aws-sdk-fms 1.55.0 → 1.56.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-fms/client.rb +271 -31
- data/lib/aws-sdk-fms/client_api.rb +151 -0
- data/lib/aws-sdk-fms/endpoint_parameters.rb +0 -3
- data/lib/aws-sdk-fms/endpoint_provider.rb +27 -24
- data/lib/aws-sdk-fms/endpoints.rb +56 -0
- data/lib/aws-sdk-fms/plugins/endpoints.rb +8 -0
- data/lib/aws-sdk-fms/types.rb +568 -31
- data/lib/aws-sdk-fms.rb +1 -1
- metadata +2 -2
data/lib/aws-sdk-fms/types.rb
CHANGED
@@ -10,6 +10,52 @@
|
|
10
10
|
module Aws::FMS
|
11
11
|
module Types
|
12
12
|
|
13
|
+
# Configures the accounts within the administrator's Organizations
|
14
|
+
# organization that the specified Firewall Manager administrator can
|
15
|
+
# apply policies to.
|
16
|
+
#
|
17
|
+
# @!attribute [rw] accounts
|
18
|
+
# The list of accounts within the organization that the specified
|
19
|
+
# Firewall Manager administrator either can or cannot apply policies
|
20
|
+
# to, based on the value of `ExcludeSpecifiedAccounts`. If
|
21
|
+
# `ExcludeSpecifiedAccounts` is set to `true`, then the Firewall
|
22
|
+
# Manager administrator can apply policies to all members of the
|
23
|
+
# organization except for the accounts in this list. If
|
24
|
+
# `ExcludeSpecifiedAccounts` is set to `false`, then the Firewall
|
25
|
+
# Manager administrator can only apply policies to the accounts in
|
26
|
+
# this list.
|
27
|
+
# @return [Array<String>]
|
28
|
+
#
|
29
|
+
# @!attribute [rw] all_accounts_enabled
|
30
|
+
# A boolean value that indicates if the administrator can apply
|
31
|
+
# policies to all accounts within an organization. If true, the
|
32
|
+
# administrator can apply policies to all accounts within the
|
33
|
+
# organization. You can either enable management of all accounts
|
34
|
+
# through this operation, or you can specify a list of accounts to
|
35
|
+
# manage in `AccountScope$Accounts`. You cannot specify both.
|
36
|
+
# @return [Boolean]
|
37
|
+
#
|
38
|
+
# @!attribute [rw] exclude_specified_accounts
|
39
|
+
# A boolean value that excludes the accounts in
|
40
|
+
# `AccountScope$Accounts` from the administrator's scope. If true,
|
41
|
+
# the Firewall Manager administrator can apply policies to all members
|
42
|
+
# of the organization except for the accounts listed in
|
43
|
+
# `AccountScope$Accounts`. You can either specify a list of accounts
|
44
|
+
# to exclude by `AccountScope$Accounts`, or you can enable management
|
45
|
+
# of all accounts by `AccountScope$AllAccountsEnabled`. You cannot
|
46
|
+
# specify both.
|
47
|
+
# @return [Boolean]
|
48
|
+
#
|
49
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AccountScope AWS API Documentation
|
50
|
+
#
|
51
|
+
class AccountScope < Struct.new(
|
52
|
+
:accounts,
|
53
|
+
:all_accounts_enabled,
|
54
|
+
:exclude_specified_accounts)
|
55
|
+
SENSITIVE = []
|
56
|
+
include Aws::Structure
|
57
|
+
end
|
58
|
+
|
13
59
|
# Describes a remediation action target.
|
14
60
|
#
|
15
61
|
# @!attribute [rw] resource_id
|
@@ -29,6 +75,103 @@ module Aws::FMS
|
|
29
75
|
include Aws::Structure
|
30
76
|
end
|
31
77
|
|
78
|
+
# Contains high level information about the Firewall Manager
|
79
|
+
# administrator account.
|
80
|
+
#
|
81
|
+
# @!attribute [rw] admin_account
|
82
|
+
# The Amazon Web Services account ID of the Firewall Manager
|
83
|
+
# administrator's account.
|
84
|
+
# @return [String]
|
85
|
+
#
|
86
|
+
# @!attribute [rw] default_admin
|
87
|
+
# A boolean value that indicates if the administrator is the default
|
88
|
+
# administrator. If true, then this is the default administrator
|
89
|
+
# account. The default administrator can manage third-party firewalls
|
90
|
+
# and has full administrative scope. There is only one default
|
91
|
+
# administrator account per organization. For information about
|
92
|
+
# Firewall Manager default administrator accounts, see [Managing
|
93
|
+
# Firewall Manager administrators][1] in the *Firewall Manager
|
94
|
+
# Developer Guide*.
|
95
|
+
#
|
96
|
+
#
|
97
|
+
#
|
98
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/fms-administrators.html
|
99
|
+
# @return [Boolean]
|
100
|
+
#
|
101
|
+
# @!attribute [rw] status
|
102
|
+
# The current status of the request to onboard a member account as an
|
103
|
+
# Firewall Manager administator.
|
104
|
+
#
|
105
|
+
# * `ONBOARDING` - The account is onboarding to Firewall Manager as an
|
106
|
+
# administrator.
|
107
|
+
#
|
108
|
+
# * `ONBOARDING_COMPLETE` - Firewall Manager The account is onboarded
|
109
|
+
# to Firewall Manager as an administrator, and can perform actions
|
110
|
+
# on the resources defined in their AdminScope.
|
111
|
+
#
|
112
|
+
# * `OFFBOARDING` - The account is being removed as an Firewall
|
113
|
+
# Manager administrator.
|
114
|
+
#
|
115
|
+
# * `OFFBOARDING_COMPLETE` - The account has been removed as an
|
116
|
+
# Firewall Manager administrator.
|
117
|
+
# @return [String]
|
118
|
+
#
|
119
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AdminAccountSummary AWS API Documentation
|
120
|
+
#
|
121
|
+
class AdminAccountSummary < Struct.new(
|
122
|
+
:admin_account,
|
123
|
+
:default_admin,
|
124
|
+
:status)
|
125
|
+
SENSITIVE = []
|
126
|
+
include Aws::Structure
|
127
|
+
end
|
128
|
+
|
129
|
+
# Defines the resources that the Firewall Manager administrator can
|
130
|
+
# manage. For more information about administrative scope, see [Managing
|
131
|
+
# Firewall Manager administrators][1] in the *Firewall Manager Developer
|
132
|
+
# Guide*.
|
133
|
+
#
|
134
|
+
#
|
135
|
+
#
|
136
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/fms-administrators.html
|
137
|
+
#
|
138
|
+
# @!attribute [rw] account_scope
|
139
|
+
# Defines the accounts that the specified Firewall Manager
|
140
|
+
# administrator can apply policies to.
|
141
|
+
# @return [Types::AccountScope]
|
142
|
+
#
|
143
|
+
# @!attribute [rw] organizational_unit_scope
|
144
|
+
# Defines the Organizations organizational units that the specified
|
145
|
+
# Firewall Manager administrator can apply policies to. For more
|
146
|
+
# information about OUs in Organizations, see [Managing organizational
|
147
|
+
# units (OUs) ][1] in the *Organizations User Guide*.
|
148
|
+
#
|
149
|
+
#
|
150
|
+
#
|
151
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html
|
152
|
+
# @return [Types::OrganizationalUnitScope]
|
153
|
+
#
|
154
|
+
# @!attribute [rw] region_scope
|
155
|
+
# Defines the Amazon Web Services Regions that the specified Firewall
|
156
|
+
# Manager administrator can perform actions in.
|
157
|
+
# @return [Types::RegionScope]
|
158
|
+
#
|
159
|
+
# @!attribute [rw] policy_type_scope
|
160
|
+
# Defines the Firewall Manager policy types that the specified
|
161
|
+
# Firewall Manager administrator can create and manage.
|
162
|
+
# @return [Types::PolicyTypeScope]
|
163
|
+
#
|
164
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AdminScope AWS API Documentation
|
165
|
+
#
|
166
|
+
class AdminScope < Struct.new(
|
167
|
+
:account_scope,
|
168
|
+
:organizational_unit_scope,
|
169
|
+
:region_scope,
|
170
|
+
:policy_type_scope)
|
171
|
+
SENSITIVE = []
|
172
|
+
include Aws::Structure
|
173
|
+
end
|
174
|
+
|
32
175
|
# An individual Firewall Manager application.
|
33
176
|
#
|
34
177
|
# @!attribute [rw] app_name
|
@@ -139,10 +282,11 @@ module Aws::FMS
|
|
139
282
|
|
140
283
|
# @!attribute [rw] admin_account
|
141
284
|
# The Amazon Web Services account ID to associate with Firewall
|
142
|
-
# Manager as the Firewall Manager administrator account. This
|
143
|
-
#
|
144
|
-
# Organizations
|
145
|
-
#
|
285
|
+
# Manager as the Firewall Manager default administrator account. This
|
286
|
+
# account must be a member account of the organization in
|
287
|
+
# Organizations whose resources you want to protect. For more
|
288
|
+
# information about Organizations, see [Managing the Amazon Web
|
289
|
+
# Services Accounts in Your Organization][1].
|
146
290
|
#
|
147
291
|
#
|
148
292
|
#
|
@@ -271,8 +415,8 @@ module Aws::FMS
|
|
271
415
|
end
|
272
416
|
|
273
417
|
# @!attribute [rw] resource_set_identifier
|
274
|
-
# A unique identifier for the resource set, used in a
|
275
|
-
# the resource set.
|
418
|
+
# A unique identifier for the resource set, used in a request to refer
|
419
|
+
# to the resource set.
|
276
420
|
# @return [String]
|
277
421
|
#
|
278
422
|
# @!attribute [rw] items
|
@@ -291,8 +435,8 @@ module Aws::FMS
|
|
291
435
|
end
|
292
436
|
|
293
437
|
# @!attribute [rw] resource_set_identifier
|
294
|
-
# A unique identifier for the resource set, used in a
|
295
|
-
# the resource set.
|
438
|
+
# A unique identifier for the resource set, used in a request to refer
|
439
|
+
# to the resource set.
|
296
440
|
# @return [String]
|
297
441
|
#
|
298
442
|
# @!attribute [rw] failed_items
|
@@ -309,8 +453,8 @@ module Aws::FMS
|
|
309
453
|
end
|
310
454
|
|
311
455
|
# @!attribute [rw] resource_set_identifier
|
312
|
-
# A unique identifier for the resource set, used in a
|
313
|
-
# the resource set.
|
456
|
+
# A unique identifier for the resource set, used in a request to refer
|
457
|
+
# to the resource set.
|
314
458
|
# @return [String]
|
315
459
|
#
|
316
460
|
# @!attribute [rw] items
|
@@ -329,8 +473,8 @@ module Aws::FMS
|
|
329
473
|
end
|
330
474
|
|
331
475
|
# @!attribute [rw] resource_set_identifier
|
332
|
-
# A unique identifier for the resource set, used in a
|
333
|
-
# the resource set.
|
476
|
+
# A unique identifier for the resource set, used in a request to refer
|
477
|
+
# to the resource set.
|
334
478
|
# @return [String]
|
335
479
|
#
|
336
480
|
# @!attribute [rw] failed_items
|
@@ -465,8 +609,8 @@ module Aws::FMS
|
|
465
609
|
end
|
466
610
|
|
467
611
|
# @!attribute [rw] identifier
|
468
|
-
# A unique identifier for the resource set, used in a
|
469
|
-
# the resource set.
|
612
|
+
# A unique identifier for the resource set, used in a request to refer
|
613
|
+
# to the resource set.
|
470
614
|
# @return [String]
|
471
615
|
#
|
472
616
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteResourceSetRequest AWS API Documentation
|
@@ -1061,13 +1205,13 @@ module Aws::FMS
|
|
1061
1205
|
class GetAdminAccountRequest < Aws::EmptyStructure; end
|
1062
1206
|
|
1063
1207
|
# @!attribute [rw] admin_account
|
1064
|
-
# The
|
1208
|
+
# The account that is set as the Firewall Manager default
|
1065
1209
|
# administrator.
|
1066
1210
|
# @return [String]
|
1067
1211
|
#
|
1068
1212
|
# @!attribute [rw] role_status
|
1069
|
-
# The status of the
|
1070
|
-
#
|
1213
|
+
# The status of the account that you set as the Firewall Manager
|
1214
|
+
# default administrator.
|
1071
1215
|
# @return [String]
|
1072
1216
|
#
|
1073
1217
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminAccountResponse AWS API Documentation
|
@@ -1079,6 +1223,50 @@ module Aws::FMS
|
|
1079
1223
|
include Aws::Structure
|
1080
1224
|
end
|
1081
1225
|
|
1226
|
+
# @!attribute [rw] admin_account
|
1227
|
+
# The administator account that you want to get the details for.
|
1228
|
+
# @return [String]
|
1229
|
+
#
|
1230
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminScopeRequest AWS API Documentation
|
1231
|
+
#
|
1232
|
+
class GetAdminScopeRequest < Struct.new(
|
1233
|
+
:admin_account)
|
1234
|
+
SENSITIVE = []
|
1235
|
+
include Aws::Structure
|
1236
|
+
end
|
1237
|
+
|
1238
|
+
# @!attribute [rw] admin_scope
|
1239
|
+
# Contains details about the administrative scope of the requested
|
1240
|
+
# account.
|
1241
|
+
# @return [Types::AdminScope]
|
1242
|
+
#
|
1243
|
+
# @!attribute [rw] status
|
1244
|
+
# The current status of the request to onboard a member account as an
|
1245
|
+
# Firewall Manager administator.
|
1246
|
+
#
|
1247
|
+
# * `ONBOARDING` - The account is onboarding to Firewall Manager as an
|
1248
|
+
# administrator.
|
1249
|
+
#
|
1250
|
+
# * `ONBOARDING_COMPLETE` - Firewall Manager The account is onboarded
|
1251
|
+
# to Firewall Manager as an administrator, and can perform actions
|
1252
|
+
# on the resources defined in their AdminScope.
|
1253
|
+
#
|
1254
|
+
# * `OFFBOARDING` - The account is being removed as an Firewall
|
1255
|
+
# Manager administrator.
|
1256
|
+
#
|
1257
|
+
# * `OFFBOARDING_COMPLETE` - The account has been removed as an
|
1258
|
+
# Firewall Manager administrator.
|
1259
|
+
# @return [String]
|
1260
|
+
#
|
1261
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminScopeResponse AWS API Documentation
|
1262
|
+
#
|
1263
|
+
class GetAdminScopeResponse < Struct.new(
|
1264
|
+
:admin_scope,
|
1265
|
+
:status)
|
1266
|
+
SENSITIVE = []
|
1267
|
+
include Aws::Structure
|
1268
|
+
end
|
1269
|
+
|
1082
1270
|
# @!attribute [rw] list_id
|
1083
1271
|
# The ID of the Firewall Manager applications list that you want the
|
1084
1272
|
# details for.
|
@@ -1342,8 +1530,8 @@ module Aws::FMS
|
|
1342
1530
|
end
|
1343
1531
|
|
1344
1532
|
# @!attribute [rw] identifier
|
1345
|
-
# A unique identifier for the resource set, used in a
|
1346
|
-
# the resource set.
|
1533
|
+
# A unique identifier for the resource set, used in a request to refer
|
1534
|
+
# to the resource set.
|
1347
1535
|
# @return [String]
|
1348
1536
|
#
|
1349
1537
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetResourceSetRequest AWS API Documentation
|
@@ -1558,6 +1746,99 @@ module Aws::FMS
|
|
1558
1746
|
include Aws::Structure
|
1559
1747
|
end
|
1560
1748
|
|
1749
|
+
# @!attribute [rw] next_token
|
1750
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
1751
|
+
# the number of objects that are still available for retrieval exceeds
|
1752
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
1753
|
+
# value in the response. To retrieve the next batch of objects, use
|
1754
|
+
# the token returned from the prior request in your next request.
|
1755
|
+
# @return [String]
|
1756
|
+
#
|
1757
|
+
# @!attribute [rw] max_results
|
1758
|
+
# The maximum number of objects that you want Firewall Manager to
|
1759
|
+
# return for this request. If more objects are available, in the
|
1760
|
+
# response, Firewall Manager provides a `NextToken` value that you can
|
1761
|
+
# use in a subsequent call to get the next batch of objects.
|
1762
|
+
# @return [Integer]
|
1763
|
+
#
|
1764
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAdminAccountsForOrganizationRequest AWS API Documentation
|
1765
|
+
#
|
1766
|
+
class ListAdminAccountsForOrganizationRequest < Struct.new(
|
1767
|
+
:next_token,
|
1768
|
+
:max_results)
|
1769
|
+
SENSITIVE = []
|
1770
|
+
include Aws::Structure
|
1771
|
+
end
|
1772
|
+
|
1773
|
+
# @!attribute [rw] admin_accounts
|
1774
|
+
# A list of Firewall Manager administrator accounts within the
|
1775
|
+
# organization that were onboarded as administrators by
|
1776
|
+
# AssociateAdminAccount or PutAdminAccount.
|
1777
|
+
# @return [Array<Types::AdminAccountSummary>]
|
1778
|
+
#
|
1779
|
+
# @!attribute [rw] next_token
|
1780
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
1781
|
+
# the number of objects that are still available for retrieval exceeds
|
1782
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
1783
|
+
# value in the response. To retrieve the next batch of objects, use
|
1784
|
+
# the token returned from the prior request in your next request.
|
1785
|
+
# @return [String]
|
1786
|
+
#
|
1787
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAdminAccountsForOrganizationResponse AWS API Documentation
|
1788
|
+
#
|
1789
|
+
class ListAdminAccountsForOrganizationResponse < Struct.new(
|
1790
|
+
:admin_accounts,
|
1791
|
+
:next_token)
|
1792
|
+
SENSITIVE = []
|
1793
|
+
include Aws::Structure
|
1794
|
+
end
|
1795
|
+
|
1796
|
+
# @!attribute [rw] next_token
|
1797
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
1798
|
+
# the number of objects that are still available for retrieval exceeds
|
1799
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
1800
|
+
# value in the response. To retrieve the next batch of objects, use
|
1801
|
+
# the token returned from the prior request in your next request.
|
1802
|
+
# @return [String]
|
1803
|
+
#
|
1804
|
+
# @!attribute [rw] max_results
|
1805
|
+
# The maximum number of objects that you want Firewall Manager to
|
1806
|
+
# return for this request. If more objects are available, in the
|
1807
|
+
# response, Firewall Manager provides a `NextToken` value that you can
|
1808
|
+
# use in a subsequent call to get the next batch of objects.
|
1809
|
+
# @return [Integer]
|
1810
|
+
#
|
1811
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAdminsManagingAccountRequest AWS API Documentation
|
1812
|
+
#
|
1813
|
+
class ListAdminsManagingAccountRequest < Struct.new(
|
1814
|
+
:next_token,
|
1815
|
+
:max_results)
|
1816
|
+
SENSITIVE = []
|
1817
|
+
include Aws::Structure
|
1818
|
+
end
|
1819
|
+
|
1820
|
+
# @!attribute [rw] admin_accounts
|
1821
|
+
# The list of accounts who manage member accounts within their
|
1822
|
+
# AdminScope.
|
1823
|
+
# @return [Array<String>]
|
1824
|
+
#
|
1825
|
+
# @!attribute [rw] next_token
|
1826
|
+
# When you request a list of objects with a `MaxResults` setting, if
|
1827
|
+
# the number of objects that are still available for retrieval exceeds
|
1828
|
+
# the maximum you requested, Firewall Manager returns a `NextToken`
|
1829
|
+
# value in the response. To retrieve the next batch of objects, use
|
1830
|
+
# the token returned from the prior request in your next request.
|
1831
|
+
# @return [String]
|
1832
|
+
#
|
1833
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAdminsManagingAccountResponse AWS API Documentation
|
1834
|
+
#
|
1835
|
+
class ListAdminsManagingAccountResponse < Struct.new(
|
1836
|
+
:admin_accounts,
|
1837
|
+
:next_token)
|
1838
|
+
SENSITIVE = []
|
1839
|
+
include Aws::Structure
|
1840
|
+
end
|
1841
|
+
|
1561
1842
|
# @!attribute [rw] default_lists
|
1562
1843
|
# Specifies whether the lists to retrieve are default lists owned by
|
1563
1844
|
# Firewall Manager.
|
@@ -1873,8 +2154,8 @@ module Aws::FMS
|
|
1873
2154
|
end
|
1874
2155
|
|
1875
2156
|
# @!attribute [rw] identifier
|
1876
|
-
# A unique identifier for the resource set, used in a
|
1877
|
-
# the resource set.
|
2157
|
+
# A unique identifier for the resource set, used in a request to refer
|
2158
|
+
# to the resource set.
|
1878
2159
|
# @return [String]
|
1879
2160
|
#
|
1880
2161
|
# @!attribute [rw] max_results
|
@@ -2582,6 +2863,62 @@ module Aws::FMS
|
|
2582
2863
|
include Aws::Structure
|
2583
2864
|
end
|
2584
2865
|
|
2866
|
+
# Defines the Organizations organizational units (OUs) that the
|
2867
|
+
# specified Firewall Manager administrator can apply policies to. For
|
2868
|
+
# more information about OUs in Organizations, see [Managing
|
2869
|
+
# organizational units (OUs) ][1] in the *Organizations User Guide*.
|
2870
|
+
#
|
2871
|
+
#
|
2872
|
+
#
|
2873
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html
|
2874
|
+
#
|
2875
|
+
# @!attribute [rw] organizational_units
|
2876
|
+
# The list of OUs within the organization that the specified Firewall
|
2877
|
+
# Manager administrator either can or cannot apply policies to, based
|
2878
|
+
# on the value of
|
2879
|
+
# `OrganizationalUnitScope$ExcludeSpecifiedOrganizationalUnits`. If
|
2880
|
+
# `OrganizationalUnitScope$ExcludeSpecifiedOrganizationalUnits` is set
|
2881
|
+
# to `true`, then the Firewall Manager administrator can apply
|
2882
|
+
# policies to all OUs in the organization except for the OUs in this
|
2883
|
+
# list. If
|
2884
|
+
# `OrganizationalUnitScope$ExcludeSpecifiedOrganizationalUnits` is set
|
2885
|
+
# to `false`, then the Firewall Manager administrator can only apply
|
2886
|
+
# policies to the OUs in this list.
|
2887
|
+
# @return [Array<String>]
|
2888
|
+
#
|
2889
|
+
# @!attribute [rw] all_organizational_units_enabled
|
2890
|
+
# A boolean value that indicates if the administrator can apply
|
2891
|
+
# policies to all OUs within an organization. If true, the
|
2892
|
+
# administrator can manage all OUs within the organization. You can
|
2893
|
+
# either enable management of all OUs through this operation, or you
|
2894
|
+
# can specify OUs to manage in
|
2895
|
+
# `OrganizationalUnitScope$OrganizationalUnits`. You cannot specify
|
2896
|
+
# both.
|
2897
|
+
# @return [Boolean]
|
2898
|
+
#
|
2899
|
+
# @!attribute [rw] exclude_specified_organizational_units
|
2900
|
+
# A boolean value that excludes the OUs in
|
2901
|
+
# `OrganizationalUnitScope$OrganizationalUnits` from the
|
2902
|
+
# administrator's scope. If true, the Firewall Manager administrator
|
2903
|
+
# can apply policies to all OUs in the organization except for the OUs
|
2904
|
+
# listed in `OrganizationalUnitScope$OrganizationalUnits`. You can
|
2905
|
+
# either specify a list of OUs to exclude by
|
2906
|
+
# `OrganizationalUnitScope$OrganizationalUnits`, or you can enable
|
2907
|
+
# management of all OUs by
|
2908
|
+
# `OrganizationalUnitScope$AllOrganizationalUnitsEnabled`. You cannot
|
2909
|
+
# specify both.
|
2910
|
+
# @return [Boolean]
|
2911
|
+
#
|
2912
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/OrganizationalUnitScope AWS API Documentation
|
2913
|
+
#
|
2914
|
+
class OrganizationalUnitScope < Struct.new(
|
2915
|
+
:organizational_units,
|
2916
|
+
:all_organizational_units_enabled,
|
2917
|
+
:exclude_specified_organizational_units)
|
2918
|
+
SENSITIVE = []
|
2919
|
+
include Aws::Structure
|
2920
|
+
end
|
2921
|
+
|
2585
2922
|
# The reference rule that partially matches the `ViolationTarget` rule
|
2586
2923
|
# and violation reason.
|
2587
2924
|
#
|
@@ -2755,6 +3092,18 @@ module Aws::FMS
|
|
2755
3092
|
# The definition of the Network Firewall firewall policy.
|
2756
3093
|
# @return [String]
|
2757
3094
|
#
|
3095
|
+
# @!attribute [rw] policy_status
|
3096
|
+
# Indicates whether the policy is in or out of an admin's policy or
|
3097
|
+
# Region scope.
|
3098
|
+
#
|
3099
|
+
# * `ACTIVE` - The administrator can manage and delete the policy.
|
3100
|
+
#
|
3101
|
+
# * `OUT_OF_ADMIN_SCOPE` - The administrator can view the policy, but
|
3102
|
+
# they can't edit or delete the policy. Existing policy protections
|
3103
|
+
# stay in place. Any new resources that come into scope of the
|
3104
|
+
# policy won't be protected.
|
3105
|
+
# @return [String]
|
3106
|
+
#
|
2758
3107
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Policy AWS API Documentation
|
2759
3108
|
#
|
2760
3109
|
class Policy < Struct.new(
|
@@ -2771,7 +3120,8 @@ module Aws::FMS
|
|
2771
3120
|
:include_map,
|
2772
3121
|
:exclude_map,
|
2773
3122
|
:resource_set_ids,
|
2774
|
-
:policy_description
|
3123
|
+
:policy_description,
|
3124
|
+
:policy_status)
|
2775
3125
|
SENSITIVE = []
|
2776
3126
|
include Aws::Structure
|
2777
3127
|
end
|
@@ -2959,6 +3309,18 @@ module Aws::FMS
|
|
2959
3309
|
# policies.
|
2960
3310
|
# @return [Boolean]
|
2961
3311
|
#
|
3312
|
+
# @!attribute [rw] policy_status
|
3313
|
+
# Indicates whether the policy is in or out of an admin's policy or
|
3314
|
+
# Region scope.
|
3315
|
+
#
|
3316
|
+
# * `ACTIVE` - The administrator can manage and delete the policy.
|
3317
|
+
#
|
3318
|
+
# * `OUT_OF_ADMIN_SCOPE` - The administrator can view the policy, but
|
3319
|
+
# they can't edit or delete the policy. Existing policy protections
|
3320
|
+
# stay in place. Any new resources that come into scope of the
|
3321
|
+
# policy won't be protected.
|
3322
|
+
# @return [String]
|
3323
|
+
#
|
2962
3324
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PolicySummary AWS API Documentation
|
2963
3325
|
#
|
2964
3326
|
class PolicySummary < Struct.new(
|
@@ -2968,7 +3330,32 @@ module Aws::FMS
|
|
2968
3330
|
:resource_type,
|
2969
3331
|
:security_service_type,
|
2970
3332
|
:remediation_enabled,
|
2971
|
-
:delete_unused_fm_managed_resources
|
3333
|
+
:delete_unused_fm_managed_resources,
|
3334
|
+
:policy_status)
|
3335
|
+
SENSITIVE = []
|
3336
|
+
include Aws::Structure
|
3337
|
+
end
|
3338
|
+
|
3339
|
+
# Defines the policy types that the specified Firewall Manager
|
3340
|
+
# administrator can manage.
|
3341
|
+
#
|
3342
|
+
# @!attribute [rw] policy_types
|
3343
|
+
# The list of policy types that the specified Firewall Manager
|
3344
|
+
# administrator can manage.
|
3345
|
+
# @return [Array<String>]
|
3346
|
+
#
|
3347
|
+
# @!attribute [rw] all_policy_types_enabled
|
3348
|
+
# Allows the specified Firewall Manager administrator to manage all
|
3349
|
+
# Firewall Manager policy types, except for third-party policy types.
|
3350
|
+
# Third-party policy types can only be managed by the Firewall Manager
|
3351
|
+
# default administrator.
|
3352
|
+
# @return [Boolean]
|
3353
|
+
#
|
3354
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PolicyTypeScope AWS API Documentation
|
3355
|
+
#
|
3356
|
+
class PolicyTypeScope < Struct.new(
|
3357
|
+
:policy_types,
|
3358
|
+
:all_policy_types_enabled)
|
2972
3359
|
SENSITIVE = []
|
2973
3360
|
include Aws::Structure
|
2974
3361
|
end
|
@@ -3094,6 +3481,35 @@ module Aws::FMS
|
|
3094
3481
|
include Aws::Structure
|
3095
3482
|
end
|
3096
3483
|
|
3484
|
+
# @!attribute [rw] admin_account
|
3485
|
+
# The Amazon Web Services account ID to add as an Firewall Manager
|
3486
|
+
# administrator account. The account must be a member of the
|
3487
|
+
# organization that was onboarded to Firewall Manager by
|
3488
|
+
# AssociateAdminAccount. For more information about Organizations, see
|
3489
|
+
# [Managing the Amazon Web Services Accounts in Your Organization][1].
|
3490
|
+
#
|
3491
|
+
#
|
3492
|
+
#
|
3493
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts.html
|
3494
|
+
# @return [String]
|
3495
|
+
#
|
3496
|
+
# @!attribute [rw] admin_scope
|
3497
|
+
# Configures the resources that the specified Firewall Manager
|
3498
|
+
# administrator can manage. As a best practice, set the administrative
|
3499
|
+
# scope according to the principles of least privilege. Only grant the
|
3500
|
+
# administrator the specific resources or permissions that they need
|
3501
|
+
# to perform the duties of their role.
|
3502
|
+
# @return [Types::AdminScope]
|
3503
|
+
#
|
3504
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAdminAccountRequest AWS API Documentation
|
3505
|
+
#
|
3506
|
+
class PutAdminAccountRequest < Struct.new(
|
3507
|
+
:admin_account,
|
3508
|
+
:admin_scope)
|
3509
|
+
SENSITIVE = []
|
3510
|
+
include Aws::Structure
|
3511
|
+
end
|
3512
|
+
|
3097
3513
|
# @!attribute [rw] apps_list
|
3098
3514
|
# The details of the Firewall Manager applications list to be created.
|
3099
3515
|
# @return [Types::AppsListData]
|
@@ -3254,6 +3670,28 @@ module Aws::FMS
|
|
3254
3670
|
include Aws::Structure
|
3255
3671
|
end
|
3256
3672
|
|
3673
|
+
# Defines the Amazon Web Services Regions that the specified Firewall
|
3674
|
+
# Manager administrator can manage.
|
3675
|
+
#
|
3676
|
+
# @!attribute [rw] regions
|
3677
|
+
# The Amazon Web Services Regions that the specified Firewall Manager
|
3678
|
+
# administrator can perform actions in.
|
3679
|
+
# @return [Array<String>]
|
3680
|
+
#
|
3681
|
+
# @!attribute [rw] all_regions_enabled
|
3682
|
+
# Allows the specified Firewall Manager administrator to manage all
|
3683
|
+
# Amazon Web Services Regions.
|
3684
|
+
# @return [Boolean]
|
3685
|
+
#
|
3686
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/RegionScope AWS API Documentation
|
3687
|
+
#
|
3688
|
+
class RegionScope < Struct.new(
|
3689
|
+
:regions,
|
3690
|
+
:all_regions_enabled)
|
3691
|
+
SENSITIVE = []
|
3692
|
+
include Aws::Structure
|
3693
|
+
end
|
3694
|
+
|
3257
3695
|
# Information about an individual action you can take to remediate a
|
3258
3696
|
# violation.
|
3259
3697
|
#
|
@@ -3413,6 +3851,19 @@ module Aws::FMS
|
|
3413
3851
|
# The last time that the resource set was changed.
|
3414
3852
|
# @return [Time]
|
3415
3853
|
#
|
3854
|
+
# @!attribute [rw] resource_set_status
|
3855
|
+
# Indicates whether the resource set is in or out of an admin's
|
3856
|
+
# Region scope.
|
3857
|
+
#
|
3858
|
+
# * `ACTIVE` - The administrator can manage and delete the resource
|
3859
|
+
# set.
|
3860
|
+
#
|
3861
|
+
# * `OUT_OF_ADMIN_SCOPE` - The administrator can view the resource
|
3862
|
+
# set, but they can't edit or delete the resource set. Existing
|
3863
|
+
# protections stay in place. Any new resource that come into scope
|
3864
|
+
# of the resource set won't be protected.
|
3865
|
+
# @return [String]
|
3866
|
+
#
|
3416
3867
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceSet AWS API Documentation
|
3417
3868
|
#
|
3418
3869
|
class ResourceSet < Struct.new(
|
@@ -3421,7 +3872,8 @@ module Aws::FMS
|
|
3421
3872
|
:description,
|
3422
3873
|
:update_token,
|
3423
3874
|
:resource_type_list,
|
3424
|
-
:last_update_time
|
3875
|
+
:last_update_time,
|
3876
|
+
:resource_set_status)
|
3425
3877
|
SENSITIVE = []
|
3426
3878
|
include Aws::Structure
|
3427
3879
|
end
|
@@ -3447,13 +3899,27 @@ module Aws::FMS
|
|
3447
3899
|
# The last time that the resource set was changed.
|
3448
3900
|
# @return [Time]
|
3449
3901
|
#
|
3902
|
+
# @!attribute [rw] resource_set_status
|
3903
|
+
# Indicates whether the resource set is in or out of an admin's
|
3904
|
+
# Region scope.
|
3905
|
+
#
|
3906
|
+
# * `ACTIVE` - The administrator can manage and delete the resource
|
3907
|
+
# set.
|
3908
|
+
#
|
3909
|
+
# * `OUT_OF_ADMIN_SCOPE` - The administrator can view the resource
|
3910
|
+
# set, but they can't edit or delete the resource set. Existing
|
3911
|
+
# protections stay in place. Any new resource that come into scope
|
3912
|
+
# of the resource set won't be protected.
|
3913
|
+
# @return [String]
|
3914
|
+
#
|
3450
3915
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceSetSummary AWS API Documentation
|
3451
3916
|
#
|
3452
3917
|
class ResourceSetSummary < Struct.new(
|
3453
3918
|
:id,
|
3454
3919
|
:name,
|
3455
3920
|
:description,
|
3456
|
-
:last_update_time
|
3921
|
+
:last_update_time,
|
3922
|
+
:resource_set_status)
|
3457
3923
|
SENSITIVE = []
|
3458
3924
|
include Aws::Structure
|
3459
3925
|
end
|
@@ -3840,6 +4306,17 @@ module Aws::FMS
|
|
3840
4306
|
#
|
3841
4307
|
# </note>
|
3842
4308
|
#
|
4309
|
+
# * Example: `IMPORT_NETWORK_FIREWALL`
|
4310
|
+
# `"\{"type":"IMPORT_NETWORK_FIREWALL","awsNetworkFirewallConfig":\{"networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-2:000000000000:stateless-rulegroup\/rg1","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:drop"],"networkFirewallStatelessFragmentDefaultActions":["aws:pass"],"networkFirewallStatelessCustomActions":[],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-2:aws-managed:stateful-rulegroup\/ThreatSignaturesEmergingEventsStrictOrder","priority":8\}],"networkFirewallStatefulEngineOptions":\{"ruleOrder":"STRICT_ORDER"\},"networkFirewallStatefulDefaultActions":["aws:drop_strict"]\}\}"`
|
4311
|
+
#
|
4312
|
+
# `"\{"type":"DNS_FIREWALL","preProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-1","priority":10\}],"postProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-2","priority":9911\}]\}"`
|
4313
|
+
#
|
4314
|
+
# <note markdown="1"> Valid values for `preProcessRuleGroups` are between 1 and 99.
|
4315
|
+
# Valid values for `postProcessRuleGroups` are between 9901 and
|
4316
|
+
# 10000.
|
4317
|
+
#
|
4318
|
+
# </note>
|
4319
|
+
#
|
3843
4320
|
# * Example: `NETWORK_FIREWALL` - Centralized deployment model
|
3844
4321
|
#
|
3845
4322
|
# `"\{"type":"NETWORK_FIREWALL","awsNetworkFirewallConfig":\{"networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[\{"actionName":"customActionName","actionDefinition":\{"publishMetricAction":\{"dimensions":[\{"value":"metricdimensionvalue"\}]\}\}\}],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"\}],"networkFirewallLoggingConfiguration":\{"logDestinationConfigs":[\{"logDestinationType":"S3","logType":"ALERT","logDestination":\{"bucketName":"s3-bucket-name"\}\},\{"logDestinationType":"S3","logType":"FLOW","logDestination":\{"bucketName":"s3-bucket-name"\}\}],"overrideExistingConfig":true\}\},"firewallDeploymentModel":\{"centralizedFirewallDeploymentModel":\{"centralizedFirewallOrchestrationConfig":\{"inspectionVpcIds":[\{"resourceId":"vpc-1234","accountId":"123456789011"\}],"firewallCreationConfig":\{"endpointLocation":\{"availabilityZoneConfigList":[\{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]\}]\}\},"allowedIPV4CidrList":[]\}\}\}\}"`
|
@@ -3981,14 +4458,40 @@ module Aws::FMS
|
|
3981
4458
|
# Advanced policy, this `ManagedServiceData` configuration is an
|
3982
4459
|
# empty string.
|
3983
4460
|
#
|
3984
|
-
# * Example: `WAFV2`
|
4461
|
+
# * Example: `WAFV2` - Account takeover prevention and Bot Control
|
4462
|
+
# managed rule groups, and rule action override
|
3985
4463
|
#
|
3986
|
-
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"version":null,"vendorName":"AWS","managedRuleGroupName":"
|
4464
|
+
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":null,"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesATPRuleSet","managedRuleGroupConfigs":[\{"awsmanagedRulesATPRuleSet":\{"loginPath":"/loginpath","requestInspection":\{"payloadType":"FORM_ENCODED|JSON","usernameField":\{"identifier":"/form/username"\},"passwordField":\{"identifier":"/form/password"\}\}\}\}]\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[],"sampledRequestsEnabled":true\},\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":null,"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesBotControlRuleSet","managedRuleGroupConfigs":[\{"awsmanagedRulesBotControlRuleSet":\{"inspectionLevel":"TARGETED|COMMON"\}\}]\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[],"sampledRequestsEnabled":true,"ruleActionOverrides":[\{"name":"Rule1","actionToUse":\{"allow|block|count|captcha|challenge":\{\}\}\},\{"name":"Rule2","actionToUse":\{"allow|block|count|captcha|challenge":\{\}\}\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"customRequestHandling":null,"customResponse":null,"overrideCustomerWebACLAssociation":false,"loggingConfiguration":null,"sampledRequestsEnabledForDefaultActions":true\}"`
|
3987
4465
|
#
|
3988
|
-
#
|
3989
|
-
#
|
3990
|
-
#
|
3991
|
-
#
|
4466
|
+
# * Fraud Control account takeover prevention (ATP) - For
|
4467
|
+
# information about the properties available for
|
4468
|
+
# `AWSManagedRulesATPRuleSet` managed rule groups, see
|
4469
|
+
# [AWSManagedRulesATPRuleSet][2] in the *WAF API Reference*.
|
4470
|
+
#
|
4471
|
+
# * Bot Control - For information about
|
4472
|
+
# `AWSManagedRulesBotControlRuleSet` managed rule groups, see
|
4473
|
+
# [AWSManagedRulesBotControlRuleSet][3] in the *WAF API
|
4474
|
+
# Reference*.
|
4475
|
+
#
|
4476
|
+
# * Rule action overrides - Firewall Manager supports rule action
|
4477
|
+
# overrides only for managed rule groups. To configure a
|
4478
|
+
# `RuleActionOverrides` add the `Name` of the rule to override,
|
4479
|
+
# and `ActionToUse`, which is the new action to use for the rule.
|
4480
|
+
# For information about using rule action override, see
|
4481
|
+
# [RuleActionOverride][4] in the *WAF API Reference*.
|
4482
|
+
#
|
4483
|
+
# * Example: `WAFV2` - `CAPTCHA` and `Challenge` configs
|
4484
|
+
#
|
4485
|
+
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":null,"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[],"sampledRequestsEnabled":true\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"customRequestHandling":null,"customResponse":null,"overrideCustomerWebACLAssociation":false,"loggingConfiguration":null,"sampledRequestsEnabledForDefaultActions":true,"captchaConfig":\{"immunityTimeProperty":\{"immunityTime":500\}\},"challengeConfig":\{"immunityTimeProperty":\{"immunityTime":800\}\},"tokenDomains":["google.com","amazon.com"]\}"`
|
4486
|
+
#
|
4487
|
+
# If you update the policy's values for `captchaConfig`,
|
4488
|
+
# `challengeConfig`, or `tokenDomains`, Firewall Manager will
|
4489
|
+
# overwrite your local web ACLs to contain the new value(s).
|
4490
|
+
# However, if you don't update the policy's `captchaConfig`,
|
4491
|
+
# `challengeConfig`, or `tokenDomains` values, the values in your
|
4492
|
+
# local web ACLs will remain unchanged. For information about
|
4493
|
+
# CAPTCHA and Challenge configs, see [CaptchaConfig][5] and
|
4494
|
+
# [ChallengeConfig][6] in the *WAF API Reference*.
|
3992
4495
|
#
|
3993
4496
|
# * Example: `WAFV2` - Firewall Manager support for WAF managed rule
|
3994
4497
|
# group versioning
|
@@ -4002,6 +4505,34 @@ module Aws::FMS
|
|
4002
4505
|
# then Firewall Manager uses the default version of the WAF managed
|
4003
4506
|
# rule group.
|
4004
4507
|
#
|
4508
|
+
# * Example: `WAFV2` - Logging configurations
|
4509
|
+
#
|
4510
|
+
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,
|
4511
|
+
# "overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":
|
4512
|
+
# \{"versionEnabled":null,"version":null,"vendorName":"AWS",
|
4513
|
+
# "managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet"\}
|
4514
|
+
# ,"ruleGroupType":"ManagedRuleGroup","excludeRules":[],
|
4515
|
+
# "sampledRequestsEnabled":true\}],"postProcessRuleGroups":[],
|
4516
|
+
# "defaultAction":\{"type":"ALLOW"\},"customRequestHandling"
|
4517
|
+
# \:null,"customResponse":null,"overrideCustomerWebACLAssociation"
|
4518
|
+
# \:false,"loggingConfiguration":\{"logDestinationConfigs":
|
4519
|
+
# ["arn:aws:s3:::aws-waf-logs-example-bucket"]
|
4520
|
+
# ,"redactedFields":[],"loggingFilterConfigs":\{"defaultBehavior":"KEEP",
|
4521
|
+
# "filters":[\{"behavior":"KEEP","requirement":"MEETS_ALL",
|
4522
|
+
# "conditions":[\{"actionCondition":"CAPTCHA"\},\{"actionCondition":
|
4523
|
+
# "CHALLENGE"\},
|
4524
|
+
# \{"actionCondition":"EXCLUDED_AS_COUNT"\}]\}]\}\},"sampledRequestsEnabledForDefaultActions":true\}"`
|
4525
|
+
#
|
4526
|
+
# Firewall Manager supports Amazon Kinesis Data Firehose and Amazon
|
4527
|
+
# S3 as the `logDestinationConfigs` in your `loggingConfiguration`.
|
4528
|
+
# For information about WAF logging configurations, see
|
4529
|
+
# [LoggingConfiguration][7] in the *WAF API Reference*
|
4530
|
+
#
|
4531
|
+
# In the `loggingConfiguration`, you can specify one
|
4532
|
+
# `logDestinationConfigs`. Optionally provide as many as 20
|
4533
|
+
# `redactedFields`. The `RedactedFieldType` must be one of `URI`,
|
4534
|
+
# `QUERY_STRING`, `HEADER`, or `METHOD`.
|
4535
|
+
#
|
4005
4536
|
# * Example: `WAF Classic`
|
4006
4537
|
#
|
4007
4538
|
# `"\{"type": "WAF", "ruleGroups":
|
@@ -4012,6 +4543,12 @@ module Aws::FMS
|
|
4012
4543
|
#
|
4013
4544
|
#
|
4014
4545
|
# [1]: https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html
|
4546
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/APIReference/API_AWSManagedRulesATPRuleSet.html
|
4547
|
+
# [3]: https://docs.aws.amazon.com/waf/latest/APIReference/API_AWSManagedRulesBotControlRuleSet.html
|
4548
|
+
# [4]: https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleActionOverride.html
|
4549
|
+
# [5]: https://docs.aws.amazon.com/waf/latest/APIReference/API_CaptchaConfig.html
|
4550
|
+
# [6]: https://docs.aws.amazon.com/waf/latest/APIReference/API_ChallengeConfig.html
|
4551
|
+
# [7]: https://docs.aws.amazon.com/waf/latest/APIReference/API_LoggingConfiguration.html
|
4015
4552
|
# @return [String]
|
4016
4553
|
#
|
4017
4554
|
# @!attribute [rw] policy_option
|