AWS cli documentation change
Summary
Added new '--firewall-rule-type' parameter with advanced threat detection capabilities including content/threat categories and DNS threat protection (DGA/DNS tunneling detection). Updated DNS record type range from 1-65334 to 1-65534.
Security assessment
The change introduces documentation for new DNS threat protection features (DGA, DNS tunneling, dictionary DGA) which are security capabilities. However, there's no evidence this addresses a specific existing vulnerability. The DNS range correction appears to be a documentation fix without security implications.
Diff
diff --git a/cli/latest/reference/route53resolver/update-firewall-rule.md b/cli/latest/reference/route53resolver/update-firewall-rule.md index 13d9ecb44..5c0b599fa 100644 --- a//cli/latest/reference/route53resolver/update-firewall-rule.md +++ b//cli/latest/reference/route53resolver/update-firewall-rule.md @@ -15 +15 @@ - * [AWS CLI 2.34.55 Command Reference](../../index.html) » + * [AWS CLI 2.34.57 Command Reference](../../index.html) » @@ -81,0 +82 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/route5 + [--firewall-rule-type <value>] @@ -257 +258 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/route5 -> * A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65334, for example, TYPE28. For more information, see [List of DNS record types](https://en.wikipedia.org/wiki/List_of_DNS_record_types) . +> * A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65534, for example, TYPE28. For more information, see [List of DNS record types](https://en.wikipedia.org/wiki/List_of_DNS_record_types) . @@ -306,0 +308,96 @@ See also: [AWS API Documentation](https://docs.aws.amazon.com/goto/WebAPI/route5 +`--firewall-rule-type` (structure) + +> The rule type configuration for the firewall rule. This setting is mutually exclusive with the top-level `FirewallDomainListId` and `DnsThreatProtection` fields. +> +> FirewallAdvancedContentCategory -> (structure) +> +>> The configuration for a content category-based filtering rule. +>> +>> Category -> (string) [required] +>> +>>> The content category identifier. To retrieve the list of available content categories, call ListFirewallRuleTypes with `RuleType` set to `FirewallAdvancedContentCategory` . +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `128` +>>> + +> +> FirewallAdvancedThreatCategory -> (structure) +> +>> The configuration for a threat category-based filtering rule. +>> +>> Category -> (string) [required] +>> +>>> The threat category identifier. To retrieve the list of available threat categories, call ListFirewallRuleTypes with `RuleType` set to `FirewallAdvancedThreatCategory` . +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `128` +>>> + +> +> DnsThreatProtection -> (structure) +> +>> The configuration for a DNS threat protection rule type, such as DGA or DNS tunneling detection. +>> +>> Value -> (string) [required] +>> +>>> The type of DNS threat protection. Valid values are: +>>> +>>> * `DGA` : Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains to launch malware attacks. +>>> * `DNS_TUNNELING` : DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without making a network connection to the client. +>>> * `DICT_DGA` : Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs. +>>> + +>>> +>>> Constraints: +>>> +>>> * min: `1` +>>> * max: `128` +>>> + +>> +>> ConfidenceThreshold -> (string) [required] +>> +>>> The confidence threshold for DNS Firewall Advanced. You must provide this value when you create or update a DNS Firewall Advanced rule. The confidence level values mean: +>>> +>>> * `LOW` : Provides the highest detection rate for threats, but also increases false positives. +>>> * `MEDIUM` : Provides a balance between detecting threats and false positives. +>>> * `HIGH` : Detects only the most well corroborated threats with a low rate of false positives. +>>> + +>>> +>>> Possible values: +>>> +>>> * `LOW` +>>> * `MEDIUM` +>>> * `HIGH` +>>> + + +Shorthand Syntax: + + + FirewallAdvancedContentCategory={Category=string},FirewallAdvancedThreatCategory={Category=string},DnsThreatProtection={Value=string,ConfidenceThreshold=string} + + +JSON Syntax: + + + { + "FirewallAdvancedContentCategory": { + "Category": "string" + }, + "FirewallAdvancedThreatCategory": { + "Category": "string" + }, + "DnsThreatProtection": { + "Value": "string", + "ConfidenceThreshold": "LOW"|"MEDIUM"|"HIGH" + } + } + + @@ -636 +733 @@ FirewallRule -> (structure) ->> * A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65334, for example, TYPE28. For more information, see [List of DNS record types](https://en.wikipedia.org/wiki/List_of_DNS_record_types) . +>> * A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65534, for example, TYPE28. For more information, see [List of DNS record types](https://en.wikipedia.org/wiki/List_of_DNS_record_types) . @@ -680,0 +778,73 @@ FirewallRule -> (structure) +> +> FirewallRuleType -> (structure) +> +>> The rule type configuration for the firewall rule. Exactly one member of this union should be set. +>> +>> FirewallAdvancedContentCategory -> (structure) +>> +>>> The configuration for a content category-based filtering rule. +>>> +>>> Category -> (string) [required] +>>> +>>>> The content category identifier. To retrieve the list of available content categories, call ListFirewallRuleTypes with `RuleType` set to `FirewallAdvancedContentCategory` . +>>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `128` +>>>> + +>> +>> FirewallAdvancedThreatCategory -> (structure) +>> +>>> The configuration for a threat category-based filtering rule. +>>> +>>> Category -> (string) [required] +>>> +>>>> The threat category identifier. To retrieve the list of available threat categories, call ListFirewallRuleTypes with `RuleType` set to `FirewallAdvancedThreatCategory` . +>>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `128` +>>>> + +>> +>> DnsThreatProtection -> (structure) +>> +>>> The configuration for a DNS threat protection rule type, such as DGA or DNS tunneling detection. +>>> +>>> Value -> (string) [required] +>>> +>>>> The type of DNS threat protection. Valid values are: +>>>> +>>>> * `DGA` : Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains to launch malware attacks. +>>>> * `DNS_TUNNELING` : DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without making a network connection to the client. +>>>> * `DICT_DGA` : Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs. +>>>> + +>>>> +>>>> Constraints: +>>>> +>>>> * min: `1` +>>>> * max: `128` +>>>> + +>>> +>>> ConfidenceThreshold -> (string) [required] +>>> +>>>> The confidence threshold for DNS Firewall Advanced. You must provide this value when you create or update a DNS Firewall Advanced rule. The confidence level values mean: +>>>> +>>>> * `LOW` : Provides the highest detection rate for threats, but also increases false positives. +>>>> * `MEDIUM` : Provides a balance between detecting threats and false positives. +>>>> * `HIGH` : Detects only the most well corroborated threats with a low rate of false positives. +>>>> + +>>>> +>>>> Possible values: +>>>> +>>>> * `LOW` +>>>> * `MEDIUM` +>>>> * `HIGH` +>>>> + @@ -692 +862 @@ FirewallRule -> (structure) - * [AWS CLI 2.34.55 Command Reference](../../index.html) » + * [AWS CLI 2.34.57 Command Reference](../../index.html) »