aws-sdk-fms 1.55.0 → 1.56.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-fms/client.rb +271 -31
- data/lib/aws-sdk-fms/client_api.rb +151 -0
- data/lib/aws-sdk-fms/endpoint_parameters.rb +0 -3
- data/lib/aws-sdk-fms/endpoint_provider.rb +27 -24
- data/lib/aws-sdk-fms/endpoints.rb +56 -0
- data/lib/aws-sdk-fms/plugins/endpoints.rb +8 -0
- data/lib/aws-sdk-fms/types.rb +568 -31
- data/lib/aws-sdk-fms.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f4fe6652a910bf76a4179cd1380b09663e75accbab7b58a10fb5bd779beda2ab
|
4
|
+
data.tar.gz: a2c4001eac09f87c38e8a0d2083d0a870591a49d019ff2ce942c1770167eeff0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0ed50f3792e117084ee2a68247df84ed7e56dd70a21ea444c0cac1628637762b85204bb8803d1df9ef7077d92ecb0cb79c2563f05bd03fe815b5e3460ecbe50d
|
7
|
+
data.tar.gz: 9be2cc562fffcc79a59cb139d080efea9159ee30997532de1101013f6bc10cb9b0a6c6f9fb0d9a116905482fba7663534e1454f630a58d7b1431ad65e64d7628
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,11 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.56.0 (2023-04-21)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - AWS Firewall Manager adds support for multiple administrators. You can now delegate more than one administrator per organization.
|
8
|
+
|
4
9
|
1.55.0 (2023-01-18)
|
5
10
|
------------------
|
6
11
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.56.0
|
data/lib/aws-sdk-fms/client.rb
CHANGED
@@ -378,18 +378,26 @@ module Aws::FMS
|
|
378
378
|
|
379
379
|
# @!group API Operations
|
380
380
|
|
381
|
-
# Sets
|
382
|
-
#
|
383
|
-
#
|
384
|
-
#
|
381
|
+
# Sets a Firewall Manager default administrator account. The Firewall
|
382
|
+
# Manager default administrator account can manage third-party firewalls
|
383
|
+
# and has full administrative scope that allows administration of all
|
384
|
+
# policy types, accounts, organizational units, and Regions. This
|
385
|
+
# account must be a member account of the organization in Organizations
|
386
|
+
# whose resources you want to protect.
|
385
387
|
#
|
386
|
-
#
|
387
|
-
# Firewall Manager
|
388
|
+
# For information about working with Firewall Manager administrator
|
389
|
+
# accounts, see [Managing Firewall Manager administrators][1] in the
|
390
|
+
# *Firewall Manager Developer Guide*.
|
391
|
+
#
|
392
|
+
#
|
393
|
+
#
|
394
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/fms-administrators.html
|
388
395
|
#
|
389
396
|
# @option params [required, String] :admin_account
|
390
397
|
# The Amazon Web Services account ID to associate with Firewall Manager
|
391
|
-
# as the Firewall Manager administrator account. This
|
392
|
-
#
|
398
|
+
# as the Firewall Manager default administrator account. This account
|
399
|
+
# must be a member account of the organization in Organizations whose
|
400
|
+
# resources you want to protect. For more information about
|
393
401
|
# Organizations, see [Managing the Amazon Web Services Accounts in Your
|
394
402
|
# Organization][1].
|
395
403
|
#
|
@@ -448,8 +456,8 @@ module Aws::FMS
|
|
448
456
|
# Associate resources to a Firewall Manager resource set.
|
449
457
|
#
|
450
458
|
# @option params [required, String] :resource_set_identifier
|
451
|
-
# A unique identifier for the resource set, used in a
|
452
|
-
# the resource set.
|
459
|
+
# A unique identifier for the resource set, used in a request to refer
|
460
|
+
# to the resource set.
|
453
461
|
#
|
454
462
|
# @option params [required, Array<String>] :items
|
455
463
|
# The uniform resource identifiers (URIs) of resources that should be
|
@@ -487,8 +495,8 @@ module Aws::FMS
|
|
487
495
|
# Disassociates resources from a Firewall Manager resource set.
|
488
496
|
#
|
489
497
|
# @option params [required, String] :resource_set_identifier
|
490
|
-
# A unique identifier for the resource set, used in a
|
491
|
-
# the resource set.
|
498
|
+
# A unique identifier for the resource set, used in a request to refer
|
499
|
+
# to the resource set.
|
492
500
|
#
|
493
501
|
# @option params [required, Array<String>] :items
|
494
502
|
# The uniform resource identifiers (URI) of resources that should be
|
@@ -642,8 +650,8 @@ module Aws::FMS
|
|
642
650
|
# Deletes the specified ResourceSet.
|
643
651
|
#
|
644
652
|
# @option params [required, String] :identifier
|
645
|
-
# A unique identifier for the resource set, used in a
|
646
|
-
# the resource set.
|
653
|
+
# A unique identifier for the resource set, used in a request to refer
|
654
|
+
# to the resource set.
|
647
655
|
#
|
648
656
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
649
657
|
#
|
@@ -662,9 +670,15 @@ module Aws::FMS
|
|
662
670
|
req.send_request(options)
|
663
671
|
end
|
664
672
|
|
665
|
-
# Disassociates
|
666
|
-
#
|
667
|
-
#
|
673
|
+
# Disassociates an Firewall Manager administrator account. To set a
|
674
|
+
# different account as an Firewall Manager administrator, submit a
|
675
|
+
# PutAdminAccount request. To set an account as a default administrator
|
676
|
+
# account, you must submit an AssociateAdminAccount request.
|
677
|
+
#
|
678
|
+
# Disassociation of the default administrator account follows the first
|
679
|
+
# in, last out principle. If you are the default administrator, all
|
680
|
+
# Firewall Manager administrators within the organization must first
|
681
|
+
# disassociate their accounts before you can disassociate your account.
|
668
682
|
#
|
669
683
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
670
684
|
#
|
@@ -709,7 +723,7 @@ module Aws::FMS
|
|
709
723
|
end
|
710
724
|
|
711
725
|
# Returns the Organizations account that is associated with Firewall
|
712
|
-
# Manager as the Firewall Manager administrator.
|
726
|
+
# Manager as the Firewall Manager default administrator.
|
713
727
|
#
|
714
728
|
# @return [Types::GetAdminAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
715
729
|
#
|
@@ -730,6 +744,51 @@ module Aws::FMS
|
|
730
744
|
req.send_request(options)
|
731
745
|
end
|
732
746
|
|
747
|
+
# Returns information about the specified account's administrative
|
748
|
+
# scope. The admistrative scope defines the resources that an Firewall
|
749
|
+
# Manager administrator can manage.
|
750
|
+
#
|
751
|
+
# @option params [required, String] :admin_account
|
752
|
+
# The administator account that you want to get the details for.
|
753
|
+
#
|
754
|
+
# @return [Types::GetAdminScopeResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
755
|
+
#
|
756
|
+
# * {Types::GetAdminScopeResponse#admin_scope #admin_scope} => Types::AdminScope
|
757
|
+
# * {Types::GetAdminScopeResponse#status #status} => String
|
758
|
+
#
|
759
|
+
# @example Request syntax with placeholder values
|
760
|
+
#
|
761
|
+
# resp = client.get_admin_scope({
|
762
|
+
# admin_account: "AWSAccountId", # required
|
763
|
+
# })
|
764
|
+
#
|
765
|
+
# @example Response structure
|
766
|
+
#
|
767
|
+
# resp.admin_scope.account_scope.accounts #=> Array
|
768
|
+
# resp.admin_scope.account_scope.accounts[0] #=> String
|
769
|
+
# resp.admin_scope.account_scope.all_accounts_enabled #=> Boolean
|
770
|
+
# resp.admin_scope.account_scope.exclude_specified_accounts #=> Boolean
|
771
|
+
# resp.admin_scope.organizational_unit_scope.organizational_units #=> Array
|
772
|
+
# resp.admin_scope.organizational_unit_scope.organizational_units[0] #=> String
|
773
|
+
# resp.admin_scope.organizational_unit_scope.all_organizational_units_enabled #=> Boolean
|
774
|
+
# resp.admin_scope.organizational_unit_scope.exclude_specified_organizational_units #=> Boolean
|
775
|
+
# resp.admin_scope.region_scope.regions #=> Array
|
776
|
+
# resp.admin_scope.region_scope.regions[0] #=> String
|
777
|
+
# resp.admin_scope.region_scope.all_regions_enabled #=> Boolean
|
778
|
+
# resp.admin_scope.policy_type_scope.policy_types #=> Array
|
779
|
+
# resp.admin_scope.policy_type_scope.policy_types[0] #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL"
|
780
|
+
# resp.admin_scope.policy_type_scope.all_policy_types_enabled #=> Boolean
|
781
|
+
# resp.status #=> String, one of "ONBOARDING", "ONBOARDING_COMPLETE", "OFFBOARDING", "OFFBOARDING_COMPLETE"
|
782
|
+
#
|
783
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminScope AWS API Documentation
|
784
|
+
#
|
785
|
+
# @overload get_admin_scope(params = {})
|
786
|
+
# @param [Hash] params ({})
|
787
|
+
def get_admin_scope(params = {}, options = {})
|
788
|
+
req = build_request(:get_admin_scope, params)
|
789
|
+
req.send_request(options)
|
790
|
+
end
|
791
|
+
|
733
792
|
# Returns information about the specified Firewall Manager applications
|
734
793
|
# list.
|
735
794
|
#
|
@@ -911,6 +970,7 @@ module Aws::FMS
|
|
911
970
|
# resp.policy.resource_set_ids #=> Array
|
912
971
|
# resp.policy.resource_set_ids[0] #=> String
|
913
972
|
# resp.policy.policy_description #=> String
|
973
|
+
# resp.policy.policy_status #=> String, one of "ACTIVE", "OUT_OF_ADMIN_SCOPE"
|
914
974
|
# resp.policy_arn #=> String
|
915
975
|
#
|
916
976
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetPolicy AWS API Documentation
|
@@ -1043,8 +1103,8 @@ module Aws::FMS
|
|
1043
1103
|
# Gets information about a specific resource set.
|
1044
1104
|
#
|
1045
1105
|
# @option params [required, String] :identifier
|
1046
|
-
# A unique identifier for the resource set, used in a
|
1047
|
-
# the resource set.
|
1106
|
+
# A unique identifier for the resource set, used in a request to refer
|
1107
|
+
# to the resource set.
|
1048
1108
|
#
|
1049
1109
|
# @return [Types::GetResourceSetResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1050
1110
|
#
|
@@ -1066,6 +1126,7 @@ module Aws::FMS
|
|
1066
1126
|
# resp.resource_set.resource_type_list #=> Array
|
1067
1127
|
# resp.resource_set.resource_type_list[0] #=> String
|
1068
1128
|
# resp.resource_set.last_update_time #=> Time
|
1129
|
+
# resp.resource_set.resource_set_status #=> String, one of "ACTIVE", "OUT_OF_ADMIN_SCOPE"
|
1069
1130
|
# resp.resource_set_arn #=> String
|
1070
1131
|
#
|
1071
1132
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetResourceSet AWS API Documentation
|
@@ -1473,6 +1534,105 @@ module Aws::FMS
|
|
1473
1534
|
req.send_request(options)
|
1474
1535
|
end
|
1475
1536
|
|
1537
|
+
# Returns a `AdminAccounts` object that lists the Firewall Manager
|
1538
|
+
# administrators within the organization that are onboarded to Firewall
|
1539
|
+
# Manager by AssociateAdminAccount.
|
1540
|
+
#
|
1541
|
+
# This operation can be called only from the organization's management
|
1542
|
+
# account.
|
1543
|
+
#
|
1544
|
+
# @option params [String] :next_token
|
1545
|
+
# When you request a list of objects with a `MaxResults` setting, if the
|
1546
|
+
# number of objects that are still available for retrieval exceeds the
|
1547
|
+
# maximum you requested, Firewall Manager returns a `NextToken` value in
|
1548
|
+
# the response. To retrieve the next batch of objects, use the token
|
1549
|
+
# returned from the prior request in your next request.
|
1550
|
+
#
|
1551
|
+
# @option params [Integer] :max_results
|
1552
|
+
# The maximum number of objects that you want Firewall Manager to return
|
1553
|
+
# for this request. If more objects are available, in the response,
|
1554
|
+
# Firewall Manager provides a `NextToken` value that you can use in a
|
1555
|
+
# subsequent call to get the next batch of objects.
|
1556
|
+
#
|
1557
|
+
# @return [Types::ListAdminAccountsForOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1558
|
+
#
|
1559
|
+
# * {Types::ListAdminAccountsForOrganizationResponse#admin_accounts #admin_accounts} => Array<Types::AdminAccountSummary>
|
1560
|
+
# * {Types::ListAdminAccountsForOrganizationResponse#next_token #next_token} => String
|
1561
|
+
#
|
1562
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
1563
|
+
#
|
1564
|
+
# @example Request syntax with placeholder values
|
1565
|
+
#
|
1566
|
+
# resp = client.list_admin_accounts_for_organization({
|
1567
|
+
# next_token: "PaginationToken",
|
1568
|
+
# max_results: 1,
|
1569
|
+
# })
|
1570
|
+
#
|
1571
|
+
# @example Response structure
|
1572
|
+
#
|
1573
|
+
# resp.admin_accounts #=> Array
|
1574
|
+
# resp.admin_accounts[0].admin_account #=> String
|
1575
|
+
# resp.admin_accounts[0].default_admin #=> Boolean
|
1576
|
+
# resp.admin_accounts[0].status #=> String, one of "ONBOARDING", "ONBOARDING_COMPLETE", "OFFBOARDING", "OFFBOARDING_COMPLETE"
|
1577
|
+
# resp.next_token #=> String
|
1578
|
+
#
|
1579
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAdminAccountsForOrganization AWS API Documentation
|
1580
|
+
#
|
1581
|
+
# @overload list_admin_accounts_for_organization(params = {})
|
1582
|
+
# @param [Hash] params ({})
|
1583
|
+
def list_admin_accounts_for_organization(params = {}, options = {})
|
1584
|
+
req = build_request(:list_admin_accounts_for_organization, params)
|
1585
|
+
req.send_request(options)
|
1586
|
+
end
|
1587
|
+
|
1588
|
+
# Lists the accounts that are managing the specified Organizations
|
1589
|
+
# member account. This is useful for any member account so that they can
|
1590
|
+
# view the accounts who are managing their account. This operation only
|
1591
|
+
# returns the managing administrators that have the requested account
|
1592
|
+
# within their AdminScope.
|
1593
|
+
#
|
1594
|
+
# @option params [String] :next_token
|
1595
|
+
# When you request a list of objects with a `MaxResults` setting, if the
|
1596
|
+
# number of objects that are still available for retrieval exceeds the
|
1597
|
+
# maximum you requested, Firewall Manager returns a `NextToken` value in
|
1598
|
+
# the response. To retrieve the next batch of objects, use the token
|
1599
|
+
# returned from the prior request in your next request.
|
1600
|
+
#
|
1601
|
+
# @option params [Integer] :max_results
|
1602
|
+
# The maximum number of objects that you want Firewall Manager to return
|
1603
|
+
# for this request. If more objects are available, in the response,
|
1604
|
+
# Firewall Manager provides a `NextToken` value that you can use in a
|
1605
|
+
# subsequent call to get the next batch of objects.
|
1606
|
+
#
|
1607
|
+
# @return [Types::ListAdminsManagingAccountResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1608
|
+
#
|
1609
|
+
# * {Types::ListAdminsManagingAccountResponse#admin_accounts #admin_accounts} => Array<String>
|
1610
|
+
# * {Types::ListAdminsManagingAccountResponse#next_token #next_token} => String
|
1611
|
+
#
|
1612
|
+
# The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
|
1613
|
+
#
|
1614
|
+
# @example Request syntax with placeholder values
|
1615
|
+
#
|
1616
|
+
# resp = client.list_admins_managing_account({
|
1617
|
+
# next_token: "PaginationToken",
|
1618
|
+
# max_results: 1,
|
1619
|
+
# })
|
1620
|
+
#
|
1621
|
+
# @example Response structure
|
1622
|
+
#
|
1623
|
+
# resp.admin_accounts #=> Array
|
1624
|
+
# resp.admin_accounts[0] #=> String
|
1625
|
+
# resp.next_token #=> String
|
1626
|
+
#
|
1627
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListAdminsManagingAccount AWS API Documentation
|
1628
|
+
#
|
1629
|
+
# @overload list_admins_managing_account(params = {})
|
1630
|
+
# @param [Hash] params ({})
|
1631
|
+
def list_admins_managing_account(params = {}, options = {})
|
1632
|
+
req = build_request(:list_admins_managing_account, params)
|
1633
|
+
req.send_request(options)
|
1634
|
+
end
|
1635
|
+
|
1476
1636
|
# Returns an array of `AppsListDataSummary` objects.
|
1477
1637
|
#
|
1478
1638
|
# @option params [Boolean] :default_lists
|
@@ -1654,8 +1814,8 @@ module Aws::FMS
|
|
1654
1814
|
# Returns a `MemberAccounts` object that lists the member accounts in
|
1655
1815
|
# the administrator's Amazon Web Services organization.
|
1656
1816
|
#
|
1657
|
-
#
|
1658
|
-
#
|
1817
|
+
# Either an Firewall Manager administrator or the organization's
|
1818
|
+
# management account can make this request.
|
1659
1819
|
#
|
1660
1820
|
# @option params [String] :next_token
|
1661
1821
|
# If you specify a value for `MaxResults` and you have more account IDs
|
@@ -1744,6 +1904,7 @@ module Aws::FMS
|
|
1744
1904
|
# resp.policy_list[0].security_service_type #=> String, one of "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL"
|
1745
1905
|
# resp.policy_list[0].remediation_enabled #=> Boolean
|
1746
1906
|
# resp.policy_list[0].delete_unused_fm_managed_resources #=> Boolean
|
1907
|
+
# resp.policy_list[0].policy_status #=> String, one of "ACTIVE", "OUT_OF_ADMIN_SCOPE"
|
1747
1908
|
# resp.next_token #=> String
|
1748
1909
|
#
|
1749
1910
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListPolicies AWS API Documentation
|
@@ -1815,8 +1976,8 @@ module Aws::FMS
|
|
1815
1976
|
# resource set.
|
1816
1977
|
#
|
1817
1978
|
# @option params [required, String] :identifier
|
1818
|
-
# A unique identifier for the resource set, used in a
|
1819
|
-
# the resource set.
|
1979
|
+
# A unique identifier for the resource set, used in a request to refer
|
1980
|
+
# to the resource set.
|
1820
1981
|
#
|
1821
1982
|
# @option params [Integer] :max_results
|
1822
1983
|
# The maximum number of objects that you want Firewall Manager to return
|
@@ -1894,6 +2055,7 @@ module Aws::FMS
|
|
1894
2055
|
# resp.resource_sets[0].name #=> String
|
1895
2056
|
# resp.resource_sets[0].description #=> String
|
1896
2057
|
# resp.resource_sets[0].last_update_time #=> Time
|
2058
|
+
# resp.resource_sets[0].resource_set_status #=> String, one of "ACTIVE", "OUT_OF_ADMIN_SCOPE"
|
1897
2059
|
# resp.next_token #=> String
|
1898
2060
|
#
|
1899
2061
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListResourceSets AWS API Documentation
|
@@ -1995,6 +2157,77 @@ module Aws::FMS
|
|
1995
2157
|
req.send_request(options)
|
1996
2158
|
end
|
1997
2159
|
|
2160
|
+
# Creates or updates an Firewall Manager administrator account. The
|
2161
|
+
# account must be a member of the organization that was onboarded to
|
2162
|
+
# Firewall Manager by AssociateAdminAccount. Only the organization's
|
2163
|
+
# management account can create an Firewall Manager administrator
|
2164
|
+
# account. When you create an Firewall Manager administrator account,
|
2165
|
+
# the service checks to see if the account is already a delegated
|
2166
|
+
# administrator within Organizations. If the account isn't a delegated
|
2167
|
+
# administrator, Firewall Manager calls Organizations to delegate the
|
2168
|
+
# account within Organizations. For more information about administrator
|
2169
|
+
# accounts within Organizations, see [Managing the Amazon Web Services
|
2170
|
+
# Accounts in Your Organization][1].
|
2171
|
+
#
|
2172
|
+
#
|
2173
|
+
#
|
2174
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts.html
|
2175
|
+
#
|
2176
|
+
# @option params [required, String] :admin_account
|
2177
|
+
# The Amazon Web Services account ID to add as an Firewall Manager
|
2178
|
+
# administrator account. The account must be a member of the
|
2179
|
+
# organization that was onboarded to Firewall Manager by
|
2180
|
+
# AssociateAdminAccount. For more information about Organizations, see
|
2181
|
+
# [Managing the Amazon Web Services Accounts in Your Organization][1].
|
2182
|
+
#
|
2183
|
+
#
|
2184
|
+
#
|
2185
|
+
# [1]: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts.html
|
2186
|
+
#
|
2187
|
+
# @option params [Types::AdminScope] :admin_scope
|
2188
|
+
# Configures the resources that the specified Firewall Manager
|
2189
|
+
# administrator can manage. As a best practice, set the administrative
|
2190
|
+
# scope according to the principles of least privilege. Only grant the
|
2191
|
+
# administrator the specific resources or permissions that they need to
|
2192
|
+
# perform the duties of their role.
|
2193
|
+
#
|
2194
|
+
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
2195
|
+
#
|
2196
|
+
# @example Request syntax with placeholder values
|
2197
|
+
#
|
2198
|
+
# resp = client.put_admin_account({
|
2199
|
+
# admin_account: "AWSAccountId", # required
|
2200
|
+
# admin_scope: {
|
2201
|
+
# account_scope: {
|
2202
|
+
# accounts: ["AWSAccountId"],
|
2203
|
+
# all_accounts_enabled: false,
|
2204
|
+
# exclude_specified_accounts: false,
|
2205
|
+
# },
|
2206
|
+
# organizational_unit_scope: {
|
2207
|
+
# organizational_units: ["OrganizationalUnitId"],
|
2208
|
+
# all_organizational_units_enabled: false,
|
2209
|
+
# exclude_specified_organizational_units: false,
|
2210
|
+
# },
|
2211
|
+
# region_scope: {
|
2212
|
+
# regions: ["AWSRegion"],
|
2213
|
+
# all_regions_enabled: false,
|
2214
|
+
# },
|
2215
|
+
# policy_type_scope: {
|
2216
|
+
# policy_types: ["WAF"], # accepts WAF, WAFV2, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT, NETWORK_FIREWALL, DNS_FIREWALL, THIRD_PARTY_FIREWALL, IMPORT_NETWORK_FIREWALL
|
2217
|
+
# all_policy_types_enabled: false,
|
2218
|
+
# },
|
2219
|
+
# },
|
2220
|
+
# })
|
2221
|
+
#
|
2222
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAdminAccount AWS API Documentation
|
2223
|
+
#
|
2224
|
+
# @overload put_admin_account(params = {})
|
2225
|
+
# @param [Hash] params ({})
|
2226
|
+
def put_admin_account(params = {}, options = {})
|
2227
|
+
req = build_request(:put_admin_account, params)
|
2228
|
+
req.send_request(options)
|
2229
|
+
end
|
2230
|
+
|
1998
2231
|
# Creates an Firewall Manager applications list.
|
1999
2232
|
#
|
2000
2233
|
# @option params [required, Types::AppsListData] :apps_list
|
@@ -2072,15 +2305,18 @@ module Aws::FMS
|
|
2072
2305
|
# Designates the IAM role and Amazon Simple Notification Service (SNS)
|
2073
2306
|
# topic that Firewall Manager uses to record SNS logs.
|
2074
2307
|
#
|
2075
|
-
# To perform this action outside of the console, you must
|
2076
|
-
# SNS topic to allow the
|
2077
|
-
# publish SNS logs.
|
2078
|
-
#
|
2079
|
-
#
|
2308
|
+
# To perform this action outside of the console, you must first
|
2309
|
+
# configure the SNS topic's access policy to allow the `SnsRoleName` to
|
2310
|
+
# publish SNS logs. If the `SnsRoleName` provided is a role other than
|
2311
|
+
# the `AWSServiceRoleForFMS` service-linked role, this role must have a
|
2312
|
+
# trust relationship configured to allow the Firewall Manager service
|
2313
|
+
# principal `fms.amazonaws.com` to assume this role. For information
|
2314
|
+
# about configuring an SNS access policy, see [Service roles for
|
2315
|
+
# Firewall Manager][1] in the *Firewall Manager Developer Guide*.
|
2080
2316
|
#
|
2081
2317
|
#
|
2082
2318
|
#
|
2083
|
-
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/fms-
|
2319
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/fms-security_iam_service-with-iam.html#fms-security_iam_service-with-iam-roles-service
|
2084
2320
|
#
|
2085
2321
|
# @option params [required, String] :sns_topic_arn
|
2086
2322
|
# The Amazon Resource Name (ARN) of the SNS topic that collects
|
@@ -2191,6 +2427,7 @@ module Aws::FMS
|
|
2191
2427
|
# },
|
2192
2428
|
# resource_set_ids: ["Base62Id"],
|
2193
2429
|
# policy_description: "ResourceDescription",
|
2430
|
+
# policy_status: "ACTIVE", # accepts ACTIVE, OUT_OF_ADMIN_SCOPE
|
2194
2431
|
# },
|
2195
2432
|
# tag_list: [
|
2196
2433
|
# {
|
@@ -2227,6 +2464,7 @@ module Aws::FMS
|
|
2227
2464
|
# resp.policy.resource_set_ids #=> Array
|
2228
2465
|
# resp.policy.resource_set_ids[0] #=> String
|
2229
2466
|
# resp.policy.policy_description #=> String
|
2467
|
+
# resp.policy.policy_status #=> String, one of "ACTIVE", "OUT_OF_ADMIN_SCOPE"
|
2230
2468
|
# resp.policy_arn #=> String
|
2231
2469
|
#
|
2232
2470
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutPolicy AWS API Documentation
|
@@ -2327,6 +2565,7 @@ module Aws::FMS
|
|
2327
2565
|
# update_token: "UpdateToken",
|
2328
2566
|
# resource_type_list: ["ResourceType"], # required
|
2329
2567
|
# last_update_time: Time.now,
|
2568
|
+
# resource_set_status: "ACTIVE", # accepts ACTIVE, OUT_OF_ADMIN_SCOPE
|
2330
2569
|
# },
|
2331
2570
|
# tag_list: [
|
2332
2571
|
# {
|
@@ -2345,6 +2584,7 @@ module Aws::FMS
|
|
2345
2584
|
# resp.resource_set.resource_type_list #=> Array
|
2346
2585
|
# resp.resource_set.resource_type_list[0] #=> String
|
2347
2586
|
# resp.resource_set.last_update_time #=> Time
|
2587
|
+
# resp.resource_set.resource_set_status #=> String, one of "ACTIVE", "OUT_OF_ADMIN_SCOPE"
|
2348
2588
|
# resp.resource_set_arn #=> String
|
2349
2589
|
#
|
2350
2590
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutResourceSet AWS API Documentation
|
@@ -2430,7 +2670,7 @@ module Aws::FMS
|
|
2430
2670
|
params: params,
|
2431
2671
|
config: config)
|
2432
2672
|
context[:gem_name] = 'aws-sdk-fms'
|
2433
|
-
context[:gem_version] = '1.
|
2673
|
+
context[:gem_version] = '1.56.0'
|
2434
2674
|
Seahorse::Client::Request.new(handlers, context)
|
2435
2675
|
end
|
2436
2676
|
|