aws-sdk-fms 1.67.0 → 1.69.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -22,6 +22,7 @@ require 'aws-sdk-core/plugins/endpoint_pattern.rb'
22
22
  require 'aws-sdk-core/plugins/response_paging.rb'
23
23
  require 'aws-sdk-core/plugins/stub_responses.rb'
24
24
  require 'aws-sdk-core/plugins/idempotency_token.rb'
25
+ require 'aws-sdk-core/plugins/invocation_id.rb'
25
26
  require 'aws-sdk-core/plugins/jsonvalue_converter.rb'
26
27
  require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
27
28
  require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
@@ -72,6 +73,7 @@ module Aws::FMS
72
73
  add_plugin(Aws::Plugins::ResponsePaging)
73
74
  add_plugin(Aws::Plugins::StubResponses)
74
75
  add_plugin(Aws::Plugins::IdempotencyToken)
76
+ add_plugin(Aws::Plugins::InvocationId)
75
77
  add_plugin(Aws::Plugins::JsonvalueConverter)
76
78
  add_plugin(Aws::Plugins::ClientMetricsPlugin)
77
79
  add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
@@ -196,10 +198,17 @@ module Aws::FMS
196
198
  # When set to 'true' the request body will not be compressed
197
199
  # for supported operations.
198
200
  #
199
- # @option options [String] :endpoint
200
- # The client endpoint is normally constructed from the `:region`
201
- # option. You should only configure an `:endpoint` when connecting
202
- # to test or custom endpoints. This should be a valid HTTP(S) URI.
201
+ # @option options [String, URI::HTTPS, URI::HTTP] :endpoint
202
+ # Normally you should not configure the `:endpoint` option
203
+ # directly. This is normally constructed from the `:region`
204
+ # option. Configuring `:endpoint` is normally reserved for
205
+ # connecting to test or custom endpoints. The endpoint should
206
+ # be a URI formatted like:
207
+ #
208
+ # 'http://example.com'
209
+ # 'https://example.com'
210
+ # 'http://example.com:123'
211
+ #
203
212
  #
204
213
  # @option options [Integer] :endpoint_cache_max_entries (1000)
205
214
  # Used for the maximum size limit of the LRU cache storing endpoints data
@@ -347,50 +356,65 @@ module Aws::FMS
347
356
  # @option options [Aws::FMS::EndpointProvider] :endpoint_provider
348
357
  # The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::FMS::EndpointParameters`
349
358
  #
350
- # @option options [URI::HTTP,String] :http_proxy A proxy to send
351
- # requests through. Formatted like 'http://proxy.com:123'.
352
- #
353
- # @option options [Float] :http_open_timeout (15) The number of
354
- # seconds to wait when opening a HTTP session before raising a
355
- # `Timeout::Error`.
356
- #
357
- # @option options [Float] :http_read_timeout (60) The default
358
- # number of seconds to wait for response data. This value can
359
- # safely be set per-request on the session.
360
- #
361
- # @option options [Float] :http_idle_timeout (5) The number of
362
- # seconds a connection is allowed to sit idle before it is
363
- # considered stale. Stale connections are closed and removed
364
- # from the pool before making a request.
365
- #
366
- # @option options [Float] :http_continue_timeout (1) The number of
367
- # seconds to wait for a 100-continue response before sending the
368
- # request body. This option has no effect unless the request has
369
- # "Expect" header set to "100-continue". Defaults to `nil` which
370
- # disables this behaviour. This value can safely be set per
371
- # request on the session.
372
- #
373
- # @option options [Float] :ssl_timeout (nil) Sets the SSL timeout
374
- # in seconds.
375
- #
376
- # @option options [Boolean] :http_wire_trace (false) When `true`,
377
- # HTTP debug output will be sent to the `:logger`.
359
+ # @option options [Float] :http_continue_timeout (1)
360
+ # The number of seconds to wait for a 100-continue response before sending the
361
+ # request body. This option has no effect unless the request has "Expect"
362
+ # header set to "100-continue". Defaults to `nil` which disables this
363
+ # behaviour. This value can safely be set per request on the session.
364
+ #
365
+ # @option options [Float] :http_idle_timeout (5)
366
+ # The number of seconds a connection is allowed to sit idle before it
367
+ # is considered stale. Stale connections are closed and removed from the
368
+ # pool before making a request.
369
+ #
370
+ # @option options [Float] :http_open_timeout (15)
371
+ # The default number of seconds to wait for response data.
372
+ # This value can safely be set per-request on the session.
373
+ #
374
+ # @option options [URI::HTTP,String] :http_proxy
375
+ # A proxy to send requests through. Formatted like 'http://proxy.com:123'.
376
+ #
377
+ # @option options [Float] :http_read_timeout (60)
378
+ # The default number of seconds to wait for response data.
379
+ # This value can safely be set per-request on the session.
380
+ #
381
+ # @option options [Boolean] :http_wire_trace (false)
382
+ # When `true`, HTTP debug output will be sent to the `:logger`.
383
+ #
384
+ # @option options [Proc] :on_chunk_received
385
+ # When a Proc object is provided, it will be used as callback when each chunk
386
+ # of the response body is received. It provides three arguments: the chunk,
387
+ # the number of bytes received, and the total number of
388
+ # bytes in the response (or nil if the server did not send a `content-length`).
389
+ #
390
+ # @option options [Proc] :on_chunk_sent
391
+ # When a Proc object is provided, it will be used as callback when each chunk
392
+ # of the request body is sent. It provides three arguments: the chunk,
393
+ # the number of bytes read from the body, and the total number of
394
+ # bytes in the body.
395
+ #
396
+ # @option options [Boolean] :raise_response_errors (true)
397
+ # When `true`, response errors are raised.
398
+ #
399
+ # @option options [String] :ssl_ca_bundle
400
+ # Full path to the SSL certificate authority bundle file that should be used when
401
+ # verifying peer certificates. If you do not pass `:ssl_ca_bundle` or
402
+ # `:ssl_ca_directory` the the system default will be used if available.
403
+ #
404
+ # @option options [String] :ssl_ca_directory
405
+ # Full path of the directory that contains the unbundled SSL certificate
406
+ # authority files for verifying peer certificates. If you do
407
+ # not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the system
408
+ # default will be used if available.
378
409
  #
379
- # @option options [Boolean] :ssl_verify_peer (true) When `true`,
380
- # SSL peer certificates are verified when establishing a
381
- # connection.
410
+ # @option options [String] :ssl_ca_store
411
+ # Sets the X509::Store to verify peer certificate.
382
412
  #
383
- # @option options [String] :ssl_ca_bundle Full path to the SSL
384
- # certificate authority bundle file that should be used when
385
- # verifying peer certificates. If you do not pass
386
- # `:ssl_ca_bundle` or `:ssl_ca_directory` the the system default
387
- # will be used if available.
413
+ # @option options [Float] :ssl_timeout
414
+ # Sets the SSL timeout in seconds
388
415
  #
389
- # @option options [String] :ssl_ca_directory Full path of the
390
- # directory that contains the unbundled SSL certificate
391
- # authority files for verifying peer certificates. If you do
392
- # not pass `:ssl_ca_bundle` or `:ssl_ca_directory` the the
393
- # system default will be used if available.
416
+ # @option options [Boolean] :ssl_verify_peer (true)
417
+ # When `true`, SSL peer certificates are verified when establishing a connection.
394
418
  #
395
419
  def initialize(*args)
396
420
  super
@@ -771,11 +795,11 @@ module Aws::FMS
771
795
  end
772
796
 
773
797
  # Returns information about the specified account's administrative
774
- # scope. The admistrative scope defines the resources that an Firewall
798
+ # scope. The administrative scope defines the resources that an Firewall
775
799
  # Manager administrator can manage.
776
800
  #
777
801
  # @option params [required, String] :admin_account
778
- # The administator account that you want to get the details for.
802
+ # The administrator account that you want to get the details for.
779
803
  #
780
804
  # @return [Types::GetAdminScopeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
781
805
  #
@@ -802,7 +826,7 @@ module Aws::FMS
802
826
  # resp.admin_scope.region_scope.regions[0] #=> String
803
827
  # resp.admin_scope.region_scope.all_regions_enabled #=> Boolean
804
828
  # resp.admin_scope.policy_type_scope.policy_types #=> Array
805
- # resp.admin_scope.policy_type_scope.policy_types[0] #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL"
829
+ # resp.admin_scope.policy_type_scope.policy_types[0] #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL", "NETWORK_ACL_COMMON"
806
830
  # resp.admin_scope.policy_type_scope.all_policy_types_enabled #=> Boolean
807
831
  # resp.status #=> String, one of "ONBOARDING", "ONBOARDING_COMPLETE", "OFFBOARDING", "OFFBOARDING_COMPLETE"
808
832
  #
@@ -869,23 +893,8 @@ module Aws::FMS
869
893
  # account. Details include resources that are in and out of compliance
870
894
  # with the specified policy.
871
895
  #
872
- # * Resources are considered noncompliant for WAF and Shield Advanced
873
- # policies if the specified policy has not been applied to them.
874
- #
875
- # * Resources are considered noncompliant for security group policies if
876
- # they are in scope of the policy, they violate one or more of the
877
- # policy rules, and remediation is disabled or not possible.
878
- #
879
- # * Resources are considered noncompliant for Network Firewall policies
880
- # if a firewall is missing in the VPC, if the firewall endpoint isn't
881
- # set up in an expected Availability Zone and subnet, if a subnet
882
- # created by the Firewall Manager doesn't have the expected route
883
- # table, and for modifications to a firewall policy that violate the
884
- # Firewall Manager policy's rules.
885
- #
886
- # * Resources are considered noncompliant for DNS Firewall policies if a
887
- # DNS Firewall rule group is missing from the rule group associations
888
- # for the VPC.
896
+ # The reasons for resources being considered compliant depend on the
897
+ # Firewall Manager policy type.
889
898
  #
890
899
  # @option params [required, String] :policy_id
891
900
  # The ID of the policy that you want to get the details for. `PolicyId`
@@ -913,7 +922,7 @@ module Aws::FMS
913
922
  # resp.policy_compliance_detail.member_account #=> String
914
923
  # resp.policy_compliance_detail.violators #=> Array
915
924
  # resp.policy_compliance_detail.violators[0].resource_id #=> String
916
- # resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT", "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT"
925
+ # resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT", "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT", "INVALID_NETWORK_ACL_ENTRY"
917
926
  # resp.policy_compliance_detail.violators[0].resource_type #=> String
918
927
  # resp.policy_compliance_detail.violators[0].metadata #=> Hash
919
928
  # resp.policy_compliance_detail.violators[0].metadata["LengthBoundedString"] #=> String
@@ -974,10 +983,32 @@ module Aws::FMS
974
983
  # resp.policy.policy_id #=> String
975
984
  # resp.policy.policy_name #=> String
976
985
  # resp.policy.policy_update_token #=> String
977
- # resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL"
986
+ # resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL", "NETWORK_ACL_COMMON"
978
987
  # resp.policy.security_service_policy_data.managed_service_data #=> String
979
988
  # resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
980
989
  # resp.policy.security_service_policy_data.policy_option.third_party_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
990
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries #=> Array
991
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].icmp_type_code.code #=> Integer
992
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].icmp_type_code.type #=> Integer
993
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].protocol #=> String
994
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].port_range.from #=> Integer
995
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].port_range.to #=> Integer
996
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].cidr_block #=> String
997
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].ipv_6_cidr_block #=> String
998
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].rule_action #=> String, one of "allow", "deny"
999
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].egress #=> Boolean
1000
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.force_remediate_for_first_entries #=> Boolean
1001
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries #=> Array
1002
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].icmp_type_code.code #=> Integer
1003
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].icmp_type_code.type #=> Integer
1004
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].protocol #=> String
1005
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].port_range.from #=> Integer
1006
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].port_range.to #=> Integer
1007
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].cidr_block #=> String
1008
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].ipv_6_cidr_block #=> String
1009
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].rule_action #=> String, one of "allow", "deny"
1010
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].egress #=> Boolean
1011
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.force_remediate_for_last_entries #=> Boolean
981
1012
  # resp.policy.resource_type #=> String
982
1013
  # resp.policy.resource_type_list #=> Array
983
1014
  # resp.policy.resource_type_list[0] #=> String
@@ -1067,7 +1098,7 @@ module Aws::FMS
1067
1098
  # @example Response structure
1068
1099
  #
1069
1100
  # resp.admin_account_id #=> String
1070
- # resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL"
1101
+ # resp.service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL", "NETWORK_ACL_COMMON"
1071
1102
  # resp.data #=> String
1072
1103
  # resp.next_token #=> String
1073
1104
  #
@@ -1210,6 +1241,8 @@ module Aws::FMS
1210
1241
  #
1211
1242
  # * Security group content audit
1212
1243
  #
1244
+ # * Network ACL
1245
+ #
1213
1246
  # * Third-party firewall
1214
1247
  #
1215
1248
  # @option params [required, String] :member_account
@@ -1305,6 +1338,7 @@ module Aws::FMS
1305
1338
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions #=> Array
1306
1339
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_default_actions[0] #=> String
1307
1340
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
1341
+ # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.current_policy_description.stateful_engine_options.stream_exception_policy #=> String, one of "DROP", "CONTINUE", "REJECT", "FMS_IGNORE"
1308
1342
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups #=> Array
1309
1343
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].rule_group_name #=> String
1310
1344
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateless_rule_groups[0].resource_id #=> String
@@ -1323,6 +1357,7 @@ module Aws::FMS
1323
1357
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions #=> Array
1324
1358
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_default_actions[0] #=> String
1325
1359
  # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_engine_options.rule_order #=> String, one of "STRICT_ORDER", "DEFAULT_ACTION_ORDER"
1360
+ # resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_engine_options.stream_exception_policy #=> String, one of "DROP", "CONTINUE", "REJECT", "FMS_IGNORE"
1326
1361
  # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_id #=> String
1327
1362
  # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_availability_zone #=> String
1328
1363
  # resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.route_table_id #=> String
@@ -1457,6 +1492,95 @@ module Aws::FMS
1457
1492
  # resp.violation_detail.resource_violations[0].dns_rule_group_limit_exceeded_violation.violation_target #=> String
1458
1493
  # resp.violation_detail.resource_violations[0].dns_rule_group_limit_exceeded_violation.violation_target_description #=> String
1459
1494
  # resp.violation_detail.resource_violations[0].dns_rule_group_limit_exceeded_violation.number_of_rule_groups_already_associated #=> Integer
1495
+ # resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.firewall_subnet_id #=> String
1496
+ # resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.vpc_id #=> String
1497
+ # resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.subnet_availability_zone #=> String
1498
+ # resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.subnet_availability_zone_id #=> String
1499
+ # resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.vpc_endpoint_id #=> String
1500
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.subnet_id #=> String
1501
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.vpc_id #=> String
1502
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.route_table_id #=> String
1503
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes #=> Array
1504
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
1505
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
1506
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].destination #=> String
1507
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].target #=> String
1508
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.subnet_availability_zone #=> String
1509
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.subnet_availability_zone_id #=> String
1510
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.current_firewall_subnet_route_table #=> String
1511
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_id #=> String
1512
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes #=> Array
1513
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
1514
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
1515
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].destination #=> String
1516
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].target #=> String
1517
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_id #=> String
1518
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.current_internet_gateway_route_table #=> String
1519
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes #=> Array
1520
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
1521
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
1522
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].destination #=> String
1523
+ # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target #=> String
1524
+ # resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.violation_target #=> String
1525
+ # resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.vpc #=> String
1526
+ # resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.availability_zone #=> String
1527
+ # resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.target_violation_reason #=> String
1528
+ # resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.violation_target #=> String
1529
+ # resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.vpc #=> String
1530
+ # resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.availability_zone #=> String
1531
+ # resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.target_violation_reason #=> String
1532
+ # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.violation_target #=> String
1533
+ # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.vpc #=> String
1534
+ # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.availability_zone #=> String
1535
+ # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.current_route_table #=> String
1536
+ # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.expected_route_table #=> String
1537
+ # resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.firewall_subnet_id #=> String
1538
+ # resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.vpc_id #=> String
1539
+ # resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.subnet_availability_zone #=> String
1540
+ # resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.subnet_availability_zone_id #=> String
1541
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.vpc #=> String
1542
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.subnet #=> String
1543
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.subnet_availability_zone #=> String
1544
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.current_associated_network_acl #=> String
1545
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations #=> Array
1546
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].expected_entry.entry_detail.icmp_type_code.code #=> Integer
1547
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].expected_entry.entry_detail.icmp_type_code.type #=> Integer
1548
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].expected_entry.entry_detail.protocol #=> String
1549
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].expected_entry.entry_detail.port_range.from #=> Integer
1550
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].expected_entry.entry_detail.port_range.to #=> Integer
1551
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].expected_entry.entry_detail.cidr_block #=> String
1552
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].expected_entry.entry_detail.ipv_6_cidr_block #=> String
1553
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].expected_entry.entry_detail.rule_action #=> String, one of "allow", "deny"
1554
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].expected_entry.entry_detail.egress #=> Boolean
1555
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].expected_entry.entry_rule_number #=> Integer
1556
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].expected_entry.entry_type #=> String, one of "FMS_MANAGED_FIRST_ENTRY", "FMS_MANAGED_LAST_ENTRY", "CUSTOM_ENTRY"
1557
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].expected_evaluation_order #=> String
1558
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].actual_evaluation_order #=> String
1559
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entry_at_expected_evaluation_order.entry_detail.icmp_type_code.code #=> Integer
1560
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entry_at_expected_evaluation_order.entry_detail.icmp_type_code.type #=> Integer
1561
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entry_at_expected_evaluation_order.entry_detail.protocol #=> String
1562
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entry_at_expected_evaluation_order.entry_detail.port_range.from #=> Integer
1563
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entry_at_expected_evaluation_order.entry_detail.port_range.to #=> Integer
1564
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entry_at_expected_evaluation_order.entry_detail.cidr_block #=> String
1565
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entry_at_expected_evaluation_order.entry_detail.ipv_6_cidr_block #=> String
1566
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entry_at_expected_evaluation_order.entry_detail.rule_action #=> String, one of "allow", "deny"
1567
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entry_at_expected_evaluation_order.entry_detail.egress #=> Boolean
1568
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entry_at_expected_evaluation_order.entry_rule_number #=> Integer
1569
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entry_at_expected_evaluation_order.entry_type #=> String, one of "FMS_MANAGED_FIRST_ENTRY", "FMS_MANAGED_LAST_ENTRY", "CUSTOM_ENTRY"
1570
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entries_with_conflicts #=> Array
1571
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entries_with_conflicts[0].entry_detail.icmp_type_code.code #=> Integer
1572
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entries_with_conflicts[0].entry_detail.icmp_type_code.type #=> Integer
1573
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entries_with_conflicts[0].entry_detail.protocol #=> String
1574
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entries_with_conflicts[0].entry_detail.port_range.from #=> Integer
1575
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entries_with_conflicts[0].entry_detail.port_range.to #=> Integer
1576
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entries_with_conflicts[0].entry_detail.cidr_block #=> String
1577
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entries_with_conflicts[0].entry_detail.ipv_6_cidr_block #=> String
1578
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entries_with_conflicts[0].entry_detail.rule_action #=> String, one of "allow", "deny"
1579
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entries_with_conflicts[0].entry_detail.egress #=> Boolean
1580
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entries_with_conflicts[0].entry_rule_number #=> Integer
1581
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entries_with_conflicts[0].entry_type #=> String, one of "FMS_MANAGED_FIRST_ENTRY", "FMS_MANAGED_LAST_ENTRY", "CUSTOM_ENTRY"
1582
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entry_violation_reasons #=> Array
1583
+ # resp.violation_detail.resource_violations[0].invalid_network_acl_entries_violation.entry_violations[0].entry_violation_reasons[0] #=> String, one of "MISSING_EXPECTED_ENTRY", "INCORRECT_ENTRY_ORDER", "ENTRY_CONFLICT"
1460
1584
  # resp.violation_detail.resource_violations[0].possible_remediation_actions.description #=> String
1461
1585
  # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions #=> Array
1462
1586
  # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].description #=> String
@@ -1508,54 +1632,50 @@ module Aws::FMS
1508
1632
  # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_table_action.vpc_id.description #=> String
1509
1633
  # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.fms_policy_update_firewall_creation_config_action.description #=> String
1510
1634
  # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.fms_policy_update_firewall_creation_config_action.firewall_creation_config #=> String
1635
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_action.description #=> String
1636
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_action.vpc.resource_id #=> String
1637
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_action.vpc.description #=> String
1638
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_action.fms_can_remediate #=> Boolean
1639
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.replace_network_acl_association_action.description #=> String
1640
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.replace_network_acl_association_action.association_id.resource_id #=> String
1641
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.replace_network_acl_association_action.association_id.description #=> String
1642
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.replace_network_acl_association_action.network_acl_id.resource_id #=> String
1643
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.replace_network_acl_association_action.network_acl_id.description #=> String
1644
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.replace_network_acl_association_action.fms_can_remediate #=> Boolean
1645
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.description #=> String
1646
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_id.resource_id #=> String
1647
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_id.description #=> String
1648
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_entries_to_be_created #=> Array
1649
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_entries_to_be_created[0].entry_detail.icmp_type_code.code #=> Integer
1650
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_entries_to_be_created[0].entry_detail.icmp_type_code.type #=> Integer
1651
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_entries_to_be_created[0].entry_detail.protocol #=> String
1652
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_entries_to_be_created[0].entry_detail.port_range.from #=> Integer
1653
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_entries_to_be_created[0].entry_detail.port_range.to #=> Integer
1654
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_entries_to_be_created[0].entry_detail.cidr_block #=> String
1655
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_entries_to_be_created[0].entry_detail.ipv_6_cidr_block #=> String
1656
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_entries_to_be_created[0].entry_detail.rule_action #=> String, one of "allow", "deny"
1657
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_entries_to_be_created[0].entry_detail.egress #=> Boolean
1658
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_entries_to_be_created[0].entry_rule_number #=> Integer
1659
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.network_acl_entries_to_be_created[0].entry_type #=> String, one of "FMS_MANAGED_FIRST_ENTRY", "FMS_MANAGED_LAST_ENTRY", "CUSTOM_ENTRY"
1660
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.create_network_acl_entries_action.fms_can_remediate #=> Boolean
1661
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.description #=> String
1662
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_id.resource_id #=> String
1663
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_id.description #=> String
1664
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_entries_to_be_deleted #=> Array
1665
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_entries_to_be_deleted[0].entry_detail.icmp_type_code.code #=> Integer
1666
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_entries_to_be_deleted[0].entry_detail.icmp_type_code.type #=> Integer
1667
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_entries_to_be_deleted[0].entry_detail.protocol #=> String
1668
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_entries_to_be_deleted[0].entry_detail.port_range.from #=> Integer
1669
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_entries_to_be_deleted[0].entry_detail.port_range.to #=> Integer
1670
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_entries_to_be_deleted[0].entry_detail.cidr_block #=> String
1671
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_entries_to_be_deleted[0].entry_detail.ipv_6_cidr_block #=> String
1672
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_entries_to_be_deleted[0].entry_detail.rule_action #=> String, one of "allow", "deny"
1673
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_entries_to_be_deleted[0].entry_detail.egress #=> Boolean
1674
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_entries_to_be_deleted[0].entry_rule_number #=> Integer
1675
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.network_acl_entries_to_be_deleted[0].entry_type #=> String, one of "FMS_MANAGED_FIRST_ENTRY", "FMS_MANAGED_LAST_ENTRY", "CUSTOM_ENTRY"
1676
+ # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.fms_can_remediate #=> Boolean
1511
1677
  # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].order #=> Integer
1512
1678
  # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].is_default_action #=> Boolean
1513
- # resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.firewall_subnet_id #=> String
1514
- # resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.vpc_id #=> String
1515
- # resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.subnet_availability_zone #=> String
1516
- # resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.subnet_availability_zone_id #=> String
1517
- # resp.violation_detail.resource_violations[0].firewall_subnet_is_out_of_scope_violation.vpc_endpoint_id #=> String
1518
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.subnet_id #=> String
1519
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.vpc_id #=> String
1520
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.route_table_id #=> String
1521
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes #=> Array
1522
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
1523
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
1524
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].destination #=> String
1525
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.violating_routes[0].target #=> String
1526
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.subnet_availability_zone #=> String
1527
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.subnet_availability_zone_id #=> String
1528
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.current_firewall_subnet_route_table #=> String
1529
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_id #=> String
1530
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes #=> Array
1531
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
1532
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
1533
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].destination #=> String
1534
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.firewall_subnet_routes[0].target #=> String
1535
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_id #=> String
1536
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.current_internet_gateway_route_table #=> String
1537
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes #=> Array
1538
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
1539
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
1540
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].destination #=> String
1541
- # resp.violation_detail.resource_violations[0].route_has_out_of_scope_endpoint_violation.internet_gateway_routes[0].target #=> String
1542
- # resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.violation_target #=> String
1543
- # resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.vpc #=> String
1544
- # resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.availability_zone #=> String
1545
- # resp.violation_detail.resource_violations[0].third_party_firewall_missing_firewall_violation.target_violation_reason #=> String
1546
- # resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.violation_target #=> String
1547
- # resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.vpc #=> String
1548
- # resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.availability_zone #=> String
1549
- # resp.violation_detail.resource_violations[0].third_party_firewall_missing_subnet_violation.target_violation_reason #=> String
1550
- # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.violation_target #=> String
1551
- # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.vpc #=> String
1552
- # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.availability_zone #=> String
1553
- # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.current_route_table #=> String
1554
- # resp.violation_detail.resource_violations[0].third_party_firewall_missing_expected_route_table_violation.expected_route_table #=> String
1555
- # resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.firewall_subnet_id #=> String
1556
- # resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.vpc_id #=> String
1557
- # resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.subnet_availability_zone #=> String
1558
- # resp.violation_detail.resource_violations[0].firewall_subnet_missing_vpc_endpoint_violation.subnet_availability_zone_id #=> String
1559
1679
  # resp.violation_detail.resource_tags #=> Array
1560
1680
  # resp.violation_detail.resource_tags[0].key #=> String
1561
1681
  # resp.violation_detail.resource_tags[0].value #=> String
@@ -1937,7 +2057,7 @@ module Aws::FMS
1937
2057
  # resp.policy_list[0].policy_id #=> String
1938
2058
  # resp.policy_list[0].policy_name #=> String
1939
2059
  # resp.policy_list[0].resource_type #=> String
1940
- # resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL"
2060
+ # resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL", "NETWORK_ACL_COMMON"
1941
2061
  # resp.policy_list[0].remediation_enabled #=> Boolean
1942
2062
  # resp.policy_list[0].delete_unused_fm_managed_resources #=> Boolean
1943
2063
  # resp.policy_list[0].policy_status #=> String, one of "ACTIVE", "OUT_OF_ADMIN_SCOPE"
@@ -2249,7 +2369,7 @@ module Aws::FMS
2249
2369
  # all_regions_enabled: false,
2250
2370
  # },
2251
2371
  # policy_type_scope: {
2252
- # policy_types: ["WAF"], # accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL, IMPORT_NETWORK_FIREWALL
2372
+ # policy_types: ["WAF"], # accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL, IMPORT_NETWORK_FIREWALL, NETWORK_ACL_COMMON
2253
2373
  # all_policy_types_enabled: false,
2254
2374
  # },
2255
2375
  # },
@@ -2393,6 +2513,9 @@ module Aws::FMS
2393
2513
  #
2394
2514
  # Firewall Manager provides the following types of policies:
2395
2515
  #
2516
+ # * **WAF policy** - This policy applies WAF web ACL protections to
2517
+ # specified accounts and resources.
2518
+ #
2396
2519
  # * **Shield Advanced policy** - This policy applies Shield Advanced
2397
2520
  # protection to specified accounts and resources.
2398
2521
  #
@@ -2401,6 +2524,11 @@ module Aws::FMS
2401
2524
  # Organizations and lets you enforce a baseline set of rules across
2402
2525
  # your organization.
2403
2526
  #
2527
+ # * **Network ACL policy** - This type of policy gives you control over
2528
+ # the network ACLs that are in use throughout your organization in
2529
+ # Organizations and lets you enforce a baseline set of first and last
2530
+ # network ACL rules across your organization.
2531
+ #
2404
2532
  # * **Network Firewall policy** - This policy applies Network Firewall
2405
2533
  # protection to your organization's VPCs.
2406
2534
  #
@@ -2447,7 +2575,7 @@ module Aws::FMS
2447
2575
  # policy_name: "ResourceName", # required
2448
2576
  # policy_update_token: "PolicyUpdateToken",
2449
2577
  # security_service_policy_data: { # required
2450
- # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL, IMPORT_NETWORK_FIREWALL
2578
+ # type: "WAF", # required, accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL, IMPORT_NETWORK_FIREWALL, NETWORK_ACL_COMMON
2451
2579
  # managed_service_data: "ManagedServiceData",
2452
2580
  # policy_option: {
2453
2581
  # network_firewall_policy: {
@@ -2456,6 +2584,46 @@ module Aws::FMS
2456
2584
  # third_party_firewall_policy: {
2457
2585
  # firewall_deployment_model: "CENTRALIZED", # accepts CENTRALIZED, DISTRIBUTED
2458
2586
  # },
2587
+ # network_acl_common_policy: {
2588
+ # network_acl_entry_set: { # required
2589
+ # first_entries: [
2590
+ # {
2591
+ # icmp_type_code: {
2592
+ # code: 1,
2593
+ # type: 1,
2594
+ # },
2595
+ # protocol: "LengthBoundedString", # required
2596
+ # port_range: {
2597
+ # from: 1,
2598
+ # to: 1,
2599
+ # },
2600
+ # cidr_block: "LengthBoundedNonEmptyString",
2601
+ # ipv_6_cidr_block: "LengthBoundedNonEmptyString",
2602
+ # rule_action: "allow", # required, accepts allow, deny
2603
+ # egress: false, # required
2604
+ # },
2605
+ # ],
2606
+ # force_remediate_for_first_entries: false, # required
2607
+ # last_entries: [
2608
+ # {
2609
+ # icmp_type_code: {
2610
+ # code: 1,
2611
+ # type: 1,
2612
+ # },
2613
+ # protocol: "LengthBoundedString", # required
2614
+ # port_range: {
2615
+ # from: 1,
2616
+ # to: 1,
2617
+ # },
2618
+ # cidr_block: "LengthBoundedNonEmptyString",
2619
+ # ipv_6_cidr_block: "LengthBoundedNonEmptyString",
2620
+ # rule_action: "allow", # required, accepts allow, deny
2621
+ # egress: false, # required
2622
+ # },
2623
+ # ],
2624
+ # force_remediate_for_last_entries: false, # required
2625
+ # },
2626
+ # },
2459
2627
  # },
2460
2628
  # },
2461
2629
  # resource_type: "ResourceType", # required
@@ -2492,10 +2660,32 @@ module Aws::FMS
2492
2660
  # resp.policy.policy_id #=> String
2493
2661
  # resp.policy.policy_name #=> String
2494
2662
  # resp.policy.policy_update_token #=> String
2495
- # resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL"
2663
+ # resp.policy.security_service_policy_data.type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL", "NETWORK_ACL_COMMON"
2496
2664
  # resp.policy.security_service_policy_data.managed_service_data #=> String
2497
2665
  # resp.policy.security_service_policy_data.policy_option.network_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
2498
2666
  # resp.policy.security_service_policy_data.policy_option.third_party_firewall_policy.firewall_deployment_model #=> String, one of "CENTRALIZED", "DISTRIBUTED"
2667
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries #=> Array
2668
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].icmp_type_code.code #=> Integer
2669
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].icmp_type_code.type #=> Integer
2670
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].protocol #=> String
2671
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].port_range.from #=> Integer
2672
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].port_range.to #=> Integer
2673
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].cidr_block #=> String
2674
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].ipv_6_cidr_block #=> String
2675
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].rule_action #=> String, one of "allow", "deny"
2676
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.first_entries[0].egress #=> Boolean
2677
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.force_remediate_for_first_entries #=> Boolean
2678
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries #=> Array
2679
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].icmp_type_code.code #=> Integer
2680
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].icmp_type_code.type #=> Integer
2681
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].protocol #=> String
2682
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].port_range.from #=> Integer
2683
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].port_range.to #=> Integer
2684
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].cidr_block #=> String
2685
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].ipv_6_cidr_block #=> String
2686
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].rule_action #=> String, one of "allow", "deny"
2687
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.last_entries[0].egress #=> Boolean
2688
+ # resp.policy.security_service_policy_data.policy_option.network_acl_common_policy.network_acl_entry_set.force_remediate_for_last_entries #=> Boolean
2499
2689
  # resp.policy.resource_type #=> String
2500
2690
  # resp.policy.resource_type_list #=> Array
2501
2691
  # resp.policy.resource_type_list[0] #=> String
@@ -2720,7 +2910,7 @@ module Aws::FMS
2720
2910
  params: params,
2721
2911
  config: config)
2722
2912
  context[:gem_name] = 'aws-sdk-fms'
2723
- context[:gem_version] = '1.67.0'
2913
+ context[:gem_version] = '1.69.0'
2724
2914
  Seahorse::Client::Request.new(handlers, context)
2725
2915
  end
2726
2916