreateFirewallCommandOutput extends CreateFirewallResponse, __M
  *     KeyId: "STRING_VALUE",
  *     Type: "CUSTOMER_KMS" || "AWS_OWNED_KMS_KEY", // required
  *   },
+ *   EnabledAnalysisTypes: [ // EnabledAnalysisTypes
+ *     "TLS_SNI" || "HTTP_HOST",
+ *   ],
  * };
  * const command = new CreateFirewallCommand(input);
  * const response = await client.send(command);
@@ -95,6 +99,9 @@ export interface CreateFirewallCommandOutput extends CreateFirewallResponse, __M
  * //       KeyId: "STRING_VALUE",
  * //       Type: "CUSTOMER_KMS" || "AWS_OWNED_KMS_KEY", // required
  * //     },
+ * //     EnabledAnalysisTypes: [ // EnabledAnalysisTypes
+ * //       "TLS_SNI" || "HTTP_HOST",
+ * //     ],
  * //   },
  * //   FirewallStatus: { // FirewallStatus
  * //     Status: "PROVISIONING" || "DELETING" || "READY", // required

clients/client-network-firewall/src/commands/DeleteFirewallCommand.ts

@@ -78,6 +78,9 @@ export interface DeleteFirewallCommandOutput extends DeleteFirewallResponse, __M
  * //       KeyId: "STRING_VALUE",
  * //       Type: "CUSTOMER_KMS" || "AWS_OWNED_KMS_KEY", // required
  * //     },
+ * //     EnabledAnalysisTypes: [ // EnabledAnalysisTypes
+ * //       "TLS_SNI" || "HTTP_HOST",
+ * //     ],
  * //   },
  * //   FirewallStatus: { // FirewallStatus
  * //     Status: "PROVISIONING" || "DELETING" || "READY", // required

clients/client-network-firewall/src/commands/DescribeFirewallCommand.ts

@@ -69,6 +69,9 @@ export interface DescribeFirewallCommandOutput extends DescribeFirewallResponse,
  * //       KeyId: "STRING_VALUE",
  * //       Type: "CUSTOMER_KMS" || "AWS_OWNED_KMS_KEY", // required
  * //     },
+ * //     EnabledAnalysisTypes: [ // EnabledAnalysisTypes
+ * //       "TLS_SNI" || "HTTP_HOST",
+ * //     ],
  * //   },
  * //   FirewallStatus: { // FirewallStatus
  * //     Status: "PROVISIONING" || "DELETING" || "READY", // required