aws-sdk-fms 1.31.0 → 1.36.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +193 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-fms.rb +2 -2
- data/lib/aws-sdk-fms/client.rb +84 -14
- data/lib/aws-sdk-fms/client_api.rb +93 -1
- data/lib/aws-sdk-fms/errors.rb +1 -1
- data/lib/aws-sdk-fms/resource.rb +1 -1
- data/lib/aws-sdk-fms/types.rb +388 -23
- metadata +10 -7
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -25,6 +25,7 @@ module Aws::FMS
|
|
25
25
|
AwsEc2NetworkInterfaceViolation = Shapes::StructureShape.new(name: 'AwsEc2NetworkInterfaceViolation')
|
26
26
|
AwsEc2NetworkInterfaceViolations = Shapes::ListShape.new(name: 'AwsEc2NetworkInterfaceViolations')
|
27
27
|
AwsVPCSecurityGroupViolation = Shapes::StructureShape.new(name: 'AwsVPCSecurityGroupViolation')
|
28
|
+
BasicInteger = Shapes::IntegerShape.new(name: 'BasicInteger')
|
28
29
|
Boolean = Shapes::BooleanShape.new(name: 'Boolean')
|
29
30
|
CIDR = Shapes::StringShape.new(name: 'CIDR')
|
30
31
|
ComplianceViolator = Shapes::StructureShape.new(name: 'ComplianceViolator')
|
@@ -40,6 +41,11 @@ module Aws::FMS
|
|
40
41
|
DependentServiceName = Shapes::StringShape.new(name: 'DependentServiceName')
|
41
42
|
DetailedInfo = Shapes::StringShape.new(name: 'DetailedInfo')
|
42
43
|
DisassociateAdminAccountRequest = Shapes::StructureShape.new(name: 'DisassociateAdminAccountRequest')
|
44
|
+
DnsDuplicateRuleGroupViolation = Shapes::StructureShape.new(name: 'DnsDuplicateRuleGroupViolation')
|
45
|
+
DnsRuleGroupLimitExceededViolation = Shapes::StructureShape.new(name: 'DnsRuleGroupLimitExceededViolation')
|
46
|
+
DnsRuleGroupPriorities = Shapes::ListShape.new(name: 'DnsRuleGroupPriorities')
|
47
|
+
DnsRuleGroupPriority = Shapes::IntegerShape.new(name: 'DnsRuleGroupPriority')
|
48
|
+
DnsRuleGroupPriorityConflictViolation = Shapes::StructureShape.new(name: 'DnsRuleGroupPriorityConflictViolation')
|
43
49
|
ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
|
44
50
|
EvaluationResult = Shapes::StructureShape.new(name: 'EvaluationResult')
|
45
51
|
EvaluationResults = Shapes::ListShape.new(name: 'EvaluationResults')
|
@@ -82,6 +88,14 @@ module Aws::FMS
|
|
82
88
|
ListTagsForResourceResponse = Shapes::StructureShape.new(name: 'ListTagsForResourceResponse')
|
83
89
|
ManagedServiceData = Shapes::StringShape.new(name: 'ManagedServiceData')
|
84
90
|
MemberAccounts = Shapes::ListShape.new(name: 'MemberAccounts')
|
91
|
+
NetworkFirewallAction = Shapes::StringShape.new(name: 'NetworkFirewallAction')
|
92
|
+
NetworkFirewallActionList = Shapes::ListShape.new(name: 'NetworkFirewallActionList')
|
93
|
+
NetworkFirewallMissingExpectedRTViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingExpectedRTViolation')
|
94
|
+
NetworkFirewallMissingFirewallViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingFirewallViolation')
|
95
|
+
NetworkFirewallMissingSubnetViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingSubnetViolation')
|
96
|
+
NetworkFirewallPolicyDescription = Shapes::StructureShape.new(name: 'NetworkFirewallPolicyDescription')
|
97
|
+
NetworkFirewallPolicyModifiedViolation = Shapes::StructureShape.new(name: 'NetworkFirewallPolicyModifiedViolation')
|
98
|
+
NetworkFirewallResourceName = Shapes::StringShape.new(name: 'NetworkFirewallResourceName')
|
85
99
|
PaginationMaxResults = Shapes::IntegerShape.new(name: 'PaginationMaxResults')
|
86
100
|
PaginationToken = Shapes::StringShape.new(name: 'PaginationToken')
|
87
101
|
PartialMatch = Shapes::StructureShape.new(name: 'PartialMatch')
|
@@ -133,6 +147,11 @@ module Aws::FMS
|
|
133
147
|
SecurityGroupRuleDescription = Shapes::StructureShape.new(name: 'SecurityGroupRuleDescription')
|
134
148
|
SecurityServicePolicyData = Shapes::StructureShape.new(name: 'SecurityServicePolicyData')
|
135
149
|
SecurityServiceType = Shapes::StringShape.new(name: 'SecurityServiceType')
|
150
|
+
StatefulRuleGroup = Shapes::StructureShape.new(name: 'StatefulRuleGroup')
|
151
|
+
StatefulRuleGroupList = Shapes::ListShape.new(name: 'StatefulRuleGroupList')
|
152
|
+
StatelessRuleGroup = Shapes::StructureShape.new(name: 'StatelessRuleGroup')
|
153
|
+
StatelessRuleGroupList = Shapes::ListShape.new(name: 'StatelessRuleGroupList')
|
154
|
+
StatelessRuleGroupPriority = Shapes::IntegerShape.new(name: 'StatelessRuleGroupPriority')
|
136
155
|
Tag = Shapes::StructureShape.new(name: 'Tag')
|
137
156
|
TagKey = Shapes::StringShape.new(name: 'TagKey')
|
138
157
|
TagKeyList = Shapes::ListShape.new(name: 'TagKeyList')
|
@@ -219,6 +238,24 @@ module Aws::FMS
|
|
219
238
|
|
220
239
|
DisassociateAdminAccountRequest.struct_class = Types::DisassociateAdminAccountRequest
|
221
240
|
|
241
|
+
DnsDuplicateRuleGroupViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
|
242
|
+
DnsDuplicateRuleGroupViolation.add_member(:violation_target_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ViolationTargetDescription"))
|
243
|
+
DnsDuplicateRuleGroupViolation.struct_class = Types::DnsDuplicateRuleGroupViolation
|
244
|
+
|
245
|
+
DnsRuleGroupLimitExceededViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
|
246
|
+
DnsRuleGroupLimitExceededViolation.add_member(:violation_target_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ViolationTargetDescription"))
|
247
|
+
DnsRuleGroupLimitExceededViolation.add_member(:number_of_rule_groups_already_associated, Shapes::ShapeRef.new(shape: BasicInteger, location_name: "NumberOfRuleGroupsAlreadyAssociated"))
|
248
|
+
DnsRuleGroupLimitExceededViolation.struct_class = Types::DnsRuleGroupLimitExceededViolation
|
249
|
+
|
250
|
+
DnsRuleGroupPriorities.member = Shapes::ShapeRef.new(shape: DnsRuleGroupPriority)
|
251
|
+
|
252
|
+
DnsRuleGroupPriorityConflictViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
|
253
|
+
DnsRuleGroupPriorityConflictViolation.add_member(:violation_target_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ViolationTargetDescription"))
|
254
|
+
DnsRuleGroupPriorityConflictViolation.add_member(:conflicting_priority, Shapes::ShapeRef.new(shape: DnsRuleGroupPriority, location_name: "ConflictingPriority"))
|
255
|
+
DnsRuleGroupPriorityConflictViolation.add_member(:conflicting_policy_id, Shapes::ShapeRef.new(shape: PolicyId, location_name: "ConflictingPolicyId"))
|
256
|
+
DnsRuleGroupPriorityConflictViolation.add_member(:unavailable_priorities, Shapes::ShapeRef.new(shape: DnsRuleGroupPriorities, location_name: "UnavailablePriorities"))
|
257
|
+
DnsRuleGroupPriorityConflictViolation.struct_class = Types::DnsRuleGroupPriorityConflictViolation
|
258
|
+
|
222
259
|
EvaluationResult.add_member(:compliance_status, Shapes::ShapeRef.new(shape: PolicyComplianceStatusType, location_name: "ComplianceStatus"))
|
223
260
|
EvaluationResult.add_member(:violator_count, Shapes::ShapeRef.new(shape: ResourceCount, location_name: "ViolatorCount"))
|
224
261
|
EvaluationResult.add_member(:evaluation_limit_exceeded, Shapes::ShapeRef.new(shape: Boolean, location_name: "EvaluationLimitExceeded"))
|
@@ -360,6 +397,39 @@ module Aws::FMS
|
|
360
397
|
|
361
398
|
MemberAccounts.member = Shapes::ShapeRef.new(shape: AWSAccountId)
|
362
399
|
|
400
|
+
NetworkFirewallActionList.member = Shapes::ShapeRef.new(shape: NetworkFirewallAction)
|
401
|
+
|
402
|
+
NetworkFirewallMissingExpectedRTViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
|
403
|
+
NetworkFirewallMissingExpectedRTViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
|
404
|
+
NetworkFirewallMissingExpectedRTViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
|
405
|
+
NetworkFirewallMissingExpectedRTViolation.add_member(:current_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "CurrentRouteTable"))
|
406
|
+
NetworkFirewallMissingExpectedRTViolation.add_member(:expected_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ExpectedRouteTable"))
|
407
|
+
NetworkFirewallMissingExpectedRTViolation.struct_class = Types::NetworkFirewallMissingExpectedRTViolation
|
408
|
+
|
409
|
+
NetworkFirewallMissingFirewallViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
|
410
|
+
NetworkFirewallMissingFirewallViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
|
411
|
+
NetworkFirewallMissingFirewallViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
|
412
|
+
NetworkFirewallMissingFirewallViolation.add_member(:target_violation_reason, Shapes::ShapeRef.new(shape: TargetViolationReason, location_name: "TargetViolationReason"))
|
413
|
+
NetworkFirewallMissingFirewallViolation.struct_class = Types::NetworkFirewallMissingFirewallViolation
|
414
|
+
|
415
|
+
NetworkFirewallMissingSubnetViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
|
416
|
+
NetworkFirewallMissingSubnetViolation.add_member(:vpc, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VPC"))
|
417
|
+
NetworkFirewallMissingSubnetViolation.add_member(:availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "AvailabilityZone"))
|
418
|
+
NetworkFirewallMissingSubnetViolation.add_member(:target_violation_reason, Shapes::ShapeRef.new(shape: TargetViolationReason, location_name: "TargetViolationReason"))
|
419
|
+
NetworkFirewallMissingSubnetViolation.struct_class = Types::NetworkFirewallMissingSubnetViolation
|
420
|
+
|
421
|
+
NetworkFirewallPolicyDescription.add_member(:stateless_rule_groups, Shapes::ShapeRef.new(shape: StatelessRuleGroupList, location_name: "StatelessRuleGroups"))
|
422
|
+
NetworkFirewallPolicyDescription.add_member(:stateless_default_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatelessDefaultActions"))
|
423
|
+
NetworkFirewallPolicyDescription.add_member(:stateless_fragment_default_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatelessFragmentDefaultActions"))
|
424
|
+
NetworkFirewallPolicyDescription.add_member(:stateless_custom_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatelessCustomActions"))
|
425
|
+
NetworkFirewallPolicyDescription.add_member(:stateful_rule_groups, Shapes::ShapeRef.new(shape: StatefulRuleGroupList, location_name: "StatefulRuleGroups"))
|
426
|
+
NetworkFirewallPolicyDescription.struct_class = Types::NetworkFirewallPolicyDescription
|
427
|
+
|
428
|
+
NetworkFirewallPolicyModifiedViolation.add_member(:violation_target, Shapes::ShapeRef.new(shape: ViolationTarget, location_name: "ViolationTarget"))
|
429
|
+
NetworkFirewallPolicyModifiedViolation.add_member(:current_policy_description, Shapes::ShapeRef.new(shape: NetworkFirewallPolicyDescription, location_name: "CurrentPolicyDescription"))
|
430
|
+
NetworkFirewallPolicyModifiedViolation.add_member(:expected_policy_description, Shapes::ShapeRef.new(shape: NetworkFirewallPolicyDescription, location_name: "ExpectedPolicyDescription"))
|
431
|
+
NetworkFirewallPolicyModifiedViolation.struct_class = Types::NetworkFirewallPolicyModifiedViolation
|
432
|
+
|
363
433
|
PartialMatch.add_member(:reference, Shapes::ShapeRef.new(shape: ReferenceRule, location_name: "Reference"))
|
364
434
|
PartialMatch.add_member(:target_violation_reasons, Shapes::ShapeRef.new(shape: TargetViolationReasons, location_name: "TargetViolationReasons"))
|
365
435
|
PartialMatch.struct_class = Types::PartialMatch
|
@@ -478,6 +548,13 @@ module Aws::FMS
|
|
478
548
|
ResourceViolation.add_member(:aws_vpc_security_group_violation, Shapes::ShapeRef.new(shape: AwsVPCSecurityGroupViolation, location_name: "AwsVPCSecurityGroupViolation"))
|
479
549
|
ResourceViolation.add_member(:aws_ec2_network_interface_violation, Shapes::ShapeRef.new(shape: AwsEc2NetworkInterfaceViolation, location_name: "AwsEc2NetworkInterfaceViolation"))
|
480
550
|
ResourceViolation.add_member(:aws_ec2_instance_violation, Shapes::ShapeRef.new(shape: AwsEc2InstanceViolation, location_name: "AwsEc2InstanceViolation"))
|
551
|
+
ResourceViolation.add_member(:network_firewall_missing_firewall_violation, Shapes::ShapeRef.new(shape: NetworkFirewallMissingFirewallViolation, location_name: "NetworkFirewallMissingFirewallViolation"))
|
552
|
+
ResourceViolation.add_member(:network_firewall_missing_subnet_violation, Shapes::ShapeRef.new(shape: NetworkFirewallMissingSubnetViolation, location_name: "NetworkFirewallMissingSubnetViolation"))
|
553
|
+
ResourceViolation.add_member(:network_firewall_missing_expected_rt_violation, Shapes::ShapeRef.new(shape: NetworkFirewallMissingExpectedRTViolation, location_name: "NetworkFirewallMissingExpectedRTViolation"))
|
554
|
+
ResourceViolation.add_member(:network_firewall_policy_modified_violation, Shapes::ShapeRef.new(shape: NetworkFirewallPolicyModifiedViolation, location_name: "NetworkFirewallPolicyModifiedViolation"))
|
555
|
+
ResourceViolation.add_member(:dns_rule_group_priority_conflict_violation, Shapes::ShapeRef.new(shape: DnsRuleGroupPriorityConflictViolation, location_name: "DnsRuleGroupPriorityConflictViolation"))
|
556
|
+
ResourceViolation.add_member(:dns_duplicate_rule_group_violation, Shapes::ShapeRef.new(shape: DnsDuplicateRuleGroupViolation, location_name: "DnsDuplicateRuleGroupViolation"))
|
557
|
+
ResourceViolation.add_member(:dns_rule_group_limit_exceeded_violation, Shapes::ShapeRef.new(shape: DnsRuleGroupLimitExceededViolation, location_name: "DnsRuleGroupLimitExceededViolation"))
|
481
558
|
ResourceViolation.struct_class = Types::ResourceViolation
|
482
559
|
|
483
560
|
ResourceViolations.member = Shapes::ShapeRef.new(shape: ResourceViolation)
|
@@ -502,6 +579,19 @@ module Aws::FMS
|
|
502
579
|
SecurityServicePolicyData.add_member(:managed_service_data, Shapes::ShapeRef.new(shape: ManagedServiceData, location_name: "ManagedServiceData"))
|
503
580
|
SecurityServicePolicyData.struct_class = Types::SecurityServicePolicyData
|
504
581
|
|
582
|
+
StatefulRuleGroup.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: NetworkFirewallResourceName, location_name: "RuleGroupName"))
|
583
|
+
StatefulRuleGroup.add_member(:resource_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ResourceId"))
|
584
|
+
StatefulRuleGroup.struct_class = Types::StatefulRuleGroup
|
585
|
+
|
586
|
+
StatefulRuleGroupList.member = Shapes::ShapeRef.new(shape: StatefulRuleGroup)
|
587
|
+
|
588
|
+
StatelessRuleGroup.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: NetworkFirewallResourceName, location_name: "RuleGroupName"))
|
589
|
+
StatelessRuleGroup.add_member(:resource_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ResourceId"))
|
590
|
+
StatelessRuleGroup.add_member(:priority, Shapes::ShapeRef.new(shape: StatelessRuleGroupPriority, location_name: "Priority"))
|
591
|
+
StatelessRuleGroup.struct_class = Types::StatelessRuleGroup
|
592
|
+
|
593
|
+
StatelessRuleGroupList.member = Shapes::ShapeRef.new(shape: StatelessRuleGroup)
|
594
|
+
|
505
595
|
Tag.add_member(:key, Shapes::ShapeRef.new(shape: TagKey, required: true, location_name: "Key"))
|
506
596
|
Tag.add_member(:value, Shapes::ShapeRef.new(shape: TagValue, required: true, location_name: "Value"))
|
507
597
|
Tag.struct_class = Types::Tag
|
@@ -595,6 +685,8 @@ module Aws::FMS
|
|
595
685
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
596
686
|
o.errors << Shapes::ShapeRef.new(shape: InvalidOperationException)
|
597
687
|
o.errors << Shapes::ShapeRef.new(shape: InternalErrorException)
|
688
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidInputException)
|
689
|
+
o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
|
598
690
|
end)
|
599
691
|
|
600
692
|
api.add_operation(:delete_protocols_list, Seahorse::Model::Operation.new.tap do |o|
|
data/lib/aws-sdk-fms/errors.rb
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
data/lib/aws-sdk-fms/resource.rb
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
data/lib/aws-sdk-fms/types.rb
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -267,8 +267,9 @@ module Aws::FMS
|
|
267
267
|
# @!attribute [rw] resource_type
|
268
268
|
# The resource type. This is in the format shown in the [AWS Resource
|
269
269
|
# Types Reference][1]. For example:
|
270
|
-
# `AWS::ElasticLoadBalancingV2::LoadBalancer
|
271
|
-
# `AWS::CloudFront::Distribution
|
270
|
+
# `AWS::ElasticLoadBalancingV2::LoadBalancer`,
|
271
|
+
# `AWS::CloudFront::Distribution`, or
|
272
|
+
# `AWS::NetworkFirewall::FirewallPolicy`.
|
272
273
|
#
|
273
274
|
#
|
274
275
|
#
|
@@ -393,6 +394,96 @@ module Aws::FMS
|
|
393
394
|
#
|
394
395
|
class DisassociateAdminAccountRequest < Aws::EmptyStructure; end
|
395
396
|
|
397
|
+
# A DNS Firewall rule group that Firewall Manager tried to associate
|
398
|
+
# with a VPC is already associated with the VPC and can't be associated
|
399
|
+
# again.
|
400
|
+
#
|
401
|
+
# @!attribute [rw] violation_target
|
402
|
+
# The ID of the VPC.
|
403
|
+
# @return [String]
|
404
|
+
#
|
405
|
+
# @!attribute [rw] violation_target_description
|
406
|
+
# A description of the violation that specifies the rule group and
|
407
|
+
# VPC.
|
408
|
+
# @return [String]
|
409
|
+
#
|
410
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DnsDuplicateRuleGroupViolation AWS API Documentation
|
411
|
+
#
|
412
|
+
class DnsDuplicateRuleGroupViolation < Struct.new(
|
413
|
+
:violation_target,
|
414
|
+
:violation_target_description)
|
415
|
+
SENSITIVE = []
|
416
|
+
include Aws::Structure
|
417
|
+
end
|
418
|
+
|
419
|
+
# The VPC that Firewall Manager was applying a DNS Fireall policy to
|
420
|
+
# reached the limit for associated DNS Firewall rule groups. Firewall
|
421
|
+
# Manager tried to associate another rule group with the VPC and failed
|
422
|
+
# due to the limit.
|
423
|
+
#
|
424
|
+
# @!attribute [rw] violation_target
|
425
|
+
# The ID of the VPC.
|
426
|
+
# @return [String]
|
427
|
+
#
|
428
|
+
# @!attribute [rw] violation_target_description
|
429
|
+
# A description of the violation that specifies the rule group and
|
430
|
+
# VPC.
|
431
|
+
# @return [String]
|
432
|
+
#
|
433
|
+
# @!attribute [rw] number_of_rule_groups_already_associated
|
434
|
+
# The number of rule groups currently associated with the VPC.
|
435
|
+
# @return [Integer]
|
436
|
+
#
|
437
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DnsRuleGroupLimitExceededViolation AWS API Documentation
|
438
|
+
#
|
439
|
+
class DnsRuleGroupLimitExceededViolation < Struct.new(
|
440
|
+
:violation_target,
|
441
|
+
:violation_target_description,
|
442
|
+
:number_of_rule_groups_already_associated)
|
443
|
+
SENSITIVE = []
|
444
|
+
include Aws::Structure
|
445
|
+
end
|
446
|
+
|
447
|
+
# A rule group that Firewall Manager tried to associate with a VPC has
|
448
|
+
# the same priority as a rule group that's already associated.
|
449
|
+
#
|
450
|
+
# @!attribute [rw] violation_target
|
451
|
+
# The ID of the VPC.
|
452
|
+
# @return [String]
|
453
|
+
#
|
454
|
+
# @!attribute [rw] violation_target_description
|
455
|
+
# A description of the violation that specifies the VPC and the rule
|
456
|
+
# group that's already associated with it.
|
457
|
+
# @return [String]
|
458
|
+
#
|
459
|
+
# @!attribute [rw] conflicting_priority
|
460
|
+
# The priority setting of the two conflicting rule groups.
|
461
|
+
# @return [Integer]
|
462
|
+
#
|
463
|
+
# @!attribute [rw] conflicting_policy_id
|
464
|
+
# The ID of the Firewall Manager DNS Firewall policy that was already
|
465
|
+
# applied to the VPC. This policy contains the rule group that's
|
466
|
+
# already associated with the VPC.
|
467
|
+
# @return [String]
|
468
|
+
#
|
469
|
+
# @!attribute [rw] unavailable_priorities
|
470
|
+
# The priorities of rule groups that are already associated with the
|
471
|
+
# VPC. To retry your operation, choose priority settings that aren't
|
472
|
+
# in this list for the rule groups in your new DNS Firewall policy.
|
473
|
+
# @return [Array<Integer>]
|
474
|
+
#
|
475
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DnsRuleGroupPriorityConflictViolation AWS API Documentation
|
476
|
+
#
|
477
|
+
class DnsRuleGroupPriorityConflictViolation < Struct.new(
|
478
|
+
:violation_target,
|
479
|
+
:violation_target_description,
|
480
|
+
:conflicting_priority,
|
481
|
+
:conflicting_policy_id,
|
482
|
+
:unavailable_priorities)
|
483
|
+
SENSITIVE = []
|
484
|
+
include Aws::Structure
|
485
|
+
end
|
486
|
+
|
396
487
|
# Describes the compliance status for the account. An account is
|
397
488
|
# considered noncompliant if it includes resources that are not
|
398
489
|
# protected by the specified policy or that don't comply with the
|
@@ -785,8 +876,9 @@ module Aws::FMS
|
|
785
876
|
# @!attribute [rw] resource_type
|
786
877
|
# The resource type. This is in the format shown in the [AWS Resource
|
787
878
|
# Types Reference][1]. Supported resource types are:
|
788
|
-
# `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`,
|
789
|
-
# `AWS::EC2::SecurityGroup
|
879
|
+
# `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`,
|
880
|
+
# `AWS::EC2::SecurityGroup`, `AWS::NetworkFirewall::FirewallPolicy`,
|
881
|
+
# and `AWS::EC2::Subnet`.
|
790
882
|
#
|
791
883
|
#
|
792
884
|
#
|
@@ -1231,6 +1323,173 @@ module Aws::FMS
|
|
1231
1323
|
include Aws::Structure
|
1232
1324
|
end
|
1233
1325
|
|
1326
|
+
# Violation details for AWS Network Firewall for a subnet that's not
|
1327
|
+
# associated to the expected Firewall Manager managed route table.
|
1328
|
+
#
|
1329
|
+
# @!attribute [rw] violation_target
|
1330
|
+
# The ID of the AWS Network Firewall or VPC resource that's in
|
1331
|
+
# violation.
|
1332
|
+
# @return [String]
|
1333
|
+
#
|
1334
|
+
# @!attribute [rw] vpc
|
1335
|
+
# The resource ID of the VPC associated with a violating subnet.
|
1336
|
+
# @return [String]
|
1337
|
+
#
|
1338
|
+
# @!attribute [rw] availability_zone
|
1339
|
+
# The Availability Zone of a violating subnet.
|
1340
|
+
# @return [String]
|
1341
|
+
#
|
1342
|
+
# @!attribute [rw] current_route_table
|
1343
|
+
# The resource ID of the current route table that's associated with
|
1344
|
+
# the subnet, if one is available.
|
1345
|
+
# @return [String]
|
1346
|
+
#
|
1347
|
+
# @!attribute [rw] expected_route_table
|
1348
|
+
# The resource ID of the route table that should be associated with
|
1349
|
+
# the subnet.
|
1350
|
+
# @return [String]
|
1351
|
+
#
|
1352
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingExpectedRTViolation AWS API Documentation
|
1353
|
+
#
|
1354
|
+
class NetworkFirewallMissingExpectedRTViolation < Struct.new(
|
1355
|
+
:violation_target,
|
1356
|
+
:vpc,
|
1357
|
+
:availability_zone,
|
1358
|
+
:current_route_table,
|
1359
|
+
:expected_route_table)
|
1360
|
+
SENSITIVE = []
|
1361
|
+
include Aws::Structure
|
1362
|
+
end
|
1363
|
+
|
1364
|
+
# Violation details for AWS Network Firewall for a subnet that doesn't
|
1365
|
+
# have a Firewall Manager managed firewall in its VPC.
|
1366
|
+
#
|
1367
|
+
# @!attribute [rw] violation_target
|
1368
|
+
# The ID of the AWS Network Firewall or VPC resource that's in
|
1369
|
+
# violation.
|
1370
|
+
# @return [String]
|
1371
|
+
#
|
1372
|
+
# @!attribute [rw] vpc
|
1373
|
+
# The resource ID of the VPC associated with a violating subnet.
|
1374
|
+
# @return [String]
|
1375
|
+
#
|
1376
|
+
# @!attribute [rw] availability_zone
|
1377
|
+
# The Availability Zone of a violating subnet.
|
1378
|
+
# @return [String]
|
1379
|
+
#
|
1380
|
+
# @!attribute [rw] target_violation_reason
|
1381
|
+
# The reason the resource has this violation, if one is available.
|
1382
|
+
# @return [String]
|
1383
|
+
#
|
1384
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingFirewallViolation AWS API Documentation
|
1385
|
+
#
|
1386
|
+
class NetworkFirewallMissingFirewallViolation < Struct.new(
|
1387
|
+
:violation_target,
|
1388
|
+
:vpc,
|
1389
|
+
:availability_zone,
|
1390
|
+
:target_violation_reason)
|
1391
|
+
SENSITIVE = []
|
1392
|
+
include Aws::Structure
|
1393
|
+
end
|
1394
|
+
|
1395
|
+
# Violation details for AWS Network Firewall for an Availability Zone
|
1396
|
+
# that's missing the expected Firewall Manager managed subnet.
|
1397
|
+
#
|
1398
|
+
# @!attribute [rw] violation_target
|
1399
|
+
# The ID of the AWS Network Firewall or VPC resource that's in
|
1400
|
+
# violation.
|
1401
|
+
# @return [String]
|
1402
|
+
#
|
1403
|
+
# @!attribute [rw] vpc
|
1404
|
+
# The resource ID of the VPC associated with a violating subnet.
|
1405
|
+
# @return [String]
|
1406
|
+
#
|
1407
|
+
# @!attribute [rw] availability_zone
|
1408
|
+
# The Availability Zone of a violating subnet.
|
1409
|
+
# @return [String]
|
1410
|
+
#
|
1411
|
+
# @!attribute [rw] target_violation_reason
|
1412
|
+
# The reason the resource has this violation, if one is available.
|
1413
|
+
# @return [String]
|
1414
|
+
#
|
1415
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingSubnetViolation AWS API Documentation
|
1416
|
+
#
|
1417
|
+
class NetworkFirewallMissingSubnetViolation < Struct.new(
|
1418
|
+
:violation_target,
|
1419
|
+
:vpc,
|
1420
|
+
:availability_zone,
|
1421
|
+
:target_violation_reason)
|
1422
|
+
SENSITIVE = []
|
1423
|
+
include Aws::Structure
|
1424
|
+
end
|
1425
|
+
|
1426
|
+
# The definition of the AWS Network Firewall firewall policy.
|
1427
|
+
#
|
1428
|
+
# @!attribute [rw] stateless_rule_groups
|
1429
|
+
# The stateless rule groups that are used in the Network Firewall
|
1430
|
+
# firewall policy.
|
1431
|
+
# @return [Array<Types::StatelessRuleGroup>]
|
1432
|
+
#
|
1433
|
+
# @!attribute [rw] stateless_default_actions
|
1434
|
+
# The actions to take on packets that don't match any of the
|
1435
|
+
# stateless rule groups.
|
1436
|
+
# @return [Array<String>]
|
1437
|
+
#
|
1438
|
+
# @!attribute [rw] stateless_fragment_default_actions
|
1439
|
+
# The actions to take on packet fragments that don't match any of the
|
1440
|
+
# stateless rule groups.
|
1441
|
+
# @return [Array<String>]
|
1442
|
+
#
|
1443
|
+
# @!attribute [rw] stateless_custom_actions
|
1444
|
+
# Names of custom actions that are available for use in the stateless
|
1445
|
+
# default actions settings.
|
1446
|
+
# @return [Array<String>]
|
1447
|
+
#
|
1448
|
+
# @!attribute [rw] stateful_rule_groups
|
1449
|
+
# The stateful rule groups that are used in the Network Firewall
|
1450
|
+
# firewall policy.
|
1451
|
+
# @return [Array<Types::StatefulRuleGroup>]
|
1452
|
+
#
|
1453
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallPolicyDescription AWS API Documentation
|
1454
|
+
#
|
1455
|
+
class NetworkFirewallPolicyDescription < Struct.new(
|
1456
|
+
:stateless_rule_groups,
|
1457
|
+
:stateless_default_actions,
|
1458
|
+
:stateless_fragment_default_actions,
|
1459
|
+
:stateless_custom_actions,
|
1460
|
+
:stateful_rule_groups)
|
1461
|
+
SENSITIVE = []
|
1462
|
+
include Aws::Structure
|
1463
|
+
end
|
1464
|
+
|
1465
|
+
# Violation details for AWS Network Firewall for a firewall policy that
|
1466
|
+
# has a different NetworkFirewallPolicyDescription than is required by
|
1467
|
+
# the Firewall Manager policy.
|
1468
|
+
#
|
1469
|
+
# @!attribute [rw] violation_target
|
1470
|
+
# The ID of the AWS Network Firewall or VPC resource that's in
|
1471
|
+
# violation.
|
1472
|
+
# @return [String]
|
1473
|
+
#
|
1474
|
+
# @!attribute [rw] current_policy_description
|
1475
|
+
# The policy that's currently in use in the individual account.
|
1476
|
+
# @return [Types::NetworkFirewallPolicyDescription]
|
1477
|
+
#
|
1478
|
+
# @!attribute [rw] expected_policy_description
|
1479
|
+
# The policy that should be in use in the individual account in order
|
1480
|
+
# to be compliant.
|
1481
|
+
# @return [Types::NetworkFirewallPolicyDescription]
|
1482
|
+
#
|
1483
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallPolicyModifiedViolation AWS API Documentation
|
1484
|
+
#
|
1485
|
+
class NetworkFirewallPolicyModifiedViolation < Struct.new(
|
1486
|
+
:violation_target,
|
1487
|
+
:current_policy_description,
|
1488
|
+
:expected_policy_description)
|
1489
|
+
SENSITIVE = []
|
1490
|
+
include Aws::Structure
|
1491
|
+
end
|
1492
|
+
|
1234
1493
|
# The reference rule that partially matches the `ViolationTarget` rule
|
1235
1494
|
# and violation reason.
|
1236
1495
|
#
|
@@ -1262,7 +1521,7 @@ module Aws::FMS
|
|
1262
1521
|
# policy_name: "ResourceName", # required
|
1263
1522
|
# policy_update_token: "PolicyUpdateToken",
|
1264
1523
|
# security_service_policy_data: { # required
|
1265
|
-
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
|
1524
|
+
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
|
1266
1525
|
# managed_service_data: "ManagedServiceData",
|
1267
1526
|
# },
|
1268
1527
|
# resource_type: "ResourceType", # required
|
@@ -1315,7 +1574,8 @@ module Aws::FMS
|
|
1315
1574
|
# valid values are `AWS::EC2::SecurityGroup`,
|
1316
1575
|
# `AWS::EC2::NetworkInterface`, and `AWS::EC2::Instance`. For a
|
1317
1576
|
# security group usage audit policy, the value is
|
1318
|
-
# `AWS::EC2::SecurityGroup`.
|
1577
|
+
# `AWS::EC2::SecurityGroup`. For an AWS Network Firewall policy, the
|
1578
|
+
# value is `AWS::EC2::VPC`.
|
1319
1579
|
#
|
1320
1580
|
#
|
1321
1581
|
#
|
@@ -1550,7 +1810,8 @@ module Aws::FMS
|
|
1550
1810
|
# valid values are `AWS::EC2::SecurityGroup`,
|
1551
1811
|
# `AWS::EC2::NetworkInterface`, and `AWS::EC2::Instance`. For a
|
1552
1812
|
# security group usage audit policy, the value is
|
1553
|
-
# `AWS::EC2::SecurityGroup`.
|
1813
|
+
# `AWS::EC2::SecurityGroup`. For an AWS Network Firewall policy, the
|
1814
|
+
# value is `AWS::EC2::VPC`.
|
1554
1815
|
#
|
1555
1816
|
#
|
1556
1817
|
#
|
@@ -1780,7 +2041,7 @@ module Aws::FMS
|
|
1780
2041
|
# policy_name: "ResourceName", # required
|
1781
2042
|
# policy_update_token: "PolicyUpdateToken",
|
1782
2043
|
# security_service_policy_data: { # required
|
1783
|
-
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
|
2044
|
+
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
|
1784
2045
|
# managed_service_data: "ManagedServiceData",
|
1785
2046
|
# },
|
1786
2047
|
# resource_type: "ResourceType", # required
|
@@ -1966,12 +2227,63 @@ module Aws::FMS
|
|
1966
2227
|
# Violation details for an EC2 instance.
|
1967
2228
|
# @return [Types::AwsEc2InstanceViolation]
|
1968
2229
|
#
|
2230
|
+
# @!attribute [rw] network_firewall_missing_firewall_violation
|
2231
|
+
# Violation detail for an Network Firewall policy that indicates that
|
2232
|
+
# a subnet has no Firewall Manager managed firewall in its VPC.
|
2233
|
+
# @return [Types::NetworkFirewallMissingFirewallViolation]
|
2234
|
+
#
|
2235
|
+
# @!attribute [rw] network_firewall_missing_subnet_violation
|
2236
|
+
# Violation detail for an Network Firewall policy that indicates that
|
2237
|
+
# an Availability Zone is missing the expected Firewall Manager
|
2238
|
+
# managed subnet.
|
2239
|
+
# @return [Types::NetworkFirewallMissingSubnetViolation]
|
2240
|
+
#
|
2241
|
+
# @!attribute [rw] network_firewall_missing_expected_rt_violation
|
2242
|
+
# Violation detail for an Network Firewall policy that indicates that
|
2243
|
+
# a subnet is not associated with the expected Firewall Manager
|
2244
|
+
# managed route table.
|
2245
|
+
# @return [Types::NetworkFirewallMissingExpectedRTViolation]
|
2246
|
+
#
|
2247
|
+
# @!attribute [rw] network_firewall_policy_modified_violation
|
2248
|
+
# Violation detail for an Network Firewall policy that indicates that
|
2249
|
+
# a firewall policy in an individual account has been modified in a
|
2250
|
+
# way that makes it noncompliant. For example, the individual account
|
2251
|
+
# owner might have deleted a rule group, changed the priority of a
|
2252
|
+
# stateless rule group, or changed a policy default action.
|
2253
|
+
# @return [Types::NetworkFirewallPolicyModifiedViolation]
|
2254
|
+
#
|
2255
|
+
# @!attribute [rw] dns_rule_group_priority_conflict_violation
|
2256
|
+
# Violation detail for a DNS Firewall policy that indicates that a
|
2257
|
+
# rule group that Firewall Manager tried to associate with a VPC has
|
2258
|
+
# the same priority as a rule group that's already associated.
|
2259
|
+
# @return [Types::DnsRuleGroupPriorityConflictViolation]
|
2260
|
+
#
|
2261
|
+
# @!attribute [rw] dns_duplicate_rule_group_violation
|
2262
|
+
# Violation detail for a DNS Firewall policy that indicates that a
|
2263
|
+
# rule group that Firewall Manager tried to associate with a VPC is
|
2264
|
+
# already associated with the VPC and can't be associated again.
|
2265
|
+
# @return [Types::DnsDuplicateRuleGroupViolation]
|
2266
|
+
#
|
2267
|
+
# @!attribute [rw] dns_rule_group_limit_exceeded_violation
|
2268
|
+
# Violation details for a DNS Firewall policy that indicates that the
|
2269
|
+
# VPC reached the limit for associated DNS Firewall rule groups.
|
2270
|
+
# Firewall Manager tried to associate another rule group with the VPC
|
2271
|
+
# and failed.
|
2272
|
+
# @return [Types::DnsRuleGroupLimitExceededViolation]
|
2273
|
+
#
|
1969
2274
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
|
1970
2275
|
#
|
1971
2276
|
class ResourceViolation < Struct.new(
|
1972
2277
|
:aws_vpc_security_group_violation,
|
1973
2278
|
:aws_ec2_network_interface_violation,
|
1974
|
-
:aws_ec2_instance_violation
|
2279
|
+
:aws_ec2_instance_violation,
|
2280
|
+
:network_firewall_missing_firewall_violation,
|
2281
|
+
:network_firewall_missing_subnet_violation,
|
2282
|
+
:network_firewall_missing_expected_rt_violation,
|
2283
|
+
:network_firewall_policy_modified_violation,
|
2284
|
+
:dns_rule_group_priority_conflict_violation,
|
2285
|
+
:dns_duplicate_rule_group_violation,
|
2286
|
+
:dns_rule_group_limit_exceeded_violation)
|
1975
2287
|
SENSITIVE = []
|
1976
2288
|
include Aws::Structure
|
1977
2289
|
end
|
@@ -2055,7 +2367,7 @@ module Aws::FMS
|
|
2055
2367
|
# data as a hash:
|
2056
2368
|
#
|
2057
2369
|
# {
|
2058
|
-
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
|
2370
|
+
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
|
2059
2371
|
# managed_service_data: "ManagedServiceData",
|
2060
2372
|
# }
|
2061
2373
|
#
|
@@ -2074,29 +2386,36 @@ module Aws::FMS
|
|
2074
2386
|
# JSON format. For service type `SHIELD_ADVANCED`, this is an empty
|
2075
2387
|
# string.
|
2076
2388
|
#
|
2389
|
+
# * Example: `NETWORK_FIREWALL`
|
2390
|
+
#
|
2391
|
+
# `"\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2","priority":10\}],"networkFirewallStatelessDefaultActions":["aws:pass","custom1"],"networkFirewallStatelessFragmentDefaultActions":["custom2","aws:pass"],"networkFirewallStatelessCustomActions":[\{"actionName":"custom1","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"dimension1"\}]\}\}\},\{"actionName":"custom2","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"dimension2"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1"\}],"networkFirewallOrchestrationConfig":\{"singleFirewallEndpointPerVPC":true,"allowedIPV4CidrList":["10.24.34.0/28"]\}
|
2392
|
+
# \}"`
|
2393
|
+
#
|
2077
2394
|
# * Example: `WAFV2`
|
2078
2395
|
#
|
2079
|
-
# `"
|
2080
|
-
#
|
2396
|
+
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAmazonIpReputationList"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
|
2397
|
+
#
|
2398
|
+
# In the `loggingConfiguration`, you can specify one
|
2399
|
+
# `logDestinationConfigs`, you can optionally provide up to 20
|
2400
|
+
# `redactedFields`, and the `RedactedFieldType` must be one of
|
2401
|
+
# `URI`, `QUERY_STRING`, `HEADER`, or `METHOD`.
|
2081
2402
|
#
|
2082
2403
|
# * Example: `WAF Classic`
|
2083
2404
|
#
|
2084
|
-
# `"
|
2085
|
-
# [\{"id":
|
2405
|
+
# `"\{"type": "WAF", "ruleGroups":
|
2406
|
+
# [\{"id":"12345678-1bcd-9012-efga-0987654321ab",
|
2086
2407
|
# "overrideAction" : \{"type": "COUNT"\}\}],
|
2087
|
-
# "defaultAction": \{"type": "BLOCK"\}\}`
|
2408
|
+
# "defaultAction": \{"type": "BLOCK"\}\}"`
|
2088
2409
|
#
|
2089
2410
|
# * Example: `SECURITY_GROUPS_COMMON`
|
2090
2411
|
#
|
2091
|
-
# `"
|
2412
|
+
# `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
|
2092
2413
|
# "applyToAllEC2InstanceENIs":false,"securityGroups":[\{"id":"
|
2093
|
-
# sg-000e55995d61a06bd"\}]\}"
|
2414
|
+
# sg-000e55995d61a06bd"\}]\}"`
|
2094
2415
|
#
|
2095
2416
|
# * Example: `SECURITY_GROUPS_CONTENT_AUDIT`
|
2096
2417
|
#
|
2097
|
-
# `"
|
2098
|
-
# sg-000e55995d61a06bd
|
2099
|
-
# "\}],"securityGroupAction":\{"type":"ALLOW"\}\}"\},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"\}`
|
2418
|
+
# `"\{"type":"SECURITY_GROUPS_CONTENT_AUDIT","securityGroups":[\{"id":"sg-000e55995d61a06bd"\}],"securityGroupAction":\{"type":"ALLOW"\}\}"`
|
2100
2419
|
#
|
2101
2420
|
# The security group action for content audit can be `ALLOW` or
|
2102
2421
|
# `DENY`. For `ALLOW`, all in-scope security group rules must be
|
@@ -2107,8 +2426,7 @@ module Aws::FMS
|
|
2107
2426
|
#
|
2108
2427
|
# * Example: `SECURITY_GROUPS_USAGE_AUDIT`
|
2109
2428
|
#
|
2110
|
-
# `"
|
2111
|
-
# rceType":"AWS::EC2::SecurityGroup"\}`
|
2429
|
+
# `"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true\}"`
|
2112
2430
|
# @return [String]
|
2113
2431
|
#
|
2114
2432
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityServicePolicyData AWS API Documentation
|
@@ -2120,6 +2438,53 @@ module Aws::FMS
|
|
2120
2438
|
include Aws::Structure
|
2121
2439
|
end
|
2122
2440
|
|
2441
|
+
# AWS Network Firewall stateful rule group, used in a
|
2442
|
+
# NetworkFirewallPolicyDescription.
|
2443
|
+
#
|
2444
|
+
# @!attribute [rw] rule_group_name
|
2445
|
+
# The name of the rule group.
|
2446
|
+
# @return [String]
|
2447
|
+
#
|
2448
|
+
# @!attribute [rw] resource_id
|
2449
|
+
# The resource ID of the rule group.
|
2450
|
+
# @return [String]
|
2451
|
+
#
|
2452
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatefulRuleGroup AWS API Documentation
|
2453
|
+
#
|
2454
|
+
class StatefulRuleGroup < Struct.new(
|
2455
|
+
:rule_group_name,
|
2456
|
+
:resource_id)
|
2457
|
+
SENSITIVE = []
|
2458
|
+
include Aws::Structure
|
2459
|
+
end
|
2460
|
+
|
2461
|
+
# AWS Network Firewall stateless rule group, used in a
|
2462
|
+
# NetworkFirewallPolicyDescription.
|
2463
|
+
#
|
2464
|
+
# @!attribute [rw] rule_group_name
|
2465
|
+
# The name of the rule group.
|
2466
|
+
# @return [String]
|
2467
|
+
#
|
2468
|
+
# @!attribute [rw] resource_id
|
2469
|
+
# The resource ID of the rule group.
|
2470
|
+
# @return [String]
|
2471
|
+
#
|
2472
|
+
# @!attribute [rw] priority
|
2473
|
+
# The priority of the rule group. AWS Network Firewall evaluates the
|
2474
|
+
# stateless rule groups in a firewall policy starting from the lowest
|
2475
|
+
# priority setting.
|
2476
|
+
# @return [Integer]
|
2477
|
+
#
|
2478
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatelessRuleGroup AWS API Documentation
|
2479
|
+
#
|
2480
|
+
class StatelessRuleGroup < Struct.new(
|
2481
|
+
:rule_group_name,
|
2482
|
+
:resource_id,
|
2483
|
+
:priority)
|
2484
|
+
SENSITIVE = []
|
2485
|
+
include Aws::Structure
|
2486
|
+
end
|
2487
|
+
|
2123
2488
|
# A collection of key:value pairs associated with an AWS resource. The
|
2124
2489
|
# key:value pair can be anything you define. Typically, the tag key
|
2125
2490
|
# represents a category (such as "environment") and the tag value
|