aws-sdk-fms 1.36.0 → 1.40.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3c8a99fc75ac8e720319d7d845aa3c487189e179ecce7084ecf84ec12774b1a3
4
- data.tar.gz: f875444f4cb29409f92afa7780b806d1633f09b5fe4ee93568a250570fc8fafd
3
+ metadata.gz: 1ff95f0782e7d071defc0774619cd3da1b2af7b963eb869f08f05765d14fe5aa
4
+ data.tar.gz: b5fecd80348e420784e65139a8be691a9bdbd42b47f9dd143a33e90da3101a0a
5
5
  SHA512:
6
- metadata.gz: b16b3ca3cac3486704fcb1d15120f9e51368f8d0684bee65e53f2e4243bd0fe4dda1bb18e98914ab33d19fa3885ddb185306445e25e5dd99625b9927dd0f1197
7
- data.tar.gz: ddb957f7fd595f37f5966f27d4064668695998185fe4d7c5813f2efe3772907a5f0c0acf4011dd64dc4048609e1e7ed1fdcc153e64a6f3df72c3601ccbadb9be
6
+ metadata.gz: 748fa9b88b5957eb2a0f607bdea51953b2a094d0f28c160b3ad0504cd8cc479cbab30c3e9d8a0ccddf6a27ccf81d6055ebd6f8786e413d2772eb636465abdc7f
7
+ data.tar.gz: a5dfd16705a67084af39875c21b6f587cb2f09ead7b21956602084073aba25d9d41b3c6b7c4b2768863e64e4ec97ddb8402d9556f5d566ad0d8ba24493865634
data/CHANGELOG.md CHANGED
@@ -1,6 +1,26 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.40.0 (2021-08-25)
5
+ ------------------
6
+
7
+ * Feature - AWS Firewall Manager now supports triggering resource cleanup workflow when account or resource goes out of policy scope for AWS WAF, Security group, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall policies.
8
+
9
+ 1.39.0 (2021-07-30)
10
+ ------------------
11
+
12
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
13
+
14
+ 1.38.0 (2021-07-28)
15
+ ------------------
16
+
17
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
18
+
19
+ 1.37.0 (2021-07-08)
20
+ ------------------
21
+
22
+ * Feature - AWS Firewall Manager now supports route table monitoring, and provides remediation action recommendations to security administrators for AWS Network Firewall policies with misconfigured routes.
23
+
4
24
  1.36.0 (2021-04-01)
5
25
  ------------------
6
26
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.36.0
1
+ 1.40.0
@@ -337,22 +337,20 @@ module Aws::FMS
337
337
 
338
338
  # @!group API Operations
339
339
 
340
- # Sets the AWS Firewall Manager administrator account. AWS Firewall
341
- # Manager must be associated with the master account of your AWS
342
- # organization or associated with a member account that has the
343
- # appropriate permissions. If the account ID that you submit is not an
344
- # AWS Organizations master account, AWS Firewall Manager will set the
345
- # appropriate permissions for the given member account.
340
+ # Sets the Firewall Manager administrator account. The account must be a
341
+ # member of the organization in Organizations whose resources you want
342
+ # to protect. Firewall Manager sets the permissions that allow the
343
+ # account to administer your Firewall Manager policies.
346
344
  #
347
- # The account that you associate with AWS Firewall Manager is called the
348
- # AWS Firewall Manager administrator account.
345
+ # The account that you associate with Firewall Manager is called the
346
+ # Firewall Manager administrator account.
349
347
  #
350
348
  # @option params [required, String] :admin_account
351
- # The AWS account ID to associate with AWS Firewall Manager as the AWS
352
- # Firewall Manager administrator account. This can be an AWS
353
- # Organizations master account or a member account. For more information
354
- # about AWS Organizations and master accounts, see [Managing the AWS
355
- # Accounts in Your Organization][1].
349
+ # The Amazon Web Services account ID to associate with Firewall Manager
350
+ # as the Firewall Manager administrator account. This must be an
351
+ # Organizations member account. For more information about
352
+ # Organizations, see [Managing the Amazon Web Services Accounts in Your
353
+ # Organization][1].
356
354
  #
357
355
  #
358
356
  #
@@ -375,7 +373,7 @@ module Aws::FMS
375
373
  req.send_request(options)
376
374
  end
377
375
 
378
- # Permanently deletes an AWS Firewall Manager applications list.
376
+ # Permanently deletes an Firewall Manager applications list.
379
377
  #
380
378
  # @option params [required, String] :list_id
381
379
  # The ID of the applications list that you want to delete. You can
@@ -399,9 +397,9 @@ module Aws::FMS
399
397
  req.send_request(options)
400
398
  end
401
399
 
402
- # Deletes an AWS Firewall Manager association with the IAM role and the
400
+ # Deletes an Firewall Manager association with the IAM role and the
403
401
  # Amazon Simple Notification Service (SNS) topic that is used to record
404
- # AWS Firewall Manager SNS logs.
402
+ # Firewall Manager SNS logs.
405
403
  #
406
404
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
407
405
  #
@@ -414,7 +412,7 @@ module Aws::FMS
414
412
  req.send_request(options)
415
413
  end
416
414
 
417
- # Permanently deletes an AWS Firewall Manager policy.
415
+ # Permanently deletes an Firewall Manager policy.
418
416
  #
419
417
  # @option params [required, String] :policy_id
420
418
  # The ID of the policy that you want to delete. You can retrieve this ID
@@ -423,10 +421,9 @@ module Aws::FMS
423
421
  # @option params [Boolean] :delete_all_policy_resources
424
422
  # If `True`, the request performs cleanup according to the policy type.
425
423
  #
426
- # For AWS WAF and Shield Advanced policies, the cleanup does the
427
- # following:
424
+ # For WAF and Shield Advanced policies, the cleanup does the following:
428
425
  #
429
- # * Deletes rule groups created by AWS Firewall Manager
426
+ # * Deletes rule groups created by Firewall Manager
430
427
  #
431
428
  # * Removes web ACLs from in-scope resources
432
429
  #
@@ -468,7 +465,7 @@ module Aws::FMS
468
465
  req.send_request(options)
469
466
  end
470
467
 
471
- # Permanently deletes an AWS Firewall Manager protocols list.
468
+ # Permanently deletes an Firewall Manager protocols list.
472
469
  #
473
470
  # @option params [required, String] :list_id
474
471
  # The ID of the protocols list that you want to delete. You can retrieve
@@ -492,10 +489,9 @@ module Aws::FMS
492
489
  req.send_request(options)
493
490
  end
494
491
 
495
- # Disassociates the account that has been set as the AWS Firewall
496
- # Manager administrator account. To set a different account as the
497
- # administrator account, you must submit an `AssociateAdminAccount`
498
- # request.
492
+ # Disassociates the account that has been set as the Firewall Manager
493
+ # administrator account. To set a different account as the administrator
494
+ # account, you must submit an `AssociateAdminAccount` request.
499
495
  #
500
496
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
501
497
  #
@@ -508,8 +504,8 @@ module Aws::FMS
508
504
  req.send_request(options)
509
505
  end
510
506
 
511
- # Returns the AWS Organizations master account that is associated with
512
- # AWS Firewall Manager as the AWS Firewall Manager administrator.
507
+ # Returns the Organizations account that is associated with Firewall
508
+ # Manager as the Firewall Manager administrator.
513
509
  #
514
510
  # @return [Types::GetAdminAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
515
511
  #
@@ -530,15 +526,15 @@ module Aws::FMS
530
526
  req.send_request(options)
531
527
  end
532
528
 
533
- # Returns information about the specified AWS Firewall Manager
534
- # applications list.
529
+ # Returns information about the specified Firewall Manager applications
530
+ # list.
535
531
  #
536
532
  # @option params [required, String] :list_id
537
- # The ID of the AWS Firewall Manager applications list that you want the
533
+ # The ID of the Firewall Manager applications list that you want the
538
534
  # details for.
539
535
  #
540
536
  # @option params [Boolean] :default_list
541
- # Specifies whether the list to retrieve is a default list owned by AWS
537
+ # Specifies whether the list to retrieve is a default list owned by
542
538
  # Firewall Manager.
543
539
  #
544
540
  # @return [Types::GetAppsListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -582,25 +578,33 @@ module Aws::FMS
582
578
 
583
579
  # Returns detailed compliance information about the specified member
584
580
  # account. Details include resources that are in and out of compliance
585
- # with the specified policy. Resources are considered noncompliant for
586
- # AWS WAF and Shield Advanced policies if the specified policy has not
587
- # been applied to them. Resources are considered noncompliant for
588
- # security group policies if they are in scope of the policy, they
589
- # violate one or more of the policy rules, and remediation is disabled
590
- # or not possible. Resources are considered noncompliant for Network
591
- # Firewall policies if a firewall is missing in the VPC, if the firewall
592
- # endpoint isn't set up in an expected Availability Zone and subnet, if
593
- # a subnet created by the Firewall Manager doesn't have the expected
594
- # route table, and for modifications to a firewall policy that violate
595
- # the Firewall Manager policy's rules.
581
+ # with the specified policy.
582
+ #
583
+ # * Resources are considered noncompliant for WAF and Shield Advanced
584
+ # policies if the specified policy has not been applied to them.
585
+ #
586
+ # * Resources are considered noncompliant for security group policies if
587
+ # they are in scope of the policy, they violate one or more of the
588
+ # policy rules, and remediation is disabled or not possible.
589
+ #
590
+ # * Resources are considered noncompliant for Network Firewall policies
591
+ # if a firewall is missing in the VPC, if the firewall endpoint isn't
592
+ # set up in an expected Availability Zone and subnet, if a subnet
593
+ # created by the Firewall Manager doesn't have the expected route
594
+ # table, and for modifications to a firewall policy that violate the
595
+ # Firewall Manager policy's rules.
596
+ #
597
+ # * Resources are considered noncompliant for DNS Firewall policies if a
598
+ # DNS Firewall rule group is missing from the rule group associations
599
+ # for the VPC.
596
600
  #
597
601
  # @option params [required, String] :policy_id
598
602
  # The ID of the policy that you want to get the details for. `PolicyId`
599
603
  # is returned by `PutPolicy` and by `ListPolicies`.
600
604
  #
601
605
  # @option params [required, String] :member_account
602
- # The AWS account that owns the resources that you want to get the
603
- # details for.
606
+ # The Amazon Web Services account that owns the resources that you want
607
+ # to get the details for.
604
608
  #
605
609
  # @return [Types::GetComplianceDetailResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
606
610
  #
@@ -620,7 +624,7 @@ module Aws::FMS
620
624
  # resp.policy_compliance_detail.member_account #=> String
621
625
  # resp.policy_compliance_detail.violators #=> Array
622
626
  # resp.policy_compliance_detail.violators[0].resource_id #=> String
623
- # resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "RESOURCE_MISSING_DNS_FIREWALL"
627
+ # resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL"
624
628
  # resp.policy_compliance_detail.violators[0].resource_type #=> String
625
629
  # resp.policy_compliance_detail.evaluation_limit_exceeded #=> Boolean
626
630
  # resp.policy_compliance_detail.expired_at #=> Time
@@ -637,7 +641,7 @@ module Aws::FMS
637
641
  end
638
642
 
639
643
  # Information about the Amazon Simple Notification Service (SNS) topic
640
- # that is used to record AWS Firewall Manager SNS logs.
644
+ # that is used to record Firewall Manager SNS logs.
641
645
  #
642
646
  # @return [Types::GetNotificationChannelResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
643
647
  #
@@ -658,11 +662,10 @@ module Aws::FMS
658
662
  req.send_request(options)
659
663
  end
660
664
 
661
- # Returns information about the specified AWS Firewall Manager policy.
665
+ # Returns information about the specified Firewall Manager policy.
662
666
  #
663
667
  # @option params [required, String] :policy_id
664
- # The ID of the AWS Firewall Manager policy that you want the details
665
- # for.
668
+ # The ID of the Firewall Manager policy that you want the details for.
666
669
  #
667
670
  # @return [Types::GetPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
668
671
  #
@@ -690,6 +693,7 @@ module Aws::FMS
690
693
  # resp.policy.resource_tags[0].value #=> String
691
694
  # resp.policy.exclude_resource_tags #=> Boolean
692
695
  # resp.policy.remediation_enabled #=> Boolean
696
+ # resp.policy.delete_unused_fm_managed_resources #=> Boolean
693
697
  # resp.policy.include_map #=> Hash
694
698
  # resp.policy.include_map["CustomerPolicyScopeIdType"] #=> Array
695
699
  # resp.policy.include_map["CustomerPolicyScopeIdType"][0] #=> String
@@ -715,32 +719,32 @@ module Aws::FMS
715
719
  # The ID of the policy for which you want to get the attack information.
716
720
  #
717
721
  # @option params [String] :member_account_id
718
- # The AWS account that is in scope of the policy that you want to get
719
- # the details for.
722
+ # The Amazon Web Services account that is in scope of the policy that
723
+ # you want to get the details for.
720
724
  #
721
725
  # @option params [Time,DateTime,Date,Integer,String] :start_time
722
726
  # The start of the time period to query for the attacks. This is a
723
727
  # `timestamp` type. The request syntax listing indicates a `number` type
724
- # because the default used by AWS Firewall Manager is Unix time in
725
- # seconds. However, any valid `timestamp` format is allowed.
728
+ # because the default used by Firewall Manager is Unix time in seconds.
729
+ # However, any valid `timestamp` format is allowed.
726
730
  #
727
731
  # @option params [Time,DateTime,Date,Integer,String] :end_time
728
732
  # The end of the time period to query for the attacks. This is a
729
733
  # `timestamp` type. The request syntax listing indicates a `number` type
730
- # because the default used by AWS Firewall Manager is Unix time in
731
- # seconds. However, any valid `timestamp` format is allowed.
734
+ # because the default used by Firewall Manager is Unix time in seconds.
735
+ # However, any valid `timestamp` format is allowed.
732
736
  #
733
737
  # @option params [String] :next_token
734
738
  # If you specify a value for `MaxResults` and you have more objects than
735
- # the number that you specify for `MaxResults`, AWS Firewall Manager
736
- # returns a `NextToken` value in the response, which you can use to
737
- # retrieve another group of objects. For the second and subsequent
739
+ # the number that you specify for `MaxResults`, Firewall Manager returns
740
+ # a `NextToken` value in the response, which you can use to retrieve
741
+ # another group of objects. For the second and subsequent
738
742
  # `GetProtectionStatus` requests, specify the value of `NextToken` from
739
743
  # the previous response to get information about another batch of
740
744
  # objects.
741
745
  #
742
746
  # @option params [Integer] :max_results
743
- # Specifies the number of objects that you want AWS Firewall Manager to
747
+ # Specifies the number of objects that you want Firewall Manager to
744
748
  # return for this request. If you have more objects than the number that
745
749
  # you specify for `MaxResults`, the response includes a `NextToken`
746
750
  # value that you can use to get another batch of objects.
@@ -779,15 +783,15 @@ module Aws::FMS
779
783
  req.send_request(options)
780
784
  end
781
785
 
782
- # Returns information about the specified AWS Firewall Manager protocols
786
+ # Returns information about the specified Firewall Manager protocols
783
787
  # list.
784
788
  #
785
789
  # @option params [required, String] :list_id
786
- # The ID of the AWS Firewall Manager protocols list that you want the
790
+ # The ID of the Firewall Manager protocols list that you want the
787
791
  # details for.
788
792
  #
789
793
  # @option params [Boolean] :default_list
790
- # Specifies whether the list to retrieve is a default list owned by AWS
794
+ # Specifies whether the list to retrieve is a default list owned by
791
795
  # Firewall Manager.
792
796
  #
793
797
  # @return [Types::GetProtocolsListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -825,23 +829,22 @@ module Aws::FMS
825
829
  req.send_request(options)
826
830
  end
827
831
 
828
- # Retrieves violations for a resource based on the specified AWS
829
- # Firewall Manager policy and AWS account.
832
+ # Retrieves violations for a resource based on the specified Firewall
833
+ # Manager policy and Amazon Web Services account.
830
834
  #
831
835
  # @option params [required, String] :policy_id
832
- # The ID of the AWS Firewall Manager policy that you want the details
833
- # for. This currently only supports security group content audit
834
- # policies.
836
+ # The ID of the Firewall Manager policy that you want the details for.
837
+ # This currently only supports security group content audit policies.
835
838
  #
836
839
  # @option params [required, String] :member_account
837
- # The AWS account ID that you want the details for.
840
+ # The Amazon Web Services account ID that you want the details for.
838
841
  #
839
842
  # @option params [required, String] :resource_id
840
843
  # The ID of the resource that has violations.
841
844
  #
842
845
  # @option params [required, String] :resource_type
843
- # The resource type. This is in the format shown in the [AWS Resource
844
- # Types Reference][1]. Supported resource types are:
846
+ # The resource type. This is in the format shown in the [Amazon Web
847
+ # Services Resource Types Reference][1]. Supported resource types are:
845
848
  # `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`,
846
849
  # `AWS::EC2::SecurityGroup`, `AWS::NetworkFirewall::FirewallPolicy`, and
847
850
  # `AWS::EC2::Subnet`.
@@ -934,6 +937,129 @@ module Aws::FMS
934
937
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups #=> Array
935
938
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].rule_group_name #=> String
936
939
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].resource_id #=> String
940
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_id #=> String
941
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_availability_zone #=> String
942
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.route_table_id #=> String
943
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.violating_routes #=> Array
944
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.violating_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
945
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.violating_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
946
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.violating_routes[0].destination #=> String
947
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.violating_routes[0].target #=> String
948
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.is_route_table_used_in_different_az #=> Boolean
949
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.current_firewall_subnet_route_table #=> String
950
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_endpoint #=> String
951
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.firewall_subnet_id #=> String
952
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes #=> Array
953
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].ip_v4_cidr #=> String
954
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].prefix_list_id #=> String
955
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].ip_v6_cidr #=> String
956
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].contributing_subnets #=> Array
957
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].contributing_subnets[0] #=> String
958
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].allowed_targets #=> Array
959
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].allowed_targets[0] #=> String
960
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].route_table_id #=> String
961
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_firewall_subnet_routes #=> Array
962
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_firewall_subnet_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
963
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_firewall_subnet_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
964
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_firewall_subnet_routes[0].destination #=> String
965
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_firewall_subnet_routes[0].target #=> String
966
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.internet_gateway_id #=> String
967
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.current_internet_gateway_route_table #=> String
968
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes #=> Array
969
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].ip_v4_cidr #=> String
970
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].prefix_list_id #=> String
971
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].ip_v6_cidr #=> String
972
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].contributing_subnets #=> Array
973
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].contributing_subnets[0] #=> String
974
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].allowed_targets #=> Array
975
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].allowed_targets[0] #=> String
976
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].route_table_id #=> String
977
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_internet_gateway_routes #=> Array
978
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_internet_gateway_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
979
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_internet_gateway_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
980
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_internet_gateway_routes[0].destination #=> String
981
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_internet_gateway_routes[0].target #=> String
982
+ # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.vpc_id #=> String
983
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.affected_subnets #=> Array
984
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.affected_subnets[0] #=> String
985
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.route_table_id #=> String
986
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.is_route_table_used_in_different_az #=> Boolean
987
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.violating_route.destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
988
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.violating_route.target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
989
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.violating_route.destination #=> String
990
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.violating_route.target #=> String
991
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.current_firewall_subnet_route_table #=> String
992
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_endpoint #=> String
993
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_endpoint #=> String
994
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_id #=> String
995
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_subnet_id #=> String
996
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes #=> Array
997
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].ip_v4_cidr #=> String
998
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].prefix_list_id #=> String
999
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].ip_v6_cidr #=> String
1000
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].contributing_subnets #=> Array
1001
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].contributing_subnets[0] #=> String
1002
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].allowed_targets #=> Array
1003
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].allowed_targets[0] #=> String
1004
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].route_table_id #=> String
1005
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_subnet_routes #=> Array
1006
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_subnet_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
1007
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_subnet_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
1008
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_subnet_routes[0].destination #=> String
1009
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_subnet_routes[0].target #=> String
1010
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.internet_gateway_id #=> String
1011
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.current_internet_gateway_route_table #=> String
1012
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes #=> Array
1013
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].ip_v4_cidr #=> String
1014
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].prefix_list_id #=> String
1015
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].ip_v6_cidr #=> String
1016
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].contributing_subnets #=> Array
1017
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].contributing_subnets[0] #=> String
1018
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].allowed_targets #=> Array
1019
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].allowed_targets[0] #=> String
1020
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].route_table_id #=> String
1021
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_internet_gateway_routes #=> Array
1022
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_internet_gateway_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
1023
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_internet_gateway_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
1024
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_internet_gateway_routes[0].destination #=> String
1025
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_internet_gateway_routes[0].target #=> String
1026
+ # resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.vpc_id #=> String
1027
+ # resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.violation_target #=> String
1028
+ # resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.route_table_id #=> String
1029
+ # resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.vpc_id #=> String
1030
+ # resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.violating_routes #=> Array
1031
+ # resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.violating_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
1032
+ # resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.violating_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
1033
+ # resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.violating_routes[0].destination #=> String
1034
+ # resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.violating_routes[0].target #=> String
1035
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.firewall_subnet_id #=> String
1036
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.violating_routes #=> Array
1037
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.violating_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
1038
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.violating_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
1039
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.violating_routes[0].destination #=> String
1040
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.violating_routes[0].target #=> String
1041
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.route_table_id #=> String
1042
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.firewall_endpoint #=> String
1043
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.vpc_id #=> String
1044
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.gateway_id #=> String
1045
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.violating_routes #=> Array
1046
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.violating_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
1047
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.violating_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
1048
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.violating_routes[0].destination #=> String
1049
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.violating_routes[0].target #=> String
1050
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.route_table_id #=> String
1051
+ # resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.vpc_id #=> String
1052
+ # resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.violation_target #=> String
1053
+ # resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes #=> Array
1054
+ # resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].ip_v4_cidr #=> String
1055
+ # resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].prefix_list_id #=> String
1056
+ # resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].ip_v6_cidr #=> String
1057
+ # resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].contributing_subnets #=> Array
1058
+ # resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].contributing_subnets[0] #=> String
1059
+ # resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].allowed_targets #=> Array
1060
+ # resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].allowed_targets[0] #=> String
1061
+ # resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].route_table_id #=> String
1062
+ # resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.vpc_id #=> String
937
1063
  # resp.violation_detail.resource_violations[0].dns_rule_group_priority_conflict_violation.violation_target #=> String
938
1064
  # resp.violation_detail.resource_violations[0].dns_rule_group_priority_conflict_violation.violation_target_description #=> String
939
1065
  # resp.violation_detail.resource_violations[0].dns_rule_group_priority_conflict_violation.conflicting_priority #=> Integer
@@ -945,6 +1071,57 @@ module Aws::FMS
945
1071
  # resp.violation_detail.resource_violations[0].dns_rule_group_limit_exceeded_violation.violation_target #=> String
946
1072
  # resp.violation_detail.resource_violations[0].dns_rule_group_limit_exceeded_violation.violation_target_description #=> String
947
1073
  # resp.violation_detail.resource_violations[0].dns_rule_group_limit_exceeded_violation.number_of_rule_groups_already_associated #=> Integer
1074
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.description #=> String
1075
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions #=> Array
1076
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].description #=> String
1077
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions #=> Array
1078
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.description #=> String
1079
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.description #=> String
1080
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.destination_cidr_block #=> String
1081
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.destination_prefix_list_id #=> String
1082
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.destination_ipv_6_cidr_block #=> String
1083
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.vpc_endpoint_id.resource_id #=> String
1084
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.vpc_endpoint_id.description #=> String
1085
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.gateway_id.resource_id #=> String
1086
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.gateway_id.description #=> String
1087
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.route_table_id.resource_id #=> String
1088
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.route_table_id.description #=> String
1089
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.description #=> String
1090
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.destination_cidr_block #=> String
1091
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.destination_prefix_list_id #=> String
1092
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.destination_ipv_6_cidr_block #=> String
1093
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.gateway_id.resource_id #=> String
1094
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.gateway_id.description #=> String
1095
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.route_table_id.resource_id #=> String
1096
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.route_table_id.description #=> String
1097
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_delete_route_action.description #=> String
1098
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_delete_route_action.destination_cidr_block #=> String
1099
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_delete_route_action.destination_prefix_list_id #=> String
1100
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_delete_route_action.destination_ipv_6_cidr_block #=> String
1101
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_delete_route_action.route_table_id.resource_id #=> String
1102
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_delete_route_action.route_table_id.description #=> String
1103
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_copy_route_table_action.description #=> String
1104
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_copy_route_table_action.vpc_id.resource_id #=> String
1105
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_copy_route_table_action.vpc_id.description #=> String
1106
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_copy_route_table_action.route_table_id.resource_id #=> String
1107
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_copy_route_table_action.route_table_id.description #=> String
1108
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_table_association_action.description #=> String
1109
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_table_association_action.association_id.resource_id #=> String
1110
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_table_association_action.association_id.description #=> String
1111
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_table_association_action.route_table_id.resource_id #=> String
1112
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_table_association_action.route_table_id.description #=> String
1113
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.description #=> String
1114
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.route_table_id.resource_id #=> String
1115
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.route_table_id.description #=> String
1116
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.subnet_id.resource_id #=> String
1117
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.subnet_id.description #=> String
1118
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.gateway_id.resource_id #=> String
1119
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.gateway_id.description #=> String
1120
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_table_action.description #=> String
1121
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_table_action.vpc_id.resource_id #=> String
1122
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_table_action.vpc_id.description #=> String
1123
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].order #=> Integer
1124
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].is_default_action #=> Boolean
948
1125
  # resp.violation_detail.resource_tags #=> Array
949
1126
  # resp.violation_detail.resource_tags[0].key #=> String
950
1127
  # resp.violation_detail.resource_tags[0].value #=> String
@@ -962,23 +1139,23 @@ module Aws::FMS
962
1139
  # Returns an array of `AppsListDataSummary` objects.
963
1140
  #
964
1141
  # @option params [Boolean] :default_lists
965
- # Specifies whether the lists to retrieve are default lists owned by AWS
1142
+ # Specifies whether the lists to retrieve are default lists owned by
966
1143
  # Firewall Manager.
967
1144
  #
968
1145
  # @option params [String] :next_token
969
1146
  # If you specify a value for `MaxResults` in your list request, and you
970
- # have more objects than the maximum, AWS Firewall Manager returns this
1147
+ # have more objects than the maximum, Firewall Manager returns this
971
1148
  # token in the response. For all but the first request, you provide the
972
1149
  # token returned by the prior request in the request parameters, to
973
1150
  # retrieve the next batch of objects.
974
1151
  #
975
1152
  # @option params [required, Integer] :max_results
976
- # The maximum number of objects that you want AWS Firewall Manager to
977
- # return for this request. If more objects are available, in the
978
- # response, AWS Firewall Manager provides a `NextToken` value that you
979
- # can use in a subsequent call to get the next batch of objects.
1153
+ # The maximum number of objects that you want Firewall Manager to return
1154
+ # for this request. If more objects are available, in the response,
1155
+ # Firewall Manager provides a `NextToken` value that you can use in a
1156
+ # subsequent call to get the next batch of objects.
980
1157
  #
981
- # If you don't specify this, AWS Firewall Manager returns all available
1158
+ # If you don't specify this, Firewall Manager returns all available
982
1159
  # objects.
983
1160
  #
984
1161
  # @return [Types::ListAppsListsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -986,6 +1163,8 @@ module Aws::FMS
986
1163
  # * {Types::ListAppsListsResponse#apps_lists #apps_lists} => Array<Types::AppsListDataSummary>
987
1164
  # * {Types::ListAppsListsResponse#next_token #next_token} => String
988
1165
  #
1166
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1167
+ #
989
1168
  # @example Request syntax with placeholder values
990
1169
  #
991
1170
  # resp = client.list_apps_lists({
@@ -1020,13 +1199,12 @@ module Aws::FMS
1020
1199
  # protected by the specified policy.
1021
1200
  #
1022
1201
  # @option params [required, String] :policy_id
1023
- # The ID of the AWS Firewall Manager policy that you want the details
1024
- # for.
1202
+ # The ID of the Firewall Manager policy that you want the details for.
1025
1203
  #
1026
1204
  # @option params [String] :next_token
1027
1205
  # If you specify a value for `MaxResults` and you have more
1028
1206
  # `PolicyComplianceStatus` objects than the number that you specify for
1029
- # `MaxResults`, AWS Firewall Manager returns a `NextToken` value in the
1207
+ # `MaxResults`, Firewall Manager returns a `NextToken` value in the
1030
1208
  # response that allows you to list another group of
1031
1209
  # `PolicyComplianceStatus` objects. For the second and subsequent
1032
1210
  # `ListComplianceStatus` requests, specify the value of `NextToken` from
@@ -1035,7 +1213,7 @@ module Aws::FMS
1035
1213
  #
1036
1214
  # @option params [Integer] :max_results
1037
1215
  # Specifies the number of `PolicyComplianceStatus` objects that you want
1038
- # AWS Firewall Manager to return for this request. If you have more
1216
+ # Firewall Manager to return for this request. If you have more
1039
1217
  # `PolicyComplianceStatus` objects than the number that you specify for
1040
1218
  # `MaxResults`, the response includes a `NextToken` value that you can
1041
1219
  # use to get another batch of `PolicyComplianceStatus` objects.
@@ -1081,22 +1259,22 @@ module Aws::FMS
1081
1259
  end
1082
1260
 
1083
1261
  # Returns a `MemberAccounts` object that lists the member accounts in
1084
- # the administrator's AWS organization.
1262
+ # the administrator's Amazon Web Services organization.
1085
1263
  #
1086
1264
  # The `ListMemberAccounts` must be submitted by the account that is set
1087
- # as the AWS Firewall Manager administrator.
1265
+ # as the Firewall Manager administrator.
1088
1266
  #
1089
1267
  # @option params [String] :next_token
1090
1268
  # If you specify a value for `MaxResults` and you have more account IDs
1091
- # than the number that you specify for `MaxResults`, AWS Firewall
1092
- # Manager returns a `NextToken` value in the response that allows you to
1093
- # list another group of IDs. For the second and subsequent
1269
+ # than the number that you specify for `MaxResults`, Firewall Manager
1270
+ # returns a `NextToken` value in the response that allows you to list
1271
+ # another group of IDs. For the second and subsequent
1094
1272
  # `ListMemberAccountsRequest` requests, specify the value of `NextToken`
1095
1273
  # from the previous response to get information about another batch of
1096
1274
  # member account IDs.
1097
1275
  #
1098
1276
  # @option params [Integer] :max_results
1099
- # Specifies the number of member account IDs that you want AWS Firewall
1277
+ # Specifies the number of member account IDs that you want Firewall
1100
1278
  # Manager to return for this request. If you have more IDs than the
1101
1279
  # number that you specify for `MaxResults`, the response includes a
1102
1280
  # `NextToken` value that you can use to get another batch of member
@@ -1136,18 +1314,18 @@ module Aws::FMS
1136
1314
  # @option params [String] :next_token
1137
1315
  # If you specify a value for `MaxResults` and you have more
1138
1316
  # `PolicySummary` objects than the number that you specify for
1139
- # `MaxResults`, AWS Firewall Manager returns a `NextToken` value in the
1317
+ # `MaxResults`, Firewall Manager returns a `NextToken` value in the
1140
1318
  # response that allows you to list another group of `PolicySummary`
1141
1319
  # objects. For the second and subsequent `ListPolicies` requests,
1142
1320
  # specify the value of `NextToken` from the previous response to get
1143
1321
  # information about another batch of `PolicySummary` objects.
1144
1322
  #
1145
1323
  # @option params [Integer] :max_results
1146
- # Specifies the number of `PolicySummary` objects that you want AWS
1147
- # Firewall Manager to return for this request. If you have more
1148
- # `PolicySummary` objects than the number that you specify for
1149
- # `MaxResults`, the response includes a `NextToken` value that you can
1150
- # use to get another batch of `PolicySummary` objects.
1324
+ # Specifies the number of `PolicySummary` objects that you want Firewall
1325
+ # Manager to return for this request. If you have more `PolicySummary`
1326
+ # objects than the number that you specify for `MaxResults`, the
1327
+ # response includes a `NextToken` value that you can use to get another
1328
+ # batch of `PolicySummary` objects.
1151
1329
  #
1152
1330
  # @return [Types::ListPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1153
1331
  #
@@ -1172,6 +1350,7 @@ module Aws::FMS
1172
1350
  # resp.policy_list[0].resource_type #=> String
1173
1351
  # resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
1174
1352
  # resp.policy_list[0].remediation_enabled #=> Boolean
1353
+ # resp.policy_list[0].delete_unused_fm_managed_resources #=> Boolean
1175
1354
  # resp.next_token #=> String
1176
1355
  #
1177
1356
  # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListPolicies AWS API Documentation
@@ -1186,23 +1365,23 @@ module Aws::FMS
1186
1365
  # Returns an array of `ProtocolsListDataSummary` objects.
1187
1366
  #
1188
1367
  # @option params [Boolean] :default_lists
1189
- # Specifies whether the lists to retrieve are default lists owned by AWS
1368
+ # Specifies whether the lists to retrieve are default lists owned by
1190
1369
  # Firewall Manager.
1191
1370
  #
1192
1371
  # @option params [String] :next_token
1193
1372
  # If you specify a value for `MaxResults` in your list request, and you
1194
- # have more objects than the maximum, AWS Firewall Manager returns this
1373
+ # have more objects than the maximum, Firewall Manager returns this
1195
1374
  # token in the response. For all but the first request, you provide the
1196
1375
  # token returned by the prior request in the request parameters, to
1197
1376
  # retrieve the next batch of objects.
1198
1377
  #
1199
1378
  # @option params [required, Integer] :max_results
1200
- # The maximum number of objects that you want AWS Firewall Manager to
1201
- # return for this request. If more objects are available, in the
1202
- # response, AWS Firewall Manager provides a `NextToken` value that you
1203
- # can use in a subsequent call to get the next batch of objects.
1379
+ # The maximum number of objects that you want Firewall Manager to return
1380
+ # for this request. If more objects are available, in the response,
1381
+ # Firewall Manager provides a `NextToken` value that you can use in a
1382
+ # subsequent call to get the next batch of objects.
1204
1383
  #
1205
- # If you don't specify this, AWS Firewall Manager returns all available
1384
+ # If you don't specify this, Firewall Manager returns all available
1206
1385
  # objects.
1207
1386
  #
1208
1387
  # @return [Types::ListProtocolsListsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -1210,6 +1389,8 @@ module Aws::FMS
1210
1389
  # * {Types::ListProtocolsListsResponse#protocols_lists #protocols_lists} => Array<Types::ProtocolsListDataSummary>
1211
1390
  # * {Types::ListProtocolsListsResponse#next_token #next_token} => String
1212
1391
  #
1392
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
1393
+ #
1213
1394
  # @example Request syntax with placeholder values
1214
1395
  #
1215
1396
  # resp = client.list_protocols_lists({
@@ -1237,11 +1418,12 @@ module Aws::FMS
1237
1418
  req.send_request(options)
1238
1419
  end
1239
1420
 
1240
- # Retrieves the list of tags for the specified AWS resource.
1421
+ # Retrieves the list of tags for the specified Amazon Web Services
1422
+ # resource.
1241
1423
  #
1242
1424
  # @option params [required, String] :resource_arn
1243
1425
  # The Amazon Resource Name (ARN) of the resource to return tags for. The
1244
- # AWS Firewall Manager resources that support tagging are policies,
1426
+ # Firewall Manager resources that support tagging are policies,
1245
1427
  # applications lists, and protocols lists.
1246
1428
  #
1247
1429
  # @return [Types::ListTagsForResourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -1269,11 +1451,10 @@ module Aws::FMS
1269
1451
  req.send_request(options)
1270
1452
  end
1271
1453
 
1272
- # Creates an AWS Firewall Manager applications list.
1454
+ # Creates an Firewall Manager applications list.
1273
1455
  #
1274
1456
  # @option params [required, Types::AppsListData] :apps_list
1275
- # The details of the AWS Firewall Manager applications list to be
1276
- # created.
1457
+ # The details of the Firewall Manager applications list to be created.
1277
1458
  #
1278
1459
  # @option params [Array<Types::Tag>] :tag_list
1279
1460
  # The tags associated with the resource.
@@ -1345,12 +1526,12 @@ module Aws::FMS
1345
1526
  end
1346
1527
 
1347
1528
  # Designates the IAM role and Amazon Simple Notification Service (SNS)
1348
- # topic that AWS Firewall Manager uses to record SNS logs.
1529
+ # topic that Firewall Manager uses to record SNS logs.
1349
1530
  #
1350
1531
  # To perform this action outside of the console, you must configure the
1351
1532
  # SNS topic to allow the Firewall Manager role `AWSServiceRoleForFMS` to
1352
1533
  # publish SNS logs. For more information, see [Firewall Manager required
1353
- # permissions for API actions][1] in the *AWS Firewall Manager Developer
1534
+ # permissions for API actions][1] in the *Firewall Manager Developer
1354
1535
  # Guide*.
1355
1536
  #
1356
1537
  #
@@ -1359,11 +1540,11 @@ module Aws::FMS
1359
1540
  #
1360
1541
  # @option params [required, String] :sns_topic_arn
1361
1542
  # The Amazon Resource Name (ARN) of the SNS topic that collects
1362
- # notifications from AWS Firewall Manager.
1543
+ # notifications from Firewall Manager.
1363
1544
  #
1364
1545
  # @option params [required, String] :sns_role_name
1365
1546
  # The Amazon Resource Name (ARN) of the IAM role that allows Amazon SNS
1366
- # to record AWS Firewall Manager activity.
1547
+ # to record Firewall Manager activity.
1367
1548
  #
1368
1549
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
1369
1550
  #
@@ -1383,24 +1564,27 @@ module Aws::FMS
1383
1564
  req.send_request(options)
1384
1565
  end
1385
1566
 
1386
- # Creates an AWS Firewall Manager policy.
1567
+ # Creates an Firewall Manager policy.
1387
1568
  #
1388
1569
  # Firewall Manager provides the following types of policies:
1389
1570
  #
1390
- # * An AWS WAF policy (type WAFV2), which defines rule groups to run
1391
- # first in the corresponding AWS WAF web ACL and rule groups to run
1392
- # last in the web ACL.
1571
+ # * An WAF policy (type WAFV2), which defines rule groups to run first
1572
+ # in the corresponding WAF web ACL and rule groups to run last in the
1573
+ # web ACL.
1393
1574
  #
1394
- # * An AWS WAF Classic policy (type WAF), which defines a rule group.
1575
+ # * An WAF Classic policy (type WAF), which defines a rule group.
1395
1576
  #
1396
1577
  # * A Shield Advanced policy, which applies Shield Advanced protection
1397
1578
  # to specified accounts and resources.
1398
1579
  #
1399
1580
  # * A security group policy, which manages VPC security groups across
1400
- # your AWS organization.
1581
+ # your Amazon Web Services organization.
1582
+ #
1583
+ # * An Network Firewall policy, which provides firewall rules to filter
1584
+ # network traffic in specified Amazon VPCs.
1401
1585
  #
1402
- # * An AWS Network Firewall policy, which provides firewall rules to
1403
- # filter network traffic in specified Amazon VPCs.
1586
+ # * A DNS Firewall policy, which provides Route 53 Resolver DNS Firewall
1587
+ # rules to filter DNS queries for specified VPCs.
1404
1588
  #
1405
1589
  # Each policy is specific to one of the types. If you want to enforce
1406
1590
  # more than one policy type across accounts, create multiple policies.
@@ -1415,10 +1599,10 @@ module Aws::FMS
1415
1599
  # [1]: https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_CreateSubscription.html
1416
1600
  #
1417
1601
  # @option params [required, Types::Policy] :policy
1418
- # The details of the AWS Firewall Manager policy to be created.
1602
+ # The details of the Firewall Manager policy to be created.
1419
1603
  #
1420
1604
  # @option params [Array<Types::Tag>] :tag_list
1421
- # The tags to add to the AWS resource.
1605
+ # The tags to add to the Amazon Web Services resource.
1422
1606
  #
1423
1607
  # @return [Types::PutPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1424
1608
  #
@@ -1446,6 +1630,7 @@ module Aws::FMS
1446
1630
  # ],
1447
1631
  # exclude_resource_tags: false, # required
1448
1632
  # remediation_enabled: false, # required
1633
+ # delete_unused_fm_managed_resources: false,
1449
1634
  # include_map: {
1450
1635
  # "ACCOUNT" => ["CustomerPolicyScopeId"],
1451
1636
  # },
@@ -1476,6 +1661,7 @@ module Aws::FMS
1476
1661
  # resp.policy.resource_tags[0].value #=> String
1477
1662
  # resp.policy.exclude_resource_tags #=> Boolean
1478
1663
  # resp.policy.remediation_enabled #=> Boolean
1664
+ # resp.policy.delete_unused_fm_managed_resources #=> Boolean
1479
1665
  # resp.policy.include_map #=> Hash
1480
1666
  # resp.policy.include_map["CustomerPolicyScopeIdType"] #=> Array
1481
1667
  # resp.policy.include_map["CustomerPolicyScopeIdType"][0] #=> String
@@ -1493,10 +1679,10 @@ module Aws::FMS
1493
1679
  req.send_request(options)
1494
1680
  end
1495
1681
 
1496
- # Creates an AWS Firewall Manager protocols list.
1682
+ # Creates an Firewall Manager protocols list.
1497
1683
  #
1498
1684
  # @option params [required, Types::ProtocolsListData] :protocols_list
1499
- # The details of the AWS Firewall Manager protocols list to be created.
1685
+ # The details of the Firewall Manager protocols list to be created.
1500
1686
  #
1501
1687
  # @option params [Array<Types::Tag>] :tag_list
1502
1688
  # The tags associated with the resource.
@@ -1551,11 +1737,11 @@ module Aws::FMS
1551
1737
  req.send_request(options)
1552
1738
  end
1553
1739
 
1554
- # Adds one or more tags to an AWS resource.
1740
+ # Adds one or more tags to an Amazon Web Services resource.
1555
1741
  #
1556
1742
  # @option params [required, String] :resource_arn
1557
1743
  # The Amazon Resource Name (ARN) of the resource to return tags for. The
1558
- # AWS Firewall Manager resources that support tagging are policies,
1744
+ # Firewall Manager resources that support tagging are policies,
1559
1745
  # applications lists, and protocols lists.
1560
1746
  #
1561
1747
  # @option params [required, Array<Types::Tag>] :tag_list
@@ -1584,11 +1770,11 @@ module Aws::FMS
1584
1770
  req.send_request(options)
1585
1771
  end
1586
1772
 
1587
- # Removes one or more tags from an AWS resource.
1773
+ # Removes one or more tags from an Amazon Web Services resource.
1588
1774
  #
1589
1775
  # @option params [required, String] :resource_arn
1590
1776
  # The Amazon Resource Name (ARN) of the resource to return tags for. The
1591
- # AWS Firewall Manager resources that support tagging are policies,
1777
+ # Firewall Manager resources that support tagging are policies,
1592
1778
  # applications lists, and protocols lists.
1593
1779
  #
1594
1780
  # @option params [required, Array<String>] :tag_keys
@@ -1625,7 +1811,7 @@ module Aws::FMS
1625
1811
  params: params,
1626
1812
  config: config)
1627
1813
  context[:gem_name] = 'aws-sdk-fms'
1628
- context[:gem_version] = '1.36.0'
1814
+ context[:gem_version] = '1.40.0'
1629
1815
  Seahorse::Client::Request.new(handlers, context)
1630
1816
  end
1631
1817