aws-sdk-fms 1.47.0 → 1.50.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-fms/client.rb +229 -7
- data/lib/aws-sdk-fms/client_api.rb +196 -0
- data/lib/aws-sdk-fms/types.rb +853 -12
- data/lib/aws-sdk-fms.rb +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b0354824395b1da8d77e832a9686ef6cba2e9e95134480f478050c07753b7881
|
|
4
|
+
data.tar.gz: e04d84b455acc67f75a96408815fd8293964b35d823b292b23f56d73a245a121
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cf25988cec2d137f328a97b0054bf09d3424e986459d865af373f360fb41f22fe471b93df41525d4da1f2e2ffd0268c377706e5ab3d4e05ad75ae8319bb8d903
|
|
7
|
+
data.tar.gz: d67884dc6946f5abe4a88e3525ad0080d5da054054f2097d3696c1149b8279dafcf031e9ff989620d2371d7707c86c20d0505a52ef1c8465976fe1e3068bed4c
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,21 @@
|
|
|
1
1
|
Unreleased Changes
|
|
2
2
|
------------------
|
|
3
3
|
|
|
4
|
+
1.50.0 (2022-07-14)
|
|
5
|
+
------------------
|
|
6
|
+
|
|
7
|
+
* Feature - Adds support for strict ordering in stateful rule groups in Network Firewall policies.
|
|
8
|
+
|
|
9
|
+
1.49.0 (2022-03-30)
|
|
10
|
+
------------------
|
|
11
|
+
|
|
12
|
+
* Feature - AWS Firewall Manager now supports the configuration of third-party policies that can use either the centralized or distributed deployment models.
|
|
13
|
+
|
|
14
|
+
1.48.0 (2022-02-24)
|
|
15
|
+
------------------
|
|
16
|
+
|
|
17
|
+
* Feature - AWS Firewall Manager now supports the configuration of AWS Network Firewall policies with either centralized or distributed deployment models. This release also adds support for custom endpoint configuration, where you can choose which Availability Zones to create firewall endpoints in.
|
|
18
|
+
|
|
4
19
|
1.47.0 (2022-02-03)
|
|
5
20
|
------------------
|
|
6
21
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.50.0
|
data/lib/aws-sdk-fms/client.rb
CHANGED
|
@@ -27,6 +27,7 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
|
30
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
|
31
32
|
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
|
32
33
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
|
@@ -75,6 +76,7 @@ module Aws::FMS
|
|
|
75
76
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
|
76
77
|
add_plugin(Aws::Plugins::TransferEncoding)
|
|
77
78
|
add_plugin(Aws::Plugins::HttpChecksum)
|
|
79
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
|
78
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
|
79
81
|
add_plugin(Aws::Plugins::RecursionDetection)
|
|
80
82
|
add_plugin(Aws::Plugins::SignatureV4)
|
|
@@ -395,6 +397,37 @@ module Aws::FMS
|
|
|
395
397
|
req.send_request(options)
|
|
396
398
|
end
|
|
397
399
|
|
|
400
|
+
# Sets the Firewall Manager policy administrator as a tenant
|
|
401
|
+
# administrator of a third-party firewall service. A tenant is an
|
|
402
|
+
# instance of the third-party firewall service that's associated with
|
|
403
|
+
# your Amazon Web Services customer account.
|
|
404
|
+
#
|
|
405
|
+
# @option params [required, String] :third_party_firewall
|
|
406
|
+
# The name of the third-party firewall vendor.
|
|
407
|
+
#
|
|
408
|
+
# @return [Types::AssociateThirdPartyFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
409
|
+
#
|
|
410
|
+
# * {Types::AssociateThirdPartyFirewallResponse#third_party_firewall_status #third_party_firewall_status} => String
|
|
411
|
+
#
|
|
412
|
+
# @example Request syntax with placeholder values
|
|
413
|
+
#
|
|
414
|
+
# resp = client.associate_third_party_firewall({
|
|
415
|
+
# third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
|
|
416
|
+
# })
|
|
417
|
+
#
|
|
418
|
+
# @example Response structure
|
|
419
|
+
#
|
|
420
|
+
# resp.third_party_firewall_status #=> String, one of "ONBOARDING", "ONBOARD_COMPLETE", "OFFBOARDING", "OFFBOARD_COMPLETE", "NOT_EXIST"
|
|
421
|
+
#
|
|
422
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewall AWS API Documentation
|
|
423
|
+
#
|
|
424
|
+
# @overload associate_third_party_firewall(params = {})
|
|
425
|
+
# @param [Hash] params ({})
|
|
426
|
+
def associate_third_party_firewall(params = {}, options = {})
|
|
427
|
+
req = build_request(:associate_third_party_firewall, params)
|
|
428
|
+
req.send_request(options)
|
|
429
|
+
end
|
|
430
|
+
|
|
398
431
|
# Permanently deletes an Firewall Manager applications list.
|
|
399
432
|
#
|
|
400
433
|
# @option params [required, String] :list_id
|
|
@@ -526,6 +559,37 @@ module Aws::FMS
|
|
|
526
559
|
req.send_request(options)
|
|
527
560
|
end
|
|
528
561
|
|
|
562
|
+
# Disassociates a Firewall Manager policy administrator from a
|
|
563
|
+
# third-party firewall tenant. When you call
|
|
564
|
+
# `DisassociateThirdPartyFirewall`, the third-party firewall vendor
|
|
565
|
+
# deletes all of the firewalls that are associated with the account.
|
|
566
|
+
#
|
|
567
|
+
# @option params [required, String] :third_party_firewall
|
|
568
|
+
# The name of the third-party firewall vendor.
|
|
569
|
+
#
|
|
570
|
+
# @return [Types::DisassociateThirdPartyFirewallResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
571
|
+
#
|
|
572
|
+
# * {Types::DisassociateThirdPartyFirewallResponse#third_party_firewall_status #third_party_firewall_status} => String
|
|
573
|
+
#
|
|
574
|
+
# @example Request syntax with placeholder values
|
|
575
|
+
#
|
|
576
|
+
# resp = client.disassociate_third_party_firewall({
|
|
577
|
+
# third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
|
|
578
|
+
# })
|
|
579
|
+
#
|
|
580
|
+
# @example Response structure
|
|
581
|
+
#
|
|
582
|
+
# resp.third_party_firewall_status #=> String, one of "ONBOARDING", "ONBOARD_COMPLETE", "OFFBOARDING", "OFFBOARD_COMPLETE", "NOT_EXIST"
|
|
583
|
+
#
|
|
584
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewall AWS API Documentation
|
|
585
|
+
#
|
|
586
|
+
# @overload disassociate_third_party_firewall(params = {})
|
|
587
|
+
# @param [Hash] params ({})
|
|
588
|
+
def disassociate_third_party_firewall(params = {}, options = {})
|
|
589
|
+
req = build_request(:disassociate_third_party_firewall, params)
|
|
590
|
+
req.send_request(options)
|
|
591
|
+
end
|
|
592
|
+
|
|
529
593
|
# Returns the Organizations account that is associated with Firewall
|
|
530
594
|
# Manager as the Firewall Manager administrator.
|
|
531
595
|
#
|
|
@@ -646,8 +710,10 @@ module Aws::FMS
|
|
|
646
710
|
# resp.policy_compliance_detail.member_account #=> String
|
|
647
711
|
# resp.policy_compliance_detail.violators #=> Array
|
|
648
712
|
# resp.policy_compliance_detail.violators[0].resource_id #=> String
|
|
649
|
-
# resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL"
|
|
713
|
+
# resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT", "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT"
|
|
650
714
|
# resp.policy_compliance_detail.violators[0].resource_type #=> String
|
|
715
|
+
# resp.policy_compliance_detail.violators[0].metadata #=> Hash
|
|
716
|
+
# resp.policy_compliance_detail.violators[0].metadata["LengthBoundedString"] #=> String
|
|
651
717
|
# resp.policy_compliance_detail.evaluation_limit_exceeded #=> Boolean
|
|
652
718
|
# resp.policy_compliance_detail.expired_at #=> Time
|
|
653
719
|
# resp.policy_compliance_detail.issue_info_map #=> Hash
|
|
@@ -705,8 +771,10 @@ module Aws::FMS
|
|
|
705
771
|
# resp.policy.policy_id #=> String
|
|
706
772
|
# resp.policy.policy_name #=> String
|
|
707
773
|
# resp.policy.policy_update_token #=> String
|
|
708
|
-
# resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
|
|
774
|
+
# resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL"
|
|
709
775
|
# resp.policy.security_service_policy_data.managed_service_data #=> String
|
|
776
|
+
# resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
|
|
777
|
+
# resp.policy.security_service_policy_data.policy_option.third_party_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
|
|
710
778
|
# resp.policy.resource_type #=> String
|
|
711
779
|
# resp.policy.resource_type_list #=> Array
|
|
712
780
|
# resp.policy.resource_type_list[0] #=> String
|
|
@@ -792,7 +860,7 @@ module Aws::FMS
|
|
|
792
860
|
# @example Response structure
|
|
793
861
|
#
|
|
794
862
|
# resp.admin_account_id #=> String
|
|
795
|
-
# resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
|
|
863
|
+
# resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL"
|
|
796
864
|
# resp.data #=> String
|
|
797
865
|
# resp.next_token #=> String
|
|
798
866
|
#
|
|
@@ -851,6 +919,37 @@ module Aws::FMS
|
|
|
851
919
|
req.send_request(options)
|
|
852
920
|
end
|
|
853
921
|
|
|
922
|
+
# The onboarding status of a Firewall Manager admin account to
|
|
923
|
+
# third-party firewall vendor tenant.
|
|
924
|
+
#
|
|
925
|
+
# @option params [required, String] :third_party_firewall
|
|
926
|
+
# The name of the third-party firewall vendor.
|
|
927
|
+
#
|
|
928
|
+
# @return [Types::GetThirdPartyFirewallAssociationStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
929
|
+
#
|
|
930
|
+
# * {Types::GetThirdPartyFirewallAssociationStatusResponse#third_party_firewall_status #third_party_firewall_status} => String
|
|
931
|
+
# * {Types::GetThirdPartyFirewallAssociationStatusResponse#marketplace_onboarding_status #marketplace_onboarding_status} => String
|
|
932
|
+
#
|
|
933
|
+
# @example Request syntax with placeholder values
|
|
934
|
+
#
|
|
935
|
+
# resp = client.get_third_party_firewall_association_status({
|
|
936
|
+
# third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
|
|
937
|
+
# })
|
|
938
|
+
#
|
|
939
|
+
# @example Response structure
|
|
940
|
+
#
|
|
941
|
+
# resp.third_party_firewall_status #=> String, one of "ONBOARDING", "ONBOARD_COMPLETE", "OFFBOARDING", "OFFBOARD_COMPLETE", "NOT_EXIST"
|
|
942
|
+
# resp.marketplace_onboarding_status #=> String, one of "NO_SUBSCRIPTION", "NOT_COMPLETE", "COMPLETE"
|
|
943
|
+
#
|
|
944
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus AWS API Documentation
|
|
945
|
+
#
|
|
946
|
+
# @overload get_third_party_firewall_association_status(params = {})
|
|
947
|
+
# @param [Hash] params ({})
|
|
948
|
+
def get_third_party_firewall_association_status(params = {}, options = {})
|
|
949
|
+
req = build_request(:get_third_party_firewall_association_status, params)
|
|
950
|
+
req.send_request(options)
|
|
951
|
+
end
|
|
952
|
+
|
|
854
953
|
# Retrieves violations for a resource based on the specified Firewall
|
|
855
954
|
# Manager policy and Amazon Web Services account.
|
|
856
955
|
#
|
|
@@ -946,6 +1045,10 @@ module Aws::FMS
|
|
|
946
1045
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups #=> Array
|
|
947
1046
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].rule_group_name #=> String
|
|
948
1047
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].resource_id #=> String
|
|
1048
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].priority #=> Integer
|
|
1049
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions #=> Array
|
|
1050
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions[0] #=> String
|
|
1051
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
|
|
949
1052
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups #=> Array
|
|
950
1053
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].rule_group_name #=> String
|
|
951
1054
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].resource_id #=> String
|
|
@@ -959,6 +1062,10 @@ module Aws::FMS
|
|
|
959
1062
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups #=> Array
|
|
960
1063
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].rule_group_name #=> String
|
|
961
1064
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].resource_id #=> String
|
|
1065
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].priority #=> Integer
|
|
1066
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions #=> Array
|
|
1067
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions[0] #=> String
|
|
1068
|
+
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
|
|
962
1069
|
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_id #=> String
|
|
963
1070
|
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_availability_zone #=> String
|
|
964
1071
|
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.route_table_id #=> String
|
|
@@ -1142,8 +1249,56 @@ module Aws::FMS
|
|
|
1142
1249
|
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_table_action.description #=> String
|
|
1143
1250
|
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_table_action.vpc_id.resource_id #=> String
|
|
1144
1251
|
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_table_action.vpc_id.description #=> String
|
|
1252
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.fms_policy_update_firewall_creation_config_action.description #=> String
|
|
1253
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.fms_policy_update_firewall_creation_config_action.firewall_creation_config #=> String
|
|
1145
1254
|
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].order #=> Integer
|
|
1146
1255
|
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].is_default_action #=> Boolean
|
|
1256
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.firewall_subnet_id #=> String
|
|
1257
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.vpc_id #=> String
|
|
1258
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.subnet_availability_zone #=> String
|
|
1259
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.subnet_availability_zone_id #=> String
|
|
1260
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.vpc_endpoint_id #=> String
|
|
1261
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.subnet_id #=> String
|
|
1262
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.vpc_id #=> String
|
|
1263
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.route_table_id #=> String
|
|
1264
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes #=> Array
|
|
1265
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
|
1266
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
|
1267
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].destination #=> String
|
|
1268
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].target #=> String
|
|
1269
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.subnet_availability_zone #=> String
|
|
1270
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.subnet_availability_zone_id #=> String
|
|
1271
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.current_firewall_subnet_route_table #=> String
|
|
1272
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_id #=> String
|
|
1273
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes #=> Array
|
|
1274
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
|
1275
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
|
1276
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].destination #=> String
|
|
1277
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].target #=> String
|
|
1278
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_id #=> String
|
|
1279
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.current_internet_gateway_route_table #=> String
|
|
1280
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes #=> Array
|
|
1281
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
|
1282
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
|
1283
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].destination #=> String
|
|
1284
|
+
# resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target #=> String
|
|
1285
|
+
# resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.violation_target #=> String
|
|
1286
|
+
# resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.vpc #=> String
|
|
1287
|
+
# resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.availability_zone #=> String
|
|
1288
|
+
# resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.target_violation_reason #=> String
|
|
1289
|
+
# resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.violation_target #=> String
|
|
1290
|
+
# resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.vpc #=> String
|
|
1291
|
+
# resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.availability_zone #=> String
|
|
1292
|
+
# resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.target_violation_reason #=> String
|
|
1293
|
+
# resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.violation_target #=> String
|
|
1294
|
+
# resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.vpc #=> String
|
|
1295
|
+
# resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.availability_zone #=> String
|
|
1296
|
+
# resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.current_route_table #=> String
|
|
1297
|
+
# resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.expected_route_table #=> String
|
|
1298
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.firewall_subnet_id #=> String
|
|
1299
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.vpc_id #=> String
|
|
1300
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.subnet_availability_zone #=> String
|
|
1301
|
+
# resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.subnet_availability_zone_id #=> String
|
|
1147
1302
|
# resp.violation_detail.resource_tags #=> Array
|
|
1148
1303
|
# resp.violation_detail.resource_tags[0].key #=> String
|
|
1149
1304
|
# resp.violation_detail.resource_tags[0].value #=> String
|
|
@@ -1370,7 +1525,7 @@ module Aws::FMS
|
|
|
1370
1525
|
# resp.policy_list[0].policy_id #=> String
|
|
1371
1526
|
# resp.policy_list[0].policy_name #=> String
|
|
1372
1527
|
# resp.policy_list[0].resource_type #=> String
|
|
1373
|
-
# resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
|
|
1528
|
+
# resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL"
|
|
1374
1529
|
# resp.policy_list[0].remediation_enabled #=> Boolean
|
|
1375
1530
|
# resp.policy_list[0].delete_unused_fm_managed_resources #=> Boolean
|
|
1376
1531
|
# resp.next_token #=> String
|
|
@@ -1473,6 +1628,63 @@ module Aws::FMS
|
|
|
1473
1628
|
req.send_request(options)
|
|
1474
1629
|
end
|
|
1475
1630
|
|
|
1631
|
+
# Retrieves a list of all of the third-party firewall policies that are
|
|
1632
|
+
# associated with the third-party firewall administrator's account.
|
|
1633
|
+
#
|
|
1634
|
+
# @option params [required, String] :third_party_firewall
|
|
1635
|
+
# The name of the third-party firewall vendor.
|
|
1636
|
+
#
|
|
1637
|
+
# @option params [String] :next_token
|
|
1638
|
+
# If the previous response included a `NextToken` element, the specified
|
|
1639
|
+
# third-party firewall vendor is associated with more third-party
|
|
1640
|
+
# firewall policies. To get more third-party firewall policies, submit
|
|
1641
|
+
# another `ListThirdPartyFirewallFirewallPoliciesRequest` request.
|
|
1642
|
+
#
|
|
1643
|
+
# For the value of `NextToken`, specify the value of `NextToken` from
|
|
1644
|
+
# the previous response. If the previous response didn't include a
|
|
1645
|
+
# `NextToken` element, there are no more third-party firewall policies
|
|
1646
|
+
# to get.
|
|
1647
|
+
#
|
|
1648
|
+
# @option params [required, Integer] :max_results
|
|
1649
|
+
# The maximum number of third-party firewall policies that you want
|
|
1650
|
+
# Firewall Manager to return. If the specified third-party firewall
|
|
1651
|
+
# vendor is associated with more than `MaxResults` firewall policies,
|
|
1652
|
+
# the response includes a `NextToken` element. `NextToken` contains an
|
|
1653
|
+
# encrypted token that identifies the first third-party firewall
|
|
1654
|
+
# policies that Firewall Manager will return if you submit another
|
|
1655
|
+
# request.
|
|
1656
|
+
#
|
|
1657
|
+
# @return [Types::ListThirdPartyFirewallFirewallPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1658
|
+
#
|
|
1659
|
+
# * {Types::ListThirdPartyFirewallFirewallPoliciesResponse#third_party_firewall_firewall_policies #third_party_firewall_firewall_policies} => Array<Types::ThirdPartyFirewallFirewallPolicy>
|
|
1660
|
+
# * {Types::ListThirdPartyFirewallFirewallPoliciesResponse#next_token #next_token} => String
|
|
1661
|
+
#
|
|
1662
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
|
1663
|
+
#
|
|
1664
|
+
# @example Request syntax with placeholder values
|
|
1665
|
+
#
|
|
1666
|
+
# resp = client.list_third_party_firewall_firewall_policies({
|
|
1667
|
+
# third_party_firewall: "PALO_ALTO_NETWORKS_CLOUD_NGFW", # required, accepts PALO_ALTO_NETWORKS_CLOUD_NGFW
|
|
1668
|
+
# next_token: "PaginationToken",
|
|
1669
|
+
# max_results: 1, # required
|
|
1670
|
+
# })
|
|
1671
|
+
#
|
|
1672
|
+
# @example Response structure
|
|
1673
|
+
#
|
|
1674
|
+
# resp.third_party_firewall_firewall_policies #=> Array
|
|
1675
|
+
# resp.third_party_firewall_firewall_policies[0].firewall_policy_id #=> String
|
|
1676
|
+
# resp.third_party_firewall_firewall_policies[0].firewall_policy_name #=> String
|
|
1677
|
+
# resp.next_token #=> String
|
|
1678
|
+
#
|
|
1679
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies AWS API Documentation
|
|
1680
|
+
#
|
|
1681
|
+
# @overload list_third_party_firewall_firewall_policies(params = {})
|
|
1682
|
+
# @param [Hash] params ({})
|
|
1683
|
+
def list_third_party_firewall_firewall_policies(params = {}, options = {})
|
|
1684
|
+
req = build_request(:list_third_party_firewall_firewall_policies, params)
|
|
1685
|
+
req.send_request(options)
|
|
1686
|
+
end
|
|
1687
|
+
|
|
1476
1688
|
# Creates an Firewall Manager applications list.
|
|
1477
1689
|
#
|
|
1478
1690
|
# @option params [required, Types::AppsListData] :apps_list
|
|
@@ -1639,8 +1851,16 @@ module Aws::FMS
|
|
|
1639
1851
|
# policy_name: "ResourceName", # required
|
|
1640
1852
|
# policy_update_token: "PolicyUpdateToken",
|
|
1641
1853
|
# security_service_policy_data: { # required
|
|
1642
|
-
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL
|
|
1854
|
+
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
|
|
1643
1855
|
# managed_service_data: "ManagedServiceData",
|
|
1856
|
+
# policy_option: {
|
|
1857
|
+
# network_firewall_policy: {
|
|
1858
|
+
# firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
|
|
1859
|
+
# },
|
|
1860
|
+
# third_party_firewall_policy: {
|
|
1861
|
+
# firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
|
|
1862
|
+
# },
|
|
1863
|
+
# },
|
|
1644
1864
|
# },
|
|
1645
1865
|
# resource_type: "ResourceType", # required
|
|
1646
1866
|
# resource_type_list: ["ResourceType"],
|
|
@@ -1673,8 +1893,10 @@ module Aws::FMS
|
|
|
1673
1893
|
# resp.policy.policy_id #=> String
|
|
1674
1894
|
# resp.policy.policy_name #=> String
|
|
1675
1895
|
# resp.policy.policy_update_token #=> String
|
|
1676
|
-
# resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL"
|
|
1896
|
+
# resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL"
|
|
1677
1897
|
# resp.policy.security_service_policy_data.managed_service_data #=> String
|
|
1898
|
+
# resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
|
|
1899
|
+
# resp.policy.security_service_policy_data.policy_option.third_party_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
|
|
1678
1900
|
# resp.policy.resource_type #=> String
|
|
1679
1901
|
# resp.policy.resource_type_list #=> Array
|
|
1680
1902
|
# resp.policy.resource_type_list[0] #=> String
|
|
@@ -1833,7 +2055,7 @@ module Aws::FMS
|
|
|
1833
2055
|
params: params,
|
|
1834
2056
|
config: config)
|
|
1835
2057
|
context[:gem_name] = 'aws-sdk-fms'
|
|
1836
|
-
context[:gem_version] = '1.
|
|
2058
|
+
context[:gem_version] = '1.50.0'
|
|
1837
2059
|
Seahorse::Client::Request.new(handlers, context)
|
|
1838
2060
|
end
|
|
1839
2061
|
|