feat(client-network-firewall): You can now use VPC endpoint associations to create multiple firewall endpoints for a single firewall.

Author: awstools

clients/client-network-firewall/README.md

@@ -68,13 +68,18 @@ Amazon VPC. </p>
 subnet for the sole use of Network Firewall. </p>
 </li>
 <li>
-<p>In Network Firewall, create stateless and stateful rule groups,
+<p>In Network Firewall, define the firewall behavior as follows: </p>
+<ol>
+<li>
+<p>Create stateless and stateful rule groups,
 to define the components of the network traffic filtering behavior that you want your firewall to have. </p>
 </li>
 <li>
-<p>In Network Firewall, create a firewall policy that uses your rule groups and
+<p>Create a firewall policy that uses your rule groups and
 specifies additional default traffic filtering behavior. </p>
 </li>
+</ol>
+</li>
 <li>
 <p>In Network Firewall, create a firewall and specify your new firewall policy and
 VPC subnets. Network Firewall creates a firewall endpoint in each subnet that you
@@ -85,6 +90,9 @@ specify, with the behavior that's defined in the firewall policy.</p>
 endpoints.</p>
 </li>
 </ol>
+<p>After your firewall is established, you can add firewall endpoints for new Availability Zones by following the prior steps for the Amazon VPC setup and
+firewall subnet definitions. You can also add endpoints to Availability Zones that you're using in the firewall, either for the same VPC
+or for another VPC, by following the prior steps for the Amazon VPC setup, and defining the new VPC subnets as VPC endpoint associations. </p>
 
 ## Installing
 
@@ -328,6 +336,14 @@ CreateTLSInspectionConfiguration
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/CreateTLSInspectionConfigurationCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/CreateTLSInspectionConfigurationCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/CreateTLSInspectionConfigurationCommandOutput/)
 
+</details>
+<details>
+<summary>
+CreateVpcEndpointAssociation
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/CreateVpcEndpointAssociationCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/CreateVpcEndpointAssociationCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/CreateVpcEndpointAssociationCommandOutput/)
+
 </details>
 <details>
 <summary>
@@ -368,6 +384,14 @@ DeleteTLSInspectionConfiguration
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/DeleteTLSInspectionConfigurationCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DeleteTLSInspectionConfigurationCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DeleteTLSInspectionConfigurationCommandOutput/)
 
+</details>
+<details>
+<summary>
+DeleteVpcEndpointAssociation
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/DeleteVpcEndpointAssociationCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DeleteVpcEndpointAssociationCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DeleteVpcEndpointAssociationCommandOutput/)
+
 </details>
 <details>
 <summary>
@@ -376,6 +400,14 @@ DescribeFirewall
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/DescribeFirewallCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DescribeFirewallCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DescribeFirewallCommandOutput/)
 
+</details>
+<details>
+<summary>
+DescribeFirewallMetadata
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/DescribeFirewallMetadataCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DescribeFirewallMetadataCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DescribeFirewallMetadataCommandOutput/)
+
 </details>
 <details>
 <summary>
@@ -432,6 +464,14 @@ DescribeTLSInspectionConfiguration
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/DescribeTLSInspectionConfigurationCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DescribeTLSInspectionConfigurationCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DescribeTLSInspectionConfigurationCommandOutput/)
 
+</details>
+<details>
+<summary>
+DescribeVpcEndpointAssociation
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/DescribeVpcEndpointAssociationCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DescribeVpcEndpointAssociationCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/DescribeVpcEndpointAssociationCommandOutput/)
+
 </details>
 <details>
 <summary>
@@ -512,6 +552,14 @@ ListTLSInspectionConfigurations
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/ListTLSInspectionConfigurationsCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/ListTLSInspectionConfigurationsCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/ListTLSInspectionConfigurationsCommandOutput/)
 
+</details>
+<details>
+<summary>
+ListVpcEndpointAssociations
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/network-firewall/command/ListVpcEndpointAssociationsCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/ListVpcEndpointAssociationsCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-network-firewall/Interface/ListVpcEndpointAssociationsCommandOutput/)
+
 </details>
 <details>
 <summary>

clients/client-network-firewall/src/NetworkFirewall.ts

@@ -32,6 +32,11 @@ import {
   CreateTLSInspectionConfigurationCommandInput,
   CreateTLSInspectionConfigurationCommandOutput,
 } from "./commands/CreateTLSInspectionConfigurationCommand";
+import {
+  CreateVpcEndpointAssociationCommand,
+  CreateVpcEndpointAssociationCommandInput,
+  CreateVpcEndpointAssociationCommandOutput,
+} from "./commands/CreateVpcEndpointAssociationCommand";
 import {
   DeleteFirewallCommand,
   DeleteFirewallCommandInput,
@@ -57,11 +62,21 @@ import {
   DeleteTLSInspectionConfigurationCommandInput,
   DeleteTLSInspectionConfigurationCommandOutput,
 } from "./commands/DeleteTLSInspectionConfigurationCommand";
+import {
+  DeleteVpcEndpointAssociationCommand,
+  DeleteVpcEndpointAssociationCommandInput,
+  DeleteVpcEndpointAssociationCommandOutput,
+} from "./commands/DeleteVpcEndpointAssociationCommand";
 import {
   DescribeFirewallCommand,
   DescribeFirewallCommandInput,
   DescribeFirewallCommandOutput,
 } from "./commands/DescribeFirewallCommand";
+import {
+  DescribeFirewallMetadataCommand,
+  DescribeFirewallMetadataCommandInput,
+  DescribeFirewallMetadataCommandOutput,
+} from "./commands/DescribeFirewallMetadataCommand";
 import {
   DescribeFirewallPolicyCommand,
   DescribeFirewallPolicyCommandInput,
@@ -97,6 +112,11 @@ import {
   DescribeTLSInspectionConfigurationCommandInput,
   DescribeTLSInspectionConfigurationCommandOutput,
 } from "./commands/DescribeTLSInspectionConfigurationCommand";
+import {
+  DescribeVpcEndpointAssociationCommand,
+  DescribeVpcEndpointAssociationCommandInput,
+  DescribeVpcEndpointAssociationCommandOutput,
+} from "./commands/DescribeVpcEndpointAssociationCommand";
 import {
   DisassociateSubnetsCommand,
   DisassociateSubnetsCommandInput,
@@ -147,6 +167,11 @@ import {
   ListTLSInspectionConfigurationsCommandInput,
   ListTLSInspectionConfigurationsCommandOutput,
 } from "./commands/ListTLSInspectionConfigurationsCommand";
+import {
+  ListVpcEndpointAssociationsCommand,
+  ListVpcEndpointAssociationsCommandInput,
+  ListVpcEndpointAssociationsCommandOutput,
+} from "./commands/ListVpcEndpointAssociationsCommand";
 import {
   PutResourcePolicyCommand,
   PutResourcePolicyCommandInput,
@@ -232,19 +257,23 @@ const commands = {
   CreateFirewallPolicyCommand,
   CreateRuleGroupCommand,
   CreateTLSInspectionConfigurationCommand,
+  CreateVpcEndpointAssociationCommand,
   DeleteFirewallCommand,
   DeleteFirewallPolicyCommand,
   DeleteResourcePolicyCommand,
   DeleteRuleGroupCommand,
   DeleteTLSInspectionConfigurationCommand,
+  DeleteVpcEndpointAssociationCommand,
   DescribeFirewallCommand,
+  DescribeFirewallMetadataCommand,
   DescribeFirewallPolicyCommand,
   DescribeFlowOperationCommand,
   DescribeLoggingConfigurationCommand,
   DescribeResourcePolicyCommand,
   DescribeRuleGroupCommand,
   DescribeRuleGroupMetadataCommand,
   DescribeTLSInspectionConfigurationCommand,
+  DescribeVpcEndpointAssociationCommand,
   DisassociateSubnetsCommand,
   GetAnalysisReportResultsCommand,
   ListAnalysisReportsCommand,
@@ -255,6 +284,7 @@ const commands = {
   ListRuleGroupsCommand,
   ListTagsForResourceCommand,
   ListTLSInspectionConfigurationsCommand,
+  ListVpcEndpointAssociationsCommand,
   PutResourcePolicyCommand,
   StartAnalysisReportCommand,
   StartFlowCaptureCommand,
@@ -370,6 +400,23 @@ export interface NetworkFirewall {
     cb: (err: any, data?: CreateTLSInspectionConfigurationCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link CreateVpcEndpointAssociationCommand}
+   */
+  createVpcEndpointAssociation(
+    args: CreateVpcEndpointAssociationCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<CreateVpcEndpointAssociationCommandOutput>;
+  createVpcEndpointAssociation(
+    args: CreateVpcEndpointAssociationCommandInput,
+    cb: (err: any, data?: CreateVpcEndpointAssociationCommandOutput) => void
+  ): void;
+  createVpcEndpointAssociation(
+    args: CreateVpcEndpointAssociationCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: CreateVpcEndpointAssociationCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link DeleteFirewallCommand}
    */
@@ -453,6 +500,23 @@ export interface NetworkFirewall {
     cb: (err: any, data?: DeleteTLSInspectionConfigurationCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link DeleteVpcEndpointAssociationCommand}
+   */
+  deleteVpcEndpointAssociation(
+    args: DeleteVpcEndpointAssociationCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<DeleteVpcEndpointAssociationCommandOutput>;
+  deleteVpcEndpointAssociation(
+    args: DeleteVpcEndpointAssociationCommandInput,
+    cb: (err: any, data?: DeleteVpcEndpointAssociationCommandOutput) => void
+  ): void;
+  deleteVpcEndpointAssociation(
+    args: DeleteVpcEndpointAssociationCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: DeleteVpcEndpointAssociationCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link DescribeFirewallCommand}
    */
@@ -471,6 +535,24 @@ export interface NetworkFirewall {
     cb: (err: any, data?: DescribeFirewallCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link DescribeFirewallMetadataCommand}
+   */
+  describeFirewallMetadata(): Promise<DescribeFirewallMetadataCommandOutput>;
+  describeFirewallMetadata(
+    args: DescribeFirewallMetadataCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<DescribeFirewallMetadataCommandOutput>;
+  describeFirewallMetadata(
+    args: DescribeFirewallMetadataCommandInput,
+    cb: (err: any, data?: DescribeFirewallMetadataCommandOutput) => void
+  ): void;
+  describeFirewallMetadata(
+    args: DescribeFirewallMetadataCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: DescribeFirewallMetadataCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link DescribeFirewallPolicyCommand}
    */
@@ -595,6 +677,23 @@ export interface NetworkFirewall {
     cb: (err: any, data?: DescribeTLSInspectionConfigurationCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link DescribeVpcEndpointAssociationCommand}
+   */
+  describeVpcEndpointAssociation(
+    args: DescribeVpcEndpointAssociationCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<DescribeVpcEndpointAssociationCommandOutput>;
+  describeVpcEndpointAssociation(
+    args: DescribeVpcEndpointAssociationCommandInput,
+    cb: (err: any, data?: DescribeVpcEndpointAssociationCommandOutput) => void
+  ): void;
+  describeVpcEndpointAssociation(
+    args: DescribeVpcEndpointAssociationCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: DescribeVpcEndpointAssociationCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link DisassociateSubnetsCommand}
    */
@@ -761,6 +860,24 @@ export interface NetworkFirewall {
     cb: (err: any, data?: ListTLSInspectionConfigurationsCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link ListVpcEndpointAssociationsCommand}
+   */
+  listVpcEndpointAssociations(): Promise<ListVpcEndpointAssociationsCommandOutput>;
+  listVpcEndpointAssociations(
+    args: ListVpcEndpointAssociationsCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<ListVpcEndpointAssociationsCommandOutput>;
+  listVpcEndpointAssociations(
+    args: ListVpcEndpointAssociationsCommandInput,
+    cb: (err: any, data?: ListVpcEndpointAssociationsCommandOutput) => void
+  ): void;
+  listVpcEndpointAssociations(
+    args: ListVpcEndpointAssociationsCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: ListVpcEndpointAssociationsCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link PutResourcePolicyCommand}
    */
@@ -1083,12 +1200,17 @@ export interface NetworkFirewall {
  *                subnet for the sole use of Network Firewall. </p>
  *             </li>
  *             <li>
- *                <p>In Network Firewall, create stateless and stateful rule groups,
+ *                <p>In Network Firewall, define the firewall behavior as follows: </p>
+ *                <ol>
+ *                   <li>
+ *                      <p>Create stateless and stateful rule groups,
  *                  to define the components of the network traffic filtering behavior that you want your firewall to have. </p>
- *             </li>
- *             <li>
- *                <p>In Network Firewall, create a firewall policy that uses your rule groups and
- *                  specifies additional default traffic filtering behavior. </p>
+ *                   </li>
+ *                   <li>
+ *                      <p>Create a firewall policy that uses your rule groups and
+ *                      specifies additional default traffic filtering behavior. </p>
+ *                   </li>
+ *                </ol>
  *             </li>
  *             <li>
  *                <p>In Network Firewall, create a firewall and specify your new firewall policy and
@@ -1100,6 +1222,9 @@ export interface NetworkFirewall {
  *                endpoints.</p>
  *             </li>
  *          </ol>
+ *          <p>After your firewall is established, you can add firewall endpoints for new Availability Zones by following the prior steps for the Amazon VPC setup and
+ *       firewall subnet definitions. You can also add endpoints to Availability Zones that you're using in the firewall, either for the same VPC
+ *           or for another VPC, by following the prior steps for the Amazon VPC setup, and defining the new VPC subnets as VPC endpoint associations. </p>
  * @public
  */
 export class NetworkFirewall extends NetworkFirewallClient implements NetworkFirewall {}