aws-sdk-fms 1.84.0 → 1.85.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-fms/client.rb +1 -1
- data/lib/aws-sdk-fms/types.rb +63 -66
- data/lib/aws-sdk-fms.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7d2561eef33bdc50c82844067358b74031daf4bb6b946e82824aa0e49507391c
|
|
4
|
+
data.tar.gz: 9cd91805243df01cb41440aecf5ccb6069957218402413cce948a261e029fcc9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 964db7321c8846752e8d5710dbc34733130954261190264f8affb6829712b34c6f0eed4a9d9007aef2e3e6e78e05d7ae3320091fb55e046e12079b85d98e0f98
|
|
7
|
+
data.tar.gz: cab1eef3b037a2597ff6a97901ce887b7af8cf9aec8240646869089a6efc25202c7a524797a848b23826b580c95d6c38687e7c0ac90e6e8793d2ee7540217d9e
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.85.0
|
data/lib/aws-sdk-fms/client.rb
CHANGED
data/lib/aws-sdk-fms/types.rb
CHANGED
|
@@ -3489,17 +3489,16 @@ module Aws::FMS
|
|
|
3489
3489
|
# You can specify account IDs, OUs, or a combination:
|
|
3490
3490
|
#
|
|
3491
3491
|
# * Specify account IDs by setting the key to `ACCOUNT`. For example,
|
|
3492
|
-
# the following is a valid map:
|
|
3493
|
-
# “accountID2”]
|
|
3492
|
+
# the following is a valid map: `{“ACCOUNT” : [“accountID1”,
|
|
3493
|
+
# “accountID2”]}`.
|
|
3494
3494
|
#
|
|
3495
3495
|
# * Specify OUs by setting the key to `ORG_UNIT`. For example, the
|
|
3496
|
-
# following is a valid map:
|
|
3497
|
-
# “ouid112”]\}`.
|
|
3496
|
+
# following is a valid map: `{“ORG_UNIT” : [“ouid111”, “ouid112”]}`.
|
|
3498
3497
|
#
|
|
3499
3498
|
# * Specify accounts and OUs together in a single map, separated with
|
|
3500
|
-
# a comma. For example, the following is a valid map:
|
|
3499
|
+
# a comma. For example, the following is a valid map: `{“ACCOUNT” :
|
|
3501
3500
|
# [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”,
|
|
3502
|
-
# “ouid112”]
|
|
3501
|
+
# “ouid112”]}`.
|
|
3503
3502
|
# @return [Hash<String,Array<String>>]
|
|
3504
3503
|
#
|
|
3505
3504
|
# @!attribute [rw] exclude_map
|
|
@@ -3519,17 +3518,16 @@ module Aws::FMS
|
|
|
3519
3518
|
# You can specify account IDs, OUs, or a combination:
|
|
3520
3519
|
#
|
|
3521
3520
|
# * Specify account IDs by setting the key to `ACCOUNT`. For example,
|
|
3522
|
-
# the following is a valid map:
|
|
3523
|
-
# “accountID2”]
|
|
3521
|
+
# the following is a valid map: `{“ACCOUNT” : [“accountID1”,
|
|
3522
|
+
# “accountID2”]}`.
|
|
3524
3523
|
#
|
|
3525
3524
|
# * Specify OUs by setting the key to `ORG_UNIT`. For example, the
|
|
3526
|
-
# following is a valid map:
|
|
3527
|
-
# “ouid112”]\}`.
|
|
3525
|
+
# following is a valid map: `{“ORG_UNIT” : [“ouid111”, “ouid112”]}`.
|
|
3528
3526
|
#
|
|
3529
3527
|
# * Specify accounts and OUs together in a single map, separated with
|
|
3530
|
-
# a comma. For example, the following is a valid map:
|
|
3528
|
+
# a comma. For example, the following is a valid map: `{“ACCOUNT” :
|
|
3531
3529
|
# [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”,
|
|
3532
|
-
# “ouid112”]
|
|
3530
|
+
# “ouid112”]}`.
|
|
3533
3531
|
# @return [Hash<String,Array<String>>]
|
|
3534
3532
|
#
|
|
3535
3533
|
# @!attribute [rw] resource_set_ids
|
|
@@ -4824,7 +4822,7 @@ module Aws::FMS
|
|
|
4824
4822
|
#
|
|
4825
4823
|
# * Example: `DNS_FIREWALL`
|
|
4826
4824
|
#
|
|
4827
|
-
# `"
|
|
4825
|
+
# `"{"type":"DNS_FIREWALL","preProcessRuleGroups":[{"ruleGroupId":"rslvr-frg-1","priority":10}],"postProcessRuleGroups":[{"ruleGroupId":"rslvr-frg-2","priority":9911}]}"`
|
|
4828
4826
|
#
|
|
4829
4827
|
# <note markdown="1"> Valid values for `preProcessRuleGroups` are between 1 and 99.
|
|
4830
4828
|
# Valid values for `postProcessRuleGroups` are between 9901 and
|
|
@@ -4834,9 +4832,9 @@ module Aws::FMS
|
|
|
4834
4832
|
#
|
|
4835
4833
|
# * Example: `IMPORT_NETWORK_FIREWALL`
|
|
4836
4834
|
#
|
|
4837
|
-
# `"
|
|
4835
|
+
# `"{"type":"IMPORT_NETWORK_FIREWALL","awsNetworkFirewallConfig":{"networkFirewallStatelessRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-west-2:000000000000:stateless-rulegroup\/rg1","priority":1}],"networkFirewallStatelessDefaultActions":["aws:drop"],"networkFirewallStatelessFragmentDefaultActions":["aws:pass"],"networkFirewallStatelessCustomActions":[],"networkFirewallStatefulRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-west-2:aws-managed:stateful-rulegroup\/ThreatSignaturesEmergingEventsStrictOrder","priority":8}],"networkFirewallStatefulEngineOptions":{"ruleOrder":"STRICT_ORDER"},"networkFirewallStatefulDefaultActions":["aws:drop_strict"]}}"`
|
|
4838
4836
|
#
|
|
4839
|
-
# `"
|
|
4837
|
+
# `"{"type":"DNS_FIREWALL","preProcessRuleGroups":[{"ruleGroupId":"rslvr-frg-1","priority":10}],"postProcessRuleGroups":[{"ruleGroupId":"rslvr-frg-2","priority":9911}]}"`
|
|
4840
4838
|
#
|
|
4841
4839
|
# <note markdown="1"> Valid values for `preProcessRuleGroups` are between 1 and 99.
|
|
4842
4840
|
# Valid values for `postProcessRuleGroups` are between 9901 and
|
|
@@ -4846,7 +4844,7 @@ module Aws::FMS
|
|
|
4846
4844
|
#
|
|
4847
4845
|
# * Example: `NETWORK_FIREWALL` - Centralized deployment model
|
|
4848
4846
|
#
|
|
4849
|
-
# `"
|
|
4847
|
+
# `"{"type":"NETWORK_FIREWALL","awsNetworkFirewallConfig":{"networkFirewallStatelessRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[{"actionName":"customActionName","actionDefinition":{"publishMetricAction":{"dimensions":[{"value":"metricdimensionvalue"}]}}}],"networkFirewallStatefulRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"}],"networkFirewallLoggingConfiguration":{"logDestinationConfigs":[{"logDestinationType":"S3","logType":"ALERT","logDestination":{"bucketName":"s3-bucket-name"}},{"logDestinationType":"S3","logType":"FLOW","logDestination":{"bucketName":"s3-bucket-name"}}],"overrideExistingConfig":true}},"firewallDeploymentModel":{"centralizedFirewallDeploymentModel":{"centralizedFirewallOrchestrationConfig":{"inspectionVpcIds":[{"resourceId":"vpc-1234","accountId":"123456789011"}],"firewallCreationConfig":{"endpointLocation":{"availabilityZoneConfigList":[{"availabilityZoneId":null,"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]}]}},"allowedIPV4CidrList":[]}}}}"`
|
|
4850
4848
|
#
|
|
4851
4849
|
# To use the centralized deployment model, you must set
|
|
4852
4850
|
# [PolicyOption][1] to `CENTRALIZED`.
|
|
@@ -4855,7 +4853,7 @@ module Aws::FMS
|
|
|
4855
4853
|
# automatic Availability Zone configuration
|
|
4856
4854
|
#
|
|
4857
4855
|
# `
|
|
4858
|
-
# "
|
|
4856
|
+
# "{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[{"actionName":"customActionName","actionDefinition":{"publishMetricAction":{"dimensions":[{"value":"metricdimensionvalue"}]}}}],"networkFirewallStatefulRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"}],"networkFirewallOrchestrationConfig":{"singleFirewallEndpointPerVPC":false,"allowedIPV4CidrList":["10.0.0.0/28","192.168.0.0/28"],"routeManagementAction":"OFF"},"networkFirewallLoggingConfiguration":{"logDestinationConfigs":[{"logDestinationType":"S3","logType":"ALERT","logDestination":{"bucketName":"s3-bucket-name"}},{"logDestinationType":"S3","logType":"FLOW","logDestination":{"bucketName":"s3-bucket-name"}}],"overrideExistingConfig":true}}"
|
|
4859
4857
|
# `
|
|
4860
4858
|
#
|
|
4861
4859
|
# With automatic Availbility Zone configuration, Firewall Manager
|
|
@@ -4867,8 +4865,8 @@ module Aws::FMS
|
|
|
4867
4865
|
# automatic Availability Zone configuration and route management
|
|
4868
4866
|
#
|
|
4869
4867
|
# `
|
|
4870
|
-
# "
|
|
4871
|
-
# "FLOW","logDestination"
|
|
4868
|
+
# "{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessCustomActions":[{"actionName":"customActionName","actionDefinition":{"publishMetricAction":{"dimensions":[{"value":"metricdimensionvalue"}]}}}],"networkFirewallStatefulRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"}],"networkFirewallOrchestrationConfig":{"singleFirewallEndpointPerVPC":false,"allowedIPV4CidrList":["10.0.0.0/28","192.168.0.0/28"],"routeManagementAction":"MONITOR","routeManagementTargetTypes":["InternetGateway"]},"networkFirewallLoggingConfiguration":{"logDestinationConfigs":[{"logDestinationType":"S3","logType":"ALERT","logDestination":{"bucketName":"s3-bucket-name"}},{"logDestinationType":"S3","logType":
|
|
4869
|
+
# "FLOW","logDestination":{"bucketName":"s3-bucket-name"}}],"overrideExistingConfig":true}}"
|
|
4872
4870
|
# `
|
|
4873
4871
|
#
|
|
4874
4872
|
# To use the distributed deployment model, you must set
|
|
@@ -4877,11 +4875,11 @@ module Aws::FMS
|
|
|
4877
4875
|
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
|
4878
4876
|
# custom Availability Zone configuration
|
|
4879
4877
|
#
|
|
4880
|
-
# `"
|
|
4881
|
-
# "actionDefinition"
|
|
4882
|
-
# "endpointLocation"
|
|
4883
|
-
# "10.0.0.0/28"]
|
|
4884
|
-
#
|
|
4878
|
+
# `"{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","fragmentcustomactionname"],"networkFirewallStatelessCustomActions":[{"actionName":"customActionName",
|
|
4879
|
+
# "actionDefinition":{"publishMetricAction":{"dimensions":[{"value":"metricdimensionvalue"}]}}},{"actionName":"fragmentcustomactionname","actionDefinition":{"publishMetricAction":{"dimensions":[{"value":"fragmentmetricdimensionvalue"}]}}}],"networkFirewallStatefulRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"}],"networkFirewallOrchestrationConfig":{"firewallCreationConfig":{
|
|
4880
|
+
# "endpointLocation":{"availabilityZoneConfigList":[{"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]},{"availabilityZoneName":"us-east-1b","allowedIPV4CidrList":[
|
|
4881
|
+
# "10.0.0.0/28"]}]}
|
|
4882
|
+
# },"singleFirewallEndpointPerVPC":false,"allowedIPV4CidrList":null,"routeManagementAction":"OFF","networkFirewallLoggingConfiguration":{"logDestinationConfigs":[{"logDestinationType":"S3","logType":"ALERT","logDestination":{"bucketName":"s3-bucket-name"}},{"logDestinationType":"S3","logType":"FLOW","logDestination":{"bucketName":"s3-bucket-name"}}],"overrideExistingConfig":boolean}}"
|
|
4885
4883
|
# `
|
|
4886
4884
|
#
|
|
4887
4885
|
# With custom Availability Zone configuration, you define which
|
|
@@ -4897,7 +4895,7 @@ module Aws::FMS
|
|
|
4897
4895
|
# * Example: `NETWORK_FIREWALL` - Distributed deployment model with
|
|
4898
4896
|
# custom Availability Zone configuration and route management
|
|
4899
4897
|
#
|
|
4900
|
-
# `"
|
|
4898
|
+
# `"{"type":"NETWORK_FIREWALL","networkFirewallStatelessRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test","priority":1}],"networkFirewallStatelessDefaultActions":["aws:forward_to_sfe","customActionName"],"networkFirewallStatelessFragmentDefaultActions":["aws:forward_to_sfe","fragmentcustomactionname"],"networkFirewallStatelessCustomActions":[{"actionName":"customActionName","actionDefinition":{"publishMetricAction":{"dimensions":[{"value":"metricdimensionvalue"}]}}},{"actionName":"fragmentcustomactionname","actionDefinition":{"publishMetricAction":{"dimensions":[{"value":"fragmentmetricdimensionvalue"}]}}}],"networkFirewallStatefulRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test"}],"networkFirewallOrchestrationConfig":{"firewallCreationConfig":{"endpointLocation":{"availabilityZoneConfigList":[{"availabilityZoneName":"us-east-1a","allowedIPV4CidrList":["10.0.0.0/28"]},{"availabilityZoneName":"us-east-1b","allowedIPV4CidrList":["10.0.0.0/28"]}]}},"singleFirewallEndpointPerVPC":false,"allowedIPV4CidrList":null,"routeManagementAction":"MONITOR","routeManagementTargetTypes":["InternetGateway"],"routeManagementConfig":{"allowCrossAZTrafficIfNoEndpoint":true}},"networkFirewallLoggingConfiguration":{"logDestinationConfigs":[{"logDestinationType":"S3","logType":"ALERT","logDestination":{"bucketName":"s3-bucket-name"}},{"logDestinationType":"S3","logType":"FLOW","logDestination":{"bucketName":"s3-bucket-name"}}],"overrideExistingConfig":boolean}}"
|
|
4901
4899
|
# `
|
|
4902
4900
|
#
|
|
4903
4901
|
# To use the distributed deployment model, you must set
|
|
@@ -4905,12 +4903,12 @@ module Aws::FMS
|
|
|
4905
4903
|
#
|
|
4906
4904
|
# * Example: `SECURITY_GROUPS_COMMON`
|
|
4907
4905
|
#
|
|
4908
|
-
# `"
|
|
4906
|
+
# `"{"type":"SECURITY_GROUPS_COMMON","securityGroups":[{"id":"sg-03b1f67d69ed00197"}],"revertManualSecurityGroupChanges":true,"exclusiveResourceSecurityGroupManagement":true,"applyToAllEC2InstanceENIs":false,"includeSharedVPC":true,"enableSecurityGroupReferencesDistribution":true}"`
|
|
4909
4907
|
#
|
|
4910
4908
|
# * Example: `SECURITY_GROUPS_COMMON` - Security group tag
|
|
4911
4909
|
# distribution
|
|
4912
4910
|
#
|
|
4913
|
-
# `""
|
|
4911
|
+
# `""{"type":"SECURITY_GROUPS_COMMON","securityGroups":[{"id":"sg-000e55995d61a06bd"}],"revertManualSecurityGroupChanges":true,"exclusiveResourceSecurityGroupManagement":false,"applyToAllEC2InstanceENIs":false,"includeSharedVPC":false,"enableTagDistribution":true}""`
|
|
4914
4912
|
#
|
|
4915
4913
|
# Firewall Manager automatically distributes tags from the primary
|
|
4916
4914
|
# group to the security groups created by this policy. To use
|
|
@@ -4928,13 +4926,13 @@ module Aws::FMS
|
|
|
4928
4926
|
# * Example: Shared VPCs. Apply the preceding policy to resources in
|
|
4929
4927
|
# shared VPCs as well as to those in VPCs that the account owns
|
|
4930
4928
|
#
|
|
4931
|
-
# `"
|
|
4932
|
-
# "applyToAllEC2InstanceENIs":false,"includeSharedVPC":true,"securityGroups":[
|
|
4933
|
-
# sg-000e55995d61a06bd"
|
|
4929
|
+
# `"{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
|
|
4930
|
+
# "applyToAllEC2InstanceENIs":false,"includeSharedVPC":true,"securityGroups":[{"id":"
|
|
4931
|
+
# sg-000e55995d61a06bd"}]}"`
|
|
4934
4932
|
#
|
|
4935
4933
|
# * Example: `SECURITY_GROUPS_CONTENT_AUDIT`
|
|
4936
4934
|
#
|
|
4937
|
-
# `"
|
|
4935
|
+
# `"{"type":"SECURITY_GROUPS_CONTENT_AUDIT","preManagedOptions":[{"denyProtocolAllValue":true},{"auditSgDirection":{"type":"ALL"}}],"securityGroups":[{"id":"sg-049b2393a25468971"}],"securityGroupAction":{"type":"ALLOW"}}"`
|
|
4938
4936
|
#
|
|
4939
4937
|
# The security group action for content audit can be `ALLOW` or
|
|
4940
4938
|
# `DENY`. For `ALLOW`, all in-scope security group rules must be
|
|
@@ -4945,11 +4943,11 @@ module Aws::FMS
|
|
|
4945
4943
|
#
|
|
4946
4944
|
# * Example: `SECURITY_GROUPS_USAGE_AUDIT`
|
|
4947
4945
|
#
|
|
4948
|
-
# `"
|
|
4946
|
+
# `"{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true,"optionalDelayForUnusedInMinutes":60}"`
|
|
4949
4947
|
#
|
|
4950
4948
|
# * Example: `SHIELD_ADVANCED` with web ACL management
|
|
4951
4949
|
#
|
|
4952
|
-
# `"
|
|
4950
|
+
# `"{"type":"SHIELD_ADVANCED","optimizeUnassociatedWebACL":true}"`
|
|
4953
4951
|
#
|
|
4954
4952
|
# If you set `optimizeUnassociatedWebACL` to `true`, Firewall
|
|
4955
4953
|
# Manager creates web ACLs in accounts within the policy scope if
|
|
@@ -4976,16 +4974,16 @@ module Aws::FMS
|
|
|
4976
4974
|
# * Specification for `SHIELD_ADVANCED` for Amazon CloudFront
|
|
4977
4975
|
# distributions
|
|
4978
4976
|
#
|
|
4979
|
-
# `"
|
|
4980
|
-
#
|
|
4981
|
-
# "automaticResponseAction":"BLOCK|COUNT"
|
|
4977
|
+
# `"{"type":"SHIELD_ADVANCED","automaticResponseConfiguration":
|
|
4978
|
+
# {"automaticResponseStatus":"ENABLED|IGNORED|DISABLED",
|
|
4979
|
+
# "automaticResponseAction":"BLOCK|COUNT"},
|
|
4982
4980
|
# "overrideCustomerWebaclClassic":true|false,
|
|
4983
|
-
# "optimizeUnassociatedWebACL":true|false
|
|
4981
|
+
# "optimizeUnassociatedWebACL":true|false}"`
|
|
4984
4982
|
#
|
|
4985
4983
|
# For example:
|
|
4986
|
-
# `"
|
|
4987
|
-
#
|
|
4988
|
-
# "automaticResponseAction":"COUNT"
|
|
4984
|
+
# `"{"type":"SHIELD_ADVANCED","automaticResponseConfiguration":
|
|
4985
|
+
# {"automaticResponseStatus":"ENABLED",
|
|
4986
|
+
# "automaticResponseAction":"COUNT"}}"`
|
|
4989
4987
|
#
|
|
4990
4988
|
# The default value for `automaticResponseStatus` is `IGNORED`. The
|
|
4991
4989
|
# value for `automaticResponseAction` is only required when
|
|
@@ -5001,23 +4999,22 @@ module Aws::FMS
|
|
|
5001
4999
|
# Replace `THIRD_PARTY_FIREWALL_NAME` with the name of the
|
|
5002
5000
|
# third-party firewall.
|
|
5003
5001
|
#
|
|
5004
|
-
# `"
|
|
5002
|
+
# `"{ "type":"THIRD_PARTY_FIREWALL",
|
|
5005
5003
|
# "thirdPartyFirewall":"THIRD_PARTY_FIREWALL_NAME",
|
|
5006
|
-
# "thirdPartyFirewallConfig"
|
|
5007
|
-
# "thirdPartyFirewallPolicyList":["global-1"]
|
|
5008
|
-
# "firewallDeploymentModel"
|
|
5009
|
-
# "
|
|
5010
|
-
# "
|
|
5011
|
-
# "
|
|
5012
|
-
# "
|
|
5013
|
-
# "
|
|
5014
|
-
# "allowedIPV4CidrList":[ ] \} \} \} \}"`
|
|
5004
|
+
# "thirdPartyFirewallConfig":{
|
|
5005
|
+
# "thirdPartyFirewallPolicyList":["global-1"] },
|
|
5006
|
+
# "firewallDeploymentModel":{ "distributedFirewallDeploymentModel":{
|
|
5007
|
+
# "distributedFirewallOrchestrationConfig":{
|
|
5008
|
+
# "firewallCreationConfig":{ "endpointLocation":{
|
|
5009
|
+
# "availabilityZoneConfigList":[ {
|
|
5010
|
+
# "availabilityZoneName":"${AvailabilityZone}" } ] } },
|
|
5011
|
+
# "allowedIPV4CidrList":[ ] } } } }"`
|
|
5015
5012
|
#
|
|
5016
5013
|
# * Example: `WAFV2` - Account takeover prevention, Bot Control
|
|
5017
5014
|
# managed rule groups, optimize unassociated web ACL, and rule
|
|
5018
5015
|
# action override
|
|
5019
5016
|
#
|
|
5020
|
-
# `"
|
|
5017
|
+
# `"{"type":"WAFV2","preProcessRuleGroups":[{"ruleGroupArn":null,"overrideAction":{"type":"NONE"},"managedRuleGroupIdentifier":{"versionEnabled":null,"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesATPRuleSet","managedRuleGroupConfigs":[{"awsmanagedRulesATPRuleSet":{"loginPath":"/loginpath","requestInspection":{"payloadType":"FORM_ENCODED|JSON","usernameField":{"identifier":"/form/username"},"passwordField":{"identifier":"/form/password"}}}}]},"ruleGroupType":"ManagedRuleGroup","excludeRules":[],"sampledRequestsEnabled":true},{"ruleGroupArn":null,"overrideAction":{"type":"NONE"},"managedRuleGroupIdentifier":{"versionEnabled":null,"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesBotControlRuleSet","managedRuleGroupConfigs":[{"awsmanagedRulesBotControlRuleSet":{"inspectionLevel":"TARGETED|COMMON"}}]},"ruleGroupType":"ManagedRuleGroup","excludeRules":[],"sampledRequestsEnabled":true,"ruleActionOverrides":[{"name":"Rule1","actionToUse":{"allow|block|count|captcha|challenge":{}}},{"name":"Rule2","actionToUse":{"allow|block|count|captcha|challenge":{}}}]}],"postProcessRuleGroups":[],"defaultAction":{"type":"ALLOW"},"customRequestHandling":null,"customResponse":null,"overrideCustomerWebACLAssociation":false,"loggingConfiguration":null,"sampledRequestsEnabledForDefaultActions":true,"optimizeUnassociatedWebACL":true}"`
|
|
5021
5018
|
#
|
|
5022
5019
|
# * Bot Control - For information about
|
|
5023
5020
|
# `AWSManagedRulesBotControlRuleSet` managed rule groups, see
|
|
@@ -5061,7 +5058,7 @@ module Aws::FMS
|
|
|
5061
5058
|
#
|
|
5062
5059
|
# * Example: `WAFV2` - `CAPTCHA` and `Challenge` configs
|
|
5063
5060
|
#
|
|
5064
|
-
# `"
|
|
5061
|
+
# `"{"type":"WAFV2","preProcessRuleGroups":[{"ruleGroupArn":null,"overrideAction":{"type":"NONE"},"managedRuleGroupIdentifier":{"versionEnabled":null,"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet"},"ruleGroupType":"ManagedRuleGroup","excludeRules":[],"sampledRequestsEnabled":true}],"postProcessRuleGroups":[],"defaultAction":{"type":"ALLOW"},"customRequestHandling":null,"customResponse":null,"overrideCustomerWebACLAssociation":false,"loggingConfiguration":null,"sampledRequestsEnabledForDefaultActions":true,"captchaConfig":{"immunityTimeProperty":{"immunityTime":500}},"challengeConfig":{"immunityTimeProperty":{"immunityTime":800}},"tokenDomains":["google.com","amazon.com"],"associationConfig":{"requestBody":{"CLOUDFRONT":{"defaultSizeInspectionLimit":"KB_16"}}}}"`
|
|
5065
5062
|
#
|
|
5066
5063
|
# * `CAPTCHA` and `Challenge` configs - If you update the policy's
|
|
5067
5064
|
# values for `associationConfig`, `captchaConfig`,
|
|
@@ -5084,7 +5081,7 @@ module Aws::FMS
|
|
|
5084
5081
|
# * Example: `WAFV2` - Firewall Manager support for WAF managed rule
|
|
5085
5082
|
# group versioning
|
|
5086
5083
|
#
|
|
5087
|
-
# `"
|
|
5084
|
+
# `"{"preProcessRuleGroups":[{"ruleGroupType":"ManagedRuleGroup","overrideAction":{"type":"NONE"},"sampledRequestsEnabled":true,"managedRuleGroupIdentifier":{"managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet","vendorName":"AWS","managedRuleGroupConfigs":null}}],"postProcessRuleGroups":[],"defaultAction":{"type":"ALLOW"},"customRequestHandling":null,"tokenDomains":null,"customResponse":null,"type":"WAFV2","overrideCustomerWebACLAssociation":false,"sampledRequestsEnabledForDefaultActions":true,"optimizeUnassociatedWebACL":true,"webACLSource":"RETROFIT_EXISTING"}"`
|
|
5088
5085
|
#
|
|
5089
5086
|
# To use a specific version of a WAF managed rule group in your
|
|
5090
5087
|
# Firewall Manager policy, you must set `versionEnabled` to `true`,
|
|
@@ -5095,21 +5092,21 @@ module Aws::FMS
|
|
|
5095
5092
|
#
|
|
5096
5093
|
# * Example: `WAFV2` - Logging configurations
|
|
5097
5094
|
#
|
|
5098
|
-
# `"
|
|
5099
|
-
# "overrideAction"
|
|
5100
|
-
#
|
|
5101
|
-
# "managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet"
|
|
5095
|
+
# `"{"type":"WAFV2","preProcessRuleGroups":[{"ruleGroupArn":null,
|
|
5096
|
+
# "overrideAction":{"type":"NONE"},"managedRuleGroupIdentifier":
|
|
5097
|
+
# {"versionEnabled":null,"version":null,"vendorName":"AWS",
|
|
5098
|
+
# "managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet"}
|
|
5102
5099
|
# ,"ruleGroupType":"ManagedRuleGroup","excludeRules":[],
|
|
5103
|
-
# "sampledRequestsEnabled":true
|
|
5104
|
-
# "defaultAction"
|
|
5100
|
+
# "sampledRequestsEnabled":true}],"postProcessRuleGroups":[],
|
|
5101
|
+
# "defaultAction":{"type":"ALLOW"},"customRequestHandling"
|
|
5105
5102
|
# \:null,"customResponse":null,"overrideCustomerWebACLAssociation"
|
|
5106
|
-
# \:false,"loggingConfiguration"
|
|
5103
|
+
# \:false,"loggingConfiguration":{"logDestinationConfigs":
|
|
5107
5104
|
# ["arn:aws:s3:::aws-waf-logs-example-bucket"]
|
|
5108
|
-
# ,"redactedFields":[],"loggingFilterConfigs"
|
|
5109
|
-
# "filters":[
|
|
5110
|
-
# "conditions":[
|
|
5111
|
-
# "CHALLENGE"
|
|
5112
|
-
#
|
|
5105
|
+
# ,"redactedFields":[],"loggingFilterConfigs":{"defaultBehavior":"KEEP",
|
|
5106
|
+
# "filters":[{"behavior":"KEEP","requirement":"MEETS_ALL",
|
|
5107
|
+
# "conditions":[{"actionCondition":"CAPTCHA"},{"actionCondition":
|
|
5108
|
+
# "CHALLENGE"},
|
|
5109
|
+
# {"actionCondition":"EXCLUDED_AS_COUNT"}]}]}},"sampledRequestsEnabledForDefaultActions":true}"`
|
|
5113
5110
|
#
|
|
5114
5111
|
# Firewall Manager supports Amazon Kinesis Data Firehose and Amazon
|
|
5115
5112
|
# S3 as the `logDestinationConfigs` in your `loggingConfiguration`.
|
|
@@ -5123,7 +5120,7 @@ module Aws::FMS
|
|
|
5123
5120
|
#
|
|
5124
5121
|
# * Example: `WAF Classic`
|
|
5125
5122
|
#
|
|
5126
|
-
# `"
|
|
5123
|
+
# `"{"ruleGroups":[{"id":"78cb36c0-1b5e-4d7d-82b2-cf48d3ad9659","overrideAction":{"type":"NONE"}}],"overrideCustomerWebACLAssociation":true,"defaultAction":{"type":"ALLOW"},"type":"WAF"}"`
|
|
5127
5124
|
#
|
|
5128
5125
|
#
|
|
5129
5126
|
#
|
data/lib/aws-sdk-fms.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-fms
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.85.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-11-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-core
|