aws-sdk-fms 1.83.0 → 1.84.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a4350f124f6631da08efaf179d839996f76dc474c553830d484cebd8f678cc38
4
- data.tar.gz: 88775caf6d61c6d6ac0d7296bbacd5e6bb078a77d2be428ea22d634fd3f74d09
3
+ metadata.gz: ebce3b13ed731da3bdc84c48d95048df82160fcbb2183f289f4f867a16fe56d9
4
+ data.tar.gz: 70f5047dbdfe3733c07ae498903ef695327a90dc4c0a00c7401156a5d0de32cd
5
5
  SHA512:
6
- metadata.gz: 36565efd24e10484a992dc275053b1969506d3fa7cff1d014f3a1319e54eb54fc7e9afd09f91332997aa71ec885f15070937cf4c23d52e6fd3c9aed9c293f785
7
- data.tar.gz: 6c9d91942aa1e6630c03f99e929fbc624df281ddfa158a58b9060499d5137079dbaca41f7158922acc0ce6f2d1f62a17a0bbc285e5171498eda5c354d3862212
6
+ metadata.gz: 24c879ec0cc699f346fd8e19268583c75ab37f233d52df376bc10bd30d826f9d12e06271c764b2bc2ec5f18cacb02207bbccf7caeaa93fd83fd8a49a63ec28e8
7
+ data.tar.gz: eef722ede4a203b0e98823300a1dab4ebe8b4680ae565f7e659915d43fd749ee2b978f7d2d68aac2bf035a926ac68c806a0355a8b3935af61ddc338afea9ed26
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.84.0 (2024-10-21)
5
+ ------------------
6
+
7
+ * Feature - Update AWS WAF policy - add the option to retrofit existing web ACLs instead of creating all new web ACLs.
8
+
4
9
  1.83.0 (2024-10-18)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.83.0
1
+ 1.84.0
@@ -954,7 +954,7 @@ module Aws::FMS
954
954
  # resp.policy_compliance_detail.member_account #=> String
955
955
  # resp.policy_compliance_detail.violators #=> Array
956
956
  # resp.policy_compliance_detail.violators[0].resource_id #=> String
957
- # resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT", "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT", "INVALID_NETWORK_ACL_ENTRY"
957
+ # resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT", "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT", "INVALID_NETWORK_ACL_ENTRY", "WEB_ACL_CONFIGURATION_OR_SCOPE_OF_USE"
958
958
  # resp.policy_compliance_detail.violators[0].resource_type #=> String
959
959
  # resp.policy_compliance_detail.violators[0].metadata #=> Hash
960
960
  # resp.policy_compliance_detail.violators[0].metadata["LengthBoundedString"] #=> String
@@ -1265,6 +1265,8 @@ module Aws::FMS
1265
1265
  # The ID of the Firewall Manager policy that you want the details for.
1266
1266
  # You can get violation details for the following policy types:
1267
1267
  #
1268
+ # * WAF
1269
+ #
1268
1270
  # * DNS Firewall
1269
1271
  #
1270
1272
  # * Imported Network Firewall
@@ -1286,9 +1288,9 @@ module Aws::FMS
1286
1288
  # @option params [required, String] :resource_type
1287
1289
  # The resource type. This is in the format shown in the [Amazon Web
1288
1290
  # Services Resource Types Reference][1]. Supported resource types are:
1289
- # `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`,
1290
- # `AWS::EC2::SecurityGroup`, `AWS::NetworkFirewall::FirewallPolicy`, and
1291
- # `AWS::EC2::Subnet`.
1291
+ # `AWS::WAFv2::WebACL`, `AWS::EC2::Instance`,
1292
+ # `AWS::EC2::NetworkInterface`, `AWS::EC2::SecurityGroup`,
1293
+ # `AWS::NetworkFirewall::FirewallPolicy`, and `AWS::EC2::Subnet`.
1292
1294
  #
1293
1295
  #
1294
1296
  #
@@ -1708,6 +1710,11 @@ module Aws::FMS
1708
1710
  # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.fms_can_remediate #=> Boolean
1709
1711
  # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].order #=> Integer
1710
1712
  # resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].is_default_action #=> Boolean
1713
+ # resp.violation_detail.resource_violations[0].web_acl_has_incompatible_configuration_violation.web_acl_arn #=> String
1714
+ # resp.violation_detail.resource_violations[0].web_acl_has_incompatible_configuration_violation.description #=> String
1715
+ # resp.violation_detail.resource_violations[0].web_acl_has_out_of_scope_resources_violation.web_acl_arn #=> String
1716
+ # resp.violation_detail.resource_violations[0].web_acl_has_out_of_scope_resources_violation.out_of_scope_resource_list #=> Array
1717
+ # resp.violation_detail.resource_violations[0].web_acl_has_out_of_scope_resources_violation.out_of_scope_resource_list[0] #=> String
1711
1718
  # resp.violation_detail.resource_tags #=> Array
1712
1719
  # resp.violation_detail.resource_tags[0].key #=> String
1713
1720
  # resp.violation_detail.resource_tags[0].value #=> String
@@ -2947,7 +2954,7 @@ module Aws::FMS
2947
2954
  tracer: tracer
2948
2955
  )
2949
2956
  context[:gem_name] = 'aws-sdk-fms'
2950
- context[:gem_version] = '1.83.0'
2957
+ context[:gem_version] = '1.84.0'
2951
2958
  Seahorse::Client::Request.new(handlers, context)
2952
2959
  end
2953
2960
 
@@ -248,6 +248,7 @@ module Aws::FMS
248
248
  ReplaceNetworkAclAssociationAction = Shapes::StructureShape.new(name: 'ReplaceNetworkAclAssociationAction')
249
249
  Resource = Shapes::StructureShape.new(name: 'Resource')
250
250
  ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
251
+ ResourceArnList = Shapes::ListShape.new(name: 'ResourceArnList')
251
252
  ResourceCount = Shapes::IntegerShape.new(name: 'ResourceCount')
252
253
  ResourceDescription = Shapes::StringShape.new(name: 'ResourceDescription')
253
254
  ResourceId = Shapes::StringShape.new(name: 'ResourceId')
@@ -310,6 +311,8 @@ module Aws::FMS
310
311
  ViolationDetail = Shapes::StructureShape.new(name: 'ViolationDetail')
311
312
  ViolationReason = Shapes::StringShape.new(name: 'ViolationReason')
312
313
  ViolationTarget = Shapes::StringShape.new(name: 'ViolationTarget')
314
+ WebACLHasIncompatibleConfigurationViolation = Shapes::StructureShape.new(name: 'WebACLHasIncompatibleConfigurationViolation')
315
+ WebACLHasOutOfScopeResourcesViolation = Shapes::StructureShape.new(name: 'WebACLHasOutOfScopeResourcesViolation')
313
316
 
314
317
  AWSAccountIdList.member = Shapes::ShapeRef.new(shape: AWSAccountId)
315
318
 
@@ -1119,6 +1122,8 @@ module Aws::FMS
1119
1122
  Resource.add_member(:account_id, Shapes::ShapeRef.new(shape: AWSAccountId, location_name: "AccountId"))
1120
1123
  Resource.struct_class = Types::Resource
1121
1124
 
1125
+ ResourceArnList.member = Shapes::ShapeRef.new(shape: ResourceArn)
1126
+
1122
1127
  ResourceIdList.member = Shapes::ShapeRef.new(shape: ResourceId)
1123
1128
 
1124
1129
  ResourceList.member = Shapes::ShapeRef.new(shape: Resource)
@@ -1178,6 +1183,8 @@ module Aws::FMS
1178
1183
  ResourceViolation.add_member(:firewall_subnet_missing_vpc_endpoint_violation, Shapes::ShapeRef.new(shape: FirewallSubnetMissingVPCEndpointViolation, location_name: "FirewallSubnetMissingVPCEndpointViolation"))
1179
1184
  ResourceViolation.add_member(:invalid_network_acl_entries_violation, Shapes::ShapeRef.new(shape: InvalidNetworkAclEntriesViolation, location_name: "InvalidNetworkAclEntriesViolation"))
1180
1185
  ResourceViolation.add_member(:possible_remediation_actions, Shapes::ShapeRef.new(shape: PossibleRemediationActions, location_name: "PossibleRemediationActions"))
1186
+ ResourceViolation.add_member(:web_acl_has_incompatible_configuration_violation, Shapes::ShapeRef.new(shape: WebACLHasIncompatibleConfigurationViolation, location_name: "WebACLHasIncompatibleConfigurationViolation"))
1187
+ ResourceViolation.add_member(:web_acl_has_out_of_scope_resources_violation, Shapes::ShapeRef.new(shape: WebACLHasOutOfScopeResourcesViolation, location_name: "WebACLHasOutOfScopeResourcesViolation"))
1181
1188
  ResourceViolation.struct_class = Types::ResourceViolation
1182
1189
 
1183
1190
  ResourceViolations.member = Shapes::ShapeRef.new(shape: ResourceViolation)
@@ -1305,6 +1312,14 @@ module Aws::FMS
1305
1312
  ViolationDetail.add_member(:resource_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ResourceDescription"))
1306
1313
  ViolationDetail.struct_class = Types::ViolationDetail
1307
1314
 
1315
+ WebACLHasIncompatibleConfigurationViolation.add_member(:web_acl_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "WebACLArn"))
1316
+ WebACLHasIncompatibleConfigurationViolation.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
1317
+ WebACLHasIncompatibleConfigurationViolation.struct_class = Types::WebACLHasIncompatibleConfigurationViolation
1318
+
1319
+ WebACLHasOutOfScopeResourcesViolation.add_member(:web_acl_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "WebACLArn"))
1320
+ WebACLHasOutOfScopeResourcesViolation.add_member(:out_of_scope_resource_list, Shapes::ShapeRef.new(shape: ResourceArnList, location_name: "OutOfScopeResourceList"))
1321
+ WebACLHasOutOfScopeResourcesViolation.struct_class = Types::WebACLHasOutOfScopeResourcesViolation
1322
+
1308
1323
 
1309
1324
  # @api private
1310
1325
  API = Seahorse::Model::Api.new.tap do |api|
@@ -1813,6 +1813,8 @@ module Aws::FMS
1813
1813
  # The ID of the Firewall Manager policy that you want the details for.
1814
1814
  # You can get violation details for the following policy types:
1815
1815
  #
1816
+ # * WAF
1817
+ #
1816
1818
  # * DNS Firewall
1817
1819
  #
1818
1820
  # * Imported Network Firewall
@@ -1837,9 +1839,9 @@ module Aws::FMS
1837
1839
  # @!attribute [rw] resource_type
1838
1840
  # The resource type. This is in the format shown in the [Amazon Web
1839
1841
  # Services Resource Types Reference][1]. Supported resource types are:
1840
- # `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`,
1841
- # `AWS::EC2::SecurityGroup`, `AWS::NetworkFirewall::FirewallPolicy`,
1842
- # and `AWS::EC2::Subnet`.
1842
+ # `AWS::WAFv2::WebACL`, `AWS::EC2::Instance`,
1843
+ # `AWS::EC2::NetworkInterface`, `AWS::EC2::SecurityGroup`,
1844
+ # `AWS::NetworkFirewall::FirewallPolicy`, and `AWS::EC2::Subnet`.
1843
1845
  #
1844
1846
  #
1845
1847
  #
@@ -4588,6 +4590,16 @@ module Aws::FMS
4588
4590
  # actions.
4589
4591
  # @return [Types::PossibleRemediationActions]
4590
4592
  #
4593
+ # @!attribute [rw] web_acl_has_incompatible_configuration_violation
4594
+ # The violation details for a web ACL whose configuration is
4595
+ # incompatible with the Firewall Manager policy.
4596
+ # @return [Types::WebACLHasIncompatibleConfigurationViolation]
4597
+ #
4598
+ # @!attribute [rw] web_acl_has_out_of_scope_resources_violation
4599
+ # The violation details for a web ACL that's associated with at least
4600
+ # one resource that's out of scope of the Firewall Manager policy.
4601
+ # @return [Types::WebACLHasOutOfScopeResourcesViolation]
4602
+ #
4591
4603
  # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
4592
4604
  #
4593
4605
  class ResourceViolation < Struct.new(
@@ -4614,7 +4626,9 @@ module Aws::FMS
4614
4626
  :third_party_firewall_missing_expected_route_table_violation,
4615
4627
  :firewall_subnet_missing_vpc_endpoint_violation,
4616
4628
  :invalid_network_acl_entries_violation,
4617
- :possible_remediation_actions)
4629
+ :possible_remediation_actions,
4630
+ :web_acl_has_incompatible_configuration_violation,
4631
+ :web_acl_has_out_of_scope_resources_violation)
4618
4632
  SENSITIVE = []
4619
4633
  include Aws::Structure
4620
4634
  end
@@ -4891,9 +4905,7 @@ module Aws::FMS
4891
4905
  #
4892
4906
  # * Example: `SECURITY_GROUPS_COMMON`
4893
4907
  #
4894
- # `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false,
4895
- # "applyToAllEC2InstanceENIs":false,"securityGroups":[\{"id":"
4896
- # sg-000e55995d61a06bd"\}]\}"`
4908
+ # `"\{"type":"SECURITY_GROUPS_COMMON","securityGroups":[\{"id":"sg-03b1f67d69ed00197"\}],"revertManualSecurityGroupChanges":true,"exclusiveResourceSecurityGroupManagement":true,"applyToAllEC2InstanceENIs":false,"includeSharedVPC":true,"enableSecurityGroupReferencesDistribution":true\}"`
4897
4909
  #
4898
4910
  # * Example: `SECURITY_GROUPS_COMMON` - Security group tag
4899
4911
  # distribution
@@ -4922,7 +4934,7 @@ module Aws::FMS
4922
4934
  #
4923
4935
  # * Example: `SECURITY_GROUPS_CONTENT_AUDIT`
4924
4936
  #
4925
- # `"\{"type":"SECURITY_GROUPS_CONTENT_AUDIT","securityGroups":[\{"id":"sg-000e55995d61a06bd"\}],"securityGroupAction":\{"type":"ALLOW"\}\}"`
4937
+ # `"\{"type":"SECURITY_GROUPS_CONTENT_AUDIT","preManagedOptions":[\{"denyProtocolAllValue":true\},\{"auditSgDirection":\{"type":"ALL"\}\}],"securityGroups":[\{"id":"sg-049b2393a25468971"\}],"securityGroupAction":\{"type":"ALLOW"\}\}"`
4926
4938
  #
4927
4939
  # The security group action for content audit can be `ALLOW` or
4928
4940
  # `DENY`. For `ALLOW`, all in-scope security group rules must be
@@ -4933,7 +4945,7 @@ module Aws::FMS
4933
4945
  #
4934
4946
  # * Example: `SECURITY_GROUPS_USAGE_AUDIT`
4935
4947
  #
4936
- # `"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true\}"`
4948
+ # `"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true,"optionalDelayForUnusedInMinutes":60\}"`
4937
4949
  #
4938
4950
  # * Example: `SHIELD_ADVANCED` with web ACL management
4939
4951
  #
@@ -5072,7 +5084,7 @@ module Aws::FMS
5072
5084
  # * Example: `WAFV2` - Firewall Manager support for WAF managed rule
5073
5085
  # group versioning
5074
5086
  #
5075
- # `"\{"type":"WAFV2","preProcessRuleGroups":[\{"ruleGroupArn":null,"overrideAction":\{"type":"NONE"\},"managedRuleGroupIdentifier":\{"versionEnabled":true,"version":"Version_2.0","vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesCommonRuleSet"\},"ruleGroupType":"ManagedRuleGroup","excludeRules":[\{"name":"NoUserAgent_HEADER"\}]\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":\{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[\{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"\},\{"redactedFieldType":"Method"\}]\}\}"`
5087
+ # `"\{"preProcessRuleGroups":[\{"ruleGroupType":"ManagedRuleGroup","overrideAction":\{"type":"NONE"\},"sampledRequestsEnabled":true,"managedRuleGroupIdentifier":\{"managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet","vendorName":"AWS","managedRuleGroupConfigs":null\}\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"customRequestHandling":null,"tokenDomains":null,"customResponse":null,"type":"WAFV2","overrideCustomerWebACLAssociation":false,"sampledRequestsEnabledForDefaultActions":true,"optimizeUnassociatedWebACL":true,"webACLSource":"RETROFIT_EXISTING"\}"`
5076
5088
  #
5077
5089
  # To use a specific version of a WAF managed rule group in your
5078
5090
  # Firewall Manager policy, you must set `versionEnabled` to `true`,
@@ -5111,10 +5123,7 @@ module Aws::FMS
5111
5123
  #
5112
5124
  # * Example: `WAF Classic`
5113
5125
  #
5114
- # `"\{"type": "WAF", "ruleGroups":
5115
- # [\{"id":"12345678-1bcd-9012-efga-0987654321ab",
5116
- # "overrideAction" : \{"type": "COUNT"\}\}],
5117
- # "defaultAction": \{"type": "BLOCK"\}\}"`
5126
+ # `"\{"ruleGroups":[\{"id":"78cb36c0-1b5e-4d7d-82b2-cf48d3ad9659","overrideAction":\{"type":"NONE"\}\}],"overrideCustomerWebACLAssociation":true,"defaultAction":\{"type":"ALLOW"\},"type":"WAF"\}"`
5118
5127
  #
5119
5128
  #
5120
5129
  #
@@ -5542,6 +5551,48 @@ module Aws::FMS
5542
5551
  include Aws::Structure
5543
5552
  end
5544
5553
 
5554
+ # The violation details for a web ACL whose configuration is
5555
+ # incompatible with the Firewall Manager policy.
5556
+ #
5557
+ # @!attribute [rw] web_acl_arn
5558
+ # The Amazon Resource Name (ARN) of the web ACL.
5559
+ # @return [String]
5560
+ #
5561
+ # @!attribute [rw] description
5562
+ # Information about the problems that Firewall Manager encountered
5563
+ # with the web ACL configuration.
5564
+ # @return [String]
5565
+ #
5566
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/WebACLHasIncompatibleConfigurationViolation AWS API Documentation
5567
+ #
5568
+ class WebACLHasIncompatibleConfigurationViolation < Struct.new(
5569
+ :web_acl_arn,
5570
+ :description)
5571
+ SENSITIVE = []
5572
+ include Aws::Structure
5573
+ end
5574
+
5575
+ # The violation details for a web ACL that's associated with at least
5576
+ # one resource that's out of scope of the Firewall Manager policy.
5577
+ #
5578
+ # @!attribute [rw] web_acl_arn
5579
+ # The Amazon Resource Name (ARN) of the web ACL.
5580
+ # @return [String]
5581
+ #
5582
+ # @!attribute [rw] out_of_scope_resource_list
5583
+ # An array of Amazon Resource Name (ARN) for the resources that are
5584
+ # out of scope of the policy and are associated with the web ACL.
5585
+ # @return [Array<String>]
5586
+ #
5587
+ # @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/WebACLHasOutOfScopeResourcesViolation AWS API Documentation
5588
+ #
5589
+ class WebACLHasOutOfScopeResourcesViolation < Struct.new(
5590
+ :web_acl_arn,
5591
+ :out_of_scope_resource_list)
5592
+ SENSITIVE = []
5593
+ include Aws::Structure
5594
+ end
5595
+
5545
5596
  end
5546
5597
  end
5547
5598
 
data/lib/aws-sdk-fms.rb CHANGED
@@ -54,7 +54,7 @@ module Aws::FMS
54
54
  autoload :EndpointProvider, 'aws-sdk-fms/endpoint_provider'
55
55
  autoload :Endpoints, 'aws-sdk-fms/endpoints'
56
56
 
57
- GEM_VERSION = '1.83.0'
57
+ GEM_VERSION = '1.84.0'
58
58
 
59
59
  end
60
60
 
data/sig/types.rbs CHANGED
@@ -123,7 +123,7 @@ module Aws::FMS
123
123
 
124
124
  class ComplianceViolator
125
125
  attr_accessor resource_id: ::String
126
- attr_accessor violation_reason: ("WEB_ACL_MISSING_RULE_GROUP" | "RESOURCE_MISSING_WEB_ACL" | "RESOURCE_INCORRECT_WEB_ACL" | "RESOURCE_MISSING_SHIELD_PROTECTION" | "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION" | "RESOURCE_MISSING_SECURITY_GROUP" | "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP" | "SECURITY_GROUP_UNUSED" | "SECURITY_GROUP_REDUNDANT" | "FMS_CREATED_SECURITY_GROUP_EDITED" | "MISSING_FIREWALL" | "MISSING_FIREWALL_SUBNET_IN_AZ" | "MISSING_EXPECTED_ROUTE_TABLE" | "NETWORK_FIREWALL_POLICY_MODIFIED" | "FIREWALL_SUBNET_IS_OUT_OF_SCOPE" | "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE" | "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE" | "UNEXPECTED_FIREWALL_ROUTES" | "UNEXPECTED_TARGET_GATEWAY_ROUTES" | "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY" | "INVALID_ROUTE_CONFIGURATION" | "MISSING_TARGET_GATEWAY" | "INTERNET_TRAFFIC_NOT_INSPECTED" | "BLACK_HOLE_ROUTE_DETECTED" | "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET" | "RESOURCE_MISSING_DNS_FIREWALL" | "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT" | "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT" | "INVALID_NETWORK_ACL_ENTRY")
126
+ attr_accessor violation_reason: ("WEB_ACL_MISSING_RULE_GROUP" | "RESOURCE_MISSING_WEB_ACL" | "RESOURCE_INCORRECT_WEB_ACL" | "RESOURCE_MISSING_SHIELD_PROTECTION" | "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION" | "RESOURCE_MISSING_SECURITY_GROUP" | "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP" | "SECURITY_GROUP_UNUSED" | "SECURITY_GROUP_REDUNDANT" | "FMS_CREATED_SECURITY_GROUP_EDITED" | "MISSING_FIREWALL" | "MISSING_FIREWALL_SUBNET_IN_AZ" | "MISSING_EXPECTED_ROUTE_TABLE" | "NETWORK_FIREWALL_POLICY_MODIFIED" | "FIREWALL_SUBNET_IS_OUT_OF_SCOPE" | "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE" | "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE" | "UNEXPECTED_FIREWALL_ROUTES" | "UNEXPECTED_TARGET_GATEWAY_ROUTES" | "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY" | "INVALID_ROUTE_CONFIGURATION" | "MISSING_TARGET_GATEWAY" | "INTERNET_TRAFFIC_NOT_INSPECTED" | "BLACK_HOLE_ROUTE_DETECTED" | "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET" | "RESOURCE_MISSING_DNS_FIREWALL" | "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT" | "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT" | "INVALID_NETWORK_ACL_ENTRY" | "WEB_ACL_CONFIGURATION_OR_SCOPE_OF_USE")
127
127
  attr_accessor resource_type: ::String
128
128
  attr_accessor metadata: ::Hash[::String, ::String]
129
129
  SENSITIVE: []
@@ -1081,6 +1081,8 @@ module Aws::FMS
1081
1081
  attr_accessor firewall_subnet_missing_vpc_endpoint_violation: Types::FirewallSubnetMissingVPCEndpointViolation
1082
1082
  attr_accessor invalid_network_acl_entries_violation: Types::InvalidNetworkAclEntriesViolation
1083
1083
  attr_accessor possible_remediation_actions: Types::PossibleRemediationActions
1084
+ attr_accessor web_acl_has_incompatible_configuration_violation: Types::WebACLHasIncompatibleConfigurationViolation
1085
+ attr_accessor web_acl_has_out_of_scope_resources_violation: Types::WebACLHasOutOfScopeResourcesViolation
1084
1086
  SENSITIVE: []
1085
1087
  end
1086
1088
 
@@ -1224,5 +1226,17 @@ module Aws::FMS
1224
1226
  attr_accessor resource_description: ::String
1225
1227
  SENSITIVE: []
1226
1228
  end
1229
+
1230
+ class WebACLHasIncompatibleConfigurationViolation
1231
+ attr_accessor web_acl_arn: ::String
1232
+ attr_accessor description: ::String
1233
+ SENSITIVE: []
1234
+ end
1235
+
1236
+ class WebACLHasOutOfScopeResourcesViolation
1237
+ attr_accessor web_acl_arn: ::String
1238
+ attr_accessor out_of_scope_resource_list: ::Array[::String]
1239
+ SENSITIVE: []
1240
+ end
1227
1241
  end
1228
1242
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-fms
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.83.0
4
+ version: 1.84.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-10-18 00:00:00.000000000 Z
11
+ date: 2024-10-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core