aws-sdk-fms 1.63.0 → 1.65.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-fms/client.rb +52 -22
- data/lib/aws-sdk-fms/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-fms/types.rb +144 -51
- data/lib/aws-sdk-fms.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6ea1cdb4435679484768b90f43add97c0450a16775d224a7d47ba3cd24508274
|
4
|
+
data.tar.gz: d1cc511a75f440ac2c689d5c62290e0a8dde9fd34dd79fcedbec125b4901c802
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 07ca3cfb9fe8227710aed3e9d24c234e738150f0886489baa2a38f1d785f8854f78ecd8e26353604ae63952abe9293db3fa84d7b617daf1ffc735803b22654fd
|
7
|
+
data.tar.gz: fb92f81551cf6ec47482587adabb250911a8a72104710c72a4b6e848d6d28ce2c2de6c9a60d1835a33e5d7837050fdd5abe922fab9f95f471feef07e05337d5b
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,16 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.65.0 (2023-11-22)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
|
8
|
+
|
9
|
+
1.64.0 (2023-11-10)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Adds optimizeUnassociatedWebACL flag to ManagedServiceData, updates third-party firewall examples, and other minor documentation updates.
|
13
|
+
|
4
14
|
1.63.0 (2023-09-27)
|
5
15
|
------------------
|
6
16
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.65.0
|
data/lib/aws-sdk-fms/client.rb
CHANGED
@@ -616,6 +616,12 @@ module Aws::FMS
|
|
616
616
|
# Manager and if it's no longer associated with any resources through
|
617
617
|
# another policy
|
618
618
|
#
|
619
|
+
# <note markdown="1"> For security group common policies, even if set to `False`, Firewall
|
620
|
+
# Manager deletes all security groups created by Firewall Manager that
|
621
|
+
# aren't associated with any other resources through another policy.
|
622
|
+
#
|
623
|
+
# </note>
|
624
|
+
#
|
619
625
|
# After the cleanup, in-scope resources are no longer protected by web
|
620
626
|
# ACLs in this policy. Protection of out-of-scope resources remains
|
621
627
|
# unchanged. Scope is determined by tags that you create and accounts
|
@@ -1194,7 +1200,17 @@ module Aws::FMS
|
|
1194
1200
|
#
|
1195
1201
|
# @option params [required, String] :policy_id
|
1196
1202
|
# The ID of the Firewall Manager policy that you want the details for.
|
1197
|
-
#
|
1203
|
+
# You can get violation details for the following policy types:
|
1204
|
+
#
|
1205
|
+
# * DNS Firewall
|
1206
|
+
#
|
1207
|
+
# * Imported Network Firewall
|
1208
|
+
#
|
1209
|
+
# * Network Firewall
|
1210
|
+
#
|
1211
|
+
# * Security group content audit
|
1212
|
+
#
|
1213
|
+
# * Third-party firewall
|
1198
1214
|
#
|
1199
1215
|
# @option params [required, String] :member_account
|
1200
1216
|
# The Amazon Web Services account ID that you want the details for.
|
@@ -2366,37 +2382,51 @@ module Aws::FMS
|
|
2366
2382
|
|
2367
2383
|
# Creates an Firewall Manager policy.
|
2368
2384
|
#
|
2369
|
-
# Firewall Manager
|
2385
|
+
# A Firewall Manager policy is specific to the individual policy type.
|
2386
|
+
# If you want to enforce multiple policy types across accounts, you can
|
2387
|
+
# create multiple policies. You can create more than one policy for each
|
2388
|
+
# type.
|
2370
2389
|
#
|
2371
|
-
#
|
2372
|
-
#
|
2373
|
-
#
|
2390
|
+
# If you add a new account to an organization that you created with
|
2391
|
+
# Organizations, Firewall Manager automatically applies the policy to
|
2392
|
+
# the resources in that account that are within scope of the policy.
|
2393
|
+
#
|
2394
|
+
# Firewall Manager provides the following types of policies:
|
2374
2395
|
#
|
2375
|
-
# *
|
2396
|
+
# * **Shield Advanced policy** - This policy applies Shield Advanced
|
2397
|
+
# protection to specified accounts and resources.
|
2376
2398
|
#
|
2377
|
-
# *
|
2378
|
-
#
|
2399
|
+
# * **Security Groups policy** - This type of policy gives you control
|
2400
|
+
# over security groups that are in use throughout your organization in
|
2401
|
+
# Organizations and lets you enforce a baseline set of rules across
|
2402
|
+
# your organization.
|
2379
2403
|
#
|
2380
|
-
# *
|
2381
|
-
#
|
2404
|
+
# * **Network Firewall policy** - This policy applies Network Firewall
|
2405
|
+
# protection to your organization's VPCs.
|
2382
2406
|
#
|
2383
|
-
# *
|
2384
|
-
#
|
2407
|
+
# * **DNS Firewall policy** - This policy applies Amazon Route 53
|
2408
|
+
# Resolver DNS Firewall protections to your organization's VPCs.
|
2385
2409
|
#
|
2386
|
-
# *
|
2387
|
-
#
|
2410
|
+
# * **Third-party firewall policy** - This policy applies third-party
|
2411
|
+
# firewall protections. Third-party firewalls are available by
|
2412
|
+
# subscription through the Amazon Web Services Marketplace console at
|
2413
|
+
# [Amazon Web Services Marketplace][1].
|
2388
2414
|
#
|
2389
|
-
#
|
2390
|
-
#
|
2391
|
-
#
|
2415
|
+
# * **Palo Alto Networks Cloud NGFW policy** - This policy applies
|
2416
|
+
# Palo Alto Networks Cloud Next Generation Firewall (NGFW)
|
2417
|
+
# protections and Palo Alto Networks Cloud NGFW rulestacks to your
|
2418
|
+
# organization's VPCs.
|
2392
2419
|
#
|
2393
|
-
#
|
2394
|
-
#
|
2395
|
-
#
|
2420
|
+
# * **Fortigate CNF policy** - This policy applies Fortigate Cloud
|
2421
|
+
# Native Firewall (CNF) protections. Fortigate CNF is a
|
2422
|
+
# cloud-centered solution that blocks Zero-Day threats and secures
|
2423
|
+
# cloud infrastructures with industry-leading advanced threat
|
2424
|
+
# prevention, smart web application firewalls (WAF), and API
|
2425
|
+
# protection.
|
2396
2426
|
#
|
2397
2427
|
#
|
2398
2428
|
#
|
2399
|
-
# [1]: https://
|
2429
|
+
# [1]: https://aws.amazon.com/marketplace
|
2400
2430
|
#
|
2401
2431
|
# @option params [required, Types::Policy] :policy
|
2402
2432
|
# The details of the Firewall Manager policy to be created.
|
@@ -2690,7 +2720,7 @@ module Aws::FMS
|
|
2690
2720
|
params: params,
|
2691
2721
|
config: config)
|
2692
2722
|
context[:gem_name] = 'aws-sdk-fms'
|
2693
|
-
context[:gem_version] = '1.
|
2723
|
+
context[:gem_version] = '1.65.0'
|
2694
2724
|
Seahorse::Client::Request.new(handlers, context)
|
2695
2725
|
end
|
2696
2726
|
|
@@ -32,7 +32,7 @@ module Aws::FMS
|
|
32
32
|
raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
|
33
33
|
end
|
34
34
|
if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
|
35
|
-
if Aws::Endpoints::Matchers.boolean_equals?(
|
35
|
+
if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
|
36
36
|
return Aws::Endpoints::Endpoint.new(url: "https://fms-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
|
37
37
|
end
|
38
38
|
raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
|
data/lib/aws-sdk-fms/types.rb
CHANGED
@@ -575,6 +575,12 @@ module Aws::FMS
|
|
575
575
|
# Manager and if it's no longer associated with any resources
|
576
576
|
# through another policy
|
577
577
|
#
|
578
|
+
# <note markdown="1"> For security group common policies, even if set to `False`, Firewall
|
579
|
+
# Manager deletes all security groups created by Firewall Manager that
|
580
|
+
# aren't associated with any other resources through another policy.
|
581
|
+
#
|
582
|
+
# </note>
|
583
|
+
#
|
578
584
|
# After the cleanup, in-scope resources are no longer protected by web
|
579
585
|
# ACLs in this policy. Protection of out-of-scope resources remains
|
580
586
|
# unchanged. Scope is determined by tags that you create and accounts
|
@@ -1621,7 +1627,17 @@ module Aws::FMS
|
|
1621
1627
|
|
1622
1628
|
# @!attribute [rw] policy_id
|
1623
1629
|
# The ID of the Firewall Manager policy that you want the details for.
|
1624
|
-
#
|
1630
|
+
# You can get violation details for the following policy types:
|
1631
|
+
#
|
1632
|
+
# * DNS Firewall
|
1633
|
+
#
|
1634
|
+
# * Imported Network Firewall
|
1635
|
+
#
|
1636
|
+
# * Network Firewall
|
1637
|
+
#
|
1638
|
+
# * Security group content audit
|
1639
|
+
#
|
1640
|
+
# * Third-party firewall
|
1625
1641
|
# @return [String]
|
1626
1642
|
#
|
1627
1643
|
# @!attribute [rw] member_account
|
@@ -2970,17 +2986,28 @@ module Aws::FMS
|
|
2970
2986
|
# specify a resource type of `ResourceTypeList` and then specify the
|
2971
2987
|
# resource types in a `ResourceTypeList`.
|
2972
2988
|
#
|
2973
|
-
#
|
2974
|
-
#
|
2975
|
-
#
|
2976
|
-
#
|
2977
|
-
#
|
2978
|
-
#
|
2979
|
-
#
|
2980
|
-
#
|
2981
|
-
#
|
2982
|
-
#
|
2983
|
-
#
|
2989
|
+
# The following are valid resource types for each Firewall Manager
|
2990
|
+
# policy type:
|
2991
|
+
#
|
2992
|
+
# * Amazon Web Services WAF Classic - `AWS::ApiGateway::Stage`,
|
2993
|
+
# `AWS::CloudFront::Distribution`, and
|
2994
|
+
# `AWS::ElasticLoadBalancingV2::LoadBalancer`.
|
2995
|
+
#
|
2996
|
+
# * WAF - `AWS::ApiGateway::Stage`,
|
2997
|
+
# `AWS::ElasticLoadBalancingV2::LoadBalancer`, and
|
2998
|
+
# `AWS::CloudFront::Distribution`.
|
2999
|
+
#
|
3000
|
+
# * DNS Firewall, Network Firewall, and third-party firewall -
|
3001
|
+
# `AWS::EC2::VPC`.
|
3002
|
+
#
|
3003
|
+
# * Shield Advanced - `AWS::ElasticLoadBalancingV2::LoadBalancer`,
|
3004
|
+
# `AWS::ElasticLoadBalancing::LoadBalancer`, `AWS::EC2::EIP`, and
|
3005
|
+
# `AWS::CloudFront::Distribution`.
|
3006
|
+
#
|
3007
|
+
# * Security group content audit - `AWS::EC2::SecurityGroup`,
|
3008
|
+
# `AWS::EC2::NetworkInterface`, and `AWS::EC2::Instance`.
|
3009
|
+
#
|
3010
|
+
# * Security group usage audit - `AWS::EC2::SecurityGroup`.
|
2984
3011
|
#
|
2985
3012
|
#
|
2986
3013
|
#
|
@@ -4307,6 +4334,7 @@ module Aws::FMS
|
|
4307
4334
|
# </note>
|
4308
4335
|
#
|
4309
4336
|
# * Example: `IMPORT_NETWORK_FIREWALL`
|
4337
|
+
#
|
4310
4338
|
# `"\{"type":"IMPORT_NETWORK_FIREWALL","awsNetworkFirewallConfig":\{"networkFirewallStatelessRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-2:000000000000:stateless-rulegroup\/rg1","priority":1\}],"networkFirewallStatelessDefaultActions":["aws:drop"],"networkFirewallStatelessFragmentDefaultActions":["aws:pass"],"networkFirewallStatelessCustomActions":[],"networkFirewallStatefulRuleGroupReferences":[\{"resourceARN":"arn:aws:network-firewall:us-west-2:aws-managed:stateful-rulegroup\/ThreatSignaturesEmergingEventsStrictOrder","priority":8\}],"networkFirewallStatefulEngineOptions":\{"ruleOrder":"STRICT_ORDER"\},"networkFirewallStatefulDefaultActions":["aws:drop_strict"]\}\}"`
|
4311
4339
|
#
|
4312
4340
|
# `"\{"type":"DNS_FIREWALL","preProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-1","priority":10\}],"postProcessRuleGroups":[\{"ruleGroupId":"rslvr-frg-2","priority":9911\}]\}"`
|
@@ -4376,20 +4404,6 @@ module Aws::FMS
|
|
4376
4404
|
# To use the distributed deployment model, you must set
|
4377
4405
|
# [PolicyOption][1] to `NULL`.
|
4378
4406
|
#
|
4379
|
-
# * Example: `THIRD_PARTY_FIREWALL`
|
4380
|
-
#
|
4381
|
-
# `"\{ "type":"THIRD_PARTY_FIREWALL",
|
4382
|
-
# "thirdPartyFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW",
|
4383
|
-
# "thirdPartyFirewallConfig":\{
|
4384
|
-
# "thirdPartyFirewallPolicyList":["global-1"] \},
|
4385
|
-
# "firewallDeploymentModel":\{
|
4386
|
-
# "distributedFirewallDeploymentModel":\{
|
4387
|
-
# "distributedFirewallOrchestrationConfig":\{
|
4388
|
-
# "firewallCreationConfig":\{ "endpointLocation":\{
|
4389
|
-
# "availabilityZoneConfigList":[ \{
|
4390
|
-
# "availabilityZoneName":"$\{AvailabilityZone\}" \} ] \} \},
|
4391
|
-
# "allowedIPV4CidrList":[ ] \} \} \} \}"`
|
4392
|
-
#
|
4393
4407
|
# * Example: `SECURITY_GROUPS_COMMON`
|
4394
4408
|
#
|
4395
4409
|
# `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
|
@@ -4436,13 +4450,40 @@ module Aws::FMS
|
|
4436
4450
|
#
|
4437
4451
|
# `"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true\}"`
|
4438
4452
|
#
|
4453
|
+
# * Example: `SHIELD_ADVANCED` with web ACL management
|
4454
|
+
#
|
4455
|
+
# `"\{"type":"SHIELD_ADVANCED","optimizeUnassociatedWebACL":true\}"`
|
4456
|
+
#
|
4457
|
+
# If you set `optimizeUnassociatedWebACL` to `true`, Firewall
|
4458
|
+
# Manager creates web ACLs in accounts within the policy scope if
|
4459
|
+
# the web ACLs will be used by at least one resource. Firewall
|
4460
|
+
# Manager creates web ACLs in the accounts within policy scope only
|
4461
|
+
# if the web ACLs will be used by at least one resource. If at any
|
4462
|
+
# time an account comes into policy scope, Firewall Manager
|
4463
|
+
# automatically creates a web ACL in the account if at least one
|
4464
|
+
# resource will use the web ACL.
|
4465
|
+
#
|
4466
|
+
# Upon enablement, Firewall Manager performs a one-time cleanup of
|
4467
|
+
# unused web ACLs in your account. The cleanup process can take
|
4468
|
+
# several hours. If a resource leaves policy scope after Firewall
|
4469
|
+
# Manager creates a web ACL, Firewall Manager doesn't disassociate
|
4470
|
+
# the resource from the web ACL. If you want Firewall Manager to
|
4471
|
+
# clean up the web ACL, you must first manually disassociate the
|
4472
|
+
# resources from the web ACL, and then enable the manage unused web
|
4473
|
+
# ACLs option in your policy.
|
4474
|
+
#
|
4475
|
+
# If you set `optimizeUnassociatedWebACL` to `false`, and Firewall
|
4476
|
+
# Manager automatically creates an empty web ACL in each account
|
4477
|
+
# that's within policy scope.
|
4478
|
+
#
|
4439
4479
|
# * Specification for `SHIELD_ADVANCED` for Amazon CloudFront
|
4440
4480
|
# distributions
|
4441
4481
|
#
|
4442
4482
|
# `"\{"type":"SHIELD_ADVANCED","automaticResponseConfiguration":
|
4443
4483
|
# \{"automaticResponseStatus":"ENABLED|IGNORED|DISABLED",
|
4444
4484
|
# "automaticResponseAction":"BLOCK|COUNT"\},
|
4445
|
-
# "overrideCustomerWebaclClassic":true|false
|
4485
|
+
# "overrideCustomerWebaclClassic":true|false,
|
4486
|
+
# "optimizeUnassociatedWebACL":true|false\}"`
|
4446
4487
|
#
|
4447
4488
|
# For example:
|
4448
4489
|
# `"\{"type":"SHIELD_ADVANCED","automaticResponseConfiguration":
|
@@ -4458,21 +4499,62 @@ module Aws::FMS
|
|
4458
4499
|
# Advanced policy, this `ManagedServiceData` configuration is an
|
4459
4500
|
# empty string.
|
4460
4501
|
#
|
4461
|
-
# * Example: `
|
4462
|
-
# managed rule groups, and rule action override
|
4502
|
+
# * Example: `THIRD_PARTY_FIREWALL`
|
4463
4503
|
#
|
4464
|
-
# `
|
4504
|
+
# Replace `THIRD_PARTY_FIREWALL_NAME` with the name of the
|
4505
|
+
# third-party firewall.
|
4465
4506
|
#
|
4466
|
-
#
|
4467
|
-
#
|
4468
|
-
#
|
4469
|
-
#
|
4507
|
+
# `"\{ "type":"THIRD_PARTY_FIREWALL",
|
4508
|
+
# "thirdPartyFirewall":"THIRD_PARTY_FIREWALL_NAME",
|
4509
|
+
# "thirdPartyFirewallConfig":\{
|
4510
|
+
# "thirdPartyFirewallPolicyList":["global-1"] \},
|
4511
|
+
# "firewallDeploymentModel":\{
|
4512
|
+
# "distributedFirewallDeploymentModel":\{
|
4513
|
+
# "distributedFirewallOrchestrationConfig":\{
|
4514
|
+
# "firewallCreationConfig":\{ "endpointLocation":\{
|
4515
|
+
# "availabilityZoneConfigList":[ \{
|
4516
|
+
# "availabilityZoneName":"$\{AvailabilityZone\}" \} ] \} \},
|
4517
|
+
# "allowedIPV4CidrList":[ ] \} \} \} \}"`
|
4518
|
+
#
|
4519
|
+
# * Example: `WAFV2` - Account takeover prevention, Bot Control
|
4520
|
+
# managed rule groups, optimize unassociated web ACL, and rule
|
4521
|
+
# action override
|
4522
|
+
#
|
4523
|
+
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":null,"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesATPRuleSet","managedRuleGroupConfigs":[\{"awsmanagedRulesATPRuleSet":\{"loginPath":"/loginpath","requestInspection":\{"payloadType":"FORM_ENCODED|JSON","usernameField":\{"identifier":"/form/username"\},"passwordField":\{"identifier":"/form/password"\}\}\}\}]\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[],"sampledRequestsEnabled":true\},\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":null,"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesBotControlRuleSet","managedRuleGroupConfigs":[\{"awsmanagedRulesBotControlRuleSet":\{"inspectionLevel":"TARGETED|COMMON"\}\}]\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[],"sampledRequestsEnabled":true,"ruleActionOverrides":[\{"name":"Rule1","actionToUse":\{"allow|block|count|captcha|challenge":\{\}\}\},\{"name":"Rule2","actionToUse":\{"allow|block|count|captcha|challenge":\{\}\}\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"customRequestHandling":null,"customResponse":null,"overrideCustomerWebACLAssociation":false,"loggingConfiguration":null,"sampledRequestsEnabledForDefaultActions":true,"optimizeUnassociatedWebACL":true\}"`
|
4470
4524
|
#
|
4471
4525
|
# * Bot Control - For information about
|
4472
4526
|
# `AWSManagedRulesBotControlRuleSet` managed rule groups, see
|
4473
|
-
# [AWSManagedRulesBotControlRuleSet][
|
4527
|
+
# [AWSManagedRulesBotControlRuleSet][2] in the *WAF API
|
4474
4528
|
# Reference*.
|
4475
4529
|
#
|
4530
|
+
# * Fraud Control account takeover prevention (ATP) - For
|
4531
|
+
# information about the properties available for
|
4532
|
+
# `AWSManagedRulesATPRuleSet` managed rule groups, see
|
4533
|
+
# [AWSManagedRulesATPRuleSet][3] in the *WAF API Reference*.
|
4534
|
+
#
|
4535
|
+
# * Optimize unassociated web ACL - If you set
|
4536
|
+
# `optimizeUnassociatedWebACL` to `true`, Firewall Manager creates
|
4537
|
+
# web ACLs in accounts within the policy scope if the web ACLs
|
4538
|
+
# will be used by at least one resource. Firewall Manager creates
|
4539
|
+
# web ACLs in the accounts within policy scope only if the web
|
4540
|
+
# ACLs will be used by at least one resource. If at any time an
|
4541
|
+
# account comes into policy scope, Firewall Manager automatically
|
4542
|
+
# creates a web ACL in the account if at least one resource will
|
4543
|
+
# use the web ACL.
|
4544
|
+
#
|
4545
|
+
# Upon enablement, Firewall Manager performs a one-time cleanup of
|
4546
|
+
# unused web ACLs in your account. The cleanup process can take
|
4547
|
+
# several hours. If a resource leaves policy scope after Firewall
|
4548
|
+
# Manager creates a web ACL, Firewall Manager disassociates the
|
4549
|
+
# resource from the web ACL, but won't clean up the unused web
|
4550
|
+
# ACL. Firewall Manager only cleans up unused web ACLs when you
|
4551
|
+
# first enable management of unused web ACLs in a policy.
|
4552
|
+
#
|
4553
|
+
# If you set `optimizeUnassociatedWebACL` to `false` Firewall
|
4554
|
+
# Manager doesn't manage unused web ACLs, and Firewall Manager
|
4555
|
+
# automatically creates an empty web ACL in each account that's
|
4556
|
+
# within policy scope.
|
4557
|
+
#
|
4476
4558
|
# * Rule action overrides - Firewall Manager supports rule action
|
4477
4559
|
# overrides only for managed rule groups. To configure a
|
4478
4560
|
# `RuleActionOverrides` add the `Name` of the rule to override,
|
@@ -4482,16 +4564,25 @@ module Aws::FMS
|
|
4482
4564
|
#
|
4483
4565
|
# * Example: `WAFV2` - `CAPTCHA` and `Challenge` configs
|
4484
4566
|
#
|
4485
|
-
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":null,"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[],"sampledRequestsEnabled":true\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"customRequestHandling":null,"customResponse":null,"overrideCustomerWebACLAssociation":false,"loggingConfiguration":null,"sampledRequestsEnabledForDefaultActions":true,"captchaConfig":\{"immunityTimeProperty":\{"immunityTime":500\}\},"challengeConfig":\{"immunityTimeProperty":\{"immunityTime":800\}\},"tokenDomains":["google.com","amazon.com"]\}"`
|
4486
|
-
#
|
4487
|
-
# If you update the policy's
|
4488
|
-
#
|
4489
|
-
#
|
4490
|
-
#
|
4491
|
-
#
|
4492
|
-
#
|
4493
|
-
#
|
4494
|
-
#
|
4567
|
+
# `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":null,"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[],"sampledRequestsEnabled":true\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"customRequestHandling":null,"customResponse":null,"overrideCustomerWebACLAssociation":false,"loggingConfiguration":null,"sampledRequestsEnabledForDefaultActions":true,"captchaConfig":\{"immunityTimeProperty":\{"immunityTime":500\}\},"challengeConfig":\{"immunityTimeProperty":\{"immunityTime":800\}\},"tokenDomains":["google.com","amazon.com"],"associationConfig":\{"requestBody":\{"CLOUDFRONT":\{"defaultSizeInspectionLimit":"KB_16"\}\}\}\}"`
|
4568
|
+
#
|
4569
|
+
# * `CAPTCHA` and `Challenge` configs - If you update the policy's
|
4570
|
+
# values for `associationConfig`, `captchaConfig`,
|
4571
|
+
# `challengeConfig`, or `tokenDomains`, Firewall Manager will
|
4572
|
+
# overwrite your local web ACLs to contain the new value(s).
|
4573
|
+
# However, if you don't update the policy's `associationConfig`,
|
4574
|
+
# `captchaConfig`, `challengeConfig`, or `tokenDomains` values,
|
4575
|
+
# the values in your local web ACLs will remain unchanged. For
|
4576
|
+
# information about association configs, see
|
4577
|
+
# [AssociationConfig][5]. For information about CAPTCHA and
|
4578
|
+
# Challenge configs, see [CaptchaConfig][6] and
|
4579
|
+
# [ChallengeConfig][7] in the *WAF API Reference*.
|
4580
|
+
#
|
4581
|
+
# * `defaultSizeInspectionLimit` - Specifies the maximum size of the
|
4582
|
+
# web request body component that an associated Amazon CloudFront
|
4583
|
+
# distribution should send to WAF for inspection. For more
|
4584
|
+
# information, see [DefaultSizeInspectionLimit][8] in the *WAF API
|
4585
|
+
# Reference*.
|
4495
4586
|
#
|
4496
4587
|
# * Example: `WAFV2` - Firewall Manager support for WAF managed rule
|
4497
4588
|
# group versioning
|
@@ -4526,7 +4617,7 @@ module Aws::FMS
|
|
4526
4617
|
# Firewall Manager supports Amazon Kinesis Data Firehose and Amazon
|
4527
4618
|
# S3 as the `logDestinationConfigs` in your `loggingConfiguration`.
|
4528
4619
|
# For information about WAF logging configurations, see
|
4529
|
-
# [LoggingConfiguration][
|
4620
|
+
# [LoggingConfiguration][9] in the *WAF API Reference*
|
4530
4621
|
#
|
4531
4622
|
# In the `loggingConfiguration`, you can specify one
|
4532
4623
|
# `logDestinationConfigs`. Optionally provide as many as 20
|
@@ -4543,12 +4634,14 @@ module Aws::FMS
|
|
4543
4634
|
#
|
4544
4635
|
#
|
4545
4636
|
# [1]: https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html
|
4546
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/APIReference/
|
4547
|
-
# [3]: https://docs.aws.amazon.com/waf/latest/APIReference/
|
4637
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/APIReference/API_AWSManagedRulesBotControlRuleSet.html
|
4638
|
+
# [3]: https://docs.aws.amazon.com/waf/latest/APIReference/API_AWSManagedRulesATPRuleSet.html
|
4548
4639
|
# [4]: https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleActionOverride.html
|
4549
|
-
# [5]: https://docs.aws.amazon.com/waf/latest/APIReference/
|
4550
|
-
# [6]: https://docs.aws.amazon.com/waf/latest/APIReference/
|
4551
|
-
# [7]: https://docs.aws.amazon.com/waf/latest/APIReference/
|
4640
|
+
# [5]: https://docs.aws.amazon.com/waf/latest/APIReference/API_AssociationConfig.html
|
4641
|
+
# [6]: https://docs.aws.amazon.com/waf/latest/APIReference/API_CaptchaConfig.html
|
4642
|
+
# [7]: https://docs.aws.amazon.com/waf/latest/APIReference/API_ChallengeConfig.html
|
4643
|
+
# [8]: https://docs.aws.amazon.com/waf/latest/APIReference/API_RequestBodyAssociatedResourceTypeConfig.html#WAF-Type-RequestBodyAssociatedResourceTypeConfig-DefaultSizeInspectionLimit
|
4644
|
+
# [9]: https://docs.aws.amazon.com/waf/latest/APIReference/API_LoggingConfiguration.html
|
4552
4645
|
# @return [String]
|
4553
4646
|
#
|
4554
4647
|
# @!attribute [rw] policy_option
|
data/lib/aws-sdk-fms.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-fms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.65.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-11-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|
@@ -19,7 +19,7 @@ dependencies:
|
|
19
19
|
version: '3'
|
20
20
|
- - ">="
|
21
21
|
- !ruby/object:Gem::Version
|
22
|
-
version: 3.
|
22
|
+
version: 3.188.0
|
23
23
|
type: :runtime
|
24
24
|
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -29,7 +29,7 @@ dependencies:
|
|
29
29
|
version: '3'
|
30
30
|
- - ">="
|
31
31
|
- !ruby/object:Gem::Version
|
32
|
-
version: 3.
|
32
|
+
version: 3.188.0
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
34
|
name: aws-sigv4
|
35
35
|
requirement: !ruby/object:Gem::Requirement
|
@@ -80,7 +80,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
80
80
|
requirements:
|
81
81
|
- - ">="
|
82
82
|
- !ruby/object:Gem::Version
|
83
|
-
version: '2.
|
83
|
+
version: '2.5'
|
84
84
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
85
85
|
requirements:
|
86
86
|
- - ">="
|