aws-sdk-fms 1.47.0 → 1.48.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-fms/client.rb +44 -2
- data/lib/aws-sdk-fms/client_api.rb +46 -0
- data/lib/aws-sdk-fms/types.rb +405 -6
- data/lib/aws-sdk-fms.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fe1856b2e7db71ec8c271606d37bf76353ca984e90989e79ff8b135c213ec108
|
4
|
+
data.tar.gz: 276edd6276e83d327b817785a38be6a3fde6899604fbd7530ed5ea99038092e0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e9781f9af09f7b87593143da3daae257adc24f9cdb28824f09faa3b0e110ae87fb7965897a7663848e7e841e6e51542078b0bc50d80923d9f89d185fefa5d7de
|
7
|
+
data.tar.gz: 2ef93a5e9c63b64ea4c8051deb6a1548a1dac2995468feb6e63349e556800cfd0c2ef0a4312033e4b5d8db36700a8739215d940188c032f09d61bf76fcb0afdd
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,11 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.48.0 (2022-02-24)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - AWS Firewall Manager now supports the configuration of AWS Network Firewall policies with either centralized or distributed deployment models. This release also adds support for custom endpoint configuration, where you can choose which Availability Zones to create firewall endpoints in.
|
8
|
+
|
4
9
|
1.47.0 (2022-02-03)
|
5
10
|
------------------
|
6
11
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.48.0
|
data/lib/aws-sdk-fms/client.rb
CHANGED
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
30
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
31
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
32
33
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
@@ -75,6 +76,7 @@ module Aws::FMS
|
|
75
76
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
76
77
|
add_plugin(Aws::Plugins::TransferEncoding)
|
77
78
|
add_plugin(Aws::Plugins::HttpChecksum)
|
79
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
78
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
79
81
|
add_plugin(Aws::Plugins::RecursionDetection)
|
80
82
|
add_plugin(Aws::Plugins::SignatureV4)
|
@@ -646,8 +648,10 @@ module Aws::FMS
|
|
646
648
|
# resp.policy_compliance_detail.member_account #=> String
|
647
649
|
# resp.policy_compliance_detail.violators #=> Array
|
648
650
|
# resp.policy_compliance_detail.violators[0].resource_id #=> String
|
649
|
-
# resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL"
|
651
|
+
# resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT"
|
650
652
|
# resp.policy_compliance_detail.violators[0].resource_type #=> String
|
653
|
+
# resp.policy_compliance_detail.violators[0].metadata #=> Hash
|
654
|
+
# resp.policy_compliance_detail.violators[0].metadata["LengthBoundedString"] #=> String
|
651
655
|
# resp.policy_compliance_detail.evaluation_limit_exceeded #=> Boolean
|
652
656
|
# resp.policy_compliance_detail.expired_at #=> Time
|
653
657
|
# resp.policy_compliance_detail.issue_info_map #=> Hash
|
@@ -707,6 +711,7 @@ module Aws::FMS
|
|
707
711
|
# resp.policy.policy_update_token #=> String
|
708
712
|
# resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
|
709
713
|
# resp.policy.security_service_policy_data.managed_service_data #=> String
|
714
|
+
# resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED"
|
710
715
|
# resp.policy.resource_type #=> String
|
711
716
|
# resp.policy.resource_type_list #=> Array
|
712
717
|
# resp.policy.resource_type_list[0] #=> String
|
@@ -1142,8 +1147,39 @@ module Aws::FMS
|
|
1142
1147
|
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_table_action.description #=> String
|
1143
1148
|
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_table_action.vpc_id.resource_id #=> String
|
1144
1149
|
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_table_action.vpc_id.description #=> String
|
1150
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.fms_policy_update_firewall_creation_config_action.description #=> String
|
1151
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.fms_policy_update_firewall_creation_config_action.firewall_creation_config #=> String
|
1145
1152
|
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].order #=> Integer
|
1146
1153
|
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].is_default_action #=> Boolean
|
1154
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.firewall_subnet_id #=> String
|
1155
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.vpc_id #=> String
|
1156
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.subnet_availability_zone #=> String
|
1157
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.subnet_availability_zone_id #=> String
|
1158
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.vpc_endpoint_id #=> String
|
1159
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.subnet_id #=> String
|
1160
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.vpc_id #=> String
|
1161
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.route_table_id #=> String
|
1162
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes #=> Array
|
1163
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
1164
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
1165
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].destination #=> String
|
1166
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].target #=> String
|
1167
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.subnet_availability_zone #=> String
|
1168
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.subnet_availability_zone_id #=> String
|
1169
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.current_firewall_subnet_route_table #=> String
|
1170
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_id #=> String
|
1171
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes #=> Array
|
1172
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
1173
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
1174
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].destination #=> String
|
1175
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].target #=> String
|
1176
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_id #=> String
|
1177
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.current_internet_gateway_route_table #=> String
|
1178
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes #=> Array
|
1179
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
1180
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
1181
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].destination #=> String
|
1182
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target #=> String
|
1147
1183
|
# resp.violation_detail.resource_tags #=> Array
|
1148
1184
|
# resp.violation_detail.resource_tags[0].key #=> String
|
1149
1185
|
# resp.violation_detail.resource_tags[0].value #=> String
|
@@ -1641,6 +1677,11 @@ module Aws::FMS
|
|
1641
1677
|
# security_service_policy_data: { # required
|
1642
1678
|
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
|
1643
1679
|
# managed_service_data: "ManagedServiceData",
|
1680
|
+
# policy_option: {
|
1681
|
+
# network_firewall_policy: {
|
1682
|
+
# firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
|
1683
|
+
# },
|
1684
|
+
# },
|
1644
1685
|
# },
|
1645
1686
|
# resource_type: "ResourceType", # required
|
1646
1687
|
# resource_type_list: ["ResourceType"],
|
@@ -1675,6 +1716,7 @@ module Aws::FMS
|
|
1675
1716
|
# resp.policy.policy_update_token #=> String
|
1676
1717
|
# resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
|
1677
1718
|
# resp.policy.security_service_policy_data.managed_service_data #=> String
|
1719
|
+
# resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED"
|
1678
1720
|
# resp.policy.resource_type #=> String
|
1679
1721
|
# resp.policy.resource_type_list #=> Array
|
1680
1722
|
# resp.policy.resource_type_list[0] #=> String
|
@@ -1833,7 +1875,7 @@ module Aws::FMS
|
|
1833
1875
|
params: params,
|
1834
1876
|
config: config)
|
1835
1877
|
context[:gem_name] = 'aws-sdk-fms'
|
1836
|
-
context[:gem_version] = '1.
|
1878
|
+
context[:gem_version] = '1.48.0'
|
1837
1879
|
Seahorse::Client::Request.new(handlers, context)
|
1838
1880
|
end
|
1839
1881
|
|
@@ -30,6 +30,7 @@ module Aws::FMS
|
|
30
30
|
Boolean = Shapes::BooleanShape.new(name: 'Boolean')
|
31
31
|
CIDR = Shapes::StringShape.new(name: 'CIDR')
|
32
32
|
ComplianceViolator = Shapes::StructureShape.new(name: 'ComplianceViolator')
|
33
|
+
ComplianceViolatorMetadata = Shapes::MapShape.new(name: 'ComplianceViolatorMetadata')
|
33
34
|
ComplianceViolators = Shapes::ListShape.new(name: 'ComplianceViolators')
|
34
35
|
CustomerPolicyScopeId = Shapes::StringShape.new(name: 'CustomerPolicyScopeId')
|
35
36
|
CustomerPolicyScopeIdList = Shapes::ListShape.new(name: 'CustomerPolicyScopeIdList')
|
@@ -60,6 +61,9 @@ module Aws::FMS
|
|
60
61
|
EvaluationResults = Shapes::ListShape.new(name: 'EvaluationResults')
|
61
62
|
ExpectedRoute = Shapes::StructureShape.new(name: 'ExpectedRoute')
|
62
63
|
ExpectedRoutes = Shapes::ListShape.new(name: 'ExpectedRoutes')
|
64
|
+
FMSPolicyUpdateFirewallCreationConfigAction = Shapes::StructureShape.new(name: 'FMSPolicyUpdateFirewallCreationConfigAction')
|
65
|
+
FirewallDeploymentModel = Shapes::StringShape.new(name: 'FirewallDeploymentModel')
|
66
|
+
FirewallSubnetIsOutOfScopeViolation = Shapes::StructureShape.new(name: 'FirewallSubnetIsOutOfScopeViolation')
|
63
67
|
GetAdminAccountRequest = Shapes::StructureShape.new(name: 'GetAdminAccountRequest')
|
64
68
|
GetAdminAccountResponse = Shapes::StructureShape.new(name: 'GetAdminAccountResponse')
|
65
69
|
GetAppsListRequest = Shapes::StructureShape.new(name: 'GetAppsListRequest')
|
@@ -109,6 +113,7 @@ module Aws::FMS
|
|
109
113
|
NetworkFirewallMissingExpectedRoutesViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingExpectedRoutesViolation')
|
110
114
|
NetworkFirewallMissingFirewallViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingFirewallViolation')
|
111
115
|
NetworkFirewallMissingSubnetViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingSubnetViolation')
|
116
|
+
NetworkFirewallPolicy = Shapes::StructureShape.new(name: 'NetworkFirewallPolicy')
|
112
117
|
NetworkFirewallPolicyDescription = Shapes::StructureShape.new(name: 'NetworkFirewallPolicyDescription')
|
113
118
|
NetworkFirewallPolicyModifiedViolation = Shapes::StructureShape.new(name: 'NetworkFirewallPolicyModifiedViolation')
|
114
119
|
NetworkFirewallResourceName = Shapes::StringShape.new(name: 'NetworkFirewallResourceName')
|
@@ -125,6 +130,7 @@ module Aws::FMS
|
|
125
130
|
PolicyComplianceStatusList = Shapes::ListShape.new(name: 'PolicyComplianceStatusList')
|
126
131
|
PolicyComplianceStatusType = Shapes::StringShape.new(name: 'PolicyComplianceStatusType')
|
127
132
|
PolicyId = Shapes::StringShape.new(name: 'PolicyId')
|
133
|
+
PolicyOption = Shapes::StructureShape.new(name: 'PolicyOption')
|
128
134
|
PolicySummary = Shapes::StructureShape.new(name: 'PolicySummary')
|
129
135
|
PolicySummaryList = Shapes::ListShape.new(name: 'PolicySummaryList')
|
130
136
|
PolicyUpdateToken = Shapes::StringShape.new(name: 'PolicyUpdateToken')
|
@@ -167,6 +173,7 @@ module Aws::FMS
|
|
167
173
|
ResourceViolation = Shapes::StructureShape.new(name: 'ResourceViolation')
|
168
174
|
ResourceViolations = Shapes::ListShape.new(name: 'ResourceViolations')
|
169
175
|
Route = Shapes::StructureShape.new(name: 'Route')
|
176
|
+
RouteHasOutOfScopeEndpointViolation = Shapes::StructureShape.new(name: 'RouteHasOutOfScopeEndpointViolation')
|
170
177
|
Routes = Shapes::ListShape.new(name: 'Routes')
|
171
178
|
SecurityGroupRemediationAction = Shapes::StructureShape.new(name: 'SecurityGroupRemediationAction')
|
172
179
|
SecurityGroupRemediationActions = Shapes::ListShape.new(name: 'SecurityGroupRemediationActions')
|
@@ -246,8 +253,12 @@ module Aws::FMS
|
|
246
253
|
ComplianceViolator.add_member(:resource_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ResourceId"))
|
247
254
|
ComplianceViolator.add_member(:violation_reason, Shapes::ShapeRef.new(shape: ViolationReason, location_name: "ViolationReason"))
|
248
255
|
ComplianceViolator.add_member(:resource_type, Shapes::ShapeRef.new(shape: ResourceType, location_name: "ResourceType"))
|
256
|
+
ComplianceViolator.add_member(:metadata, Shapes::ShapeRef.new(shape: ComplianceViolatorMetadata, location_name: "Metadata"))
|
249
257
|
ComplianceViolator.struct_class = Types::ComplianceViolator
|
250
258
|
|
259
|
+
ComplianceViolatorMetadata.key = Shapes::ShapeRef.new(shape: LengthBoundedString)
|
260
|
+
ComplianceViolatorMetadata.value = Shapes::ShapeRef.new(shape: LengthBoundedString)
|
261
|
+
|
251
262
|
ComplianceViolators.member = Shapes::ShapeRef.new(shape: ComplianceViolator)
|
252
263
|
|
253
264
|
CustomerPolicyScopeIdList.member = Shapes::ShapeRef.new(shape: CustomerPolicyScopeId)
|
@@ -348,6 +359,17 @@ module Aws::FMS
|
|
348
359
|
|
349
360
|
ExpectedRoutes.member = Shapes::ShapeRef.new(shape: ExpectedRoute)
|
350
361
|
|
362
|
+
FMSPolicyUpdateFirewallCreationConfigAction.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
|
363
|
+
FMSPolicyUpdateFirewallCreationConfigAction.add_member(:firewall_creation_config, Shapes::ShapeRef.new(shape: ManagedServiceData, location_name: "FirewallCreationConfig"))
|
364
|
+
FMSPolicyUpdateFirewallCreationConfigAction.struct_class = Types::FMSPolicyUpdateFirewallCreationConfigAction
|
365
|
+
|
366
|
+
FirewallSubnetIsOutOfScopeViolation.add_member(:firewall_subnet_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallSubnetId"))
|
367
|
+
FirewallSubnetIsOutOfScopeViolation.add_member(:vpc_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcId"))
|
368
|
+
FirewallSubnetIsOutOfScopeViolation.add_member(:subnet_availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "SubnetAvailabilityZone"))
|
369
|
+
FirewallSubnetIsOutOfScopeViolation.add_member(:subnet_availability_zone_id, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "SubnetAvailabilityZoneId"))
|
370
|
+
FirewallSubnetIsOutOfScopeViolation.add_member(:vpc_endpoint_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcEndpointId"))
|
371
|
+
FirewallSubnetIsOutOfScopeViolation.struct_class = Types::FirewallSubnetIsOutOfScopeViolation
|
372
|
+
|
351
373
|
GetAdminAccountRequest.struct_class = Types::GetAdminAccountRequest
|
352
374
|
|
353
375
|
GetAdminAccountResponse.add_member(:admin_account, Shapes::ShapeRef.new(shape: AWSAccountId, location_name: "AdminAccount"))
|
@@ -551,6 +573,9 @@ module Aws::FMS
|
|
551
573
|
NetworkFirewallMissingSubnetViolation.add_member(:target_violation_reason, Shapes::ShapeRef.new(shape: TargetViolationReason, location_name: "TargetViolationReason"))
|
552
574
|
NetworkFirewallMissingSubnetViolation.struct_class = Types::NetworkFirewallMissingSubnetViolation
|
553
575
|
|
576
|
+
NetworkFirewallPolicy.add_member(:firewall_deployment_model, Shapes::ShapeRef.new(shape: FirewallDeploymentModel, location_name: "FirewallDeploymentModel"))
|
577
|
+
NetworkFirewallPolicy.struct_class = Types::NetworkFirewallPolicy
|
578
|
+
|
554
579
|
NetworkFirewallPolicyDescription.add_member(:stateless_rule_groups, Shapes::ShapeRef.new(shape: StatelessRuleGroupList, location_name: "StatelessRuleGroups"))
|
555
580
|
NetworkFirewallPolicyDescription.add_member(:stateless_default_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatelessDefaultActions"))
|
556
581
|
NetworkFirewallPolicyDescription.add_member(:stateless_fragment_default_actions, Shapes::ShapeRef.new(shape: NetworkFirewallActionList, location_name: "StatelessFragmentDefaultActions"))
|
@@ -618,6 +643,9 @@ module Aws::FMS
|
|
618
643
|
|
619
644
|
PolicyComplianceStatusList.member = Shapes::ShapeRef.new(shape: PolicyComplianceStatus)
|
620
645
|
|
646
|
+
PolicyOption.add_member(:network_firewall_policy, Shapes::ShapeRef.new(shape: NetworkFirewallPolicy, location_name: "NetworkFirewallPolicy"))
|
647
|
+
PolicyOption.struct_class = Types::PolicyOption
|
648
|
+
|
621
649
|
PolicySummary.add_member(:policy_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "PolicyArn"))
|
622
650
|
PolicySummary.add_member(:policy_id, Shapes::ShapeRef.new(shape: PolicyId, location_name: "PolicyId"))
|
623
651
|
PolicySummary.add_member(:policy_name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "PolicyName"))
|
@@ -701,6 +729,7 @@ module Aws::FMS
|
|
701
729
|
RemediationAction.add_member(:ec2_replace_route_table_association_action, Shapes::ShapeRef.new(shape: EC2ReplaceRouteTableAssociationAction, location_name: "EC2ReplaceRouteTableAssociationAction"))
|
702
730
|
RemediationAction.add_member(:ec2_associate_route_table_action, Shapes::ShapeRef.new(shape: EC2AssociateRouteTableAction, location_name: "EC2AssociateRouteTableAction"))
|
703
731
|
RemediationAction.add_member(:ec2_create_route_table_action, Shapes::ShapeRef.new(shape: EC2CreateRouteTableAction, location_name: "EC2CreateRouteTableAction"))
|
732
|
+
RemediationAction.add_member(:fms_policy_update_firewall_creation_config_action, Shapes::ShapeRef.new(shape: FMSPolicyUpdateFirewallCreationConfigAction, location_name: "FMSPolicyUpdateFirewallCreationConfigAction"))
|
704
733
|
RemediationAction.struct_class = Types::RemediationAction
|
705
734
|
|
706
735
|
RemediationActionWithOrder.add_member(:remediation_action, Shapes::ShapeRef.new(shape: RemediationAction, location_name: "RemediationAction"))
|
@@ -737,6 +766,8 @@ module Aws::FMS
|
|
737
766
|
ResourceViolation.add_member(:dns_duplicate_rule_group_violation, Shapes::ShapeRef.new(shape: DnsDuplicateRuleGroupViolation, location_name: "DnsDuplicateRuleGroupViolation"))
|
738
767
|
ResourceViolation.add_member(:dns_rule_group_limit_exceeded_violation, Shapes::ShapeRef.new(shape: DnsRuleGroupLimitExceededViolation, location_name: "DnsRuleGroupLimitExceededViolation"))
|
739
768
|
ResourceViolation.add_member(:possible_remediation_actions, Shapes::ShapeRef.new(shape: PossibleRemediationActions, location_name: "PossibleRemediationActions"))
|
769
|
+
ResourceViolation.add_member(:firewall_subnet_is_out_of_scope_violation, Shapes::ShapeRef.new(shape: FirewallSubnetIsOutOfScopeViolation, location_name: "FirewallSubnetIsOutOfScopeViolation"))
|
770
|
+
ResourceViolation.add_member(:route_has_out_of_scope_endpoint_violation, Shapes::ShapeRef.new(shape: RouteHasOutOfScopeEndpointViolation, location_name: "RouteHasOutOfScopeEndpointViolation"))
|
740
771
|
ResourceViolation.struct_class = Types::ResourceViolation
|
741
772
|
|
742
773
|
ResourceViolations.member = Shapes::ShapeRef.new(shape: ResourceViolation)
|
@@ -747,6 +778,20 @@ module Aws::FMS
|
|
747
778
|
Route.add_member(:target, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Target"))
|
748
779
|
Route.struct_class = Types::Route
|
749
780
|
|
781
|
+
RouteHasOutOfScopeEndpointViolation.add_member(:subnet_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "SubnetId"))
|
782
|
+
RouteHasOutOfScopeEndpointViolation.add_member(:vpc_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "VpcId"))
|
783
|
+
RouteHasOutOfScopeEndpointViolation.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "RouteTableId"))
|
784
|
+
RouteHasOutOfScopeEndpointViolation.add_member(:violating_routes, Shapes::ShapeRef.new(shape: Routes, location_name: "ViolatingRoutes"))
|
785
|
+
RouteHasOutOfScopeEndpointViolation.add_member(:subnet_availability_zone, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "SubnetAvailabilityZone"))
|
786
|
+
RouteHasOutOfScopeEndpointViolation.add_member(:subnet_availability_zone_id, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "SubnetAvailabilityZoneId"))
|
787
|
+
RouteHasOutOfScopeEndpointViolation.add_member(:current_firewall_subnet_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "CurrentFirewallSubnetRouteTable"))
|
788
|
+
RouteHasOutOfScopeEndpointViolation.add_member(:firewall_subnet_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallSubnetId"))
|
789
|
+
RouteHasOutOfScopeEndpointViolation.add_member(:firewall_subnet_routes, Shapes::ShapeRef.new(shape: Routes, location_name: "FirewallSubnetRoutes"))
|
790
|
+
RouteHasOutOfScopeEndpointViolation.add_member(:internet_gateway_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "InternetGatewayId"))
|
791
|
+
RouteHasOutOfScopeEndpointViolation.add_member(:current_internet_gateway_route_table, Shapes::ShapeRef.new(shape: ResourceId, location_name: "CurrentInternetGatewayRouteTable"))
|
792
|
+
RouteHasOutOfScopeEndpointViolation.add_member(:internet_gateway_routes, Shapes::ShapeRef.new(shape: Routes, location_name: "InternetGatewayRoutes"))
|
793
|
+
RouteHasOutOfScopeEndpointViolation.struct_class = Types::RouteHasOutOfScopeEndpointViolation
|
794
|
+
|
750
795
|
Routes.member = Shapes::ShapeRef.new(shape: Route)
|
751
796
|
|
752
797
|
SecurityGroupRemediationAction.add_member(:remediation_action_type, Shapes::ShapeRef.new(shape: RemediationActionType, location_name: "RemediationActionType"))
|
@@ -767,6 +812,7 @@ module Aws::FMS
|
|
767
812
|
|
768
813
|
SecurityServicePolicyData.add_member(:type, Shapes::ShapeRef.new(shape: SecurityServiceType, required: true, location_name: "Type"))
|
769
814
|
SecurityServicePolicyData.add_member(:managed_service_data, Shapes::ShapeRef.new(shape: ManagedServiceData, location_name: "ManagedServiceData"))
|
815
|
+
SecurityServicePolicyData.add_member(:policy_option, Shapes::ShapeRef.new(shape: PolicyOption, location_name: "PolicyOption"))
|
770
816
|
SecurityServicePolicyData.struct_class = Types::SecurityServicePolicyData
|
771
817
|
|
772
818
|
StatefulRuleGroup.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: NetworkFirewallResourceName, location_name: "RuleGroupName"))
|
data/lib/aws-sdk-fms/types.rb
CHANGED
@@ -294,12 +294,18 @@ module Aws::FMS
|
|
294
294
|
# [1]: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html
|
295
295
|
# @return [String]
|
296
296
|
#
|
297
|
+
# @!attribute [rw] metadata
|
298
|
+
# Metadata about the resource that doesn't comply with the policy
|
299
|
+
# scope.
|
300
|
+
# @return [Hash<String,String>]
|
301
|
+
#
|
297
302
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ComplianceViolator AWS API Documentation
|
298
303
|
#
|
299
304
|
class ComplianceViolator < Struct.new(
|
300
305
|
:resource_id,
|
301
306
|
:violation_reason,
|
302
|
-
:resource_type
|
307
|
+
:resource_type,
|
308
|
+
:metadata)
|
303
309
|
SENSITIVE = []
|
304
310
|
include Aws::Structure
|
305
311
|
end
|
@@ -810,6 +816,73 @@ module Aws::FMS
|
|
810
816
|
include Aws::Structure
|
811
817
|
end
|
812
818
|
|
819
|
+
# Contains information about the actions that you can take to remediate
|
820
|
+
# scope violations caused by your policy's `FirewallCreationConfig`.
|
821
|
+
# `FirewallCreationConfig` is an optional configuration that you can use
|
822
|
+
# to choose which Availability Zones Firewall Manager creates Network
|
823
|
+
# Firewall endpoints in.
|
824
|
+
#
|
825
|
+
# @!attribute [rw] description
|
826
|
+
# Describes the remedial action.
|
827
|
+
# @return [String]
|
828
|
+
#
|
829
|
+
# @!attribute [rw] firewall_creation_config
|
830
|
+
# A `FirewallCreationConfig` that you can copy into your current
|
831
|
+
# policy's [SecurityServiceData][1] in order to remedy scope
|
832
|
+
# violations.
|
833
|
+
#
|
834
|
+
#
|
835
|
+
#
|
836
|
+
# [1]: https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_SecurityServicePolicyData.html
|
837
|
+
# @return [String]
|
838
|
+
#
|
839
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/FMSPolicyUpdateFirewallCreationConfigAction AWS API Documentation
|
840
|
+
#
|
841
|
+
class FMSPolicyUpdateFirewallCreationConfigAction < Struct.new(
|
842
|
+
:description,
|
843
|
+
:firewall_creation_config)
|
844
|
+
SENSITIVE = []
|
845
|
+
include Aws::Structure
|
846
|
+
end
|
847
|
+
|
848
|
+
# Contains details about the firewall subnet that violates the policy
|
849
|
+
# scope.
|
850
|
+
#
|
851
|
+
# @!attribute [rw] firewall_subnet_id
|
852
|
+
# The ID of the firewall subnet that violates the policy scope.
|
853
|
+
# @return [String]
|
854
|
+
#
|
855
|
+
# @!attribute [rw] vpc_id
|
856
|
+
# The VPC ID of the firewall subnet that violates the policy scope.
|
857
|
+
# @return [String]
|
858
|
+
#
|
859
|
+
# @!attribute [rw] subnet_availability_zone
|
860
|
+
# The Availability Zone of the firewall subnet that violates the
|
861
|
+
# policy scope.
|
862
|
+
# @return [String]
|
863
|
+
#
|
864
|
+
# @!attribute [rw] subnet_availability_zone_id
|
865
|
+
# The Availability Zone ID of the firewall subnet that violates the
|
866
|
+
# policy scope.
|
867
|
+
# @return [String]
|
868
|
+
#
|
869
|
+
# @!attribute [rw] vpc_endpoint_id
|
870
|
+
# The VPC endpoint ID of the firewall subnet that violates the policy
|
871
|
+
# scope.
|
872
|
+
# @return [String]
|
873
|
+
#
|
874
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/FirewallSubnetIsOutOfScopeViolation AWS API Documentation
|
875
|
+
#
|
876
|
+
class FirewallSubnetIsOutOfScopeViolation < Struct.new(
|
877
|
+
:firewall_subnet_id,
|
878
|
+
:vpc_id,
|
879
|
+
:subnet_availability_zone,
|
880
|
+
:subnet_availability_zone_id,
|
881
|
+
:vpc_endpoint_id)
|
882
|
+
SENSITIVE = []
|
883
|
+
include Aws::Structure
|
884
|
+
end
|
885
|
+
|
813
886
|
# @api private
|
814
887
|
#
|
815
888
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminAccountRequest AWS API Documentation
|
@@ -1940,6 +2013,39 @@ module Aws::FMS
|
|
1940
2013
|
include Aws::Structure
|
1941
2014
|
end
|
1942
2015
|
|
2016
|
+
# Configures the firewall policy deployment model of Network Firewall.
|
2017
|
+
# For information about Network Firewall deployment models, see [Network
|
2018
|
+
# Firewall example architectures with routing][1] in the *Network
|
2019
|
+
# Firewall Developer Guide*.
|
2020
|
+
#
|
2021
|
+
#
|
2022
|
+
#
|
2023
|
+
# [1]: https://docs.aws.amazon.com/network-firewall/latest/developerguide/architectures.html
|
2024
|
+
#
|
2025
|
+
# @note When making an API call, you may pass NetworkFirewallPolicy
|
2026
|
+
# data as a hash:
|
2027
|
+
#
|
2028
|
+
# {
|
2029
|
+
# firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
|
2030
|
+
# }
|
2031
|
+
#
|
2032
|
+
# @!attribute [rw] firewall_deployment_model
|
2033
|
+
# Defines the deployment model to use for the firewall policy. To use
|
2034
|
+
# a distributed model, set [PolicyOption][1] to `NULL`.
|
2035
|
+
#
|
2036
|
+
#
|
2037
|
+
#
|
2038
|
+
# [1]: https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html
|
2039
|
+
# @return [String]
|
2040
|
+
#
|
2041
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallPolicy AWS API Documentation
|
2042
|
+
#
|
2043
|
+
class NetworkFirewallPolicy < Struct.new(
|
2044
|
+
:firewall_deployment_model)
|
2045
|
+
SENSITIVE = []
|
2046
|
+
include Aws::Structure
|
2047
|
+
end
|
2048
|
+
|
1943
2049
|
# The definition of the Network Firewall firewall policy.
|
1944
2050
|
#
|
1945
2051
|
# @!attribute [rw] stateless_rule_groups
|
@@ -2104,6 +2210,11 @@ module Aws::FMS
|
|
2104
2210
|
# security_service_policy_data: { # required
|
2105
2211
|
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
|
2106
2212
|
# managed_service_data: "ManagedServiceData",
|
2213
|
+
# policy_option: {
|
2214
|
+
# network_firewall_policy: {
|
2215
|
+
# firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
|
2216
|
+
# },
|
2217
|
+
# },
|
2107
2218
|
# },
|
2108
2219
|
# resource_type: "ResourceType", # required
|
2109
2220
|
# resource_type_list: ["ResourceType"],
|
@@ -2184,6 +2295,9 @@ module Aws::FMS
|
|
2184
2295
|
# `ResourceTag` array are not in scope of the policy. If set to
|
2185
2296
|
# `False`, and the `ResourceTag` array is not null, only resources
|
2186
2297
|
# with the specified tags are in scope of the policy.
|
2298
|
+
#
|
2299
|
+
# This option isn't available for the centralized deployment model
|
2300
|
+
# when creating policies to configure Network Firewall.
|
2187
2301
|
# @return [Boolean]
|
2188
2302
|
#
|
2189
2303
|
# @!attribute [rw] remediation_enabled
|
@@ -2234,6 +2348,9 @@ module Aws::FMS
|
|
2234
2348
|
# a comma. For example, the following is a valid map: `\{“ACCOUNT” :
|
2235
2349
|
# [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”,
|
2236
2350
|
# “ouid112”]\}`.
|
2351
|
+
#
|
2352
|
+
# This option isn't available for the centralized deployment model
|
2353
|
+
# when creating policies to configure Network Firewall.
|
2237
2354
|
# @return [Hash<String,Array<String>>]
|
2238
2355
|
#
|
2239
2356
|
# @!attribute [rw] exclude_map
|
@@ -2264,6 +2381,9 @@ module Aws::FMS
|
|
2264
2381
|
# a comma. For example, the following is a valid map: `\{“ACCOUNT” :
|
2265
2382
|
# [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”,
|
2266
2383
|
# “ouid112”]\}`.
|
2384
|
+
#
|
2385
|
+
# This option isn't available for the centralized deployment model
|
2386
|
+
# when creating policies to configure Network Firewall.
|
2267
2387
|
# @return [Hash<String,Array<String>>]
|
2268
2388
|
#
|
2269
2389
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Policy AWS API Documentation
|
@@ -2389,6 +2509,30 @@ module Aws::FMS
|
|
2389
2509
|
include Aws::Structure
|
2390
2510
|
end
|
2391
2511
|
|
2512
|
+
# Contains the Network Firewall firewall policy options to configure a
|
2513
|
+
# centralized deployment model.
|
2514
|
+
#
|
2515
|
+
# @note When making an API call, you may pass PolicyOption
|
2516
|
+
# data as a hash:
|
2517
|
+
#
|
2518
|
+
# {
|
2519
|
+
# network_firewall_policy: {
|
2520
|
+
# firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
|
2521
|
+
# },
|
2522
|
+
# }
|
2523
|
+
#
|
2524
|
+
# @!attribute [rw] network_firewall_policy
|
2525
|
+
# Defines the deployment model to use for the firewall policy.
|
2526
|
+
# @return [Types::NetworkFirewallPolicy]
|
2527
|
+
#
|
2528
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PolicyOption AWS API Documentation
|
2529
|
+
#
|
2530
|
+
class PolicyOption < Struct.new(
|
2531
|
+
:network_firewall_policy)
|
2532
|
+
SENSITIVE = []
|
2533
|
+
include Aws::Structure
|
2534
|
+
end
|
2535
|
+
|
2392
2536
|
# Details of the Firewall Manager policy.
|
2393
2537
|
#
|
2394
2538
|
# @!attribute [rw] policy_arn
|
@@ -2705,6 +2849,11 @@ module Aws::FMS
|
|
2705
2849
|
# security_service_policy_data: { # required
|
2706
2850
|
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
|
2707
2851
|
# managed_service_data: "ManagedServiceData",
|
2852
|
+
# policy_option: {
|
2853
|
+
# network_firewall_policy: {
|
2854
|
+
# firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
|
2855
|
+
# },
|
2856
|
+
# },
|
2708
2857
|
# },
|
2709
2858
|
# resource_type: "ResourceType", # required
|
2710
2859
|
# resource_type_list: ["ResourceType"],
|
@@ -2860,6 +3009,10 @@ module Aws::FMS
|
|
2860
3009
|
# Information about the CreateRouteTable action in the Amazon EC2 API.
|
2861
3010
|
# @return [Types::EC2CreateRouteTableAction]
|
2862
3011
|
#
|
3012
|
+
# @!attribute [rw] fms_policy_update_firewall_creation_config_action
|
3013
|
+
# The remedial action to take when updating a firewall configuration.
|
3014
|
+
# @return [Types::FMSPolicyUpdateFirewallCreationConfigAction]
|
3015
|
+
#
|
2863
3016
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/RemediationAction AWS API Documentation
|
2864
3017
|
#
|
2865
3018
|
class RemediationAction < Struct.new(
|
@@ -2870,7 +3023,8 @@ module Aws::FMS
|
|
2870
3023
|
:ec2_copy_route_table_action,
|
2871
3024
|
:ec2_replace_route_table_association_action,
|
2872
3025
|
:ec2_associate_route_table_action,
|
2873
|
-
:ec2_create_route_table_action
|
3026
|
+
:ec2_create_route_table_action,
|
3027
|
+
:fms_policy_update_firewall_creation_config_action)
|
2874
3028
|
SENSITIVE = []
|
2875
3029
|
include Aws::Structure
|
2876
3030
|
end
|
@@ -3037,6 +3191,16 @@ module Aws::FMS
|
|
3037
3191
|
# actions.
|
3038
3192
|
# @return [Types::PossibleRemediationActions]
|
3039
3193
|
#
|
3194
|
+
# @!attribute [rw] firewall_subnet_is_out_of_scope_violation
|
3195
|
+
# Contains details about the firewall subnet that violates the policy
|
3196
|
+
# scope.
|
3197
|
+
# @return [Types::FirewallSubnetIsOutOfScopeViolation]
|
3198
|
+
#
|
3199
|
+
# @!attribute [rw] route_has_out_of_scope_endpoint_violation
|
3200
|
+
# Contains details about the route endpoint that violates the policy
|
3201
|
+
# scope.
|
3202
|
+
# @return [Types::RouteHasOutOfScopeEndpointViolation]
|
3203
|
+
#
|
3040
3204
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
|
3041
3205
|
#
|
3042
3206
|
class ResourceViolation < Struct.new(
|
@@ -3056,7 +3220,9 @@ module Aws::FMS
|
|
3056
3220
|
:dns_rule_group_priority_conflict_violation,
|
3057
3221
|
:dns_duplicate_rule_group_violation,
|
3058
3222
|
:dns_rule_group_limit_exceeded_violation,
|
3059
|
-
:possible_remediation_actions
|
3223
|
+
:possible_remediation_actions,
|
3224
|
+
:firewall_subnet_is_out_of_scope_violation,
|
3225
|
+
:route_has_out_of_scope_endpoint_violation)
|
3060
3226
|
SENSITIVE = []
|
3061
3227
|
include Aws::Structure
|
3062
3228
|
end
|
@@ -3090,6 +3256,77 @@ module Aws::FMS
|
|
3090
3256
|
include Aws::Structure
|
3091
3257
|
end
|
3092
3258
|
|
3259
|
+
# Contains details about the route endpoint that violates the policy
|
3260
|
+
# scope.
|
3261
|
+
#
|
3262
|
+
# @!attribute [rw] subnet_id
|
3263
|
+
# The ID of the subnet associated with the route that violates the
|
3264
|
+
# policy scope.
|
3265
|
+
# @return [String]
|
3266
|
+
#
|
3267
|
+
# @!attribute [rw] vpc_id
|
3268
|
+
# The VPC ID of the route that violates the policy scope.
|
3269
|
+
# @return [String]
|
3270
|
+
#
|
3271
|
+
# @!attribute [rw] route_table_id
|
3272
|
+
# The ID of the route table.
|
3273
|
+
# @return [String]
|
3274
|
+
#
|
3275
|
+
# @!attribute [rw] violating_routes
|
3276
|
+
# The list of routes that violate the route table.
|
3277
|
+
# @return [Array<Types::Route>]
|
3278
|
+
#
|
3279
|
+
# @!attribute [rw] subnet_availability_zone
|
3280
|
+
# The subnet's Availability Zone.
|
3281
|
+
# @return [String]
|
3282
|
+
#
|
3283
|
+
# @!attribute [rw] subnet_availability_zone_id
|
3284
|
+
# The ID of the subnet's Availability Zone.
|
3285
|
+
# @return [String]
|
3286
|
+
#
|
3287
|
+
# @!attribute [rw] current_firewall_subnet_route_table
|
3288
|
+
# The route table associated with the current firewall subnet.
|
3289
|
+
# @return [String]
|
3290
|
+
#
|
3291
|
+
# @!attribute [rw] firewall_subnet_id
|
3292
|
+
# The ID of the firewall subnet.
|
3293
|
+
# @return [String]
|
3294
|
+
#
|
3295
|
+
# @!attribute [rw] firewall_subnet_routes
|
3296
|
+
# The list of firewall subnet routes.
|
3297
|
+
# @return [Array<Types::Route>]
|
3298
|
+
#
|
3299
|
+
# @!attribute [rw] internet_gateway_id
|
3300
|
+
# The ID of the Internet Gateway.
|
3301
|
+
# @return [String]
|
3302
|
+
#
|
3303
|
+
# @!attribute [rw] current_internet_gateway_route_table
|
3304
|
+
# The current route table associated with the Internet Gateway.
|
3305
|
+
# @return [String]
|
3306
|
+
#
|
3307
|
+
# @!attribute [rw] internet_gateway_routes
|
3308
|
+
# The routes in the route table associated with the Internet Gateway.
|
3309
|
+
# @return [Array<Types::Route>]
|
3310
|
+
#
|
3311
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/RouteHasOutOfScopeEndpointViolation AWS API Documentation
|
3312
|
+
#
|
3313
|
+
class RouteHasOutOfScopeEndpointViolation < Struct.new(
|
3314
|
+
:subnet_id,
|
3315
|
+
:vpc_id,
|
3316
|
+
:route_table_id,
|
3317
|
+
:violating_routes,
|
3318
|
+
:subnet_availability_zone,
|
3319
|
+
:subnet_availability_zone_id,
|
3320
|
+
:current_firewall_subnet_route_table,
|
3321
|
+
:firewall_subnet_id,
|
3322
|
+
:firewall_subnet_routes,
|
3323
|
+
:internet_gateway_id,
|
3324
|
+
:current_internet_gateway_route_table,
|
3325
|
+
:internet_gateway_routes)
|
3326
|
+
SENSITIVE = []
|
3327
|
+
include Aws::Structure
|
3328
|
+
end
|
3329
|
+
|
3093
3330
|
# Remediation option for the rule specified in the `ViolationTarget`.
|
3094
3331
|
#
|
3095
3332
|
# @!attribute [rw] remediation_action_type
|
@@ -3171,6 +3408,11 @@ module Aws::FMS
|
|
3171
3408
|
# {
|
3172
3409
|
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
|
3173
3410
|
# managed_service_data: "ManagedServiceData",
|
3411
|
+
# policy_option: {
|
3412
|
+
# network_firewall_policy: {
|
3413
|
+
# firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED
|
3414
|
+
# },
|
3415
|
+
# },
|
3174
3416
|
# }
|
3175
3417
|
#
|
3176
3418
|
# @!attribute [rw] type
|
@@ -3197,11 +3439,155 @@ module Aws::FMS
|
|
3197
3439
|
#
|
3198
3440
|
# </note>
|
3199
3441
|
#
|
3200
|
-
# * Example: `NETWORK_FIREWALL`
|
3442
|
+
# * Example: `NETWORK_FIREWALL` - Centralized deployment model.
|
3443
|
+
#
|
3444
|
+
# `"\{"type":"NETWORK_FIREWALL","awsNetworkFirewallConfig":\{"networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":true\}\},"firewallDeploymentModel":\{"centralizedFirewallDeploymentModel":\{"centralizedFirewallOrchestrationConfig":\{"inspectionVpcIds":[\{"resourceId":"vpc-1234","accountId":"123456789011"\}],"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]\}]\}\},"allowedIPV4CidrList":[]\}\}\}\}"`
|
3445
|
+
#
|
3446
|
+
# To use the centralized deployment model, you must set
|
3447
|
+
# [PolicyOption][1] to `CENTRALIZED`.
|
3448
|
+
#
|
3449
|
+
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
3450
|
+
# automatic Availability Zone configuration. With automatic
|
3451
|
+
# Availbility Zone configuration, Firewall Manager chooses which
|
3452
|
+
# Availability Zones to create the endpoints in.
|
3453
|
+
#
|
3454
|
+
# `"\{ "type": "NETWORK_FIREWALL",
|
3455
|
+
# "networkFirewallStatelessRuleGroupReferences": [ \{
|
3456
|
+
# "resourceARN":
|
3457
|
+
# "arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test",
|
3458
|
+
# "priority": 1 \} ], "networkFirewallStatelessDefaultActions":
|
3459
|
+
# [ "aws:forward_to_sfe", "customActionName" ],
|
3460
|
+
# "networkFirewallStatelessFragmentDefaultActions": [
|
3461
|
+
# "aws:forward_to_sfe", "customActionName" ],
|
3462
|
+
# "networkFirewallStatelessCustomActions": [ \{ "actionName":
|
3463
|
+
# "customActionName", "actionDefinition": \{
|
3464
|
+
# "publishMetricAction": \{ "dimensions": [ \{ "value":
|
3465
|
+
# "metricdimensionvalue" \} ] \} \} \} ],
|
3466
|
+
# "networkFirewallStatefulRuleGroupReferences": [ \{
|
3467
|
+
# "resourceARN":
|
3468
|
+
# "arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
|
3469
|
+
# \} ], "networkFirewallOrchestrationConfig": \{
|
3470
|
+
# "singleFirewallEndpointPerVPC": false, "allowedIPV4CidrList":
|
3471
|
+
# [ "10.0.0.0/28", "192.168.0.0/28" ],
|
3472
|
+
# "routeManagementAction": "OFF" \},
|
3473
|
+
# "networkFirewallLoggingConfiguration": \{
|
3474
|
+
# "logDestinationConfigs": [ \{ "logDestinationType": "S3",
|
3475
|
+
# "logType": "ALERT", "logDestination": \{ "bucketName":
|
3476
|
+
# "s3-bucket-name" \} \}, \{ "logDestinationType": "S3",
|
3477
|
+
# "logType": "FLOW", "logDestination": \{ "bucketName":
|
3478
|
+
# "s3-bucket-name" \} \} ], "overrideExistingConfig": true \}
|
3479
|
+
# \}"`
|
3201
3480
|
#
|
3202
|
-
#
|
3481
|
+
# To use the distributed deployment model, you must set
|
3482
|
+
# [PolicyOption][1] to `NULL`.
|
3483
|
+
#
|
3484
|
+
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
3485
|
+
# automatic Availability Zone configuration, and route management.
|
3486
|
+
#
|
3487
|
+
# `"\{ "type": "NETWORK_FIREWALL",
|
3488
|
+
# "networkFirewallStatelessRuleGroupReferences": [ \{
|
3489
|
+
# "resourceARN":
|
3490
|
+
# "arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test",
|
3491
|
+
# "priority": 1 \} ], "networkFirewallStatelessDefaultActions":
|
3492
|
+
# [ "aws:forward_to_sfe", "customActionName" ],
|
3493
|
+
# "networkFirewallStatelessFragmentDefaultActions": [
|
3494
|
+
# "aws:forward_to_sfe", "customActionName" ],
|
3495
|
+
# "networkFirewallStatelessCustomActions": [ \{ "actionName":
|
3496
|
+
# "customActionName", "actionDefinition": \{
|
3497
|
+
# "publishMetricAction": \{ "dimensions": [ \{ "value":
|
3498
|
+
# "metricdimensionvalue" \} ] \} \} \} ],
|
3499
|
+
# "networkFirewallStatefulRuleGroupReferences": [ \{
|
3500
|
+
# "resourceARN":
|
3501
|
+
# "arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
|
3502
|
+
# \} ], "networkFirewallOrchestrationConfig": \{
|
3503
|
+
# "singleFirewallEndpointPerVPC": false, "allowedIPV4CidrList":
|
3504
|
+
# [ "10.0.0.0/28", "192.168.0.0/28" ],
|
3505
|
+
# "routeManagementAction": "MONITOR",
|
3506
|
+
# "routeManagementTargetTypes": [ "InternetGateway" ] \},
|
3507
|
+
# "networkFirewallLoggingConfiguration": \{
|
3508
|
+
# "logDestinationConfigs": [ \{ "logDestinationType": "S3",
|
3509
|
+
# "logType": "ALERT", "logDestination": \{ "bucketName":
|
3510
|
+
# "s3-bucket-name" \} \}, \{ "logDestinationType": "S3",
|
3511
|
+
# "logType": "FLOW", "logDestination": \{ "bucketName":
|
3512
|
+
# "s3-bucket-name" \} \} ], "overrideExistingConfig": true \}
|
3203
3513
|
# \}"`
|
3204
3514
|
#
|
3515
|
+
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
3516
|
+
# custom Availability Zone configuration. With custom Availability
|
3517
|
+
# Zone configuration, you define which specific Availability Zones
|
3518
|
+
# to create endpoints in by configuring `firewallCreationConfig`.
|
3519
|
+
#
|
3520
|
+
# `"\{
|
3521
|
+
# "type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],
|
3522
|
+
# "networkFirewallStatelessDefaultActions":[
|
3523
|
+
# "aws:forward_to_sfe", "customActionName" ],
|
3524
|
+
# "networkFirewallStatelessFragmentDefaultActions":[
|
3525
|
+
# "aws:forward_to_sfe", "fragmentcustomactionname" ],
|
3526
|
+
# "networkFirewallStatelessCustomActions":[ \{
|
3527
|
+
# "actionName":"customActionName", "actionDefinition":\{
|
3528
|
+
# "publishMetricAction":\{ "dimensions":[ \{
|
3529
|
+
# "value":"metricdimensionvalue" \} ] \} \} \}, \{
|
3530
|
+
# "actionName":"fragmentcustomactionname",
|
3531
|
+
# "actionDefinition":\{ "publishMetricAction":\{
|
3532
|
+
# "dimensions":[ \{ "value":"fragmentmetricdimensionvalue" \}
|
3533
|
+
# ] \} \} \} ], "networkFirewallStatefulRuleGroupReferences":[ \{
|
3534
|
+
# "resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
|
3535
|
+
# \} ], "networkFirewallOrchestrationConfig":\{
|
3536
|
+
# "firewallCreationConfig":\{ "endpointLocation":\{
|
3537
|
+
# "availabilityZoneConfigList":[ \{ "availabilityZoneId":null,
|
3538
|
+
# "availabilityZoneName":"us-east-1a", "allowedIPV4CidrList":[
|
3539
|
+
# "10.0.0.0/28" ] \}, \{ ¯"availabilityZoneId":null,
|
3540
|
+
# "availabilityZoneName":"us-east-1b", "allowedIPV4CidrList":[
|
3541
|
+
# "10.0.0.0/28" ] \} ] \} \},
|
3542
|
+
# "singleFirewallEndpointPerVPC":false,
|
3543
|
+
# "allowedIPV4CidrList":null, "routeManagementAction":"OFF",
|
3544
|
+
# "networkFirewallLoggingConfiguration":\{
|
3545
|
+
# "logDestinationConfigs":[ \{ "logDestinationType":"S3",
|
3546
|
+
# "logType":"ALERT", "logDestination":\{
|
3547
|
+
# "bucketName":"s3-bucket-name" \} \}, \{
|
3548
|
+
# "logDestinationType":"S3", "logType":"FLOW",
|
3549
|
+
# "logDestination":\{ "bucketName":"s3-bucket-name" \} \} ],
|
3550
|
+
# "overrideExistingConfig":boolean \} \}"`
|
3551
|
+
#
|
3552
|
+
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
3553
|
+
# custom Availability Zone configuration, and route management.
|
3554
|
+
#
|
3555
|
+
# `"\{
|
3556
|
+
# "type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],
|
3557
|
+
# "networkFirewallStatelessDefaultActions":[
|
3558
|
+
# "aws:forward_to_sfe", "customActionName" ],
|
3559
|
+
# "networkFirewallStatelessFragmentDefaultActions":[
|
3560
|
+
# "aws:forward_to_sfe", "fragmentcustomactionname" ],
|
3561
|
+
# "networkFirewallStatelessCustomActions":[ \{
|
3562
|
+
# "actionName":"customActionName", "actionDefinition":\{
|
3563
|
+
# "publishMetricAction":\{ "dimensions":[ \{
|
3564
|
+
# "value":"metricdimensionvalue" \} ] \} \} \}, \{
|
3565
|
+
# "actionName":"fragmentcustomactionname",
|
3566
|
+
# "actionDefinition":\{ "publishMetricAction":\{
|
3567
|
+
# "dimensions":[ \{ "value":"fragmentmetricdimensionvalue" \}
|
3568
|
+
# ] \} \} \} ], "networkFirewallStatefulRuleGroupReferences":[ \{
|
3569
|
+
# "resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"
|
3570
|
+
# \} ], "networkFirewallOrchestrationConfig":\{
|
3571
|
+
# "firewallCreationConfig":\{ "endpointLocation":\{
|
3572
|
+
# "availabilityZoneConfigList":[ \{ "availabilityZoneId":null,
|
3573
|
+
# "availabilityZoneName":"us-east-1a", "allowedIPV4CidrList":[
|
3574
|
+
# "10.0.0.0/28" ] \}, \{ ¯"availabilityZoneId":null,
|
3575
|
+
# "availabilityZoneName":"us-east-1b", "allowedIPV4CidrList":[
|
3576
|
+
# "10.0.0.0/28" ] \} ] \} \},
|
3577
|
+
# "singleFirewallEndpointPerVPC":false,
|
3578
|
+
# "allowedIPV4CidrList":null,
|
3579
|
+
# "routeManagementAction":"MONITOR",
|
3580
|
+
# "routeManagementTargetTypes":[ "InternetGateway" ],
|
3581
|
+
# "routeManagementConfig":\{
|
3582
|
+
# "allowCrossAZTrafficIfNoEndpoint":true \} \},
|
3583
|
+
# "networkFirewallLoggingConfiguration":\{
|
3584
|
+
# "logDestinationConfigs":[ \{ "logDestinationType":"S3",
|
3585
|
+
# "logType":"ALERT", "logDestination":\{
|
3586
|
+
# "bucketName":"s3-bucket-name" \} \}, \{
|
3587
|
+
# "logDestinationType":"S3", "logType":"FLOW",
|
3588
|
+
# "logDestination":\{ "bucketName":"s3-bucket-name" \} \} ],
|
3589
|
+
# "overrideExistingConfig":boolean \} \}"`
|
3590
|
+
#
|
3205
3591
|
# * Specification for `SHIELD_ADVANCED` for Amazon CloudFront
|
3206
3592
|
# distributions
|
3207
3593
|
#
|
@@ -3267,13 +3653,23 @@ module Aws::FMS
|
|
3267
3653
|
# * Example: `SECURITY_GROUPS_USAGE_AUDIT`
|
3268
3654
|
#
|
3269
3655
|
# `"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true\}"`
|
3656
|
+
#
|
3657
|
+
#
|
3658
|
+
#
|
3659
|
+
# [1]: https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html
|
3270
3660
|
# @return [String]
|
3271
3661
|
#
|
3662
|
+
# @!attribute [rw] policy_option
|
3663
|
+
# Contains the Network Firewall firewall policy options to configure a
|
3664
|
+
# centralized deployment model.
|
3665
|
+
# @return [Types::PolicyOption]
|
3666
|
+
#
|
3272
3667
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/SecurityServicePolicyData AWS API Documentation
|
3273
3668
|
#
|
3274
3669
|
class SecurityServicePolicyData < Struct.new(
|
3275
3670
|
:type,
|
3276
|
-
:managed_service_data
|
3671
|
+
:managed_service_data,
|
3672
|
+
:policy_option)
|
3277
3673
|
SENSITIVE = []
|
3278
3674
|
include Aws::Structure
|
3279
3675
|
end
|
@@ -3455,6 +3851,9 @@ module Aws::FMS
|
|
3455
3851
|
#
|
3456
3852
|
# @!attribute [rw] resource_tags
|
3457
3853
|
# The `ResourceTag` objects associated with the resource.
|
3854
|
+
#
|
3855
|
+
# This option isn't available for the centralized deployment model
|
3856
|
+
# when creating policies to configure Network Firewall.
|
3458
3857
|
# @return [Array<Types::Tag>]
|
3459
3858
|
#
|
3460
3859
|
# @!attribute [rw] resource_description
|
data/lib/aws-sdk-fms.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-fms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.48.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-02-
|
11
|
+
date: 2022-02-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.127.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.127.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|