aws-sdk-fms 1.21.0 → 1.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: adfc803791c34f82032ee231b4b31cfbceac424f
4
- data.tar.gz: 464895184f7eb4ee30941a6cdbff41ee649a0e00
2
+ SHA256:
3
+ metadata.gz: bf35baf58bba5a600b7eb3085b376fa9d1b8035a411e86645cc98530c319c79f
4
+ data.tar.gz: 81af060eb16b51e9407d50a287e87f1b5676de13f615dd9c7451ec4af1a714a9
5
5
  SHA512:
6
- metadata.gz: cdd80bf1792481a06ff26ca159f342f4a6de1144aeb80b1798d6d2e0a6746e863f6a9829700989d38c443bedc740b430e9845aa13c0468ba56e569f82c4c5d2c
7
- data.tar.gz: 3ecde26a385d6e1f8b077c4ff351a57bacc82368fc5e8587a28148355cd33b52981264d1b3bbff5563490608c18d92a6ab803c32551ed8f675321ec3b44d8949
6
+ metadata.gz: d445d2029d0c2151546ac4972212ae92a894adbbdca5a1657f281b3b85eab54a2769e41f1fe9a5bb8898596a4847aa2c56eb557fcbc4cac885262e779047915a
7
+ data.tar.gz: 97ab8e954743e7d8e43ac6d07db6c6ecea726f443c6fdf15b832d710b76d37f236190ce886e6459a5b395ea1325054b6e69dac01a73b6c55e02ad16687aec681
@@ -24,17 +24,20 @@ require_relative 'aws-sdk-fms/customizations'
24
24
  # methods each accept a hash of request parameters and return a response
25
25
  # structure.
26
26
  #
27
+ # fms = Aws::FMS::Client.new
28
+ # resp = fms.associate_admin_account(params)
29
+ #
27
30
  # See {Client} for more information.
28
31
  #
29
32
  # # Errors
30
33
  #
31
- # Errors returned from Firewall Management Service all
32
- # extend {Errors::ServiceError}.
34
+ # Errors returned from Firewall Management Service are defined in the
35
+ # {Errors} module and all extend {Errors::ServiceError}.
33
36
  #
34
37
  # begin
35
38
  # # do stuff
36
39
  # rescue Aws::FMS::Errors::ServiceError
37
- # # rescues all service API errors
40
+ # # rescues all Firewall Management Service API errors
38
41
  # end
39
42
  #
40
43
  # See {Errors} for more information.
@@ -42,6 +45,6 @@ require_relative 'aws-sdk-fms/customizations'
42
45
  # @service
43
46
  module Aws::FMS
44
47
 
45
- GEM_VERSION = '1.21.0'
48
+ GEM_VERSION = '1.26.0'
46
49
 
47
50
  end
@@ -30,6 +30,18 @@ require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
30
30
  Aws::Plugins::GlobalConfiguration.add_identifier(:fms)
31
31
 
32
32
  module Aws::FMS
33
+ # An API client for FMS. To construct a client, you need to configure a `:region` and `:credentials`.
34
+ #
35
+ # client = Aws::FMS::Client.new(
36
+ # region: region_name,
37
+ # credentials: credentials,
38
+ # # ...
39
+ # )
40
+ #
41
+ # For details on configuring region and credentials see
42
+ # the [developer guide](/sdk-for-ruby/v3/developer-guide/setup-config.html).
43
+ #
44
+ # See {#initialize} for a full list of supported configuration options.
33
45
  class Client < Seahorse::Client::Base
34
46
 
35
47
  include Aws::ClientStubs
@@ -93,7 +105,7 @@ module Aws::FMS
93
105
  # @option options [required, String] :region
94
106
  # The AWS region to connect to. The configured `:region` is
95
107
  # used to determine the service `:endpoint`. When not passed,
96
- # a default `:region` is search for in the following locations:
108
+ # a default `:region` is searched for in the following locations:
97
109
  #
98
110
  # * `Aws.config[:region]`
99
111
  # * `ENV['AWS_REGION']`
@@ -108,6 +120,12 @@ module Aws::FMS
108
120
  # When set to `true`, a thread polling for endpoints will be running in
109
121
  # the background every 60 secs (default). Defaults to `false`.
110
122
  #
123
+ # @option options [Boolean] :adaptive_retry_wait_to_fill (true)
124
+ # Used only in `adaptive` retry mode. When true, the request will sleep
125
+ # until there is sufficent client side capacity to retry the request.
126
+ # When false, the request will raise a `RetryCapacityNotAvailableError` and will
127
+ # not retry instead of sleeping.
128
+ #
111
129
  # @option options [Boolean] :client_side_monitoring (false)
112
130
  # When `true`, client-side metrics will be collected for all API requests from
113
131
  # this client.
@@ -132,6 +150,10 @@ module Aws::FMS
132
150
  # When `true`, an attempt is made to coerce request parameters into
133
151
  # the required types.
134
152
  #
153
+ # @option options [Boolean] :correct_clock_skew (true)
154
+ # Used only in `standard` and adaptive retry modes. Specifies whether to apply
155
+ # a clock skew correction and retry requests with skewed client clocks.
156
+ #
135
157
  # @option options [Boolean] :disable_host_prefix_injection (false)
136
158
  # Set to true to disable SDK automatically adding host prefix
137
159
  # to default service endpoint when available.
@@ -139,7 +161,7 @@ module Aws::FMS
139
161
  # @option options [String] :endpoint
140
162
  # The client endpoint is normally constructed from the `:region`
141
163
  # option. You should only configure an `:endpoint` when connecting
142
- # to test endpoints. This should be avalid HTTP(S) URI.
164
+ # to test endpoints. This should be a valid HTTP(S) URI.
143
165
  #
144
166
  # @option options [Integer] :endpoint_cache_max_entries (1000)
145
167
  # Used for the maximum size limit of the LRU cache storing endpoints data
@@ -154,7 +176,7 @@ module Aws::FMS
154
176
  # requests fetching endpoints information. Defaults to 60 sec.
155
177
  #
156
178
  # @option options [Boolean] :endpoint_discovery (false)
157
- # When set to `true`, endpoint discovery will be enabled for operations when available. Defaults to `false`.
179
+ # When set to `true`, endpoint discovery will be enabled for operations when available.
158
180
  #
159
181
  # @option options [Aws::Log::Formatter] :log_formatter (Aws::Log::Formatter.default)
160
182
  # The log formatter.
@@ -166,15 +188,29 @@ module Aws::FMS
166
188
  # The Logger instance to send log messages to. If this option
167
189
  # is not set, logging will be disabled.
168
190
  #
191
+ # @option options [Integer] :max_attempts (3)
192
+ # An integer representing the maximum number attempts that will be made for
193
+ # a single request, including the initial attempt. For example,
194
+ # setting this value to 5 will result in a request being retried up to
195
+ # 4 times. Used in `standard` and `adaptive` retry modes.
196
+ #
169
197
  # @option options [String] :profile ("default")
170
198
  # Used when loading credentials from the shared credentials file
171
199
  # at HOME/.aws/credentials. When not specified, 'default' is used.
172
200
  #
201
+ # @option options [Proc] :retry_backoff
202
+ # A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay.
203
+ # This option is only used in the `legacy` retry mode.
204
+ #
173
205
  # @option options [Float] :retry_base_delay (0.3)
174
- # The base delay in seconds used by the default backoff function.
206
+ # The base delay in seconds used by the default backoff function. This option
207
+ # is only used in the `legacy` retry mode.
175
208
  #
176
209
  # @option options [Symbol] :retry_jitter (:none)
177
- # A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number.
210
+ # A delay randomiser function used by the default backoff function.
211
+ # Some predefined functions can be referenced by name - :none, :equal, :full,
212
+ # otherwise a Proc that takes and returns a number. This option is only used
213
+ # in the `legacy` retry mode.
178
214
  #
179
215
  # @see https://www.awsarchitectureblog.com/2015/03/backoff.html
180
216
  #
@@ -182,11 +218,30 @@ module Aws::FMS
182
218
  # The maximum number of times to retry failed requests. Only
183
219
  # ~ 500 level server errors and certain ~ 400 level client errors
184
220
  # are retried. Generally, these are throttling errors, data
185
- # checksum errors, networking errors, timeout errors and auth
186
- # errors from expired credentials.
221
+ # checksum errors, networking errors, timeout errors, auth errors,
222
+ # endpoint discovery, and errors from expired credentials.
223
+ # This option is only used in the `legacy` retry mode.
187
224
  #
188
225
  # @option options [Integer] :retry_max_delay (0)
189
- # The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function.
226
+ # The maximum number of seconds to delay between retries (0 for no limit)
227
+ # used by the default backoff function. This option is only used in the
228
+ # `legacy` retry mode.
229
+ #
230
+ # @option options [String] :retry_mode ("legacy")
231
+ # Specifies which retry algorithm to use. Values are:
232
+ #
233
+ # * `legacy` - The pre-existing retry behavior. This is default value if
234
+ # no retry mode is provided.
235
+ #
236
+ # * `standard` - A standardized set of retry rules across the AWS SDKs.
237
+ # This includes support for retry quotas, which limit the number of
238
+ # unsuccessful retries a client can make.
239
+ #
240
+ # * `adaptive` - An experimental retry mode that includes all the
241
+ # functionality of `standard` mode along with automatic client side
242
+ # throttling. This is a provisional mode that may change behavior
243
+ # in the future.
244
+ #
190
245
  #
191
246
  # @option options [String] :secret_access_key
192
247
  #
@@ -219,16 +274,15 @@ module Aws::FMS
219
274
  # requests through. Formatted like 'http://proxy.com:123'.
220
275
  #
221
276
  # @option options [Float] :http_open_timeout (15) The number of
222
- # seconds to wait when opening a HTTP session before rasing a
277
+ # seconds to wait when opening a HTTP session before raising a
223
278
  # `Timeout::Error`.
224
279
  #
225
280
  # @option options [Integer] :http_read_timeout (60) The default
226
281
  # number of seconds to wait for response data. This value can
227
- # safely be set
228
- # per-request on the session yeidled by {#session_for}.
282
+ # safely be set per-request on the session.
229
283
  #
230
284
  # @option options [Float] :http_idle_timeout (5) The number of
231
- # seconds a connection is allowed to sit idble before it is
285
+ # seconds a connection is allowed to sit idle before it is
232
286
  # considered stale. Stale connections are closed and removed
233
287
  # from the pool before making a request.
234
288
  #
@@ -237,7 +291,7 @@ module Aws::FMS
237
291
  # request body. This option has no effect unless the request has
238
292
  # "Expect" header set to "100-continue". Defaults to `nil` which
239
293
  # disables this behaviour. This value can safely be set per
240
- # request on the session yeidled by {#session_for}.
294
+ # request on the session.
241
295
  #
242
296
  # @option options [Boolean] :http_wire_trace (false) When `true`,
243
297
  # HTTP debug output will be sent to the `:logger`.
@@ -504,7 +558,7 @@ module Aws::FMS
504
558
  # resp.policy.policy_id #=> String
505
559
  # resp.policy.policy_name #=> String
506
560
  # resp.policy.policy_update_token #=> String
507
- # resp.policy.security_service_policy_data.type #=> String, one of "WAF", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
561
+ # resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
508
562
  # resp.policy.security_service_policy_data.managed_service_data #=> String
509
563
  # resp.policy.resource_type #=> String
510
564
  # resp.policy.resource_type_list #=> Array
@@ -590,7 +644,7 @@ module Aws::FMS
590
644
  # @example Response structure
591
645
  #
592
646
  # resp.admin_account_id #=> String
593
- # resp.service_type #=> String, one of "WAF", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
647
+ # resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
594
648
  # resp.data #=> String
595
649
  # resp.next_token #=> String
596
650
  #
@@ -633,6 +687,8 @@ module Aws::FMS
633
687
  # * {Types::ListComplianceStatusResponse#policy_compliance_status_list #policy_compliance_status_list} => Array&lt;Types::PolicyComplianceStatus&gt;
634
688
  # * {Types::ListComplianceStatusResponse#next_token #next_token} => String
635
689
  #
690
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
691
+ #
636
692
  # @example Request syntax with placeholder values
637
693
  #
638
694
  # resp = client.list_compliance_status({
@@ -693,6 +749,8 @@ module Aws::FMS
693
749
  # * {Types::ListMemberAccountsResponse#member_accounts #member_accounts} => Array&lt;String&gt;
694
750
  # * {Types::ListMemberAccountsResponse#next_token #next_token} => String
695
751
  #
752
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
753
+ #
696
754
  # @example Request syntax with placeholder values
697
755
  #
698
756
  # resp = client.list_member_accounts({
@@ -738,6 +796,8 @@ module Aws::FMS
738
796
  # * {Types::ListPoliciesResponse#policy_list #policy_list} => Array&lt;Types::PolicySummary&gt;
739
797
  # * {Types::ListPoliciesResponse#next_token #next_token} => String
740
798
  #
799
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
800
+ #
741
801
  # @example Request syntax with placeholder values
742
802
  #
743
803
  # resp = client.list_policies({
@@ -752,7 +812,7 @@ module Aws::FMS
752
812
  # resp.policy_list[0].policy_id #=> String
753
813
  # resp.policy_list[0].policy_name #=> String
754
814
  # resp.policy_list[0].resource_type #=> String
755
- # resp.policy_list[0].security_service_type #=> String, one of "WAF", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
815
+ # resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
756
816
  # resp.policy_list[0].remediation_enabled #=> Boolean
757
817
  # resp.next_token #=> String
758
818
  #
@@ -833,15 +893,18 @@ module Aws::FMS
833
893
  # * A Shield Advanced policy, which applies Shield Advanced protection
834
894
  # to specified accounts and resources
835
895
  #
836
- # * An AWS WAF policy, which contains a rule group and defines which
837
- # resources are to be protected by that rule group
896
+ # * An AWS WAF policy (type WAFV2), which defines rule groups to run
897
+ # first in the corresponding AWS WAF web ACL and rule groups to run
898
+ # last in the web ACL.
899
+ #
900
+ # * An AWS WAF Classic policy (type WAF), which defines a rule group.
838
901
  #
839
902
  # * A security group policy, which manages VPC security groups across
840
903
  # your AWS organization.
841
904
  #
842
- # Each policy is specific to one of the three types. If you want to
843
- # enforce more than one policy type across accounts, you can create
844
- # multiple policies. You can create multiple policies for each type.
905
+ # Each policy is specific to one of the types. If you want to enforce
906
+ # more than one policy type across accounts, create multiple policies.
907
+ # You can create multiple policies for each type.
845
908
  #
846
909
  # You must be subscribed to Shield Advanced to create a Shield Advanced
847
910
  # policy. For more information about subscribing to Shield Advanced, see
@@ -870,7 +933,7 @@ module Aws::FMS
870
933
  # policy_name: "ResourceName", # required
871
934
  # policy_update_token: "PolicyUpdateToken",
872
935
  # security_service_policy_data: { # required
873
- # type: "WAF", # required, accepts WAF, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
936
+ # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
874
937
  # managed_service_data: "ManagedServiceData",
875
938
  # },
876
939
  # resource_type: "ResourceType", # required
@@ -903,7 +966,7 @@ module Aws::FMS
903
966
  # resp.policy.policy_id #=> String
904
967
  # resp.policy.policy_name #=> String
905
968
  # resp.policy.policy_update_token #=> String
906
- # resp.policy.security_service_policy_data.type #=> String, one of "WAF", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
969
+ # resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT"
907
970
  # resp.policy.security_service_policy_data.managed_service_data #=> String
908
971
  # resp.policy.resource_type #=> String
909
972
  # resp.policy.resource_type_list #=> Array
@@ -1004,7 +1067,7 @@ module Aws::FMS
1004
1067
  params: params,
1005
1068
  config: config)
1006
1069
  context[:gem_name] = 'aws-sdk-fms'
1007
- context[:gem_version] = '1.21.0'
1070
+ context[:gem_version] = '1.26.0'
1008
1071
  Seahorse::Client::Request.new(handlers, context)
1009
1072
  end
1010
1073
 
@@ -6,6 +6,34 @@
6
6
  # WARNING ABOUT GENERATED CODE
7
7
 
8
8
  module Aws::FMS
9
+
10
+ # When FMS returns an error response, the Ruby SDK constructs and raises an error.
11
+ # These errors all extend Aws::FMS::Errors::ServiceError < {Aws::Errors::ServiceError}
12
+ #
13
+ # You can rescue all FMS errors using ServiceError:
14
+ #
15
+ # begin
16
+ # # do stuff
17
+ # rescue Aws::FMS::Errors::ServiceError
18
+ # # rescues all FMS API errors
19
+ # end
20
+ #
21
+ #
22
+ # ## Request Context
23
+ # ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns
24
+ # information about the request that generated the error.
25
+ # See {Seahorse::Client::RequestContext} for more information.
26
+ #
27
+ # ## Error Classes
28
+ # * {InternalErrorException}
29
+ # * {InvalidInputException}
30
+ # * {InvalidOperationException}
31
+ # * {InvalidTypeException}
32
+ # * {LimitExceededException}
33
+ # * {ResourceNotFoundException}
34
+ #
35
+ # Additionally, error classes are dynamically generated for service errors based on the error code
36
+ # if they are not defined above.
9
37
  module Errors
10
38
 
11
39
  extend Aws::Errors::DynamicErrors
@@ -23,7 +51,6 @@ module Aws::FMS
23
51
  def message
24
52
  @message || @data[:message]
25
53
  end
26
-
27
54
  end
28
55
 
29
56
  class InvalidInputException < ServiceError
@@ -39,7 +66,6 @@ module Aws::FMS
39
66
  def message
40
67
  @message || @data[:message]
41
68
  end
42
-
43
69
  end
44
70
 
45
71
  class InvalidOperationException < ServiceError
@@ -55,7 +81,6 @@ module Aws::FMS
55
81
  def message
56
82
  @message || @data[:message]
57
83
  end
58
-
59
84
  end
60
85
 
61
86
  class InvalidTypeException < ServiceError
@@ -71,7 +96,6 @@ module Aws::FMS
71
96
  def message
72
97
  @message || @data[:message]
73
98
  end
74
-
75
99
  end
76
100
 
77
101
  class LimitExceededException < ServiceError
@@ -87,7 +111,6 @@ module Aws::FMS
87
111
  def message
88
112
  @message || @data[:message]
89
113
  end
90
-
91
114
  end
92
115
 
93
116
  class ResourceNotFoundException < ServiceError
@@ -103,7 +126,6 @@ module Aws::FMS
103
126
  def message
104
127
  @message || @data[:message]
105
128
  end
106
-
107
129
  end
108
130
 
109
131
  end
@@ -6,6 +6,7 @@
6
6
  # WARNING ABOUT GENERATED CODE
7
7
 
8
8
  module Aws::FMS
9
+
9
10
  class Resource
10
11
 
11
12
  # @param options ({})
@@ -681,7 +681,7 @@ module Aws::FMS
681
681
  # policy_name: "ResourceName", # required
682
682
  # policy_update_token: "PolicyUpdateToken",
683
683
  # security_service_policy_data: { # required
684
- # type: "WAF", # required, accepts WAF, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
684
+ # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
685
685
  # managed_service_data: "ManagedServiceData",
686
686
  # },
687
687
  # resource_type: "ResourceType", # required
@@ -762,24 +762,63 @@ module Aws::FMS
762
762
  # @return [Boolean]
763
763
  #
764
764
  # @!attribute [rw] include_map
765
- # Specifies the AWS account IDs to include in the policy. If
766
- # `IncludeMap` is null, all accounts in the organization in AWS
767
- # Organizations are included in the policy. If `IncludeMap` is not
768
- # null, only values listed in `IncludeMap` are included in the policy.
769
- #
770
- # The key to the map is `ACCOUNT`. For example, a valid `IncludeMap`
771
- # would be `\{“ACCOUNT” : [“accountID1”, “accountID2”]\}`.
765
+ # Specifies the AWS account IDs and AWS Organizations organizational
766
+ # units (OUs) to include in the policy. Specifying an OU is the
767
+ # equivalent of specifying all accounts in the OU and in any of its
768
+ # child OUs, including any child OUs and accounts that are added at a
769
+ # later time.
770
+ #
771
+ # You can specify inclusions or exclusions, but not both. If you
772
+ # specify an `IncludeMap`, AWS Firewall Manager applies the policy to
773
+ # all accounts specified by the `IncludeMap`, and does not evaluate
774
+ # any `ExcludeMap` specifications. If you do not specify an
775
+ # `IncludeMap`, then Firewall Manager applies the policy to all
776
+ # accounts except for those specified by the `ExcludeMap`.
777
+ #
778
+ # You can specify account IDs, OUs, or a combination:
779
+ #
780
+ # * Specify account IDs by setting the key to `ACCOUNT`. For example,
781
+ # the following is a valid map: `\{“ACCOUNT” : [“accountID1”,
782
+ # “accountID2”]\}`.
783
+ #
784
+ # * Specify OUs by setting the key to `ORG_UNIT`. For example, the
785
+ # following is a valid map: `\{“ORG_UNIT” : [“ouid111”,
786
+ # “ouid112”]\}`.
787
+ #
788
+ # * Specify accounts and OUs together in a single map, separated with
789
+ # a comma. For example, the following is a valid map: `\{“ACCOUNT” :
790
+ # [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”,
791
+ # “ouid112”]\}`.
772
792
  # @return [Hash<String,Array<String>>]
773
793
  #
774
794
  # @!attribute [rw] exclude_map
775
- # Specifies the AWS account IDs to exclude from the policy. The
776
- # `IncludeMap` values are evaluated first, with all the appropriate
777
- # account IDs added to the policy. Then the accounts listed in
778
- # `ExcludeMap` are removed, resulting in the final list of accounts to
779
- # add to the policy.
780
- #
781
- # The key to the map is `ACCOUNT`. For example, a valid `ExcludeMap`
782
- # would be `\{“ACCOUNT” : [“accountID1”, “accountID2”]\}`.
795
+ # Specifies the AWS account IDs and AWS Organizations organizational
796
+ # units (OUs) to exclude from the policy. Specifying an OU is the
797
+ # equivalent of specifying all accounts in the OU and in any of its
798
+ # child OUs, including any child OUs and accounts that are added at a
799
+ # later time.
800
+ #
801
+ # You can specify inclusions or exclusions, but not both. If you
802
+ # specify an `IncludeMap`, AWS Firewall Manager applies the policy to
803
+ # all accounts specified by the `IncludeMap`, and does not evaluate
804
+ # any `ExcludeMap` specifications. If you do not specify an
805
+ # `IncludeMap`, then Firewall Manager applies the policy to all
806
+ # accounts except for those specified by the `ExcludeMap`.
807
+ #
808
+ # You can specify account IDs, OUs, or a combination:
809
+ #
810
+ # * Specify account IDs by setting the key to `ACCOUNT`. For example,
811
+ # the following is a valid map: `\{“ACCOUNT” : [“accountID1”,
812
+ # “accountID2”]\}`.
813
+ #
814
+ # * Specify OUs by setting the key to `ORG_UNIT`. For example, the
815
+ # following is a valid map: `\{“ORG_UNIT” : [“ouid111”,
816
+ # “ouid112”]\}`.
817
+ #
818
+ # * Specify accounts and OUs together in a single map, separated with
819
+ # a comma. For example, the following is a valid map: `\{“ACCOUNT” :
820
+ # [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”,
821
+ # “ouid112”]\}`.
783
822
  # @return [Hash<String,Array<String>>]
784
823
  #
785
824
  # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Policy AWS API Documentation
@@ -992,7 +1031,7 @@ module Aws::FMS
992
1031
  # policy_name: "ResourceName", # required
993
1032
  # policy_update_token: "PolicyUpdateToken",
994
1033
  # security_service_policy_data: { # required
995
- # type: "WAF", # required, accepts WAF, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
1034
+ # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
996
1035
  # managed_service_data: "ManagedServiceData",
997
1036
  # },
998
1037
  # resource_type: "ResourceType", # required
@@ -1109,7 +1148,7 @@ module Aws::FMS
1109
1148
  # data as a hash:
1110
1149
  #
1111
1150
  # {
1112
- # type: "WAF", # required, accepts WAF, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
1151
+ # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
1113
1152
  # managed_service_data: "ManagedServiceData",
1114
1153
  # }
1115
1154
  #
@@ -1128,16 +1167,22 @@ module Aws::FMS
1128
1167
  # JSON format. For service type `SHIELD_ADVANCED`, this is an empty
1129
1168
  # string.
1130
1169
  #
1131
- # * Example: `WAF`
1170
+ # * Example: `WAFV2`
1171
+ #
1172
+ # `"ManagedServiceData":
1173
+ # "\{"type":"WAFV2","defaultAction":\{"type":"ALLOW"\},"preProcessRuleGroups":[\{"managedRuleGroupIdentifier":null,"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"COUNT"\},"excludedRules":[\{"name":"EntityName"\}],"ruleGroupType":"RuleGroup"\}],"postProcessRuleGroups":[\{"managedRuleGroupIdentifier":\{"managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet","vendor":"AWS"\},"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"NONE"\},"excludedRules":[],"ruleGroupType":"ManagedRuleGroup"\}],"overrideCustomerWebACLAssociation":false\}"`
1174
+ #
1175
+ # * Example: `WAF Classic`
1132
1176
  #
1133
- # `ManagedServiceData": "\{"type": "WAF", "ruleGroups":
1177
+ # `"ManagedServiceData": "\{"type": "WAF", "ruleGroups":
1134
1178
  # [\{"id": "12345678-1bcd-9012-efga-0987654321ab",
1135
1179
  # "overrideAction" : \{"type": "COUNT"\}\}],
1136
1180
  # "defaultAction": \{"type": "BLOCK"\}\}`
1137
1181
  #
1138
1182
  # * Example: `SECURITY_GROUPS_COMMON`
1139
1183
  #
1140
- # `"SecurityServicePolicyData":\{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,"securityGroups":[\{"id":"
1184
+ # `"SecurityServicePolicyData":\{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
1185
+ # "applyToAllEC2InstanceENIs":false,"securityGroups":[\{"id":"
1141
1186
  # sg-000e55995d61a06bd"\}]\}"\},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"\}`
1142
1187
  #
1143
1188
  # * Example: `SECURITY_GROUPS_CONTENT_AUDIT`
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-fms
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.21.0
4
+ version: 1.26.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-01-08 00:00:00.000000000 Z
11
+ date: 2020-05-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core
@@ -81,7 +81,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
81
81
  version: '0'
82
82
  requirements: []
83
83
  rubyforge_project:
84
- rubygems_version: 2.5.2.3
84
+ rubygems_version: 2.7.6.2
85
85
  signing_key:
86
86
  specification_version: 4
87
87
  summary: AWS SDK for Ruby - FMS