aws-sdk-fms 1.51.0 → 1.52.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 15a6d7ada1e55a1d0ea73b309309e144bb6dc3a814dcf27d693cf138d3bd88f6
-  data.tar.gz: 96e4cbc9600103a1a57685e49d7d816701ebb3c7eae0894265e3fb0df53607c8
+  metadata.gz: 0e69a7fdad74ae2aa7b7fc8b67f42295b0211a835ec7e800da355e86a3d011c7
+  data.tar.gz: 04ba6b611b3310683fad7b90456232a7bb5d44c1d3a559b936a2d7b82deaf366
 SHA512:
-  metadata.gz: 77575e4b4f0ccca1416e93864f1611f298057cd08e25904da7e4e002a1fc4eb1358874edf556a5980a135df129f7be3249f8e21e713675f8f5512747573da0f5
-  data.tar.gz: 357df7019f712ebeca4b50dd3fcfde731f6180a3dea298b81d92706187dda3f5c314a8601cacd0df50a6c4f1cbb7b5b782b33909bba0ce050c2c48048dbaee1e
+  metadata.gz: 9b8903dbaf3fdf2350bba0acca527b28a8aac856010cd206326588cfadb1349e2f066858c45c1b1026428bf394dbc487dce0f7e12d4efc27aa2d416c63e42813
+  data.tar.gz: f3a904693e82da234e54186ecf244138372467b6eb72e3cf7e479355a55ccce00a4901a5d47ad8c032b832ad5bfe816c7820beef084de2ef479c99f0408e6d93

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.52.0 (2022-10-27)
+------------------
+
+* Feature - Add support NetworkFirewall Managed Rule Group Override flag in GetViolationDetails API
+
 1.51.0 (2022-10-25)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.51.0
+1.52.0

data/lib/aws-sdk-fms/client.rb

@@ -1063,6 +1063,7 @@ module Aws::FMS
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].rule_group_name #=> String
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].resource_id #=> String
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].priority #=> Integer
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_rule_groups[0].override.action #=> String, one of "DROP_TO_ALERT"
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions #=> Array
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions[0] #=> String
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
@@ -1080,6 +1081,7 @@ module Aws::FMS
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].rule_group_name #=> String
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].resource_id #=> String
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].priority #=> Integer
+    #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].override.action #=> String, one of "DROP_TO_ALERT"
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions #=> Array
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions[0] #=> String
     #   resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
@@ -2072,7 +2074,7 @@ module Aws::FMS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-fms'
-      context[:gem_version] = '1.51.0'
+      context[:gem_version] = '1.52.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-fms/client_api.rb

@@ -125,10 +125,12 @@ module Aws::FMS
     NetworkFirewallMissingExpectedRoutesViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingExpectedRoutesViolation')
     NetworkFirewallMissingFirewallViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingFirewallViolation')
     NetworkFirewallMissingSubnetViolation = Shapes::StructureShape.new(name: 'NetworkFirewallMissingSubnetViolation')
+    NetworkFirewallOverrideAction = Shapes::StringShape.new(name: 'NetworkFirewallOverrideAction')
     NetworkFirewallPolicy = Shapes::StructureShape.new(name: 'NetworkFirewallPolicy')
     NetworkFirewallPolicyDescription = Shapes::StructureShape.new(name: 'NetworkFirewallPolicyDescription')
     NetworkFirewallPolicyModifiedViolation = Shapes::StructureShape.new(name: 'NetworkFirewallPolicyModifiedViolation')
     NetworkFirewallResourceName = Shapes::StringShape.new(name: 'NetworkFirewallResourceName')
+    NetworkFirewallStatefulRuleGroupOverride = Shapes::StructureShape.new(name: 'NetworkFirewallStatefulRuleGroupOverride')
     NetworkFirewallUnexpectedFirewallRoutesViolation = Shapes::StructureShape.new(name: 'NetworkFirewallUnexpectedFirewallRoutesViolation')
     NetworkFirewallUnexpectedGatewayRoutesViolation = Shapes::StructureShape.new(name: 'NetworkFirewallUnexpectedGatewayRoutesViolation')
     OrderedRemediationActions = Shapes::ListShape.new(name: 'OrderedRemediationActions')
@@ -647,6 +649,9 @@ module Aws::FMS
     NetworkFirewallPolicyModifiedViolation.add_member(:expected_policy_description, Shapes::ShapeRef.new(shape: NetworkFirewallPolicyDescription, location_name: "ExpectedPolicyDescription"))
     NetworkFirewallPolicyModifiedViolation.struct_class = Types::NetworkFirewallPolicyModifiedViolation
 
+    NetworkFirewallStatefulRuleGroupOverride.add_member(:action, Shapes::ShapeRef.new(shape: NetworkFirewallOverrideAction, location_name: "Action"))
+    NetworkFirewallStatefulRuleGroupOverride.struct_class = Types::NetworkFirewallStatefulRuleGroupOverride
+
     NetworkFirewallUnexpectedFirewallRoutesViolation.add_member(:firewall_subnet_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "FirewallSubnetId"))
     NetworkFirewallUnexpectedFirewallRoutesViolation.add_member(:violating_routes, Shapes::ShapeRef.new(shape: Routes, location_name: "ViolatingRoutes"))
     NetworkFirewallUnexpectedFirewallRoutesViolation.add_member(:route_table_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "RouteTableId"))
@@ -885,6 +890,7 @@ module Aws::FMS
     StatefulRuleGroup.add_member(:rule_group_name, Shapes::ShapeRef.new(shape: NetworkFirewallResourceName, location_name: "RuleGroupName"))
     StatefulRuleGroup.add_member(:resource_id, Shapes::ShapeRef.new(shape: ResourceId, location_name: "ResourceId"))
     StatefulRuleGroup.add_member(:priority, Shapes::ShapeRef.new(shape: PriorityNumber, location_name: "Priority"))
+    StatefulRuleGroup.add_member(:override, Shapes::ShapeRef.new(shape: NetworkFirewallStatefulRuleGroupOverride, location_name: "Override"))
     StatefulRuleGroup.struct_class = Types::StatefulRuleGroup
 
     StatefulRuleGroupList.member = Shapes::ShapeRef.new(shape: StatefulRuleGroup)

data/lib/aws-sdk-fms/types.rb

@@ -2382,6 +2382,22 @@ module Aws::FMS
       include Aws::Structure
     end
 
+    # The setting that allows the policy owner to change the behavior of the
+    # rule group within a policy.
+    #
+    # @!attribute [rw] action
+    #   The action that changes the rule group from `DROP` to `ALERT`. This
+    #   only applies to managed rule groups.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallStatefulRuleGroupOverride AWS API Documentation
+    #
+    class NetworkFirewallStatefulRuleGroupOverride < Struct.new(
+      :action)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Violation detail for an unexpected route that's present in a route
     # table.
     #
@@ -3815,56 +3831,6 @@ module Aws::FMS
     #     "availabilityZoneName":"$\{AvailabilityZone\}" \} ] \} \},
     #     "allowedIPV4CidrList":[ ] \} \} \} \}"`
     #
-    #   * Specification for `SHIELD_ADVANCED` for Amazon CloudFront
-    #     distributions
-    #
-    #     `"\{"type":"SHIELD_ADVANCED","automaticResponseConfiguration":
-    #     \{"automaticResponseStatus":"ENABLED|IGNORED|DISABLED",
-    #     "automaticResponseAction":"BLOCK|COUNT"\},
-    #     "overrideCustomerWebaclClassic":true|false\}"`
-    #
-    #     For example:
-    #     `"\{"type":"SHIELD_ADVANCED","automaticResponseConfiguration":
-    #     \{"automaticResponseStatus":"ENABLED",
-    #     "automaticResponseAction":"COUNT"\}\}"`
-    #
-    #     The default value for `automaticResponseStatus` is `IGNORED`. The
-    #     value for `automaticResponseAction` is only required when
-    #     `automaticResponseStatus` is set to `ENABLED`. The default value
-    #     for `overrideCustomerWebaclClassic` is `false`.
-    #
-    #     For other resource types that you can protect with a Shield
-    #     Advanced policy, this `ManagedServiceData` configuration is an
-    #     empty string.
-    #
-    #   * Example: `WAFV2`
-    #
-    #     `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAmazonIpReputationList"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[\{"name":"NoUserAgent_HEADER"\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
-    #
-    #     In the `loggingConfiguration`, you can specify one
-    #     `logDestinationConfigs`, you can optionally provide up to 20
-    #     `redactedFields`, and the `RedactedFieldType` must be one of
-    #     `URI`, `QUERY_STRING`, `HEADER`, or `METHOD`.
-    #
-    #   * Example: `WAF Classic`
-    #
-    #     `"\{"type": "WAF", "ruleGroups":
-    #     [\{"id":"12345678-1bcd-9012-efga-0987654321ab",
-    #     "overrideAction" : \{"type": "COUNT"\}\}],
-    #     "defaultAction": \{"type": "BLOCK"\}\}"`
-    #
-    #   * Example: `WAFV2` - Firewall Manager support for WAF managed rule
-    #     group versioning
-    #
-    #     `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":true,"version":"Version_2.0","vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesCommonRuleSet"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[\{"name":"NoUserAgent_HEADER"\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
-    #
-    #     To use a specific version of a WAF managed rule group in your
-    #     Firewall Manager policy, you must set `versionEnabled` to `true`,
-    #     and set `version` to the version you'd like to use. If you don't
-    #     set `versionEnabled` to `true`, or if you omit `versionEnabled`,
-    #     then Firewall Manager uses the default version of the WAF managed
-    #     rule group.
-    #
     #   * Example: `SECURITY_GROUPS_COMMON`
     #
     #     `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
@@ -3911,6 +3877,56 @@ module Aws::FMS
     #
     #     `"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true\}"`
     #
+    #   * Specification for `SHIELD_ADVANCED` for Amazon CloudFront
+    #     distributions
+    #
+    #     `"\{"type":"SHIELD_ADVANCED","automaticResponseConfiguration":
+    #     \{"automaticResponseStatus":"ENABLED|IGNORED|DISABLED",
+    #     "automaticResponseAction":"BLOCK|COUNT"\},
+    #     "overrideCustomerWebaclClassic":true|false\}"`
+    #
+    #     For example:
+    #     `"\{"type":"SHIELD_ADVANCED","automaticResponseConfiguration":
+    #     \{"automaticResponseStatus":"ENABLED",
+    #     "automaticResponseAction":"COUNT"\}\}"`
+    #
+    #     The default value for `automaticResponseStatus` is `IGNORED`. The
+    #     value for `automaticResponseAction` is only required when
+    #     `automaticResponseStatus` is set to `ENABLED`. The default value
+    #     for `overrideCustomerWebaclClassic` is `false`.
+    #
+    #     For other resource types that you can protect with a Shield
+    #     Advanced policy, this `ManagedServiceData` configuration is an
+    #     empty string.
+    #
+    #   * Example: `WAFV2`
+    #
+    #     `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAmazonIpReputationList"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[\{"name":"NoUserAgent_HEADER"\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
+    #
+    #     In the `loggingConfiguration`, you can specify one
+    #     `logDestinationConfigs`, you can optionally provide up to 20
+    #     `redactedFields`, and the `RedactedFieldType` must be one of
+    #     `URI`, `QUERY_STRING`, `HEADER`, or `METHOD`.
+    #
+    #   * Example: `WAFV2` - Firewall Manager support for WAF managed rule
+    #     group versioning
+    #
+    #     `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":true,"version":"Version_2.0","vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesCommonRuleSet"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[\{"name":"NoUserAgent_HEADER"\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
+    #
+    #     To use a specific version of a WAF managed rule group in your
+    #     Firewall Manager policy, you must set `versionEnabled` to `true`,
+    #     and set `version` to the version you'd like to use. If you don't
+    #     set `versionEnabled` to `true`, or if you omit `versionEnabled`,
+    #     then Firewall Manager uses the default version of the WAF managed
+    #     rule group.
+    #
+    #   * Example: `WAF Classic`
+    #
+    #     `"\{"type": "WAF", "ruleGroups":
+    #     [\{"id":"12345678-1bcd-9012-efga-0987654321ab",
+    #     "overrideAction" : \{"type": "COUNT"\}\}],
+    #     "defaultAction": \{"type": "BLOCK"\}\}"`
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html
@@ -3983,12 +3999,18 @@ module Aws::FMS
     #   on.
     #   @return [Integer]
     #
+    # @!attribute [rw] override
+    #   The action that allows the policy owner to override the behavior of
+    #   the rule group within a policy.
+    #   @return [Types::NetworkFirewallStatefulRuleGroupOverride]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatefulRuleGroup AWS API Documentation
     #
     class StatefulRuleGroup < Struct.new(
       :rule_group_name,
       :resource_id,
-      :priority)
+      :priority,
+      :override)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-fms.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-fms/customizations'
 # @!group service
 module Aws::FMS
 
-  GEM_VERSION = '1.51.0'
+  GEM_VERSION = '1.52.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-fms
 version: !ruby/object:Gem::Version
-  version: 1.51.0
+  version: 1.52.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-10-25 00:00:00.000000000 Z
+date: 2022-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core