aws-sdk-fms 1.46.0 → 1.49.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -200,6 +200,54 @@ module Aws::FMS
200
200
  include Aws::Structure
201
201
  end
202
202
 
203
+ # @note When making an API call, you may pass AssociateThirdPartyFirewallRequest
204
+ # data as a hash:
205
+ #
206
+ # {
207
+ # third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
208
+ # }
209
+ #
210
+ # @!attribute [rw] third_party_firewall
211
+ # The name of the third-party firewall vendor.
212
+ # @return [String]
213
+ #
214
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewallRequest AWS API Documentation
215
+ #
216
+ class AssociateThirdPartyFirewallRequest < Struct.new(
217
+ :third_party_firewall)
218
+ SENSITIVE = []
219
+ include Aws::Structure
220
+ end
221
+
222
+ # @!attribute [rw] third_party_firewall_status
223
+ # The current status for setting a Firewall Manager policy
224
+ # administrator's account as an administrator of the third-party
225
+ # firewall tenant.
226
+ #
227
+ # * `ONBOARDING` - The Firewall Manager policy administrator is being
228
+ # designated as a tenant administrator.
229
+ #
230
+ # * `ONBOARD_COMPLETE` - The Firewall Manager policy administrator is
231
+ # designated as a tenant administrator.
232
+ #
233
+ # * `OFFBOARDING` - The Firewall Manager policy administrator is being
234
+ # removed as a tenant administrator.
235
+ #
236
+ # * `OFFBOARD_COMPLETE` - The Firewall Manager policy administrator
237
+ # has been removed as a tenant administrator.
238
+ #
239
+ # * `NOT_EXIST` - The Firewall Manager policy administrator doesn't
240
+ # exist as a tenant administrator.
241
+ # @return [String]
242
+ #
243
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewallResponse AWS API Documentation
244
+ #
245
+ class AssociateThirdPartyFirewallResponse < Struct.new(
246
+ :third_party_firewall_status)
247
+ SENSITIVE = []
248
+ include Aws::Structure
249
+ end
250
+
203
251
  # Violation detail for an EC2 instance resource.
204
252
  #
205
253
  # @!attribute [rw] violation_target
@@ -294,12 +342,18 @@ module Aws::FMS
294
342
  # [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
295
343
  # @return [String]
296
344
  #
345
+ # @!attribute [rw] metadata
346
+ # Metadata about the resource that doesn't comply with the policy
347
+ # scope.
348
+ # @return [Hash<String,String>]
349
+ #
297
350
  # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ComplianceViolator AWS API Documentation
298
351
  #
299
352
  class ComplianceViolator < Struct.new(
300
353
  :resource_id,
301
354
  :violation_reason,
302
- :resource_type)
355
+ :resource_type,
356
+ :metadata)
303
357
  SENSITIVE = []
304
358
  include Aws::Structure
305
359
  end
@@ -412,6 +466,38 @@ module Aws::FMS
412
466
  #
413
467
  class DisassociateAdminAccountRequest < Aws::EmptyStructure; end
414
468
 
469
+ # @note When making an API call, you may pass DisassociateThirdPartyFirewallRequest
470
+ # data as a hash:
471
+ #
472
+ # {
473
+ # third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
474
+ # }
475
+ #
476
+ # @!attribute [rw] third_party_firewall
477
+ # The name of the third-party firewall vendor.
478
+ # @return [String]
479
+ #
480
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewallRequest AWS API Documentation
481
+ #
482
+ class DisassociateThirdPartyFirewallRequest < Struct.new(
483
+ :third_party_firewall)
484
+ SENSITIVE = []
485
+ include Aws::Structure
486
+ end
487
+
488
+ # @!attribute [rw] third_party_firewall_status
489
+ # The current status for the disassociation of a Firewall Manager
490
+ # administrators account with a third-party firewall.
491
+ # @return [String]
492
+ #
493
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewallResponse AWS API Documentation
494
+ #
495
+ class DisassociateThirdPartyFirewallResponse < Struct.new(
496
+ :third_party_firewall_status)
497
+ SENSITIVE = []
498
+ include Aws::Structure
499
+ end
500
+
415
501
  # A DNS Firewall rule group that Firewall Manager tried to associate
416
502
  # with a VPC is already associated with the VPC and can't be associated
417
503
  # again.
@@ -810,6 +896,103 @@ module Aws::FMS
810
896
  include Aws::Structure
811
897
  end
812
898
 
899
+ # Contains information about the actions that you can take to remediate
900
+ # scope violations caused by your policy's `FirewallCreationConfig`.
901
+ # `FirewallCreationConfig` is an optional configuration that you can use
902
+ # to choose which Availability Zones Firewall Manager creates Network
903
+ # Firewall endpoints in.
904
+ #
905
+ # @!attribute [rw] description
906
+ # Describes the remedial action.
907
+ # @return [String]
908
+ #
909
+ # @!attribute [rw] firewall_creation_config
910
+ # A `FirewallCreationConfig` that you can copy into your current
911
+ # policy's [SecurityServiceData][1] in order to remedy scope
912
+ # violations.
913
+ #
914
+ #
915
+ #
916
+ # [1]: https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_SecurityServicePolicyData.html
917
+ # @return [String]
918
+ #
919
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/FMSPolicyUpdateFirewallCreationConfigAction AWS API Documentation
920
+ #
921
+ class FMSPolicyUpdateFirewallCreationConfigAction < Struct.new(
922
+ :description,
923
+ :firewall_creation_config)
924
+ SENSITIVE = []
925
+ include Aws::Structure
926
+ end
927
+
928
+ # Contains details about the firewall subnet that violates the policy
929
+ # scope.
930
+ #
931
+ # @!attribute [rw] firewall_subnet_id
932
+ # The ID of the firewall subnet that violates the policy scope.
933
+ # @return [String]
934
+ #
935
+ # @!attribute [rw] vpc_id
936
+ # The VPC ID of the firewall subnet that violates the policy scope.
937
+ # @return [String]
938
+ #
939
+ # @!attribute [rw] subnet_availability_zone
940
+ # The Availability Zone of the firewall subnet that violates the
941
+ # policy scope.
942
+ # @return [String]
943
+ #
944
+ # @!attribute [rw] subnet_availability_zone_id
945
+ # The Availability Zone ID of the firewall subnet that violates the
946
+ # policy scope.
947
+ # @return [String]
948
+ #
949
+ # @!attribute [rw] vpc_endpoint_id
950
+ # The VPC endpoint ID of the firewall subnet that violates the policy
951
+ # scope.
952
+ # @return [String]
953
+ #
954
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/FirewallSubnetIsOutOfScopeViolation AWS API Documentation
955
+ #
956
+ class FirewallSubnetIsOutOfScopeViolation < Struct.new(
957
+ :firewall_subnet_id,
958
+ :vpc_id,
959
+ :subnet_availability_zone,
960
+ :subnet_availability_zone_id,
961
+ :vpc_endpoint_id)
962
+ SENSITIVE = []
963
+ include Aws::Structure
964
+ end
965
+
966
+ # The violation details for a firewall subnet's VPC endpoint that's
967
+ # deleted or missing.
968
+ #
969
+ # @!attribute [rw] firewall_subnet_id
970
+ # The ID of the firewall that this VPC endpoint is associated with.
971
+ # @return [String]
972
+ #
973
+ # @!attribute [rw] vpc_id
974
+ # The resource ID of the VPC associated with the deleted VPC subnet.
975
+ # @return [String]
976
+ #
977
+ # @!attribute [rw] subnet_availability_zone
978
+ # The name of the Availability Zone of the deleted VPC subnet.
979
+ # @return [String]
980
+ #
981
+ # @!attribute [rw] subnet_availability_zone_id
982
+ # The ID of the Availability Zone of the deleted VPC subnet.
983
+ # @return [String]
984
+ #
985
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/FirewallSubnetMissingVPCEndpointViolation AWS API Documentation
986
+ #
987
+ class FirewallSubnetMissingVPCEndpointViolation < Struct.new(
988
+ :firewall_subnet_id,
989
+ :vpc_id,
990
+ :subnet_availability_zone,
991
+ :subnet_availability_zone_id)
992
+ SENSITIVE = []
993
+ include Aws::Structure
994
+ end
995
+
813
996
  # @api private
814
997
  #
815
998
  # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminAccountRequest AWS API Documentation
@@ -1140,6 +1323,73 @@ module Aws::FMS
1140
1323
  include Aws::Structure
1141
1324
  end
1142
1325
 
1326
+ # @note When making an API call, you may pass GetThirdPartyFirewallAssociationStatusRequest
1327
+ # data as a hash:
1328
+ #
1329
+ # {
1330
+ # third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
1331
+ # }
1332
+ #
1333
+ # @!attribute [rw] third_party_firewall
1334
+ # The name of the third-party firewall vendor.
1335
+ # @return [String]
1336
+ #
1337
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatusRequest AWS API Documentation
1338
+ #
1339
+ class GetThirdPartyFirewallAssociationStatusRequest < Struct.new(
1340
+ :third_party_firewall)
1341
+ SENSITIVE = []
1342
+ include Aws::Structure
1343
+ end
1344
+
1345
+ # @!attribute [rw] third_party_firewall_status
1346
+ # The current status for setting a Firewall Manager policy
1347
+ # administrators account as an administrator of the third-party
1348
+ # firewall tenant.
1349
+ #
1350
+ # * `ONBOARDING` - The Firewall Manager policy administrator is being
1351
+ # designated as a tenant administrator.
1352
+ #
1353
+ # * `ONBOARD_COMPLETE` - The Firewall Manager policy administrator is
1354
+ # designated as a tenant administrator.
1355
+ #
1356
+ # * `OFFBOARDING` - The Firewall Manager policy administrator is being
1357
+ # removed as a tenant administrator.
1358
+ #
1359
+ # * `OFFBOARD_COMPLETE` - The Firewall Manager policy administrator
1360
+ # has been removed as a tenant administrator.
1361
+ #
1362
+ # * `NOT_EXIST` - The Firewall Manager policy administrator doesn't
1363
+ # exist as a tenant administrator.
1364
+ # @return [String]
1365
+ #
1366
+ # @!attribute [rw] marketplace_onboarding_status
1367
+ # The status for subscribing to the third-party firewall vendor in the
1368
+ # AWS Marketplace.
1369
+ #
1370
+ # * `NO_SUBSCRIPTION` - The Firewall Manager policy administrator
1371
+ # isn't subscribed to the third-party firewall service in the AWS
1372
+ # Marketplace.
1373
+ #
1374
+ # * `NOT_COMPLETE` - The Firewall Manager policy administrator is in
1375
+ # the process of subscribing to the third-party firewall service in
1376
+ # the Amazon Web Services Marketplace, but doesn't yet have an
1377
+ # active subscription.
1378
+ #
1379
+ # * `COMPLETE` - The Firewall Manager policy administrator has an
1380
+ # active subscription to the third-party firewall service in the
1381
+ # Amazon Web Services Marketplace.
1382
+ # @return [String]
1383
+ #
1384
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatusResponse AWS API Documentation
1385
+ #
1386
+ class GetThirdPartyFirewallAssociationStatusResponse < Struct.new(
1387
+ :third_party_firewall_status,
1388
+ :marketplace_onboarding_status)
1389
+ SENSITIVE = []
1390
+ include Aws::Structure
1391
+ end
1392
+
1143
1393
  # @note When making an API call, you may pass GetViolationDetailsRequest
1144
1394
  # data as a hash:
1145
1395
  #
@@ -1610,6 +1860,74 @@ module Aws::FMS
1610
1860
  include Aws::Structure
1611
1861
  end
1612
1862
 
1863
+ # @note When making an API call, you may pass ListThirdPartyFirewallFirewallPoliciesRequest
1864
+ # data as a hash:
1865
+ #
1866
+ # {
1867
+ # third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
1868
+ # next_token: "PaginationToken",
1869
+ # max_results: 1, # required
1870
+ # }
1871
+ #
1872
+ # @!attribute [rw] third_party_firewall
1873
+ # The name of the third-party firewall vendor.
1874
+ # @return [String]
1875
+ #
1876
+ # @!attribute [rw] next_token
1877
+ # If the previous response included a `NextToken` element, the
1878
+ # specified third-party firewall vendor is associated with more
1879
+ # third-party firewall policies. To get more third-party firewall
1880
+ # policies, submit another
1881
+ # `ListThirdPartyFirewallFirewallPoliciesRequest` request.
1882
+ #
1883
+ # For the value of `NextToken`, specify the value of `NextToken` from
1884
+ # the previous response. If the previous response didn't include a
1885
+ # `NextToken` element, there are no more third-party firewall policies
1886
+ # to get.
1887
+ # @return [String]
1888
+ #
1889
+ # @!attribute [rw] max_results
1890
+ # The maximum number of third-party firewall policies that you want
1891
+ # Firewall Manager to return. If the specified third-party firewall
1892
+ # vendor is associated with more than `MaxResults` firewall policies,
1893
+ # the response includes a `NextToken` element. `NextToken` contains an
1894
+ # encrypted token that identifies the first third-party firewall
1895
+ # policies that Firewall Manager will return if you submit another
1896
+ # request.
1897
+ # @return [Integer]
1898
+ #
1899
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPoliciesRequest AWS API Documentation
1900
+ #
1901
+ class ListThirdPartyFirewallFirewallPoliciesRequest < Struct.new(
1902
+ :third_party_firewall,
1903
+ :next_token,
1904
+ :max_results)
1905
+ SENSITIVE = []
1906
+ include Aws::Structure
1907
+ end
1908
+
1909
+ # @!attribute [rw] third_party_firewall_firewall_policies
1910
+ # A list that contains one `ThirdPartyFirewallFirewallPolicies`
1911
+ # element for each third-party firewall policies that the specified
1912
+ # third-party firewall vendor is associated with. Each
1913
+ # `ThirdPartyFirewallFirewallPolicies` element contains the firewall
1914
+ # policy name and ID.
1915
+ # @return [Array<Types::ThirdPartyFirewallFirewallPolicy>]
1916
+ #
1917
+ # @!attribute [rw] next_token
1918
+ # The value that you will use for `NextToken` in the next
1919
+ # `ListThirdPartyFirewallFirewallPolicies` request.
1920
+ # @return [String]
1921
+ #
1922
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPoliciesResponse AWS API Documentation
1923
+ #
1924
+ class ListThirdPartyFirewallFirewallPoliciesResponse < Struct.new(
1925
+ :third_party_firewall_firewall_policies,
1926
+ :next_token)
1927
+ SENSITIVE = []
1928
+ include Aws::Structure
1929
+ end
1930
+
1613
1931
  # Violation detail for an internet gateway route with an inactive state
1614
1932
  # in the customer subnet route table or Network Firewall subnet route
1615
1933
  # table.
@@ -1940,6 +2258,39 @@ module Aws::FMS
1940
2258
  include Aws::Structure
1941
2259
  end
1942
2260
 
2261
+ # Configures the firewall policy deployment model of Network Firewall.
2262
+ # For information about Network Firewall deployment models, see [Network
2263
+ # Firewall example architectures with routing][1] in the *Network
2264
+ # Firewall Developer Guide*.
2265
+ #
2266
+ #
2267
+ #
2268
+ # [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/architectures.html
2269
+ #
2270
+ # @note When making an API call, you may pass NetworkFirewallPolicy
2271
+ # data as a hash:
2272
+ #
2273
+ # {
2274
+ # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
2275
+ # }
2276
+ #
2277
+ # @!attribute [rw] firewall_deployment_model
2278
+ # Defines the deployment model to use for the firewall policy. To use
2279
+ # a distributed model, set [PolicyOption][1] to `NULL`.
2280
+ #
2281
+ #
2282
+ #
2283
+ # [1]: https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html
2284
+ # @return [String]
2285
+ #
2286
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallPolicy AWS API Documentation
2287
+ #
2288
+ class NetworkFirewallPolicy < Struct.new(
2289
+ :firewall_deployment_model)
2290
+ SENSITIVE = []
2291
+ include Aws::Structure
2292
+ end
2293
+
1943
2294
  # The definition of the Network Firewall firewall policy.
1944
2295
  #
1945
2296
  # @!attribute [rw] stateless_rule_groups
@@ -2102,8 +2453,16 @@ module Aws::FMS
2102
2453
  # policy_name: "ResourceName", # required
2103
2454
  # policy_update_token: "PolicyUpdateToken",
2104
2455
  # security_service_policy_data: { # required
2105
- # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
2456
+ # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
2106
2457
  # managed_service_data: "ManagedServiceData",
2458
+ # policy_option: {
2459
+ # network_firewall_policy: {
2460
+ # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
2461
+ # },
2462
+ # third_party_firewall_policy: {
2463
+ # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
2464
+ # },
2465
+ # },
2107
2466
  # },
2108
2467
  # resource_type: "ResourceType", # required
2109
2468
  # resource_type_list: ["ResourceType"],
@@ -2389,6 +2748,38 @@ module Aws::FMS
2389
2748
  include Aws::Structure
2390
2749
  end
2391
2750
 
2751
+ # Contains the Network Firewall firewall policy options to configure a
2752
+ # centralized deployment model.
2753
+ #
2754
+ # @note When making an API call, you may pass PolicyOption
2755
+ # data as a hash:
2756
+ #
2757
+ # {
2758
+ # network_firewall_policy: {
2759
+ # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
2760
+ # },
2761
+ # third_party_firewall_policy: {
2762
+ # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
2763
+ # },
2764
+ # }
2765
+ #
2766
+ # @!attribute [rw] network_firewall_policy
2767
+ # Defines the deployment model to use for the firewall policy.
2768
+ # @return [Types::NetworkFirewallPolicy]
2769
+ #
2770
+ # @!attribute [rw] third_party_firewall_policy
2771
+ # Defines the policy options for a third-party firewall policy.
2772
+ # @return [Types::ThirdPartyFirewallPolicy]
2773
+ #
2774
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PolicyOption AWS API Documentation
2775
+ #
2776
+ class PolicyOption < Struct.new(
2777
+ :network_firewall_policy,
2778
+ :third_party_firewall_policy)
2779
+ SENSITIVE = []
2780
+ include Aws::Structure
2781
+ end
2782
+
2392
2783
  # Details of the Firewall Manager policy.
2393
2784
  #
2394
2785
  # @!attribute [rw] policy_arn
@@ -2703,8 +3094,16 @@ module Aws::FMS
2703
3094
  # policy_name: "ResourceName", # required
2704
3095
  # policy_update_token: "PolicyUpdateToken",
2705
3096
  # security_service_policy_data: { # required
2706
- # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
3097
+ # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
2707
3098
  # managed_service_data: "ManagedServiceData",
3099
+ # policy_option: {
3100
+ # network_firewall_policy: {
3101
+ # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
3102
+ # },
3103
+ # third_party_firewall_policy: {
3104
+ # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
3105
+ # },
3106
+ # },
2708
3107
  # },
2709
3108
  # resource_type: "ResourceType", # required
2710
3109
  # resource_type_list: ["ResourceType"],
@@ -2860,6 +3259,10 @@ module Aws::FMS
2860
3259
  # Information about the CreateRouteTable action in the Amazon EC2 API.
2861
3260
  # @return [Types::EC2CreateRouteTableAction]
2862
3261
  #
3262
+ # @!attribute [rw] fms_policy_update_firewall_creation_config_action
3263
+ # The remedial action to take when updating a firewall configuration.
3264
+ # @return [Types::FMSPolicyUpdateFirewallCreationConfigAction]
3265
+ #
2863
3266
  # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/RemediationAction AWS API Documentation
2864
3267
  #
2865
3268
  class RemediationAction < Struct.new(
@@ -2870,7 +3273,8 @@ module Aws::FMS
2870
3273
  :ec2_copy_route_table_action,
2871
3274
  :ec2_replace_route_table_association_action,
2872
3275
  :ec2_associate_route_table_action,
2873
- :ec2_create_route_table_action)
3276
+ :ec2_create_route_table_action,
3277
+ :fms_policy_update_firewall_creation_config_action)
2874
3278
  SENSITIVE = []
2875
3279
  include Aws::Structure
2876
3280
  end
@@ -3037,6 +3441,37 @@ module Aws::FMS
3037
3441
  # actions.
3038
3442
  # @return [Types::PossibleRemediationActions]
3039
3443
  #
3444
+ # @!attribute [rw] firewall_subnet_is_out_of_scope_violation
3445
+ # Contains details about the firewall subnet that violates the policy
3446
+ # scope.
3447
+ # @return [Types::FirewallSubnetIsOutOfScopeViolation]
3448
+ #
3449
+ # @!attribute [rw] route_has_out_of_scope_endpoint_violation
3450
+ # Contains details about the route endpoint that violates the policy
3451
+ # scope.
3452
+ # @return [Types::RouteHasOutOfScopeEndpointViolation]
3453
+ #
3454
+ # @!attribute [rw] third_party_firewall_missing_firewall_violation
3455
+ # The violation details for a third-party firewall that's been
3456
+ # deleted.
3457
+ # @return [Types::ThirdPartyFirewallMissingFirewallViolation]
3458
+ #
3459
+ # @!attribute [rw] third_party_firewall_missing_subnet_violation
3460
+ # The violation details for a third-party firewall's subnet that's
3461
+ # been deleted.
3462
+ # @return [Types::ThirdPartyFirewallMissingSubnetViolation]
3463
+ #
3464
+ # @!attribute [rw] third_party_firewall_missing_expected_route_table_violation
3465
+ # The violation details for a third-party firewall that has the
3466
+ # Firewall Manager managed route table that was associated with the
3467
+ # third-party firewall has been deleted.
3468
+ # @return [Types::ThirdPartyFirewallMissingExpectedRouteTableViolation]
3469
+ #
3470
+ # @!attribute [rw] firewall_subnet_missing_vpc_endpoint_violation
3471
+ # The violation details for a third-party firewall's VPC endpoint
3472
+ # subnet that was deleted.
3473
+ # @return [Types::FirewallSubnetMissingVPCEndpointViolation]
3474
+ #
3040
3475
  # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
3041
3476
  #
3042
3477
  class ResourceViolation < Struct.new(
@@ -3056,7 +3491,13 @@ module Aws::FMS
3056
3491
  :dns_rule_group_priority_conflict_violation,
3057
3492
  :dns_duplicate_rule_group_violation,
3058
3493
  :dns_rule_group_limit_exceeded_violation,
3059
- :possible_remediation_actions)
3494
+ :possible_remediation_actions,
3495
+ :firewall_subnet_is_out_of_scope_violation,
3496
+ :route_has_out_of_scope_endpoint_violation,
3497
+ :third_party_firewall_missing_firewall_violation,
3498
+ :third_party_firewall_missing_subnet_violation,
3499
+ :third_party_firewall_missing_expected_route_table_violation,
3500
+ :firewall_subnet_missing_vpc_endpoint_violation)
3060
3501
  SENSITIVE = []
3061
3502
  include Aws::Structure
3062
3503
  end
@@ -3090,6 +3531,77 @@ module Aws::FMS
3090
3531
  include Aws::Structure
3091
3532
  end
3092
3533
 
3534
+ # Contains details about the route endpoint that violates the policy
3535
+ # scope.
3536
+ #
3537
+ # @!attribute [rw] subnet_id
3538
+ # The ID of the subnet associated with the route that violates the
3539
+ # policy scope.
3540
+ # @return [String]
3541
+ #
3542
+ # @!attribute [rw] vpc_id
3543
+ # The VPC ID of the route that violates the policy scope.
3544
+ # @return [String]
3545
+ #
3546
+ # @!attribute [rw] route_table_id
3547
+ # The ID of the route table.
3548
+ # @return [String]
3549
+ #
3550
+ # @!attribute [rw] violating_routes
3551
+ # The list of routes that violate the route table.
3552
+ # @return [Array<Types::Route>]
3553
+ #
3554
+ # @!attribute [rw] subnet_availability_zone
3555
+ # The subnet's Availability Zone.
3556
+ # @return [String]
3557
+ #
3558
+ # @!attribute [rw] subnet_availability_zone_id
3559
+ # The ID of the subnet's Availability Zone.
3560
+ # @return [String]
3561
+ #
3562
+ # @!attribute [rw] current_firewall_subnet_route_table
3563
+ # The route table associated with the current firewall subnet.
3564
+ # @return [String]
3565
+ #
3566
+ # @!attribute [rw] firewall_subnet_id
3567
+ # The ID of the firewall subnet.
3568
+ # @return [String]
3569
+ #
3570
+ # @!attribute [rw] firewall_subnet_routes
3571
+ # The list of firewall subnet routes.
3572
+ # @return [Array<Types::Route>]
3573
+ #
3574
+ # @!attribute [rw] internet_gateway_id
3575
+ # The ID of the Internet Gateway.
3576
+ # @return [String]
3577
+ #
3578
+ # @!attribute [rw] current_internet_gateway_route_table
3579
+ # The current route table associated with the Internet Gateway.
3580
+ # @return [String]
3581
+ #
3582
+ # @!attribute [rw] internet_gateway_routes
3583
+ # The routes in the route table associated with the Internet Gateway.
3584
+ # @return [Array<Types::Route>]
3585
+ #
3586
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/RouteHasOutOfScopeEndpointViolation AWS API Documentation
3587
+ #
3588
+ class RouteHasOutOfScopeEndpointViolation < Struct.new(
3589
+ :subnet_id,
3590
+ :vpc_id,
3591
+ :route_table_id,
3592
+ :violating_routes,
3593
+ :subnet_availability_zone,
3594
+ :subnet_availability_zone_id,
3595
+ :current_firewall_subnet_route_table,
3596
+ :firewall_subnet_id,
3597
+ :firewall_subnet_routes,
3598
+ :internet_gateway_id,
3599
+ :current_internet_gateway_route_table,
3600
+ :internet_gateway_routes)
3601
+ SENSITIVE = []
3602
+ include Aws::Structure
3603
+ end
3604
+
3093
3605
  # Remediation option for the rule specified in the `ViolationTarget`.
3094
3606
  #
3095
3607
  # @!attribute [rw] remediation_action_type
@@ -3169,8 +3681,16 @@ module Aws::FMS
3169
3681
  # data as a hash:
3170
3682
  #
3171
3683
  # {
3172
- # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
3684
+ # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
3173
3685
  # managed_service_data: "ManagedServiceData",
3686
+ # policy_option: {
3687
+ # network_firewall_policy: {
3688
+ # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
3689
+ # },
3690
+ # third_party_firewall_policy: {
3691
+ # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
3692
+ # },
3693
+ # },
3174
3694
  # }
3175
3695
  #
3176
3696
  # @!attribute [rw] type
@@ -3197,11 +3717,162 @@ module Aws::FMS
3197
3717
  #
3198
3718
  # </note>
3199
3719
  #
3200
- # * Example: `NETWORK_FIREWALL`
3720
+ # * Example: `DNS_FIREWALL`
3721
+ #
3722
+ # `"\{"type":"DNS_FIREWALL","preProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-1","priority":10\}],"postProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-2","priority":9911\}]\}"`
3723
+ #
3724
+ # <note markdown="1"> Valid values for `preProcessRuleGroups` are between 1 and 99.
3725
+ # Valid values for `postProcessRuleGroups` are between 9901 and
3726
+ # 10000.
3727
+ #
3728
+ # </note>
3729
+ #
3730
+ # * Example: `NETWORK_FIREWALL` - Distributed deployment model with
3731
+ # automatic Availability Zone configuration. With automatic
3732
+ # Availbility Zone configuration, Firewall Manager chooses which
3733
+ # Availability Zones to create the endpoints in.
3734
+ #
3735
+ # `"\{ "type": "NETWORK_FIREWALL",
3736
+ # "networkFirewallStatelessRuleGroupReferences": [ \{
3737
+ # "resourceARN":
3738
+ # "arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test",
3739
+ # "priority": 1 \} ], "networkFirewallStatelessDefaultActions":
3740
+ # [ "aws:forward_to_sfe", "customActionName" ],
3741
+ # "networkFirewallStatelessFragmentDefaultActions": [
3742
+ # "aws:forward_to_sfe", "customActionName" ],
3743
+ # "networkFirewallStatelessCustomActions": [ \{ "actionName":
3744
+ # "customActionName", "actionDefinition": \{
3745
+ # "publishMetricAction": \{ "dimensions": [ \{ "value":
3746
+ # "metricdimensionvalue" \} ] \} \} \} ],
3747
+ # "networkFirewallStatefulRuleGroupReferences": [ \{
3748
+ # "resourceARN":
3749
+ # "arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
3750
+ # \} ], "networkFirewallOrchestrationConfig": \{
3751
+ # "singleFirewallEndpointPerVPC": false, "allowedIPV4CidrList":
3752
+ # [ "10.0.0.0/28", "192.168.0.0/28" ],
3753
+ # "routeManagementAction": "OFF" \},
3754
+ # "networkFirewallLoggingConfiguration": \{
3755
+ # "logDestinationConfigs": [ \{ "logDestinationType": "S3",
3756
+ # "logType": "ALERT", "logDestination": \{ "bucketName":
3757
+ # "s3-bucket-name" \} \}, \{ "logDestinationType": "S3",
3758
+ # "logType": "FLOW", "logDestination": \{ "bucketName":
3759
+ # "s3-bucket-name" \} \} ], "overrideExistingConfig": true \}
3760
+ # \}"`
3201
3761
  #
3202
- # `"\{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2","priority":10\}],"networkFirewallStatelessDefaultActions":["aws:pass","custom1"],"networkFirewallStatelessFragmentDefaultActions":["custom2","aws:pass"],"networkFirewallStatelessCustomActions":[\{"actionName":"custom1","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"dimension1"\}]\}\}\},\{"actionName":"custom2","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"dimension2"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1"\}],"networkFirewallOrchestrationConfig":\{"singleFirewallEndpointPerVPC":true,"allowedIPV4CidrList":["10.24.34.0/28"]\}
3762
+ # To use the distributed deployment model, you must set
3763
+ # [PolicyOption][1] to `NULL`.
3764
+ #
3765
+ # * Example: `NETWORK_FIREWALL` - Distributed deployment model with
3766
+ # automatic Availability Zone configuration, and route management.
3767
+ #
3768
+ # `"\{ "type": "NETWORK_FIREWALL",
3769
+ # "networkFirewallStatelessRuleGroupReferences": [ \{
3770
+ # "resourceARN":
3771
+ # "arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test",
3772
+ # "priority": 1 \} ], "networkFirewallStatelessDefaultActions":
3773
+ # [ "aws:forward_to_sfe", "customActionName" ],
3774
+ # "networkFirewallStatelessFragmentDefaultActions": [
3775
+ # "aws:forward_to_sfe", "customActionName" ],
3776
+ # "networkFirewallStatelessCustomActions": [ \{ "actionName":
3777
+ # "customActionName", "actionDefinition": \{
3778
+ # "publishMetricAction": \{ "dimensions": [ \{ "value":
3779
+ # "metricdimensionvalue" \} ] \} \} \} ],
3780
+ # "networkFirewallStatefulRuleGroupReferences": [ \{
3781
+ # "resourceARN":
3782
+ # "arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
3783
+ # \} ], "networkFirewallOrchestrationConfig": \{
3784
+ # "singleFirewallEndpointPerVPC": false, "allowedIPV4CidrList":
3785
+ # [ "10.0.0.0/28", "192.168.0.0/28" ],
3786
+ # "routeManagementAction": "MONITOR",
3787
+ # "routeManagementTargetTypes": [ "InternetGateway" ] \},
3788
+ # "networkFirewallLoggingConfiguration": \{
3789
+ # "logDestinationConfigs": [ \{ "logDestinationType": "S3",
3790
+ # "logType": "ALERT", "logDestination": \{ "bucketName":
3791
+ # "s3-bucket-name" \} \}, \{ "logDestinationType": "S3",
3792
+ # "logType": "FLOW", "logDestination": \{ "bucketName":
3793
+ # "s3-bucket-name" \} \} ], "overrideExistingConfig": true \}
3203
3794
  # \}"`
3204
3795
  #
3796
+ # * Example: `NETWORK_FIREWALL` - Distributed deployment model with
3797
+ # custom Availability Zone configuration. With custom Availability
3798
+ # Zone configuration, you define which specific Availability Zones
3799
+ # to create endpoints in by configuring `firewallCreationConfig`.
3800
+ #
3801
+ # `"\{
3802
+ # "type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],
3803
+ # "networkFirewallStatelessDefaultActions":[
3804
+ # "aws:forward_to_sfe", "customActionName" ],
3805
+ # "networkFirewallStatelessFragmentDefaultActions":[
3806
+ # "aws:forward_to_sfe", "fragmentcustomactionname" ],
3807
+ # "networkFirewallStatelessCustomActions":[ \{
3808
+ # "actionName":"customActionName", "actionDefinition":\{
3809
+ # "publishMetricAction":\{ "dimensions":[ \{
3810
+ # "value":"metricdimensionvalue" \} ] \} \} \}, \{
3811
+ # "actionName":"fragmentcustomactionname",
3812
+ # "actionDefinition":\{ "publishMetricAction":\{
3813
+ # "dimensions":[ \{ "value":"fragmentmetricdimensionvalue" \}
3814
+ # ] \} \} \} ], "networkFirewallStatefulRuleGroupReferences":[ \{
3815
+ # "resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
3816
+ # \} ], "networkFirewallOrchestrationConfig":\{
3817
+ # "firewallCreationConfig":\{ "endpointLocation":\{
3818
+ # "availabilityZoneConfigList":[ \{ "availabilityZoneId":null,
3819
+ # "availabilityZoneName":"us-east-1a", "allowedIPV4CidrList":[
3820
+ # "10.0.0.0/28" ] \}, \{ ¯"availabilityZoneId":null,
3821
+ # "availabilityZoneName":"us-east-1b", "allowedIPV4CidrList":[
3822
+ # "10.0.0.0/28" ] \} ] \} \},
3823
+ # "singleFirewallEndpointPerVPC":false,
3824
+ # "allowedIPV4CidrList":null, "routeManagementAction":"OFF",
3825
+ # "networkFirewallLoggingConfiguration":\{
3826
+ # "logDestinationConfigs":[ \{ "logDestinationType":"S3",
3827
+ # "logType":"ALERT", "logDestination":\{
3828
+ # "bucketName":"s3-bucket-name" \} \}, \{
3829
+ # "logDestinationType":"S3", "logType":"FLOW",
3830
+ # "logDestination":\{ "bucketName":"s3-bucket-name" \} \} ],
3831
+ # "overrideExistingConfig":boolean \} \}"`
3832
+ #
3833
+ # * Example: `NETWORK_FIREWALL` - Distributed deployment model with
3834
+ # custom Availability Zone configuration, and route management.
3835
+ #
3836
+ # `"\{
3837
+ # "type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],
3838
+ # "networkFirewallStatelessDefaultActions":[
3839
+ # "aws:forward_to_sfe", "customActionName" ],
3840
+ # "networkFirewallStatelessFragmentDefaultActions":[
3841
+ # "aws:forward_to_sfe", "fragmentcustomactionname" ],
3842
+ # "networkFirewallStatelessCustomActions":[ \{
3843
+ # "actionName":"customActionName", "actionDefinition":\{
3844
+ # "publishMetricAction":\{ "dimensions":[ \{
3845
+ # "value":"metricdimensionvalue" \} ] \} \} \}, \{
3846
+ # "actionName":"fragmentcustomactionname",
3847
+ # "actionDefinition":\{ "publishMetricAction":\{
3848
+ # "dimensions":[ \{ "value":"fragmentmetricdimensionvalue" \}
3849
+ # ] \} \} \} ], "networkFirewallStatefulRuleGroupReferences":[ \{
3850
+ # "resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
3851
+ # \} ], "networkFirewallOrchestrationConfig":\{
3852
+ # "firewallCreationConfig":\{ "endpointLocation":\{
3853
+ # "availabilityZoneConfigList":[ \{ "availabilityZoneId":null,
3854
+ # "availabilityZoneName":"us-east-1a", "allowedIPV4CidrList":[
3855
+ # "10.0.0.0/28" ] \}, \{ ¯"availabilityZoneId":null,
3856
+ # "availabilityZoneName":"us-east-1b", "allowedIPV4CidrList":[
3857
+ # "10.0.0.0/28" ] \} ] \} \},
3858
+ # "singleFirewallEndpointPerVPC":false,
3859
+ # "allowedIPV4CidrList":null,
3860
+ # "routeManagementAction":"MONITOR",
3861
+ # "routeManagementTargetTypes":[ "InternetGateway" ],
3862
+ # "routeManagementConfig":\{
3863
+ # "allowCrossAZTrafficIfNoEndpoint":true \} \},
3864
+ # "networkFirewallLoggingConfiguration":\{
3865
+ # "logDestinationConfigs":[ \{ "logDestinationType":"S3",
3866
+ # "logType":"ALERT", "logDestination":\{
3867
+ # "bucketName":"s3-bucket-name" \} \}, \{
3868
+ # "logDestinationType":"S3", "logType":"FLOW",
3869
+ # "logDestination":\{ "bucketName":"s3-bucket-name" \} \} ],
3870
+ # "overrideExistingConfig":boolean \} \}"`
3871
+ #
3872
+ # * Example: `PARTNER_FIREWALL` for Firewall Manager
3873
+ #
3874
+ # `"\{"type":"THIRD_PARTY_FIREWALL","thirdPartyrFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW","thirdPartyFirewallConfig":\{"thirdPartyFirewallPolicyList":["global-123456789012-1"],"networkFirewallLoggingConfiguration":null\},"firewallDeploymentModel":\{"distributedFirewallDeploymentModel":\{"distributedFirewallOrchestrationConfig":\{"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.1.0/28"]\}]\}\},"allowedIPV4CidrList":null\},"distributedRouteManagementConfig":null\},"centralizedFirewallDeploymentModel":null\}\}""`
3875
+ #
3205
3876
  # * Specification for `SHIELD_ADVANCED` for Amazon CloudFront
3206
3877
  # distributions
3207
3878
  #
@@ -3240,6 +3911,18 @@ module Aws::FMS
3240
3911
  # "overrideAction" : \{"type": "COUNT"\}\}],
3241
3912
  # "defaultAction": \{"type": "BLOCK"\}\}"`
3242
3913
  #
3914
+ # * Example: `WAFV2` - Firewall Manager support for WAF managed rule
3915
+ # group versioning
3916
+ #
3917
+ # `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":true,"version":"Version_2.0","vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesCommonRuleSet"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[\{"name":"NoUserAgent_HEADER"\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
3918
+ #
3919
+ # To use a specific version of a WAF managed rule group in your
3920
+ # Firewall Manager policy, you must set `versionEnabled` to `true`,
3921
+ # and set `version` to the version you'd like to use. If you don't
3922
+ # set `versionEnabled` to `true`, or if you omit `versionEnabled`,
3923
+ # then Firewall Manager uses the default version of the WAF managed
3924
+ # rule group.
3925
+ #
3243
3926
  # * Example: `SECURITY_GROUPS_COMMON`
3244
3927
  #
3245
3928
  # `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
@@ -3267,13 +3950,23 @@ module Aws::FMS
3267
3950
  # * Example: `SECURITY_GROUPS_USAGE_AUDIT`
3268
3951
  #
3269
3952
  # `"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true\}"`
3953
+ #
3954
+ #
3955
+ #
3956
+ # [1]: https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html
3270
3957
  # @return [String]
3271
3958
  #
3959
+ # @!attribute [rw] policy_option
3960
+ # Contains the Network Firewall firewall policy options to configure a
3961
+ # centralized deployment model.
3962
+ # @return [Types::PolicyOption]
3963
+ #
3272
3964
  # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityServicePolicyData AWS API Documentation
3273
3965
  #
3274
3966
  class SecurityServicePolicyData < Struct.new(
3275
3967
  :type,
3276
- :managed_service_data)
3968
+ :managed_service_data,
3969
+ :policy_option)
3277
3970
  SENSITIVE = []
3278
3971
  include Aws::Structure
3279
3972
  end
@@ -3397,6 +4090,153 @@ module Aws::FMS
3397
4090
  #
3398
4091
  class TagResourceResponse < Aws::EmptyStructure; end
3399
4092
 
4093
+ # Configures the firewall policy deployment model for a third-party
4094
+ # firewall. The deployment model can either be distributed or
4095
+ # centralized.
4096
+ #
4097
+ # @!attribute [rw] firewall_policy_id
4098
+ # The ID of the specified firewall policy.
4099
+ # @return [String]
4100
+ #
4101
+ # @!attribute [rw] firewall_policy_name
4102
+ # The name of the specified firewall policy.
4103
+ # @return [String]
4104
+ #
4105
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallFirewallPolicy AWS API Documentation
4106
+ #
4107
+ class ThirdPartyFirewallFirewallPolicy < Struct.new(
4108
+ :firewall_policy_id,
4109
+ :firewall_policy_name)
4110
+ SENSITIVE = []
4111
+ include Aws::Structure
4112
+ end
4113
+
4114
+ # The violation details for a third-party firewall that's not
4115
+ # associated with an Firewall Manager managed route table.
4116
+ #
4117
+ # @!attribute [rw] violation_target
4118
+ # The ID of the third-party firewall or VPC resource that's causing
4119
+ # the violation.
4120
+ # @return [String]
4121
+ #
4122
+ # @!attribute [rw] vpc
4123
+ # The resource ID of the VPC associated with a fireawll subnet that's
4124
+ # causing the violation.
4125
+ # @return [String]
4126
+ #
4127
+ # @!attribute [rw] availability_zone
4128
+ # The Availability Zone of the firewall subnet that's causing the
4129
+ # violation.
4130
+ # @return [String]
4131
+ #
4132
+ # @!attribute [rw] current_route_table
4133
+ # The resource ID of the current route table that's associated with
4134
+ # the subnet, if one is available.
4135
+ # @return [String]
4136
+ #
4137
+ # @!attribute [rw] expected_route_table
4138
+ # The resource ID of the route table that should be associated with
4139
+ # the subnet.
4140
+ # @return [String]
4141
+ #
4142
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallMissingExpectedRouteTableViolation AWS API Documentation
4143
+ #
4144
+ class ThirdPartyFirewallMissingExpectedRouteTableViolation < Struct.new(
4145
+ :violation_target,
4146
+ :vpc,
4147
+ :availability_zone,
4148
+ :current_route_table,
4149
+ :expected_route_table)
4150
+ SENSITIVE = []
4151
+ include Aws::Structure
4152
+ end
4153
+
4154
+ # The violation details about a third-party firewall's subnet that
4155
+ # doesn't have a Firewall Manager managed firewall in its VPC.
4156
+ #
4157
+ # @!attribute [rw] violation_target
4158
+ # The ID of the third-party firewall that's causing the violation.
4159
+ # @return [String]
4160
+ #
4161
+ # @!attribute [rw] vpc
4162
+ # The resource ID of the VPC associated with a third-party firewall.
4163
+ # @return [String]
4164
+ #
4165
+ # @!attribute [rw] availability_zone
4166
+ # The Availability Zone of the third-party firewall that's causing
4167
+ # the violation.
4168
+ # @return [String]
4169
+ #
4170
+ # @!attribute [rw] target_violation_reason
4171
+ # The reason the resource is causing this violation, if a reason is
4172
+ # available.
4173
+ # @return [String]
4174
+ #
4175
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallMissingFirewallViolation AWS API Documentation
4176
+ #
4177
+ class ThirdPartyFirewallMissingFirewallViolation < Struct.new(
4178
+ :violation_target,
4179
+ :vpc,
4180
+ :availability_zone,
4181
+ :target_violation_reason)
4182
+ SENSITIVE = []
4183
+ include Aws::Structure
4184
+ end
4185
+
4186
+ # The violation details for a third-party firewall for an Availability
4187
+ # Zone that's missing the Firewall Manager managed subnet.
4188
+ #
4189
+ # @!attribute [rw] violation_target
4190
+ # The ID of the third-party firewall or VPC resource that's causing
4191
+ # the violation.
4192
+ # @return [String]
4193
+ #
4194
+ # @!attribute [rw] vpc
4195
+ # The resource ID of the VPC associated with a subnet that's causing
4196
+ # the violation.
4197
+ # @return [String]
4198
+ #
4199
+ # @!attribute [rw] availability_zone
4200
+ # The Availability Zone of a subnet that's causing the violation.
4201
+ # @return [String]
4202
+ #
4203
+ # @!attribute [rw] target_violation_reason
4204
+ # The reason the resource is causing the violation, if a reason is
4205
+ # available.
4206
+ # @return [String]
4207
+ #
4208
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallMissingSubnetViolation AWS API Documentation
4209
+ #
4210
+ class ThirdPartyFirewallMissingSubnetViolation < Struct.new(
4211
+ :violation_target,
4212
+ :vpc,
4213
+ :availability_zone,
4214
+ :target_violation_reason)
4215
+ SENSITIVE = []
4216
+ include Aws::Structure
4217
+ end
4218
+
4219
+ # Configures the policy for the third-party firewall.
4220
+ #
4221
+ # @note When making an API call, you may pass ThirdPartyFirewallPolicy
4222
+ # data as a hash:
4223
+ #
4224
+ # {
4225
+ # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
4226
+ # }
4227
+ #
4228
+ # @!attribute [rw] firewall_deployment_model
4229
+ # Defines the deployment model to use for the third-party firewall.
4230
+ # @return [String]
4231
+ #
4232
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ThirdPartyFirewallPolicy AWS API Documentation
4233
+ #
4234
+ class ThirdPartyFirewallPolicy < Struct.new(
4235
+ :firewall_deployment_model)
4236
+ SENSITIVE = []
4237
+ include Aws::Structure
4238
+ end
4239
+
3400
4240
  # @note When making an API call, you may pass UntagResourceRequest
3401
4241
  # data as a hash:
3402
4242
  #