aws-sdk-fms 1.36.0 → 1.37.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-fms.rb +1 -1
- data/lib/aws-sdk-fms/client.rb +308 -126
- data/lib/aws-sdk-fms/client_api.rb +201 -0
- data/lib/aws-sdk-fms/types.rb +1032 -253
- metadata +3 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c37272a3795fdc60b8570fcb8fb680ae61f694156bcab41f03e1bf86d6f7e47a
|
4
|
+
data.tar.gz: c9cd5778bf9f55358dbb14194f4ea98ecd809d666303f3d88ec3e69ecff311ed
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 825080cf8da456323d7ef9a7b7901d2a5219764157f1562e0ed46738aff341521ce157a039bb887b774674776625bc00b600c82c8a943985642cca4633f66d3b
|
7
|
+
data.tar.gz: 347a45ba0212c33f6090a4f2602061c8867f130def1acc2967337c7012920085ee2fe09405798c34f9bf42a9e8fd1be2f534054101f4f8c473874a4bf453e233
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,11 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.37.0 (2021-07-08)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - AWS Firewall Manager now supports route table monitoring, and provides remediation action recommendations to security administrators for AWS Network Firewall policies with misconfigured routes.
|
8
|
+
|
4
9
|
1.36.0 (2021-04-01)
|
5
10
|
------------------
|
6
11
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.37.0
|
data/lib/aws-sdk-fms.rb
CHANGED
data/lib/aws-sdk-fms/client.rb
CHANGED
@@ -337,22 +337,20 @@ module Aws::FMS
|
|
337
337
|
|
338
338
|
# @!group API Operations
|
339
339
|
|
340
|
-
# Sets the
|
341
|
-
#
|
342
|
-
#
|
343
|
-
#
|
344
|
-
# AWS Organizations master account, AWS Firewall Manager will set the
|
345
|
-
# appropriate permissions for the given member account.
|
340
|
+
# Sets the Firewall Manager administrator account. The account must be a
|
341
|
+
# member of the organization in Organizations whose resources you want
|
342
|
+
# to protect. Firewall Manager sets the permissions that allow the
|
343
|
+
# account to administer your Firewall Manager policies.
|
346
344
|
#
|
347
|
-
# The account that you associate with
|
348
|
-
#
|
345
|
+
# The account that you associate with Firewall Manager is called the
|
346
|
+
# Firewall Manager administrator account.
|
349
347
|
#
|
350
348
|
# @option params [required, String] :admin_account
|
351
|
-
# The
|
352
|
-
# Firewall Manager administrator account. This
|
353
|
-
# Organizations
|
354
|
-
#
|
355
|
-
#
|
349
|
+
# The Amazon Web Services account ID to associate with Firewall Manager
|
350
|
+
# as the Firewall Manager administrator account. This must be an
|
351
|
+
# Organizations member account. For more information about
|
352
|
+
# Organizations, see [Managing the Amazon Web Services Accounts in Your
|
353
|
+
# Organization][1].
|
356
354
|
#
|
357
355
|
#
|
358
356
|
#
|
@@ -375,7 +373,7 @@ module Aws::FMS
|
|
375
373
|
req.send_request(options)
|
376
374
|
end
|
377
375
|
|
378
|
-
# Permanently deletes an
|
376
|
+
# Permanently deletes an Firewall Manager applications list.
|
379
377
|
#
|
380
378
|
# @option params [required, String] :list_id
|
381
379
|
# The ID of the applications list that you want to delete. You can
|
@@ -399,9 +397,9 @@ module Aws::FMS
|
|
399
397
|
req.send_request(options)
|
400
398
|
end
|
401
399
|
|
402
|
-
# Deletes an
|
400
|
+
# Deletes an Firewall Manager association with the IAM role and the
|
403
401
|
# Amazon Simple Notification Service (SNS) topic that is used to record
|
404
|
-
#
|
402
|
+
# Firewall Manager SNS logs.
|
405
403
|
#
|
406
404
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
407
405
|
#
|
@@ -414,7 +412,7 @@ module Aws::FMS
|
|
414
412
|
req.send_request(options)
|
415
413
|
end
|
416
414
|
|
417
|
-
# Permanently deletes an
|
415
|
+
# Permanently deletes an Firewall Manager policy.
|
418
416
|
#
|
419
417
|
# @option params [required, String] :policy_id
|
420
418
|
# The ID of the policy that you want to delete. You can retrieve this ID
|
@@ -423,10 +421,9 @@ module Aws::FMS
|
|
423
421
|
# @option params [Boolean] :delete_all_policy_resources
|
424
422
|
# If `True`, the request performs cleanup according to the policy type.
|
425
423
|
#
|
426
|
-
# For
|
427
|
-
# following:
|
424
|
+
# For WAF and Shield Advanced policies, the cleanup does the following:
|
428
425
|
#
|
429
|
-
# * Deletes rule groups created by
|
426
|
+
# * Deletes rule groups created by Firewall Manager
|
430
427
|
#
|
431
428
|
# * Removes web ACLs from in-scope resources
|
432
429
|
#
|
@@ -468,7 +465,7 @@ module Aws::FMS
|
|
468
465
|
req.send_request(options)
|
469
466
|
end
|
470
467
|
|
471
|
-
# Permanently deletes an
|
468
|
+
# Permanently deletes an Firewall Manager protocols list.
|
472
469
|
#
|
473
470
|
# @option params [required, String] :list_id
|
474
471
|
# The ID of the protocols list that you want to delete. You can retrieve
|
@@ -492,10 +489,9 @@ module Aws::FMS
|
|
492
489
|
req.send_request(options)
|
493
490
|
end
|
494
491
|
|
495
|
-
# Disassociates the account that has been set as the
|
496
|
-
#
|
497
|
-
#
|
498
|
-
# request.
|
492
|
+
# Disassociates the account that has been set as the Firewall Manager
|
493
|
+
# administrator account. To set a different account as the administrator
|
494
|
+
# account, you must submit an `AssociateAdminAccount` request.
|
499
495
|
#
|
500
496
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
501
497
|
#
|
@@ -508,8 +504,8 @@ module Aws::FMS
|
|
508
504
|
req.send_request(options)
|
509
505
|
end
|
510
506
|
|
511
|
-
# Returns the
|
512
|
-
#
|
507
|
+
# Returns the Organizations account that is associated with Firewall
|
508
|
+
# Manager as the Firewall Manager administrator.
|
513
509
|
#
|
514
510
|
# @return [Types::GetAdminAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
515
511
|
#
|
@@ -530,15 +526,15 @@ module Aws::FMS
|
|
530
526
|
req.send_request(options)
|
531
527
|
end
|
532
528
|
|
533
|
-
# Returns information about the specified
|
534
|
-
#
|
529
|
+
# Returns information about the specified Firewall Manager applications
|
530
|
+
# list.
|
535
531
|
#
|
536
532
|
# @option params [required, String] :list_id
|
537
|
-
# The ID of the
|
533
|
+
# The ID of the Firewall Manager applications list that you want the
|
538
534
|
# details for.
|
539
535
|
#
|
540
536
|
# @option params [Boolean] :default_list
|
541
|
-
# Specifies whether the list to retrieve is a default list owned by
|
537
|
+
# Specifies whether the list to retrieve is a default list owned by
|
542
538
|
# Firewall Manager.
|
543
539
|
#
|
544
540
|
# @return [Types::GetAppsListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
@@ -582,25 +578,33 @@ module Aws::FMS
|
|
582
578
|
|
583
579
|
# Returns detailed compliance information about the specified member
|
584
580
|
# account. Details include resources that are in and out of compliance
|
585
|
-
# with the specified policy.
|
586
|
-
#
|
587
|
-
#
|
588
|
-
#
|
589
|
-
#
|
590
|
-
#
|
591
|
-
#
|
592
|
-
#
|
593
|
-
#
|
594
|
-
#
|
595
|
-
# the
|
581
|
+
# with the specified policy.
|
582
|
+
#
|
583
|
+
# * Resources are considered noncompliant for WAF and Shield Advanced
|
584
|
+
# policies if the specified policy has not been applied to them.
|
585
|
+
#
|
586
|
+
# * Resources are considered noncompliant for security group policies if
|
587
|
+
# they are in scope of the policy, they violate one or more of the
|
588
|
+
# policy rules, and remediation is disabled or not possible.
|
589
|
+
#
|
590
|
+
# * Resources are considered noncompliant for Network Firewall policies
|
591
|
+
# if a firewall is missing in the VPC, if the firewall endpoint isn't
|
592
|
+
# set up in an expected Availability Zone and subnet, if a subnet
|
593
|
+
# created by the Firewall Manager doesn't have the expected route
|
594
|
+
# table, and for modifications to a firewall policy that violate the
|
595
|
+
# Firewall Manager policy's rules.
|
596
|
+
#
|
597
|
+
# * Resources are considered noncompliant for DNS Firewall policies if a
|
598
|
+
# DNS Firewall rule group is missing from the rule group associations
|
599
|
+
# for the VPC.
|
596
600
|
#
|
597
601
|
# @option params [required, String] :policy_id
|
598
602
|
# The ID of the policy that you want to get the details for. `PolicyId`
|
599
603
|
# is returned by `PutPolicy` and by `ListPolicies`.
|
600
604
|
#
|
601
605
|
# @option params [required, String] :member_account
|
602
|
-
# The
|
603
|
-
# details for.
|
606
|
+
# The Amazon Web Services account that owns the resources that you want
|
607
|
+
# to get the details for.
|
604
608
|
#
|
605
609
|
# @return [Types::GetComplianceDetailResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
606
610
|
#
|
@@ -620,7 +624,7 @@ module Aws::FMS
|
|
620
624
|
# resp.policy_compliance_detail.member_account #=> String
|
621
625
|
# resp.policy_compliance_detail.violators #=> Array
|
622
626
|
# resp.policy_compliance_detail.violators[0].resource_id #=> String
|
623
|
-
# resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "RESOURCE_MISSING_DNS_FIREWALL"
|
627
|
+
# resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL"
|
624
628
|
# resp.policy_compliance_detail.violators[0].resource_type #=> String
|
625
629
|
# resp.policy_compliance_detail.evaluation_limit_exceeded #=> Boolean
|
626
630
|
# resp.policy_compliance_detail.expired_at #=> Time
|
@@ -637,7 +641,7 @@ module Aws::FMS
|
|
637
641
|
end
|
638
642
|
|
639
643
|
# Information about the Amazon Simple Notification Service (SNS) topic
|
640
|
-
# that is used to record
|
644
|
+
# that is used to record Firewall Manager SNS logs.
|
641
645
|
#
|
642
646
|
# @return [Types::GetNotificationChannelResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
643
647
|
#
|
@@ -658,11 +662,10 @@ module Aws::FMS
|
|
658
662
|
req.send_request(options)
|
659
663
|
end
|
660
664
|
|
661
|
-
# Returns information about the specified
|
665
|
+
# Returns information about the specified Firewall Manager policy.
|
662
666
|
#
|
663
667
|
# @option params [required, String] :policy_id
|
664
|
-
# The ID of the
|
665
|
-
# for.
|
668
|
+
# The ID of the Firewall Manager policy that you want the details for.
|
666
669
|
#
|
667
670
|
# @return [Types::GetPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
668
671
|
#
|
@@ -715,32 +718,32 @@ module Aws::FMS
|
|
715
718
|
# The ID of the policy for which you want to get the attack information.
|
716
719
|
#
|
717
720
|
# @option params [String] :member_account_id
|
718
|
-
# The
|
719
|
-
# the details for.
|
721
|
+
# The Amazon Web Services account that is in scope of the policy that
|
722
|
+
# you want to get the details for.
|
720
723
|
#
|
721
724
|
# @option params [Time,DateTime,Date,Integer,String] :start_time
|
722
725
|
# The start of the time period to query for the attacks. This is a
|
723
726
|
# `timestamp` type. The request syntax listing indicates a `number` type
|
724
|
-
# because the default used by
|
725
|
-
#
|
727
|
+
# because the default used by Firewall Manager is Unix time in seconds.
|
728
|
+
# However, any valid `timestamp` format is allowed.
|
726
729
|
#
|
727
730
|
# @option params [Time,DateTime,Date,Integer,String] :end_time
|
728
731
|
# The end of the time period to query for the attacks. This is a
|
729
732
|
# `timestamp` type. The request syntax listing indicates a `number` type
|
730
|
-
# because the default used by
|
731
|
-
#
|
733
|
+
# because the default used by Firewall Manager is Unix time in seconds.
|
734
|
+
# However, any valid `timestamp` format is allowed.
|
732
735
|
#
|
733
736
|
# @option params [String] :next_token
|
734
737
|
# If you specify a value for `MaxResults` and you have more objects than
|
735
|
-
# the number that you specify for `MaxResults`,
|
736
|
-
#
|
737
|
-
#
|
738
|
+
# the number that you specify for `MaxResults`, Firewall Manager returns
|
739
|
+
# a `NextToken` value in the response, which you can use to retrieve
|
740
|
+
# another group of objects. For the second and subsequent
|
738
741
|
# `GetProtectionStatus` requests, specify the value of `NextToken` from
|
739
742
|
# the previous response to get information about another batch of
|
740
743
|
# objects.
|
741
744
|
#
|
742
745
|
# @option params [Integer] :max_results
|
743
|
-
# Specifies the number of objects that you want
|
746
|
+
# Specifies the number of objects that you want Firewall Manager to
|
744
747
|
# return for this request. If you have more objects than the number that
|
745
748
|
# you specify for `MaxResults`, the response includes a `NextToken`
|
746
749
|
# value that you can use to get another batch of objects.
|
@@ -779,15 +782,15 @@ module Aws::FMS
|
|
779
782
|
req.send_request(options)
|
780
783
|
end
|
781
784
|
|
782
|
-
# Returns information about the specified
|
785
|
+
# Returns information about the specified Firewall Manager protocols
|
783
786
|
# list.
|
784
787
|
#
|
785
788
|
# @option params [required, String] :list_id
|
786
|
-
# The ID of the
|
789
|
+
# The ID of the Firewall Manager protocols list that you want the
|
787
790
|
# details for.
|
788
791
|
#
|
789
792
|
# @option params [Boolean] :default_list
|
790
|
-
# Specifies whether the list to retrieve is a default list owned by
|
793
|
+
# Specifies whether the list to retrieve is a default list owned by
|
791
794
|
# Firewall Manager.
|
792
795
|
#
|
793
796
|
# @return [Types::GetProtocolsListResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
@@ -825,23 +828,22 @@ module Aws::FMS
|
|
825
828
|
req.send_request(options)
|
826
829
|
end
|
827
830
|
|
828
|
-
# Retrieves violations for a resource based on the specified
|
829
|
-
#
|
831
|
+
# Retrieves violations for a resource based on the specified Firewall
|
832
|
+
# Manager policy and Amazon Web Services account.
|
830
833
|
#
|
831
834
|
# @option params [required, String] :policy_id
|
832
|
-
# The ID of the
|
833
|
-
#
|
834
|
-
# policies.
|
835
|
+
# The ID of the Firewall Manager policy that you want the details for.
|
836
|
+
# This currently only supports security group content audit policies.
|
835
837
|
#
|
836
838
|
# @option params [required, String] :member_account
|
837
|
-
# The
|
839
|
+
# The Amazon Web Services account ID that you want the details for.
|
838
840
|
#
|
839
841
|
# @option params [required, String] :resource_id
|
840
842
|
# The ID of the resource that has violations.
|
841
843
|
#
|
842
844
|
# @option params [required, String] :resource_type
|
843
|
-
# The resource type. This is in the format shown in the [
|
844
|
-
# Types Reference][1]. Supported resource types are:
|
845
|
+
# The resource type. This is in the format shown in the [Amazon Web
|
846
|
+
# Services Resource Types Reference][1]. Supported resource types are:
|
845
847
|
# `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`,
|
846
848
|
# `AWS::EC2::SecurityGroup`, `AWS::NetworkFirewall::FirewallPolicy`, and
|
847
849
|
# `AWS::EC2::Subnet`.
|
@@ -934,6 +936,129 @@ module Aws::FMS
|
|
934
936
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups #=> Array
|
935
937
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].rule_group_name #=> String
|
936
938
|
# resp.violation_detail.resource_violations[0].network_firewall_policy_modified_violation.expected_policy_description.stateful_rule_groups[0].resource_id #=> String
|
939
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_id #=> String
|
940
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.subnet_availability_zone #=> String
|
941
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.route_table_id #=> String
|
942
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.violating_routes #=> Array
|
943
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.violating_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
944
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.violating_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
945
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.violating_routes[0].destination #=> String
|
946
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.violating_routes[0].target #=> String
|
947
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.is_route_table_used_in_different_az #=> Boolean
|
948
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.current_firewall_subnet_route_table #=> String
|
949
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_endpoint #=> String
|
950
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.firewall_subnet_id #=> String
|
951
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes #=> Array
|
952
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].ip_v4_cidr #=> String
|
953
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].prefix_list_id #=> String
|
954
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].ip_v6_cidr #=> String
|
955
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].contributing_subnets #=> Array
|
956
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].contributing_subnets[0] #=> String
|
957
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].allowed_targets #=> Array
|
958
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].allowed_targets[0] #=> String
|
959
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_firewall_subnet_routes[0].route_table_id #=> String
|
960
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_firewall_subnet_routes #=> Array
|
961
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_firewall_subnet_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
962
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_firewall_subnet_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
963
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_firewall_subnet_routes[0].destination #=> String
|
964
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_firewall_subnet_routes[0].target #=> String
|
965
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.internet_gateway_id #=> String
|
966
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.current_internet_gateway_route_table #=> String
|
967
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes #=> Array
|
968
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].ip_v4_cidr #=> String
|
969
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].prefix_list_id #=> String
|
970
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].ip_v6_cidr #=> String
|
971
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].contributing_subnets #=> Array
|
972
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].contributing_subnets[0] #=> String
|
973
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].allowed_targets #=> Array
|
974
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].allowed_targets[0] #=> String
|
975
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.expected_internet_gateway_routes[0].route_table_id #=> String
|
976
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_internet_gateway_routes #=> Array
|
977
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_internet_gateway_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
978
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_internet_gateway_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
979
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_internet_gateway_routes[0].destination #=> String
|
980
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.actual_internet_gateway_routes[0].target #=> String
|
981
|
+
# resp.violation_detail.resource_violations[0].network_firewall_internet_traffic_not_inspected_violation.vpc_id #=> String
|
982
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.affected_subnets #=> Array
|
983
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.affected_subnets[0] #=> String
|
984
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.route_table_id #=> String
|
985
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.is_route_table_used_in_different_az #=> Boolean
|
986
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.violating_route.destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
987
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.violating_route.target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
988
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.violating_route.destination #=> String
|
989
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.violating_route.target #=> String
|
990
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.current_firewall_subnet_route_table #=> String
|
991
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_endpoint #=> String
|
992
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_endpoint #=> String
|
993
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_id #=> String
|
994
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_subnet_id #=> String
|
995
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes #=> Array
|
996
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].ip_v4_cidr #=> String
|
997
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].prefix_list_id #=> String
|
998
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].ip_v6_cidr #=> String
|
999
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].contributing_subnets #=> Array
|
1000
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].contributing_subnets[0] #=> String
|
1001
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].allowed_targets #=> Array
|
1002
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].allowed_targets[0] #=> String
|
1003
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_firewall_subnet_routes[0].route_table_id #=> String
|
1004
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_subnet_routes #=> Array
|
1005
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_subnet_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
1006
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_subnet_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
1007
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_subnet_routes[0].destination #=> String
|
1008
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_firewall_subnet_routes[0].target #=> String
|
1009
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.internet_gateway_id #=> String
|
1010
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.current_internet_gateway_route_table #=> String
|
1011
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes #=> Array
|
1012
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].ip_v4_cidr #=> String
|
1013
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].prefix_list_id #=> String
|
1014
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].ip_v6_cidr #=> String
|
1015
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].contributing_subnets #=> Array
|
1016
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].contributing_subnets[0] #=> String
|
1017
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].allowed_targets #=> Array
|
1018
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].allowed_targets[0] #=> String
|
1019
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.expected_internet_gateway_routes[0].route_table_id #=> String
|
1020
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_internet_gateway_routes #=> Array
|
1021
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_internet_gateway_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
1022
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_internet_gateway_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
1023
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_internet_gateway_routes[0].destination #=> String
|
1024
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.actual_internet_gateway_routes[0].target #=> String
|
1025
|
+
# resp.violation_detail.resource_violations[0].network_firewall_invalid_route_configuration_violation.vpc_id #=> String
|
1026
|
+
# resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.violation_target #=> String
|
1027
|
+
# resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.route_table_id #=> String
|
1028
|
+
# resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.vpc_id #=> String
|
1029
|
+
# resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.violating_routes #=> Array
|
1030
|
+
# resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.violating_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
1031
|
+
# resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.violating_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
1032
|
+
# resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.violating_routes[0].destination #=> String
|
1033
|
+
# resp.violation_detail.resource_violations[0].network_firewall_black_hole_route_detected_violation.violating_routes[0].target #=> String
|
1034
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.firewall_subnet_id #=> String
|
1035
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.violating_routes #=> Array
|
1036
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.violating_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
1037
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.violating_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
1038
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.violating_routes[0].destination #=> String
|
1039
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.violating_routes[0].target #=> String
|
1040
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.route_table_id #=> String
|
1041
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.firewall_endpoint #=> String
|
1042
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_firewall_routes_violation.vpc_id #=> String
|
1043
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.gateway_id #=> String
|
1044
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.violating_routes #=> Array
|
1045
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.violating_routes[0].destination_type #=> String, one of "IPV4", "IPV6", "PREFIX_LIST"
|
1046
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.violating_routes[0].target_type #=> String, one of "GATEWAY", "CARRIER_GATEWAY", "INSTANCE", "LOCAL_GATEWAY", "NAT_GATEWAY", "NETWORK_INTERFACE", "VPC_ENDPOINT", "VPC_PEERING_CONNECTION", "EGRESS_ONLY_INTERNET_GATEWAY", "TRANSIT_GATEWAY"
|
1047
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.violating_routes[0].destination #=> String
|
1048
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.violating_routes[0].target #=> String
|
1049
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.route_table_id #=> String
|
1050
|
+
# resp.violation_detail.resource_violations[0].network_firewall_unexpected_gateway_routes_violation.vpc_id #=> String
|
1051
|
+
# resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.violation_target #=> String
|
1052
|
+
# resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes #=> Array
|
1053
|
+
# resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].ip_v4_cidr #=> String
|
1054
|
+
# resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].prefix_list_id #=> String
|
1055
|
+
# resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].ip_v6_cidr #=> String
|
1056
|
+
# resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].contributing_subnets #=> Array
|
1057
|
+
# resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].contributing_subnets[0] #=> String
|
1058
|
+
# resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].allowed_targets #=> Array
|
1059
|
+
# resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].allowed_targets[0] #=> String
|
1060
|
+
# resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.expected_routes[0].route_table_id #=> String
|
1061
|
+
# resp.violation_detail.resource_violations[0].network_firewall_missing_expected_routes_violation.vpc_id #=> String
|
937
1062
|
# resp.violation_detail.resource_violations[0].dns_rule_group_priority_conflict_violation.violation_target #=> String
|
938
1063
|
# resp.violation_detail.resource_violations[0].dns_rule_group_priority_conflict_violation.violation_target_description #=> String
|
939
1064
|
# resp.violation_detail.resource_violations[0].dns_rule_group_priority_conflict_violation.conflicting_priority #=> Integer
|
@@ -945,6 +1070,57 @@ module Aws::FMS
|
|
945
1070
|
# resp.violation_detail.resource_violations[0].dns_rule_group_limit_exceeded_violation.violation_target #=> String
|
946
1071
|
# resp.violation_detail.resource_violations[0].dns_rule_group_limit_exceeded_violation.violation_target_description #=> String
|
947
1072
|
# resp.violation_detail.resource_violations[0].dns_rule_group_limit_exceeded_violation.number_of_rule_groups_already_associated #=> Integer
|
1073
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.description #=> String
|
1074
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions #=> Array
|
1075
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].description #=> String
|
1076
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions #=> Array
|
1077
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.description #=> String
|
1078
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.description #=> String
|
1079
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.destination_cidr_block #=> String
|
1080
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.destination_prefix_list_id #=> String
|
1081
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.destination_ipv_6_cidr_block #=> String
|
1082
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.vpc_endpoint_id.resource_id #=> String
|
1083
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.vpc_endpoint_id.description #=> String
|
1084
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.gateway_id.resource_id #=> String
|
1085
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.gateway_id.description #=> String
|
1086
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.route_table_id.resource_id #=> String
|
1087
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_action.route_table_id.description #=> String
|
1088
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.description #=> String
|
1089
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.destination_cidr_block #=> String
|
1090
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.destination_prefix_list_id #=> String
|
1091
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.destination_ipv_6_cidr_block #=> String
|
1092
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.gateway_id.resource_id #=> String
|
1093
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.gateway_id.description #=> String
|
1094
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.route_table_id.resource_id #=> String
|
1095
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_action.route_table_id.description #=> String
|
1096
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_delete_route_action.description #=> String
|
1097
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_delete_route_action.destination_cidr_block #=> String
|
1098
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_delete_route_action.destination_prefix_list_id #=> String
|
1099
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_delete_route_action.destination_ipv_6_cidr_block #=> String
|
1100
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_delete_route_action.route_table_id.resource_id #=> String
|
1101
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_delete_route_action.route_table_id.description #=> String
|
1102
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_copy_route_table_action.description #=> String
|
1103
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_copy_route_table_action.vpc_id.resource_id #=> String
|
1104
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_copy_route_table_action.vpc_id.description #=> String
|
1105
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_copy_route_table_action.route_table_id.resource_id #=> String
|
1106
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_copy_route_table_action.route_table_id.description #=> String
|
1107
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_table_association_action.description #=> String
|
1108
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_table_association_action.association_id.resource_id #=> String
|
1109
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_table_association_action.association_id.description #=> String
|
1110
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_table_association_action.route_table_id.resource_id #=> String
|
1111
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_replace_route_table_association_action.route_table_id.description #=> String
|
1112
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.description #=> String
|
1113
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.route_table_id.resource_id #=> String
|
1114
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.route_table_id.description #=> String
|
1115
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.subnet_id.resource_id #=> String
|
1116
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.subnet_id.description #=> String
|
1117
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.gateway_id.resource_id #=> String
|
1118
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_associate_route_table_action.gateway_id.description #=> String
|
1119
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_table_action.description #=> String
|
1120
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_table_action.vpc_id.resource_id #=> String
|
1121
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.ec2_create_route_table_action.vpc_id.description #=> String
|
1122
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].order #=> Integer
|
1123
|
+
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].is_default_action #=> Boolean
|
948
1124
|
# resp.violation_detail.resource_tags #=> Array
|
949
1125
|
# resp.violation_detail.resource_tags[0].key #=> String
|
950
1126
|
# resp.violation_detail.resource_tags[0].value #=> String
|
@@ -962,23 +1138,23 @@ module Aws::FMS
|
|
962
1138
|
# Returns an array of `AppsListDataSummary` objects.
|
963
1139
|
#
|
964
1140
|
# @option params [Boolean] :default_lists
|
965
|
-
# Specifies whether the lists to retrieve are default lists owned by
|
1141
|
+
# Specifies whether the lists to retrieve are default lists owned by
|
966
1142
|
# Firewall Manager.
|
967
1143
|
#
|
968
1144
|
# @option params [String] :next_token
|
969
1145
|
# If you specify a value for `MaxResults` in your list request, and you
|
970
|
-
# have more objects than the maximum,
|
1146
|
+
# have more objects than the maximum, Firewall Manager returns this
|
971
1147
|
# token in the response. For all but the first request, you provide the
|
972
1148
|
# token returned by the prior request in the request parameters, to
|
973
1149
|
# retrieve the next batch of objects.
|
974
1150
|
#
|
975
1151
|
# @option params [required, Integer] :max_results
|
976
|
-
# The maximum number of objects that you want
|
977
|
-
#
|
978
|
-
#
|
979
|
-
#
|
1152
|
+
# The maximum number of objects that you want Firewall Manager to return
|
1153
|
+
# for this request. If more objects are available, in the response,
|
1154
|
+
# Firewall Manager provides a `NextToken` value that you can use in a
|
1155
|
+
# subsequent call to get the next batch of objects.
|
980
1156
|
#
|
981
|
-
# If you don't specify this,
|
1157
|
+
# If you don't specify this, Firewall Manager returns all available
|
982
1158
|
# objects.
|
983
1159
|
#
|
984
1160
|
# @return [Types::ListAppsListsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
@@ -986,6 +1162,8 @@ module Aws::FMS
|
|
986
1162
|
# * {Types::ListAppsListsResponse#apps_lists #apps_lists} => Array<Types::AppsListDataSummary>
|
987
1163
|
# * {Types::ListAppsListsResponse#next_token #next_token} => String
|
988
1164
|
#
|
1165
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
1166
|
+
#
|
989
1167
|
# @example Request syntax with placeholder values
|
990
1168
|
#
|
991
1169
|
# resp = client.list_apps_lists({
|
@@ -1020,13 +1198,12 @@ module Aws::FMS
|
|
1020
1198
|
# protected by the specified policy.
|
1021
1199
|
#
|
1022
1200
|
# @option params [required, String] :policy_id
|
1023
|
-
# The ID of the
|
1024
|
-
# for.
|
1201
|
+
# The ID of the Firewall Manager policy that you want the details for.
|
1025
1202
|
#
|
1026
1203
|
# @option params [String] :next_token
|
1027
1204
|
# If you specify a value for `MaxResults` and you have more
|
1028
1205
|
# `PolicyComplianceStatus` objects than the number that you specify for
|
1029
|
-
# `MaxResults`,
|
1206
|
+
# `MaxResults`, Firewall Manager returns a `NextToken` value in the
|
1030
1207
|
# response that allows you to list another group of
|
1031
1208
|
# `PolicyComplianceStatus` objects. For the second and subsequent
|
1032
1209
|
# `ListComplianceStatus` requests, specify the value of `NextToken` from
|
@@ -1035,7 +1212,7 @@ module Aws::FMS
|
|
1035
1212
|
#
|
1036
1213
|
# @option params [Integer] :max_results
|
1037
1214
|
# Specifies the number of `PolicyComplianceStatus` objects that you want
|
1038
|
-
#
|
1215
|
+
# Firewall Manager to return for this request. If you have more
|
1039
1216
|
# `PolicyComplianceStatus` objects than the number that you specify for
|
1040
1217
|
# `MaxResults`, the response includes a `NextToken` value that you can
|
1041
1218
|
# use to get another batch of `PolicyComplianceStatus` objects.
|
@@ -1081,22 +1258,22 @@ module Aws::FMS
|
|
1081
1258
|
end
|
1082
1259
|
|
1083
1260
|
# Returns a `MemberAccounts` object that lists the member accounts in
|
1084
|
-
# the administrator's
|
1261
|
+
# the administrator's Amazon Web Services organization.
|
1085
1262
|
#
|
1086
1263
|
# The `ListMemberAccounts` must be submitted by the account that is set
|
1087
|
-
# as the
|
1264
|
+
# as the Firewall Manager administrator.
|
1088
1265
|
#
|
1089
1266
|
# @option params [String] :next_token
|
1090
1267
|
# If you specify a value for `MaxResults` and you have more account IDs
|
1091
|
-
# than the number that you specify for `MaxResults`,
|
1092
|
-
#
|
1093
|
-
#
|
1268
|
+
# than the number that you specify for `MaxResults`, Firewall Manager
|
1269
|
+
# returns a `NextToken` value in the response that allows you to list
|
1270
|
+
# another group of IDs. For the second and subsequent
|
1094
1271
|
# `ListMemberAccountsRequest` requests, specify the value of `NextToken`
|
1095
1272
|
# from the previous response to get information about another batch of
|
1096
1273
|
# member account IDs.
|
1097
1274
|
#
|
1098
1275
|
# @option params [Integer] :max_results
|
1099
|
-
# Specifies the number of member account IDs that you want
|
1276
|
+
# Specifies the number of member account IDs that you want Firewall
|
1100
1277
|
# Manager to return for this request. If you have more IDs than the
|
1101
1278
|
# number that you specify for `MaxResults`, the response includes a
|
1102
1279
|
# `NextToken` value that you can use to get another batch of member
|
@@ -1136,18 +1313,18 @@ module Aws::FMS
|
|
1136
1313
|
# @option params [String] :next_token
|
1137
1314
|
# If you specify a value for `MaxResults` and you have more
|
1138
1315
|
# `PolicySummary` objects than the number that you specify for
|
1139
|
-
# `MaxResults`,
|
1316
|
+
# `MaxResults`, Firewall Manager returns a `NextToken` value in the
|
1140
1317
|
# response that allows you to list another group of `PolicySummary`
|
1141
1318
|
# objects. For the second and subsequent `ListPolicies` requests,
|
1142
1319
|
# specify the value of `NextToken` from the previous response to get
|
1143
1320
|
# information about another batch of `PolicySummary` objects.
|
1144
1321
|
#
|
1145
1322
|
# @option params [Integer] :max_results
|
1146
|
-
# Specifies the number of `PolicySummary` objects that you want
|
1147
|
-
#
|
1148
|
-
#
|
1149
|
-
#
|
1150
|
-
#
|
1323
|
+
# Specifies the number of `PolicySummary` objects that you want Firewall
|
1324
|
+
# Manager to return for this request. If you have more `PolicySummary`
|
1325
|
+
# objects than the number that you specify for `MaxResults`, the
|
1326
|
+
# response includes a `NextToken` value that you can use to get another
|
1327
|
+
# batch of `PolicySummary` objects.
|
1151
1328
|
#
|
1152
1329
|
# @return [Types::ListPoliciesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1153
1330
|
#
|
@@ -1186,23 +1363,23 @@ module Aws::FMS
|
|
1186
1363
|
# Returns an array of `ProtocolsListDataSummary` objects.
|
1187
1364
|
#
|
1188
1365
|
# @option params [Boolean] :default_lists
|
1189
|
-
# Specifies whether the lists to retrieve are default lists owned by
|
1366
|
+
# Specifies whether the lists to retrieve are default lists owned by
|
1190
1367
|
# Firewall Manager.
|
1191
1368
|
#
|
1192
1369
|
# @option params [String] :next_token
|
1193
1370
|
# If you specify a value for `MaxResults` in your list request, and you
|
1194
|
-
# have more objects than the maximum,
|
1371
|
+
# have more objects than the maximum, Firewall Manager returns this
|
1195
1372
|
# token in the response. For all but the first request, you provide the
|
1196
1373
|
# token returned by the prior request in the request parameters, to
|
1197
1374
|
# retrieve the next batch of objects.
|
1198
1375
|
#
|
1199
1376
|
# @option params [required, Integer] :max_results
|
1200
|
-
# The maximum number of objects that you want
|
1201
|
-
#
|
1202
|
-
#
|
1203
|
-
#
|
1377
|
+
# The maximum number of objects that you want Firewall Manager to return
|
1378
|
+
# for this request. If more objects are available, in the response,
|
1379
|
+
# Firewall Manager provides a `NextToken` value that you can use in a
|
1380
|
+
# subsequent call to get the next batch of objects.
|
1204
1381
|
#
|
1205
|
-
# If you don't specify this,
|
1382
|
+
# If you don't specify this, Firewall Manager returns all available
|
1206
1383
|
# objects.
|
1207
1384
|
#
|
1208
1385
|
# @return [Types::ListProtocolsListsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
@@ -1210,6 +1387,8 @@ module Aws::FMS
|
|
1210
1387
|
# * {Types::ListProtocolsListsResponse#protocols_lists #protocols_lists} => Array<Types::ProtocolsListDataSummary>
|
1211
1388
|
# * {Types::ListProtocolsListsResponse#next_token #next_token} => String
|
1212
1389
|
#
|
1390
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
1391
|
+
#
|
1213
1392
|
# @example Request syntax with placeholder values
|
1214
1393
|
#
|
1215
1394
|
# resp = client.list_protocols_lists({
|
@@ -1237,11 +1416,12 @@ module Aws::FMS
|
|
1237
1416
|
req.send_request(options)
|
1238
1417
|
end
|
1239
1418
|
|
1240
|
-
# Retrieves the list of tags for the specified
|
1419
|
+
# Retrieves the list of tags for the specified Amazon Web Services
|
1420
|
+
# resource.
|
1241
1421
|
#
|
1242
1422
|
# @option params [required, String] :resource_arn
|
1243
1423
|
# The Amazon Resource Name (ARN) of the resource to return tags for. The
|
1244
|
-
#
|
1424
|
+
# Firewall Manager resources that support tagging are policies,
|
1245
1425
|
# applications lists, and protocols lists.
|
1246
1426
|
#
|
1247
1427
|
# @return [Types::ListTagsForResourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
@@ -1269,11 +1449,10 @@ module Aws::FMS
|
|
1269
1449
|
req.send_request(options)
|
1270
1450
|
end
|
1271
1451
|
|
1272
|
-
# Creates an
|
1452
|
+
# Creates an Firewall Manager applications list.
|
1273
1453
|
#
|
1274
1454
|
# @option params [required, Types::AppsListData] :apps_list
|
1275
|
-
# The details of the
|
1276
|
-
# created.
|
1455
|
+
# The details of the Firewall Manager applications list to be created.
|
1277
1456
|
#
|
1278
1457
|
# @option params [Array<Types::Tag>] :tag_list
|
1279
1458
|
# The tags associated with the resource.
|
@@ -1345,12 +1524,12 @@ module Aws::FMS
|
|
1345
1524
|
end
|
1346
1525
|
|
1347
1526
|
# Designates the IAM role and Amazon Simple Notification Service (SNS)
|
1348
|
-
# topic that
|
1527
|
+
# topic that Firewall Manager uses to record SNS logs.
|
1349
1528
|
#
|
1350
1529
|
# To perform this action outside of the console, you must configure the
|
1351
1530
|
# SNS topic to allow the Firewall Manager role `AWSServiceRoleForFMS` to
|
1352
1531
|
# publish SNS logs. For more information, see [Firewall Manager required
|
1353
|
-
# permissions for API actions][1] in the *
|
1532
|
+
# permissions for API actions][1] in the *Firewall Manager Developer
|
1354
1533
|
# Guide*.
|
1355
1534
|
#
|
1356
1535
|
#
|
@@ -1359,11 +1538,11 @@ module Aws::FMS
|
|
1359
1538
|
#
|
1360
1539
|
# @option params [required, String] :sns_topic_arn
|
1361
1540
|
# The Amazon Resource Name (ARN) of the SNS topic that collects
|
1362
|
-
# notifications from
|
1541
|
+
# notifications from Firewall Manager.
|
1363
1542
|
#
|
1364
1543
|
# @option params [required, String] :sns_role_name
|
1365
1544
|
# The Amazon Resource Name (ARN) of the IAM role that allows Amazon SNS
|
1366
|
-
# to record
|
1545
|
+
# to record Firewall Manager activity.
|
1367
1546
|
#
|
1368
1547
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
1369
1548
|
#
|
@@ -1383,24 +1562,27 @@ module Aws::FMS
|
|
1383
1562
|
req.send_request(options)
|
1384
1563
|
end
|
1385
1564
|
|
1386
|
-
# Creates an
|
1565
|
+
# Creates an Firewall Manager policy.
|
1387
1566
|
#
|
1388
1567
|
# Firewall Manager provides the following types of policies:
|
1389
1568
|
#
|
1390
|
-
# * An
|
1391
|
-
#
|
1392
|
-
#
|
1569
|
+
# * An WAF policy (type WAFV2), which defines rule groups to run first
|
1570
|
+
# in the corresponding WAF web ACL and rule groups to run last in the
|
1571
|
+
# web ACL.
|
1393
1572
|
#
|
1394
|
-
# * An
|
1573
|
+
# * An WAF Classic policy (type WAF), which defines a rule group.
|
1395
1574
|
#
|
1396
1575
|
# * A Shield Advanced policy, which applies Shield Advanced protection
|
1397
1576
|
# to specified accounts and resources.
|
1398
1577
|
#
|
1399
1578
|
# * A security group policy, which manages VPC security groups across
|
1400
|
-
# your
|
1579
|
+
# your Amazon Web Services organization.
|
1580
|
+
#
|
1581
|
+
# * An Network Firewall policy, which provides firewall rules to filter
|
1582
|
+
# network traffic in specified Amazon VPCs.
|
1401
1583
|
#
|
1402
|
-
# *
|
1403
|
-
# filter
|
1584
|
+
# * A DNS Firewall policy, which provides Route 53 Resolver DNS Firewall
|
1585
|
+
# rules to filter DNS queries for specified VPCs.
|
1404
1586
|
#
|
1405
1587
|
# Each policy is specific to one of the types. If you want to enforce
|
1406
1588
|
# more than one policy type across accounts, create multiple policies.
|
@@ -1415,10 +1597,10 @@ module Aws::FMS
|
|
1415
1597
|
# [1]: https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_CreateSubscription.html
|
1416
1598
|
#
|
1417
1599
|
# @option params [required, Types::Policy] :policy
|
1418
|
-
# The details of the
|
1600
|
+
# The details of the Firewall Manager policy to be created.
|
1419
1601
|
#
|
1420
1602
|
# @option params [Array<Types::Tag>] :tag_list
|
1421
|
-
# The tags to add to the
|
1603
|
+
# The tags to add to the Amazon Web Services resource.
|
1422
1604
|
#
|
1423
1605
|
# @return [Types::PutPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1424
1606
|
#
|
@@ -1493,10 +1675,10 @@ module Aws::FMS
|
|
1493
1675
|
req.send_request(options)
|
1494
1676
|
end
|
1495
1677
|
|
1496
|
-
# Creates an
|
1678
|
+
# Creates an Firewall Manager protocols list.
|
1497
1679
|
#
|
1498
1680
|
# @option params [required, Types::ProtocolsListData] :protocols_list
|
1499
|
-
# The details of the
|
1681
|
+
# The details of the Firewall Manager protocols list to be created.
|
1500
1682
|
#
|
1501
1683
|
# @option params [Array<Types::Tag>] :tag_list
|
1502
1684
|
# The tags associated with the resource.
|
@@ -1551,11 +1733,11 @@ module Aws::FMS
|
|
1551
1733
|
req.send_request(options)
|
1552
1734
|
end
|
1553
1735
|
|
1554
|
-
# Adds one or more tags to an
|
1736
|
+
# Adds one or more tags to an Amazon Web Services resource.
|
1555
1737
|
#
|
1556
1738
|
# @option params [required, String] :resource_arn
|
1557
1739
|
# The Amazon Resource Name (ARN) of the resource to return tags for. The
|
1558
|
-
#
|
1740
|
+
# Firewall Manager resources that support tagging are policies,
|
1559
1741
|
# applications lists, and protocols lists.
|
1560
1742
|
#
|
1561
1743
|
# @option params [required, Array<Types::Tag>] :tag_list
|
@@ -1584,11 +1766,11 @@ module Aws::FMS
|
|
1584
1766
|
req.send_request(options)
|
1585
1767
|
end
|
1586
1768
|
|
1587
|
-
# Removes one or more tags from an
|
1769
|
+
# Removes one or more tags from an Amazon Web Services resource.
|
1588
1770
|
#
|
1589
1771
|
# @option params [required, String] :resource_arn
|
1590
1772
|
# The Amazon Resource Name (ARN) of the resource to return tags for. The
|
1591
|
-
#
|
1773
|
+
# Firewall Manager resources that support tagging are policies,
|
1592
1774
|
# applications lists, and protocols lists.
|
1593
1775
|
#
|
1594
1776
|
# @option params [required, Array<String>] :tag_keys
|
@@ -1625,7 +1807,7 @@ module Aws::FMS
|
|
1625
1807
|
params: params,
|
1626
1808
|
config: config)
|
1627
1809
|
context[:gem_name] = 'aws-sdk-fms'
|
1628
|
-
context[:gem_version] = '1.
|
1810
|
+
context[:gem_version] = '1.37.0'
|
1629
1811
|
Seahorse::Client::Request.new(handlers, context)
|
1630
1812
|
end
|
1631
1813
|
|