aws-sdk-fms 1.83.0 → 1.84.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-fms/client.rb +12 -5
- data/lib/aws-sdk-fms/client_api.rb +15 -0
- data/lib/aws-sdk-fms/types.rb +65 -14
- data/lib/aws-sdk-fms.rb +1 -1
- data/sig/types.rbs +15 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ebce3b13ed731da3bdc84c48d95048df82160fcbb2183f289f4f867a16fe56d9
|
|
4
|
+
data.tar.gz: 70f5047dbdfe3733c07ae498903ef695327a90dc4c0a00c7401156a5d0de32cd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 24c879ec0cc699f346fd8e19268583c75ab37f233d52df376bc10bd30d826f9d12e06271c764b2bc2ec5f18cacb02207bbccf7caeaa93fd83fd8a49a63ec28e8
|
|
7
|
+
data.tar.gz: eef722ede4a203b0e98823300a1dab4ebe8b4680ae565f7e659915d43fd749ee2b978f7d2d68aac2bf035a926ac68c806a0355a8b3935af61ddc338afea9ed26
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.84.0
|
data/lib/aws-sdk-fms/client.rb
CHANGED
|
@@ -954,7 +954,7 @@ module Aws::FMS
|
|
|
954
954
|
# resp.policy_compliance_detail.member_account #=> String
|
|
955
955
|
# resp.policy_compliance_detail.violators #=> Array
|
|
956
956
|
# resp.policy_compliance_detail.violators[0].resource_id #=> String
|
|
957
|
-
# resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT", "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT", "INVALID_NETWORK_ACL_ENTRY"
|
|
957
|
+
# resp.policy_compliance_detail.violators[0].violation_reason #=> String, one of "WEB_ACL_MISSING_RULE_GROUP", "RESOURCE_MISSING_WEB_ACL", "RESOURCE_INCORRECT_WEB_ACL", "RESOURCE_MISSING_SHIELD_PROTECTION", "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION", "RESOURCE_MISSING_SECURITY_GROUP", "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", "UNEXPECTED_TARGET_GATEWAY_ROUTES", "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY", "INVALID_ROUTE_CONFIGURATION", "MISSING_TARGET_GATEWAY", "INTERNET_TRAFFIC_NOT_INSPECTED", "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT", "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT", "INVALID_NETWORK_ACL_ENTRY", "WEB_ACL_CONFIGURATION_OR_SCOPE_OF_USE"
|
|
958
958
|
# resp.policy_compliance_detail.violators[0].resource_type #=> String
|
|
959
959
|
# resp.policy_compliance_detail.violators[0].metadata #=> Hash
|
|
960
960
|
# resp.policy_compliance_detail.violators[0].metadata["LengthBoundedString"] #=> String
|
|
@@ -1265,6 +1265,8 @@ module Aws::FMS
|
|
|
1265
1265
|
# The ID of the Firewall Manager policy that you want the details for.
|
|
1266
1266
|
# You can get violation details for the following policy types:
|
|
1267
1267
|
#
|
|
1268
|
+
# * WAF
|
|
1269
|
+
#
|
|
1268
1270
|
# * DNS Firewall
|
|
1269
1271
|
#
|
|
1270
1272
|
# * Imported Network Firewall
|
|
@@ -1286,9 +1288,9 @@ module Aws::FMS
|
|
|
1286
1288
|
# @option params [required, String] :resource_type
|
|
1287
1289
|
# The resource type. This is in the format shown in the [Amazon Web
|
|
1288
1290
|
# Services Resource Types Reference][1]. Supported resource types are:
|
|
1289
|
-
# `AWS::
|
|
1290
|
-
# `AWS::EC2::
|
|
1291
|
-
# `AWS::EC2::Subnet`.
|
|
1291
|
+
# `AWS::WAFv2::WebACL`, `AWS::EC2::Instance`,
|
|
1292
|
+
# `AWS::EC2::NetworkInterface`, `AWS::EC2::SecurityGroup`,
|
|
1293
|
+
# `AWS::NetworkFirewall::FirewallPolicy`, and `AWS::EC2::Subnet`.
|
|
1292
1294
|
#
|
|
1293
1295
|
#
|
|
1294
1296
|
#
|
|
@@ -1708,6 +1710,11 @@ module Aws::FMS
|
|
|
1708
1710
|
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].remediation_action.delete_network_acl_entries_action.fms_can_remediate #=> Boolean
|
|
1709
1711
|
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].ordered_remediation_actions[0].order #=> Integer
|
|
1710
1712
|
# resp.violation_detail.resource_violations[0].possible_remediation_actions.actions[0].is_default_action #=> Boolean
|
|
1713
|
+
# resp.violation_detail.resource_violations[0].web_acl_has_incompatible_configuration_violation.web_acl_arn #=> String
|
|
1714
|
+
# resp.violation_detail.resource_violations[0].web_acl_has_incompatible_configuration_violation.description #=> String
|
|
1715
|
+
# resp.violation_detail.resource_violations[0].web_acl_has_out_of_scope_resources_violation.web_acl_arn #=> String
|
|
1716
|
+
# resp.violation_detail.resource_violations[0].web_acl_has_out_of_scope_resources_violation.out_of_scope_resource_list #=> Array
|
|
1717
|
+
# resp.violation_detail.resource_violations[0].web_acl_has_out_of_scope_resources_violation.out_of_scope_resource_list[0] #=> String
|
|
1711
1718
|
# resp.violation_detail.resource_tags #=> Array
|
|
1712
1719
|
# resp.violation_detail.resource_tags[0].key #=> String
|
|
1713
1720
|
# resp.violation_detail.resource_tags[0].value #=> String
|
|
@@ -2947,7 +2954,7 @@ module Aws::FMS
|
|
|
2947
2954
|
tracer: tracer
|
|
2948
2955
|
)
|
|
2949
2956
|
context[:gem_name] = 'aws-sdk-fms'
|
|
2950
|
-
context[:gem_version] = '1.
|
|
2957
|
+
context[:gem_version] = '1.84.0'
|
|
2951
2958
|
Seahorse::Client::Request.new(handlers, context)
|
|
2952
2959
|
end
|
|
2953
2960
|
|
|
@@ -248,6 +248,7 @@ module Aws::FMS
|
|
|
248
248
|
ReplaceNetworkAclAssociationAction = Shapes::StructureShape.new(name: 'ReplaceNetworkAclAssociationAction')
|
|
249
249
|
Resource = Shapes::StructureShape.new(name: 'Resource')
|
|
250
250
|
ResourceArn = Shapes::StringShape.new(name: 'ResourceArn')
|
|
251
|
+
ResourceArnList = Shapes::ListShape.new(name: 'ResourceArnList')
|
|
251
252
|
ResourceCount = Shapes::IntegerShape.new(name: 'ResourceCount')
|
|
252
253
|
ResourceDescription = Shapes::StringShape.new(name: 'ResourceDescription')
|
|
253
254
|
ResourceId = Shapes::StringShape.new(name: 'ResourceId')
|
|
@@ -310,6 +311,8 @@ module Aws::FMS
|
|
|
310
311
|
ViolationDetail = Shapes::StructureShape.new(name: 'ViolationDetail')
|
|
311
312
|
ViolationReason = Shapes::StringShape.new(name: 'ViolationReason')
|
|
312
313
|
ViolationTarget = Shapes::StringShape.new(name: 'ViolationTarget')
|
|
314
|
+
WebACLHasIncompatibleConfigurationViolation = Shapes::StructureShape.new(name: 'WebACLHasIncompatibleConfigurationViolation')
|
|
315
|
+
WebACLHasOutOfScopeResourcesViolation = Shapes::StructureShape.new(name: 'WebACLHasOutOfScopeResourcesViolation')
|
|
313
316
|
|
|
314
317
|
AWSAccountIdList.member = Shapes::ShapeRef.new(shape: AWSAccountId)
|
|
315
318
|
|
|
@@ -1119,6 +1122,8 @@ module Aws::FMS
|
|
|
1119
1122
|
Resource.add_member(:account_id, Shapes::ShapeRef.new(shape: AWSAccountId, location_name: "AccountId"))
|
|
1120
1123
|
Resource.struct_class = Types::Resource
|
|
1121
1124
|
|
|
1125
|
+
ResourceArnList.member = Shapes::ShapeRef.new(shape: ResourceArn)
|
|
1126
|
+
|
|
1122
1127
|
ResourceIdList.member = Shapes::ShapeRef.new(shape: ResourceId)
|
|
1123
1128
|
|
|
1124
1129
|
ResourceList.member = Shapes::ShapeRef.new(shape: Resource)
|
|
@@ -1178,6 +1183,8 @@ module Aws::FMS
|
|
|
1178
1183
|
ResourceViolation.add_member(:firewall_subnet_missing_vpc_endpoint_violation, Shapes::ShapeRef.new(shape: FirewallSubnetMissingVPCEndpointViolation, location_name: "FirewallSubnetMissingVPCEndpointViolation"))
|
|
1179
1184
|
ResourceViolation.add_member(:invalid_network_acl_entries_violation, Shapes::ShapeRef.new(shape: InvalidNetworkAclEntriesViolation, location_name: "InvalidNetworkAclEntriesViolation"))
|
|
1180
1185
|
ResourceViolation.add_member(:possible_remediation_actions, Shapes::ShapeRef.new(shape: PossibleRemediationActions, location_name: "PossibleRemediationActions"))
|
|
1186
|
+
ResourceViolation.add_member(:web_acl_has_incompatible_configuration_violation, Shapes::ShapeRef.new(shape: WebACLHasIncompatibleConfigurationViolation, location_name: "WebACLHasIncompatibleConfigurationViolation"))
|
|
1187
|
+
ResourceViolation.add_member(:web_acl_has_out_of_scope_resources_violation, Shapes::ShapeRef.new(shape: WebACLHasOutOfScopeResourcesViolation, location_name: "WebACLHasOutOfScopeResourcesViolation"))
|
|
1181
1188
|
ResourceViolation.struct_class = Types::ResourceViolation
|
|
1182
1189
|
|
|
1183
1190
|
ResourceViolations.member = Shapes::ShapeRef.new(shape: ResourceViolation)
|
|
@@ -1305,6 +1312,14 @@ module Aws::FMS
|
|
|
1305
1312
|
ViolationDetail.add_member(:resource_description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "ResourceDescription"))
|
|
1306
1313
|
ViolationDetail.struct_class = Types::ViolationDetail
|
|
1307
1314
|
|
|
1315
|
+
WebACLHasIncompatibleConfigurationViolation.add_member(:web_acl_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "WebACLArn"))
|
|
1316
|
+
WebACLHasIncompatibleConfigurationViolation.add_member(:description, Shapes::ShapeRef.new(shape: LengthBoundedString, location_name: "Description"))
|
|
1317
|
+
WebACLHasIncompatibleConfigurationViolation.struct_class = Types::WebACLHasIncompatibleConfigurationViolation
|
|
1318
|
+
|
|
1319
|
+
WebACLHasOutOfScopeResourcesViolation.add_member(:web_acl_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "WebACLArn"))
|
|
1320
|
+
WebACLHasOutOfScopeResourcesViolation.add_member(:out_of_scope_resource_list, Shapes::ShapeRef.new(shape: ResourceArnList, location_name: "OutOfScopeResourceList"))
|
|
1321
|
+
WebACLHasOutOfScopeResourcesViolation.struct_class = Types::WebACLHasOutOfScopeResourcesViolation
|
|
1322
|
+
|
|
1308
1323
|
|
|
1309
1324
|
# @api private
|
|
1310
1325
|
API = Seahorse::Model::Api.new.tap do |api|
|
data/lib/aws-sdk-fms/types.rb
CHANGED
|
@@ -1813,6 +1813,8 @@ module Aws::FMS
|
|
|
1813
1813
|
# The ID of the Firewall Manager policy that you want the details for.
|
|
1814
1814
|
# You can get violation details for the following policy types:
|
|
1815
1815
|
#
|
|
1816
|
+
# * WAF
|
|
1817
|
+
#
|
|
1816
1818
|
# * DNS Firewall
|
|
1817
1819
|
#
|
|
1818
1820
|
# * Imported Network Firewall
|
|
@@ -1837,9 +1839,9 @@ module Aws::FMS
|
|
|
1837
1839
|
# @!attribute [rw] resource_type
|
|
1838
1840
|
# The resource type. This is in the format shown in the [Amazon Web
|
|
1839
1841
|
# Services Resource Types Reference][1]. Supported resource types are:
|
|
1840
|
-
# `AWS::
|
|
1841
|
-
# `AWS::EC2::
|
|
1842
|
-
# and `AWS::EC2::Subnet`.
|
|
1842
|
+
# `AWS::WAFv2::WebACL`, `AWS::EC2::Instance`,
|
|
1843
|
+
# `AWS::EC2::NetworkInterface`, `AWS::EC2::SecurityGroup`,
|
|
1844
|
+
# `AWS::NetworkFirewall::FirewallPolicy`, and `AWS::EC2::Subnet`.
|
|
1843
1845
|
#
|
|
1844
1846
|
#
|
|
1845
1847
|
#
|
|
@@ -4588,6 +4590,16 @@ module Aws::FMS
|
|
|
4588
4590
|
# actions.
|
|
4589
4591
|
# @return [Types::PossibleRemediationActions]
|
|
4590
4592
|
#
|
|
4593
|
+
# @!attribute [rw] web_acl_has_incompatible_configuration_violation
|
|
4594
|
+
# The violation details for a web ACL whose configuration is
|
|
4595
|
+
# incompatible with the Firewall Manager policy.
|
|
4596
|
+
# @return [Types::WebACLHasIncompatibleConfigurationViolation]
|
|
4597
|
+
#
|
|
4598
|
+
# @!attribute [rw] web_acl_has_out_of_scope_resources_violation
|
|
4599
|
+
# The violation details for a web ACL that's associated with at least
|
|
4600
|
+
# one resource that's out of scope of the Firewall Manager policy.
|
|
4601
|
+
# @return [Types::WebACLHasOutOfScopeResourcesViolation]
|
|
4602
|
+
#
|
|
4591
4603
|
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ResourceViolation AWS API Documentation
|
|
4592
4604
|
#
|
|
4593
4605
|
class ResourceViolation < Struct.new(
|
|
@@ -4614,7 +4626,9 @@ module Aws::FMS
|
|
|
4614
4626
|
:third_party_firewall_missing_expected_route_table_violation,
|
|
4615
4627
|
:firewall_subnet_missing_vpc_endpoint_violation,
|
|
4616
4628
|
:invalid_network_acl_entries_violation,
|
|
4617
|
-
:possible_remediation_actions
|
|
4629
|
+
:possible_remediation_actions,
|
|
4630
|
+
:web_acl_has_incompatible_configuration_violation,
|
|
4631
|
+
:web_acl_has_out_of_scope_resources_violation)
|
|
4618
4632
|
SENSITIVE = []
|
|
4619
4633
|
include Aws::Structure
|
|
4620
4634
|
end
|
|
@@ -4891,9 +4905,7 @@ module Aws::FMS
|
|
|
4891
4905
|
#
|
|
4892
4906
|
# * Example: `SECURITY_GROUPS_COMMON`
|
|
4893
4907
|
#
|
|
4894
|
-
# `"\{"type":"SECURITY_GROUPS_COMMON","revertManualSecurityGroupChanges":
|
|
4895
|
-
# "applyToAllEC2InstanceENIs":false,"securityGroups":[\{"id":"
|
|
4896
|
-
# sg-000e55995d61a06bd"\}]\}"`
|
|
4908
|
+
# `"\{"type":"SECURITY_GROUPS_COMMON","securityGroups":[\{"id":"sg-03b1f67d69ed00197"\}],"revertManualSecurityGroupChanges":true,"exclusiveResourceSecurityGroupManagement":true,"applyToAllEC2InstanceENIs":false,"includeSharedVPC":true,"enableSecurityGroupReferencesDistribution":true\}"`
|
|
4897
4909
|
#
|
|
4898
4910
|
# * Example: `SECURITY_GROUPS_COMMON` - Security group tag
|
|
4899
4911
|
# distribution
|
|
@@ -4922,7 +4934,7 @@ module Aws::FMS
|
|
|
4922
4934
|
#
|
|
4923
4935
|
# * Example: `SECURITY_GROUPS_CONTENT_AUDIT`
|
|
4924
4936
|
#
|
|
4925
|
-
# `"\{"type":"SECURITY_GROUPS_CONTENT_AUDIT","securityGroups":[\{"id":"sg-
|
|
4937
|
+
# `"\{"type":"SECURITY_GROUPS_CONTENT_AUDIT","preManagedOptions":[\{"denyProtocolAllValue":true\},\{"auditSgDirection":\{"type":"ALL"\}\}],"securityGroups":[\{"id":"sg-049b2393a25468971"\}],"securityGroupAction":\{"type":"ALLOW"\}\}"`
|
|
4926
4938
|
#
|
|
4927
4939
|
# The security group action for content audit can be `ALLOW` or
|
|
4928
4940
|
# `DENY`. For `ALLOW`, all in-scope security group rules must be
|
|
@@ -4933,7 +4945,7 @@ module Aws::FMS
|
|
|
4933
4945
|
#
|
|
4934
4946
|
# * Example: `SECURITY_GROUPS_USAGE_AUDIT`
|
|
4935
4947
|
#
|
|
4936
|
-
# `"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true\}"`
|
|
4948
|
+
# `"\{"type":"SECURITY_GROUPS_USAGE_AUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true,"optionalDelayForUnusedInMinutes":60\}"`
|
|
4937
4949
|
#
|
|
4938
4950
|
# * Example: `SHIELD_ADVANCED` with web ACL management
|
|
4939
4951
|
#
|
|
@@ -5072,7 +5084,7 @@ module Aws::FMS
|
|
|
5072
5084
|
# * Example: `WAFV2` - Firewall Manager support for WAF managed rule
|
|
5073
5085
|
# group versioning
|
|
5074
5086
|
#
|
|
5075
|
-
# `"\{"
|
|
5087
|
+
# `"\{"preProcessRuleGroups":[\{"ruleGroupType":"ManagedRuleGroup","overrideAction":\{"type":"NONE"\},"sampledRequestsEnabled":true,"managedRuleGroupIdentifier":\{"managedRuleGroupName":"AWSManagedRulesAdminProtectionRuleSet","vendorName":"AWS","managedRuleGroupConfigs":null\}\}],"postProcessRuleGroups":[],"defaultAction":\{"type":"ALLOW"\},"customRequestHandling":null,"tokenDomains":null,"customResponse":null,"type":"WAFV2","overrideCustomerWebACLAssociation":false,"sampledRequestsEnabledForDefaultActions":true,"optimizeUnassociatedWebACL":true,"webACLSource":"RETROFIT_EXISTING"\}"`
|
|
5076
5088
|
#
|
|
5077
5089
|
# To use a specific version of a WAF managed rule group in your
|
|
5078
5090
|
# Firewall Manager policy, you must set `versionEnabled` to `true`,
|
|
@@ -5111,10 +5123,7 @@ module Aws::FMS
|
|
|
5111
5123
|
#
|
|
5112
5124
|
# * Example: `WAF Classic`
|
|
5113
5125
|
#
|
|
5114
|
-
# `"\{"type":
|
|
5115
|
-
# [\{"id":"12345678-1bcd-9012-efga-0987654321ab",
|
|
5116
|
-
# "overrideAction" : \{"type": "COUNT"\}\}],
|
|
5117
|
-
# "defaultAction": \{"type": "BLOCK"\}\}"`
|
|
5126
|
+
# `"\{"ruleGroups":[\{"id":"78cb36c0-1b5e-4d7d-82b2-cf48d3ad9659","overrideAction":\{"type":"NONE"\}\}],"overrideCustomerWebACLAssociation":true,"defaultAction":\{"type":"ALLOW"\},"type":"WAF"\}"`
|
|
5118
5127
|
#
|
|
5119
5128
|
#
|
|
5120
5129
|
#
|
|
@@ -5542,6 +5551,48 @@ module Aws::FMS
|
|
|
5542
5551
|
include Aws::Structure
|
|
5543
5552
|
end
|
|
5544
5553
|
|
|
5554
|
+
# The violation details for a web ACL whose configuration is
|
|
5555
|
+
# incompatible with the Firewall Manager policy.
|
|
5556
|
+
#
|
|
5557
|
+
# @!attribute [rw] web_acl_arn
|
|
5558
|
+
# The Amazon Resource Name (ARN) of the web ACL.
|
|
5559
|
+
# @return [String]
|
|
5560
|
+
#
|
|
5561
|
+
# @!attribute [rw] description
|
|
5562
|
+
# Information about the problems that Firewall Manager encountered
|
|
5563
|
+
# with the web ACL configuration.
|
|
5564
|
+
# @return [String]
|
|
5565
|
+
#
|
|
5566
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/WebACLHasIncompatibleConfigurationViolation AWS API Documentation
|
|
5567
|
+
#
|
|
5568
|
+
class WebACLHasIncompatibleConfigurationViolation < Struct.new(
|
|
5569
|
+
:web_acl_arn,
|
|
5570
|
+
:description)
|
|
5571
|
+
SENSITIVE = []
|
|
5572
|
+
include Aws::Structure
|
|
5573
|
+
end
|
|
5574
|
+
|
|
5575
|
+
# The violation details for a web ACL that's associated with at least
|
|
5576
|
+
# one resource that's out of scope of the Firewall Manager policy.
|
|
5577
|
+
#
|
|
5578
|
+
# @!attribute [rw] web_acl_arn
|
|
5579
|
+
# The Amazon Resource Name (ARN) of the web ACL.
|
|
5580
|
+
# @return [String]
|
|
5581
|
+
#
|
|
5582
|
+
# @!attribute [rw] out_of_scope_resource_list
|
|
5583
|
+
# An array of Amazon Resource Name (ARN) for the resources that are
|
|
5584
|
+
# out of scope of the policy and are associated with the web ACL.
|
|
5585
|
+
# @return [Array<String>]
|
|
5586
|
+
#
|
|
5587
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/WebACLHasOutOfScopeResourcesViolation AWS API Documentation
|
|
5588
|
+
#
|
|
5589
|
+
class WebACLHasOutOfScopeResourcesViolation < Struct.new(
|
|
5590
|
+
:web_acl_arn,
|
|
5591
|
+
:out_of_scope_resource_list)
|
|
5592
|
+
SENSITIVE = []
|
|
5593
|
+
include Aws::Structure
|
|
5594
|
+
end
|
|
5595
|
+
|
|
5545
5596
|
end
|
|
5546
5597
|
end
|
|
5547
5598
|
|
data/lib/aws-sdk-fms.rb
CHANGED
data/sig/types.rbs
CHANGED
|
@@ -123,7 +123,7 @@ module Aws::FMS
|
|
|
123
123
|
|
|
124
124
|
class ComplianceViolator
|
|
125
125
|
attr_accessor resource_id: ::String
|
|
126
|
-
attr_accessor violation_reason: ("WEB_ACL_MISSING_RULE_GROUP" | "RESOURCE_MISSING_WEB_ACL" | "RESOURCE_INCORRECT_WEB_ACL" | "RESOURCE_MISSING_SHIELD_PROTECTION" | "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION" | "RESOURCE_MISSING_SECURITY_GROUP" | "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP" | "SECURITY_GROUP_UNUSED" | "SECURITY_GROUP_REDUNDANT" | "FMS_CREATED_SECURITY_GROUP_EDITED" | "MISSING_FIREWALL" | "MISSING_FIREWALL_SUBNET_IN_AZ" | "MISSING_EXPECTED_ROUTE_TABLE" | "NETWORK_FIREWALL_POLICY_MODIFIED" | "FIREWALL_SUBNET_IS_OUT_OF_SCOPE" | "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE" | "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE" | "UNEXPECTED_FIREWALL_ROUTES" | "UNEXPECTED_TARGET_GATEWAY_ROUTES" | "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY" | "INVALID_ROUTE_CONFIGURATION" | "MISSING_TARGET_GATEWAY" | "INTERNET_TRAFFIC_NOT_INSPECTED" | "BLACK_HOLE_ROUTE_DETECTED" | "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET" | "RESOURCE_MISSING_DNS_FIREWALL" | "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT" | "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT" | "INVALID_NETWORK_ACL_ENTRY")
|
|
126
|
+
attr_accessor violation_reason: ("WEB_ACL_MISSING_RULE_GROUP" | "RESOURCE_MISSING_WEB_ACL" | "RESOURCE_INCORRECT_WEB_ACL" | "RESOURCE_MISSING_SHIELD_PROTECTION" | "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION" | "RESOURCE_MISSING_SECURITY_GROUP" | "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP" | "SECURITY_GROUP_UNUSED" | "SECURITY_GROUP_REDUNDANT" | "FMS_CREATED_SECURITY_GROUP_EDITED" | "MISSING_FIREWALL" | "MISSING_FIREWALL_SUBNET_IN_AZ" | "MISSING_EXPECTED_ROUTE_TABLE" | "NETWORK_FIREWALL_POLICY_MODIFIED" | "FIREWALL_SUBNET_IS_OUT_OF_SCOPE" | "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE" | "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE" | "UNEXPECTED_FIREWALL_ROUTES" | "UNEXPECTED_TARGET_GATEWAY_ROUTES" | "TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY" | "INVALID_ROUTE_CONFIGURATION" | "MISSING_TARGET_GATEWAY" | "INTERNET_TRAFFIC_NOT_INSPECTED" | "BLACK_HOLE_ROUTE_DETECTED" | "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET" | "RESOURCE_MISSING_DNS_FIREWALL" | "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT" | "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT" | "INVALID_NETWORK_ACL_ENTRY" | "WEB_ACL_CONFIGURATION_OR_SCOPE_OF_USE")
|
|
127
127
|
attr_accessor resource_type: ::String
|
|
128
128
|
attr_accessor metadata: ::Hash[::String, ::String]
|
|
129
129
|
SENSITIVE: []
|
|
@@ -1081,6 +1081,8 @@ module Aws::FMS
|
|
|
1081
1081
|
attr_accessor firewall_subnet_missing_vpc_endpoint_violation: Types::FirewallSubnetMissingVPCEndpointViolation
|
|
1082
1082
|
attr_accessor invalid_network_acl_entries_violation: Types::InvalidNetworkAclEntriesViolation
|
|
1083
1083
|
attr_accessor possible_remediation_actions: Types::PossibleRemediationActions
|
|
1084
|
+
attr_accessor web_acl_has_incompatible_configuration_violation: Types::WebACLHasIncompatibleConfigurationViolation
|
|
1085
|
+
attr_accessor web_acl_has_out_of_scope_resources_violation: Types::WebACLHasOutOfScopeResourcesViolation
|
|
1084
1086
|
SENSITIVE: []
|
|
1085
1087
|
end
|
|
1086
1088
|
|
|
@@ -1224,5 +1226,17 @@ module Aws::FMS
|
|
|
1224
1226
|
attr_accessor resource_description: ::String
|
|
1225
1227
|
SENSITIVE: []
|
|
1226
1228
|
end
|
|
1229
|
+
|
|
1230
|
+
class WebACLHasIncompatibleConfigurationViolation
|
|
1231
|
+
attr_accessor web_acl_arn: ::String
|
|
1232
|
+
attr_accessor description: ::String
|
|
1233
|
+
SENSITIVE: []
|
|
1234
|
+
end
|
|
1235
|
+
|
|
1236
|
+
class WebACLHasOutOfScopeResourcesViolation
|
|
1237
|
+
attr_accessor web_acl_arn: ::String
|
|
1238
|
+
attr_accessor out_of_scope_resource_list: ::Array[::String]
|
|
1239
|
+
SENSITIVE: []
|
|
1240
|
+
end
|
|
1227
1241
|
end
|
|
1228
1242
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-fms
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.84.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-10-
|
|
11
|
+
date: 2024-10-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-core
|