aws-sdk-fms 1.28.0 → 1.29.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -10,6 +10,153 @@
10
10
  module Aws::FMS
11
11
  module Types
12
12
 
13
+ # An individual AWS Firewall Manager application.
14
+ #
15
+ # @note When making an API call, you may pass App
16
+ # data as a hash:
17
+ #
18
+ # {
19
+ # app_name: "ResourceName", # required
20
+ # protocol: "Protocol", # required
21
+ # port: 1, # required
22
+ # }
23
+ #
24
+ # @!attribute [rw] app_name
25
+ # The application's name.
26
+ # @return [String]
27
+ #
28
+ # @!attribute [rw] protocol
29
+ # The IP protocol name or number. The name can be one of `tcp`, `udp`,
30
+ # or `icmp`. For information on possible numbers, see [Protocol
31
+ # Numbers][1].
32
+ #
33
+ #
34
+ #
35
+ # [1]: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
36
+ # @return [String]
37
+ #
38
+ # @!attribute [rw] port
39
+ # The application's port number, for example `80`.
40
+ # @return [Integer]
41
+ #
42
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/App AWS API Documentation
43
+ #
44
+ class App < Struct.new(
45
+ :app_name,
46
+ :protocol,
47
+ :port)
48
+ SENSITIVE = []
49
+ include Aws::Structure
50
+ end
51
+
52
+ # An AWS Firewall Manager applications list.
53
+ #
54
+ # @note When making an API call, you may pass AppsListData
55
+ # data as a hash:
56
+ #
57
+ # {
58
+ # list_id: "ListId",
59
+ # list_name: "ResourceName", # required
60
+ # list_update_token: "UpdateToken",
61
+ # create_time: Time.now,
62
+ # last_update_time: Time.now,
63
+ # apps_list: [ # required
64
+ # {
65
+ # app_name: "ResourceName", # required
66
+ # protocol: "Protocol", # required
67
+ # port: 1, # required
68
+ # },
69
+ # ],
70
+ # previous_apps_list: {
71
+ # "PreviousListVersion" => [
72
+ # {
73
+ # app_name: "ResourceName", # required
74
+ # protocol: "Protocol", # required
75
+ # port: 1, # required
76
+ # },
77
+ # ],
78
+ # },
79
+ # }
80
+ #
81
+ # @!attribute [rw] list_id
82
+ # The ID of the AWS Firewall Manager applications list.
83
+ # @return [String]
84
+ #
85
+ # @!attribute [rw] list_name
86
+ # The name of the AWS Firewall Manager applications list.
87
+ # @return [String]
88
+ #
89
+ # @!attribute [rw] list_update_token
90
+ # A unique identifier for each update to the list. When you update the
91
+ # list, the update token must match the token of the current version
92
+ # of the application list. You can retrieve the update token by
93
+ # getting the list.
94
+ # @return [String]
95
+ #
96
+ # @!attribute [rw] create_time
97
+ # The time that the AWS Firewall Manager applications list was
98
+ # created.
99
+ # @return [Time]
100
+ #
101
+ # @!attribute [rw] last_update_time
102
+ # The time that the AWS Firewall Manager applications list was last
103
+ # updated.
104
+ # @return [Time]
105
+ #
106
+ # @!attribute [rw] apps_list
107
+ # An array of applications in the AWS Firewall Manager applications
108
+ # list.
109
+ # @return [Array<Types::App>]
110
+ #
111
+ # @!attribute [rw] previous_apps_list
112
+ # A map of previous version numbers to their corresponding `App`
113
+ # object arrays.
114
+ # @return [Hash<String,Array<Types::App>>]
115
+ #
116
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AppsListData AWS API Documentation
117
+ #
118
+ class AppsListData < Struct.new(
119
+ :list_id,
120
+ :list_name,
121
+ :list_update_token,
122
+ :create_time,
123
+ :last_update_time,
124
+ :apps_list,
125
+ :previous_apps_list)
126
+ SENSITIVE = []
127
+ include Aws::Structure
128
+ end
129
+
130
+ # Details of the AWS Firewall Manager applications list.
131
+ #
132
+ # @!attribute [rw] list_arn
133
+ # The Amazon Resource Name (ARN) of the applications list.
134
+ # @return [String]
135
+ #
136
+ # @!attribute [rw] list_id
137
+ # The ID of the applications list.
138
+ # @return [String]
139
+ #
140
+ # @!attribute [rw] list_name
141
+ # The name of the applications list.
142
+ # @return [String]
143
+ #
144
+ # @!attribute [rw] apps_list
145
+ # An array of `App` objects in the AWS Firewall Manager applications
146
+ # list.
147
+ # @return [Array<Types::App>]
148
+ #
149
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AppsListDataSummary AWS API Documentation
150
+ #
151
+ class AppsListDataSummary < Struct.new(
152
+ :list_arn,
153
+ :list_id,
154
+ :list_name,
155
+ :apps_list)
156
+ SENSITIVE = []
157
+ include Aws::Structure
158
+ end
159
+
13
160
  # @note When making an API call, you may pass AssociateAdminAccountRequest
14
161
  # data as a hash:
15
162
  #
@@ -37,6 +184,76 @@ module Aws::FMS
37
184
  include Aws::Structure
38
185
  end
39
186
 
187
+ # Violations for an EC2 instance resource.
188
+ #
189
+ # @!attribute [rw] violation_target
190
+ # The resource ID of the EC2 instance.
191
+ # @return [String]
192
+ #
193
+ # @!attribute [rw] aws_ec2_network_interface_violations
194
+ # Violations for network interfaces associated with the EC2 instance.
195
+ # @return [Array<Types::AwsEc2NetworkInterfaceViolation>]
196
+ #
197
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsEc2InstanceViolation AWS API Documentation
198
+ #
199
+ class AwsEc2InstanceViolation < Struct.new(
200
+ :violation_target,
201
+ :aws_ec2_network_interface_violations)
202
+ SENSITIVE = []
203
+ include Aws::Structure
204
+ end
205
+
206
+ # Violations for network interfaces associated with an EC2 instance.
207
+ #
208
+ # @!attribute [rw] violation_target
209
+ # The resource ID of the network interface.
210
+ # @return [String]
211
+ #
212
+ # @!attribute [rw] violating_security_groups
213
+ # List of security groups that violate the rules specified in the
214
+ # master security group of the AWS Firewall Manager policy.
215
+ # @return [Array<String>]
216
+ #
217
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsEc2NetworkInterfaceViolation AWS API Documentation
218
+ #
219
+ class AwsEc2NetworkInterfaceViolation < Struct.new(
220
+ :violation_target,
221
+ :violating_security_groups)
222
+ SENSITIVE = []
223
+ include Aws::Structure
224
+ end
225
+
226
+ # Details of the rule violation in a security group when compared to the
227
+ # master security group of the AWS Firewall Manager policy.
228
+ #
229
+ # @!attribute [rw] violation_target
230
+ # The security group rule that is being evaluated.
231
+ # @return [String]
232
+ #
233
+ # @!attribute [rw] violation_target_description
234
+ # A description of the security group that violates the policy.
235
+ # @return [String]
236
+ #
237
+ # @!attribute [rw] partial_matches
238
+ # List of rules specified in the security group of the AWS Firewall
239
+ # Manager policy that partially match the `ViolationTarget` rule.
240
+ # @return [Array<Types::PartialMatch>]
241
+ #
242
+ # @!attribute [rw] possible_security_group_remediation_actions
243
+ # Remediation options for the rule specified in the `ViolationTarget`.
244
+ # @return [Array<Types::SecurityGroupRemediationAction>]
245
+ #
246
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsVPCSecurityGroupViolation AWS API Documentation
247
+ #
248
+ class AwsVPCSecurityGroupViolation < Struct.new(
249
+ :violation_target,
250
+ :violation_target_description,
251
+ :partial_matches,
252
+ :possible_security_group_remediation_actions)
253
+ SENSITIVE = []
254
+ include Aws::Structure
255
+ end
256
+
40
257
  # Details of the resource that is not protected by the policy.
41
258
  #
42
259
  # @!attribute [rw] resource_id
@@ -68,6 +285,27 @@ module Aws::FMS
68
285
  include Aws::Structure
69
286
  end
70
287
 
288
+ # @note When making an API call, you may pass DeleteAppsListRequest
289
+ # data as a hash:
290
+ #
291
+ # {
292
+ # list_id: "ListId", # required
293
+ # }
294
+ #
295
+ # @!attribute [rw] list_id
296
+ # The ID of the applications list that you want to delete. You can
297
+ # retrieve this ID from `PutAppsList`, `ListAppsLists`, and
298
+ # `GetAppsList`.
299
+ # @return [String]
300
+ #
301
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteAppsListRequest AWS API Documentation
302
+ #
303
+ class DeleteAppsListRequest < Struct.new(
304
+ :list_id)
305
+ SENSITIVE = []
306
+ include Aws::Structure
307
+ end
308
+
71
309
  # @api private
72
310
  #
73
311
  # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteNotificationChannelRequest AWS API Documentation
@@ -83,8 +321,8 @@ module Aws::FMS
83
321
  # }
84
322
  #
85
323
  # @!attribute [rw] policy_id
86
- # The ID of the policy that you want to delete. `PolicyId` is returned
87
- # by `PutPolicy` and by `ListPolicies`.
324
+ # The ID of the policy that you want to delete. You can retrieve this
325
+ # ID from `PutPolicy` and `ListPolicies`.
88
326
  # @return [String]
89
327
  #
90
328
  # @!attribute [rw] delete_all_policy_resources
@@ -128,6 +366,27 @@ module Aws::FMS
128
366
  include Aws::Structure
129
367
  end
130
368
 
369
+ # @note When making an API call, you may pass DeleteProtocolsListRequest
370
+ # data as a hash:
371
+ #
372
+ # {
373
+ # list_id: "ListId", # required
374
+ # }
375
+ #
376
+ # @!attribute [rw] list_id
377
+ # The ID of the protocols list that you want to delete. You can
378
+ # retrieve this ID from `PutProtocolsList`, `ListProtocolsLists`, and
379
+ # `GetProtocolsLost`.
380
+ # @return [String]
381
+ #
382
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteProtocolsListRequest AWS API Documentation
383
+ #
384
+ class DeleteProtocolsListRequest < Struct.new(
385
+ :list_id)
386
+ SENSITIVE = []
387
+ include Aws::Structure
388
+ end
389
+
131
390
  # @api private
132
391
  #
133
392
  # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateAdminAccountRequest AWS API Documentation
@@ -193,6 +452,51 @@ module Aws::FMS
193
452
  include Aws::Structure
194
453
  end
195
454
 
455
+ # @note When making an API call, you may pass GetAppsListRequest
456
+ # data as a hash:
457
+ #
458
+ # {
459
+ # list_id: "ListId", # required
460
+ # default_list: false,
461
+ # }
462
+ #
463
+ # @!attribute [rw] list_id
464
+ # The ID of the AWS Firewall Manager applications list that you want
465
+ # the details for.
466
+ # @return [String]
467
+ #
468
+ # @!attribute [rw] default_list
469
+ # Specifies whether the list to retrieve is a default list owned by
470
+ # AWS Firewall Manager.
471
+ # @return [Boolean]
472
+ #
473
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAppsListRequest AWS API Documentation
474
+ #
475
+ class GetAppsListRequest < Struct.new(
476
+ :list_id,
477
+ :default_list)
478
+ SENSITIVE = []
479
+ include Aws::Structure
480
+ end
481
+
482
+ # @!attribute [rw] apps_list
483
+ # Information about the specified AWS Firewall Manager applications
484
+ # list.
485
+ # @return [Types::AppsListData]
486
+ #
487
+ # @!attribute [rw] apps_list_arn
488
+ # The Amazon Resource Name (ARN) of the applications list.
489
+ # @return [String]
490
+ #
491
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAppsListResponse AWS API Documentation
492
+ #
493
+ class GetAppsListResponse < Struct.new(
494
+ :apps_list,
495
+ :apps_list_arn)
496
+ SENSITIVE = []
497
+ include Aws::Structure
498
+ end
499
+
196
500
  # @note When making an API call, you may pass GetComplianceDetailRequest
197
501
  # data as a hash:
198
502
  #
@@ -410,6 +714,108 @@ module Aws::FMS
410
714
  include Aws::Structure
411
715
  end
412
716
 
717
+ # @note When making an API call, you may pass GetProtocolsListRequest
718
+ # data as a hash:
719
+ #
720
+ # {
721
+ # list_id: "ListId", # required
722
+ # default_list: false,
723
+ # }
724
+ #
725
+ # @!attribute [rw] list_id
726
+ # The ID of the AWS Firewall Manager protocols list that you want the
727
+ # details for.
728
+ # @return [String]
729
+ #
730
+ # @!attribute [rw] default_list
731
+ # Specifies whether the list to retrieve is a default list owned by
732
+ # AWS Firewall Manager.
733
+ # @return [Boolean]
734
+ #
735
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtocolsListRequest AWS API Documentation
736
+ #
737
+ class GetProtocolsListRequest < Struct.new(
738
+ :list_id,
739
+ :default_list)
740
+ SENSITIVE = []
741
+ include Aws::Structure
742
+ end
743
+
744
+ # @!attribute [rw] protocols_list
745
+ # Information about the specified AWS Firewall Manager protocols list.
746
+ # @return [Types::ProtocolsListData]
747
+ #
748
+ # @!attribute [rw] protocols_list_arn
749
+ # The Amazon Resource Name (ARN) of the specified protocols list.
750
+ # @return [String]
751
+ #
752
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtocolsListResponse AWS API Documentation
753
+ #
754
+ class GetProtocolsListResponse < Struct.new(
755
+ :protocols_list,
756
+ :protocols_list_arn)
757
+ SENSITIVE = []
758
+ include Aws::Structure
759
+ end
760
+
761
+ # @note When making an API call, you may pass GetViolationDetailsRequest
762
+ # data as a hash:
763
+ #
764
+ # {
765
+ # policy_id: "PolicyId", # required
766
+ # member_account: "AWSAccountId", # required
767
+ # resource_id: "ResourceId", # required
768
+ # resource_type: "ResourceType", # required
769
+ # }
770
+ #
771
+ # @!attribute [rw] policy_id
772
+ # The ID of the AWS Firewall Manager policy that you want the details
773
+ # for. This currently only supports security group content audit
774
+ # policies.
775
+ # @return [String]
776
+ #
777
+ # @!attribute [rw] member_account
778
+ # The AWS account ID that you want the details for.
779
+ # @return [String]
780
+ #
781
+ # @!attribute [rw] resource_id
782
+ # The ID of the resource that has violations.
783
+ # @return [String]
784
+ #
785
+ # @!attribute [rw] resource_type
786
+ # The resource type. This is in the format shown in the [AWS Resource
787
+ # Types Reference][1]. Supported resource types are:
788
+ # `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`, or
789
+ # `AWS::EC2::SecurityGroup`.
790
+ #
791
+ #
792
+ #
793
+ # [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
794
+ # @return [String]
795
+ #
796
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetViolationDetailsRequest AWS API Documentation
797
+ #
798
+ class GetViolationDetailsRequest < Struct.new(
799
+ :policy_id,
800
+ :member_account,
801
+ :resource_id,
802
+ :resource_type)
803
+ SENSITIVE = []
804
+ include Aws::Structure
805
+ end
806
+
807
+ # @!attribute [rw] violation_detail
808
+ # Violation detail for a resource.
809
+ # @return [Types::ViolationDetail]
810
+ #
811
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetViolationDetailsResponse AWS API Documentation
812
+ #
813
+ class GetViolationDetailsResponse < Struct.new(
814
+ :violation_detail)
815
+ SENSITIVE = []
816
+ include Aws::Structure
817
+ end
818
+
413
819
  # The operation failed because of a system problem, even though the
414
820
  # request was valid. Retry your request.
415
821
  #
@@ -437,10 +843,13 @@ module Aws::FMS
437
843
  include Aws::Structure
438
844
  end
439
845
 
440
- # The operation failed because there was nothing to do. For example, you
441
- # might have submitted an `AssociateAdminAccount` request, but the
442
- # account ID that you submitted was already set as the AWS Firewall
443
- # Manager administrator.
846
+ # The operation failed because there was nothing to do or the operation
847
+ # wasn't possible. For example, you might have submitted an
848
+ # `AssociateAdminAccount` request for an account ID that was already set
849
+ # as the AWS Firewall Manager administrator. Or you might have tried to
850
+ # access a Region that's disabled by default, and that you need to
851
+ # enable for the Firewall Manager administrator account and for AWS
852
+ # Organizations before you can access it.
444
853
  #
445
854
  # @!attribute [rw] message
446
855
  # @return [String]
@@ -486,6 +895,68 @@ module Aws::FMS
486
895
  include Aws::Structure
487
896
  end
488
897
 
898
+ # @note When making an API call, you may pass ListAppsListsRequest
899
+ # data as a hash:
900
+ #
901
+ # {
902
+ # default_lists: false,
903
+ # next_token: "PaginationToken",
904
+ # max_results: 1, # required
905
+ # }
906
+ #
907
+ # @!attribute [rw] default_lists
908
+ # Specifies whether the lists to retrieve are default lists owned by
909
+ # AWS Firewall Manager.
910
+ # @return [Boolean]
911
+ #
912
+ # @!attribute [rw] next_token
913
+ # If you specify a value for `MaxResults` in your list request, and
914
+ # you have more objects than the maximum, AWS Firewall Manager returns
915
+ # this token in the response. For all but the first request, you
916
+ # provide the token returned by the prior request in the request
917
+ # parameters, to retrieve the next batch of objects.
918
+ # @return [String]
919
+ #
920
+ # @!attribute [rw] max_results
921
+ # The maximum number of objects that you want AWS Firewall Manager to
922
+ # return for this request. If more objects are available, in the
923
+ # response, AWS Firewall Manager provides a `NextToken` value that you
924
+ # can use in a subsequent call to get the next batch of objects.
925
+ #
926
+ # If you don't specify this, AWS Firewall Manager returns all
927
+ # available objects.
928
+ # @return [Integer]
929
+ #
930
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAppsListsRequest AWS API Documentation
931
+ #
932
+ class ListAppsListsRequest < Struct.new(
933
+ :default_lists,
934
+ :next_token,
935
+ :max_results)
936
+ SENSITIVE = []
937
+ include Aws::Structure
938
+ end
939
+
940
+ # @!attribute [rw] apps_lists
941
+ # An array of `AppsListDataSummary` objects.
942
+ # @return [Array<Types::AppsListDataSummary>]
943
+ #
944
+ # @!attribute [rw] next_token
945
+ # If you specify a value for `MaxResults` in your list request, and
946
+ # you have more objects than the maximum, AWS Firewall Manager returns
947
+ # this token in the response. You can use this token in subsequent
948
+ # requests to retrieve the next batch of objects.
949
+ # @return [String]
950
+ #
951
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAppsListsResponse AWS API Documentation
952
+ #
953
+ class ListAppsListsResponse < Struct.new(
954
+ :apps_lists,
955
+ :next_token)
956
+ SENSITIVE = []
957
+ include Aws::Structure
958
+ end
959
+
489
960
  # @note When making an API call, you may pass ListComplianceStatusRequest
490
961
  # data as a hash:
491
962
  #
@@ -665,6 +1136,68 @@ module Aws::FMS
665
1136
  include Aws::Structure
666
1137
  end
667
1138
 
1139
+ # @note When making an API call, you may pass ListProtocolsListsRequest
1140
+ # data as a hash:
1141
+ #
1142
+ # {
1143
+ # default_lists: false,
1144
+ # next_token: "PaginationToken",
1145
+ # max_results: 1, # required
1146
+ # }
1147
+ #
1148
+ # @!attribute [rw] default_lists
1149
+ # Specifies whether the lists to retrieve are default lists owned by
1150
+ # AWS Firewall Manager.
1151
+ # @return [Boolean]
1152
+ #
1153
+ # @!attribute [rw] next_token
1154
+ # If you specify a value for `MaxResults` in your list request, and
1155
+ # you have more objects than the maximum, AWS Firewall Manager returns
1156
+ # this token in the response. For all but the first request, you
1157
+ # provide the token returned by the prior request in the request
1158
+ # parameters, to retrieve the next batch of objects.
1159
+ # @return [String]
1160
+ #
1161
+ # @!attribute [rw] max_results
1162
+ # The maximum number of objects that you want AWS Firewall Manager to
1163
+ # return for this request. If more objects are available, in the
1164
+ # response, AWS Firewall Manager provides a `NextToken` value that you
1165
+ # can use in a subsequent call to get the next batch of objects.
1166
+ #
1167
+ # If you don't specify this, AWS Firewall Manager returns all
1168
+ # available objects.
1169
+ # @return [Integer]
1170
+ #
1171
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListProtocolsListsRequest AWS API Documentation
1172
+ #
1173
+ class ListProtocolsListsRequest < Struct.new(
1174
+ :default_lists,
1175
+ :next_token,
1176
+ :max_results)
1177
+ SENSITIVE = []
1178
+ include Aws::Structure
1179
+ end
1180
+
1181
+ # @!attribute [rw] protocols_lists
1182
+ # An array of `ProtocolsListDataSummary` objects.
1183
+ # @return [Array<Types::ProtocolsListDataSummary>]
1184
+ #
1185
+ # @!attribute [rw] next_token
1186
+ # If you specify a value for `MaxResults` in your list request, and
1187
+ # you have more objects than the maximum, AWS Firewall Manager returns
1188
+ # this token in the response. You can use this token in subsequent
1189
+ # requests to retrieve the next batch of objects.
1190
+ # @return [String]
1191
+ #
1192
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListProtocolsListsResponse AWS API Documentation
1193
+ #
1194
+ class ListProtocolsListsResponse < Struct.new(
1195
+ :protocols_lists,
1196
+ :next_token)
1197
+ SENSITIVE = []
1198
+ include Aws::Structure
1199
+ end
1200
+
668
1201
  # @note When making an API call, you may pass ListTagsForResourceRequest
669
1202
  # data as a hash:
670
1203
  #
@@ -674,8 +1207,8 @@ module Aws::FMS
674
1207
  #
675
1208
  # @!attribute [rw] resource_arn
676
1209
  # The Amazon Resource Name (ARN) of the resource to return tags for.
677
- # The Firewall Manager policy is the only AWS resource that supports
678
- # tagging, so this ARN is a policy ARN..
1210
+ # The AWS Firewall Manager resources that support tagging are
1211
+ # policies, applications lists, and protocols lists.
679
1212
  # @return [String]
680
1213
  #
681
1214
  # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListTagsForResourceRequest AWS API Documentation
@@ -698,6 +1231,27 @@ module Aws::FMS
698
1231
  include Aws::Structure
699
1232
  end
700
1233
 
1234
+ # The reference rule that partially matches the `ViolationTarget` rule
1235
+ # and violation reason.
1236
+ #
1237
+ # @!attribute [rw] reference
1238
+ # The reference rule from the master security group of the AWS
1239
+ # Firewall Manager policy.
1240
+ # @return [String]
1241
+ #
1242
+ # @!attribute [rw] target_violation_reasons
1243
+ # The violation reason.
1244
+ # @return [Array<String>]
1245
+ #
1246
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PartialMatch AWS API Documentation
1247
+ #
1248
+ class PartialMatch < Struct.new(
1249
+ :reference,
1250
+ :target_violation_reasons)
1251
+ SENSITIVE = []
1252
+ include Aws::Structure
1253
+ end
1254
+
701
1255
  # An AWS Firewall Manager policy.
702
1256
  #
703
1257
  # @note When making an API call, you may pass Policy
@@ -734,7 +1288,7 @@ module Aws::FMS
734
1288
  # @return [String]
735
1289
  #
736
1290
  # @!attribute [rw] policy_name
737
- # The friendly name of the AWS Firewall Manager policy.
1291
+ # The name of the AWS Firewall Manager policy.
738
1292
  # @return [String]
739
1293
  #
740
1294
  # @!attribute [rw] policy_update_token
@@ -935,7 +1489,7 @@ module Aws::FMS
935
1489
  # @return [String]
936
1490
  #
937
1491
  # @!attribute [rw] policy_name
938
- # The friendly name of the AWS Firewall Manager policy.
1492
+ # The name of the AWS Firewall Manager policy.
939
1493
  # @return [String]
940
1494
  #
941
1495
  # @!attribute [rw] member_account
@@ -982,7 +1536,7 @@ module Aws::FMS
982
1536
  # @return [String]
983
1537
  #
984
1538
  # @!attribute [rw] policy_name
985
- # The friendly name of the specified policy.
1539
+ # The name of the specified policy.
986
1540
  # @return [String]
987
1541
  #
988
1542
  # @!attribute [rw] resource_type
@@ -1027,6 +1581,169 @@ module Aws::FMS
1027
1581
  include Aws::Structure
1028
1582
  end
1029
1583
 
1584
+ # An AWS Firewall Manager protocols list.
1585
+ #
1586
+ # @note When making an API call, you may pass ProtocolsListData
1587
+ # data as a hash:
1588
+ #
1589
+ # {
1590
+ # list_id: "ListId",
1591
+ # list_name: "ResourceName", # required
1592
+ # list_update_token: "UpdateToken",
1593
+ # create_time: Time.now,
1594
+ # last_update_time: Time.now,
1595
+ # protocols_list: ["Protocol"], # required
1596
+ # previous_protocols_list: {
1597
+ # "PreviousListVersion" => ["Protocol"],
1598
+ # },
1599
+ # }
1600
+ #
1601
+ # @!attribute [rw] list_id
1602
+ # The ID of the AWS Firewall Manager protocols list.
1603
+ # @return [String]
1604
+ #
1605
+ # @!attribute [rw] list_name
1606
+ # The name of the AWS Firewall Manager protocols list.
1607
+ # @return [String]
1608
+ #
1609
+ # @!attribute [rw] list_update_token
1610
+ # A unique identifier for each update to the list. When you update the
1611
+ # list, the update token must match the token of the current version
1612
+ # of the application list. You can retrieve the update token by
1613
+ # getting the list.
1614
+ # @return [String]
1615
+ #
1616
+ # @!attribute [rw] create_time
1617
+ # The time that the AWS Firewall Manager protocols list was created.
1618
+ # @return [Time]
1619
+ #
1620
+ # @!attribute [rw] last_update_time
1621
+ # The time that the AWS Firewall Manager protocols list was last
1622
+ # updated.
1623
+ # @return [Time]
1624
+ #
1625
+ # @!attribute [rw] protocols_list
1626
+ # An array of protocols in the AWS Firewall Manager protocols list.
1627
+ # @return [Array<String>]
1628
+ #
1629
+ # @!attribute [rw] previous_protocols_list
1630
+ # A map of previous version numbers to their corresponding protocol
1631
+ # arrays.
1632
+ # @return [Hash<String,Array<String>>]
1633
+ #
1634
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ProtocolsListData AWS API Documentation
1635
+ #
1636
+ class ProtocolsListData < Struct.new(
1637
+ :list_id,
1638
+ :list_name,
1639
+ :list_update_token,
1640
+ :create_time,
1641
+ :last_update_time,
1642
+ :protocols_list,
1643
+ :previous_protocols_list)
1644
+ SENSITIVE = []
1645
+ include Aws::Structure
1646
+ end
1647
+
1648
+ # Details of the AWS Firewall Manager protocols list.
1649
+ #
1650
+ # @!attribute [rw] list_arn
1651
+ # The Amazon Resource Name (ARN) of the specified protocols list.
1652
+ # @return [String]
1653
+ #
1654
+ # @!attribute [rw] list_id
1655
+ # The ID of the specified protocols list.
1656
+ # @return [String]
1657
+ #
1658
+ # @!attribute [rw] list_name
1659
+ # The name of the specified protocols list.
1660
+ # @return [String]
1661
+ #
1662
+ # @!attribute [rw] protocols_list
1663
+ # An array of protocols in the AWS Firewall Manager protocols list.
1664
+ # @return [Array<String>]
1665
+ #
1666
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ProtocolsListDataSummary AWS API Documentation
1667
+ #
1668
+ class ProtocolsListDataSummary < Struct.new(
1669
+ :list_arn,
1670
+ :list_id,
1671
+ :list_name,
1672
+ :protocols_list)
1673
+ SENSITIVE = []
1674
+ include Aws::Structure
1675
+ end
1676
+
1677
+ # @note When making an API call, you may pass PutAppsListRequest
1678
+ # data as a hash:
1679
+ #
1680
+ # {
1681
+ # apps_list: { # required
1682
+ # list_id: "ListId",
1683
+ # list_name: "ResourceName", # required
1684
+ # list_update_token: "UpdateToken",
1685
+ # create_time: Time.now,
1686
+ # last_update_time: Time.now,
1687
+ # apps_list: [ # required
1688
+ # {
1689
+ # app_name: "ResourceName", # required
1690
+ # protocol: "Protocol", # required
1691
+ # port: 1, # required
1692
+ # },
1693
+ # ],
1694
+ # previous_apps_list: {
1695
+ # "PreviousListVersion" => [
1696
+ # {
1697
+ # app_name: "ResourceName", # required
1698
+ # protocol: "Protocol", # required
1699
+ # port: 1, # required
1700
+ # },
1701
+ # ],
1702
+ # },
1703
+ # },
1704
+ # tag_list: [
1705
+ # {
1706
+ # key: "TagKey", # required
1707
+ # value: "TagValue", # required
1708
+ # },
1709
+ # ],
1710
+ # }
1711
+ #
1712
+ # @!attribute [rw] apps_list
1713
+ # The details of the AWS Firewall Manager applications list to be
1714
+ # created.
1715
+ # @return [Types::AppsListData]
1716
+ #
1717
+ # @!attribute [rw] tag_list
1718
+ # The tags associated with the resource.
1719
+ # @return [Array<Types::Tag>]
1720
+ #
1721
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAppsListRequest AWS API Documentation
1722
+ #
1723
+ class PutAppsListRequest < Struct.new(
1724
+ :apps_list,
1725
+ :tag_list)
1726
+ SENSITIVE = []
1727
+ include Aws::Structure
1728
+ end
1729
+
1730
+ # @!attribute [rw] apps_list
1731
+ # The details of the AWS Firewall Manager applications list.
1732
+ # @return [Types::AppsListData]
1733
+ #
1734
+ # @!attribute [rw] apps_list_arn
1735
+ # The Amazon Resource Name (ARN) of the applications list.
1736
+ # @return [String]
1737
+ #
1738
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAppsListResponse AWS API Documentation
1739
+ #
1740
+ class PutAppsListResponse < Struct.new(
1741
+ :apps_list,
1742
+ :apps_list_arn)
1743
+ SENSITIVE = []
1744
+ include Aws::Structure
1745
+ end
1746
+
1030
1747
  # @note When making an API call, you may pass PutNotificationChannelRequest
1031
1748
  # data as a hash:
1032
1749
  #
@@ -1109,11 +1826,11 @@ module Aws::FMS
1109
1826
  end
1110
1827
 
1111
1828
  # @!attribute [rw] policy
1112
- # The details of the AWS Firewall Manager policy that was created.
1829
+ # The details of the AWS Firewall Manager policy.
1113
1830
  # @return [Types::Policy]
1114
1831
  #
1115
1832
  # @!attribute [rw] policy_arn
1116
- # The Amazon Resource Name (ARN) of the policy that was created.
1833
+ # The Amazon Resource Name (ARN) of the policy.
1117
1834
  # @return [String]
1118
1835
  #
1119
1836
  # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutPolicyResponse AWS API Documentation
@@ -1125,6 +1842,64 @@ module Aws::FMS
1125
1842
  include Aws::Structure
1126
1843
  end
1127
1844
 
1845
+ # @note When making an API call, you may pass PutProtocolsListRequest
1846
+ # data as a hash:
1847
+ #
1848
+ # {
1849
+ # protocols_list: { # required
1850
+ # list_id: "ListId",
1851
+ # list_name: "ResourceName", # required
1852
+ # list_update_token: "UpdateToken",
1853
+ # create_time: Time.now,
1854
+ # last_update_time: Time.now,
1855
+ # protocols_list: ["Protocol"], # required
1856
+ # previous_protocols_list: {
1857
+ # "PreviousListVersion" => ["Protocol"],
1858
+ # },
1859
+ # },
1860
+ # tag_list: [
1861
+ # {
1862
+ # key: "TagKey", # required
1863
+ # value: "TagValue", # required
1864
+ # },
1865
+ # ],
1866
+ # }
1867
+ #
1868
+ # @!attribute [rw] protocols_list
1869
+ # The details of the AWS Firewall Manager protocols list to be
1870
+ # created.
1871
+ # @return [Types::ProtocolsListData]
1872
+ #
1873
+ # @!attribute [rw] tag_list
1874
+ # The tags associated with the resource.
1875
+ # @return [Array<Types::Tag>]
1876
+ #
1877
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutProtocolsListRequest AWS API Documentation
1878
+ #
1879
+ class PutProtocolsListRequest < Struct.new(
1880
+ :protocols_list,
1881
+ :tag_list)
1882
+ SENSITIVE = []
1883
+ include Aws::Structure
1884
+ end
1885
+
1886
+ # @!attribute [rw] protocols_list
1887
+ # The details of the AWS Firewall Manager protocols list.
1888
+ # @return [Types::ProtocolsListData]
1889
+ #
1890
+ # @!attribute [rw] protocols_list_arn
1891
+ # The Amazon Resource Name (ARN) of the protocols list.
1892
+ # @return [String]
1893
+ #
1894
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutProtocolsListResponse AWS API Documentation
1895
+ #
1896
+ class PutProtocolsListResponse < Struct.new(
1897
+ :protocols_list,
1898
+ :protocols_list_arn)
1899
+ SENSITIVE = []
1900
+ include Aws::Structure
1901
+ end
1902
+
1128
1903
  # The specified resource was not found.
1129
1904
  #
1130
1905
  # @!attribute [rw] message
@@ -1177,6 +1952,102 @@ module Aws::FMS
1177
1952
  include Aws::Structure
1178
1953
  end
1179
1954
 
1955
+ # Violation detail based on resource type.
1956
+ #
1957
+ # @!attribute [rw] aws_vpc_security_group_violation
1958
+ # Violation details for security groups.
1959
+ # @return [Types::AwsVPCSecurityGroupViolation]
1960
+ #
1961
+ # @!attribute [rw] aws_ec2_network_interface_violation
1962
+ # Violation details for network interface.
1963
+ # @return [Types::AwsEc2NetworkInterfaceViolation]
1964
+ #
1965
+ # @!attribute [rw] aws_ec2_instance_violation
1966
+ # Violation details for an EC2 instance.
1967
+ # @return [Types::AwsEc2InstanceViolation]
1968
+ #
1969
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
1970
+ #
1971
+ class ResourceViolation < Struct.new(
1972
+ :aws_vpc_security_group_violation,
1973
+ :aws_ec2_network_interface_violation,
1974
+ :aws_ec2_instance_violation)
1975
+ SENSITIVE = []
1976
+ include Aws::Structure
1977
+ end
1978
+
1979
+ # Remediation option for the rule specified in the `ViolationTarget`.
1980
+ #
1981
+ # @!attribute [rw] remediation_action_type
1982
+ # The remediation action that will be performed.
1983
+ # @return [String]
1984
+ #
1985
+ # @!attribute [rw] description
1986
+ # Brief description of the action that will be performed.
1987
+ # @return [String]
1988
+ #
1989
+ # @!attribute [rw] remediation_result
1990
+ # The final state of the rule specified in the `ViolationTarget` after
1991
+ # it is remediated.
1992
+ # @return [Types::SecurityGroupRuleDescription]
1993
+ #
1994
+ # @!attribute [rw] is_default_action
1995
+ # Indicates if the current action is the default action.
1996
+ # @return [Boolean]
1997
+ #
1998
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityGroupRemediationAction AWS API Documentation
1999
+ #
2000
+ class SecurityGroupRemediationAction < Struct.new(
2001
+ :remediation_action_type,
2002
+ :description,
2003
+ :remediation_result,
2004
+ :is_default_action)
2005
+ SENSITIVE = []
2006
+ include Aws::Structure
2007
+ end
2008
+
2009
+ # Describes a set of permissions for a security group rule.
2010
+ #
2011
+ # @!attribute [rw] ipv4_range
2012
+ # The IPv4 ranges for the security group rule.
2013
+ # @return [String]
2014
+ #
2015
+ # @!attribute [rw] ipv6_range
2016
+ # The IPv6 ranges for the security group rule.
2017
+ # @return [String]
2018
+ #
2019
+ # @!attribute [rw] prefix_list_id
2020
+ # The ID of the prefix list for the security group rule.
2021
+ # @return [String]
2022
+ #
2023
+ # @!attribute [rw] protocol
2024
+ # The IP protocol name (`tcp`, `udp`, `icmp`, `icmpv6`) or number.
2025
+ # @return [String]
2026
+ #
2027
+ # @!attribute [rw] from_port
2028
+ # The start of the port range for the TCP and UDP protocols, or an
2029
+ # ICMP/ICMPv6 type number. A value of `-1` indicates all ICMP/ICMPv6
2030
+ # types.
2031
+ # @return [Integer]
2032
+ #
2033
+ # @!attribute [rw] to_port
2034
+ # The end of the port range for the TCP and UDP protocols, or an
2035
+ # ICMP/ICMPv6 code. A value of `-1` indicates all ICMP/ICMPv6 codes.
2036
+ # @return [Integer]
2037
+ #
2038
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityGroupRuleDescription AWS API Documentation
2039
+ #
2040
+ class SecurityGroupRuleDescription < Struct.new(
2041
+ :ipv4_range,
2042
+ :ipv6_range,
2043
+ :prefix_list_id,
2044
+ :protocol,
2045
+ :from_port,
2046
+ :to_port)
2047
+ SENSITIVE = []
2048
+ include Aws::Structure
2049
+ end
2050
+
1180
2051
  # Details about the security service that is being used to protect the
1181
2052
  # resources.
1182
2053
  #
@@ -1206,7 +2077,7 @@ module Aws::FMS
1206
2077
  # * Example: `WAFV2`
1207
2078
  #
1208
2079
  # `"ManagedServiceData":
1209
- # "\{"type":"WAFV2","defaultAction":\{"type":"ALLOW"\},"preProcessRuleGroups":[\{"managedRuleGroupIdentifier":null,"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"COUNT"\},"excludedRules":[\{"name":"EntityName"\}],"ruleGroupType":"RuleGroup"\}],"postProcessRuleGroups":[\{"managedRuleGroupIdentifier":\{"managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet","vendor":"AWS"\},"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"NONE"\},"excludedRules":[],"ruleGroupType":"ManagedRuleGroup"\}],"overrideCustomerWebACLAssociation":false\}"`
2080
+ # "\{"type":"WAFV2","defaultAction":\{"type":"ALLOW"\},"preProcessRuleGroups":[\{"managedRuleGroupIdentifier":null,"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"COUNT"\},"excludeRules":[\{"name":"EntityName"\}],"ruleGroupType":"RuleGroup"\}],"postProcessRuleGroups":[\{"managedRuleGroupIdentifier":\{"managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet","vendorName":"AWS"\},"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"NONE"\},"excludeRules":[],"ruleGroupType":"ManagedRuleGroup"\}],"overrideCustomerWebACLAssociation":false\}"`
1210
2081
  #
1211
2082
  # * Example: `WAF Classic`
1212
2083
  #
@@ -1299,9 +2170,9 @@ module Aws::FMS
1299
2170
  # }
1300
2171
  #
1301
2172
  # @!attribute [rw] resource_arn
1302
- # The Amazon Resource Name (ARN) of the resource. The Firewall Manager
1303
- # policy is the only AWS resource that supports tagging, so this ARN
1304
- # is a policy ARN.
2173
+ # The Amazon Resource Name (ARN) of the resource to return tags for.
2174
+ # The AWS Firewall Manager resources that support tagging are
2175
+ # policies, applications lists, and protocols lists.
1305
2176
  # @return [String]
1306
2177
  #
1307
2178
  # @!attribute [rw] tag_list
@@ -1330,9 +2201,9 @@ module Aws::FMS
1330
2201
  # }
1331
2202
  #
1332
2203
  # @!attribute [rw] resource_arn
1333
- # The Amazon Resource Name (ARN) of the resource. The Firewall Manager
1334
- # policy is the only AWS resource that supports tagging, so this ARN
1335
- # is a policy ARN.
2204
+ # The Amazon Resource Name (ARN) of the resource to return tags for.
2205
+ # The AWS Firewall Manager resources that support tagging are
2206
+ # policies, applications lists, and protocols lists.
1336
2207
  # @return [String]
1337
2208
  #
1338
2209
  # @!attribute [rw] tag_keys
@@ -1352,5 +2223,51 @@ module Aws::FMS
1352
2223
  #
1353
2224
  class UntagResourceResponse < Aws::EmptyStructure; end
1354
2225
 
2226
+ # Violations for a resource based on the specified AWS Firewall Manager
2227
+ # policy and AWS account.
2228
+ #
2229
+ # @!attribute [rw] policy_id
2230
+ # The ID of the AWS Firewall Manager policy that the violation details
2231
+ # were requested for.
2232
+ # @return [String]
2233
+ #
2234
+ # @!attribute [rw] member_account
2235
+ # The AWS account that the violation details were requested for.
2236
+ # @return [String]
2237
+ #
2238
+ # @!attribute [rw] resource_id
2239
+ # The resource ID that the violation details were requested for.
2240
+ # @return [String]
2241
+ #
2242
+ # @!attribute [rw] resource_type
2243
+ # The resource type that the violation details were requested for.
2244
+ # @return [String]
2245
+ #
2246
+ # @!attribute [rw] resource_violations
2247
+ # List of violations for the requested resource.
2248
+ # @return [Array<Types::ResourceViolation>]
2249
+ #
2250
+ # @!attribute [rw] resource_tags
2251
+ # The `ResourceTag` objects associated with the resource.
2252
+ # @return [Array<Types::Tag>]
2253
+ #
2254
+ # @!attribute [rw] resource_description
2255
+ # Brief description for the requested resource.
2256
+ # @return [String]
2257
+ #
2258
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ViolationDetail AWS API Documentation
2259
+ #
2260
+ class ViolationDetail < Struct.new(
2261
+ :policy_id,
2262
+ :member_account,
2263
+ :resource_id,
2264
+ :resource_type,
2265
+ :resource_violations,
2266
+ :resource_tags,
2267
+ :resource_description)
2268
+ SENSITIVE = []
2269
+ include Aws::Structure
2270
+ end
2271
+
1355
2272
  end
1356
2273
  end