aws-sdk-fms 1.51.0 → 1.53.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-fms/client.rb +364 -6
- data/lib/aws-sdk-fms/client_api.rb +239 -0
- data/lib/aws-sdk-fms/endpoints.rb +112 -0
- data/lib/aws-sdk-fms/plugins/endpoints.rb +16 -0
- data/lib/aws-sdk-fms/types.rb +658 -55
- data/lib/aws-sdk-fms.rb +1 -1
- metadata +2 -2
data/lib/aws-sdk-fms/types.rb
CHANGED
@@ -320,6 +320,98 @@ module Aws::FMS
|
|
320
320
|
include Aws::Structure
|
321
321
|
end
|
322
322
|
|
323
|
+
# @note When making an API call, you may pass BatchAssociateResourceRequest
|
324
|
+
# data as a hash:
|
325
|
+
#
|
326
|
+
# {
|
327
|
+
# resource_set_identifier: "Identifier", # required
|
328
|
+
# items: ["Identifier"], # required
|
329
|
+
# }
|
330
|
+
#
|
331
|
+
# @!attribute [rw] resource_set_identifier
|
332
|
+
# A unique identifier for the resource set, used in a TODO to refer to
|
333
|
+
# the resource set.
|
334
|
+
# @return [String]
|
335
|
+
#
|
336
|
+
# @!attribute [rw] items
|
337
|
+
# The uniform resource identifiers (URIs) of resources that should be
|
338
|
+
# associated to the resource set. The URIs must be Amazon Resource
|
339
|
+
# Names (ARNs).
|
340
|
+
# @return [Array<String>]
|
341
|
+
#
|
342
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/BatchAssociateResourceRequest AWS API Documentation
|
343
|
+
#
|
344
|
+
class BatchAssociateResourceRequest < Struct.new(
|
345
|
+
:resource_set_identifier,
|
346
|
+
:items)
|
347
|
+
SENSITIVE = []
|
348
|
+
include Aws::Structure
|
349
|
+
end
|
350
|
+
|
351
|
+
# @!attribute [rw] resource_set_identifier
|
352
|
+
# A unique identifier for the resource set, used in a TODO to refer to
|
353
|
+
# the resource set.
|
354
|
+
# @return [String]
|
355
|
+
#
|
356
|
+
# @!attribute [rw] failed_items
|
357
|
+
# The resources that failed to associate to the resource set.
|
358
|
+
# @return [Array<Types::FailedItem>]
|
359
|
+
#
|
360
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/BatchAssociateResourceResponse AWS API Documentation
|
361
|
+
#
|
362
|
+
class BatchAssociateResourceResponse < Struct.new(
|
363
|
+
:resource_set_identifier,
|
364
|
+
:failed_items)
|
365
|
+
SENSITIVE = []
|
366
|
+
include Aws::Structure
|
367
|
+
end
|
368
|
+
|
369
|
+
# @note When making an API call, you may pass BatchDisassociateResourceRequest
|
370
|
+
# data as a hash:
|
371
|
+
#
|
372
|
+
# {
|
373
|
+
# resource_set_identifier: "Identifier", # required
|
374
|
+
# items: ["Identifier"], # required
|
375
|
+
# }
|
376
|
+
#
|
377
|
+
# @!attribute [rw] resource_set_identifier
|
378
|
+
# A unique identifier for the resource set, used in a TODO to refer to
|
379
|
+
# the resource set.
|
380
|
+
# @return [String]
|
381
|
+
#
|
382
|
+
# @!attribute [rw] items
|
383
|
+
# The uniform resource identifiers (URI) of resources that should be
|
384
|
+
# disassociated from the resource set. The URIs must be Amazon
|
385
|
+
# Resource Names (ARNs).
|
386
|
+
# @return [Array<String>]
|
387
|
+
#
|
388
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/BatchDisassociateResourceRequest AWS API Documentation
|
389
|
+
#
|
390
|
+
class BatchDisassociateResourceRequest < Struct.new(
|
391
|
+
:resource_set_identifier,
|
392
|
+
:items)
|
393
|
+
SENSITIVE = []
|
394
|
+
include Aws::Structure
|
395
|
+
end
|
396
|
+
|
397
|
+
# @!attribute [rw] resource_set_identifier
|
398
|
+
# A unique identifier for the resource set, used in a TODO to refer to
|
399
|
+
# the resource set.
|
400
|
+
# @return [String]
|
401
|
+
#
|
402
|
+
# @!attribute [rw] failed_items
|
403
|
+
# The resources that failed to disassociate from the resource set.
|
404
|
+
# @return [Array<Types::FailedItem>]
|
405
|
+
#
|
406
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/BatchDisassociateResourceResponse AWS API Documentation
|
407
|
+
#
|
408
|
+
class BatchDisassociateResourceResponse < Struct.new(
|
409
|
+
:resource_set_identifier,
|
410
|
+
:failed_items)
|
411
|
+
SENSITIVE = []
|
412
|
+
include Aws::Structure
|
413
|
+
end
|
414
|
+
|
323
415
|
# Details of the resource that is not protected by the policy.
|
324
416
|
#
|
325
417
|
# @!attribute [rw] resource_id
|
@@ -460,6 +552,26 @@ module Aws::FMS
|
|
460
552
|
include Aws::Structure
|
461
553
|
end
|
462
554
|
|
555
|
+
# @note When making an API call, you may pass DeleteResourceSetRequest
|
556
|
+
# data as a hash:
|
557
|
+
#
|
558
|
+
# {
|
559
|
+
# identifier: "Base62Id", # required
|
560
|
+
# }
|
561
|
+
#
|
562
|
+
# @!attribute [rw] identifier
|
563
|
+
# A unique identifier for the resource set, used in a TODO to refer to
|
564
|
+
# the resource set.
|
565
|
+
# @return [String]
|
566
|
+
#
|
567
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteResourceSetRequest AWS API Documentation
|
568
|
+
#
|
569
|
+
class DeleteResourceSetRequest < Struct.new(
|
570
|
+
:identifier)
|
571
|
+
SENSITIVE = []
|
572
|
+
include Aws::Structure
|
573
|
+
end
|
574
|
+
|
463
575
|
# @api private
|
464
576
|
#
|
465
577
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateAdminAccountRequest AWS API Documentation
|
@@ -498,6 +610,37 @@ module Aws::FMS
|
|
498
610
|
include Aws::Structure
|
499
611
|
end
|
500
612
|
|
613
|
+
# A resource in the organization that's available to be associated with
|
614
|
+
# a Firewall Manager resource set.
|
615
|
+
#
|
616
|
+
# @!attribute [rw] uri
|
617
|
+
# The universal resource identifier (URI) of the discovered resource.
|
618
|
+
# @return [String]
|
619
|
+
#
|
620
|
+
# @!attribute [rw] account_id
|
621
|
+
# The Amazon Web Services account ID associated with the discovered
|
622
|
+
# resource.
|
623
|
+
# @return [String]
|
624
|
+
#
|
625
|
+
# @!attribute [rw] type
|
626
|
+
# The type of the discovered resource.
|
627
|
+
# @return [String]
|
628
|
+
#
|
629
|
+
# @!attribute [rw] name
|
630
|
+
# The name of the discovered resource.
|
631
|
+
# @return [String]
|
632
|
+
#
|
633
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DiscoveredResource AWS API Documentation
|
634
|
+
#
|
635
|
+
class DiscoveredResource < Struct.new(
|
636
|
+
:uri,
|
637
|
+
:account_id,
|
638
|
+
:type,
|
639
|
+
:name)
|
640
|
+
SENSITIVE = []
|
641
|
+
include Aws::Structure
|
642
|
+
end
|
643
|
+
|
501
644
|
# A DNS Firewall rule group that Firewall Manager tried to associate
|
502
645
|
# with a VPC is already associated with the VPC and can't be associated
|
503
646
|
# again.
|
@@ -925,6 +1068,26 @@ module Aws::FMS
|
|
925
1068
|
include Aws::Structure
|
926
1069
|
end
|
927
1070
|
|
1071
|
+
# Details of a resource that failed when trying to update it's
|
1072
|
+
# association to a resource set.
|
1073
|
+
#
|
1074
|
+
# @!attribute [rw] uri
|
1075
|
+
# The univeral resource indicator (URI) of the resource that failed.
|
1076
|
+
# @return [String]
|
1077
|
+
#
|
1078
|
+
# @!attribute [rw] reason
|
1079
|
+
# The reason the resource's association could not be updated.
|
1080
|
+
# @return [String]
|
1081
|
+
#
|
1082
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/FailedItem AWS API Documentation
|
1083
|
+
#
|
1084
|
+
class FailedItem < Struct.new(
|
1085
|
+
:uri,
|
1086
|
+
:reason)
|
1087
|
+
SENSITIVE = []
|
1088
|
+
include Aws::Structure
|
1089
|
+
end
|
1090
|
+
|
928
1091
|
# Contains details about the firewall subnet that violates the policy
|
929
1092
|
# scope.
|
930
1093
|
#
|
@@ -1323,6 +1486,43 @@ module Aws::FMS
|
|
1323
1486
|
include Aws::Structure
|
1324
1487
|
end
|
1325
1488
|
|
1489
|
+
# @note When making an API call, you may pass GetResourceSetRequest
|
1490
|
+
# data as a hash:
|
1491
|
+
#
|
1492
|
+
# {
|
1493
|
+
# identifier: "Base62Id", # required
|
1494
|
+
# }
|
1495
|
+
#
|
1496
|
+
# @!attribute [rw] identifier
|
1497
|
+
# A unique identifier for the resource set, used in a TODO to refer to
|
1498
|
+
# the resource set.
|
1499
|
+
# @return [String]
|
1500
|
+
#
|
1501
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetResourceSetRequest AWS API Documentation
|
1502
|
+
#
|
1503
|
+
class GetResourceSetRequest < Struct.new(
|
1504
|
+
:identifier)
|
1505
|
+
SENSITIVE = []
|
1506
|
+
include Aws::Structure
|
1507
|
+
end
|
1508
|
+
|
1509
|
+
# @!attribute [rw] resource_set
|
1510
|
+
# Information about the specified resource set.
|
1511
|
+
# @return [Types::ResourceSet]
|
1512
|
+
#
|
1513
|
+
# @!attribute [rw] resource_set_arn
|
1514
|
+
# The Amazon Resource Name (ARN) of the resource set.
|
1515
|
+
# @return [String]
|
1516
|
+
#
|
1517
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetResourceSetResponse AWS API Documentation
|
1518
|
+
#
|
1519
|
+
class GetResourceSetResponse < Struct.new(
|
1520
|
+
:resource_set,
|
1521
|
+
:resource_set_arn)
|
1522
|
+
SENSITIVE = []
|
1523
|
+
include Aws::Structure
|
1524
|
+
end
|
1525
|
+
|
1326
1526
|
# @note When making an API call, you may pass GetThirdPartyFirewallAssociationStatusRequest
|
1327
1527
|
# data as a hash:
|
1328
1528
|
#
|
@@ -1653,6 +1853,73 @@ module Aws::FMS
|
|
1653
1853
|
include Aws::Structure
|
1654
1854
|
end
|
1655
1855
|
|
1856
|
+
# @note When making an API call, you may pass ListDiscoveredResourcesRequest
|
1857
|
+
# data as a hash:
|
1858
|
+
#
|
1859
|
+
# {
|
1860
|
+
# member_account_ids: ["AWSAccountId"], # required
|
1861
|
+
# resource_type: "ResourceType", # required
|
1862
|
+
# max_results: 1,
|
1863
|
+
# next_token: "PaginationToken",
|
1864
|
+
# }
|
1865
|
+
#
|
1866
|
+
# @!attribute [rw] member_account_ids
|
1867
|
+
# The Amazon Web Services account IDs to discover resources in. Only
|
1868
|
+
# one account is supported per request. The account must be a member
|
1869
|
+
# of your organization.
|
1870
|
+
# @return [Array<String>]
|
1871
|
+
#
|
1872
|
+
# @!attribute [rw] resource_type
|
1873
|
+
# The type of resources to discover.
|
1874
|
+
# @return [String]
|
1875
|
+
#
|
1876
|
+
# @!attribute [rw] max_results
|
1877
|
+
# The maximum number of objects that you want Firewall Manager to
|
1878
|
+
# return for this request. If more objects are available, in the
|
1879
|
+
# response, Firewall Manager provides a `NextToken` value that you can
|
1880
|
+
# use in a subsequent call to get the next batch of objects.
|
1881
|
+
# @return [Integer]
|
1882
|
+
#
|
1883
|
+
# @!attribute [rw] next_token
|
1884
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
1885
|
+
# the number of objects that are still available for retrieval exceeds
|
1886
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
1887
|
+
# value in the response. To retrieve the next batch of objects, use
|
1888
|
+
# the token returned from the prior request in your next request.
|
1889
|
+
# @return [String]
|
1890
|
+
#
|
1891
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListDiscoveredResourcesRequest AWS API Documentation
|
1892
|
+
#
|
1893
|
+
class ListDiscoveredResourcesRequest < Struct.new(
|
1894
|
+
:member_account_ids,
|
1895
|
+
:resource_type,
|
1896
|
+
:max_results,
|
1897
|
+
:next_token)
|
1898
|
+
SENSITIVE = []
|
1899
|
+
include Aws::Structure
|
1900
|
+
end
|
1901
|
+
|
1902
|
+
# @!attribute [rw] items
|
1903
|
+
# Details of the resources that were discovered.
|
1904
|
+
# @return [Array<Types::DiscoveredResource>]
|
1905
|
+
#
|
1906
|
+
# @!attribute [rw] next_token
|
1907
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
1908
|
+
# the number of objects that are still available for retrieval exceeds
|
1909
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
1910
|
+
# value in the response. To retrieve the next batch of objects, use
|
1911
|
+
# the token returned from the prior request in your next request.
|
1912
|
+
# @return [String]
|
1913
|
+
#
|
1914
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListDiscoveredResourcesResponse AWS API Documentation
|
1915
|
+
#
|
1916
|
+
class ListDiscoveredResourcesResponse < Struct.new(
|
1917
|
+
:items,
|
1918
|
+
:next_token)
|
1919
|
+
SENSITIVE = []
|
1920
|
+
include Aws::Structure
|
1921
|
+
end
|
1922
|
+
|
1656
1923
|
# @note When making an API call, you may pass ListMemberAccountsRequest
|
1657
1924
|
# data as a hash:
|
1658
1925
|
#
|
@@ -1827,6 +2094,120 @@ module Aws::FMS
|
|
1827
2094
|
include Aws::Structure
|
1828
2095
|
end
|
1829
2096
|
|
2097
|
+
# @note When making an API call, you may pass ListResourceSetResourcesRequest
|
2098
|
+
# data as a hash:
|
2099
|
+
#
|
2100
|
+
# {
|
2101
|
+
# identifier: "ResourceId", # required
|
2102
|
+
# max_results: 1,
|
2103
|
+
# next_token: "PaginationToken",
|
2104
|
+
# }
|
2105
|
+
#
|
2106
|
+
# @!attribute [rw] identifier
|
2107
|
+
# A unique identifier for the resource set, used in a TODO to refer to
|
2108
|
+
# the resource set.
|
2109
|
+
# @return [String]
|
2110
|
+
#
|
2111
|
+
# @!attribute [rw] max_results
|
2112
|
+
# The maximum number of objects that you want Firewall Manager to
|
2113
|
+
# return for this request. If more objects are available, in the
|
2114
|
+
# response, Firewall Manager provides a `NextToken` value that you can
|
2115
|
+
# use in a subsequent call to get the next batch of objects.
|
2116
|
+
# @return [Integer]
|
2117
|
+
#
|
2118
|
+
# @!attribute [rw] next_token
|
2119
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
2120
|
+
# the number of objects that are still available for retrieval exceeds
|
2121
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
2122
|
+
# value in the response. To retrieve the next batch of objects, use
|
2123
|
+
# the token returned from the prior request in your next request.
|
2124
|
+
# @return [String]
|
2125
|
+
#
|
2126
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListResourceSetResourcesRequest AWS API Documentation
|
2127
|
+
#
|
2128
|
+
class ListResourceSetResourcesRequest < Struct.new(
|
2129
|
+
:identifier,
|
2130
|
+
:max_results,
|
2131
|
+
:next_token)
|
2132
|
+
SENSITIVE = []
|
2133
|
+
include Aws::Structure
|
2134
|
+
end
|
2135
|
+
|
2136
|
+
# @!attribute [rw] items
|
2137
|
+
# An array of the associated resources' uniform resource identifiers
|
2138
|
+
# (URI).
|
2139
|
+
# @return [Array<Types::Resource>]
|
2140
|
+
#
|
2141
|
+
# @!attribute [rw] next_token
|
2142
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
2143
|
+
# the number of objects that are still available for retrieval exceeds
|
2144
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
2145
|
+
# value in the response. To retrieve the next batch of objects, use
|
2146
|
+
# the token returned from the prior request in your next request.
|
2147
|
+
# @return [String]
|
2148
|
+
#
|
2149
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListResourceSetResourcesResponse AWS API Documentation
|
2150
|
+
#
|
2151
|
+
class ListResourceSetResourcesResponse < Struct.new(
|
2152
|
+
:items,
|
2153
|
+
:next_token)
|
2154
|
+
SENSITIVE = []
|
2155
|
+
include Aws::Structure
|
2156
|
+
end
|
2157
|
+
|
2158
|
+
# @note When making an API call, you may pass ListResourceSetsRequest
|
2159
|
+
# data as a hash:
|
2160
|
+
#
|
2161
|
+
# {
|
2162
|
+
# next_token: "PaginationToken",
|
2163
|
+
# max_results: 1,
|
2164
|
+
# }
|
2165
|
+
#
|
2166
|
+
# @!attribute [rw] next_token
|
2167
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
2168
|
+
# the number of objects that are still available for retrieval exceeds
|
2169
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
2170
|
+
# value in the response. To retrieve the next batch of objects, use
|
2171
|
+
# the token returned from the prior request in your next request.
|
2172
|
+
# @return [String]
|
2173
|
+
#
|
2174
|
+
# @!attribute [rw] max_results
|
2175
|
+
# The maximum number of objects that you want Firewall Manager to
|
2176
|
+
# return for this request. If more objects are available, in the
|
2177
|
+
# response, Firewall Manager provides a `NextToken` value that you can
|
2178
|
+
# use in a subsequent call to get the next batch of objects.
|
2179
|
+
# @return [Integer]
|
2180
|
+
#
|
2181
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListResourceSetsRequest AWS API Documentation
|
2182
|
+
#
|
2183
|
+
class ListResourceSetsRequest < Struct.new(
|
2184
|
+
:next_token,
|
2185
|
+
:max_results)
|
2186
|
+
SENSITIVE = []
|
2187
|
+
include Aws::Structure
|
2188
|
+
end
|
2189
|
+
|
2190
|
+
# @!attribute [rw] resource_sets
|
2191
|
+
# An array of `ResourceSetSummary` objects.
|
2192
|
+
# @return [Array<Types::ResourceSetSummary>]
|
2193
|
+
#
|
2194
|
+
# @!attribute [rw] next_token
|
2195
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
2196
|
+
# the number of objects that are still available for retrieval exceeds
|
2197
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
2198
|
+
# value in the response. To retrieve the next batch of objects, use
|
2199
|
+
# the token returned from the prior request in your next request.
|
2200
|
+
# @return [String]
|
2201
|
+
#
|
2202
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListResourceSetsResponse AWS API Documentation
|
2203
|
+
#
|
2204
|
+
class ListResourceSetsResponse < Struct.new(
|
2205
|
+
:resource_sets,
|
2206
|
+
:next_token)
|
2207
|
+
SENSITIVE = []
|
2208
|
+
include Aws::Structure
|
2209
|
+
end
|
2210
|
+
|
1830
2211
|
# @note When making an API call, you may pass ListTagsForResourceRequest
|
1831
2212
|
# data as a hash:
|
1832
2213
|
#
|
@@ -2382,6 +2763,22 @@ module Aws::FMS
|
|
2382
2763
|
include Aws::Structure
|
2383
2764
|
end
|
2384
2765
|
|
2766
|
+
# The setting that allows the policy owner to change the behavior of the
|
2767
|
+
# rule group within a policy.
|
2768
|
+
#
|
2769
|
+
# @!attribute [rw] action
|
2770
|
+
# The action that changes the rule group from `DROP` to `ALERT`. This
|
2771
|
+
# only applies to managed rule groups.
|
2772
|
+
# @return [String]
|
2773
|
+
#
|
2774
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/NetworkFirewallStatefulRuleGroupOverride AWS API Documentation
|
2775
|
+
#
|
2776
|
+
class NetworkFirewallStatefulRuleGroupOverride < Struct.new(
|
2777
|
+
:action)
|
2778
|
+
SENSITIVE = []
|
2779
|
+
include Aws::Structure
|
2780
|
+
end
|
2781
|
+
|
2385
2782
|
# Violation detail for an unexpected route that's present in a route
|
2386
2783
|
# table.
|
2387
2784
|
#
|
@@ -2478,7 +2875,7 @@ module Aws::FMS
|
|
2478
2875
|
# policy_name: "ResourceName", # required
|
2479
2876
|
# policy_update_token: "PolicyUpdateToken",
|
2480
2877
|
# security_service_policy_data: { # required
|
2481
|
-
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
|
2878
|
+
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL, IMPORT_NETWORK_FIREWALL
|
2482
2879
|
# managed_service_data: "ManagedServiceData",
|
2483
2880
|
# policy_option: {
|
2484
2881
|
# network_firewall_policy: {
|
@@ -2506,6 +2903,8 @@ module Aws::FMS
|
|
2506
2903
|
# exclude_map: {
|
2507
2904
|
# "ACCOUNT" => ["CustomerPolicyScopeId"],
|
2508
2905
|
# },
|
2906
|
+
# resource_set_ids: ["Base62Id"],
|
2907
|
+
# policy_description: "ResourceDescription",
|
2509
2908
|
# }
|
2510
2909
|
#
|
2511
2910
|
# @!attribute [rw] policy_id
|
@@ -2650,6 +3049,14 @@ module Aws::FMS
|
|
2650
3049
|
# “ouid112”]\}`.
|
2651
3050
|
# @return [Hash<String,Array<String>>]
|
2652
3051
|
#
|
3052
|
+
# @!attribute [rw] resource_set_ids
|
3053
|
+
# The unique identifiers of the resource sets used by the policy.
|
3054
|
+
# @return [Array<String>]
|
3055
|
+
#
|
3056
|
+
# @!attribute [rw] policy_description
|
3057
|
+
# The definition of the Network Firewall firewall policy.
|
3058
|
+
# @return [String]
|
3059
|
+
#
|
2653
3060
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Policy AWS API Documentation
|
2654
3061
|
#
|
2655
3062
|
class Policy < Struct.new(
|
@@ -2664,7 +3071,9 @@ module Aws::FMS
|
|
2664
3071
|
:remediation_enabled,
|
2665
3072
|
:delete_unused_fm_managed_resources,
|
2666
3073
|
:include_map,
|
2667
|
-
:exclude_map
|
3074
|
+
:exclude_map,
|
3075
|
+
:resource_set_ids,
|
3076
|
+
:policy_description)
|
2668
3077
|
SENSITIVE = []
|
2669
3078
|
include Aws::Structure
|
2670
3079
|
end
|
@@ -3119,7 +3528,7 @@ module Aws::FMS
|
|
3119
3528
|
# policy_name: "ResourceName", # required
|
3120
3529
|
# policy_update_token: "PolicyUpdateToken",
|
3121
3530
|
# security_service_policy_data: { # required
|
3122
|
-
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
|
3531
|
+
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL, IMPORT_NETWORK_FIREWALL
|
3123
3532
|
# managed_service_data: "ManagedServiceData",
|
3124
3533
|
# policy_option: {
|
3125
3534
|
# network_firewall_policy: {
|
@@ -3147,6 +3556,8 @@ module Aws::FMS
|
|
3147
3556
|
# exclude_map: {
|
3148
3557
|
# "ACCOUNT" => ["CustomerPolicyScopeId"],
|
3149
3558
|
# },
|
3559
|
+
# resource_set_ids: ["Base62Id"],
|
3560
|
+
# policy_description: "ResourceDescription",
|
3150
3561
|
# },
|
3151
3562
|
# tag_list: [
|
3152
3563
|
# {
|
@@ -3247,6 +3658,65 @@ module Aws::FMS
|
|
3247
3658
|
include Aws::Structure
|
3248
3659
|
end
|
3249
3660
|
|
3661
|
+
# @note When making an API call, you may pass PutResourceSetRequest
|
3662
|
+
# data as a hash:
|
3663
|
+
#
|
3664
|
+
# {
|
3665
|
+
# resource_set: { # required
|
3666
|
+
# id: "Base62Id",
|
3667
|
+
# name: "Name", # required
|
3668
|
+
# description: "Description",
|
3669
|
+
# update_token: "UpdateToken",
|
3670
|
+
# resource_type_list: ["ResourceType"], # required
|
3671
|
+
# last_update_time: Time.now,
|
3672
|
+
# },
|
3673
|
+
# tag_list: [
|
3674
|
+
# {
|
3675
|
+
# key: "TagKey", # required
|
3676
|
+
# value: "TagValue", # required
|
3677
|
+
# },
|
3678
|
+
# ],
|
3679
|
+
# }
|
3680
|
+
#
|
3681
|
+
# @!attribute [rw] resource_set
|
3682
|
+
# Details about the resource set to be created or updated.>
|
3683
|
+
# @return [Types::ResourceSet]
|
3684
|
+
#
|
3685
|
+
# @!attribute [rw] tag_list
|
3686
|
+
# Retrieves the tags associated with the specified resource set. Tags
|
3687
|
+
# are key:value pairs that you can use to categorize and manage your
|
3688
|
+
# resources, for purposes like billing. For example, you might set the
|
3689
|
+
# tag key to "customer" and the value to the customer name or ID.
|
3690
|
+
# You can specify one or more tags to add to each Amazon Web Services
|
3691
|
+
# resource, up to 50 tags for a resource.
|
3692
|
+
# @return [Array<Types::Tag>]
|
3693
|
+
#
|
3694
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutResourceSetRequest AWS API Documentation
|
3695
|
+
#
|
3696
|
+
class PutResourceSetRequest < Struct.new(
|
3697
|
+
:resource_set,
|
3698
|
+
:tag_list)
|
3699
|
+
SENSITIVE = []
|
3700
|
+
include Aws::Structure
|
3701
|
+
end
|
3702
|
+
|
3703
|
+
# @!attribute [rw] resource_set
|
3704
|
+
# Details about the resource set.
|
3705
|
+
# @return [Types::ResourceSet]
|
3706
|
+
#
|
3707
|
+
# @!attribute [rw] resource_set_arn
|
3708
|
+
# The Amazon Resource Name (ARN) of the resource set.
|
3709
|
+
# @return [String]
|
3710
|
+
#
|
3711
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutResourceSetResponse AWS API Documentation
|
3712
|
+
#
|
3713
|
+
class PutResourceSetResponse < Struct.new(
|
3714
|
+
:resource_set,
|
3715
|
+
:resource_set_arn)
|
3716
|
+
SENSITIVE = []
|
3717
|
+
include Aws::Structure
|
3718
|
+
end
|
3719
|
+
|
3250
3720
|
# Information about an individual action you can take to remediate a
|
3251
3721
|
# violation.
|
3252
3722
|
#
|
@@ -3323,6 +3793,27 @@ module Aws::FMS
|
|
3323
3793
|
include Aws::Structure
|
3324
3794
|
end
|
3325
3795
|
|
3796
|
+
# Details of a resource that is associated to an Firewall Manager
|
3797
|
+
# resource set.
|
3798
|
+
#
|
3799
|
+
# @!attribute [rw] uri
|
3800
|
+
# The resource's universal resource indicator (URI).
|
3801
|
+
# @return [String]
|
3802
|
+
#
|
3803
|
+
# @!attribute [rw] account_id
|
3804
|
+
# The Amazon Web Services account ID that the associated resource
|
3805
|
+
# belongs to.
|
3806
|
+
# @return [String]
|
3807
|
+
#
|
3808
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Resource AWS API Documentation
|
3809
|
+
#
|
3810
|
+
class Resource < Struct.new(
|
3811
|
+
:uri,
|
3812
|
+
:account_id)
|
3813
|
+
SENSITIVE = []
|
3814
|
+
include Aws::Structure
|
3815
|
+
end
|
3816
|
+
|
3326
3817
|
# The specified resource was not found.
|
3327
3818
|
#
|
3328
3819
|
# @!attribute [rw] message
|
@@ -3336,6 +3827,112 @@ module Aws::FMS
|
|
3336
3827
|
include Aws::Structure
|
3337
3828
|
end
|
3338
3829
|
|
3830
|
+
# A set of resources to include in a policy.
|
3831
|
+
#
|
3832
|
+
# @note When making an API call, you may pass ResourceSet
|
3833
|
+
# data as a hash:
|
3834
|
+
#
|
3835
|
+
# {
|
3836
|
+
# id: "Base62Id",
|
3837
|
+
# name: "Name", # required
|
3838
|
+
# description: "Description",
|
3839
|
+
# update_token: "UpdateToken",
|
3840
|
+
# resource_type_list: ["ResourceType"], # required
|
3841
|
+
# last_update_time: Time.now,
|
3842
|
+
# }
|
3843
|
+
#
|
3844
|
+
# @!attribute [rw] id
|
3845
|
+
# A unique identifier for the resource set. This ID is returned in the
|
3846
|
+
# responses to create and list commands. You provide it to operations
|
3847
|
+
# like update and delete.
|
3848
|
+
# @return [String]
|
3849
|
+
#
|
3850
|
+
# @!attribute [rw] name
|
3851
|
+
# The descriptive name of the resource set. You can't change the name
|
3852
|
+
# of a resource set after you create it.
|
3853
|
+
# @return [String]
|
3854
|
+
#
|
3855
|
+
# @!attribute [rw] description
|
3856
|
+
# A description of the resource set.
|
3857
|
+
# @return [String]
|
3858
|
+
#
|
3859
|
+
# @!attribute [rw] update_token
|
3860
|
+
# An optional token that you can use for optimistic locking. Firewall
|
3861
|
+
# Manager returns a token to your requests that access the resource
|
3862
|
+
# set. The token marks the state of the resource set resource at the
|
3863
|
+
# time of the request. Update tokens are not allowed when creating a
|
3864
|
+
# resource set. After creation, each subsequent update call to the
|
3865
|
+
# resource set requires the update token.
|
3866
|
+
#
|
3867
|
+
# To make an unconditional change to the resource set, omit the token
|
3868
|
+
# in your update request. Without the token, Firewall Manager performs
|
3869
|
+
# your updates regardless of whether the resource set has changed
|
3870
|
+
# since you last retrieved it.
|
3871
|
+
#
|
3872
|
+
# To make a conditional change to the resource set, provide the token
|
3873
|
+
# in your update request. Firewall Manager uses the token to ensure
|
3874
|
+
# that the resource set hasn't changed since you last retrieved it.
|
3875
|
+
# If it has changed, the operation fails with an
|
3876
|
+
# `InvalidTokenException`. If this happens, retrieve the resource set
|
3877
|
+
# again to get a current copy of it with a new token. Reapply your
|
3878
|
+
# changes as needed, then try the operation again using the new token.
|
3879
|
+
# @return [String]
|
3880
|
+
#
|
3881
|
+
# @!attribute [rw] resource_type_list
|
3882
|
+
# Determines the resources that can be associated to the resource set.
|
3883
|
+
# Depending on your setting for max results and the number of resource
|
3884
|
+
# sets, a single call might not return the full list.
|
3885
|
+
# @return [Array<String>]
|
3886
|
+
#
|
3887
|
+
# @!attribute [rw] last_update_time
|
3888
|
+
# The last time that the resource set was changed.
|
3889
|
+
# @return [Time]
|
3890
|
+
#
|
3891
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceSet AWS API Documentation
|
3892
|
+
#
|
3893
|
+
class ResourceSet < Struct.new(
|
3894
|
+
:id,
|
3895
|
+
:name,
|
3896
|
+
:description,
|
3897
|
+
:update_token,
|
3898
|
+
:resource_type_list,
|
3899
|
+
:last_update_time)
|
3900
|
+
SENSITIVE = []
|
3901
|
+
include Aws::Structure
|
3902
|
+
end
|
3903
|
+
|
3904
|
+
# Summarizes the resource sets used in a policy.
|
3905
|
+
#
|
3906
|
+
# @!attribute [rw] id
|
3907
|
+
# A unique identifier for the resource set. This ID is returned in the
|
3908
|
+
# responses to create and list commands. You provide it to operations
|
3909
|
+
# like update and delete.
|
3910
|
+
# @return [String]
|
3911
|
+
#
|
3912
|
+
# @!attribute [rw] name
|
3913
|
+
# The descriptive name of the resource set. You can't change the name
|
3914
|
+
# of a resource set after you create it.
|
3915
|
+
# @return [String]
|
3916
|
+
#
|
3917
|
+
# @!attribute [rw] description
|
3918
|
+
# A description of the resource set.
|
3919
|
+
# @return [String]
|
3920
|
+
#
|
3921
|
+
# @!attribute [rw] last_update_time
|
3922
|
+
# The last time that the resource set was changed.
|
3923
|
+
# @return [Time]
|
3924
|
+
#
|
3925
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceSetSummary AWS API Documentation
|
3926
|
+
#
|
3927
|
+
class ResourceSetSummary < Struct.new(
|
3928
|
+
:id,
|
3929
|
+
:name,
|
3930
|
+
:description,
|
3931
|
+
:last_update_time)
|
3932
|
+
SENSITIVE = []
|
3933
|
+
include Aws::Structure
|
3934
|
+
end
|
3935
|
+
|
3339
3936
|
# The resource tags that Firewall Manager uses to determine if a
|
3340
3937
|
# particular resource should be included or excluded from the Firewall
|
3341
3938
|
# Manager policy. Tags enable you to categorize your Amazon Web Services
|
@@ -3706,7 +4303,7 @@ module Aws::FMS
|
|
3706
4303
|
# data as a hash:
|
3707
4304
|
#
|
3708
4305
|
# {
|
3709
|
-
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL
|
4306
|
+
# type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL, IMPORT_NETWORK_FIREWALL
|
3710
4307
|
# managed_service_data: "ManagedServiceData",
|
3711
4308
|
# policy_option: {
|
3712
4309
|
# network_firewall_policy: {
|
@@ -3815,56 +4412,6 @@ module Aws::FMS
|
|
3815
4412
|
# "availabilityZoneName":"$\{AvailabilityZone\}" \} ] \} \},
|
3816
4413
|
# "allowedIPV4CidrList":[ ] \} \} \} \}"`
|
3817
4414
|
#
|
3818
|
-
# * Specification for `SHIELD_ADVANCED` for Amazon CloudFront
|
3819
|
-
# distributions
|
3820
|
-
#
|
3821
|
-
# `"\{"type":"SHIELD_ADVANCED","automaticResponseConfiguration":
|
3822
|
-
# \{"automaticResponseStatus":"ENABLED|IGNORED|DISABLED",
|
3823
|
-
# "automaticResponseAction":"BLOCK|COUNT"\},
|
3824
|
-
# "overrideCustomerWebaclClassic":true|false\}"`
|
3825
|
-
#
|
3826
|
-
# For example:
|
3827
|
-
# `"\{"type":"SHIELD_ADVANCED","automaticResponseConfiguration":
|
3828
|
-
# \{"automaticResponseStatus":"ENABLED",
|
3829
|
-
# "automaticResponseAction":"COUNT"\}\}"`
|
3830
|
-
#
|
3831
|
-
# The default value for `automaticResponseStatus` is `IGNORED`. The
|
3832
|
-
# value for `automaticResponseAction` is only required when
|
3833
|
-
# `automaticResponseStatus` is set to `ENABLED`. The default value
|
3834
|
-
# for `overrideCustomerWebaclClassic` is `false`.
|
3835
|
-
#
|
3836
|
-
# For other resource types that you can protect with a Shield
|
3837
|
-
# Advanced policy, this `ManagedServiceData` configuration is an
|
3838
|
-
# empty string.
|
3839
|
-
#
|
3840
|
-
# * Example: `WAFV2`
|
3841
|
-
#
|
3842
|
-
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAmazonIpReputationList"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[\{"name":"NoUserAgent_HEADER"\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
|
3843
|
-
#
|
3844
|
-
# In the `loggingConfiguration`, you can specify one
|
3845
|
-
# `logDestinationConfigs`, you can optionally provide up to 20
|
3846
|
-
# `redactedFields`, and the `RedactedFieldType` must be one of
|
3847
|
-
# `URI`, `QUERY_STRING`, `HEADER`, or `METHOD`.
|
3848
|
-
#
|
3849
|
-
# * Example: `WAF Classic`
|
3850
|
-
#
|
3851
|
-
# `"\{"type": "WAF", "ruleGroups":
|
3852
|
-
# [\{"id":"12345678-1bcd-9012-efga-0987654321ab",
|
3853
|
-
# "overrideAction" : \{"type": "COUNT"\}\}],
|
3854
|
-
# "defaultAction": \{"type": "BLOCK"\}\}"`
|
3855
|
-
#
|
3856
|
-
# * Example: `WAFV2` - Firewall Manager support for WAF managed rule
|
3857
|
-
# group versioning
|
3858
|
-
#
|
3859
|
-
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":true,"version":"Version_2.0","vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesCommonRuleSet"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[\{"name":"NoUserAgent_HEADER"\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
|
3860
|
-
#
|
3861
|
-
# To use a specific version of a WAF managed rule group in your
|
3862
|
-
# Firewall Manager policy, you must set `versionEnabled` to `true`,
|
3863
|
-
# and set `version` to the version you'd like to use. If you don't
|
3864
|
-
# set `versionEnabled` to `true`, or if you omit `versionEnabled`,
|
3865
|
-
# then Firewall Manager uses the default version of the WAF managed
|
3866
|
-
# rule group.
|
3867
|
-
#
|
3868
4415
|
# * Example: `SECURITY_GROUPS_COMMON`
|
3869
4416
|
#
|
3870
4417
|
# `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
|
@@ -3911,6 +4458,56 @@ module Aws::FMS
|
|
3911
4458
|
#
|
3912
4459
|
# `"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true\}"`
|
3913
4460
|
#
|
4461
|
+
# * Specification for `SHIELD_ADVANCED` for Amazon CloudFront
|
4462
|
+
# distributions
|
4463
|
+
#
|
4464
|
+
# `"\{"type":"SHIELD_ADVANCED","automaticResponseConfiguration":
|
4465
|
+
# \{"automaticResponseStatus":"ENABLED|IGNORED|DISABLED",
|
4466
|
+
# "automaticResponseAction":"BLOCK|COUNT"\},
|
4467
|
+
# "overrideCustomerWebaclClassic":true|false\}"`
|
4468
|
+
#
|
4469
|
+
# For example:
|
4470
|
+
# `"\{"type":"SHIELD_ADVANCED","automaticResponseConfiguration":
|
4471
|
+
# \{"automaticResponseStatus":"ENABLED",
|
4472
|
+
# "automaticResponseAction":"COUNT"\}\}"`
|
4473
|
+
#
|
4474
|
+
# The default value for `automaticResponseStatus` is `IGNORED`. The
|
4475
|
+
# value for `automaticResponseAction` is only required when
|
4476
|
+
# `automaticResponseStatus` is set to `ENABLED`. The default value
|
4477
|
+
# for `overrideCustomerWebaclClassic` is `false`.
|
4478
|
+
#
|
4479
|
+
# For other resource types that you can protect with a Shield
|
4480
|
+
# Advanced policy, this `ManagedServiceData` configuration is an
|
4481
|
+
# empty string.
|
4482
|
+
#
|
4483
|
+
# * Example: `WAFV2`
|
4484
|
+
#
|
4485
|
+
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAmazonIpReputationList"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[\{"name":"NoUserAgent_HEADER"\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
|
4486
|
+
#
|
4487
|
+
# In the `loggingConfiguration`, you can specify one
|
4488
|
+
# `logDestinationConfigs`, you can optionally provide up to 20
|
4489
|
+
# `redactedFields`, and the `RedactedFieldType` must be one of
|
4490
|
+
# `URI`, `QUERY_STRING`, `HEADER`, or `METHOD`.
|
4491
|
+
#
|
4492
|
+
# * Example: `WAFV2` - Firewall Manager support for WAF managed rule
|
4493
|
+
# group versioning
|
4494
|
+
#
|
4495
|
+
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":true,"version":"Version_2.0","vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesCommonRuleSet"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[\{"name":"NoUserAgent_HEADER"\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
|
4496
|
+
#
|
4497
|
+
# To use a specific version of a WAF managed rule group in your
|
4498
|
+
# Firewall Manager policy, you must set `versionEnabled` to `true`,
|
4499
|
+
# and set `version` to the version you'd like to use. If you don't
|
4500
|
+
# set `versionEnabled` to `true`, or if you omit `versionEnabled`,
|
4501
|
+
# then Firewall Manager uses the default version of the WAF managed
|
4502
|
+
# rule group.
|
4503
|
+
#
|
4504
|
+
# * Example: `WAF Classic`
|
4505
|
+
#
|
4506
|
+
# `"\{"type": "WAF", "ruleGroups":
|
4507
|
+
# [\{"id":"12345678-1bcd-9012-efga-0987654321ab",
|
4508
|
+
# "overrideAction" : \{"type": "COUNT"\}\}],
|
4509
|
+
# "defaultAction": \{"type": "BLOCK"\}\}"`
|
4510
|
+
#
|
3914
4511
|
#
|
3915
4512
|
#
|
3916
4513
|
# [1]: https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html
|
@@ -3983,12 +4580,18 @@ module Aws::FMS
|
|
3983
4580
|
# on.
|
3984
4581
|
# @return [Integer]
|
3985
4582
|
#
|
4583
|
+
# @!attribute [rw] override
|
4584
|
+
# The action that allows the policy owner to override the behavior of
|
4585
|
+
# the rule group within a policy.
|
4586
|
+
# @return [Types::NetworkFirewallStatefulRuleGroupOverride]
|
4587
|
+
#
|
3986
4588
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/StatefulRuleGroup AWS API Documentation
|
3987
4589
|
#
|
3988
4590
|
class StatefulRuleGroup < Struct.new(
|
3989
4591
|
:rule_group_name,
|
3990
4592
|
:resource_id,
|
3991
|
-
:priority
|
4593
|
+
:priority,
|
4594
|
+
:override)
|
3992
4595
|
SENSITIVE = []
|
3993
4596
|
include Aws::Structure
|
3994
4597
|
end
|