aws-sdk-fms 1.55.0 → 1.56.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-fms/client.rb +271 -31
- data/lib/aws-sdk-fms/client_api.rb +151 -0
- data/lib/aws-sdk-fms/endpoint_parameters.rb +0 -3
- data/lib/aws-sdk-fms/endpoint_provider.rb +27 -24
- data/lib/aws-sdk-fms/endpoints.rb +56 -0
- data/lib/aws-sdk-fms/plugins/endpoints.rb +8 -0
- data/lib/aws-sdk-fms/types.rb +568 -31
- data/lib/aws-sdk-fms.rb +1 -1
- metadata +2 -2
data/lib/aws-sdk-fms/types.rb
CHANGED
@@ -10,6 +10,52 @@
|
|
10
10
|
module Aws::FMS
|
11
11
|
module Types
|
12
12
|
|
13
|
+
# Configures the accounts within the administrator's Organizations
|
14
|
+
# organization that the specified Firewall Manager administrator can
|
15
|
+
# apply policies to.
|
16
|
+
#
|
17
|
+
# @!attribute [rw] accounts
|
18
|
+
# The list of accounts within the organization that the specified
|
19
|
+
# Firewall Manager administrator either can or cannot apply policies
|
20
|
+
# to, based on the value of `ExcludeSpecifiedAccounts`. If
|
21
|
+
# `ExcludeSpecifiedAccounts` is set to `true`, then the Firewall
|
22
|
+
# Manager administrator can apply policies to all members of the
|
23
|
+
# organization except for the accounts in this list. If
|
24
|
+
# `ExcludeSpecifiedAccounts` is set to `false`, then the Firewall
|
25
|
+
# Manager administrator can only apply policies to the accounts in
|
26
|
+
# this list.
|
27
|
+
# @return [Array<String>]
|
28
|
+
#
|
29
|
+
# @!attribute [rw] all_accounts_enabled
|
30
|
+
# A boolean value that indicates if the administrator can apply
|
31
|
+
# policies to all accounts within an organization. If true, the
|
32
|
+
# administrator can apply policies to all accounts within the
|
33
|
+
# organization. You can either enable management of all accounts
|
34
|
+
# through this operation, or you can specify a list of accounts to
|
35
|
+
# manage in `AccountScope$Accounts`. You cannot specify both.
|
36
|
+
# @return [Boolean]
|
37
|
+
#
|
38
|
+
# @!attribute [rw] exclude_specified_accounts
|
39
|
+
# A boolean value that excludes the accounts in
|
40
|
+
# `AccountScope$Accounts` from the administrator's scope. If true,
|
41
|
+
# the Firewall Manager administrator can apply policies to all members
|
42
|
+
# of the organization except for the accounts listed in
|
43
|
+
# `AccountScope$Accounts`. You can either specify a list of accounts
|
44
|
+
# to exclude by `AccountScope$Accounts`, or you can enable management
|
45
|
+
# of all accounts by `AccountScope$AllAccountsEnabled`. You cannot
|
46
|
+
# specify both.
|
47
|
+
# @return [Boolean]
|
48
|
+
#
|
49
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AccountScope AWS API Documentation
|
50
|
+
#
|
51
|
+
class AccountScope < Struct.new(
|
52
|
+
:accounts,
|
53
|
+
:all_accounts_enabled,
|
54
|
+
:exclude_specified_accounts)
|
55
|
+
SENSITIVE = []
|
56
|
+
include Aws::Structure
|
57
|
+
end
|
58
|
+
|
13
59
|
# Describes a remediation action target.
|
14
60
|
#
|
15
61
|
# @!attribute [rw] resource_id
|
@@ -29,6 +75,103 @@ module Aws::FMS
|
|
29
75
|
include Aws::Structure
|
30
76
|
end
|
31
77
|
|
78
|
+
# Contains high level information about the Firewall Manager
|
79
|
+
# administrator account.
|
80
|
+
#
|
81
|
+
# @!attribute [rw] admin_account
|
82
|
+
# The Amazon Web Services account ID of the Firewall Manager
|
83
|
+
# administrator's account.
|
84
|
+
# @return [String]
|
85
|
+
#
|
86
|
+
# @!attribute [rw] default_admin
|
87
|
+
# A boolean value that indicates if the administrator is the default
|
88
|
+
# administrator. If true, then this is the default administrator
|
89
|
+
# account. The default administrator can manage third-party firewalls
|
90
|
+
# and has full administrative scope. There is only one default
|
91
|
+
# administrator account per organization. For information about
|
92
|
+
# Firewall Manager default administrator accounts, see [Managing
|
93
|
+
# Firewall Manager administrators][1] in the *Firewall Manager
|
94
|
+
# Developer Guide*.
|
95
|
+
#
|
96
|
+
#
|
97
|
+
#
|
98
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/fms-administrators.html
|
99
|
+
# @return [Boolean]
|
100
|
+
#
|
101
|
+
# @!attribute [rw] status
|
102
|
+
# The current status of the request to onboard a member account as an
|
103
|
+
# Firewall Manager administator.
|
104
|
+
#
|
105
|
+
# * `ONBOARDING` - The account is onboarding to Firewall Manager as an
|
106
|
+
# administrator.
|
107
|
+
#
|
108
|
+
# * `ONBOARDING_COMPLETE` - Firewall Manager The account is onboarded
|
109
|
+
# to Firewall Manager as an administrator, and can perform actions
|
110
|
+
# on the resources defined in their AdminScope.
|
111
|
+
#
|
112
|
+
# * `OFFBOARDING` - The account is being removed as an Firewall
|
113
|
+
# Manager administrator.
|
114
|
+
#
|
115
|
+
# * `OFFBOARDING_COMPLETE` - The account has been removed as an
|
116
|
+
# Firewall Manager administrator.
|
117
|
+
# @return [String]
|
118
|
+
#
|
119
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AdminAccountSummary AWS API Documentation
|
120
|
+
#
|
121
|
+
class AdminAccountSummary < Struct.new(
|
122
|
+
:admin_account,
|
123
|
+
:default_admin,
|
124
|
+
:status)
|
125
|
+
SENSITIVE = []
|
126
|
+
include Aws::Structure
|
127
|
+
end
|
128
|
+
|
129
|
+
# Defines the resources that the Firewall Manager administrator can
|
130
|
+
# manage. For more information about administrative scope, see [Managing
|
131
|
+
# Firewall Manager administrators][1] in the *Firewall Manager Developer
|
132
|
+
# Guide*.
|
133
|
+
#
|
134
|
+
#
|
135
|
+
#
|
136
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/fms-administrators.html
|
137
|
+
#
|
138
|
+
# @!attribute [rw] account_scope
|
139
|
+
# Defines the accounts that the specified Firewall Manager
|
140
|
+
# administrator can apply policies to.
|
141
|
+
# @return [Types::AccountScope]
|
142
|
+
#
|
143
|
+
# @!attribute [rw] organizational_unit_scope
|
144
|
+
# Defines the Organizations organizational units that the specified
|
145
|
+
# Firewall Manager administrator can apply policies to. For more
|
146
|
+
# information about OUs in Organizations, see [Managing organizational
|
147
|
+
# units (OUs) ][1] in the *Organizations User Guide*.
|
148
|
+
#
|
149
|
+
#
|
150
|
+
#
|
151
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html
|
152
|
+
# @return [Types::OrganizationalUnitScope]
|
153
|
+
#
|
154
|
+
# @!attribute [rw] region_scope
|
155
|
+
# Defines the Amazon Web Services Regions that the specified Firewall
|
156
|
+
# Manager administrator can perform actions in.
|
157
|
+
# @return [Types::RegionScope]
|
158
|
+
#
|
159
|
+
# @!attribute [rw] policy_type_scope
|
160
|
+
# Defines the Firewall Manager policy types that the specified
|
161
|
+
# Firewall Manager administrator can create and manage.
|
162
|
+
# @return [Types::PolicyTypeScope]
|
163
|
+
#
|
164
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AdminScope AWS API Documentation
|
165
|
+
#
|
166
|
+
class AdminScope < Struct.new(
|
167
|
+
:account_scope,
|
168
|
+
:organizational_unit_scope,
|
169
|
+
:region_scope,
|
170
|
+
:policy_type_scope)
|
171
|
+
SENSITIVE = []
|
172
|
+
include Aws::Structure
|
173
|
+
end
|
174
|
+
|
32
175
|
# An individual Firewall Manager application.
|
33
176
|
#
|
34
177
|
# @!attribute [rw] app_name
|
@@ -139,10 +282,11 @@ module Aws::FMS
|
|
139
282
|
|
140
283
|
# @!attribute [rw] admin_account
|
141
284
|
# The Amazon Web Services account ID to associate with Firewall
|
142
|
-
# Manager as the Firewall Manager administrator account. This
|
143
|
-
#
|
144
|
-
# Organizations
|
145
|
-
#
|
285
|
+
# Manager as the Firewall Manager default administrator account. This
|
286
|
+
# account must be a member account of the organization in
|
287
|
+
# Organizations whose resources you want to protect. For more
|
288
|
+
# information about Organizations, see [Managing the Amazon Web
|
289
|
+
# Services Accounts in Your Organization][1].
|
146
290
|
#
|
147
291
|
#
|
148
292
|
#
|
@@ -271,8 +415,8 @@ module Aws::FMS
|
|
271
415
|
end
|
272
416
|
|
273
417
|
# @!attribute [rw] resource_set_identifier
|
274
|
-
# A unique identifier for the resource set, used in a
|
275
|
-
# the resource set.
|
418
|
+
# A unique identifier for the resource set, used in a request to refer
|
419
|
+
# to the resource set.
|
276
420
|
# @return [String]
|
277
421
|
#
|
278
422
|
# @!attribute [rw] items
|
@@ -291,8 +435,8 @@ module Aws::FMS
|
|
291
435
|
end
|
292
436
|
|
293
437
|
# @!attribute [rw] resource_set_identifier
|
294
|
-
# A unique identifier for the resource set, used in a
|
295
|
-
# the resource set.
|
438
|
+
# A unique identifier for the resource set, used in a request to refer
|
439
|
+
# to the resource set.
|
296
440
|
# @return [String]
|
297
441
|
#
|
298
442
|
# @!attribute [rw] failed_items
|
@@ -309,8 +453,8 @@ module Aws::FMS
|
|
309
453
|
end
|
310
454
|
|
311
455
|
# @!attribute [rw] resource_set_identifier
|
312
|
-
# A unique identifier for the resource set, used in a
|
313
|
-
# the resource set.
|
456
|
+
# A unique identifier for the resource set, used in a request to refer
|
457
|
+
# to the resource set.
|
314
458
|
# @return [String]
|
315
459
|
#
|
316
460
|
# @!attribute [rw] items
|
@@ -329,8 +473,8 @@ module Aws::FMS
|
|
329
473
|
end
|
330
474
|
|
331
475
|
# @!attribute [rw] resource_set_identifier
|
332
|
-
# A unique identifier for the resource set, used in a
|
333
|
-
# the resource set.
|
476
|
+
# A unique identifier for the resource set, used in a request to refer
|
477
|
+
# to the resource set.
|
334
478
|
# @return [String]
|
335
479
|
#
|
336
480
|
# @!attribute [rw] failed_items
|
@@ -465,8 +609,8 @@ module Aws::FMS
|
|
465
609
|
end
|
466
610
|
|
467
611
|
# @!attribute [rw] identifier
|
468
|
-
# A unique identifier for the resource set, used in a
|
469
|
-
# the resource set.
|
612
|
+
# A unique identifier for the resource set, used in a request to refer
|
613
|
+
# to the resource set.
|
470
614
|
# @return [String]
|
471
615
|
#
|
472
616
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteResourceSetRequest AWS API Documentation
|
@@ -1061,13 +1205,13 @@ module Aws::FMS
|
|
1061
1205
|
class GetAdminAccountRequest < Aws::EmptyStructure; end
|
1062
1206
|
|
1063
1207
|
# @!attribute [rw] admin_account
|
1064
|
-
# The
|
1208
|
+
# The account that is set as the Firewall Manager default
|
1065
1209
|
# administrator.
|
1066
1210
|
# @return [String]
|
1067
1211
|
#
|
1068
1212
|
# @!attribute [rw] role_status
|
1069
|
-
# The status of the
|
1070
|
-
#
|
1213
|
+
# The status of the account that you set as the Firewall Manager
|
1214
|
+
# default administrator.
|
1071
1215
|
# @return [String]
|
1072
1216
|
#
|
1073
1217
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminAccountResponse AWS API Documentation
|
@@ -1079,6 +1223,50 @@ module Aws::FMS
|
|
1079
1223
|
include Aws::Structure
|
1080
1224
|
end
|
1081
1225
|
|
1226
|
+
# @!attribute [rw] admin_account
|
1227
|
+
# The administator account that you want to get the details for.
|
1228
|
+
# @return [String]
|
1229
|
+
#
|
1230
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminScopeRequest AWS API Documentation
|
1231
|
+
#
|
1232
|
+
class GetAdminScopeRequest < Struct.new(
|
1233
|
+
:admin_account)
|
1234
|
+
SENSITIVE = []
|
1235
|
+
include Aws::Structure
|
1236
|
+
end
|
1237
|
+
|
1238
|
+
# @!attribute [rw] admin_scope
|
1239
|
+
# Contains details about the administrative scope of the requested
|
1240
|
+
# account.
|
1241
|
+
# @return [Types::AdminScope]
|
1242
|
+
#
|
1243
|
+
# @!attribute [rw] status
|
1244
|
+
# The current status of the request to onboard a member account as an
|
1245
|
+
# Firewall Manager administator.
|
1246
|
+
#
|
1247
|
+
# * `ONBOARDING` - The account is onboarding to Firewall Manager as an
|
1248
|
+
# administrator.
|
1249
|
+
#
|
1250
|
+
# * `ONBOARDING_COMPLETE` - Firewall Manager The account is onboarded
|
1251
|
+
# to Firewall Manager as an administrator, and can perform actions
|
1252
|
+
# on the resources defined in their AdminScope.
|
1253
|
+
#
|
1254
|
+
# * `OFFBOARDING` - The account is being removed as an Firewall
|
1255
|
+
# Manager administrator.
|
1256
|
+
#
|
1257
|
+
# * `OFFBOARDING_COMPLETE` - The account has been removed as an
|
1258
|
+
# Firewall Manager administrator.
|
1259
|
+
# @return [String]
|
1260
|
+
#
|
1261
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminScopeResponse AWS API Documentation
|
1262
|
+
#
|
1263
|
+
class GetAdminScopeResponse < Struct.new(
|
1264
|
+
:admin_scope,
|
1265
|
+
:status)
|
1266
|
+
SENSITIVE = []
|
1267
|
+
include Aws::Structure
|
1268
|
+
end
|
1269
|
+
|
1082
1270
|
# @!attribute [rw] list_id
|
1083
1271
|
# The ID of the Firewall Manager applications list that you want the
|
1084
1272
|
# details for.
|
@@ -1342,8 +1530,8 @@ module Aws::FMS
|
|
1342
1530
|
end
|
1343
1531
|
|
1344
1532
|
# @!attribute [rw] identifier
|
1345
|
-
# A unique identifier for the resource set, used in a
|
1346
|
-
# the resource set.
|
1533
|
+
# A unique identifier for the resource set, used in a request to refer
|
1534
|
+
# to the resource set.
|
1347
1535
|
# @return [String]
|
1348
1536
|
#
|
1349
1537
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetResourceSetRequest AWS API Documentation
|
@@ -1558,6 +1746,99 @@ module Aws::FMS
|
|
1558
1746
|
include Aws::Structure
|
1559
1747
|
end
|
1560
1748
|
|
1749
|
+
# @!attribute [rw] next_token
|
1750
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
1751
|
+
# the number of objects that are still available for retrieval exceeds
|
1752
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
1753
|
+
# value in the response. To retrieve the next batch of objects, use
|
1754
|
+
# the token returned from the prior request in your next request.
|
1755
|
+
# @return [String]
|
1756
|
+
#
|
1757
|
+
# @!attribute [rw] max_results
|
1758
|
+
# The maximum number of objects that you want Firewall Manager to
|
1759
|
+
# return for this request. If more objects are available, in the
|
1760
|
+
# response, Firewall Manager provides a `NextToken` value that you can
|
1761
|
+
# use in a subsequent call to get the next batch of objects.
|
1762
|
+
# @return [Integer]
|
1763
|
+
#
|
1764
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAdminAccountsForOrganizationRequest AWS API Documentation
|
1765
|
+
#
|
1766
|
+
class ListAdminAccountsForOrganizationRequest < Struct.new(
|
1767
|
+
:next_token,
|
1768
|
+
:max_results)
|
1769
|
+
SENSITIVE = []
|
1770
|
+
include Aws::Structure
|
1771
|
+
end
|
1772
|
+
|
1773
|
+
# @!attribute [rw] admin_accounts
|
1774
|
+
# A list of Firewall Manager administrator accounts within the
|
1775
|
+
# organization that were onboarded as administrators by
|
1776
|
+
# AssociateAdminAccount or PutAdminAccount.
|
1777
|
+
# @return [Array<Types::AdminAccountSummary>]
|
1778
|
+
#
|
1779
|
+
# @!attribute [rw] next_token
|
1780
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
1781
|
+
# the number of objects that are still available for retrieval exceeds
|
1782
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
1783
|
+
# value in the response. To retrieve the next batch of objects, use
|
1784
|
+
# the token returned from the prior request in your next request.
|
1785
|
+
# @return [String]
|
1786
|
+
#
|
1787
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAdminAccountsForOrganizationResponse AWS API Documentation
|
1788
|
+
#
|
1789
|
+
class ListAdminAccountsForOrganizationResponse < Struct.new(
|
1790
|
+
:admin_accounts,
|
1791
|
+
:next_token)
|
1792
|
+
SENSITIVE = []
|
1793
|
+
include Aws::Structure
|
1794
|
+
end
|
1795
|
+
|
1796
|
+
# @!attribute [rw] next_token
|
1797
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
1798
|
+
# the number of objects that are still available for retrieval exceeds
|
1799
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
1800
|
+
# value in the response. To retrieve the next batch of objects, use
|
1801
|
+
# the token returned from the prior request in your next request.
|
1802
|
+
# @return [String]
|
1803
|
+
#
|
1804
|
+
# @!attribute [rw] max_results
|
1805
|
+
# The maximum number of objects that you want Firewall Manager to
|
1806
|
+
# return for this request. If more objects are available, in the
|
1807
|
+
# response, Firewall Manager provides a `NextToken` value that you can
|
1808
|
+
# use in a subsequent call to get the next batch of objects.
|
1809
|
+
# @return [Integer]
|
1810
|
+
#
|
1811
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAdminsManagingAccountRequest AWS API Documentation
|
1812
|
+
#
|
1813
|
+
class ListAdminsManagingAccountRequest < Struct.new(
|
1814
|
+
:next_token,
|
1815
|
+
:max_results)
|
1816
|
+
SENSITIVE = []
|
1817
|
+
include Aws::Structure
|
1818
|
+
end
|
1819
|
+
|
1820
|
+
# @!attribute [rw] admin_accounts
|
1821
|
+
# The list of accounts who manage member accounts within their
|
1822
|
+
# AdminScope.
|
1823
|
+
# @return [Array<String>]
|
1824
|
+
#
|
1825
|
+
# @!attribute [rw] next_token
|
1826
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
1827
|
+
# the number of objects that are still available for retrieval exceeds
|
1828
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
1829
|
+
# value in the response. To retrieve the next batch of objects, use
|
1830
|
+
# the token returned from the prior request in your next request.
|
1831
|
+
# @return [String]
|
1832
|
+
#
|
1833
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAdminsManagingAccountResponse AWS API Documentation
|
1834
|
+
#
|
1835
|
+
class ListAdminsManagingAccountResponse < Struct.new(
|
1836
|
+
:admin_accounts,
|
1837
|
+
:next_token)
|
1838
|
+
SENSITIVE = []
|
1839
|
+
include Aws::Structure
|
1840
|
+
end
|
1841
|
+
|
1561
1842
|
# @!attribute [rw] default_lists
|
1562
1843
|
# Specifies whether the lists to retrieve are default lists owned by
|
1563
1844
|
# Firewall Manager.
|
@@ -1873,8 +2154,8 @@ module Aws::FMS
|
|
1873
2154
|
end
|
1874
2155
|
|
1875
2156
|
# @!attribute [rw] identifier
|
1876
|
-
# A unique identifier for the resource set, used in a
|
1877
|
-
# the resource set.
|
2157
|
+
# A unique identifier for the resource set, used in a request to refer
|
2158
|
+
# to the resource set.
|
1878
2159
|
# @return [String]
|
1879
2160
|
#
|
1880
2161
|
# @!attribute [rw] max_results
|
@@ -2582,6 +2863,62 @@ module Aws::FMS
|
|
2582
2863
|
include Aws::Structure
|
2583
2864
|
end
|
2584
2865
|
|
2866
|
+
# Defines the Organizations organizational units (OUs) that the
|
2867
|
+
# specified Firewall Manager administrator can apply policies to. For
|
2868
|
+
# more information about OUs in Organizations, see [Managing
|
2869
|
+
# organizational units (OUs) ][1] in the *Organizations User Guide*.
|
2870
|
+
#
|
2871
|
+
#
|
2872
|
+
#
|
2873
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html
|
2874
|
+
#
|
2875
|
+
# @!attribute [rw] organizational_units
|
2876
|
+
# The list of OUs within the organization that the specified Firewall
|
2877
|
+
# Manager administrator either can or cannot apply policies to, based
|
2878
|
+
# on the value of
|
2879
|
+
# `OrganizationalUnitScope$ExcludeSpecifiedOrganizationalUnits`. If
|
2880
|
+
# `OrganizationalUnitScope$ExcludeSpecifiedOrganizationalUnits` is set
|
2881
|
+
# to `true`, then the Firewall Manager administrator can apply
|
2882
|
+
# policies to all OUs in the organization except for the OUs in this
|
2883
|
+
# list. If
|
2884
|
+
# `OrganizationalUnitScope$ExcludeSpecifiedOrganizationalUnits` is set
|
2885
|
+
# to `false`, then the Firewall Manager administrator can only apply
|
2886
|
+
# policies to the OUs in this list.
|
2887
|
+
# @return [Array<String>]
|
2888
|
+
#
|
2889
|
+
# @!attribute [rw] all_organizational_units_enabled
|
2890
|
+
# A boolean value that indicates if the administrator can apply
|
2891
|
+
# policies to all OUs within an organization. If true, the
|
2892
|
+
# administrator can manage all OUs within the organization. You can
|
2893
|
+
# either enable management of all OUs through this operation, or you
|
2894
|
+
# can specify OUs to manage in
|
2895
|
+
# `OrganizationalUnitScope$OrganizationalUnits`. You cannot specify
|
2896
|
+
# both.
|
2897
|
+
# @return [Boolean]
|
2898
|
+
#
|
2899
|
+
# @!attribute [rw] exclude_specified_organizational_units
|
2900
|
+
# A boolean value that excludes the OUs in
|
2901
|
+
# `OrganizationalUnitScope$OrganizationalUnits` from the
|
2902
|
+
# administrator's scope. If true, the Firewall Manager administrator
|
2903
|
+
# can apply policies to all OUs in the organization except for the OUs
|
2904
|
+
# listed in `OrganizationalUnitScope$OrganizationalUnits`. You can
|
2905
|
+
# either specify a list of OUs to exclude by
|
2906
|
+
# `OrganizationalUnitScope$OrganizationalUnits`, or you can enable
|
2907
|
+
# management of all OUs by
|
2908
|
+
# `OrganizationalUnitScope$AllOrganizationalUnitsEnabled`. You cannot
|
2909
|
+
# specify both.
|
2910
|
+
# @return [Boolean]
|
2911
|
+
#
|
2912
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/OrganizationalUnitScope AWS API Documentation
|
2913
|
+
#
|
2914
|
+
class OrganizationalUnitScope < Struct.new(
|
2915
|
+
:organizational_units,
|
2916
|
+
:all_organizational_units_enabled,
|
2917
|
+
:exclude_specified_organizational_units)
|
2918
|
+
SENSITIVE = []
|
2919
|
+
include Aws::Structure
|
2920
|
+
end
|
2921
|
+
|
2585
2922
|
# The reference rule that partially matches the `ViolationTarget` rule
|
2586
2923
|
# and violation reason.
|
2587
2924
|
#
|
@@ -2755,6 +3092,18 @@ module Aws::FMS
|
|
2755
3092
|
# The definition of the Network Firewall firewall policy.
|
2756
3093
|
# @return [String]
|
2757
3094
|
#
|
3095
|
+
# @!attribute [rw] policy_status
|
3096
|
+
# Indicates whether the policy is in or out of an admin's policy or
|
3097
|
+
# Region scope.
|
3098
|
+
#
|
3099
|
+
# * `ACTIVE` - The administrator can manage and delete the policy.
|
3100
|
+
#
|
3101
|
+
# * `OUT_OF_ADMIN_SCOPE` - The administrator can view the policy, but
|
3102
|
+
# they can't edit or delete the policy. Existing policy protections
|
3103
|
+
# stay in place. Any new resources that come into scope of the
|
3104
|
+
# policy won't be protected.
|
3105
|
+
# @return [String]
|
3106
|
+
#
|
2758
3107
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Policy AWS API Documentation
|
2759
3108
|
#
|
2760
3109
|
class Policy < Struct.new(
|
@@ -2771,7 +3120,8 @@ module Aws::FMS
|
|
2771
3120
|
:include_map,
|
2772
3121
|
:exclude_map,
|
2773
3122
|
:resource_set_ids,
|
2774
|
-
:policy_description
|
3123
|
+
:policy_description,
|
3124
|
+
:policy_status)
|
2775
3125
|
SENSITIVE = []
|
2776
3126
|
include Aws::Structure
|
2777
3127
|
end
|
@@ -2959,6 +3309,18 @@ module Aws::FMS
|
|
2959
3309
|
# policies.
|
2960
3310
|
# @return [Boolean]
|
2961
3311
|
#
|
3312
|
+
# @!attribute [rw] policy_status
|
3313
|
+
# Indicates whether the policy is in or out of an admin's policy or
|
3314
|
+
# Region scope.
|
3315
|
+
#
|
3316
|
+
# * `ACTIVE` - The administrator can manage and delete the policy.
|
3317
|
+
#
|
3318
|
+
# * `OUT_OF_ADMIN_SCOPE` - The administrator can view the policy, but
|
3319
|
+
# they can't edit or delete the policy. Existing policy protections
|
3320
|
+
# stay in place. Any new resources that come into scope of the
|
3321
|
+
# policy won't be protected.
|
3322
|
+
# @return [String]
|
3323
|
+
#
|
2962
3324
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PolicySummary AWS API Documentation
|
2963
3325
|
#
|
2964
3326
|
class PolicySummary < Struct.new(
|
@@ -2968,7 +3330,32 @@ module Aws::FMS
|
|
2968
3330
|
:resource_type,
|
2969
3331
|
:security_service_type,
|
2970
3332
|
:remediation_enabled,
|
2971
|
-
:delete_unused_fm_managed_resources
|
3333
|
+
:delete_unused_fm_managed_resources,
|
3334
|
+
:policy_status)
|
3335
|
+
SENSITIVE = []
|
3336
|
+
include Aws::Structure
|
3337
|
+
end
|
3338
|
+
|
3339
|
+
# Defines the policy types that the specified Firewall Manager
|
3340
|
+
# administrator can manage.
|
3341
|
+
#
|
3342
|
+
# @!attribute [rw] policy_types
|
3343
|
+
# The list of policy types that the specified Firewall Manager
|
3344
|
+
# administrator can manage.
|
3345
|
+
# @return [Array<String>]
|
3346
|
+
#
|
3347
|
+
# @!attribute [rw] all_policy_types_enabled
|
3348
|
+
# Allows the specified Firewall Manager administrator to manage all
|
3349
|
+
# Firewall Manager policy types, except for third-party policy types.
|
3350
|
+
# Third-party policy types can only be managed by the Firewall Manager
|
3351
|
+
# default administrator.
|
3352
|
+
# @return [Boolean]
|
3353
|
+
#
|
3354
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PolicyTypeScope AWS API Documentation
|
3355
|
+
#
|
3356
|
+
class PolicyTypeScope < Struct.new(
|
3357
|
+
:policy_types,
|
3358
|
+
:all_policy_types_enabled)
|
2972
3359
|
SENSITIVE = []
|
2973
3360
|
include Aws::Structure
|
2974
3361
|
end
|
@@ -3094,6 +3481,35 @@ module Aws::FMS
|
|
3094
3481
|
include Aws::Structure
|
3095
3482
|
end
|
3096
3483
|
|
3484
|
+
# @!attribute [rw] admin_account
|
3485
|
+
# The Amazon Web Services account ID to add as an Firewall Manager
|
3486
|
+
# administrator account. The account must be a member of the
|
3487
|
+
# organization that was onboarded to Firewall Manager by
|
3488
|
+
# AssociateAdminAccount. For more information about Organizations, see
|
3489
|
+
# [Managing the Amazon Web Services Accounts in Your Organization][1].
|
3490
|
+
#
|
3491
|
+
#
|
3492
|
+
#
|
3493
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts.html
|
3494
|
+
# @return [String]
|
3495
|
+
#
|
3496
|
+
# @!attribute [rw] admin_scope
|
3497
|
+
# Configures the resources that the specified Firewall Manager
|
3498
|
+
# administrator can manage. As a best practice, set the administrative
|
3499
|
+
# scope according to the principles of least privilege. Only grant the
|
3500
|
+
# administrator the specific resources or permissions that they need
|
3501
|
+
# to perform the duties of their role.
|
3502
|
+
# @return [Types::AdminScope]
|
3503
|
+
#
|
3504
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAdminAccountRequest AWS API Documentation
|
3505
|
+
#
|
3506
|
+
class PutAdminAccountRequest < Struct.new(
|
3507
|
+
:admin_account,
|
3508
|
+
:admin_scope)
|
3509
|
+
SENSITIVE = []
|
3510
|
+
include Aws::Structure
|
3511
|
+
end
|
3512
|
+
|
3097
3513
|
# @!attribute [rw] apps_list
|
3098
3514
|
# The details of the Firewall Manager applications list to be created.
|
3099
3515
|
# @return [Types::AppsListData]
|
@@ -3254,6 +3670,28 @@ module Aws::FMS
|
|
3254
3670
|
include Aws::Structure
|
3255
3671
|
end
|
3256
3672
|
|
3673
|
+
# Defines the Amazon Web Services Regions that the specified Firewall
|
3674
|
+
# Manager administrator can manage.
|
3675
|
+
#
|
3676
|
+
# @!attribute [rw] regions
|
3677
|
+
# The Amazon Web Services Regions that the specified Firewall Manager
|
3678
|
+
# administrator can perform actions in.
|
3679
|
+
# @return [Array<String>]
|
3680
|
+
#
|
3681
|
+
# @!attribute [rw] all_regions_enabled
|
3682
|
+
# Allows the specified Firewall Manager administrator to manage all
|
3683
|
+
# Amazon Web Services Regions.
|
3684
|
+
# @return [Boolean]
|
3685
|
+
#
|
3686
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/RegionScope AWS API Documentation
|
3687
|
+
#
|
3688
|
+
class RegionScope < Struct.new(
|
3689
|
+
:regions,
|
3690
|
+
:all_regions_enabled)
|
3691
|
+
SENSITIVE = []
|
3692
|
+
include Aws::Structure
|
3693
|
+
end
|
3694
|
+
|
3257
3695
|
# Information about an individual action you can take to remediate a
|
3258
3696
|
# violation.
|
3259
3697
|
#
|
@@ -3413,6 +3851,19 @@ module Aws::FMS
|
|
3413
3851
|
# The last time that the resource set was changed.
|
3414
3852
|
# @return [Time]
|
3415
3853
|
#
|
3854
|
+
# @!attribute [rw] resource_set_status
|
3855
|
+
# Indicates whether the resource set is in or out of an admin's
|
3856
|
+
# Region scope.
|
3857
|
+
#
|
3858
|
+
# * `ACTIVE` - The administrator can manage and delete the resource
|
3859
|
+
# set.
|
3860
|
+
#
|
3861
|
+
# * `OUT_OF_ADMIN_SCOPE` - The administrator can view the resource
|
3862
|
+
# set, but they can't edit or delete the resource set. Existing
|
3863
|
+
# protections stay in place. Any new resource that come into scope
|
3864
|
+
# of the resource set won't be protected.
|
3865
|
+
# @return [String]
|
3866
|
+
#
|
3416
3867
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceSet AWS API Documentation
|
3417
3868
|
#
|
3418
3869
|
class ResourceSet < Struct.new(
|
@@ -3421,7 +3872,8 @@ module Aws::FMS
|
|
3421
3872
|
:description,
|
3422
3873
|
:update_token,
|
3423
3874
|
:resource_type_list,
|
3424
|
-
:last_update_time
|
3875
|
+
:last_update_time,
|
3876
|
+
:resource_set_status)
|
3425
3877
|
SENSITIVE = []
|
3426
3878
|
include Aws::Structure
|
3427
3879
|
end
|
@@ -3447,13 +3899,27 @@ module Aws::FMS
|
|
3447
3899
|
# The last time that the resource set was changed.
|
3448
3900
|
# @return [Time]
|
3449
3901
|
#
|
3902
|
+
# @!attribute [rw] resource_set_status
|
3903
|
+
# Indicates whether the resource set is in or out of an admin's
|
3904
|
+
# Region scope.
|
3905
|
+
#
|
3906
|
+
# * `ACTIVE` - The administrator can manage and delete the resource
|
3907
|
+
# set.
|
3908
|
+
#
|
3909
|
+
# * `OUT_OF_ADMIN_SCOPE` - The administrator can view the resource
|
3910
|
+
# set, but they can't edit or delete the resource set. Existing
|
3911
|
+
# protections stay in place. Any new resource that come into scope
|
3912
|
+
# of the resource set won't be protected.
|
3913
|
+
# @return [String]
|
3914
|
+
#
|
3450
3915
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceSetSummary AWS API Documentation
|
3451
3916
|
#
|
3452
3917
|
class ResourceSetSummary < Struct.new(
|
3453
3918
|
:id,
|
3454
3919
|
:name,
|
3455
3920
|
:description,
|
3456
|
-
:last_update_time
|
3921
|
+
:last_update_time,
|
3922
|
+
:resource_set_status)
|
3457
3923
|
SENSITIVE = []
|
3458
3924
|
include Aws::Structure
|
3459
3925
|
end
|
@@ -3840,6 +4306,17 @@ module Aws::FMS
|
|
3840
4306
|
#
|
3841
4307
|
# </note>
|
3842
4308
|
#
|
4309
|
+
# * Example: `IMPORT_NETWORK_FIREWALL`
|
4310
|
+
# `"\{"type":"IMPORT_NETWORK_FIREWALL","awsNetworkFirewallConfig":\{"networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-2:000000000000:stateless-rulegroup\/rg1","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:drop"],"networkFirewallStatelessFragmentDefaultActions":["aws:pass"],"networkFirewallStatelessCustomActions":[],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-2:aws-managed:stateful-rulegroup\/ThreatSignaturesEmergingEventsStrictOrder","priority":8\}],"networkFirewallStatefulEngineOptions":\{"ruleOrder":"STRICT_ORDER"\},"networkFirewallStatefulDefaultActions":["aws:drop_strict"]\}\}"`
|
4311
|
+
#
|
4312
|
+
# `"\{"type":"DNS_FIREWALL","preProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-1","priority":10\}],"postProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-2","priority":9911\}]\}"`
|
4313
|
+
#
|
4314
|
+
# <note markdown="1"> Valid values for `preProcessRuleGroups` are between 1 and 99.
|
4315
|
+
# Valid values for `postProcessRuleGroups` are between 9901 and
|
4316
|
+
# 10000.
|
4317
|
+
#
|
4318
|
+
# </note>
|
4319
|
+
#
|
3843
4320
|
# * Example: `NETWORK_FIREWALL` - Centralized deployment model
|
3844
4321
|
#
|
3845
4322
|
# `"\{"type":"NETWORK_FIREWALL","awsNetworkFirewallConfig":\{"networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":true\}\},"firewallDeploymentModel":\{"centralizedFirewallDeploymentModel":\{"centralizedFirewallOrchestrationConfig":\{"inspectionVpcIds":[\{"resourceId":"vpc-1234","accountId":"123456789011"\}],"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]\}]\}\},"allowedIPV4CidrList":[]\}\}\}\}"`
|
@@ -3981,14 +4458,40 @@ module Aws::FMS
|
|
3981
4458
|
# Advanced policy, this `ManagedServiceData` configuration is an
|
3982
4459
|
# empty string.
|
3983
4460
|
#
|
3984
|
-
# * Example: `WAFV2`
|
4461
|
+
# * Example: `WAFV2` - Account takeover prevention and Bot Control
|
4462
|
+
# managed rule groups, and rule action override
|
3985
4463
|
#
|
3986
|
-
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"version":null,"vendorName":"AWS","managedRuleGroupName":"
|
4464
|
+
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":null,"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesATPRuleSet","managedRuleGroupConfigs":[\{"awsmanagedRulesATPRuleSet":\{"loginPath":"/loginpath","requestInspection":\{"payloadType":"FORM_ENCODED|JSON","usernameField":\{"identifier":"/form/username"\},"passwordField":\{"identifier":"/form/password"\}\}\}\}]\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[],"sampledRequestsEnabled":true\},\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":null,"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesBotControlRuleSet","managedRuleGroupConfigs":[\{"awsmanagedRulesBotControlRuleSet":\{"inspectionLevel":"TARGETED|COMMON"\}\}]\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[],"sampledRequestsEnabled":true,"ruleActionOverrides":[\{"name":"Rule1","actionToUse":\{"allow|block|count|captcha|challenge":\{\}\}\},\{"name":"Rule2","actionToUse":\{"allow|block|count|captcha|challenge":\{\}\}\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"customRequestHandling":null,"customResponse":null,"overrideCustomerWebACLAssociation":false,"loggingConfiguration":null,"sampledRequestsEnabledForDefaultActions":true\}"`
|
3987
4465
|
#
|
3988
|
-
#
|
3989
|
-
#
|
3990
|
-
#
|
3991
|
-
#
|
4466
|
+
# * Fraud Control account takeover prevention (ATP) - For
|
4467
|
+
# information about the properties available for
|
4468
|
+
# `AWSManagedRulesATPRuleSet` managed rule groups, see
|
4469
|
+
# [AWSManagedRulesATPRuleSet][2] in the *WAF API Reference*.
|
4470
|
+
#
|
4471
|
+
# * Bot Control - For information about
|
4472
|
+
# `AWSManagedRulesBotControlRuleSet` managed rule groups, see
|
4473
|
+
# [AWSManagedRulesBotControlRuleSet][3] in the *WAF API
|
4474
|
+
# Reference*.
|
4475
|
+
#
|
4476
|
+
# * Rule action overrides - Firewall Manager supports rule action
|
4477
|
+
# overrides only for managed rule groups. To configure a
|
4478
|
+
# `RuleActionOverrides` add the `Name` of the rule to override,
|
4479
|
+
# and `ActionToUse`, which is the new action to use for the rule.
|
4480
|
+
# For information about using rule action override, see
|
4481
|
+
# [RuleActionOverride][4] in the *WAF API Reference*.
|
4482
|
+
#
|
4483
|
+
# * Example: `WAFV2` - `CAPTCHA` and `Challenge` configs
|
4484
|
+
#
|
4485
|
+
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":null,"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[],"sampledRequestsEnabled":true\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"customRequestHandling":null,"customResponse":null,"overrideCustomerWebACLAssociation":false,"loggingConfiguration":null,"sampledRequestsEnabledForDefaultActions":true,"captchaConfig":\{"immunityTimeProperty":\{"immunityTime":500\}\},"challengeConfig":\{"immunityTimeProperty":\{"immunityTime":800\}\},"tokenDomains":["google.com","amazon.com"]\}"`
|
4486
|
+
#
|
4487
|
+
# If you update the policy's values for `captchaConfig`,
|
4488
|
+
# `challengeConfig`, or `tokenDomains`, Firewall Manager will
|
4489
|
+
# overwrite your local web ACLs to contain the new value(s).
|
4490
|
+
# However, if you don't update the policy's `captchaConfig`,
|
4491
|
+
# `challengeConfig`, or `tokenDomains` values, the values in your
|
4492
|
+
# local web ACLs will remain unchanged. For information about
|
4493
|
+
# CAPTCHA and Challenge configs, see [CaptchaConfig][5] and
|
4494
|
+
# [ChallengeConfig][6] in the *WAF API Reference*.
|
3992
4495
|
#
|
3993
4496
|
# * Example: `WAFV2` - Firewall Manager support for WAF managed rule
|
3994
4497
|
# group versioning
|
@@ -4002,6 +4505,34 @@ module Aws::FMS
|
|
4002
4505
|
# then Firewall Manager uses the default version of the WAF managed
|
4003
4506
|
# rule group.
|
4004
4507
|
#
|
4508
|
+
# * Example: `WAFV2` - Logging configurations
|
4509
|
+
#
|
4510
|
+
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,
|
4511
|
+
# "overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":
|
4512
|
+
# \{"versionEnabled":null,"version":null,"vendorName":"AWS",
|
4513
|
+
# "managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet"\}
|
4514
|
+
# ,"ruleGroupType":"ManagedRuleGroup","excludeRules":[],
|
4515
|
+
# "sampledRequestsEnabled":true\}],"postProcessRuleGroups":[],
|
4516
|
+
# "defaultAction":\{"type":"ALLOW"\},"customRequestHandling"
|
4517
|
+
# \:null,"customResponse":null,"overrideCustomerWebACLAssociation"
|
4518
|
+
# \:false,"loggingConfiguration":\{"logDestinationConfigs":
|
4519
|
+
# ["arn:aws:s3:::aws-waf-logs-example-bucket"]
|
4520
|
+
# ,"redactedFields":[],"loggingFilterConfigs":\{"defaultBehavior":"KEEP",
|
4521
|
+
# "filters":[\{"behavior":"KEEP","requirement":"MEETS_ALL",
|
4522
|
+
# "conditions":[\{"actionCondition":"CAPTCHA"\},\{"actionCondition":
|
4523
|
+
# "CHALLENGE"\},
|
4524
|
+
# \{"actionCondition":"EXCLUDED_AS_COUNT"\}]\}]\}\},"sampledRequestsEnabledForDefaultActions":true\}"`
|
4525
|
+
#
|
4526
|
+
# Firewall Manager supports Amazon Kinesis Data Firehose and Amazon
|
4527
|
+
# S3 as the `logDestinationConfigs` in your `loggingConfiguration`.
|
4528
|
+
# For information about WAF logging configurations, see
|
4529
|
+
# [LoggingConfiguration][7] in the *WAF API Reference*
|
4530
|
+
#
|
4531
|
+
# In the `loggingConfiguration`, you can specify one
|
4532
|
+
# `logDestinationConfigs`. Optionally provide as many as 20
|
4533
|
+
# `redactedFields`. The `RedactedFieldType` must be one of `URI`,
|
4534
|
+
# `QUERY_STRING`, `HEADER`, or `METHOD`.
|
4535
|
+
#
|
4005
4536
|
# * Example: `WAF Classic`
|
4006
4537
|
#
|
4007
4538
|
# `"\{"type": "WAF", "ruleGroups":
|
@@ -4012,6 +4543,12 @@ module Aws::FMS
|
|
4012
4543
|
#
|
4013
4544
|
#
|
4014
4545
|
# [1]: https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html
|
4546
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/APIReference/API_AWSManagedRulesATPRuleSet.html
|
4547
|
+
# [3]: https://docs.aws.amazon.com/waf/latest/APIReference/API_AWSManagedRulesBotControlRuleSet.html
|
4548
|
+
# [4]: https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleActionOverride.html
|
4549
|
+
# [5]: https://docs.aws.amazon.com/waf/latest/APIReference/API_CaptchaConfig.html
|
4550
|
+
# [6]: https://docs.aws.amazon.com/waf/latest/APIReference/API_ChallengeConfig.html
|
4551
|
+
# [7]: https://docs.aws.amazon.com/waf/latest/APIReference/API_LoggingConfiguration.html
|
4015
4552
|
# @return [String]
|
4016
4553
|
#
|
4017
4554
|
# @!attribute [rw] policy_option
|