aws-sdk-fms 1.32.0 → 1.37.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +198 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-fms.rb +2 -2
- data/lib/aws-sdk-fms/client.rb +380 -128
- data/lib/aws-sdk-fms/client_api.rb +294 -1
- data/lib/aws-sdk-fms/errors.rb +1 -1
- data/lib/aws-sdk-fms/resource.rb +1 -1
- data/lib/aws-sdk-fms/types.rb +1391 -247
- metadata +11 -9
data/lib/aws-sdk-fms/errors.rb
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
data/lib/aws-sdk-fms/resource.rb
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
data/lib/aws-sdk-fms/types.rb
CHANGED
|
@@ -3,14 +3,33 @@
|
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
|
4
4
|
#
|
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
|
10
10
|
module Aws::FMS
|
|
11
11
|
module Types
|
|
12
12
|
|
|
13
|
-
#
|
|
13
|
+
# Describes a remediation action target.
|
|
14
|
+
#
|
|
15
|
+
# @!attribute [rw] resource_id
|
|
16
|
+
# The ID of the remediation target.
|
|
17
|
+
# @return [String]
|
|
18
|
+
#
|
|
19
|
+
# @!attribute [rw] description
|
|
20
|
+
# A description of the remediation action target.
|
|
21
|
+
# @return [String]
|
|
22
|
+
#
|
|
23
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ActionTarget AWS API Documentation
|
|
24
|
+
#
|
|
25
|
+
class ActionTarget < Struct.new(
|
|
26
|
+
:resource_id,
|
|
27
|
+
:description)
|
|
28
|
+
SENSITIVE = []
|
|
29
|
+
include Aws::Structure
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
# An individual Firewall Manager application.
|
|
14
33
|
#
|
|
15
34
|
# @note When making an API call, you may pass App
|
|
16
35
|
# data as a hash:
|
|
@@ -49,7 +68,7 @@ module Aws::FMS
|
|
|
49
68
|
include Aws::Structure
|
|
50
69
|
end
|
|
51
70
|
|
|
52
|
-
# An
|
|
71
|
+
# An Firewall Manager applications list.
|
|
53
72
|
#
|
|
54
73
|
# @note When making an API call, you may pass AppsListData
|
|
55
74
|
# data as a hash:
|
|
@@ -79,11 +98,11 @@ module Aws::FMS
|
|
|
79
98
|
# }
|
|
80
99
|
#
|
|
81
100
|
# @!attribute [rw] list_id
|
|
82
|
-
# The ID of the
|
|
101
|
+
# The ID of the Firewall Manager applications list.
|
|
83
102
|
# @return [String]
|
|
84
103
|
#
|
|
85
104
|
# @!attribute [rw] list_name
|
|
86
|
-
# The name of the
|
|
105
|
+
# The name of the Firewall Manager applications list.
|
|
87
106
|
# @return [String]
|
|
88
107
|
#
|
|
89
108
|
# @!attribute [rw] list_update_token
|
|
@@ -94,18 +113,16 @@ module Aws::FMS
|
|
|
94
113
|
# @return [String]
|
|
95
114
|
#
|
|
96
115
|
# @!attribute [rw] create_time
|
|
97
|
-
# The time that the
|
|
98
|
-
# created.
|
|
116
|
+
# The time that the Firewall Manager applications list was created.
|
|
99
117
|
# @return [Time]
|
|
100
118
|
#
|
|
101
119
|
# @!attribute [rw] last_update_time
|
|
102
|
-
# The time that the
|
|
120
|
+
# The time that the Firewall Manager applications list was last
|
|
103
121
|
# updated.
|
|
104
122
|
# @return [Time]
|
|
105
123
|
#
|
|
106
124
|
# @!attribute [rw] apps_list
|
|
107
|
-
# An array of applications in the
|
|
108
|
-
# list.
|
|
125
|
+
# An array of applications in the Firewall Manager applications list.
|
|
109
126
|
# @return [Array<Types::App>]
|
|
110
127
|
#
|
|
111
128
|
# @!attribute [rw] previous_apps_list
|
|
@@ -127,7 +144,7 @@ module Aws::FMS
|
|
|
127
144
|
include Aws::Structure
|
|
128
145
|
end
|
|
129
146
|
|
|
130
|
-
# Details of the
|
|
147
|
+
# Details of the Firewall Manager applications list.
|
|
131
148
|
#
|
|
132
149
|
# @!attribute [rw] list_arn
|
|
133
150
|
# The Amazon Resource Name (ARN) of the applications list.
|
|
@@ -142,8 +159,7 @@ module Aws::FMS
|
|
|
142
159
|
# @return [String]
|
|
143
160
|
#
|
|
144
161
|
# @!attribute [rw] apps_list
|
|
145
|
-
# An array of `App` objects in the
|
|
146
|
-
# list.
|
|
162
|
+
# An array of `App` objects in the Firewall Manager applications list.
|
|
147
163
|
# @return [Array<Types::App>]
|
|
148
164
|
#
|
|
149
165
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AppsListDataSummary AWS API Documentation
|
|
@@ -165,11 +181,11 @@ module Aws::FMS
|
|
|
165
181
|
# }
|
|
166
182
|
#
|
|
167
183
|
# @!attribute [rw] admin_account
|
|
168
|
-
# The
|
|
169
|
-
# Firewall Manager administrator account. This
|
|
170
|
-
# Organizations
|
|
171
|
-
#
|
|
172
|
-
#
|
|
184
|
+
# The Amazon Web Services account ID to associate with Firewall
|
|
185
|
+
# Manager as the Firewall Manager administrator account. This must be
|
|
186
|
+
# an Organizations member account. For more information about
|
|
187
|
+
# Organizations, see [Managing the Amazon Web Services Accounts in
|
|
188
|
+
# Your Organization][1].
|
|
173
189
|
#
|
|
174
190
|
#
|
|
175
191
|
#
|
|
@@ -184,14 +200,15 @@ module Aws::FMS
|
|
|
184
200
|
include Aws::Structure
|
|
185
201
|
end
|
|
186
202
|
|
|
187
|
-
#
|
|
203
|
+
# Violation detail for an EC2 instance resource.
|
|
188
204
|
#
|
|
189
205
|
# @!attribute [rw] violation_target
|
|
190
206
|
# The resource ID of the EC2 instance.
|
|
191
207
|
# @return [String]
|
|
192
208
|
#
|
|
193
209
|
# @!attribute [rw] aws_ec2_network_interface_violations
|
|
194
|
-
#
|
|
210
|
+
# Violation detail for network interfaces associated with the EC2
|
|
211
|
+
# instance.
|
|
195
212
|
# @return [Array<Types::AwsEc2NetworkInterfaceViolation>]
|
|
196
213
|
#
|
|
197
214
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsEc2InstanceViolation AWS API Documentation
|
|
@@ -203,7 +220,8 @@ module Aws::FMS
|
|
|
203
220
|
include Aws::Structure
|
|
204
221
|
end
|
|
205
222
|
|
|
206
|
-
#
|
|
223
|
+
# Violation detail for network interfaces associated with an EC2
|
|
224
|
+
# instance.
|
|
207
225
|
#
|
|
208
226
|
# @!attribute [rw] violation_target
|
|
209
227
|
# The resource ID of the network interface.
|
|
@@ -211,7 +229,7 @@ module Aws::FMS
|
|
|
211
229
|
#
|
|
212
230
|
# @!attribute [rw] violating_security_groups
|
|
213
231
|
# List of security groups that violate the rules specified in the
|
|
214
|
-
#
|
|
232
|
+
# primary security group of the Firewall Manager policy.
|
|
215
233
|
# @return [Array<String>]
|
|
216
234
|
#
|
|
217
235
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AwsEc2NetworkInterfaceViolation AWS API Documentation
|
|
@@ -223,8 +241,8 @@ module Aws::FMS
|
|
|
223
241
|
include Aws::Structure
|
|
224
242
|
end
|
|
225
243
|
|
|
226
|
-
#
|
|
227
|
-
#
|
|
244
|
+
# Violation detail for the rule violation in a security group when
|
|
245
|
+
# compared to the primary security group of the Firewall Manager policy.
|
|
228
246
|
#
|
|
229
247
|
# @!attribute [rw] violation_target
|
|
230
248
|
# The security group rule that is being evaluated.
|
|
@@ -235,7 +253,7 @@ module Aws::FMS
|
|
|
235
253
|
# @return [String]
|
|
236
254
|
#
|
|
237
255
|
# @!attribute [rw] partial_matches
|
|
238
|
-
# List of rules specified in the security group of the
|
|
256
|
+
# List of rules specified in the security group of the Firewall
|
|
239
257
|
# Manager policy that partially match the `ViolationTarget` rule.
|
|
240
258
|
# @return [Array<Types::PartialMatch>]
|
|
241
259
|
#
|
|
@@ -265,10 +283,11 @@ module Aws::FMS
|
|
|
265
283
|
# @return [String]
|
|
266
284
|
#
|
|
267
285
|
# @!attribute [rw] resource_type
|
|
268
|
-
# The resource type. This is in the format shown in the [
|
|
269
|
-
# Types Reference][1]. For example:
|
|
270
|
-
# `AWS::ElasticLoadBalancingV2::LoadBalancer
|
|
271
|
-
# `AWS::CloudFront::Distribution
|
|
286
|
+
# The resource type. This is in the format shown in the [Amazon Web
|
|
287
|
+
# Services Resource Types Reference][1]. For example:
|
|
288
|
+
# `AWS::ElasticLoadBalancingV2::LoadBalancer`,
|
|
289
|
+
# `AWS::CloudFront::Distribution`, or
|
|
290
|
+
# `AWS::NetworkFirewall::FirewallPolicy`.
|
|
272
291
|
#
|
|
273
292
|
#
|
|
274
293
|
#
|
|
@@ -329,10 +348,10 @@ module Aws::FMS
|
|
|
329
348
|
# If `True`, the request performs cleanup according to the policy
|
|
330
349
|
# type.
|
|
331
350
|
#
|
|
332
|
-
# For
|
|
351
|
+
# For WAF and Shield Advanced policies, the cleanup does the
|
|
333
352
|
# following:
|
|
334
353
|
#
|
|
335
|
-
# * Deletes rule groups created by
|
|
354
|
+
# * Deletes rule groups created by Firewall Manager
|
|
336
355
|
#
|
|
337
356
|
# * Removes web ACLs from in-scope resources
|
|
338
357
|
#
|
|
@@ -393,19 +412,344 @@ module Aws::FMS
|
|
|
393
412
|
#
|
|
394
413
|
class DisassociateAdminAccountRequest < Aws::EmptyStructure; end
|
|
395
414
|
|
|
415
|
+
# A DNS Firewall rule group that Firewall Manager tried to associate
|
|
416
|
+
# with a VPC is already associated with the VPC and can't be associated
|
|
417
|
+
# again.
|
|
418
|
+
#
|
|
419
|
+
# @!attribute [rw] violation_target
|
|
420
|
+
# Information about the VPC ID.
|
|
421
|
+
# @return [String]
|
|
422
|
+
#
|
|
423
|
+
# @!attribute [rw] violation_target_description
|
|
424
|
+
# A description of the violation that specifies the rule group and
|
|
425
|
+
# VPC.
|
|
426
|
+
# @return [String]
|
|
427
|
+
#
|
|
428
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DnsDuplicateRuleGroupViolation AWS API Documentation
|
|
429
|
+
#
|
|
430
|
+
class DnsDuplicateRuleGroupViolation < Struct.new(
|
|
431
|
+
:violation_target,
|
|
432
|
+
:violation_target_description)
|
|
433
|
+
SENSITIVE = []
|
|
434
|
+
include Aws::Structure
|
|
435
|
+
end
|
|
436
|
+
|
|
437
|
+
# The VPC that Firewall Manager was applying a DNS Fireall policy to
|
|
438
|
+
# reached the limit for associated DNS Firewall rule groups. Firewall
|
|
439
|
+
# Manager tried to associate another rule group with the VPC and failed
|
|
440
|
+
# due to the limit.
|
|
441
|
+
#
|
|
442
|
+
# @!attribute [rw] violation_target
|
|
443
|
+
# Information about the VPC ID.
|
|
444
|
+
# @return [String]
|
|
445
|
+
#
|
|
446
|
+
# @!attribute [rw] violation_target_description
|
|
447
|
+
# A description of the violation that specifies the rule group and
|
|
448
|
+
# VPC.
|
|
449
|
+
# @return [String]
|
|
450
|
+
#
|
|
451
|
+
# @!attribute [rw] number_of_rule_groups_already_associated
|
|
452
|
+
# The number of rule groups currently associated with the VPC.
|
|
453
|
+
# @return [Integer]
|
|
454
|
+
#
|
|
455
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DnsRuleGroupLimitExceededViolation AWS API Documentation
|
|
456
|
+
#
|
|
457
|
+
class DnsRuleGroupLimitExceededViolation < Struct.new(
|
|
458
|
+
:violation_target,
|
|
459
|
+
:violation_target_description,
|
|
460
|
+
:number_of_rule_groups_already_associated)
|
|
461
|
+
SENSITIVE = []
|
|
462
|
+
include Aws::Structure
|
|
463
|
+
end
|
|
464
|
+
|
|
465
|
+
# A rule group that Firewall Manager tried to associate with a VPC has
|
|
466
|
+
# the same priority as a rule group that's already associated.
|
|
467
|
+
#
|
|
468
|
+
# @!attribute [rw] violation_target
|
|
469
|
+
# Information about the VPC ID.
|
|
470
|
+
# @return [String]
|
|
471
|
+
#
|
|
472
|
+
# @!attribute [rw] violation_target_description
|
|
473
|
+
# A description of the violation that specifies the VPC and the rule
|
|
474
|
+
# group that's already associated with it.
|
|
475
|
+
# @return [String]
|
|
476
|
+
#
|
|
477
|
+
# @!attribute [rw] conflicting_priority
|
|
478
|
+
# The priority setting of the two conflicting rule groups.
|
|
479
|
+
# @return [Integer]
|
|
480
|
+
#
|
|
481
|
+
# @!attribute [rw] conflicting_policy_id
|
|
482
|
+
# The ID of the Firewall Manager DNS Firewall policy that was already
|
|
483
|
+
# applied to the VPC. This policy contains the rule group that's
|
|
484
|
+
# already associated with the VPC.
|
|
485
|
+
# @return [String]
|
|
486
|
+
#
|
|
487
|
+
# @!attribute [rw] unavailable_priorities
|
|
488
|
+
# The priorities of rule groups that are already associated with the
|
|
489
|
+
# VPC. To retry your operation, choose priority settings that aren't
|
|
490
|
+
# in this list for the rule groups in your new DNS Firewall policy.
|
|
491
|
+
# @return [Array<Integer>]
|
|
492
|
+
#
|
|
493
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DnsRuleGroupPriorityConflictViolation AWS API Documentation
|
|
494
|
+
#
|
|
495
|
+
class DnsRuleGroupPriorityConflictViolation < Struct.new(
|
|
496
|
+
:violation_target,
|
|
497
|
+
:violation_target_description,
|
|
498
|
+
:conflicting_priority,
|
|
499
|
+
:conflicting_policy_id,
|
|
500
|
+
:unavailable_priorities)
|
|
501
|
+
SENSITIVE = []
|
|
502
|
+
include Aws::Structure
|
|
503
|
+
end
|
|
504
|
+
|
|
505
|
+
# The action of associating an EC2 resource, such as a subnet or
|
|
506
|
+
# internet gateway, with a route table.
|
|
507
|
+
#
|
|
508
|
+
# @!attribute [rw] description
|
|
509
|
+
# A description of the EC2 route table that is associated with the
|
|
510
|
+
# remediation action.
|
|
511
|
+
# @return [String]
|
|
512
|
+
#
|
|
513
|
+
# @!attribute [rw] route_table_id
|
|
514
|
+
# The ID of the EC2 route table that is associated with the
|
|
515
|
+
# remediation action.
|
|
516
|
+
# @return [Types::ActionTarget]
|
|
517
|
+
#
|
|
518
|
+
# @!attribute [rw] subnet_id
|
|
519
|
+
# The ID of the subnet for the EC2 route table that is associated with
|
|
520
|
+
# the remediation action.
|
|
521
|
+
# @return [Types::ActionTarget]
|
|
522
|
+
#
|
|
523
|
+
# @!attribute [rw] gateway_id
|
|
524
|
+
# The ID of the gateway to be used with the EC2 route table that is
|
|
525
|
+
# associated with the remediation action.
|
|
526
|
+
# @return [Types::ActionTarget]
|
|
527
|
+
#
|
|
528
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2AssociateRouteTableAction AWS API Documentation
|
|
529
|
+
#
|
|
530
|
+
class EC2AssociateRouteTableAction < Struct.new(
|
|
531
|
+
:description,
|
|
532
|
+
:route_table_id,
|
|
533
|
+
:subnet_id,
|
|
534
|
+
:gateway_id)
|
|
535
|
+
SENSITIVE = []
|
|
536
|
+
include Aws::Structure
|
|
537
|
+
end
|
|
538
|
+
|
|
539
|
+
# An action that copies the EC2 route table for use in remediation.
|
|
540
|
+
#
|
|
541
|
+
# @!attribute [rw] description
|
|
542
|
+
# A description of the copied EC2 route table that is associated with
|
|
543
|
+
# the remediation action.
|
|
544
|
+
# @return [String]
|
|
545
|
+
#
|
|
546
|
+
# @!attribute [rw] vpc_id
|
|
547
|
+
# The VPC ID of the copied EC2 route table that is associated with the
|
|
548
|
+
# remediation action.
|
|
549
|
+
# @return [Types::ActionTarget]
|
|
550
|
+
#
|
|
551
|
+
# @!attribute [rw] route_table_id
|
|
552
|
+
# The ID of the copied EC2 route table that is associated with the
|
|
553
|
+
# remediation action.
|
|
554
|
+
# @return [Types::ActionTarget]
|
|
555
|
+
#
|
|
556
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2CopyRouteTableAction AWS API Documentation
|
|
557
|
+
#
|
|
558
|
+
class EC2CopyRouteTableAction < Struct.new(
|
|
559
|
+
:description,
|
|
560
|
+
:vpc_id,
|
|
561
|
+
:route_table_id)
|
|
562
|
+
SENSITIVE = []
|
|
563
|
+
include Aws::Structure
|
|
564
|
+
end
|
|
565
|
+
|
|
566
|
+
# Information about the CreateRoute action in Amazon EC2.
|
|
567
|
+
#
|
|
568
|
+
# @!attribute [rw] description
|
|
569
|
+
# A description of CreateRoute action in Amazon EC2.
|
|
570
|
+
# @return [String]
|
|
571
|
+
#
|
|
572
|
+
# @!attribute [rw] destination_cidr_block
|
|
573
|
+
# Information about the IPv4 CIDR address block used for the
|
|
574
|
+
# destination match.
|
|
575
|
+
# @return [String]
|
|
576
|
+
#
|
|
577
|
+
# @!attribute [rw] destination_prefix_list_id
|
|
578
|
+
# Information about the ID of a prefix list used for the destination
|
|
579
|
+
# match.
|
|
580
|
+
# @return [String]
|
|
581
|
+
#
|
|
582
|
+
# @!attribute [rw] destination_ipv_6_cidr_block
|
|
583
|
+
# Information about the IPv6 CIDR block destination.
|
|
584
|
+
# @return [String]
|
|
585
|
+
#
|
|
586
|
+
# @!attribute [rw] vpc_endpoint_id
|
|
587
|
+
# Information about the ID of a VPC endpoint. Supported for Gateway
|
|
588
|
+
# Load Balancer endpoints only.
|
|
589
|
+
# @return [Types::ActionTarget]
|
|
590
|
+
#
|
|
591
|
+
# @!attribute [rw] gateway_id
|
|
592
|
+
# Information about the ID of an internet gateway or virtual private
|
|
593
|
+
# gateway attached to your VPC.
|
|
594
|
+
# @return [Types::ActionTarget]
|
|
595
|
+
#
|
|
596
|
+
# @!attribute [rw] route_table_id
|
|
597
|
+
# Information about the ID of the route table for the route.
|
|
598
|
+
# @return [Types::ActionTarget]
|
|
599
|
+
#
|
|
600
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2CreateRouteAction AWS API Documentation
|
|
601
|
+
#
|
|
602
|
+
class EC2CreateRouteAction < Struct.new(
|
|
603
|
+
:description,
|
|
604
|
+
:destination_cidr_block,
|
|
605
|
+
:destination_prefix_list_id,
|
|
606
|
+
:destination_ipv_6_cidr_block,
|
|
607
|
+
:vpc_endpoint_id,
|
|
608
|
+
:gateway_id,
|
|
609
|
+
:route_table_id)
|
|
610
|
+
SENSITIVE = []
|
|
611
|
+
include Aws::Structure
|
|
612
|
+
end
|
|
613
|
+
|
|
614
|
+
# Information about the CreateRouteTable action in Amazon EC2.
|
|
615
|
+
#
|
|
616
|
+
# @!attribute [rw] description
|
|
617
|
+
# A description of the CreateRouteTable action.
|
|
618
|
+
# @return [String]
|
|
619
|
+
#
|
|
620
|
+
# @!attribute [rw] vpc_id
|
|
621
|
+
# Information about the ID of a VPC.
|
|
622
|
+
# @return [Types::ActionTarget]
|
|
623
|
+
#
|
|
624
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2CreateRouteTableAction AWS API Documentation
|
|
625
|
+
#
|
|
626
|
+
class EC2CreateRouteTableAction < Struct.new(
|
|
627
|
+
:description,
|
|
628
|
+
:vpc_id)
|
|
629
|
+
SENSITIVE = []
|
|
630
|
+
include Aws::Structure
|
|
631
|
+
end
|
|
632
|
+
|
|
633
|
+
# Information about the DeleteRoute action in Amazon EC2.
|
|
634
|
+
#
|
|
635
|
+
# @!attribute [rw] description
|
|
636
|
+
# A description of the DeleteRoute action.
|
|
637
|
+
# @return [String]
|
|
638
|
+
#
|
|
639
|
+
# @!attribute [rw] destination_cidr_block
|
|
640
|
+
# Information about the IPv4 CIDR range for the route. The value you
|
|
641
|
+
# specify must match the CIDR for the route exactly.
|
|
642
|
+
# @return [String]
|
|
643
|
+
#
|
|
644
|
+
# @!attribute [rw] destination_prefix_list_id
|
|
645
|
+
# Information about the ID of the prefix list for the route.
|
|
646
|
+
# @return [String]
|
|
647
|
+
#
|
|
648
|
+
# @!attribute [rw] destination_ipv_6_cidr_block
|
|
649
|
+
# Information about the IPv6 CIDR range for the route. The value you
|
|
650
|
+
# specify must match the CIDR for the route exactly.
|
|
651
|
+
# @return [String]
|
|
652
|
+
#
|
|
653
|
+
# @!attribute [rw] route_table_id
|
|
654
|
+
# Information about the ID of the route table.
|
|
655
|
+
# @return [Types::ActionTarget]
|
|
656
|
+
#
|
|
657
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2DeleteRouteAction AWS API Documentation
|
|
658
|
+
#
|
|
659
|
+
class EC2DeleteRouteAction < Struct.new(
|
|
660
|
+
:description,
|
|
661
|
+
:destination_cidr_block,
|
|
662
|
+
:destination_prefix_list_id,
|
|
663
|
+
:destination_ipv_6_cidr_block,
|
|
664
|
+
:route_table_id)
|
|
665
|
+
SENSITIVE = []
|
|
666
|
+
include Aws::Structure
|
|
667
|
+
end
|
|
668
|
+
|
|
669
|
+
# Information about the ReplaceRoute action in Amazon EC2.
|
|
670
|
+
#
|
|
671
|
+
# @!attribute [rw] description
|
|
672
|
+
# A description of the ReplaceRoute action in Amazon EC2.
|
|
673
|
+
# @return [String]
|
|
674
|
+
#
|
|
675
|
+
# @!attribute [rw] destination_cidr_block
|
|
676
|
+
# Information about the IPv4 CIDR address block used for the
|
|
677
|
+
# destination match. The value that you provide must match the CIDR of
|
|
678
|
+
# an existing route in the table.
|
|
679
|
+
# @return [String]
|
|
680
|
+
#
|
|
681
|
+
# @!attribute [rw] destination_prefix_list_id
|
|
682
|
+
# Information about the ID of the prefix list for the route.
|
|
683
|
+
# @return [String]
|
|
684
|
+
#
|
|
685
|
+
# @!attribute [rw] destination_ipv_6_cidr_block
|
|
686
|
+
# Information about the IPv6 CIDR address block used for the
|
|
687
|
+
# destination match. The value that you provide must match the CIDR of
|
|
688
|
+
# an existing route in the table.
|
|
689
|
+
# @return [String]
|
|
690
|
+
#
|
|
691
|
+
# @!attribute [rw] gateway_id
|
|
692
|
+
# Information about the ID of an internet gateway or virtual private
|
|
693
|
+
# gateway.
|
|
694
|
+
# @return [Types::ActionTarget]
|
|
695
|
+
#
|
|
696
|
+
# @!attribute [rw] route_table_id
|
|
697
|
+
# Information about the ID of the route table.
|
|
698
|
+
# @return [Types::ActionTarget]
|
|
699
|
+
#
|
|
700
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2ReplaceRouteAction AWS API Documentation
|
|
701
|
+
#
|
|
702
|
+
class EC2ReplaceRouteAction < Struct.new(
|
|
703
|
+
:description,
|
|
704
|
+
:destination_cidr_block,
|
|
705
|
+
:destination_prefix_list_id,
|
|
706
|
+
:destination_ipv_6_cidr_block,
|
|
707
|
+
:gateway_id,
|
|
708
|
+
:route_table_id)
|
|
709
|
+
SENSITIVE = []
|
|
710
|
+
include Aws::Structure
|
|
711
|
+
end
|
|
712
|
+
|
|
713
|
+
# Information about the ReplaceRouteTableAssociation action in Amazon
|
|
714
|
+
# EC2.
|
|
715
|
+
#
|
|
716
|
+
# @!attribute [rw] description
|
|
717
|
+
# A description of the ReplaceRouteTableAssociation action in Amazon
|
|
718
|
+
# EC2.
|
|
719
|
+
# @return [String]
|
|
720
|
+
#
|
|
721
|
+
# @!attribute [rw] association_id
|
|
722
|
+
# Information about the association ID.
|
|
723
|
+
# @return [Types::ActionTarget]
|
|
724
|
+
#
|
|
725
|
+
# @!attribute [rw] route_table_id
|
|
726
|
+
# Information about the ID of the new route table to associate with
|
|
727
|
+
# the subnet.
|
|
728
|
+
# @return [Types::ActionTarget]
|
|
729
|
+
#
|
|
730
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EC2ReplaceRouteTableAssociationAction AWS API Documentation
|
|
731
|
+
#
|
|
732
|
+
class EC2ReplaceRouteTableAssociationAction < Struct.new(
|
|
733
|
+
:description,
|
|
734
|
+
:association_id,
|
|
735
|
+
:route_table_id)
|
|
736
|
+
SENSITIVE = []
|
|
737
|
+
include Aws::Structure
|
|
738
|
+
end
|
|
739
|
+
|
|
396
740
|
# Describes the compliance status for the account. An account is
|
|
397
741
|
# considered noncompliant if it includes resources that are not
|
|
398
742
|
# protected by the specified policy or that don't comply with the
|
|
399
743
|
# policy.
|
|
400
744
|
#
|
|
401
745
|
# @!attribute [rw] compliance_status
|
|
402
|
-
# Describes an
|
|
403
|
-
# policy.
|
|
746
|
+
# Describes an Amazon Web Services account's compliance with the
|
|
747
|
+
# Firewall Manager policy.
|
|
404
748
|
# @return [String]
|
|
405
749
|
#
|
|
406
750
|
# @!attribute [rw] violator_count
|
|
407
751
|
# The number of resources that are noncompliant with the specified
|
|
408
|
-
# policy. For
|
|
752
|
+
# policy. For WAF and Shield Advanced policies, a resource is
|
|
409
753
|
# considered noncompliant if it is not associated with the policy. For
|
|
410
754
|
# security group policies, a resource is considered noncompliant if it
|
|
411
755
|
# doesn't comply with the rules of the policy and remediation is
|
|
@@ -413,8 +757,8 @@ module Aws::FMS
|
|
|
413
757
|
# @return [Integer]
|
|
414
758
|
#
|
|
415
759
|
# @!attribute [rw] evaluation_limit_exceeded
|
|
416
|
-
# Indicates that over 100 resources are noncompliant with the
|
|
417
|
-
#
|
|
760
|
+
# Indicates that over 100 resources are noncompliant with the Firewall
|
|
761
|
+
# Manager policy.
|
|
418
762
|
# @return [Boolean]
|
|
419
763
|
#
|
|
420
764
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/EvaluationResult AWS API Documentation
|
|
@@ -427,6 +771,45 @@ module Aws::FMS
|
|
|
427
771
|
include Aws::Structure
|
|
428
772
|
end
|
|
429
773
|
|
|
774
|
+
# Information about the expected route in the route table.
|
|
775
|
+
#
|
|
776
|
+
# @!attribute [rw] ip_v4_cidr
|
|
777
|
+
# Information about the IPv4 CIDR block.
|
|
778
|
+
# @return [String]
|
|
779
|
+
#
|
|
780
|
+
# @!attribute [rw] prefix_list_id
|
|
781
|
+
# Information about the ID of the prefix list for the route.
|
|
782
|
+
# @return [String]
|
|
783
|
+
#
|
|
784
|
+
# @!attribute [rw] ip_v6_cidr
|
|
785
|
+
# Information about the IPv6 CIDR block.
|
|
786
|
+
# @return [String]
|
|
787
|
+
#
|
|
788
|
+
# @!attribute [rw] contributing_subnets
|
|
789
|
+
# Information about the contributing subnets.
|
|
790
|
+
# @return [Array<String>]
|
|
791
|
+
#
|
|
792
|
+
# @!attribute [rw] allowed_targets
|
|
793
|
+
# Information about the allowed targets.
|
|
794
|
+
# @return [Array<String>]
|
|
795
|
+
#
|
|
796
|
+
# @!attribute [rw] route_table_id
|
|
797
|
+
# Information about the route table ID.
|
|
798
|
+
# @return [String]
|
|
799
|
+
#
|
|
800
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ExpectedRoute AWS API Documentation
|
|
801
|
+
#
|
|
802
|
+
class ExpectedRoute < Struct.new(
|
|
803
|
+
:ip_v4_cidr,
|
|
804
|
+
:prefix_list_id,
|
|
805
|
+
:ip_v6_cidr,
|
|
806
|
+
:contributing_subnets,
|
|
807
|
+
:allowed_targets,
|
|
808
|
+
:route_table_id)
|
|
809
|
+
SENSITIVE = []
|
|
810
|
+
include Aws::Structure
|
|
811
|
+
end
|
|
812
|
+
|
|
430
813
|
# @api private
|
|
431
814
|
#
|
|
432
815
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminAccountRequest AWS API Documentation
|
|
@@ -434,13 +817,13 @@ module Aws::FMS
|
|
|
434
817
|
class GetAdminAccountRequest < Aws::EmptyStructure; end
|
|
435
818
|
|
|
436
819
|
# @!attribute [rw] admin_account
|
|
437
|
-
# The
|
|
820
|
+
# The Amazon Web Services account that is set as the Firewall Manager
|
|
438
821
|
# administrator.
|
|
439
822
|
# @return [String]
|
|
440
823
|
#
|
|
441
824
|
# @!attribute [rw] role_status
|
|
442
|
-
# The status of the
|
|
443
|
-
# Manager administrator.
|
|
825
|
+
# The status of the Amazon Web Services account that you set as the
|
|
826
|
+
# Firewall Manager administrator.
|
|
444
827
|
# @return [String]
|
|
445
828
|
#
|
|
446
829
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminAccountResponse AWS API Documentation
|
|
@@ -461,13 +844,13 @@ module Aws::FMS
|
|
|
461
844
|
# }
|
|
462
845
|
#
|
|
463
846
|
# @!attribute [rw] list_id
|
|
464
|
-
# The ID of the
|
|
465
|
-
#
|
|
847
|
+
# The ID of the Firewall Manager applications list that you want the
|
|
848
|
+
# details for.
|
|
466
849
|
# @return [String]
|
|
467
850
|
#
|
|
468
851
|
# @!attribute [rw] default_list
|
|
469
852
|
# Specifies whether the list to retrieve is a default list owned by
|
|
470
|
-
#
|
|
853
|
+
# Firewall Manager.
|
|
471
854
|
# @return [Boolean]
|
|
472
855
|
#
|
|
473
856
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAppsListRequest AWS API Documentation
|
|
@@ -480,8 +863,7 @@ module Aws::FMS
|
|
|
480
863
|
end
|
|
481
864
|
|
|
482
865
|
# @!attribute [rw] apps_list
|
|
483
|
-
# Information about the specified
|
|
484
|
-
# list.
|
|
866
|
+
# Information about the specified Firewall Manager applications list.
|
|
485
867
|
# @return [Types::AppsListData]
|
|
486
868
|
#
|
|
487
869
|
# @!attribute [rw] apps_list_arn
|
|
@@ -511,8 +893,8 @@ module Aws::FMS
|
|
|
511
893
|
# @return [String]
|
|
512
894
|
#
|
|
513
895
|
# @!attribute [rw] member_account
|
|
514
|
-
# The
|
|
515
|
-
# details for.
|
|
896
|
+
# The Amazon Web Services account that owns the resources that you
|
|
897
|
+
# want to get the details for.
|
|
516
898
|
# @return [String]
|
|
517
899
|
#
|
|
518
900
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetComplianceDetailRequest AWS API Documentation
|
|
@@ -544,12 +926,12 @@ module Aws::FMS
|
|
|
544
926
|
class GetNotificationChannelRequest < Aws::EmptyStructure; end
|
|
545
927
|
|
|
546
928
|
# @!attribute [rw] sns_topic_arn
|
|
547
|
-
# The SNS topic that records
|
|
929
|
+
# The SNS topic that records Firewall Manager activity.
|
|
548
930
|
# @return [String]
|
|
549
931
|
#
|
|
550
932
|
# @!attribute [rw] sns_role_name
|
|
551
|
-
# The IAM role that is used by
|
|
552
|
-
#
|
|
933
|
+
# The IAM role that is used by Firewall Manager to record activity to
|
|
934
|
+
# SNS.
|
|
553
935
|
# @return [String]
|
|
554
936
|
#
|
|
555
937
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetNotificationChannelResponse AWS API Documentation
|
|
@@ -569,8 +951,7 @@ module Aws::FMS
|
|
|
569
951
|
# }
|
|
570
952
|
#
|
|
571
953
|
# @!attribute [rw] policy_id
|
|
572
|
-
# The ID of the
|
|
573
|
-
# for.
|
|
954
|
+
# The ID of the Firewall Manager policy that you want the details for.
|
|
574
955
|
# @return [String]
|
|
575
956
|
#
|
|
576
957
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetPolicyRequest AWS API Documentation
|
|
@@ -582,7 +963,7 @@ module Aws::FMS
|
|
|
582
963
|
end
|
|
583
964
|
|
|
584
965
|
# @!attribute [rw] policy
|
|
585
|
-
# Information about the specified
|
|
966
|
+
# Information about the specified Firewall Manager policy.
|
|
586
967
|
# @return [Types::Policy]
|
|
587
968
|
#
|
|
588
969
|
# @!attribute [rw] policy_arn
|
|
@@ -616,37 +997,37 @@ module Aws::FMS
|
|
|
616
997
|
# @return [String]
|
|
617
998
|
#
|
|
618
999
|
# @!attribute [rw] member_account_id
|
|
619
|
-
# The
|
|
620
|
-
# the details for.
|
|
1000
|
+
# The Amazon Web Services account that is in scope of the policy that
|
|
1001
|
+
# you want to get the details for.
|
|
621
1002
|
# @return [String]
|
|
622
1003
|
#
|
|
623
1004
|
# @!attribute [rw] start_time
|
|
624
1005
|
# The start of the time period to query for the attacks. This is a
|
|
625
1006
|
# `timestamp` type. The request syntax listing indicates a `number`
|
|
626
|
-
# type because the default used by
|
|
627
|
-
#
|
|
1007
|
+
# type because the default used by Firewall Manager is Unix time in
|
|
1008
|
+
# seconds. However, any valid `timestamp` format is allowed.
|
|
628
1009
|
# @return [Time]
|
|
629
1010
|
#
|
|
630
1011
|
# @!attribute [rw] end_time
|
|
631
1012
|
# The end of the time period to query for the attacks. This is a
|
|
632
1013
|
# `timestamp` type. The request syntax listing indicates a `number`
|
|
633
|
-
# type because the default used by
|
|
634
|
-
#
|
|
1014
|
+
# type because the default used by Firewall Manager is Unix time in
|
|
1015
|
+
# seconds. However, any valid `timestamp` format is allowed.
|
|
635
1016
|
# @return [Time]
|
|
636
1017
|
#
|
|
637
1018
|
# @!attribute [rw] next_token
|
|
638
1019
|
# If you specify a value for `MaxResults` and you have more objects
|
|
639
|
-
# than the number that you specify for `MaxResults`,
|
|
640
|
-
#
|
|
641
|
-
#
|
|
642
|
-
#
|
|
643
|
-
#
|
|
644
|
-
#
|
|
1020
|
+
# than the number that you specify for `MaxResults`, Firewall Manager
|
|
1021
|
+
# returns a `NextToken` value in the response, which you can use to
|
|
1022
|
+
# retrieve another group of objects. For the second and subsequent
|
|
1023
|
+
# `GetProtectionStatus` requests, specify the value of `NextToken`
|
|
1024
|
+
# from the previous response to get information about another batch of
|
|
1025
|
+
# objects.
|
|
645
1026
|
# @return [String]
|
|
646
1027
|
#
|
|
647
1028
|
# @!attribute [rw] max_results
|
|
648
|
-
# Specifies the number of objects that you want
|
|
649
|
-
#
|
|
1029
|
+
# Specifies the number of objects that you want Firewall Manager to
|
|
1030
|
+
# return for this request. If you have more objects than the number
|
|
650
1031
|
# that you specify for `MaxResults`, the response includes a
|
|
651
1032
|
# `NextToken` value that you can use to get another batch of objects.
|
|
652
1033
|
# @return [Integer]
|
|
@@ -665,7 +1046,8 @@ module Aws::FMS
|
|
|
665
1046
|
end
|
|
666
1047
|
|
|
667
1048
|
# @!attribute [rw] admin_account_id
|
|
668
|
-
# The ID of the
|
|
1049
|
+
# The ID of the Firewall Manager administrator account for this
|
|
1050
|
+
# policy.
|
|
669
1051
|
# @return [String]
|
|
670
1052
|
#
|
|
671
1053
|
# @!attribute [rw] service_type
|
|
@@ -696,10 +1078,10 @@ module Aws::FMS
|
|
|
696
1078
|
# request, and specify the `NextToken` value from the response in the
|
|
697
1079
|
# `NextToken` value in the next request.
|
|
698
1080
|
#
|
|
699
|
-
#
|
|
700
|
-
# response and make subsequent request calls
|
|
701
|
-
# behalf. However, this feature is not supported
|
|
702
|
-
# `GetProtectionStatus`. You must submit subsequent requests with
|
|
1081
|
+
# Amazon Web Services SDKs provide auto-pagination that identify
|
|
1082
|
+
# `NextToken` in a response and make subsequent request calls
|
|
1083
|
+
# automatically on your behalf. However, this feature is not supported
|
|
1084
|
+
# by `GetProtectionStatus`. You must submit subsequent requests with
|
|
703
1085
|
# `NextToken` using your own processes.
|
|
704
1086
|
# @return [String]
|
|
705
1087
|
#
|
|
@@ -723,13 +1105,13 @@ module Aws::FMS
|
|
|
723
1105
|
# }
|
|
724
1106
|
#
|
|
725
1107
|
# @!attribute [rw] list_id
|
|
726
|
-
# The ID of the
|
|
1108
|
+
# The ID of the Firewall Manager protocols list that you want the
|
|
727
1109
|
# details for.
|
|
728
1110
|
# @return [String]
|
|
729
1111
|
#
|
|
730
1112
|
# @!attribute [rw] default_list
|
|
731
1113
|
# Specifies whether the list to retrieve is a default list owned by
|
|
732
|
-
#
|
|
1114
|
+
# Firewall Manager.
|
|
733
1115
|
# @return [Boolean]
|
|
734
1116
|
#
|
|
735
1117
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtocolsListRequest AWS API Documentation
|
|
@@ -742,7 +1124,7 @@ module Aws::FMS
|
|
|
742
1124
|
end
|
|
743
1125
|
|
|
744
1126
|
# @!attribute [rw] protocols_list
|
|
745
|
-
# Information about the specified
|
|
1127
|
+
# Information about the specified Firewall Manager protocols list.
|
|
746
1128
|
# @return [Types::ProtocolsListData]
|
|
747
1129
|
#
|
|
748
1130
|
# @!attribute [rw] protocols_list_arn
|
|
@@ -769,13 +1151,12 @@ module Aws::FMS
|
|
|
769
1151
|
# }
|
|
770
1152
|
#
|
|
771
1153
|
# @!attribute [rw] policy_id
|
|
772
|
-
# The ID of the
|
|
773
|
-
#
|
|
774
|
-
# policies.
|
|
1154
|
+
# The ID of the Firewall Manager policy that you want the details for.
|
|
1155
|
+
# This currently only supports security group content audit policies.
|
|
775
1156
|
# @return [String]
|
|
776
1157
|
#
|
|
777
1158
|
# @!attribute [rw] member_account
|
|
778
|
-
# The
|
|
1159
|
+
# The Amazon Web Services account ID that you want the details for.
|
|
779
1160
|
# @return [String]
|
|
780
1161
|
#
|
|
781
1162
|
# @!attribute [rw] resource_id
|
|
@@ -783,10 +1164,11 @@ module Aws::FMS
|
|
|
783
1164
|
# @return [String]
|
|
784
1165
|
#
|
|
785
1166
|
# @!attribute [rw] resource_type
|
|
786
|
-
# The resource type. This is in the format shown in the [
|
|
787
|
-
# Types Reference][1]. Supported resource types are:
|
|
788
|
-
# `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`,
|
|
789
|
-
# `AWS::EC2::SecurityGroup
|
|
1167
|
+
# The resource type. This is in the format shown in the [Amazon Web
|
|
1168
|
+
# Services Resource Types Reference][1]. Supported resource types are:
|
|
1169
|
+
# `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`,
|
|
1170
|
+
# `AWS::EC2::SecurityGroup`, `AWS::NetworkFirewall::FirewallPolicy`,
|
|
1171
|
+
# and `AWS::EC2::Subnet`.
|
|
790
1172
|
#
|
|
791
1173
|
#
|
|
792
1174
|
#
|
|
@@ -846,9 +1228,9 @@ module Aws::FMS
|
|
|
846
1228
|
# The operation failed because there was nothing to do or the operation
|
|
847
1229
|
# wasn't possible. For example, you might have submitted an
|
|
848
1230
|
# `AssociateAdminAccount` request for an account ID that was already set
|
|
849
|
-
# as the
|
|
1231
|
+
# as the Firewall Manager administrator. Or you might have tried to
|
|
850
1232
|
# access a Region that's disabled by default, and that you need to
|
|
851
|
-
# enable for the Firewall Manager administrator account and for
|
|
1233
|
+
# enable for the Firewall Manager administrator account and for
|
|
852
1234
|
# Organizations before you can access it.
|
|
853
1235
|
#
|
|
854
1236
|
# @!attribute [rw] message
|
|
@@ -876,9 +1258,9 @@ module Aws::FMS
|
|
|
876
1258
|
end
|
|
877
1259
|
|
|
878
1260
|
# The operation exceeds a resource limit, for example, the maximum
|
|
879
|
-
# number of `policy` objects that you can create for an
|
|
880
|
-
# more information, see [Firewall Manager
|
|
881
|
-
# Developer Guide*.
|
|
1261
|
+
# number of `policy` objects that you can create for an Amazon Web
|
|
1262
|
+
# Services account. For more information, see [Firewall Manager
|
|
1263
|
+
# Limits][1] in the *WAF Developer Guide*.
|
|
882
1264
|
#
|
|
883
1265
|
#
|
|
884
1266
|
#
|
|
@@ -906,25 +1288,25 @@ module Aws::FMS
|
|
|
906
1288
|
#
|
|
907
1289
|
# @!attribute [rw] default_lists
|
|
908
1290
|
# Specifies whether the lists to retrieve are default lists owned by
|
|
909
|
-
#
|
|
1291
|
+
# Firewall Manager.
|
|
910
1292
|
# @return [Boolean]
|
|
911
1293
|
#
|
|
912
1294
|
# @!attribute [rw] next_token
|
|
913
1295
|
# If you specify a value for `MaxResults` in your list request, and
|
|
914
|
-
# you have more objects than the maximum,
|
|
1296
|
+
# you have more objects than the maximum, Firewall Manager returns
|
|
915
1297
|
# this token in the response. For all but the first request, you
|
|
916
1298
|
# provide the token returned by the prior request in the request
|
|
917
1299
|
# parameters, to retrieve the next batch of objects.
|
|
918
1300
|
# @return [String]
|
|
919
1301
|
#
|
|
920
1302
|
# @!attribute [rw] max_results
|
|
921
|
-
# The maximum number of objects that you want
|
|
1303
|
+
# The maximum number of objects that you want Firewall Manager to
|
|
922
1304
|
# return for this request. If more objects are available, in the
|
|
923
|
-
# response,
|
|
924
|
-
#
|
|
1305
|
+
# response, Firewall Manager provides a `NextToken` value that you can
|
|
1306
|
+
# use in a subsequent call to get the next batch of objects.
|
|
925
1307
|
#
|
|
926
|
-
# If you don't specify this,
|
|
927
|
-
#
|
|
1308
|
+
# If you don't specify this, Firewall Manager returns all available
|
|
1309
|
+
# objects.
|
|
928
1310
|
# @return [Integer]
|
|
929
1311
|
#
|
|
930
1312
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAppsListsRequest AWS API Documentation
|
|
@@ -943,7 +1325,7 @@ module Aws::FMS
|
|
|
943
1325
|
#
|
|
944
1326
|
# @!attribute [rw] next_token
|
|
945
1327
|
# If you specify a value for `MaxResults` in your list request, and
|
|
946
|
-
# you have more objects than the maximum,
|
|
1328
|
+
# you have more objects than the maximum, Firewall Manager returns
|
|
947
1329
|
# this token in the response. You can use this token in subsequent
|
|
948
1330
|
# requests to retrieve the next batch of objects.
|
|
949
1331
|
# @return [String]
|
|
@@ -967,15 +1349,14 @@ module Aws::FMS
|
|
|
967
1349
|
# }
|
|
968
1350
|
#
|
|
969
1351
|
# @!attribute [rw] policy_id
|
|
970
|
-
# The ID of the
|
|
971
|
-
# for.
|
|
1352
|
+
# The ID of the Firewall Manager policy that you want the details for.
|
|
972
1353
|
# @return [String]
|
|
973
1354
|
#
|
|
974
1355
|
# @!attribute [rw] next_token
|
|
975
1356
|
# If you specify a value for `MaxResults` and you have more
|
|
976
1357
|
# `PolicyComplianceStatus` objects than the number that you specify
|
|
977
|
-
# for `MaxResults`,
|
|
978
|
-
#
|
|
1358
|
+
# for `MaxResults`, Firewall Manager returns a `NextToken` value in
|
|
1359
|
+
# the response that allows you to list another group of
|
|
979
1360
|
# `PolicyComplianceStatus` objects. For the second and subsequent
|
|
980
1361
|
# `ListComplianceStatus` requests, specify the value of `NextToken`
|
|
981
1362
|
# from the previous response to get information about another batch of
|
|
@@ -984,11 +1365,10 @@ module Aws::FMS
|
|
|
984
1365
|
#
|
|
985
1366
|
# @!attribute [rw] max_results
|
|
986
1367
|
# Specifies the number of `PolicyComplianceStatus` objects that you
|
|
987
|
-
# want
|
|
988
|
-
#
|
|
989
|
-
#
|
|
990
|
-
#
|
|
991
|
-
# objects.
|
|
1368
|
+
# want Firewall Manager to return for this request. If you have more
|
|
1369
|
+
# `PolicyComplianceStatus` objects than the number that you specify
|
|
1370
|
+
# for `MaxResults`, the response includes a `NextToken` value that you
|
|
1371
|
+
# can use to get another batch of `PolicyComplianceStatus` objects.
|
|
992
1372
|
# @return [Integer]
|
|
993
1373
|
#
|
|
994
1374
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListComplianceStatusRequest AWS API Documentation
|
|
@@ -1033,7 +1413,7 @@ module Aws::FMS
|
|
|
1033
1413
|
#
|
|
1034
1414
|
# @!attribute [rw] next_token
|
|
1035
1415
|
# If you specify a value for `MaxResults` and you have more account
|
|
1036
|
-
# IDs than the number that you specify for `MaxResults`,
|
|
1416
|
+
# IDs than the number that you specify for `MaxResults`, Firewall
|
|
1037
1417
|
# Manager returns a `NextToken` value in the response that allows you
|
|
1038
1418
|
# to list another group of IDs. For the second and subsequent
|
|
1039
1419
|
# `ListMemberAccountsRequest` requests, specify the value of
|
|
@@ -1042,11 +1422,11 @@ module Aws::FMS
|
|
|
1042
1422
|
# @return [String]
|
|
1043
1423
|
#
|
|
1044
1424
|
# @!attribute [rw] max_results
|
|
1045
|
-
# Specifies the number of member account IDs that you want
|
|
1046
|
-
#
|
|
1047
|
-
#
|
|
1048
|
-
#
|
|
1049
|
-
#
|
|
1425
|
+
# Specifies the number of member account IDs that you want Firewall
|
|
1426
|
+
# Manager to return for this request. If you have more IDs than the
|
|
1427
|
+
# number that you specify for `MaxResults`, the response includes a
|
|
1428
|
+
# `NextToken` value that you can use to get another batch of member
|
|
1429
|
+
# account IDs.
|
|
1050
1430
|
# @return [Integer]
|
|
1051
1431
|
#
|
|
1052
1432
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListMemberAccountsRequest AWS API Documentation
|
|
@@ -1090,16 +1470,15 @@ module Aws::FMS
|
|
|
1090
1470
|
# @!attribute [rw] next_token
|
|
1091
1471
|
# If you specify a value for `MaxResults` and you have more
|
|
1092
1472
|
# `PolicySummary` objects than the number that you specify for
|
|
1093
|
-
# `MaxResults`,
|
|
1094
|
-
#
|
|
1095
|
-
#
|
|
1096
|
-
#
|
|
1097
|
-
#
|
|
1098
|
-
# `PolicySummary` objects.
|
|
1473
|
+
# `MaxResults`, Firewall Manager returns a `NextToken` value in the
|
|
1474
|
+
# response that allows you to list another group of `PolicySummary`
|
|
1475
|
+
# objects. For the second and subsequent `ListPolicies` requests,
|
|
1476
|
+
# specify the value of `NextToken` from the previous response to get
|
|
1477
|
+
# information about another batch of `PolicySummary` objects.
|
|
1099
1478
|
# @return [String]
|
|
1100
1479
|
#
|
|
1101
1480
|
# @!attribute [rw] max_results
|
|
1102
|
-
# Specifies the number of `PolicySummary` objects that you want
|
|
1481
|
+
# Specifies the number of `PolicySummary` objects that you want
|
|
1103
1482
|
# Firewall Manager to return for this request. If you have more
|
|
1104
1483
|
# `PolicySummary` objects than the number that you specify for
|
|
1105
1484
|
# `MaxResults`, the response includes a `NextToken` value that you can
|
|
@@ -1147,25 +1526,25 @@ module Aws::FMS
|
|
|
1147
1526
|
#
|
|
1148
1527
|
# @!attribute [rw] default_lists
|
|
1149
1528
|
# Specifies whether the lists to retrieve are default lists owned by
|
|
1150
|
-
#
|
|
1529
|
+
# Firewall Manager.
|
|
1151
1530
|
# @return [Boolean]
|
|
1152
1531
|
#
|
|
1153
1532
|
# @!attribute [rw] next_token
|
|
1154
1533
|
# If you specify a value for `MaxResults` in your list request, and
|
|
1155
|
-
# you have more objects than the maximum,
|
|
1534
|
+
# you have more objects than the maximum, Firewall Manager returns
|
|
1156
1535
|
# this token in the response. For all but the first request, you
|
|
1157
1536
|
# provide the token returned by the prior request in the request
|
|
1158
1537
|
# parameters, to retrieve the next batch of objects.
|
|
1159
1538
|
# @return [String]
|
|
1160
1539
|
#
|
|
1161
1540
|
# @!attribute [rw] max_results
|
|
1162
|
-
# The maximum number of objects that you want
|
|
1541
|
+
# The maximum number of objects that you want Firewall Manager to
|
|
1163
1542
|
# return for this request. If more objects are available, in the
|
|
1164
|
-
# response,
|
|
1165
|
-
#
|
|
1543
|
+
# response, Firewall Manager provides a `NextToken` value that you can
|
|
1544
|
+
# use in a subsequent call to get the next batch of objects.
|
|
1166
1545
|
#
|
|
1167
|
-
# If you don't specify this,
|
|
1168
|
-
#
|
|
1546
|
+
# If you don't specify this, Firewall Manager returns all available
|
|
1547
|
+
# objects.
|
|
1169
1548
|
# @return [Integer]
|
|
1170
1549
|
#
|
|
1171
1550
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListProtocolsListsRequest AWS API Documentation
|
|
@@ -1184,7 +1563,7 @@ module Aws::FMS
|
|
|
1184
1563
|
#
|
|
1185
1564
|
# @!attribute [rw] next_token
|
|
1186
1565
|
# If you specify a value for `MaxResults` in your list request, and
|
|
1187
|
-
# you have more objects than the maximum,
|
|
1566
|
+
# you have more objects than the maximum, Firewall Manager returns
|
|
1188
1567
|
# this token in the response. You can use this token in subsequent
|
|
1189
1568
|
# requests to retrieve the next batch of objects.
|
|
1190
1569
|
# @return [String]
|
|
@@ -1207,8 +1586,8 @@ module Aws::FMS
|
|
|
1207
1586
|
#
|
|
1208
1587
|
# @!attribute [rw] resource_arn
|
|
1209
1588
|
# The Amazon Resource Name (ARN) of the resource to return tags for.
|
|
1210
|
-
# The
|
|
1211
|
-
#
|
|
1589
|
+
# The Firewall Manager resources that support tagging are policies,
|
|
1590
|
+
# applications lists, and protocols lists.
|
|
1212
1591
|
# @return [String]
|
|
1213
1592
|
#
|
|
1214
1593
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListTagsForResourceRequest AWS API Documentation
|
|
@@ -1231,12 +1610,473 @@ module Aws::FMS
|
|
|
1231
1610
|
include Aws::Structure
|
|
1232
1611
|
end
|
|
1233
1612
|
|
|
1613
|
+
# Violation detail for an internet gateway route with an inactive state
|
|
1614
|
+
# in the customer subnet route table or Network Firewall subnet route
|
|
1615
|
+
# table.
|
|
1616
|
+
#
|
|
1617
|
+
# @!attribute [rw] violation_target
|
|
1618
|
+
# The subnet that has an inactive state.
|
|
1619
|
+
# @return [String]
|
|
1620
|
+
#
|
|
1621
|
+
# @!attribute [rw] route_table_id
|
|
1622
|
+
# Information about the route table ID.
|
|
1623
|
+
# @return [String]
|
|
1624
|
+
#
|
|
1625
|
+
# @!attribute [rw] vpc_id
|
|
1626
|
+
# Information about the VPC ID.
|
|
1627
|
+
# @return [String]
|
|
1628
|
+
#
|
|
1629
|
+
# @!attribute [rw] violating_routes
|
|
1630
|
+
# Information about the route or routes that are in violation.
|
|
1631
|
+
# @return [Array<Types::Route>]
|
|
1632
|
+
#
|
|
1633
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallBlackHoleRouteDetectedViolation AWS API Documentation
|
|
1634
|
+
#
|
|
1635
|
+
class NetworkFirewallBlackHoleRouteDetectedViolation < Struct.new(
|
|
1636
|
+
:violation_target,
|
|
1637
|
+
:route_table_id,
|
|
1638
|
+
:vpc_id,
|
|
1639
|
+
:violating_routes)
|
|
1640
|
+
SENSITIVE = []
|
|
1641
|
+
include Aws::Structure
|
|
1642
|
+
end
|
|
1643
|
+
|
|
1644
|
+
# Violation detail for the subnet for which internet traffic that
|
|
1645
|
+
# hasn't been inspected.
|
|
1646
|
+
#
|
|
1647
|
+
# @!attribute [rw] subnet_id
|
|
1648
|
+
# The subnet ID.
|
|
1649
|
+
# @return [String]
|
|
1650
|
+
#
|
|
1651
|
+
# @!attribute [rw] subnet_availability_zone
|
|
1652
|
+
# The subnet Availability Zone.
|
|
1653
|
+
# @return [String]
|
|
1654
|
+
#
|
|
1655
|
+
# @!attribute [rw] route_table_id
|
|
1656
|
+
# Information about the route table ID.
|
|
1657
|
+
# @return [String]
|
|
1658
|
+
#
|
|
1659
|
+
# @!attribute [rw] violating_routes
|
|
1660
|
+
# The route or routes that are in violation.
|
|
1661
|
+
# @return [Array<Types::Route>]
|
|
1662
|
+
#
|
|
1663
|
+
# @!attribute [rw] is_route_table_used_in_different_az
|
|
1664
|
+
# Information about whether the route table is used in another
|
|
1665
|
+
# Availability Zone.
|
|
1666
|
+
# @return [Boolean]
|
|
1667
|
+
#
|
|
1668
|
+
# @!attribute [rw] current_firewall_subnet_route_table
|
|
1669
|
+
# Information about the subnet route table for the current firewall.
|
|
1670
|
+
# @return [String]
|
|
1671
|
+
#
|
|
1672
|
+
# @!attribute [rw] expected_firewall_endpoint
|
|
1673
|
+
# The expected endpoint for the current firewall.
|
|
1674
|
+
# @return [String]
|
|
1675
|
+
#
|
|
1676
|
+
# @!attribute [rw] firewall_subnet_id
|
|
1677
|
+
# The firewall subnet ID.
|
|
1678
|
+
# @return [String]
|
|
1679
|
+
#
|
|
1680
|
+
# @!attribute [rw] expected_firewall_subnet_routes
|
|
1681
|
+
# The firewall subnet routes that are expected.
|
|
1682
|
+
# @return [Array<Types::ExpectedRoute>]
|
|
1683
|
+
#
|
|
1684
|
+
# @!attribute [rw] actual_firewall_subnet_routes
|
|
1685
|
+
# The actual firewall subnet routes.
|
|
1686
|
+
# @return [Array<Types::Route>]
|
|
1687
|
+
#
|
|
1688
|
+
# @!attribute [rw] internet_gateway_id
|
|
1689
|
+
# The internet gateway ID.
|
|
1690
|
+
# @return [String]
|
|
1691
|
+
#
|
|
1692
|
+
# @!attribute [rw] current_internet_gateway_route_table
|
|
1693
|
+
# The current route table for the internet gateway.
|
|
1694
|
+
# @return [String]
|
|
1695
|
+
#
|
|
1696
|
+
# @!attribute [rw] expected_internet_gateway_routes
|
|
1697
|
+
# The internet gateway routes that are expected.
|
|
1698
|
+
# @return [Array<Types::ExpectedRoute>]
|
|
1699
|
+
#
|
|
1700
|
+
# @!attribute [rw] actual_internet_gateway_routes
|
|
1701
|
+
# The actual internet gateway routes.
|
|
1702
|
+
# @return [Array<Types::Route>]
|
|
1703
|
+
#
|
|
1704
|
+
# @!attribute [rw] vpc_id
|
|
1705
|
+
# Information about the VPC ID.
|
|
1706
|
+
# @return [String]
|
|
1707
|
+
#
|
|
1708
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallInternetTrafficNotInspectedViolation AWS API Documentation
|
|
1709
|
+
#
|
|
1710
|
+
class NetworkFirewallInternetTrafficNotInspectedViolation < Struct.new(
|
|
1711
|
+
:subnet_id,
|
|
1712
|
+
:subnet_availability_zone,
|
|
1713
|
+
:route_table_id,
|
|
1714
|
+
:violating_routes,
|
|
1715
|
+
:is_route_table_used_in_different_az,
|
|
1716
|
+
:current_firewall_subnet_route_table,
|
|
1717
|
+
:expected_firewall_endpoint,
|
|
1718
|
+
:firewall_subnet_id,
|
|
1719
|
+
:expected_firewall_subnet_routes,
|
|
1720
|
+
:actual_firewall_subnet_routes,
|
|
1721
|
+
:internet_gateway_id,
|
|
1722
|
+
:current_internet_gateway_route_table,
|
|
1723
|
+
:expected_internet_gateway_routes,
|
|
1724
|
+
:actual_internet_gateway_routes,
|
|
1725
|
+
:vpc_id)
|
|
1726
|
+
SENSITIVE = []
|
|
1727
|
+
include Aws::Structure
|
|
1728
|
+
end
|
|
1729
|
+
|
|
1730
|
+
# Violation detail for the improperly configured subnet route. It's
|
|
1731
|
+
# possible there is a missing route table route, or a configuration that
|
|
1732
|
+
# causes traffic to cross an Availability Zone boundary.
|
|
1733
|
+
#
|
|
1734
|
+
# @!attribute [rw] affected_subnets
|
|
1735
|
+
# The subnets that are affected.
|
|
1736
|
+
# @return [Array<String>]
|
|
1737
|
+
#
|
|
1738
|
+
# @!attribute [rw] route_table_id
|
|
1739
|
+
# The route table ID.
|
|
1740
|
+
# @return [String]
|
|
1741
|
+
#
|
|
1742
|
+
# @!attribute [rw] is_route_table_used_in_different_az
|
|
1743
|
+
# Information about whether the route table is used in another
|
|
1744
|
+
# Availability Zone.
|
|
1745
|
+
# @return [Boolean]
|
|
1746
|
+
#
|
|
1747
|
+
# @!attribute [rw] violating_route
|
|
1748
|
+
# The route that's in violation.
|
|
1749
|
+
# @return [Types::Route]
|
|
1750
|
+
#
|
|
1751
|
+
# @!attribute [rw] current_firewall_subnet_route_table
|
|
1752
|
+
# The subnet route table for the current firewall.
|
|
1753
|
+
# @return [String]
|
|
1754
|
+
#
|
|
1755
|
+
# @!attribute [rw] expected_firewall_endpoint
|
|
1756
|
+
# The firewall endpoint that's expected.
|
|
1757
|
+
# @return [String]
|
|
1758
|
+
#
|
|
1759
|
+
# @!attribute [rw] actual_firewall_endpoint
|
|
1760
|
+
# The actual firewall endpoint.
|
|
1761
|
+
# @return [String]
|
|
1762
|
+
#
|
|
1763
|
+
# @!attribute [rw] expected_firewall_subnet_id
|
|
1764
|
+
# The expected subnet ID for the firewall.
|
|
1765
|
+
# @return [String]
|
|
1766
|
+
#
|
|
1767
|
+
# @!attribute [rw] actual_firewall_subnet_id
|
|
1768
|
+
# The actual subnet ID for the firewall.
|
|
1769
|
+
# @return [String]
|
|
1770
|
+
#
|
|
1771
|
+
# @!attribute [rw] expected_firewall_subnet_routes
|
|
1772
|
+
# The firewall subnet routes that are expected.
|
|
1773
|
+
# @return [Array<Types::ExpectedRoute>]
|
|
1774
|
+
#
|
|
1775
|
+
# @!attribute [rw] actual_firewall_subnet_routes
|
|
1776
|
+
# The actual firewall subnet routes that are expected.
|
|
1777
|
+
# @return [Array<Types::Route>]
|
|
1778
|
+
#
|
|
1779
|
+
# @!attribute [rw] internet_gateway_id
|
|
1780
|
+
# The internet gateway ID.
|
|
1781
|
+
# @return [String]
|
|
1782
|
+
#
|
|
1783
|
+
# @!attribute [rw] current_internet_gateway_route_table
|
|
1784
|
+
# The route table for the current internet gateway.
|
|
1785
|
+
# @return [String]
|
|
1786
|
+
#
|
|
1787
|
+
# @!attribute [rw] expected_internet_gateway_routes
|
|
1788
|
+
# The expected routes for the internet gateway.
|
|
1789
|
+
# @return [Array<Types::ExpectedRoute>]
|
|
1790
|
+
#
|
|
1791
|
+
# @!attribute [rw] actual_internet_gateway_routes
|
|
1792
|
+
# The actual internet gateway routes.
|
|
1793
|
+
# @return [Array<Types::Route>]
|
|
1794
|
+
#
|
|
1795
|
+
# @!attribute [rw] vpc_id
|
|
1796
|
+
# Information about the VPC ID.
|
|
1797
|
+
# @return [String]
|
|
1798
|
+
#
|
|
1799
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallInvalidRouteConfigurationViolation AWS API Documentation
|
|
1800
|
+
#
|
|
1801
|
+
class NetworkFirewallInvalidRouteConfigurationViolation < Struct.new(
|
|
1802
|
+
:affected_subnets,
|
|
1803
|
+
:route_table_id,
|
|
1804
|
+
:is_route_table_used_in_different_az,
|
|
1805
|
+
:violating_route,
|
|
1806
|
+
:current_firewall_subnet_route_table,
|
|
1807
|
+
:expected_firewall_endpoint,
|
|
1808
|
+
:actual_firewall_endpoint,
|
|
1809
|
+
:expected_firewall_subnet_id,
|
|
1810
|
+
:actual_firewall_subnet_id,
|
|
1811
|
+
:expected_firewall_subnet_routes,
|
|
1812
|
+
:actual_firewall_subnet_routes,
|
|
1813
|
+
:internet_gateway_id,
|
|
1814
|
+
:current_internet_gateway_route_table,
|
|
1815
|
+
:expected_internet_gateway_routes,
|
|
1816
|
+
:actual_internet_gateway_routes,
|
|
1817
|
+
:vpc_id)
|
|
1818
|
+
SENSITIVE = []
|
|
1819
|
+
include Aws::Structure
|
|
1820
|
+
end
|
|
1821
|
+
|
|
1822
|
+
# Violation detail for Network Firewall for a subnet that's not
|
|
1823
|
+
# associated to the expected Firewall Manager managed route table.
|
|
1824
|
+
#
|
|
1825
|
+
# @!attribute [rw] violation_target
|
|
1826
|
+
# The ID of the Network Firewall or VPC resource that's in violation.
|
|
1827
|
+
# @return [String]
|
|
1828
|
+
#
|
|
1829
|
+
# @!attribute [rw] vpc
|
|
1830
|
+
# The resource ID of the VPC associated with a violating subnet.
|
|
1831
|
+
# @return [String]
|
|
1832
|
+
#
|
|
1833
|
+
# @!attribute [rw] availability_zone
|
|
1834
|
+
# The Availability Zone of a violating subnet.
|
|
1835
|
+
# @return [String]
|
|
1836
|
+
#
|
|
1837
|
+
# @!attribute [rw] current_route_table
|
|
1838
|
+
# The resource ID of the current route table that's associated with
|
|
1839
|
+
# the subnet, if one is available.
|
|
1840
|
+
# @return [String]
|
|
1841
|
+
#
|
|
1842
|
+
# @!attribute [rw] expected_route_table
|
|
1843
|
+
# The resource ID of the route table that should be associated with
|
|
1844
|
+
# the subnet.
|
|
1845
|
+
# @return [String]
|
|
1846
|
+
#
|
|
1847
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingExpectedRTViolation AWS API Documentation
|
|
1848
|
+
#
|
|
1849
|
+
class NetworkFirewallMissingExpectedRTViolation < Struct.new(
|
|
1850
|
+
:violation_target,
|
|
1851
|
+
:vpc,
|
|
1852
|
+
:availability_zone,
|
|
1853
|
+
:current_route_table,
|
|
1854
|
+
:expected_route_table)
|
|
1855
|
+
SENSITIVE = []
|
|
1856
|
+
include Aws::Structure
|
|
1857
|
+
end
|
|
1858
|
+
|
|
1859
|
+
# Violation detail for an expected route missing in Network Firewall.
|
|
1860
|
+
#
|
|
1861
|
+
# @!attribute [rw] violation_target
|
|
1862
|
+
# The target of the violation.
|
|
1863
|
+
# @return [String]
|
|
1864
|
+
#
|
|
1865
|
+
# @!attribute [rw] expected_routes
|
|
1866
|
+
# The expected routes.
|
|
1867
|
+
# @return [Array<Types::ExpectedRoute>]
|
|
1868
|
+
#
|
|
1869
|
+
# @!attribute [rw] vpc_id
|
|
1870
|
+
# Information about the VPC ID.
|
|
1871
|
+
# @return [String]
|
|
1872
|
+
#
|
|
1873
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingExpectedRoutesViolation AWS API Documentation
|
|
1874
|
+
#
|
|
1875
|
+
class NetworkFirewallMissingExpectedRoutesViolation < Struct.new(
|
|
1876
|
+
:violation_target,
|
|
1877
|
+
:expected_routes,
|
|
1878
|
+
:vpc_id)
|
|
1879
|
+
SENSITIVE = []
|
|
1880
|
+
include Aws::Structure
|
|
1881
|
+
end
|
|
1882
|
+
|
|
1883
|
+
# Violation detail for Network Firewall for a subnet that doesn't have
|
|
1884
|
+
# a Firewall Manager managed firewall in its VPC.
|
|
1885
|
+
#
|
|
1886
|
+
# @!attribute [rw] violation_target
|
|
1887
|
+
# The ID of the Network Firewall or VPC resource that's in violation.
|
|
1888
|
+
# @return [String]
|
|
1889
|
+
#
|
|
1890
|
+
# @!attribute [rw] vpc
|
|
1891
|
+
# The resource ID of the VPC associated with a violating subnet.
|
|
1892
|
+
# @return [String]
|
|
1893
|
+
#
|
|
1894
|
+
# @!attribute [rw] availability_zone
|
|
1895
|
+
# The Availability Zone of a violating subnet.
|
|
1896
|
+
# @return [String]
|
|
1897
|
+
#
|
|
1898
|
+
# @!attribute [rw] target_violation_reason
|
|
1899
|
+
# The reason the resource has this violation, if one is available.
|
|
1900
|
+
# @return [String]
|
|
1901
|
+
#
|
|
1902
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingFirewallViolation AWS API Documentation
|
|
1903
|
+
#
|
|
1904
|
+
class NetworkFirewallMissingFirewallViolation < Struct.new(
|
|
1905
|
+
:violation_target,
|
|
1906
|
+
:vpc,
|
|
1907
|
+
:availability_zone,
|
|
1908
|
+
:target_violation_reason)
|
|
1909
|
+
SENSITIVE = []
|
|
1910
|
+
include Aws::Structure
|
|
1911
|
+
end
|
|
1912
|
+
|
|
1913
|
+
# Violation detail for Network Firewall for an Availability Zone that's
|
|
1914
|
+
# missing the expected Firewall Manager managed subnet.
|
|
1915
|
+
#
|
|
1916
|
+
# @!attribute [rw] violation_target
|
|
1917
|
+
# The ID of the Network Firewall or VPC resource that's in violation.
|
|
1918
|
+
# @return [String]
|
|
1919
|
+
#
|
|
1920
|
+
# @!attribute [rw] vpc
|
|
1921
|
+
# The resource ID of the VPC associated with a violating subnet.
|
|
1922
|
+
# @return [String]
|
|
1923
|
+
#
|
|
1924
|
+
# @!attribute [rw] availability_zone
|
|
1925
|
+
# The Availability Zone of a violating subnet.
|
|
1926
|
+
# @return [String]
|
|
1927
|
+
#
|
|
1928
|
+
# @!attribute [rw] target_violation_reason
|
|
1929
|
+
# The reason the resource has this violation, if one is available.
|
|
1930
|
+
# @return [String]
|
|
1931
|
+
#
|
|
1932
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallMissingSubnetViolation AWS API Documentation
|
|
1933
|
+
#
|
|
1934
|
+
class NetworkFirewallMissingSubnetViolation < Struct.new(
|
|
1935
|
+
:violation_target,
|
|
1936
|
+
:vpc,
|
|
1937
|
+
:availability_zone,
|
|
1938
|
+
:target_violation_reason)
|
|
1939
|
+
SENSITIVE = []
|
|
1940
|
+
include Aws::Structure
|
|
1941
|
+
end
|
|
1942
|
+
|
|
1943
|
+
# The definition of the Network Firewall firewall policy.
|
|
1944
|
+
#
|
|
1945
|
+
# @!attribute [rw] stateless_rule_groups
|
|
1946
|
+
# The stateless rule groups that are used in the Network Firewall
|
|
1947
|
+
# firewall policy.
|
|
1948
|
+
# @return [Array<Types::StatelessRuleGroup>]
|
|
1949
|
+
#
|
|
1950
|
+
# @!attribute [rw] stateless_default_actions
|
|
1951
|
+
# The actions to take on packets that don't match any of the
|
|
1952
|
+
# stateless rule groups.
|
|
1953
|
+
# @return [Array<String>]
|
|
1954
|
+
#
|
|
1955
|
+
# @!attribute [rw] stateless_fragment_default_actions
|
|
1956
|
+
# The actions to take on packet fragments that don't match any of the
|
|
1957
|
+
# stateless rule groups.
|
|
1958
|
+
# @return [Array<String>]
|
|
1959
|
+
#
|
|
1960
|
+
# @!attribute [rw] stateless_custom_actions
|
|
1961
|
+
# Names of custom actions that are available for use in the stateless
|
|
1962
|
+
# default actions settings.
|
|
1963
|
+
# @return [Array<String>]
|
|
1964
|
+
#
|
|
1965
|
+
# @!attribute [rw] stateful_rule_groups
|
|
1966
|
+
# The stateful rule groups that are used in the Network Firewall
|
|
1967
|
+
# firewall policy.
|
|
1968
|
+
# @return [Array<Types::StatefulRuleGroup>]
|
|
1969
|
+
#
|
|
1970
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallPolicyDescription AWS API Documentation
|
|
1971
|
+
#
|
|
1972
|
+
class NetworkFirewallPolicyDescription < Struct.new(
|
|
1973
|
+
:stateless_rule_groups,
|
|
1974
|
+
:stateless_default_actions,
|
|
1975
|
+
:stateless_fragment_default_actions,
|
|
1976
|
+
:stateless_custom_actions,
|
|
1977
|
+
:stateful_rule_groups)
|
|
1978
|
+
SENSITIVE = []
|
|
1979
|
+
include Aws::Structure
|
|
1980
|
+
end
|
|
1981
|
+
|
|
1982
|
+
# Violation detail for Network Firewall for a firewall policy that has a
|
|
1983
|
+
# different NetworkFirewallPolicyDescription than is required by the
|
|
1984
|
+
# Firewall Manager policy.
|
|
1985
|
+
#
|
|
1986
|
+
# @!attribute [rw] violation_target
|
|
1987
|
+
# The ID of the Network Firewall or VPC resource that's in violation.
|
|
1988
|
+
# @return [String]
|
|
1989
|
+
#
|
|
1990
|
+
# @!attribute [rw] current_policy_description
|
|
1991
|
+
# The policy that's currently in use in the individual account.
|
|
1992
|
+
# @return [Types::NetworkFirewallPolicyDescription]
|
|
1993
|
+
#
|
|
1994
|
+
# @!attribute [rw] expected_policy_description
|
|
1995
|
+
# The policy that should be in use in the individual account in order
|
|
1996
|
+
# to be compliant.
|
|
1997
|
+
# @return [Types::NetworkFirewallPolicyDescription]
|
|
1998
|
+
#
|
|
1999
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallPolicyModifiedViolation AWS API Documentation
|
|
2000
|
+
#
|
|
2001
|
+
class NetworkFirewallPolicyModifiedViolation < Struct.new(
|
|
2002
|
+
:violation_target,
|
|
2003
|
+
:current_policy_description,
|
|
2004
|
+
:expected_policy_description)
|
|
2005
|
+
SENSITIVE = []
|
|
2006
|
+
include Aws::Structure
|
|
2007
|
+
end
|
|
2008
|
+
|
|
2009
|
+
# Violation detail for an unexpected route that's present in a route
|
|
2010
|
+
# table.
|
|
2011
|
+
#
|
|
2012
|
+
# @!attribute [rw] firewall_subnet_id
|
|
2013
|
+
# The subnet ID for the firewall.
|
|
2014
|
+
# @return [String]
|
|
2015
|
+
#
|
|
2016
|
+
# @!attribute [rw] violating_routes
|
|
2017
|
+
# The routes that are in violation.
|
|
2018
|
+
# @return [Array<Types::Route>]
|
|
2019
|
+
#
|
|
2020
|
+
# @!attribute [rw] route_table_id
|
|
2021
|
+
# The ID of the route table.
|
|
2022
|
+
# @return [String]
|
|
2023
|
+
#
|
|
2024
|
+
# @!attribute [rw] firewall_endpoint
|
|
2025
|
+
# The endpoint of the firewall.
|
|
2026
|
+
# @return [String]
|
|
2027
|
+
#
|
|
2028
|
+
# @!attribute [rw] vpc_id
|
|
2029
|
+
# Information about the VPC ID.
|
|
2030
|
+
# @return [String]
|
|
2031
|
+
#
|
|
2032
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallUnexpectedFirewallRoutesViolation AWS API Documentation
|
|
2033
|
+
#
|
|
2034
|
+
class NetworkFirewallUnexpectedFirewallRoutesViolation < Struct.new(
|
|
2035
|
+
:firewall_subnet_id,
|
|
2036
|
+
:violating_routes,
|
|
2037
|
+
:route_table_id,
|
|
2038
|
+
:firewall_endpoint,
|
|
2039
|
+
:vpc_id)
|
|
2040
|
+
SENSITIVE = []
|
|
2041
|
+
include Aws::Structure
|
|
2042
|
+
end
|
|
2043
|
+
|
|
2044
|
+
# Violation detail for an unexpected gateway route that’s present in a
|
|
2045
|
+
# route table.
|
|
2046
|
+
#
|
|
2047
|
+
# @!attribute [rw] gateway_id
|
|
2048
|
+
# Information about the gateway ID.
|
|
2049
|
+
# @return [String]
|
|
2050
|
+
#
|
|
2051
|
+
# @!attribute [rw] violating_routes
|
|
2052
|
+
# The routes that are in violation.
|
|
2053
|
+
# @return [Array<Types::Route>]
|
|
2054
|
+
#
|
|
2055
|
+
# @!attribute [rw] route_table_id
|
|
2056
|
+
# Information about the route table.
|
|
2057
|
+
# @return [String]
|
|
2058
|
+
#
|
|
2059
|
+
# @!attribute [rw] vpc_id
|
|
2060
|
+
# Information about the VPC ID.
|
|
2061
|
+
# @return [String]
|
|
2062
|
+
#
|
|
2063
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallUnexpectedGatewayRoutesViolation AWS API Documentation
|
|
2064
|
+
#
|
|
2065
|
+
class NetworkFirewallUnexpectedGatewayRoutesViolation < Struct.new(
|
|
2066
|
+
:gateway_id,
|
|
2067
|
+
:violating_routes,
|
|
2068
|
+
:route_table_id,
|
|
2069
|
+
:vpc_id)
|
|
2070
|
+
SENSITIVE = []
|
|
2071
|
+
include Aws::Structure
|
|
2072
|
+
end
|
|
2073
|
+
|
|
1234
2074
|
# The reference rule that partially matches the `ViolationTarget` rule
|
|
1235
2075
|
# and violation reason.
|
|
1236
2076
|
#
|
|
1237
2077
|
# @!attribute [rw] reference
|
|
1238
|
-
# The reference rule from the
|
|
1239
|
-
#
|
|
2078
|
+
# The reference rule from the primary security group of the Firewall
|
|
2079
|
+
# Manager policy.
|
|
1240
2080
|
# @return [String]
|
|
1241
2081
|
#
|
|
1242
2082
|
# @!attribute [rw] target_violation_reasons
|
|
@@ -1252,7 +2092,7 @@ module Aws::FMS
|
|
|
1252
2092
|
include Aws::Structure
|
|
1253
2093
|
end
|
|
1254
2094
|
|
|
1255
|
-
# An
|
|
2095
|
+
# An Firewall Manager policy.
|
|
1256
2096
|
#
|
|
1257
2097
|
# @note When making an API call, you may pass Policy
|
|
1258
2098
|
# data as a hash:
|
|
@@ -1262,7 +2102,7 @@ module Aws::FMS
|
|
|
1262
2102
|
# policy_name: "ResourceName", # required
|
|
1263
2103
|
# policy_update_token: "PolicyUpdateToken",
|
|
1264
2104
|
# security_service_policy_data: { # required
|
|
1265
|
-
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
|
|
2105
|
+
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
|
|
1266
2106
|
# managed_service_data: "ManagedServiceData",
|
|
1267
2107
|
# },
|
|
1268
2108
|
# resource_type: "ResourceType", # required
|
|
@@ -1284,11 +2124,11 @@ module Aws::FMS
|
|
|
1284
2124
|
# }
|
|
1285
2125
|
#
|
|
1286
2126
|
# @!attribute [rw] policy_id
|
|
1287
|
-
# The ID of the
|
|
2127
|
+
# The ID of the Firewall Manager policy.
|
|
1288
2128
|
# @return [String]
|
|
1289
2129
|
#
|
|
1290
2130
|
# @!attribute [rw] policy_name
|
|
1291
|
-
# The name of the
|
|
2131
|
+
# The name of the Firewall Manager policy.
|
|
1292
2132
|
# @return [String]
|
|
1293
2133
|
#
|
|
1294
2134
|
# @!attribute [rw] policy_update_token
|
|
@@ -1306,8 +2146,12 @@ module Aws::FMS
|
|
|
1306
2146
|
#
|
|
1307
2147
|
# @!attribute [rw] resource_type
|
|
1308
2148
|
# The type of resource protected by or in scope of the policy. This is
|
|
1309
|
-
# in the format shown in the [
|
|
1310
|
-
#
|
|
2149
|
+
# in the format shown in the [Amazon Web Services Resource Types
|
|
2150
|
+
# Reference][1]. To apply this policy to multiple resource types,
|
|
2151
|
+
# specify a resource type of `ResourceTypeList` and then specify the
|
|
2152
|
+
# resource types in a `ResourceTypeList`.
|
|
2153
|
+
#
|
|
2154
|
+
# For WAF and Shield Advanced, example resource types include
|
|
1311
2155
|
# `AWS::ElasticLoadBalancingV2::LoadBalancer` and
|
|
1312
2156
|
# `AWS::CloudFront::Distribution`. For a security group common policy,
|
|
1313
2157
|
# valid values are `AWS::EC2::NetworkInterface` and
|
|
@@ -1315,7 +2159,8 @@ module Aws::FMS
|
|
|
1315
2159
|
# valid values are `AWS::EC2::SecurityGroup`,
|
|
1316
2160
|
# `AWS::EC2::NetworkInterface`, and `AWS::EC2::Instance`. For a
|
|
1317
2161
|
# security group usage audit policy, the value is
|
|
1318
|
-
# `AWS::EC2::SecurityGroup`.
|
|
2162
|
+
# `AWS::EC2::SecurityGroup`. For an Network Firewall policy or DNS
|
|
2163
|
+
# Firewall policy, the value is `AWS::EC2::VPC`.
|
|
1319
2164
|
#
|
|
1320
2165
|
#
|
|
1321
2166
|
#
|
|
@@ -1323,7 +2168,9 @@ module Aws::FMS
|
|
|
1323
2168
|
# @return [String]
|
|
1324
2169
|
#
|
|
1325
2170
|
# @!attribute [rw] resource_type_list
|
|
1326
|
-
# An array of `ResourceType
|
|
2171
|
+
# An array of `ResourceType` objects. Use this only to specify
|
|
2172
|
+
# multiple resource types. To specify a single resource type, use
|
|
2173
|
+
# `ResourceType`.
|
|
1327
2174
|
# @return [Array<String>]
|
|
1328
2175
|
#
|
|
1329
2176
|
# @!attribute [rw] resource_tags
|
|
@@ -1343,18 +2190,18 @@ module Aws::FMS
|
|
|
1343
2190
|
# @return [Boolean]
|
|
1344
2191
|
#
|
|
1345
2192
|
# @!attribute [rw] include_map
|
|
1346
|
-
# Specifies the
|
|
1347
|
-
# units (OUs) to include in the policy. Specifying an
|
|
1348
|
-
# equivalent of specifying all accounts in the OU and in any
|
|
1349
|
-
# child OUs, including any child OUs and accounts that are
|
|
1350
|
-
# later time.
|
|
2193
|
+
# Specifies the Amazon Web Services account IDs and Organizations
|
|
2194
|
+
# organizational units (OUs) to include in the policy. Specifying an
|
|
2195
|
+
# OU is the equivalent of specifying all accounts in the OU and in any
|
|
2196
|
+
# of its child OUs, including any child OUs and accounts that are
|
|
2197
|
+
# added at a later time.
|
|
1351
2198
|
#
|
|
1352
2199
|
# You can specify inclusions or exclusions, but not both. If you
|
|
1353
|
-
# specify an `IncludeMap`,
|
|
1354
|
-
#
|
|
1355
|
-
#
|
|
1356
|
-
#
|
|
1357
|
-
#
|
|
2200
|
+
# specify an `IncludeMap`, Firewall Manager applies the policy to all
|
|
2201
|
+
# accounts specified by the `IncludeMap`, and does not evaluate any
|
|
2202
|
+
# `ExcludeMap` specifications. If you do not specify an `IncludeMap`,
|
|
2203
|
+
# then Firewall Manager applies the policy to all accounts except for
|
|
2204
|
+
# those specified by the `ExcludeMap`.
|
|
1358
2205
|
#
|
|
1359
2206
|
# You can specify account IDs, OUs, or a combination:
|
|
1360
2207
|
#
|
|
@@ -1373,18 +2220,18 @@ module Aws::FMS
|
|
|
1373
2220
|
# @return [Hash<String,Array<String>>]
|
|
1374
2221
|
#
|
|
1375
2222
|
# @!attribute [rw] exclude_map
|
|
1376
|
-
# Specifies the
|
|
1377
|
-
# units (OUs) to exclude from the policy. Specifying an
|
|
1378
|
-
# equivalent of specifying all accounts in the OU and in any
|
|
1379
|
-
# child OUs, including any child OUs and accounts that are
|
|
1380
|
-
# later time.
|
|
2223
|
+
# Specifies the Amazon Web Services account IDs and Organizations
|
|
2224
|
+
# organizational units (OUs) to exclude from the policy. Specifying an
|
|
2225
|
+
# OU is the equivalent of specifying all accounts in the OU and in any
|
|
2226
|
+
# of its child OUs, including any child OUs and accounts that are
|
|
2227
|
+
# added at a later time.
|
|
1381
2228
|
#
|
|
1382
2229
|
# You can specify inclusions or exclusions, but not both. If you
|
|
1383
|
-
# specify an `IncludeMap`,
|
|
1384
|
-
#
|
|
1385
|
-
#
|
|
1386
|
-
#
|
|
1387
|
-
#
|
|
2230
|
+
# specify an `IncludeMap`, Firewall Manager applies the policy to all
|
|
2231
|
+
# accounts specified by the `IncludeMap`, and does not evaluate any
|
|
2232
|
+
# `ExcludeMap` specifications. If you do not specify an `IncludeMap`,
|
|
2233
|
+
# then Firewall Manager applies the policy to all accounts except for
|
|
2234
|
+
# those specified by the `ExcludeMap`.
|
|
1388
2235
|
#
|
|
1389
2236
|
# You can specify account IDs, OUs, or a combination:
|
|
1390
2237
|
#
|
|
@@ -1421,31 +2268,32 @@ module Aws::FMS
|
|
|
1421
2268
|
end
|
|
1422
2269
|
|
|
1423
2270
|
# Describes the noncompliant resources in a member account for a
|
|
1424
|
-
# specific
|
|
2271
|
+
# specific Firewall Manager policy. A maximum of 100 entries are
|
|
1425
2272
|
# displayed. If more than 100 resources are noncompliant,
|
|
1426
2273
|
# `EvaluationLimitExceeded` is set to `True`.
|
|
1427
2274
|
#
|
|
1428
2275
|
# @!attribute [rw] policy_owner
|
|
1429
|
-
# The
|
|
2276
|
+
# The Amazon Web Services account that created the Firewall Manager
|
|
2277
|
+
# policy.
|
|
1430
2278
|
# @return [String]
|
|
1431
2279
|
#
|
|
1432
2280
|
# @!attribute [rw] policy_id
|
|
1433
|
-
# The ID of the
|
|
2281
|
+
# The ID of the Firewall Manager policy.
|
|
1434
2282
|
# @return [String]
|
|
1435
2283
|
#
|
|
1436
2284
|
# @!attribute [rw] member_account
|
|
1437
|
-
# The
|
|
2285
|
+
# The Amazon Web Services account ID.
|
|
1438
2286
|
# @return [String]
|
|
1439
2287
|
#
|
|
1440
2288
|
# @!attribute [rw] violators
|
|
1441
|
-
# An array of resources that aren't protected by the
|
|
1442
|
-
#
|
|
1443
|
-
#
|
|
2289
|
+
# An array of resources that aren't protected by the WAF or Shield
|
|
2290
|
+
# Advanced policy or that aren't in compliance with the security
|
|
2291
|
+
# group policy.
|
|
1444
2292
|
# @return [Array<Types::ComplianceViolator>]
|
|
1445
2293
|
#
|
|
1446
2294
|
# @!attribute [rw] evaluation_limit_exceeded
|
|
1447
|
-
# Indicates if over 100 resources are noncompliant with the
|
|
1448
|
-
#
|
|
2295
|
+
# Indicates if over 100 resources are noncompliant with the Firewall
|
|
2296
|
+
# Manager policy.
|
|
1449
2297
|
# @return [Boolean]
|
|
1450
2298
|
#
|
|
1451
2299
|
# @!attribute [rw] expired_at
|
|
@@ -1454,10 +2302,9 @@ module Aws::FMS
|
|
|
1454
2302
|
# @return [Time]
|
|
1455
2303
|
#
|
|
1456
2304
|
# @!attribute [rw] issue_info_map
|
|
1457
|
-
# Details about problems with dependent services, such as
|
|
1458
|
-
#
|
|
1459
|
-
#
|
|
1460
|
-
# message received that indicates the problem with the service.
|
|
2305
|
+
# Details about problems with dependent services, such as WAF or
|
|
2306
|
+
# Config, and the error message received that indicates the problem
|
|
2307
|
+
# with the service.
|
|
1461
2308
|
# @return [Hash<String,String>]
|
|
1462
2309
|
#
|
|
1463
2310
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PolicyComplianceDetail AWS API Documentation
|
|
@@ -1476,20 +2323,20 @@ module Aws::FMS
|
|
|
1476
2323
|
|
|
1477
2324
|
# Indicates whether the account is compliant with the specified policy.
|
|
1478
2325
|
# An account is considered noncompliant if it includes resources that
|
|
1479
|
-
# are not protected by the policy, for
|
|
1480
|
-
#
|
|
1481
|
-
# policies.
|
|
2326
|
+
# are not protected by the policy, for WAF and Shield Advanced policies,
|
|
2327
|
+
# or that are noncompliant with the policy, for security group policies.
|
|
1482
2328
|
#
|
|
1483
2329
|
# @!attribute [rw] policy_owner
|
|
1484
|
-
# The
|
|
2330
|
+
# The Amazon Web Services account that created the Firewall Manager
|
|
2331
|
+
# policy.
|
|
1485
2332
|
# @return [String]
|
|
1486
2333
|
#
|
|
1487
2334
|
# @!attribute [rw] policy_id
|
|
1488
|
-
# The ID of the
|
|
2335
|
+
# The ID of the Firewall Manager policy.
|
|
1489
2336
|
# @return [String]
|
|
1490
2337
|
#
|
|
1491
2338
|
# @!attribute [rw] policy_name
|
|
1492
|
-
# The name of the
|
|
2339
|
+
# The name of the Firewall Manager policy.
|
|
1493
2340
|
# @return [String]
|
|
1494
2341
|
#
|
|
1495
2342
|
# @!attribute [rw] member_account
|
|
@@ -1505,10 +2352,9 @@ module Aws::FMS
|
|
|
1505
2352
|
# @return [Time]
|
|
1506
2353
|
#
|
|
1507
2354
|
# @!attribute [rw] issue_info_map
|
|
1508
|
-
# Details about problems with dependent services, such as
|
|
1509
|
-
#
|
|
1510
|
-
#
|
|
1511
|
-
# message received that indicates the problem with the service.
|
|
2355
|
+
# Details about problems with dependent services, such as WAF or
|
|
2356
|
+
# Config, and the error message received that indicates the problem
|
|
2357
|
+
# with the service.
|
|
1512
2358
|
# @return [Hash<String,String>]
|
|
1513
2359
|
#
|
|
1514
2360
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PolicyComplianceStatus AWS API Documentation
|
|
@@ -1525,7 +2371,7 @@ module Aws::FMS
|
|
|
1525
2371
|
include Aws::Structure
|
|
1526
2372
|
end
|
|
1527
2373
|
|
|
1528
|
-
# Details of the
|
|
2374
|
+
# Details of the Firewall Manager policy.
|
|
1529
2375
|
#
|
|
1530
2376
|
# @!attribute [rw] policy_arn
|
|
1531
2377
|
# The Amazon Resource Name (ARN) of the specified policy.
|
|
@@ -1541,8 +2387,8 @@ module Aws::FMS
|
|
|
1541
2387
|
#
|
|
1542
2388
|
# @!attribute [rw] resource_type
|
|
1543
2389
|
# The type of resource protected by or in scope of the policy. This is
|
|
1544
|
-
# in the format shown in the [
|
|
1545
|
-
#
|
|
2390
|
+
# in the format shown in the [Amazon Web Services Resource Types
|
|
2391
|
+
# Reference][1]. For WAF and Shield Advanced, examples include
|
|
1546
2392
|
# `AWS::ElasticLoadBalancingV2::LoadBalancer` and
|
|
1547
2393
|
# `AWS::CloudFront::Distribution`. For a security group common policy,
|
|
1548
2394
|
# valid values are `AWS::EC2::NetworkInterface` and
|
|
@@ -1550,7 +2396,8 @@ module Aws::FMS
|
|
|
1550
2396
|
# valid values are `AWS::EC2::SecurityGroup`,
|
|
1551
2397
|
# `AWS::EC2::NetworkInterface`, and `AWS::EC2::Instance`. For a
|
|
1552
2398
|
# security group usage audit policy, the value is
|
|
1553
|
-
# `AWS::EC2::SecurityGroup`.
|
|
2399
|
+
# `AWS::EC2::SecurityGroup`. For an Network Firewall policy or DNS
|
|
2400
|
+
# Firewall policy, the value is `AWS::EC2::VPC`.
|
|
1554
2401
|
#
|
|
1555
2402
|
#
|
|
1556
2403
|
#
|
|
@@ -1559,8 +2406,8 @@ module Aws::FMS
|
|
|
1559
2406
|
#
|
|
1560
2407
|
# @!attribute [rw] security_service_type
|
|
1561
2408
|
# The service that the policy is using to protect the resources. This
|
|
1562
|
-
# specifies the type of policy that is created, either an
|
|
1563
|
-
#
|
|
2409
|
+
# specifies the type of policy that is created, either an WAF policy,
|
|
2410
|
+
# a Shield Advanced policy, or a security group policy.
|
|
1564
2411
|
# @return [String]
|
|
1565
2412
|
#
|
|
1566
2413
|
# @!attribute [rw] remediation_enabled
|
|
@@ -1581,7 +2428,51 @@ module Aws::FMS
|
|
|
1581
2428
|
include Aws::Structure
|
|
1582
2429
|
end
|
|
1583
2430
|
|
|
1584
|
-
#
|
|
2431
|
+
# A list of remediation actions.
|
|
2432
|
+
#
|
|
2433
|
+
# @!attribute [rw] description
|
|
2434
|
+
# A description of the list of remediation actions.
|
|
2435
|
+
# @return [String]
|
|
2436
|
+
#
|
|
2437
|
+
# @!attribute [rw] ordered_remediation_actions
|
|
2438
|
+
# The ordered list of remediation actions.
|
|
2439
|
+
# @return [Array<Types::RemediationActionWithOrder>]
|
|
2440
|
+
#
|
|
2441
|
+
# @!attribute [rw] is_default_action
|
|
2442
|
+
# Information about whether an action is taken by default.
|
|
2443
|
+
# @return [Boolean]
|
|
2444
|
+
#
|
|
2445
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PossibleRemediationAction AWS API Documentation
|
|
2446
|
+
#
|
|
2447
|
+
class PossibleRemediationAction < Struct.new(
|
|
2448
|
+
:description,
|
|
2449
|
+
:ordered_remediation_actions,
|
|
2450
|
+
:is_default_action)
|
|
2451
|
+
SENSITIVE = []
|
|
2452
|
+
include Aws::Structure
|
|
2453
|
+
end
|
|
2454
|
+
|
|
2455
|
+
# A list of possible remediation action lists. Each individual possible
|
|
2456
|
+
# remediation action is a list of individual remediation actions.
|
|
2457
|
+
#
|
|
2458
|
+
# @!attribute [rw] description
|
|
2459
|
+
# A description of the possible remediation actions list.
|
|
2460
|
+
# @return [String]
|
|
2461
|
+
#
|
|
2462
|
+
# @!attribute [rw] actions
|
|
2463
|
+
# Information about the actions.
|
|
2464
|
+
# @return [Array<Types::PossibleRemediationAction>]
|
|
2465
|
+
#
|
|
2466
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PossibleRemediationActions AWS API Documentation
|
|
2467
|
+
#
|
|
2468
|
+
class PossibleRemediationActions < Struct.new(
|
|
2469
|
+
:description,
|
|
2470
|
+
:actions)
|
|
2471
|
+
SENSITIVE = []
|
|
2472
|
+
include Aws::Structure
|
|
2473
|
+
end
|
|
2474
|
+
|
|
2475
|
+
# An Firewall Manager protocols list.
|
|
1585
2476
|
#
|
|
1586
2477
|
# @note When making an API call, you may pass ProtocolsListData
|
|
1587
2478
|
# data as a hash:
|
|
@@ -1599,11 +2490,11 @@ module Aws::FMS
|
|
|
1599
2490
|
# }
|
|
1600
2491
|
#
|
|
1601
2492
|
# @!attribute [rw] list_id
|
|
1602
|
-
# The ID of the
|
|
2493
|
+
# The ID of the Firewall Manager protocols list.
|
|
1603
2494
|
# @return [String]
|
|
1604
2495
|
#
|
|
1605
2496
|
# @!attribute [rw] list_name
|
|
1606
|
-
# The name of the
|
|
2497
|
+
# The name of the Firewall Manager protocols list.
|
|
1607
2498
|
# @return [String]
|
|
1608
2499
|
#
|
|
1609
2500
|
# @!attribute [rw] list_update_token
|
|
@@ -1614,16 +2505,15 @@ module Aws::FMS
|
|
|
1614
2505
|
# @return [String]
|
|
1615
2506
|
#
|
|
1616
2507
|
# @!attribute [rw] create_time
|
|
1617
|
-
# The time that the
|
|
2508
|
+
# The time that the Firewall Manager protocols list was created.
|
|
1618
2509
|
# @return [Time]
|
|
1619
2510
|
#
|
|
1620
2511
|
# @!attribute [rw] last_update_time
|
|
1621
|
-
# The time that the
|
|
1622
|
-
# updated.
|
|
2512
|
+
# The time that the Firewall Manager protocols list was last updated.
|
|
1623
2513
|
# @return [Time]
|
|
1624
2514
|
#
|
|
1625
2515
|
# @!attribute [rw] protocols_list
|
|
1626
|
-
# An array of protocols in the
|
|
2516
|
+
# An array of protocols in the Firewall Manager protocols list.
|
|
1627
2517
|
# @return [Array<String>]
|
|
1628
2518
|
#
|
|
1629
2519
|
# @!attribute [rw] previous_protocols_list
|
|
@@ -1645,7 +2535,7 @@ module Aws::FMS
|
|
|
1645
2535
|
include Aws::Structure
|
|
1646
2536
|
end
|
|
1647
2537
|
|
|
1648
|
-
# Details of the
|
|
2538
|
+
# Details of the Firewall Manager protocols list.
|
|
1649
2539
|
#
|
|
1650
2540
|
# @!attribute [rw] list_arn
|
|
1651
2541
|
# The Amazon Resource Name (ARN) of the specified protocols list.
|
|
@@ -1660,7 +2550,7 @@ module Aws::FMS
|
|
|
1660
2550
|
# @return [String]
|
|
1661
2551
|
#
|
|
1662
2552
|
# @!attribute [rw] protocols_list
|
|
1663
|
-
# An array of protocols in the
|
|
2553
|
+
# An array of protocols in the Firewall Manager protocols list.
|
|
1664
2554
|
# @return [Array<String>]
|
|
1665
2555
|
#
|
|
1666
2556
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ProtocolsListDataSummary AWS API Documentation
|
|
@@ -1710,8 +2600,7 @@ module Aws::FMS
|
|
|
1710
2600
|
# }
|
|
1711
2601
|
#
|
|
1712
2602
|
# @!attribute [rw] apps_list
|
|
1713
|
-
# The details of the
|
|
1714
|
-
# created.
|
|
2603
|
+
# The details of the Firewall Manager applications list to be created.
|
|
1715
2604
|
# @return [Types::AppsListData]
|
|
1716
2605
|
#
|
|
1717
2606
|
# @!attribute [rw] tag_list
|
|
@@ -1728,7 +2617,7 @@ module Aws::FMS
|
|
|
1728
2617
|
end
|
|
1729
2618
|
|
|
1730
2619
|
# @!attribute [rw] apps_list
|
|
1731
|
-
# The details of the
|
|
2620
|
+
# The details of the Firewall Manager applications list.
|
|
1732
2621
|
# @return [Types::AppsListData]
|
|
1733
2622
|
#
|
|
1734
2623
|
# @!attribute [rw] apps_list_arn
|
|
@@ -1754,12 +2643,12 @@ module Aws::FMS
|
|
|
1754
2643
|
#
|
|
1755
2644
|
# @!attribute [rw] sns_topic_arn
|
|
1756
2645
|
# The Amazon Resource Name (ARN) of the SNS topic that collects
|
|
1757
|
-
# notifications from
|
|
2646
|
+
# notifications from Firewall Manager.
|
|
1758
2647
|
# @return [String]
|
|
1759
2648
|
#
|
|
1760
2649
|
# @!attribute [rw] sns_role_name
|
|
1761
2650
|
# The Amazon Resource Name (ARN) of the IAM role that allows Amazon
|
|
1762
|
-
# SNS to record
|
|
2651
|
+
# SNS to record Firewall Manager activity.
|
|
1763
2652
|
# @return [String]
|
|
1764
2653
|
#
|
|
1765
2654
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutNotificationChannelRequest AWS API Documentation
|
|
@@ -1780,7 +2669,7 @@ module Aws::FMS
|
|
|
1780
2669
|
# policy_name: "ResourceName", # required
|
|
1781
2670
|
# policy_update_token: "PolicyUpdateToken",
|
|
1782
2671
|
# security_service_policy_data: { # required
|
|
1783
|
-
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
|
|
2672
|
+
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
|
|
1784
2673
|
# managed_service_data: "ManagedServiceData",
|
|
1785
2674
|
# },
|
|
1786
2675
|
# resource_type: "ResourceType", # required
|
|
@@ -1809,11 +2698,11 @@ module Aws::FMS
|
|
|
1809
2698
|
# }
|
|
1810
2699
|
#
|
|
1811
2700
|
# @!attribute [rw] policy
|
|
1812
|
-
# The details of the
|
|
2701
|
+
# The details of the Firewall Manager policy to be created.
|
|
1813
2702
|
# @return [Types::Policy]
|
|
1814
2703
|
#
|
|
1815
2704
|
# @!attribute [rw] tag_list
|
|
1816
|
-
# The tags to add to the
|
|
2705
|
+
# The tags to add to the Amazon Web Services resource.
|
|
1817
2706
|
# @return [Array<Types::Tag>]
|
|
1818
2707
|
#
|
|
1819
2708
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutPolicyRequest AWS API Documentation
|
|
@@ -1826,7 +2715,7 @@ module Aws::FMS
|
|
|
1826
2715
|
end
|
|
1827
2716
|
|
|
1828
2717
|
# @!attribute [rw] policy
|
|
1829
|
-
# The details of the
|
|
2718
|
+
# The details of the Firewall Manager policy.
|
|
1830
2719
|
# @return [Types::Policy]
|
|
1831
2720
|
#
|
|
1832
2721
|
# @!attribute [rw] policy_arn
|
|
@@ -1866,8 +2755,7 @@ module Aws::FMS
|
|
|
1866
2755
|
# }
|
|
1867
2756
|
#
|
|
1868
2757
|
# @!attribute [rw] protocols_list
|
|
1869
|
-
# The details of the
|
|
1870
|
-
# created.
|
|
2758
|
+
# The details of the Firewall Manager protocols list to be created.
|
|
1871
2759
|
# @return [Types::ProtocolsListData]
|
|
1872
2760
|
#
|
|
1873
2761
|
# @!attribute [rw] tag_list
|
|
@@ -1884,7 +2772,7 @@ module Aws::FMS
|
|
|
1884
2772
|
end
|
|
1885
2773
|
|
|
1886
2774
|
# @!attribute [rw] protocols_list
|
|
1887
|
-
# The details of the
|
|
2775
|
+
# The details of the Firewall Manager protocols list.
|
|
1888
2776
|
# @return [Types::ProtocolsListData]
|
|
1889
2777
|
#
|
|
1890
2778
|
# @!attribute [rw] protocols_list_arn
|
|
@@ -1900,6 +2788,77 @@ module Aws::FMS
|
|
|
1900
2788
|
include Aws::Structure
|
|
1901
2789
|
end
|
|
1902
2790
|
|
|
2791
|
+
# Information about an individual action you can take to remediate a
|
|
2792
|
+
# violation.
|
|
2793
|
+
#
|
|
2794
|
+
# @!attribute [rw] description
|
|
2795
|
+
# A description of a remediation action.
|
|
2796
|
+
# @return [String]
|
|
2797
|
+
#
|
|
2798
|
+
# @!attribute [rw] ec2_create_route_action
|
|
2799
|
+
# Information about the CreateRoute action in the Amazon EC2 API.
|
|
2800
|
+
# @return [Types::EC2CreateRouteAction]
|
|
2801
|
+
#
|
|
2802
|
+
# @!attribute [rw] ec2_replace_route_action
|
|
2803
|
+
# Information about the ReplaceRoute action in the Amazon EC2 API.
|
|
2804
|
+
# @return [Types::EC2ReplaceRouteAction]
|
|
2805
|
+
#
|
|
2806
|
+
# @!attribute [rw] ec2_delete_route_action
|
|
2807
|
+
# Information about the DeleteRoute action in the Amazon EC2 API.
|
|
2808
|
+
# @return [Types::EC2DeleteRouteAction]
|
|
2809
|
+
#
|
|
2810
|
+
# @!attribute [rw] ec2_copy_route_table_action
|
|
2811
|
+
# Information about the CopyRouteTable action in the Amazon EC2 API.
|
|
2812
|
+
# @return [Types::EC2CopyRouteTableAction]
|
|
2813
|
+
#
|
|
2814
|
+
# @!attribute [rw] ec2_replace_route_table_association_action
|
|
2815
|
+
# Information about the ReplaceRouteTableAssociation action in the
|
|
2816
|
+
# Amazon EC2 API.
|
|
2817
|
+
# @return [Types::EC2ReplaceRouteTableAssociationAction]
|
|
2818
|
+
#
|
|
2819
|
+
# @!attribute [rw] ec2_associate_route_table_action
|
|
2820
|
+
# Information about the AssociateRouteTable action in the Amazon EC2
|
|
2821
|
+
# API.
|
|
2822
|
+
# @return [Types::EC2AssociateRouteTableAction]
|
|
2823
|
+
#
|
|
2824
|
+
# @!attribute [rw] ec2_create_route_table_action
|
|
2825
|
+
# Information about the CreateRouteTable action in the Amazon EC2 API.
|
|
2826
|
+
# @return [Types::EC2CreateRouteTableAction]
|
|
2827
|
+
#
|
|
2828
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/RemediationAction AWS API Documentation
|
|
2829
|
+
#
|
|
2830
|
+
class RemediationAction < Struct.new(
|
|
2831
|
+
:description,
|
|
2832
|
+
:ec2_create_route_action,
|
|
2833
|
+
:ec2_replace_route_action,
|
|
2834
|
+
:ec2_delete_route_action,
|
|
2835
|
+
:ec2_copy_route_table_action,
|
|
2836
|
+
:ec2_replace_route_table_association_action,
|
|
2837
|
+
:ec2_associate_route_table_action,
|
|
2838
|
+
:ec2_create_route_table_action)
|
|
2839
|
+
SENSITIVE = []
|
|
2840
|
+
include Aws::Structure
|
|
2841
|
+
end
|
|
2842
|
+
|
|
2843
|
+
# An ordered list of actions you can take to remediate a violation.
|
|
2844
|
+
#
|
|
2845
|
+
# @!attribute [rw] remediation_action
|
|
2846
|
+
# Information about an action you can take to remediate a violation.
|
|
2847
|
+
# @return [Types::RemediationAction]
|
|
2848
|
+
#
|
|
2849
|
+
# @!attribute [rw] order
|
|
2850
|
+
# The order of the remediation actions in the list.
|
|
2851
|
+
# @return [Integer]
|
|
2852
|
+
#
|
|
2853
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/RemediationActionWithOrder AWS API Documentation
|
|
2854
|
+
#
|
|
2855
|
+
class RemediationActionWithOrder < Struct.new(
|
|
2856
|
+
:remediation_action,
|
|
2857
|
+
:order)
|
|
2858
|
+
SENSITIVE = []
|
|
2859
|
+
include Aws::Structure
|
|
2860
|
+
end
|
|
2861
|
+
|
|
1903
2862
|
# The specified resource was not found.
|
|
1904
2863
|
#
|
|
1905
2864
|
# @!attribute [rw] message
|
|
@@ -1913,9 +2872,9 @@ module Aws::FMS
|
|
|
1913
2872
|
include Aws::Structure
|
|
1914
2873
|
end
|
|
1915
2874
|
|
|
1916
|
-
# The resource tags that
|
|
1917
|
-
# particular resource should be included or excluded from the
|
|
1918
|
-
#
|
|
2875
|
+
# The resource tags that Firewall Manager uses to determine if a
|
|
2876
|
+
# particular resource should be included or excluded from the Firewall
|
|
2877
|
+
# Manager policy. Tags enable you to categorize your Amazon Web Services
|
|
1919
2878
|
# resources in different ways, for example, by purpose, owner, or
|
|
1920
2879
|
# environment. Each tag consists of a key and an optional value.
|
|
1921
2880
|
# Firewall Manager combines the tags with "AND" so that, if you add
|
|
@@ -1955,23 +2914,143 @@ module Aws::FMS
|
|
|
1955
2914
|
# Violation detail based on resource type.
|
|
1956
2915
|
#
|
|
1957
2916
|
# @!attribute [rw] aws_vpc_security_group_violation
|
|
1958
|
-
# Violation
|
|
2917
|
+
# Violation detail for security groups.
|
|
1959
2918
|
# @return [Types::AwsVPCSecurityGroupViolation]
|
|
1960
2919
|
#
|
|
1961
2920
|
# @!attribute [rw] aws_ec2_network_interface_violation
|
|
1962
|
-
# Violation
|
|
2921
|
+
# Violation detail for a network interface.
|
|
1963
2922
|
# @return [Types::AwsEc2NetworkInterfaceViolation]
|
|
1964
2923
|
#
|
|
1965
2924
|
# @!attribute [rw] aws_ec2_instance_violation
|
|
1966
|
-
# Violation
|
|
2925
|
+
# Violation detail for an EC2 instance.
|
|
1967
2926
|
# @return [Types::AwsEc2InstanceViolation]
|
|
1968
2927
|
#
|
|
2928
|
+
# @!attribute [rw] network_firewall_missing_firewall_violation
|
|
2929
|
+
# Violation detail for an Network Firewall policy that indicates that
|
|
2930
|
+
# a subnet has no Firewall Manager managed firewall in its VPC.
|
|
2931
|
+
# @return [Types::NetworkFirewallMissingFirewallViolation]
|
|
2932
|
+
#
|
|
2933
|
+
# @!attribute [rw] network_firewall_missing_subnet_violation
|
|
2934
|
+
# Violation detail for an Network Firewall policy that indicates that
|
|
2935
|
+
# an Availability Zone is missing the expected Firewall Manager
|
|
2936
|
+
# managed subnet.
|
|
2937
|
+
# @return [Types::NetworkFirewallMissingSubnetViolation]
|
|
2938
|
+
#
|
|
2939
|
+
# @!attribute [rw] network_firewall_missing_expected_rt_violation
|
|
2940
|
+
# Violation detail for an Network Firewall policy that indicates that
|
|
2941
|
+
# a subnet is not associated with the expected Firewall Manager
|
|
2942
|
+
# managed route table.
|
|
2943
|
+
# @return [Types::NetworkFirewallMissingExpectedRTViolation]
|
|
2944
|
+
#
|
|
2945
|
+
# @!attribute [rw] network_firewall_policy_modified_violation
|
|
2946
|
+
# Violation detail for an Network Firewall policy that indicates that
|
|
2947
|
+
# a firewall policy in an individual account has been modified in a
|
|
2948
|
+
# way that makes it noncompliant. For example, the individual account
|
|
2949
|
+
# owner might have deleted a rule group, changed the priority of a
|
|
2950
|
+
# stateless rule group, or changed a policy default action.
|
|
2951
|
+
# @return [Types::NetworkFirewallPolicyModifiedViolation]
|
|
2952
|
+
#
|
|
2953
|
+
# @!attribute [rw] network_firewall_internet_traffic_not_inspected_violation
|
|
2954
|
+
# Violation detail for the subnet for which internet traffic hasn't
|
|
2955
|
+
# been inspected.
|
|
2956
|
+
# @return [Types::NetworkFirewallInternetTrafficNotInspectedViolation]
|
|
2957
|
+
#
|
|
2958
|
+
# @!attribute [rw] network_firewall_invalid_route_configuration_violation
|
|
2959
|
+
# The route configuration is invalid.
|
|
2960
|
+
# @return [Types::NetworkFirewallInvalidRouteConfigurationViolation]
|
|
2961
|
+
#
|
|
2962
|
+
# @!attribute [rw] network_firewall_black_hole_route_detected_violation
|
|
2963
|
+
# Violation detail for an internet gateway route with an inactive
|
|
2964
|
+
# state in the customer subnet route table or Network Firewall subnet
|
|
2965
|
+
# route table.
|
|
2966
|
+
# @return [Types::NetworkFirewallBlackHoleRouteDetectedViolation]
|
|
2967
|
+
#
|
|
2968
|
+
# @!attribute [rw] network_firewall_unexpected_firewall_routes_violation
|
|
2969
|
+
# There's an unexpected firewall route.
|
|
2970
|
+
# @return [Types::NetworkFirewallUnexpectedFirewallRoutesViolation]
|
|
2971
|
+
#
|
|
2972
|
+
# @!attribute [rw] network_firewall_unexpected_gateway_routes_violation
|
|
2973
|
+
# There's an unexpected gateway route.
|
|
2974
|
+
# @return [Types::NetworkFirewallUnexpectedGatewayRoutesViolation]
|
|
2975
|
+
#
|
|
2976
|
+
# @!attribute [rw] network_firewall_missing_expected_routes_violation
|
|
2977
|
+
# Expected routes are missing from Network Firewall.
|
|
2978
|
+
# @return [Types::NetworkFirewallMissingExpectedRoutesViolation]
|
|
2979
|
+
#
|
|
2980
|
+
# @!attribute [rw] dns_rule_group_priority_conflict_violation
|
|
2981
|
+
# Violation detail for a DNS Firewall policy that indicates that a
|
|
2982
|
+
# rule group that Firewall Manager tried to associate with a VPC has
|
|
2983
|
+
# the same priority as a rule group that's already associated.
|
|
2984
|
+
# @return [Types::DnsRuleGroupPriorityConflictViolation]
|
|
2985
|
+
#
|
|
2986
|
+
# @!attribute [rw] dns_duplicate_rule_group_violation
|
|
2987
|
+
# Violation detail for a DNS Firewall policy that indicates that a
|
|
2988
|
+
# rule group that Firewall Manager tried to associate with a VPC is
|
|
2989
|
+
# already associated with the VPC and can't be associated again.
|
|
2990
|
+
# @return [Types::DnsDuplicateRuleGroupViolation]
|
|
2991
|
+
#
|
|
2992
|
+
# @!attribute [rw] dns_rule_group_limit_exceeded_violation
|
|
2993
|
+
# Violation detail for a DNS Firewall policy that indicates that the
|
|
2994
|
+
# VPC reached the limit for associated DNS Firewall rule groups.
|
|
2995
|
+
# Firewall Manager tried to associate another rule group with the VPC
|
|
2996
|
+
# and failed.
|
|
2997
|
+
# @return [Types::DnsRuleGroupLimitExceededViolation]
|
|
2998
|
+
#
|
|
2999
|
+
# @!attribute [rw] possible_remediation_actions
|
|
3000
|
+
# A list of possible remediation action lists. Each individual
|
|
3001
|
+
# possible remediation action is a list of individual remediation
|
|
3002
|
+
# actions.
|
|
3003
|
+
# @return [Types::PossibleRemediationActions]
|
|
3004
|
+
#
|
|
1969
3005
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
|
|
1970
3006
|
#
|
|
1971
3007
|
class ResourceViolation < Struct.new(
|
|
1972
3008
|
:aws_vpc_security_group_violation,
|
|
1973
3009
|
:aws_ec2_network_interface_violation,
|
|
1974
|
-
:aws_ec2_instance_violation
|
|
3010
|
+
:aws_ec2_instance_violation,
|
|
3011
|
+
:network_firewall_missing_firewall_violation,
|
|
3012
|
+
:network_firewall_missing_subnet_violation,
|
|
3013
|
+
:network_firewall_missing_expected_rt_violation,
|
|
3014
|
+
:network_firewall_policy_modified_violation,
|
|
3015
|
+
:network_firewall_internet_traffic_not_inspected_violation,
|
|
3016
|
+
:network_firewall_invalid_route_configuration_violation,
|
|
3017
|
+
:network_firewall_black_hole_route_detected_violation,
|
|
3018
|
+
:network_firewall_unexpected_firewall_routes_violation,
|
|
3019
|
+
:network_firewall_unexpected_gateway_routes_violation,
|
|
3020
|
+
:network_firewall_missing_expected_routes_violation,
|
|
3021
|
+
:dns_rule_group_priority_conflict_violation,
|
|
3022
|
+
:dns_duplicate_rule_group_violation,
|
|
3023
|
+
:dns_rule_group_limit_exceeded_violation,
|
|
3024
|
+
:possible_remediation_actions)
|
|
3025
|
+
SENSITIVE = []
|
|
3026
|
+
include Aws::Structure
|
|
3027
|
+
end
|
|
3028
|
+
|
|
3029
|
+
# Describes a route in a route table.
|
|
3030
|
+
#
|
|
3031
|
+
# @!attribute [rw] destination_type
|
|
3032
|
+
# The type of destination for the route.
|
|
3033
|
+
# @return [String]
|
|
3034
|
+
#
|
|
3035
|
+
# @!attribute [rw] target_type
|
|
3036
|
+
# The type of target for the route.
|
|
3037
|
+
# @return [String]
|
|
3038
|
+
#
|
|
3039
|
+
# @!attribute [rw] destination
|
|
3040
|
+
# The destination of the route.
|
|
3041
|
+
# @return [String]
|
|
3042
|
+
#
|
|
3043
|
+
# @!attribute [rw] target
|
|
3044
|
+
# The route's target.
|
|
3045
|
+
# @return [String]
|
|
3046
|
+
#
|
|
3047
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Route AWS API Documentation
|
|
3048
|
+
#
|
|
3049
|
+
class Route < Struct.new(
|
|
3050
|
+
:destination_type,
|
|
3051
|
+
:target_type,
|
|
3052
|
+
:destination,
|
|
3053
|
+
:target)
|
|
1975
3054
|
SENSITIVE = []
|
|
1976
3055
|
include Aws::Structure
|
|
1977
3056
|
end
|
|
@@ -2055,18 +3134,18 @@ module Aws::FMS
|
|
|
2055
3134
|
# data as a hash:
|
|
2056
3135
|
#
|
|
2057
3136
|
# {
|
|
2058
|
-
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
|
|
3137
|
+
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
|
|
2059
3138
|
# managed_service_data: "ManagedServiceData",
|
|
2060
3139
|
# }
|
|
2061
3140
|
#
|
|
2062
3141
|
# @!attribute [rw] type
|
|
2063
3142
|
# The service that the policy is using to protect the resources. This
|
|
2064
|
-
# specifies the type of policy that is created, either an
|
|
2065
|
-
#
|
|
2066
|
-
#
|
|
2067
|
-
#
|
|
2068
|
-
#
|
|
2069
|
-
# Support.
|
|
3143
|
+
# specifies the type of policy that is created, either an WAF policy,
|
|
3144
|
+
# a Shield Advanced policy, or a security group policy. For security
|
|
3145
|
+
# group policies, Firewall Manager supports one security group for
|
|
3146
|
+
# each common policy and for each content audit policy. This is an
|
|
3147
|
+
# adjustable limit that you can increase by contacting Amazon Web
|
|
3148
|
+
# Services Support.
|
|
2070
3149
|
# @return [String]
|
|
2071
3150
|
#
|
|
2072
3151
|
# @!attribute [rw] managed_service_data
|
|
@@ -2074,29 +3153,47 @@ module Aws::FMS
|
|
|
2074
3153
|
# JSON format. For service type `SHIELD_ADVANCED`, this is an empty
|
|
2075
3154
|
# string.
|
|
2076
3155
|
#
|
|
3156
|
+
# * Example: `DNS_FIREWALL`
|
|
3157
|
+
#
|
|
3158
|
+
# `"\{"type":"DNS_FIREWALL","preProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-1","priority":10\}],"postProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-2","priority":9911\}]\}"`
|
|
3159
|
+
#
|
|
3160
|
+
# * Example: `NETWORK_FIREWALL`
|
|
3161
|
+
#
|
|
3162
|
+
# `"\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2","priority":10\}],"networkFirewallStatelessDefaultActions":["aws:pass","custom1"],"networkFirewallStatelessFragmentDefaultActions":["custom2","aws:pass"],"networkFirewallStatelessCustomActions":[\{"actionName":"custom1","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"dimension1"\}]\}\}\},\{"actionName":"custom2","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"dimension2"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1"\}],"networkFirewallOrchestrationConfig":\{"singleFirewallEndpointPerVPC":true,"allowedIPV4CidrList":["10.24.34.0/28"]\}
|
|
3163
|
+
# \}"`
|
|
3164
|
+
#
|
|
2077
3165
|
# * Example: `WAFV2`
|
|
2078
3166
|
#
|
|
2079
|
-
# `"
|
|
2080
|
-
#
|
|
3167
|
+
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAmazonIpReputationList"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
|
|
3168
|
+
#
|
|
3169
|
+
# In the `loggingConfiguration`, you can specify one
|
|
3170
|
+
# `logDestinationConfigs`, you can optionally provide up to 20
|
|
3171
|
+
# `redactedFields`, and the `RedactedFieldType` must be one of
|
|
3172
|
+
# `URI`, `QUERY_STRING`, `HEADER`, or `METHOD`.
|
|
2081
3173
|
#
|
|
2082
3174
|
# * Example: `WAF Classic`
|
|
2083
3175
|
#
|
|
2084
|
-
# `"
|
|
2085
|
-
# [\{"id":
|
|
3176
|
+
# `"\{"type": "WAF", "ruleGroups":
|
|
3177
|
+
# [\{"id":"12345678-1bcd-9012-efga-0987654321ab",
|
|
2086
3178
|
# "overrideAction" : \{"type": "COUNT"\}\}],
|
|
2087
|
-
# "defaultAction": \{"type": "BLOCK"\}\}`
|
|
3179
|
+
# "defaultAction": \{"type": "BLOCK"\}\}"`
|
|
2088
3180
|
#
|
|
2089
3181
|
# * Example: `SECURITY_GROUPS_COMMON`
|
|
2090
3182
|
#
|
|
2091
|
-
# `"
|
|
3183
|
+
# `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
|
|
2092
3184
|
# "applyToAllEC2InstanceENIs":false,"securityGroups":[\{"id":"
|
|
2093
|
-
# sg-000e55995d61a06bd"\}]\}"
|
|
3185
|
+
# sg-000e55995d61a06bd"\}]\}"`
|
|
3186
|
+
#
|
|
3187
|
+
# * Example: Shared VPCs. Apply the preceding policy to resources in
|
|
3188
|
+
# shared VPCs as well as to those in VPCs that the account owns
|
|
3189
|
+
#
|
|
3190
|
+
# `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
|
|
3191
|
+
# "applyToAllEC2InstanceENIs":false,"includeSharedVPC":true,"securityGroups":[\{"id":"
|
|
3192
|
+
# sg-000e55995d61a06bd"\}]\}"`
|
|
2094
3193
|
#
|
|
2095
3194
|
# * Example: `SECURITY_GROUPS_CONTENT_AUDIT`
|
|
2096
3195
|
#
|
|
2097
|
-
# `"
|
|
2098
|
-
# sg-000e55995d61a06bd
|
|
2099
|
-
# "\}],"securityGroupAction":\{"type":"ALLOW"\}\}"\},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"\}`
|
|
3196
|
+
# `"\{"type":"SECURITY_GROUPS_CONTENT_AUDIT","securityGroups":[\{"id":"sg-000e55995d61a06bd"\}],"securityGroupAction":\{"type":"ALLOW"\}\}"`
|
|
2100
3197
|
#
|
|
2101
3198
|
# The security group action for content audit can be `ALLOW` or
|
|
2102
3199
|
# `DENY`. For `ALLOW`, all in-scope security group rules must be
|
|
@@ -2107,8 +3204,7 @@ module Aws::FMS
|
|
|
2107
3204
|
#
|
|
2108
3205
|
# * Example: `SECURITY_GROUPS_USAGE_AUDIT`
|
|
2109
3206
|
#
|
|
2110
|
-
# `"
|
|
2111
|
-
# rceType":"AWS::EC2::SecurityGroup"\}`
|
|
3207
|
+
# `"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true\}"`
|
|
2112
3208
|
# @return [String]
|
|
2113
3209
|
#
|
|
2114
3210
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityServicePolicyData AWS API Documentation
|
|
@@ -2120,12 +3216,59 @@ module Aws::FMS
|
|
|
2120
3216
|
include Aws::Structure
|
|
2121
3217
|
end
|
|
2122
3218
|
|
|
2123
|
-
#
|
|
2124
|
-
#
|
|
2125
|
-
#
|
|
2126
|
-
#
|
|
2127
|
-
#
|
|
2128
|
-
#
|
|
3219
|
+
# Network Firewall stateful rule group, used in a
|
|
3220
|
+
# NetworkFirewallPolicyDescription.
|
|
3221
|
+
#
|
|
3222
|
+
# @!attribute [rw] rule_group_name
|
|
3223
|
+
# The name of the rule group.
|
|
3224
|
+
# @return [String]
|
|
3225
|
+
#
|
|
3226
|
+
# @!attribute [rw] resource_id
|
|
3227
|
+
# The resource ID of the rule group.
|
|
3228
|
+
# @return [String]
|
|
3229
|
+
#
|
|
3230
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatefulRuleGroup AWS API Documentation
|
|
3231
|
+
#
|
|
3232
|
+
class StatefulRuleGroup < Struct.new(
|
|
3233
|
+
:rule_group_name,
|
|
3234
|
+
:resource_id)
|
|
3235
|
+
SENSITIVE = []
|
|
3236
|
+
include Aws::Structure
|
|
3237
|
+
end
|
|
3238
|
+
|
|
3239
|
+
# Network Firewall stateless rule group, used in a
|
|
3240
|
+
# NetworkFirewallPolicyDescription.
|
|
3241
|
+
#
|
|
3242
|
+
# @!attribute [rw] rule_group_name
|
|
3243
|
+
# The name of the rule group.
|
|
3244
|
+
# @return [String]
|
|
3245
|
+
#
|
|
3246
|
+
# @!attribute [rw] resource_id
|
|
3247
|
+
# The resource ID of the rule group.
|
|
3248
|
+
# @return [String]
|
|
3249
|
+
#
|
|
3250
|
+
# @!attribute [rw] priority
|
|
3251
|
+
# The priority of the rule group. Network Firewall evaluates the
|
|
3252
|
+
# stateless rule groups in a firewall policy starting from the lowest
|
|
3253
|
+
# priority setting.
|
|
3254
|
+
# @return [Integer]
|
|
3255
|
+
#
|
|
3256
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatelessRuleGroup AWS API Documentation
|
|
3257
|
+
#
|
|
3258
|
+
class StatelessRuleGroup < Struct.new(
|
|
3259
|
+
:rule_group_name,
|
|
3260
|
+
:resource_id,
|
|
3261
|
+
:priority)
|
|
3262
|
+
SENSITIVE = []
|
|
3263
|
+
include Aws::Structure
|
|
3264
|
+
end
|
|
3265
|
+
|
|
3266
|
+
# A collection of key:value pairs associated with an Amazon Web Services
|
|
3267
|
+
# resource. The key:value pair can be anything you define. Typically,
|
|
3268
|
+
# the tag key represents a category (such as "environment") and the
|
|
3269
|
+
# tag value represents a specific value within that category (such as
|
|
3270
|
+
# "test," "development," or "production"). You can add up to 50
|
|
3271
|
+
# tags to each Amazon Web Services resource.
|
|
2129
3272
|
#
|
|
2130
3273
|
# @note When making an API call, you may pass Tag
|
|
2131
3274
|
# data as a hash:
|
|
@@ -2171,8 +3314,8 @@ module Aws::FMS
|
|
|
2171
3314
|
#
|
|
2172
3315
|
# @!attribute [rw] resource_arn
|
|
2173
3316
|
# The Amazon Resource Name (ARN) of the resource to return tags for.
|
|
2174
|
-
# The
|
|
2175
|
-
#
|
|
3317
|
+
# The Firewall Manager resources that support tagging are policies,
|
|
3318
|
+
# applications lists, and protocols lists.
|
|
2176
3319
|
# @return [String]
|
|
2177
3320
|
#
|
|
2178
3321
|
# @!attribute [rw] tag_list
|
|
@@ -2202,8 +3345,8 @@ module Aws::FMS
|
|
|
2202
3345
|
#
|
|
2203
3346
|
# @!attribute [rw] resource_arn
|
|
2204
3347
|
# The Amazon Resource Name (ARN) of the resource to return tags for.
|
|
2205
|
-
# The
|
|
2206
|
-
#
|
|
3348
|
+
# The Firewall Manager resources that support tagging are policies,
|
|
3349
|
+
# applications lists, and protocols lists.
|
|
2207
3350
|
# @return [String]
|
|
2208
3351
|
#
|
|
2209
3352
|
# @!attribute [rw] tag_keys
|
|
@@ -2223,16 +3366,17 @@ module Aws::FMS
|
|
|
2223
3366
|
#
|
|
2224
3367
|
class UntagResourceResponse < Aws::EmptyStructure; end
|
|
2225
3368
|
|
|
2226
|
-
# Violations for a resource based on the specified
|
|
2227
|
-
# policy and
|
|
3369
|
+
# Violations for a resource based on the specified Firewall Manager
|
|
3370
|
+
# policy and Amazon Web Services account.
|
|
2228
3371
|
#
|
|
2229
3372
|
# @!attribute [rw] policy_id
|
|
2230
|
-
# The ID of the
|
|
3373
|
+
# The ID of the Firewall Manager policy that the violation details
|
|
2231
3374
|
# were requested for.
|
|
2232
3375
|
# @return [String]
|
|
2233
3376
|
#
|
|
2234
3377
|
# @!attribute [rw] member_account
|
|
2235
|
-
# The
|
|
3378
|
+
# The Amazon Web Services account that the violation details were
|
|
3379
|
+
# requested for.
|
|
2236
3380
|
# @return [String]
|
|
2237
3381
|
#
|
|
2238
3382
|
# @!attribute [rw] resource_id
|