aws-sdk-fms 1.23.0 → 1.24.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 8a803e21a6b703fc355809714fbb2683eb993911
-  data.tar.gz: 0d757e83520ac5ce0ab7bbb73f97fc8ab4906e7f
+SHA256:
+  metadata.gz: 6a47c4df9d04dcfa42d1de0904be35241affb5d770dfef70b7df264feea3ec9f
+  data.tar.gz: 3aeb71574d41cc872b4ef185069c9ceaa0ffe5cd009880434ab4b408ad7a68d4
 SHA512:
-  metadata.gz: 1040b35ebdae87100e9cfb59839239323dd4359d56ad51b5bc2dde92c620b9e7eda71758e14bddb825ed11a7e2847b044679be955f05bb365f2014e91ec19711
-  data.tar.gz: 6b26ddb9b8a773e6cf28f33b1712e3ba8983cce43d30065ebb06981f1b490883b155de0cc88e40ac0ddfa004a51139b5398ea2132653d4f44b490e798b47b785
+  metadata.gz: 5aa567911545a03f3b2cdafdde81bbcf62c30cec41aec6cbcf2ffca268b4486a77f26726a8aa48961ef300837a329a5c657ec7d7b605be4926d6347b769781cc
+  data.tar.gz: 8ffcd42ac4d094d7ac3b52eec9d4a1f94cec2975e02e06d775ccc842625232c86e05545d6f6ec7d2510880760586cfdd3c53236233df5341a6941b2582a9604f

data/lib/aws-sdk-fms.rb

@@ -45,6 +45,6 @@ require_relative 'aws-sdk-fms/customizations'
 # @service
 module Aws::FMS
 
-  GEM_VERSION = '1.23.0'
+  GEM_VERSION = '1.24.0'
 
 end

data/lib/aws-sdk-fms/client.rb

@@ -893,15 +893,18 @@ module Aws::FMS
     # * A Shield Advanced policy, which applies Shield Advanced protection
     #   to specified accounts and resources
     #
-    # * An AWS WAF policy, which contains a rule group and defines which
-    #   resources are to be protected by that rule group
+    # * An AWS WAF policy (type WAFV2), which defines rule groups to run
+    #   first in the corresponding AWS WAF web ACL and rule groups to run
+    #   last in the web ACL.
+    #
+    # * An AWS WAF Classic policy (type WAF), which defines a rule group.
     #
     # * A security group policy, which manages VPC security groups across
     #   your AWS organization.
     #
-    # Each policy is specific to one of the three types. If you want to
-    # enforce more than one policy type across accounts, you can create
-    # multiple policies. You can create multiple policies for each type.
+    # Each policy is specific to one of the types. If you want to enforce
+    # more than one policy type across accounts, create multiple policies.
+    # You can create multiple policies for each type.
     #
     # You must be subscribed to Shield Advanced to create a Shield Advanced
     # policy. For more information about subscribing to Shield Advanced, see
@@ -1064,7 +1067,7 @@ module Aws::FMS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-fms'
-      context[:gem_version] = '1.23.0'
+      context[:gem_version] = '1.24.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-fms/types.rb

@@ -762,24 +762,63 @@ module Aws::FMS
     #   @return [Boolean]
     #
     # @!attribute [rw] include_map
-    #   Specifies the AWS account IDs to include in the policy. If
-    #   `IncludeMap` is null, all accounts in the organization in AWS
-    #   Organizations are included in the policy. If `IncludeMap` is not
-    #   null, only values listed in `IncludeMap` are included in the policy.
-    #
-    #   The key to the map is `ACCOUNT`. For example, a valid `IncludeMap`
-    #   would be `\{“ACCOUNT” : [“accountID1”, “accountID2”]\}`.
+    #   Specifies the AWS account IDs and AWS Organizations organizational
+    #   units (OUs) to include in the policy. Specifying an OU is the
+    #   equivalent of specifying all accounts in the OU and in any of its
+    #   child OUs, including any child OUs and accounts that are added at a
+    #   later time.
+    #
+    #   You can specify inclusions or exclusions, but not both. If you
+    #   specify an `IncludeMap`, AWS Firewall Manager applies the policy to
+    #   all accounts specified by the `IncludeMap`, and does not evaluate
+    #   any `ExcludeMap` specifications. If you do not specify an
+    #   `IncludeMap`, then Firewall Manager applies the policy to all
+    #   accounts except for those specified by the `ExcludeMap`.
+    #
+    #   You can specify account IDs, OUs, or a combination:
+    #
+    #   * Specify account IDs by setting the key to `ACCOUNT`. For example,
+    #     the following is a valid map: `\{“ACCOUNT” : [“accountID1”,
+    #     “accountID2”]\}`.
+    #
+    #   * Specify OUs by setting the key to `ORG_UNIT`. For example, the
+    #     following is a valid map: `\{“ORG_UNIT” : [“ouid111”,
+    #     “ouid112”]\}`.
+    #
+    #   * Specify accounts and OUs together in a single map, separated with
+    #     a comma. For example, the following is a valid map: `\{“ACCOUNT” :
+    #     [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”,
+    #     “ouid112”]\}`.
     #   @return [Hash<String,Array<String>>]
     #
     # @!attribute [rw] exclude_map
-    #   Specifies the AWS account IDs to exclude from the policy. The
-    #   `IncludeMap` values are evaluated first, with all the appropriate
-    #   account IDs added to the policy. Then the accounts listed in
-    #   `ExcludeMap` are removed, resulting in the final list of accounts to
-    #   add to the policy.
-    #
-    #   The key to the map is `ACCOUNT`. For example, a valid `ExcludeMap`
-    #   would be `\{“ACCOUNT” : [“accountID1”, “accountID2”]\}`.
+    #   Specifies the AWS account IDs and AWS Organizations organizational
+    #   units (OUs) to exclude from the policy. Specifying an OU is the
+    #   equivalent of specifying all accounts in the OU and in any of its
+    #   child OUs, including any child OUs and accounts that are added at a
+    #   later time.
+    #
+    #   You can specify inclusions or exclusions, but not both. If you
+    #   specify an `IncludeMap`, AWS Firewall Manager applies the policy to
+    #   all accounts specified by the `IncludeMap`, and does not evaluate
+    #   any `ExcludeMap` specifications. If you do not specify an
+    #   `IncludeMap`, then Firewall Manager applies the policy to all
+    #   accounts except for those specified by the `ExcludeMap`.
+    #
+    #   You can specify account IDs, OUs, or a combination:
+    #
+    #   * Specify account IDs by setting the key to `ACCOUNT`. For example,
+    #     the following is a valid map: `\{“ACCOUNT” : [“accountID1”,
+    #     “accountID2”]\}`.
+    #
+    #   * Specify OUs by setting the key to `ORG_UNIT`. For example, the
+    #     following is a valid map: `\{“ORG_UNIT” : [“ouid111”,
+    #     “ouid112”]\}`.
+    #
+    #   * Specify accounts and OUs together in a single map, separated with
+    #     a comma. For example, the following is a valid map: `\{“ACCOUNT” :
+    #     [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”,
+    #     “ouid112”]\}`.
     #   @return [Hash<String,Array<String>>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/Policy AWS API Documentation
@@ -1130,22 +1169,10 @@ module Aws::FMS
     #
     #   * Example: `WAFV2`
     #
-    #     `"SecurityServicePolicyData": "\{ "type": "WAFV2",
-    #     "postProcessRuleGroups": [ \{ "managedRuleGroupIdentifier": \{
-    #     "managedRuleGroupName":
-    #     "AWSManagedRulesAdminProtectionRuleSet", "vendor": "AWS" \}
-    #     "ruleGroupARN": "rule group arn", "overrideAction": \{
-    #     "type": "COUNT|" \}, "excludedRules": [ \{ "name" :
-    #     "EntityName" \} ], "type": "ManagedRuleGroup|RuleGroup" \}
-    #     ], "preProcessRuleGroups": [ \{ "managedRuleGroupIdentifier":
-    #     \{ "managedRuleGroupName":
-    #     "AWSManagedRulesAdminProtectionRuleSet", "vendor": "AWS" \}
-    #     "ruleGroupARN": "rule group arn", "overrideAction": \{
-    #     "type": "COUNT" \}, "excludedRules": [ \{ "name" :
-    #     "EntityName" \} ], "type": "ManagedRuleGroup|RuleGroup" \}
-    #     ], "defaultAction": \{ "type": "BLOCK" \}\}" `
-    #
-    #   * Example: `WAF`
+    #     `"ManagedServiceData":
+    #     "\{"type":"WAFV2","defaultAction":\{"type":"ALLOW"\},"preProcessRuleGroups":[\{"managedRuleGroupIdentifier":null,"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"COUNT"\},"excludedRules":[\{"name":"EntityName"\}],"ruleGroupType":"RuleGroup"\}],"postProcessRuleGroups":[\{"managedRuleGroupIdentifier":\{"managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet","vendor":"AWS"\},"ruleGroupArn":"rulegrouparn","overrideAction":\{"type":"NONE"\},"excludedRules":[],"ruleGroupType":"ManagedRuleGroup"\}],"overrideCustomerWebACLAssociation":false\}"`
+    #
+    #   * Example: `WAF Classic`
     #
     #     `"ManagedServiceData": "\{"type": "WAF", "ruleGroups":
     #     [\{"id": "12345678-1bcd-9012-efga-0987654321ab",
@@ -1154,7 +1181,8 @@ module Aws::FMS
     #
     #   * Example: `SECURITY_GROUPS_COMMON`
     #
-    #     `"SecurityServicePolicyData":\{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,"securityGroups":[\{"id":"
+    #     `"SecurityServicePolicyData":\{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
+    #     "applyToAllEC2InstanceENIs":false,"securityGroups":[\{"id":"
     #     sg-000e55995d61a06bd"\}]\}"\},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"\}`
     #
     #   * Example: `SECURITY_GROUPS_CONTENT_AUDIT`

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-fms
 version: !ruby/object:Gem::Version
-  version: 1.23.0
+  version: 1.24.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-03-31 00:00:00.000000000 Z
+date: 2020-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -81,7 +81,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2.3
+rubygems_version: 2.7.6.2
 signing_key: 
 specification_version: 4
 summary: AWS SDK for Ruby - FMS