packages feed

amazonka-network-firewall (empty) → 2.0

raw patch · 172 files changed

+21368/−0 lines, 172 filesdep +amazonka-coredep +amazonka-network-firewalldep +amazonka-test

Dependencies added: amazonka-core, amazonka-network-firewall, amazonka-test, base, bytestring, case-insensitive, tasty, tasty-hunit, text, time, unordered-containers

Files

+ LICENSE view
@@ -0,0 +1,367 @@+Mozilla Public License Version 2.0+==================================++1. Definitions+--------------++1.1. "Contributor"+    means each individual or legal entity that creates, contributes to+    the creation of, or owns Covered Software.++1.2. "Contributor Version"+    means the combination of the Contributions of others (if any) used+    by a Contributor and that particular Contributor's Contribution.++1.3. "Contribution"+    means Covered Software of a particular Contributor.++1.4. "Covered Software"+    means Source Code Form to which the initial Contributor has attached+    the notice in Exhibit A, the Executable Form of such Source Code+    Form, and Modifications of such Source Code Form, in each case+    including portions thereof.++1.5. "Incompatible With Secondary Licenses"+    means++    (a) that the initial Contributor has attached the notice described+        in Exhibit B to the Covered Software; or++    (b) that the Covered Software was made available under the terms of+        version 1.1 or earlier of the License, but not also under the+        terms of a Secondary License.++1.6. "Executable Form"+    means any form of the work other than Source Code Form.++1.7. "Larger Work"+    means a work that combines Covered Software with other material, in+    a separate file or files, that is not Covered Software.++1.8. "License"+    means this document.++1.9. "Licensable"+    means having the right to grant, to the maximum extent possible,+    whether at the time of the initial grant or subsequently, any and+    all of the rights conveyed by this License.++1.10. "Modifications"+    means any of the following:++    (a) any file in Source Code Form that results from an addition to,+        deletion from, or modification of the contents of Covered+        Software; or++    (b) any new file in Source Code Form that contains any Covered+        Software.++1.11. "Patent Claims" of a Contributor+    means any patent claim(s), including without limitation, method,+    process, and apparatus claims, in any patent Licensable by such+    Contributor that would be infringed, but for the grant of the+    License, by the making, using, selling, offering for sale, having+    made, import, or transfer of either its Contributions or its+    Contributor Version.++1.12. "Secondary License"+    means either the GNU General Public License, Version 2.0, the GNU+    Lesser General Public License, Version 2.1, the GNU Affero General+    Public License, Version 3.0, or any later versions of those+    licenses.++1.13. "Source Code Form"+    means the form of the work preferred for making modifications.++1.14. "You" (or "Your")+    means an individual or a legal entity exercising rights under this+    License. For legal entities, "You" includes any entity that+    controls, is controlled by, or is under common control with You. For+    purposes of this definition, "control" means (a) the power, direct+    or indirect, to cause the direction or management of such entity,+    whether by contract or otherwise, or (b) ownership of more than+    fifty percent (50%) of the outstanding shares or beneficial+    ownership of such entity.++2. License Grants and Conditions+--------------------------------++2.1. Grants++Each Contributor hereby grants You a world-wide, royalty-free,+non-exclusive license:++(a) under intellectual property rights (other than patent or trademark)+    Licensable by such Contributor to use, reproduce, make available,+    modify, display, perform, distribute, and otherwise exploit its+    Contributions, either on an unmodified basis, with Modifications, or+    as part of a Larger Work; and++(b) under Patent Claims of such Contributor to make, use, sell, offer+    for sale, have made, import, and otherwise transfer either its+    Contributions or its Contributor Version.++2.2. Effective Date++The licenses granted in Section 2.1 with respect to any Contribution+become effective for each Contribution on the date the Contributor first+distributes such Contribution.++2.3. Limitations on Grant Scope++The licenses granted in this Section 2 are the only rights granted under+this License. No additional rights or licenses will be implied from the+distribution or licensing of Covered Software under this License.+Notwithstanding Section 2.1(b) above, no patent license is granted by a+Contributor:++(a) for any code that a Contributor has removed from Covered Software;+    or++(b) for infringements caused by: (i) Your and any other third party's+    modifications of Covered Software, or (ii) the combination of its+    Contributions with other software (except as part of its Contributor+    Version); or++(c) under Patent Claims infringed by Covered Software in the absence of+    its Contributions.++This License does not grant any rights in the trademarks, service marks,+or logos of any Contributor (except as may be necessary to comply with+the notice requirements in Section 3.4).++2.4. Subsequent Licenses++No Contributor makes additional grants as a result of Your choice to+distribute the Covered Software under a subsequent version of this+License (see Section 10.2) or under the terms of a Secondary License (if+permitted under the terms of Section 3.3).++2.5. Representation++Each Contributor represents that the Contributor believes its+Contributions are its original creation(s) or it has sufficient rights+to grant the rights to its Contributions conveyed by this License.++2.6. Fair Use++This License is not intended to limit any rights You have under+applicable copyright doctrines of fair use, fair dealing, or other+equivalents.++2.7. Conditions++Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted+in Section 2.1.++3. Responsibilities+-------------------++3.1. Distribution of Source Form++All distribution of Covered Software in Source Code Form, including any+Modifications that You create or to which You contribute, must be under+the terms of this License. You must inform recipients that the Source+Code Form of the Covered Software is governed by the terms of this+License, and how they can obtain a copy of this License. You may not+attempt to alter or restrict the recipients' rights in the Source Code+Form.++3.2. Distribution of Executable Form++If You distribute Covered Software in Executable Form then:++(a) such Covered Software must also be made available in Source Code+    Form, as described in Section 3.1, and You must inform recipients of+    the Executable Form how they can obtain a copy of such Source Code+    Form by reasonable means in a timely manner, at a charge no more+    than the cost of distribution to the recipient; and++(b) You may distribute such Executable Form under the terms of this+    License, or sublicense it under different terms, provided that the+    license for the Executable Form does not attempt to limit or alter+    the recipients' rights in the Source Code Form under this License.++3.3. Distribution of a Larger Work++You may create and distribute a Larger Work under terms of Your choice,+provided that You also comply with the requirements of this License for+the Covered Software. If the Larger Work is a combination of Covered+Software with a work governed by one or more Secondary Licenses, and the+Covered Software is not Incompatible With Secondary Licenses, this+License permits You to additionally distribute such Covered Software+under the terms of such Secondary License(s), so that the recipient of+the Larger Work may, at their option, further distribute the Covered+Software under the terms of either this License or such Secondary+License(s).++3.4. Notices++You may not remove or alter the substance of any license notices+(including copyright notices, patent notices, disclaimers of warranty,+or limitations of liability) contained within the Source Code Form of+the Covered Software, except that You may alter any license notices to+the extent required to remedy known factual inaccuracies.++3.5. Application of Additional Terms++You may choose to offer, and to charge a fee for, warranty, support,+indemnity or liability obligations to one or more recipients of Covered+Software. However, You may do so only on Your own behalf, and not on+behalf of any Contributor. You must make it absolutely clear that any+such warranty, support, indemnity, or liability obligation is offered by+You alone, and You hereby agree to indemnify every Contributor for any+liability incurred by such Contributor as a result of warranty, support,+indemnity or liability terms You offer. You may include additional+disclaimers of warranty and limitations of liability specific to any+jurisdiction.++4. Inability to Comply Due to Statute or Regulation+---------------------------------------------------++If it is impossible for You to comply with any of the terms of this+License with respect to some or all of the Covered Software due to+statute, judicial order, or regulation then You must: (a) comply with+the terms of this License to the maximum extent possible; and (b)+describe the limitations and the code they affect. Such description must+be placed in a text file included with all distributions of the Covered+Software under this License. Except to the extent prohibited by statute+or regulation, such description must be sufficiently detailed for a+recipient of ordinary skill to be able to understand it.++5. Termination+--------------++5.1. The rights granted under this License will terminate automatically+if You fail to comply with any of its terms. However, if You become+compliant, then the rights granted under this License from a particular+Contributor are reinstated (a) provisionally, unless and until such+Contributor explicitly and finally terminates Your grants, and (b) on an+ongoing basis, if such Contributor fails to notify You of the+non-compliance by some reasonable means prior to 60 days after You have+come back into compliance. Moreover, Your grants from a particular+Contributor are reinstated on an ongoing basis if such Contributor+notifies You of the non-compliance by some reasonable means, this is the+first time You have received notice of non-compliance with this License+from such Contributor, and You become compliant prior to 30 days after+Your receipt of the notice.++5.2. If You initiate litigation against any entity by asserting a patent+infringement claim (excluding declaratory judgment actions,+counter-claims, and cross-claims) alleging that a Contributor Version+directly or indirectly infringes any patent, then the rights granted to+You by any and all Contributors for the Covered Software under Section+2.1 of this License shall terminate.++5.3. In the event of termination under Sections 5.1 or 5.2 above, all+end user license agreements (excluding distributors and resellers) which+have been validly granted by You or Your distributors under this License+prior to termination shall survive termination.++************************************************************************+*                                                                      *+*  6. Disclaimer of Warranty                                           *+*  -------------------------                                           *+*                                                                      *+*  Covered Software is provided under this License on an "as is"       *+*  basis, without warranty of any kind, either expressed, implied, or  *+*  statutory, including, without limitation, warranties that the       *+*  Covered Software is free of defects, merchantable, fit for a        *+*  particular purpose or non-infringing. The entire risk as to the     *+*  quality and performance of the Covered Software is with You.        *+*  Should any Covered Software prove defective in any respect, You     *+*  (not any Contributor) assume the cost of any necessary servicing,   *+*  repair, or correction. This disclaimer of warranty constitutes an   *+*  essential part of this License. No use of any Covered Software is   *+*  authorized under this License except under this disclaimer.         *+*                                                                      *+************************************************************************++************************************************************************+*                                                                      *+*  7. Limitation of Liability                                          *+*  --------------------------                                          *+*                                                                      *+*  Under no circumstances and under no legal theory, whether tort      *+*  (including negligence), contract, or otherwise, shall any           *+*  Contributor, or anyone who distributes Covered Software as          *+*  permitted above, be liable to You for any direct, indirect,         *+*  special, incidental, or consequential damages of any character      *+*  including, without limitation, damages for lost profits, loss of    *+*  goodwill, work stoppage, computer failure or malfunction, or any    *+*  and all other commercial damages or losses, even if such party      *+*  shall have been informed of the possibility of such damages. This   *+*  limitation of liability shall not apply to liability for death or   *+*  personal injury resulting from such party's negligence to the       *+*  extent applicable law prohibits such limitation. Some               *+*  jurisdictions do not allow the exclusion or limitation of           *+*  incidental or consequential damages, so this exclusion and          *+*  limitation may not apply to You.                                    *+*                                                                      *+************************************************************************++8. Litigation+-------------++Any litigation relating to this License may be brought only in the+courts of a jurisdiction where the defendant maintains its principal+place of business and such litigation shall be governed by laws of that+jurisdiction, without reference to its conflict-of-law provisions.+Nothing in this Section shall prevent a party's ability to bring+cross-claims or counter-claims.++9. Miscellaneous+----------------++This License represents the complete agreement concerning the subject+matter hereof. If any provision of this License is held to be+unenforceable, such provision shall be reformed only to the extent+necessary to make it enforceable. Any law or regulation which provides+that the language of a contract shall be construed against the drafter+shall not be used to construe this License against a Contributor.++10. Versions of the License+---------------------------++10.1. New Versions++Mozilla Foundation is the license steward. Except as provided in Section+10.3, no one other than the license steward has the right to modify or+publish new versions of this License. Each version will be given a+distinguishing version number.++10.2. Effect of New Versions++You may distribute the Covered Software under the terms of the version+of the License under which You originally received the Covered Software,+or under the terms of any subsequent version published by the license+steward.++10.3. Modified Versions++If you create software not governed by this License, and you want to+create a new license for such software, you may create and use a+modified version of this License if you rename the license and remove+any references to the name of the license steward (except to note that+such modified license differs from this License).++10.4. Distributing Source Code Form that is Incompatible With Secondary+Licenses++If You choose to distribute Source Code Form that is Incompatible With+Secondary Licenses under the terms of this version of the License, the+notice described in Exhibit B of this License must be attached.++Exhibit A - Source Code Form License Notice+-------------------------------------------++  This Source Code Form is subject to the terms of the Mozilla Public+  License, v. 2.0. If a copy of the MPL was not distributed with this+  file, You can obtain one at http://mozilla.org/MPL/2.0/.++If it is not possible or desirable to put the notice in a particular+file, then You may include the notice in a location (such as a LICENSE+file in a relevant directory) where a recipient would be likely to look+for such a notice.++You may add additional accurate notices of copyright ownership.
+ README.md view
@@ -0,0 +1,44 @@+# Amazon Network Firewall SDK++* [Version](#version)+* [Description](#description)+* [Contribute](#contribute)+* [Licence](#licence)+++## Version+ +`2.0` - Derived from API version @2020-11-12@ of the AWS service descriptions, licensed under Apache 2.0.++## Description++Documentation is available via [Hackage](http://hackage.haskell.org/package/amazonka-network-firewall)+and the [AWS API Reference](https://aws.amazon.com/documentation/).++The types from this library are intended to be used with [amazonka](http://hackage.haskell.org/package/amazonka),+which provides mechanisms for specifying AuthN/AuthZ information, sending requests,+and receiving responses.++Lenses are used for constructing and manipulating types,+due to the depth of nesting of AWS types and transparency regarding+de/serialisation into more palatable Haskell values.+The provided lenses should be compatible with any of the major lens libraries+[lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).++See [Amazonka.NetworkFirewall](http://hackage.haskell.org/package/amazonka-network-firewall/docs/Amazonka-NetworkFirewall.html)+or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.+++## Contribute++For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/amazonka/issues).++> _Note:_ this library is an auto-generated Haskell package. Please see `amazonka-gen` for more information.+++## Licence++`amazonka-network-firewall` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).++Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0.+Source files subject to this contain an additional licensing clause in their header.
+ amazonka-network-firewall.cabal view
@@ -0,0 +1,181 @@+cabal-version:      2.2+name:               amazonka-network-firewall+version:            2.0+synopsis:           Amazon Network Firewall SDK.+homepage:           https://github.com/brendanhay/amazonka+bug-reports:        https://github.com/brendanhay/amazonka/issues+license:            MPL-2.0+license-file:       LICENSE+author:             Brendan Hay+maintainer:+  Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>++copyright:          Copyright (c) 2013-2023 Brendan Hay+category:           AWS+build-type:         Simple+extra-source-files:+  fixture/*.proto+  fixture/*.yaml+  README.md+  src/.gitkeep++description:+  Derived from API version @2020-11-12@ of the AWS service descriptions, licensed under Apache 2.0.+  .+  The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,+  which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.+  .+  It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.+  .+  Generated lenses can be found in "Amazonka.NetworkFirewall.Lens" and are+  suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.+  .+  See "Amazonka.NetworkFirewall" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.++source-repository head+  type:     git+  location: git://github.com/brendanhay/amazonka.git+  subdir:   amazonka-network-firewall++library+  default-language: Haskell2010+  hs-source-dirs:   src gen+  ghc-options:+    -Wall -fwarn-incomplete-uni-patterns+    -fwarn-incomplete-record-updates -funbox-strict-fields++  exposed-modules:+    Amazonka.NetworkFirewall+    Amazonka.NetworkFirewall.AssociateFirewallPolicy+    Amazonka.NetworkFirewall.AssociateSubnets+    Amazonka.NetworkFirewall.CreateFirewall+    Amazonka.NetworkFirewall.CreateFirewallPolicy+    Amazonka.NetworkFirewall.CreateRuleGroup+    Amazonka.NetworkFirewall.DeleteFirewall+    Amazonka.NetworkFirewall.DeleteFirewallPolicy+    Amazonka.NetworkFirewall.DeleteResourcePolicy+    Amazonka.NetworkFirewall.DeleteRuleGroup+    Amazonka.NetworkFirewall.DescribeFirewall+    Amazonka.NetworkFirewall.DescribeFirewallPolicy+    Amazonka.NetworkFirewall.DescribeLoggingConfiguration+    Amazonka.NetworkFirewall.DescribeResourcePolicy+    Amazonka.NetworkFirewall.DescribeRuleGroup+    Amazonka.NetworkFirewall.DescribeRuleGroupMetadata+    Amazonka.NetworkFirewall.DisassociateSubnets+    Amazonka.NetworkFirewall.Lens+    Amazonka.NetworkFirewall.ListFirewallPolicies+    Amazonka.NetworkFirewall.ListFirewalls+    Amazonka.NetworkFirewall.ListRuleGroups+    Amazonka.NetworkFirewall.ListTagsForResource+    Amazonka.NetworkFirewall.PutResourcePolicy+    Amazonka.NetworkFirewall.TagResource+    Amazonka.NetworkFirewall.Types+    Amazonka.NetworkFirewall.Types.ActionDefinition+    Amazonka.NetworkFirewall.Types.Address+    Amazonka.NetworkFirewall.Types.Attachment+    Amazonka.NetworkFirewall.Types.AttachmentStatus+    Amazonka.NetworkFirewall.Types.CapacityUsageSummary+    Amazonka.NetworkFirewall.Types.CIDRSummary+    Amazonka.NetworkFirewall.Types.ConfigurationSyncState+    Amazonka.NetworkFirewall.Types.CustomAction+    Amazonka.NetworkFirewall.Types.Dimension+    Amazonka.NetworkFirewall.Types.EncryptionConfiguration+    Amazonka.NetworkFirewall.Types.EncryptionType+    Amazonka.NetworkFirewall.Types.Firewall+    Amazonka.NetworkFirewall.Types.FirewallMetadata+    Amazonka.NetworkFirewall.Types.FirewallPolicy+    Amazonka.NetworkFirewall.Types.FirewallPolicyMetadata+    Amazonka.NetworkFirewall.Types.FirewallPolicyResponse+    Amazonka.NetworkFirewall.Types.FirewallStatus+    Amazonka.NetworkFirewall.Types.FirewallStatusValue+    Amazonka.NetworkFirewall.Types.GeneratedRulesType+    Amazonka.NetworkFirewall.Types.Header+    Amazonka.NetworkFirewall.Types.IPSet+    Amazonka.NetworkFirewall.Types.IPSetMetadata+    Amazonka.NetworkFirewall.Types.IPSetReference+    Amazonka.NetworkFirewall.Types.LogDestinationConfig+    Amazonka.NetworkFirewall.Types.LogDestinationType+    Amazonka.NetworkFirewall.Types.LoggingConfiguration+    Amazonka.NetworkFirewall.Types.LogType+    Amazonka.NetworkFirewall.Types.MatchAttributes+    Amazonka.NetworkFirewall.Types.OverrideAction+    Amazonka.NetworkFirewall.Types.PerObjectStatus+    Amazonka.NetworkFirewall.Types.PerObjectSyncStatus+    Amazonka.NetworkFirewall.Types.PortRange+    Amazonka.NetworkFirewall.Types.PortSet+    Amazonka.NetworkFirewall.Types.PublishMetricAction+    Amazonka.NetworkFirewall.Types.ReferenceSets+    Amazonka.NetworkFirewall.Types.ResourceManagedStatus+    Amazonka.NetworkFirewall.Types.ResourceManagedType+    Amazonka.NetworkFirewall.Types.ResourceStatus+    Amazonka.NetworkFirewall.Types.RuleDefinition+    Amazonka.NetworkFirewall.Types.RuleGroup+    Amazonka.NetworkFirewall.Types.RuleGroupMetadata+    Amazonka.NetworkFirewall.Types.RuleGroupResponse+    Amazonka.NetworkFirewall.Types.RuleGroupType+    Amazonka.NetworkFirewall.Types.RuleOption+    Amazonka.NetworkFirewall.Types.RuleOrder+    Amazonka.NetworkFirewall.Types.RulesSource+    Amazonka.NetworkFirewall.Types.RulesSourceList+    Amazonka.NetworkFirewall.Types.RuleVariables+    Amazonka.NetworkFirewall.Types.SourceMetadata+    Amazonka.NetworkFirewall.Types.StatefulAction+    Amazonka.NetworkFirewall.Types.StatefulEngineOptions+    Amazonka.NetworkFirewall.Types.StatefulRule+    Amazonka.NetworkFirewall.Types.StatefulRuleDirection+    Amazonka.NetworkFirewall.Types.StatefulRuleGroupOverride+    Amazonka.NetworkFirewall.Types.StatefulRuleGroupReference+    Amazonka.NetworkFirewall.Types.StatefulRuleOptions+    Amazonka.NetworkFirewall.Types.StatefulRuleProtocol+    Amazonka.NetworkFirewall.Types.StatelessRule+    Amazonka.NetworkFirewall.Types.StatelessRuleGroupReference+    Amazonka.NetworkFirewall.Types.StatelessRulesAndCustomActions+    Amazonka.NetworkFirewall.Types.StreamExceptionPolicy+    Amazonka.NetworkFirewall.Types.SubnetMapping+    Amazonka.NetworkFirewall.Types.SyncState+    Amazonka.NetworkFirewall.Types.Tag+    Amazonka.NetworkFirewall.Types.TargetType+    Amazonka.NetworkFirewall.Types.TCPFlag+    Amazonka.NetworkFirewall.Types.TCPFlagField+    Amazonka.NetworkFirewall.UntagResource+    Amazonka.NetworkFirewall.UpdateFirewallDeleteProtection+    Amazonka.NetworkFirewall.UpdateFirewallDescription+    Amazonka.NetworkFirewall.UpdateFirewallEncryptionConfiguration+    Amazonka.NetworkFirewall.UpdateFirewallPolicy+    Amazonka.NetworkFirewall.UpdateFirewallPolicyChangeProtection+    Amazonka.NetworkFirewall.UpdateLoggingConfiguration+    Amazonka.NetworkFirewall.UpdateRuleGroup+    Amazonka.NetworkFirewall.UpdateSubnetChangeProtection+    Amazonka.NetworkFirewall.Waiters++  build-depends:+    , amazonka-core  >=2.0  && <2.1+    , base           >=4.12 && <5++test-suite amazonka-network-firewall-test+  type:             exitcode-stdio-1.0+  default-language: Haskell2010+  hs-source-dirs:   test+  main-is:          Main.hs+  ghc-options:      -Wall -threaded++  -- This section is encoded by the template and any modules added by+  -- hand outside these namespaces will not correctly be added to the+  -- distribution package.+  other-modules:+    Test.Amazonka.Gen.NetworkFirewall+    Test.Amazonka.NetworkFirewall+    Test.Amazonka.NetworkFirewall.Internal++  build-depends:+    , amazonka-core              >=2.0 && <2.1+    , amazonka-network-firewall+    , amazonka-test              >=2.0 && <2.1+    , base+    , bytestring+    , case-insensitive+    , tasty+    , tasty-hunit+    , text+    , time+    , unordered-containers
+ fixture/AssociateFirewallPolicy.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/AssociateFirewallPolicyResponse.proto view
+ fixture/AssociateSubnets.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/AssociateSubnetsResponse.proto view
+ fixture/CreateFirewall.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/CreateFirewallPolicy.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/CreateFirewallPolicyResponse.proto view
+ fixture/CreateFirewallResponse.proto view
+ fixture/CreateRuleGroup.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/CreateRuleGroupResponse.proto view
+ fixture/DeleteFirewall.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/DeleteFirewallPolicy.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/DeleteFirewallPolicyResponse.proto view
+ fixture/DeleteFirewallResponse.proto view
+ fixture/DeleteResourcePolicy.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/DeleteResourcePolicyResponse.proto view
+ fixture/DeleteRuleGroup.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/DeleteRuleGroupResponse.proto view
+ fixture/DescribeFirewall.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/DescribeFirewallPolicy.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/DescribeFirewallPolicyResponse.proto view
+ fixture/DescribeFirewallResponse.proto view
+ fixture/DescribeLoggingConfiguration.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/DescribeLoggingConfigurationResponse.proto view
+ fixture/DescribeResourcePolicy.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/DescribeResourcePolicyResponse.proto view
+ fixture/DescribeRuleGroup.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/DescribeRuleGroupMetadata.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/DescribeRuleGroupMetadataResponse.proto view
+ fixture/DescribeRuleGroupResponse.proto view
+ fixture/DisassociateSubnets.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/DisassociateSubnetsResponse.proto view
+ fixture/ListFirewallPolicies.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/ListFirewallPoliciesResponse.proto view
+ fixture/ListFirewalls.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/ListFirewallsResponse.proto view
+ fixture/ListRuleGroups.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/ListRuleGroupsResponse.proto view
+ fixture/ListTagsForResource.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/ListTagsForResourceResponse.proto view
+ fixture/PutResourcePolicy.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/PutResourcePolicyResponse.proto view
+ fixture/TagResource.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/TagResourceResponse.proto view
+ fixture/UntagResource.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/UntagResourceResponse.proto view
+ fixture/UpdateFirewallDeleteProtection.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/UpdateFirewallDeleteProtectionResponse.proto view
+ fixture/UpdateFirewallDescription.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/UpdateFirewallDescriptionResponse.proto view
+ fixture/UpdateFirewallEncryptionConfiguration.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/UpdateFirewallEncryptionConfigurationResponse.proto view
+ fixture/UpdateFirewallPolicy.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/UpdateFirewallPolicyChangeProtection.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/UpdateFirewallPolicyChangeProtectionResponse.proto view
+ fixture/UpdateFirewallPolicyResponse.proto view
+ fixture/UpdateLoggingConfiguration.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/UpdateLoggingConfigurationResponse.proto view
+ fixture/UpdateRuleGroup.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/UpdateRuleGroupResponse.proto view
+ fixture/UpdateSubnetChangeProtection.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/network-firewall/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+  Host:                  network-firewall.us-east-1.amazonaws.com+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8+  X-Amz-Content-SHA256:  abcdef+  X-Amz-Date:            20091028T223200Z+body:+  ''
+ fixture/UpdateSubnetChangeProtectionResponse.proto view
+ gen/Amazonka/NetworkFirewall.hs view
@@ -0,0 +1,637 @@+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- |+-- Module      : Amazonka.NetworkFirewall+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Derived from API version @2020-11-12@ of the AWS service descriptions, licensed under Apache 2.0.+--+-- This is the API Reference for Network Firewall. This guide is for+-- developers who need detailed information about the Network Firewall API+-- actions, data types, and errors.+--+-- -   The REST API requires you to handle connection details, such as+--     calculating signatures, handling request retries, and error+--     handling. For general information about using the Amazon Web+--     Services REST APIs, see+--     <https://docs.aws.amazon.com/general/latest/gr/aws-apis.html Amazon Web Services APIs>.+--+--     To access Network Firewall using the REST API endpoint:+--     @https:\/\/network-firewall.\<region>.amazonaws.com @+--+-- -   Alternatively, you can use one of the Amazon Web Services SDKs to+--     access an API that\'s tailored to the programming language or+--     platform that you\'re using. For more information, see+--     <http://aws.amazon.com/tools/#SDKs Amazon Web Services SDKs>.+--+-- -   For descriptions of Network Firewall features, including and+--     step-by-step instructions on how to use them through the Network+--     Firewall console, see the+--     <https://docs.aws.amazon.com/network-firewall/latest/developerguide/ Network Firewall Developer Guide>.+--+-- Network Firewall is a stateful, managed, network firewall and intrusion+-- detection and prevention service for Amazon Virtual Private Cloud+-- (Amazon VPC). With Network Firewall, you can filter traffic at the+-- perimeter of your VPC. This includes filtering traffic going to and+-- coming from an internet gateway, NAT gateway, or over VPN or Direct+-- Connect. Network Firewall uses rules that are compatible with Suricata,+-- a free, open source network analysis and threat detection engine.+-- Network Firewall supports Suricata version 5.0.2. For information about+-- Suricata, see the <https://suricata.io/ Suricata website>.+--+-- You can use Network Firewall to monitor and protect your VPC traffic in+-- a number of ways. The following are just a few examples:+--+-- -   Allow domains or IP addresses for known Amazon Web Services service+--     endpoints, such as Amazon S3, and block all other forms of traffic.+--+-- -   Use custom lists of known bad domains to limit the types of domain+--     names that your applications can access.+--+-- -   Perform deep packet inspection on traffic entering or leaving your+--     VPC.+--+-- -   Use stateful protocol detection to filter protocols like HTTPS,+--     regardless of the port used.+--+-- To enable Network Firewall for your VPCs, you perform steps in both+-- Amazon VPC and in Network Firewall. For information about using Amazon+-- VPC, see+-- <https://docs.aws.amazon.com/vpc/latest/userguide/ Amazon VPC User Guide>.+--+-- To start using Network Firewall, do the following:+--+-- 1.  (Optional) If you don\'t already have a VPC that you want to+--     protect, create it in Amazon VPC.+--+-- 2.  In Amazon VPC, in each Availability Zone where you want to have a+--     firewall endpoint, create a subnet for the sole use of Network+--     Firewall.+--+-- 3.  In Network Firewall, create stateless and stateful rule groups, to+--     define the components of the network traffic filtering behavior that+--     you want your firewall to have.+--+-- 4.  In Network Firewall, create a firewall policy that uses your rule+--     groups and specifies additional default traffic filtering behavior.+--+-- 5.  In Network Firewall, create a firewall and specify your new firewall+--     policy and VPC subnets. Network Firewall creates a firewall endpoint+--     in each subnet that you specify, with the behavior that\'s defined+--     in the firewall policy.+--+-- 6.  In Amazon VPC, use ingress routing enhancements to route traffic+--     through the new firewall endpoints.+module Amazonka.NetworkFirewall+  ( -- * Service Configuration+    defaultService,++    -- * Errors+    -- $errors++    -- ** InsufficientCapacityException+    _InsufficientCapacityException,++    -- ** InternalServerError+    _InternalServerError,++    -- ** InvalidOperationException+    _InvalidOperationException,++    -- ** InvalidRequestException+    _InvalidRequestException,++    -- ** InvalidResourcePolicyException+    _InvalidResourcePolicyException,++    -- ** InvalidTokenException+    _InvalidTokenException,++    -- ** LimitExceededException+    _LimitExceededException,++    -- ** LogDestinationPermissionException+    _LogDestinationPermissionException,++    -- ** ResourceNotFoundException+    _ResourceNotFoundException,++    -- ** ResourceOwnerCheckException+    _ResourceOwnerCheckException,++    -- ** ThrottlingException+    _ThrottlingException,++    -- ** UnsupportedOperationException+    _UnsupportedOperationException,++    -- * Waiters+    -- $waiters++    -- * Operations+    -- $operations++    -- ** AssociateFirewallPolicy+    AssociateFirewallPolicy (AssociateFirewallPolicy'),+    newAssociateFirewallPolicy,+    AssociateFirewallPolicyResponse (AssociateFirewallPolicyResponse'),+    newAssociateFirewallPolicyResponse,++    -- ** AssociateSubnets+    AssociateSubnets (AssociateSubnets'),+    newAssociateSubnets,+    AssociateSubnetsResponse (AssociateSubnetsResponse'),+    newAssociateSubnetsResponse,++    -- ** CreateFirewall+    CreateFirewall (CreateFirewall'),+    newCreateFirewall,+    CreateFirewallResponse (CreateFirewallResponse'),+    newCreateFirewallResponse,++    -- ** CreateFirewallPolicy+    CreateFirewallPolicy (CreateFirewallPolicy'),+    newCreateFirewallPolicy,+    CreateFirewallPolicyResponse (CreateFirewallPolicyResponse'),+    newCreateFirewallPolicyResponse,++    -- ** CreateRuleGroup+    CreateRuleGroup (CreateRuleGroup'),+    newCreateRuleGroup,+    CreateRuleGroupResponse (CreateRuleGroupResponse'),+    newCreateRuleGroupResponse,++    -- ** DeleteFirewall+    DeleteFirewall (DeleteFirewall'),+    newDeleteFirewall,+    DeleteFirewallResponse (DeleteFirewallResponse'),+    newDeleteFirewallResponse,++    -- ** DeleteFirewallPolicy+    DeleteFirewallPolicy (DeleteFirewallPolicy'),+    newDeleteFirewallPolicy,+    DeleteFirewallPolicyResponse (DeleteFirewallPolicyResponse'),+    newDeleteFirewallPolicyResponse,++    -- ** DeleteResourcePolicy+    DeleteResourcePolicy (DeleteResourcePolicy'),+    newDeleteResourcePolicy,+    DeleteResourcePolicyResponse (DeleteResourcePolicyResponse'),+    newDeleteResourcePolicyResponse,++    -- ** DeleteRuleGroup+    DeleteRuleGroup (DeleteRuleGroup'),+    newDeleteRuleGroup,+    DeleteRuleGroupResponse (DeleteRuleGroupResponse'),+    newDeleteRuleGroupResponse,++    -- ** DescribeFirewall+    DescribeFirewall (DescribeFirewall'),+    newDescribeFirewall,+    DescribeFirewallResponse (DescribeFirewallResponse'),+    newDescribeFirewallResponse,++    -- ** DescribeFirewallPolicy+    DescribeFirewallPolicy (DescribeFirewallPolicy'),+    newDescribeFirewallPolicy,+    DescribeFirewallPolicyResponse (DescribeFirewallPolicyResponse'),+    newDescribeFirewallPolicyResponse,++    -- ** DescribeLoggingConfiguration+    DescribeLoggingConfiguration (DescribeLoggingConfiguration'),+    newDescribeLoggingConfiguration,+    DescribeLoggingConfigurationResponse (DescribeLoggingConfigurationResponse'),+    newDescribeLoggingConfigurationResponse,++    -- ** DescribeResourcePolicy+    DescribeResourcePolicy (DescribeResourcePolicy'),+    newDescribeResourcePolicy,+    DescribeResourcePolicyResponse (DescribeResourcePolicyResponse'),+    newDescribeResourcePolicyResponse,++    -- ** DescribeRuleGroup+    DescribeRuleGroup (DescribeRuleGroup'),+    newDescribeRuleGroup,+    DescribeRuleGroupResponse (DescribeRuleGroupResponse'),+    newDescribeRuleGroupResponse,++    -- ** DescribeRuleGroupMetadata+    DescribeRuleGroupMetadata (DescribeRuleGroupMetadata'),+    newDescribeRuleGroupMetadata,+    DescribeRuleGroupMetadataResponse (DescribeRuleGroupMetadataResponse'),+    newDescribeRuleGroupMetadataResponse,++    -- ** DisassociateSubnets+    DisassociateSubnets (DisassociateSubnets'),+    newDisassociateSubnets,+    DisassociateSubnetsResponse (DisassociateSubnetsResponse'),+    newDisassociateSubnetsResponse,++    -- ** ListFirewallPolicies (Paginated)+    ListFirewallPolicies (ListFirewallPolicies'),+    newListFirewallPolicies,+    ListFirewallPoliciesResponse (ListFirewallPoliciesResponse'),+    newListFirewallPoliciesResponse,++    -- ** ListFirewalls (Paginated)+    ListFirewalls (ListFirewalls'),+    newListFirewalls,+    ListFirewallsResponse (ListFirewallsResponse'),+    newListFirewallsResponse,++    -- ** ListRuleGroups (Paginated)+    ListRuleGroups (ListRuleGroups'),+    newListRuleGroups,+    ListRuleGroupsResponse (ListRuleGroupsResponse'),+    newListRuleGroupsResponse,++    -- ** ListTagsForResource (Paginated)+    ListTagsForResource (ListTagsForResource'),+    newListTagsForResource,+    ListTagsForResourceResponse (ListTagsForResourceResponse'),+    newListTagsForResourceResponse,++    -- ** PutResourcePolicy+    PutResourcePolicy (PutResourcePolicy'),+    newPutResourcePolicy,+    PutResourcePolicyResponse (PutResourcePolicyResponse'),+    newPutResourcePolicyResponse,++    -- ** TagResource+    TagResource (TagResource'),+    newTagResource,+    TagResourceResponse (TagResourceResponse'),+    newTagResourceResponse,++    -- ** UntagResource+    UntagResource (UntagResource'),+    newUntagResource,+    UntagResourceResponse (UntagResourceResponse'),+    newUntagResourceResponse,++    -- ** UpdateFirewallDeleteProtection+    UpdateFirewallDeleteProtection (UpdateFirewallDeleteProtection'),+    newUpdateFirewallDeleteProtection,+    UpdateFirewallDeleteProtectionResponse (UpdateFirewallDeleteProtectionResponse'),+    newUpdateFirewallDeleteProtectionResponse,++    -- ** UpdateFirewallDescription+    UpdateFirewallDescription (UpdateFirewallDescription'),+    newUpdateFirewallDescription,+    UpdateFirewallDescriptionResponse (UpdateFirewallDescriptionResponse'),+    newUpdateFirewallDescriptionResponse,++    -- ** UpdateFirewallEncryptionConfiguration+    UpdateFirewallEncryptionConfiguration (UpdateFirewallEncryptionConfiguration'),+    newUpdateFirewallEncryptionConfiguration,+    UpdateFirewallEncryptionConfigurationResponse (UpdateFirewallEncryptionConfigurationResponse'),+    newUpdateFirewallEncryptionConfigurationResponse,++    -- ** UpdateFirewallPolicy+    UpdateFirewallPolicy (UpdateFirewallPolicy'),+    newUpdateFirewallPolicy,+    UpdateFirewallPolicyResponse (UpdateFirewallPolicyResponse'),+    newUpdateFirewallPolicyResponse,++    -- ** UpdateFirewallPolicyChangeProtection+    UpdateFirewallPolicyChangeProtection (UpdateFirewallPolicyChangeProtection'),+    newUpdateFirewallPolicyChangeProtection,+    UpdateFirewallPolicyChangeProtectionResponse (UpdateFirewallPolicyChangeProtectionResponse'),+    newUpdateFirewallPolicyChangeProtectionResponse,++    -- ** UpdateLoggingConfiguration+    UpdateLoggingConfiguration (UpdateLoggingConfiguration'),+    newUpdateLoggingConfiguration,+    UpdateLoggingConfigurationResponse (UpdateLoggingConfigurationResponse'),+    newUpdateLoggingConfigurationResponse,++    -- ** UpdateRuleGroup+    UpdateRuleGroup (UpdateRuleGroup'),+    newUpdateRuleGroup,+    UpdateRuleGroupResponse (UpdateRuleGroupResponse'),+    newUpdateRuleGroupResponse,++    -- ** UpdateSubnetChangeProtection+    UpdateSubnetChangeProtection (UpdateSubnetChangeProtection'),+    newUpdateSubnetChangeProtection,+    UpdateSubnetChangeProtectionResponse (UpdateSubnetChangeProtectionResponse'),+    newUpdateSubnetChangeProtectionResponse,++    -- * Types++    -- ** AttachmentStatus+    AttachmentStatus (..),++    -- ** ConfigurationSyncState+    ConfigurationSyncState (..),++    -- ** EncryptionType+    EncryptionType (..),++    -- ** FirewallStatusValue+    FirewallStatusValue (..),++    -- ** GeneratedRulesType+    GeneratedRulesType (..),++    -- ** LogDestinationType+    LogDestinationType (..),++    -- ** LogType+    LogType (..),++    -- ** OverrideAction+    OverrideAction (..),++    -- ** PerObjectSyncStatus+    PerObjectSyncStatus (..),++    -- ** ResourceManagedStatus+    ResourceManagedStatus (..),++    -- ** ResourceManagedType+    ResourceManagedType (..),++    -- ** ResourceStatus+    ResourceStatus (..),++    -- ** RuleGroupType+    RuleGroupType (..),++    -- ** RuleOrder+    RuleOrder (..),++    -- ** StatefulAction+    StatefulAction (..),++    -- ** StatefulRuleDirection+    StatefulRuleDirection (..),++    -- ** StatefulRuleProtocol+    StatefulRuleProtocol (..),++    -- ** StreamExceptionPolicy+    StreamExceptionPolicy (..),++    -- ** TCPFlag+    TCPFlag (..),++    -- ** TargetType+    TargetType (..),++    -- ** ActionDefinition+    ActionDefinition (ActionDefinition'),+    newActionDefinition,++    -- ** Address+    Address (Address'),+    newAddress,++    -- ** Attachment+    Attachment (Attachment'),+    newAttachment,++    -- ** CIDRSummary+    CIDRSummary (CIDRSummary'),+    newCIDRSummary,++    -- ** CapacityUsageSummary+    CapacityUsageSummary (CapacityUsageSummary'),+    newCapacityUsageSummary,++    -- ** CustomAction+    CustomAction (CustomAction'),+    newCustomAction,++    -- ** Dimension+    Dimension (Dimension'),+    newDimension,++    -- ** EncryptionConfiguration+    EncryptionConfiguration (EncryptionConfiguration'),+    newEncryptionConfiguration,++    -- ** Firewall+    Firewall (Firewall'),+    newFirewall,++    -- ** FirewallMetadata+    FirewallMetadata (FirewallMetadata'),+    newFirewallMetadata,++    -- ** FirewallPolicy+    FirewallPolicy (FirewallPolicy'),+    newFirewallPolicy,++    -- ** FirewallPolicyMetadata+    FirewallPolicyMetadata (FirewallPolicyMetadata'),+    newFirewallPolicyMetadata,++    -- ** FirewallPolicyResponse+    FirewallPolicyResponse (FirewallPolicyResponse'),+    newFirewallPolicyResponse,++    -- ** FirewallStatus+    FirewallStatus (FirewallStatus'),+    newFirewallStatus,++    -- ** Header+    Header (Header'),+    newHeader,++    -- ** IPSet+    IPSet (IPSet'),+    newIPSet,++    -- ** IPSetMetadata+    IPSetMetadata (IPSetMetadata'),+    newIPSetMetadata,++    -- ** IPSetReference+    IPSetReference (IPSetReference'),+    newIPSetReference,++    -- ** LogDestinationConfig+    LogDestinationConfig (LogDestinationConfig'),+    newLogDestinationConfig,++    -- ** LoggingConfiguration+    LoggingConfiguration (LoggingConfiguration'),+    newLoggingConfiguration,++    -- ** MatchAttributes+    MatchAttributes (MatchAttributes'),+    newMatchAttributes,++    -- ** PerObjectStatus+    PerObjectStatus (PerObjectStatus'),+    newPerObjectStatus,++    -- ** PortRange+    PortRange (PortRange'),+    newPortRange,++    -- ** PortSet+    PortSet (PortSet'),+    newPortSet,++    -- ** PublishMetricAction+    PublishMetricAction (PublishMetricAction'),+    newPublishMetricAction,++    -- ** ReferenceSets+    ReferenceSets (ReferenceSets'),+    newReferenceSets,++    -- ** RuleDefinition+    RuleDefinition (RuleDefinition'),+    newRuleDefinition,++    -- ** RuleGroup+    RuleGroup (RuleGroup'),+    newRuleGroup,++    -- ** RuleGroupMetadata+    RuleGroupMetadata (RuleGroupMetadata'),+    newRuleGroupMetadata,++    -- ** RuleGroupResponse+    RuleGroupResponse (RuleGroupResponse'),+    newRuleGroupResponse,++    -- ** RuleOption+    RuleOption (RuleOption'),+    newRuleOption,++    -- ** RuleVariables+    RuleVariables (RuleVariables'),+    newRuleVariables,++    -- ** RulesSource+    RulesSource (RulesSource'),+    newRulesSource,++    -- ** RulesSourceList+    RulesSourceList (RulesSourceList'),+    newRulesSourceList,++    -- ** SourceMetadata+    SourceMetadata (SourceMetadata'),+    newSourceMetadata,++    -- ** StatefulEngineOptions+    StatefulEngineOptions (StatefulEngineOptions'),+    newStatefulEngineOptions,++    -- ** StatefulRule+    StatefulRule (StatefulRule'),+    newStatefulRule,++    -- ** StatefulRuleGroupOverride+    StatefulRuleGroupOverride (StatefulRuleGroupOverride'),+    newStatefulRuleGroupOverride,++    -- ** StatefulRuleGroupReference+    StatefulRuleGroupReference (StatefulRuleGroupReference'),+    newStatefulRuleGroupReference,++    -- ** StatefulRuleOptions+    StatefulRuleOptions (StatefulRuleOptions'),+    newStatefulRuleOptions,++    -- ** StatelessRule+    StatelessRule (StatelessRule'),+    newStatelessRule,++    -- ** StatelessRuleGroupReference+    StatelessRuleGroupReference (StatelessRuleGroupReference'),+    newStatelessRuleGroupReference,++    -- ** StatelessRulesAndCustomActions+    StatelessRulesAndCustomActions (StatelessRulesAndCustomActions'),+    newStatelessRulesAndCustomActions,++    -- ** SubnetMapping+    SubnetMapping (SubnetMapping'),+    newSubnetMapping,++    -- ** SyncState+    SyncState (SyncState'),+    newSyncState,++    -- ** TCPFlagField+    TCPFlagField (TCPFlagField'),+    newTCPFlagField,++    -- ** Tag+    Tag (Tag'),+    newTag,+  )+where++import Amazonka.NetworkFirewall.AssociateFirewallPolicy+import Amazonka.NetworkFirewall.AssociateSubnets+import Amazonka.NetworkFirewall.CreateFirewall+import Amazonka.NetworkFirewall.CreateFirewallPolicy+import Amazonka.NetworkFirewall.CreateRuleGroup+import Amazonka.NetworkFirewall.DeleteFirewall+import Amazonka.NetworkFirewall.DeleteFirewallPolicy+import Amazonka.NetworkFirewall.DeleteResourcePolicy+import Amazonka.NetworkFirewall.DeleteRuleGroup+import Amazonka.NetworkFirewall.DescribeFirewall+import Amazonka.NetworkFirewall.DescribeFirewallPolicy+import Amazonka.NetworkFirewall.DescribeLoggingConfiguration+import Amazonka.NetworkFirewall.DescribeResourcePolicy+import Amazonka.NetworkFirewall.DescribeRuleGroup+import Amazonka.NetworkFirewall.DescribeRuleGroupMetadata+import Amazonka.NetworkFirewall.DisassociateSubnets+import Amazonka.NetworkFirewall.Lens+import Amazonka.NetworkFirewall.ListFirewallPolicies+import Amazonka.NetworkFirewall.ListFirewalls+import Amazonka.NetworkFirewall.ListRuleGroups+import Amazonka.NetworkFirewall.ListTagsForResource+import Amazonka.NetworkFirewall.PutResourcePolicy+import Amazonka.NetworkFirewall.TagResource+import Amazonka.NetworkFirewall.Types+import Amazonka.NetworkFirewall.UntagResource+import Amazonka.NetworkFirewall.UpdateFirewallDeleteProtection+import Amazonka.NetworkFirewall.UpdateFirewallDescription+import Amazonka.NetworkFirewall.UpdateFirewallEncryptionConfiguration+import Amazonka.NetworkFirewall.UpdateFirewallPolicy+import Amazonka.NetworkFirewall.UpdateFirewallPolicyChangeProtection+import Amazonka.NetworkFirewall.UpdateLoggingConfiguration+import Amazonka.NetworkFirewall.UpdateRuleGroup+import Amazonka.NetworkFirewall.UpdateSubnetChangeProtection+import Amazonka.NetworkFirewall.Waiters++-- $errors+-- Error matchers are designed for use with the functions provided by+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.+-- This allows catching (and rethrowing) service specific errors returned+-- by 'NetworkFirewall'.++-- $operations+-- Some AWS operations return results that are incomplete and require subsequent+-- requests in order to obtain the entire result set. The process of sending+-- subsequent requests to continue where a previous request left off is called+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to+-- 1000 objects at a time, and you must send subsequent requests with the+-- appropriate Marker in order to retrieve the next page of results.+--+-- Operations that have an 'AWSPager' instance can transparently perform subsequent+-- requests, correctly setting Markers and other request facets to iterate through+-- the entire result set of a truncated API operation. Operations which support+-- this have an additional note in the documentation.+--+-- Many operations have the ability to filter results on the server side. See the+-- individual operation parameters for details.++-- $waiters+-- Waiters poll by repeatedly sending a request until some remote success condition+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification+-- determines how many attempts should be made, in addition to delay and retry strategies.
+ gen/Amazonka/NetworkFirewall/AssociateFirewallPolicy.hs view
@@ -0,0 +1,372 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.AssociateFirewallPolicy+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Associates a FirewallPolicy to a Firewall.+--+-- A firewall policy defines how to monitor and manage your VPC network+-- traffic, using a collection of inspection rule groups and other+-- settings. Each firewall requires one firewall policy association, and+-- you can use the same firewall policy for multiple firewalls.+module Amazonka.NetworkFirewall.AssociateFirewallPolicy+  ( -- * Creating a Request+    AssociateFirewallPolicy (..),+    newAssociateFirewallPolicy,++    -- * Request Lenses+    associateFirewallPolicy_firewallArn,+    associateFirewallPolicy_firewallName,+    associateFirewallPolicy_updateToken,+    associateFirewallPolicy_firewallPolicyArn,++    -- * Destructuring the Response+    AssociateFirewallPolicyResponse (..),+    newAssociateFirewallPolicyResponse,++    -- * Response Lenses+    associateFirewallPolicyResponse_firewallArn,+    associateFirewallPolicyResponse_firewallName,+    associateFirewallPolicyResponse_firewallPolicyArn,+    associateFirewallPolicyResponse_updateToken,+    associateFirewallPolicyResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newAssociateFirewallPolicy' smart constructor.+data AssociateFirewallPolicy = AssociateFirewallPolicy'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | The Amazon Resource Name (ARN) of the firewall policy.+    firewallPolicyArn :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'AssociateFirewallPolicy' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'associateFirewallPolicy_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallName', 'associateFirewallPolicy_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'updateToken', 'associateFirewallPolicy_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'firewallPolicyArn', 'associateFirewallPolicy_firewallPolicyArn' - The Amazon Resource Name (ARN) of the firewall policy.+newAssociateFirewallPolicy ::+  -- | 'firewallPolicyArn'+  Prelude.Text ->+  AssociateFirewallPolicy+newAssociateFirewallPolicy pFirewallPolicyArn_ =+  AssociateFirewallPolicy'+    { firewallArn =+        Prelude.Nothing,+      firewallName = Prelude.Nothing,+      updateToken = Prelude.Nothing,+      firewallPolicyArn = pFirewallPolicyArn_+    }++-- | The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+associateFirewallPolicy_firewallArn :: Lens.Lens' AssociateFirewallPolicy (Prelude.Maybe Prelude.Text)+associateFirewallPolicy_firewallArn = Lens.lens (\AssociateFirewallPolicy' {firewallArn} -> firewallArn) (\s@AssociateFirewallPolicy' {} a -> s {firewallArn = a} :: AssociateFirewallPolicy)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+associateFirewallPolicy_firewallName :: Lens.Lens' AssociateFirewallPolicy (Prelude.Maybe Prelude.Text)+associateFirewallPolicy_firewallName = Lens.lens (\AssociateFirewallPolicy' {firewallName} -> firewallName) (\s@AssociateFirewallPolicy' {} a -> s {firewallName = a} :: AssociateFirewallPolicy)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+associateFirewallPolicy_updateToken :: Lens.Lens' AssociateFirewallPolicy (Prelude.Maybe Prelude.Text)+associateFirewallPolicy_updateToken = Lens.lens (\AssociateFirewallPolicy' {updateToken} -> updateToken) (\s@AssociateFirewallPolicy' {} a -> s {updateToken = a} :: AssociateFirewallPolicy)++-- | The Amazon Resource Name (ARN) of the firewall policy.+associateFirewallPolicy_firewallPolicyArn :: Lens.Lens' AssociateFirewallPolicy Prelude.Text+associateFirewallPolicy_firewallPolicyArn = Lens.lens (\AssociateFirewallPolicy' {firewallPolicyArn} -> firewallPolicyArn) (\s@AssociateFirewallPolicy' {} a -> s {firewallPolicyArn = a} :: AssociateFirewallPolicy)++instance Core.AWSRequest AssociateFirewallPolicy where+  type+    AWSResponse AssociateFirewallPolicy =+      AssociateFirewallPolicyResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          AssociateFirewallPolicyResponse'+            Prelude.<$> (x Data..?> "FirewallArn")+            Prelude.<*> (x Data..?> "FirewallName")+            Prelude.<*> (x Data..?> "FirewallPolicyArn")+            Prelude.<*> (x Data..?> "UpdateToken")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable AssociateFirewallPolicy where+  hashWithSalt _salt AssociateFirewallPolicy' {..} =+    _salt+      `Prelude.hashWithSalt` firewallArn+      `Prelude.hashWithSalt` firewallName+      `Prelude.hashWithSalt` updateToken+      `Prelude.hashWithSalt` firewallPolicyArn++instance Prelude.NFData AssociateFirewallPolicy where+  rnf AssociateFirewallPolicy' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf firewallPolicyArn++instance Data.ToHeaders AssociateFirewallPolicy where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.AssociateFirewallPolicy" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON AssociateFirewallPolicy where+  toJSON AssociateFirewallPolicy' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("FirewallArn" Data..=) Prelude.<$> firewallArn,+            ("FirewallName" Data..=) Prelude.<$> firewallName,+            ("UpdateToken" Data..=) Prelude.<$> updateToken,+            Prelude.Just+              ("FirewallPolicyArn" Data..= firewallPolicyArn)+          ]+      )++instance Data.ToPath AssociateFirewallPolicy where+  toPath = Prelude.const "/"++instance Data.ToQuery AssociateFirewallPolicy where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newAssociateFirewallPolicyResponse' smart constructor.+data AssociateFirewallPolicyResponse = AssociateFirewallPolicyResponse'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | The Amazon Resource Name (ARN) of the firewall policy.+    firewallPolicyArn :: Prelude.Maybe Prelude.Text,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'AssociateFirewallPolicyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'associateFirewallPolicyResponse_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- 'firewallName', 'associateFirewallPolicyResponse_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- 'firewallPolicyArn', 'associateFirewallPolicyResponse_firewallPolicyArn' - The Amazon Resource Name (ARN) of the firewall policy.+--+-- 'updateToken', 'associateFirewallPolicyResponse_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'httpStatus', 'associateFirewallPolicyResponse_httpStatus' - The response's http status code.+newAssociateFirewallPolicyResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  AssociateFirewallPolicyResponse+newAssociateFirewallPolicyResponse pHttpStatus_ =+  AssociateFirewallPolicyResponse'+    { firewallArn =+        Prelude.Nothing,+      firewallName = Prelude.Nothing,+      firewallPolicyArn = Prelude.Nothing,+      updateToken = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | The Amazon Resource Name (ARN) of the firewall.+associateFirewallPolicyResponse_firewallArn :: Lens.Lens' AssociateFirewallPolicyResponse (Prelude.Maybe Prelude.Text)+associateFirewallPolicyResponse_firewallArn = Lens.lens (\AssociateFirewallPolicyResponse' {firewallArn} -> firewallArn) (\s@AssociateFirewallPolicyResponse' {} a -> s {firewallArn = a} :: AssociateFirewallPolicyResponse)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+associateFirewallPolicyResponse_firewallName :: Lens.Lens' AssociateFirewallPolicyResponse (Prelude.Maybe Prelude.Text)+associateFirewallPolicyResponse_firewallName = Lens.lens (\AssociateFirewallPolicyResponse' {firewallName} -> firewallName) (\s@AssociateFirewallPolicyResponse' {} a -> s {firewallName = a} :: AssociateFirewallPolicyResponse)++-- | The Amazon Resource Name (ARN) of the firewall policy.+associateFirewallPolicyResponse_firewallPolicyArn :: Lens.Lens' AssociateFirewallPolicyResponse (Prelude.Maybe Prelude.Text)+associateFirewallPolicyResponse_firewallPolicyArn = Lens.lens (\AssociateFirewallPolicyResponse' {firewallPolicyArn} -> firewallPolicyArn) (\s@AssociateFirewallPolicyResponse' {} a -> s {firewallPolicyArn = a} :: AssociateFirewallPolicyResponse)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+associateFirewallPolicyResponse_updateToken :: Lens.Lens' AssociateFirewallPolicyResponse (Prelude.Maybe Prelude.Text)+associateFirewallPolicyResponse_updateToken = Lens.lens (\AssociateFirewallPolicyResponse' {updateToken} -> updateToken) (\s@AssociateFirewallPolicyResponse' {} a -> s {updateToken = a} :: AssociateFirewallPolicyResponse)++-- | The response's http status code.+associateFirewallPolicyResponse_httpStatus :: Lens.Lens' AssociateFirewallPolicyResponse Prelude.Int+associateFirewallPolicyResponse_httpStatus = Lens.lens (\AssociateFirewallPolicyResponse' {httpStatus} -> httpStatus) (\s@AssociateFirewallPolicyResponse' {} a -> s {httpStatus = a} :: AssociateFirewallPolicyResponse)++instance+  Prelude.NFData+    AssociateFirewallPolicyResponse+  where+  rnf AssociateFirewallPolicyResponse' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf firewallPolicyArn+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/AssociateSubnets.hs view
@@ -0,0 +1,369 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.AssociateSubnets+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Associates the specified subnets in the Amazon VPC to the firewall. You+-- can specify one subnet for each of the Availability Zones that the VPC+-- spans.+--+-- This request creates an Network Firewall firewall endpoint in each of+-- the subnets. To enable the firewall\'s protections, you must also modify+-- the VPC\'s route tables for each subnet\'s Availability Zone, to+-- redirect the traffic that\'s coming into and going out of the zone+-- through the firewall endpoint.+module Amazonka.NetworkFirewall.AssociateSubnets+  ( -- * Creating a Request+    AssociateSubnets (..),+    newAssociateSubnets,++    -- * Request Lenses+    associateSubnets_firewallArn,+    associateSubnets_firewallName,+    associateSubnets_updateToken,+    associateSubnets_subnetMappings,++    -- * Destructuring the Response+    AssociateSubnetsResponse (..),+    newAssociateSubnetsResponse,++    -- * Response Lenses+    associateSubnetsResponse_firewallArn,+    associateSubnetsResponse_firewallName,+    associateSubnetsResponse_subnetMappings,+    associateSubnetsResponse_updateToken,+    associateSubnetsResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newAssociateSubnets' smart constructor.+data AssociateSubnets = AssociateSubnets'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | The IDs of the subnets that you want to associate with the firewall.+    subnetMappings :: [SubnetMapping]+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'AssociateSubnets' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'associateSubnets_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallName', 'associateSubnets_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'updateToken', 'associateSubnets_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'subnetMappings', 'associateSubnets_subnetMappings' - The IDs of the subnets that you want to associate with the firewall.+newAssociateSubnets ::+  AssociateSubnets+newAssociateSubnets =+  AssociateSubnets'+    { firewallArn = Prelude.Nothing,+      firewallName = Prelude.Nothing,+      updateToken = Prelude.Nothing,+      subnetMappings = Prelude.mempty+    }++-- | The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+associateSubnets_firewallArn :: Lens.Lens' AssociateSubnets (Prelude.Maybe Prelude.Text)+associateSubnets_firewallArn = Lens.lens (\AssociateSubnets' {firewallArn} -> firewallArn) (\s@AssociateSubnets' {} a -> s {firewallArn = a} :: AssociateSubnets)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+associateSubnets_firewallName :: Lens.Lens' AssociateSubnets (Prelude.Maybe Prelude.Text)+associateSubnets_firewallName = Lens.lens (\AssociateSubnets' {firewallName} -> firewallName) (\s@AssociateSubnets' {} a -> s {firewallName = a} :: AssociateSubnets)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+associateSubnets_updateToken :: Lens.Lens' AssociateSubnets (Prelude.Maybe Prelude.Text)+associateSubnets_updateToken = Lens.lens (\AssociateSubnets' {updateToken} -> updateToken) (\s@AssociateSubnets' {} a -> s {updateToken = a} :: AssociateSubnets)++-- | The IDs of the subnets that you want to associate with the firewall.+associateSubnets_subnetMappings :: Lens.Lens' AssociateSubnets [SubnetMapping]+associateSubnets_subnetMappings = Lens.lens (\AssociateSubnets' {subnetMappings} -> subnetMappings) (\s@AssociateSubnets' {} a -> s {subnetMappings = a} :: AssociateSubnets) Prelude.. Lens.coerced++instance Core.AWSRequest AssociateSubnets where+  type+    AWSResponse AssociateSubnets =+      AssociateSubnetsResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          AssociateSubnetsResponse'+            Prelude.<$> (x Data..?> "FirewallArn")+            Prelude.<*> (x Data..?> "FirewallName")+            Prelude.<*> (x Data..?> "SubnetMappings" Core..!@ Prelude.mempty)+            Prelude.<*> (x Data..?> "UpdateToken")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable AssociateSubnets where+  hashWithSalt _salt AssociateSubnets' {..} =+    _salt+      `Prelude.hashWithSalt` firewallArn+      `Prelude.hashWithSalt` firewallName+      `Prelude.hashWithSalt` updateToken+      `Prelude.hashWithSalt` subnetMappings++instance Prelude.NFData AssociateSubnets where+  rnf AssociateSubnets' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf subnetMappings++instance Data.ToHeaders AssociateSubnets where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.AssociateSubnets" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON AssociateSubnets where+  toJSON AssociateSubnets' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("FirewallArn" Data..=) Prelude.<$> firewallArn,+            ("FirewallName" Data..=) Prelude.<$> firewallName,+            ("UpdateToken" Data..=) Prelude.<$> updateToken,+            Prelude.Just+              ("SubnetMappings" Data..= subnetMappings)+          ]+      )++instance Data.ToPath AssociateSubnets where+  toPath = Prelude.const "/"++instance Data.ToQuery AssociateSubnets where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newAssociateSubnetsResponse' smart constructor.+data AssociateSubnetsResponse = AssociateSubnetsResponse'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | The IDs of the subnets that are associated with the firewall.+    subnetMappings :: Prelude.Maybe [SubnetMapping],+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'AssociateSubnetsResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'associateSubnetsResponse_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- 'firewallName', 'associateSubnetsResponse_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- 'subnetMappings', 'associateSubnetsResponse_subnetMappings' - The IDs of the subnets that are associated with the firewall.+--+-- 'updateToken', 'associateSubnetsResponse_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'httpStatus', 'associateSubnetsResponse_httpStatus' - The response's http status code.+newAssociateSubnetsResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  AssociateSubnetsResponse+newAssociateSubnetsResponse pHttpStatus_ =+  AssociateSubnetsResponse'+    { firewallArn =+        Prelude.Nothing,+      firewallName = Prelude.Nothing,+      subnetMappings = Prelude.Nothing,+      updateToken = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | The Amazon Resource Name (ARN) of the firewall.+associateSubnetsResponse_firewallArn :: Lens.Lens' AssociateSubnetsResponse (Prelude.Maybe Prelude.Text)+associateSubnetsResponse_firewallArn = Lens.lens (\AssociateSubnetsResponse' {firewallArn} -> firewallArn) (\s@AssociateSubnetsResponse' {} a -> s {firewallArn = a} :: AssociateSubnetsResponse)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+associateSubnetsResponse_firewallName :: Lens.Lens' AssociateSubnetsResponse (Prelude.Maybe Prelude.Text)+associateSubnetsResponse_firewallName = Lens.lens (\AssociateSubnetsResponse' {firewallName} -> firewallName) (\s@AssociateSubnetsResponse' {} a -> s {firewallName = a} :: AssociateSubnetsResponse)++-- | The IDs of the subnets that are associated with the firewall.+associateSubnetsResponse_subnetMappings :: Lens.Lens' AssociateSubnetsResponse (Prelude.Maybe [SubnetMapping])+associateSubnetsResponse_subnetMappings = Lens.lens (\AssociateSubnetsResponse' {subnetMappings} -> subnetMappings) (\s@AssociateSubnetsResponse' {} a -> s {subnetMappings = a} :: AssociateSubnetsResponse) Prelude.. Lens.mapping Lens.coerced++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+associateSubnetsResponse_updateToken :: Lens.Lens' AssociateSubnetsResponse (Prelude.Maybe Prelude.Text)+associateSubnetsResponse_updateToken = Lens.lens (\AssociateSubnetsResponse' {updateToken} -> updateToken) (\s@AssociateSubnetsResponse' {} a -> s {updateToken = a} :: AssociateSubnetsResponse)++-- | The response's http status code.+associateSubnetsResponse_httpStatus :: Lens.Lens' AssociateSubnetsResponse Prelude.Int+associateSubnetsResponse_httpStatus = Lens.lens (\AssociateSubnetsResponse' {httpStatus} -> httpStatus) (\s@AssociateSubnetsResponse' {} a -> s {httpStatus = a} :: AssociateSubnetsResponse)++instance Prelude.NFData AssociateSubnetsResponse where+  rnf AssociateSubnetsResponse' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf subnetMappings+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/CreateFirewall.hs view
@@ -0,0 +1,407 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.CreateFirewall+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Creates an Network Firewall Firewall and accompanying FirewallStatus for+-- a VPC.+--+-- The firewall defines the configuration settings for an Network Firewall+-- firewall. The settings that you can define at creation include the+-- firewall policy, the subnets in your VPC to use for the firewall+-- endpoints, and any tags that are attached to the firewall Amazon Web+-- Services resource.+--+-- After you create a firewall, you can provide additional settings, like+-- the logging configuration.+--+-- To update the settings for a firewall, you use the operations that apply+-- to the settings themselves, for example UpdateLoggingConfiguration,+-- AssociateSubnets, and UpdateFirewallDeleteProtection.+--+-- To manage a firewall\'s tags, use the standard Amazon Web Services+-- resource tagging operations, ListTagsForResource, TagResource, and+-- UntagResource.+--+-- To retrieve information about firewalls, use ListFirewalls and+-- DescribeFirewall.+module Amazonka.NetworkFirewall.CreateFirewall+  ( -- * Creating a Request+    CreateFirewall (..),+    newCreateFirewall,++    -- * Request Lenses+    createFirewall_deleteProtection,+    createFirewall_description,+    createFirewall_encryptionConfiguration,+    createFirewall_firewallPolicyChangeProtection,+    createFirewall_subnetChangeProtection,+    createFirewall_tags,+    createFirewall_firewallName,+    createFirewall_firewallPolicyArn,+    createFirewall_vpcId,+    createFirewall_subnetMappings,++    -- * Destructuring the Response+    CreateFirewallResponse (..),+    newCreateFirewallResponse,++    -- * Response Lenses+    createFirewallResponse_firewall,+    createFirewallResponse_firewallStatus,+    createFirewallResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newCreateFirewall' smart constructor.+data CreateFirewall = CreateFirewall'+  { -- | A flag indicating whether it is possible to delete the firewall. A+    -- setting of @TRUE@ indicates that the firewall is protected against+    -- deletion. Use this setting to protect against accidentally deleting a+    -- firewall that is in use. When you create a firewall, the operation+    -- initializes this flag to @TRUE@.+    deleteProtection :: Prelude.Maybe Prelude.Bool,+    -- | A description of the firewall.+    description :: Prelude.Maybe Prelude.Text,+    -- | A complex type that contains settings for encryption of your firewall+    -- resources.+    encryptionConfiguration :: Prelude.Maybe EncryptionConfiguration,+    -- | A setting indicating whether the firewall is protected against a change+    -- to the firewall policy association. Use this setting to protect against+    -- accidentally modifying the firewall policy for a firewall that is in+    -- use. When you create a firewall, the operation initializes this setting+    -- to @TRUE@.+    firewallPolicyChangeProtection :: Prelude.Maybe Prelude.Bool,+    -- | A setting indicating whether the firewall is protected against changes+    -- to the subnet associations. Use this setting to protect against+    -- accidentally modifying the subnet associations for a firewall that is in+    -- use. When you create a firewall, the operation initializes this setting+    -- to @TRUE@.+    subnetChangeProtection :: Prelude.Maybe Prelude.Bool,+    -- | The key:value pairs to associate with the resource.+    tags :: Prelude.Maybe (Prelude.NonEmpty Tag),+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    firewallName :: Prelude.Text,+    -- | The Amazon Resource Name (ARN) of the FirewallPolicy that you want to+    -- use for the firewall.+    firewallPolicyArn :: Prelude.Text,+    -- | The unique identifier of the VPC where Network Firewall should create+    -- the firewall.+    --+    -- You can\'t change this setting after you create the firewall.+    vpcId :: Prelude.Text,+    -- | The public subnets to use for your Network Firewall firewalls. Each+    -- subnet must belong to a different Availability Zone in the VPC. Network+    -- Firewall creates a firewall endpoint in each subnet.+    subnetMappings :: [SubnetMapping]+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateFirewall' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'deleteProtection', 'createFirewall_deleteProtection' - A flag indicating whether it is possible to delete the firewall. A+-- setting of @TRUE@ indicates that the firewall is protected against+-- deletion. Use this setting to protect against accidentally deleting a+-- firewall that is in use. When you create a firewall, the operation+-- initializes this flag to @TRUE@.+--+-- 'description', 'createFirewall_description' - A description of the firewall.+--+-- 'encryptionConfiguration', 'createFirewall_encryptionConfiguration' - A complex type that contains settings for encryption of your firewall+-- resources.+--+-- 'firewallPolicyChangeProtection', 'createFirewall_firewallPolicyChangeProtection' - A setting indicating whether the firewall is protected against a change+-- to the firewall policy association. Use this setting to protect against+-- accidentally modifying the firewall policy for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+--+-- 'subnetChangeProtection', 'createFirewall_subnetChangeProtection' - A setting indicating whether the firewall is protected against changes+-- to the subnet associations. Use this setting to protect against+-- accidentally modifying the subnet associations for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+--+-- 'tags', 'createFirewall_tags' - The key:value pairs to associate with the resource.+--+-- 'firewallName', 'createFirewall_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- 'firewallPolicyArn', 'createFirewall_firewallPolicyArn' - The Amazon Resource Name (ARN) of the FirewallPolicy that you want to+-- use for the firewall.+--+-- 'vpcId', 'createFirewall_vpcId' - The unique identifier of the VPC where Network Firewall should create+-- the firewall.+--+-- You can\'t change this setting after you create the firewall.+--+-- 'subnetMappings', 'createFirewall_subnetMappings' - The public subnets to use for your Network Firewall firewalls. Each+-- subnet must belong to a different Availability Zone in the VPC. Network+-- Firewall creates a firewall endpoint in each subnet.+newCreateFirewall ::+  -- | 'firewallName'+  Prelude.Text ->+  -- | 'firewallPolicyArn'+  Prelude.Text ->+  -- | 'vpcId'+  Prelude.Text ->+  CreateFirewall+newCreateFirewall+  pFirewallName_+  pFirewallPolicyArn_+  pVpcId_ =+    CreateFirewall'+      { deleteProtection = Prelude.Nothing,+        description = Prelude.Nothing,+        encryptionConfiguration = Prelude.Nothing,+        firewallPolicyChangeProtection = Prelude.Nothing,+        subnetChangeProtection = Prelude.Nothing,+        tags = Prelude.Nothing,+        firewallName = pFirewallName_,+        firewallPolicyArn = pFirewallPolicyArn_,+        vpcId = pVpcId_,+        subnetMappings = Prelude.mempty+      }++-- | A flag indicating whether it is possible to delete the firewall. A+-- setting of @TRUE@ indicates that the firewall is protected against+-- deletion. Use this setting to protect against accidentally deleting a+-- firewall that is in use. When you create a firewall, the operation+-- initializes this flag to @TRUE@.+createFirewall_deleteProtection :: Lens.Lens' CreateFirewall (Prelude.Maybe Prelude.Bool)+createFirewall_deleteProtection = Lens.lens (\CreateFirewall' {deleteProtection} -> deleteProtection) (\s@CreateFirewall' {} a -> s {deleteProtection = a} :: CreateFirewall)++-- | A description of the firewall.+createFirewall_description :: Lens.Lens' CreateFirewall (Prelude.Maybe Prelude.Text)+createFirewall_description = Lens.lens (\CreateFirewall' {description} -> description) (\s@CreateFirewall' {} a -> s {description = a} :: CreateFirewall)++-- | A complex type that contains settings for encryption of your firewall+-- resources.+createFirewall_encryptionConfiguration :: Lens.Lens' CreateFirewall (Prelude.Maybe EncryptionConfiguration)+createFirewall_encryptionConfiguration = Lens.lens (\CreateFirewall' {encryptionConfiguration} -> encryptionConfiguration) (\s@CreateFirewall' {} a -> s {encryptionConfiguration = a} :: CreateFirewall)++-- | A setting indicating whether the firewall is protected against a change+-- to the firewall policy association. Use this setting to protect against+-- accidentally modifying the firewall policy for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+createFirewall_firewallPolicyChangeProtection :: Lens.Lens' CreateFirewall (Prelude.Maybe Prelude.Bool)+createFirewall_firewallPolicyChangeProtection = Lens.lens (\CreateFirewall' {firewallPolicyChangeProtection} -> firewallPolicyChangeProtection) (\s@CreateFirewall' {} a -> s {firewallPolicyChangeProtection = a} :: CreateFirewall)++-- | A setting indicating whether the firewall is protected against changes+-- to the subnet associations. Use this setting to protect against+-- accidentally modifying the subnet associations for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+createFirewall_subnetChangeProtection :: Lens.Lens' CreateFirewall (Prelude.Maybe Prelude.Bool)+createFirewall_subnetChangeProtection = Lens.lens (\CreateFirewall' {subnetChangeProtection} -> subnetChangeProtection) (\s@CreateFirewall' {} a -> s {subnetChangeProtection = a} :: CreateFirewall)++-- | The key:value pairs to associate with the resource.+createFirewall_tags :: Lens.Lens' CreateFirewall (Prelude.Maybe (Prelude.NonEmpty Tag))+createFirewall_tags = Lens.lens (\CreateFirewall' {tags} -> tags) (\s@CreateFirewall' {} a -> s {tags = a} :: CreateFirewall) Prelude.. Lens.mapping Lens.coerced++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+createFirewall_firewallName :: Lens.Lens' CreateFirewall Prelude.Text+createFirewall_firewallName = Lens.lens (\CreateFirewall' {firewallName} -> firewallName) (\s@CreateFirewall' {} a -> s {firewallName = a} :: CreateFirewall)++-- | The Amazon Resource Name (ARN) of the FirewallPolicy that you want to+-- use for the firewall.+createFirewall_firewallPolicyArn :: Lens.Lens' CreateFirewall Prelude.Text+createFirewall_firewallPolicyArn = Lens.lens (\CreateFirewall' {firewallPolicyArn} -> firewallPolicyArn) (\s@CreateFirewall' {} a -> s {firewallPolicyArn = a} :: CreateFirewall)++-- | The unique identifier of the VPC where Network Firewall should create+-- the firewall.+--+-- You can\'t change this setting after you create the firewall.+createFirewall_vpcId :: Lens.Lens' CreateFirewall Prelude.Text+createFirewall_vpcId = Lens.lens (\CreateFirewall' {vpcId} -> vpcId) (\s@CreateFirewall' {} a -> s {vpcId = a} :: CreateFirewall)++-- | The public subnets to use for your Network Firewall firewalls. Each+-- subnet must belong to a different Availability Zone in the VPC. Network+-- Firewall creates a firewall endpoint in each subnet.+createFirewall_subnetMappings :: Lens.Lens' CreateFirewall [SubnetMapping]+createFirewall_subnetMappings = Lens.lens (\CreateFirewall' {subnetMappings} -> subnetMappings) (\s@CreateFirewall' {} a -> s {subnetMappings = a} :: CreateFirewall) Prelude.. Lens.coerced++instance Core.AWSRequest CreateFirewall where+  type+    AWSResponse CreateFirewall =+      CreateFirewallResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          CreateFirewallResponse'+            Prelude.<$> (x Data..?> "Firewall")+            Prelude.<*> (x Data..?> "FirewallStatus")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable CreateFirewall where+  hashWithSalt _salt CreateFirewall' {..} =+    _salt+      `Prelude.hashWithSalt` deleteProtection+      `Prelude.hashWithSalt` description+      `Prelude.hashWithSalt` encryptionConfiguration+      `Prelude.hashWithSalt` firewallPolicyChangeProtection+      `Prelude.hashWithSalt` subnetChangeProtection+      `Prelude.hashWithSalt` tags+      `Prelude.hashWithSalt` firewallName+      `Prelude.hashWithSalt` firewallPolicyArn+      `Prelude.hashWithSalt` vpcId+      `Prelude.hashWithSalt` subnetMappings++instance Prelude.NFData CreateFirewall where+  rnf CreateFirewall' {..} =+    Prelude.rnf deleteProtection+      `Prelude.seq` Prelude.rnf description+      `Prelude.seq` Prelude.rnf encryptionConfiguration+      `Prelude.seq` Prelude.rnf firewallPolicyChangeProtection+      `Prelude.seq` Prelude.rnf subnetChangeProtection+      `Prelude.seq` Prelude.rnf tags+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf firewallPolicyArn+      `Prelude.seq` Prelude.rnf vpcId+      `Prelude.seq` Prelude.rnf subnetMappings++instance Data.ToHeaders CreateFirewall where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.CreateFirewall" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON CreateFirewall where+  toJSON CreateFirewall' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("DeleteProtection" Data..=)+              Prelude.<$> deleteProtection,+            ("Description" Data..=) Prelude.<$> description,+            ("EncryptionConfiguration" Data..=)+              Prelude.<$> encryptionConfiguration,+            ("FirewallPolicyChangeProtection" Data..=)+              Prelude.<$> firewallPolicyChangeProtection,+            ("SubnetChangeProtection" Data..=)+              Prelude.<$> subnetChangeProtection,+            ("Tags" Data..=) Prelude.<$> tags,+            Prelude.Just ("FirewallName" Data..= firewallName),+            Prelude.Just+              ("FirewallPolicyArn" Data..= firewallPolicyArn),+            Prelude.Just ("VpcId" Data..= vpcId),+            Prelude.Just+              ("SubnetMappings" Data..= subnetMappings)+          ]+      )++instance Data.ToPath CreateFirewall where+  toPath = Prelude.const "/"++instance Data.ToQuery CreateFirewall where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newCreateFirewallResponse' smart constructor.+data CreateFirewallResponse = CreateFirewallResponse'+  { -- | The configuration settings for the firewall. These settings include the+    -- firewall policy and the subnets in your VPC to use for the firewall+    -- endpoints.+    firewall :: Prelude.Maybe Firewall,+    -- | Detailed information about the current status of a Firewall. You can+    -- retrieve this for a firewall by calling DescribeFirewall and providing+    -- the firewall name and ARN.+    firewallStatus :: Prelude.Maybe FirewallStatus,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateFirewallResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewall', 'createFirewallResponse_firewall' - The configuration settings for the firewall. These settings include the+-- firewall policy and the subnets in your VPC to use for the firewall+-- endpoints.+--+-- 'firewallStatus', 'createFirewallResponse_firewallStatus' - Detailed information about the current status of a Firewall. You can+-- retrieve this for a firewall by calling DescribeFirewall and providing+-- the firewall name and ARN.+--+-- 'httpStatus', 'createFirewallResponse_httpStatus' - The response's http status code.+newCreateFirewallResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  CreateFirewallResponse+newCreateFirewallResponse pHttpStatus_ =+  CreateFirewallResponse'+    { firewall = Prelude.Nothing,+      firewallStatus = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | The configuration settings for the firewall. These settings include the+-- firewall policy and the subnets in your VPC to use for the firewall+-- endpoints.+createFirewallResponse_firewall :: Lens.Lens' CreateFirewallResponse (Prelude.Maybe Firewall)+createFirewallResponse_firewall = Lens.lens (\CreateFirewallResponse' {firewall} -> firewall) (\s@CreateFirewallResponse' {} a -> s {firewall = a} :: CreateFirewallResponse)++-- | Detailed information about the current status of a Firewall. You can+-- retrieve this for a firewall by calling DescribeFirewall and providing+-- the firewall name and ARN.+createFirewallResponse_firewallStatus :: Lens.Lens' CreateFirewallResponse (Prelude.Maybe FirewallStatus)+createFirewallResponse_firewallStatus = Lens.lens (\CreateFirewallResponse' {firewallStatus} -> firewallStatus) (\s@CreateFirewallResponse' {} a -> s {firewallStatus = a} :: CreateFirewallResponse)++-- | The response's http status code.+createFirewallResponse_httpStatus :: Lens.Lens' CreateFirewallResponse Prelude.Int+createFirewallResponse_httpStatus = Lens.lens (\CreateFirewallResponse' {httpStatus} -> httpStatus) (\s@CreateFirewallResponse' {} a -> s {httpStatus = a} :: CreateFirewallResponse)++instance Prelude.NFData CreateFirewallResponse where+  rnf CreateFirewallResponse' {..} =+    Prelude.rnf firewall+      `Prelude.seq` Prelude.rnf firewallStatus+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/CreateFirewallPolicy.hs view
@@ -0,0 +1,349 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.CreateFirewallPolicy+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Creates the firewall policy for the firewall according to the+-- specifications.+--+-- An Network Firewall firewall policy defines the behavior of a firewall,+-- in a collection of stateless and stateful rule groups and other+-- settings. You can use one firewall policy for multiple firewalls.+module Amazonka.NetworkFirewall.CreateFirewallPolicy+  ( -- * Creating a Request+    CreateFirewallPolicy (..),+    newCreateFirewallPolicy,++    -- * Request Lenses+    createFirewallPolicy_description,+    createFirewallPolicy_dryRun,+    createFirewallPolicy_encryptionConfiguration,+    createFirewallPolicy_tags,+    createFirewallPolicy_firewallPolicyName,+    createFirewallPolicy_firewallPolicy,++    -- * Destructuring the Response+    CreateFirewallPolicyResponse (..),+    newCreateFirewallPolicyResponse,++    -- * Response Lenses+    createFirewallPolicyResponse_httpStatus,+    createFirewallPolicyResponse_updateToken,+    createFirewallPolicyResponse_firewallPolicyResponse,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newCreateFirewallPolicy' smart constructor.+data CreateFirewallPolicy = CreateFirewallPolicy'+  { -- | A description of the firewall policy.+    description :: Prelude.Maybe Prelude.Text,+    -- | Indicates whether you want Network Firewall to just check the validity+    -- of the request, rather than run the request.+    --+    -- If set to @TRUE@, Network Firewall checks whether the request can run+    -- successfully, but doesn\'t actually make the requested changes. The call+    -- returns the value that the request would return if you ran it with dry+    -- run set to @FALSE@, but doesn\'t make additions or changes to your+    -- resources. This option allows you to make sure that you have the+    -- required permissions to run the request and that your request parameters+    -- are valid.+    --+    -- If set to @FALSE@, Network Firewall makes the requested changes to your+    -- resources.+    dryRun :: Prelude.Maybe Prelude.Bool,+    -- | A complex type that contains settings for encryption of your firewall+    -- policy resources.+    encryptionConfiguration :: Prelude.Maybe EncryptionConfiguration,+    -- | The key:value pairs to associate with the resource.+    tags :: Prelude.Maybe (Prelude.NonEmpty Tag),+    -- | The descriptive name of the firewall policy. You can\'t change the name+    -- of a firewall policy after you create it.+    firewallPolicyName :: Prelude.Text,+    -- | The rule groups and policy actions to use in the firewall policy.+    firewallPolicy :: FirewallPolicy+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateFirewallPolicy' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'description', 'createFirewallPolicy_description' - A description of the firewall policy.+--+-- 'dryRun', 'createFirewallPolicy_dryRun' - Indicates whether you want Network Firewall to just check the validity+-- of the request, rather than run the request.+--+-- If set to @TRUE@, Network Firewall checks whether the request can run+-- successfully, but doesn\'t actually make the requested changes. The call+-- returns the value that the request would return if you ran it with dry+-- run set to @FALSE@, but doesn\'t make additions or changes to your+-- resources. This option allows you to make sure that you have the+-- required permissions to run the request and that your request parameters+-- are valid.+--+-- If set to @FALSE@, Network Firewall makes the requested changes to your+-- resources.+--+-- 'encryptionConfiguration', 'createFirewallPolicy_encryptionConfiguration' - A complex type that contains settings for encryption of your firewall+-- policy resources.+--+-- 'tags', 'createFirewallPolicy_tags' - The key:value pairs to associate with the resource.+--+-- 'firewallPolicyName', 'createFirewallPolicy_firewallPolicyName' - The descriptive name of the firewall policy. You can\'t change the name+-- of a firewall policy after you create it.+--+-- 'firewallPolicy', 'createFirewallPolicy_firewallPolicy' - The rule groups and policy actions to use in the firewall policy.+newCreateFirewallPolicy ::+  -- | 'firewallPolicyName'+  Prelude.Text ->+  -- | 'firewallPolicy'+  FirewallPolicy ->+  CreateFirewallPolicy+newCreateFirewallPolicy+  pFirewallPolicyName_+  pFirewallPolicy_ =+    CreateFirewallPolicy'+      { description =+          Prelude.Nothing,+        dryRun = Prelude.Nothing,+        encryptionConfiguration = Prelude.Nothing,+        tags = Prelude.Nothing,+        firewallPolicyName = pFirewallPolicyName_,+        firewallPolicy = pFirewallPolicy_+      }++-- | A description of the firewall policy.+createFirewallPolicy_description :: Lens.Lens' CreateFirewallPolicy (Prelude.Maybe Prelude.Text)+createFirewallPolicy_description = Lens.lens (\CreateFirewallPolicy' {description} -> description) (\s@CreateFirewallPolicy' {} a -> s {description = a} :: CreateFirewallPolicy)++-- | Indicates whether you want Network Firewall to just check the validity+-- of the request, rather than run the request.+--+-- If set to @TRUE@, Network Firewall checks whether the request can run+-- successfully, but doesn\'t actually make the requested changes. The call+-- returns the value that the request would return if you ran it with dry+-- run set to @FALSE@, but doesn\'t make additions or changes to your+-- resources. This option allows you to make sure that you have the+-- required permissions to run the request and that your request parameters+-- are valid.+--+-- If set to @FALSE@, Network Firewall makes the requested changes to your+-- resources.+createFirewallPolicy_dryRun :: Lens.Lens' CreateFirewallPolicy (Prelude.Maybe Prelude.Bool)+createFirewallPolicy_dryRun = Lens.lens (\CreateFirewallPolicy' {dryRun} -> dryRun) (\s@CreateFirewallPolicy' {} a -> s {dryRun = a} :: CreateFirewallPolicy)++-- | A complex type that contains settings for encryption of your firewall+-- policy resources.+createFirewallPolicy_encryptionConfiguration :: Lens.Lens' CreateFirewallPolicy (Prelude.Maybe EncryptionConfiguration)+createFirewallPolicy_encryptionConfiguration = Lens.lens (\CreateFirewallPolicy' {encryptionConfiguration} -> encryptionConfiguration) (\s@CreateFirewallPolicy' {} a -> s {encryptionConfiguration = a} :: CreateFirewallPolicy)++-- | The key:value pairs to associate with the resource.+createFirewallPolicy_tags :: Lens.Lens' CreateFirewallPolicy (Prelude.Maybe (Prelude.NonEmpty Tag))+createFirewallPolicy_tags = Lens.lens (\CreateFirewallPolicy' {tags} -> tags) (\s@CreateFirewallPolicy' {} a -> s {tags = a} :: CreateFirewallPolicy) Prelude.. Lens.mapping Lens.coerced++-- | The descriptive name of the firewall policy. You can\'t change the name+-- of a firewall policy after you create it.+createFirewallPolicy_firewallPolicyName :: Lens.Lens' CreateFirewallPolicy Prelude.Text+createFirewallPolicy_firewallPolicyName = Lens.lens (\CreateFirewallPolicy' {firewallPolicyName} -> firewallPolicyName) (\s@CreateFirewallPolicy' {} a -> s {firewallPolicyName = a} :: CreateFirewallPolicy)++-- | The rule groups and policy actions to use in the firewall policy.+createFirewallPolicy_firewallPolicy :: Lens.Lens' CreateFirewallPolicy FirewallPolicy+createFirewallPolicy_firewallPolicy = Lens.lens (\CreateFirewallPolicy' {firewallPolicy} -> firewallPolicy) (\s@CreateFirewallPolicy' {} a -> s {firewallPolicy = a} :: CreateFirewallPolicy)++instance Core.AWSRequest CreateFirewallPolicy where+  type+    AWSResponse CreateFirewallPolicy =+      CreateFirewallPolicyResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          CreateFirewallPolicyResponse'+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+            Prelude.<*> (x Data..:> "UpdateToken")+            Prelude.<*> (x Data..:> "FirewallPolicyResponse")+      )++instance Prelude.Hashable CreateFirewallPolicy where+  hashWithSalt _salt CreateFirewallPolicy' {..} =+    _salt+      `Prelude.hashWithSalt` description+      `Prelude.hashWithSalt` dryRun+      `Prelude.hashWithSalt` encryptionConfiguration+      `Prelude.hashWithSalt` tags+      `Prelude.hashWithSalt` firewallPolicyName+      `Prelude.hashWithSalt` firewallPolicy++instance Prelude.NFData CreateFirewallPolicy where+  rnf CreateFirewallPolicy' {..} =+    Prelude.rnf description+      `Prelude.seq` Prelude.rnf dryRun+      `Prelude.seq` Prelude.rnf encryptionConfiguration+      `Prelude.seq` Prelude.rnf tags+      `Prelude.seq` Prelude.rnf firewallPolicyName+      `Prelude.seq` Prelude.rnf firewallPolicy++instance Data.ToHeaders CreateFirewallPolicy where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.CreateFirewallPolicy" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON CreateFirewallPolicy where+  toJSON CreateFirewallPolicy' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("Description" Data..=) Prelude.<$> description,+            ("DryRun" Data..=) Prelude.<$> dryRun,+            ("EncryptionConfiguration" Data..=)+              Prelude.<$> encryptionConfiguration,+            ("Tags" Data..=) Prelude.<$> tags,+            Prelude.Just+              ("FirewallPolicyName" Data..= firewallPolicyName),+            Prelude.Just+              ("FirewallPolicy" Data..= firewallPolicy)+          ]+      )++instance Data.ToPath CreateFirewallPolicy where+  toPath = Prelude.const "/"++instance Data.ToQuery CreateFirewallPolicy where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newCreateFirewallPolicyResponse' smart constructor.+data CreateFirewallPolicyResponse = CreateFirewallPolicyResponse'+  { -- | The response's http status code.+    httpStatus :: Prelude.Int,+    -- | A token used for optimistic locking. Network Firewall returns a token to+    -- your requests that access the firewall policy. The token marks the state+    -- of the policy resource at the time of the request.+    --+    -- To make changes to the policy, you provide the token in your request.+    -- Network Firewall uses the token to ensure that the policy hasn\'t+    -- changed since you last retrieved it. If it has changed, the operation+    -- fails with an @InvalidTokenException@. If this happens, retrieve the+    -- firewall policy again to get a current copy of it with current token.+    -- Reapply your changes as needed, then try the operation again using the+    -- new token.+    updateToken :: Prelude.Text,+    -- | The high-level properties of a firewall policy. This, along with the+    -- FirewallPolicy, define the policy. You can retrieve all objects for a+    -- firewall policy by calling DescribeFirewallPolicy.+    firewallPolicyResponse :: FirewallPolicyResponse+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateFirewallPolicyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'createFirewallPolicyResponse_httpStatus' - The response's http status code.+--+-- 'updateToken', 'createFirewallPolicyResponse_updateToken' - A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the firewall policy. The token marks the state+-- of the policy resource at the time of the request.+--+-- To make changes to the policy, you provide the token in your request.+-- Network Firewall uses the token to ensure that the policy hasn\'t+-- changed since you last retrieved it. If it has changed, the operation+-- fails with an @InvalidTokenException@. If this happens, retrieve the+-- firewall policy again to get a current copy of it with current token.+-- Reapply your changes as needed, then try the operation again using the+-- new token.+--+-- 'firewallPolicyResponse', 'createFirewallPolicyResponse_firewallPolicyResponse' - The high-level properties of a firewall policy. This, along with the+-- FirewallPolicy, define the policy. You can retrieve all objects for a+-- firewall policy by calling DescribeFirewallPolicy.+newCreateFirewallPolicyResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  -- | 'updateToken'+  Prelude.Text ->+  -- | 'firewallPolicyResponse'+  FirewallPolicyResponse ->+  CreateFirewallPolicyResponse+newCreateFirewallPolicyResponse+  pHttpStatus_+  pUpdateToken_+  pFirewallPolicyResponse_ =+    CreateFirewallPolicyResponse'+      { httpStatus =+          pHttpStatus_,+        updateToken = pUpdateToken_,+        firewallPolicyResponse =+          pFirewallPolicyResponse_+      }++-- | The response's http status code.+createFirewallPolicyResponse_httpStatus :: Lens.Lens' CreateFirewallPolicyResponse Prelude.Int+createFirewallPolicyResponse_httpStatus = Lens.lens (\CreateFirewallPolicyResponse' {httpStatus} -> httpStatus) (\s@CreateFirewallPolicyResponse' {} a -> s {httpStatus = a} :: CreateFirewallPolicyResponse)++-- | A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the firewall policy. The token marks the state+-- of the policy resource at the time of the request.+--+-- To make changes to the policy, you provide the token in your request.+-- Network Firewall uses the token to ensure that the policy hasn\'t+-- changed since you last retrieved it. If it has changed, the operation+-- fails with an @InvalidTokenException@. If this happens, retrieve the+-- firewall policy again to get a current copy of it with current token.+-- Reapply your changes as needed, then try the operation again using the+-- new token.+createFirewallPolicyResponse_updateToken :: Lens.Lens' CreateFirewallPolicyResponse Prelude.Text+createFirewallPolicyResponse_updateToken = Lens.lens (\CreateFirewallPolicyResponse' {updateToken} -> updateToken) (\s@CreateFirewallPolicyResponse' {} a -> s {updateToken = a} :: CreateFirewallPolicyResponse)++-- | The high-level properties of a firewall policy. This, along with the+-- FirewallPolicy, define the policy. You can retrieve all objects for a+-- firewall policy by calling DescribeFirewallPolicy.+createFirewallPolicyResponse_firewallPolicyResponse :: Lens.Lens' CreateFirewallPolicyResponse FirewallPolicyResponse+createFirewallPolicyResponse_firewallPolicyResponse = Lens.lens (\CreateFirewallPolicyResponse' {firewallPolicyResponse} -> firewallPolicyResponse) (\s@CreateFirewallPolicyResponse' {} a -> s {firewallPolicyResponse = a} :: CreateFirewallPolicyResponse)++instance Prelude.NFData CreateFirewallPolicyResponse where+  rnf CreateFirewallPolicyResponse' {..} =+    Prelude.rnf httpStatus+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf firewallPolicyResponse
+ gen/Amazonka/NetworkFirewall/CreateRuleGroup.hs view
@@ -0,0 +1,576 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.CreateRuleGroup+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Creates the specified stateless or stateful rule group, which includes+-- the rules for network traffic inspection, a capacity setting, and tags.+--+-- You provide your rule group specification in your request using either+-- @RuleGroup@ or @Rules@.+module Amazonka.NetworkFirewall.CreateRuleGroup+  ( -- * Creating a Request+    CreateRuleGroup (..),+    newCreateRuleGroup,++    -- * Request Lenses+    createRuleGroup_description,+    createRuleGroup_dryRun,+    createRuleGroup_encryptionConfiguration,+    createRuleGroup_ruleGroup,+    createRuleGroup_rules,+    createRuleGroup_sourceMetadata,+    createRuleGroup_tags,+    createRuleGroup_ruleGroupName,+    createRuleGroup_type,+    createRuleGroup_capacity,++    -- * Destructuring the Response+    CreateRuleGroupResponse (..),+    newCreateRuleGroupResponse,++    -- * Response Lenses+    createRuleGroupResponse_httpStatus,+    createRuleGroupResponse_updateToken,+    createRuleGroupResponse_ruleGroupResponse,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newCreateRuleGroup' smart constructor.+data CreateRuleGroup = CreateRuleGroup'+  { -- | A description of the rule group.+    description :: Prelude.Maybe Prelude.Text,+    -- | Indicates whether you want Network Firewall to just check the validity+    -- of the request, rather than run the request.+    --+    -- If set to @TRUE@, Network Firewall checks whether the request can run+    -- successfully, but doesn\'t actually make the requested changes. The call+    -- returns the value that the request would return if you ran it with dry+    -- run set to @FALSE@, but doesn\'t make additions or changes to your+    -- resources. This option allows you to make sure that you have the+    -- required permissions to run the request and that your request parameters+    -- are valid.+    --+    -- If set to @FALSE@, Network Firewall makes the requested changes to your+    -- resources.+    dryRun :: Prelude.Maybe Prelude.Bool,+    -- | A complex type that contains settings for encryption of your rule group+    -- resources.+    encryptionConfiguration :: Prelude.Maybe EncryptionConfiguration,+    -- | An object that defines the rule group rules.+    --+    -- You must provide either this rule group setting or a @Rules@ setting,+    -- but not both.+    ruleGroup :: Prelude.Maybe RuleGroup,+    -- | A string containing stateful rule group rules specifications in Suricata+    -- flat format, with one rule per line. Use this to import your existing+    -- Suricata compatible rule groups.+    --+    -- You must provide either this rules setting or a populated @RuleGroup@+    -- setting, but not both.+    --+    -- You can provide your rule group specification in Suricata flat format+    -- through this setting when you create or update your rule group. The call+    -- response returns a RuleGroup object that Network Firewall has populated+    -- from your string.+    rules :: Prelude.Maybe Prelude.Text,+    -- | A complex type that contains metadata about the rule group that your own+    -- rule group is copied from. You can use the metadata to keep track of+    -- updates made to the originating rule group.+    sourceMetadata :: Prelude.Maybe SourceMetadata,+    -- | The key:value pairs to associate with the resource.+    tags :: Prelude.Maybe (Prelude.NonEmpty Tag),+    -- | The descriptive name of the rule group. You can\'t change the name of a+    -- rule group after you create it.+    ruleGroupName :: Prelude.Text,+    -- | Indicates whether the rule group is stateless or stateful. If the rule+    -- group is stateless, it contains stateless rules. If it is stateful, it+    -- contains stateful rules.+    type' :: RuleGroupType,+    -- | The maximum operating resources that this rule group can use. Rule group+    -- capacity is fixed at creation. When you update a rule group, you are+    -- limited to this capacity. When you reference a rule group from a+    -- firewall policy, Network Firewall reserves this capacity for the rule+    -- group.+    --+    -- You can retrieve the capacity that would be required for a rule group+    -- before you create the rule group by calling CreateRuleGroup with+    -- @DryRun@ set to @TRUE@.+    --+    -- You can\'t change or exceed this capacity when you update the rule+    -- group, so leave room for your rule group to grow.+    --+    -- __Capacity for a stateless rule group__+    --+    -- For a stateless rule group, the capacity required is the sum of the+    -- capacity requirements of the individual rules that you expect to have in+    -- the rule group.+    --+    -- To calculate the capacity requirement of a single rule, multiply the+    -- capacity requirement values of each of the rule\'s match settings:+    --+    -- -   A match setting with no criteria specified has a value of 1.+    --+    -- -   A match setting with @Any@ specified has a value of 1.+    --+    -- -   All other match settings have a value equal to the number of+    --     elements provided in the setting. For example, a protocol setting+    --     [\"UDP\"] and a source setting [\"10.0.0.0\/24\"] each have a value+    --     of 1. A protocol setting [\"UDP\",\"TCP\"] has a value of 2. A+    --     source setting [\"10.0.0.0\/24\",\"10.0.0.1\/24\",\"10.0.0.2\/24\"]+    --     has a value of 3.+    --+    -- A rule with no criteria specified in any of its match settings has a+    -- capacity requirement of 1. A rule with protocol setting+    -- [\"UDP\",\"TCP\"], source setting+    -- [\"10.0.0.0\/24\",\"10.0.0.1\/24\",\"10.0.0.2\/24\"], and a single+    -- specification or no specification for each of the other match settings+    -- has a capacity requirement of 6.+    --+    -- __Capacity for a stateful rule group__+    --+    -- For a stateful rule group, the minimum capacity required is the number+    -- of individual rules that you expect to have in the rule group.+    capacity :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateRuleGroup' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'description', 'createRuleGroup_description' - A description of the rule group.+--+-- 'dryRun', 'createRuleGroup_dryRun' - Indicates whether you want Network Firewall to just check the validity+-- of the request, rather than run the request.+--+-- If set to @TRUE@, Network Firewall checks whether the request can run+-- successfully, but doesn\'t actually make the requested changes. The call+-- returns the value that the request would return if you ran it with dry+-- run set to @FALSE@, but doesn\'t make additions or changes to your+-- resources. This option allows you to make sure that you have the+-- required permissions to run the request and that your request parameters+-- are valid.+--+-- If set to @FALSE@, Network Firewall makes the requested changes to your+-- resources.+--+-- 'encryptionConfiguration', 'createRuleGroup_encryptionConfiguration' - A complex type that contains settings for encryption of your rule group+-- resources.+--+-- 'ruleGroup', 'createRuleGroup_ruleGroup' - An object that defines the rule group rules.+--+-- You must provide either this rule group setting or a @Rules@ setting,+-- but not both.+--+-- 'rules', 'createRuleGroup_rules' - A string containing stateful rule group rules specifications in Suricata+-- flat format, with one rule per line. Use this to import your existing+-- Suricata compatible rule groups.+--+-- You must provide either this rules setting or a populated @RuleGroup@+-- setting, but not both.+--+-- You can provide your rule group specification in Suricata flat format+-- through this setting when you create or update your rule group. The call+-- response returns a RuleGroup object that Network Firewall has populated+-- from your string.+--+-- 'sourceMetadata', 'createRuleGroup_sourceMetadata' - A complex type that contains metadata about the rule group that your own+-- rule group is copied from. You can use the metadata to keep track of+-- updates made to the originating rule group.+--+-- 'tags', 'createRuleGroup_tags' - The key:value pairs to associate with the resource.+--+-- 'ruleGroupName', 'createRuleGroup_ruleGroupName' - The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- 'type'', 'createRuleGroup_type' - Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+--+-- 'capacity', 'createRuleGroup_capacity' - The maximum operating resources that this rule group can use. Rule group+-- capacity is fixed at creation. When you update a rule group, you are+-- limited to this capacity. When you reference a rule group from a+-- firewall policy, Network Firewall reserves this capacity for the rule+-- group.+--+-- You can retrieve the capacity that would be required for a rule group+-- before you create the rule group by calling CreateRuleGroup with+-- @DryRun@ set to @TRUE@.+--+-- You can\'t change or exceed this capacity when you update the rule+-- group, so leave room for your rule group to grow.+--+-- __Capacity for a stateless rule group__+--+-- For a stateless rule group, the capacity required is the sum of the+-- capacity requirements of the individual rules that you expect to have in+-- the rule group.+--+-- To calculate the capacity requirement of a single rule, multiply the+-- capacity requirement values of each of the rule\'s match settings:+--+-- -   A match setting with no criteria specified has a value of 1.+--+-- -   A match setting with @Any@ specified has a value of 1.+--+-- -   All other match settings have a value equal to the number of+--     elements provided in the setting. For example, a protocol setting+--     [\"UDP\"] and a source setting [\"10.0.0.0\/24\"] each have a value+--     of 1. A protocol setting [\"UDP\",\"TCP\"] has a value of 2. A+--     source setting [\"10.0.0.0\/24\",\"10.0.0.1\/24\",\"10.0.0.2\/24\"]+--     has a value of 3.+--+-- A rule with no criteria specified in any of its match settings has a+-- capacity requirement of 1. A rule with protocol setting+-- [\"UDP\",\"TCP\"], source setting+-- [\"10.0.0.0\/24\",\"10.0.0.1\/24\",\"10.0.0.2\/24\"], and a single+-- specification or no specification for each of the other match settings+-- has a capacity requirement of 6.+--+-- __Capacity for a stateful rule group__+--+-- For a stateful rule group, the minimum capacity required is the number+-- of individual rules that you expect to have in the rule group.+newCreateRuleGroup ::+  -- | 'ruleGroupName'+  Prelude.Text ->+  -- | 'type''+  RuleGroupType ->+  -- | 'capacity'+  Prelude.Int ->+  CreateRuleGroup+newCreateRuleGroup pRuleGroupName_ pType_ pCapacity_ =+  CreateRuleGroup'+    { description = Prelude.Nothing,+      dryRun = Prelude.Nothing,+      encryptionConfiguration = Prelude.Nothing,+      ruleGroup = Prelude.Nothing,+      rules = Prelude.Nothing,+      sourceMetadata = Prelude.Nothing,+      tags = Prelude.Nothing,+      ruleGroupName = pRuleGroupName_,+      type' = pType_,+      capacity = pCapacity_+    }++-- | A description of the rule group.+createRuleGroup_description :: Lens.Lens' CreateRuleGroup (Prelude.Maybe Prelude.Text)+createRuleGroup_description = Lens.lens (\CreateRuleGroup' {description} -> description) (\s@CreateRuleGroup' {} a -> s {description = a} :: CreateRuleGroup)++-- | Indicates whether you want Network Firewall to just check the validity+-- of the request, rather than run the request.+--+-- If set to @TRUE@, Network Firewall checks whether the request can run+-- successfully, but doesn\'t actually make the requested changes. The call+-- returns the value that the request would return if you ran it with dry+-- run set to @FALSE@, but doesn\'t make additions or changes to your+-- resources. This option allows you to make sure that you have the+-- required permissions to run the request and that your request parameters+-- are valid.+--+-- If set to @FALSE@, Network Firewall makes the requested changes to your+-- resources.+createRuleGroup_dryRun :: Lens.Lens' CreateRuleGroup (Prelude.Maybe Prelude.Bool)+createRuleGroup_dryRun = Lens.lens (\CreateRuleGroup' {dryRun} -> dryRun) (\s@CreateRuleGroup' {} a -> s {dryRun = a} :: CreateRuleGroup)++-- | A complex type that contains settings for encryption of your rule group+-- resources.+createRuleGroup_encryptionConfiguration :: Lens.Lens' CreateRuleGroup (Prelude.Maybe EncryptionConfiguration)+createRuleGroup_encryptionConfiguration = Lens.lens (\CreateRuleGroup' {encryptionConfiguration} -> encryptionConfiguration) (\s@CreateRuleGroup' {} a -> s {encryptionConfiguration = a} :: CreateRuleGroup)++-- | An object that defines the rule group rules.+--+-- You must provide either this rule group setting or a @Rules@ setting,+-- but not both.+createRuleGroup_ruleGroup :: Lens.Lens' CreateRuleGroup (Prelude.Maybe RuleGroup)+createRuleGroup_ruleGroup = Lens.lens (\CreateRuleGroup' {ruleGroup} -> ruleGroup) (\s@CreateRuleGroup' {} a -> s {ruleGroup = a} :: CreateRuleGroup)++-- | A string containing stateful rule group rules specifications in Suricata+-- flat format, with one rule per line. Use this to import your existing+-- Suricata compatible rule groups.+--+-- You must provide either this rules setting or a populated @RuleGroup@+-- setting, but not both.+--+-- You can provide your rule group specification in Suricata flat format+-- through this setting when you create or update your rule group. The call+-- response returns a RuleGroup object that Network Firewall has populated+-- from your string.+createRuleGroup_rules :: Lens.Lens' CreateRuleGroup (Prelude.Maybe Prelude.Text)+createRuleGroup_rules = Lens.lens (\CreateRuleGroup' {rules} -> rules) (\s@CreateRuleGroup' {} a -> s {rules = a} :: CreateRuleGroup)++-- | A complex type that contains metadata about the rule group that your own+-- rule group is copied from. You can use the metadata to keep track of+-- updates made to the originating rule group.+createRuleGroup_sourceMetadata :: Lens.Lens' CreateRuleGroup (Prelude.Maybe SourceMetadata)+createRuleGroup_sourceMetadata = Lens.lens (\CreateRuleGroup' {sourceMetadata} -> sourceMetadata) (\s@CreateRuleGroup' {} a -> s {sourceMetadata = a} :: CreateRuleGroup)++-- | The key:value pairs to associate with the resource.+createRuleGroup_tags :: Lens.Lens' CreateRuleGroup (Prelude.Maybe (Prelude.NonEmpty Tag))+createRuleGroup_tags = Lens.lens (\CreateRuleGroup' {tags} -> tags) (\s@CreateRuleGroup' {} a -> s {tags = a} :: CreateRuleGroup) Prelude.. Lens.mapping Lens.coerced++-- | The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+createRuleGroup_ruleGroupName :: Lens.Lens' CreateRuleGroup Prelude.Text+createRuleGroup_ruleGroupName = Lens.lens (\CreateRuleGroup' {ruleGroupName} -> ruleGroupName) (\s@CreateRuleGroup' {} a -> s {ruleGroupName = a} :: CreateRuleGroup)++-- | Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+createRuleGroup_type :: Lens.Lens' CreateRuleGroup RuleGroupType+createRuleGroup_type = Lens.lens (\CreateRuleGroup' {type'} -> type') (\s@CreateRuleGroup' {} a -> s {type' = a} :: CreateRuleGroup)++-- | The maximum operating resources that this rule group can use. Rule group+-- capacity is fixed at creation. When you update a rule group, you are+-- limited to this capacity. When you reference a rule group from a+-- firewall policy, Network Firewall reserves this capacity for the rule+-- group.+--+-- You can retrieve the capacity that would be required for a rule group+-- before you create the rule group by calling CreateRuleGroup with+-- @DryRun@ set to @TRUE@.+--+-- You can\'t change or exceed this capacity when you update the rule+-- group, so leave room for your rule group to grow.+--+-- __Capacity for a stateless rule group__+--+-- For a stateless rule group, the capacity required is the sum of the+-- capacity requirements of the individual rules that you expect to have in+-- the rule group.+--+-- To calculate the capacity requirement of a single rule, multiply the+-- capacity requirement values of each of the rule\'s match settings:+--+-- -   A match setting with no criteria specified has a value of 1.+--+-- -   A match setting with @Any@ specified has a value of 1.+--+-- -   All other match settings have a value equal to the number of+--     elements provided in the setting. For example, a protocol setting+--     [\"UDP\"] and a source setting [\"10.0.0.0\/24\"] each have a value+--     of 1. A protocol setting [\"UDP\",\"TCP\"] has a value of 2. A+--     source setting [\"10.0.0.0\/24\",\"10.0.0.1\/24\",\"10.0.0.2\/24\"]+--     has a value of 3.+--+-- A rule with no criteria specified in any of its match settings has a+-- capacity requirement of 1. A rule with protocol setting+-- [\"UDP\",\"TCP\"], source setting+-- [\"10.0.0.0\/24\",\"10.0.0.1\/24\",\"10.0.0.2\/24\"], and a single+-- specification or no specification for each of the other match settings+-- has a capacity requirement of 6.+--+-- __Capacity for a stateful rule group__+--+-- For a stateful rule group, the minimum capacity required is the number+-- of individual rules that you expect to have in the rule group.+createRuleGroup_capacity :: Lens.Lens' CreateRuleGroup Prelude.Int+createRuleGroup_capacity = Lens.lens (\CreateRuleGroup' {capacity} -> capacity) (\s@CreateRuleGroup' {} a -> s {capacity = a} :: CreateRuleGroup)++instance Core.AWSRequest CreateRuleGroup where+  type+    AWSResponse CreateRuleGroup =+      CreateRuleGroupResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          CreateRuleGroupResponse'+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+            Prelude.<*> (x Data..:> "UpdateToken")+            Prelude.<*> (x Data..:> "RuleGroupResponse")+      )++instance Prelude.Hashable CreateRuleGroup where+  hashWithSalt _salt CreateRuleGroup' {..} =+    _salt+      `Prelude.hashWithSalt` description+      `Prelude.hashWithSalt` dryRun+      `Prelude.hashWithSalt` encryptionConfiguration+      `Prelude.hashWithSalt` ruleGroup+      `Prelude.hashWithSalt` rules+      `Prelude.hashWithSalt` sourceMetadata+      `Prelude.hashWithSalt` tags+      `Prelude.hashWithSalt` ruleGroupName+      `Prelude.hashWithSalt` type'+      `Prelude.hashWithSalt` capacity++instance Prelude.NFData CreateRuleGroup where+  rnf CreateRuleGroup' {..} =+    Prelude.rnf description+      `Prelude.seq` Prelude.rnf dryRun+      `Prelude.seq` Prelude.rnf encryptionConfiguration+      `Prelude.seq` Prelude.rnf ruleGroup+      `Prelude.seq` Prelude.rnf rules+      `Prelude.seq` Prelude.rnf sourceMetadata+      `Prelude.seq` Prelude.rnf tags+      `Prelude.seq` Prelude.rnf ruleGroupName+      `Prelude.seq` Prelude.rnf type'+      `Prelude.seq` Prelude.rnf capacity++instance Data.ToHeaders CreateRuleGroup where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.CreateRuleGroup" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON CreateRuleGroup where+  toJSON CreateRuleGroup' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("Description" Data..=) Prelude.<$> description,+            ("DryRun" Data..=) Prelude.<$> dryRun,+            ("EncryptionConfiguration" Data..=)+              Prelude.<$> encryptionConfiguration,+            ("RuleGroup" Data..=) Prelude.<$> ruleGroup,+            ("Rules" Data..=) Prelude.<$> rules,+            ("SourceMetadata" Data..=)+              Prelude.<$> sourceMetadata,+            ("Tags" Data..=) Prelude.<$> tags,+            Prelude.Just ("RuleGroupName" Data..= ruleGroupName),+            Prelude.Just ("Type" Data..= type'),+            Prelude.Just ("Capacity" Data..= capacity)+          ]+      )++instance Data.ToPath CreateRuleGroup where+  toPath = Prelude.const "/"++instance Data.ToQuery CreateRuleGroup where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newCreateRuleGroupResponse' smart constructor.+data CreateRuleGroupResponse = CreateRuleGroupResponse'+  { -- | The response's http status code.+    httpStatus :: Prelude.Int,+    -- | A token used for optimistic locking. Network Firewall returns a token to+    -- your requests that access the rule group. The token marks the state of+    -- the rule group resource at the time of the request.+    --+    -- To make changes to the rule group, you provide the token in your+    -- request. Network Firewall uses the token to ensure that the rule group+    -- hasn\'t changed since you last retrieved it. If it has changed, the+    -- operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the rule group again to get a current copy of it with a current+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Text,+    -- | The high-level properties of a rule group. This, along with the+    -- RuleGroup, define the rule group. You can retrieve all objects for a+    -- rule group by calling DescribeRuleGroup.+    ruleGroupResponse :: RuleGroupResponse+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateRuleGroupResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'createRuleGroupResponse_httpStatus' - The response's http status code.+--+-- 'updateToken', 'createRuleGroupResponse_updateToken' - A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the rule group. The token marks the state of+-- the rule group resource at the time of the request.+--+-- To make changes to the rule group, you provide the token in your+-- request. Network Firewall uses the token to ensure that the rule group+-- hasn\'t changed since you last retrieved it. If it has changed, the+-- operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the rule group again to get a current copy of it with a current+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'ruleGroupResponse', 'createRuleGroupResponse_ruleGroupResponse' - The high-level properties of a rule group. This, along with the+-- RuleGroup, define the rule group. You can retrieve all objects for a+-- rule group by calling DescribeRuleGroup.+newCreateRuleGroupResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  -- | 'updateToken'+  Prelude.Text ->+  -- | 'ruleGroupResponse'+  RuleGroupResponse ->+  CreateRuleGroupResponse+newCreateRuleGroupResponse+  pHttpStatus_+  pUpdateToken_+  pRuleGroupResponse_ =+    CreateRuleGroupResponse'+      { httpStatus = pHttpStatus_,+        updateToken = pUpdateToken_,+        ruleGroupResponse = pRuleGroupResponse_+      }++-- | The response's http status code.+createRuleGroupResponse_httpStatus :: Lens.Lens' CreateRuleGroupResponse Prelude.Int+createRuleGroupResponse_httpStatus = Lens.lens (\CreateRuleGroupResponse' {httpStatus} -> httpStatus) (\s@CreateRuleGroupResponse' {} a -> s {httpStatus = a} :: CreateRuleGroupResponse)++-- | A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the rule group. The token marks the state of+-- the rule group resource at the time of the request.+--+-- To make changes to the rule group, you provide the token in your+-- request. Network Firewall uses the token to ensure that the rule group+-- hasn\'t changed since you last retrieved it. If it has changed, the+-- operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the rule group again to get a current copy of it with a current+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+createRuleGroupResponse_updateToken :: Lens.Lens' CreateRuleGroupResponse Prelude.Text+createRuleGroupResponse_updateToken = Lens.lens (\CreateRuleGroupResponse' {updateToken} -> updateToken) (\s@CreateRuleGroupResponse' {} a -> s {updateToken = a} :: CreateRuleGroupResponse)++-- | The high-level properties of a rule group. This, along with the+-- RuleGroup, define the rule group. You can retrieve all objects for a+-- rule group by calling DescribeRuleGroup.+createRuleGroupResponse_ruleGroupResponse :: Lens.Lens' CreateRuleGroupResponse RuleGroupResponse+createRuleGroupResponse_ruleGroupResponse = Lens.lens (\CreateRuleGroupResponse' {ruleGroupResponse} -> ruleGroupResponse) (\s@CreateRuleGroupResponse' {} a -> s {ruleGroupResponse = a} :: CreateRuleGroupResponse)++instance Prelude.NFData CreateRuleGroupResponse where+  rnf CreateRuleGroupResponse' {..} =+    Prelude.rnf httpStatus+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf ruleGroupResponse
+ gen/Amazonka/NetworkFirewall/DeleteFirewall.hs view
@@ -0,0 +1,222 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.DeleteFirewall+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Deletes the specified Firewall and its FirewallStatus. This operation+-- requires the firewall\'s @DeleteProtection@ flag to be @FALSE@. You+-- can\'t revert this operation.+--+-- You can check whether a firewall is in use by reviewing the route tables+-- for the Availability Zones where you have firewall subnet mappings.+-- Retrieve the subnet mappings by calling DescribeFirewall. You define and+-- update the route tables through Amazon VPC. As needed, update the route+-- tables for the zones to remove the firewall endpoints. When the route+-- tables no longer use the firewall endpoints, you can remove the firewall+-- safely.+--+-- To delete a firewall, remove the delete protection if you need to using+-- UpdateFirewallDeleteProtection, then delete the firewall by calling+-- DeleteFirewall.+module Amazonka.NetworkFirewall.DeleteFirewall+  ( -- * Creating a Request+    DeleteFirewall (..),+    newDeleteFirewall,++    -- * Request Lenses+    deleteFirewall_firewallArn,+    deleteFirewall_firewallName,++    -- * Destructuring the Response+    DeleteFirewallResponse (..),+    newDeleteFirewallResponse,++    -- * Response Lenses+    deleteFirewallResponse_firewall,+    deleteFirewallResponse_firewallStatus,+    deleteFirewallResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDeleteFirewall' smart constructor.+data DeleteFirewall = DeleteFirewall'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallName :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteFirewall' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'deleteFirewall_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallName', 'deleteFirewall_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+newDeleteFirewall ::+  DeleteFirewall+newDeleteFirewall =+  DeleteFirewall'+    { firewallArn = Prelude.Nothing,+      firewallName = Prelude.Nothing+    }++-- | The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+deleteFirewall_firewallArn :: Lens.Lens' DeleteFirewall (Prelude.Maybe Prelude.Text)+deleteFirewall_firewallArn = Lens.lens (\DeleteFirewall' {firewallArn} -> firewallArn) (\s@DeleteFirewall' {} a -> s {firewallArn = a} :: DeleteFirewall)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+deleteFirewall_firewallName :: Lens.Lens' DeleteFirewall (Prelude.Maybe Prelude.Text)+deleteFirewall_firewallName = Lens.lens (\DeleteFirewall' {firewallName} -> firewallName) (\s@DeleteFirewall' {} a -> s {firewallName = a} :: DeleteFirewall)++instance Core.AWSRequest DeleteFirewall where+  type+    AWSResponse DeleteFirewall =+      DeleteFirewallResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          DeleteFirewallResponse'+            Prelude.<$> (x Data..?> "Firewall")+            Prelude.<*> (x Data..?> "FirewallStatus")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable DeleteFirewall where+  hashWithSalt _salt DeleteFirewall' {..} =+    _salt+      `Prelude.hashWithSalt` firewallArn+      `Prelude.hashWithSalt` firewallName++instance Prelude.NFData DeleteFirewall where+  rnf DeleteFirewall' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName++instance Data.ToHeaders DeleteFirewall where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.DeleteFirewall" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON DeleteFirewall where+  toJSON DeleteFirewall' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("FirewallArn" Data..=) Prelude.<$> firewallArn,+            ("FirewallName" Data..=) Prelude.<$> firewallName+          ]+      )++instance Data.ToPath DeleteFirewall where+  toPath = Prelude.const "/"++instance Data.ToQuery DeleteFirewall where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDeleteFirewallResponse' smart constructor.+data DeleteFirewallResponse = DeleteFirewallResponse'+  { firewall :: Prelude.Maybe Firewall,+    firewallStatus :: Prelude.Maybe FirewallStatus,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteFirewallResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewall', 'deleteFirewallResponse_firewall' - Undocumented member.+--+-- 'firewallStatus', 'deleteFirewallResponse_firewallStatus' - Undocumented member.+--+-- 'httpStatus', 'deleteFirewallResponse_httpStatus' - The response's http status code.+newDeleteFirewallResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  DeleteFirewallResponse+newDeleteFirewallResponse pHttpStatus_ =+  DeleteFirewallResponse'+    { firewall = Prelude.Nothing,+      firewallStatus = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | Undocumented member.+deleteFirewallResponse_firewall :: Lens.Lens' DeleteFirewallResponse (Prelude.Maybe Firewall)+deleteFirewallResponse_firewall = Lens.lens (\DeleteFirewallResponse' {firewall} -> firewall) (\s@DeleteFirewallResponse' {} a -> s {firewall = a} :: DeleteFirewallResponse)++-- | Undocumented member.+deleteFirewallResponse_firewallStatus :: Lens.Lens' DeleteFirewallResponse (Prelude.Maybe FirewallStatus)+deleteFirewallResponse_firewallStatus = Lens.lens (\DeleteFirewallResponse' {firewallStatus} -> firewallStatus) (\s@DeleteFirewallResponse' {} a -> s {firewallStatus = a} :: DeleteFirewallResponse)++-- | The response's http status code.+deleteFirewallResponse_httpStatus :: Lens.Lens' DeleteFirewallResponse Prelude.Int+deleteFirewallResponse_httpStatus = Lens.lens (\DeleteFirewallResponse' {httpStatus} -> httpStatus) (\s@DeleteFirewallResponse' {} a -> s {httpStatus = a} :: DeleteFirewallResponse)++instance Prelude.NFData DeleteFirewallResponse where+  rnf DeleteFirewallResponse' {..} =+    Prelude.rnf firewall+      `Prelude.seq` Prelude.rnf firewallStatus+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/DeleteFirewallPolicy.hs view
@@ -0,0 +1,210 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.DeleteFirewallPolicy+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Deletes the specified FirewallPolicy.+module Amazonka.NetworkFirewall.DeleteFirewallPolicy+  ( -- * Creating a Request+    DeleteFirewallPolicy (..),+    newDeleteFirewallPolicy,++    -- * Request Lenses+    deleteFirewallPolicy_firewallPolicyArn,+    deleteFirewallPolicy_firewallPolicyName,++    -- * Destructuring the Response+    DeleteFirewallPolicyResponse (..),+    newDeleteFirewallPolicyResponse,++    -- * Response Lenses+    deleteFirewallPolicyResponse_httpStatus,+    deleteFirewallPolicyResponse_firewallPolicyResponse,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDeleteFirewallPolicy' smart constructor.+data DeleteFirewallPolicy = DeleteFirewallPolicy'+  { -- | The Amazon Resource Name (ARN) of the firewall policy.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallPolicyArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall policy. You can\'t change the name+    -- of a firewall policy after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallPolicyName :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteFirewallPolicy' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallPolicyArn', 'deleteFirewallPolicy_firewallPolicyArn' - The Amazon Resource Name (ARN) of the firewall policy.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallPolicyName', 'deleteFirewallPolicy_firewallPolicyName' - The descriptive name of the firewall policy. You can\'t change the name+-- of a firewall policy after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+newDeleteFirewallPolicy ::+  DeleteFirewallPolicy+newDeleteFirewallPolicy =+  DeleteFirewallPolicy'+    { firewallPolicyArn =+        Prelude.Nothing,+      firewallPolicyName = Prelude.Nothing+    }++-- | The Amazon Resource Name (ARN) of the firewall policy.+--+-- You must specify the ARN or the name, and you can specify both.+deleteFirewallPolicy_firewallPolicyArn :: Lens.Lens' DeleteFirewallPolicy (Prelude.Maybe Prelude.Text)+deleteFirewallPolicy_firewallPolicyArn = Lens.lens (\DeleteFirewallPolicy' {firewallPolicyArn} -> firewallPolicyArn) (\s@DeleteFirewallPolicy' {} a -> s {firewallPolicyArn = a} :: DeleteFirewallPolicy)++-- | The descriptive name of the firewall policy. You can\'t change the name+-- of a firewall policy after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+deleteFirewallPolicy_firewallPolicyName :: Lens.Lens' DeleteFirewallPolicy (Prelude.Maybe Prelude.Text)+deleteFirewallPolicy_firewallPolicyName = Lens.lens (\DeleteFirewallPolicy' {firewallPolicyName} -> firewallPolicyName) (\s@DeleteFirewallPolicy' {} a -> s {firewallPolicyName = a} :: DeleteFirewallPolicy)++instance Core.AWSRequest DeleteFirewallPolicy where+  type+    AWSResponse DeleteFirewallPolicy =+      DeleteFirewallPolicyResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          DeleteFirewallPolicyResponse'+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+            Prelude.<*> (x Data..:> "FirewallPolicyResponse")+      )++instance Prelude.Hashable DeleteFirewallPolicy where+  hashWithSalt _salt DeleteFirewallPolicy' {..} =+    _salt+      `Prelude.hashWithSalt` firewallPolicyArn+      `Prelude.hashWithSalt` firewallPolicyName++instance Prelude.NFData DeleteFirewallPolicy where+  rnf DeleteFirewallPolicy' {..} =+    Prelude.rnf firewallPolicyArn+      `Prelude.seq` Prelude.rnf firewallPolicyName++instance Data.ToHeaders DeleteFirewallPolicy where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.DeleteFirewallPolicy" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON DeleteFirewallPolicy where+  toJSON DeleteFirewallPolicy' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("FirewallPolicyArn" Data..=)+              Prelude.<$> firewallPolicyArn,+            ("FirewallPolicyName" Data..=)+              Prelude.<$> firewallPolicyName+          ]+      )++instance Data.ToPath DeleteFirewallPolicy where+  toPath = Prelude.const "/"++instance Data.ToQuery DeleteFirewallPolicy where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDeleteFirewallPolicyResponse' smart constructor.+data DeleteFirewallPolicyResponse = DeleteFirewallPolicyResponse'+  { -- | The response's http status code.+    httpStatus :: Prelude.Int,+    -- | The object containing the definition of the FirewallPolicyResponse that+    -- you asked to delete.+    firewallPolicyResponse :: FirewallPolicyResponse+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteFirewallPolicyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'deleteFirewallPolicyResponse_httpStatus' - The response's http status code.+--+-- 'firewallPolicyResponse', 'deleteFirewallPolicyResponse_firewallPolicyResponse' - The object containing the definition of the FirewallPolicyResponse that+-- you asked to delete.+newDeleteFirewallPolicyResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  -- | 'firewallPolicyResponse'+  FirewallPolicyResponse ->+  DeleteFirewallPolicyResponse+newDeleteFirewallPolicyResponse+  pHttpStatus_+  pFirewallPolicyResponse_ =+    DeleteFirewallPolicyResponse'+      { httpStatus =+          pHttpStatus_,+        firewallPolicyResponse =+          pFirewallPolicyResponse_+      }++-- | The response's http status code.+deleteFirewallPolicyResponse_httpStatus :: Lens.Lens' DeleteFirewallPolicyResponse Prelude.Int+deleteFirewallPolicyResponse_httpStatus = Lens.lens (\DeleteFirewallPolicyResponse' {httpStatus} -> httpStatus) (\s@DeleteFirewallPolicyResponse' {} a -> s {httpStatus = a} :: DeleteFirewallPolicyResponse)++-- | The object containing the definition of the FirewallPolicyResponse that+-- you asked to delete.+deleteFirewallPolicyResponse_firewallPolicyResponse :: Lens.Lens' DeleteFirewallPolicyResponse FirewallPolicyResponse+deleteFirewallPolicyResponse_firewallPolicyResponse = Lens.lens (\DeleteFirewallPolicyResponse' {firewallPolicyResponse} -> firewallPolicyResponse) (\s@DeleteFirewallPolicyResponse' {} a -> s {firewallPolicyResponse = a} :: DeleteFirewallPolicyResponse)++instance Prelude.NFData DeleteFirewallPolicyResponse where+  rnf DeleteFirewallPolicyResponse' {..} =+    Prelude.rnf httpStatus+      `Prelude.seq` Prelude.rnf firewallPolicyResponse
+ gen/Amazonka/NetworkFirewall/DeleteResourcePolicy.hs view
@@ -0,0 +1,161 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.DeleteResourcePolicy+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Deletes a resource policy that you created in a PutResourcePolicy+-- request.+module Amazonka.NetworkFirewall.DeleteResourcePolicy+  ( -- * Creating a Request+    DeleteResourcePolicy (..),+    newDeleteResourcePolicy,++    -- * Request Lenses+    deleteResourcePolicy_resourceArn,++    -- * Destructuring the Response+    DeleteResourcePolicyResponse (..),+    newDeleteResourcePolicyResponse,++    -- * Response Lenses+    deleteResourcePolicyResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDeleteResourcePolicy' smart constructor.+data DeleteResourcePolicy = DeleteResourcePolicy'+  { -- | The Amazon Resource Name (ARN) of the rule group or firewall policy+    -- whose resource policy you want to delete.+    resourceArn :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteResourcePolicy' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'resourceArn', 'deleteResourcePolicy_resourceArn' - The Amazon Resource Name (ARN) of the rule group or firewall policy+-- whose resource policy you want to delete.+newDeleteResourcePolicy ::+  -- | 'resourceArn'+  Prelude.Text ->+  DeleteResourcePolicy+newDeleteResourcePolicy pResourceArn_ =+  DeleteResourcePolicy' {resourceArn = pResourceArn_}++-- | The Amazon Resource Name (ARN) of the rule group or firewall policy+-- whose resource policy you want to delete.+deleteResourcePolicy_resourceArn :: Lens.Lens' DeleteResourcePolicy Prelude.Text+deleteResourcePolicy_resourceArn = Lens.lens (\DeleteResourcePolicy' {resourceArn} -> resourceArn) (\s@DeleteResourcePolicy' {} a -> s {resourceArn = a} :: DeleteResourcePolicy)++instance Core.AWSRequest DeleteResourcePolicy where+  type+    AWSResponse DeleteResourcePolicy =+      DeleteResourcePolicyResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveEmpty+      ( \s h x ->+          DeleteResourcePolicyResponse'+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable DeleteResourcePolicy where+  hashWithSalt _salt DeleteResourcePolicy' {..} =+    _salt `Prelude.hashWithSalt` resourceArn++instance Prelude.NFData DeleteResourcePolicy where+  rnf DeleteResourcePolicy' {..} =+    Prelude.rnf resourceArn++instance Data.ToHeaders DeleteResourcePolicy where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.DeleteResourcePolicy" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON DeleteResourcePolicy where+  toJSON DeleteResourcePolicy' {..} =+    Data.object+      ( Prelude.catMaybes+          [Prelude.Just ("ResourceArn" Data..= resourceArn)]+      )++instance Data.ToPath DeleteResourcePolicy where+  toPath = Prelude.const "/"++instance Data.ToQuery DeleteResourcePolicy where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDeleteResourcePolicyResponse' smart constructor.+data DeleteResourcePolicyResponse = DeleteResourcePolicyResponse'+  { -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteResourcePolicyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'deleteResourcePolicyResponse_httpStatus' - The response's http status code.+newDeleteResourcePolicyResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  DeleteResourcePolicyResponse+newDeleteResourcePolicyResponse pHttpStatus_ =+  DeleteResourcePolicyResponse'+    { httpStatus =+        pHttpStatus_+    }++-- | The response's http status code.+deleteResourcePolicyResponse_httpStatus :: Lens.Lens' DeleteResourcePolicyResponse Prelude.Int+deleteResourcePolicyResponse_httpStatus = Lens.lens (\DeleteResourcePolicyResponse' {httpStatus} -> httpStatus) (\s@DeleteResourcePolicyResponse' {} a -> s {httpStatus = a} :: DeleteResourcePolicyResponse)++instance Prelude.NFData DeleteResourcePolicyResponse where+  rnf DeleteResourcePolicyResponse' {..} =+    Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/DeleteRuleGroup.hs view
@@ -0,0 +1,236 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.DeleteRuleGroup+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Deletes the specified RuleGroup.+module Amazonka.NetworkFirewall.DeleteRuleGroup+  ( -- * Creating a Request+    DeleteRuleGroup (..),+    newDeleteRuleGroup,++    -- * Request Lenses+    deleteRuleGroup_ruleGroupArn,+    deleteRuleGroup_ruleGroupName,+    deleteRuleGroup_type,++    -- * Destructuring the Response+    DeleteRuleGroupResponse (..),+    newDeleteRuleGroupResponse,++    -- * Response Lenses+    deleteRuleGroupResponse_httpStatus,+    deleteRuleGroupResponse_ruleGroupResponse,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDeleteRuleGroup' smart constructor.+data DeleteRuleGroup = DeleteRuleGroup'+  { -- | The Amazon Resource Name (ARN) of the rule group.+    --+    -- You must specify the ARN or the name, and you can specify both.+    ruleGroupArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the rule group. You can\'t change the name of a+    -- rule group after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    ruleGroupName :: Prelude.Maybe Prelude.Text,+    -- | Indicates whether the rule group is stateless or stateful. If the rule+    -- group is stateless, it contains stateless rules. If it is stateful, it+    -- contains stateful rules.+    --+    -- This setting is required for requests that do not include the+    -- @RuleGroupARN@.+    type' :: Prelude.Maybe RuleGroupType+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteRuleGroup' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'ruleGroupArn', 'deleteRuleGroup_ruleGroupArn' - The Amazon Resource Name (ARN) of the rule group.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'ruleGroupName', 'deleteRuleGroup_ruleGroupName' - The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'type'', 'deleteRuleGroup_type' - Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+--+-- This setting is required for requests that do not include the+-- @RuleGroupARN@.+newDeleteRuleGroup ::+  DeleteRuleGroup+newDeleteRuleGroup =+  DeleteRuleGroup'+    { ruleGroupArn = Prelude.Nothing,+      ruleGroupName = Prelude.Nothing,+      type' = Prelude.Nothing+    }++-- | The Amazon Resource Name (ARN) of the rule group.+--+-- You must specify the ARN or the name, and you can specify both.+deleteRuleGroup_ruleGroupArn :: Lens.Lens' DeleteRuleGroup (Prelude.Maybe Prelude.Text)+deleteRuleGroup_ruleGroupArn = Lens.lens (\DeleteRuleGroup' {ruleGroupArn} -> ruleGroupArn) (\s@DeleteRuleGroup' {} a -> s {ruleGroupArn = a} :: DeleteRuleGroup)++-- | The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+deleteRuleGroup_ruleGroupName :: Lens.Lens' DeleteRuleGroup (Prelude.Maybe Prelude.Text)+deleteRuleGroup_ruleGroupName = Lens.lens (\DeleteRuleGroup' {ruleGroupName} -> ruleGroupName) (\s@DeleteRuleGroup' {} a -> s {ruleGroupName = a} :: DeleteRuleGroup)++-- | Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+--+-- This setting is required for requests that do not include the+-- @RuleGroupARN@.+deleteRuleGroup_type :: Lens.Lens' DeleteRuleGroup (Prelude.Maybe RuleGroupType)+deleteRuleGroup_type = Lens.lens (\DeleteRuleGroup' {type'} -> type') (\s@DeleteRuleGroup' {} a -> s {type' = a} :: DeleteRuleGroup)++instance Core.AWSRequest DeleteRuleGroup where+  type+    AWSResponse DeleteRuleGroup =+      DeleteRuleGroupResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          DeleteRuleGroupResponse'+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+            Prelude.<*> (x Data..:> "RuleGroupResponse")+      )++instance Prelude.Hashable DeleteRuleGroup where+  hashWithSalt _salt DeleteRuleGroup' {..} =+    _salt+      `Prelude.hashWithSalt` ruleGroupArn+      `Prelude.hashWithSalt` ruleGroupName+      `Prelude.hashWithSalt` type'++instance Prelude.NFData DeleteRuleGroup where+  rnf DeleteRuleGroup' {..} =+    Prelude.rnf ruleGroupArn+      `Prelude.seq` Prelude.rnf ruleGroupName+      `Prelude.seq` Prelude.rnf type'++instance Data.ToHeaders DeleteRuleGroup where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.DeleteRuleGroup" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON DeleteRuleGroup where+  toJSON DeleteRuleGroup' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("RuleGroupArn" Data..=) Prelude.<$> ruleGroupArn,+            ("RuleGroupName" Data..=) Prelude.<$> ruleGroupName,+            ("Type" Data..=) Prelude.<$> type'+          ]+      )++instance Data.ToPath DeleteRuleGroup where+  toPath = Prelude.const "/"++instance Data.ToQuery DeleteRuleGroup where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDeleteRuleGroupResponse' smart constructor.+data DeleteRuleGroupResponse = DeleteRuleGroupResponse'+  { -- | The response's http status code.+    httpStatus :: Prelude.Int,+    -- | The high-level properties of a rule group. This, along with the+    -- RuleGroup, define the rule group. You can retrieve all objects for a+    -- rule group by calling DescribeRuleGroup.+    ruleGroupResponse :: RuleGroupResponse+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteRuleGroupResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'deleteRuleGroupResponse_httpStatus' - The response's http status code.+--+-- 'ruleGroupResponse', 'deleteRuleGroupResponse_ruleGroupResponse' - The high-level properties of a rule group. This, along with the+-- RuleGroup, define the rule group. You can retrieve all objects for a+-- rule group by calling DescribeRuleGroup.+newDeleteRuleGroupResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  -- | 'ruleGroupResponse'+  RuleGroupResponse ->+  DeleteRuleGroupResponse+newDeleteRuleGroupResponse+  pHttpStatus_+  pRuleGroupResponse_ =+    DeleteRuleGroupResponse'+      { httpStatus = pHttpStatus_,+        ruleGroupResponse = pRuleGroupResponse_+      }++-- | The response's http status code.+deleteRuleGroupResponse_httpStatus :: Lens.Lens' DeleteRuleGroupResponse Prelude.Int+deleteRuleGroupResponse_httpStatus = Lens.lens (\DeleteRuleGroupResponse' {httpStatus} -> httpStatus) (\s@DeleteRuleGroupResponse' {} a -> s {httpStatus = a} :: DeleteRuleGroupResponse)++-- | The high-level properties of a rule group. This, along with the+-- RuleGroup, define the rule group. You can retrieve all objects for a+-- rule group by calling DescribeRuleGroup.+deleteRuleGroupResponse_ruleGroupResponse :: Lens.Lens' DeleteRuleGroupResponse RuleGroupResponse+deleteRuleGroupResponse_ruleGroupResponse = Lens.lens (\DeleteRuleGroupResponse' {ruleGroupResponse} -> ruleGroupResponse) (\s@DeleteRuleGroupResponse' {} a -> s {ruleGroupResponse = a} :: DeleteRuleGroupResponse)++instance Prelude.NFData DeleteRuleGroupResponse where+  rnf DeleteRuleGroupResponse' {..} =+    Prelude.rnf httpStatus+      `Prelude.seq` Prelude.rnf ruleGroupResponse
+ gen/Amazonka/NetworkFirewall/DescribeFirewall.hs view
@@ -0,0 +1,283 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.DescribeFirewall+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns the data objects for the specified firewall.+module Amazonka.NetworkFirewall.DescribeFirewall+  ( -- * Creating a Request+    DescribeFirewall (..),+    newDescribeFirewall,++    -- * Request Lenses+    describeFirewall_firewallArn,+    describeFirewall_firewallName,++    -- * Destructuring the Response+    DescribeFirewallResponse (..),+    newDescribeFirewallResponse,++    -- * Response Lenses+    describeFirewallResponse_firewall,+    describeFirewallResponse_firewallStatus,+    describeFirewallResponse_updateToken,+    describeFirewallResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDescribeFirewall' smart constructor.+data DescribeFirewall = DescribeFirewall'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallName :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeFirewall' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'describeFirewall_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallName', 'describeFirewall_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+newDescribeFirewall ::+  DescribeFirewall+newDescribeFirewall =+  DescribeFirewall'+    { firewallArn = Prelude.Nothing,+      firewallName = Prelude.Nothing+    }++-- | The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+describeFirewall_firewallArn :: Lens.Lens' DescribeFirewall (Prelude.Maybe Prelude.Text)+describeFirewall_firewallArn = Lens.lens (\DescribeFirewall' {firewallArn} -> firewallArn) (\s@DescribeFirewall' {} a -> s {firewallArn = a} :: DescribeFirewall)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+describeFirewall_firewallName :: Lens.Lens' DescribeFirewall (Prelude.Maybe Prelude.Text)+describeFirewall_firewallName = Lens.lens (\DescribeFirewall' {firewallName} -> firewallName) (\s@DescribeFirewall' {} a -> s {firewallName = a} :: DescribeFirewall)++instance Core.AWSRequest DescribeFirewall where+  type+    AWSResponse DescribeFirewall =+      DescribeFirewallResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          DescribeFirewallResponse'+            Prelude.<$> (x Data..?> "Firewall")+            Prelude.<*> (x Data..?> "FirewallStatus")+            Prelude.<*> (x Data..?> "UpdateToken")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable DescribeFirewall where+  hashWithSalt _salt DescribeFirewall' {..} =+    _salt+      `Prelude.hashWithSalt` firewallArn+      `Prelude.hashWithSalt` firewallName++instance Prelude.NFData DescribeFirewall where+  rnf DescribeFirewall' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName++instance Data.ToHeaders DescribeFirewall where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.DescribeFirewall" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON DescribeFirewall where+  toJSON DescribeFirewall' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("FirewallArn" Data..=) Prelude.<$> firewallArn,+            ("FirewallName" Data..=) Prelude.<$> firewallName+          ]+      )++instance Data.ToPath DescribeFirewall where+  toPath = Prelude.const "/"++instance Data.ToQuery DescribeFirewall where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDescribeFirewallResponse' smart constructor.+data DescribeFirewallResponse = DescribeFirewallResponse'+  { -- | The configuration settings for the firewall. These settings include the+    -- firewall policy and the subnets in your VPC to use for the firewall+    -- endpoints.+    firewall :: Prelude.Maybe Firewall,+    -- | Detailed information about the current status of a Firewall. You can+    -- retrieve this for a firewall by calling DescribeFirewall and providing+    -- the firewall name and ARN.+    firewallStatus :: Prelude.Maybe FirewallStatus,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeFirewallResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewall', 'describeFirewallResponse_firewall' - The configuration settings for the firewall. These settings include the+-- firewall policy and the subnets in your VPC to use for the firewall+-- endpoints.+--+-- 'firewallStatus', 'describeFirewallResponse_firewallStatus' - Detailed information about the current status of a Firewall. You can+-- retrieve this for a firewall by calling DescribeFirewall and providing+-- the firewall name and ARN.+--+-- 'updateToken', 'describeFirewallResponse_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'httpStatus', 'describeFirewallResponse_httpStatus' - The response's http status code.+newDescribeFirewallResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  DescribeFirewallResponse+newDescribeFirewallResponse pHttpStatus_ =+  DescribeFirewallResponse'+    { firewall =+        Prelude.Nothing,+      firewallStatus = Prelude.Nothing,+      updateToken = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | The configuration settings for the firewall. These settings include the+-- firewall policy and the subnets in your VPC to use for the firewall+-- endpoints.+describeFirewallResponse_firewall :: Lens.Lens' DescribeFirewallResponse (Prelude.Maybe Firewall)+describeFirewallResponse_firewall = Lens.lens (\DescribeFirewallResponse' {firewall} -> firewall) (\s@DescribeFirewallResponse' {} a -> s {firewall = a} :: DescribeFirewallResponse)++-- | Detailed information about the current status of a Firewall. You can+-- retrieve this for a firewall by calling DescribeFirewall and providing+-- the firewall name and ARN.+describeFirewallResponse_firewallStatus :: Lens.Lens' DescribeFirewallResponse (Prelude.Maybe FirewallStatus)+describeFirewallResponse_firewallStatus = Lens.lens (\DescribeFirewallResponse' {firewallStatus} -> firewallStatus) (\s@DescribeFirewallResponse' {} a -> s {firewallStatus = a} :: DescribeFirewallResponse)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+describeFirewallResponse_updateToken :: Lens.Lens' DescribeFirewallResponse (Prelude.Maybe Prelude.Text)+describeFirewallResponse_updateToken = Lens.lens (\DescribeFirewallResponse' {updateToken} -> updateToken) (\s@DescribeFirewallResponse' {} a -> s {updateToken = a} :: DescribeFirewallResponse)++-- | The response's http status code.+describeFirewallResponse_httpStatus :: Lens.Lens' DescribeFirewallResponse Prelude.Int+describeFirewallResponse_httpStatus = Lens.lens (\DescribeFirewallResponse' {httpStatus} -> httpStatus) (\s@DescribeFirewallResponse' {} a -> s {httpStatus = a} :: DescribeFirewallResponse)++instance Prelude.NFData DescribeFirewallResponse where+  rnf DescribeFirewallResponse' {..} =+    Prelude.rnf firewall+      `Prelude.seq` Prelude.rnf firewallStatus+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/DescribeFirewallPolicy.hs view
@@ -0,0 +1,273 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.DescribeFirewallPolicy+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns the data objects for the specified firewall policy.+module Amazonka.NetworkFirewall.DescribeFirewallPolicy+  ( -- * Creating a Request+    DescribeFirewallPolicy (..),+    newDescribeFirewallPolicy,++    -- * Request Lenses+    describeFirewallPolicy_firewallPolicyArn,+    describeFirewallPolicy_firewallPolicyName,++    -- * Destructuring the Response+    DescribeFirewallPolicyResponse (..),+    newDescribeFirewallPolicyResponse,++    -- * Response Lenses+    describeFirewallPolicyResponse_firewallPolicy,+    describeFirewallPolicyResponse_httpStatus,+    describeFirewallPolicyResponse_updateToken,+    describeFirewallPolicyResponse_firewallPolicyResponse,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDescribeFirewallPolicy' smart constructor.+data DescribeFirewallPolicy = DescribeFirewallPolicy'+  { -- | The Amazon Resource Name (ARN) of the firewall policy.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallPolicyArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall policy. You can\'t change the name+    -- of a firewall policy after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallPolicyName :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeFirewallPolicy' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallPolicyArn', 'describeFirewallPolicy_firewallPolicyArn' - The Amazon Resource Name (ARN) of the firewall policy.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallPolicyName', 'describeFirewallPolicy_firewallPolicyName' - The descriptive name of the firewall policy. You can\'t change the name+-- of a firewall policy after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+newDescribeFirewallPolicy ::+  DescribeFirewallPolicy+newDescribeFirewallPolicy =+  DescribeFirewallPolicy'+    { firewallPolicyArn =+        Prelude.Nothing,+      firewallPolicyName = Prelude.Nothing+    }++-- | The Amazon Resource Name (ARN) of the firewall policy.+--+-- You must specify the ARN or the name, and you can specify both.+describeFirewallPolicy_firewallPolicyArn :: Lens.Lens' DescribeFirewallPolicy (Prelude.Maybe Prelude.Text)+describeFirewallPolicy_firewallPolicyArn = Lens.lens (\DescribeFirewallPolicy' {firewallPolicyArn} -> firewallPolicyArn) (\s@DescribeFirewallPolicy' {} a -> s {firewallPolicyArn = a} :: DescribeFirewallPolicy)++-- | The descriptive name of the firewall policy. You can\'t change the name+-- of a firewall policy after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+describeFirewallPolicy_firewallPolicyName :: Lens.Lens' DescribeFirewallPolicy (Prelude.Maybe Prelude.Text)+describeFirewallPolicy_firewallPolicyName = Lens.lens (\DescribeFirewallPolicy' {firewallPolicyName} -> firewallPolicyName) (\s@DescribeFirewallPolicy' {} a -> s {firewallPolicyName = a} :: DescribeFirewallPolicy)++instance Core.AWSRequest DescribeFirewallPolicy where+  type+    AWSResponse DescribeFirewallPolicy =+      DescribeFirewallPolicyResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          DescribeFirewallPolicyResponse'+            Prelude.<$> (x Data..?> "FirewallPolicy")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+            Prelude.<*> (x Data..:> "UpdateToken")+            Prelude.<*> (x Data..:> "FirewallPolicyResponse")+      )++instance Prelude.Hashable DescribeFirewallPolicy where+  hashWithSalt _salt DescribeFirewallPolicy' {..} =+    _salt+      `Prelude.hashWithSalt` firewallPolicyArn+      `Prelude.hashWithSalt` firewallPolicyName++instance Prelude.NFData DescribeFirewallPolicy where+  rnf DescribeFirewallPolicy' {..} =+    Prelude.rnf firewallPolicyArn+      `Prelude.seq` Prelude.rnf firewallPolicyName++instance Data.ToHeaders DescribeFirewallPolicy where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.DescribeFirewallPolicy" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON DescribeFirewallPolicy where+  toJSON DescribeFirewallPolicy' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("FirewallPolicyArn" Data..=)+              Prelude.<$> firewallPolicyArn,+            ("FirewallPolicyName" Data..=)+              Prelude.<$> firewallPolicyName+          ]+      )++instance Data.ToPath DescribeFirewallPolicy where+  toPath = Prelude.const "/"++instance Data.ToQuery DescribeFirewallPolicy where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDescribeFirewallPolicyResponse' smart constructor.+data DescribeFirewallPolicyResponse = DescribeFirewallPolicyResponse'+  { -- | The policy for the specified firewall policy.+    firewallPolicy :: Prelude.Maybe FirewallPolicy,+    -- | The response's http status code.+    httpStatus :: Prelude.Int,+    -- | A token used for optimistic locking. Network Firewall returns a token to+    -- your requests that access the firewall policy. The token marks the state+    -- of the policy resource at the time of the request.+    --+    -- To make changes to the policy, you provide the token in your request.+    -- Network Firewall uses the token to ensure that the policy hasn\'t+    -- changed since you last retrieved it. If it has changed, the operation+    -- fails with an @InvalidTokenException@. If this happens, retrieve the+    -- firewall policy again to get a current copy of it with current token.+    -- Reapply your changes as needed, then try the operation again using the+    -- new token.+    updateToken :: Prelude.Text,+    -- | The high-level properties of a firewall policy. This, along with the+    -- FirewallPolicy, define the policy. You can retrieve all objects for a+    -- firewall policy by calling DescribeFirewallPolicy.+    firewallPolicyResponse :: FirewallPolicyResponse+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeFirewallPolicyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallPolicy', 'describeFirewallPolicyResponse_firewallPolicy' - The policy for the specified firewall policy.+--+-- 'httpStatus', 'describeFirewallPolicyResponse_httpStatus' - The response's http status code.+--+-- 'updateToken', 'describeFirewallPolicyResponse_updateToken' - A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the firewall policy. The token marks the state+-- of the policy resource at the time of the request.+--+-- To make changes to the policy, you provide the token in your request.+-- Network Firewall uses the token to ensure that the policy hasn\'t+-- changed since you last retrieved it. If it has changed, the operation+-- fails with an @InvalidTokenException@. If this happens, retrieve the+-- firewall policy again to get a current copy of it with current token.+-- Reapply your changes as needed, then try the operation again using the+-- new token.+--+-- 'firewallPolicyResponse', 'describeFirewallPolicyResponse_firewallPolicyResponse' - The high-level properties of a firewall policy. This, along with the+-- FirewallPolicy, define the policy. You can retrieve all objects for a+-- firewall policy by calling DescribeFirewallPolicy.+newDescribeFirewallPolicyResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  -- | 'updateToken'+  Prelude.Text ->+  -- | 'firewallPolicyResponse'+  FirewallPolicyResponse ->+  DescribeFirewallPolicyResponse+newDescribeFirewallPolicyResponse+  pHttpStatus_+  pUpdateToken_+  pFirewallPolicyResponse_ =+    DescribeFirewallPolicyResponse'+      { firewallPolicy =+          Prelude.Nothing,+        httpStatus = pHttpStatus_,+        updateToken = pUpdateToken_,+        firewallPolicyResponse =+          pFirewallPolicyResponse_+      }++-- | The policy for the specified firewall policy.+describeFirewallPolicyResponse_firewallPolicy :: Lens.Lens' DescribeFirewallPolicyResponse (Prelude.Maybe FirewallPolicy)+describeFirewallPolicyResponse_firewallPolicy = Lens.lens (\DescribeFirewallPolicyResponse' {firewallPolicy} -> firewallPolicy) (\s@DescribeFirewallPolicyResponse' {} a -> s {firewallPolicy = a} :: DescribeFirewallPolicyResponse)++-- | The response's http status code.+describeFirewallPolicyResponse_httpStatus :: Lens.Lens' DescribeFirewallPolicyResponse Prelude.Int+describeFirewallPolicyResponse_httpStatus = Lens.lens (\DescribeFirewallPolicyResponse' {httpStatus} -> httpStatus) (\s@DescribeFirewallPolicyResponse' {} a -> s {httpStatus = a} :: DescribeFirewallPolicyResponse)++-- | A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the firewall policy. The token marks the state+-- of the policy resource at the time of the request.+--+-- To make changes to the policy, you provide the token in your request.+-- Network Firewall uses the token to ensure that the policy hasn\'t+-- changed since you last retrieved it. If it has changed, the operation+-- fails with an @InvalidTokenException@. If this happens, retrieve the+-- firewall policy again to get a current copy of it with current token.+-- Reapply your changes as needed, then try the operation again using the+-- new token.+describeFirewallPolicyResponse_updateToken :: Lens.Lens' DescribeFirewallPolicyResponse Prelude.Text+describeFirewallPolicyResponse_updateToken = Lens.lens (\DescribeFirewallPolicyResponse' {updateToken} -> updateToken) (\s@DescribeFirewallPolicyResponse' {} a -> s {updateToken = a} :: DescribeFirewallPolicyResponse)++-- | The high-level properties of a firewall policy. This, along with the+-- FirewallPolicy, define the policy. You can retrieve all objects for a+-- firewall policy by calling DescribeFirewallPolicy.+describeFirewallPolicyResponse_firewallPolicyResponse :: Lens.Lens' DescribeFirewallPolicyResponse FirewallPolicyResponse+describeFirewallPolicyResponse_firewallPolicyResponse = Lens.lens (\DescribeFirewallPolicyResponse' {firewallPolicyResponse} -> firewallPolicyResponse) (\s@DescribeFirewallPolicyResponse' {} a -> s {firewallPolicyResponse = a} :: DescribeFirewallPolicyResponse)++instance+  Prelude.NFData+    DescribeFirewallPolicyResponse+  where+  rnf DescribeFirewallPolicyResponse' {..} =+    Prelude.rnf firewallPolicy+      `Prelude.seq` Prelude.rnf httpStatus+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf firewallPolicyResponse
+ gen/Amazonka/NetworkFirewall/DescribeLoggingConfiguration.hs view
@@ -0,0 +1,218 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.DescribeLoggingConfiguration+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns the logging configuration for the specified firewall.+module Amazonka.NetworkFirewall.DescribeLoggingConfiguration+  ( -- * Creating a Request+    DescribeLoggingConfiguration (..),+    newDescribeLoggingConfiguration,++    -- * Request Lenses+    describeLoggingConfiguration_firewallArn,+    describeLoggingConfiguration_firewallName,++    -- * Destructuring the Response+    DescribeLoggingConfigurationResponse (..),+    newDescribeLoggingConfigurationResponse,++    -- * Response Lenses+    describeLoggingConfigurationResponse_firewallArn,+    describeLoggingConfigurationResponse_loggingConfiguration,+    describeLoggingConfigurationResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDescribeLoggingConfiguration' smart constructor.+data DescribeLoggingConfiguration = DescribeLoggingConfiguration'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallName :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeLoggingConfiguration' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'describeLoggingConfiguration_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallName', 'describeLoggingConfiguration_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+newDescribeLoggingConfiguration ::+  DescribeLoggingConfiguration+newDescribeLoggingConfiguration =+  DescribeLoggingConfiguration'+    { firewallArn =+        Prelude.Nothing,+      firewallName = Prelude.Nothing+    }++-- | The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+describeLoggingConfiguration_firewallArn :: Lens.Lens' DescribeLoggingConfiguration (Prelude.Maybe Prelude.Text)+describeLoggingConfiguration_firewallArn = Lens.lens (\DescribeLoggingConfiguration' {firewallArn} -> firewallArn) (\s@DescribeLoggingConfiguration' {} a -> s {firewallArn = a} :: DescribeLoggingConfiguration)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+describeLoggingConfiguration_firewallName :: Lens.Lens' DescribeLoggingConfiguration (Prelude.Maybe Prelude.Text)+describeLoggingConfiguration_firewallName = Lens.lens (\DescribeLoggingConfiguration' {firewallName} -> firewallName) (\s@DescribeLoggingConfiguration' {} a -> s {firewallName = a} :: DescribeLoggingConfiguration)++instance Core.AWSRequest DescribeLoggingConfiguration where+  type+    AWSResponse DescribeLoggingConfiguration =+      DescribeLoggingConfigurationResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          DescribeLoggingConfigurationResponse'+            Prelude.<$> (x Data..?> "FirewallArn")+            Prelude.<*> (x Data..?> "LoggingConfiguration")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance+  Prelude.Hashable+    DescribeLoggingConfiguration+  where+  hashWithSalt _salt DescribeLoggingConfiguration' {..} =+    _salt+      `Prelude.hashWithSalt` firewallArn+      `Prelude.hashWithSalt` firewallName++instance Prelude.NFData DescribeLoggingConfiguration where+  rnf DescribeLoggingConfiguration' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName++instance Data.ToHeaders DescribeLoggingConfiguration where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.DescribeLoggingConfiguration" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON DescribeLoggingConfiguration where+  toJSON DescribeLoggingConfiguration' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("FirewallArn" Data..=) Prelude.<$> firewallArn,+            ("FirewallName" Data..=) Prelude.<$> firewallName+          ]+      )++instance Data.ToPath DescribeLoggingConfiguration where+  toPath = Prelude.const "/"++instance Data.ToQuery DescribeLoggingConfiguration where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDescribeLoggingConfigurationResponse' smart constructor.+data DescribeLoggingConfigurationResponse = DescribeLoggingConfigurationResponse'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    firewallArn :: Prelude.Maybe Prelude.Text,+    loggingConfiguration :: Prelude.Maybe LoggingConfiguration,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeLoggingConfigurationResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'describeLoggingConfigurationResponse_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- 'loggingConfiguration', 'describeLoggingConfigurationResponse_loggingConfiguration' - Undocumented member.+--+-- 'httpStatus', 'describeLoggingConfigurationResponse_httpStatus' - The response's http status code.+newDescribeLoggingConfigurationResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  DescribeLoggingConfigurationResponse+newDescribeLoggingConfigurationResponse pHttpStatus_ =+  DescribeLoggingConfigurationResponse'+    { firewallArn =+        Prelude.Nothing,+      loggingConfiguration =+        Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | The Amazon Resource Name (ARN) of the firewall.+describeLoggingConfigurationResponse_firewallArn :: Lens.Lens' DescribeLoggingConfigurationResponse (Prelude.Maybe Prelude.Text)+describeLoggingConfigurationResponse_firewallArn = Lens.lens (\DescribeLoggingConfigurationResponse' {firewallArn} -> firewallArn) (\s@DescribeLoggingConfigurationResponse' {} a -> s {firewallArn = a} :: DescribeLoggingConfigurationResponse)++-- | Undocumented member.+describeLoggingConfigurationResponse_loggingConfiguration :: Lens.Lens' DescribeLoggingConfigurationResponse (Prelude.Maybe LoggingConfiguration)+describeLoggingConfigurationResponse_loggingConfiguration = Lens.lens (\DescribeLoggingConfigurationResponse' {loggingConfiguration} -> loggingConfiguration) (\s@DescribeLoggingConfigurationResponse' {} a -> s {loggingConfiguration = a} :: DescribeLoggingConfigurationResponse)++-- | The response's http status code.+describeLoggingConfigurationResponse_httpStatus :: Lens.Lens' DescribeLoggingConfigurationResponse Prelude.Int+describeLoggingConfigurationResponse_httpStatus = Lens.lens (\DescribeLoggingConfigurationResponse' {httpStatus} -> httpStatus) (\s@DescribeLoggingConfigurationResponse' {} a -> s {httpStatus = a} :: DescribeLoggingConfigurationResponse)++instance+  Prelude.NFData+    DescribeLoggingConfigurationResponse+  where+  rnf DescribeLoggingConfigurationResponse' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf loggingConfiguration+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/DescribeResourcePolicy.hs view
@@ -0,0 +1,179 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.DescribeResourcePolicy+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Retrieves a resource policy that you created in a PutResourcePolicy+-- request.+module Amazonka.NetworkFirewall.DescribeResourcePolicy+  ( -- * Creating a Request+    DescribeResourcePolicy (..),+    newDescribeResourcePolicy,++    -- * Request Lenses+    describeResourcePolicy_resourceArn,++    -- * Destructuring the Response+    DescribeResourcePolicyResponse (..),+    newDescribeResourcePolicyResponse,++    -- * Response Lenses+    describeResourcePolicyResponse_policy,+    describeResourcePolicyResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDescribeResourcePolicy' smart constructor.+data DescribeResourcePolicy = DescribeResourcePolicy'+  { -- | The Amazon Resource Name (ARN) of the rule group or firewall policy+    -- whose resource policy you want to retrieve.+    resourceArn :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeResourcePolicy' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'resourceArn', 'describeResourcePolicy_resourceArn' - The Amazon Resource Name (ARN) of the rule group or firewall policy+-- whose resource policy you want to retrieve.+newDescribeResourcePolicy ::+  -- | 'resourceArn'+  Prelude.Text ->+  DescribeResourcePolicy+newDescribeResourcePolicy pResourceArn_ =+  DescribeResourcePolicy'+    { resourceArn =+        pResourceArn_+    }++-- | The Amazon Resource Name (ARN) of the rule group or firewall policy+-- whose resource policy you want to retrieve.+describeResourcePolicy_resourceArn :: Lens.Lens' DescribeResourcePolicy Prelude.Text+describeResourcePolicy_resourceArn = Lens.lens (\DescribeResourcePolicy' {resourceArn} -> resourceArn) (\s@DescribeResourcePolicy' {} a -> s {resourceArn = a} :: DescribeResourcePolicy)++instance Core.AWSRequest DescribeResourcePolicy where+  type+    AWSResponse DescribeResourcePolicy =+      DescribeResourcePolicyResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          DescribeResourcePolicyResponse'+            Prelude.<$> (x Data..?> "Policy")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable DescribeResourcePolicy where+  hashWithSalt _salt DescribeResourcePolicy' {..} =+    _salt `Prelude.hashWithSalt` resourceArn++instance Prelude.NFData DescribeResourcePolicy where+  rnf DescribeResourcePolicy' {..} =+    Prelude.rnf resourceArn++instance Data.ToHeaders DescribeResourcePolicy where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.DescribeResourcePolicy" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON DescribeResourcePolicy where+  toJSON DescribeResourcePolicy' {..} =+    Data.object+      ( Prelude.catMaybes+          [Prelude.Just ("ResourceArn" Data..= resourceArn)]+      )++instance Data.ToPath DescribeResourcePolicy where+  toPath = Prelude.const "/"++instance Data.ToQuery DescribeResourcePolicy where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDescribeResourcePolicyResponse' smart constructor.+data DescribeResourcePolicyResponse = DescribeResourcePolicyResponse'+  { -- | The IAM policy for the resource.+    policy :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeResourcePolicyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'policy', 'describeResourcePolicyResponse_policy' - The IAM policy for the resource.+--+-- 'httpStatus', 'describeResourcePolicyResponse_httpStatus' - The response's http status code.+newDescribeResourcePolicyResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  DescribeResourcePolicyResponse+newDescribeResourcePolicyResponse pHttpStatus_ =+  DescribeResourcePolicyResponse'+    { policy =+        Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | The IAM policy for the resource.+describeResourcePolicyResponse_policy :: Lens.Lens' DescribeResourcePolicyResponse (Prelude.Maybe Prelude.Text)+describeResourcePolicyResponse_policy = Lens.lens (\DescribeResourcePolicyResponse' {policy} -> policy) (\s@DescribeResourcePolicyResponse' {} a -> s {policy = a} :: DescribeResourcePolicyResponse)++-- | The response's http status code.+describeResourcePolicyResponse_httpStatus :: Lens.Lens' DescribeResourcePolicyResponse Prelude.Int+describeResourcePolicyResponse_httpStatus = Lens.lens (\DescribeResourcePolicyResponse' {httpStatus} -> httpStatus) (\s@DescribeResourcePolicyResponse' {} a -> s {httpStatus = a} :: DescribeResourcePolicyResponse)++instance+  Prelude.NFData+    DescribeResourcePolicyResponse+  where+  rnf DescribeResourcePolicyResponse' {..} =+    Prelude.rnf policy+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/DescribeRuleGroup.hs view
@@ -0,0 +1,330 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.DescribeRuleGroup+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns the data objects for the specified rule group.+module Amazonka.NetworkFirewall.DescribeRuleGroup+  ( -- * Creating a Request+    DescribeRuleGroup (..),+    newDescribeRuleGroup,++    -- * Request Lenses+    describeRuleGroup_ruleGroupArn,+    describeRuleGroup_ruleGroupName,+    describeRuleGroup_type,++    -- * Destructuring the Response+    DescribeRuleGroupResponse (..),+    newDescribeRuleGroupResponse,++    -- * Response Lenses+    describeRuleGroupResponse_ruleGroup,+    describeRuleGroupResponse_httpStatus,+    describeRuleGroupResponse_updateToken,+    describeRuleGroupResponse_ruleGroupResponse,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDescribeRuleGroup' smart constructor.+data DescribeRuleGroup = DescribeRuleGroup'+  { -- | The Amazon Resource Name (ARN) of the rule group.+    --+    -- You must specify the ARN or the name, and you can specify both.+    ruleGroupArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the rule group. You can\'t change the name of a+    -- rule group after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    ruleGroupName :: Prelude.Maybe Prelude.Text,+    -- | Indicates whether the rule group is stateless or stateful. If the rule+    -- group is stateless, it contains stateless rules. If it is stateful, it+    -- contains stateful rules.+    --+    -- This setting is required for requests that do not include the+    -- @RuleGroupARN@.+    type' :: Prelude.Maybe RuleGroupType+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeRuleGroup' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'ruleGroupArn', 'describeRuleGroup_ruleGroupArn' - The Amazon Resource Name (ARN) of the rule group.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'ruleGroupName', 'describeRuleGroup_ruleGroupName' - The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'type'', 'describeRuleGroup_type' - Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+--+-- This setting is required for requests that do not include the+-- @RuleGroupARN@.+newDescribeRuleGroup ::+  DescribeRuleGroup+newDescribeRuleGroup =+  DescribeRuleGroup'+    { ruleGroupArn = Prelude.Nothing,+      ruleGroupName = Prelude.Nothing,+      type' = Prelude.Nothing+    }++-- | The Amazon Resource Name (ARN) of the rule group.+--+-- You must specify the ARN or the name, and you can specify both.+describeRuleGroup_ruleGroupArn :: Lens.Lens' DescribeRuleGroup (Prelude.Maybe Prelude.Text)+describeRuleGroup_ruleGroupArn = Lens.lens (\DescribeRuleGroup' {ruleGroupArn} -> ruleGroupArn) (\s@DescribeRuleGroup' {} a -> s {ruleGroupArn = a} :: DescribeRuleGroup)++-- | The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+describeRuleGroup_ruleGroupName :: Lens.Lens' DescribeRuleGroup (Prelude.Maybe Prelude.Text)+describeRuleGroup_ruleGroupName = Lens.lens (\DescribeRuleGroup' {ruleGroupName} -> ruleGroupName) (\s@DescribeRuleGroup' {} a -> s {ruleGroupName = a} :: DescribeRuleGroup)++-- | Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+--+-- This setting is required for requests that do not include the+-- @RuleGroupARN@.+describeRuleGroup_type :: Lens.Lens' DescribeRuleGroup (Prelude.Maybe RuleGroupType)+describeRuleGroup_type = Lens.lens (\DescribeRuleGroup' {type'} -> type') (\s@DescribeRuleGroup' {} a -> s {type' = a} :: DescribeRuleGroup)++instance Core.AWSRequest DescribeRuleGroup where+  type+    AWSResponse DescribeRuleGroup =+      DescribeRuleGroupResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          DescribeRuleGroupResponse'+            Prelude.<$> (x Data..?> "RuleGroup")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+            Prelude.<*> (x Data..:> "UpdateToken")+            Prelude.<*> (x Data..:> "RuleGroupResponse")+      )++instance Prelude.Hashable DescribeRuleGroup where+  hashWithSalt _salt DescribeRuleGroup' {..} =+    _salt+      `Prelude.hashWithSalt` ruleGroupArn+      `Prelude.hashWithSalt` ruleGroupName+      `Prelude.hashWithSalt` type'++instance Prelude.NFData DescribeRuleGroup where+  rnf DescribeRuleGroup' {..} =+    Prelude.rnf ruleGroupArn+      `Prelude.seq` Prelude.rnf ruleGroupName+      `Prelude.seq` Prelude.rnf type'++instance Data.ToHeaders DescribeRuleGroup where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.DescribeRuleGroup" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON DescribeRuleGroup where+  toJSON DescribeRuleGroup' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("RuleGroupArn" Data..=) Prelude.<$> ruleGroupArn,+            ("RuleGroupName" Data..=) Prelude.<$> ruleGroupName,+            ("Type" Data..=) Prelude.<$> type'+          ]+      )++instance Data.ToPath DescribeRuleGroup where+  toPath = Prelude.const "/"++instance Data.ToQuery DescribeRuleGroup where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDescribeRuleGroupResponse' smart constructor.+data DescribeRuleGroupResponse = DescribeRuleGroupResponse'+  { -- | The object that defines the rules in a rule group. This, along with+    -- RuleGroupResponse, define the rule group. You can retrieve all objects+    -- for a rule group by calling DescribeRuleGroup.+    --+    -- Network Firewall uses a rule group to inspect and control network+    -- traffic. You define stateless rule groups to inspect individual packets+    -- and you define stateful rule groups to inspect packets in the context of+    -- their traffic flow.+    --+    -- To use a rule group, you include it by reference in an Network Firewall+    -- firewall policy, then you use the policy in a firewall. You can+    -- reference a rule group from more than one firewall policy, and you can+    -- use a firewall policy in more than one firewall.+    ruleGroup :: Prelude.Maybe RuleGroup,+    -- | The response's http status code.+    httpStatus :: Prelude.Int,+    -- | A token used for optimistic locking. Network Firewall returns a token to+    -- your requests that access the rule group. The token marks the state of+    -- the rule group resource at the time of the request.+    --+    -- To make changes to the rule group, you provide the token in your+    -- request. Network Firewall uses the token to ensure that the rule group+    -- hasn\'t changed since you last retrieved it. If it has changed, the+    -- operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the rule group again to get a current copy of it with a current+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Text,+    -- | The high-level properties of a rule group. This, along with the+    -- RuleGroup, define the rule group. You can retrieve all objects for a+    -- rule group by calling DescribeRuleGroup.+    ruleGroupResponse :: RuleGroupResponse+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeRuleGroupResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'ruleGroup', 'describeRuleGroupResponse_ruleGroup' - The object that defines the rules in a rule group. This, along with+-- RuleGroupResponse, define the rule group. You can retrieve all objects+-- for a rule group by calling DescribeRuleGroup.+--+-- Network Firewall uses a rule group to inspect and control network+-- traffic. You define stateless rule groups to inspect individual packets+-- and you define stateful rule groups to inspect packets in the context of+-- their traffic flow.+--+-- To use a rule group, you include it by reference in an Network Firewall+-- firewall policy, then you use the policy in a firewall. You can+-- reference a rule group from more than one firewall policy, and you can+-- use a firewall policy in more than one firewall.+--+-- 'httpStatus', 'describeRuleGroupResponse_httpStatus' - The response's http status code.+--+-- 'updateToken', 'describeRuleGroupResponse_updateToken' - A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the rule group. The token marks the state of+-- the rule group resource at the time of the request.+--+-- To make changes to the rule group, you provide the token in your+-- request. Network Firewall uses the token to ensure that the rule group+-- hasn\'t changed since you last retrieved it. If it has changed, the+-- operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the rule group again to get a current copy of it with a current+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'ruleGroupResponse', 'describeRuleGroupResponse_ruleGroupResponse' - The high-level properties of a rule group. This, along with the+-- RuleGroup, define the rule group. You can retrieve all objects for a+-- rule group by calling DescribeRuleGroup.+newDescribeRuleGroupResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  -- | 'updateToken'+  Prelude.Text ->+  -- | 'ruleGroupResponse'+  RuleGroupResponse ->+  DescribeRuleGroupResponse+newDescribeRuleGroupResponse+  pHttpStatus_+  pUpdateToken_+  pRuleGroupResponse_ =+    DescribeRuleGroupResponse'+      { ruleGroup =+          Prelude.Nothing,+        httpStatus = pHttpStatus_,+        updateToken = pUpdateToken_,+        ruleGroupResponse = pRuleGroupResponse_+      }++-- | The object that defines the rules in a rule group. This, along with+-- RuleGroupResponse, define the rule group. You can retrieve all objects+-- for a rule group by calling DescribeRuleGroup.+--+-- Network Firewall uses a rule group to inspect and control network+-- traffic. You define stateless rule groups to inspect individual packets+-- and you define stateful rule groups to inspect packets in the context of+-- their traffic flow.+--+-- To use a rule group, you include it by reference in an Network Firewall+-- firewall policy, then you use the policy in a firewall. You can+-- reference a rule group from more than one firewall policy, and you can+-- use a firewall policy in more than one firewall.+describeRuleGroupResponse_ruleGroup :: Lens.Lens' DescribeRuleGroupResponse (Prelude.Maybe RuleGroup)+describeRuleGroupResponse_ruleGroup = Lens.lens (\DescribeRuleGroupResponse' {ruleGroup} -> ruleGroup) (\s@DescribeRuleGroupResponse' {} a -> s {ruleGroup = a} :: DescribeRuleGroupResponse)++-- | The response's http status code.+describeRuleGroupResponse_httpStatus :: Lens.Lens' DescribeRuleGroupResponse Prelude.Int+describeRuleGroupResponse_httpStatus = Lens.lens (\DescribeRuleGroupResponse' {httpStatus} -> httpStatus) (\s@DescribeRuleGroupResponse' {} a -> s {httpStatus = a} :: DescribeRuleGroupResponse)++-- | A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the rule group. The token marks the state of+-- the rule group resource at the time of the request.+--+-- To make changes to the rule group, you provide the token in your+-- request. Network Firewall uses the token to ensure that the rule group+-- hasn\'t changed since you last retrieved it. If it has changed, the+-- operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the rule group again to get a current copy of it with a current+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+describeRuleGroupResponse_updateToken :: Lens.Lens' DescribeRuleGroupResponse Prelude.Text+describeRuleGroupResponse_updateToken = Lens.lens (\DescribeRuleGroupResponse' {updateToken} -> updateToken) (\s@DescribeRuleGroupResponse' {} a -> s {updateToken = a} :: DescribeRuleGroupResponse)++-- | The high-level properties of a rule group. This, along with the+-- RuleGroup, define the rule group. You can retrieve all objects for a+-- rule group by calling DescribeRuleGroup.+describeRuleGroupResponse_ruleGroupResponse :: Lens.Lens' DescribeRuleGroupResponse RuleGroupResponse+describeRuleGroupResponse_ruleGroupResponse = Lens.lens (\DescribeRuleGroupResponse' {ruleGroupResponse} -> ruleGroupResponse) (\s@DescribeRuleGroupResponse' {} a -> s {ruleGroupResponse = a} :: DescribeRuleGroupResponse)++instance Prelude.NFData DescribeRuleGroupResponse where+  rnf DescribeRuleGroupResponse' {..} =+    Prelude.rnf ruleGroup+      `Prelude.seq` Prelude.rnf httpStatus+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf ruleGroupResponse
+ gen/Amazonka/NetworkFirewall/DescribeRuleGroupMetadata.hs view
@@ -0,0 +1,372 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.DescribeRuleGroupMetadata+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- High-level information about a rule group, returned by operations like+-- create and describe. You can use the information provided in the+-- metadata to retrieve and manage a rule group. You can retrieve all+-- objects for a rule group by calling DescribeRuleGroup.+module Amazonka.NetworkFirewall.DescribeRuleGroupMetadata+  ( -- * Creating a Request+    DescribeRuleGroupMetadata (..),+    newDescribeRuleGroupMetadata,++    -- * Request Lenses+    describeRuleGroupMetadata_ruleGroupArn,+    describeRuleGroupMetadata_ruleGroupName,+    describeRuleGroupMetadata_type,++    -- * Destructuring the Response+    DescribeRuleGroupMetadataResponse (..),+    newDescribeRuleGroupMetadataResponse,++    -- * Response Lenses+    describeRuleGroupMetadataResponse_capacity,+    describeRuleGroupMetadataResponse_description,+    describeRuleGroupMetadataResponse_lastModifiedTime,+    describeRuleGroupMetadataResponse_statefulRuleOptions,+    describeRuleGroupMetadataResponse_type,+    describeRuleGroupMetadataResponse_httpStatus,+    describeRuleGroupMetadataResponse_ruleGroupArn,+    describeRuleGroupMetadataResponse_ruleGroupName,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDescribeRuleGroupMetadata' smart constructor.+data DescribeRuleGroupMetadata = DescribeRuleGroupMetadata'+  { -- | The descriptive name of the rule group. You can\'t change the name of a+    -- rule group after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    ruleGroupArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the rule group. You can\'t change the name of a+    -- rule group after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    ruleGroupName :: Prelude.Maybe Prelude.Text,+    -- | Indicates whether the rule group is stateless or stateful. If the rule+    -- group is stateless, it contains stateless rules. If it is stateful, it+    -- contains stateful rules.+    --+    -- This setting is required for requests that do not include the+    -- @RuleGroupARN@.+    type' :: Prelude.Maybe RuleGroupType+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeRuleGroupMetadata' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'ruleGroupArn', 'describeRuleGroupMetadata_ruleGroupArn' - The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'ruleGroupName', 'describeRuleGroupMetadata_ruleGroupName' - The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'type'', 'describeRuleGroupMetadata_type' - Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+--+-- This setting is required for requests that do not include the+-- @RuleGroupARN@.+newDescribeRuleGroupMetadata ::+  DescribeRuleGroupMetadata+newDescribeRuleGroupMetadata =+  DescribeRuleGroupMetadata'+    { ruleGroupArn =+        Prelude.Nothing,+      ruleGroupName = Prelude.Nothing,+      type' = Prelude.Nothing+    }++-- | The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+describeRuleGroupMetadata_ruleGroupArn :: Lens.Lens' DescribeRuleGroupMetadata (Prelude.Maybe Prelude.Text)+describeRuleGroupMetadata_ruleGroupArn = Lens.lens (\DescribeRuleGroupMetadata' {ruleGroupArn} -> ruleGroupArn) (\s@DescribeRuleGroupMetadata' {} a -> s {ruleGroupArn = a} :: DescribeRuleGroupMetadata)++-- | The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+describeRuleGroupMetadata_ruleGroupName :: Lens.Lens' DescribeRuleGroupMetadata (Prelude.Maybe Prelude.Text)+describeRuleGroupMetadata_ruleGroupName = Lens.lens (\DescribeRuleGroupMetadata' {ruleGroupName} -> ruleGroupName) (\s@DescribeRuleGroupMetadata' {} a -> s {ruleGroupName = a} :: DescribeRuleGroupMetadata)++-- | Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+--+-- This setting is required for requests that do not include the+-- @RuleGroupARN@.+describeRuleGroupMetadata_type :: Lens.Lens' DescribeRuleGroupMetadata (Prelude.Maybe RuleGroupType)+describeRuleGroupMetadata_type = Lens.lens (\DescribeRuleGroupMetadata' {type'} -> type') (\s@DescribeRuleGroupMetadata' {} a -> s {type' = a} :: DescribeRuleGroupMetadata)++instance Core.AWSRequest DescribeRuleGroupMetadata where+  type+    AWSResponse DescribeRuleGroupMetadata =+      DescribeRuleGroupMetadataResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          DescribeRuleGroupMetadataResponse'+            Prelude.<$> (x Data..?> "Capacity")+            Prelude.<*> (x Data..?> "Description")+            Prelude.<*> (x Data..?> "LastModifiedTime")+            Prelude.<*> (x Data..?> "StatefulRuleOptions")+            Prelude.<*> (x Data..?> "Type")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+            Prelude.<*> (x Data..:> "RuleGroupArn")+            Prelude.<*> (x Data..:> "RuleGroupName")+      )++instance Prelude.Hashable DescribeRuleGroupMetadata where+  hashWithSalt _salt DescribeRuleGroupMetadata' {..} =+    _salt+      `Prelude.hashWithSalt` ruleGroupArn+      `Prelude.hashWithSalt` ruleGroupName+      `Prelude.hashWithSalt` type'++instance Prelude.NFData DescribeRuleGroupMetadata where+  rnf DescribeRuleGroupMetadata' {..} =+    Prelude.rnf ruleGroupArn+      `Prelude.seq` Prelude.rnf ruleGroupName+      `Prelude.seq` Prelude.rnf type'++instance Data.ToHeaders DescribeRuleGroupMetadata where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.DescribeRuleGroupMetadata" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON DescribeRuleGroupMetadata where+  toJSON DescribeRuleGroupMetadata' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("RuleGroupArn" Data..=) Prelude.<$> ruleGroupArn,+            ("RuleGroupName" Data..=) Prelude.<$> ruleGroupName,+            ("Type" Data..=) Prelude.<$> type'+          ]+      )++instance Data.ToPath DescribeRuleGroupMetadata where+  toPath = Prelude.const "/"++instance Data.ToQuery DescribeRuleGroupMetadata where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDescribeRuleGroupMetadataResponse' smart constructor.+data DescribeRuleGroupMetadataResponse = DescribeRuleGroupMetadataResponse'+  { -- | The maximum operating resources that this rule group can use. Rule group+    -- capacity is fixed at creation. When you update a rule group, you are+    -- limited to this capacity. When you reference a rule group from a+    -- firewall policy, Network Firewall reserves this capacity for the rule+    -- group.+    --+    -- You can retrieve the capacity that would be required for a rule group+    -- before you create the rule group by calling CreateRuleGroup with+    -- @DryRun@ set to @TRUE@.+    capacity :: Prelude.Maybe Prelude.Int,+    -- | Returns the metadata objects for the specified rule group.+    description :: Prelude.Maybe Prelude.Text,+    -- | The last time that the rule group was changed.+    lastModifiedTime :: Prelude.Maybe Data.POSIX,+    statefulRuleOptions :: Prelude.Maybe StatefulRuleOptions,+    -- | Indicates whether the rule group is stateless or stateful. If the rule+    -- group is stateless, it contains stateless rules. If it is stateful, it+    -- contains stateful rules.+    --+    -- This setting is required for requests that do not include the+    -- @RuleGroupARN@.+    type' :: Prelude.Maybe RuleGroupType,+    -- | The response's http status code.+    httpStatus :: Prelude.Int,+    -- | The descriptive name of the rule group. You can\'t change the name of a+    -- rule group after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    ruleGroupArn :: Prelude.Text,+    -- | The descriptive name of the rule group. You can\'t change the name of a+    -- rule group after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    ruleGroupName :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeRuleGroupMetadataResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'capacity', 'describeRuleGroupMetadataResponse_capacity' - The maximum operating resources that this rule group can use. Rule group+-- capacity is fixed at creation. When you update a rule group, you are+-- limited to this capacity. When you reference a rule group from a+-- firewall policy, Network Firewall reserves this capacity for the rule+-- group.+--+-- You can retrieve the capacity that would be required for a rule group+-- before you create the rule group by calling CreateRuleGroup with+-- @DryRun@ set to @TRUE@.+--+-- 'description', 'describeRuleGroupMetadataResponse_description' - Returns the metadata objects for the specified rule group.+--+-- 'lastModifiedTime', 'describeRuleGroupMetadataResponse_lastModifiedTime' - The last time that the rule group was changed.+--+-- 'statefulRuleOptions', 'describeRuleGroupMetadataResponse_statefulRuleOptions' - Undocumented member.+--+-- 'type'', 'describeRuleGroupMetadataResponse_type' - Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+--+-- This setting is required for requests that do not include the+-- @RuleGroupARN@.+--+-- 'httpStatus', 'describeRuleGroupMetadataResponse_httpStatus' - The response's http status code.+--+-- 'ruleGroupArn', 'describeRuleGroupMetadataResponse_ruleGroupArn' - The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'ruleGroupName', 'describeRuleGroupMetadataResponse_ruleGroupName' - The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+newDescribeRuleGroupMetadataResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  -- | 'ruleGroupArn'+  Prelude.Text ->+  -- | 'ruleGroupName'+  Prelude.Text ->+  DescribeRuleGroupMetadataResponse+newDescribeRuleGroupMetadataResponse+  pHttpStatus_+  pRuleGroupArn_+  pRuleGroupName_ =+    DescribeRuleGroupMetadataResponse'+      { capacity =+          Prelude.Nothing,+        description = Prelude.Nothing,+        lastModifiedTime = Prelude.Nothing,+        statefulRuleOptions = Prelude.Nothing,+        type' = Prelude.Nothing,+        httpStatus = pHttpStatus_,+        ruleGroupArn = pRuleGroupArn_,+        ruleGroupName = pRuleGroupName_+      }++-- | The maximum operating resources that this rule group can use. Rule group+-- capacity is fixed at creation. When you update a rule group, you are+-- limited to this capacity. When you reference a rule group from a+-- firewall policy, Network Firewall reserves this capacity for the rule+-- group.+--+-- You can retrieve the capacity that would be required for a rule group+-- before you create the rule group by calling CreateRuleGroup with+-- @DryRun@ set to @TRUE@.+describeRuleGroupMetadataResponse_capacity :: Lens.Lens' DescribeRuleGroupMetadataResponse (Prelude.Maybe Prelude.Int)+describeRuleGroupMetadataResponse_capacity = Lens.lens (\DescribeRuleGroupMetadataResponse' {capacity} -> capacity) (\s@DescribeRuleGroupMetadataResponse' {} a -> s {capacity = a} :: DescribeRuleGroupMetadataResponse)++-- | Returns the metadata objects for the specified rule group.+describeRuleGroupMetadataResponse_description :: Lens.Lens' DescribeRuleGroupMetadataResponse (Prelude.Maybe Prelude.Text)+describeRuleGroupMetadataResponse_description = Lens.lens (\DescribeRuleGroupMetadataResponse' {description} -> description) (\s@DescribeRuleGroupMetadataResponse' {} a -> s {description = a} :: DescribeRuleGroupMetadataResponse)++-- | The last time that the rule group was changed.+describeRuleGroupMetadataResponse_lastModifiedTime :: Lens.Lens' DescribeRuleGroupMetadataResponse (Prelude.Maybe Prelude.UTCTime)+describeRuleGroupMetadataResponse_lastModifiedTime = Lens.lens (\DescribeRuleGroupMetadataResponse' {lastModifiedTime} -> lastModifiedTime) (\s@DescribeRuleGroupMetadataResponse' {} a -> s {lastModifiedTime = a} :: DescribeRuleGroupMetadataResponse) Prelude.. Lens.mapping Data._Time++-- | Undocumented member.+describeRuleGroupMetadataResponse_statefulRuleOptions :: Lens.Lens' DescribeRuleGroupMetadataResponse (Prelude.Maybe StatefulRuleOptions)+describeRuleGroupMetadataResponse_statefulRuleOptions = Lens.lens (\DescribeRuleGroupMetadataResponse' {statefulRuleOptions} -> statefulRuleOptions) (\s@DescribeRuleGroupMetadataResponse' {} a -> s {statefulRuleOptions = a} :: DescribeRuleGroupMetadataResponse)++-- | Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+--+-- This setting is required for requests that do not include the+-- @RuleGroupARN@.+describeRuleGroupMetadataResponse_type :: Lens.Lens' DescribeRuleGroupMetadataResponse (Prelude.Maybe RuleGroupType)+describeRuleGroupMetadataResponse_type = Lens.lens (\DescribeRuleGroupMetadataResponse' {type'} -> type') (\s@DescribeRuleGroupMetadataResponse' {} a -> s {type' = a} :: DescribeRuleGroupMetadataResponse)++-- | The response's http status code.+describeRuleGroupMetadataResponse_httpStatus :: Lens.Lens' DescribeRuleGroupMetadataResponse Prelude.Int+describeRuleGroupMetadataResponse_httpStatus = Lens.lens (\DescribeRuleGroupMetadataResponse' {httpStatus} -> httpStatus) (\s@DescribeRuleGroupMetadataResponse' {} a -> s {httpStatus = a} :: DescribeRuleGroupMetadataResponse)++-- | The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+describeRuleGroupMetadataResponse_ruleGroupArn :: Lens.Lens' DescribeRuleGroupMetadataResponse Prelude.Text+describeRuleGroupMetadataResponse_ruleGroupArn = Lens.lens (\DescribeRuleGroupMetadataResponse' {ruleGroupArn} -> ruleGroupArn) (\s@DescribeRuleGroupMetadataResponse' {} a -> s {ruleGroupArn = a} :: DescribeRuleGroupMetadataResponse)++-- | The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+describeRuleGroupMetadataResponse_ruleGroupName :: Lens.Lens' DescribeRuleGroupMetadataResponse Prelude.Text+describeRuleGroupMetadataResponse_ruleGroupName = Lens.lens (\DescribeRuleGroupMetadataResponse' {ruleGroupName} -> ruleGroupName) (\s@DescribeRuleGroupMetadataResponse' {} a -> s {ruleGroupName = a} :: DescribeRuleGroupMetadataResponse)++instance+  Prelude.NFData+    DescribeRuleGroupMetadataResponse+  where+  rnf DescribeRuleGroupMetadataResponse' {..} =+    Prelude.rnf capacity+      `Prelude.seq` Prelude.rnf description+      `Prelude.seq` Prelude.rnf lastModifiedTime+      `Prelude.seq` Prelude.rnf statefulRuleOptions+      `Prelude.seq` Prelude.rnf type'+      `Prelude.seq` Prelude.rnf httpStatus+      `Prelude.seq` Prelude.rnf ruleGroupArn+      `Prelude.seq` Prelude.rnf ruleGroupName
+ gen/Amazonka/NetworkFirewall/DisassociateSubnets.hs view
@@ -0,0 +1,362 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.DisassociateSubnets+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Removes the specified subnet associations from the firewall. This+-- removes the firewall endpoints from the subnets and removes any network+-- filtering protections that the endpoints were providing.+module Amazonka.NetworkFirewall.DisassociateSubnets+  ( -- * Creating a Request+    DisassociateSubnets (..),+    newDisassociateSubnets,++    -- * Request Lenses+    disassociateSubnets_firewallArn,+    disassociateSubnets_firewallName,+    disassociateSubnets_updateToken,+    disassociateSubnets_subnetIds,++    -- * Destructuring the Response+    DisassociateSubnetsResponse (..),+    newDisassociateSubnetsResponse,++    -- * Response Lenses+    disassociateSubnetsResponse_firewallArn,+    disassociateSubnetsResponse_firewallName,+    disassociateSubnetsResponse_subnetMappings,+    disassociateSubnetsResponse_updateToken,+    disassociateSubnetsResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDisassociateSubnets' smart constructor.+data DisassociateSubnets = DisassociateSubnets'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | The unique identifiers for the subnets that you want to disassociate.+    subnetIds :: [Prelude.Text]+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DisassociateSubnets' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'disassociateSubnets_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallName', 'disassociateSubnets_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'updateToken', 'disassociateSubnets_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'subnetIds', 'disassociateSubnets_subnetIds' - The unique identifiers for the subnets that you want to disassociate.+newDisassociateSubnets ::+  DisassociateSubnets+newDisassociateSubnets =+  DisassociateSubnets'+    { firewallArn = Prelude.Nothing,+      firewallName = Prelude.Nothing,+      updateToken = Prelude.Nothing,+      subnetIds = Prelude.mempty+    }++-- | The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+disassociateSubnets_firewallArn :: Lens.Lens' DisassociateSubnets (Prelude.Maybe Prelude.Text)+disassociateSubnets_firewallArn = Lens.lens (\DisassociateSubnets' {firewallArn} -> firewallArn) (\s@DisassociateSubnets' {} a -> s {firewallArn = a} :: DisassociateSubnets)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+disassociateSubnets_firewallName :: Lens.Lens' DisassociateSubnets (Prelude.Maybe Prelude.Text)+disassociateSubnets_firewallName = Lens.lens (\DisassociateSubnets' {firewallName} -> firewallName) (\s@DisassociateSubnets' {} a -> s {firewallName = a} :: DisassociateSubnets)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+disassociateSubnets_updateToken :: Lens.Lens' DisassociateSubnets (Prelude.Maybe Prelude.Text)+disassociateSubnets_updateToken = Lens.lens (\DisassociateSubnets' {updateToken} -> updateToken) (\s@DisassociateSubnets' {} a -> s {updateToken = a} :: DisassociateSubnets)++-- | The unique identifiers for the subnets that you want to disassociate.+disassociateSubnets_subnetIds :: Lens.Lens' DisassociateSubnets [Prelude.Text]+disassociateSubnets_subnetIds = Lens.lens (\DisassociateSubnets' {subnetIds} -> subnetIds) (\s@DisassociateSubnets' {} a -> s {subnetIds = a} :: DisassociateSubnets) Prelude.. Lens.coerced++instance Core.AWSRequest DisassociateSubnets where+  type+    AWSResponse DisassociateSubnets =+      DisassociateSubnetsResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          DisassociateSubnetsResponse'+            Prelude.<$> (x Data..?> "FirewallArn")+            Prelude.<*> (x Data..?> "FirewallName")+            Prelude.<*> (x Data..?> "SubnetMappings" Core..!@ Prelude.mempty)+            Prelude.<*> (x Data..?> "UpdateToken")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable DisassociateSubnets where+  hashWithSalt _salt DisassociateSubnets' {..} =+    _salt+      `Prelude.hashWithSalt` firewallArn+      `Prelude.hashWithSalt` firewallName+      `Prelude.hashWithSalt` updateToken+      `Prelude.hashWithSalt` subnetIds++instance Prelude.NFData DisassociateSubnets where+  rnf DisassociateSubnets' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf subnetIds++instance Data.ToHeaders DisassociateSubnets where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.DisassociateSubnets" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON DisassociateSubnets where+  toJSON DisassociateSubnets' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("FirewallArn" Data..=) Prelude.<$> firewallArn,+            ("FirewallName" Data..=) Prelude.<$> firewallName,+            ("UpdateToken" Data..=) Prelude.<$> updateToken,+            Prelude.Just ("SubnetIds" Data..= subnetIds)+          ]+      )++instance Data.ToPath DisassociateSubnets where+  toPath = Prelude.const "/"++instance Data.ToQuery DisassociateSubnets where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDisassociateSubnetsResponse' smart constructor.+data DisassociateSubnetsResponse = DisassociateSubnetsResponse'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | The IDs of the subnets that are associated with the firewall.+    subnetMappings :: Prelude.Maybe [SubnetMapping],+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DisassociateSubnetsResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'disassociateSubnetsResponse_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- 'firewallName', 'disassociateSubnetsResponse_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- 'subnetMappings', 'disassociateSubnetsResponse_subnetMappings' - The IDs of the subnets that are associated with the firewall.+--+-- 'updateToken', 'disassociateSubnetsResponse_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'httpStatus', 'disassociateSubnetsResponse_httpStatus' - The response's http status code.+newDisassociateSubnetsResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  DisassociateSubnetsResponse+newDisassociateSubnetsResponse pHttpStatus_ =+  DisassociateSubnetsResponse'+    { firewallArn =+        Prelude.Nothing,+      firewallName = Prelude.Nothing,+      subnetMappings = Prelude.Nothing,+      updateToken = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | The Amazon Resource Name (ARN) of the firewall.+disassociateSubnetsResponse_firewallArn :: Lens.Lens' DisassociateSubnetsResponse (Prelude.Maybe Prelude.Text)+disassociateSubnetsResponse_firewallArn = Lens.lens (\DisassociateSubnetsResponse' {firewallArn} -> firewallArn) (\s@DisassociateSubnetsResponse' {} a -> s {firewallArn = a} :: DisassociateSubnetsResponse)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+disassociateSubnetsResponse_firewallName :: Lens.Lens' DisassociateSubnetsResponse (Prelude.Maybe Prelude.Text)+disassociateSubnetsResponse_firewallName = Lens.lens (\DisassociateSubnetsResponse' {firewallName} -> firewallName) (\s@DisassociateSubnetsResponse' {} a -> s {firewallName = a} :: DisassociateSubnetsResponse)++-- | The IDs of the subnets that are associated with the firewall.+disassociateSubnetsResponse_subnetMappings :: Lens.Lens' DisassociateSubnetsResponse (Prelude.Maybe [SubnetMapping])+disassociateSubnetsResponse_subnetMappings = Lens.lens (\DisassociateSubnetsResponse' {subnetMappings} -> subnetMappings) (\s@DisassociateSubnetsResponse' {} a -> s {subnetMappings = a} :: DisassociateSubnetsResponse) Prelude.. Lens.mapping Lens.coerced++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+disassociateSubnetsResponse_updateToken :: Lens.Lens' DisassociateSubnetsResponse (Prelude.Maybe Prelude.Text)+disassociateSubnetsResponse_updateToken = Lens.lens (\DisassociateSubnetsResponse' {updateToken} -> updateToken) (\s@DisassociateSubnetsResponse' {} a -> s {updateToken = a} :: DisassociateSubnetsResponse)++-- | The response's http status code.+disassociateSubnetsResponse_httpStatus :: Lens.Lens' DisassociateSubnetsResponse Prelude.Int+disassociateSubnetsResponse_httpStatus = Lens.lens (\DisassociateSubnetsResponse' {httpStatus} -> httpStatus) (\s@DisassociateSubnetsResponse' {} a -> s {httpStatus = a} :: DisassociateSubnetsResponse)++instance Prelude.NFData DisassociateSubnetsResponse where+  rnf DisassociateSubnetsResponse' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf subnetMappings+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/Lens.hs view
@@ -0,0 +1,616 @@+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Lens+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Lens+  ( -- * Operations++    -- ** AssociateFirewallPolicy+    associateFirewallPolicy_firewallArn,+    associateFirewallPolicy_firewallName,+    associateFirewallPolicy_updateToken,+    associateFirewallPolicy_firewallPolicyArn,+    associateFirewallPolicyResponse_firewallArn,+    associateFirewallPolicyResponse_firewallName,+    associateFirewallPolicyResponse_firewallPolicyArn,+    associateFirewallPolicyResponse_updateToken,+    associateFirewallPolicyResponse_httpStatus,++    -- ** AssociateSubnets+    associateSubnets_firewallArn,+    associateSubnets_firewallName,+    associateSubnets_updateToken,+    associateSubnets_subnetMappings,+    associateSubnetsResponse_firewallArn,+    associateSubnetsResponse_firewallName,+    associateSubnetsResponse_subnetMappings,+    associateSubnetsResponse_updateToken,+    associateSubnetsResponse_httpStatus,++    -- ** CreateFirewall+    createFirewall_deleteProtection,+    createFirewall_description,+    createFirewall_encryptionConfiguration,+    createFirewall_firewallPolicyChangeProtection,+    createFirewall_subnetChangeProtection,+    createFirewall_tags,+    createFirewall_firewallName,+    createFirewall_firewallPolicyArn,+    createFirewall_vpcId,+    createFirewall_subnetMappings,+    createFirewallResponse_firewall,+    createFirewallResponse_firewallStatus,+    createFirewallResponse_httpStatus,++    -- ** CreateFirewallPolicy+    createFirewallPolicy_description,+    createFirewallPolicy_dryRun,+    createFirewallPolicy_encryptionConfiguration,+    createFirewallPolicy_tags,+    createFirewallPolicy_firewallPolicyName,+    createFirewallPolicy_firewallPolicy,+    createFirewallPolicyResponse_httpStatus,+    createFirewallPolicyResponse_updateToken,+    createFirewallPolicyResponse_firewallPolicyResponse,++    -- ** CreateRuleGroup+    createRuleGroup_description,+    createRuleGroup_dryRun,+    createRuleGroup_encryptionConfiguration,+    createRuleGroup_ruleGroup,+    createRuleGroup_rules,+    createRuleGroup_sourceMetadata,+    createRuleGroup_tags,+    createRuleGroup_ruleGroupName,+    createRuleGroup_type,+    createRuleGroup_capacity,+    createRuleGroupResponse_httpStatus,+    createRuleGroupResponse_updateToken,+    createRuleGroupResponse_ruleGroupResponse,++    -- ** DeleteFirewall+    deleteFirewall_firewallArn,+    deleteFirewall_firewallName,+    deleteFirewallResponse_firewall,+    deleteFirewallResponse_firewallStatus,+    deleteFirewallResponse_httpStatus,++    -- ** DeleteFirewallPolicy+    deleteFirewallPolicy_firewallPolicyArn,+    deleteFirewallPolicy_firewallPolicyName,+    deleteFirewallPolicyResponse_httpStatus,+    deleteFirewallPolicyResponse_firewallPolicyResponse,++    -- ** DeleteResourcePolicy+    deleteResourcePolicy_resourceArn,+    deleteResourcePolicyResponse_httpStatus,++    -- ** DeleteRuleGroup+    deleteRuleGroup_ruleGroupArn,+    deleteRuleGroup_ruleGroupName,+    deleteRuleGroup_type,+    deleteRuleGroupResponse_httpStatus,+    deleteRuleGroupResponse_ruleGroupResponse,++    -- ** DescribeFirewall+    describeFirewall_firewallArn,+    describeFirewall_firewallName,+    describeFirewallResponse_firewall,+    describeFirewallResponse_firewallStatus,+    describeFirewallResponse_updateToken,+    describeFirewallResponse_httpStatus,++    -- ** DescribeFirewallPolicy+    describeFirewallPolicy_firewallPolicyArn,+    describeFirewallPolicy_firewallPolicyName,+    describeFirewallPolicyResponse_firewallPolicy,+    describeFirewallPolicyResponse_httpStatus,+    describeFirewallPolicyResponse_updateToken,+    describeFirewallPolicyResponse_firewallPolicyResponse,++    -- ** DescribeLoggingConfiguration+    describeLoggingConfiguration_firewallArn,+    describeLoggingConfiguration_firewallName,+    describeLoggingConfigurationResponse_firewallArn,+    describeLoggingConfigurationResponse_loggingConfiguration,+    describeLoggingConfigurationResponse_httpStatus,++    -- ** DescribeResourcePolicy+    describeResourcePolicy_resourceArn,+    describeResourcePolicyResponse_policy,+    describeResourcePolicyResponse_httpStatus,++    -- ** DescribeRuleGroup+    describeRuleGroup_ruleGroupArn,+    describeRuleGroup_ruleGroupName,+    describeRuleGroup_type,+    describeRuleGroupResponse_ruleGroup,+    describeRuleGroupResponse_httpStatus,+    describeRuleGroupResponse_updateToken,+    describeRuleGroupResponse_ruleGroupResponse,++    -- ** DescribeRuleGroupMetadata+    describeRuleGroupMetadata_ruleGroupArn,+    describeRuleGroupMetadata_ruleGroupName,+    describeRuleGroupMetadata_type,+    describeRuleGroupMetadataResponse_capacity,+    describeRuleGroupMetadataResponse_description,+    describeRuleGroupMetadataResponse_lastModifiedTime,+    describeRuleGroupMetadataResponse_statefulRuleOptions,+    describeRuleGroupMetadataResponse_type,+    describeRuleGroupMetadataResponse_httpStatus,+    describeRuleGroupMetadataResponse_ruleGroupArn,+    describeRuleGroupMetadataResponse_ruleGroupName,++    -- ** DisassociateSubnets+    disassociateSubnets_firewallArn,+    disassociateSubnets_firewallName,+    disassociateSubnets_updateToken,+    disassociateSubnets_subnetIds,+    disassociateSubnetsResponse_firewallArn,+    disassociateSubnetsResponse_firewallName,+    disassociateSubnetsResponse_subnetMappings,+    disassociateSubnetsResponse_updateToken,+    disassociateSubnetsResponse_httpStatus,++    -- ** ListFirewallPolicies+    listFirewallPolicies_maxResults,+    listFirewallPolicies_nextToken,+    listFirewallPoliciesResponse_firewallPolicies,+    listFirewallPoliciesResponse_nextToken,+    listFirewallPoliciesResponse_httpStatus,++    -- ** ListFirewalls+    listFirewalls_maxResults,+    listFirewalls_nextToken,+    listFirewalls_vpcIds,+    listFirewallsResponse_firewalls,+    listFirewallsResponse_nextToken,+    listFirewallsResponse_httpStatus,++    -- ** ListRuleGroups+    listRuleGroups_managedType,+    listRuleGroups_maxResults,+    listRuleGroups_nextToken,+    listRuleGroups_scope,+    listRuleGroups_type,+    listRuleGroupsResponse_nextToken,+    listRuleGroupsResponse_ruleGroups,+    listRuleGroupsResponse_httpStatus,++    -- ** ListTagsForResource+    listTagsForResource_maxResults,+    listTagsForResource_nextToken,+    listTagsForResource_resourceArn,+    listTagsForResourceResponse_nextToken,+    listTagsForResourceResponse_tags,+    listTagsForResourceResponse_httpStatus,++    -- ** PutResourcePolicy+    putResourcePolicy_resourceArn,+    putResourcePolicy_policy,+    putResourcePolicyResponse_httpStatus,++    -- ** TagResource+    tagResource_resourceArn,+    tagResource_tags,+    tagResourceResponse_httpStatus,++    -- ** UntagResource+    untagResource_resourceArn,+    untagResource_tagKeys,+    untagResourceResponse_httpStatus,++    -- ** UpdateFirewallDeleteProtection+    updateFirewallDeleteProtection_firewallArn,+    updateFirewallDeleteProtection_firewallName,+    updateFirewallDeleteProtection_updateToken,+    updateFirewallDeleteProtection_deleteProtection,+    updateFirewallDeleteProtectionResponse_deleteProtection,+    updateFirewallDeleteProtectionResponse_firewallArn,+    updateFirewallDeleteProtectionResponse_firewallName,+    updateFirewallDeleteProtectionResponse_updateToken,+    updateFirewallDeleteProtectionResponse_httpStatus,++    -- ** UpdateFirewallDescription+    updateFirewallDescription_description,+    updateFirewallDescription_firewallArn,+    updateFirewallDescription_firewallName,+    updateFirewallDescription_updateToken,+    updateFirewallDescriptionResponse_description,+    updateFirewallDescriptionResponse_firewallArn,+    updateFirewallDescriptionResponse_firewallName,+    updateFirewallDescriptionResponse_updateToken,+    updateFirewallDescriptionResponse_httpStatus,++    -- ** UpdateFirewallEncryptionConfiguration+    updateFirewallEncryptionConfiguration_encryptionConfiguration,+    updateFirewallEncryptionConfiguration_firewallArn,+    updateFirewallEncryptionConfiguration_firewallName,+    updateFirewallEncryptionConfiguration_updateToken,+    updateFirewallEncryptionConfigurationResponse_encryptionConfiguration,+    updateFirewallEncryptionConfigurationResponse_firewallArn,+    updateFirewallEncryptionConfigurationResponse_firewallName,+    updateFirewallEncryptionConfigurationResponse_updateToken,+    updateFirewallEncryptionConfigurationResponse_httpStatus,++    -- ** UpdateFirewallPolicy+    updateFirewallPolicy_description,+    updateFirewallPolicy_dryRun,+    updateFirewallPolicy_encryptionConfiguration,+    updateFirewallPolicy_firewallPolicyArn,+    updateFirewallPolicy_firewallPolicyName,+    updateFirewallPolicy_updateToken,+    updateFirewallPolicy_firewallPolicy,+    updateFirewallPolicyResponse_httpStatus,+    updateFirewallPolicyResponse_updateToken,+    updateFirewallPolicyResponse_firewallPolicyResponse,++    -- ** UpdateFirewallPolicyChangeProtection+    updateFirewallPolicyChangeProtection_firewallArn,+    updateFirewallPolicyChangeProtection_firewallName,+    updateFirewallPolicyChangeProtection_updateToken,+    updateFirewallPolicyChangeProtection_firewallPolicyChangeProtection,+    updateFirewallPolicyChangeProtectionResponse_firewallArn,+    updateFirewallPolicyChangeProtectionResponse_firewallName,+    updateFirewallPolicyChangeProtectionResponse_firewallPolicyChangeProtection,+    updateFirewallPolicyChangeProtectionResponse_updateToken,+    updateFirewallPolicyChangeProtectionResponse_httpStatus,++    -- ** UpdateLoggingConfiguration+    updateLoggingConfiguration_firewallArn,+    updateLoggingConfiguration_firewallName,+    updateLoggingConfiguration_loggingConfiguration,+    updateLoggingConfigurationResponse_firewallArn,+    updateLoggingConfigurationResponse_firewallName,+    updateLoggingConfigurationResponse_loggingConfiguration,+    updateLoggingConfigurationResponse_httpStatus,++    -- ** UpdateRuleGroup+    updateRuleGroup_description,+    updateRuleGroup_dryRun,+    updateRuleGroup_encryptionConfiguration,+    updateRuleGroup_ruleGroup,+    updateRuleGroup_ruleGroupArn,+    updateRuleGroup_ruleGroupName,+    updateRuleGroup_rules,+    updateRuleGroup_sourceMetadata,+    updateRuleGroup_type,+    updateRuleGroup_updateToken,+    updateRuleGroupResponse_httpStatus,+    updateRuleGroupResponse_updateToken,+    updateRuleGroupResponse_ruleGroupResponse,++    -- ** UpdateSubnetChangeProtection+    updateSubnetChangeProtection_firewallArn,+    updateSubnetChangeProtection_firewallName,+    updateSubnetChangeProtection_updateToken,+    updateSubnetChangeProtection_subnetChangeProtection,+    updateSubnetChangeProtectionResponse_firewallArn,+    updateSubnetChangeProtectionResponse_firewallName,+    updateSubnetChangeProtectionResponse_subnetChangeProtection,+    updateSubnetChangeProtectionResponse_updateToken,+    updateSubnetChangeProtectionResponse_httpStatus,++    -- * Types++    -- ** ActionDefinition+    actionDefinition_publishMetricAction,++    -- ** Address+    address_addressDefinition,++    -- ** Attachment+    attachment_endpointId,+    attachment_status,+    attachment_statusMessage,+    attachment_subnetId,++    -- ** CIDRSummary+    cIDRSummary_availableCIDRCount,+    cIDRSummary_iPSetReferences,+    cIDRSummary_utilizedCIDRCount,++    -- ** CapacityUsageSummary+    capacityUsageSummary_cIDRs,++    -- ** CustomAction+    customAction_actionName,+    customAction_actionDefinition,++    -- ** Dimension+    dimension_value,++    -- ** EncryptionConfiguration+    encryptionConfiguration_keyId,+    encryptionConfiguration_type,++    -- ** Firewall+    firewall_deleteProtection,+    firewall_description,+    firewall_encryptionConfiguration,+    firewall_firewallArn,+    firewall_firewallName,+    firewall_firewallPolicyChangeProtection,+    firewall_subnetChangeProtection,+    firewall_tags,+    firewall_firewallPolicyArn,+    firewall_vpcId,+    firewall_subnetMappings,+    firewall_firewallId,++    -- ** FirewallMetadata+    firewallMetadata_firewallArn,+    firewallMetadata_firewallName,++    -- ** FirewallPolicy+    firewallPolicy_statefulDefaultActions,+    firewallPolicy_statefulEngineOptions,+    firewallPolicy_statefulRuleGroupReferences,+    firewallPolicy_statelessCustomActions,+    firewallPolicy_statelessRuleGroupReferences,+    firewallPolicy_statelessDefaultActions,+    firewallPolicy_statelessFragmentDefaultActions,++    -- ** FirewallPolicyMetadata+    firewallPolicyMetadata_arn,+    firewallPolicyMetadata_name,++    -- ** FirewallPolicyResponse+    firewallPolicyResponse_consumedStatefulRuleCapacity,+    firewallPolicyResponse_consumedStatelessRuleCapacity,+    firewallPolicyResponse_description,+    firewallPolicyResponse_encryptionConfiguration,+    firewallPolicyResponse_firewallPolicyStatus,+    firewallPolicyResponse_lastModifiedTime,+    firewallPolicyResponse_numberOfAssociations,+    firewallPolicyResponse_tags,+    firewallPolicyResponse_firewallPolicyName,+    firewallPolicyResponse_firewallPolicyArn,+    firewallPolicyResponse_firewallPolicyId,++    -- ** FirewallStatus+    firewallStatus_capacityUsageSummary,+    firewallStatus_syncStates,+    firewallStatus_status,+    firewallStatus_configurationSyncStateSummary,++    -- ** Header+    header_protocol,+    header_source,+    header_sourcePort,+    header_direction,+    header_destination,+    header_destinationPort,++    -- ** IPSet+    iPSet_definition,++    -- ** IPSetMetadata+    iPSetMetadata_resolvedCIDRCount,++    -- ** IPSetReference+    iPSetReference_referenceArn,++    -- ** LogDestinationConfig+    logDestinationConfig_logType,+    logDestinationConfig_logDestinationType,+    logDestinationConfig_logDestination,++    -- ** LoggingConfiguration+    loggingConfiguration_logDestinationConfigs,++    -- ** MatchAttributes+    matchAttributes_destinationPorts,+    matchAttributes_destinations,+    matchAttributes_protocols,+    matchAttributes_sourcePorts,+    matchAttributes_sources,+    matchAttributes_tCPFlags,++    -- ** PerObjectStatus+    perObjectStatus_syncStatus,+    perObjectStatus_updateToken,++    -- ** PortRange+    portRange_fromPort,+    portRange_toPort,++    -- ** PortSet+    portSet_definition,++    -- ** PublishMetricAction+    publishMetricAction_dimensions,++    -- ** ReferenceSets+    referenceSets_iPSetReferences,++    -- ** RuleDefinition+    ruleDefinition_matchAttributes,+    ruleDefinition_actions,++    -- ** RuleGroup+    ruleGroup_referenceSets,+    ruleGroup_ruleVariables,+    ruleGroup_statefulRuleOptions,+    ruleGroup_rulesSource,++    -- ** RuleGroupMetadata+    ruleGroupMetadata_arn,+    ruleGroupMetadata_name,++    -- ** RuleGroupResponse+    ruleGroupResponse_capacity,+    ruleGroupResponse_consumedCapacity,+    ruleGroupResponse_description,+    ruleGroupResponse_encryptionConfiguration,+    ruleGroupResponse_lastModifiedTime,+    ruleGroupResponse_numberOfAssociations,+    ruleGroupResponse_ruleGroupStatus,+    ruleGroupResponse_snsTopic,+    ruleGroupResponse_sourceMetadata,+    ruleGroupResponse_tags,+    ruleGroupResponse_type,+    ruleGroupResponse_ruleGroupArn,+    ruleGroupResponse_ruleGroupName,+    ruleGroupResponse_ruleGroupId,++    -- ** RuleOption+    ruleOption_settings,+    ruleOption_keyword,++    -- ** RuleVariables+    ruleVariables_iPSets,+    ruleVariables_portSets,++    -- ** RulesSource+    rulesSource_rulesSourceList,+    rulesSource_rulesString,+    rulesSource_statefulRules,+    rulesSource_statelessRulesAndCustomActions,++    -- ** RulesSourceList+    rulesSourceList_targets,+    rulesSourceList_targetTypes,+    rulesSourceList_generatedRulesType,++    -- ** SourceMetadata+    sourceMetadata_sourceArn,+    sourceMetadata_sourceUpdateToken,++    -- ** StatefulEngineOptions+    statefulEngineOptions_ruleOrder,+    statefulEngineOptions_streamExceptionPolicy,++    -- ** StatefulRule+    statefulRule_action,+    statefulRule_header,+    statefulRule_ruleOptions,++    -- ** StatefulRuleGroupOverride+    statefulRuleGroupOverride_action,++    -- ** StatefulRuleGroupReference+    statefulRuleGroupReference_override,+    statefulRuleGroupReference_priority,+    statefulRuleGroupReference_resourceArn,++    -- ** StatefulRuleOptions+    statefulRuleOptions_ruleOrder,++    -- ** StatelessRule+    statelessRule_ruleDefinition,+    statelessRule_priority,++    -- ** StatelessRuleGroupReference+    statelessRuleGroupReference_resourceArn,+    statelessRuleGroupReference_priority,++    -- ** StatelessRulesAndCustomActions+    statelessRulesAndCustomActions_customActions,+    statelessRulesAndCustomActions_statelessRules,++    -- ** SubnetMapping+    subnetMapping_subnetId,++    -- ** SyncState+    syncState_attachment,+    syncState_config,++    -- ** TCPFlagField+    tCPFlagField_masks,+    tCPFlagField_flags,++    -- ** Tag+    tag_key,+    tag_value,+  )+where++import Amazonka.NetworkFirewall.AssociateFirewallPolicy+import Amazonka.NetworkFirewall.AssociateSubnets+import Amazonka.NetworkFirewall.CreateFirewall+import Amazonka.NetworkFirewall.CreateFirewallPolicy+import Amazonka.NetworkFirewall.CreateRuleGroup+import Amazonka.NetworkFirewall.DeleteFirewall+import Amazonka.NetworkFirewall.DeleteFirewallPolicy+import Amazonka.NetworkFirewall.DeleteResourcePolicy+import Amazonka.NetworkFirewall.DeleteRuleGroup+import Amazonka.NetworkFirewall.DescribeFirewall+import Amazonka.NetworkFirewall.DescribeFirewallPolicy+import Amazonka.NetworkFirewall.DescribeLoggingConfiguration+import Amazonka.NetworkFirewall.DescribeResourcePolicy+import Amazonka.NetworkFirewall.DescribeRuleGroup+import Amazonka.NetworkFirewall.DescribeRuleGroupMetadata+import Amazonka.NetworkFirewall.DisassociateSubnets+import Amazonka.NetworkFirewall.ListFirewallPolicies+import Amazonka.NetworkFirewall.ListFirewalls+import Amazonka.NetworkFirewall.ListRuleGroups+import Amazonka.NetworkFirewall.ListTagsForResource+import Amazonka.NetworkFirewall.PutResourcePolicy+import Amazonka.NetworkFirewall.TagResource+import Amazonka.NetworkFirewall.Types.ActionDefinition+import Amazonka.NetworkFirewall.Types.Address+import Amazonka.NetworkFirewall.Types.Attachment+import Amazonka.NetworkFirewall.Types.CIDRSummary+import Amazonka.NetworkFirewall.Types.CapacityUsageSummary+import Amazonka.NetworkFirewall.Types.CustomAction+import Amazonka.NetworkFirewall.Types.Dimension+import Amazonka.NetworkFirewall.Types.EncryptionConfiguration+import Amazonka.NetworkFirewall.Types.Firewall+import Amazonka.NetworkFirewall.Types.FirewallMetadata+import Amazonka.NetworkFirewall.Types.FirewallPolicy+import Amazonka.NetworkFirewall.Types.FirewallPolicyMetadata+import Amazonka.NetworkFirewall.Types.FirewallPolicyResponse+import Amazonka.NetworkFirewall.Types.FirewallStatus+import Amazonka.NetworkFirewall.Types.Header+import Amazonka.NetworkFirewall.Types.IPSet+import Amazonka.NetworkFirewall.Types.IPSetMetadata+import Amazonka.NetworkFirewall.Types.IPSetReference+import Amazonka.NetworkFirewall.Types.LogDestinationConfig+import Amazonka.NetworkFirewall.Types.LoggingConfiguration+import Amazonka.NetworkFirewall.Types.MatchAttributes+import Amazonka.NetworkFirewall.Types.PerObjectStatus+import Amazonka.NetworkFirewall.Types.PortRange+import Amazonka.NetworkFirewall.Types.PortSet+import Amazonka.NetworkFirewall.Types.PublishMetricAction+import Amazonka.NetworkFirewall.Types.ReferenceSets+import Amazonka.NetworkFirewall.Types.RuleDefinition+import Amazonka.NetworkFirewall.Types.RuleGroup+import Amazonka.NetworkFirewall.Types.RuleGroupMetadata+import Amazonka.NetworkFirewall.Types.RuleGroupResponse+import Amazonka.NetworkFirewall.Types.RuleOption+import Amazonka.NetworkFirewall.Types.RuleVariables+import Amazonka.NetworkFirewall.Types.RulesSource+import Amazonka.NetworkFirewall.Types.RulesSourceList+import Amazonka.NetworkFirewall.Types.SourceMetadata+import Amazonka.NetworkFirewall.Types.StatefulEngineOptions+import Amazonka.NetworkFirewall.Types.StatefulRule+import Amazonka.NetworkFirewall.Types.StatefulRuleGroupOverride+import Amazonka.NetworkFirewall.Types.StatefulRuleGroupReference+import Amazonka.NetworkFirewall.Types.StatefulRuleOptions+import Amazonka.NetworkFirewall.Types.StatelessRule+import Amazonka.NetworkFirewall.Types.StatelessRuleGroupReference+import Amazonka.NetworkFirewall.Types.StatelessRulesAndCustomActions+import Amazonka.NetworkFirewall.Types.SubnetMapping+import Amazonka.NetworkFirewall.Types.SyncState+import Amazonka.NetworkFirewall.Types.TCPFlagField+import Amazonka.NetworkFirewall.Types.Tag+import Amazonka.NetworkFirewall.UntagResource+import Amazonka.NetworkFirewall.UpdateFirewallDeleteProtection+import Amazonka.NetworkFirewall.UpdateFirewallDescription+import Amazonka.NetworkFirewall.UpdateFirewallEncryptionConfiguration+import Amazonka.NetworkFirewall.UpdateFirewallPolicy+import Amazonka.NetworkFirewall.UpdateFirewallPolicyChangeProtection+import Amazonka.NetworkFirewall.UpdateLoggingConfiguration+import Amazonka.NetworkFirewall.UpdateRuleGroup+import Amazonka.NetworkFirewall.UpdateSubnetChangeProtection
+ gen/Amazonka/NetworkFirewall/ListFirewallPolicies.hs view
@@ -0,0 +1,264 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.ListFirewallPolicies+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Retrieves the metadata for the firewall policies that you have defined.+-- Depending on your setting for max results and the number of firewall+-- policies, a single call might not return the full list.+--+-- This operation returns paginated results.+module Amazonka.NetworkFirewall.ListFirewallPolicies+  ( -- * Creating a Request+    ListFirewallPolicies (..),+    newListFirewallPolicies,++    -- * Request Lenses+    listFirewallPolicies_maxResults,+    listFirewallPolicies_nextToken,++    -- * Destructuring the Response+    ListFirewallPoliciesResponse (..),+    newListFirewallPoliciesResponse,++    -- * Response Lenses+    listFirewallPoliciesResponse_firewallPolicies,+    listFirewallPoliciesResponse_nextToken,+    listFirewallPoliciesResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newListFirewallPolicies' smart constructor.+data ListFirewallPolicies = ListFirewallPolicies'+  { -- | The maximum number of objects that you want Network Firewall to return+    -- for this request. If more objects are available, in the response,+    -- Network Firewall provides a @NextToken@ value that you can use in a+    -- subsequent call to get the next batch of objects.+    maxResults :: Prelude.Maybe Prelude.Natural,+    -- | When you request a list of objects with a @MaxResults@ setting, if the+    -- number of objects that are still available for retrieval exceeds the+    -- maximum you requested, Network Firewall returns a @NextToken@ value in+    -- the response. To retrieve the next batch of objects, use the token+    -- returned from the prior request in your next request.+    nextToken :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListFirewallPolicies' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'maxResults', 'listFirewallPolicies_maxResults' - The maximum number of objects that you want Network Firewall to return+-- for this request. If more objects are available, in the response,+-- Network Firewall provides a @NextToken@ value that you can use in a+-- subsequent call to get the next batch of objects.+--+-- 'nextToken', 'listFirewallPolicies_nextToken' - When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+newListFirewallPolicies ::+  ListFirewallPolicies+newListFirewallPolicies =+  ListFirewallPolicies'+    { maxResults = Prelude.Nothing,+      nextToken = Prelude.Nothing+    }++-- | The maximum number of objects that you want Network Firewall to return+-- for this request. If more objects are available, in the response,+-- Network Firewall provides a @NextToken@ value that you can use in a+-- subsequent call to get the next batch of objects.+listFirewallPolicies_maxResults :: Lens.Lens' ListFirewallPolicies (Prelude.Maybe Prelude.Natural)+listFirewallPolicies_maxResults = Lens.lens (\ListFirewallPolicies' {maxResults} -> maxResults) (\s@ListFirewallPolicies' {} a -> s {maxResults = a} :: ListFirewallPolicies)++-- | When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+listFirewallPolicies_nextToken :: Lens.Lens' ListFirewallPolicies (Prelude.Maybe Prelude.Text)+listFirewallPolicies_nextToken = Lens.lens (\ListFirewallPolicies' {nextToken} -> nextToken) (\s@ListFirewallPolicies' {} a -> s {nextToken = a} :: ListFirewallPolicies)++instance Core.AWSPager ListFirewallPolicies where+  page rq rs+    | Core.stop+        ( rs+            Lens.^? listFirewallPoliciesResponse_nextToken+            Prelude.. Lens._Just+        ) =+        Prelude.Nothing+    | Core.stop+        ( rs+            Lens.^? listFirewallPoliciesResponse_firewallPolicies+            Prelude.. Lens._Just+        ) =+        Prelude.Nothing+    | Prelude.otherwise =+        Prelude.Just+          Prelude.$ rq+          Prelude.& listFirewallPolicies_nextToken+          Lens..~ rs+          Lens.^? listFirewallPoliciesResponse_nextToken+          Prelude.. Lens._Just++instance Core.AWSRequest ListFirewallPolicies where+  type+    AWSResponse ListFirewallPolicies =+      ListFirewallPoliciesResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          ListFirewallPoliciesResponse'+            Prelude.<$> ( x+                            Data..?> "FirewallPolicies"+                            Core..!@ Prelude.mempty+                        )+            Prelude.<*> (x Data..?> "NextToken")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable ListFirewallPolicies where+  hashWithSalt _salt ListFirewallPolicies' {..} =+    _salt+      `Prelude.hashWithSalt` maxResults+      `Prelude.hashWithSalt` nextToken++instance Prelude.NFData ListFirewallPolicies where+  rnf ListFirewallPolicies' {..} =+    Prelude.rnf maxResults+      `Prelude.seq` Prelude.rnf nextToken++instance Data.ToHeaders ListFirewallPolicies where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.ListFirewallPolicies" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON ListFirewallPolicies where+  toJSON ListFirewallPolicies' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,+            ("NextToken" Data..=) Prelude.<$> nextToken+          ]+      )++instance Data.ToPath ListFirewallPolicies where+  toPath = Prelude.const "/"++instance Data.ToQuery ListFirewallPolicies where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newListFirewallPoliciesResponse' smart constructor.+data ListFirewallPoliciesResponse = ListFirewallPoliciesResponse'+  { -- | The metadata for the firewall policies. Depending on your setting for+    -- max results and the number of firewall policies that you have, this+    -- might not be the full list.+    firewallPolicies :: Prelude.Maybe [FirewallPolicyMetadata],+    -- | When you request a list of objects with a @MaxResults@ setting, if the+    -- number of objects that are still available for retrieval exceeds the+    -- maximum you requested, Network Firewall returns a @NextToken@ value in+    -- the response. To retrieve the next batch of objects, use the token+    -- returned from the prior request in your next request.+    nextToken :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListFirewallPoliciesResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallPolicies', 'listFirewallPoliciesResponse_firewallPolicies' - The metadata for the firewall policies. Depending on your setting for+-- max results and the number of firewall policies that you have, this+-- might not be the full list.+--+-- 'nextToken', 'listFirewallPoliciesResponse_nextToken' - When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+--+-- 'httpStatus', 'listFirewallPoliciesResponse_httpStatus' - The response's http status code.+newListFirewallPoliciesResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  ListFirewallPoliciesResponse+newListFirewallPoliciesResponse pHttpStatus_ =+  ListFirewallPoliciesResponse'+    { firewallPolicies =+        Prelude.Nothing,+      nextToken = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | The metadata for the firewall policies. Depending on your setting for+-- max results and the number of firewall policies that you have, this+-- might not be the full list.+listFirewallPoliciesResponse_firewallPolicies :: Lens.Lens' ListFirewallPoliciesResponse (Prelude.Maybe [FirewallPolicyMetadata])+listFirewallPoliciesResponse_firewallPolicies = Lens.lens (\ListFirewallPoliciesResponse' {firewallPolicies} -> firewallPolicies) (\s@ListFirewallPoliciesResponse' {} a -> s {firewallPolicies = a} :: ListFirewallPoliciesResponse) Prelude.. Lens.mapping Lens.coerced++-- | When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+listFirewallPoliciesResponse_nextToken :: Lens.Lens' ListFirewallPoliciesResponse (Prelude.Maybe Prelude.Text)+listFirewallPoliciesResponse_nextToken = Lens.lens (\ListFirewallPoliciesResponse' {nextToken} -> nextToken) (\s@ListFirewallPoliciesResponse' {} a -> s {nextToken = a} :: ListFirewallPoliciesResponse)++-- | The response's http status code.+listFirewallPoliciesResponse_httpStatus :: Lens.Lens' ListFirewallPoliciesResponse Prelude.Int+listFirewallPoliciesResponse_httpStatus = Lens.lens (\ListFirewallPoliciesResponse' {httpStatus} -> httpStatus) (\s@ListFirewallPoliciesResponse' {} a -> s {httpStatus = a} :: ListFirewallPoliciesResponse)++instance Prelude.NFData ListFirewallPoliciesResponse where+  rnf ListFirewallPoliciesResponse' {..} =+    Prelude.rnf firewallPolicies+      `Prelude.seq` Prelude.rnf nextToken+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/ListFirewalls.hs view
@@ -0,0 +1,282 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.ListFirewalls+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Retrieves the metadata for the firewalls that you have defined. If you+-- provide VPC identifiers in your request, this returns only the firewalls+-- for those VPCs.+--+-- Depending on your setting for max results and the number of firewalls, a+-- single call might not return the full list.+--+-- This operation returns paginated results.+module Amazonka.NetworkFirewall.ListFirewalls+  ( -- * Creating a Request+    ListFirewalls (..),+    newListFirewalls,++    -- * Request Lenses+    listFirewalls_maxResults,+    listFirewalls_nextToken,+    listFirewalls_vpcIds,++    -- * Destructuring the Response+    ListFirewallsResponse (..),+    newListFirewallsResponse,++    -- * Response Lenses+    listFirewallsResponse_firewalls,+    listFirewallsResponse_nextToken,+    listFirewallsResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newListFirewalls' smart constructor.+data ListFirewalls = ListFirewalls'+  { -- | The maximum number of objects that you want Network Firewall to return+    -- for this request. If more objects are available, in the response,+    -- Network Firewall provides a @NextToken@ value that you can use in a+    -- subsequent call to get the next batch of objects.+    maxResults :: Prelude.Maybe Prelude.Natural,+    -- | When you request a list of objects with a @MaxResults@ setting, if the+    -- number of objects that are still available for retrieval exceeds the+    -- maximum you requested, Network Firewall returns a @NextToken@ value in+    -- the response. To retrieve the next batch of objects, use the token+    -- returned from the prior request in your next request.+    nextToken :: Prelude.Maybe Prelude.Text,+    -- | The unique identifiers of the VPCs that you want Network Firewall to+    -- retrieve the firewalls for. Leave this blank to retrieve all firewalls+    -- that you have defined.+    vpcIds :: Prelude.Maybe [Prelude.Text]+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListFirewalls' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'maxResults', 'listFirewalls_maxResults' - The maximum number of objects that you want Network Firewall to return+-- for this request. If more objects are available, in the response,+-- Network Firewall provides a @NextToken@ value that you can use in a+-- subsequent call to get the next batch of objects.+--+-- 'nextToken', 'listFirewalls_nextToken' - When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+--+-- 'vpcIds', 'listFirewalls_vpcIds' - The unique identifiers of the VPCs that you want Network Firewall to+-- retrieve the firewalls for. Leave this blank to retrieve all firewalls+-- that you have defined.+newListFirewalls ::+  ListFirewalls+newListFirewalls =+  ListFirewalls'+    { maxResults = Prelude.Nothing,+      nextToken = Prelude.Nothing,+      vpcIds = Prelude.Nothing+    }++-- | The maximum number of objects that you want Network Firewall to return+-- for this request. If more objects are available, in the response,+-- Network Firewall provides a @NextToken@ value that you can use in a+-- subsequent call to get the next batch of objects.+listFirewalls_maxResults :: Lens.Lens' ListFirewalls (Prelude.Maybe Prelude.Natural)+listFirewalls_maxResults = Lens.lens (\ListFirewalls' {maxResults} -> maxResults) (\s@ListFirewalls' {} a -> s {maxResults = a} :: ListFirewalls)++-- | When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+listFirewalls_nextToken :: Lens.Lens' ListFirewalls (Prelude.Maybe Prelude.Text)+listFirewalls_nextToken = Lens.lens (\ListFirewalls' {nextToken} -> nextToken) (\s@ListFirewalls' {} a -> s {nextToken = a} :: ListFirewalls)++-- | The unique identifiers of the VPCs that you want Network Firewall to+-- retrieve the firewalls for. Leave this blank to retrieve all firewalls+-- that you have defined.+listFirewalls_vpcIds :: Lens.Lens' ListFirewalls (Prelude.Maybe [Prelude.Text])+listFirewalls_vpcIds = Lens.lens (\ListFirewalls' {vpcIds} -> vpcIds) (\s@ListFirewalls' {} a -> s {vpcIds = a} :: ListFirewalls) Prelude.. Lens.mapping Lens.coerced++instance Core.AWSPager ListFirewalls where+  page rq rs+    | Core.stop+        ( rs+            Lens.^? listFirewallsResponse_nextToken+            Prelude.. Lens._Just+        ) =+        Prelude.Nothing+    | Core.stop+        ( rs+            Lens.^? listFirewallsResponse_firewalls+            Prelude.. Lens._Just+        ) =+        Prelude.Nothing+    | Prelude.otherwise =+        Prelude.Just+          Prelude.$ rq+          Prelude.& listFirewalls_nextToken+          Lens..~ rs+          Lens.^? listFirewallsResponse_nextToken+          Prelude.. Lens._Just++instance Core.AWSRequest ListFirewalls where+  type+    AWSResponse ListFirewalls =+      ListFirewallsResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          ListFirewallsResponse'+            Prelude.<$> (x Data..?> "Firewalls" Core..!@ Prelude.mempty)+            Prelude.<*> (x Data..?> "NextToken")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable ListFirewalls where+  hashWithSalt _salt ListFirewalls' {..} =+    _salt+      `Prelude.hashWithSalt` maxResults+      `Prelude.hashWithSalt` nextToken+      `Prelude.hashWithSalt` vpcIds++instance Prelude.NFData ListFirewalls where+  rnf ListFirewalls' {..} =+    Prelude.rnf maxResults+      `Prelude.seq` Prelude.rnf nextToken+      `Prelude.seq` Prelude.rnf vpcIds++instance Data.ToHeaders ListFirewalls where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.ListFirewalls" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON ListFirewalls where+  toJSON ListFirewalls' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,+            ("NextToken" Data..=) Prelude.<$> nextToken,+            ("VpcIds" Data..=) Prelude.<$> vpcIds+          ]+      )++instance Data.ToPath ListFirewalls where+  toPath = Prelude.const "/"++instance Data.ToQuery ListFirewalls where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newListFirewallsResponse' smart constructor.+data ListFirewallsResponse = ListFirewallsResponse'+  { -- | The firewall metadata objects for the VPCs that you specified. Depending+    -- on your setting for max results and the number of firewalls you have, a+    -- single call might not be the full list.+    firewalls :: Prelude.Maybe [FirewallMetadata],+    -- | When you request a list of objects with a @MaxResults@ setting, if the+    -- number of objects that are still available for retrieval exceeds the+    -- maximum you requested, Network Firewall returns a @NextToken@ value in+    -- the response. To retrieve the next batch of objects, use the token+    -- returned from the prior request in your next request.+    nextToken :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListFirewallsResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewalls', 'listFirewallsResponse_firewalls' - The firewall metadata objects for the VPCs that you specified. Depending+-- on your setting for max results and the number of firewalls you have, a+-- single call might not be the full list.+--+-- 'nextToken', 'listFirewallsResponse_nextToken' - When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+--+-- 'httpStatus', 'listFirewallsResponse_httpStatus' - The response's http status code.+newListFirewallsResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  ListFirewallsResponse+newListFirewallsResponse pHttpStatus_ =+  ListFirewallsResponse'+    { firewalls = Prelude.Nothing,+      nextToken = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | The firewall metadata objects for the VPCs that you specified. Depending+-- on your setting for max results and the number of firewalls you have, a+-- single call might not be the full list.+listFirewallsResponse_firewalls :: Lens.Lens' ListFirewallsResponse (Prelude.Maybe [FirewallMetadata])+listFirewallsResponse_firewalls = Lens.lens (\ListFirewallsResponse' {firewalls} -> firewalls) (\s@ListFirewallsResponse' {} a -> s {firewalls = a} :: ListFirewallsResponse) Prelude.. Lens.mapping Lens.coerced++-- | When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+listFirewallsResponse_nextToken :: Lens.Lens' ListFirewallsResponse (Prelude.Maybe Prelude.Text)+listFirewallsResponse_nextToken = Lens.lens (\ListFirewallsResponse' {nextToken} -> nextToken) (\s@ListFirewallsResponse' {} a -> s {nextToken = a} :: ListFirewallsResponse)++-- | The response's http status code.+listFirewallsResponse_httpStatus :: Lens.Lens' ListFirewallsResponse Prelude.Int+listFirewallsResponse_httpStatus = Lens.lens (\ListFirewallsResponse' {httpStatus} -> httpStatus) (\s@ListFirewallsResponse' {} a -> s {httpStatus = a} :: ListFirewallsResponse)++instance Prelude.NFData ListFirewallsResponse where+  rnf ListFirewallsResponse' {..} =+    Prelude.rnf firewalls+      `Prelude.seq` Prelude.rnf nextToken+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/ListRuleGroups.hs view
@@ -0,0 +1,315 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.ListRuleGroups+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Retrieves the metadata for the rule groups that you have defined.+-- Depending on your setting for max results and the number of rule groups,+-- a single call might not return the full list.+--+-- This operation returns paginated results.+module Amazonka.NetworkFirewall.ListRuleGroups+  ( -- * Creating a Request+    ListRuleGroups (..),+    newListRuleGroups,++    -- * Request Lenses+    listRuleGroups_managedType,+    listRuleGroups_maxResults,+    listRuleGroups_nextToken,+    listRuleGroups_scope,+    listRuleGroups_type,++    -- * Destructuring the Response+    ListRuleGroupsResponse (..),+    newListRuleGroupsResponse,++    -- * Response Lenses+    listRuleGroupsResponse_nextToken,+    listRuleGroupsResponse_ruleGroups,+    listRuleGroupsResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newListRuleGroups' smart constructor.+data ListRuleGroups = ListRuleGroups'+  { -- | Indicates the general category of the Amazon Web Services managed rule+    -- group.+    managedType :: Prelude.Maybe ResourceManagedType,+    -- | The maximum number of objects that you want Network Firewall to return+    -- for this request. If more objects are available, in the response,+    -- Network Firewall provides a @NextToken@ value that you can use in a+    -- subsequent call to get the next batch of objects.+    maxResults :: Prelude.Maybe Prelude.Natural,+    -- | When you request a list of objects with a @MaxResults@ setting, if the+    -- number of objects that are still available for retrieval exceeds the+    -- maximum you requested, Network Firewall returns a @NextToken@ value in+    -- the response. To retrieve the next batch of objects, use the token+    -- returned from the prior request in your next request.+    nextToken :: Prelude.Maybe Prelude.Text,+    -- | The scope of the request. The default setting of @ACCOUNT@ or a setting+    -- of @NULL@ returns all of the rule groups in your account. A setting of+    -- @MANAGED@ returns all available managed rule groups.+    scope :: Prelude.Maybe ResourceManagedStatus,+    -- | Indicates whether the rule group is stateless or stateful. If the rule+    -- group is stateless, it contains stateless rules. If it is stateful, it+    -- contains stateful rules.+    type' :: Prelude.Maybe RuleGroupType+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListRuleGroups' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'managedType', 'listRuleGroups_managedType' - Indicates the general category of the Amazon Web Services managed rule+-- group.+--+-- 'maxResults', 'listRuleGroups_maxResults' - The maximum number of objects that you want Network Firewall to return+-- for this request. If more objects are available, in the response,+-- Network Firewall provides a @NextToken@ value that you can use in a+-- subsequent call to get the next batch of objects.+--+-- 'nextToken', 'listRuleGroups_nextToken' - When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+--+-- 'scope', 'listRuleGroups_scope' - The scope of the request. The default setting of @ACCOUNT@ or a setting+-- of @NULL@ returns all of the rule groups in your account. A setting of+-- @MANAGED@ returns all available managed rule groups.+--+-- 'type'', 'listRuleGroups_type' - Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+newListRuleGroups ::+  ListRuleGroups+newListRuleGroups =+  ListRuleGroups'+    { managedType = Prelude.Nothing,+      maxResults = Prelude.Nothing,+      nextToken = Prelude.Nothing,+      scope = Prelude.Nothing,+      type' = Prelude.Nothing+    }++-- | Indicates the general category of the Amazon Web Services managed rule+-- group.+listRuleGroups_managedType :: Lens.Lens' ListRuleGroups (Prelude.Maybe ResourceManagedType)+listRuleGroups_managedType = Lens.lens (\ListRuleGroups' {managedType} -> managedType) (\s@ListRuleGroups' {} a -> s {managedType = a} :: ListRuleGroups)++-- | The maximum number of objects that you want Network Firewall to return+-- for this request. If more objects are available, in the response,+-- Network Firewall provides a @NextToken@ value that you can use in a+-- subsequent call to get the next batch of objects.+listRuleGroups_maxResults :: Lens.Lens' ListRuleGroups (Prelude.Maybe Prelude.Natural)+listRuleGroups_maxResults = Lens.lens (\ListRuleGroups' {maxResults} -> maxResults) (\s@ListRuleGroups' {} a -> s {maxResults = a} :: ListRuleGroups)++-- | When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+listRuleGroups_nextToken :: Lens.Lens' ListRuleGroups (Prelude.Maybe Prelude.Text)+listRuleGroups_nextToken = Lens.lens (\ListRuleGroups' {nextToken} -> nextToken) (\s@ListRuleGroups' {} a -> s {nextToken = a} :: ListRuleGroups)++-- | The scope of the request. The default setting of @ACCOUNT@ or a setting+-- of @NULL@ returns all of the rule groups in your account. A setting of+-- @MANAGED@ returns all available managed rule groups.+listRuleGroups_scope :: Lens.Lens' ListRuleGroups (Prelude.Maybe ResourceManagedStatus)+listRuleGroups_scope = Lens.lens (\ListRuleGroups' {scope} -> scope) (\s@ListRuleGroups' {} a -> s {scope = a} :: ListRuleGroups)++-- | Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+listRuleGroups_type :: Lens.Lens' ListRuleGroups (Prelude.Maybe RuleGroupType)+listRuleGroups_type = Lens.lens (\ListRuleGroups' {type'} -> type') (\s@ListRuleGroups' {} a -> s {type' = a} :: ListRuleGroups)++instance Core.AWSPager ListRuleGroups where+  page rq rs+    | Core.stop+        ( rs+            Lens.^? listRuleGroupsResponse_nextToken+            Prelude.. Lens._Just+        ) =+        Prelude.Nothing+    | Core.stop+        ( rs+            Lens.^? listRuleGroupsResponse_ruleGroups+            Prelude.. Lens._Just+        ) =+        Prelude.Nothing+    | Prelude.otherwise =+        Prelude.Just+          Prelude.$ rq+          Prelude.& listRuleGroups_nextToken+          Lens..~ rs+          Lens.^? listRuleGroupsResponse_nextToken+          Prelude.. Lens._Just++instance Core.AWSRequest ListRuleGroups where+  type+    AWSResponse ListRuleGroups =+      ListRuleGroupsResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          ListRuleGroupsResponse'+            Prelude.<$> (x Data..?> "NextToken")+            Prelude.<*> (x Data..?> "RuleGroups" Core..!@ Prelude.mempty)+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable ListRuleGroups where+  hashWithSalt _salt ListRuleGroups' {..} =+    _salt+      `Prelude.hashWithSalt` managedType+      `Prelude.hashWithSalt` maxResults+      `Prelude.hashWithSalt` nextToken+      `Prelude.hashWithSalt` scope+      `Prelude.hashWithSalt` type'++instance Prelude.NFData ListRuleGroups where+  rnf ListRuleGroups' {..} =+    Prelude.rnf managedType+      `Prelude.seq` Prelude.rnf maxResults+      `Prelude.seq` Prelude.rnf nextToken+      `Prelude.seq` Prelude.rnf scope+      `Prelude.seq` Prelude.rnf type'++instance Data.ToHeaders ListRuleGroups where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.ListRuleGroups" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON ListRuleGroups where+  toJSON ListRuleGroups' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("ManagedType" Data..=) Prelude.<$> managedType,+            ("MaxResults" Data..=) Prelude.<$> maxResults,+            ("NextToken" Data..=) Prelude.<$> nextToken,+            ("Scope" Data..=) Prelude.<$> scope,+            ("Type" Data..=) Prelude.<$> type'+          ]+      )++instance Data.ToPath ListRuleGroups where+  toPath = Prelude.const "/"++instance Data.ToQuery ListRuleGroups where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newListRuleGroupsResponse' smart constructor.+data ListRuleGroupsResponse = ListRuleGroupsResponse'+  { -- | When you request a list of objects with a @MaxResults@ setting, if the+    -- number of objects that are still available for retrieval exceeds the+    -- maximum you requested, Network Firewall returns a @NextToken@ value in+    -- the response. To retrieve the next batch of objects, use the token+    -- returned from the prior request in your next request.+    nextToken :: Prelude.Maybe Prelude.Text,+    -- | The rule group metadata objects that you\'ve defined. Depending on your+    -- setting for max results and the number of rule groups, this might not be+    -- the full list.+    ruleGroups :: Prelude.Maybe [RuleGroupMetadata],+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListRuleGroupsResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'nextToken', 'listRuleGroupsResponse_nextToken' - When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+--+-- 'ruleGroups', 'listRuleGroupsResponse_ruleGroups' - The rule group metadata objects that you\'ve defined. Depending on your+-- setting for max results and the number of rule groups, this might not be+-- the full list.+--+-- 'httpStatus', 'listRuleGroupsResponse_httpStatus' - The response's http status code.+newListRuleGroupsResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  ListRuleGroupsResponse+newListRuleGroupsResponse pHttpStatus_ =+  ListRuleGroupsResponse'+    { nextToken =+        Prelude.Nothing,+      ruleGroups = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+listRuleGroupsResponse_nextToken :: Lens.Lens' ListRuleGroupsResponse (Prelude.Maybe Prelude.Text)+listRuleGroupsResponse_nextToken = Lens.lens (\ListRuleGroupsResponse' {nextToken} -> nextToken) (\s@ListRuleGroupsResponse' {} a -> s {nextToken = a} :: ListRuleGroupsResponse)++-- | The rule group metadata objects that you\'ve defined. Depending on your+-- setting for max results and the number of rule groups, this might not be+-- the full list.+listRuleGroupsResponse_ruleGroups :: Lens.Lens' ListRuleGroupsResponse (Prelude.Maybe [RuleGroupMetadata])+listRuleGroupsResponse_ruleGroups = Lens.lens (\ListRuleGroupsResponse' {ruleGroups} -> ruleGroups) (\s@ListRuleGroupsResponse' {} a -> s {ruleGroups = a} :: ListRuleGroupsResponse) Prelude.. Lens.mapping Lens.coerced++-- | The response's http status code.+listRuleGroupsResponse_httpStatus :: Lens.Lens' ListRuleGroupsResponse Prelude.Int+listRuleGroupsResponse_httpStatus = Lens.lens (\ListRuleGroupsResponse' {httpStatus} -> httpStatus) (\s@ListRuleGroupsResponse' {} a -> s {httpStatus = a} :: ListRuleGroupsResponse)++instance Prelude.NFData ListRuleGroupsResponse where+  rnf ListRuleGroupsResponse' {..} =+    Prelude.rnf nextToken+      `Prelude.seq` Prelude.rnf ruleGroups+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/ListTagsForResource.hs view
@@ -0,0 +1,277 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.ListTagsForResource+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Retrieves the tags associated with the specified resource. Tags are+-- key:value pairs that you can use to categorize and manage your+-- resources, for purposes like billing. For example, you might set the tag+-- key to \"customer\" and the value to the customer name or ID. You can+-- specify one or more tags to add to each Amazon Web Services resource, up+-- to 50 tags for a resource.+--+-- You can tag the Amazon Web Services resources that you manage through+-- Network Firewall: firewalls, firewall policies, and rule groups.+--+-- This operation returns paginated results.+module Amazonka.NetworkFirewall.ListTagsForResource+  ( -- * Creating a Request+    ListTagsForResource (..),+    newListTagsForResource,++    -- * Request Lenses+    listTagsForResource_maxResults,+    listTagsForResource_nextToken,+    listTagsForResource_resourceArn,++    -- * Destructuring the Response+    ListTagsForResourceResponse (..),+    newListTagsForResourceResponse,++    -- * Response Lenses+    listTagsForResourceResponse_nextToken,+    listTagsForResourceResponse_tags,+    listTagsForResourceResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newListTagsForResource' smart constructor.+data ListTagsForResource = ListTagsForResource'+  { -- | The maximum number of objects that you want Network Firewall to return+    -- for this request. If more objects are available, in the response,+    -- Network Firewall provides a @NextToken@ value that you can use in a+    -- subsequent call to get the next batch of objects.+    maxResults :: Prelude.Maybe Prelude.Natural,+    -- | When you request a list of objects with a @MaxResults@ setting, if the+    -- number of objects that are still available for retrieval exceeds the+    -- maximum you requested, Network Firewall returns a @NextToken@ value in+    -- the response. To retrieve the next batch of objects, use the token+    -- returned from the prior request in your next request.+    nextToken :: Prelude.Maybe Prelude.Text,+    -- | The Amazon Resource Name (ARN) of the resource.+    resourceArn :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListTagsForResource' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'maxResults', 'listTagsForResource_maxResults' - The maximum number of objects that you want Network Firewall to return+-- for this request. If more objects are available, in the response,+-- Network Firewall provides a @NextToken@ value that you can use in a+-- subsequent call to get the next batch of objects.+--+-- 'nextToken', 'listTagsForResource_nextToken' - When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+--+-- 'resourceArn', 'listTagsForResource_resourceArn' - The Amazon Resource Name (ARN) of the resource.+newListTagsForResource ::+  -- | 'resourceArn'+  Prelude.Text ->+  ListTagsForResource+newListTagsForResource pResourceArn_ =+  ListTagsForResource'+    { maxResults = Prelude.Nothing,+      nextToken = Prelude.Nothing,+      resourceArn = pResourceArn_+    }++-- | The maximum number of objects that you want Network Firewall to return+-- for this request. If more objects are available, in the response,+-- Network Firewall provides a @NextToken@ value that you can use in a+-- subsequent call to get the next batch of objects.+listTagsForResource_maxResults :: Lens.Lens' ListTagsForResource (Prelude.Maybe Prelude.Natural)+listTagsForResource_maxResults = Lens.lens (\ListTagsForResource' {maxResults} -> maxResults) (\s@ListTagsForResource' {} a -> s {maxResults = a} :: ListTagsForResource)++-- | When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+listTagsForResource_nextToken :: Lens.Lens' ListTagsForResource (Prelude.Maybe Prelude.Text)+listTagsForResource_nextToken = Lens.lens (\ListTagsForResource' {nextToken} -> nextToken) (\s@ListTagsForResource' {} a -> s {nextToken = a} :: ListTagsForResource)++-- | The Amazon Resource Name (ARN) of the resource.+listTagsForResource_resourceArn :: Lens.Lens' ListTagsForResource Prelude.Text+listTagsForResource_resourceArn = Lens.lens (\ListTagsForResource' {resourceArn} -> resourceArn) (\s@ListTagsForResource' {} a -> s {resourceArn = a} :: ListTagsForResource)++instance Core.AWSPager ListTagsForResource where+  page rq rs+    | Core.stop+        ( rs+            Lens.^? listTagsForResourceResponse_nextToken+            Prelude.. Lens._Just+        ) =+        Prelude.Nothing+    | Core.stop+        ( rs+            Lens.^? listTagsForResourceResponse_tags+            Prelude.. Lens._Just+            Prelude.. Lens.to Prelude.toList+        ) =+        Prelude.Nothing+    | Prelude.otherwise =+        Prelude.Just+          Prelude.$ rq+          Prelude.& listTagsForResource_nextToken+          Lens..~ rs+          Lens.^? listTagsForResourceResponse_nextToken+          Prelude.. Lens._Just++instance Core.AWSRequest ListTagsForResource where+  type+    AWSResponse ListTagsForResource =+      ListTagsForResourceResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          ListTagsForResourceResponse'+            Prelude.<$> (x Data..?> "NextToken")+            Prelude.<*> (x Data..?> "Tags")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable ListTagsForResource where+  hashWithSalt _salt ListTagsForResource' {..} =+    _salt+      `Prelude.hashWithSalt` maxResults+      `Prelude.hashWithSalt` nextToken+      `Prelude.hashWithSalt` resourceArn++instance Prelude.NFData ListTagsForResource where+  rnf ListTagsForResource' {..} =+    Prelude.rnf maxResults+      `Prelude.seq` Prelude.rnf nextToken+      `Prelude.seq` Prelude.rnf resourceArn++instance Data.ToHeaders ListTagsForResource where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.ListTagsForResource" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON ListTagsForResource where+  toJSON ListTagsForResource' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("MaxResults" Data..=) Prelude.<$> maxResults,+            ("NextToken" Data..=) Prelude.<$> nextToken,+            Prelude.Just ("ResourceArn" Data..= resourceArn)+          ]+      )++instance Data.ToPath ListTagsForResource where+  toPath = Prelude.const "/"++instance Data.ToQuery ListTagsForResource where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newListTagsForResourceResponse' smart constructor.+data ListTagsForResourceResponse = ListTagsForResourceResponse'+  { -- | When you request a list of objects with a @MaxResults@ setting, if the+    -- number of objects that are still available for retrieval exceeds the+    -- maximum you requested, Network Firewall returns a @NextToken@ value in+    -- the response. To retrieve the next batch of objects, use the token+    -- returned from the prior request in your next request.+    nextToken :: Prelude.Maybe Prelude.Text,+    -- | The tags that are associated with the resource.+    tags :: Prelude.Maybe (Prelude.NonEmpty Tag),+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListTagsForResourceResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'nextToken', 'listTagsForResourceResponse_nextToken' - When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+--+-- 'tags', 'listTagsForResourceResponse_tags' - The tags that are associated with the resource.+--+-- 'httpStatus', 'listTagsForResourceResponse_httpStatus' - The response's http status code.+newListTagsForResourceResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  ListTagsForResourceResponse+newListTagsForResourceResponse pHttpStatus_ =+  ListTagsForResourceResponse'+    { nextToken =+        Prelude.Nothing,+      tags = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | When you request a list of objects with a @MaxResults@ setting, if the+-- number of objects that are still available for retrieval exceeds the+-- maximum you requested, Network Firewall returns a @NextToken@ value in+-- the response. To retrieve the next batch of objects, use the token+-- returned from the prior request in your next request.+listTagsForResourceResponse_nextToken :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe Prelude.Text)+listTagsForResourceResponse_nextToken = Lens.lens (\ListTagsForResourceResponse' {nextToken} -> nextToken) (\s@ListTagsForResourceResponse' {} a -> s {nextToken = a} :: ListTagsForResourceResponse)++-- | The tags that are associated with the resource.+listTagsForResourceResponse_tags :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe (Prelude.NonEmpty Tag))+listTagsForResourceResponse_tags = Lens.lens (\ListTagsForResourceResponse' {tags} -> tags) (\s@ListTagsForResourceResponse' {} a -> s {tags = a} :: ListTagsForResourceResponse) Prelude.. Lens.mapping Lens.coerced++-- | The response's http status code.+listTagsForResourceResponse_httpStatus :: Lens.Lens' ListTagsForResourceResponse Prelude.Int+listTagsForResourceResponse_httpStatus = Lens.lens (\ListTagsForResourceResponse' {httpStatus} -> httpStatus) (\s@ListTagsForResourceResponse' {} a -> s {httpStatus = a} :: ListTagsForResourceResponse)++instance Prelude.NFData ListTagsForResourceResponse where+  rnf ListTagsForResourceResponse' {..} =+    Prelude.rnf nextToken+      `Prelude.seq` Prelude.rnf tags+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/PutResourcePolicy.hs view
@@ -0,0 +1,280 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.PutResourcePolicy+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Creates or updates an IAM policy for your rule group or firewall policy.+-- Use this to share rule groups and firewall policies between accounts.+-- This operation works in conjunction with the Amazon Web Services+-- Resource Access Manager (RAM) service to manage resource sharing for+-- Network Firewall.+--+-- Use this operation to create or update a resource policy for your rule+-- group or firewall policy. In the policy, you specify the accounts that+-- you want to share the resource with and the operations that you want the+-- accounts to be able to perform.+--+-- When you add an account in the resource policy, you then run the+-- following Resource Access Manager (RAM) operations to access and accept+-- the shared rule group or firewall policy.+--+-- -   <https://docs.aws.amazon.com/ram/latest/APIReference/API_GetResourceShareInvitations.html GetResourceShareInvitations>+--     - Returns the Amazon Resource Names (ARNs) of the resource share+--     invitations.+--+-- -   <https://docs.aws.amazon.com/ram/latest/APIReference/API_AcceptResourceShareInvitation.html AcceptResourceShareInvitation>+--     - Accepts the share invitation for a specified resource share.+--+-- For additional information about resource sharing using RAM, see+-- <https://docs.aws.amazon.com/ram/latest/userguide/what-is.html Resource Access Manager User Guide>.+module Amazonka.NetworkFirewall.PutResourcePolicy+  ( -- * Creating a Request+    PutResourcePolicy (..),+    newPutResourcePolicy,++    -- * Request Lenses+    putResourcePolicy_resourceArn,+    putResourcePolicy_policy,++    -- * Destructuring the Response+    PutResourcePolicyResponse (..),+    newPutResourcePolicyResponse,++    -- * Response Lenses+    putResourcePolicyResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newPutResourcePolicy' smart constructor.+data PutResourcePolicy = PutResourcePolicy'+  { -- | The Amazon Resource Name (ARN) of the account that you want to share+    -- rule groups and firewall policies with.+    resourceArn :: Prelude.Text,+    -- | The IAM policy statement that lists the accounts that you want to share+    -- your rule group or firewall policy with and the operations that you want+    -- the accounts to be able to perform.+    --+    -- For a rule group resource, you can specify the following operations in+    -- the Actions section of the statement:+    --+    -- -   network-firewall:CreateFirewallPolicy+    --+    -- -   network-firewall:UpdateFirewallPolicy+    --+    -- -   network-firewall:ListRuleGroups+    --+    -- For a firewall policy resource, you can specify the following operations+    -- in the Actions section of the statement:+    --+    -- -   network-firewall:CreateFirewall+    --+    -- -   network-firewall:UpdateFirewall+    --+    -- -   network-firewall:AssociateFirewallPolicy+    --+    -- -   network-firewall:ListFirewallPolicies+    --+    -- In the Resource section of the statement, you specify the ARNs for the+    -- rule groups and firewall policies that you want to share with the+    -- account that you specified in @Arn@.+    policy :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'PutResourcePolicy' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'resourceArn', 'putResourcePolicy_resourceArn' - The Amazon Resource Name (ARN) of the account that you want to share+-- rule groups and firewall policies with.+--+-- 'policy', 'putResourcePolicy_policy' - The IAM policy statement that lists the accounts that you want to share+-- your rule group or firewall policy with and the operations that you want+-- the accounts to be able to perform.+--+-- For a rule group resource, you can specify the following operations in+-- the Actions section of the statement:+--+-- -   network-firewall:CreateFirewallPolicy+--+-- -   network-firewall:UpdateFirewallPolicy+--+-- -   network-firewall:ListRuleGroups+--+-- For a firewall policy resource, you can specify the following operations+-- in the Actions section of the statement:+--+-- -   network-firewall:CreateFirewall+--+-- -   network-firewall:UpdateFirewall+--+-- -   network-firewall:AssociateFirewallPolicy+--+-- -   network-firewall:ListFirewallPolicies+--+-- In the Resource section of the statement, you specify the ARNs for the+-- rule groups and firewall policies that you want to share with the+-- account that you specified in @Arn@.+newPutResourcePolicy ::+  -- | 'resourceArn'+  Prelude.Text ->+  -- | 'policy'+  Prelude.Text ->+  PutResourcePolicy+newPutResourcePolicy pResourceArn_ pPolicy_ =+  PutResourcePolicy'+    { resourceArn = pResourceArn_,+      policy = pPolicy_+    }++-- | The Amazon Resource Name (ARN) of the account that you want to share+-- rule groups and firewall policies with.+putResourcePolicy_resourceArn :: Lens.Lens' PutResourcePolicy Prelude.Text+putResourcePolicy_resourceArn = Lens.lens (\PutResourcePolicy' {resourceArn} -> resourceArn) (\s@PutResourcePolicy' {} a -> s {resourceArn = a} :: PutResourcePolicy)++-- | The IAM policy statement that lists the accounts that you want to share+-- your rule group or firewall policy with and the operations that you want+-- the accounts to be able to perform.+--+-- For a rule group resource, you can specify the following operations in+-- the Actions section of the statement:+--+-- -   network-firewall:CreateFirewallPolicy+--+-- -   network-firewall:UpdateFirewallPolicy+--+-- -   network-firewall:ListRuleGroups+--+-- For a firewall policy resource, you can specify the following operations+-- in the Actions section of the statement:+--+-- -   network-firewall:CreateFirewall+--+-- -   network-firewall:UpdateFirewall+--+-- -   network-firewall:AssociateFirewallPolicy+--+-- -   network-firewall:ListFirewallPolicies+--+-- In the Resource section of the statement, you specify the ARNs for the+-- rule groups and firewall policies that you want to share with the+-- account that you specified in @Arn@.+putResourcePolicy_policy :: Lens.Lens' PutResourcePolicy Prelude.Text+putResourcePolicy_policy = Lens.lens (\PutResourcePolicy' {policy} -> policy) (\s@PutResourcePolicy' {} a -> s {policy = a} :: PutResourcePolicy)++instance Core.AWSRequest PutResourcePolicy where+  type+    AWSResponse PutResourcePolicy =+      PutResourcePolicyResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveEmpty+      ( \s h x ->+          PutResourcePolicyResponse'+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable PutResourcePolicy where+  hashWithSalt _salt PutResourcePolicy' {..} =+    _salt+      `Prelude.hashWithSalt` resourceArn+      `Prelude.hashWithSalt` policy++instance Prelude.NFData PutResourcePolicy where+  rnf PutResourcePolicy' {..} =+    Prelude.rnf resourceArn+      `Prelude.seq` Prelude.rnf policy++instance Data.ToHeaders PutResourcePolicy where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.PutResourcePolicy" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON PutResourcePolicy where+  toJSON PutResourcePolicy' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just ("ResourceArn" Data..= resourceArn),+            Prelude.Just ("Policy" Data..= policy)+          ]+      )++instance Data.ToPath PutResourcePolicy where+  toPath = Prelude.const "/"++instance Data.ToQuery PutResourcePolicy where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newPutResourcePolicyResponse' smart constructor.+data PutResourcePolicyResponse = PutResourcePolicyResponse'+  { -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'PutResourcePolicyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'putResourcePolicyResponse_httpStatus' - The response's http status code.+newPutResourcePolicyResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  PutResourcePolicyResponse+newPutResourcePolicyResponse pHttpStatus_ =+  PutResourcePolicyResponse'+    { httpStatus =+        pHttpStatus_+    }++-- | The response's http status code.+putResourcePolicyResponse_httpStatus :: Lens.Lens' PutResourcePolicyResponse Prelude.Int+putResourcePolicyResponse_httpStatus = Lens.lens (\PutResourcePolicyResponse' {httpStatus} -> httpStatus) (\s@PutResourcePolicyResponse' {} a -> s {httpStatus = a} :: PutResourcePolicyResponse)++instance Prelude.NFData PutResourcePolicyResponse where+  rnf PutResourcePolicyResponse' {..} =+    Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/TagResource.hs view
@@ -0,0 +1,176 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.TagResource+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Adds the specified tags to the specified resource. Tags are key:value+-- pairs that you can use to categorize and manage your resources, for+-- purposes like billing. For example, you might set the tag key to+-- \"customer\" and the value to the customer name or ID. You can specify+-- one or more tags to add to each Amazon Web Services resource, up to 50+-- tags for a resource.+--+-- You can tag the Amazon Web Services resources that you manage through+-- Network Firewall: firewalls, firewall policies, and rule groups.+module Amazonka.NetworkFirewall.TagResource+  ( -- * Creating a Request+    TagResource (..),+    newTagResource,++    -- * Request Lenses+    tagResource_resourceArn,+    tagResource_tags,++    -- * Destructuring the Response+    TagResourceResponse (..),+    newTagResourceResponse,++    -- * Response Lenses+    tagResourceResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newTagResource' smart constructor.+data TagResource = TagResource'+  { -- | The Amazon Resource Name (ARN) of the resource.+    resourceArn :: Prelude.Text,+    tags :: Prelude.NonEmpty Tag+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'TagResource' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'resourceArn', 'tagResource_resourceArn' - The Amazon Resource Name (ARN) of the resource.+--+-- 'tags', 'tagResource_tags' -+newTagResource ::+  -- | 'resourceArn'+  Prelude.Text ->+  -- | 'tags'+  Prelude.NonEmpty Tag ->+  TagResource+newTagResource pResourceArn_ pTags_ =+  TagResource'+    { resourceArn = pResourceArn_,+      tags = Lens.coerced Lens.# pTags_+    }++-- | The Amazon Resource Name (ARN) of the resource.+tagResource_resourceArn :: Lens.Lens' TagResource Prelude.Text+tagResource_resourceArn = Lens.lens (\TagResource' {resourceArn} -> resourceArn) (\s@TagResource' {} a -> s {resourceArn = a} :: TagResource)++tagResource_tags :: Lens.Lens' TagResource (Prelude.NonEmpty Tag)+tagResource_tags = Lens.lens (\TagResource' {tags} -> tags) (\s@TagResource' {} a -> s {tags = a} :: TagResource) Prelude.. Lens.coerced++instance Core.AWSRequest TagResource where+  type AWSResponse TagResource = TagResourceResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveEmpty+      ( \s h x ->+          TagResourceResponse'+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable TagResource where+  hashWithSalt _salt TagResource' {..} =+    _salt+      `Prelude.hashWithSalt` resourceArn+      `Prelude.hashWithSalt` tags++instance Prelude.NFData TagResource where+  rnf TagResource' {..} =+    Prelude.rnf resourceArn+      `Prelude.seq` Prelude.rnf tags++instance Data.ToHeaders TagResource where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.TagResource" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON TagResource where+  toJSON TagResource' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just ("ResourceArn" Data..= resourceArn),+            Prelude.Just ("Tags" Data..= tags)+          ]+      )++instance Data.ToPath TagResource where+  toPath = Prelude.const "/"++instance Data.ToQuery TagResource where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newTagResourceResponse' smart constructor.+data TagResourceResponse = TagResourceResponse'+  { -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'TagResourceResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'tagResourceResponse_httpStatus' - The response's http status code.+newTagResourceResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  TagResourceResponse+newTagResourceResponse pHttpStatus_ =+  TagResourceResponse' {httpStatus = pHttpStatus_}++-- | The response's http status code.+tagResourceResponse_httpStatus :: Lens.Lens' TagResourceResponse Prelude.Int+tagResourceResponse_httpStatus = Lens.lens (\TagResourceResponse' {httpStatus} -> httpStatus) (\s@TagResourceResponse' {} a -> s {httpStatus = a} :: TagResourceResponse)++instance Prelude.NFData TagResourceResponse where+  rnf TagResourceResponse' {..} = Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/Types.hs view
@@ -0,0 +1,658 @@+{-# LANGUAGE DisambiguateRecordFields #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types+  ( -- * Service Configuration+    defaultService,++    -- * Errors+    _InsufficientCapacityException,+    _InternalServerError,+    _InvalidOperationException,+    _InvalidRequestException,+    _InvalidResourcePolicyException,+    _InvalidTokenException,+    _LimitExceededException,+    _LogDestinationPermissionException,+    _ResourceNotFoundException,+    _ResourceOwnerCheckException,+    _ThrottlingException,+    _UnsupportedOperationException,++    -- * AttachmentStatus+    AttachmentStatus (..),++    -- * ConfigurationSyncState+    ConfigurationSyncState (..),++    -- * EncryptionType+    EncryptionType (..),++    -- * FirewallStatusValue+    FirewallStatusValue (..),++    -- * GeneratedRulesType+    GeneratedRulesType (..),++    -- * LogDestinationType+    LogDestinationType (..),++    -- * LogType+    LogType (..),++    -- * OverrideAction+    OverrideAction (..),++    -- * PerObjectSyncStatus+    PerObjectSyncStatus (..),++    -- * ResourceManagedStatus+    ResourceManagedStatus (..),++    -- * ResourceManagedType+    ResourceManagedType (..),++    -- * ResourceStatus+    ResourceStatus (..),++    -- * RuleGroupType+    RuleGroupType (..),++    -- * RuleOrder+    RuleOrder (..),++    -- * StatefulAction+    StatefulAction (..),++    -- * StatefulRuleDirection+    StatefulRuleDirection (..),++    -- * StatefulRuleProtocol+    StatefulRuleProtocol (..),++    -- * StreamExceptionPolicy+    StreamExceptionPolicy (..),++    -- * TCPFlag+    TCPFlag (..),++    -- * TargetType+    TargetType (..),++    -- * ActionDefinition+    ActionDefinition (..),+    newActionDefinition,+    actionDefinition_publishMetricAction,++    -- * Address+    Address (..),+    newAddress,+    address_addressDefinition,++    -- * Attachment+    Attachment (..),+    newAttachment,+    attachment_endpointId,+    attachment_status,+    attachment_statusMessage,+    attachment_subnetId,++    -- * CIDRSummary+    CIDRSummary (..),+    newCIDRSummary,+    cIDRSummary_availableCIDRCount,+    cIDRSummary_iPSetReferences,+    cIDRSummary_utilizedCIDRCount,++    -- * CapacityUsageSummary+    CapacityUsageSummary (..),+    newCapacityUsageSummary,+    capacityUsageSummary_cIDRs,++    -- * CustomAction+    CustomAction (..),+    newCustomAction,+    customAction_actionName,+    customAction_actionDefinition,++    -- * Dimension+    Dimension (..),+    newDimension,+    dimension_value,++    -- * EncryptionConfiguration+    EncryptionConfiguration (..),+    newEncryptionConfiguration,+    encryptionConfiguration_keyId,+    encryptionConfiguration_type,++    -- * Firewall+    Firewall (..),+    newFirewall,+    firewall_deleteProtection,+    firewall_description,+    firewall_encryptionConfiguration,+    firewall_firewallArn,+    firewall_firewallName,+    firewall_firewallPolicyChangeProtection,+    firewall_subnetChangeProtection,+    firewall_tags,+    firewall_firewallPolicyArn,+    firewall_vpcId,+    firewall_subnetMappings,+    firewall_firewallId,++    -- * FirewallMetadata+    FirewallMetadata (..),+    newFirewallMetadata,+    firewallMetadata_firewallArn,+    firewallMetadata_firewallName,++    -- * FirewallPolicy+    FirewallPolicy (..),+    newFirewallPolicy,+    firewallPolicy_statefulDefaultActions,+    firewallPolicy_statefulEngineOptions,+    firewallPolicy_statefulRuleGroupReferences,+    firewallPolicy_statelessCustomActions,+    firewallPolicy_statelessRuleGroupReferences,+    firewallPolicy_statelessDefaultActions,+    firewallPolicy_statelessFragmentDefaultActions,++    -- * FirewallPolicyMetadata+    FirewallPolicyMetadata (..),+    newFirewallPolicyMetadata,+    firewallPolicyMetadata_arn,+    firewallPolicyMetadata_name,++    -- * FirewallPolicyResponse+    FirewallPolicyResponse (..),+    newFirewallPolicyResponse,+    firewallPolicyResponse_consumedStatefulRuleCapacity,+    firewallPolicyResponse_consumedStatelessRuleCapacity,+    firewallPolicyResponse_description,+    firewallPolicyResponse_encryptionConfiguration,+    firewallPolicyResponse_firewallPolicyStatus,+    firewallPolicyResponse_lastModifiedTime,+    firewallPolicyResponse_numberOfAssociations,+    firewallPolicyResponse_tags,+    firewallPolicyResponse_firewallPolicyName,+    firewallPolicyResponse_firewallPolicyArn,+    firewallPolicyResponse_firewallPolicyId,++    -- * FirewallStatus+    FirewallStatus (..),+    newFirewallStatus,+    firewallStatus_capacityUsageSummary,+    firewallStatus_syncStates,+    firewallStatus_status,+    firewallStatus_configurationSyncStateSummary,++    -- * Header+    Header (..),+    newHeader,+    header_protocol,+    header_source,+    header_sourcePort,+    header_direction,+    header_destination,+    header_destinationPort,++    -- * IPSet+    IPSet (..),+    newIPSet,+    iPSet_definition,++    -- * IPSetMetadata+    IPSetMetadata (..),+    newIPSetMetadata,+    iPSetMetadata_resolvedCIDRCount,++    -- * IPSetReference+    IPSetReference (..),+    newIPSetReference,+    iPSetReference_referenceArn,++    -- * LogDestinationConfig+    LogDestinationConfig (..),+    newLogDestinationConfig,+    logDestinationConfig_logType,+    logDestinationConfig_logDestinationType,+    logDestinationConfig_logDestination,++    -- * LoggingConfiguration+    LoggingConfiguration (..),+    newLoggingConfiguration,+    loggingConfiguration_logDestinationConfigs,++    -- * MatchAttributes+    MatchAttributes (..),+    newMatchAttributes,+    matchAttributes_destinationPorts,+    matchAttributes_destinations,+    matchAttributes_protocols,+    matchAttributes_sourcePorts,+    matchAttributes_sources,+    matchAttributes_tCPFlags,++    -- * PerObjectStatus+    PerObjectStatus (..),+    newPerObjectStatus,+    perObjectStatus_syncStatus,+    perObjectStatus_updateToken,++    -- * PortRange+    PortRange (..),+    newPortRange,+    portRange_fromPort,+    portRange_toPort,++    -- * PortSet+    PortSet (..),+    newPortSet,+    portSet_definition,++    -- * PublishMetricAction+    PublishMetricAction (..),+    newPublishMetricAction,+    publishMetricAction_dimensions,++    -- * ReferenceSets+    ReferenceSets (..),+    newReferenceSets,+    referenceSets_iPSetReferences,++    -- * RuleDefinition+    RuleDefinition (..),+    newRuleDefinition,+    ruleDefinition_matchAttributes,+    ruleDefinition_actions,++    -- * RuleGroup+    RuleGroup (..),+    newRuleGroup,+    ruleGroup_referenceSets,+    ruleGroup_ruleVariables,+    ruleGroup_statefulRuleOptions,+    ruleGroup_rulesSource,++    -- * RuleGroupMetadata+    RuleGroupMetadata (..),+    newRuleGroupMetadata,+    ruleGroupMetadata_arn,+    ruleGroupMetadata_name,++    -- * RuleGroupResponse+    RuleGroupResponse (..),+    newRuleGroupResponse,+    ruleGroupResponse_capacity,+    ruleGroupResponse_consumedCapacity,+    ruleGroupResponse_description,+    ruleGroupResponse_encryptionConfiguration,+    ruleGroupResponse_lastModifiedTime,+    ruleGroupResponse_numberOfAssociations,+    ruleGroupResponse_ruleGroupStatus,+    ruleGroupResponse_snsTopic,+    ruleGroupResponse_sourceMetadata,+    ruleGroupResponse_tags,+    ruleGroupResponse_type,+    ruleGroupResponse_ruleGroupArn,+    ruleGroupResponse_ruleGroupName,+    ruleGroupResponse_ruleGroupId,++    -- * RuleOption+    RuleOption (..),+    newRuleOption,+    ruleOption_settings,+    ruleOption_keyword,++    -- * RuleVariables+    RuleVariables (..),+    newRuleVariables,+    ruleVariables_iPSets,+    ruleVariables_portSets,++    -- * RulesSource+    RulesSource (..),+    newRulesSource,+    rulesSource_rulesSourceList,+    rulesSource_rulesString,+    rulesSource_statefulRules,+    rulesSource_statelessRulesAndCustomActions,++    -- * RulesSourceList+    RulesSourceList (..),+    newRulesSourceList,+    rulesSourceList_targets,+    rulesSourceList_targetTypes,+    rulesSourceList_generatedRulesType,++    -- * SourceMetadata+    SourceMetadata (..),+    newSourceMetadata,+    sourceMetadata_sourceArn,+    sourceMetadata_sourceUpdateToken,++    -- * StatefulEngineOptions+    StatefulEngineOptions (..),+    newStatefulEngineOptions,+    statefulEngineOptions_ruleOrder,+    statefulEngineOptions_streamExceptionPolicy,++    -- * StatefulRule+    StatefulRule (..),+    newStatefulRule,+    statefulRule_action,+    statefulRule_header,+    statefulRule_ruleOptions,++    -- * StatefulRuleGroupOverride+    StatefulRuleGroupOverride (..),+    newStatefulRuleGroupOverride,+    statefulRuleGroupOverride_action,++    -- * StatefulRuleGroupReference+    StatefulRuleGroupReference (..),+    newStatefulRuleGroupReference,+    statefulRuleGroupReference_override,+    statefulRuleGroupReference_priority,+    statefulRuleGroupReference_resourceArn,++    -- * StatefulRuleOptions+    StatefulRuleOptions (..),+    newStatefulRuleOptions,+    statefulRuleOptions_ruleOrder,++    -- * StatelessRule+    StatelessRule (..),+    newStatelessRule,+    statelessRule_ruleDefinition,+    statelessRule_priority,++    -- * StatelessRuleGroupReference+    StatelessRuleGroupReference (..),+    newStatelessRuleGroupReference,+    statelessRuleGroupReference_resourceArn,+    statelessRuleGroupReference_priority,++    -- * StatelessRulesAndCustomActions+    StatelessRulesAndCustomActions (..),+    newStatelessRulesAndCustomActions,+    statelessRulesAndCustomActions_customActions,+    statelessRulesAndCustomActions_statelessRules,++    -- * SubnetMapping+    SubnetMapping (..),+    newSubnetMapping,+    subnetMapping_subnetId,++    -- * SyncState+    SyncState (..),+    newSyncState,+    syncState_attachment,+    syncState_config,++    -- * TCPFlagField+    TCPFlagField (..),+    newTCPFlagField,+    tCPFlagField_masks,+    tCPFlagField_flags,++    -- * Tag+    Tag (..),+    newTag,+    tag_key,+    tag_value,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import Amazonka.NetworkFirewall.Types.ActionDefinition+import Amazonka.NetworkFirewall.Types.Address+import Amazonka.NetworkFirewall.Types.Attachment+import Amazonka.NetworkFirewall.Types.AttachmentStatus+import Amazonka.NetworkFirewall.Types.CIDRSummary+import Amazonka.NetworkFirewall.Types.CapacityUsageSummary+import Amazonka.NetworkFirewall.Types.ConfigurationSyncState+import Amazonka.NetworkFirewall.Types.CustomAction+import Amazonka.NetworkFirewall.Types.Dimension+import Amazonka.NetworkFirewall.Types.EncryptionConfiguration+import Amazonka.NetworkFirewall.Types.EncryptionType+import Amazonka.NetworkFirewall.Types.Firewall+import Amazonka.NetworkFirewall.Types.FirewallMetadata+import Amazonka.NetworkFirewall.Types.FirewallPolicy+import Amazonka.NetworkFirewall.Types.FirewallPolicyMetadata+import Amazonka.NetworkFirewall.Types.FirewallPolicyResponse+import Amazonka.NetworkFirewall.Types.FirewallStatus+import Amazonka.NetworkFirewall.Types.FirewallStatusValue+import Amazonka.NetworkFirewall.Types.GeneratedRulesType+import Amazonka.NetworkFirewall.Types.Header+import Amazonka.NetworkFirewall.Types.IPSet+import Amazonka.NetworkFirewall.Types.IPSetMetadata+import Amazonka.NetworkFirewall.Types.IPSetReference+import Amazonka.NetworkFirewall.Types.LogDestinationConfig+import Amazonka.NetworkFirewall.Types.LogDestinationType+import Amazonka.NetworkFirewall.Types.LogType+import Amazonka.NetworkFirewall.Types.LoggingConfiguration+import Amazonka.NetworkFirewall.Types.MatchAttributes+import Amazonka.NetworkFirewall.Types.OverrideAction+import Amazonka.NetworkFirewall.Types.PerObjectStatus+import Amazonka.NetworkFirewall.Types.PerObjectSyncStatus+import Amazonka.NetworkFirewall.Types.PortRange+import Amazonka.NetworkFirewall.Types.PortSet+import Amazonka.NetworkFirewall.Types.PublishMetricAction+import Amazonka.NetworkFirewall.Types.ReferenceSets+import Amazonka.NetworkFirewall.Types.ResourceManagedStatus+import Amazonka.NetworkFirewall.Types.ResourceManagedType+import Amazonka.NetworkFirewall.Types.ResourceStatus+import Amazonka.NetworkFirewall.Types.RuleDefinition+import Amazonka.NetworkFirewall.Types.RuleGroup+import Amazonka.NetworkFirewall.Types.RuleGroupMetadata+import Amazonka.NetworkFirewall.Types.RuleGroupResponse+import Amazonka.NetworkFirewall.Types.RuleGroupType+import Amazonka.NetworkFirewall.Types.RuleOption+import Amazonka.NetworkFirewall.Types.RuleOrder+import Amazonka.NetworkFirewall.Types.RuleVariables+import Amazonka.NetworkFirewall.Types.RulesSource+import Amazonka.NetworkFirewall.Types.RulesSourceList+import Amazonka.NetworkFirewall.Types.SourceMetadata+import Amazonka.NetworkFirewall.Types.StatefulAction+import Amazonka.NetworkFirewall.Types.StatefulEngineOptions+import Amazonka.NetworkFirewall.Types.StatefulRule+import Amazonka.NetworkFirewall.Types.StatefulRuleDirection+import Amazonka.NetworkFirewall.Types.StatefulRuleGroupOverride+import Amazonka.NetworkFirewall.Types.StatefulRuleGroupReference+import Amazonka.NetworkFirewall.Types.StatefulRuleOptions+import Amazonka.NetworkFirewall.Types.StatefulRuleProtocol+import Amazonka.NetworkFirewall.Types.StatelessRule+import Amazonka.NetworkFirewall.Types.StatelessRuleGroupReference+import Amazonka.NetworkFirewall.Types.StatelessRulesAndCustomActions+import Amazonka.NetworkFirewall.Types.StreamExceptionPolicy+import Amazonka.NetworkFirewall.Types.SubnetMapping+import Amazonka.NetworkFirewall.Types.SyncState+import Amazonka.NetworkFirewall.Types.TCPFlag+import Amazonka.NetworkFirewall.Types.TCPFlagField+import Amazonka.NetworkFirewall.Types.Tag+import Amazonka.NetworkFirewall.Types.TargetType+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Sign.V4 as Sign++-- | API version @2020-11-12@ of the Amazon Network Firewall SDK configuration.+defaultService :: Core.Service+defaultService =+  Core.Service+    { Core.abbrev = "NetworkFirewall",+      Core.signer = Sign.v4,+      Core.endpointPrefix = "network-firewall",+      Core.signingName = "network-firewall",+      Core.version = "2020-11-12",+      Core.s3AddressingStyle = Core.S3AddressingStyleAuto,+      Core.endpoint = Core.defaultEndpoint defaultService,+      Core.timeout = Prelude.Just 70,+      Core.check = Core.statusSuccess,+      Core.error = Core.parseJSONError "NetworkFirewall",+      Core.retry = retry+    }+  where+    retry =+      Core.Exponential+        { Core.base = 5.0e-2,+          Core.growth = 2,+          Core.attempts = 5,+          Core.check = check+        }+    check e+      | Lens.has (Core.hasStatus 502) e =+          Prelude.Just "bad_gateway"+      | Lens.has (Core.hasStatus 504) e =+          Prelude.Just "gateway_timeout"+      | Lens.has (Core.hasStatus 500) e =+          Prelude.Just "general_server_error"+      | Lens.has (Core.hasStatus 509) e =+          Prelude.Just "limit_exceeded"+      | Lens.has+          ( Core.hasCode "RequestThrottledException"+              Prelude.. Core.hasStatus 400+          )+          e =+          Prelude.Just "request_throttled_exception"+      | Lens.has (Core.hasStatus 503) e =+          Prelude.Just "service_unavailable"+      | Lens.has+          ( Core.hasCode "ThrottledException"+              Prelude.. Core.hasStatus 400+          )+          e =+          Prelude.Just "throttled_exception"+      | Lens.has+          ( Core.hasCode "Throttling"+              Prelude.. Core.hasStatus 400+          )+          e =+          Prelude.Just "throttling"+      | Lens.has+          ( Core.hasCode "ThrottlingException"+              Prelude.. Core.hasStatus 400+          )+          e =+          Prelude.Just "throttling_exception"+      | Lens.has+          ( Core.hasCode+              "ProvisionedThroughputExceededException"+              Prelude.. Core.hasStatus 400+          )+          e =+          Prelude.Just "throughput_exceeded"+      | Lens.has (Core.hasStatus 429) e =+          Prelude.Just "too_many_requests"+      | Prelude.otherwise = Prelude.Nothing++-- | Amazon Web Services doesn\'t currently have enough available capacity to+-- fulfill your request. Try your request later.+_InsufficientCapacityException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InsufficientCapacityException =+  Core._MatchServiceError+    defaultService+    "InsufficientCapacityException"++-- | Your request is valid, but Network Firewall couldn’t perform the+-- operation because of a system problem. Retry your request.+_InternalServerError :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InternalServerError =+  Core._MatchServiceError+    defaultService+    "InternalServerError"++-- | The operation failed because it\'s not valid. For example, you might+-- have tried to delete a rule group or firewall policy that\'s in use.+_InvalidOperationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidOperationException =+  Core._MatchServiceError+    defaultService+    "InvalidOperationException"++-- | The operation failed because of a problem with your request. Examples+-- include:+--+-- -   You specified an unsupported parameter name or value.+--+-- -   You tried to update a property with a value that isn\'t among the+--     available types.+--+-- -   Your request references an ARN that is malformed, or corresponds to+--     a resource that isn\'t valid in the context of the request.+_InvalidRequestException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidRequestException =+  Core._MatchServiceError+    defaultService+    "InvalidRequestException"++-- | The policy statement failed validation.+_InvalidResourcePolicyException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidResourcePolicyException =+  Core._MatchServiceError+    defaultService+    "InvalidResourcePolicyException"++-- | The token you provided is stale or isn\'t valid for the operation.+_InvalidTokenException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidTokenException =+  Core._MatchServiceError+    defaultService+    "InvalidTokenException"++-- | Unable to perform the operation because doing so would violate a limit+-- setting.+_LimitExceededException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_LimitExceededException =+  Core._MatchServiceError+    defaultService+    "LimitExceededException"++-- | Unable to send logs to a configured logging destination.+_LogDestinationPermissionException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_LogDestinationPermissionException =+  Core._MatchServiceError+    defaultService+    "LogDestinationPermissionException"++-- | Unable to locate a resource using the parameters that you provided.+_ResourceNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_ResourceNotFoundException =+  Core._MatchServiceError+    defaultService+    "ResourceNotFoundException"++-- | Unable to change the resource because your account doesn\'t own it.+_ResourceOwnerCheckException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_ResourceOwnerCheckException =+  Core._MatchServiceError+    defaultService+    "ResourceOwnerCheckException"++-- | Unable to process the request due to throttling limitations.+_ThrottlingException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_ThrottlingException =+  Core._MatchServiceError+    defaultService+    "ThrottlingException"++-- | The operation you requested isn\'t supported by Network Firewall.+_UnsupportedOperationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_UnsupportedOperationException =+  Core._MatchServiceError+    defaultService+    "UnsupportedOperationException"
+ gen/Amazonka/NetworkFirewall/Types/ActionDefinition.hs view
@@ -0,0 +1,107 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.ActionDefinition+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.ActionDefinition where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.PublishMetricAction+import qualified Amazonka.Prelude as Prelude++-- | A custom action to use in stateless rule actions settings. This is used+-- in CustomAction.+--+-- /See:/ 'newActionDefinition' smart constructor.+data ActionDefinition = ActionDefinition'+  { -- | Stateless inspection criteria that publishes the specified metrics to+    -- Amazon CloudWatch for the matching packet. This setting defines a+    -- CloudWatch dimension value to be published.+    --+    -- You can pair this custom action with any of the standard stateless rule+    -- actions. For example, you could pair this in a rule action with the+    -- standard action that forwards the packet for stateful inspection. Then,+    -- when a packet matches the rule, Network Firewall publishes metrics for+    -- the packet and forwards it.+    publishMetricAction :: Prelude.Maybe PublishMetricAction+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ActionDefinition' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'publishMetricAction', 'actionDefinition_publishMetricAction' - Stateless inspection criteria that publishes the specified metrics to+-- Amazon CloudWatch for the matching packet. This setting defines a+-- CloudWatch dimension value to be published.+--+-- You can pair this custom action with any of the standard stateless rule+-- actions. For example, you could pair this in a rule action with the+-- standard action that forwards the packet for stateful inspection. Then,+-- when a packet matches the rule, Network Firewall publishes metrics for+-- the packet and forwards it.+newActionDefinition ::+  ActionDefinition+newActionDefinition =+  ActionDefinition'+    { publishMetricAction =+        Prelude.Nothing+    }++-- | Stateless inspection criteria that publishes the specified metrics to+-- Amazon CloudWatch for the matching packet. This setting defines a+-- CloudWatch dimension value to be published.+--+-- You can pair this custom action with any of the standard stateless rule+-- actions. For example, you could pair this in a rule action with the+-- standard action that forwards the packet for stateful inspection. Then,+-- when a packet matches the rule, Network Firewall publishes metrics for+-- the packet and forwards it.+actionDefinition_publishMetricAction :: Lens.Lens' ActionDefinition (Prelude.Maybe PublishMetricAction)+actionDefinition_publishMetricAction = Lens.lens (\ActionDefinition' {publishMetricAction} -> publishMetricAction) (\s@ActionDefinition' {} a -> s {publishMetricAction = a} :: ActionDefinition)++instance Data.FromJSON ActionDefinition where+  parseJSON =+    Data.withObject+      "ActionDefinition"+      ( \x ->+          ActionDefinition'+            Prelude.<$> (x Data..:? "PublishMetricAction")+      )++instance Prelude.Hashable ActionDefinition where+  hashWithSalt _salt ActionDefinition' {..} =+    _salt `Prelude.hashWithSalt` publishMetricAction++instance Prelude.NFData ActionDefinition where+  rnf ActionDefinition' {..} =+    Prelude.rnf publishMetricAction++instance Data.ToJSON ActionDefinition where+  toJSON ActionDefinition' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("PublishMetricAction" Data..=)+              Prelude.<$> publishMetricAction+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/Address.hs view
@@ -0,0 +1,118 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.Address+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.Address where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | A single IP address specification. This is used in the MatchAttributes+-- source and destination specifications.+--+-- /See:/ 'newAddress' smart constructor.+data Address = Address'+  { -- | Specify an IP address or a block of IP addresses in Classless+    -- Inter-Domain Routing (CIDR) notation. Network Firewall supports all+    -- address ranges for IPv4.+    --+    -- Examples:+    --+    -- -   To configure Network Firewall to inspect for the IP address+    --     192.0.2.44, specify @192.0.2.44\/32@.+    --+    -- -   To configure Network Firewall to inspect for IP addresses from+    --     192.0.2.0 to 192.0.2.255, specify @192.0.2.0\/24@.+    --+    -- For more information about CIDR notation, see the Wikipedia entry+    -- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.+    addressDefinition :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'Address' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'addressDefinition', 'address_addressDefinition' - Specify an IP address or a block of IP addresses in Classless+-- Inter-Domain Routing (CIDR) notation. Network Firewall supports all+-- address ranges for IPv4.+--+-- Examples:+--+-- -   To configure Network Firewall to inspect for the IP address+--     192.0.2.44, specify @192.0.2.44\/32@.+--+-- -   To configure Network Firewall to inspect for IP addresses from+--     192.0.2.0 to 192.0.2.255, specify @192.0.2.0\/24@.+--+-- For more information about CIDR notation, see the Wikipedia entry+-- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.+newAddress ::+  -- | 'addressDefinition'+  Prelude.Text ->+  Address+newAddress pAddressDefinition_ =+  Address' {addressDefinition = pAddressDefinition_}++-- | Specify an IP address or a block of IP addresses in Classless+-- Inter-Domain Routing (CIDR) notation. Network Firewall supports all+-- address ranges for IPv4.+--+-- Examples:+--+-- -   To configure Network Firewall to inspect for the IP address+--     192.0.2.44, specify @192.0.2.44\/32@.+--+-- -   To configure Network Firewall to inspect for IP addresses from+--     192.0.2.0 to 192.0.2.255, specify @192.0.2.0\/24@.+--+-- For more information about CIDR notation, see the Wikipedia entry+-- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.+address_addressDefinition :: Lens.Lens' Address Prelude.Text+address_addressDefinition = Lens.lens (\Address' {addressDefinition} -> addressDefinition) (\s@Address' {} a -> s {addressDefinition = a} :: Address)++instance Data.FromJSON Address where+  parseJSON =+    Data.withObject+      "Address"+      ( \x ->+          Address' Prelude.<$> (x Data..: "AddressDefinition")+      )++instance Prelude.Hashable Address where+  hashWithSalt _salt Address' {..} =+    _salt `Prelude.hashWithSalt` addressDefinition++instance Prelude.NFData Address where+  rnf Address' {..} = Prelude.rnf addressDefinition++instance Data.ToJSON Address where+  toJSON Address' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just+              ("AddressDefinition" Data..= addressDefinition)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/Attachment.hs view
@@ -0,0 +1,156 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.Attachment+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.Attachment where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.AttachmentStatus+import qualified Amazonka.Prelude as Prelude++-- | The configuration and status for a single subnet that you\'ve specified+-- for use by the Network Firewall firewall. This is part of the+-- FirewallStatus.+--+-- /See:/ 'newAttachment' smart constructor.+data Attachment = Attachment'+  { -- | The identifier of the firewall endpoint that Network Firewall has+    -- instantiated in the subnet. You use this to identify the firewall+    -- endpoint in the VPC route tables, when you redirect the VPC traffic+    -- through the endpoint.+    endpointId :: Prelude.Maybe Prelude.Text,+    -- | The current status of the firewall endpoint in the subnet. This value+    -- reflects both the instantiation of the endpoint in the VPC subnet and+    -- the sync states that are reported in the @Config@ settings. When this+    -- value is @READY@, the endpoint is available and configured properly to+    -- handle network traffic. When the endpoint isn\'t available for traffic,+    -- this value will reflect its state, for example @CREATING@ or @DELETING@.+    status :: Prelude.Maybe AttachmentStatus,+    -- | If Network Firewall fails to create or delete the firewall endpoint in+    -- the subnet, it populates this with the reason for the failure and how to+    -- resolve it. Depending on the error, it can take as many as 15 minutes to+    -- populate this field. For more information about the errors and solutions+    -- available for this field, see+    -- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-troubleshooting-endpoint-failures.html Troubleshooting firewall endpoint failures>+    -- in the /Network Firewall Developer Guide/.+    statusMessage :: Prelude.Maybe Prelude.Text,+    -- | The unique identifier of the subnet that you\'ve specified to be used+    -- for a firewall endpoint.+    subnetId :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'Attachment' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'endpointId', 'attachment_endpointId' - The identifier of the firewall endpoint that Network Firewall has+-- instantiated in the subnet. You use this to identify the firewall+-- endpoint in the VPC route tables, when you redirect the VPC traffic+-- through the endpoint.+--+-- 'status', 'attachment_status' - The current status of the firewall endpoint in the subnet. This value+-- reflects both the instantiation of the endpoint in the VPC subnet and+-- the sync states that are reported in the @Config@ settings. When this+-- value is @READY@, the endpoint is available and configured properly to+-- handle network traffic. When the endpoint isn\'t available for traffic,+-- this value will reflect its state, for example @CREATING@ or @DELETING@.+--+-- 'statusMessage', 'attachment_statusMessage' - If Network Firewall fails to create or delete the firewall endpoint in+-- the subnet, it populates this with the reason for the failure and how to+-- resolve it. Depending on the error, it can take as many as 15 minutes to+-- populate this field. For more information about the errors and solutions+-- available for this field, see+-- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-troubleshooting-endpoint-failures.html Troubleshooting firewall endpoint failures>+-- in the /Network Firewall Developer Guide/.+--+-- 'subnetId', 'attachment_subnetId' - The unique identifier of the subnet that you\'ve specified to be used+-- for a firewall endpoint.+newAttachment ::+  Attachment+newAttachment =+  Attachment'+    { endpointId = Prelude.Nothing,+      status = Prelude.Nothing,+      statusMessage = Prelude.Nothing,+      subnetId = Prelude.Nothing+    }++-- | The identifier of the firewall endpoint that Network Firewall has+-- instantiated in the subnet. You use this to identify the firewall+-- endpoint in the VPC route tables, when you redirect the VPC traffic+-- through the endpoint.+attachment_endpointId :: Lens.Lens' Attachment (Prelude.Maybe Prelude.Text)+attachment_endpointId = Lens.lens (\Attachment' {endpointId} -> endpointId) (\s@Attachment' {} a -> s {endpointId = a} :: Attachment)++-- | The current status of the firewall endpoint in the subnet. This value+-- reflects both the instantiation of the endpoint in the VPC subnet and+-- the sync states that are reported in the @Config@ settings. When this+-- value is @READY@, the endpoint is available and configured properly to+-- handle network traffic. When the endpoint isn\'t available for traffic,+-- this value will reflect its state, for example @CREATING@ or @DELETING@.+attachment_status :: Lens.Lens' Attachment (Prelude.Maybe AttachmentStatus)+attachment_status = Lens.lens (\Attachment' {status} -> status) (\s@Attachment' {} a -> s {status = a} :: Attachment)++-- | If Network Firewall fails to create or delete the firewall endpoint in+-- the subnet, it populates this with the reason for the failure and how to+-- resolve it. Depending on the error, it can take as many as 15 minutes to+-- populate this field. For more information about the errors and solutions+-- available for this field, see+-- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/firewall-troubleshooting-endpoint-failures.html Troubleshooting firewall endpoint failures>+-- in the /Network Firewall Developer Guide/.+attachment_statusMessage :: Lens.Lens' Attachment (Prelude.Maybe Prelude.Text)+attachment_statusMessage = Lens.lens (\Attachment' {statusMessage} -> statusMessage) (\s@Attachment' {} a -> s {statusMessage = a} :: Attachment)++-- | The unique identifier of the subnet that you\'ve specified to be used+-- for a firewall endpoint.+attachment_subnetId :: Lens.Lens' Attachment (Prelude.Maybe Prelude.Text)+attachment_subnetId = Lens.lens (\Attachment' {subnetId} -> subnetId) (\s@Attachment' {} a -> s {subnetId = a} :: Attachment)++instance Data.FromJSON Attachment where+  parseJSON =+    Data.withObject+      "Attachment"+      ( \x ->+          Attachment'+            Prelude.<$> (x Data..:? "EndpointId")+            Prelude.<*> (x Data..:? "Status")+            Prelude.<*> (x Data..:? "StatusMessage")+            Prelude.<*> (x Data..:? "SubnetId")+      )++instance Prelude.Hashable Attachment where+  hashWithSalt _salt Attachment' {..} =+    _salt+      `Prelude.hashWithSalt` endpointId+      `Prelude.hashWithSalt` status+      `Prelude.hashWithSalt` statusMessage+      `Prelude.hashWithSalt` subnetId++instance Prelude.NFData Attachment where+  rnf Attachment' {..} =+    Prelude.rnf endpointId+      `Prelude.seq` Prelude.rnf status+      `Prelude.seq` Prelude.rnf statusMessage+      `Prelude.seq` Prelude.rnf subnetId
+ gen/Amazonka/NetworkFirewall/Types/AttachmentStatus.hs view
@@ -0,0 +1,81 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.AttachmentStatus+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.AttachmentStatus+  ( AttachmentStatus+      ( ..,+        AttachmentStatus_CREATING,+        AttachmentStatus_DELETING,+        AttachmentStatus_READY,+        AttachmentStatus_SCALING+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype AttachmentStatus = AttachmentStatus'+  { fromAttachmentStatus ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern AttachmentStatus_CREATING :: AttachmentStatus+pattern AttachmentStatus_CREATING = AttachmentStatus' "CREATING"++pattern AttachmentStatus_DELETING :: AttachmentStatus+pattern AttachmentStatus_DELETING = AttachmentStatus' "DELETING"++pattern AttachmentStatus_READY :: AttachmentStatus+pattern AttachmentStatus_READY = AttachmentStatus' "READY"++pattern AttachmentStatus_SCALING :: AttachmentStatus+pattern AttachmentStatus_SCALING = AttachmentStatus' "SCALING"++{-# COMPLETE+  AttachmentStatus_CREATING,+  AttachmentStatus_DELETING,+  AttachmentStatus_READY,+  AttachmentStatus_SCALING,+  AttachmentStatus'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/CIDRSummary.hs view
@@ -0,0 +1,105 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.CIDRSummary+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.CIDRSummary where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.IPSetMetadata+import qualified Amazonka.Prelude as Prelude++-- | Summarizes the CIDR blocks used by the IP set references in a firewall.+-- Network Firewall calculates the number of CIDRs by taking an aggregated+-- count of all CIDRs used by the IP sets you are referencing.+--+-- /See:/ 'newCIDRSummary' smart constructor.+data CIDRSummary = CIDRSummary'+  { -- | The number of CIDR blocks available for use by the IP set references in+    -- a firewall.+    availableCIDRCount :: Prelude.Maybe Prelude.Natural,+    -- | The list of the IP set references used by a firewall.+    iPSetReferences :: Prelude.Maybe (Prelude.HashMap Prelude.Text IPSetMetadata),+    -- | The number of CIDR blocks used by the IP set references in a firewall.+    utilizedCIDRCount :: Prelude.Maybe Prelude.Natural+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CIDRSummary' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'availableCIDRCount', 'cIDRSummary_availableCIDRCount' - The number of CIDR blocks available for use by the IP set references in+-- a firewall.+--+-- 'iPSetReferences', 'cIDRSummary_iPSetReferences' - The list of the IP set references used by a firewall.+--+-- 'utilizedCIDRCount', 'cIDRSummary_utilizedCIDRCount' - The number of CIDR blocks used by the IP set references in a firewall.+newCIDRSummary ::+  CIDRSummary+newCIDRSummary =+  CIDRSummary'+    { availableCIDRCount = Prelude.Nothing,+      iPSetReferences = Prelude.Nothing,+      utilizedCIDRCount = Prelude.Nothing+    }++-- | The number of CIDR blocks available for use by the IP set references in+-- a firewall.+cIDRSummary_availableCIDRCount :: Lens.Lens' CIDRSummary (Prelude.Maybe Prelude.Natural)+cIDRSummary_availableCIDRCount = Lens.lens (\CIDRSummary' {availableCIDRCount} -> availableCIDRCount) (\s@CIDRSummary' {} a -> s {availableCIDRCount = a} :: CIDRSummary)++-- | The list of the IP set references used by a firewall.+cIDRSummary_iPSetReferences :: Lens.Lens' CIDRSummary (Prelude.Maybe (Prelude.HashMap Prelude.Text IPSetMetadata))+cIDRSummary_iPSetReferences = Lens.lens (\CIDRSummary' {iPSetReferences} -> iPSetReferences) (\s@CIDRSummary' {} a -> s {iPSetReferences = a} :: CIDRSummary) Prelude.. Lens.mapping Lens.coerced++-- | The number of CIDR blocks used by the IP set references in a firewall.+cIDRSummary_utilizedCIDRCount :: Lens.Lens' CIDRSummary (Prelude.Maybe Prelude.Natural)+cIDRSummary_utilizedCIDRCount = Lens.lens (\CIDRSummary' {utilizedCIDRCount} -> utilizedCIDRCount) (\s@CIDRSummary' {} a -> s {utilizedCIDRCount = a} :: CIDRSummary)++instance Data.FromJSON CIDRSummary where+  parseJSON =+    Data.withObject+      "CIDRSummary"+      ( \x ->+          CIDRSummary'+            Prelude.<$> (x Data..:? "AvailableCIDRCount")+            Prelude.<*> ( x+                            Data..:? "IPSetReferences"+                            Data..!= Prelude.mempty+                        )+            Prelude.<*> (x Data..:? "UtilizedCIDRCount")+      )++instance Prelude.Hashable CIDRSummary where+  hashWithSalt _salt CIDRSummary' {..} =+    _salt+      `Prelude.hashWithSalt` availableCIDRCount+      `Prelude.hashWithSalt` iPSetReferences+      `Prelude.hashWithSalt` utilizedCIDRCount++instance Prelude.NFData CIDRSummary where+  rnf CIDRSummary' {..} =+    Prelude.rnf availableCIDRCount+      `Prelude.seq` Prelude.rnf iPSetReferences+      `Prelude.seq` Prelude.rnf utilizedCIDRCount
+ gen/Amazonka/NetworkFirewall/Types/CapacityUsageSummary.hs view
@@ -0,0 +1,73 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.CapacityUsageSummary+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.CapacityUsageSummary where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.CIDRSummary+import qualified Amazonka.Prelude as Prelude++-- | The capacity usage summary of the resources used by the ReferenceSets in+-- a firewall.+--+-- /See:/ 'newCapacityUsageSummary' smart constructor.+data CapacityUsageSummary = CapacityUsageSummary'+  { -- | Describes the capacity usage of the CIDR blocks used by the IP set+    -- references in a firewall.+    cIDRs :: Prelude.Maybe CIDRSummary+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CapacityUsageSummary' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'cIDRs', 'capacityUsageSummary_cIDRs' - Describes the capacity usage of the CIDR blocks used by the IP set+-- references in a firewall.+newCapacityUsageSummary ::+  CapacityUsageSummary+newCapacityUsageSummary =+  CapacityUsageSummary' {cIDRs = Prelude.Nothing}++-- | Describes the capacity usage of the CIDR blocks used by the IP set+-- references in a firewall.+capacityUsageSummary_cIDRs :: Lens.Lens' CapacityUsageSummary (Prelude.Maybe CIDRSummary)+capacityUsageSummary_cIDRs = Lens.lens (\CapacityUsageSummary' {cIDRs} -> cIDRs) (\s@CapacityUsageSummary' {} a -> s {cIDRs = a} :: CapacityUsageSummary)++instance Data.FromJSON CapacityUsageSummary where+  parseJSON =+    Data.withObject+      "CapacityUsageSummary"+      ( \x ->+          CapacityUsageSummary'+            Prelude.<$> (x Data..:? "CIDRs")+      )++instance Prelude.Hashable CapacityUsageSummary where+  hashWithSalt _salt CapacityUsageSummary' {..} =+    _salt `Prelude.hashWithSalt` cIDRs++instance Prelude.NFData CapacityUsageSummary where+  rnf CapacityUsageSummary' {..} = Prelude.rnf cIDRs
+ gen/Amazonka/NetworkFirewall/Types/ConfigurationSyncState.hs view
@@ -0,0 +1,76 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.ConfigurationSyncState+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.ConfigurationSyncState+  ( ConfigurationSyncState+      ( ..,+        ConfigurationSyncState_CAPACITY_CONSTRAINED,+        ConfigurationSyncState_IN_SYNC,+        ConfigurationSyncState_PENDING+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype ConfigurationSyncState = ConfigurationSyncState'+  { fromConfigurationSyncState ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern ConfigurationSyncState_CAPACITY_CONSTRAINED :: ConfigurationSyncState+pattern ConfigurationSyncState_CAPACITY_CONSTRAINED = ConfigurationSyncState' "CAPACITY_CONSTRAINED"++pattern ConfigurationSyncState_IN_SYNC :: ConfigurationSyncState+pattern ConfigurationSyncState_IN_SYNC = ConfigurationSyncState' "IN_SYNC"++pattern ConfigurationSyncState_PENDING :: ConfigurationSyncState+pattern ConfigurationSyncState_PENDING = ConfigurationSyncState' "PENDING"++{-# COMPLETE+  ConfigurationSyncState_CAPACITY_CONSTRAINED,+  ConfigurationSyncState_IN_SYNC,+  ConfigurationSyncState_PENDING,+  ConfigurationSyncState'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/CustomAction.hs view
@@ -0,0 +1,121 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.CustomAction+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.CustomAction where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.ActionDefinition+import qualified Amazonka.Prelude as Prelude++-- | An optional, non-standard action to use for stateless packet handling.+-- You can define this in addition to the standard action that you must+-- specify.+--+-- You define and name the custom actions that you want to be able to use,+-- and then you reference them by name in your actions settings.+--+-- You can use custom actions in the following places:+--+-- -   In a rule group\'s StatelessRulesAndCustomActions specification. The+--     custom actions are available for use by name inside the+--     @StatelessRulesAndCustomActions@ where you define them. You can use+--     them for your stateless rule actions to specify what to do with a+--     packet that matches the rule\'s match attributes.+--+-- -   In a FirewallPolicy specification, in @StatelessCustomActions@. The+--     custom actions are available for use inside the policy where you+--     define them. You can use them for the policy\'s default stateless+--     actions settings to specify what to do with packets that don\'t+--     match any of the policy\'s stateless rules.+--+-- /See:/ 'newCustomAction' smart constructor.+data CustomAction = CustomAction'+  { -- | The descriptive name of the custom action. You can\'t change the name of+    -- a custom action after you create it.+    actionName :: Prelude.Text,+    -- | The custom action associated with the action name.+    actionDefinition :: ActionDefinition+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CustomAction' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'actionName', 'customAction_actionName' - The descriptive name of the custom action. You can\'t change the name of+-- a custom action after you create it.+--+-- 'actionDefinition', 'customAction_actionDefinition' - The custom action associated with the action name.+newCustomAction ::+  -- | 'actionName'+  Prelude.Text ->+  -- | 'actionDefinition'+  ActionDefinition ->+  CustomAction+newCustomAction pActionName_ pActionDefinition_ =+  CustomAction'+    { actionName = pActionName_,+      actionDefinition = pActionDefinition_+    }++-- | The descriptive name of the custom action. You can\'t change the name of+-- a custom action after you create it.+customAction_actionName :: Lens.Lens' CustomAction Prelude.Text+customAction_actionName = Lens.lens (\CustomAction' {actionName} -> actionName) (\s@CustomAction' {} a -> s {actionName = a} :: CustomAction)++-- | The custom action associated with the action name.+customAction_actionDefinition :: Lens.Lens' CustomAction ActionDefinition+customAction_actionDefinition = Lens.lens (\CustomAction' {actionDefinition} -> actionDefinition) (\s@CustomAction' {} a -> s {actionDefinition = a} :: CustomAction)++instance Data.FromJSON CustomAction where+  parseJSON =+    Data.withObject+      "CustomAction"+      ( \x ->+          CustomAction'+            Prelude.<$> (x Data..: "ActionName")+            Prelude.<*> (x Data..: "ActionDefinition")+      )++instance Prelude.Hashable CustomAction where+  hashWithSalt _salt CustomAction' {..} =+    _salt+      `Prelude.hashWithSalt` actionName+      `Prelude.hashWithSalt` actionDefinition++instance Prelude.NFData CustomAction where+  rnf CustomAction' {..} =+    Prelude.rnf actionName+      `Prelude.seq` Prelude.rnf actionDefinition++instance Data.ToJSON CustomAction where+  toJSON CustomAction' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just ("ActionName" Data..= actionName),+            Prelude.Just+              ("ActionDefinition" Data..= actionDefinition)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/Dimension.hs view
@@ -0,0 +1,84 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.Dimension+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.Dimension where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | The value to use in an Amazon CloudWatch custom metric dimension. This+-- is used in the @PublishMetrics@ CustomAction. A CloudWatch custom metric+-- dimension is a name\/value pair that\'s part of the identity of a+-- metric.+--+-- Network Firewall sets the dimension name to @CustomAction@ and you+-- provide the dimension value.+--+-- For more information about CloudWatch custom metric dimensions, see+-- <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/publishingMetrics.html#usingDimensions Publishing Custom Metrics>+-- in the+-- <https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html Amazon CloudWatch User Guide>.+--+-- /See:/ 'newDimension' smart constructor.+data Dimension = Dimension'+  { -- | The value to use in the custom metric dimension.+    value :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'Dimension' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'value', 'dimension_value' - The value to use in the custom metric dimension.+newDimension ::+  -- | 'value'+  Prelude.Text ->+  Dimension+newDimension pValue_ = Dimension' {value = pValue_}++-- | The value to use in the custom metric dimension.+dimension_value :: Lens.Lens' Dimension Prelude.Text+dimension_value = Lens.lens (\Dimension' {value} -> value) (\s@Dimension' {} a -> s {value = a} :: Dimension)++instance Data.FromJSON Dimension where+  parseJSON =+    Data.withObject+      "Dimension"+      (\x -> Dimension' Prelude.<$> (x Data..: "Value"))++instance Prelude.Hashable Dimension where+  hashWithSalt _salt Dimension' {..} =+    _salt `Prelude.hashWithSalt` value++instance Prelude.NFData Dimension where+  rnf Dimension' {..} = Prelude.rnf value++instance Data.ToJSON Dimension where+  toJSON Dimension' {..} =+    Data.object+      ( Prelude.catMaybes+          [Prelude.Just ("Value" Data..= value)]+      )
+ gen/Amazonka/NetworkFirewall/Types/EncryptionConfiguration.hs view
@@ -0,0 +1,124 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.EncryptionConfiguration+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.EncryptionConfiguration where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.EncryptionType+import qualified Amazonka.Prelude as Prelude++-- | A complex type that contains optional Amazon Web Services Key Management+-- Service (KMS) encryption settings for your Network Firewall resources.+-- Your data is encrypted by default with an Amazon Web Services owned key+-- that Amazon Web Services owns and manages for you. You can use either+-- the Amazon Web Services owned key, or provide your own customer managed+-- key. To learn more about KMS encryption of your Network Firewall+-- resources, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html Encryption at rest with Amazon Web Services Key Managment Service>+-- in the /Network Firewall Developer Guide/.+--+-- /See:/ 'newEncryptionConfiguration' smart constructor.+data EncryptionConfiguration = EncryptionConfiguration'+  { -- | The ID of the Amazon Web Services Key Management Service (KMS) customer+    -- managed key. You can use any of the key identifiers that KMS supports,+    -- unless you\'re using a key that\'s managed by another account. If+    -- you\'re using a key managed by another account, then specify the key+    -- ARN. For more information, see+    -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id Key ID>+    -- in the /Amazon Web Services KMS Developer Guide/.+    keyId :: Prelude.Maybe Prelude.Text,+    -- | The type of Amazon Web Services KMS key to use for encryption of your+    -- Network Firewall resources.+    type' :: EncryptionType+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'EncryptionConfiguration' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'encryptionConfiguration_keyId' - The ID of the Amazon Web Services Key Management Service (KMS) customer+-- managed key. You can use any of the key identifiers that KMS supports,+-- unless you\'re using a key that\'s managed by another account. If+-- you\'re using a key managed by another account, then specify the key+-- ARN. For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id Key ID>+-- in the /Amazon Web Services KMS Developer Guide/.+--+-- 'type'', 'encryptionConfiguration_type' - The type of Amazon Web Services KMS key to use for encryption of your+-- Network Firewall resources.+newEncryptionConfiguration ::+  -- | 'type''+  EncryptionType ->+  EncryptionConfiguration+newEncryptionConfiguration pType_ =+  EncryptionConfiguration'+    { keyId = Prelude.Nothing,+      type' = pType_+    }++-- | The ID of the Amazon Web Services Key Management Service (KMS) customer+-- managed key. You can use any of the key identifiers that KMS supports,+-- unless you\'re using a key that\'s managed by another account. If+-- you\'re using a key managed by another account, then specify the key+-- ARN. For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id Key ID>+-- in the /Amazon Web Services KMS Developer Guide/.+encryptionConfiguration_keyId :: Lens.Lens' EncryptionConfiguration (Prelude.Maybe Prelude.Text)+encryptionConfiguration_keyId = Lens.lens (\EncryptionConfiguration' {keyId} -> keyId) (\s@EncryptionConfiguration' {} a -> s {keyId = a} :: EncryptionConfiguration)++-- | The type of Amazon Web Services KMS key to use for encryption of your+-- Network Firewall resources.+encryptionConfiguration_type :: Lens.Lens' EncryptionConfiguration EncryptionType+encryptionConfiguration_type = Lens.lens (\EncryptionConfiguration' {type'} -> type') (\s@EncryptionConfiguration' {} a -> s {type' = a} :: EncryptionConfiguration)++instance Data.FromJSON EncryptionConfiguration where+  parseJSON =+    Data.withObject+      "EncryptionConfiguration"+      ( \x ->+          EncryptionConfiguration'+            Prelude.<$> (x Data..:? "KeyId")+            Prelude.<*> (x Data..: "Type")+      )++instance Prelude.Hashable EncryptionConfiguration where+  hashWithSalt _salt EncryptionConfiguration' {..} =+    _salt+      `Prelude.hashWithSalt` keyId+      `Prelude.hashWithSalt` type'++instance Prelude.NFData EncryptionConfiguration where+  rnf EncryptionConfiguration' {..} =+    Prelude.rnf keyId `Prelude.seq` Prelude.rnf type'++instance Data.ToJSON EncryptionConfiguration where+  toJSON EncryptionConfiguration' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("KeyId" Data..=) Prelude.<$> keyId,+            Prelude.Just ("Type" Data..= type')+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/EncryptionType.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.EncryptionType+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.EncryptionType+  ( EncryptionType+      ( ..,+        EncryptionType_AWS_OWNED_KMS_KEY,+        EncryptionType_CUSTOMER_KMS+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype EncryptionType = EncryptionType'+  { fromEncryptionType ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern EncryptionType_AWS_OWNED_KMS_KEY :: EncryptionType+pattern EncryptionType_AWS_OWNED_KMS_KEY = EncryptionType' "AWS_OWNED_KMS_KEY"++pattern EncryptionType_CUSTOMER_KMS :: EncryptionType+pattern EncryptionType_CUSTOMER_KMS = EncryptionType' "CUSTOMER_KMS"++{-# COMPLETE+  EncryptionType_AWS_OWNED_KMS_KEY,+  EncryptionType_CUSTOMER_KMS,+  EncryptionType'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/Firewall.hs view
@@ -0,0 +1,275 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.Firewall+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.Firewall where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.EncryptionConfiguration+import Amazonka.NetworkFirewall.Types.SubnetMapping+import Amazonka.NetworkFirewall.Types.Tag+import qualified Amazonka.Prelude as Prelude++-- | The firewall defines the configuration settings for an Network Firewall+-- firewall. These settings include the firewall policy, the subnets in+-- your VPC to use for the firewall endpoints, and any tags that are+-- attached to the firewall Amazon Web Services resource.+--+-- The status of the firewall, for example whether it\'s ready to filter+-- network traffic, is provided in the corresponding FirewallStatus. You+-- can retrieve both objects by calling DescribeFirewall.+--+-- /See:/ 'newFirewall' smart constructor.+data Firewall = Firewall'+  { -- | A flag indicating whether it is possible to delete the firewall. A+    -- setting of @TRUE@ indicates that the firewall is protected against+    -- deletion. Use this setting to protect against accidentally deleting a+    -- firewall that is in use. When you create a firewall, the operation+    -- initializes this flag to @TRUE@.+    deleteProtection :: Prelude.Maybe Prelude.Bool,+    -- | A description of the firewall.+    description :: Prelude.Maybe Prelude.Text,+    -- | A complex type that contains the Amazon Web Services KMS encryption+    -- configuration settings for your firewall.+    encryptionConfiguration :: Prelude.Maybe EncryptionConfiguration,+    -- | The Amazon Resource Name (ARN) of the firewall.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | A setting indicating whether the firewall is protected against a change+    -- to the firewall policy association. Use this setting to protect against+    -- accidentally modifying the firewall policy for a firewall that is in+    -- use. When you create a firewall, the operation initializes this setting+    -- to @TRUE@.+    firewallPolicyChangeProtection :: Prelude.Maybe Prelude.Bool,+    -- | A setting indicating whether the firewall is protected against changes+    -- to the subnet associations. Use this setting to protect against+    -- accidentally modifying the subnet associations for a firewall that is in+    -- use. When you create a firewall, the operation initializes this setting+    -- to @TRUE@.+    subnetChangeProtection :: Prelude.Maybe Prelude.Bool,+    tags :: Prelude.Maybe (Prelude.NonEmpty Tag),+    -- | The Amazon Resource Name (ARN) of the firewall policy.+    --+    -- The relationship of firewall to firewall policy is many to one. Each+    -- firewall requires one firewall policy association, and you can use the+    -- same firewall policy for multiple firewalls.+    firewallPolicyArn :: Prelude.Text,+    -- | The unique identifier of the VPC where the firewall is in use.+    vpcId :: Prelude.Text,+    -- | The public subnets that Network Firewall is using for the firewall. Each+    -- subnet must belong to a different Availability Zone.+    subnetMappings :: [SubnetMapping],+    -- | The unique identifier for the firewall.+    firewallId :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'Firewall' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'deleteProtection', 'firewall_deleteProtection' - A flag indicating whether it is possible to delete the firewall. A+-- setting of @TRUE@ indicates that the firewall is protected against+-- deletion. Use this setting to protect against accidentally deleting a+-- firewall that is in use. When you create a firewall, the operation+-- initializes this flag to @TRUE@.+--+-- 'description', 'firewall_description' - A description of the firewall.+--+-- 'encryptionConfiguration', 'firewall_encryptionConfiguration' - A complex type that contains the Amazon Web Services KMS encryption+-- configuration settings for your firewall.+--+-- 'firewallArn', 'firewall_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- 'firewallName', 'firewall_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- 'firewallPolicyChangeProtection', 'firewall_firewallPolicyChangeProtection' - A setting indicating whether the firewall is protected against a change+-- to the firewall policy association. Use this setting to protect against+-- accidentally modifying the firewall policy for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+--+-- 'subnetChangeProtection', 'firewall_subnetChangeProtection' - A setting indicating whether the firewall is protected against changes+-- to the subnet associations. Use this setting to protect against+-- accidentally modifying the subnet associations for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+--+-- 'tags', 'firewall_tags' -+--+-- 'firewallPolicyArn', 'firewall_firewallPolicyArn' - The Amazon Resource Name (ARN) of the firewall policy.+--+-- The relationship of firewall to firewall policy is many to one. Each+-- firewall requires one firewall policy association, and you can use the+-- same firewall policy for multiple firewalls.+--+-- 'vpcId', 'firewall_vpcId' - The unique identifier of the VPC where the firewall is in use.+--+-- 'subnetMappings', 'firewall_subnetMappings' - The public subnets that Network Firewall is using for the firewall. Each+-- subnet must belong to a different Availability Zone.+--+-- 'firewallId', 'firewall_firewallId' - The unique identifier for the firewall.+newFirewall ::+  -- | 'firewallPolicyArn'+  Prelude.Text ->+  -- | 'vpcId'+  Prelude.Text ->+  -- | 'firewallId'+  Prelude.Text ->+  Firewall+newFirewall pFirewallPolicyArn_ pVpcId_ pFirewallId_ =+  Firewall'+    { deleteProtection = Prelude.Nothing,+      description = Prelude.Nothing,+      encryptionConfiguration = Prelude.Nothing,+      firewallArn = Prelude.Nothing,+      firewallName = Prelude.Nothing,+      firewallPolicyChangeProtection = Prelude.Nothing,+      subnetChangeProtection = Prelude.Nothing,+      tags = Prelude.Nothing,+      firewallPolicyArn = pFirewallPolicyArn_,+      vpcId = pVpcId_,+      subnetMappings = Prelude.mempty,+      firewallId = pFirewallId_+    }++-- | A flag indicating whether it is possible to delete the firewall. A+-- setting of @TRUE@ indicates that the firewall is protected against+-- deletion. Use this setting to protect against accidentally deleting a+-- firewall that is in use. When you create a firewall, the operation+-- initializes this flag to @TRUE@.+firewall_deleteProtection :: Lens.Lens' Firewall (Prelude.Maybe Prelude.Bool)+firewall_deleteProtection = Lens.lens (\Firewall' {deleteProtection} -> deleteProtection) (\s@Firewall' {} a -> s {deleteProtection = a} :: Firewall)++-- | A description of the firewall.+firewall_description :: Lens.Lens' Firewall (Prelude.Maybe Prelude.Text)+firewall_description = Lens.lens (\Firewall' {description} -> description) (\s@Firewall' {} a -> s {description = a} :: Firewall)++-- | A complex type that contains the Amazon Web Services KMS encryption+-- configuration settings for your firewall.+firewall_encryptionConfiguration :: Lens.Lens' Firewall (Prelude.Maybe EncryptionConfiguration)+firewall_encryptionConfiguration = Lens.lens (\Firewall' {encryptionConfiguration} -> encryptionConfiguration) (\s@Firewall' {} a -> s {encryptionConfiguration = a} :: Firewall)++-- | The Amazon Resource Name (ARN) of the firewall.+firewall_firewallArn :: Lens.Lens' Firewall (Prelude.Maybe Prelude.Text)+firewall_firewallArn = Lens.lens (\Firewall' {firewallArn} -> firewallArn) (\s@Firewall' {} a -> s {firewallArn = a} :: Firewall)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+firewall_firewallName :: Lens.Lens' Firewall (Prelude.Maybe Prelude.Text)+firewall_firewallName = Lens.lens (\Firewall' {firewallName} -> firewallName) (\s@Firewall' {} a -> s {firewallName = a} :: Firewall)++-- | A setting indicating whether the firewall is protected against a change+-- to the firewall policy association. Use this setting to protect against+-- accidentally modifying the firewall policy for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+firewall_firewallPolicyChangeProtection :: Lens.Lens' Firewall (Prelude.Maybe Prelude.Bool)+firewall_firewallPolicyChangeProtection = Lens.lens (\Firewall' {firewallPolicyChangeProtection} -> firewallPolicyChangeProtection) (\s@Firewall' {} a -> s {firewallPolicyChangeProtection = a} :: Firewall)++-- | A setting indicating whether the firewall is protected against changes+-- to the subnet associations. Use this setting to protect against+-- accidentally modifying the subnet associations for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+firewall_subnetChangeProtection :: Lens.Lens' Firewall (Prelude.Maybe Prelude.Bool)+firewall_subnetChangeProtection = Lens.lens (\Firewall' {subnetChangeProtection} -> subnetChangeProtection) (\s@Firewall' {} a -> s {subnetChangeProtection = a} :: Firewall)++firewall_tags :: Lens.Lens' Firewall (Prelude.Maybe (Prelude.NonEmpty Tag))+firewall_tags = Lens.lens (\Firewall' {tags} -> tags) (\s@Firewall' {} a -> s {tags = a} :: Firewall) Prelude.. Lens.mapping Lens.coerced++-- | The Amazon Resource Name (ARN) of the firewall policy.+--+-- The relationship of firewall to firewall policy is many to one. Each+-- firewall requires one firewall policy association, and you can use the+-- same firewall policy for multiple firewalls.+firewall_firewallPolicyArn :: Lens.Lens' Firewall Prelude.Text+firewall_firewallPolicyArn = Lens.lens (\Firewall' {firewallPolicyArn} -> firewallPolicyArn) (\s@Firewall' {} a -> s {firewallPolicyArn = a} :: Firewall)++-- | The unique identifier of the VPC where the firewall is in use.+firewall_vpcId :: Lens.Lens' Firewall Prelude.Text+firewall_vpcId = Lens.lens (\Firewall' {vpcId} -> vpcId) (\s@Firewall' {} a -> s {vpcId = a} :: Firewall)++-- | The public subnets that Network Firewall is using for the firewall. Each+-- subnet must belong to a different Availability Zone.+firewall_subnetMappings :: Lens.Lens' Firewall [SubnetMapping]+firewall_subnetMappings = Lens.lens (\Firewall' {subnetMappings} -> subnetMappings) (\s@Firewall' {} a -> s {subnetMappings = a} :: Firewall) Prelude.. Lens.coerced++-- | The unique identifier for the firewall.+firewall_firewallId :: Lens.Lens' Firewall Prelude.Text+firewall_firewallId = Lens.lens (\Firewall' {firewallId} -> firewallId) (\s@Firewall' {} a -> s {firewallId = a} :: Firewall)++instance Data.FromJSON Firewall where+  parseJSON =+    Data.withObject+      "Firewall"+      ( \x ->+          Firewall'+            Prelude.<$> (x Data..:? "DeleteProtection")+            Prelude.<*> (x Data..:? "Description")+            Prelude.<*> (x Data..:? "EncryptionConfiguration")+            Prelude.<*> (x Data..:? "FirewallArn")+            Prelude.<*> (x Data..:? "FirewallName")+            Prelude.<*> (x Data..:? "FirewallPolicyChangeProtection")+            Prelude.<*> (x Data..:? "SubnetChangeProtection")+            Prelude.<*> (x Data..:? "Tags")+            Prelude.<*> (x Data..: "FirewallPolicyArn")+            Prelude.<*> (x Data..: "VpcId")+            Prelude.<*> (x Data..:? "SubnetMappings" Data..!= Prelude.mempty)+            Prelude.<*> (x Data..: "FirewallId")+      )++instance Prelude.Hashable Firewall where+  hashWithSalt _salt Firewall' {..} =+    _salt+      `Prelude.hashWithSalt` deleteProtection+      `Prelude.hashWithSalt` description+      `Prelude.hashWithSalt` encryptionConfiguration+      `Prelude.hashWithSalt` firewallArn+      `Prelude.hashWithSalt` firewallName+      `Prelude.hashWithSalt` firewallPolicyChangeProtection+      `Prelude.hashWithSalt` subnetChangeProtection+      `Prelude.hashWithSalt` tags+      `Prelude.hashWithSalt` firewallPolicyArn+      `Prelude.hashWithSalt` vpcId+      `Prelude.hashWithSalt` subnetMappings+      `Prelude.hashWithSalt` firewallId++instance Prelude.NFData Firewall where+  rnf Firewall' {..} =+    Prelude.rnf deleteProtection+      `Prelude.seq` Prelude.rnf description+      `Prelude.seq` Prelude.rnf encryptionConfiguration+      `Prelude.seq` Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf firewallPolicyChangeProtection+      `Prelude.seq` Prelude.rnf subnetChangeProtection+      `Prelude.seq` Prelude.rnf tags+      `Prelude.seq` Prelude.rnf firewallPolicyArn+      `Prelude.seq` Prelude.rnf vpcId+      `Prelude.seq` Prelude.rnf subnetMappings+      `Prelude.seq` Prelude.rnf firewallId
+ gen/Amazonka/NetworkFirewall/Types/FirewallMetadata.hs view
@@ -0,0 +1,89 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.FirewallMetadata+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.FirewallMetadata where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | High-level information about a firewall, returned by operations like+-- create and describe. You can use the information provided in the+-- metadata to retrieve and manage a firewall.+--+-- /See:/ 'newFirewallMetadata' smart constructor.+data FirewallMetadata = FirewallMetadata'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    firewallName :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'FirewallMetadata' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'firewallMetadata_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- 'firewallName', 'firewallMetadata_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+newFirewallMetadata ::+  FirewallMetadata+newFirewallMetadata =+  FirewallMetadata'+    { firewallArn = Prelude.Nothing,+      firewallName = Prelude.Nothing+    }++-- | The Amazon Resource Name (ARN) of the firewall.+firewallMetadata_firewallArn :: Lens.Lens' FirewallMetadata (Prelude.Maybe Prelude.Text)+firewallMetadata_firewallArn = Lens.lens (\FirewallMetadata' {firewallArn} -> firewallArn) (\s@FirewallMetadata' {} a -> s {firewallArn = a} :: FirewallMetadata)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+firewallMetadata_firewallName :: Lens.Lens' FirewallMetadata (Prelude.Maybe Prelude.Text)+firewallMetadata_firewallName = Lens.lens (\FirewallMetadata' {firewallName} -> firewallName) (\s@FirewallMetadata' {} a -> s {firewallName = a} :: FirewallMetadata)++instance Data.FromJSON FirewallMetadata where+  parseJSON =+    Data.withObject+      "FirewallMetadata"+      ( \x ->+          FirewallMetadata'+            Prelude.<$> (x Data..:? "FirewallArn")+            Prelude.<*> (x Data..:? "FirewallName")+      )++instance Prelude.Hashable FirewallMetadata where+  hashWithSalt _salt FirewallMetadata' {..} =+    _salt+      `Prelude.hashWithSalt` firewallArn+      `Prelude.hashWithSalt` firewallName++instance Prelude.NFData FirewallMetadata where+  rnf FirewallMetadata' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName
+ gen/Amazonka/NetworkFirewall/Types/FirewallPolicy.hs view
@@ -0,0 +1,333 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.FirewallPolicy+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.FirewallPolicy where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.CustomAction+import Amazonka.NetworkFirewall.Types.StatefulEngineOptions+import Amazonka.NetworkFirewall.Types.StatefulRuleGroupReference+import Amazonka.NetworkFirewall.Types.StatelessRuleGroupReference+import qualified Amazonka.Prelude as Prelude++-- | The firewall policy defines the behavior of a firewall using a+-- collection of stateless and stateful rule groups and other settings. You+-- can use one firewall policy for multiple firewalls.+--+-- This, along with FirewallPolicyResponse, define the policy. You can+-- retrieve all objects for a firewall policy by calling+-- DescribeFirewallPolicy.+--+-- /See:/ 'newFirewallPolicy' smart constructor.+data FirewallPolicy = FirewallPolicy'+  { -- | The default actions to take on a packet that doesn\'t match any stateful+    -- rules. The stateful default action is optional, and is only valid when+    -- using the strict rule order.+    --+    -- Valid values of the stateful default action:+    --+    -- -   aws:drop_strict+    --+    -- -   aws:drop_established+    --+    -- -   aws:alert_strict+    --+    -- -   aws:alert_established+    --+    -- For more information, see+    -- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-strict-rule-evaluation-order.html Strict evaluation order>+    -- in the /Network Firewall Developer Guide/.+    statefulDefaultActions :: Prelude.Maybe [Prelude.Text],+    -- | Additional options governing how Network Firewall handles stateful+    -- rules. The stateful rule groups that you use in your policy must have+    -- stateful rule options settings that are compatible with these settings.+    statefulEngineOptions :: Prelude.Maybe StatefulEngineOptions,+    -- | References to the stateful rule groups that are used in the policy.+    -- These define the inspection criteria in stateful rules.+    statefulRuleGroupReferences :: Prelude.Maybe [StatefulRuleGroupReference],+    -- | The custom action definitions that are available for use in the firewall+    -- policy\'s @StatelessDefaultActions@ setting. You name each custom action+    -- that you define, and then you can use it by name in your default actions+    -- specifications.+    statelessCustomActions :: Prelude.Maybe [CustomAction],+    -- | References to the stateless rule groups that are used in the policy.+    -- These define the matching criteria in stateless rules.+    statelessRuleGroupReferences :: Prelude.Maybe [StatelessRuleGroupReference],+    -- | The actions to take on a packet if it doesn\'t match any of the+    -- stateless rules in the policy. If you want non-matching packets to be+    -- forwarded for stateful inspection, specify @aws:forward_to_sfe@.+    --+    -- You must specify one of the standard actions: @aws:pass@, @aws:drop@, or+    -- @aws:forward_to_sfe@. In addition, you can specify custom actions that+    -- are compatible with your standard section choice.+    --+    -- For example, you could specify @[\"aws:pass\"]@ or you could specify+    -- @[\"aws:pass\", “customActionName”]@. For information about+    -- compatibility, see the custom action descriptions under CustomAction.+    statelessDefaultActions :: [Prelude.Text],+    -- | The actions to take on a fragmented UDP packet if it doesn\'t match any+    -- of the stateless rules in the policy. Network Firewall only manages UDP+    -- packet fragments and silently drops packet fragments for other+    -- protocols. If you want non-matching fragmented UDP packets to be+    -- forwarded for stateful inspection, specify @aws:forward_to_sfe@.+    --+    -- You must specify one of the standard actions: @aws:pass@, @aws:drop@, or+    -- @aws:forward_to_sfe@. In addition, you can specify custom actions that+    -- are compatible with your standard section choice.+    --+    -- For example, you could specify @[\"aws:pass\"]@ or you could specify+    -- @[\"aws:pass\", “customActionName”]@. For information about+    -- compatibility, see the custom action descriptions under CustomAction.+    statelessFragmentDefaultActions :: [Prelude.Text]+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'FirewallPolicy' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'statefulDefaultActions', 'firewallPolicy_statefulDefaultActions' - The default actions to take on a packet that doesn\'t match any stateful+-- rules. The stateful default action is optional, and is only valid when+-- using the strict rule order.+--+-- Valid values of the stateful default action:+--+-- -   aws:drop_strict+--+-- -   aws:drop_established+--+-- -   aws:alert_strict+--+-- -   aws:alert_established+--+-- For more information, see+-- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-strict-rule-evaluation-order.html Strict evaluation order>+-- in the /Network Firewall Developer Guide/.+--+-- 'statefulEngineOptions', 'firewallPolicy_statefulEngineOptions' - Additional options governing how Network Firewall handles stateful+-- rules. The stateful rule groups that you use in your policy must have+-- stateful rule options settings that are compatible with these settings.+--+-- 'statefulRuleGroupReferences', 'firewallPolicy_statefulRuleGroupReferences' - References to the stateful rule groups that are used in the policy.+-- These define the inspection criteria in stateful rules.+--+-- 'statelessCustomActions', 'firewallPolicy_statelessCustomActions' - The custom action definitions that are available for use in the firewall+-- policy\'s @StatelessDefaultActions@ setting. You name each custom action+-- that you define, and then you can use it by name in your default actions+-- specifications.+--+-- 'statelessRuleGroupReferences', 'firewallPolicy_statelessRuleGroupReferences' - References to the stateless rule groups that are used in the policy.+-- These define the matching criteria in stateless rules.+--+-- 'statelessDefaultActions', 'firewallPolicy_statelessDefaultActions' - The actions to take on a packet if it doesn\'t match any of the+-- stateless rules in the policy. If you want non-matching packets to be+-- forwarded for stateful inspection, specify @aws:forward_to_sfe@.+--+-- You must specify one of the standard actions: @aws:pass@, @aws:drop@, or+-- @aws:forward_to_sfe@. In addition, you can specify custom actions that+-- are compatible with your standard section choice.+--+-- For example, you could specify @[\"aws:pass\"]@ or you could specify+-- @[\"aws:pass\", “customActionName”]@. For information about+-- compatibility, see the custom action descriptions under CustomAction.+--+-- 'statelessFragmentDefaultActions', 'firewallPolicy_statelessFragmentDefaultActions' - The actions to take on a fragmented UDP packet if it doesn\'t match any+-- of the stateless rules in the policy. Network Firewall only manages UDP+-- packet fragments and silently drops packet fragments for other+-- protocols. If you want non-matching fragmented UDP packets to be+-- forwarded for stateful inspection, specify @aws:forward_to_sfe@.+--+-- You must specify one of the standard actions: @aws:pass@, @aws:drop@, or+-- @aws:forward_to_sfe@. In addition, you can specify custom actions that+-- are compatible with your standard section choice.+--+-- For example, you could specify @[\"aws:pass\"]@ or you could specify+-- @[\"aws:pass\", “customActionName”]@. For information about+-- compatibility, see the custom action descriptions under CustomAction.+newFirewallPolicy ::+  FirewallPolicy+newFirewallPolicy =+  FirewallPolicy'+    { statefulDefaultActions =+        Prelude.Nothing,+      statefulEngineOptions = Prelude.Nothing,+      statefulRuleGroupReferences = Prelude.Nothing,+      statelessCustomActions = Prelude.Nothing,+      statelessRuleGroupReferences = Prelude.Nothing,+      statelessDefaultActions = Prelude.mempty,+      statelessFragmentDefaultActions = Prelude.mempty+    }++-- | The default actions to take on a packet that doesn\'t match any stateful+-- rules. The stateful default action is optional, and is only valid when+-- using the strict rule order.+--+-- Valid values of the stateful default action:+--+-- -   aws:drop_strict+--+-- -   aws:drop_established+--+-- -   aws:alert_strict+--+-- -   aws:alert_established+--+-- For more information, see+-- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-strict-rule-evaluation-order.html Strict evaluation order>+-- in the /Network Firewall Developer Guide/.+firewallPolicy_statefulDefaultActions :: Lens.Lens' FirewallPolicy (Prelude.Maybe [Prelude.Text])+firewallPolicy_statefulDefaultActions = Lens.lens (\FirewallPolicy' {statefulDefaultActions} -> statefulDefaultActions) (\s@FirewallPolicy' {} a -> s {statefulDefaultActions = a} :: FirewallPolicy) Prelude.. Lens.mapping Lens.coerced++-- | Additional options governing how Network Firewall handles stateful+-- rules. The stateful rule groups that you use in your policy must have+-- stateful rule options settings that are compatible with these settings.+firewallPolicy_statefulEngineOptions :: Lens.Lens' FirewallPolicy (Prelude.Maybe StatefulEngineOptions)+firewallPolicy_statefulEngineOptions = Lens.lens (\FirewallPolicy' {statefulEngineOptions} -> statefulEngineOptions) (\s@FirewallPolicy' {} a -> s {statefulEngineOptions = a} :: FirewallPolicy)++-- | References to the stateful rule groups that are used in the policy.+-- These define the inspection criteria in stateful rules.+firewallPolicy_statefulRuleGroupReferences :: Lens.Lens' FirewallPolicy (Prelude.Maybe [StatefulRuleGroupReference])+firewallPolicy_statefulRuleGroupReferences = Lens.lens (\FirewallPolicy' {statefulRuleGroupReferences} -> statefulRuleGroupReferences) (\s@FirewallPolicy' {} a -> s {statefulRuleGroupReferences = a} :: FirewallPolicy) Prelude.. Lens.mapping Lens.coerced++-- | The custom action definitions that are available for use in the firewall+-- policy\'s @StatelessDefaultActions@ setting. You name each custom action+-- that you define, and then you can use it by name in your default actions+-- specifications.+firewallPolicy_statelessCustomActions :: Lens.Lens' FirewallPolicy (Prelude.Maybe [CustomAction])+firewallPolicy_statelessCustomActions = Lens.lens (\FirewallPolicy' {statelessCustomActions} -> statelessCustomActions) (\s@FirewallPolicy' {} a -> s {statelessCustomActions = a} :: FirewallPolicy) Prelude.. Lens.mapping Lens.coerced++-- | References to the stateless rule groups that are used in the policy.+-- These define the matching criteria in stateless rules.+firewallPolicy_statelessRuleGroupReferences :: Lens.Lens' FirewallPolicy (Prelude.Maybe [StatelessRuleGroupReference])+firewallPolicy_statelessRuleGroupReferences = Lens.lens (\FirewallPolicy' {statelessRuleGroupReferences} -> statelessRuleGroupReferences) (\s@FirewallPolicy' {} a -> s {statelessRuleGroupReferences = a} :: FirewallPolicy) Prelude.. Lens.mapping Lens.coerced++-- | The actions to take on a packet if it doesn\'t match any of the+-- stateless rules in the policy. If you want non-matching packets to be+-- forwarded for stateful inspection, specify @aws:forward_to_sfe@.+--+-- You must specify one of the standard actions: @aws:pass@, @aws:drop@, or+-- @aws:forward_to_sfe@. In addition, you can specify custom actions that+-- are compatible with your standard section choice.+--+-- For example, you could specify @[\"aws:pass\"]@ or you could specify+-- @[\"aws:pass\", “customActionName”]@. For information about+-- compatibility, see the custom action descriptions under CustomAction.+firewallPolicy_statelessDefaultActions :: Lens.Lens' FirewallPolicy [Prelude.Text]+firewallPolicy_statelessDefaultActions = Lens.lens (\FirewallPolicy' {statelessDefaultActions} -> statelessDefaultActions) (\s@FirewallPolicy' {} a -> s {statelessDefaultActions = a} :: FirewallPolicy) Prelude.. Lens.coerced++-- | The actions to take on a fragmented UDP packet if it doesn\'t match any+-- of the stateless rules in the policy. Network Firewall only manages UDP+-- packet fragments and silently drops packet fragments for other+-- protocols. If you want non-matching fragmented UDP packets to be+-- forwarded for stateful inspection, specify @aws:forward_to_sfe@.+--+-- You must specify one of the standard actions: @aws:pass@, @aws:drop@, or+-- @aws:forward_to_sfe@. In addition, you can specify custom actions that+-- are compatible with your standard section choice.+--+-- For example, you could specify @[\"aws:pass\"]@ or you could specify+-- @[\"aws:pass\", “customActionName”]@. For information about+-- compatibility, see the custom action descriptions under CustomAction.+firewallPolicy_statelessFragmentDefaultActions :: Lens.Lens' FirewallPolicy [Prelude.Text]+firewallPolicy_statelessFragmentDefaultActions = Lens.lens (\FirewallPolicy' {statelessFragmentDefaultActions} -> statelessFragmentDefaultActions) (\s@FirewallPolicy' {} a -> s {statelessFragmentDefaultActions = a} :: FirewallPolicy) Prelude.. Lens.coerced++instance Data.FromJSON FirewallPolicy where+  parseJSON =+    Data.withObject+      "FirewallPolicy"+      ( \x ->+          FirewallPolicy'+            Prelude.<$> ( x+                            Data..:? "StatefulDefaultActions"+                            Data..!= Prelude.mempty+                        )+            Prelude.<*> (x Data..:? "StatefulEngineOptions")+            Prelude.<*> ( x+                            Data..:? "StatefulRuleGroupReferences"+                            Data..!= Prelude.mempty+                        )+            Prelude.<*> ( x+                            Data..:? "StatelessCustomActions"+                            Data..!= Prelude.mempty+                        )+            Prelude.<*> ( x+                            Data..:? "StatelessRuleGroupReferences"+                            Data..!= Prelude.mempty+                        )+            Prelude.<*> ( x+                            Data..:? "StatelessDefaultActions"+                            Data..!= Prelude.mempty+                        )+            Prelude.<*> ( x+                            Data..:? "StatelessFragmentDefaultActions"+                            Data..!= Prelude.mempty+                        )+      )++instance Prelude.Hashable FirewallPolicy where+  hashWithSalt _salt FirewallPolicy' {..} =+    _salt+      `Prelude.hashWithSalt` statefulDefaultActions+      `Prelude.hashWithSalt` statefulEngineOptions+      `Prelude.hashWithSalt` statefulRuleGroupReferences+      `Prelude.hashWithSalt` statelessCustomActions+      `Prelude.hashWithSalt` statelessRuleGroupReferences+      `Prelude.hashWithSalt` statelessDefaultActions+      `Prelude.hashWithSalt` statelessFragmentDefaultActions++instance Prelude.NFData FirewallPolicy where+  rnf FirewallPolicy' {..} =+    Prelude.rnf statefulDefaultActions+      `Prelude.seq` Prelude.rnf statefulEngineOptions+      `Prelude.seq` Prelude.rnf statefulRuleGroupReferences+      `Prelude.seq` Prelude.rnf statelessCustomActions+      `Prelude.seq` Prelude.rnf statelessRuleGroupReferences+      `Prelude.seq` Prelude.rnf statelessDefaultActions+      `Prelude.seq` Prelude.rnf statelessFragmentDefaultActions++instance Data.ToJSON FirewallPolicy where+  toJSON FirewallPolicy' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("StatefulDefaultActions" Data..=)+              Prelude.<$> statefulDefaultActions,+            ("StatefulEngineOptions" Data..=)+              Prelude.<$> statefulEngineOptions,+            ("StatefulRuleGroupReferences" Data..=)+              Prelude.<$> statefulRuleGroupReferences,+            ("StatelessCustomActions" Data..=)+              Prelude.<$> statelessCustomActions,+            ("StatelessRuleGroupReferences" Data..=)+              Prelude.<$> statelessRuleGroupReferences,+            Prelude.Just+              ( "StatelessDefaultActions"+                  Data..= statelessDefaultActions+              ),+            Prelude.Just+              ( "StatelessFragmentDefaultActions"+                  Data..= statelessFragmentDefaultActions+              )+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/FirewallPolicyMetadata.hs view
@@ -0,0 +1,89 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.FirewallPolicyMetadata+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.FirewallPolicyMetadata where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | High-level information about a firewall policy, returned by operations+-- like create and describe. You can use the information provided in the+-- metadata to retrieve and manage a firewall policy. You can retrieve all+-- objects for a firewall policy by calling DescribeFirewallPolicy.+--+-- /See:/ 'newFirewallPolicyMetadata' smart constructor.+data FirewallPolicyMetadata = FirewallPolicyMetadata'+  { -- | The Amazon Resource Name (ARN) of the firewall policy.+    arn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall policy. You can\'t change the name+    -- of a firewall policy after you create it.+    name :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'FirewallPolicyMetadata' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'arn', 'firewallPolicyMetadata_arn' - The Amazon Resource Name (ARN) of the firewall policy.+--+-- 'name', 'firewallPolicyMetadata_name' - The descriptive name of the firewall policy. You can\'t change the name+-- of a firewall policy after you create it.+newFirewallPolicyMetadata ::+  FirewallPolicyMetadata+newFirewallPolicyMetadata =+  FirewallPolicyMetadata'+    { arn = Prelude.Nothing,+      name = Prelude.Nothing+    }++-- | The Amazon Resource Name (ARN) of the firewall policy.+firewallPolicyMetadata_arn :: Lens.Lens' FirewallPolicyMetadata (Prelude.Maybe Prelude.Text)+firewallPolicyMetadata_arn = Lens.lens (\FirewallPolicyMetadata' {arn} -> arn) (\s@FirewallPolicyMetadata' {} a -> s {arn = a} :: FirewallPolicyMetadata)++-- | The descriptive name of the firewall policy. You can\'t change the name+-- of a firewall policy after you create it.+firewallPolicyMetadata_name :: Lens.Lens' FirewallPolicyMetadata (Prelude.Maybe Prelude.Text)+firewallPolicyMetadata_name = Lens.lens (\FirewallPolicyMetadata' {name} -> name) (\s@FirewallPolicyMetadata' {} a -> s {name = a} :: FirewallPolicyMetadata)++instance Data.FromJSON FirewallPolicyMetadata where+  parseJSON =+    Data.withObject+      "FirewallPolicyMetadata"+      ( \x ->+          FirewallPolicyMetadata'+            Prelude.<$> (x Data..:? "Arn")+            Prelude.<*> (x Data..:? "Name")+      )++instance Prelude.Hashable FirewallPolicyMetadata where+  hashWithSalt _salt FirewallPolicyMetadata' {..} =+    _salt+      `Prelude.hashWithSalt` arn+      `Prelude.hashWithSalt` name++instance Prelude.NFData FirewallPolicyMetadata where+  rnf FirewallPolicyMetadata' {..} =+    Prelude.rnf arn `Prelude.seq` Prelude.rnf name
+ gen/Amazonka/NetworkFirewall/Types/FirewallPolicyResponse.hs view
@@ -0,0 +1,237 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.FirewallPolicyResponse+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.FirewallPolicyResponse where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.EncryptionConfiguration+import Amazonka.NetworkFirewall.Types.ResourceStatus+import Amazonka.NetworkFirewall.Types.Tag+import qualified Amazonka.Prelude as Prelude++-- | The high-level properties of a firewall policy. This, along with the+-- FirewallPolicy, define the policy. You can retrieve all objects for a+-- firewall policy by calling DescribeFirewallPolicy.+--+-- /See:/ 'newFirewallPolicyResponse' smart constructor.+data FirewallPolicyResponse = FirewallPolicyResponse'+  { -- | The number of capacity units currently consumed by the policy\'s+    -- stateful rules.+    consumedStatefulRuleCapacity :: Prelude.Maybe Prelude.Int,+    -- | The number of capacity units currently consumed by the policy\'s+    -- stateless rules.+    consumedStatelessRuleCapacity :: Prelude.Maybe Prelude.Int,+    -- | A description of the firewall policy.+    description :: Prelude.Maybe Prelude.Text,+    -- | A complex type that contains the Amazon Web Services KMS encryption+    -- configuration settings for your firewall policy.+    encryptionConfiguration :: Prelude.Maybe EncryptionConfiguration,+    -- | The current status of the firewall policy. You can retrieve this for a+    -- firewall policy by calling DescribeFirewallPolicy and providing the+    -- firewall policy\'s name or ARN.+    firewallPolicyStatus :: Prelude.Maybe ResourceStatus,+    -- | The last time that the firewall policy was changed.+    lastModifiedTime :: Prelude.Maybe Data.POSIX,+    -- | The number of firewalls that are associated with this firewall policy.+    numberOfAssociations :: Prelude.Maybe Prelude.Int,+    -- | The key:value pairs to associate with the resource.+    tags :: Prelude.Maybe (Prelude.NonEmpty Tag),+    -- | The descriptive name of the firewall policy. You can\'t change the name+    -- of a firewall policy after you create it.+    firewallPolicyName :: Prelude.Text,+    -- | The Amazon Resource Name (ARN) of the firewall policy.+    --+    -- If this response is for a create request that had @DryRun@ set to+    -- @TRUE@, then this ARN is a placeholder that isn\'t attached to a valid+    -- resource.+    firewallPolicyArn :: Prelude.Text,+    -- | The unique identifier for the firewall policy.+    firewallPolicyId :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'FirewallPolicyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'consumedStatefulRuleCapacity', 'firewallPolicyResponse_consumedStatefulRuleCapacity' - The number of capacity units currently consumed by the policy\'s+-- stateful rules.+--+-- 'consumedStatelessRuleCapacity', 'firewallPolicyResponse_consumedStatelessRuleCapacity' - The number of capacity units currently consumed by the policy\'s+-- stateless rules.+--+-- 'description', 'firewallPolicyResponse_description' - A description of the firewall policy.+--+-- 'encryptionConfiguration', 'firewallPolicyResponse_encryptionConfiguration' - A complex type that contains the Amazon Web Services KMS encryption+-- configuration settings for your firewall policy.+--+-- 'firewallPolicyStatus', 'firewallPolicyResponse_firewallPolicyStatus' - The current status of the firewall policy. You can retrieve this for a+-- firewall policy by calling DescribeFirewallPolicy and providing the+-- firewall policy\'s name or ARN.+--+-- 'lastModifiedTime', 'firewallPolicyResponse_lastModifiedTime' - The last time that the firewall policy was changed.+--+-- 'numberOfAssociations', 'firewallPolicyResponse_numberOfAssociations' - The number of firewalls that are associated with this firewall policy.+--+-- 'tags', 'firewallPolicyResponse_tags' - The key:value pairs to associate with the resource.+--+-- 'firewallPolicyName', 'firewallPolicyResponse_firewallPolicyName' - The descriptive name of the firewall policy. You can\'t change the name+-- of a firewall policy after you create it.+--+-- 'firewallPolicyArn', 'firewallPolicyResponse_firewallPolicyArn' - The Amazon Resource Name (ARN) of the firewall policy.+--+-- If this response is for a create request that had @DryRun@ set to+-- @TRUE@, then this ARN is a placeholder that isn\'t attached to a valid+-- resource.+--+-- 'firewallPolicyId', 'firewallPolicyResponse_firewallPolicyId' - The unique identifier for the firewall policy.+newFirewallPolicyResponse ::+  -- | 'firewallPolicyName'+  Prelude.Text ->+  -- | 'firewallPolicyArn'+  Prelude.Text ->+  -- | 'firewallPolicyId'+  Prelude.Text ->+  FirewallPolicyResponse+newFirewallPolicyResponse+  pFirewallPolicyName_+  pFirewallPolicyArn_+  pFirewallPolicyId_ =+    FirewallPolicyResponse'+      { consumedStatefulRuleCapacity =+          Prelude.Nothing,+        consumedStatelessRuleCapacity = Prelude.Nothing,+        description = Prelude.Nothing,+        encryptionConfiguration = Prelude.Nothing,+        firewallPolicyStatus = Prelude.Nothing,+        lastModifiedTime = Prelude.Nothing,+        numberOfAssociations = Prelude.Nothing,+        tags = Prelude.Nothing,+        firewallPolicyName = pFirewallPolicyName_,+        firewallPolicyArn = pFirewallPolicyArn_,+        firewallPolicyId = pFirewallPolicyId_+      }++-- | The number of capacity units currently consumed by the policy\'s+-- stateful rules.+firewallPolicyResponse_consumedStatefulRuleCapacity :: Lens.Lens' FirewallPolicyResponse (Prelude.Maybe Prelude.Int)+firewallPolicyResponse_consumedStatefulRuleCapacity = Lens.lens (\FirewallPolicyResponse' {consumedStatefulRuleCapacity} -> consumedStatefulRuleCapacity) (\s@FirewallPolicyResponse' {} a -> s {consumedStatefulRuleCapacity = a} :: FirewallPolicyResponse)++-- | The number of capacity units currently consumed by the policy\'s+-- stateless rules.+firewallPolicyResponse_consumedStatelessRuleCapacity :: Lens.Lens' FirewallPolicyResponse (Prelude.Maybe Prelude.Int)+firewallPolicyResponse_consumedStatelessRuleCapacity = Lens.lens (\FirewallPolicyResponse' {consumedStatelessRuleCapacity} -> consumedStatelessRuleCapacity) (\s@FirewallPolicyResponse' {} a -> s {consumedStatelessRuleCapacity = a} :: FirewallPolicyResponse)++-- | A description of the firewall policy.+firewallPolicyResponse_description :: Lens.Lens' FirewallPolicyResponse (Prelude.Maybe Prelude.Text)+firewallPolicyResponse_description = Lens.lens (\FirewallPolicyResponse' {description} -> description) (\s@FirewallPolicyResponse' {} a -> s {description = a} :: FirewallPolicyResponse)++-- | A complex type that contains the Amazon Web Services KMS encryption+-- configuration settings for your firewall policy.+firewallPolicyResponse_encryptionConfiguration :: Lens.Lens' FirewallPolicyResponse (Prelude.Maybe EncryptionConfiguration)+firewallPolicyResponse_encryptionConfiguration = Lens.lens (\FirewallPolicyResponse' {encryptionConfiguration} -> encryptionConfiguration) (\s@FirewallPolicyResponse' {} a -> s {encryptionConfiguration = a} :: FirewallPolicyResponse)++-- | The current status of the firewall policy. You can retrieve this for a+-- firewall policy by calling DescribeFirewallPolicy and providing the+-- firewall policy\'s name or ARN.+firewallPolicyResponse_firewallPolicyStatus :: Lens.Lens' FirewallPolicyResponse (Prelude.Maybe ResourceStatus)+firewallPolicyResponse_firewallPolicyStatus = Lens.lens (\FirewallPolicyResponse' {firewallPolicyStatus} -> firewallPolicyStatus) (\s@FirewallPolicyResponse' {} a -> s {firewallPolicyStatus = a} :: FirewallPolicyResponse)++-- | The last time that the firewall policy was changed.+firewallPolicyResponse_lastModifiedTime :: Lens.Lens' FirewallPolicyResponse (Prelude.Maybe Prelude.UTCTime)+firewallPolicyResponse_lastModifiedTime = Lens.lens (\FirewallPolicyResponse' {lastModifiedTime} -> lastModifiedTime) (\s@FirewallPolicyResponse' {} a -> s {lastModifiedTime = a} :: FirewallPolicyResponse) Prelude.. Lens.mapping Data._Time++-- | The number of firewalls that are associated with this firewall policy.+firewallPolicyResponse_numberOfAssociations :: Lens.Lens' FirewallPolicyResponse (Prelude.Maybe Prelude.Int)+firewallPolicyResponse_numberOfAssociations = Lens.lens (\FirewallPolicyResponse' {numberOfAssociations} -> numberOfAssociations) (\s@FirewallPolicyResponse' {} a -> s {numberOfAssociations = a} :: FirewallPolicyResponse)++-- | The key:value pairs to associate with the resource.+firewallPolicyResponse_tags :: Lens.Lens' FirewallPolicyResponse (Prelude.Maybe (Prelude.NonEmpty Tag))+firewallPolicyResponse_tags = Lens.lens (\FirewallPolicyResponse' {tags} -> tags) (\s@FirewallPolicyResponse' {} a -> s {tags = a} :: FirewallPolicyResponse) Prelude.. Lens.mapping Lens.coerced++-- | The descriptive name of the firewall policy. You can\'t change the name+-- of a firewall policy after you create it.+firewallPolicyResponse_firewallPolicyName :: Lens.Lens' FirewallPolicyResponse Prelude.Text+firewallPolicyResponse_firewallPolicyName = Lens.lens (\FirewallPolicyResponse' {firewallPolicyName} -> firewallPolicyName) (\s@FirewallPolicyResponse' {} a -> s {firewallPolicyName = a} :: FirewallPolicyResponse)++-- | The Amazon Resource Name (ARN) of the firewall policy.+--+-- If this response is for a create request that had @DryRun@ set to+-- @TRUE@, then this ARN is a placeholder that isn\'t attached to a valid+-- resource.+firewallPolicyResponse_firewallPolicyArn :: Lens.Lens' FirewallPolicyResponse Prelude.Text+firewallPolicyResponse_firewallPolicyArn = Lens.lens (\FirewallPolicyResponse' {firewallPolicyArn} -> firewallPolicyArn) (\s@FirewallPolicyResponse' {} a -> s {firewallPolicyArn = a} :: FirewallPolicyResponse)++-- | The unique identifier for the firewall policy.+firewallPolicyResponse_firewallPolicyId :: Lens.Lens' FirewallPolicyResponse Prelude.Text+firewallPolicyResponse_firewallPolicyId = Lens.lens (\FirewallPolicyResponse' {firewallPolicyId} -> firewallPolicyId) (\s@FirewallPolicyResponse' {} a -> s {firewallPolicyId = a} :: FirewallPolicyResponse)++instance Data.FromJSON FirewallPolicyResponse where+  parseJSON =+    Data.withObject+      "FirewallPolicyResponse"+      ( \x ->+          FirewallPolicyResponse'+            Prelude.<$> (x Data..:? "ConsumedStatefulRuleCapacity")+            Prelude.<*> (x Data..:? "ConsumedStatelessRuleCapacity")+            Prelude.<*> (x Data..:? "Description")+            Prelude.<*> (x Data..:? "EncryptionConfiguration")+            Prelude.<*> (x Data..:? "FirewallPolicyStatus")+            Prelude.<*> (x Data..:? "LastModifiedTime")+            Prelude.<*> (x Data..:? "NumberOfAssociations")+            Prelude.<*> (x Data..:? "Tags")+            Prelude.<*> (x Data..: "FirewallPolicyName")+            Prelude.<*> (x Data..: "FirewallPolicyArn")+            Prelude.<*> (x Data..: "FirewallPolicyId")+      )++instance Prelude.Hashable FirewallPolicyResponse where+  hashWithSalt _salt FirewallPolicyResponse' {..} =+    _salt+      `Prelude.hashWithSalt` consumedStatefulRuleCapacity+      `Prelude.hashWithSalt` consumedStatelessRuleCapacity+      `Prelude.hashWithSalt` description+      `Prelude.hashWithSalt` encryptionConfiguration+      `Prelude.hashWithSalt` firewallPolicyStatus+      `Prelude.hashWithSalt` lastModifiedTime+      `Prelude.hashWithSalt` numberOfAssociations+      `Prelude.hashWithSalt` tags+      `Prelude.hashWithSalt` firewallPolicyName+      `Prelude.hashWithSalt` firewallPolicyArn+      `Prelude.hashWithSalt` firewallPolicyId++instance Prelude.NFData FirewallPolicyResponse where+  rnf FirewallPolicyResponse' {..} =+    Prelude.rnf consumedStatefulRuleCapacity+      `Prelude.seq` Prelude.rnf consumedStatelessRuleCapacity+      `Prelude.seq` Prelude.rnf description+      `Prelude.seq` Prelude.rnf encryptionConfiguration+      `Prelude.seq` Prelude.rnf firewallPolicyStatus+      `Prelude.seq` Prelude.rnf lastModifiedTime+      `Prelude.seq` Prelude.rnf numberOfAssociations+      `Prelude.seq` Prelude.rnf tags+      `Prelude.seq` Prelude.rnf firewallPolicyName+      `Prelude.seq` Prelude.rnf firewallPolicyArn+      `Prelude.seq` Prelude.rnf firewallPolicyId
+ gen/Amazonka/NetworkFirewall/Types/FirewallStatus.hs view
@@ -0,0 +1,191 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.FirewallStatus+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.FirewallStatus where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.CapacityUsageSummary+import Amazonka.NetworkFirewall.Types.ConfigurationSyncState+import Amazonka.NetworkFirewall.Types.FirewallStatusValue+import Amazonka.NetworkFirewall.Types.SyncState+import qualified Amazonka.Prelude as Prelude++-- | Detailed information about the current status of a Firewall. You can+-- retrieve this for a firewall by calling DescribeFirewall and providing+-- the firewall name and ARN.+--+-- /See:/ 'newFirewallStatus' smart constructor.+data FirewallStatus = FirewallStatus'+  { -- | Describes the capacity usage of the resources contained in a firewall\'s+    -- reference sets. Network Firewall calclulates the capacity usage by+    -- taking an aggregated count of all of the resources used by all of the+    -- reference sets in a firewall.+    capacityUsageSummary :: Prelude.Maybe CapacityUsageSummary,+    -- | The subnets that you\'ve configured for use by the Network Firewall+    -- firewall. This contains one array element per Availability Zone where+    -- you\'ve configured a subnet. These objects provide details of the+    -- information that is summarized in the @ConfigurationSyncStateSummary@+    -- and @Status@, broken down by zone and configuration object.+    syncStates :: Prelude.Maybe (Prelude.HashMap Prelude.Text SyncState),+    -- | The readiness of the configured firewall to handle network traffic+    -- across all of the Availability Zones where you\'ve configured it. This+    -- setting is @READY@ only when the @ConfigurationSyncStateSummary@ value+    -- is @IN_SYNC@ and the @Attachment@ @Status@ values for all of the+    -- configured subnets are @READY@.+    status :: FirewallStatusValue,+    -- | The configuration sync state for the firewall. This summarizes the sync+    -- states reported in the @Config@ settings for all of the Availability+    -- Zones where you have configured the firewall.+    --+    -- When you create a firewall or update its configuration, for example by+    -- adding a rule group to its firewall policy, Network Firewall distributes+    -- the configuration changes to all zones where the firewall is in use.+    -- This summary indicates whether the configuration changes have been+    -- applied everywhere.+    --+    -- This status must be @IN_SYNC@ for the firewall to be ready for use, but+    -- it doesn\'t indicate that the firewall is ready. The @Status@ setting+    -- indicates firewall readiness.+    configurationSyncStateSummary :: ConfigurationSyncState+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'FirewallStatus' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'capacityUsageSummary', 'firewallStatus_capacityUsageSummary' - Describes the capacity usage of the resources contained in a firewall\'s+-- reference sets. Network Firewall calclulates the capacity usage by+-- taking an aggregated count of all of the resources used by all of the+-- reference sets in a firewall.+--+-- 'syncStates', 'firewallStatus_syncStates' - The subnets that you\'ve configured for use by the Network Firewall+-- firewall. This contains one array element per Availability Zone where+-- you\'ve configured a subnet. These objects provide details of the+-- information that is summarized in the @ConfigurationSyncStateSummary@+-- and @Status@, broken down by zone and configuration object.+--+-- 'status', 'firewallStatus_status' - The readiness of the configured firewall to handle network traffic+-- across all of the Availability Zones where you\'ve configured it. This+-- setting is @READY@ only when the @ConfigurationSyncStateSummary@ value+-- is @IN_SYNC@ and the @Attachment@ @Status@ values for all of the+-- configured subnets are @READY@.+--+-- 'configurationSyncStateSummary', 'firewallStatus_configurationSyncStateSummary' - The configuration sync state for the firewall. This summarizes the sync+-- states reported in the @Config@ settings for all of the Availability+-- Zones where you have configured the firewall.+--+-- When you create a firewall or update its configuration, for example by+-- adding a rule group to its firewall policy, Network Firewall distributes+-- the configuration changes to all zones where the firewall is in use.+-- This summary indicates whether the configuration changes have been+-- applied everywhere.+--+-- This status must be @IN_SYNC@ for the firewall to be ready for use, but+-- it doesn\'t indicate that the firewall is ready. The @Status@ setting+-- indicates firewall readiness.+newFirewallStatus ::+  -- | 'status'+  FirewallStatusValue ->+  -- | 'configurationSyncStateSummary'+  ConfigurationSyncState ->+  FirewallStatus+newFirewallStatus+  pStatus_+  pConfigurationSyncStateSummary_ =+    FirewallStatus'+      { capacityUsageSummary =+          Prelude.Nothing,+        syncStates = Prelude.Nothing,+        status = pStatus_,+        configurationSyncStateSummary =+          pConfigurationSyncStateSummary_+      }++-- | Describes the capacity usage of the resources contained in a firewall\'s+-- reference sets. Network Firewall calclulates the capacity usage by+-- taking an aggregated count of all of the resources used by all of the+-- reference sets in a firewall.+firewallStatus_capacityUsageSummary :: Lens.Lens' FirewallStatus (Prelude.Maybe CapacityUsageSummary)+firewallStatus_capacityUsageSummary = Lens.lens (\FirewallStatus' {capacityUsageSummary} -> capacityUsageSummary) (\s@FirewallStatus' {} a -> s {capacityUsageSummary = a} :: FirewallStatus)++-- | The subnets that you\'ve configured for use by the Network Firewall+-- firewall. This contains one array element per Availability Zone where+-- you\'ve configured a subnet. These objects provide details of the+-- information that is summarized in the @ConfigurationSyncStateSummary@+-- and @Status@, broken down by zone and configuration object.+firewallStatus_syncStates :: Lens.Lens' FirewallStatus (Prelude.Maybe (Prelude.HashMap Prelude.Text SyncState))+firewallStatus_syncStates = Lens.lens (\FirewallStatus' {syncStates} -> syncStates) (\s@FirewallStatus' {} a -> s {syncStates = a} :: FirewallStatus) Prelude.. Lens.mapping Lens.coerced++-- | The readiness of the configured firewall to handle network traffic+-- across all of the Availability Zones where you\'ve configured it. This+-- setting is @READY@ only when the @ConfigurationSyncStateSummary@ value+-- is @IN_SYNC@ and the @Attachment@ @Status@ values for all of the+-- configured subnets are @READY@.+firewallStatus_status :: Lens.Lens' FirewallStatus FirewallStatusValue+firewallStatus_status = Lens.lens (\FirewallStatus' {status} -> status) (\s@FirewallStatus' {} a -> s {status = a} :: FirewallStatus)++-- | The configuration sync state for the firewall. This summarizes the sync+-- states reported in the @Config@ settings for all of the Availability+-- Zones where you have configured the firewall.+--+-- When you create a firewall or update its configuration, for example by+-- adding a rule group to its firewall policy, Network Firewall distributes+-- the configuration changes to all zones where the firewall is in use.+-- This summary indicates whether the configuration changes have been+-- applied everywhere.+--+-- This status must be @IN_SYNC@ for the firewall to be ready for use, but+-- it doesn\'t indicate that the firewall is ready. The @Status@ setting+-- indicates firewall readiness.+firewallStatus_configurationSyncStateSummary :: Lens.Lens' FirewallStatus ConfigurationSyncState+firewallStatus_configurationSyncStateSummary = Lens.lens (\FirewallStatus' {configurationSyncStateSummary} -> configurationSyncStateSummary) (\s@FirewallStatus' {} a -> s {configurationSyncStateSummary = a} :: FirewallStatus)++instance Data.FromJSON FirewallStatus where+  parseJSON =+    Data.withObject+      "FirewallStatus"+      ( \x ->+          FirewallStatus'+            Prelude.<$> (x Data..:? "CapacityUsageSummary")+            Prelude.<*> (x Data..:? "SyncStates" Data..!= Prelude.mempty)+            Prelude.<*> (x Data..: "Status")+            Prelude.<*> (x Data..: "ConfigurationSyncStateSummary")+      )++instance Prelude.Hashable FirewallStatus where+  hashWithSalt _salt FirewallStatus' {..} =+    _salt+      `Prelude.hashWithSalt` capacityUsageSummary+      `Prelude.hashWithSalt` syncStates+      `Prelude.hashWithSalt` status+      `Prelude.hashWithSalt` configurationSyncStateSummary++instance Prelude.NFData FirewallStatus where+  rnf FirewallStatus' {..} =+    Prelude.rnf capacityUsageSummary+      `Prelude.seq` Prelude.rnf syncStates+      `Prelude.seq` Prelude.rnf status+      `Prelude.seq` Prelude.rnf configurationSyncStateSummary
+ gen/Amazonka/NetworkFirewall/Types/FirewallStatusValue.hs view
@@ -0,0 +1,76 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.FirewallStatusValue+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.FirewallStatusValue+  ( FirewallStatusValue+      ( ..,+        FirewallStatusValue_DELETING,+        FirewallStatusValue_PROVISIONING,+        FirewallStatusValue_READY+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype FirewallStatusValue = FirewallStatusValue'+  { fromFirewallStatusValue ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern FirewallStatusValue_DELETING :: FirewallStatusValue+pattern FirewallStatusValue_DELETING = FirewallStatusValue' "DELETING"++pattern FirewallStatusValue_PROVISIONING :: FirewallStatusValue+pattern FirewallStatusValue_PROVISIONING = FirewallStatusValue' "PROVISIONING"++pattern FirewallStatusValue_READY :: FirewallStatusValue+pattern FirewallStatusValue_READY = FirewallStatusValue' "READY"++{-# COMPLETE+  FirewallStatusValue_DELETING,+  FirewallStatusValue_PROVISIONING,+  FirewallStatusValue_READY,+  FirewallStatusValue'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/GeneratedRulesType.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.GeneratedRulesType+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.GeneratedRulesType+  ( GeneratedRulesType+      ( ..,+        GeneratedRulesType_ALLOWLIST,+        GeneratedRulesType_DENYLIST+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype GeneratedRulesType = GeneratedRulesType'+  { fromGeneratedRulesType ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern GeneratedRulesType_ALLOWLIST :: GeneratedRulesType+pattern GeneratedRulesType_ALLOWLIST = GeneratedRulesType' "ALLOWLIST"++pattern GeneratedRulesType_DENYLIST :: GeneratedRulesType+pattern GeneratedRulesType_DENYLIST = GeneratedRulesType' "DENYLIST"++{-# COMPLETE+  GeneratedRulesType_ALLOWLIST,+  GeneratedRulesType_DENYLIST,+  GeneratedRulesType'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/Header.hs view
@@ -0,0 +1,291 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.Header+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.Header where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.StatefulRuleDirection+import Amazonka.NetworkFirewall.Types.StatefulRuleProtocol+import qualified Amazonka.Prelude as Prelude++-- | The basic rule criteria for Network Firewall to use to inspect packet+-- headers in stateful traffic flow inspection. Traffic flows that match+-- the criteria are a match for the corresponding StatefulRule.+--+-- /See:/ 'newHeader' smart constructor.+data Header = Header'+  { -- | The protocol to inspect for. To specify all, you can use @IP@, because+    -- all traffic on Amazon Web Services and on the internet is IP.+    protocol :: StatefulRuleProtocol,+    -- | The source IP address or address range to inspect for, in CIDR notation.+    -- To match with any address, specify @ANY@.+    --+    -- Specify an IP address or a block of IP addresses in Classless+    -- Inter-Domain Routing (CIDR) notation. Network Firewall supports all+    -- address ranges for IPv4.+    --+    -- Examples:+    --+    -- -   To configure Network Firewall to inspect for the IP address+    --     192.0.2.44, specify @192.0.2.44\/32@.+    --+    -- -   To configure Network Firewall to inspect for IP addresses from+    --     192.0.2.0 to 192.0.2.255, specify @192.0.2.0\/24@.+    --+    -- For more information about CIDR notation, see the Wikipedia entry+    -- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.+    source :: Prelude.Text,+    -- | The source port to inspect for. You can specify an individual port, for+    -- example @1994@ and you can specify a port range, for example+    -- @1990:1994@. To match with any port, specify @ANY@.+    sourcePort :: Prelude.Text,+    -- | The direction of traffic flow to inspect. If set to @ANY@, the+    -- inspection matches bidirectional traffic, both from the source to the+    -- destination and from the destination to the source. If set to @FORWARD@,+    -- the inspection only matches traffic going from the source to the+    -- destination.+    direction :: StatefulRuleDirection,+    -- | The destination IP address or address range to inspect for, in CIDR+    -- notation. To match with any address, specify @ANY@.+    --+    -- Specify an IP address or a block of IP addresses in Classless+    -- Inter-Domain Routing (CIDR) notation. Network Firewall supports all+    -- address ranges for IPv4.+    --+    -- Examples:+    --+    -- -   To configure Network Firewall to inspect for the IP address+    --     192.0.2.44, specify @192.0.2.44\/32@.+    --+    -- -   To configure Network Firewall to inspect for IP addresses from+    --     192.0.2.0 to 192.0.2.255, specify @192.0.2.0\/24@.+    --+    -- For more information about CIDR notation, see the Wikipedia entry+    -- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.+    destination :: Prelude.Text,+    -- | The destination port to inspect for. You can specify an individual port,+    -- for example @1994@ and you can specify a port range, for example+    -- @1990:1994@. To match with any port, specify @ANY@.+    destinationPort :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'Header' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'protocol', 'header_protocol' - The protocol to inspect for. To specify all, you can use @IP@, because+-- all traffic on Amazon Web Services and on the internet is IP.+--+-- 'source', 'header_source' - The source IP address or address range to inspect for, in CIDR notation.+-- To match with any address, specify @ANY@.+--+-- Specify an IP address or a block of IP addresses in Classless+-- Inter-Domain Routing (CIDR) notation. Network Firewall supports all+-- address ranges for IPv4.+--+-- Examples:+--+-- -   To configure Network Firewall to inspect for the IP address+--     192.0.2.44, specify @192.0.2.44\/32@.+--+-- -   To configure Network Firewall to inspect for IP addresses from+--     192.0.2.0 to 192.0.2.255, specify @192.0.2.0\/24@.+--+-- For more information about CIDR notation, see the Wikipedia entry+-- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.+--+-- 'sourcePort', 'header_sourcePort' - The source port to inspect for. You can specify an individual port, for+-- example @1994@ and you can specify a port range, for example+-- @1990:1994@. To match with any port, specify @ANY@.+--+-- 'direction', 'header_direction' - The direction of traffic flow to inspect. If set to @ANY@, the+-- inspection matches bidirectional traffic, both from the source to the+-- destination and from the destination to the source. If set to @FORWARD@,+-- the inspection only matches traffic going from the source to the+-- destination.+--+-- 'destination', 'header_destination' - The destination IP address or address range to inspect for, in CIDR+-- notation. To match with any address, specify @ANY@.+--+-- Specify an IP address or a block of IP addresses in Classless+-- Inter-Domain Routing (CIDR) notation. Network Firewall supports all+-- address ranges for IPv4.+--+-- Examples:+--+-- -   To configure Network Firewall to inspect for the IP address+--     192.0.2.44, specify @192.0.2.44\/32@.+--+-- -   To configure Network Firewall to inspect for IP addresses from+--     192.0.2.0 to 192.0.2.255, specify @192.0.2.0\/24@.+--+-- For more information about CIDR notation, see the Wikipedia entry+-- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.+--+-- 'destinationPort', 'header_destinationPort' - The destination port to inspect for. You can specify an individual port,+-- for example @1994@ and you can specify a port range, for example+-- @1990:1994@. To match with any port, specify @ANY@.+newHeader ::+  -- | 'protocol'+  StatefulRuleProtocol ->+  -- | 'source'+  Prelude.Text ->+  -- | 'sourcePort'+  Prelude.Text ->+  -- | 'direction'+  StatefulRuleDirection ->+  -- | 'destination'+  Prelude.Text ->+  -- | 'destinationPort'+  Prelude.Text ->+  Header+newHeader+  pProtocol_+  pSource_+  pSourcePort_+  pDirection_+  pDestination_+  pDestinationPort_ =+    Header'+      { protocol = pProtocol_,+        source = pSource_,+        sourcePort = pSourcePort_,+        direction = pDirection_,+        destination = pDestination_,+        destinationPort = pDestinationPort_+      }++-- | The protocol to inspect for. To specify all, you can use @IP@, because+-- all traffic on Amazon Web Services and on the internet is IP.+header_protocol :: Lens.Lens' Header StatefulRuleProtocol+header_protocol = Lens.lens (\Header' {protocol} -> protocol) (\s@Header' {} a -> s {protocol = a} :: Header)++-- | The source IP address or address range to inspect for, in CIDR notation.+-- To match with any address, specify @ANY@.+--+-- Specify an IP address or a block of IP addresses in Classless+-- Inter-Domain Routing (CIDR) notation. Network Firewall supports all+-- address ranges for IPv4.+--+-- Examples:+--+-- -   To configure Network Firewall to inspect for the IP address+--     192.0.2.44, specify @192.0.2.44\/32@.+--+-- -   To configure Network Firewall to inspect for IP addresses from+--     192.0.2.0 to 192.0.2.255, specify @192.0.2.0\/24@.+--+-- For more information about CIDR notation, see the Wikipedia entry+-- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.+header_source :: Lens.Lens' Header Prelude.Text+header_source = Lens.lens (\Header' {source} -> source) (\s@Header' {} a -> s {source = a} :: Header)++-- | The source port to inspect for. You can specify an individual port, for+-- example @1994@ and you can specify a port range, for example+-- @1990:1994@. To match with any port, specify @ANY@.+header_sourcePort :: Lens.Lens' Header Prelude.Text+header_sourcePort = Lens.lens (\Header' {sourcePort} -> sourcePort) (\s@Header' {} a -> s {sourcePort = a} :: Header)++-- | The direction of traffic flow to inspect. If set to @ANY@, the+-- inspection matches bidirectional traffic, both from the source to the+-- destination and from the destination to the source. If set to @FORWARD@,+-- the inspection only matches traffic going from the source to the+-- destination.+header_direction :: Lens.Lens' Header StatefulRuleDirection+header_direction = Lens.lens (\Header' {direction} -> direction) (\s@Header' {} a -> s {direction = a} :: Header)++-- | The destination IP address or address range to inspect for, in CIDR+-- notation. To match with any address, specify @ANY@.+--+-- Specify an IP address or a block of IP addresses in Classless+-- Inter-Domain Routing (CIDR) notation. Network Firewall supports all+-- address ranges for IPv4.+--+-- Examples:+--+-- -   To configure Network Firewall to inspect for the IP address+--     192.0.2.44, specify @192.0.2.44\/32@.+--+-- -   To configure Network Firewall to inspect for IP addresses from+--     192.0.2.0 to 192.0.2.255, specify @192.0.2.0\/24@.+--+-- For more information about CIDR notation, see the Wikipedia entry+-- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.+header_destination :: Lens.Lens' Header Prelude.Text+header_destination = Lens.lens (\Header' {destination} -> destination) (\s@Header' {} a -> s {destination = a} :: Header)++-- | The destination port to inspect for. You can specify an individual port,+-- for example @1994@ and you can specify a port range, for example+-- @1990:1994@. To match with any port, specify @ANY@.+header_destinationPort :: Lens.Lens' Header Prelude.Text+header_destinationPort = Lens.lens (\Header' {destinationPort} -> destinationPort) (\s@Header' {} a -> s {destinationPort = a} :: Header)++instance Data.FromJSON Header where+  parseJSON =+    Data.withObject+      "Header"+      ( \x ->+          Header'+            Prelude.<$> (x Data..: "Protocol")+            Prelude.<*> (x Data..: "Source")+            Prelude.<*> (x Data..: "SourcePort")+            Prelude.<*> (x Data..: "Direction")+            Prelude.<*> (x Data..: "Destination")+            Prelude.<*> (x Data..: "DestinationPort")+      )++instance Prelude.Hashable Header where+  hashWithSalt _salt Header' {..} =+    _salt+      `Prelude.hashWithSalt` protocol+      `Prelude.hashWithSalt` source+      `Prelude.hashWithSalt` sourcePort+      `Prelude.hashWithSalt` direction+      `Prelude.hashWithSalt` destination+      `Prelude.hashWithSalt` destinationPort++instance Prelude.NFData Header where+  rnf Header' {..} =+    Prelude.rnf protocol+      `Prelude.seq` Prelude.rnf source+      `Prelude.seq` Prelude.rnf sourcePort+      `Prelude.seq` Prelude.rnf direction+      `Prelude.seq` Prelude.rnf destination+      `Prelude.seq` Prelude.rnf destinationPort++instance Data.ToJSON Header where+  toJSON Header' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just ("Protocol" Data..= protocol),+            Prelude.Just ("Source" Data..= source),+            Prelude.Just ("SourcePort" Data..= sourcePort),+            Prelude.Just ("Direction" Data..= direction),+            Prelude.Just ("Destination" Data..= destination),+            Prelude.Just+              ("DestinationPort" Data..= destinationPort)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/IPSet.hs view
@@ -0,0 +1,75 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.IPSet+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.IPSet where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | A list of IP addresses and address ranges, in CIDR notation. This is+-- part of a RuleVariables.+--+-- /See:/ 'newIPSet' smart constructor.+data IPSet = IPSet'+  { -- | The list of IP addresses and address ranges, in CIDR notation.+    definition :: [Prelude.Text]+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'IPSet' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'definition', 'iPSet_definition' - The list of IP addresses and address ranges, in CIDR notation.+newIPSet ::+  IPSet+newIPSet = IPSet' {definition = Prelude.mempty}++-- | The list of IP addresses and address ranges, in CIDR notation.+iPSet_definition :: Lens.Lens' IPSet [Prelude.Text]+iPSet_definition = Lens.lens (\IPSet' {definition} -> definition) (\s@IPSet' {} a -> s {definition = a} :: IPSet) Prelude.. Lens.coerced++instance Data.FromJSON IPSet where+  parseJSON =+    Data.withObject+      "IPSet"+      ( \x ->+          IPSet'+            Prelude.<$> (x Data..:? "Definition" Data..!= Prelude.mempty)+      )++instance Prelude.Hashable IPSet where+  hashWithSalt _salt IPSet' {..} =+    _salt `Prelude.hashWithSalt` definition++instance Prelude.NFData IPSet where+  rnf IPSet' {..} = Prelude.rnf definition++instance Data.ToJSON IPSet where+  toJSON IPSet' {..} =+    Data.object+      ( Prelude.catMaybes+          [Prelude.Just ("Definition" Data..= definition)]+      )
+ gen/Amazonka/NetworkFirewall/Types/IPSetMetadata.hs view
@@ -0,0 +1,78 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.IPSetMetadata+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.IPSetMetadata where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | General information about the IP set.+--+-- /See:/ 'newIPSetMetadata' smart constructor.+data IPSetMetadata = IPSetMetadata'+  { -- | Describes the total number of CIDR blocks currently in use by the IP set+    -- references in a firewall. To determine how many CIDR blocks are+    -- available for you to use in a firewall, you can call+    -- @AvailableCIDRCount@.+    resolvedCIDRCount :: Prelude.Maybe Prelude.Natural+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'IPSetMetadata' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'resolvedCIDRCount', 'iPSetMetadata_resolvedCIDRCount' - Describes the total number of CIDR blocks currently in use by the IP set+-- references in a firewall. To determine how many CIDR blocks are+-- available for you to use in a firewall, you can call+-- @AvailableCIDRCount@.+newIPSetMetadata ::+  IPSetMetadata+newIPSetMetadata =+  IPSetMetadata' {resolvedCIDRCount = Prelude.Nothing}++-- | Describes the total number of CIDR blocks currently in use by the IP set+-- references in a firewall. To determine how many CIDR blocks are+-- available for you to use in a firewall, you can call+-- @AvailableCIDRCount@.+iPSetMetadata_resolvedCIDRCount :: Lens.Lens' IPSetMetadata (Prelude.Maybe Prelude.Natural)+iPSetMetadata_resolvedCIDRCount = Lens.lens (\IPSetMetadata' {resolvedCIDRCount} -> resolvedCIDRCount) (\s@IPSetMetadata' {} a -> s {resolvedCIDRCount = a} :: IPSetMetadata)++instance Data.FromJSON IPSetMetadata where+  parseJSON =+    Data.withObject+      "IPSetMetadata"+      ( \x ->+          IPSetMetadata'+            Prelude.<$> (x Data..:? "ResolvedCIDRCount")+      )++instance Prelude.Hashable IPSetMetadata where+  hashWithSalt _salt IPSetMetadata' {..} =+    _salt `Prelude.hashWithSalt` resolvedCIDRCount++instance Prelude.NFData IPSetMetadata where+  rnf IPSetMetadata' {..} =+    Prelude.rnf resolvedCIDRCount
+ gen/Amazonka/NetworkFirewall/Types/IPSetReference.hs view
@@ -0,0 +1,92 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.IPSetReference+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.IPSetReference where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | Configures one or more IP set references for a Suricata-compatible rule+-- group. This is used in CreateRuleGroup or UpdateRuleGroup. An IP set+-- reference is a rule variable that references a resource that you create+-- and manage in another Amazon Web Services service, such as an Amazon VPC+-- prefix list. Network Firewall IP set references enable you to+-- dynamically update the contents of your rules. When you create, update,+-- or delete the IP set you are referencing in your rule, Network Firewall+-- automatically updates the rule\'s content with the changes. For more+-- information about IP set references in Network Firewall, see+-- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/rule-groups-ip-set-references Using IP set references>+-- in the /Network Firewall Developer Guide/.+--+-- Network Firewall currently supports only+-- <https://docs.aws.amazon.com/vpc/latest/userguide/managed-prefix-lists.html Amazon VPC prefix lists>+-- as IP set references.+--+-- /See:/ 'newIPSetReference' smart constructor.+data IPSetReference = IPSetReference'+  { -- | The Amazon Resource Name (ARN) of the resource that you are referencing+    -- in your rule group.+    referenceArn :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'IPSetReference' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'referenceArn', 'iPSetReference_referenceArn' - The Amazon Resource Name (ARN) of the resource that you are referencing+-- in your rule group.+newIPSetReference ::+  IPSetReference+newIPSetReference =+  IPSetReference' {referenceArn = Prelude.Nothing}++-- | The Amazon Resource Name (ARN) of the resource that you are referencing+-- in your rule group.+iPSetReference_referenceArn :: Lens.Lens' IPSetReference (Prelude.Maybe Prelude.Text)+iPSetReference_referenceArn = Lens.lens (\IPSetReference' {referenceArn} -> referenceArn) (\s@IPSetReference' {} a -> s {referenceArn = a} :: IPSetReference)++instance Data.FromJSON IPSetReference where+  parseJSON =+    Data.withObject+      "IPSetReference"+      ( \x ->+          IPSetReference'+            Prelude.<$> (x Data..:? "ReferenceArn")+      )++instance Prelude.Hashable IPSetReference where+  hashWithSalt _salt IPSetReference' {..} =+    _salt `Prelude.hashWithSalt` referenceArn++instance Prelude.NFData IPSetReference where+  rnf IPSetReference' {..} = Prelude.rnf referenceArn++instance Data.ToJSON IPSetReference where+  toJSON IPSetReference' {..} =+    Data.object+      ( Prelude.catMaybes+          [("ReferenceArn" Data..=) Prelude.<$> referenceArn]+      )
+ gen/Amazonka/NetworkFirewall/Types/LogDestinationConfig.hs view
@@ -0,0 +1,200 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.LogDestinationConfig+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.LogDestinationConfig where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.LogDestinationType+import Amazonka.NetworkFirewall.Types.LogType+import qualified Amazonka.Prelude as Prelude++-- | Defines where Network Firewall sends logs for the firewall for one log+-- type. This is used in LoggingConfiguration. You can send each type of+-- log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data+-- Firehose delivery stream.+--+-- Network Firewall generates logs for stateful rule groups. You can save+-- alert and flow log types. The stateful rules engine records flow logs+-- for all network traffic that it receives. It records alert logs for+-- traffic that matches stateful rules that have the rule action set to+-- @DROP@ or @ALERT@.+--+-- /See:/ 'newLogDestinationConfig' smart constructor.+data LogDestinationConfig = LogDestinationConfig'+  { -- | The type of log to send. Alert logs report traffic that matches a+    -- StatefulRule with an action setting that sends an alert log message.+    -- Flow logs are standard network traffic flow logs.+    logType :: LogType,+    -- | The type of storage destination to send these logs to. You can send logs+    -- to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data+    -- Firehose delivery stream.+    logDestinationType :: LogDestinationType,+    -- | The named location for the logs, provided in a key:value mapping that is+    -- specific to the chosen destination type.+    --+    -- -   For an Amazon S3 bucket, provide the name of the bucket, with key+    --     @bucketName@, and optionally provide a prefix, with key @prefix@.+    --     The following example specifies an Amazon S3 bucket named+    --     @DOC-EXAMPLE-BUCKET@ and the prefix @alerts@:+    --+    --     @\"LogDestination\": { \"bucketName\": \"DOC-EXAMPLE-BUCKET\", \"prefix\": \"alerts\" }@+    --+    -- -   For a CloudWatch log group, provide the name of the CloudWatch log+    --     group, with key @logGroup@. The following example specifies a log+    --     group named @alert-log-group@:+    --+    --     @\"LogDestination\": { \"logGroup\": \"alert-log-group\" }@+    --+    -- -   For a Kinesis Data Firehose delivery stream, provide the name of the+    --     delivery stream, with key @deliveryStream@. The following example+    --     specifies a delivery stream named @alert-delivery-stream@:+    --+    --     @\"LogDestination\": { \"deliveryStream\": \"alert-delivery-stream\" }@+    logDestination :: Prelude.HashMap Prelude.Text Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'LogDestinationConfig' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'logType', 'logDestinationConfig_logType' - The type of log to send. Alert logs report traffic that matches a+-- StatefulRule with an action setting that sends an alert log message.+-- Flow logs are standard network traffic flow logs.+--+-- 'logDestinationType', 'logDestinationConfig_logDestinationType' - The type of storage destination to send these logs to. You can send logs+-- to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data+-- Firehose delivery stream.+--+-- 'logDestination', 'logDestinationConfig_logDestination' - The named location for the logs, provided in a key:value mapping that is+-- specific to the chosen destination type.+--+-- -   For an Amazon S3 bucket, provide the name of the bucket, with key+--     @bucketName@, and optionally provide a prefix, with key @prefix@.+--     The following example specifies an Amazon S3 bucket named+--     @DOC-EXAMPLE-BUCKET@ and the prefix @alerts@:+--+--     @\"LogDestination\": { \"bucketName\": \"DOC-EXAMPLE-BUCKET\", \"prefix\": \"alerts\" }@+--+-- -   For a CloudWatch log group, provide the name of the CloudWatch log+--     group, with key @logGroup@. The following example specifies a log+--     group named @alert-log-group@:+--+--     @\"LogDestination\": { \"logGroup\": \"alert-log-group\" }@+--+-- -   For a Kinesis Data Firehose delivery stream, provide the name of the+--     delivery stream, with key @deliveryStream@. The following example+--     specifies a delivery stream named @alert-delivery-stream@:+--+--     @\"LogDestination\": { \"deliveryStream\": \"alert-delivery-stream\" }@+newLogDestinationConfig ::+  -- | 'logType'+  LogType ->+  -- | 'logDestinationType'+  LogDestinationType ->+  LogDestinationConfig+newLogDestinationConfig+  pLogType_+  pLogDestinationType_ =+    LogDestinationConfig'+      { logType = pLogType_,+        logDestinationType = pLogDestinationType_,+        logDestination = Prelude.mempty+      }++-- | The type of log to send. Alert logs report traffic that matches a+-- StatefulRule with an action setting that sends an alert log message.+-- Flow logs are standard network traffic flow logs.+logDestinationConfig_logType :: Lens.Lens' LogDestinationConfig LogType+logDestinationConfig_logType = Lens.lens (\LogDestinationConfig' {logType} -> logType) (\s@LogDestinationConfig' {} a -> s {logType = a} :: LogDestinationConfig)++-- | The type of storage destination to send these logs to. You can send logs+-- to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data+-- Firehose delivery stream.+logDestinationConfig_logDestinationType :: Lens.Lens' LogDestinationConfig LogDestinationType+logDestinationConfig_logDestinationType = Lens.lens (\LogDestinationConfig' {logDestinationType} -> logDestinationType) (\s@LogDestinationConfig' {} a -> s {logDestinationType = a} :: LogDestinationConfig)++-- | The named location for the logs, provided in a key:value mapping that is+-- specific to the chosen destination type.+--+-- -   For an Amazon S3 bucket, provide the name of the bucket, with key+--     @bucketName@, and optionally provide a prefix, with key @prefix@.+--     The following example specifies an Amazon S3 bucket named+--     @DOC-EXAMPLE-BUCKET@ and the prefix @alerts@:+--+--     @\"LogDestination\": { \"bucketName\": \"DOC-EXAMPLE-BUCKET\", \"prefix\": \"alerts\" }@+--+-- -   For a CloudWatch log group, provide the name of the CloudWatch log+--     group, with key @logGroup@. The following example specifies a log+--     group named @alert-log-group@:+--+--     @\"LogDestination\": { \"logGroup\": \"alert-log-group\" }@+--+-- -   For a Kinesis Data Firehose delivery stream, provide the name of the+--     delivery stream, with key @deliveryStream@. The following example+--     specifies a delivery stream named @alert-delivery-stream@:+--+--     @\"LogDestination\": { \"deliveryStream\": \"alert-delivery-stream\" }@+logDestinationConfig_logDestination :: Lens.Lens' LogDestinationConfig (Prelude.HashMap Prelude.Text Prelude.Text)+logDestinationConfig_logDestination = Lens.lens (\LogDestinationConfig' {logDestination} -> logDestination) (\s@LogDestinationConfig' {} a -> s {logDestination = a} :: LogDestinationConfig) Prelude.. Lens.coerced++instance Data.FromJSON LogDestinationConfig where+  parseJSON =+    Data.withObject+      "LogDestinationConfig"+      ( \x ->+          LogDestinationConfig'+            Prelude.<$> (x Data..: "LogType")+            Prelude.<*> (x Data..: "LogDestinationType")+            Prelude.<*> ( x+                            Data..:? "LogDestination"+                            Data..!= Prelude.mempty+                        )+      )++instance Prelude.Hashable LogDestinationConfig where+  hashWithSalt _salt LogDestinationConfig' {..} =+    _salt+      `Prelude.hashWithSalt` logType+      `Prelude.hashWithSalt` logDestinationType+      `Prelude.hashWithSalt` logDestination++instance Prelude.NFData LogDestinationConfig where+  rnf LogDestinationConfig' {..} =+    Prelude.rnf logType+      `Prelude.seq` Prelude.rnf logDestinationType+      `Prelude.seq` Prelude.rnf logDestination++instance Data.ToJSON LogDestinationConfig where+  toJSON LogDestinationConfig' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just ("LogType" Data..= logType),+            Prelude.Just+              ("LogDestinationType" Data..= logDestinationType),+            Prelude.Just+              ("LogDestination" Data..= logDestination)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/LogDestinationType.hs view
@@ -0,0 +1,76 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.LogDestinationType+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.LogDestinationType+  ( LogDestinationType+      ( ..,+        LogDestinationType_CloudWatchLogs,+        LogDestinationType_KinesisDataFirehose,+        LogDestinationType_S3+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype LogDestinationType = LogDestinationType'+  { fromLogDestinationType ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern LogDestinationType_CloudWatchLogs :: LogDestinationType+pattern LogDestinationType_CloudWatchLogs = LogDestinationType' "CloudWatchLogs"++pattern LogDestinationType_KinesisDataFirehose :: LogDestinationType+pattern LogDestinationType_KinesisDataFirehose = LogDestinationType' "KinesisDataFirehose"++pattern LogDestinationType_S3 :: LogDestinationType+pattern LogDestinationType_S3 = LogDestinationType' "S3"++{-# COMPLETE+  LogDestinationType_CloudWatchLogs,+  LogDestinationType_KinesisDataFirehose,+  LogDestinationType_S3,+  LogDestinationType'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/LogType.hs view
@@ -0,0 +1,68 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.LogType+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.LogType+  ( LogType+      ( ..,+        LogType_ALERT,+        LogType_FLOW+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype LogType = LogType' {fromLogType :: Data.Text}+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern LogType_ALERT :: LogType+pattern LogType_ALERT = LogType' "ALERT"++pattern LogType_FLOW :: LogType+pattern LogType_FLOW = LogType' "FLOW"++{-# COMPLETE+  LogType_ALERT,+  LogType_FLOW,+  LogType'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/LoggingConfiguration.hs view
@@ -0,0 +1,90 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.LoggingConfiguration+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.LoggingConfiguration where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.LogDestinationConfig+import qualified Amazonka.Prelude as Prelude++-- | Defines how Network Firewall performs logging for a Firewall.+--+-- /See:/ 'newLoggingConfiguration' smart constructor.+data LoggingConfiguration = LoggingConfiguration'+  { -- | Defines the logging destinations for the logs for a firewall. Network+    -- Firewall generates logs for stateful rule groups.+    logDestinationConfigs :: [LogDestinationConfig]+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'LoggingConfiguration' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'logDestinationConfigs', 'loggingConfiguration_logDestinationConfigs' - Defines the logging destinations for the logs for a firewall. Network+-- Firewall generates logs for stateful rule groups.+newLoggingConfiguration ::+  LoggingConfiguration+newLoggingConfiguration =+  LoggingConfiguration'+    { logDestinationConfigs =+        Prelude.mempty+    }++-- | Defines the logging destinations for the logs for a firewall. Network+-- Firewall generates logs for stateful rule groups.+loggingConfiguration_logDestinationConfigs :: Lens.Lens' LoggingConfiguration [LogDestinationConfig]+loggingConfiguration_logDestinationConfigs = Lens.lens (\LoggingConfiguration' {logDestinationConfigs} -> logDestinationConfigs) (\s@LoggingConfiguration' {} a -> s {logDestinationConfigs = a} :: LoggingConfiguration) Prelude.. Lens.coerced++instance Data.FromJSON LoggingConfiguration where+  parseJSON =+    Data.withObject+      "LoggingConfiguration"+      ( \x ->+          LoggingConfiguration'+            Prelude.<$> ( x+                            Data..:? "LogDestinationConfigs"+                            Data..!= Prelude.mempty+                        )+      )++instance Prelude.Hashable LoggingConfiguration where+  hashWithSalt _salt LoggingConfiguration' {..} =+    _salt `Prelude.hashWithSalt` logDestinationConfigs++instance Prelude.NFData LoggingConfiguration where+  rnf LoggingConfiguration' {..} =+    Prelude.rnf logDestinationConfigs++instance Data.ToJSON LoggingConfiguration where+  toJSON LoggingConfiguration' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just+              ( "LogDestinationConfigs"+                  Data..= logDestinationConfigs+              )+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/MatchAttributes.hs view
@@ -0,0 +1,201 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.MatchAttributes+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.MatchAttributes where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.Address+import Amazonka.NetworkFirewall.Types.PortRange+import Amazonka.NetworkFirewall.Types.TCPFlagField+import qualified Amazonka.Prelude as Prelude++-- | Criteria for Network Firewall to use to inspect an individual packet in+-- stateless rule inspection. Each match attributes set can include one or+-- more items such as IP address, CIDR range, port number, protocol, and+-- TCP flags.+--+-- /See:/ 'newMatchAttributes' smart constructor.+data MatchAttributes = MatchAttributes'+  { -- | The destination ports to inspect for. If not specified, this matches+    -- with any destination port. This setting is only used for protocols 6+    -- (TCP) and 17 (UDP).+    --+    -- You can specify individual ports, for example @1994@ and you can specify+    -- port ranges, for example @1990:1994@.+    destinationPorts :: Prelude.Maybe [PortRange],+    -- | The destination IP addresses and address ranges to inspect for, in CIDR+    -- notation. If not specified, this matches with any destination address.+    destinations :: Prelude.Maybe [Address],+    -- | The protocols to inspect for, specified using each protocol\'s assigned+    -- internet protocol number (IANA). If not specified, this matches with any+    -- protocol.+    protocols :: Prelude.Maybe [Prelude.Natural],+    -- | The source ports to inspect for. If not specified, this matches with any+    -- source port. This setting is only used for protocols 6 (TCP) and 17+    -- (UDP).+    --+    -- You can specify individual ports, for example @1994@ and you can specify+    -- port ranges, for example @1990:1994@.+    sourcePorts :: Prelude.Maybe [PortRange],+    -- | The source IP addresses and address ranges to inspect for, in CIDR+    -- notation. If not specified, this matches with any source address.+    sources :: Prelude.Maybe [Address],+    -- | The TCP flags and masks to inspect for. If not specified, this matches+    -- with any settings. This setting is only used for protocol 6 (TCP).+    tCPFlags :: Prelude.Maybe [TCPFlagField]+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'MatchAttributes' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'destinationPorts', 'matchAttributes_destinationPorts' - The destination ports to inspect for. If not specified, this matches+-- with any destination port. This setting is only used for protocols 6+-- (TCP) and 17 (UDP).+--+-- You can specify individual ports, for example @1994@ and you can specify+-- port ranges, for example @1990:1994@.+--+-- 'destinations', 'matchAttributes_destinations' - The destination IP addresses and address ranges to inspect for, in CIDR+-- notation. If not specified, this matches with any destination address.+--+-- 'protocols', 'matchAttributes_protocols' - The protocols to inspect for, specified using each protocol\'s assigned+-- internet protocol number (IANA). If not specified, this matches with any+-- protocol.+--+-- 'sourcePorts', 'matchAttributes_sourcePorts' - The source ports to inspect for. If not specified, this matches with any+-- source port. This setting is only used for protocols 6 (TCP) and 17+-- (UDP).+--+-- You can specify individual ports, for example @1994@ and you can specify+-- port ranges, for example @1990:1994@.+--+-- 'sources', 'matchAttributes_sources' - The source IP addresses and address ranges to inspect for, in CIDR+-- notation. If not specified, this matches with any source address.+--+-- 'tCPFlags', 'matchAttributes_tCPFlags' - The TCP flags and masks to inspect for. If not specified, this matches+-- with any settings. This setting is only used for protocol 6 (TCP).+newMatchAttributes ::+  MatchAttributes+newMatchAttributes =+  MatchAttributes'+    { destinationPorts =+        Prelude.Nothing,+      destinations = Prelude.Nothing,+      protocols = Prelude.Nothing,+      sourcePorts = Prelude.Nothing,+      sources = Prelude.Nothing,+      tCPFlags = Prelude.Nothing+    }++-- | The destination ports to inspect for. If not specified, this matches+-- with any destination port. This setting is only used for protocols 6+-- (TCP) and 17 (UDP).+--+-- You can specify individual ports, for example @1994@ and you can specify+-- port ranges, for example @1990:1994@.+matchAttributes_destinationPorts :: Lens.Lens' MatchAttributes (Prelude.Maybe [PortRange])+matchAttributes_destinationPorts = Lens.lens (\MatchAttributes' {destinationPorts} -> destinationPorts) (\s@MatchAttributes' {} a -> s {destinationPorts = a} :: MatchAttributes) Prelude.. Lens.mapping Lens.coerced++-- | The destination IP addresses and address ranges to inspect for, in CIDR+-- notation. If not specified, this matches with any destination address.+matchAttributes_destinations :: Lens.Lens' MatchAttributes (Prelude.Maybe [Address])+matchAttributes_destinations = Lens.lens (\MatchAttributes' {destinations} -> destinations) (\s@MatchAttributes' {} a -> s {destinations = a} :: MatchAttributes) Prelude.. Lens.mapping Lens.coerced++-- | The protocols to inspect for, specified using each protocol\'s assigned+-- internet protocol number (IANA). If not specified, this matches with any+-- protocol.+matchAttributes_protocols :: Lens.Lens' MatchAttributes (Prelude.Maybe [Prelude.Natural])+matchAttributes_protocols = Lens.lens (\MatchAttributes' {protocols} -> protocols) (\s@MatchAttributes' {} a -> s {protocols = a} :: MatchAttributes) Prelude.. Lens.mapping Lens.coerced++-- | The source ports to inspect for. If not specified, this matches with any+-- source port. This setting is only used for protocols 6 (TCP) and 17+-- (UDP).+--+-- You can specify individual ports, for example @1994@ and you can specify+-- port ranges, for example @1990:1994@.+matchAttributes_sourcePorts :: Lens.Lens' MatchAttributes (Prelude.Maybe [PortRange])+matchAttributes_sourcePorts = Lens.lens (\MatchAttributes' {sourcePorts} -> sourcePorts) (\s@MatchAttributes' {} a -> s {sourcePorts = a} :: MatchAttributes) Prelude.. Lens.mapping Lens.coerced++-- | The source IP addresses and address ranges to inspect for, in CIDR+-- notation. If not specified, this matches with any source address.+matchAttributes_sources :: Lens.Lens' MatchAttributes (Prelude.Maybe [Address])+matchAttributes_sources = Lens.lens (\MatchAttributes' {sources} -> sources) (\s@MatchAttributes' {} a -> s {sources = a} :: MatchAttributes) Prelude.. Lens.mapping Lens.coerced++-- | The TCP flags and masks to inspect for. If not specified, this matches+-- with any settings. This setting is only used for protocol 6 (TCP).+matchAttributes_tCPFlags :: Lens.Lens' MatchAttributes (Prelude.Maybe [TCPFlagField])+matchAttributes_tCPFlags = Lens.lens (\MatchAttributes' {tCPFlags} -> tCPFlags) (\s@MatchAttributes' {} a -> s {tCPFlags = a} :: MatchAttributes) Prelude.. Lens.mapping Lens.coerced++instance Data.FromJSON MatchAttributes where+  parseJSON =+    Data.withObject+      "MatchAttributes"+      ( \x ->+          MatchAttributes'+            Prelude.<$> ( x+                            Data..:? "DestinationPorts"+                            Data..!= Prelude.mempty+                        )+            Prelude.<*> (x Data..:? "Destinations" Data..!= Prelude.mempty)+            Prelude.<*> (x Data..:? "Protocols" Data..!= Prelude.mempty)+            Prelude.<*> (x Data..:? "SourcePorts" Data..!= Prelude.mempty)+            Prelude.<*> (x Data..:? "Sources" Data..!= Prelude.mempty)+            Prelude.<*> (x Data..:? "TCPFlags" Data..!= Prelude.mempty)+      )++instance Prelude.Hashable MatchAttributes where+  hashWithSalt _salt MatchAttributes' {..} =+    _salt+      `Prelude.hashWithSalt` destinationPorts+      `Prelude.hashWithSalt` destinations+      `Prelude.hashWithSalt` protocols+      `Prelude.hashWithSalt` sourcePorts+      `Prelude.hashWithSalt` sources+      `Prelude.hashWithSalt` tCPFlags++instance Prelude.NFData MatchAttributes where+  rnf MatchAttributes' {..} =+    Prelude.rnf destinationPorts+      `Prelude.seq` Prelude.rnf destinations+      `Prelude.seq` Prelude.rnf protocols+      `Prelude.seq` Prelude.rnf sourcePorts+      `Prelude.seq` Prelude.rnf sources+      `Prelude.seq` Prelude.rnf tCPFlags++instance Data.ToJSON MatchAttributes where+  toJSON MatchAttributes' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("DestinationPorts" Data..=)+              Prelude.<$> destinationPorts,+            ("Destinations" Data..=) Prelude.<$> destinations,+            ("Protocols" Data..=) Prelude.<$> protocols,+            ("SourcePorts" Data..=) Prelude.<$> sourcePorts,+            ("Sources" Data..=) Prelude.<$> sources,+            ("TCPFlags" Data..=) Prelude.<$> tCPFlags+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/OverrideAction.hs view
@@ -0,0 +1,66 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.OverrideAction+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.OverrideAction+  ( OverrideAction+      ( ..,+        OverrideAction_DROP_TO_ALERT+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype OverrideAction = OverrideAction'+  { fromOverrideAction ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern OverrideAction_DROP_TO_ALERT :: OverrideAction+pattern OverrideAction_DROP_TO_ALERT = OverrideAction' "DROP_TO_ALERT"++{-# COMPLETE+  OverrideAction_DROP_TO_ALERT,+  OverrideAction'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/PerObjectStatus.hs view
@@ -0,0 +1,96 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.PerObjectStatus+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.PerObjectStatus where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.PerObjectSyncStatus+import qualified Amazonka.Prelude as Prelude++-- | Provides configuration status for a single policy or rule group that is+-- used for a firewall endpoint. Network Firewall provides each endpoint+-- with the rules that are configured in the firewall policy. Each time you+-- add a subnet or modify the associated firewall policy, Network Firewall+-- synchronizes the rules in the endpoint, so it can properly filter+-- network traffic. This is part of a SyncState for a firewall.+--+-- /See:/ 'newPerObjectStatus' smart constructor.+data PerObjectStatus = PerObjectStatus'+  { -- | Indicates whether this object is in sync with the version indicated in+    -- the update token.+    syncStatus :: Prelude.Maybe PerObjectSyncStatus,+    -- | The current version of the object that is either in sync or pending+    -- synchronization.+    updateToken :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'PerObjectStatus' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'syncStatus', 'perObjectStatus_syncStatus' - Indicates whether this object is in sync with the version indicated in+-- the update token.+--+-- 'updateToken', 'perObjectStatus_updateToken' - The current version of the object that is either in sync or pending+-- synchronization.+newPerObjectStatus ::+  PerObjectStatus+newPerObjectStatus =+  PerObjectStatus'+    { syncStatus = Prelude.Nothing,+      updateToken = Prelude.Nothing+    }++-- | Indicates whether this object is in sync with the version indicated in+-- the update token.+perObjectStatus_syncStatus :: Lens.Lens' PerObjectStatus (Prelude.Maybe PerObjectSyncStatus)+perObjectStatus_syncStatus = Lens.lens (\PerObjectStatus' {syncStatus} -> syncStatus) (\s@PerObjectStatus' {} a -> s {syncStatus = a} :: PerObjectStatus)++-- | The current version of the object that is either in sync or pending+-- synchronization.+perObjectStatus_updateToken :: Lens.Lens' PerObjectStatus (Prelude.Maybe Prelude.Text)+perObjectStatus_updateToken = Lens.lens (\PerObjectStatus' {updateToken} -> updateToken) (\s@PerObjectStatus' {} a -> s {updateToken = a} :: PerObjectStatus)++instance Data.FromJSON PerObjectStatus where+  parseJSON =+    Data.withObject+      "PerObjectStatus"+      ( \x ->+          PerObjectStatus'+            Prelude.<$> (x Data..:? "SyncStatus")+            Prelude.<*> (x Data..:? "UpdateToken")+      )++instance Prelude.Hashable PerObjectStatus where+  hashWithSalt _salt PerObjectStatus' {..} =+    _salt+      `Prelude.hashWithSalt` syncStatus+      `Prelude.hashWithSalt` updateToken++instance Prelude.NFData PerObjectStatus where+  rnf PerObjectStatus' {..} =+    Prelude.rnf syncStatus+      `Prelude.seq` Prelude.rnf updateToken
+ gen/Amazonka/NetworkFirewall/Types/PerObjectSyncStatus.hs view
@@ -0,0 +1,76 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.PerObjectSyncStatus+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.PerObjectSyncStatus+  ( PerObjectSyncStatus+      ( ..,+        PerObjectSyncStatus_CAPACITY_CONSTRAINED,+        PerObjectSyncStatus_IN_SYNC,+        PerObjectSyncStatus_PENDING+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype PerObjectSyncStatus = PerObjectSyncStatus'+  { fromPerObjectSyncStatus ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern PerObjectSyncStatus_CAPACITY_CONSTRAINED :: PerObjectSyncStatus+pattern PerObjectSyncStatus_CAPACITY_CONSTRAINED = PerObjectSyncStatus' "CAPACITY_CONSTRAINED"++pattern PerObjectSyncStatus_IN_SYNC :: PerObjectSyncStatus+pattern PerObjectSyncStatus_IN_SYNC = PerObjectSyncStatus' "IN_SYNC"++pattern PerObjectSyncStatus_PENDING :: PerObjectSyncStatus+pattern PerObjectSyncStatus_PENDING = PerObjectSyncStatus' "PENDING"++{-# COMPLETE+  PerObjectSyncStatus_CAPACITY_CONSTRAINED,+  PerObjectSyncStatus_IN_SYNC,+  PerObjectSyncStatus_PENDING,+  PerObjectSyncStatus'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/PortRange.hs view
@@ -0,0 +1,105 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.PortRange+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.PortRange where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | A single port range specification. This is used for source and+-- destination port ranges in the stateless rule MatchAttributes,+-- @SourcePorts@, and @DestinationPorts@ settings.+--+-- /See:/ 'newPortRange' smart constructor.+data PortRange = PortRange'+  { -- | The lower limit of the port range. This must be less than or equal to+    -- the @ToPort@ specification.+    fromPort :: Prelude.Natural,+    -- | The upper limit of the port range. This must be greater than or equal to+    -- the @FromPort@ specification.+    toPort :: Prelude.Natural+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'PortRange' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'fromPort', 'portRange_fromPort' - The lower limit of the port range. This must be less than or equal to+-- the @ToPort@ specification.+--+-- 'toPort', 'portRange_toPort' - The upper limit of the port range. This must be greater than or equal to+-- the @FromPort@ specification.+newPortRange ::+  -- | 'fromPort'+  Prelude.Natural ->+  -- | 'toPort'+  Prelude.Natural ->+  PortRange+newPortRange pFromPort_ pToPort_ =+  PortRange'+    { fromPort = pFromPort_,+      toPort = pToPort_+    }++-- | The lower limit of the port range. This must be less than or equal to+-- the @ToPort@ specification.+portRange_fromPort :: Lens.Lens' PortRange Prelude.Natural+portRange_fromPort = Lens.lens (\PortRange' {fromPort} -> fromPort) (\s@PortRange' {} a -> s {fromPort = a} :: PortRange)++-- | The upper limit of the port range. This must be greater than or equal to+-- the @FromPort@ specification.+portRange_toPort :: Lens.Lens' PortRange Prelude.Natural+portRange_toPort = Lens.lens (\PortRange' {toPort} -> toPort) (\s@PortRange' {} a -> s {toPort = a} :: PortRange)++instance Data.FromJSON PortRange where+  parseJSON =+    Data.withObject+      "PortRange"+      ( \x ->+          PortRange'+            Prelude.<$> (x Data..: "FromPort")+            Prelude.<*> (x Data..: "ToPort")+      )++instance Prelude.Hashable PortRange where+  hashWithSalt _salt PortRange' {..} =+    _salt+      `Prelude.hashWithSalt` fromPort+      `Prelude.hashWithSalt` toPort++instance Prelude.NFData PortRange where+  rnf PortRange' {..} =+    Prelude.rnf fromPort+      `Prelude.seq` Prelude.rnf toPort++instance Data.ToJSON PortRange where+  toJSON PortRange' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just ("FromPort" Data..= fromPort),+            Prelude.Just ("ToPort" Data..= toPort)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/PortSet.hs view
@@ -0,0 +1,74 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.PortSet+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.PortSet where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | A set of port ranges for use in the rules in a rule group.+--+-- /See:/ 'newPortSet' smart constructor.+data PortSet = PortSet'+  { -- | The set of port ranges.+    definition :: Prelude.Maybe [Prelude.Text]+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'PortSet' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'definition', 'portSet_definition' - The set of port ranges.+newPortSet ::+  PortSet+newPortSet = PortSet' {definition = Prelude.Nothing}++-- | The set of port ranges.+portSet_definition :: Lens.Lens' PortSet (Prelude.Maybe [Prelude.Text])+portSet_definition = Lens.lens (\PortSet' {definition} -> definition) (\s@PortSet' {} a -> s {definition = a} :: PortSet) Prelude.. Lens.mapping Lens.coerced++instance Data.FromJSON PortSet where+  parseJSON =+    Data.withObject+      "PortSet"+      ( \x ->+          PortSet'+            Prelude.<$> (x Data..:? "Definition" Data..!= Prelude.mempty)+      )++instance Prelude.Hashable PortSet where+  hashWithSalt _salt PortSet' {..} =+    _salt `Prelude.hashWithSalt` definition++instance Prelude.NFData PortSet where+  rnf PortSet' {..} = Prelude.rnf definition++instance Data.ToJSON PortSet where+  toJSON PortSet' {..} =+    Data.object+      ( Prelude.catMaybes+          [("Definition" Data..=) Prelude.<$> definition]+      )
+ gen/Amazonka/NetworkFirewall/Types/PublishMetricAction.hs view
@@ -0,0 +1,81 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.PublishMetricAction+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.PublishMetricAction where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.Dimension+import qualified Amazonka.Prelude as Prelude++-- | Stateless inspection criteria that publishes the specified metrics to+-- Amazon CloudWatch for the matching packet. This setting defines a+-- CloudWatch dimension value to be published.+--+-- /See:/ 'newPublishMetricAction' smart constructor.+data PublishMetricAction = PublishMetricAction'+  { dimensions :: Prelude.NonEmpty Dimension+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'PublishMetricAction' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'dimensions', 'publishMetricAction_dimensions' -+newPublishMetricAction ::+  -- | 'dimensions'+  Prelude.NonEmpty Dimension ->+  PublishMetricAction+newPublishMetricAction pDimensions_ =+  PublishMetricAction'+    { dimensions =+        Lens.coerced Lens.# pDimensions_+    }++publishMetricAction_dimensions :: Lens.Lens' PublishMetricAction (Prelude.NonEmpty Dimension)+publishMetricAction_dimensions = Lens.lens (\PublishMetricAction' {dimensions} -> dimensions) (\s@PublishMetricAction' {} a -> s {dimensions = a} :: PublishMetricAction) Prelude.. Lens.coerced++instance Data.FromJSON PublishMetricAction where+  parseJSON =+    Data.withObject+      "PublishMetricAction"+      ( \x ->+          PublishMetricAction'+            Prelude.<$> (x Data..: "Dimensions")+      )++instance Prelude.Hashable PublishMetricAction where+  hashWithSalt _salt PublishMetricAction' {..} =+    _salt `Prelude.hashWithSalt` dimensions++instance Prelude.NFData PublishMetricAction where+  rnf PublishMetricAction' {..} = Prelude.rnf dimensions++instance Data.ToJSON PublishMetricAction where+  toJSON PublishMetricAction' {..} =+    Data.object+      ( Prelude.catMaybes+          [Prelude.Just ("Dimensions" Data..= dimensions)]+      )
+ gen/Amazonka/NetworkFirewall/Types/ReferenceSets.hs view
@@ -0,0 +1,81 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.ReferenceSets+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.ReferenceSets where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.IPSetReference+import qualified Amazonka.Prelude as Prelude++-- | Contains a set of IP set references.+--+-- /See:/ 'newReferenceSets' smart constructor.+data ReferenceSets = ReferenceSets'+  { -- | The list of IP set references.+    iPSetReferences :: Prelude.Maybe (Prelude.HashMap Prelude.Text IPSetReference)+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ReferenceSets' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'iPSetReferences', 'referenceSets_iPSetReferences' - The list of IP set references.+newReferenceSets ::+  ReferenceSets+newReferenceSets =+  ReferenceSets' {iPSetReferences = Prelude.Nothing}++-- | The list of IP set references.+referenceSets_iPSetReferences :: Lens.Lens' ReferenceSets (Prelude.Maybe (Prelude.HashMap Prelude.Text IPSetReference))+referenceSets_iPSetReferences = Lens.lens (\ReferenceSets' {iPSetReferences} -> iPSetReferences) (\s@ReferenceSets' {} a -> s {iPSetReferences = a} :: ReferenceSets) Prelude.. Lens.mapping Lens.coerced++instance Data.FromJSON ReferenceSets where+  parseJSON =+    Data.withObject+      "ReferenceSets"+      ( \x ->+          ReferenceSets'+            Prelude.<$> ( x+                            Data..:? "IPSetReferences"+                            Data..!= Prelude.mempty+                        )+      )++instance Prelude.Hashable ReferenceSets where+  hashWithSalt _salt ReferenceSets' {..} =+    _salt `Prelude.hashWithSalt` iPSetReferences++instance Prelude.NFData ReferenceSets where+  rnf ReferenceSets' {..} = Prelude.rnf iPSetReferences++instance Data.ToJSON ReferenceSets where+  toJSON ReferenceSets' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("IPSetReferences" Data..=)+              Prelude.<$> iPSetReferences+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/ResourceManagedStatus.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.ResourceManagedStatus+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.ResourceManagedStatus+  ( ResourceManagedStatus+      ( ..,+        ResourceManagedStatus_ACCOUNT,+        ResourceManagedStatus_MANAGED+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype ResourceManagedStatus = ResourceManagedStatus'+  { fromResourceManagedStatus ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern ResourceManagedStatus_ACCOUNT :: ResourceManagedStatus+pattern ResourceManagedStatus_ACCOUNT = ResourceManagedStatus' "ACCOUNT"++pattern ResourceManagedStatus_MANAGED :: ResourceManagedStatus+pattern ResourceManagedStatus_MANAGED = ResourceManagedStatus' "MANAGED"++{-# COMPLETE+  ResourceManagedStatus_ACCOUNT,+  ResourceManagedStatus_MANAGED,+  ResourceManagedStatus'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/ResourceManagedType.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.ResourceManagedType+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.ResourceManagedType+  ( ResourceManagedType+      ( ..,+        ResourceManagedType_AWS_MANAGED_DOMAIN_LISTS,+        ResourceManagedType_AWS_MANAGED_THREAT_SIGNATURES+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype ResourceManagedType = ResourceManagedType'+  { fromResourceManagedType ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern ResourceManagedType_AWS_MANAGED_DOMAIN_LISTS :: ResourceManagedType+pattern ResourceManagedType_AWS_MANAGED_DOMAIN_LISTS = ResourceManagedType' "AWS_MANAGED_DOMAIN_LISTS"++pattern ResourceManagedType_AWS_MANAGED_THREAT_SIGNATURES :: ResourceManagedType+pattern ResourceManagedType_AWS_MANAGED_THREAT_SIGNATURES = ResourceManagedType' "AWS_MANAGED_THREAT_SIGNATURES"++{-# COMPLETE+  ResourceManagedType_AWS_MANAGED_DOMAIN_LISTS,+  ResourceManagedType_AWS_MANAGED_THREAT_SIGNATURES,+  ResourceManagedType'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/ResourceStatus.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.ResourceStatus+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.ResourceStatus+  ( ResourceStatus+      ( ..,+        ResourceStatus_ACTIVE,+        ResourceStatus_DELETING+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype ResourceStatus = ResourceStatus'+  { fromResourceStatus ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern ResourceStatus_ACTIVE :: ResourceStatus+pattern ResourceStatus_ACTIVE = ResourceStatus' "ACTIVE"++pattern ResourceStatus_DELETING :: ResourceStatus+pattern ResourceStatus_DELETING = ResourceStatus' "DELETING"++{-# COMPLETE+  ResourceStatus_ACTIVE,+  ResourceStatus_DELETING,+  ResourceStatus'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/RuleDefinition.hs view
@@ -0,0 +1,203 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.RuleDefinition+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.RuleDefinition where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.MatchAttributes+import qualified Amazonka.Prelude as Prelude++-- | The inspection criteria and action for a single stateless rule. Network+-- Firewall inspects each packet for the specified matching criteria. When+-- a packet matches the criteria, Network Firewall performs the rule\'s+-- actions on the packet.+--+-- /See:/ 'newRuleDefinition' smart constructor.+data RuleDefinition = RuleDefinition'+  { -- | Criteria for Network Firewall to use to inspect an individual packet in+    -- stateless rule inspection. Each match attributes set can include one or+    -- more items such as IP address, CIDR range, port number, protocol, and+    -- TCP flags.+    matchAttributes :: MatchAttributes,+    -- | The actions to take on a packet that matches one of the stateless rule+    -- definition\'s match attributes. You must specify a standard action and+    -- you can add custom actions.+    --+    -- Network Firewall only forwards a packet for stateful rule inspection if+    -- you specify @aws:forward_to_sfe@ for a rule that the packet matches, or+    -- if the packet doesn\'t match any stateless rule and you specify+    -- @aws:forward_to_sfe@ for the @StatelessDefaultActions@ setting for the+    -- FirewallPolicy.+    --+    -- For every rule, you must specify exactly one of the following standard+    -- actions.+    --+    -- -   __aws:pass__ - Discontinues all inspection of the packet and permits+    --     it to go to its intended destination.+    --+    -- -   __aws:drop__ - Discontinues all inspection of the packet and blocks+    --     it from going to its intended destination.+    --+    -- -   __aws:forward_to_sfe__ - Discontinues stateless inspection of the+    --     packet and forwards it to the stateful rule engine for inspection.+    --+    -- Additionally, you can specify a custom action. To do this, you define a+    -- custom action by name and type, then provide the name you\'ve assigned+    -- to the action in this @Actions@ setting. For information about the+    -- options, see CustomAction.+    --+    -- To provide more than one action in this setting, separate the settings+    -- with a comma. For example, if you have a custom @PublishMetrics@ action+    -- that you\'ve named @MyMetricsAction@, then you could specify the+    -- standard action @aws:pass@ and the custom action with+    -- @[“aws:pass”, “MyMetricsAction”]@.+    actions :: [Prelude.Text]+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RuleDefinition' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'matchAttributes', 'ruleDefinition_matchAttributes' - Criteria for Network Firewall to use to inspect an individual packet in+-- stateless rule inspection. Each match attributes set can include one or+-- more items such as IP address, CIDR range, port number, protocol, and+-- TCP flags.+--+-- 'actions', 'ruleDefinition_actions' - The actions to take on a packet that matches one of the stateless rule+-- definition\'s match attributes. You must specify a standard action and+-- you can add custom actions.+--+-- Network Firewall only forwards a packet for stateful rule inspection if+-- you specify @aws:forward_to_sfe@ for a rule that the packet matches, or+-- if the packet doesn\'t match any stateless rule and you specify+-- @aws:forward_to_sfe@ for the @StatelessDefaultActions@ setting for the+-- FirewallPolicy.+--+-- For every rule, you must specify exactly one of the following standard+-- actions.+--+-- -   __aws:pass__ - Discontinues all inspection of the packet and permits+--     it to go to its intended destination.+--+-- -   __aws:drop__ - Discontinues all inspection of the packet and blocks+--     it from going to its intended destination.+--+-- -   __aws:forward_to_sfe__ - Discontinues stateless inspection of the+--     packet and forwards it to the stateful rule engine for inspection.+--+-- Additionally, you can specify a custom action. To do this, you define a+-- custom action by name and type, then provide the name you\'ve assigned+-- to the action in this @Actions@ setting. For information about the+-- options, see CustomAction.+--+-- To provide more than one action in this setting, separate the settings+-- with a comma. For example, if you have a custom @PublishMetrics@ action+-- that you\'ve named @MyMetricsAction@, then you could specify the+-- standard action @aws:pass@ and the custom action with+-- @[“aws:pass”, “MyMetricsAction”]@.+newRuleDefinition ::+  -- | 'matchAttributes'+  MatchAttributes ->+  RuleDefinition+newRuleDefinition pMatchAttributes_ =+  RuleDefinition'+    { matchAttributes =+        pMatchAttributes_,+      actions = Prelude.mempty+    }++-- | Criteria for Network Firewall to use to inspect an individual packet in+-- stateless rule inspection. Each match attributes set can include one or+-- more items such as IP address, CIDR range, port number, protocol, and+-- TCP flags.+ruleDefinition_matchAttributes :: Lens.Lens' RuleDefinition MatchAttributes+ruleDefinition_matchAttributes = Lens.lens (\RuleDefinition' {matchAttributes} -> matchAttributes) (\s@RuleDefinition' {} a -> s {matchAttributes = a} :: RuleDefinition)++-- | The actions to take on a packet that matches one of the stateless rule+-- definition\'s match attributes. You must specify a standard action and+-- you can add custom actions.+--+-- Network Firewall only forwards a packet for stateful rule inspection if+-- you specify @aws:forward_to_sfe@ for a rule that the packet matches, or+-- if the packet doesn\'t match any stateless rule and you specify+-- @aws:forward_to_sfe@ for the @StatelessDefaultActions@ setting for the+-- FirewallPolicy.+--+-- For every rule, you must specify exactly one of the following standard+-- actions.+--+-- -   __aws:pass__ - Discontinues all inspection of the packet and permits+--     it to go to its intended destination.+--+-- -   __aws:drop__ - Discontinues all inspection of the packet and blocks+--     it from going to its intended destination.+--+-- -   __aws:forward_to_sfe__ - Discontinues stateless inspection of the+--     packet and forwards it to the stateful rule engine for inspection.+--+-- Additionally, you can specify a custom action. To do this, you define a+-- custom action by name and type, then provide the name you\'ve assigned+-- to the action in this @Actions@ setting. For information about the+-- options, see CustomAction.+--+-- To provide more than one action in this setting, separate the settings+-- with a comma. For example, if you have a custom @PublishMetrics@ action+-- that you\'ve named @MyMetricsAction@, then you could specify the+-- standard action @aws:pass@ and the custom action with+-- @[“aws:pass”, “MyMetricsAction”]@.+ruleDefinition_actions :: Lens.Lens' RuleDefinition [Prelude.Text]+ruleDefinition_actions = Lens.lens (\RuleDefinition' {actions} -> actions) (\s@RuleDefinition' {} a -> s {actions = a} :: RuleDefinition) Prelude.. Lens.coerced++instance Data.FromJSON RuleDefinition where+  parseJSON =+    Data.withObject+      "RuleDefinition"+      ( \x ->+          RuleDefinition'+            Prelude.<$> (x Data..: "MatchAttributes")+            Prelude.<*> (x Data..:? "Actions" Data..!= Prelude.mempty)+      )++instance Prelude.Hashable RuleDefinition where+  hashWithSalt _salt RuleDefinition' {..} =+    _salt+      `Prelude.hashWithSalt` matchAttributes+      `Prelude.hashWithSalt` actions++instance Prelude.NFData RuleDefinition where+  rnf RuleDefinition' {..} =+    Prelude.rnf matchAttributes+      `Prelude.seq` Prelude.rnf actions++instance Data.ToJSON RuleDefinition where+  toJSON RuleDefinition' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just+              ("MatchAttributes" Data..= matchAttributes),+            Prelude.Just ("Actions" Data..= actions)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/RuleGroup.hs view
@@ -0,0 +1,147 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.RuleGroup+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.RuleGroup where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.ReferenceSets+import Amazonka.NetworkFirewall.Types.RuleVariables+import Amazonka.NetworkFirewall.Types.RulesSource+import Amazonka.NetworkFirewall.Types.StatefulRuleOptions+import qualified Amazonka.Prelude as Prelude++-- | The object that defines the rules in a rule group. This, along with+-- RuleGroupResponse, define the rule group. You can retrieve all objects+-- for a rule group by calling DescribeRuleGroup.+--+-- Network Firewall uses a rule group to inspect and control network+-- traffic. You define stateless rule groups to inspect individual packets+-- and you define stateful rule groups to inspect packets in the context of+-- their traffic flow.+--+-- To use a rule group, you include it by reference in an Network Firewall+-- firewall policy, then you use the policy in a firewall. You can+-- reference a rule group from more than one firewall policy, and you can+-- use a firewall policy in more than one firewall.+--+-- /See:/ 'newRuleGroup' smart constructor.+data RuleGroup = RuleGroup'+  { -- | The list of a rule group\'s reference sets.+    referenceSets :: Prelude.Maybe ReferenceSets,+    -- | Settings that are available for use in the rules in the rule group. You+    -- can only use these for stateful rule groups.+    ruleVariables :: Prelude.Maybe RuleVariables,+    -- | Additional options governing how Network Firewall handles stateful+    -- rules. The policies where you use your stateful rule group must have+    -- stateful rule options settings that are compatible with these settings.+    statefulRuleOptions :: Prelude.Maybe StatefulRuleOptions,+    -- | The stateful rules or stateless rules for the rule group.+    rulesSource :: RulesSource+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RuleGroup' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'referenceSets', 'ruleGroup_referenceSets' - The list of a rule group\'s reference sets.+--+-- 'ruleVariables', 'ruleGroup_ruleVariables' - Settings that are available for use in the rules in the rule group. You+-- can only use these for stateful rule groups.+--+-- 'statefulRuleOptions', 'ruleGroup_statefulRuleOptions' - Additional options governing how Network Firewall handles stateful+-- rules. The policies where you use your stateful rule group must have+-- stateful rule options settings that are compatible with these settings.+--+-- 'rulesSource', 'ruleGroup_rulesSource' - The stateful rules or stateless rules for the rule group.+newRuleGroup ::+  -- | 'rulesSource'+  RulesSource ->+  RuleGroup+newRuleGroup pRulesSource_ =+  RuleGroup'+    { referenceSets = Prelude.Nothing,+      ruleVariables = Prelude.Nothing,+      statefulRuleOptions = Prelude.Nothing,+      rulesSource = pRulesSource_+    }++-- | The list of a rule group\'s reference sets.+ruleGroup_referenceSets :: Lens.Lens' RuleGroup (Prelude.Maybe ReferenceSets)+ruleGroup_referenceSets = Lens.lens (\RuleGroup' {referenceSets} -> referenceSets) (\s@RuleGroup' {} a -> s {referenceSets = a} :: RuleGroup)++-- | Settings that are available for use in the rules in the rule group. You+-- can only use these for stateful rule groups.+ruleGroup_ruleVariables :: Lens.Lens' RuleGroup (Prelude.Maybe RuleVariables)+ruleGroup_ruleVariables = Lens.lens (\RuleGroup' {ruleVariables} -> ruleVariables) (\s@RuleGroup' {} a -> s {ruleVariables = a} :: RuleGroup)++-- | Additional options governing how Network Firewall handles stateful+-- rules. The policies where you use your stateful rule group must have+-- stateful rule options settings that are compatible with these settings.+ruleGroup_statefulRuleOptions :: Lens.Lens' RuleGroup (Prelude.Maybe StatefulRuleOptions)+ruleGroup_statefulRuleOptions = Lens.lens (\RuleGroup' {statefulRuleOptions} -> statefulRuleOptions) (\s@RuleGroup' {} a -> s {statefulRuleOptions = a} :: RuleGroup)++-- | The stateful rules or stateless rules for the rule group.+ruleGroup_rulesSource :: Lens.Lens' RuleGroup RulesSource+ruleGroup_rulesSource = Lens.lens (\RuleGroup' {rulesSource} -> rulesSource) (\s@RuleGroup' {} a -> s {rulesSource = a} :: RuleGroup)++instance Data.FromJSON RuleGroup where+  parseJSON =+    Data.withObject+      "RuleGroup"+      ( \x ->+          RuleGroup'+            Prelude.<$> (x Data..:? "ReferenceSets")+            Prelude.<*> (x Data..:? "RuleVariables")+            Prelude.<*> (x Data..:? "StatefulRuleOptions")+            Prelude.<*> (x Data..: "RulesSource")+      )++instance Prelude.Hashable RuleGroup where+  hashWithSalt _salt RuleGroup' {..} =+    _salt+      `Prelude.hashWithSalt` referenceSets+      `Prelude.hashWithSalt` ruleVariables+      `Prelude.hashWithSalt` statefulRuleOptions+      `Prelude.hashWithSalt` rulesSource++instance Prelude.NFData RuleGroup where+  rnf RuleGroup' {..} =+    Prelude.rnf referenceSets+      `Prelude.seq` Prelude.rnf ruleVariables+      `Prelude.seq` Prelude.rnf statefulRuleOptions+      `Prelude.seq` Prelude.rnf rulesSource++instance Data.ToJSON RuleGroup where+  toJSON RuleGroup' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("ReferenceSets" Data..=) Prelude.<$> referenceSets,+            ("RuleVariables" Data..=) Prelude.<$> ruleVariables,+            ("StatefulRuleOptions" Data..=)+              Prelude.<$> statefulRuleOptions,+            Prelude.Just ("RulesSource" Data..= rulesSource)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/RuleGroupMetadata.hs view
@@ -0,0 +1,88 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.RuleGroupMetadata+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.RuleGroupMetadata where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | High-level information about a rule group, returned by ListRuleGroups.+-- You can use the information provided in the metadata to retrieve and+-- manage a rule group.+--+-- /See:/ 'newRuleGroupMetadata' smart constructor.+data RuleGroupMetadata = RuleGroupMetadata'+  { -- | The Amazon Resource Name (ARN) of the rule group.+    arn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the rule group. You can\'t change the name of a+    -- rule group after you create it.+    name :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RuleGroupMetadata' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'arn', 'ruleGroupMetadata_arn' - The Amazon Resource Name (ARN) of the rule group.+--+-- 'name', 'ruleGroupMetadata_name' - The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+newRuleGroupMetadata ::+  RuleGroupMetadata+newRuleGroupMetadata =+  RuleGroupMetadata'+    { arn = Prelude.Nothing,+      name = Prelude.Nothing+    }++-- | The Amazon Resource Name (ARN) of the rule group.+ruleGroupMetadata_arn :: Lens.Lens' RuleGroupMetadata (Prelude.Maybe Prelude.Text)+ruleGroupMetadata_arn = Lens.lens (\RuleGroupMetadata' {arn} -> arn) (\s@RuleGroupMetadata' {} a -> s {arn = a} :: RuleGroupMetadata)++-- | The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+ruleGroupMetadata_name :: Lens.Lens' RuleGroupMetadata (Prelude.Maybe Prelude.Text)+ruleGroupMetadata_name = Lens.lens (\RuleGroupMetadata' {name} -> name) (\s@RuleGroupMetadata' {} a -> s {name = a} :: RuleGroupMetadata)++instance Data.FromJSON RuleGroupMetadata where+  parseJSON =+    Data.withObject+      "RuleGroupMetadata"+      ( \x ->+          RuleGroupMetadata'+            Prelude.<$> (x Data..:? "Arn")+            Prelude.<*> (x Data..:? "Name")+      )++instance Prelude.Hashable RuleGroupMetadata where+  hashWithSalt _salt RuleGroupMetadata' {..} =+    _salt+      `Prelude.hashWithSalt` arn+      `Prelude.hashWithSalt` name++instance Prelude.NFData RuleGroupMetadata where+  rnf RuleGroupMetadata' {..} =+    Prelude.rnf arn `Prelude.seq` Prelude.rnf name
+ gen/Amazonka/NetworkFirewall/Types/RuleGroupResponse.hs view
@@ -0,0 +1,313 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.RuleGroupResponse+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.RuleGroupResponse where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.EncryptionConfiguration+import Amazonka.NetworkFirewall.Types.ResourceStatus+import Amazonka.NetworkFirewall.Types.RuleGroupType+import Amazonka.NetworkFirewall.Types.SourceMetadata+import Amazonka.NetworkFirewall.Types.Tag+import qualified Amazonka.Prelude as Prelude++-- | The high-level properties of a rule group. This, along with the+-- RuleGroup, define the rule group. You can retrieve all objects for a+-- rule group by calling DescribeRuleGroup.+--+-- /See:/ 'newRuleGroupResponse' smart constructor.+data RuleGroupResponse = RuleGroupResponse'+  { -- | The maximum operating resources that this rule group can use. Rule group+    -- capacity is fixed at creation. When you update a rule group, you are+    -- limited to this capacity. When you reference a rule group from a+    -- firewall policy, Network Firewall reserves this capacity for the rule+    -- group.+    --+    -- You can retrieve the capacity that would be required for a rule group+    -- before you create the rule group by calling CreateRuleGroup with+    -- @DryRun@ set to @TRUE@.+    capacity :: Prelude.Maybe Prelude.Int,+    -- | The number of capacity units currently consumed by the rule group rules.+    consumedCapacity :: Prelude.Maybe Prelude.Int,+    -- | A description of the rule group.+    description :: Prelude.Maybe Prelude.Text,+    -- | A complex type that contains the Amazon Web Services KMS encryption+    -- configuration settings for your rule group.+    encryptionConfiguration :: Prelude.Maybe EncryptionConfiguration,+    -- | The last time that the rule group was changed.+    lastModifiedTime :: Prelude.Maybe Data.POSIX,+    -- | The number of firewall policies that use this rule group.+    numberOfAssociations :: Prelude.Maybe Prelude.Int,+    -- | Detailed information about the current status of a rule group.+    ruleGroupStatus :: Prelude.Maybe ResourceStatus,+    -- | The Amazon resource name (ARN) of the Amazon Simple Notification Service+    -- SNS topic that\'s used to record changes to the managed rule group. You+    -- can subscribe to the SNS topic to receive notifications when the managed+    -- rule group is modified, such as for new versions and for version+    -- expiration. For more information, see the+    -- <https://docs.aws.amazon.com/sns/latest/dg/welcome.html Amazon Simple Notification Service Developer Guide.>.+    snsTopic :: Prelude.Maybe Prelude.Text,+    -- | A complex type that contains metadata about the rule group that your own+    -- rule group is copied from. You can use the metadata to track the version+    -- updates made to the originating rule group.+    sourceMetadata :: Prelude.Maybe SourceMetadata,+    -- | The key:value pairs to associate with the resource.+    tags :: Prelude.Maybe (Prelude.NonEmpty Tag),+    -- | Indicates whether the rule group is stateless or stateful. If the rule+    -- group is stateless, it contains stateless rules. If it is stateful, it+    -- contains stateful rules.+    type' :: Prelude.Maybe RuleGroupType,+    -- | The Amazon Resource Name (ARN) of the rule group.+    --+    -- If this response is for a create request that had @DryRun@ set to+    -- @TRUE@, then this ARN is a placeholder that isn\'t attached to a valid+    -- resource.+    ruleGroupArn :: Prelude.Text,+    -- | The descriptive name of the rule group. You can\'t change the name of a+    -- rule group after you create it.+    ruleGroupName :: Prelude.Text,+    -- | The unique identifier for the rule group.+    ruleGroupId :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RuleGroupResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'capacity', 'ruleGroupResponse_capacity' - The maximum operating resources that this rule group can use. Rule group+-- capacity is fixed at creation. When you update a rule group, you are+-- limited to this capacity. When you reference a rule group from a+-- firewall policy, Network Firewall reserves this capacity for the rule+-- group.+--+-- You can retrieve the capacity that would be required for a rule group+-- before you create the rule group by calling CreateRuleGroup with+-- @DryRun@ set to @TRUE@.+--+-- 'consumedCapacity', 'ruleGroupResponse_consumedCapacity' - The number of capacity units currently consumed by the rule group rules.+--+-- 'description', 'ruleGroupResponse_description' - A description of the rule group.+--+-- 'encryptionConfiguration', 'ruleGroupResponse_encryptionConfiguration' - A complex type that contains the Amazon Web Services KMS encryption+-- configuration settings for your rule group.+--+-- 'lastModifiedTime', 'ruleGroupResponse_lastModifiedTime' - The last time that the rule group was changed.+--+-- 'numberOfAssociations', 'ruleGroupResponse_numberOfAssociations' - The number of firewall policies that use this rule group.+--+-- 'ruleGroupStatus', 'ruleGroupResponse_ruleGroupStatus' - Detailed information about the current status of a rule group.+--+-- 'snsTopic', 'ruleGroupResponse_snsTopic' - The Amazon resource name (ARN) of the Amazon Simple Notification Service+-- SNS topic that\'s used to record changes to the managed rule group. You+-- can subscribe to the SNS topic to receive notifications when the managed+-- rule group is modified, such as for new versions and for version+-- expiration. For more information, see the+-- <https://docs.aws.amazon.com/sns/latest/dg/welcome.html Amazon Simple Notification Service Developer Guide.>.+--+-- 'sourceMetadata', 'ruleGroupResponse_sourceMetadata' - A complex type that contains metadata about the rule group that your own+-- rule group is copied from. You can use the metadata to track the version+-- updates made to the originating rule group.+--+-- 'tags', 'ruleGroupResponse_tags' - The key:value pairs to associate with the resource.+--+-- 'type'', 'ruleGroupResponse_type' - Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+--+-- 'ruleGroupArn', 'ruleGroupResponse_ruleGroupArn' - The Amazon Resource Name (ARN) of the rule group.+--+-- If this response is for a create request that had @DryRun@ set to+-- @TRUE@, then this ARN is a placeholder that isn\'t attached to a valid+-- resource.+--+-- 'ruleGroupName', 'ruleGroupResponse_ruleGroupName' - The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- 'ruleGroupId', 'ruleGroupResponse_ruleGroupId' - The unique identifier for the rule group.+newRuleGroupResponse ::+  -- | 'ruleGroupArn'+  Prelude.Text ->+  -- | 'ruleGroupName'+  Prelude.Text ->+  -- | 'ruleGroupId'+  Prelude.Text ->+  RuleGroupResponse+newRuleGroupResponse+  pRuleGroupArn_+  pRuleGroupName_+  pRuleGroupId_ =+    RuleGroupResponse'+      { capacity = Prelude.Nothing,+        consumedCapacity = Prelude.Nothing,+        description = Prelude.Nothing,+        encryptionConfiguration = Prelude.Nothing,+        lastModifiedTime = Prelude.Nothing,+        numberOfAssociations = Prelude.Nothing,+        ruleGroupStatus = Prelude.Nothing,+        snsTopic = Prelude.Nothing,+        sourceMetadata = Prelude.Nothing,+        tags = Prelude.Nothing,+        type' = Prelude.Nothing,+        ruleGroupArn = pRuleGroupArn_,+        ruleGroupName = pRuleGroupName_,+        ruleGroupId = pRuleGroupId_+      }++-- | The maximum operating resources that this rule group can use. Rule group+-- capacity is fixed at creation. When you update a rule group, you are+-- limited to this capacity. When you reference a rule group from a+-- firewall policy, Network Firewall reserves this capacity for the rule+-- group.+--+-- You can retrieve the capacity that would be required for a rule group+-- before you create the rule group by calling CreateRuleGroup with+-- @DryRun@ set to @TRUE@.+ruleGroupResponse_capacity :: Lens.Lens' RuleGroupResponse (Prelude.Maybe Prelude.Int)+ruleGroupResponse_capacity = Lens.lens (\RuleGroupResponse' {capacity} -> capacity) (\s@RuleGroupResponse' {} a -> s {capacity = a} :: RuleGroupResponse)++-- | The number of capacity units currently consumed by the rule group rules.+ruleGroupResponse_consumedCapacity :: Lens.Lens' RuleGroupResponse (Prelude.Maybe Prelude.Int)+ruleGroupResponse_consumedCapacity = Lens.lens (\RuleGroupResponse' {consumedCapacity} -> consumedCapacity) (\s@RuleGroupResponse' {} a -> s {consumedCapacity = a} :: RuleGroupResponse)++-- | A description of the rule group.+ruleGroupResponse_description :: Lens.Lens' RuleGroupResponse (Prelude.Maybe Prelude.Text)+ruleGroupResponse_description = Lens.lens (\RuleGroupResponse' {description} -> description) (\s@RuleGroupResponse' {} a -> s {description = a} :: RuleGroupResponse)++-- | A complex type that contains the Amazon Web Services KMS encryption+-- configuration settings for your rule group.+ruleGroupResponse_encryptionConfiguration :: Lens.Lens' RuleGroupResponse (Prelude.Maybe EncryptionConfiguration)+ruleGroupResponse_encryptionConfiguration = Lens.lens (\RuleGroupResponse' {encryptionConfiguration} -> encryptionConfiguration) (\s@RuleGroupResponse' {} a -> s {encryptionConfiguration = a} :: RuleGroupResponse)++-- | The last time that the rule group was changed.+ruleGroupResponse_lastModifiedTime :: Lens.Lens' RuleGroupResponse (Prelude.Maybe Prelude.UTCTime)+ruleGroupResponse_lastModifiedTime = Lens.lens (\RuleGroupResponse' {lastModifiedTime} -> lastModifiedTime) (\s@RuleGroupResponse' {} a -> s {lastModifiedTime = a} :: RuleGroupResponse) Prelude.. Lens.mapping Data._Time++-- | The number of firewall policies that use this rule group.+ruleGroupResponse_numberOfAssociations :: Lens.Lens' RuleGroupResponse (Prelude.Maybe Prelude.Int)+ruleGroupResponse_numberOfAssociations = Lens.lens (\RuleGroupResponse' {numberOfAssociations} -> numberOfAssociations) (\s@RuleGroupResponse' {} a -> s {numberOfAssociations = a} :: RuleGroupResponse)++-- | Detailed information about the current status of a rule group.+ruleGroupResponse_ruleGroupStatus :: Lens.Lens' RuleGroupResponse (Prelude.Maybe ResourceStatus)+ruleGroupResponse_ruleGroupStatus = Lens.lens (\RuleGroupResponse' {ruleGroupStatus} -> ruleGroupStatus) (\s@RuleGroupResponse' {} a -> s {ruleGroupStatus = a} :: RuleGroupResponse)++-- | The Amazon resource name (ARN) of the Amazon Simple Notification Service+-- SNS topic that\'s used to record changes to the managed rule group. You+-- can subscribe to the SNS topic to receive notifications when the managed+-- rule group is modified, such as for new versions and for version+-- expiration. For more information, see the+-- <https://docs.aws.amazon.com/sns/latest/dg/welcome.html Amazon Simple Notification Service Developer Guide.>.+ruleGroupResponse_snsTopic :: Lens.Lens' RuleGroupResponse (Prelude.Maybe Prelude.Text)+ruleGroupResponse_snsTopic = Lens.lens (\RuleGroupResponse' {snsTopic} -> snsTopic) (\s@RuleGroupResponse' {} a -> s {snsTopic = a} :: RuleGroupResponse)++-- | A complex type that contains metadata about the rule group that your own+-- rule group is copied from. You can use the metadata to track the version+-- updates made to the originating rule group.+ruleGroupResponse_sourceMetadata :: Lens.Lens' RuleGroupResponse (Prelude.Maybe SourceMetadata)+ruleGroupResponse_sourceMetadata = Lens.lens (\RuleGroupResponse' {sourceMetadata} -> sourceMetadata) (\s@RuleGroupResponse' {} a -> s {sourceMetadata = a} :: RuleGroupResponse)++-- | The key:value pairs to associate with the resource.+ruleGroupResponse_tags :: Lens.Lens' RuleGroupResponse (Prelude.Maybe (Prelude.NonEmpty Tag))+ruleGroupResponse_tags = Lens.lens (\RuleGroupResponse' {tags} -> tags) (\s@RuleGroupResponse' {} a -> s {tags = a} :: RuleGroupResponse) Prelude.. Lens.mapping Lens.coerced++-- | Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+ruleGroupResponse_type :: Lens.Lens' RuleGroupResponse (Prelude.Maybe RuleGroupType)+ruleGroupResponse_type = Lens.lens (\RuleGroupResponse' {type'} -> type') (\s@RuleGroupResponse' {} a -> s {type' = a} :: RuleGroupResponse)++-- | The Amazon Resource Name (ARN) of the rule group.+--+-- If this response is for a create request that had @DryRun@ set to+-- @TRUE@, then this ARN is a placeholder that isn\'t attached to a valid+-- resource.+ruleGroupResponse_ruleGroupArn :: Lens.Lens' RuleGroupResponse Prelude.Text+ruleGroupResponse_ruleGroupArn = Lens.lens (\RuleGroupResponse' {ruleGroupArn} -> ruleGroupArn) (\s@RuleGroupResponse' {} a -> s {ruleGroupArn = a} :: RuleGroupResponse)++-- | The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+ruleGroupResponse_ruleGroupName :: Lens.Lens' RuleGroupResponse Prelude.Text+ruleGroupResponse_ruleGroupName = Lens.lens (\RuleGroupResponse' {ruleGroupName} -> ruleGroupName) (\s@RuleGroupResponse' {} a -> s {ruleGroupName = a} :: RuleGroupResponse)++-- | The unique identifier for the rule group.+ruleGroupResponse_ruleGroupId :: Lens.Lens' RuleGroupResponse Prelude.Text+ruleGroupResponse_ruleGroupId = Lens.lens (\RuleGroupResponse' {ruleGroupId} -> ruleGroupId) (\s@RuleGroupResponse' {} a -> s {ruleGroupId = a} :: RuleGroupResponse)++instance Data.FromJSON RuleGroupResponse where+  parseJSON =+    Data.withObject+      "RuleGroupResponse"+      ( \x ->+          RuleGroupResponse'+            Prelude.<$> (x Data..:? "Capacity")+            Prelude.<*> (x Data..:? "ConsumedCapacity")+            Prelude.<*> (x Data..:? "Description")+            Prelude.<*> (x Data..:? "EncryptionConfiguration")+            Prelude.<*> (x Data..:? "LastModifiedTime")+            Prelude.<*> (x Data..:? "NumberOfAssociations")+            Prelude.<*> (x Data..:? "RuleGroupStatus")+            Prelude.<*> (x Data..:? "SnsTopic")+            Prelude.<*> (x Data..:? "SourceMetadata")+            Prelude.<*> (x Data..:? "Tags")+            Prelude.<*> (x Data..:? "Type")+            Prelude.<*> (x Data..: "RuleGroupArn")+            Prelude.<*> (x Data..: "RuleGroupName")+            Prelude.<*> (x Data..: "RuleGroupId")+      )++instance Prelude.Hashable RuleGroupResponse where+  hashWithSalt _salt RuleGroupResponse' {..} =+    _salt+      `Prelude.hashWithSalt` capacity+      `Prelude.hashWithSalt` consumedCapacity+      `Prelude.hashWithSalt` description+      `Prelude.hashWithSalt` encryptionConfiguration+      `Prelude.hashWithSalt` lastModifiedTime+      `Prelude.hashWithSalt` numberOfAssociations+      `Prelude.hashWithSalt` ruleGroupStatus+      `Prelude.hashWithSalt` snsTopic+      `Prelude.hashWithSalt` sourceMetadata+      `Prelude.hashWithSalt` tags+      `Prelude.hashWithSalt` type'+      `Prelude.hashWithSalt` ruleGroupArn+      `Prelude.hashWithSalt` ruleGroupName+      `Prelude.hashWithSalt` ruleGroupId++instance Prelude.NFData RuleGroupResponse where+  rnf RuleGroupResponse' {..} =+    Prelude.rnf capacity+      `Prelude.seq` Prelude.rnf consumedCapacity+      `Prelude.seq` Prelude.rnf description+      `Prelude.seq` Prelude.rnf encryptionConfiguration+      `Prelude.seq` Prelude.rnf lastModifiedTime+      `Prelude.seq` Prelude.rnf numberOfAssociations+      `Prelude.seq` Prelude.rnf ruleGroupStatus+      `Prelude.seq` Prelude.rnf snsTopic+      `Prelude.seq` Prelude.rnf sourceMetadata+      `Prelude.seq` Prelude.rnf tags+      `Prelude.seq` Prelude.rnf type'+      `Prelude.seq` Prelude.rnf ruleGroupArn+      `Prelude.seq` Prelude.rnf ruleGroupName+      `Prelude.seq` Prelude.rnf ruleGroupId
+ gen/Amazonka/NetworkFirewall/Types/RuleGroupType.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.RuleGroupType+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.RuleGroupType+  ( RuleGroupType+      ( ..,+        RuleGroupType_STATEFUL,+        RuleGroupType_STATELESS+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype RuleGroupType = RuleGroupType'+  { fromRuleGroupType ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern RuleGroupType_STATEFUL :: RuleGroupType+pattern RuleGroupType_STATEFUL = RuleGroupType' "STATEFUL"++pattern RuleGroupType_STATELESS :: RuleGroupType+pattern RuleGroupType_STATELESS = RuleGroupType' "STATELESS"++{-# COMPLETE+  RuleGroupType_STATEFUL,+  RuleGroupType_STATELESS,+  RuleGroupType'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/RuleOption.hs view
@@ -0,0 +1,92 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.RuleOption+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.RuleOption where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | Additional settings for a stateful rule. This is part of the+-- StatefulRule configuration.+--+-- /See:/ 'newRuleOption' smart constructor.+data RuleOption = RuleOption'+  { settings :: Prelude.Maybe [Prelude.Text],+    keyword :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RuleOption' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'settings', 'ruleOption_settings' -+--+-- 'keyword', 'ruleOption_keyword' -+newRuleOption ::+  -- | 'keyword'+  Prelude.Text ->+  RuleOption+newRuleOption pKeyword_ =+  RuleOption'+    { settings = Prelude.Nothing,+      keyword = pKeyword_+    }++ruleOption_settings :: Lens.Lens' RuleOption (Prelude.Maybe [Prelude.Text])+ruleOption_settings = Lens.lens (\RuleOption' {settings} -> settings) (\s@RuleOption' {} a -> s {settings = a} :: RuleOption) Prelude.. Lens.mapping Lens.coerced++ruleOption_keyword :: Lens.Lens' RuleOption Prelude.Text+ruleOption_keyword = Lens.lens (\RuleOption' {keyword} -> keyword) (\s@RuleOption' {} a -> s {keyword = a} :: RuleOption)++instance Data.FromJSON RuleOption where+  parseJSON =+    Data.withObject+      "RuleOption"+      ( \x ->+          RuleOption'+            Prelude.<$> (x Data..:? "Settings" Data..!= Prelude.mempty)+            Prelude.<*> (x Data..: "Keyword")+      )++instance Prelude.Hashable RuleOption where+  hashWithSalt _salt RuleOption' {..} =+    _salt+      `Prelude.hashWithSalt` settings+      `Prelude.hashWithSalt` keyword++instance Prelude.NFData RuleOption where+  rnf RuleOption' {..} =+    Prelude.rnf settings+      `Prelude.seq` Prelude.rnf keyword++instance Data.ToJSON RuleOption where+  toJSON RuleOption' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("Settings" Data..=) Prelude.<$> settings,+            Prelude.Just ("Keyword" Data..= keyword)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/RuleOrder.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.RuleOrder+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.RuleOrder+  ( RuleOrder+      ( ..,+        RuleOrder_DEFAULT_ACTION_ORDER,+        RuleOrder_STRICT_ORDER+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype RuleOrder = RuleOrder'+  { fromRuleOrder ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern RuleOrder_DEFAULT_ACTION_ORDER :: RuleOrder+pattern RuleOrder_DEFAULT_ACTION_ORDER = RuleOrder' "DEFAULT_ACTION_ORDER"++pattern RuleOrder_STRICT_ORDER :: RuleOrder+pattern RuleOrder_STRICT_ORDER = RuleOrder' "STRICT_ORDER"++{-# COMPLETE+  RuleOrder_DEFAULT_ACTION_ORDER,+  RuleOrder_STRICT_ORDER,+  RuleOrder'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/RuleVariables.hs view
@@ -0,0 +1,96 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.RuleVariables+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.RuleVariables where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.IPSet+import Amazonka.NetworkFirewall.Types.PortSet+import qualified Amazonka.Prelude as Prelude++-- | Settings that are available for use in the rules in the RuleGroup where+-- this is defined.+--+-- /See:/ 'newRuleVariables' smart constructor.+data RuleVariables = RuleVariables'+  { -- | A list of IP addresses and address ranges, in CIDR notation.+    iPSets :: Prelude.Maybe (Prelude.HashMap Prelude.Text IPSet),+    -- | A list of port ranges.+    portSets :: Prelude.Maybe (Prelude.HashMap Prelude.Text PortSet)+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RuleVariables' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'iPSets', 'ruleVariables_iPSets' - A list of IP addresses and address ranges, in CIDR notation.+--+-- 'portSets', 'ruleVariables_portSets' - A list of port ranges.+newRuleVariables ::+  RuleVariables+newRuleVariables =+  RuleVariables'+    { iPSets = Prelude.Nothing,+      portSets = Prelude.Nothing+    }++-- | A list of IP addresses and address ranges, in CIDR notation.+ruleVariables_iPSets :: Lens.Lens' RuleVariables (Prelude.Maybe (Prelude.HashMap Prelude.Text IPSet))+ruleVariables_iPSets = Lens.lens (\RuleVariables' {iPSets} -> iPSets) (\s@RuleVariables' {} a -> s {iPSets = a} :: RuleVariables) Prelude.. Lens.mapping Lens.coerced++-- | A list of port ranges.+ruleVariables_portSets :: Lens.Lens' RuleVariables (Prelude.Maybe (Prelude.HashMap Prelude.Text PortSet))+ruleVariables_portSets = Lens.lens (\RuleVariables' {portSets} -> portSets) (\s@RuleVariables' {} a -> s {portSets = a} :: RuleVariables) Prelude.. Lens.mapping Lens.coerced++instance Data.FromJSON RuleVariables where+  parseJSON =+    Data.withObject+      "RuleVariables"+      ( \x ->+          RuleVariables'+            Prelude.<$> (x Data..:? "IPSets" Data..!= Prelude.mempty)+            Prelude.<*> (x Data..:? "PortSets" Data..!= Prelude.mempty)+      )++instance Prelude.Hashable RuleVariables where+  hashWithSalt _salt RuleVariables' {..} =+    _salt+      `Prelude.hashWithSalt` iPSets+      `Prelude.hashWithSalt` portSets++instance Prelude.NFData RuleVariables where+  rnf RuleVariables' {..} =+    Prelude.rnf iPSets+      `Prelude.seq` Prelude.rnf portSets++instance Data.ToJSON RuleVariables where+  toJSON RuleVariables' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("IPSets" Data..=) Prelude.<$> iPSets,+            ("PortSets" Data..=) Prelude.<$> portSets+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/RulesSource.hs view
@@ -0,0 +1,159 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.RulesSource+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.RulesSource where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.RulesSourceList+import Amazonka.NetworkFirewall.Types.StatefulRule+import Amazonka.NetworkFirewall.Types.StatelessRulesAndCustomActions+import qualified Amazonka.Prelude as Prelude++-- | The stateless or stateful rules definitions for use in a single rule+-- group. Each rule group requires a single @RulesSource@. You can use an+-- instance of this for either stateless rules or stateful rules.+--+-- /See:/ 'newRulesSource' smart constructor.+data RulesSource = RulesSource'+  { -- | Stateful inspection criteria for a domain list rule group.+    rulesSourceList :: Prelude.Maybe RulesSourceList,+    -- | Stateful inspection criteria, provided in Suricata compatible intrusion+    -- prevention system (IPS) rules. Suricata is an open-source network IPS+    -- that includes a standard rule-based language for network traffic+    -- inspection.+    --+    -- These rules contain the inspection criteria and the action to take for+    -- traffic that matches the criteria, so this type of rule group doesn\'t+    -- have a separate action setting.+    rulesString :: Prelude.Maybe Prelude.Text,+    -- | An array of individual stateful rules inspection criteria to be used+    -- together in a stateful rule group. Use this option to specify simple+    -- Suricata rules with protocol, source and destination, ports, direction,+    -- and rule options. For information about the Suricata @Rules@ format, see+    -- <https://suricata.readthedocs.io/rules/intro.html# Rules Format>.+    statefulRules :: Prelude.Maybe [StatefulRule],+    -- | Stateless inspection criteria to be used in a stateless rule group.+    statelessRulesAndCustomActions :: Prelude.Maybe StatelessRulesAndCustomActions+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RulesSource' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'rulesSourceList', 'rulesSource_rulesSourceList' - Stateful inspection criteria for a domain list rule group.+--+-- 'rulesString', 'rulesSource_rulesString' - Stateful inspection criteria, provided in Suricata compatible intrusion+-- prevention system (IPS) rules. Suricata is an open-source network IPS+-- that includes a standard rule-based language for network traffic+-- inspection.+--+-- These rules contain the inspection criteria and the action to take for+-- traffic that matches the criteria, so this type of rule group doesn\'t+-- have a separate action setting.+--+-- 'statefulRules', 'rulesSource_statefulRules' - An array of individual stateful rules inspection criteria to be used+-- together in a stateful rule group. Use this option to specify simple+-- Suricata rules with protocol, source and destination, ports, direction,+-- and rule options. For information about the Suricata @Rules@ format, see+-- <https://suricata.readthedocs.io/rules/intro.html# Rules Format>.+--+-- 'statelessRulesAndCustomActions', 'rulesSource_statelessRulesAndCustomActions' - Stateless inspection criteria to be used in a stateless rule group.+newRulesSource ::+  RulesSource+newRulesSource =+  RulesSource'+    { rulesSourceList = Prelude.Nothing,+      rulesString = Prelude.Nothing,+      statefulRules = Prelude.Nothing,+      statelessRulesAndCustomActions = Prelude.Nothing+    }++-- | Stateful inspection criteria for a domain list rule group.+rulesSource_rulesSourceList :: Lens.Lens' RulesSource (Prelude.Maybe RulesSourceList)+rulesSource_rulesSourceList = Lens.lens (\RulesSource' {rulesSourceList} -> rulesSourceList) (\s@RulesSource' {} a -> s {rulesSourceList = a} :: RulesSource)++-- | Stateful inspection criteria, provided in Suricata compatible intrusion+-- prevention system (IPS) rules. Suricata is an open-source network IPS+-- that includes a standard rule-based language for network traffic+-- inspection.+--+-- These rules contain the inspection criteria and the action to take for+-- traffic that matches the criteria, so this type of rule group doesn\'t+-- have a separate action setting.+rulesSource_rulesString :: Lens.Lens' RulesSource (Prelude.Maybe Prelude.Text)+rulesSource_rulesString = Lens.lens (\RulesSource' {rulesString} -> rulesString) (\s@RulesSource' {} a -> s {rulesString = a} :: RulesSource)++-- | An array of individual stateful rules inspection criteria to be used+-- together in a stateful rule group. Use this option to specify simple+-- Suricata rules with protocol, source and destination, ports, direction,+-- and rule options. For information about the Suricata @Rules@ format, see+-- <https://suricata.readthedocs.io/rules/intro.html# Rules Format>.+rulesSource_statefulRules :: Lens.Lens' RulesSource (Prelude.Maybe [StatefulRule])+rulesSource_statefulRules = Lens.lens (\RulesSource' {statefulRules} -> statefulRules) (\s@RulesSource' {} a -> s {statefulRules = a} :: RulesSource) Prelude.. Lens.mapping Lens.coerced++-- | Stateless inspection criteria to be used in a stateless rule group.+rulesSource_statelessRulesAndCustomActions :: Lens.Lens' RulesSource (Prelude.Maybe StatelessRulesAndCustomActions)+rulesSource_statelessRulesAndCustomActions = Lens.lens (\RulesSource' {statelessRulesAndCustomActions} -> statelessRulesAndCustomActions) (\s@RulesSource' {} a -> s {statelessRulesAndCustomActions = a} :: RulesSource)++instance Data.FromJSON RulesSource where+  parseJSON =+    Data.withObject+      "RulesSource"+      ( \x ->+          RulesSource'+            Prelude.<$> (x Data..:? "RulesSourceList")+            Prelude.<*> (x Data..:? "RulesString")+            Prelude.<*> (x Data..:? "StatefulRules" Data..!= Prelude.mempty)+            Prelude.<*> (x Data..:? "StatelessRulesAndCustomActions")+      )++instance Prelude.Hashable RulesSource where+  hashWithSalt _salt RulesSource' {..} =+    _salt+      `Prelude.hashWithSalt` rulesSourceList+      `Prelude.hashWithSalt` rulesString+      `Prelude.hashWithSalt` statefulRules+      `Prelude.hashWithSalt` statelessRulesAndCustomActions++instance Prelude.NFData RulesSource where+  rnf RulesSource' {..} =+    Prelude.rnf rulesSourceList+      `Prelude.seq` Prelude.rnf rulesString+      `Prelude.seq` Prelude.rnf statefulRules+      `Prelude.seq` Prelude.rnf statelessRulesAndCustomActions++instance Data.ToJSON RulesSource where+  toJSON RulesSource' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("RulesSourceList" Data..=)+              Prelude.<$> rulesSourceList,+            ("RulesString" Data..=) Prelude.<$> rulesString,+            ("StatefulRules" Data..=) Prelude.<$> statefulRules,+            ("StatelessRulesAndCustomActions" Data..=)+              Prelude.<$> statelessRulesAndCustomActions+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/RulesSourceList.hs view
@@ -0,0 +1,156 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.RulesSourceList+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.RulesSourceList where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.GeneratedRulesType+import Amazonka.NetworkFirewall.Types.TargetType+import qualified Amazonka.Prelude as Prelude++-- | Stateful inspection criteria for a domain list rule group.+--+-- For HTTPS traffic, domain filtering is SNI-based. It uses the server+-- name indicator extension of the TLS handshake.+--+-- By default, Network Firewall domain list inspection only includes+-- traffic coming from the VPC where you deploy the firewall. To inspect+-- traffic from IP addresses outside of the deployment VPC, you set the+-- @HOME_NET@ rule variable to include the CIDR range of the deployment VPC+-- plus the other CIDR ranges. For more information, see RuleVariables in+-- this guide and+-- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-domain-names.html Stateful domain list rule groups in Network Firewall>+-- in the /Network Firewall Developer Guide/.+--+-- /See:/ 'newRulesSourceList' smart constructor.+data RulesSourceList = RulesSourceList'+  { -- | The domains that you want to inspect for in your traffic flows. Valid+    -- domain specifications are the following:+    --+    -- -   Explicit names. For example, @abc.example.com@ matches only the+    --     domain @abc.example.com@.+    --+    -- -   Names that use a domain wildcard, which you indicate with an initial+    --     \'@.@\'. For example,@.example.com@ matches @example.com@ and+    --     matches all subdomains of @example.com@, such as @abc.example.com@+    --     and @www.example.com@.+    targets :: [Prelude.Text],+    -- | The protocols you want to inspect. Specify @TLS_SNI@ for @HTTPS@.+    -- Specify @HTTP_HOST@ for @HTTP@. You can specify either or both.+    targetTypes :: [TargetType],+    -- | Whether you want to allow or deny access to the domains in your target+    -- list.+    generatedRulesType :: GeneratedRulesType+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RulesSourceList' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'targets', 'rulesSourceList_targets' - The domains that you want to inspect for in your traffic flows. Valid+-- domain specifications are the following:+--+-- -   Explicit names. For example, @abc.example.com@ matches only the+--     domain @abc.example.com@.+--+-- -   Names that use a domain wildcard, which you indicate with an initial+--     \'@.@\'. For example,@.example.com@ matches @example.com@ and+--     matches all subdomains of @example.com@, such as @abc.example.com@+--     and @www.example.com@.+--+-- 'targetTypes', 'rulesSourceList_targetTypes' - The protocols you want to inspect. Specify @TLS_SNI@ for @HTTPS@.+-- Specify @HTTP_HOST@ for @HTTP@. You can specify either or both.+--+-- 'generatedRulesType', 'rulesSourceList_generatedRulesType' - Whether you want to allow or deny access to the domains in your target+-- list.+newRulesSourceList ::+  -- | 'generatedRulesType'+  GeneratedRulesType ->+  RulesSourceList+newRulesSourceList pGeneratedRulesType_ =+  RulesSourceList'+    { targets = Prelude.mempty,+      targetTypes = Prelude.mempty,+      generatedRulesType = pGeneratedRulesType_+    }++-- | The domains that you want to inspect for in your traffic flows. Valid+-- domain specifications are the following:+--+-- -   Explicit names. For example, @abc.example.com@ matches only the+--     domain @abc.example.com@.+--+-- -   Names that use a domain wildcard, which you indicate with an initial+--     \'@.@\'. For example,@.example.com@ matches @example.com@ and+--     matches all subdomains of @example.com@, such as @abc.example.com@+--     and @www.example.com@.+rulesSourceList_targets :: Lens.Lens' RulesSourceList [Prelude.Text]+rulesSourceList_targets = Lens.lens (\RulesSourceList' {targets} -> targets) (\s@RulesSourceList' {} a -> s {targets = a} :: RulesSourceList) Prelude.. Lens.coerced++-- | The protocols you want to inspect. Specify @TLS_SNI@ for @HTTPS@.+-- Specify @HTTP_HOST@ for @HTTP@. You can specify either or both.+rulesSourceList_targetTypes :: Lens.Lens' RulesSourceList [TargetType]+rulesSourceList_targetTypes = Lens.lens (\RulesSourceList' {targetTypes} -> targetTypes) (\s@RulesSourceList' {} a -> s {targetTypes = a} :: RulesSourceList) Prelude.. Lens.coerced++-- | Whether you want to allow or deny access to the domains in your target+-- list.+rulesSourceList_generatedRulesType :: Lens.Lens' RulesSourceList GeneratedRulesType+rulesSourceList_generatedRulesType = Lens.lens (\RulesSourceList' {generatedRulesType} -> generatedRulesType) (\s@RulesSourceList' {} a -> s {generatedRulesType = a} :: RulesSourceList)++instance Data.FromJSON RulesSourceList where+  parseJSON =+    Data.withObject+      "RulesSourceList"+      ( \x ->+          RulesSourceList'+            Prelude.<$> (x Data..:? "Targets" Data..!= Prelude.mempty)+            Prelude.<*> (x Data..:? "TargetTypes" Data..!= Prelude.mempty)+            Prelude.<*> (x Data..: "GeneratedRulesType")+      )++instance Prelude.Hashable RulesSourceList where+  hashWithSalt _salt RulesSourceList' {..} =+    _salt+      `Prelude.hashWithSalt` targets+      `Prelude.hashWithSalt` targetTypes+      `Prelude.hashWithSalt` generatedRulesType++instance Prelude.NFData RulesSourceList where+  rnf RulesSourceList' {..} =+    Prelude.rnf targets+      `Prelude.seq` Prelude.rnf targetTypes+      `Prelude.seq` Prelude.rnf generatedRulesType++instance Data.ToJSON RulesSourceList where+  toJSON RulesSourceList' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just ("Targets" Data..= targets),+            Prelude.Just ("TargetTypes" Data..= targetTypes),+            Prelude.Just+              ("GeneratedRulesType" Data..= generatedRulesType)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/SourceMetadata.hs view
@@ -0,0 +1,110 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.SourceMetadata+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.SourceMetadata where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | High-level information about the managed rule group that your own rule+-- group is copied from. You can use the the metadata to track version+-- updates made to the originating rule group. You can retrieve all objects+-- for a rule group by calling+-- <https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html DescribeRuleGroup>.+--+-- /See:/ 'newSourceMetadata' smart constructor.+data SourceMetadata = SourceMetadata'+  { -- | The Amazon Resource Name (ARN) of the rule group that your own rule+    -- group is copied from.+    sourceArn :: Prelude.Maybe Prelude.Text,+    -- | The update token of the Amazon Web Services managed rule group that your+    -- own rule group is copied from. To determine the update token for the+    -- managed rule group, call+    -- <https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html#networkfirewall-DescribeRuleGroup-response-UpdateToken DescribeRuleGroup>.+    sourceUpdateToken :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'SourceMetadata' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'sourceArn', 'sourceMetadata_sourceArn' - The Amazon Resource Name (ARN) of the rule group that your own rule+-- group is copied from.+--+-- 'sourceUpdateToken', 'sourceMetadata_sourceUpdateToken' - The update token of the Amazon Web Services managed rule group that your+-- own rule group is copied from. To determine the update token for the+-- managed rule group, call+-- <https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html#networkfirewall-DescribeRuleGroup-response-UpdateToken DescribeRuleGroup>.+newSourceMetadata ::+  SourceMetadata+newSourceMetadata =+  SourceMetadata'+    { sourceArn = Prelude.Nothing,+      sourceUpdateToken = Prelude.Nothing+    }++-- | The Amazon Resource Name (ARN) of the rule group that your own rule+-- group is copied from.+sourceMetadata_sourceArn :: Lens.Lens' SourceMetadata (Prelude.Maybe Prelude.Text)+sourceMetadata_sourceArn = Lens.lens (\SourceMetadata' {sourceArn} -> sourceArn) (\s@SourceMetadata' {} a -> s {sourceArn = a} :: SourceMetadata)++-- | The update token of the Amazon Web Services managed rule group that your+-- own rule group is copied from. To determine the update token for the+-- managed rule group, call+-- <https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_DescribeRuleGroup.html#networkfirewall-DescribeRuleGroup-response-UpdateToken DescribeRuleGroup>.+sourceMetadata_sourceUpdateToken :: Lens.Lens' SourceMetadata (Prelude.Maybe Prelude.Text)+sourceMetadata_sourceUpdateToken = Lens.lens (\SourceMetadata' {sourceUpdateToken} -> sourceUpdateToken) (\s@SourceMetadata' {} a -> s {sourceUpdateToken = a} :: SourceMetadata)++instance Data.FromJSON SourceMetadata where+  parseJSON =+    Data.withObject+      "SourceMetadata"+      ( \x ->+          SourceMetadata'+            Prelude.<$> (x Data..:? "SourceArn")+            Prelude.<*> (x Data..:? "SourceUpdateToken")+      )++instance Prelude.Hashable SourceMetadata where+  hashWithSalt _salt SourceMetadata' {..} =+    _salt+      `Prelude.hashWithSalt` sourceArn+      `Prelude.hashWithSalt` sourceUpdateToken++instance Prelude.NFData SourceMetadata where+  rnf SourceMetadata' {..} =+    Prelude.rnf sourceArn+      `Prelude.seq` Prelude.rnf sourceUpdateToken++instance Data.ToJSON SourceMetadata where+  toJSON SourceMetadata' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("SourceArn" Data..=) Prelude.<$> sourceArn,+            ("SourceUpdateToken" Data..=)+              Prelude.<$> sourceUpdateToken+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/StatefulAction.hs view
@@ -0,0 +1,76 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.StatefulAction+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.StatefulAction+  ( StatefulAction+      ( ..,+        StatefulAction_ALERT,+        StatefulAction_DROP,+        StatefulAction_PASS+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype StatefulAction = StatefulAction'+  { fromStatefulAction ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern StatefulAction_ALERT :: StatefulAction+pattern StatefulAction_ALERT = StatefulAction' "ALERT"++pattern StatefulAction_DROP :: StatefulAction+pattern StatefulAction_DROP = StatefulAction' "DROP"++pattern StatefulAction_PASS :: StatefulAction+pattern StatefulAction_PASS = StatefulAction' "PASS"++{-# COMPLETE+  StatefulAction_ALERT,+  StatefulAction_DROP,+  StatefulAction_PASS,+  StatefulAction'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/StatefulEngineOptions.hs view
@@ -0,0 +1,160 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.StatefulEngineOptions+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.StatefulEngineOptions where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.RuleOrder+import Amazonka.NetworkFirewall.Types.StreamExceptionPolicy+import qualified Amazonka.Prelude as Prelude++-- | Configuration settings for the handling of the stateful rule groups in a+-- firewall policy.+--+-- /See:/ 'newStatefulEngineOptions' smart constructor.+data StatefulEngineOptions = StatefulEngineOptions'+  { -- | Indicates how to manage the order of stateful rule evaluation for the+    -- policy. @DEFAULT_ACTION_ORDER@ is the default behavior. Stateful rules+    -- are provided to the rule engine as Suricata compatible strings, and+    -- Suricata evaluates them based on certain settings. For more information,+    -- see+    -- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html Evaluation order for stateful rules>+    -- in the /Network Firewall Developer Guide/.+    ruleOrder :: Prelude.Maybe RuleOrder,+    -- | Configures how Network Firewall processes traffic when a network+    -- connection breaks midstream. Network connections can break due to+    -- disruptions in external networks or within the firewall itself.+    --+    -- -   @DROP@ - Network Firewall fails closed and drops all subsequent+    --     traffic going to the firewall. This is the default behavior.+    --+    -- -   @CONTINUE@ - Network Firewall continues to apply rules to the+    --     subsequent traffic without context from traffic before the break.+    --     This impacts the behavior of rules that depend on this context. For+    --     example, if you have a stateful rule to @drop http@ traffic, Network+    --     Firewall won\'t match the traffic for this rule because the service+    --     won\'t have the context from session initialization defining the+    --     application layer protocol as HTTP. However, this behavior is rule+    --     dependent—a TCP-layer rule using a @flow:stateless@ rule would still+    --     match, as would the @aws:drop_strict@ default action.+    streamExceptionPolicy :: Prelude.Maybe StreamExceptionPolicy+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'StatefulEngineOptions' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'ruleOrder', 'statefulEngineOptions_ruleOrder' - Indicates how to manage the order of stateful rule evaluation for the+-- policy. @DEFAULT_ACTION_ORDER@ is the default behavior. Stateful rules+-- are provided to the rule engine as Suricata compatible strings, and+-- Suricata evaluates them based on certain settings. For more information,+-- see+-- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html Evaluation order for stateful rules>+-- in the /Network Firewall Developer Guide/.+--+-- 'streamExceptionPolicy', 'statefulEngineOptions_streamExceptionPolicy' - Configures how Network Firewall processes traffic when a network+-- connection breaks midstream. Network connections can break due to+-- disruptions in external networks or within the firewall itself.+--+-- -   @DROP@ - Network Firewall fails closed and drops all subsequent+--     traffic going to the firewall. This is the default behavior.+--+-- -   @CONTINUE@ - Network Firewall continues to apply rules to the+--     subsequent traffic without context from traffic before the break.+--     This impacts the behavior of rules that depend on this context. For+--     example, if you have a stateful rule to @drop http@ traffic, Network+--     Firewall won\'t match the traffic for this rule because the service+--     won\'t have the context from session initialization defining the+--     application layer protocol as HTTP. However, this behavior is rule+--     dependent—a TCP-layer rule using a @flow:stateless@ rule would still+--     match, as would the @aws:drop_strict@ default action.+newStatefulEngineOptions ::+  StatefulEngineOptions+newStatefulEngineOptions =+  StatefulEngineOptions'+    { ruleOrder = Prelude.Nothing,+      streamExceptionPolicy = Prelude.Nothing+    }++-- | Indicates how to manage the order of stateful rule evaluation for the+-- policy. @DEFAULT_ACTION_ORDER@ is the default behavior. Stateful rules+-- are provided to the rule engine as Suricata compatible strings, and+-- Suricata evaluates them based on certain settings. For more information,+-- see+-- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html Evaluation order for stateful rules>+-- in the /Network Firewall Developer Guide/.+statefulEngineOptions_ruleOrder :: Lens.Lens' StatefulEngineOptions (Prelude.Maybe RuleOrder)+statefulEngineOptions_ruleOrder = Lens.lens (\StatefulEngineOptions' {ruleOrder} -> ruleOrder) (\s@StatefulEngineOptions' {} a -> s {ruleOrder = a} :: StatefulEngineOptions)++-- | Configures how Network Firewall processes traffic when a network+-- connection breaks midstream. Network connections can break due to+-- disruptions in external networks or within the firewall itself.+--+-- -   @DROP@ - Network Firewall fails closed and drops all subsequent+--     traffic going to the firewall. This is the default behavior.+--+-- -   @CONTINUE@ - Network Firewall continues to apply rules to the+--     subsequent traffic without context from traffic before the break.+--     This impacts the behavior of rules that depend on this context. For+--     example, if you have a stateful rule to @drop http@ traffic, Network+--     Firewall won\'t match the traffic for this rule because the service+--     won\'t have the context from session initialization defining the+--     application layer protocol as HTTP. However, this behavior is rule+--     dependent—a TCP-layer rule using a @flow:stateless@ rule would still+--     match, as would the @aws:drop_strict@ default action.+statefulEngineOptions_streamExceptionPolicy :: Lens.Lens' StatefulEngineOptions (Prelude.Maybe StreamExceptionPolicy)+statefulEngineOptions_streamExceptionPolicy = Lens.lens (\StatefulEngineOptions' {streamExceptionPolicy} -> streamExceptionPolicy) (\s@StatefulEngineOptions' {} a -> s {streamExceptionPolicy = a} :: StatefulEngineOptions)++instance Data.FromJSON StatefulEngineOptions where+  parseJSON =+    Data.withObject+      "StatefulEngineOptions"+      ( \x ->+          StatefulEngineOptions'+            Prelude.<$> (x Data..:? "RuleOrder")+            Prelude.<*> (x Data..:? "StreamExceptionPolicy")+      )++instance Prelude.Hashable StatefulEngineOptions where+  hashWithSalt _salt StatefulEngineOptions' {..} =+    _salt+      `Prelude.hashWithSalt` ruleOrder+      `Prelude.hashWithSalt` streamExceptionPolicy++instance Prelude.NFData StatefulEngineOptions where+  rnf StatefulEngineOptions' {..} =+    Prelude.rnf ruleOrder+      `Prelude.seq` Prelude.rnf streamExceptionPolicy++instance Data.ToJSON StatefulEngineOptions where+  toJSON StatefulEngineOptions' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("RuleOrder" Data..=) Prelude.<$> ruleOrder,+            ("StreamExceptionPolicy" Data..=)+              Prelude.<$> streamExceptionPolicy+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/StatefulRule.hs view
@@ -0,0 +1,183 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.StatefulRule+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.StatefulRule where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.Header+import Amazonka.NetworkFirewall.Types.RuleOption+import Amazonka.NetworkFirewall.Types.StatefulAction+import qualified Amazonka.Prelude as Prelude++-- | A single Suricata rules specification, for use in a stateful rule group.+-- Use this option to specify a simple Suricata rule with protocol, source+-- and destination, ports, direction, and rule options. For information+-- about the Suricata @Rules@ format, see+-- <https://suricata.readthedocs.io/rules/intro.html# Rules Format>.+--+-- /See:/ 'newStatefulRule' smart constructor.+data StatefulRule = StatefulRule'+  { -- | Defines what Network Firewall should do with the packets in a traffic+    -- flow when the flow matches the stateful rule criteria. For all actions,+    -- Network Firewall performs the specified action and discontinues stateful+    -- inspection of the traffic flow.+    --+    -- The actions for a stateful rule are defined as follows:+    --+    -- -   __PASS__ - Permits the packets to go to the intended destination.+    --+    -- -   __DROP__ - Blocks the packets from going to the intended destination+    --     and sends an alert log message, if alert logging is configured in+    --     the Firewall LoggingConfiguration.+    --+    -- -   __ALERT__ - Permits the packets to go to the intended destination+    --     and sends an alert log message, if alert logging is configured in+    --     the Firewall LoggingConfiguration.+    --+    --     You can use this action to test a rule that you intend to use to+    --     drop traffic. You can enable the rule with @ALERT@ action, verify in+    --     the logs that the rule is filtering as you want, then change the+    --     action to @DROP@.+    action :: StatefulAction,+    -- | The stateful inspection criteria for this rule, used to inspect traffic+    -- flows.+    header :: Header,+    -- | Additional options for the rule. These are the Suricata @RuleOptions@+    -- settings.+    ruleOptions :: [RuleOption]+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'StatefulRule' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'action', 'statefulRule_action' - Defines what Network Firewall should do with the packets in a traffic+-- flow when the flow matches the stateful rule criteria. For all actions,+-- Network Firewall performs the specified action and discontinues stateful+-- inspection of the traffic flow.+--+-- The actions for a stateful rule are defined as follows:+--+-- -   __PASS__ - Permits the packets to go to the intended destination.+--+-- -   __DROP__ - Blocks the packets from going to the intended destination+--     and sends an alert log message, if alert logging is configured in+--     the Firewall LoggingConfiguration.+--+-- -   __ALERT__ - Permits the packets to go to the intended destination+--     and sends an alert log message, if alert logging is configured in+--     the Firewall LoggingConfiguration.+--+--     You can use this action to test a rule that you intend to use to+--     drop traffic. You can enable the rule with @ALERT@ action, verify in+--     the logs that the rule is filtering as you want, then change the+--     action to @DROP@.+--+-- 'header', 'statefulRule_header' - The stateful inspection criteria for this rule, used to inspect traffic+-- flows.+--+-- 'ruleOptions', 'statefulRule_ruleOptions' - Additional options for the rule. These are the Suricata @RuleOptions@+-- settings.+newStatefulRule ::+  -- | 'action'+  StatefulAction ->+  -- | 'header'+  Header ->+  StatefulRule+newStatefulRule pAction_ pHeader_ =+  StatefulRule'+    { action = pAction_,+      header = pHeader_,+      ruleOptions = Prelude.mempty+    }++-- | Defines what Network Firewall should do with the packets in a traffic+-- flow when the flow matches the stateful rule criteria. For all actions,+-- Network Firewall performs the specified action and discontinues stateful+-- inspection of the traffic flow.+--+-- The actions for a stateful rule are defined as follows:+--+-- -   __PASS__ - Permits the packets to go to the intended destination.+--+-- -   __DROP__ - Blocks the packets from going to the intended destination+--     and sends an alert log message, if alert logging is configured in+--     the Firewall LoggingConfiguration.+--+-- -   __ALERT__ - Permits the packets to go to the intended destination+--     and sends an alert log message, if alert logging is configured in+--     the Firewall LoggingConfiguration.+--+--     You can use this action to test a rule that you intend to use to+--     drop traffic. You can enable the rule with @ALERT@ action, verify in+--     the logs that the rule is filtering as you want, then change the+--     action to @DROP@.+statefulRule_action :: Lens.Lens' StatefulRule StatefulAction+statefulRule_action = Lens.lens (\StatefulRule' {action} -> action) (\s@StatefulRule' {} a -> s {action = a} :: StatefulRule)++-- | The stateful inspection criteria for this rule, used to inspect traffic+-- flows.+statefulRule_header :: Lens.Lens' StatefulRule Header+statefulRule_header = Lens.lens (\StatefulRule' {header} -> header) (\s@StatefulRule' {} a -> s {header = a} :: StatefulRule)++-- | Additional options for the rule. These are the Suricata @RuleOptions@+-- settings.+statefulRule_ruleOptions :: Lens.Lens' StatefulRule [RuleOption]+statefulRule_ruleOptions = Lens.lens (\StatefulRule' {ruleOptions} -> ruleOptions) (\s@StatefulRule' {} a -> s {ruleOptions = a} :: StatefulRule) Prelude.. Lens.coerced++instance Data.FromJSON StatefulRule where+  parseJSON =+    Data.withObject+      "StatefulRule"+      ( \x ->+          StatefulRule'+            Prelude.<$> (x Data..: "Action")+            Prelude.<*> (x Data..: "Header")+            Prelude.<*> (x Data..:? "RuleOptions" Data..!= Prelude.mempty)+      )++instance Prelude.Hashable StatefulRule where+  hashWithSalt _salt StatefulRule' {..} =+    _salt+      `Prelude.hashWithSalt` action+      `Prelude.hashWithSalt` header+      `Prelude.hashWithSalt` ruleOptions++instance Prelude.NFData StatefulRule where+  rnf StatefulRule' {..} =+    Prelude.rnf action+      `Prelude.seq` Prelude.rnf header+      `Prelude.seq` Prelude.rnf ruleOptions++instance Data.ToJSON StatefulRule where+  toJSON StatefulRule' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just ("Action" Data..= action),+            Prelude.Just ("Header" Data..= header),+            Prelude.Just ("RuleOptions" Data..= ruleOptions)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/StatefulRuleDirection.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.StatefulRuleDirection+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.StatefulRuleDirection+  ( StatefulRuleDirection+      ( ..,+        StatefulRuleDirection_ANY,+        StatefulRuleDirection_FORWARD+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype StatefulRuleDirection = StatefulRuleDirection'+  { fromStatefulRuleDirection ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern StatefulRuleDirection_ANY :: StatefulRuleDirection+pattern StatefulRuleDirection_ANY = StatefulRuleDirection' "ANY"++pattern StatefulRuleDirection_FORWARD :: StatefulRuleDirection+pattern StatefulRuleDirection_FORWARD = StatefulRuleDirection' "FORWARD"++{-# COMPLETE+  StatefulRuleDirection_ANY,+  StatefulRuleDirection_FORWARD,+  StatefulRuleDirection'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/StatefulRuleGroupOverride.hs view
@@ -0,0 +1,84 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.StatefulRuleGroupOverride+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.StatefulRuleGroupOverride where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.OverrideAction+import qualified Amazonka.Prelude as Prelude++-- | The setting that allows the policy owner to change the behavior of the+-- rule group within a policy.+--+-- /See:/ 'newStatefulRuleGroupOverride' smart constructor.+data StatefulRuleGroupOverride = StatefulRuleGroupOverride'+  { -- | The action that changes the rule group from @DROP@ to @ALERT@. This only+    -- applies to managed rule groups.+    action :: Prelude.Maybe OverrideAction+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'StatefulRuleGroupOverride' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'action', 'statefulRuleGroupOverride_action' - The action that changes the rule group from @DROP@ to @ALERT@. This only+-- applies to managed rule groups.+newStatefulRuleGroupOverride ::+  StatefulRuleGroupOverride+newStatefulRuleGroupOverride =+  StatefulRuleGroupOverride'+    { action =+        Prelude.Nothing+    }++-- | The action that changes the rule group from @DROP@ to @ALERT@. This only+-- applies to managed rule groups.+statefulRuleGroupOverride_action :: Lens.Lens' StatefulRuleGroupOverride (Prelude.Maybe OverrideAction)+statefulRuleGroupOverride_action = Lens.lens (\StatefulRuleGroupOverride' {action} -> action) (\s@StatefulRuleGroupOverride' {} a -> s {action = a} :: StatefulRuleGroupOverride)++instance Data.FromJSON StatefulRuleGroupOverride where+  parseJSON =+    Data.withObject+      "StatefulRuleGroupOverride"+      ( \x ->+          StatefulRuleGroupOverride'+            Prelude.<$> (x Data..:? "Action")+      )++instance Prelude.Hashable StatefulRuleGroupOverride where+  hashWithSalt _salt StatefulRuleGroupOverride' {..} =+    _salt `Prelude.hashWithSalt` action++instance Prelude.NFData StatefulRuleGroupOverride where+  rnf StatefulRuleGroupOverride' {..} =+    Prelude.rnf action++instance Data.ToJSON StatefulRuleGroupOverride where+  toJSON StatefulRuleGroupOverride' {..} =+    Data.object+      ( Prelude.catMaybes+          [("Action" Data..=) Prelude.<$> action]+      )
+ gen/Amazonka/NetworkFirewall/Types/StatefulRuleGroupReference.hs view
@@ -0,0 +1,147 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.StatefulRuleGroupReference+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.StatefulRuleGroupReference where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.StatefulRuleGroupOverride+import qualified Amazonka.Prelude as Prelude++-- | Identifier for a single stateful rule group, used in a firewall policy+-- to refer to a rule group.+--+-- /See:/ 'newStatefulRuleGroupReference' smart constructor.+data StatefulRuleGroupReference = StatefulRuleGroupReference'+  { -- | The action that allows the policy owner to override the behavior of the+    -- rule group within a policy.+    override :: Prelude.Maybe StatefulRuleGroupOverride,+    -- | An integer setting that indicates the order in which to run the stateful+    -- rule groups in a single FirewallPolicy. This setting only applies to+    -- firewall policies that specify the @STRICT_ORDER@ rule order in the+    -- stateful engine options settings.+    --+    -- Network Firewall evalutes each stateful rule group against a packet+    -- starting with the group that has the lowest priority setting. You must+    -- ensure that the priority settings are unique within each policy.+    --+    -- You can change the priority settings of your rule groups at any time. To+    -- make it easier to insert rule groups later, number them so there\'s a+    -- wide range in between, for example use 100, 200, and so on.+    priority :: Prelude.Maybe Prelude.Natural,+    -- | The Amazon Resource Name (ARN) of the stateful rule group.+    resourceArn :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'StatefulRuleGroupReference' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'override', 'statefulRuleGroupReference_override' - The action that allows the policy owner to override the behavior of the+-- rule group within a policy.+--+-- 'priority', 'statefulRuleGroupReference_priority' - An integer setting that indicates the order in which to run the stateful+-- rule groups in a single FirewallPolicy. This setting only applies to+-- firewall policies that specify the @STRICT_ORDER@ rule order in the+-- stateful engine options settings.+--+-- Network Firewall evalutes each stateful rule group against a packet+-- starting with the group that has the lowest priority setting. You must+-- ensure that the priority settings are unique within each policy.+--+-- You can change the priority settings of your rule groups at any time. To+-- make it easier to insert rule groups later, number them so there\'s a+-- wide range in between, for example use 100, 200, and so on.+--+-- 'resourceArn', 'statefulRuleGroupReference_resourceArn' - The Amazon Resource Name (ARN) of the stateful rule group.+newStatefulRuleGroupReference ::+  -- | 'resourceArn'+  Prelude.Text ->+  StatefulRuleGroupReference+newStatefulRuleGroupReference pResourceArn_ =+  StatefulRuleGroupReference'+    { override =+        Prelude.Nothing,+      priority = Prelude.Nothing,+      resourceArn = pResourceArn_+    }++-- | The action that allows the policy owner to override the behavior of the+-- rule group within a policy.+statefulRuleGroupReference_override :: Lens.Lens' StatefulRuleGroupReference (Prelude.Maybe StatefulRuleGroupOverride)+statefulRuleGroupReference_override = Lens.lens (\StatefulRuleGroupReference' {override} -> override) (\s@StatefulRuleGroupReference' {} a -> s {override = a} :: StatefulRuleGroupReference)++-- | An integer setting that indicates the order in which to run the stateful+-- rule groups in a single FirewallPolicy. This setting only applies to+-- firewall policies that specify the @STRICT_ORDER@ rule order in the+-- stateful engine options settings.+--+-- Network Firewall evalutes each stateful rule group against a packet+-- starting with the group that has the lowest priority setting. You must+-- ensure that the priority settings are unique within each policy.+--+-- You can change the priority settings of your rule groups at any time. To+-- make it easier to insert rule groups later, number them so there\'s a+-- wide range in between, for example use 100, 200, and so on.+statefulRuleGroupReference_priority :: Lens.Lens' StatefulRuleGroupReference (Prelude.Maybe Prelude.Natural)+statefulRuleGroupReference_priority = Lens.lens (\StatefulRuleGroupReference' {priority} -> priority) (\s@StatefulRuleGroupReference' {} a -> s {priority = a} :: StatefulRuleGroupReference)++-- | The Amazon Resource Name (ARN) of the stateful rule group.+statefulRuleGroupReference_resourceArn :: Lens.Lens' StatefulRuleGroupReference Prelude.Text+statefulRuleGroupReference_resourceArn = Lens.lens (\StatefulRuleGroupReference' {resourceArn} -> resourceArn) (\s@StatefulRuleGroupReference' {} a -> s {resourceArn = a} :: StatefulRuleGroupReference)++instance Data.FromJSON StatefulRuleGroupReference where+  parseJSON =+    Data.withObject+      "StatefulRuleGroupReference"+      ( \x ->+          StatefulRuleGroupReference'+            Prelude.<$> (x Data..:? "Override")+            Prelude.<*> (x Data..:? "Priority")+            Prelude.<*> (x Data..: "ResourceArn")+      )++instance Prelude.Hashable StatefulRuleGroupReference where+  hashWithSalt _salt StatefulRuleGroupReference' {..} =+    _salt+      `Prelude.hashWithSalt` override+      `Prelude.hashWithSalt` priority+      `Prelude.hashWithSalt` resourceArn++instance Prelude.NFData StatefulRuleGroupReference where+  rnf StatefulRuleGroupReference' {..} =+    Prelude.rnf override+      `Prelude.seq` Prelude.rnf priority+      `Prelude.seq` Prelude.rnf resourceArn++instance Data.ToJSON StatefulRuleGroupReference where+  toJSON StatefulRuleGroupReference' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("Override" Data..=) Prelude.<$> override,+            ("Priority" Data..=) Prelude.<$> priority,+            Prelude.Just ("ResourceArn" Data..= resourceArn)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/StatefulRuleOptions.hs view
@@ -0,0 +1,95 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.StatefulRuleOptions+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.StatefulRuleOptions where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.RuleOrder+import qualified Amazonka.Prelude as Prelude++-- | Additional options governing how Network Firewall handles the rule+-- group. You can only use these for stateful rule groups.+--+-- /See:/ 'newStatefulRuleOptions' smart constructor.+data StatefulRuleOptions = StatefulRuleOptions'+  { -- | Indicates how to manage the order of the rule evaluation for the rule+    -- group. @DEFAULT_ACTION_ORDER@ is the default behavior. Stateful rules+    -- are provided to the rule engine as Suricata compatible strings, and+    -- Suricata evaluates them based on certain settings. For more information,+    -- see+    -- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html Evaluation order for stateful rules>+    -- in the /Network Firewall Developer Guide/.+    ruleOrder :: Prelude.Maybe RuleOrder+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'StatefulRuleOptions' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'ruleOrder', 'statefulRuleOptions_ruleOrder' - Indicates how to manage the order of the rule evaluation for the rule+-- group. @DEFAULT_ACTION_ORDER@ is the default behavior. Stateful rules+-- are provided to the rule engine as Suricata compatible strings, and+-- Suricata evaluates them based on certain settings. For more information,+-- see+-- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html Evaluation order for stateful rules>+-- in the /Network Firewall Developer Guide/.+newStatefulRuleOptions ::+  StatefulRuleOptions+newStatefulRuleOptions =+  StatefulRuleOptions' {ruleOrder = Prelude.Nothing}++-- | Indicates how to manage the order of the rule evaluation for the rule+-- group. @DEFAULT_ACTION_ORDER@ is the default behavior. Stateful rules+-- are provided to the rule engine as Suricata compatible strings, and+-- Suricata evaluates them based on certain settings. For more information,+-- see+-- <https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html Evaluation order for stateful rules>+-- in the /Network Firewall Developer Guide/.+statefulRuleOptions_ruleOrder :: Lens.Lens' StatefulRuleOptions (Prelude.Maybe RuleOrder)+statefulRuleOptions_ruleOrder = Lens.lens (\StatefulRuleOptions' {ruleOrder} -> ruleOrder) (\s@StatefulRuleOptions' {} a -> s {ruleOrder = a} :: StatefulRuleOptions)++instance Data.FromJSON StatefulRuleOptions where+  parseJSON =+    Data.withObject+      "StatefulRuleOptions"+      ( \x ->+          StatefulRuleOptions'+            Prelude.<$> (x Data..:? "RuleOrder")+      )++instance Prelude.Hashable StatefulRuleOptions where+  hashWithSalt _salt StatefulRuleOptions' {..} =+    _salt `Prelude.hashWithSalt` ruleOrder++instance Prelude.NFData StatefulRuleOptions where+  rnf StatefulRuleOptions' {..} = Prelude.rnf ruleOrder++instance Data.ToJSON StatefulRuleOptions where+  toJSON StatefulRuleOptions' {..} =+    Data.object+      ( Prelude.catMaybes+          [("RuleOrder" Data..=) Prelude.<$> ruleOrder]+      )
+ gen/Amazonka/NetworkFirewall/Types/StatefulRuleProtocol.hs view
@@ -0,0 +1,156 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.StatefulRuleProtocol+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.StatefulRuleProtocol+  ( StatefulRuleProtocol+      ( ..,+        StatefulRuleProtocol_DCERPC,+        StatefulRuleProtocol_DHCP,+        StatefulRuleProtocol_DNS,+        StatefulRuleProtocol_FTP,+        StatefulRuleProtocol_HTTP,+        StatefulRuleProtocol_ICMP,+        StatefulRuleProtocol_IKEV2,+        StatefulRuleProtocol_IMAP,+        StatefulRuleProtocol_IP,+        StatefulRuleProtocol_KRB5,+        StatefulRuleProtocol_MSN,+        StatefulRuleProtocol_NTP,+        StatefulRuleProtocol_SMB,+        StatefulRuleProtocol_SMTP,+        StatefulRuleProtocol_SSH,+        StatefulRuleProtocol_TCP,+        StatefulRuleProtocol_TFTP,+        StatefulRuleProtocol_TLS,+        StatefulRuleProtocol_UDP+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype StatefulRuleProtocol = StatefulRuleProtocol'+  { fromStatefulRuleProtocol ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern StatefulRuleProtocol_DCERPC :: StatefulRuleProtocol+pattern StatefulRuleProtocol_DCERPC = StatefulRuleProtocol' "DCERPC"++pattern StatefulRuleProtocol_DHCP :: StatefulRuleProtocol+pattern StatefulRuleProtocol_DHCP = StatefulRuleProtocol' "DHCP"++pattern StatefulRuleProtocol_DNS :: StatefulRuleProtocol+pattern StatefulRuleProtocol_DNS = StatefulRuleProtocol' "DNS"++pattern StatefulRuleProtocol_FTP :: StatefulRuleProtocol+pattern StatefulRuleProtocol_FTP = StatefulRuleProtocol' "FTP"++pattern StatefulRuleProtocol_HTTP :: StatefulRuleProtocol+pattern StatefulRuleProtocol_HTTP = StatefulRuleProtocol' "HTTP"++pattern StatefulRuleProtocol_ICMP :: StatefulRuleProtocol+pattern StatefulRuleProtocol_ICMP = StatefulRuleProtocol' "ICMP"++pattern StatefulRuleProtocol_IKEV2 :: StatefulRuleProtocol+pattern StatefulRuleProtocol_IKEV2 = StatefulRuleProtocol' "IKEV2"++pattern StatefulRuleProtocol_IMAP :: StatefulRuleProtocol+pattern StatefulRuleProtocol_IMAP = StatefulRuleProtocol' "IMAP"++pattern StatefulRuleProtocol_IP :: StatefulRuleProtocol+pattern StatefulRuleProtocol_IP = StatefulRuleProtocol' "IP"++pattern StatefulRuleProtocol_KRB5 :: StatefulRuleProtocol+pattern StatefulRuleProtocol_KRB5 = StatefulRuleProtocol' "KRB5"++pattern StatefulRuleProtocol_MSN :: StatefulRuleProtocol+pattern StatefulRuleProtocol_MSN = StatefulRuleProtocol' "MSN"++pattern StatefulRuleProtocol_NTP :: StatefulRuleProtocol+pattern StatefulRuleProtocol_NTP = StatefulRuleProtocol' "NTP"++pattern StatefulRuleProtocol_SMB :: StatefulRuleProtocol+pattern StatefulRuleProtocol_SMB = StatefulRuleProtocol' "SMB"++pattern StatefulRuleProtocol_SMTP :: StatefulRuleProtocol+pattern StatefulRuleProtocol_SMTP = StatefulRuleProtocol' "SMTP"++pattern StatefulRuleProtocol_SSH :: StatefulRuleProtocol+pattern StatefulRuleProtocol_SSH = StatefulRuleProtocol' "SSH"++pattern StatefulRuleProtocol_TCP :: StatefulRuleProtocol+pattern StatefulRuleProtocol_TCP = StatefulRuleProtocol' "TCP"++pattern StatefulRuleProtocol_TFTP :: StatefulRuleProtocol+pattern StatefulRuleProtocol_TFTP = StatefulRuleProtocol' "TFTP"++pattern StatefulRuleProtocol_TLS :: StatefulRuleProtocol+pattern StatefulRuleProtocol_TLS = StatefulRuleProtocol' "TLS"++pattern StatefulRuleProtocol_UDP :: StatefulRuleProtocol+pattern StatefulRuleProtocol_UDP = StatefulRuleProtocol' "UDP"++{-# COMPLETE+  StatefulRuleProtocol_DCERPC,+  StatefulRuleProtocol_DHCP,+  StatefulRuleProtocol_DNS,+  StatefulRuleProtocol_FTP,+  StatefulRuleProtocol_HTTP,+  StatefulRuleProtocol_ICMP,+  StatefulRuleProtocol_IKEV2,+  StatefulRuleProtocol_IMAP,+  StatefulRuleProtocol_IP,+  StatefulRuleProtocol_KRB5,+  StatefulRuleProtocol_MSN,+  StatefulRuleProtocol_NTP,+  StatefulRuleProtocol_SMB,+  StatefulRuleProtocol_SMTP,+  StatefulRuleProtocol_SSH,+  StatefulRuleProtocol_TCP,+  StatefulRuleProtocol_TFTP,+  StatefulRuleProtocol_TLS,+  StatefulRuleProtocol_UDP,+  StatefulRuleProtocol'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/StatelessRule.hs view
@@ -0,0 +1,147 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.StatelessRule+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.StatelessRule where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.RuleDefinition+import qualified Amazonka.Prelude as Prelude++-- | A single stateless rule. This is used in StatelessRulesAndCustomActions.+--+-- /See:/ 'newStatelessRule' smart constructor.+data StatelessRule = StatelessRule'+  { -- | Defines the stateless 5-tuple packet inspection criteria and the action+    -- to take on a packet that matches the criteria.+    ruleDefinition :: RuleDefinition,+    -- | Indicates the order in which to run this rule relative to all of the+    -- rules that are defined for a stateless rule group. Network Firewall+    -- evaluates the rules in a rule group starting with the lowest priority+    -- setting. You must ensure that the priority settings are unique for the+    -- rule group.+    --+    -- Each stateless rule group uses exactly one+    -- @StatelessRulesAndCustomActions@ object, and each+    -- @StatelessRulesAndCustomActions@ contains exactly one @StatelessRules@+    -- object. To ensure unique priority settings for your rule groups, set+    -- unique priorities for the stateless rules that you define inside any+    -- single @StatelessRules@ object.+    --+    -- You can change the priority settings of your rules at any time. To make+    -- it easier to insert rules later, number them so there\'s a wide range in+    -- between, for example use 100, 200, and so on.+    priority :: Prelude.Natural+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'StatelessRule' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'ruleDefinition', 'statelessRule_ruleDefinition' - Defines the stateless 5-tuple packet inspection criteria and the action+-- to take on a packet that matches the criteria.+--+-- 'priority', 'statelessRule_priority' - Indicates the order in which to run this rule relative to all of the+-- rules that are defined for a stateless rule group. Network Firewall+-- evaluates the rules in a rule group starting with the lowest priority+-- setting. You must ensure that the priority settings are unique for the+-- rule group.+--+-- Each stateless rule group uses exactly one+-- @StatelessRulesAndCustomActions@ object, and each+-- @StatelessRulesAndCustomActions@ contains exactly one @StatelessRules@+-- object. To ensure unique priority settings for your rule groups, set+-- unique priorities for the stateless rules that you define inside any+-- single @StatelessRules@ object.+--+-- You can change the priority settings of your rules at any time. To make+-- it easier to insert rules later, number them so there\'s a wide range in+-- between, for example use 100, 200, and so on.+newStatelessRule ::+  -- | 'ruleDefinition'+  RuleDefinition ->+  -- | 'priority'+  Prelude.Natural ->+  StatelessRule+newStatelessRule pRuleDefinition_ pPriority_ =+  StatelessRule'+    { ruleDefinition = pRuleDefinition_,+      priority = pPriority_+    }++-- | Defines the stateless 5-tuple packet inspection criteria and the action+-- to take on a packet that matches the criteria.+statelessRule_ruleDefinition :: Lens.Lens' StatelessRule RuleDefinition+statelessRule_ruleDefinition = Lens.lens (\StatelessRule' {ruleDefinition} -> ruleDefinition) (\s@StatelessRule' {} a -> s {ruleDefinition = a} :: StatelessRule)++-- | Indicates the order in which to run this rule relative to all of the+-- rules that are defined for a stateless rule group. Network Firewall+-- evaluates the rules in a rule group starting with the lowest priority+-- setting. You must ensure that the priority settings are unique for the+-- rule group.+--+-- Each stateless rule group uses exactly one+-- @StatelessRulesAndCustomActions@ object, and each+-- @StatelessRulesAndCustomActions@ contains exactly one @StatelessRules@+-- object. To ensure unique priority settings for your rule groups, set+-- unique priorities for the stateless rules that you define inside any+-- single @StatelessRules@ object.+--+-- You can change the priority settings of your rules at any time. To make+-- it easier to insert rules later, number them so there\'s a wide range in+-- between, for example use 100, 200, and so on.+statelessRule_priority :: Lens.Lens' StatelessRule Prelude.Natural+statelessRule_priority = Lens.lens (\StatelessRule' {priority} -> priority) (\s@StatelessRule' {} a -> s {priority = a} :: StatelessRule)++instance Data.FromJSON StatelessRule where+  parseJSON =+    Data.withObject+      "StatelessRule"+      ( \x ->+          StatelessRule'+            Prelude.<$> (x Data..: "RuleDefinition")+            Prelude.<*> (x Data..: "Priority")+      )++instance Prelude.Hashable StatelessRule where+  hashWithSalt _salt StatelessRule' {..} =+    _salt+      `Prelude.hashWithSalt` ruleDefinition+      `Prelude.hashWithSalt` priority++instance Prelude.NFData StatelessRule where+  rnf StatelessRule' {..} =+    Prelude.rnf ruleDefinition+      `Prelude.seq` Prelude.rnf priority++instance Data.ToJSON StatelessRule where+  toJSON StatelessRule' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just+              ("RuleDefinition" Data..= ruleDefinition),+            Prelude.Just ("Priority" Data..= priority)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/StatelessRuleGroupReference.hs view
@@ -0,0 +1,113 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.StatelessRuleGroupReference+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.StatelessRuleGroupReference where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | Identifier for a single stateless rule group, used in a firewall policy+-- to refer to the rule group.+--+-- /See:/ 'newStatelessRuleGroupReference' smart constructor.+data StatelessRuleGroupReference = StatelessRuleGroupReference'+  { -- | The Amazon Resource Name (ARN) of the stateless rule group.+    resourceArn :: Prelude.Text,+    -- | An integer setting that indicates the order in which to run the+    -- stateless rule groups in a single FirewallPolicy. Network Firewall+    -- applies each stateless rule group to a packet starting with the group+    -- that has the lowest priority setting. You must ensure that the priority+    -- settings are unique within each policy.+    priority :: Prelude.Natural+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'StatelessRuleGroupReference' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'resourceArn', 'statelessRuleGroupReference_resourceArn' - The Amazon Resource Name (ARN) of the stateless rule group.+--+-- 'priority', 'statelessRuleGroupReference_priority' - An integer setting that indicates the order in which to run the+-- stateless rule groups in a single FirewallPolicy. Network Firewall+-- applies each stateless rule group to a packet starting with the group+-- that has the lowest priority setting. You must ensure that the priority+-- settings are unique within each policy.+newStatelessRuleGroupReference ::+  -- | 'resourceArn'+  Prelude.Text ->+  -- | 'priority'+  Prelude.Natural ->+  StatelessRuleGroupReference+newStatelessRuleGroupReference+  pResourceArn_+  pPriority_ =+    StatelessRuleGroupReference'+      { resourceArn =+          pResourceArn_,+        priority = pPriority_+      }++-- | The Amazon Resource Name (ARN) of the stateless rule group.+statelessRuleGroupReference_resourceArn :: Lens.Lens' StatelessRuleGroupReference Prelude.Text+statelessRuleGroupReference_resourceArn = Lens.lens (\StatelessRuleGroupReference' {resourceArn} -> resourceArn) (\s@StatelessRuleGroupReference' {} a -> s {resourceArn = a} :: StatelessRuleGroupReference)++-- | An integer setting that indicates the order in which to run the+-- stateless rule groups in a single FirewallPolicy. Network Firewall+-- applies each stateless rule group to a packet starting with the group+-- that has the lowest priority setting. You must ensure that the priority+-- settings are unique within each policy.+statelessRuleGroupReference_priority :: Lens.Lens' StatelessRuleGroupReference Prelude.Natural+statelessRuleGroupReference_priority = Lens.lens (\StatelessRuleGroupReference' {priority} -> priority) (\s@StatelessRuleGroupReference' {} a -> s {priority = a} :: StatelessRuleGroupReference)++instance Data.FromJSON StatelessRuleGroupReference where+  parseJSON =+    Data.withObject+      "StatelessRuleGroupReference"+      ( \x ->+          StatelessRuleGroupReference'+            Prelude.<$> (x Data..: "ResourceArn")+            Prelude.<*> (x Data..: "Priority")+      )++instance Prelude.Hashable StatelessRuleGroupReference where+  hashWithSalt _salt StatelessRuleGroupReference' {..} =+    _salt+      `Prelude.hashWithSalt` resourceArn+      `Prelude.hashWithSalt` priority++instance Prelude.NFData StatelessRuleGroupReference where+  rnf StatelessRuleGroupReference' {..} =+    Prelude.rnf resourceArn+      `Prelude.seq` Prelude.rnf priority++instance Data.ToJSON StatelessRuleGroupReference where+  toJSON StatelessRuleGroupReference' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just ("ResourceArn" Data..= resourceArn),+            Prelude.Just ("Priority" Data..= priority)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/StatelessRulesAndCustomActions.hs view
@@ -0,0 +1,121 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.StatelessRulesAndCustomActions+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.StatelessRulesAndCustomActions where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.CustomAction+import Amazonka.NetworkFirewall.Types.StatelessRule+import qualified Amazonka.Prelude as Prelude++-- | Stateless inspection criteria. Each stateless rule group uses exactly+-- one of these data types to define its stateless rules.+--+-- /See:/ 'newStatelessRulesAndCustomActions' smart constructor.+data StatelessRulesAndCustomActions = StatelessRulesAndCustomActions'+  { -- | Defines an array of individual custom action definitions that are+    -- available for use by the stateless rules in this+    -- @StatelessRulesAndCustomActions@ specification. You name each custom+    -- action that you define, and then you can use it by name in your+    -- StatelessRule RuleDefinition @Actions@ specification.+    customActions :: Prelude.Maybe [CustomAction],+    -- | Defines the set of stateless rules for use in a stateless rule group.+    statelessRules :: [StatelessRule]+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'StatelessRulesAndCustomActions' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'customActions', 'statelessRulesAndCustomActions_customActions' - Defines an array of individual custom action definitions that are+-- available for use by the stateless rules in this+-- @StatelessRulesAndCustomActions@ specification. You name each custom+-- action that you define, and then you can use it by name in your+-- StatelessRule RuleDefinition @Actions@ specification.+--+-- 'statelessRules', 'statelessRulesAndCustomActions_statelessRules' - Defines the set of stateless rules for use in a stateless rule group.+newStatelessRulesAndCustomActions ::+  StatelessRulesAndCustomActions+newStatelessRulesAndCustomActions =+  StatelessRulesAndCustomActions'+    { customActions =+        Prelude.Nothing,+      statelessRules = Prelude.mempty+    }++-- | Defines an array of individual custom action definitions that are+-- available for use by the stateless rules in this+-- @StatelessRulesAndCustomActions@ specification. You name each custom+-- action that you define, and then you can use it by name in your+-- StatelessRule RuleDefinition @Actions@ specification.+statelessRulesAndCustomActions_customActions :: Lens.Lens' StatelessRulesAndCustomActions (Prelude.Maybe [CustomAction])+statelessRulesAndCustomActions_customActions = Lens.lens (\StatelessRulesAndCustomActions' {customActions} -> customActions) (\s@StatelessRulesAndCustomActions' {} a -> s {customActions = a} :: StatelessRulesAndCustomActions) Prelude.. Lens.mapping Lens.coerced++-- | Defines the set of stateless rules for use in a stateless rule group.+statelessRulesAndCustomActions_statelessRules :: Lens.Lens' StatelessRulesAndCustomActions [StatelessRule]+statelessRulesAndCustomActions_statelessRules = Lens.lens (\StatelessRulesAndCustomActions' {statelessRules} -> statelessRules) (\s@StatelessRulesAndCustomActions' {} a -> s {statelessRules = a} :: StatelessRulesAndCustomActions) Prelude.. Lens.coerced++instance Data.FromJSON StatelessRulesAndCustomActions where+  parseJSON =+    Data.withObject+      "StatelessRulesAndCustomActions"+      ( \x ->+          StatelessRulesAndCustomActions'+            Prelude.<$> (x Data..:? "CustomActions" Data..!= Prelude.mempty)+            Prelude.<*> ( x+                            Data..:? "StatelessRules"+                            Data..!= Prelude.mempty+                        )+      )++instance+  Prelude.Hashable+    StatelessRulesAndCustomActions+  where+  hashWithSalt+    _salt+    StatelessRulesAndCustomActions' {..} =+      _salt+        `Prelude.hashWithSalt` customActions+        `Prelude.hashWithSalt` statelessRules++instance+  Prelude.NFData+    StatelessRulesAndCustomActions+  where+  rnf StatelessRulesAndCustomActions' {..} =+    Prelude.rnf customActions+      `Prelude.seq` Prelude.rnf statelessRules++instance Data.ToJSON StatelessRulesAndCustomActions where+  toJSON StatelessRulesAndCustomActions' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("CustomActions" Data..=) Prelude.<$> customActions,+            Prelude.Just+              ("StatelessRules" Data..= statelessRules)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/StreamExceptionPolicy.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.StreamExceptionPolicy+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.StreamExceptionPolicy+  ( StreamExceptionPolicy+      ( ..,+        StreamExceptionPolicy_CONTINUE,+        StreamExceptionPolicy_DROP+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype StreamExceptionPolicy = StreamExceptionPolicy'+  { fromStreamExceptionPolicy ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern StreamExceptionPolicy_CONTINUE :: StreamExceptionPolicy+pattern StreamExceptionPolicy_CONTINUE = StreamExceptionPolicy' "CONTINUE"++pattern StreamExceptionPolicy_DROP :: StreamExceptionPolicy+pattern StreamExceptionPolicy_DROP = StreamExceptionPolicy' "DROP"++{-# COMPLETE+  StreamExceptionPolicy_CONTINUE,+  StreamExceptionPolicy_DROP,+  StreamExceptionPolicy'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/SubnetMapping.hs view
@@ -0,0 +1,79 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.SubnetMapping+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.SubnetMapping where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | The ID for a subnet that you want to associate with the firewall. This+-- is used with CreateFirewall and AssociateSubnets. Network Firewall+-- creates an instance of the associated firewall in each subnet that you+-- specify, to filter traffic in the subnet\'s Availability Zone.+--+-- /See:/ 'newSubnetMapping' smart constructor.+data SubnetMapping = SubnetMapping'+  { -- | The unique identifier for the subnet.+    subnetId :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'SubnetMapping' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'subnetId', 'subnetMapping_subnetId' - The unique identifier for the subnet.+newSubnetMapping ::+  -- | 'subnetId'+  Prelude.Text ->+  SubnetMapping+newSubnetMapping pSubnetId_ =+  SubnetMapping' {subnetId = pSubnetId_}++-- | The unique identifier for the subnet.+subnetMapping_subnetId :: Lens.Lens' SubnetMapping Prelude.Text+subnetMapping_subnetId = Lens.lens (\SubnetMapping' {subnetId} -> subnetId) (\s@SubnetMapping' {} a -> s {subnetId = a} :: SubnetMapping)++instance Data.FromJSON SubnetMapping where+  parseJSON =+    Data.withObject+      "SubnetMapping"+      ( \x ->+          SubnetMapping' Prelude.<$> (x Data..: "SubnetId")+      )++instance Prelude.Hashable SubnetMapping where+  hashWithSalt _salt SubnetMapping' {..} =+    _salt `Prelude.hashWithSalt` subnetId++instance Prelude.NFData SubnetMapping where+  rnf SubnetMapping' {..} = Prelude.rnf subnetId++instance Data.ToJSON SubnetMapping where+  toJSON SubnetMapping' {..} =+    Data.object+      ( Prelude.catMaybes+          [Prelude.Just ("SubnetId" Data..= subnetId)]+      )
+ gen/Amazonka/NetworkFirewall/Types/SyncState.hs view
@@ -0,0 +1,124 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.SyncState+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.SyncState where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.Attachment+import Amazonka.NetworkFirewall.Types.PerObjectStatus+import qualified Amazonka.Prelude as Prelude++-- | The status of the firewall endpoint and firewall policy configuration+-- for a single VPC subnet.+--+-- For each VPC subnet that you associate with a firewall, Network Firewall+-- does the following:+--+-- -   Instantiates a firewall endpoint in the subnet, ready to take+--     traffic.+--+-- -   Configures the endpoint with the current firewall policy settings,+--     to provide the filtering behavior for the endpoint.+--+-- When you update a firewall, for example to add a subnet association or+-- change a rule group in the firewall policy, the affected sync states+-- reflect out-of-sync or not ready status until the changes are complete.+--+-- /See:/ 'newSyncState' smart constructor.+data SyncState = SyncState'+  { -- | The attachment status of the firewall\'s association with a single VPC+    -- subnet. For each configured subnet, Network Firewall creates the+    -- attachment by instantiating the firewall endpoint in the subnet so that+    -- it\'s ready to take traffic. This is part of the FirewallStatus.+    attachment :: Prelude.Maybe Attachment,+    -- | The configuration status of the firewall endpoint in a single VPC+    -- subnet. Network Firewall provides each endpoint with the rules that are+    -- configured in the firewall policy. Each time you add a subnet or modify+    -- the associated firewall policy, Network Firewall synchronizes the rules+    -- in the endpoint, so it can properly filter network traffic. This is part+    -- of the FirewallStatus.+    config :: Prelude.Maybe (Prelude.HashMap Prelude.Text PerObjectStatus)+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'SyncState' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'attachment', 'syncState_attachment' - The attachment status of the firewall\'s association with a single VPC+-- subnet. For each configured subnet, Network Firewall creates the+-- attachment by instantiating the firewall endpoint in the subnet so that+-- it\'s ready to take traffic. This is part of the FirewallStatus.+--+-- 'config', 'syncState_config' - The configuration status of the firewall endpoint in a single VPC+-- subnet. Network Firewall provides each endpoint with the rules that are+-- configured in the firewall policy. Each time you add a subnet or modify+-- the associated firewall policy, Network Firewall synchronizes the rules+-- in the endpoint, so it can properly filter network traffic. This is part+-- of the FirewallStatus.+newSyncState ::+  SyncState+newSyncState =+  SyncState'+    { attachment = Prelude.Nothing,+      config = Prelude.Nothing+    }++-- | The attachment status of the firewall\'s association with a single VPC+-- subnet. For each configured subnet, Network Firewall creates the+-- attachment by instantiating the firewall endpoint in the subnet so that+-- it\'s ready to take traffic. This is part of the FirewallStatus.+syncState_attachment :: Lens.Lens' SyncState (Prelude.Maybe Attachment)+syncState_attachment = Lens.lens (\SyncState' {attachment} -> attachment) (\s@SyncState' {} a -> s {attachment = a} :: SyncState)++-- | The configuration status of the firewall endpoint in a single VPC+-- subnet. Network Firewall provides each endpoint with the rules that are+-- configured in the firewall policy. Each time you add a subnet or modify+-- the associated firewall policy, Network Firewall synchronizes the rules+-- in the endpoint, so it can properly filter network traffic. This is part+-- of the FirewallStatus.+syncState_config :: Lens.Lens' SyncState (Prelude.Maybe (Prelude.HashMap Prelude.Text PerObjectStatus))+syncState_config = Lens.lens (\SyncState' {config} -> config) (\s@SyncState' {} a -> s {config = a} :: SyncState) Prelude.. Lens.mapping Lens.coerced++instance Data.FromJSON SyncState where+  parseJSON =+    Data.withObject+      "SyncState"+      ( \x ->+          SyncState'+            Prelude.<$> (x Data..:? "Attachment")+            Prelude.<*> (x Data..:? "Config" Data..!= Prelude.mempty)+      )++instance Prelude.Hashable SyncState where+  hashWithSalt _salt SyncState' {..} =+    _salt+      `Prelude.hashWithSalt` attachment+      `Prelude.hashWithSalt` config++instance Prelude.NFData SyncState where+  rnf SyncState' {..} =+    Prelude.rnf attachment+      `Prelude.seq` Prelude.rnf config
+ gen/Amazonka/NetworkFirewall/Types/TCPFlag.hs view
@@ -0,0 +1,98 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.TCPFlag+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.TCPFlag+  ( TCPFlag+      ( ..,+        TCPFlag_ACK,+        TCPFlag_CWR,+        TCPFlag_ECE,+        TCPFlag_FIN,+        TCPFlag_PSH,+        TCPFlag_RST,+        TCPFlag_SYN,+        TCPFlag_URG+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype TCPFlag = TCPFlag' {fromTCPFlag :: Data.Text}+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern TCPFlag_ACK :: TCPFlag+pattern TCPFlag_ACK = TCPFlag' "ACK"++pattern TCPFlag_CWR :: TCPFlag+pattern TCPFlag_CWR = TCPFlag' "CWR"++pattern TCPFlag_ECE :: TCPFlag+pattern TCPFlag_ECE = TCPFlag' "ECE"++pattern TCPFlag_FIN :: TCPFlag+pattern TCPFlag_FIN = TCPFlag' "FIN"++pattern TCPFlag_PSH :: TCPFlag+pattern TCPFlag_PSH = TCPFlag' "PSH"++pattern TCPFlag_RST :: TCPFlag+pattern TCPFlag_RST = TCPFlag' "RST"++pattern TCPFlag_SYN :: TCPFlag+pattern TCPFlag_SYN = TCPFlag' "SYN"++pattern TCPFlag_URG :: TCPFlag+pattern TCPFlag_URG = TCPFlag' "URG"++{-# COMPLETE+  TCPFlag_ACK,+  TCPFlag_CWR,+  TCPFlag_ECE,+  TCPFlag_FIN,+  TCPFlag_PSH,+  TCPFlag_RST,+  TCPFlag_SYN,+  TCPFlag_URG,+  TCPFlag'+  #-}
+ gen/Amazonka/NetworkFirewall/Types/TCPFlagField.hs view
@@ -0,0 +1,133 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.TCPFlagField+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.TCPFlagField where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types.TCPFlag+import qualified Amazonka.Prelude as Prelude++-- | TCP flags and masks to inspect packets for, used in stateless rules+-- MatchAttributes settings.+--+-- /See:/ 'newTCPFlagField' smart constructor.+data TCPFlagField = TCPFlagField'+  { -- | The set of flags to consider in the inspection. To inspect all flags in+    -- the valid values list, leave this with no setting.+    masks :: Prelude.Maybe [TCPFlag],+    -- | Used in conjunction with the @Masks@ setting to define the flags that+    -- must be set and flags that must not be set in order for the packet to+    -- match. This setting can only specify values that are also specified in+    -- the @Masks@ setting.+    --+    -- For the flags that are specified in the masks setting, the following+    -- must be true for the packet to match:+    --+    -- -   The ones that are set in this flags setting must be set in the+    --     packet.+    --+    -- -   The ones that are not set in this flags setting must also not be set+    --     in the packet.+    flags :: [TCPFlag]+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'TCPFlagField' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'masks', 'tCPFlagField_masks' - The set of flags to consider in the inspection. To inspect all flags in+-- the valid values list, leave this with no setting.+--+-- 'flags', 'tCPFlagField_flags' - Used in conjunction with the @Masks@ setting to define the flags that+-- must be set and flags that must not be set in order for the packet to+-- match. This setting can only specify values that are also specified in+-- the @Masks@ setting.+--+-- For the flags that are specified in the masks setting, the following+-- must be true for the packet to match:+--+-- -   The ones that are set in this flags setting must be set in the+--     packet.+--+-- -   The ones that are not set in this flags setting must also not be set+--     in the packet.+newTCPFlagField ::+  TCPFlagField+newTCPFlagField =+  TCPFlagField'+    { masks = Prelude.Nothing,+      flags = Prelude.mempty+    }++-- | The set of flags to consider in the inspection. To inspect all flags in+-- the valid values list, leave this with no setting.+tCPFlagField_masks :: Lens.Lens' TCPFlagField (Prelude.Maybe [TCPFlag])+tCPFlagField_masks = Lens.lens (\TCPFlagField' {masks} -> masks) (\s@TCPFlagField' {} a -> s {masks = a} :: TCPFlagField) Prelude.. Lens.mapping Lens.coerced++-- | Used in conjunction with the @Masks@ setting to define the flags that+-- must be set and flags that must not be set in order for the packet to+-- match. This setting can only specify values that are also specified in+-- the @Masks@ setting.+--+-- For the flags that are specified in the masks setting, the following+-- must be true for the packet to match:+--+-- -   The ones that are set in this flags setting must be set in the+--     packet.+--+-- -   The ones that are not set in this flags setting must also not be set+--     in the packet.+tCPFlagField_flags :: Lens.Lens' TCPFlagField [TCPFlag]+tCPFlagField_flags = Lens.lens (\TCPFlagField' {flags} -> flags) (\s@TCPFlagField' {} a -> s {flags = a} :: TCPFlagField) Prelude.. Lens.coerced++instance Data.FromJSON TCPFlagField where+  parseJSON =+    Data.withObject+      "TCPFlagField"+      ( \x ->+          TCPFlagField'+            Prelude.<$> (x Data..:? "Masks" Data..!= Prelude.mempty)+            Prelude.<*> (x Data..:? "Flags" Data..!= Prelude.mempty)+      )++instance Prelude.Hashable TCPFlagField where+  hashWithSalt _salt TCPFlagField' {..} =+    _salt+      `Prelude.hashWithSalt` masks+      `Prelude.hashWithSalt` flags++instance Prelude.NFData TCPFlagField where+  rnf TCPFlagField' {..} =+    Prelude.rnf masks `Prelude.seq` Prelude.rnf flags++instance Data.ToJSON TCPFlagField where+  toJSON TCPFlagField' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("Masks" Data..=) Prelude.<$> masks,+            Prelude.Just ("Flags" Data..= flags)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/Tag.hs view
@@ -0,0 +1,110 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.Tag+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.Tag where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | A key:value pair associated with an Amazon Web Services resource. The+-- key:value pair can be anything you define. Typically, the tag key+-- represents a category (such as \"environment\") and the tag value+-- represents a specific value within that category (such as \"test,\"+-- \"development,\" or \"production\"). You can add up to 50 tags to each+-- Amazon Web Services resource.+--+-- /See:/ 'newTag' smart constructor.+data Tag = Tag'+  { -- | The part of the key:value pair that defines a tag. You can use a tag key+    -- to describe a category of information, such as \"customer.\" Tag keys+    -- are case-sensitive.+    key :: Prelude.Text,+    -- | The part of the key:value pair that defines a tag. You can use a tag+    -- value to describe a specific value within a category, such as+    -- \"companyA\" or \"companyB.\" Tag values are case-sensitive.+    value :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'Tag' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'key', 'tag_key' - The part of the key:value pair that defines a tag. You can use a tag key+-- to describe a category of information, such as \"customer.\" Tag keys+-- are case-sensitive.+--+-- 'value', 'tag_value' - The part of the key:value pair that defines a tag. You can use a tag+-- value to describe a specific value within a category, such as+-- \"companyA\" or \"companyB.\" Tag values are case-sensitive.+newTag ::+  -- | 'key'+  Prelude.Text ->+  -- | 'value'+  Prelude.Text ->+  Tag+newTag pKey_ pValue_ =+  Tag' {key = pKey_, value = pValue_}++-- | The part of the key:value pair that defines a tag. You can use a tag key+-- to describe a category of information, such as \"customer.\" Tag keys+-- are case-sensitive.+tag_key :: Lens.Lens' Tag Prelude.Text+tag_key = Lens.lens (\Tag' {key} -> key) (\s@Tag' {} a -> s {key = a} :: Tag)++-- | The part of the key:value pair that defines a tag. You can use a tag+-- value to describe a specific value within a category, such as+-- \"companyA\" or \"companyB.\" Tag values are case-sensitive.+tag_value :: Lens.Lens' Tag Prelude.Text+tag_value = Lens.lens (\Tag' {value} -> value) (\s@Tag' {} a -> s {value = a} :: Tag)++instance Data.FromJSON Tag where+  parseJSON =+    Data.withObject+      "Tag"+      ( \x ->+          Tag'+            Prelude.<$> (x Data..: "Key")+            Prelude.<*> (x Data..: "Value")+      )++instance Prelude.Hashable Tag where+  hashWithSalt _salt Tag' {..} =+    _salt+      `Prelude.hashWithSalt` key+      `Prelude.hashWithSalt` value++instance Prelude.NFData Tag where+  rnf Tag' {..} =+    Prelude.rnf key `Prelude.seq` Prelude.rnf value++instance Data.ToJSON Tag where+  toJSON Tag' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just ("Key" Data..= key),+            Prelude.Just ("Value" Data..= value)+          ]+      )
+ gen/Amazonka/NetworkFirewall/Types/TargetType.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Types.TargetType+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Types.TargetType+  ( TargetType+      ( ..,+        TargetType_HTTP_HOST,+        TargetType_TLS_SNI+      ),+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype TargetType = TargetType'+  { fromTargetType ::+      Data.Text+  }+  deriving stock+    ( Prelude.Show,+      Prelude.Read,+      Prelude.Eq,+      Prelude.Ord,+      Prelude.Generic+    )+  deriving newtype+    ( Prelude.Hashable,+      Prelude.NFData,+      Data.FromText,+      Data.ToText,+      Data.ToByteString,+      Data.ToLog,+      Data.ToHeader,+      Data.ToQuery,+      Data.FromJSON,+      Data.FromJSONKey,+      Data.ToJSON,+      Data.ToJSONKey,+      Data.FromXML,+      Data.ToXML+    )++pattern TargetType_HTTP_HOST :: TargetType+pattern TargetType_HTTP_HOST = TargetType' "HTTP_HOST"++pattern TargetType_TLS_SNI :: TargetType+pattern TargetType_TLS_SNI = TargetType' "TLS_SNI"++{-# COMPLETE+  TargetType_HTTP_HOST,+  TargetType_TLS_SNI,+  TargetType'+  #-}
+ gen/Amazonka/NetworkFirewall/UntagResource.hs view
@@ -0,0 +1,180 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.UntagResource+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Removes the tags with the specified keys from the specified resource.+-- Tags are key:value pairs that you can use to categorize and manage your+-- resources, for purposes like billing. For example, you might set the tag+-- key to \"customer\" and the value to the customer name or ID. You can+-- specify one or more tags to add to each Amazon Web Services resource, up+-- to 50 tags for a resource.+--+-- You can manage tags for the Amazon Web Services resources that you+-- manage through Network Firewall: firewalls, firewall policies, and rule+-- groups.+module Amazonka.NetworkFirewall.UntagResource+  ( -- * Creating a Request+    UntagResource (..),+    newUntagResource,++    -- * Request Lenses+    untagResource_resourceArn,+    untagResource_tagKeys,++    -- * Destructuring the Response+    UntagResourceResponse (..),+    newUntagResourceResponse,++    -- * Response Lenses+    untagResourceResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUntagResource' smart constructor.+data UntagResource = UntagResource'+  { -- | The Amazon Resource Name (ARN) of the resource.+    resourceArn :: Prelude.Text,+    tagKeys :: Prelude.NonEmpty Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UntagResource' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'resourceArn', 'untagResource_resourceArn' - The Amazon Resource Name (ARN) of the resource.+--+-- 'tagKeys', 'untagResource_tagKeys' -+newUntagResource ::+  -- | 'resourceArn'+  Prelude.Text ->+  -- | 'tagKeys'+  Prelude.NonEmpty Prelude.Text ->+  UntagResource+newUntagResource pResourceArn_ pTagKeys_ =+  UntagResource'+    { resourceArn = pResourceArn_,+      tagKeys = Lens.coerced Lens.# pTagKeys_+    }++-- | The Amazon Resource Name (ARN) of the resource.+untagResource_resourceArn :: Lens.Lens' UntagResource Prelude.Text+untagResource_resourceArn = Lens.lens (\UntagResource' {resourceArn} -> resourceArn) (\s@UntagResource' {} a -> s {resourceArn = a} :: UntagResource)++untagResource_tagKeys :: Lens.Lens' UntagResource (Prelude.NonEmpty Prelude.Text)+untagResource_tagKeys = Lens.lens (\UntagResource' {tagKeys} -> tagKeys) (\s@UntagResource' {} a -> s {tagKeys = a} :: UntagResource) Prelude.. Lens.coerced++instance Core.AWSRequest UntagResource where+  type+    AWSResponse UntagResource =+      UntagResourceResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveEmpty+      ( \s h x ->+          UntagResourceResponse'+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable UntagResource where+  hashWithSalt _salt UntagResource' {..} =+    _salt+      `Prelude.hashWithSalt` resourceArn+      `Prelude.hashWithSalt` tagKeys++instance Prelude.NFData UntagResource where+  rnf UntagResource' {..} =+    Prelude.rnf resourceArn+      `Prelude.seq` Prelude.rnf tagKeys++instance Data.ToHeaders UntagResource where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.UntagResource" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON UntagResource where+  toJSON UntagResource' {..} =+    Data.object+      ( Prelude.catMaybes+          [ Prelude.Just ("ResourceArn" Data..= resourceArn),+            Prelude.Just ("TagKeys" Data..= tagKeys)+          ]+      )++instance Data.ToPath UntagResource where+  toPath = Prelude.const "/"++instance Data.ToQuery UntagResource where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUntagResourceResponse' smart constructor.+data UntagResourceResponse = UntagResourceResponse'+  { -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UntagResourceResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'untagResourceResponse_httpStatus' - The response's http status code.+newUntagResourceResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  UntagResourceResponse+newUntagResourceResponse pHttpStatus_ =+  UntagResourceResponse' {httpStatus = pHttpStatus_}++-- | The response's http status code.+untagResourceResponse_httpStatus :: Lens.Lens' UntagResourceResponse Prelude.Int+untagResourceResponse_httpStatus = Lens.lens (\UntagResourceResponse' {httpStatus} -> httpStatus) (\s@UntagResourceResponse' {} a -> s {httpStatus = a} :: UntagResourceResponse)++instance Prelude.NFData UntagResourceResponse where+  rnf UntagResourceResponse' {..} =+    Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/UpdateFirewallDeleteProtection.hs view
@@ -0,0 +1,409 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.UpdateFirewallDeleteProtection+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Modifies the flag, @DeleteProtection@, which indicates whether it is+-- possible to delete the firewall. If the flag is set to @TRUE@, the+-- firewall is protected against deletion. This setting helps protect+-- against accidentally deleting a firewall that\'s in use.+module Amazonka.NetworkFirewall.UpdateFirewallDeleteProtection+  ( -- * Creating a Request+    UpdateFirewallDeleteProtection (..),+    newUpdateFirewallDeleteProtection,++    -- * Request Lenses+    updateFirewallDeleteProtection_firewallArn,+    updateFirewallDeleteProtection_firewallName,+    updateFirewallDeleteProtection_updateToken,+    updateFirewallDeleteProtection_deleteProtection,++    -- * Destructuring the Response+    UpdateFirewallDeleteProtectionResponse (..),+    newUpdateFirewallDeleteProtectionResponse,++    -- * Response Lenses+    updateFirewallDeleteProtectionResponse_deleteProtection,+    updateFirewallDeleteProtectionResponse_firewallArn,+    updateFirewallDeleteProtectionResponse_firewallName,+    updateFirewallDeleteProtectionResponse_updateToken,+    updateFirewallDeleteProtectionResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUpdateFirewallDeleteProtection' smart constructor.+data UpdateFirewallDeleteProtection = UpdateFirewallDeleteProtection'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | A flag indicating whether it is possible to delete the firewall. A+    -- setting of @TRUE@ indicates that the firewall is protected against+    -- deletion. Use this setting to protect against accidentally deleting a+    -- firewall that is in use. When you create a firewall, the operation+    -- initializes this flag to @TRUE@.+    deleteProtection :: Prelude.Bool+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateFirewallDeleteProtection' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'updateFirewallDeleteProtection_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallName', 'updateFirewallDeleteProtection_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'updateToken', 'updateFirewallDeleteProtection_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'deleteProtection', 'updateFirewallDeleteProtection_deleteProtection' - A flag indicating whether it is possible to delete the firewall. A+-- setting of @TRUE@ indicates that the firewall is protected against+-- deletion. Use this setting to protect against accidentally deleting a+-- firewall that is in use. When you create a firewall, the operation+-- initializes this flag to @TRUE@.+newUpdateFirewallDeleteProtection ::+  -- | 'deleteProtection'+  Prelude.Bool ->+  UpdateFirewallDeleteProtection+newUpdateFirewallDeleteProtection pDeleteProtection_ =+  UpdateFirewallDeleteProtection'+    { firewallArn =+        Prelude.Nothing,+      firewallName = Prelude.Nothing,+      updateToken = Prelude.Nothing,+      deleteProtection = pDeleteProtection_+    }++-- | The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+updateFirewallDeleteProtection_firewallArn :: Lens.Lens' UpdateFirewallDeleteProtection (Prelude.Maybe Prelude.Text)+updateFirewallDeleteProtection_firewallArn = Lens.lens (\UpdateFirewallDeleteProtection' {firewallArn} -> firewallArn) (\s@UpdateFirewallDeleteProtection' {} a -> s {firewallArn = a} :: UpdateFirewallDeleteProtection)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+updateFirewallDeleteProtection_firewallName :: Lens.Lens' UpdateFirewallDeleteProtection (Prelude.Maybe Prelude.Text)+updateFirewallDeleteProtection_firewallName = Lens.lens (\UpdateFirewallDeleteProtection' {firewallName} -> firewallName) (\s@UpdateFirewallDeleteProtection' {} a -> s {firewallName = a} :: UpdateFirewallDeleteProtection)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+updateFirewallDeleteProtection_updateToken :: Lens.Lens' UpdateFirewallDeleteProtection (Prelude.Maybe Prelude.Text)+updateFirewallDeleteProtection_updateToken = Lens.lens (\UpdateFirewallDeleteProtection' {updateToken} -> updateToken) (\s@UpdateFirewallDeleteProtection' {} a -> s {updateToken = a} :: UpdateFirewallDeleteProtection)++-- | A flag indicating whether it is possible to delete the firewall. A+-- setting of @TRUE@ indicates that the firewall is protected against+-- deletion. Use this setting to protect against accidentally deleting a+-- firewall that is in use. When you create a firewall, the operation+-- initializes this flag to @TRUE@.+updateFirewallDeleteProtection_deleteProtection :: Lens.Lens' UpdateFirewallDeleteProtection Prelude.Bool+updateFirewallDeleteProtection_deleteProtection = Lens.lens (\UpdateFirewallDeleteProtection' {deleteProtection} -> deleteProtection) (\s@UpdateFirewallDeleteProtection' {} a -> s {deleteProtection = a} :: UpdateFirewallDeleteProtection)++instance+  Core.AWSRequest+    UpdateFirewallDeleteProtection+  where+  type+    AWSResponse UpdateFirewallDeleteProtection =+      UpdateFirewallDeleteProtectionResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          UpdateFirewallDeleteProtectionResponse'+            Prelude.<$> (x Data..?> "DeleteProtection")+            Prelude.<*> (x Data..?> "FirewallArn")+            Prelude.<*> (x Data..?> "FirewallName")+            Prelude.<*> (x Data..?> "UpdateToken")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance+  Prelude.Hashable+    UpdateFirewallDeleteProtection+  where+  hashWithSalt+    _salt+    UpdateFirewallDeleteProtection' {..} =+      _salt+        `Prelude.hashWithSalt` firewallArn+        `Prelude.hashWithSalt` firewallName+        `Prelude.hashWithSalt` updateToken+        `Prelude.hashWithSalt` deleteProtection++instance+  Prelude.NFData+    UpdateFirewallDeleteProtection+  where+  rnf UpdateFirewallDeleteProtection' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf deleteProtection++instance+  Data.ToHeaders+    UpdateFirewallDeleteProtection+  where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.UpdateFirewallDeleteProtection" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON UpdateFirewallDeleteProtection where+  toJSON UpdateFirewallDeleteProtection' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("FirewallArn" Data..=) Prelude.<$> firewallArn,+            ("FirewallName" Data..=) Prelude.<$> firewallName,+            ("UpdateToken" Data..=) Prelude.<$> updateToken,+            Prelude.Just+              ("DeleteProtection" Data..= deleteProtection)+          ]+      )++instance Data.ToPath UpdateFirewallDeleteProtection where+  toPath = Prelude.const "/"++instance Data.ToQuery UpdateFirewallDeleteProtection where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUpdateFirewallDeleteProtectionResponse' smart constructor.+data UpdateFirewallDeleteProtectionResponse = UpdateFirewallDeleteProtectionResponse'+  { -- | A flag indicating whether it is possible to delete the firewall. A+    -- setting of @TRUE@ indicates that the firewall is protected against+    -- deletion. Use this setting to protect against accidentally deleting a+    -- firewall that is in use. When you create a firewall, the operation+    -- initializes this flag to @TRUE@.+    deleteProtection :: Prelude.Maybe Prelude.Bool,+    -- | The Amazon Resource Name (ARN) of the firewall.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateFirewallDeleteProtectionResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'deleteProtection', 'updateFirewallDeleteProtectionResponse_deleteProtection' - A flag indicating whether it is possible to delete the firewall. A+-- setting of @TRUE@ indicates that the firewall is protected against+-- deletion. Use this setting to protect against accidentally deleting a+-- firewall that is in use. When you create a firewall, the operation+-- initializes this flag to @TRUE@.+--+-- 'firewallArn', 'updateFirewallDeleteProtectionResponse_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- 'firewallName', 'updateFirewallDeleteProtectionResponse_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- 'updateToken', 'updateFirewallDeleteProtectionResponse_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'httpStatus', 'updateFirewallDeleteProtectionResponse_httpStatus' - The response's http status code.+newUpdateFirewallDeleteProtectionResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  UpdateFirewallDeleteProtectionResponse+newUpdateFirewallDeleteProtectionResponse+  pHttpStatus_ =+    UpdateFirewallDeleteProtectionResponse'+      { deleteProtection =+          Prelude.Nothing,+        firewallArn = Prelude.Nothing,+        firewallName = Prelude.Nothing,+        updateToken = Prelude.Nothing,+        httpStatus = pHttpStatus_+      }++-- | A flag indicating whether it is possible to delete the firewall. A+-- setting of @TRUE@ indicates that the firewall is protected against+-- deletion. Use this setting to protect against accidentally deleting a+-- firewall that is in use. When you create a firewall, the operation+-- initializes this flag to @TRUE@.+updateFirewallDeleteProtectionResponse_deleteProtection :: Lens.Lens' UpdateFirewallDeleteProtectionResponse (Prelude.Maybe Prelude.Bool)+updateFirewallDeleteProtectionResponse_deleteProtection = Lens.lens (\UpdateFirewallDeleteProtectionResponse' {deleteProtection} -> deleteProtection) (\s@UpdateFirewallDeleteProtectionResponse' {} a -> s {deleteProtection = a} :: UpdateFirewallDeleteProtectionResponse)++-- | The Amazon Resource Name (ARN) of the firewall.+updateFirewallDeleteProtectionResponse_firewallArn :: Lens.Lens' UpdateFirewallDeleteProtectionResponse (Prelude.Maybe Prelude.Text)+updateFirewallDeleteProtectionResponse_firewallArn = Lens.lens (\UpdateFirewallDeleteProtectionResponse' {firewallArn} -> firewallArn) (\s@UpdateFirewallDeleteProtectionResponse' {} a -> s {firewallArn = a} :: UpdateFirewallDeleteProtectionResponse)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+updateFirewallDeleteProtectionResponse_firewallName :: Lens.Lens' UpdateFirewallDeleteProtectionResponse (Prelude.Maybe Prelude.Text)+updateFirewallDeleteProtectionResponse_firewallName = Lens.lens (\UpdateFirewallDeleteProtectionResponse' {firewallName} -> firewallName) (\s@UpdateFirewallDeleteProtectionResponse' {} a -> s {firewallName = a} :: UpdateFirewallDeleteProtectionResponse)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+updateFirewallDeleteProtectionResponse_updateToken :: Lens.Lens' UpdateFirewallDeleteProtectionResponse (Prelude.Maybe Prelude.Text)+updateFirewallDeleteProtectionResponse_updateToken = Lens.lens (\UpdateFirewallDeleteProtectionResponse' {updateToken} -> updateToken) (\s@UpdateFirewallDeleteProtectionResponse' {} a -> s {updateToken = a} :: UpdateFirewallDeleteProtectionResponse)++-- | The response's http status code.+updateFirewallDeleteProtectionResponse_httpStatus :: Lens.Lens' UpdateFirewallDeleteProtectionResponse Prelude.Int+updateFirewallDeleteProtectionResponse_httpStatus = Lens.lens (\UpdateFirewallDeleteProtectionResponse' {httpStatus} -> httpStatus) (\s@UpdateFirewallDeleteProtectionResponse' {} a -> s {httpStatus = a} :: UpdateFirewallDeleteProtectionResponse)++instance+  Prelude.NFData+    UpdateFirewallDeleteProtectionResponse+  where+  rnf UpdateFirewallDeleteProtectionResponse' {..} =+    Prelude.rnf deleteProtection+      `Prelude.seq` Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/UpdateFirewallDescription.hs view
@@ -0,0 +1,368 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.UpdateFirewallDescription+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Modifies the description for the specified firewall. Use the description+-- to help you identify the firewall when you\'re working with it.+module Amazonka.NetworkFirewall.UpdateFirewallDescription+  ( -- * Creating a Request+    UpdateFirewallDescription (..),+    newUpdateFirewallDescription,++    -- * Request Lenses+    updateFirewallDescription_description,+    updateFirewallDescription_firewallArn,+    updateFirewallDescription_firewallName,+    updateFirewallDescription_updateToken,++    -- * Destructuring the Response+    UpdateFirewallDescriptionResponse (..),+    newUpdateFirewallDescriptionResponse,++    -- * Response Lenses+    updateFirewallDescriptionResponse_description,+    updateFirewallDescriptionResponse_firewallArn,+    updateFirewallDescriptionResponse_firewallName,+    updateFirewallDescriptionResponse_updateToken,+    updateFirewallDescriptionResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUpdateFirewallDescription' smart constructor.+data UpdateFirewallDescription = UpdateFirewallDescription'+  { -- | The new description for the firewall. If you omit this setting, Network+    -- Firewall removes the description for the firewall.+    description :: Prelude.Maybe Prelude.Text,+    -- | The Amazon Resource Name (ARN) of the firewall.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateFirewallDescription' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'description', 'updateFirewallDescription_description' - The new description for the firewall. If you omit this setting, Network+-- Firewall removes the description for the firewall.+--+-- 'firewallArn', 'updateFirewallDescription_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallName', 'updateFirewallDescription_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'updateToken', 'updateFirewallDescription_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+newUpdateFirewallDescription ::+  UpdateFirewallDescription+newUpdateFirewallDescription =+  UpdateFirewallDescription'+    { description =+        Prelude.Nothing,+      firewallArn = Prelude.Nothing,+      firewallName = Prelude.Nothing,+      updateToken = Prelude.Nothing+    }++-- | The new description for the firewall. If you omit this setting, Network+-- Firewall removes the description for the firewall.+updateFirewallDescription_description :: Lens.Lens' UpdateFirewallDescription (Prelude.Maybe Prelude.Text)+updateFirewallDescription_description = Lens.lens (\UpdateFirewallDescription' {description} -> description) (\s@UpdateFirewallDescription' {} a -> s {description = a} :: UpdateFirewallDescription)++-- | The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+updateFirewallDescription_firewallArn :: Lens.Lens' UpdateFirewallDescription (Prelude.Maybe Prelude.Text)+updateFirewallDescription_firewallArn = Lens.lens (\UpdateFirewallDescription' {firewallArn} -> firewallArn) (\s@UpdateFirewallDescription' {} a -> s {firewallArn = a} :: UpdateFirewallDescription)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+updateFirewallDescription_firewallName :: Lens.Lens' UpdateFirewallDescription (Prelude.Maybe Prelude.Text)+updateFirewallDescription_firewallName = Lens.lens (\UpdateFirewallDescription' {firewallName} -> firewallName) (\s@UpdateFirewallDescription' {} a -> s {firewallName = a} :: UpdateFirewallDescription)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+updateFirewallDescription_updateToken :: Lens.Lens' UpdateFirewallDescription (Prelude.Maybe Prelude.Text)+updateFirewallDescription_updateToken = Lens.lens (\UpdateFirewallDescription' {updateToken} -> updateToken) (\s@UpdateFirewallDescription' {} a -> s {updateToken = a} :: UpdateFirewallDescription)++instance Core.AWSRequest UpdateFirewallDescription where+  type+    AWSResponse UpdateFirewallDescription =+      UpdateFirewallDescriptionResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          UpdateFirewallDescriptionResponse'+            Prelude.<$> (x Data..?> "Description")+            Prelude.<*> (x Data..?> "FirewallArn")+            Prelude.<*> (x Data..?> "FirewallName")+            Prelude.<*> (x Data..?> "UpdateToken")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable UpdateFirewallDescription where+  hashWithSalt _salt UpdateFirewallDescription' {..} =+    _salt+      `Prelude.hashWithSalt` description+      `Prelude.hashWithSalt` firewallArn+      `Prelude.hashWithSalt` firewallName+      `Prelude.hashWithSalt` updateToken++instance Prelude.NFData UpdateFirewallDescription where+  rnf UpdateFirewallDescription' {..} =+    Prelude.rnf description+      `Prelude.seq` Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf updateToken++instance Data.ToHeaders UpdateFirewallDescription where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.UpdateFirewallDescription" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON UpdateFirewallDescription where+  toJSON UpdateFirewallDescription' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("Description" Data..=) Prelude.<$> description,+            ("FirewallArn" Data..=) Prelude.<$> firewallArn,+            ("FirewallName" Data..=) Prelude.<$> firewallName,+            ("UpdateToken" Data..=) Prelude.<$> updateToken+          ]+      )++instance Data.ToPath UpdateFirewallDescription where+  toPath = Prelude.const "/"++instance Data.ToQuery UpdateFirewallDescription where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUpdateFirewallDescriptionResponse' smart constructor.+data UpdateFirewallDescriptionResponse = UpdateFirewallDescriptionResponse'+  { -- | A description of the firewall.+    description :: Prelude.Maybe Prelude.Text,+    -- | The Amazon Resource Name (ARN) of the firewall.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateFirewallDescriptionResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'description', 'updateFirewallDescriptionResponse_description' - A description of the firewall.+--+-- 'firewallArn', 'updateFirewallDescriptionResponse_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- 'firewallName', 'updateFirewallDescriptionResponse_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- 'updateToken', 'updateFirewallDescriptionResponse_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'httpStatus', 'updateFirewallDescriptionResponse_httpStatus' - The response's http status code.+newUpdateFirewallDescriptionResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  UpdateFirewallDescriptionResponse+newUpdateFirewallDescriptionResponse pHttpStatus_ =+  UpdateFirewallDescriptionResponse'+    { description =+        Prelude.Nothing,+      firewallArn = Prelude.Nothing,+      firewallName = Prelude.Nothing,+      updateToken = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | A description of the firewall.+updateFirewallDescriptionResponse_description :: Lens.Lens' UpdateFirewallDescriptionResponse (Prelude.Maybe Prelude.Text)+updateFirewallDescriptionResponse_description = Lens.lens (\UpdateFirewallDescriptionResponse' {description} -> description) (\s@UpdateFirewallDescriptionResponse' {} a -> s {description = a} :: UpdateFirewallDescriptionResponse)++-- | The Amazon Resource Name (ARN) of the firewall.+updateFirewallDescriptionResponse_firewallArn :: Lens.Lens' UpdateFirewallDescriptionResponse (Prelude.Maybe Prelude.Text)+updateFirewallDescriptionResponse_firewallArn = Lens.lens (\UpdateFirewallDescriptionResponse' {firewallArn} -> firewallArn) (\s@UpdateFirewallDescriptionResponse' {} a -> s {firewallArn = a} :: UpdateFirewallDescriptionResponse)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+updateFirewallDescriptionResponse_firewallName :: Lens.Lens' UpdateFirewallDescriptionResponse (Prelude.Maybe Prelude.Text)+updateFirewallDescriptionResponse_firewallName = Lens.lens (\UpdateFirewallDescriptionResponse' {firewallName} -> firewallName) (\s@UpdateFirewallDescriptionResponse' {} a -> s {firewallName = a} :: UpdateFirewallDescriptionResponse)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+updateFirewallDescriptionResponse_updateToken :: Lens.Lens' UpdateFirewallDescriptionResponse (Prelude.Maybe Prelude.Text)+updateFirewallDescriptionResponse_updateToken = Lens.lens (\UpdateFirewallDescriptionResponse' {updateToken} -> updateToken) (\s@UpdateFirewallDescriptionResponse' {} a -> s {updateToken = a} :: UpdateFirewallDescriptionResponse)++-- | The response's http status code.+updateFirewallDescriptionResponse_httpStatus :: Lens.Lens' UpdateFirewallDescriptionResponse Prelude.Int+updateFirewallDescriptionResponse_httpStatus = Lens.lens (\UpdateFirewallDescriptionResponse' {httpStatus} -> httpStatus) (\s@UpdateFirewallDescriptionResponse' {} a -> s {httpStatus = a} :: UpdateFirewallDescriptionResponse)++instance+  Prelude.NFData+    UpdateFirewallDescriptionResponse+  where+  rnf UpdateFirewallDescriptionResponse' {..} =+    Prelude.rnf description+      `Prelude.seq` Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/UpdateFirewallEncryptionConfiguration.hs view
@@ -0,0 +1,381 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.UpdateFirewallEncryptionConfiguration+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- A complex type that contains settings for encryption of your firewall+-- resources.+module Amazonka.NetworkFirewall.UpdateFirewallEncryptionConfiguration+  ( -- * Creating a Request+    UpdateFirewallEncryptionConfiguration (..),+    newUpdateFirewallEncryptionConfiguration,++    -- * Request Lenses+    updateFirewallEncryptionConfiguration_encryptionConfiguration,+    updateFirewallEncryptionConfiguration_firewallArn,+    updateFirewallEncryptionConfiguration_firewallName,+    updateFirewallEncryptionConfiguration_updateToken,++    -- * Destructuring the Response+    UpdateFirewallEncryptionConfigurationResponse (..),+    newUpdateFirewallEncryptionConfigurationResponse,++    -- * Response Lenses+    updateFirewallEncryptionConfigurationResponse_encryptionConfiguration,+    updateFirewallEncryptionConfigurationResponse_firewallArn,+    updateFirewallEncryptionConfigurationResponse_firewallName,+    updateFirewallEncryptionConfigurationResponse_updateToken,+    updateFirewallEncryptionConfigurationResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUpdateFirewallEncryptionConfiguration' smart constructor.+data UpdateFirewallEncryptionConfiguration = UpdateFirewallEncryptionConfiguration'+  { encryptionConfiguration :: Prelude.Maybe EncryptionConfiguration,+    -- | The Amazon Resource Name (ARN) of the firewall.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateFirewallEncryptionConfiguration' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'encryptionConfiguration', 'updateFirewallEncryptionConfiguration_encryptionConfiguration' - Undocumented member.+--+-- 'firewallArn', 'updateFirewallEncryptionConfiguration_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- 'firewallName', 'updateFirewallEncryptionConfiguration_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- 'updateToken', 'updateFirewallEncryptionConfiguration_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+newUpdateFirewallEncryptionConfiguration ::+  UpdateFirewallEncryptionConfiguration+newUpdateFirewallEncryptionConfiguration =+  UpdateFirewallEncryptionConfiguration'+    { encryptionConfiguration =+        Prelude.Nothing,+      firewallArn = Prelude.Nothing,+      firewallName = Prelude.Nothing,+      updateToken = Prelude.Nothing+    }++-- | Undocumented member.+updateFirewallEncryptionConfiguration_encryptionConfiguration :: Lens.Lens' UpdateFirewallEncryptionConfiguration (Prelude.Maybe EncryptionConfiguration)+updateFirewallEncryptionConfiguration_encryptionConfiguration = Lens.lens (\UpdateFirewallEncryptionConfiguration' {encryptionConfiguration} -> encryptionConfiguration) (\s@UpdateFirewallEncryptionConfiguration' {} a -> s {encryptionConfiguration = a} :: UpdateFirewallEncryptionConfiguration)++-- | The Amazon Resource Name (ARN) of the firewall.+updateFirewallEncryptionConfiguration_firewallArn :: Lens.Lens' UpdateFirewallEncryptionConfiguration (Prelude.Maybe Prelude.Text)+updateFirewallEncryptionConfiguration_firewallArn = Lens.lens (\UpdateFirewallEncryptionConfiguration' {firewallArn} -> firewallArn) (\s@UpdateFirewallEncryptionConfiguration' {} a -> s {firewallArn = a} :: UpdateFirewallEncryptionConfiguration)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+updateFirewallEncryptionConfiguration_firewallName :: Lens.Lens' UpdateFirewallEncryptionConfiguration (Prelude.Maybe Prelude.Text)+updateFirewallEncryptionConfiguration_firewallName = Lens.lens (\UpdateFirewallEncryptionConfiguration' {firewallName} -> firewallName) (\s@UpdateFirewallEncryptionConfiguration' {} a -> s {firewallName = a} :: UpdateFirewallEncryptionConfiguration)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+updateFirewallEncryptionConfiguration_updateToken :: Lens.Lens' UpdateFirewallEncryptionConfiguration (Prelude.Maybe Prelude.Text)+updateFirewallEncryptionConfiguration_updateToken = Lens.lens (\UpdateFirewallEncryptionConfiguration' {updateToken} -> updateToken) (\s@UpdateFirewallEncryptionConfiguration' {} a -> s {updateToken = a} :: UpdateFirewallEncryptionConfiguration)++instance+  Core.AWSRequest+    UpdateFirewallEncryptionConfiguration+  where+  type+    AWSResponse+      UpdateFirewallEncryptionConfiguration =+      UpdateFirewallEncryptionConfigurationResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          UpdateFirewallEncryptionConfigurationResponse'+            Prelude.<$> (x Data..?> "EncryptionConfiguration")+            Prelude.<*> (x Data..?> "FirewallArn")+            Prelude.<*> (x Data..?> "FirewallName")+            Prelude.<*> (x Data..?> "UpdateToken")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance+  Prelude.Hashable+    UpdateFirewallEncryptionConfiguration+  where+  hashWithSalt+    _salt+    UpdateFirewallEncryptionConfiguration' {..} =+      _salt+        `Prelude.hashWithSalt` encryptionConfiguration+        `Prelude.hashWithSalt` firewallArn+        `Prelude.hashWithSalt` firewallName+        `Prelude.hashWithSalt` updateToken++instance+  Prelude.NFData+    UpdateFirewallEncryptionConfiguration+  where+  rnf UpdateFirewallEncryptionConfiguration' {..} =+    Prelude.rnf encryptionConfiguration+      `Prelude.seq` Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf updateToken++instance+  Data.ToHeaders+    UpdateFirewallEncryptionConfiguration+  where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.UpdateFirewallEncryptionConfiguration" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance+  Data.ToJSON+    UpdateFirewallEncryptionConfiguration+  where+  toJSON UpdateFirewallEncryptionConfiguration' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("EncryptionConfiguration" Data..=)+              Prelude.<$> encryptionConfiguration,+            ("FirewallArn" Data..=) Prelude.<$> firewallArn,+            ("FirewallName" Data..=) Prelude.<$> firewallName,+            ("UpdateToken" Data..=) Prelude.<$> updateToken+          ]+      )++instance+  Data.ToPath+    UpdateFirewallEncryptionConfiguration+  where+  toPath = Prelude.const "/"++instance+  Data.ToQuery+    UpdateFirewallEncryptionConfiguration+  where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUpdateFirewallEncryptionConfigurationResponse' smart constructor.+data UpdateFirewallEncryptionConfigurationResponse = UpdateFirewallEncryptionConfigurationResponse'+  { encryptionConfiguration :: Prelude.Maybe EncryptionConfiguration,+    -- | The Amazon Resource Name (ARN) of the firewall.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateFirewallEncryptionConfigurationResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'encryptionConfiguration', 'updateFirewallEncryptionConfigurationResponse_encryptionConfiguration' - Undocumented member.+--+-- 'firewallArn', 'updateFirewallEncryptionConfigurationResponse_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- 'firewallName', 'updateFirewallEncryptionConfigurationResponse_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- 'updateToken', 'updateFirewallEncryptionConfigurationResponse_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'httpStatus', 'updateFirewallEncryptionConfigurationResponse_httpStatus' - The response's http status code.+newUpdateFirewallEncryptionConfigurationResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  UpdateFirewallEncryptionConfigurationResponse+newUpdateFirewallEncryptionConfigurationResponse+  pHttpStatus_ =+    UpdateFirewallEncryptionConfigurationResponse'+      { encryptionConfiguration =+          Prelude.Nothing,+        firewallArn =+          Prelude.Nothing,+        firewallName =+          Prelude.Nothing,+        updateToken =+          Prelude.Nothing,+        httpStatus = pHttpStatus_+      }++-- | Undocumented member.+updateFirewallEncryptionConfigurationResponse_encryptionConfiguration :: Lens.Lens' UpdateFirewallEncryptionConfigurationResponse (Prelude.Maybe EncryptionConfiguration)+updateFirewallEncryptionConfigurationResponse_encryptionConfiguration = Lens.lens (\UpdateFirewallEncryptionConfigurationResponse' {encryptionConfiguration} -> encryptionConfiguration) (\s@UpdateFirewallEncryptionConfigurationResponse' {} a -> s {encryptionConfiguration = a} :: UpdateFirewallEncryptionConfigurationResponse)++-- | The Amazon Resource Name (ARN) of the firewall.+updateFirewallEncryptionConfigurationResponse_firewallArn :: Lens.Lens' UpdateFirewallEncryptionConfigurationResponse (Prelude.Maybe Prelude.Text)+updateFirewallEncryptionConfigurationResponse_firewallArn = Lens.lens (\UpdateFirewallEncryptionConfigurationResponse' {firewallArn} -> firewallArn) (\s@UpdateFirewallEncryptionConfigurationResponse' {} a -> s {firewallArn = a} :: UpdateFirewallEncryptionConfigurationResponse)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+updateFirewallEncryptionConfigurationResponse_firewallName :: Lens.Lens' UpdateFirewallEncryptionConfigurationResponse (Prelude.Maybe Prelude.Text)+updateFirewallEncryptionConfigurationResponse_firewallName = Lens.lens (\UpdateFirewallEncryptionConfigurationResponse' {firewallName} -> firewallName) (\s@UpdateFirewallEncryptionConfigurationResponse' {} a -> s {firewallName = a} :: UpdateFirewallEncryptionConfigurationResponse)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+updateFirewallEncryptionConfigurationResponse_updateToken :: Lens.Lens' UpdateFirewallEncryptionConfigurationResponse (Prelude.Maybe Prelude.Text)+updateFirewallEncryptionConfigurationResponse_updateToken = Lens.lens (\UpdateFirewallEncryptionConfigurationResponse' {updateToken} -> updateToken) (\s@UpdateFirewallEncryptionConfigurationResponse' {} a -> s {updateToken = a} :: UpdateFirewallEncryptionConfigurationResponse)++-- | The response's http status code.+updateFirewallEncryptionConfigurationResponse_httpStatus :: Lens.Lens' UpdateFirewallEncryptionConfigurationResponse Prelude.Int+updateFirewallEncryptionConfigurationResponse_httpStatus = Lens.lens (\UpdateFirewallEncryptionConfigurationResponse' {httpStatus} -> httpStatus) (\s@UpdateFirewallEncryptionConfigurationResponse' {} a -> s {httpStatus = a} :: UpdateFirewallEncryptionConfigurationResponse)++instance+  Prelude.NFData+    UpdateFirewallEncryptionConfigurationResponse+  where+  rnf+    UpdateFirewallEncryptionConfigurationResponse' {..} =+      Prelude.rnf encryptionConfiguration+        `Prelude.seq` Prelude.rnf firewallArn+        `Prelude.seq` Prelude.rnf firewallName+        `Prelude.seq` Prelude.rnf updateToken+        `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/UpdateFirewallPolicy.hs view
@@ -0,0 +1,400 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.UpdateFirewallPolicy+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Updates the properties of the specified firewall policy.+module Amazonka.NetworkFirewall.UpdateFirewallPolicy+  ( -- * Creating a Request+    UpdateFirewallPolicy (..),+    newUpdateFirewallPolicy,++    -- * Request Lenses+    updateFirewallPolicy_description,+    updateFirewallPolicy_dryRun,+    updateFirewallPolicy_encryptionConfiguration,+    updateFirewallPolicy_firewallPolicyArn,+    updateFirewallPolicy_firewallPolicyName,+    updateFirewallPolicy_updateToken,+    updateFirewallPolicy_firewallPolicy,++    -- * Destructuring the Response+    UpdateFirewallPolicyResponse (..),+    newUpdateFirewallPolicyResponse,++    -- * Response Lenses+    updateFirewallPolicyResponse_httpStatus,+    updateFirewallPolicyResponse_updateToken,+    updateFirewallPolicyResponse_firewallPolicyResponse,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUpdateFirewallPolicy' smart constructor.+data UpdateFirewallPolicy = UpdateFirewallPolicy'+  { -- | A description of the firewall policy.+    description :: Prelude.Maybe Prelude.Text,+    -- | Indicates whether you want Network Firewall to just check the validity+    -- of the request, rather than run the request.+    --+    -- If set to @TRUE@, Network Firewall checks whether the request can run+    -- successfully, but doesn\'t actually make the requested changes. The call+    -- returns the value that the request would return if you ran it with dry+    -- run set to @FALSE@, but doesn\'t make additions or changes to your+    -- resources. This option allows you to make sure that you have the+    -- required permissions to run the request and that your request parameters+    -- are valid.+    --+    -- If set to @FALSE@, Network Firewall makes the requested changes to your+    -- resources.+    dryRun :: Prelude.Maybe Prelude.Bool,+    -- | A complex type that contains settings for encryption of your firewall+    -- policy resources.+    encryptionConfiguration :: Prelude.Maybe EncryptionConfiguration,+    -- | The Amazon Resource Name (ARN) of the firewall policy.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallPolicyArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall policy. You can\'t change the name+    -- of a firewall policy after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallPolicyName :: Prelude.Maybe Prelude.Text,+    -- | A token used for optimistic locking. Network Firewall returns a token to+    -- your requests that access the firewall policy. The token marks the state+    -- of the policy resource at the time of the request.+    --+    -- To make changes to the policy, you provide the token in your request.+    -- Network Firewall uses the token to ensure that the policy hasn\'t+    -- changed since you last retrieved it. If it has changed, the operation+    -- fails with an @InvalidTokenException@. If this happens, retrieve the+    -- firewall policy again to get a current copy of it with current token.+    -- Reapply your changes as needed, then try the operation again using the+    -- new token.+    updateToken :: Prelude.Text,+    -- | The updated firewall policy to use for the firewall.+    firewallPolicy :: FirewallPolicy+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateFirewallPolicy' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'description', 'updateFirewallPolicy_description' - A description of the firewall policy.+--+-- 'dryRun', 'updateFirewallPolicy_dryRun' - Indicates whether you want Network Firewall to just check the validity+-- of the request, rather than run the request.+--+-- If set to @TRUE@, Network Firewall checks whether the request can run+-- successfully, but doesn\'t actually make the requested changes. The call+-- returns the value that the request would return if you ran it with dry+-- run set to @FALSE@, but doesn\'t make additions or changes to your+-- resources. This option allows you to make sure that you have the+-- required permissions to run the request and that your request parameters+-- are valid.+--+-- If set to @FALSE@, Network Firewall makes the requested changes to your+-- resources.+--+-- 'encryptionConfiguration', 'updateFirewallPolicy_encryptionConfiguration' - A complex type that contains settings for encryption of your firewall+-- policy resources.+--+-- 'firewallPolicyArn', 'updateFirewallPolicy_firewallPolicyArn' - The Amazon Resource Name (ARN) of the firewall policy.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallPolicyName', 'updateFirewallPolicy_firewallPolicyName' - The descriptive name of the firewall policy. You can\'t change the name+-- of a firewall policy after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'updateToken', 'updateFirewallPolicy_updateToken' - A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the firewall policy. The token marks the state+-- of the policy resource at the time of the request.+--+-- To make changes to the policy, you provide the token in your request.+-- Network Firewall uses the token to ensure that the policy hasn\'t+-- changed since you last retrieved it. If it has changed, the operation+-- fails with an @InvalidTokenException@. If this happens, retrieve the+-- firewall policy again to get a current copy of it with current token.+-- Reapply your changes as needed, then try the operation again using the+-- new token.+--+-- 'firewallPolicy', 'updateFirewallPolicy_firewallPolicy' - The updated firewall policy to use for the firewall.+newUpdateFirewallPolicy ::+  -- | 'updateToken'+  Prelude.Text ->+  -- | 'firewallPolicy'+  FirewallPolicy ->+  UpdateFirewallPolicy+newUpdateFirewallPolicy+  pUpdateToken_+  pFirewallPolicy_ =+    UpdateFirewallPolicy'+      { description =+          Prelude.Nothing,+        dryRun = Prelude.Nothing,+        encryptionConfiguration = Prelude.Nothing,+        firewallPolicyArn = Prelude.Nothing,+        firewallPolicyName = Prelude.Nothing,+        updateToken = pUpdateToken_,+        firewallPolicy = pFirewallPolicy_+      }++-- | A description of the firewall policy.+updateFirewallPolicy_description :: Lens.Lens' UpdateFirewallPolicy (Prelude.Maybe Prelude.Text)+updateFirewallPolicy_description = Lens.lens (\UpdateFirewallPolicy' {description} -> description) (\s@UpdateFirewallPolicy' {} a -> s {description = a} :: UpdateFirewallPolicy)++-- | Indicates whether you want Network Firewall to just check the validity+-- of the request, rather than run the request.+--+-- If set to @TRUE@, Network Firewall checks whether the request can run+-- successfully, but doesn\'t actually make the requested changes. The call+-- returns the value that the request would return if you ran it with dry+-- run set to @FALSE@, but doesn\'t make additions or changes to your+-- resources. This option allows you to make sure that you have the+-- required permissions to run the request and that your request parameters+-- are valid.+--+-- If set to @FALSE@, Network Firewall makes the requested changes to your+-- resources.+updateFirewallPolicy_dryRun :: Lens.Lens' UpdateFirewallPolicy (Prelude.Maybe Prelude.Bool)+updateFirewallPolicy_dryRun = Lens.lens (\UpdateFirewallPolicy' {dryRun} -> dryRun) (\s@UpdateFirewallPolicy' {} a -> s {dryRun = a} :: UpdateFirewallPolicy)++-- | A complex type that contains settings for encryption of your firewall+-- policy resources.+updateFirewallPolicy_encryptionConfiguration :: Lens.Lens' UpdateFirewallPolicy (Prelude.Maybe EncryptionConfiguration)+updateFirewallPolicy_encryptionConfiguration = Lens.lens (\UpdateFirewallPolicy' {encryptionConfiguration} -> encryptionConfiguration) (\s@UpdateFirewallPolicy' {} a -> s {encryptionConfiguration = a} :: UpdateFirewallPolicy)++-- | The Amazon Resource Name (ARN) of the firewall policy.+--+-- You must specify the ARN or the name, and you can specify both.+updateFirewallPolicy_firewallPolicyArn :: Lens.Lens' UpdateFirewallPolicy (Prelude.Maybe Prelude.Text)+updateFirewallPolicy_firewallPolicyArn = Lens.lens (\UpdateFirewallPolicy' {firewallPolicyArn} -> firewallPolicyArn) (\s@UpdateFirewallPolicy' {} a -> s {firewallPolicyArn = a} :: UpdateFirewallPolicy)++-- | The descriptive name of the firewall policy. You can\'t change the name+-- of a firewall policy after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+updateFirewallPolicy_firewallPolicyName :: Lens.Lens' UpdateFirewallPolicy (Prelude.Maybe Prelude.Text)+updateFirewallPolicy_firewallPolicyName = Lens.lens (\UpdateFirewallPolicy' {firewallPolicyName} -> firewallPolicyName) (\s@UpdateFirewallPolicy' {} a -> s {firewallPolicyName = a} :: UpdateFirewallPolicy)++-- | A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the firewall policy. The token marks the state+-- of the policy resource at the time of the request.+--+-- To make changes to the policy, you provide the token in your request.+-- Network Firewall uses the token to ensure that the policy hasn\'t+-- changed since you last retrieved it. If it has changed, the operation+-- fails with an @InvalidTokenException@. If this happens, retrieve the+-- firewall policy again to get a current copy of it with current token.+-- Reapply your changes as needed, then try the operation again using the+-- new token.+updateFirewallPolicy_updateToken :: Lens.Lens' UpdateFirewallPolicy Prelude.Text+updateFirewallPolicy_updateToken = Lens.lens (\UpdateFirewallPolicy' {updateToken} -> updateToken) (\s@UpdateFirewallPolicy' {} a -> s {updateToken = a} :: UpdateFirewallPolicy)++-- | The updated firewall policy to use for the firewall.+updateFirewallPolicy_firewallPolicy :: Lens.Lens' UpdateFirewallPolicy FirewallPolicy+updateFirewallPolicy_firewallPolicy = Lens.lens (\UpdateFirewallPolicy' {firewallPolicy} -> firewallPolicy) (\s@UpdateFirewallPolicy' {} a -> s {firewallPolicy = a} :: UpdateFirewallPolicy)++instance Core.AWSRequest UpdateFirewallPolicy where+  type+    AWSResponse UpdateFirewallPolicy =+      UpdateFirewallPolicyResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          UpdateFirewallPolicyResponse'+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+            Prelude.<*> (x Data..:> "UpdateToken")+            Prelude.<*> (x Data..:> "FirewallPolicyResponse")+      )++instance Prelude.Hashable UpdateFirewallPolicy where+  hashWithSalt _salt UpdateFirewallPolicy' {..} =+    _salt+      `Prelude.hashWithSalt` description+      `Prelude.hashWithSalt` dryRun+      `Prelude.hashWithSalt` encryptionConfiguration+      `Prelude.hashWithSalt` firewallPolicyArn+      `Prelude.hashWithSalt` firewallPolicyName+      `Prelude.hashWithSalt` updateToken+      `Prelude.hashWithSalt` firewallPolicy++instance Prelude.NFData UpdateFirewallPolicy where+  rnf UpdateFirewallPolicy' {..} =+    Prelude.rnf description+      `Prelude.seq` Prelude.rnf dryRun+      `Prelude.seq` Prelude.rnf encryptionConfiguration+      `Prelude.seq` Prelude.rnf firewallPolicyArn+      `Prelude.seq` Prelude.rnf firewallPolicyName+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf firewallPolicy++instance Data.ToHeaders UpdateFirewallPolicy where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.UpdateFirewallPolicy" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON UpdateFirewallPolicy where+  toJSON UpdateFirewallPolicy' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("Description" Data..=) Prelude.<$> description,+            ("DryRun" Data..=) Prelude.<$> dryRun,+            ("EncryptionConfiguration" Data..=)+              Prelude.<$> encryptionConfiguration,+            ("FirewallPolicyArn" Data..=)+              Prelude.<$> firewallPolicyArn,+            ("FirewallPolicyName" Data..=)+              Prelude.<$> firewallPolicyName,+            Prelude.Just ("UpdateToken" Data..= updateToken),+            Prelude.Just+              ("FirewallPolicy" Data..= firewallPolicy)+          ]+      )++instance Data.ToPath UpdateFirewallPolicy where+  toPath = Prelude.const "/"++instance Data.ToQuery UpdateFirewallPolicy where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUpdateFirewallPolicyResponse' smart constructor.+data UpdateFirewallPolicyResponse = UpdateFirewallPolicyResponse'+  { -- | The response's http status code.+    httpStatus :: Prelude.Int,+    -- | A token used for optimistic locking. Network Firewall returns a token to+    -- your requests that access the firewall policy. The token marks the state+    -- of the policy resource at the time of the request.+    --+    -- To make changes to the policy, you provide the token in your request.+    -- Network Firewall uses the token to ensure that the policy hasn\'t+    -- changed since you last retrieved it. If it has changed, the operation+    -- fails with an @InvalidTokenException@. If this happens, retrieve the+    -- firewall policy again to get a current copy of it with current token.+    -- Reapply your changes as needed, then try the operation again using the+    -- new token.+    updateToken :: Prelude.Text,+    -- | The high-level properties of a firewall policy. This, along with the+    -- FirewallPolicy, define the policy. You can retrieve all objects for a+    -- firewall policy by calling DescribeFirewallPolicy.+    firewallPolicyResponse :: FirewallPolicyResponse+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateFirewallPolicyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'updateFirewallPolicyResponse_httpStatus' - The response's http status code.+--+-- 'updateToken', 'updateFirewallPolicyResponse_updateToken' - A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the firewall policy. The token marks the state+-- of the policy resource at the time of the request.+--+-- To make changes to the policy, you provide the token in your request.+-- Network Firewall uses the token to ensure that the policy hasn\'t+-- changed since you last retrieved it. If it has changed, the operation+-- fails with an @InvalidTokenException@. If this happens, retrieve the+-- firewall policy again to get a current copy of it with current token.+-- Reapply your changes as needed, then try the operation again using the+-- new token.+--+-- 'firewallPolicyResponse', 'updateFirewallPolicyResponse_firewallPolicyResponse' - The high-level properties of a firewall policy. This, along with the+-- FirewallPolicy, define the policy. You can retrieve all objects for a+-- firewall policy by calling DescribeFirewallPolicy.+newUpdateFirewallPolicyResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  -- | 'updateToken'+  Prelude.Text ->+  -- | 'firewallPolicyResponse'+  FirewallPolicyResponse ->+  UpdateFirewallPolicyResponse+newUpdateFirewallPolicyResponse+  pHttpStatus_+  pUpdateToken_+  pFirewallPolicyResponse_ =+    UpdateFirewallPolicyResponse'+      { httpStatus =+          pHttpStatus_,+        updateToken = pUpdateToken_,+        firewallPolicyResponse =+          pFirewallPolicyResponse_+      }++-- | The response's http status code.+updateFirewallPolicyResponse_httpStatus :: Lens.Lens' UpdateFirewallPolicyResponse Prelude.Int+updateFirewallPolicyResponse_httpStatus = Lens.lens (\UpdateFirewallPolicyResponse' {httpStatus} -> httpStatus) (\s@UpdateFirewallPolicyResponse' {} a -> s {httpStatus = a} :: UpdateFirewallPolicyResponse)++-- | A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the firewall policy. The token marks the state+-- of the policy resource at the time of the request.+--+-- To make changes to the policy, you provide the token in your request.+-- Network Firewall uses the token to ensure that the policy hasn\'t+-- changed since you last retrieved it. If it has changed, the operation+-- fails with an @InvalidTokenException@. If this happens, retrieve the+-- firewall policy again to get a current copy of it with current token.+-- Reapply your changes as needed, then try the operation again using the+-- new token.+updateFirewallPolicyResponse_updateToken :: Lens.Lens' UpdateFirewallPolicyResponse Prelude.Text+updateFirewallPolicyResponse_updateToken = Lens.lens (\UpdateFirewallPolicyResponse' {updateToken} -> updateToken) (\s@UpdateFirewallPolicyResponse' {} a -> s {updateToken = a} :: UpdateFirewallPolicyResponse)++-- | The high-level properties of a firewall policy. This, along with the+-- FirewallPolicy, define the policy. You can retrieve all objects for a+-- firewall policy by calling DescribeFirewallPolicy.+updateFirewallPolicyResponse_firewallPolicyResponse :: Lens.Lens' UpdateFirewallPolicyResponse FirewallPolicyResponse+updateFirewallPolicyResponse_firewallPolicyResponse = Lens.lens (\UpdateFirewallPolicyResponse' {firewallPolicyResponse} -> firewallPolicyResponse) (\s@UpdateFirewallPolicyResponse' {} a -> s {firewallPolicyResponse = a} :: UpdateFirewallPolicyResponse)++instance Prelude.NFData UpdateFirewallPolicyResponse where+  rnf UpdateFirewallPolicyResponse' {..} =+    Prelude.rnf httpStatus+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf firewallPolicyResponse
+ gen/Amazonka/NetworkFirewall/UpdateFirewallPolicyChangeProtection.hs view
@@ -0,0 +1,424 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.UpdateFirewallPolicyChangeProtection+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Modifies the flag, @ChangeProtection@, which indicates whether it is+-- possible to change the firewall. If the flag is set to @TRUE@, the+-- firewall is protected from changes. This setting helps protect against+-- accidentally changing a firewall that\'s in use.+module Amazonka.NetworkFirewall.UpdateFirewallPolicyChangeProtection+  ( -- * Creating a Request+    UpdateFirewallPolicyChangeProtection (..),+    newUpdateFirewallPolicyChangeProtection,++    -- * Request Lenses+    updateFirewallPolicyChangeProtection_firewallArn,+    updateFirewallPolicyChangeProtection_firewallName,+    updateFirewallPolicyChangeProtection_updateToken,+    updateFirewallPolicyChangeProtection_firewallPolicyChangeProtection,++    -- * Destructuring the Response+    UpdateFirewallPolicyChangeProtectionResponse (..),+    newUpdateFirewallPolicyChangeProtectionResponse,++    -- * Response Lenses+    updateFirewallPolicyChangeProtectionResponse_firewallArn,+    updateFirewallPolicyChangeProtectionResponse_firewallName,+    updateFirewallPolicyChangeProtectionResponse_firewallPolicyChangeProtection,+    updateFirewallPolicyChangeProtectionResponse_updateToken,+    updateFirewallPolicyChangeProtectionResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUpdateFirewallPolicyChangeProtection' smart constructor.+data UpdateFirewallPolicyChangeProtection = UpdateFirewallPolicyChangeProtection'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | A setting indicating whether the firewall is protected against a change+    -- to the firewall policy association. Use this setting to protect against+    -- accidentally modifying the firewall policy for a firewall that is in+    -- use. When you create a firewall, the operation initializes this setting+    -- to @TRUE@.+    firewallPolicyChangeProtection :: Prelude.Bool+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateFirewallPolicyChangeProtection' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'updateFirewallPolicyChangeProtection_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallName', 'updateFirewallPolicyChangeProtection_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'updateToken', 'updateFirewallPolicyChangeProtection_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'firewallPolicyChangeProtection', 'updateFirewallPolicyChangeProtection_firewallPolicyChangeProtection' - A setting indicating whether the firewall is protected against a change+-- to the firewall policy association. Use this setting to protect against+-- accidentally modifying the firewall policy for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+newUpdateFirewallPolicyChangeProtection ::+  -- | 'firewallPolicyChangeProtection'+  Prelude.Bool ->+  UpdateFirewallPolicyChangeProtection+newUpdateFirewallPolicyChangeProtection+  pFirewallPolicyChangeProtection_ =+    UpdateFirewallPolicyChangeProtection'+      { firewallArn =+          Prelude.Nothing,+        firewallName = Prelude.Nothing,+        updateToken = Prelude.Nothing,+        firewallPolicyChangeProtection =+          pFirewallPolicyChangeProtection_+      }++-- | The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+updateFirewallPolicyChangeProtection_firewallArn :: Lens.Lens' UpdateFirewallPolicyChangeProtection (Prelude.Maybe Prelude.Text)+updateFirewallPolicyChangeProtection_firewallArn = Lens.lens (\UpdateFirewallPolicyChangeProtection' {firewallArn} -> firewallArn) (\s@UpdateFirewallPolicyChangeProtection' {} a -> s {firewallArn = a} :: UpdateFirewallPolicyChangeProtection)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+updateFirewallPolicyChangeProtection_firewallName :: Lens.Lens' UpdateFirewallPolicyChangeProtection (Prelude.Maybe Prelude.Text)+updateFirewallPolicyChangeProtection_firewallName = Lens.lens (\UpdateFirewallPolicyChangeProtection' {firewallName} -> firewallName) (\s@UpdateFirewallPolicyChangeProtection' {} a -> s {firewallName = a} :: UpdateFirewallPolicyChangeProtection)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+updateFirewallPolicyChangeProtection_updateToken :: Lens.Lens' UpdateFirewallPolicyChangeProtection (Prelude.Maybe Prelude.Text)+updateFirewallPolicyChangeProtection_updateToken = Lens.lens (\UpdateFirewallPolicyChangeProtection' {updateToken} -> updateToken) (\s@UpdateFirewallPolicyChangeProtection' {} a -> s {updateToken = a} :: UpdateFirewallPolicyChangeProtection)++-- | A setting indicating whether the firewall is protected against a change+-- to the firewall policy association. Use this setting to protect against+-- accidentally modifying the firewall policy for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+updateFirewallPolicyChangeProtection_firewallPolicyChangeProtection :: Lens.Lens' UpdateFirewallPolicyChangeProtection Prelude.Bool+updateFirewallPolicyChangeProtection_firewallPolicyChangeProtection = Lens.lens (\UpdateFirewallPolicyChangeProtection' {firewallPolicyChangeProtection} -> firewallPolicyChangeProtection) (\s@UpdateFirewallPolicyChangeProtection' {} a -> s {firewallPolicyChangeProtection = a} :: UpdateFirewallPolicyChangeProtection)++instance+  Core.AWSRequest+    UpdateFirewallPolicyChangeProtection+  where+  type+    AWSResponse UpdateFirewallPolicyChangeProtection =+      UpdateFirewallPolicyChangeProtectionResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          UpdateFirewallPolicyChangeProtectionResponse'+            Prelude.<$> (x Data..?> "FirewallArn")+            Prelude.<*> (x Data..?> "FirewallName")+            Prelude.<*> (x Data..?> "FirewallPolicyChangeProtection")+            Prelude.<*> (x Data..?> "UpdateToken")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance+  Prelude.Hashable+    UpdateFirewallPolicyChangeProtection+  where+  hashWithSalt+    _salt+    UpdateFirewallPolicyChangeProtection' {..} =+      _salt+        `Prelude.hashWithSalt` firewallArn+        `Prelude.hashWithSalt` firewallName+        `Prelude.hashWithSalt` updateToken+        `Prelude.hashWithSalt` firewallPolicyChangeProtection++instance+  Prelude.NFData+    UpdateFirewallPolicyChangeProtection+  where+  rnf UpdateFirewallPolicyChangeProtection' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf firewallPolicyChangeProtection++instance+  Data.ToHeaders+    UpdateFirewallPolicyChangeProtection+  where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.UpdateFirewallPolicyChangeProtection" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance+  Data.ToJSON+    UpdateFirewallPolicyChangeProtection+  where+  toJSON UpdateFirewallPolicyChangeProtection' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("FirewallArn" Data..=) Prelude.<$> firewallArn,+            ("FirewallName" Data..=) Prelude.<$> firewallName,+            ("UpdateToken" Data..=) Prelude.<$> updateToken,+            Prelude.Just+              ( "FirewallPolicyChangeProtection"+                  Data..= firewallPolicyChangeProtection+              )+          ]+      )++instance+  Data.ToPath+    UpdateFirewallPolicyChangeProtection+  where+  toPath = Prelude.const "/"++instance+  Data.ToQuery+    UpdateFirewallPolicyChangeProtection+  where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUpdateFirewallPolicyChangeProtectionResponse' smart constructor.+data UpdateFirewallPolicyChangeProtectionResponse = UpdateFirewallPolicyChangeProtectionResponse'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | A setting indicating whether the firewall is protected against a change+    -- to the firewall policy association. Use this setting to protect against+    -- accidentally modifying the firewall policy for a firewall that is in+    -- use. When you create a firewall, the operation initializes this setting+    -- to @TRUE@.+    firewallPolicyChangeProtection :: Prelude.Maybe Prelude.Bool,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateFirewallPolicyChangeProtectionResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'updateFirewallPolicyChangeProtectionResponse_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- 'firewallName', 'updateFirewallPolicyChangeProtectionResponse_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- 'firewallPolicyChangeProtection', 'updateFirewallPolicyChangeProtectionResponse_firewallPolicyChangeProtection' - A setting indicating whether the firewall is protected against a change+-- to the firewall policy association. Use this setting to protect against+-- accidentally modifying the firewall policy for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+--+-- 'updateToken', 'updateFirewallPolicyChangeProtectionResponse_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'httpStatus', 'updateFirewallPolicyChangeProtectionResponse_httpStatus' - The response's http status code.+newUpdateFirewallPolicyChangeProtectionResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  UpdateFirewallPolicyChangeProtectionResponse+newUpdateFirewallPolicyChangeProtectionResponse+  pHttpStatus_ =+    UpdateFirewallPolicyChangeProtectionResponse'+      { firewallArn =+          Prelude.Nothing,+        firewallName =+          Prelude.Nothing,+        firewallPolicyChangeProtection =+          Prelude.Nothing,+        updateToken = Prelude.Nothing,+        httpStatus = pHttpStatus_+      }++-- | The Amazon Resource Name (ARN) of the firewall.+updateFirewallPolicyChangeProtectionResponse_firewallArn :: Lens.Lens' UpdateFirewallPolicyChangeProtectionResponse (Prelude.Maybe Prelude.Text)+updateFirewallPolicyChangeProtectionResponse_firewallArn = Lens.lens (\UpdateFirewallPolicyChangeProtectionResponse' {firewallArn} -> firewallArn) (\s@UpdateFirewallPolicyChangeProtectionResponse' {} a -> s {firewallArn = a} :: UpdateFirewallPolicyChangeProtectionResponse)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+updateFirewallPolicyChangeProtectionResponse_firewallName :: Lens.Lens' UpdateFirewallPolicyChangeProtectionResponse (Prelude.Maybe Prelude.Text)+updateFirewallPolicyChangeProtectionResponse_firewallName = Lens.lens (\UpdateFirewallPolicyChangeProtectionResponse' {firewallName} -> firewallName) (\s@UpdateFirewallPolicyChangeProtectionResponse' {} a -> s {firewallName = a} :: UpdateFirewallPolicyChangeProtectionResponse)++-- | A setting indicating whether the firewall is protected against a change+-- to the firewall policy association. Use this setting to protect against+-- accidentally modifying the firewall policy for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+updateFirewallPolicyChangeProtectionResponse_firewallPolicyChangeProtection :: Lens.Lens' UpdateFirewallPolicyChangeProtectionResponse (Prelude.Maybe Prelude.Bool)+updateFirewallPolicyChangeProtectionResponse_firewallPolicyChangeProtection = Lens.lens (\UpdateFirewallPolicyChangeProtectionResponse' {firewallPolicyChangeProtection} -> firewallPolicyChangeProtection) (\s@UpdateFirewallPolicyChangeProtectionResponse' {} a -> s {firewallPolicyChangeProtection = a} :: UpdateFirewallPolicyChangeProtectionResponse)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+updateFirewallPolicyChangeProtectionResponse_updateToken :: Lens.Lens' UpdateFirewallPolicyChangeProtectionResponse (Prelude.Maybe Prelude.Text)+updateFirewallPolicyChangeProtectionResponse_updateToken = Lens.lens (\UpdateFirewallPolicyChangeProtectionResponse' {updateToken} -> updateToken) (\s@UpdateFirewallPolicyChangeProtectionResponse' {} a -> s {updateToken = a} :: UpdateFirewallPolicyChangeProtectionResponse)++-- | The response's http status code.+updateFirewallPolicyChangeProtectionResponse_httpStatus :: Lens.Lens' UpdateFirewallPolicyChangeProtectionResponse Prelude.Int+updateFirewallPolicyChangeProtectionResponse_httpStatus = Lens.lens (\UpdateFirewallPolicyChangeProtectionResponse' {httpStatus} -> httpStatus) (\s@UpdateFirewallPolicyChangeProtectionResponse' {} a -> s {httpStatus = a} :: UpdateFirewallPolicyChangeProtectionResponse)++instance+  Prelude.NFData+    UpdateFirewallPolicyChangeProtectionResponse+  where+  rnf UpdateFirewallPolicyChangeProtectionResponse' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf firewallPolicyChangeProtection+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/UpdateLoggingConfiguration.hs view
@@ -0,0 +1,269 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.UpdateLoggingConfiguration+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Sets the logging configuration for the specified firewall.+--+-- To change the logging configuration, retrieve the LoggingConfiguration+-- by calling DescribeLoggingConfiguration, then change it and provide the+-- modified object to this update call. You must change the logging+-- configuration one LogDestinationConfig at a time inside the retrieved+-- LoggingConfiguration object.+--+-- You can perform only one of the following actions in any call to+-- @UpdateLoggingConfiguration@:+--+-- -   Create a new log destination object by adding a single+--     @LogDestinationConfig@ array element to @LogDestinationConfigs@.+--+-- -   Delete a log destination object by removing a single+--     @LogDestinationConfig@ array element from @LogDestinationConfigs@.+--+-- -   Change the @LogDestination@ setting in a single+--     @LogDestinationConfig@ array element.+--+-- You can\'t change the @LogDestinationType@ or @LogType@ in a+-- @LogDestinationConfig@. To change these settings, delete the existing+-- @LogDestinationConfig@ object and create a new one, using two separate+-- calls to this update operation.+module Amazonka.NetworkFirewall.UpdateLoggingConfiguration+  ( -- * Creating a Request+    UpdateLoggingConfiguration (..),+    newUpdateLoggingConfiguration,++    -- * Request Lenses+    updateLoggingConfiguration_firewallArn,+    updateLoggingConfiguration_firewallName,+    updateLoggingConfiguration_loggingConfiguration,++    -- * Destructuring the Response+    UpdateLoggingConfigurationResponse (..),+    newUpdateLoggingConfigurationResponse,++    -- * Response Lenses+    updateLoggingConfigurationResponse_firewallArn,+    updateLoggingConfigurationResponse_firewallName,+    updateLoggingConfigurationResponse_loggingConfiguration,+    updateLoggingConfigurationResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUpdateLoggingConfiguration' smart constructor.+data UpdateLoggingConfiguration = UpdateLoggingConfiguration'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | Defines how Network Firewall performs logging for a firewall. If you+    -- omit this setting, Network Firewall disables logging for the firewall.+    loggingConfiguration :: Prelude.Maybe LoggingConfiguration+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateLoggingConfiguration' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'updateLoggingConfiguration_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallName', 'updateLoggingConfiguration_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'loggingConfiguration', 'updateLoggingConfiguration_loggingConfiguration' - Defines how Network Firewall performs logging for a firewall. If you+-- omit this setting, Network Firewall disables logging for the firewall.+newUpdateLoggingConfiguration ::+  UpdateLoggingConfiguration+newUpdateLoggingConfiguration =+  UpdateLoggingConfiguration'+    { firewallArn =+        Prelude.Nothing,+      firewallName = Prelude.Nothing,+      loggingConfiguration = Prelude.Nothing+    }++-- | The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+updateLoggingConfiguration_firewallArn :: Lens.Lens' UpdateLoggingConfiguration (Prelude.Maybe Prelude.Text)+updateLoggingConfiguration_firewallArn = Lens.lens (\UpdateLoggingConfiguration' {firewallArn} -> firewallArn) (\s@UpdateLoggingConfiguration' {} a -> s {firewallArn = a} :: UpdateLoggingConfiguration)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+updateLoggingConfiguration_firewallName :: Lens.Lens' UpdateLoggingConfiguration (Prelude.Maybe Prelude.Text)+updateLoggingConfiguration_firewallName = Lens.lens (\UpdateLoggingConfiguration' {firewallName} -> firewallName) (\s@UpdateLoggingConfiguration' {} a -> s {firewallName = a} :: UpdateLoggingConfiguration)++-- | Defines how Network Firewall performs logging for a firewall. If you+-- omit this setting, Network Firewall disables logging for the firewall.+updateLoggingConfiguration_loggingConfiguration :: Lens.Lens' UpdateLoggingConfiguration (Prelude.Maybe LoggingConfiguration)+updateLoggingConfiguration_loggingConfiguration = Lens.lens (\UpdateLoggingConfiguration' {loggingConfiguration} -> loggingConfiguration) (\s@UpdateLoggingConfiguration' {} a -> s {loggingConfiguration = a} :: UpdateLoggingConfiguration)++instance Core.AWSRequest UpdateLoggingConfiguration where+  type+    AWSResponse UpdateLoggingConfiguration =+      UpdateLoggingConfigurationResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          UpdateLoggingConfigurationResponse'+            Prelude.<$> (x Data..?> "FirewallArn")+            Prelude.<*> (x Data..?> "FirewallName")+            Prelude.<*> (x Data..?> "LoggingConfiguration")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance Prelude.Hashable UpdateLoggingConfiguration where+  hashWithSalt _salt UpdateLoggingConfiguration' {..} =+    _salt+      `Prelude.hashWithSalt` firewallArn+      `Prelude.hashWithSalt` firewallName+      `Prelude.hashWithSalt` loggingConfiguration++instance Prelude.NFData UpdateLoggingConfiguration where+  rnf UpdateLoggingConfiguration' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf loggingConfiguration++instance Data.ToHeaders UpdateLoggingConfiguration where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.UpdateLoggingConfiguration" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON UpdateLoggingConfiguration where+  toJSON UpdateLoggingConfiguration' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("FirewallArn" Data..=) Prelude.<$> firewallArn,+            ("FirewallName" Data..=) Prelude.<$> firewallName,+            ("LoggingConfiguration" Data..=)+              Prelude.<$> loggingConfiguration+          ]+      )++instance Data.ToPath UpdateLoggingConfiguration where+  toPath = Prelude.const "/"++instance Data.ToQuery UpdateLoggingConfiguration where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUpdateLoggingConfigurationResponse' smart constructor.+data UpdateLoggingConfigurationResponse = UpdateLoggingConfigurationResponse'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    firewallName :: Prelude.Maybe Prelude.Text,+    loggingConfiguration :: Prelude.Maybe LoggingConfiguration,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateLoggingConfigurationResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'updateLoggingConfigurationResponse_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- 'firewallName', 'updateLoggingConfigurationResponse_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- 'loggingConfiguration', 'updateLoggingConfigurationResponse_loggingConfiguration' - Undocumented member.+--+-- 'httpStatus', 'updateLoggingConfigurationResponse_httpStatus' - The response's http status code.+newUpdateLoggingConfigurationResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  UpdateLoggingConfigurationResponse+newUpdateLoggingConfigurationResponse pHttpStatus_ =+  UpdateLoggingConfigurationResponse'+    { firewallArn =+        Prelude.Nothing,+      firewallName = Prelude.Nothing,+      loggingConfiguration = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | The Amazon Resource Name (ARN) of the firewall.+updateLoggingConfigurationResponse_firewallArn :: Lens.Lens' UpdateLoggingConfigurationResponse (Prelude.Maybe Prelude.Text)+updateLoggingConfigurationResponse_firewallArn = Lens.lens (\UpdateLoggingConfigurationResponse' {firewallArn} -> firewallArn) (\s@UpdateLoggingConfigurationResponse' {} a -> s {firewallArn = a} :: UpdateLoggingConfigurationResponse)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+updateLoggingConfigurationResponse_firewallName :: Lens.Lens' UpdateLoggingConfigurationResponse (Prelude.Maybe Prelude.Text)+updateLoggingConfigurationResponse_firewallName = Lens.lens (\UpdateLoggingConfigurationResponse' {firewallName} -> firewallName) (\s@UpdateLoggingConfigurationResponse' {} a -> s {firewallName = a} :: UpdateLoggingConfigurationResponse)++-- | Undocumented member.+updateLoggingConfigurationResponse_loggingConfiguration :: Lens.Lens' UpdateLoggingConfigurationResponse (Prelude.Maybe LoggingConfiguration)+updateLoggingConfigurationResponse_loggingConfiguration = Lens.lens (\UpdateLoggingConfigurationResponse' {loggingConfiguration} -> loggingConfiguration) (\s@UpdateLoggingConfigurationResponse' {} a -> s {loggingConfiguration = a} :: UpdateLoggingConfigurationResponse)++-- | The response's http status code.+updateLoggingConfigurationResponse_httpStatus :: Lens.Lens' UpdateLoggingConfigurationResponse Prelude.Int+updateLoggingConfigurationResponse_httpStatus = Lens.lens (\UpdateLoggingConfigurationResponse' {httpStatus} -> httpStatus) (\s@UpdateLoggingConfigurationResponse' {} a -> s {httpStatus = a} :: UpdateLoggingConfigurationResponse)++instance+  Prelude.NFData+    UpdateLoggingConfigurationResponse+  where+  rnf UpdateLoggingConfigurationResponse' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf loggingConfiguration+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/UpdateRuleGroup.hs view
@@ -0,0 +1,496 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.UpdateRuleGroup+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Updates the rule settings for the specified rule group. You use a rule+-- group by reference in one or more firewall policies. When you modify a+-- rule group, you modify all firewall policies that use the rule group.+--+-- To update a rule group, first call DescribeRuleGroup to retrieve the+-- current RuleGroup object, update the object as needed, and then provide+-- the updated object to this call.+module Amazonka.NetworkFirewall.UpdateRuleGroup+  ( -- * Creating a Request+    UpdateRuleGroup (..),+    newUpdateRuleGroup,++    -- * Request Lenses+    updateRuleGroup_description,+    updateRuleGroup_dryRun,+    updateRuleGroup_encryptionConfiguration,+    updateRuleGroup_ruleGroup,+    updateRuleGroup_ruleGroupArn,+    updateRuleGroup_ruleGroupName,+    updateRuleGroup_rules,+    updateRuleGroup_sourceMetadata,+    updateRuleGroup_type,+    updateRuleGroup_updateToken,++    -- * Destructuring the Response+    UpdateRuleGroupResponse (..),+    newUpdateRuleGroupResponse,++    -- * Response Lenses+    updateRuleGroupResponse_httpStatus,+    updateRuleGroupResponse_updateToken,+    updateRuleGroupResponse_ruleGroupResponse,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUpdateRuleGroup' smart constructor.+data UpdateRuleGroup = UpdateRuleGroup'+  { -- | A description of the rule group.+    description :: Prelude.Maybe Prelude.Text,+    -- | Indicates whether you want Network Firewall to just check the validity+    -- of the request, rather than run the request.+    --+    -- If set to @TRUE@, Network Firewall checks whether the request can run+    -- successfully, but doesn\'t actually make the requested changes. The call+    -- returns the value that the request would return if you ran it with dry+    -- run set to @FALSE@, but doesn\'t make additions or changes to your+    -- resources. This option allows you to make sure that you have the+    -- required permissions to run the request and that your request parameters+    -- are valid.+    --+    -- If set to @FALSE@, Network Firewall makes the requested changes to your+    -- resources.+    dryRun :: Prelude.Maybe Prelude.Bool,+    -- | A complex type that contains settings for encryption of your rule group+    -- resources.+    encryptionConfiguration :: Prelude.Maybe EncryptionConfiguration,+    -- | An object that defines the rule group rules.+    --+    -- You must provide either this rule group setting or a @Rules@ setting,+    -- but not both.+    ruleGroup :: Prelude.Maybe RuleGroup,+    -- | The Amazon Resource Name (ARN) of the rule group.+    --+    -- You must specify the ARN or the name, and you can specify both.+    ruleGroupArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the rule group. You can\'t change the name of a+    -- rule group after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    ruleGroupName :: Prelude.Maybe Prelude.Text,+    -- | A string containing stateful rule group rules specifications in Suricata+    -- flat format, with one rule per line. Use this to import your existing+    -- Suricata compatible rule groups.+    --+    -- You must provide either this rules setting or a populated @RuleGroup@+    -- setting, but not both.+    --+    -- You can provide your rule group specification in Suricata flat format+    -- through this setting when you create or update your rule group. The call+    -- response returns a RuleGroup object that Network Firewall has populated+    -- from your string.+    rules :: Prelude.Maybe Prelude.Text,+    -- | A complex type that contains metadata about the rule group that your own+    -- rule group is copied from. You can use the metadata to keep track of+    -- updates made to the originating rule group.+    sourceMetadata :: Prelude.Maybe SourceMetadata,+    -- | Indicates whether the rule group is stateless or stateful. If the rule+    -- group is stateless, it contains stateless rules. If it is stateful, it+    -- contains stateful rules.+    --+    -- This setting is required for requests that do not include the+    -- @RuleGroupARN@.+    type' :: Prelude.Maybe RuleGroupType,+    -- | A token used for optimistic locking. Network Firewall returns a token to+    -- your requests that access the rule group. The token marks the state of+    -- the rule group resource at the time of the request.+    --+    -- To make changes to the rule group, you provide the token in your+    -- request. Network Firewall uses the token to ensure that the rule group+    -- hasn\'t changed since you last retrieved it. If it has changed, the+    -- operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the rule group again to get a current copy of it with a current+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Text+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateRuleGroup' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'description', 'updateRuleGroup_description' - A description of the rule group.+--+-- 'dryRun', 'updateRuleGroup_dryRun' - Indicates whether you want Network Firewall to just check the validity+-- of the request, rather than run the request.+--+-- If set to @TRUE@, Network Firewall checks whether the request can run+-- successfully, but doesn\'t actually make the requested changes. The call+-- returns the value that the request would return if you ran it with dry+-- run set to @FALSE@, but doesn\'t make additions or changes to your+-- resources. This option allows you to make sure that you have the+-- required permissions to run the request and that your request parameters+-- are valid.+--+-- If set to @FALSE@, Network Firewall makes the requested changes to your+-- resources.+--+-- 'encryptionConfiguration', 'updateRuleGroup_encryptionConfiguration' - A complex type that contains settings for encryption of your rule group+-- resources.+--+-- 'ruleGroup', 'updateRuleGroup_ruleGroup' - An object that defines the rule group rules.+--+-- You must provide either this rule group setting or a @Rules@ setting,+-- but not both.+--+-- 'ruleGroupArn', 'updateRuleGroup_ruleGroupArn' - The Amazon Resource Name (ARN) of the rule group.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'ruleGroupName', 'updateRuleGroup_ruleGroupName' - The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'rules', 'updateRuleGroup_rules' - A string containing stateful rule group rules specifications in Suricata+-- flat format, with one rule per line. Use this to import your existing+-- Suricata compatible rule groups.+--+-- You must provide either this rules setting or a populated @RuleGroup@+-- setting, but not both.+--+-- You can provide your rule group specification in Suricata flat format+-- through this setting when you create or update your rule group. The call+-- response returns a RuleGroup object that Network Firewall has populated+-- from your string.+--+-- 'sourceMetadata', 'updateRuleGroup_sourceMetadata' - A complex type that contains metadata about the rule group that your own+-- rule group is copied from. You can use the metadata to keep track of+-- updates made to the originating rule group.+--+-- 'type'', 'updateRuleGroup_type' - Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+--+-- This setting is required for requests that do not include the+-- @RuleGroupARN@.+--+-- 'updateToken', 'updateRuleGroup_updateToken' - A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the rule group. The token marks the state of+-- the rule group resource at the time of the request.+--+-- To make changes to the rule group, you provide the token in your+-- request. Network Firewall uses the token to ensure that the rule group+-- hasn\'t changed since you last retrieved it. If it has changed, the+-- operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the rule group again to get a current copy of it with a current+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+newUpdateRuleGroup ::+  -- | 'updateToken'+  Prelude.Text ->+  UpdateRuleGroup+newUpdateRuleGroup pUpdateToken_ =+  UpdateRuleGroup'+    { description = Prelude.Nothing,+      dryRun = Prelude.Nothing,+      encryptionConfiguration = Prelude.Nothing,+      ruleGroup = Prelude.Nothing,+      ruleGroupArn = Prelude.Nothing,+      ruleGroupName = Prelude.Nothing,+      rules = Prelude.Nothing,+      sourceMetadata = Prelude.Nothing,+      type' = Prelude.Nothing,+      updateToken = pUpdateToken_+    }++-- | A description of the rule group.+updateRuleGroup_description :: Lens.Lens' UpdateRuleGroup (Prelude.Maybe Prelude.Text)+updateRuleGroup_description = Lens.lens (\UpdateRuleGroup' {description} -> description) (\s@UpdateRuleGroup' {} a -> s {description = a} :: UpdateRuleGroup)++-- | Indicates whether you want Network Firewall to just check the validity+-- of the request, rather than run the request.+--+-- If set to @TRUE@, Network Firewall checks whether the request can run+-- successfully, but doesn\'t actually make the requested changes. The call+-- returns the value that the request would return if you ran it with dry+-- run set to @FALSE@, but doesn\'t make additions or changes to your+-- resources. This option allows you to make sure that you have the+-- required permissions to run the request and that your request parameters+-- are valid.+--+-- If set to @FALSE@, Network Firewall makes the requested changes to your+-- resources.+updateRuleGroup_dryRun :: Lens.Lens' UpdateRuleGroup (Prelude.Maybe Prelude.Bool)+updateRuleGroup_dryRun = Lens.lens (\UpdateRuleGroup' {dryRun} -> dryRun) (\s@UpdateRuleGroup' {} a -> s {dryRun = a} :: UpdateRuleGroup)++-- | A complex type that contains settings for encryption of your rule group+-- resources.+updateRuleGroup_encryptionConfiguration :: Lens.Lens' UpdateRuleGroup (Prelude.Maybe EncryptionConfiguration)+updateRuleGroup_encryptionConfiguration = Lens.lens (\UpdateRuleGroup' {encryptionConfiguration} -> encryptionConfiguration) (\s@UpdateRuleGroup' {} a -> s {encryptionConfiguration = a} :: UpdateRuleGroup)++-- | An object that defines the rule group rules.+--+-- You must provide either this rule group setting or a @Rules@ setting,+-- but not both.+updateRuleGroup_ruleGroup :: Lens.Lens' UpdateRuleGroup (Prelude.Maybe RuleGroup)+updateRuleGroup_ruleGroup = Lens.lens (\UpdateRuleGroup' {ruleGroup} -> ruleGroup) (\s@UpdateRuleGroup' {} a -> s {ruleGroup = a} :: UpdateRuleGroup)++-- | The Amazon Resource Name (ARN) of the rule group.+--+-- You must specify the ARN or the name, and you can specify both.+updateRuleGroup_ruleGroupArn :: Lens.Lens' UpdateRuleGroup (Prelude.Maybe Prelude.Text)+updateRuleGroup_ruleGroupArn = Lens.lens (\UpdateRuleGroup' {ruleGroupArn} -> ruleGroupArn) (\s@UpdateRuleGroup' {} a -> s {ruleGroupArn = a} :: UpdateRuleGroup)++-- | The descriptive name of the rule group. You can\'t change the name of a+-- rule group after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+updateRuleGroup_ruleGroupName :: Lens.Lens' UpdateRuleGroup (Prelude.Maybe Prelude.Text)+updateRuleGroup_ruleGroupName = Lens.lens (\UpdateRuleGroup' {ruleGroupName} -> ruleGroupName) (\s@UpdateRuleGroup' {} a -> s {ruleGroupName = a} :: UpdateRuleGroup)++-- | A string containing stateful rule group rules specifications in Suricata+-- flat format, with one rule per line. Use this to import your existing+-- Suricata compatible rule groups.+--+-- You must provide either this rules setting or a populated @RuleGroup@+-- setting, but not both.+--+-- You can provide your rule group specification in Suricata flat format+-- through this setting when you create or update your rule group. The call+-- response returns a RuleGroup object that Network Firewall has populated+-- from your string.+updateRuleGroup_rules :: Lens.Lens' UpdateRuleGroup (Prelude.Maybe Prelude.Text)+updateRuleGroup_rules = Lens.lens (\UpdateRuleGroup' {rules} -> rules) (\s@UpdateRuleGroup' {} a -> s {rules = a} :: UpdateRuleGroup)++-- | A complex type that contains metadata about the rule group that your own+-- rule group is copied from. You can use the metadata to keep track of+-- updates made to the originating rule group.+updateRuleGroup_sourceMetadata :: Lens.Lens' UpdateRuleGroup (Prelude.Maybe SourceMetadata)+updateRuleGroup_sourceMetadata = Lens.lens (\UpdateRuleGroup' {sourceMetadata} -> sourceMetadata) (\s@UpdateRuleGroup' {} a -> s {sourceMetadata = a} :: UpdateRuleGroup)++-- | Indicates whether the rule group is stateless or stateful. If the rule+-- group is stateless, it contains stateless rules. If it is stateful, it+-- contains stateful rules.+--+-- This setting is required for requests that do not include the+-- @RuleGroupARN@.+updateRuleGroup_type :: Lens.Lens' UpdateRuleGroup (Prelude.Maybe RuleGroupType)+updateRuleGroup_type = Lens.lens (\UpdateRuleGroup' {type'} -> type') (\s@UpdateRuleGroup' {} a -> s {type' = a} :: UpdateRuleGroup)++-- | A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the rule group. The token marks the state of+-- the rule group resource at the time of the request.+--+-- To make changes to the rule group, you provide the token in your+-- request. Network Firewall uses the token to ensure that the rule group+-- hasn\'t changed since you last retrieved it. If it has changed, the+-- operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the rule group again to get a current copy of it with a current+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+updateRuleGroup_updateToken :: Lens.Lens' UpdateRuleGroup Prelude.Text+updateRuleGroup_updateToken = Lens.lens (\UpdateRuleGroup' {updateToken} -> updateToken) (\s@UpdateRuleGroup' {} a -> s {updateToken = a} :: UpdateRuleGroup)++instance Core.AWSRequest UpdateRuleGroup where+  type+    AWSResponse UpdateRuleGroup =+      UpdateRuleGroupResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          UpdateRuleGroupResponse'+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+            Prelude.<*> (x Data..:> "UpdateToken")+            Prelude.<*> (x Data..:> "RuleGroupResponse")+      )++instance Prelude.Hashable UpdateRuleGroup where+  hashWithSalt _salt UpdateRuleGroup' {..} =+    _salt+      `Prelude.hashWithSalt` description+      `Prelude.hashWithSalt` dryRun+      `Prelude.hashWithSalt` encryptionConfiguration+      `Prelude.hashWithSalt` ruleGroup+      `Prelude.hashWithSalt` ruleGroupArn+      `Prelude.hashWithSalt` ruleGroupName+      `Prelude.hashWithSalt` rules+      `Prelude.hashWithSalt` sourceMetadata+      `Prelude.hashWithSalt` type'+      `Prelude.hashWithSalt` updateToken++instance Prelude.NFData UpdateRuleGroup where+  rnf UpdateRuleGroup' {..} =+    Prelude.rnf description+      `Prelude.seq` Prelude.rnf dryRun+      `Prelude.seq` Prelude.rnf encryptionConfiguration+      `Prelude.seq` Prelude.rnf ruleGroup+      `Prelude.seq` Prelude.rnf ruleGroupArn+      `Prelude.seq` Prelude.rnf ruleGroupName+      `Prelude.seq` Prelude.rnf rules+      `Prelude.seq` Prelude.rnf sourceMetadata+      `Prelude.seq` Prelude.rnf type'+      `Prelude.seq` Prelude.rnf updateToken++instance Data.ToHeaders UpdateRuleGroup where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.UpdateRuleGroup" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON UpdateRuleGroup where+  toJSON UpdateRuleGroup' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("Description" Data..=) Prelude.<$> description,+            ("DryRun" Data..=) Prelude.<$> dryRun,+            ("EncryptionConfiguration" Data..=)+              Prelude.<$> encryptionConfiguration,+            ("RuleGroup" Data..=) Prelude.<$> ruleGroup,+            ("RuleGroupArn" Data..=) Prelude.<$> ruleGroupArn,+            ("RuleGroupName" Data..=) Prelude.<$> ruleGroupName,+            ("Rules" Data..=) Prelude.<$> rules,+            ("SourceMetadata" Data..=)+              Prelude.<$> sourceMetadata,+            ("Type" Data..=) Prelude.<$> type',+            Prelude.Just ("UpdateToken" Data..= updateToken)+          ]+      )++instance Data.ToPath UpdateRuleGroup where+  toPath = Prelude.const "/"++instance Data.ToQuery UpdateRuleGroup where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUpdateRuleGroupResponse' smart constructor.+data UpdateRuleGroupResponse = UpdateRuleGroupResponse'+  { -- | The response's http status code.+    httpStatus :: Prelude.Int,+    -- | A token used for optimistic locking. Network Firewall returns a token to+    -- your requests that access the rule group. The token marks the state of+    -- the rule group resource at the time of the request.+    --+    -- To make changes to the rule group, you provide the token in your+    -- request. Network Firewall uses the token to ensure that the rule group+    -- hasn\'t changed since you last retrieved it. If it has changed, the+    -- operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the rule group again to get a current copy of it with a current+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Text,+    -- | The high-level properties of a rule group. This, along with the+    -- RuleGroup, define the rule group. You can retrieve all objects for a+    -- rule group by calling DescribeRuleGroup.+    ruleGroupResponse :: RuleGroupResponse+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateRuleGroupResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'updateRuleGroupResponse_httpStatus' - The response's http status code.+--+-- 'updateToken', 'updateRuleGroupResponse_updateToken' - A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the rule group. The token marks the state of+-- the rule group resource at the time of the request.+--+-- To make changes to the rule group, you provide the token in your+-- request. Network Firewall uses the token to ensure that the rule group+-- hasn\'t changed since you last retrieved it. If it has changed, the+-- operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the rule group again to get a current copy of it with a current+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'ruleGroupResponse', 'updateRuleGroupResponse_ruleGroupResponse' - The high-level properties of a rule group. This, along with the+-- RuleGroup, define the rule group. You can retrieve all objects for a+-- rule group by calling DescribeRuleGroup.+newUpdateRuleGroupResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  -- | 'updateToken'+  Prelude.Text ->+  -- | 'ruleGroupResponse'+  RuleGroupResponse ->+  UpdateRuleGroupResponse+newUpdateRuleGroupResponse+  pHttpStatus_+  pUpdateToken_+  pRuleGroupResponse_ =+    UpdateRuleGroupResponse'+      { httpStatus = pHttpStatus_,+        updateToken = pUpdateToken_,+        ruleGroupResponse = pRuleGroupResponse_+      }++-- | The response's http status code.+updateRuleGroupResponse_httpStatus :: Lens.Lens' UpdateRuleGroupResponse Prelude.Int+updateRuleGroupResponse_httpStatus = Lens.lens (\UpdateRuleGroupResponse' {httpStatus} -> httpStatus) (\s@UpdateRuleGroupResponse' {} a -> s {httpStatus = a} :: UpdateRuleGroupResponse)++-- | A token used for optimistic locking. Network Firewall returns a token to+-- your requests that access the rule group. The token marks the state of+-- the rule group resource at the time of the request.+--+-- To make changes to the rule group, you provide the token in your+-- request. Network Firewall uses the token to ensure that the rule group+-- hasn\'t changed since you last retrieved it. If it has changed, the+-- operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the rule group again to get a current copy of it with a current+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+updateRuleGroupResponse_updateToken :: Lens.Lens' UpdateRuleGroupResponse Prelude.Text+updateRuleGroupResponse_updateToken = Lens.lens (\UpdateRuleGroupResponse' {updateToken} -> updateToken) (\s@UpdateRuleGroupResponse' {} a -> s {updateToken = a} :: UpdateRuleGroupResponse)++-- | The high-level properties of a rule group. This, along with the+-- RuleGroup, define the rule group. You can retrieve all objects for a+-- rule group by calling DescribeRuleGroup.+updateRuleGroupResponse_ruleGroupResponse :: Lens.Lens' UpdateRuleGroupResponse RuleGroupResponse+updateRuleGroupResponse_ruleGroupResponse = Lens.lens (\UpdateRuleGroupResponse' {ruleGroupResponse} -> ruleGroupResponse) (\s@UpdateRuleGroupResponse' {} a -> s {ruleGroupResponse = a} :: UpdateRuleGroupResponse)++instance Prelude.NFData UpdateRuleGroupResponse where+  rnf UpdateRuleGroupResponse' {..} =+    Prelude.rnf httpStatus+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf ruleGroupResponse
+ gen/Amazonka/NetworkFirewall/UpdateSubnetChangeProtection.hs view
@@ -0,0 +1,397 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.UpdateSubnetChangeProtection+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.UpdateSubnetChangeProtection+  ( -- * Creating a Request+    UpdateSubnetChangeProtection (..),+    newUpdateSubnetChangeProtection,++    -- * Request Lenses+    updateSubnetChangeProtection_firewallArn,+    updateSubnetChangeProtection_firewallName,+    updateSubnetChangeProtection_updateToken,+    updateSubnetChangeProtection_subnetChangeProtection,++    -- * Destructuring the Response+    UpdateSubnetChangeProtectionResponse (..),+    newUpdateSubnetChangeProtectionResponse,++    -- * Response Lenses+    updateSubnetChangeProtectionResponse_firewallArn,+    updateSubnetChangeProtectionResponse_firewallName,+    updateSubnetChangeProtectionResponse_subnetChangeProtection,+    updateSubnetChangeProtectionResponse_updateToken,+    updateSubnetChangeProtectionResponse_httpStatus,+  )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUpdateSubnetChangeProtection' smart constructor.+data UpdateSubnetChangeProtection = UpdateSubnetChangeProtection'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    --+    -- You must specify the ARN or the name, and you can specify both.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | A setting indicating whether the firewall is protected against changes+    -- to the subnet associations. Use this setting to protect against+    -- accidentally modifying the subnet associations for a firewall that is in+    -- use. When you create a firewall, the operation initializes this setting+    -- to @TRUE@.+    subnetChangeProtection :: Prelude.Bool+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateSubnetChangeProtection' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'updateSubnetChangeProtection_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'firewallName', 'updateSubnetChangeProtection_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+--+-- 'updateToken', 'updateSubnetChangeProtection_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'subnetChangeProtection', 'updateSubnetChangeProtection_subnetChangeProtection' - A setting indicating whether the firewall is protected against changes+-- to the subnet associations. Use this setting to protect against+-- accidentally modifying the subnet associations for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+newUpdateSubnetChangeProtection ::+  -- | 'subnetChangeProtection'+  Prelude.Bool ->+  UpdateSubnetChangeProtection+newUpdateSubnetChangeProtection+  pSubnetChangeProtection_ =+    UpdateSubnetChangeProtection'+      { firewallArn =+          Prelude.Nothing,+        firewallName = Prelude.Nothing,+        updateToken = Prelude.Nothing,+        subnetChangeProtection =+          pSubnetChangeProtection_+      }++-- | The Amazon Resource Name (ARN) of the firewall.+--+-- You must specify the ARN or the name, and you can specify both.+updateSubnetChangeProtection_firewallArn :: Lens.Lens' UpdateSubnetChangeProtection (Prelude.Maybe Prelude.Text)+updateSubnetChangeProtection_firewallArn = Lens.lens (\UpdateSubnetChangeProtection' {firewallArn} -> firewallArn) (\s@UpdateSubnetChangeProtection' {} a -> s {firewallArn = a} :: UpdateSubnetChangeProtection)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- You must specify the ARN or the name, and you can specify both.+updateSubnetChangeProtection_firewallName :: Lens.Lens' UpdateSubnetChangeProtection (Prelude.Maybe Prelude.Text)+updateSubnetChangeProtection_firewallName = Lens.lens (\UpdateSubnetChangeProtection' {firewallName} -> firewallName) (\s@UpdateSubnetChangeProtection' {} a -> s {firewallName = a} :: UpdateSubnetChangeProtection)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+updateSubnetChangeProtection_updateToken :: Lens.Lens' UpdateSubnetChangeProtection (Prelude.Maybe Prelude.Text)+updateSubnetChangeProtection_updateToken = Lens.lens (\UpdateSubnetChangeProtection' {updateToken} -> updateToken) (\s@UpdateSubnetChangeProtection' {} a -> s {updateToken = a} :: UpdateSubnetChangeProtection)++-- | A setting indicating whether the firewall is protected against changes+-- to the subnet associations. Use this setting to protect against+-- accidentally modifying the subnet associations for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+updateSubnetChangeProtection_subnetChangeProtection :: Lens.Lens' UpdateSubnetChangeProtection Prelude.Bool+updateSubnetChangeProtection_subnetChangeProtection = Lens.lens (\UpdateSubnetChangeProtection' {subnetChangeProtection} -> subnetChangeProtection) (\s@UpdateSubnetChangeProtection' {} a -> s {subnetChangeProtection = a} :: UpdateSubnetChangeProtection)++instance Core.AWSRequest UpdateSubnetChangeProtection where+  type+    AWSResponse UpdateSubnetChangeProtection =+      UpdateSubnetChangeProtectionResponse+  request overrides =+    Request.postJSON (overrides defaultService)+  response =+    Response.receiveJSON+      ( \s h x ->+          UpdateSubnetChangeProtectionResponse'+            Prelude.<$> (x Data..?> "FirewallArn")+            Prelude.<*> (x Data..?> "FirewallName")+            Prelude.<*> (x Data..?> "SubnetChangeProtection")+            Prelude.<*> (x Data..?> "UpdateToken")+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+      )++instance+  Prelude.Hashable+    UpdateSubnetChangeProtection+  where+  hashWithSalt _salt UpdateSubnetChangeProtection' {..} =+    _salt+      `Prelude.hashWithSalt` firewallArn+      `Prelude.hashWithSalt` firewallName+      `Prelude.hashWithSalt` updateToken+      `Prelude.hashWithSalt` subnetChangeProtection++instance Prelude.NFData UpdateSubnetChangeProtection where+  rnf UpdateSubnetChangeProtection' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf subnetChangeProtection++instance Data.ToHeaders UpdateSubnetChangeProtection where+  toHeaders =+    Prelude.const+      ( Prelude.mconcat+          [ "X-Amz-Target"+              Data.=# ( "NetworkFirewall_20201112.UpdateSubnetChangeProtection" ::+                          Prelude.ByteString+                      ),+            "Content-Type"+              Data.=# ( "application/x-amz-json-1.0" ::+                          Prelude.ByteString+                      )+          ]+      )++instance Data.ToJSON UpdateSubnetChangeProtection where+  toJSON UpdateSubnetChangeProtection' {..} =+    Data.object+      ( Prelude.catMaybes+          [ ("FirewallArn" Data..=) Prelude.<$> firewallArn,+            ("FirewallName" Data..=) Prelude.<$> firewallName,+            ("UpdateToken" Data..=) Prelude.<$> updateToken,+            Prelude.Just+              ( "SubnetChangeProtection"+                  Data..= subnetChangeProtection+              )+          ]+      )++instance Data.ToPath UpdateSubnetChangeProtection where+  toPath = Prelude.const "/"++instance Data.ToQuery UpdateSubnetChangeProtection where+  toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUpdateSubnetChangeProtectionResponse' smart constructor.+data UpdateSubnetChangeProtectionResponse = UpdateSubnetChangeProtectionResponse'+  { -- | The Amazon Resource Name (ARN) of the firewall.+    firewallArn :: Prelude.Maybe Prelude.Text,+    -- | The descriptive name of the firewall. You can\'t change the name of a+    -- firewall after you create it.+    firewallName :: Prelude.Maybe Prelude.Text,+    -- | A setting indicating whether the firewall is protected against changes+    -- to the subnet associations. Use this setting to protect against+    -- accidentally modifying the subnet associations for a firewall that is in+    -- use. When you create a firewall, the operation initializes this setting+    -- to @TRUE@.+    subnetChangeProtection :: Prelude.Maybe Prelude.Bool,+    -- | An optional token that you can use for optimistic locking. Network+    -- Firewall returns a token to your requests that access the firewall. The+    -- token marks the state of the firewall resource at the time of the+    -- request.+    --+    -- To make an unconditional change to the firewall, omit the token in your+    -- update request. Without the token, Network Firewall performs your+    -- updates regardless of whether the firewall has changed since you last+    -- retrieved it.+    --+    -- To make a conditional change to the firewall, provide the token in your+    -- update request. Network Firewall uses the token to ensure that the+    -- firewall hasn\'t changed since you last retrieved it. If it has changed,+    -- the operation fails with an @InvalidTokenException@. If this happens,+    -- retrieve the firewall again to get a current copy of it with a new+    -- token. Reapply your changes as needed, then try the operation again+    -- using the new token.+    updateToken :: Prelude.Maybe Prelude.Text,+    -- | The response's http status code.+    httpStatus :: Prelude.Int+  }+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateSubnetChangeProtectionResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'firewallArn', 'updateSubnetChangeProtectionResponse_firewallArn' - The Amazon Resource Name (ARN) of the firewall.+--+-- 'firewallName', 'updateSubnetChangeProtectionResponse_firewallName' - The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+--+-- 'subnetChangeProtection', 'updateSubnetChangeProtectionResponse_subnetChangeProtection' - A setting indicating whether the firewall is protected against changes+-- to the subnet associations. Use this setting to protect against+-- accidentally modifying the subnet associations for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+--+-- 'updateToken', 'updateSubnetChangeProtectionResponse_updateToken' - An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+--+-- 'httpStatus', 'updateSubnetChangeProtectionResponse_httpStatus' - The response's http status code.+newUpdateSubnetChangeProtectionResponse ::+  -- | 'httpStatus'+  Prelude.Int ->+  UpdateSubnetChangeProtectionResponse+newUpdateSubnetChangeProtectionResponse pHttpStatus_ =+  UpdateSubnetChangeProtectionResponse'+    { firewallArn =+        Prelude.Nothing,+      firewallName = Prelude.Nothing,+      subnetChangeProtection =+        Prelude.Nothing,+      updateToken = Prelude.Nothing,+      httpStatus = pHttpStatus_+    }++-- | The Amazon Resource Name (ARN) of the firewall.+updateSubnetChangeProtectionResponse_firewallArn :: Lens.Lens' UpdateSubnetChangeProtectionResponse (Prelude.Maybe Prelude.Text)+updateSubnetChangeProtectionResponse_firewallArn = Lens.lens (\UpdateSubnetChangeProtectionResponse' {firewallArn} -> firewallArn) (\s@UpdateSubnetChangeProtectionResponse' {} a -> s {firewallArn = a} :: UpdateSubnetChangeProtectionResponse)++-- | The descriptive name of the firewall. You can\'t change the name of a+-- firewall after you create it.+updateSubnetChangeProtectionResponse_firewallName :: Lens.Lens' UpdateSubnetChangeProtectionResponse (Prelude.Maybe Prelude.Text)+updateSubnetChangeProtectionResponse_firewallName = Lens.lens (\UpdateSubnetChangeProtectionResponse' {firewallName} -> firewallName) (\s@UpdateSubnetChangeProtectionResponse' {} a -> s {firewallName = a} :: UpdateSubnetChangeProtectionResponse)++-- | A setting indicating whether the firewall is protected against changes+-- to the subnet associations. Use this setting to protect against+-- accidentally modifying the subnet associations for a firewall that is in+-- use. When you create a firewall, the operation initializes this setting+-- to @TRUE@.+updateSubnetChangeProtectionResponse_subnetChangeProtection :: Lens.Lens' UpdateSubnetChangeProtectionResponse (Prelude.Maybe Prelude.Bool)+updateSubnetChangeProtectionResponse_subnetChangeProtection = Lens.lens (\UpdateSubnetChangeProtectionResponse' {subnetChangeProtection} -> subnetChangeProtection) (\s@UpdateSubnetChangeProtectionResponse' {} a -> s {subnetChangeProtection = a} :: UpdateSubnetChangeProtectionResponse)++-- | An optional token that you can use for optimistic locking. Network+-- Firewall returns a token to your requests that access the firewall. The+-- token marks the state of the firewall resource at the time of the+-- request.+--+-- To make an unconditional change to the firewall, omit the token in your+-- update request. Without the token, Network Firewall performs your+-- updates regardless of whether the firewall has changed since you last+-- retrieved it.+--+-- To make a conditional change to the firewall, provide the token in your+-- update request. Network Firewall uses the token to ensure that the+-- firewall hasn\'t changed since you last retrieved it. If it has changed,+-- the operation fails with an @InvalidTokenException@. If this happens,+-- retrieve the firewall again to get a current copy of it with a new+-- token. Reapply your changes as needed, then try the operation again+-- using the new token.+updateSubnetChangeProtectionResponse_updateToken :: Lens.Lens' UpdateSubnetChangeProtectionResponse (Prelude.Maybe Prelude.Text)+updateSubnetChangeProtectionResponse_updateToken = Lens.lens (\UpdateSubnetChangeProtectionResponse' {updateToken} -> updateToken) (\s@UpdateSubnetChangeProtectionResponse' {} a -> s {updateToken = a} :: UpdateSubnetChangeProtectionResponse)++-- | The response's http status code.+updateSubnetChangeProtectionResponse_httpStatus :: Lens.Lens' UpdateSubnetChangeProtectionResponse Prelude.Int+updateSubnetChangeProtectionResponse_httpStatus = Lens.lens (\UpdateSubnetChangeProtectionResponse' {httpStatus} -> httpStatus) (\s@UpdateSubnetChangeProtectionResponse' {} a -> s {httpStatus = a} :: UpdateSubnetChangeProtectionResponse)++instance+  Prelude.NFData+    UpdateSubnetChangeProtectionResponse+  where+  rnf UpdateSubnetChangeProtectionResponse' {..} =+    Prelude.rnf firewallArn+      `Prelude.seq` Prelude.rnf firewallName+      `Prelude.seq` Prelude.rnf subnetChangeProtection+      `Prelude.seq` Prelude.rnf updateToken+      `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/NetworkFirewall/Waiters.hs view
@@ -0,0 +1,24 @@+{-# LANGUAGE DisambiguateRecordFields #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Amazonka.NetworkFirewall.Waiters+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.NetworkFirewall.Waiters where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.NetworkFirewall.Lens+import Amazonka.NetworkFirewall.Types+import qualified Amazonka.Prelude as Prelude
+ src/.gitkeep view
+ test/Main.hs view
@@ -0,0 +1,23 @@+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- |+-- Module      : Main+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Main (main) where++import Test.Amazonka.NetworkFirewall+import Test.Amazonka.NetworkFirewall.Internal+import Test.Tasty++main :: IO ()+main =+  defaultMain $+    testGroup+      "NetworkFirewall"+      [ testGroup "tests" tests,+        testGroup "fixtures" fixtures+      ]
+ test/Test/Amazonka/Gen/NetworkFirewall.hs view
@@ -0,0 +1,658 @@+{-# OPTIONS_GHC -fno-warn-orphans #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module      : Test.Amazonka.Gen.NetworkFirewall+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Test.Amazonka.Gen.NetworkFirewall where++import Amazonka.NetworkFirewall+import qualified Data.Proxy as Proxy+import Test.Amazonka.Fixture+import Test.Amazonka.NetworkFirewall.Internal+import Test.Amazonka.Prelude+import Test.Tasty++-- Auto-generated: the actual test selection needs to be manually placed into+-- the top-level so that real test data can be incrementally added.+--+-- This commented snippet is what the entire set should look like:++-- fixtures :: TestTree+-- fixtures =+--     [ testGroup "request"+--         [ requestAssociateFirewallPolicy $+--             newAssociateFirewallPolicy+--+--         , requestAssociateSubnets $+--             newAssociateSubnets+--+--         , requestCreateFirewall $+--             newCreateFirewall+--+--         , requestCreateFirewallPolicy $+--             newCreateFirewallPolicy+--+--         , requestCreateRuleGroup $+--             newCreateRuleGroup+--+--         , requestDeleteFirewall $+--             newDeleteFirewall+--+--         , requestDeleteFirewallPolicy $+--             newDeleteFirewallPolicy+--+--         , requestDeleteResourcePolicy $+--             newDeleteResourcePolicy+--+--         , requestDeleteRuleGroup $+--             newDeleteRuleGroup+--+--         , requestDescribeFirewall $+--             newDescribeFirewall+--+--         , requestDescribeFirewallPolicy $+--             newDescribeFirewallPolicy+--+--         , requestDescribeLoggingConfiguration $+--             newDescribeLoggingConfiguration+--+--         , requestDescribeResourcePolicy $+--             newDescribeResourcePolicy+--+--         , requestDescribeRuleGroup $+--             newDescribeRuleGroup+--+--         , requestDescribeRuleGroupMetadata $+--             newDescribeRuleGroupMetadata+--+--         , requestDisassociateSubnets $+--             newDisassociateSubnets+--+--         , requestListFirewallPolicies $+--             newListFirewallPolicies+--+--         , requestListFirewalls $+--             newListFirewalls+--+--         , requestListRuleGroups $+--             newListRuleGroups+--+--         , requestListTagsForResource $+--             newListTagsForResource+--+--         , requestPutResourcePolicy $+--             newPutResourcePolicy+--+--         , requestTagResource $+--             newTagResource+--+--         , requestUntagResource $+--             newUntagResource+--+--         , requestUpdateFirewallDeleteProtection $+--             newUpdateFirewallDeleteProtection+--+--         , requestUpdateFirewallDescription $+--             newUpdateFirewallDescription+--+--         , requestUpdateFirewallEncryptionConfiguration $+--             newUpdateFirewallEncryptionConfiguration+--+--         , requestUpdateFirewallPolicy $+--             newUpdateFirewallPolicy+--+--         , requestUpdateFirewallPolicyChangeProtection $+--             newUpdateFirewallPolicyChangeProtection+--+--         , requestUpdateLoggingConfiguration $+--             newUpdateLoggingConfiguration+--+--         , requestUpdateRuleGroup $+--             newUpdateRuleGroup+--+--         , requestUpdateSubnetChangeProtection $+--             newUpdateSubnetChangeProtection+--+--           ]++--     , testGroup "response"+--         [ responseAssociateFirewallPolicy $+--             newAssociateFirewallPolicyResponse+--+--         , responseAssociateSubnets $+--             newAssociateSubnetsResponse+--+--         , responseCreateFirewall $+--             newCreateFirewallResponse+--+--         , responseCreateFirewallPolicy $+--             newCreateFirewallPolicyResponse+--+--         , responseCreateRuleGroup $+--             newCreateRuleGroupResponse+--+--         , responseDeleteFirewall $+--             newDeleteFirewallResponse+--+--         , responseDeleteFirewallPolicy $+--             newDeleteFirewallPolicyResponse+--+--         , responseDeleteResourcePolicy $+--             newDeleteResourcePolicyResponse+--+--         , responseDeleteRuleGroup $+--             newDeleteRuleGroupResponse+--+--         , responseDescribeFirewall $+--             newDescribeFirewallResponse+--+--         , responseDescribeFirewallPolicy $+--             newDescribeFirewallPolicyResponse+--+--         , responseDescribeLoggingConfiguration $+--             newDescribeLoggingConfigurationResponse+--+--         , responseDescribeResourcePolicy $+--             newDescribeResourcePolicyResponse+--+--         , responseDescribeRuleGroup $+--             newDescribeRuleGroupResponse+--+--         , responseDescribeRuleGroupMetadata $+--             newDescribeRuleGroupMetadataResponse+--+--         , responseDisassociateSubnets $+--             newDisassociateSubnetsResponse+--+--         , responseListFirewallPolicies $+--             newListFirewallPoliciesResponse+--+--         , responseListFirewalls $+--             newListFirewallsResponse+--+--         , responseListRuleGroups $+--             newListRuleGroupsResponse+--+--         , responseListTagsForResource $+--             newListTagsForResourceResponse+--+--         , responsePutResourcePolicy $+--             newPutResourcePolicyResponse+--+--         , responseTagResource $+--             newTagResourceResponse+--+--         , responseUntagResource $+--             newUntagResourceResponse+--+--         , responseUpdateFirewallDeleteProtection $+--             newUpdateFirewallDeleteProtectionResponse+--+--         , responseUpdateFirewallDescription $+--             newUpdateFirewallDescriptionResponse+--+--         , responseUpdateFirewallEncryptionConfiguration $+--             newUpdateFirewallEncryptionConfigurationResponse+--+--         , responseUpdateFirewallPolicy $+--             newUpdateFirewallPolicyResponse+--+--         , responseUpdateFirewallPolicyChangeProtection $+--             newUpdateFirewallPolicyChangeProtectionResponse+--+--         , responseUpdateLoggingConfiguration $+--             newUpdateLoggingConfigurationResponse+--+--         , responseUpdateRuleGroup $+--             newUpdateRuleGroupResponse+--+--         , responseUpdateSubnetChangeProtection $+--             newUpdateSubnetChangeProtectionResponse+--+--           ]+--     ]++-- Requests++requestAssociateFirewallPolicy :: AssociateFirewallPolicy -> TestTree+requestAssociateFirewallPolicy =+  req+    "AssociateFirewallPolicy"+    "fixture/AssociateFirewallPolicy.yaml"++requestAssociateSubnets :: AssociateSubnets -> TestTree+requestAssociateSubnets =+  req+    "AssociateSubnets"+    "fixture/AssociateSubnets.yaml"++requestCreateFirewall :: CreateFirewall -> TestTree+requestCreateFirewall =+  req+    "CreateFirewall"+    "fixture/CreateFirewall.yaml"++requestCreateFirewallPolicy :: CreateFirewallPolicy -> TestTree+requestCreateFirewallPolicy =+  req+    "CreateFirewallPolicy"+    "fixture/CreateFirewallPolicy.yaml"++requestCreateRuleGroup :: CreateRuleGroup -> TestTree+requestCreateRuleGroup =+  req+    "CreateRuleGroup"+    "fixture/CreateRuleGroup.yaml"++requestDeleteFirewall :: DeleteFirewall -> TestTree+requestDeleteFirewall =+  req+    "DeleteFirewall"+    "fixture/DeleteFirewall.yaml"++requestDeleteFirewallPolicy :: DeleteFirewallPolicy -> TestTree+requestDeleteFirewallPolicy =+  req+    "DeleteFirewallPolicy"+    "fixture/DeleteFirewallPolicy.yaml"++requestDeleteResourcePolicy :: DeleteResourcePolicy -> TestTree+requestDeleteResourcePolicy =+  req+    "DeleteResourcePolicy"+    "fixture/DeleteResourcePolicy.yaml"++requestDeleteRuleGroup :: DeleteRuleGroup -> TestTree+requestDeleteRuleGroup =+  req+    "DeleteRuleGroup"+    "fixture/DeleteRuleGroup.yaml"++requestDescribeFirewall :: DescribeFirewall -> TestTree+requestDescribeFirewall =+  req+    "DescribeFirewall"+    "fixture/DescribeFirewall.yaml"++requestDescribeFirewallPolicy :: DescribeFirewallPolicy -> TestTree+requestDescribeFirewallPolicy =+  req+    "DescribeFirewallPolicy"+    "fixture/DescribeFirewallPolicy.yaml"++requestDescribeLoggingConfiguration :: DescribeLoggingConfiguration -> TestTree+requestDescribeLoggingConfiguration =+  req+    "DescribeLoggingConfiguration"+    "fixture/DescribeLoggingConfiguration.yaml"++requestDescribeResourcePolicy :: DescribeResourcePolicy -> TestTree+requestDescribeResourcePolicy =+  req+    "DescribeResourcePolicy"+    "fixture/DescribeResourcePolicy.yaml"++requestDescribeRuleGroup :: DescribeRuleGroup -> TestTree+requestDescribeRuleGroup =+  req+    "DescribeRuleGroup"+    "fixture/DescribeRuleGroup.yaml"++requestDescribeRuleGroupMetadata :: DescribeRuleGroupMetadata -> TestTree+requestDescribeRuleGroupMetadata =+  req+    "DescribeRuleGroupMetadata"+    "fixture/DescribeRuleGroupMetadata.yaml"++requestDisassociateSubnets :: DisassociateSubnets -> TestTree+requestDisassociateSubnets =+  req+    "DisassociateSubnets"+    "fixture/DisassociateSubnets.yaml"++requestListFirewallPolicies :: ListFirewallPolicies -> TestTree+requestListFirewallPolicies =+  req+    "ListFirewallPolicies"+    "fixture/ListFirewallPolicies.yaml"++requestListFirewalls :: ListFirewalls -> TestTree+requestListFirewalls =+  req+    "ListFirewalls"+    "fixture/ListFirewalls.yaml"++requestListRuleGroups :: ListRuleGroups -> TestTree+requestListRuleGroups =+  req+    "ListRuleGroups"+    "fixture/ListRuleGroups.yaml"++requestListTagsForResource :: ListTagsForResource -> TestTree+requestListTagsForResource =+  req+    "ListTagsForResource"+    "fixture/ListTagsForResource.yaml"++requestPutResourcePolicy :: PutResourcePolicy -> TestTree+requestPutResourcePolicy =+  req+    "PutResourcePolicy"+    "fixture/PutResourcePolicy.yaml"++requestTagResource :: TagResource -> TestTree+requestTagResource =+  req+    "TagResource"+    "fixture/TagResource.yaml"++requestUntagResource :: UntagResource -> TestTree+requestUntagResource =+  req+    "UntagResource"+    "fixture/UntagResource.yaml"++requestUpdateFirewallDeleteProtection :: UpdateFirewallDeleteProtection -> TestTree+requestUpdateFirewallDeleteProtection =+  req+    "UpdateFirewallDeleteProtection"+    "fixture/UpdateFirewallDeleteProtection.yaml"++requestUpdateFirewallDescription :: UpdateFirewallDescription -> TestTree+requestUpdateFirewallDescription =+  req+    "UpdateFirewallDescription"+    "fixture/UpdateFirewallDescription.yaml"++requestUpdateFirewallEncryptionConfiguration :: UpdateFirewallEncryptionConfiguration -> TestTree+requestUpdateFirewallEncryptionConfiguration =+  req+    "UpdateFirewallEncryptionConfiguration"+    "fixture/UpdateFirewallEncryptionConfiguration.yaml"++requestUpdateFirewallPolicy :: UpdateFirewallPolicy -> TestTree+requestUpdateFirewallPolicy =+  req+    "UpdateFirewallPolicy"+    "fixture/UpdateFirewallPolicy.yaml"++requestUpdateFirewallPolicyChangeProtection :: UpdateFirewallPolicyChangeProtection -> TestTree+requestUpdateFirewallPolicyChangeProtection =+  req+    "UpdateFirewallPolicyChangeProtection"+    "fixture/UpdateFirewallPolicyChangeProtection.yaml"++requestUpdateLoggingConfiguration :: UpdateLoggingConfiguration -> TestTree+requestUpdateLoggingConfiguration =+  req+    "UpdateLoggingConfiguration"+    "fixture/UpdateLoggingConfiguration.yaml"++requestUpdateRuleGroup :: UpdateRuleGroup -> TestTree+requestUpdateRuleGroup =+  req+    "UpdateRuleGroup"+    "fixture/UpdateRuleGroup.yaml"++requestUpdateSubnetChangeProtection :: UpdateSubnetChangeProtection -> TestTree+requestUpdateSubnetChangeProtection =+  req+    "UpdateSubnetChangeProtection"+    "fixture/UpdateSubnetChangeProtection.yaml"++-- Responses++responseAssociateFirewallPolicy :: AssociateFirewallPolicyResponse -> TestTree+responseAssociateFirewallPolicy =+  res+    "AssociateFirewallPolicyResponse"+    "fixture/AssociateFirewallPolicyResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy AssociateFirewallPolicy)++responseAssociateSubnets :: AssociateSubnetsResponse -> TestTree+responseAssociateSubnets =+  res+    "AssociateSubnetsResponse"+    "fixture/AssociateSubnetsResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy AssociateSubnets)++responseCreateFirewall :: CreateFirewallResponse -> TestTree+responseCreateFirewall =+  res+    "CreateFirewallResponse"+    "fixture/CreateFirewallResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy CreateFirewall)++responseCreateFirewallPolicy :: CreateFirewallPolicyResponse -> TestTree+responseCreateFirewallPolicy =+  res+    "CreateFirewallPolicyResponse"+    "fixture/CreateFirewallPolicyResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy CreateFirewallPolicy)++responseCreateRuleGroup :: CreateRuleGroupResponse -> TestTree+responseCreateRuleGroup =+  res+    "CreateRuleGroupResponse"+    "fixture/CreateRuleGroupResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy CreateRuleGroup)++responseDeleteFirewall :: DeleteFirewallResponse -> TestTree+responseDeleteFirewall =+  res+    "DeleteFirewallResponse"+    "fixture/DeleteFirewallResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy DeleteFirewall)++responseDeleteFirewallPolicy :: DeleteFirewallPolicyResponse -> TestTree+responseDeleteFirewallPolicy =+  res+    "DeleteFirewallPolicyResponse"+    "fixture/DeleteFirewallPolicyResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy DeleteFirewallPolicy)++responseDeleteResourcePolicy :: DeleteResourcePolicyResponse -> TestTree+responseDeleteResourcePolicy =+  res+    "DeleteResourcePolicyResponse"+    "fixture/DeleteResourcePolicyResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy DeleteResourcePolicy)++responseDeleteRuleGroup :: DeleteRuleGroupResponse -> TestTree+responseDeleteRuleGroup =+  res+    "DeleteRuleGroupResponse"+    "fixture/DeleteRuleGroupResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy DeleteRuleGroup)++responseDescribeFirewall :: DescribeFirewallResponse -> TestTree+responseDescribeFirewall =+  res+    "DescribeFirewallResponse"+    "fixture/DescribeFirewallResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy DescribeFirewall)++responseDescribeFirewallPolicy :: DescribeFirewallPolicyResponse -> TestTree+responseDescribeFirewallPolicy =+  res+    "DescribeFirewallPolicyResponse"+    "fixture/DescribeFirewallPolicyResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy DescribeFirewallPolicy)++responseDescribeLoggingConfiguration :: DescribeLoggingConfigurationResponse -> TestTree+responseDescribeLoggingConfiguration =+  res+    "DescribeLoggingConfigurationResponse"+    "fixture/DescribeLoggingConfigurationResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy DescribeLoggingConfiguration)++responseDescribeResourcePolicy :: DescribeResourcePolicyResponse -> TestTree+responseDescribeResourcePolicy =+  res+    "DescribeResourcePolicyResponse"+    "fixture/DescribeResourcePolicyResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy DescribeResourcePolicy)++responseDescribeRuleGroup :: DescribeRuleGroupResponse -> TestTree+responseDescribeRuleGroup =+  res+    "DescribeRuleGroupResponse"+    "fixture/DescribeRuleGroupResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy DescribeRuleGroup)++responseDescribeRuleGroupMetadata :: DescribeRuleGroupMetadataResponse -> TestTree+responseDescribeRuleGroupMetadata =+  res+    "DescribeRuleGroupMetadataResponse"+    "fixture/DescribeRuleGroupMetadataResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy DescribeRuleGroupMetadata)++responseDisassociateSubnets :: DisassociateSubnetsResponse -> TestTree+responseDisassociateSubnets =+  res+    "DisassociateSubnetsResponse"+    "fixture/DisassociateSubnetsResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy DisassociateSubnets)++responseListFirewallPolicies :: ListFirewallPoliciesResponse -> TestTree+responseListFirewallPolicies =+  res+    "ListFirewallPoliciesResponse"+    "fixture/ListFirewallPoliciesResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy ListFirewallPolicies)++responseListFirewalls :: ListFirewallsResponse -> TestTree+responseListFirewalls =+  res+    "ListFirewallsResponse"+    "fixture/ListFirewallsResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy ListFirewalls)++responseListRuleGroups :: ListRuleGroupsResponse -> TestTree+responseListRuleGroups =+  res+    "ListRuleGroupsResponse"+    "fixture/ListRuleGroupsResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy ListRuleGroups)++responseListTagsForResource :: ListTagsForResourceResponse -> TestTree+responseListTagsForResource =+  res+    "ListTagsForResourceResponse"+    "fixture/ListTagsForResourceResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy ListTagsForResource)++responsePutResourcePolicy :: PutResourcePolicyResponse -> TestTree+responsePutResourcePolicy =+  res+    "PutResourcePolicyResponse"+    "fixture/PutResourcePolicyResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy PutResourcePolicy)++responseTagResource :: TagResourceResponse -> TestTree+responseTagResource =+  res+    "TagResourceResponse"+    "fixture/TagResourceResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy TagResource)++responseUntagResource :: UntagResourceResponse -> TestTree+responseUntagResource =+  res+    "UntagResourceResponse"+    "fixture/UntagResourceResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy UntagResource)++responseUpdateFirewallDeleteProtection :: UpdateFirewallDeleteProtectionResponse -> TestTree+responseUpdateFirewallDeleteProtection =+  res+    "UpdateFirewallDeleteProtectionResponse"+    "fixture/UpdateFirewallDeleteProtectionResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy UpdateFirewallDeleteProtection)++responseUpdateFirewallDescription :: UpdateFirewallDescriptionResponse -> TestTree+responseUpdateFirewallDescription =+  res+    "UpdateFirewallDescriptionResponse"+    "fixture/UpdateFirewallDescriptionResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy UpdateFirewallDescription)++responseUpdateFirewallEncryptionConfiguration :: UpdateFirewallEncryptionConfigurationResponse -> TestTree+responseUpdateFirewallEncryptionConfiguration =+  res+    "UpdateFirewallEncryptionConfigurationResponse"+    "fixture/UpdateFirewallEncryptionConfigurationResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy UpdateFirewallEncryptionConfiguration)++responseUpdateFirewallPolicy :: UpdateFirewallPolicyResponse -> TestTree+responseUpdateFirewallPolicy =+  res+    "UpdateFirewallPolicyResponse"+    "fixture/UpdateFirewallPolicyResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy UpdateFirewallPolicy)++responseUpdateFirewallPolicyChangeProtection :: UpdateFirewallPolicyChangeProtectionResponse -> TestTree+responseUpdateFirewallPolicyChangeProtection =+  res+    "UpdateFirewallPolicyChangeProtectionResponse"+    "fixture/UpdateFirewallPolicyChangeProtectionResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy UpdateFirewallPolicyChangeProtection)++responseUpdateLoggingConfiguration :: UpdateLoggingConfigurationResponse -> TestTree+responseUpdateLoggingConfiguration =+  res+    "UpdateLoggingConfigurationResponse"+    "fixture/UpdateLoggingConfigurationResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy UpdateLoggingConfiguration)++responseUpdateRuleGroup :: UpdateRuleGroupResponse -> TestTree+responseUpdateRuleGroup =+  res+    "UpdateRuleGroupResponse"+    "fixture/UpdateRuleGroupResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy UpdateRuleGroup)++responseUpdateSubnetChangeProtection :: UpdateSubnetChangeProtectionResponse -> TestTree+responseUpdateSubnetChangeProtection =+  res+    "UpdateSubnetChangeProtectionResponse"+    "fixture/UpdateSubnetChangeProtectionResponse.proto"+    defaultService+    (Proxy.Proxy :: Proxy.Proxy UpdateSubnetChangeProtection)
+ test/Test/Amazonka/NetworkFirewall.hs view
@@ -0,0 +1,20 @@+-- |+-- Module      : Test.Amazonka.NetworkFirewall+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Test.Amazonka.NetworkFirewall+  ( tests,+    fixtures,+  )+where++import Test.Tasty (TestTree)++tests :: [TestTree]+tests = []++fixtures :: [TestTree]+fixtures = []
+ test/Test/Amazonka/NetworkFirewall/Internal.hs view
@@ -0,0 +1,8 @@+-- |+-- Module      : Test.Amazonka.NetworkFirewall.Internal+-- Copyright   : (c) 2013-2023 Brendan Hay+-- License     : Mozilla Public License, v. 2.0.+-- Maintainer  : Brendan Hay+-- Stability   : auto-generated+-- Portability : non-portable (GHC extensions)+module Test.Amazonka.NetworkFirewall.Internal where