com.amazonaws.services.networkfirewall.package-info Maven / Gradle / Ivy
Show all versions of aws-java-sdk-networkfirewall Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
/**
*
* This is the API Reference for Network Firewall. This guide is for developers who need detailed information about the
* Network Firewall API actions, data types, and errors.
*
*
* -
*
* The REST API requires you to handle connection details, such as calculating signatures, handling request retries, and
* error handling. For general information about using the Amazon Web Services REST APIs, see Amazon Web Services APIs.
*
*
* To access Network Firewall using the REST API endpoint:
* https://network-firewall.<region>.amazonaws.com
*
*
* -
*
* Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming
* language or platform that you're using. For more information, see Amazon
* Web Services SDKs.
*
*
* -
*
* For descriptions of Network Firewall features, including and step-by-step instructions on how to use them through the
* Network Firewall console, see the Network Firewall Developer Guide.
*
*
*
*
* Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for Amazon
* Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the perimeter of your VPC. This
* includes filtering traffic going to and coming from an internet gateway, NAT gateway, or over VPN or Direct Connect.
* Network Firewall uses rules that are compatible with Suricata, a free, open source network analysis and threat
* detection engine. Network Firewall supports Suricata version 6.0.9. For information about Suricata, see the Suricata website.
*
*
* You can use Network Firewall to monitor and protect your VPC traffic in a number of ways. The following are just a
* few examples:
*
*
* -
*
* Allow domains or IP addresses for known Amazon Web Services service endpoints, such as Amazon S3, and block all other
* forms of traffic.
*
*
* -
*
* Use custom lists of known bad domains to limit the types of domain names that your applications can access.
*
*
* -
*
* Perform deep packet inspection on traffic entering or leaving your VPC.
*
*
* -
*
* Use stateful protocol detection to filter protocols like HTTPS, regardless of the port used.
*
*
*
*
* To enable Network Firewall for your VPCs, you perform steps in both Amazon VPC and in Network Firewall. For
* information about using Amazon VPC, see Amazon VPC User
* Guide.
*
*
* To start using Network Firewall, do the following:
*
*
* -
*
* (Optional) If you don't already have a VPC that you want to protect, create it in Amazon VPC.
*
*
* -
*
* In Amazon VPC, in each Availability Zone where you want to have a firewall endpoint, create a subnet for the sole use
* of Network Firewall.
*
*
* -
*
* In Network Firewall, create stateless and stateful rule groups, to define the components of the network traffic
* filtering behavior that you want your firewall to have.
*
*
* -
*
* In Network Firewall, create a firewall policy that uses your rule groups and specifies additional default traffic
* filtering behavior.
*
*
* -
*
* In Network Firewall, create a firewall and specify your new firewall policy and VPC subnets. Network Firewall creates
* a firewall endpoint in each subnet that you specify, with the behavior that's defined in the firewall policy.
*
*
* -
*
* In Amazon VPC, use ingress routing enhancements to route traffic through the new firewall endpoints.
*
*
*
*/
package com.amazonaws.services.networkfirewall;