@aws-sdk/client-fms 3.295.0 → 3.297.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist-types/FMS.d.ts +39 -0
- package/dist-types/FMSClient.d.ts +24 -4
- package/dist-types/commands/AssociateAdminAccountCommand.d.ts +16 -0
- package/dist-types/commands/AssociateThirdPartyFirewallCommand.d.ts +16 -0
- package/dist-types/commands/BatchAssociateResourceCommand.d.ts +16 -0
- package/dist-types/commands/BatchDisassociateResourceCommand.d.ts +16 -0
- package/dist-types/commands/DeleteAppsListCommand.d.ts +16 -0
- package/dist-types/commands/DeleteNotificationChannelCommand.d.ts +16 -0
- package/dist-types/commands/DeletePolicyCommand.d.ts +16 -0
- package/dist-types/commands/DeleteProtocolsListCommand.d.ts +16 -0
- package/dist-types/commands/DeleteResourceSetCommand.d.ts +16 -0
- package/dist-types/commands/DisassociateAdminAccountCommand.d.ts +16 -0
- package/dist-types/commands/DisassociateThirdPartyFirewallCommand.d.ts +16 -0
- package/dist-types/commands/GetAdminAccountCommand.d.ts +16 -0
- package/dist-types/commands/GetAppsListCommand.d.ts +16 -0
- package/dist-types/commands/GetComplianceDetailCommand.d.ts +16 -0
- package/dist-types/commands/GetNotificationChannelCommand.d.ts +16 -0
- package/dist-types/commands/GetPolicyCommand.d.ts +16 -0
- package/dist-types/commands/GetProtectionStatusCommand.d.ts +16 -0
- package/dist-types/commands/GetProtocolsListCommand.d.ts +16 -0
- package/dist-types/commands/GetResourceSetCommand.d.ts +16 -0
- package/dist-types/commands/GetThirdPartyFirewallAssociationStatusCommand.d.ts +16 -0
- package/dist-types/commands/GetViolationDetailsCommand.d.ts +16 -0
- package/dist-types/commands/ListAppsListsCommand.d.ts +16 -0
- package/dist-types/commands/ListComplianceStatusCommand.d.ts +16 -0
- package/dist-types/commands/ListDiscoveredResourcesCommand.d.ts +16 -0
- package/dist-types/commands/ListMemberAccountsCommand.d.ts +16 -0
- package/dist-types/commands/ListPoliciesCommand.d.ts +16 -0
- package/dist-types/commands/ListProtocolsListsCommand.d.ts +16 -0
- package/dist-types/commands/ListResourceSetResourcesCommand.d.ts +16 -0
- package/dist-types/commands/ListResourceSetsCommand.d.ts +16 -0
- package/dist-types/commands/ListTagsForResourceCommand.d.ts +16 -0
- package/dist-types/commands/ListThirdPartyFirewallFirewallPoliciesCommand.d.ts +16 -0
- package/dist-types/commands/PutAppsListCommand.d.ts +16 -0
- package/dist-types/commands/PutNotificationChannelCommand.d.ts +16 -0
- package/dist-types/commands/PutPolicyCommand.d.ts +16 -0
- package/dist-types/commands/PutProtocolsListCommand.d.ts +16 -0
- package/dist-types/commands/PutResourceSetCommand.d.ts +16 -0
- package/dist-types/commands/TagResourceCommand.d.ts +16 -0
- package/dist-types/commands/UntagResourceCommand.d.ts +16 -0
- package/dist-types/models/FMSServiceException.d.ts +2 -0
- package/dist-types/models/models_0.d.ts +378 -50
- package/dist-types/pagination/Interfaces.d.ts +3 -0
- package/dist-types/pagination/ListAppsListsPaginator.d.ts +3 -0
- package/dist-types/pagination/ListComplianceStatusPaginator.d.ts +3 -0
- package/dist-types/pagination/ListMemberAccountsPaginator.d.ts +3 -0
- package/dist-types/pagination/ListPoliciesPaginator.d.ts +3 -0
- package/dist-types/pagination/ListProtocolsListsPaginator.d.ts +3 -0
- package/dist-types/pagination/ListThirdPartyFirewallFirewallPoliciesPaginator.d.ts +3 -0
- package/package.json +29 -29
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
import { ExceptionOptionType as __ExceptionOptionType } from "@aws-sdk/smithy-client";
|
|
2
2
|
import { FMSServiceException as __BaseException } from "./FMSServiceException";
|
|
3
|
+
/**
|
|
4
|
+
* @public
|
|
5
|
+
*/
|
|
3
6
|
export declare enum AccountRoleStatus {
|
|
4
7
|
Creating = "CREATING",
|
|
5
8
|
Deleted = "DELETED",
|
|
@@ -8,6 +11,7 @@ export declare enum AccountRoleStatus {
|
|
|
8
11
|
Ready = "READY"
|
|
9
12
|
}
|
|
10
13
|
/**
|
|
14
|
+
* @public
|
|
11
15
|
* <p>Describes a remediation action target.</p>
|
|
12
16
|
*/
|
|
13
17
|
export interface ActionTarget {
|
|
@@ -21,6 +25,7 @@ export interface ActionTarget {
|
|
|
21
25
|
Description?: string;
|
|
22
26
|
}
|
|
23
27
|
/**
|
|
28
|
+
* @public
|
|
24
29
|
* <p>An individual Firewall Manager application.</p>
|
|
25
30
|
*/
|
|
26
31
|
export interface App {
|
|
@@ -38,6 +43,7 @@ export interface App {
|
|
|
38
43
|
Port: number | undefined;
|
|
39
44
|
}
|
|
40
45
|
/**
|
|
46
|
+
* @public
|
|
41
47
|
* <p>An Firewall Manager applications list.</p>
|
|
42
48
|
*/
|
|
43
49
|
export interface AppsListData {
|
|
@@ -73,6 +79,7 @@ export interface AppsListData {
|
|
|
73
79
|
PreviousAppsList?: Record<string, App[]>;
|
|
74
80
|
}
|
|
75
81
|
/**
|
|
82
|
+
* @public
|
|
76
83
|
* <p>Details of the Firewall Manager applications list.</p>
|
|
77
84
|
*/
|
|
78
85
|
export interface AppsListDataSummary {
|
|
@@ -93,6 +100,9 @@ export interface AppsListDataSummary {
|
|
|
93
100
|
*/
|
|
94
101
|
AppsList?: App[];
|
|
95
102
|
}
|
|
103
|
+
/**
|
|
104
|
+
* @public
|
|
105
|
+
*/
|
|
96
106
|
export interface AssociateAdminAccountRequest {
|
|
97
107
|
/**
|
|
98
108
|
* <p>The Amazon Web Services account ID to associate with Firewall Manager as the Firewall Manager
|
|
@@ -103,6 +113,7 @@ export interface AssociateAdminAccountRequest {
|
|
|
103
113
|
AdminAccount: string | undefined;
|
|
104
114
|
}
|
|
105
115
|
/**
|
|
116
|
+
* @public
|
|
106
117
|
* <p>The operation failed because of a system problem, even though the request was valid. Retry
|
|
107
118
|
* your request.</p>
|
|
108
119
|
*/
|
|
@@ -116,6 +127,7 @@ export declare class InternalErrorException extends __BaseException {
|
|
|
116
127
|
constructor(opts: __ExceptionOptionType<InternalErrorException, __BaseException>);
|
|
117
128
|
}
|
|
118
129
|
/**
|
|
130
|
+
* @public
|
|
119
131
|
* <p>The parameters of the request were invalid.</p>
|
|
120
132
|
*/
|
|
121
133
|
export declare class InvalidInputException extends __BaseException {
|
|
@@ -128,6 +140,7 @@ export declare class InvalidInputException extends __BaseException {
|
|
|
128
140
|
constructor(opts: __ExceptionOptionType<InvalidInputException, __BaseException>);
|
|
129
141
|
}
|
|
130
142
|
/**
|
|
143
|
+
* @public
|
|
131
144
|
* <p>The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have
|
|
132
145
|
* submitted an <code>AssociateAdminAccount</code> request for an account ID that
|
|
133
146
|
* was already set as the Firewall Manager administrator. Or you might have tried to access a Region
|
|
@@ -144,6 +157,7 @@ export declare class InvalidOperationException extends __BaseException {
|
|
|
144
157
|
constructor(opts: __ExceptionOptionType<InvalidOperationException, __BaseException>);
|
|
145
158
|
}
|
|
146
159
|
/**
|
|
160
|
+
* @public
|
|
147
161
|
* <p>The operation exceeds a resource limit, for example, the maximum number of
|
|
148
162
|
* <code>policy</code> objects that you can create for an Amazon Web Services account. For more information,
|
|
149
163
|
* see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html">Firewall
|
|
@@ -159,6 +173,7 @@ export declare class LimitExceededException extends __BaseException {
|
|
|
159
173
|
constructor(opts: __ExceptionOptionType<LimitExceededException, __BaseException>);
|
|
160
174
|
}
|
|
161
175
|
/**
|
|
176
|
+
* @public
|
|
162
177
|
* <p>The specified resource was not found.</p>
|
|
163
178
|
*/
|
|
164
179
|
export declare class ResourceNotFoundException extends __BaseException {
|
|
@@ -170,16 +185,25 @@ export declare class ResourceNotFoundException extends __BaseException {
|
|
|
170
185
|
*/
|
|
171
186
|
constructor(opts: __ExceptionOptionType<ResourceNotFoundException, __BaseException>);
|
|
172
187
|
}
|
|
188
|
+
/**
|
|
189
|
+
* @public
|
|
190
|
+
*/
|
|
173
191
|
export declare enum ThirdPartyFirewall {
|
|
174
192
|
FORTIGATE_CLOUD_NATIVE_FIREWALL = "FORTIGATE_CLOUD_NATIVE_FIREWALL",
|
|
175
193
|
PALO_ALTO_NETWORKS_CLOUD_NGFW = "PALO_ALTO_NETWORKS_CLOUD_NGFW"
|
|
176
194
|
}
|
|
195
|
+
/**
|
|
196
|
+
* @public
|
|
197
|
+
*/
|
|
177
198
|
export interface AssociateThirdPartyFirewallRequest {
|
|
178
199
|
/**
|
|
179
200
|
* <p>The name of the third-party firewall vendor.</p>
|
|
180
201
|
*/
|
|
181
202
|
ThirdPartyFirewall: ThirdPartyFirewall | string | undefined;
|
|
182
203
|
}
|
|
204
|
+
/**
|
|
205
|
+
* @public
|
|
206
|
+
*/
|
|
183
207
|
export declare enum ThirdPartyFirewallAssociationStatus {
|
|
184
208
|
NOT_EXIST = "NOT_EXIST",
|
|
185
209
|
OFFBOARDING = "OFFBOARDING",
|
|
@@ -187,6 +211,9 @@ export declare enum ThirdPartyFirewallAssociationStatus {
|
|
|
187
211
|
ONBOARDING = "ONBOARDING",
|
|
188
212
|
ONBOARD_COMPLETE = "ONBOARD_COMPLETE"
|
|
189
213
|
}
|
|
214
|
+
/**
|
|
215
|
+
* @public
|
|
216
|
+
*/
|
|
190
217
|
export interface AssociateThirdPartyFirewallResponse {
|
|
191
218
|
/**
|
|
192
219
|
* <p>The current status for setting a Firewall Manager policy administrator's account as an administrator of the third-party firewall tenant.</p>
|
|
@@ -216,6 +243,7 @@ export interface AssociateThirdPartyFirewallResponse {
|
|
|
216
243
|
ThirdPartyFirewallStatus?: ThirdPartyFirewallAssociationStatus | string;
|
|
217
244
|
}
|
|
218
245
|
/**
|
|
246
|
+
* @public
|
|
219
247
|
* <p>Violation detail for network interfaces associated with an EC2 instance.</p>
|
|
220
248
|
*/
|
|
221
249
|
export interface AwsEc2NetworkInterfaceViolation {
|
|
@@ -229,6 +257,7 @@ export interface AwsEc2NetworkInterfaceViolation {
|
|
|
229
257
|
ViolatingSecurityGroups?: string[];
|
|
230
258
|
}
|
|
231
259
|
/**
|
|
260
|
+
* @public
|
|
232
261
|
* <p>Violation detail for an EC2 instance resource.</p>
|
|
233
262
|
*/
|
|
234
263
|
export interface AwsEc2InstanceViolation {
|
|
@@ -241,6 +270,9 @@ export interface AwsEc2InstanceViolation {
|
|
|
241
270
|
*/
|
|
242
271
|
AwsEc2NetworkInterfaceViolations?: AwsEc2NetworkInterfaceViolation[];
|
|
243
272
|
}
|
|
273
|
+
/**
|
|
274
|
+
* @public
|
|
275
|
+
*/
|
|
244
276
|
export interface BatchAssociateResourceRequest {
|
|
245
277
|
/**
|
|
246
278
|
* <p>A unique identifier for the resource set, used in a TODO to refer to the resource set.</p>
|
|
@@ -251,6 +283,9 @@ export interface BatchAssociateResourceRequest {
|
|
|
251
283
|
*/
|
|
252
284
|
Items: string[] | undefined;
|
|
253
285
|
}
|
|
286
|
+
/**
|
|
287
|
+
* @public
|
|
288
|
+
*/
|
|
254
289
|
export declare enum FailedItemReason {
|
|
255
290
|
NotValidAccountId = "NOT_VALID_ACCOUNT_ID",
|
|
256
291
|
NotValidArn = "NOT_VALID_ARN",
|
|
@@ -260,6 +295,7 @@ export declare enum FailedItemReason {
|
|
|
260
295
|
NotValidService = "NOT_VALID_SERVICE"
|
|
261
296
|
}
|
|
262
297
|
/**
|
|
298
|
+
* @public
|
|
263
299
|
* <p>Details of a resource that failed when trying to update it's association to a resource set.</p>
|
|
264
300
|
*/
|
|
265
301
|
export interface FailedItem {
|
|
@@ -272,6 +308,9 @@ export interface FailedItem {
|
|
|
272
308
|
*/
|
|
273
309
|
Reason?: FailedItemReason | string;
|
|
274
310
|
}
|
|
311
|
+
/**
|
|
312
|
+
* @public
|
|
313
|
+
*/
|
|
275
314
|
export interface BatchAssociateResourceResponse {
|
|
276
315
|
/**
|
|
277
316
|
* <p>A unique identifier for the resource set, used in a TODO to refer to the resource set.</p>
|
|
@@ -282,6 +321,9 @@ export interface BatchAssociateResourceResponse {
|
|
|
282
321
|
*/
|
|
283
322
|
FailedItems: FailedItem[] | undefined;
|
|
284
323
|
}
|
|
324
|
+
/**
|
|
325
|
+
* @public
|
|
326
|
+
*/
|
|
285
327
|
export interface BatchDisassociateResourceRequest {
|
|
286
328
|
/**
|
|
287
329
|
* <p>A unique identifier for the resource set, used in a TODO to refer to the resource set.</p>
|
|
@@ -292,6 +334,9 @@ export interface BatchDisassociateResourceRequest {
|
|
|
292
334
|
*/
|
|
293
335
|
Items: string[] | undefined;
|
|
294
336
|
}
|
|
337
|
+
/**
|
|
338
|
+
* @public
|
|
339
|
+
*/
|
|
295
340
|
export interface BatchDisassociateResourceResponse {
|
|
296
341
|
/**
|
|
297
342
|
* <p>A unique identifier for the resource set, used in a TODO to refer to the resource set.</p>
|
|
@@ -302,6 +347,9 @@ export interface BatchDisassociateResourceResponse {
|
|
|
302
347
|
*/
|
|
303
348
|
FailedItems: FailedItem[] | undefined;
|
|
304
349
|
}
|
|
350
|
+
/**
|
|
351
|
+
* @public
|
|
352
|
+
*/
|
|
305
353
|
export interface DeleteAppsListRequest {
|
|
306
354
|
/**
|
|
307
355
|
* <p>The ID of the applications list that you want to delete. You can retrieve this ID from
|
|
@@ -309,8 +357,14 @@ export interface DeleteAppsListRequest {
|
|
|
309
357
|
*/
|
|
310
358
|
ListId: string | undefined;
|
|
311
359
|
}
|
|
360
|
+
/**
|
|
361
|
+
* @public
|
|
362
|
+
*/
|
|
312
363
|
export interface DeleteNotificationChannelRequest {
|
|
313
364
|
}
|
|
365
|
+
/**
|
|
366
|
+
* @public
|
|
367
|
+
*/
|
|
314
368
|
export interface DeletePolicyRequest {
|
|
315
369
|
/**
|
|
316
370
|
* <p>The ID of the policy that you want to delete. You can retrieve this ID from
|
|
@@ -351,6 +405,9 @@ export interface DeletePolicyRequest {
|
|
|
351
405
|
*/
|
|
352
406
|
DeleteAllPolicyResources?: boolean;
|
|
353
407
|
}
|
|
408
|
+
/**
|
|
409
|
+
* @public
|
|
410
|
+
*/
|
|
354
411
|
export interface DeleteProtocolsListRequest {
|
|
355
412
|
/**
|
|
356
413
|
* <p>The ID of the protocols list that you want to delete. You can retrieve this ID from
|
|
@@ -358,28 +415,46 @@ export interface DeleteProtocolsListRequest {
|
|
|
358
415
|
*/
|
|
359
416
|
ListId: string | undefined;
|
|
360
417
|
}
|
|
418
|
+
/**
|
|
419
|
+
* @public
|
|
420
|
+
*/
|
|
361
421
|
export interface DeleteResourceSetRequest {
|
|
362
422
|
/**
|
|
363
423
|
* <p>A unique identifier for the resource set, used in a TODO to refer to the resource set.</p>
|
|
364
424
|
*/
|
|
365
425
|
Identifier: string | undefined;
|
|
366
426
|
}
|
|
427
|
+
/**
|
|
428
|
+
* @public
|
|
429
|
+
*/
|
|
367
430
|
export interface DisassociateAdminAccountRequest {
|
|
368
431
|
}
|
|
432
|
+
/**
|
|
433
|
+
* @public
|
|
434
|
+
*/
|
|
369
435
|
export interface DisassociateThirdPartyFirewallRequest {
|
|
370
436
|
/**
|
|
371
437
|
* <p>The name of the third-party firewall vendor.</p>
|
|
372
438
|
*/
|
|
373
439
|
ThirdPartyFirewall: ThirdPartyFirewall | string | undefined;
|
|
374
440
|
}
|
|
441
|
+
/**
|
|
442
|
+
* @public
|
|
443
|
+
*/
|
|
375
444
|
export interface DisassociateThirdPartyFirewallResponse {
|
|
376
445
|
/**
|
|
377
446
|
* <p>The current status for the disassociation of a Firewall Manager administrators account with a third-party firewall.</p>
|
|
378
447
|
*/
|
|
379
448
|
ThirdPartyFirewallStatus?: ThirdPartyFirewallAssociationStatus | string;
|
|
380
449
|
}
|
|
450
|
+
/**
|
|
451
|
+
* @public
|
|
452
|
+
*/
|
|
381
453
|
export interface GetAdminAccountRequest {
|
|
382
454
|
}
|
|
455
|
+
/**
|
|
456
|
+
* @public
|
|
457
|
+
*/
|
|
383
458
|
export interface GetAdminAccountResponse {
|
|
384
459
|
/**
|
|
385
460
|
* <p>The Amazon Web Services account that is set as the Firewall Manager administrator.</p>
|
|
@@ -391,6 +466,9 @@ export interface GetAdminAccountResponse {
|
|
|
391
466
|
*/
|
|
392
467
|
RoleStatus?: AccountRoleStatus | string;
|
|
393
468
|
}
|
|
469
|
+
/**
|
|
470
|
+
* @public
|
|
471
|
+
*/
|
|
394
472
|
export interface GetAppsListRequest {
|
|
395
473
|
/**
|
|
396
474
|
* <p>The ID of the Firewall Manager applications list that you want the details for.</p>
|
|
@@ -401,6 +479,9 @@ export interface GetAppsListRequest {
|
|
|
401
479
|
*/
|
|
402
480
|
DefaultList?: boolean;
|
|
403
481
|
}
|
|
482
|
+
/**
|
|
483
|
+
* @public
|
|
484
|
+
*/
|
|
404
485
|
export interface GetAppsListResponse {
|
|
405
486
|
/**
|
|
406
487
|
* <p>Information about the specified Firewall Manager applications list.</p>
|
|
@@ -411,6 +492,9 @@ export interface GetAppsListResponse {
|
|
|
411
492
|
*/
|
|
412
493
|
AppsListArn?: string;
|
|
413
494
|
}
|
|
495
|
+
/**
|
|
496
|
+
* @public
|
|
497
|
+
*/
|
|
414
498
|
export interface GetComplianceDetailRequest {
|
|
415
499
|
/**
|
|
416
500
|
* <p>The ID of the policy that you want to get the details for. <code>PolicyId</code> is
|
|
@@ -422,12 +506,18 @@ export interface GetComplianceDetailRequest {
|
|
|
422
506
|
*/
|
|
423
507
|
MemberAccount: string | undefined;
|
|
424
508
|
}
|
|
509
|
+
/**
|
|
510
|
+
* @public
|
|
511
|
+
*/
|
|
425
512
|
export declare enum DependentServiceName {
|
|
426
513
|
AWSConfig = "AWSCONFIG",
|
|
427
514
|
AWSShieldAdvanced = "AWSSHIELD_ADVANCED",
|
|
428
515
|
AWSVirtualPrivateCloud = "AWSVPC",
|
|
429
516
|
AWSWAF = "AWSWAF"
|
|
430
517
|
}
|
|
518
|
+
/**
|
|
519
|
+
* @public
|
|
520
|
+
*/
|
|
431
521
|
export declare enum ViolationReason {
|
|
432
522
|
BlackHoleRouteDetected = "BLACK_HOLE_ROUTE_DETECTED",
|
|
433
523
|
BlackHoleRouteDetectedInFirewallSubnet = "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET",
|
|
@@ -459,6 +549,7 @@ export declare enum ViolationReason {
|
|
|
459
549
|
WebAclMissingRuleGroup = "WEB_ACL_MISSING_RULE_GROUP"
|
|
460
550
|
}
|
|
461
551
|
/**
|
|
552
|
+
* @public
|
|
462
553
|
* <p>Details of the resource that is not protected by the policy.</p>
|
|
463
554
|
*/
|
|
464
555
|
export interface ComplianceViolator {
|
|
@@ -483,6 +574,7 @@ export interface ComplianceViolator {
|
|
|
483
574
|
Metadata?: Record<string, string>;
|
|
484
575
|
}
|
|
485
576
|
/**
|
|
577
|
+
* @public
|
|
486
578
|
* <p>Describes
|
|
487
579
|
* the noncompliant resources in a member account for a specific Firewall Manager policy. A maximum of 100 entries are displayed. If more than 100 resources are
|
|
488
580
|
* noncompliant, <code>EvaluationLimitExceeded</code> is set to <code>True</code>.</p>
|
|
@@ -521,6 +613,9 @@ export interface PolicyComplianceDetail {
|
|
|
521
613
|
*/
|
|
522
614
|
IssueInfoMap?: Record<string, string>;
|
|
523
615
|
}
|
|
616
|
+
/**
|
|
617
|
+
* @public
|
|
618
|
+
*/
|
|
524
619
|
export interface GetComplianceDetailResponse {
|
|
525
620
|
/**
|
|
526
621
|
* <p>Information about the resources and the policy that you specified in the
|
|
@@ -528,8 +623,14 @@ export interface GetComplianceDetailResponse {
|
|
|
528
623
|
*/
|
|
529
624
|
PolicyComplianceDetail?: PolicyComplianceDetail;
|
|
530
625
|
}
|
|
626
|
+
/**
|
|
627
|
+
* @public
|
|
628
|
+
*/
|
|
531
629
|
export interface GetNotificationChannelRequest {
|
|
532
630
|
}
|
|
631
|
+
/**
|
|
632
|
+
* @public
|
|
633
|
+
*/
|
|
533
634
|
export interface GetNotificationChannelResponse {
|
|
534
635
|
/**
|
|
535
636
|
* <p>The SNS topic that records Firewall Manager activity. </p>
|
|
@@ -540,17 +641,24 @@ export interface GetNotificationChannelResponse {
|
|
|
540
641
|
*/
|
|
541
642
|
SnsRoleName?: string;
|
|
542
643
|
}
|
|
644
|
+
/**
|
|
645
|
+
* @public
|
|
646
|
+
*/
|
|
543
647
|
export interface GetPolicyRequest {
|
|
544
648
|
/**
|
|
545
649
|
* <p>The ID of the Firewall Manager policy that you want the details for.</p>
|
|
546
650
|
*/
|
|
547
651
|
PolicyId: string | undefined;
|
|
548
652
|
}
|
|
653
|
+
/**
|
|
654
|
+
* @public
|
|
655
|
+
*/
|
|
549
656
|
export declare enum CustomerPolicyScopeIdType {
|
|
550
657
|
ACCOUNT = "ACCOUNT",
|
|
551
658
|
ORG_UNIT = "ORG_UNIT"
|
|
552
659
|
}
|
|
553
660
|
/**
|
|
661
|
+
* @public
|
|
554
662
|
* <p>The resource tags that Firewall Manager uses to determine if a particular resource
|
|
555
663
|
* should be included or excluded from the Firewall Manager policy. Tags enable you to
|
|
556
664
|
* categorize your Amazon Web Services resources in different ways, for example, by purpose, owner, or
|
|
@@ -569,11 +677,15 @@ export interface ResourceTag {
|
|
|
569
677
|
*/
|
|
570
678
|
Value?: string;
|
|
571
679
|
}
|
|
680
|
+
/**
|
|
681
|
+
* @public
|
|
682
|
+
*/
|
|
572
683
|
export declare enum FirewallDeploymentModel {
|
|
573
684
|
CENTRALIZED = "CENTRALIZED",
|
|
574
685
|
DISTRIBUTED = "DISTRIBUTED"
|
|
575
686
|
}
|
|
576
687
|
/**
|
|
688
|
+
* @public
|
|
577
689
|
* <p>Configures the firewall policy deployment model of Network Firewall. For information about
|
|
578
690
|
* Network Firewall deployment models, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/architectures.html">Network Firewall example
|
|
579
691
|
* architectures with routing</a> in the <i>Network Firewall Developer
|
|
@@ -587,6 +699,7 @@ export interface NetworkFirewallPolicy {
|
|
|
587
699
|
FirewallDeploymentModel?: FirewallDeploymentModel | string;
|
|
588
700
|
}
|
|
589
701
|
/**
|
|
702
|
+
* @public
|
|
590
703
|
* <p>Configures the deployment model for the third-party firewall.</p>
|
|
591
704
|
*/
|
|
592
705
|
export interface ThirdPartyFirewallPolicy {
|
|
@@ -596,6 +709,7 @@ export interface ThirdPartyFirewallPolicy {
|
|
|
596
709
|
FirewallDeploymentModel?: FirewallDeploymentModel | string;
|
|
597
710
|
}
|
|
598
711
|
/**
|
|
712
|
+
* @public
|
|
599
713
|
* <p>Contains the Network Firewall firewall policy options to configure the policy's deployment model and third-party firewall policy settings.</p>
|
|
600
714
|
*/
|
|
601
715
|
export interface PolicyOption {
|
|
@@ -608,6 +722,9 @@ export interface PolicyOption {
|
|
|
608
722
|
*/
|
|
609
723
|
ThirdPartyFirewallPolicy?: ThirdPartyFirewallPolicy;
|
|
610
724
|
}
|
|
725
|
+
/**
|
|
726
|
+
* @public
|
|
727
|
+
*/
|
|
611
728
|
export declare enum SecurityServiceType {
|
|
612
729
|
DNS_FIREWALL = "DNS_FIREWALL",
|
|
613
730
|
IMPORT_NETWORK_FIREWALL = "IMPORT_NETWORK_FIREWALL",
|
|
@@ -621,6 +738,7 @@ export declare enum SecurityServiceType {
|
|
|
621
738
|
WAFV2 = "WAFV2"
|
|
622
739
|
}
|
|
623
740
|
/**
|
|
741
|
+
* @public
|
|
624
742
|
* <p>Details about the security service that is being used to protect the resources.</p>
|
|
625
743
|
*/
|
|
626
744
|
export interface SecurityServicePolicyData {
|
|
@@ -639,7 +757,7 @@ export interface SecurityServicePolicyData {
|
|
|
639
757
|
* <p>Example: <code>DNS_FIREWALL</code>
|
|
640
758
|
* </p>
|
|
641
759
|
* <p>
|
|
642
|
-
* <code>"{\"type\":\"DNS_FIREWALL\",\"preProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-1\",\"priority\":10}],\"postProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-2\",\"priority\":9911}]}"</code>
|
|
760
|
+
* <code>"\{\"type\":\"DNS_FIREWALL\",\"preProcessRuleGroups\":[\{\"ruleGroupId\":\"rslvr-frg-1\",\"priority\":10\}],\"postProcessRuleGroups\":[\{\"ruleGroupId\":\"rslvr-frg-2\",\"priority\":9911\}]\}"</code>
|
|
643
761
|
* </p>
|
|
644
762
|
* <note>
|
|
645
763
|
* <p>Valid values for <code>preProcessRuleGroups</code> are between 1 and 99. Valid
|
|
@@ -650,7 +768,7 @@ export interface SecurityServicePolicyData {
|
|
|
650
768
|
* <p>Example: <code>NETWORK_FIREWALL</code> - Centralized deployment
|
|
651
769
|
* model</p>
|
|
652
770
|
* <p>
|
|
653
|
-
* <code>"{\"type\":\"NETWORK_FIREWALL\",\"awsNetworkFirewallConfig\"
|
|
771
|
+
* <code>"\{\"type\":\"NETWORK_FIREWALL\",\"awsNetworkFirewallConfig\":\{\"networkFirewallStatelessRuleGroupReferences\":[\{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1\}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[\{\"actionName\":\"customActionName\",\"actionDefinition\":\{\"publishMetricAction\":\{\"dimensions\":[\{\"value\":\"metricdimensionvalue\"\}]\}\}\}],\"networkFirewallStatefulRuleGroupReferences\":[\{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"\}],\"networkFirewallLoggingConfiguration\":\{\"logDestinationConfigs\":[\{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":\{\"bucketName\":\"s3-bucket-name\"\}\},\{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":\{\"bucketName\":\"s3-bucket-name\"\}\}],\"overrideExistingConfig\":true\}\},\"firewallDeploymentModel\":\{\"centralizedFirewallDeploymentModel\":\{\"centralizedFirewallOrchestrationConfig\":\{\"inspectionVpcIds\":[\{\"resourceId\":\"vpc-1234\",\"accountId\":\"123456789011\"\}],\"firewallCreationConfig\":\{\"endpointLocation\":\{\"availabilityZoneConfigList\":[\{\"availabilityZoneId\":null,\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]\}]\}\},\"allowedIPV4CidrList\":[]\}\}\}\}"</code>
|
|
654
772
|
* </p>
|
|
655
773
|
* <p> To use the centralized deployment model, you must set <a href="https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html">PolicyOption</a> to
|
|
656
774
|
* <code>CENTRALIZED</code>. </p>
|
|
@@ -660,7 +778,7 @@ export interface SecurityServicePolicyData {
|
|
|
660
778
|
* automatic Availability Zone configuration</p>
|
|
661
779
|
* <p>
|
|
662
780
|
* <code>
|
|
663
|
-
* "{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\"
|
|
781
|
+
* "\{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[\{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1\}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[\{\"actionName\":\"customActionName\",\"actionDefinition\":\{\"publishMetricAction\":\{\"dimensions\":[\{\"value\":\"metricdimensionvalue\"\}]\}\}\}],\"networkFirewallStatefulRuleGroupReferences\":[\{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"\}],\"networkFirewallOrchestrationConfig\":\{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"OFF\"\},\"networkFirewallLoggingConfiguration\":\{\"logDestinationConfigs\":[\{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":\{\"bucketName\":\"s3-bucket-name\"\}\},\{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":\{\"bucketName\":\"s3-bucket-name\"\}\}],\"overrideExistingConfig\":true\}\}"
|
|
664
782
|
* </code>
|
|
665
783
|
* </p>
|
|
666
784
|
* <p> With automatic Availbility Zone configuration, Firewall Manager chooses which Availability Zones to create the endpoints in. To use the distributed deployment model, you must set <a href="https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html">PolicyOption</a> to
|
|
@@ -671,7 +789,7 @@ export interface SecurityServicePolicyData {
|
|
|
671
789
|
* automatic Availability Zone configuration and route management</p>
|
|
672
790
|
* <p>
|
|
673
791
|
* <code>
|
|
674
|
-
* "{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\"
|
|
792
|
+
* "\{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[\{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1\}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[\{\"actionName\":\"customActionName\",\"actionDefinition\":\{\"publishMetricAction\":\{\"dimensions\":[\{\"value\":\"metricdimensionvalue\"\}]\}\}\}],\"networkFirewallStatefulRuleGroupReferences\":[\{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"\}],\"networkFirewallOrchestrationConfig\":\{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"]\},\"networkFirewallLoggingConfiguration\":\{\"logDestinationConfigs\":[\{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":\{\"bucketName\":\"s3-bucket-name\"\}\},\{\"logDestinationType\":\"S3\",\"logType\": \"FLOW\",\"logDestination\":\{\"bucketName\":\"s3-bucket-name\"\}\}],\"overrideExistingConfig\":true\}\}"
|
|
675
793
|
* </code>
|
|
676
794
|
* </p>
|
|
677
795
|
* <p>To use the distributed deployment model, you must set <a href="https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html">PolicyOption</a> to
|
|
@@ -681,7 +799,7 @@ export interface SecurityServicePolicyData {
|
|
|
681
799
|
* <p>Example: <code>NETWORK_FIREWALL</code> - Distributed deployment model with
|
|
682
800
|
* custom Availability Zone configuration</p>
|
|
683
801
|
* <p>
|
|
684
|
-
* <code>"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\", \"actionDefinition\"
|
|
802
|
+
* <code>"\{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[\{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1\}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[\{\"actionName\":\"customActionName\", \"actionDefinition\":\{\"publishMetricAction\":\{\"dimensions\":[\{\"value\":\"metricdimensionvalue\"\}]\}\}\},\{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":\{\"publishMetricAction\":\{\"dimensions\":[\{\"value\":\"fragmentmetricdimensionvalue\"\}]\}\}\}],\"networkFirewallStatefulRuleGroupReferences\":[\{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"\}],\"networkFirewallOrchestrationConfig\":\{\"firewallCreationConfig\":\{ \"endpointLocation\":\{\"availabilityZoneConfigList\":[\{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]\},\{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[ \"10.0.0.0/28\"]\}]\} \},\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"OFF\",\"networkFirewallLoggingConfiguration\":\{\"logDestinationConfigs\":[\{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":\{\"bucketName\":\"s3-bucket-name\"\}\},\{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":\{\"bucketName\":\"s3-bucket-name\"\}\}],\"overrideExistingConfig\":boolean\}\}"
|
|
685
803
|
* </code>
|
|
686
804
|
* </p>
|
|
687
805
|
* <p>
|
|
@@ -696,7 +814,7 @@ export interface SecurityServicePolicyData {
|
|
|
696
814
|
* <p>Example: <code>NETWORK_FIREWALL</code> - Distributed deployment model with
|
|
697
815
|
* custom Availability Zone configuration and route management</p>
|
|
698
816
|
* <p>
|
|
699
|
-
* <code>"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\"
|
|
817
|
+
* <code>"\{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[\{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1\}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[\{\"actionName\":\"customActionName\",\"actionDefinition\":\{\"publishMetricAction\":\{\"dimensions\":[\{\"value\":\"metricdimensionvalue\"\}]\}\}\},\{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":\{\"publishMetricAction\":\{\"dimensions\":[\{\"value\":\"fragmentmetricdimensionvalue\"\}]\}\}\}],\"networkFirewallStatefulRuleGroupReferences\":[\{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"\}],\"networkFirewallOrchestrationConfig\":\{\"firewallCreationConfig\":\{\"endpointLocation\":\{\"availabilityZoneConfigList\":[\{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]\},\{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]\}]\}\},\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"],\"routeManagementConfig\":\{\"allowCrossAZTrafficIfNoEndpoint\":true\}\},\"networkFirewallLoggingConfiguration\":\{\"logDestinationConfigs\":[\{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":\{\"bucketName\":\"s3-bucket-name\"\}\},\{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":\{\"bucketName\":\"s3-bucket-name\"\}\}],\"overrideExistingConfig\":boolean\}\}"
|
|
700
818
|
* </code>
|
|
701
819
|
* </p>
|
|
702
820
|
* <p>To use the distributed deployment model, you must set <a href="https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html">PolicyOption</a> to
|
|
@@ -706,46 +824,46 @@ export interface SecurityServicePolicyData {
|
|
|
706
824
|
* <p>Example: <code>THIRD_PARTY_FIREWALL</code>
|
|
707
825
|
* </p>
|
|
708
826
|
* <p>
|
|
709
|
-
* <code>"{
|
|
827
|
+
* <code>"\{
|
|
710
828
|
* "type":"THIRD_PARTY_FIREWALL",
|
|
711
829
|
* "thirdPartyFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW",
|
|
712
|
-
* "thirdPartyFirewallConfig"
|
|
830
|
+
* "thirdPartyFirewallConfig":\{
|
|
713
831
|
* "thirdPartyFirewallPolicyList":["global-1"]
|
|
714
|
-
* },
|
|
715
|
-
* "firewallDeploymentModel"
|
|
716
|
-
* "distributedFirewallDeploymentModel"
|
|
717
|
-
* "distributedFirewallOrchestrationConfig"
|
|
718
|
-
* "firewallCreationConfig"
|
|
719
|
-
* "endpointLocation"
|
|
832
|
+
* \},
|
|
833
|
+
* "firewallDeploymentModel":\{
|
|
834
|
+
* "distributedFirewallDeploymentModel":\{
|
|
835
|
+
* "distributedFirewallOrchestrationConfig":\{
|
|
836
|
+
* "firewallCreationConfig":\{
|
|
837
|
+
* "endpointLocation":\{
|
|
720
838
|
* "availabilityZoneConfigList":[
|
|
721
|
-
* {
|
|
722
|
-
* "availabilityZoneName":"
|
|
723
|
-
* }
|
|
839
|
+
* \{
|
|
840
|
+
* "availabilityZoneName":"$\{AvailabilityZone\}"
|
|
841
|
+
* \}
|
|
724
842
|
* ]
|
|
725
|
-
* }
|
|
726
|
-
* },
|
|
843
|
+
* \}
|
|
844
|
+
* \},
|
|
727
845
|
* "allowedIPV4CidrList":[
|
|
728
846
|
* ]
|
|
729
|
-
* }
|
|
730
|
-
* }
|
|
731
|
-
* }
|
|
732
|
-
* }"</code>
|
|
847
|
+
* \}
|
|
848
|
+
* \}
|
|
849
|
+
* \}
|
|
850
|
+
* \}"</code>
|
|
733
851
|
* </p>
|
|
734
852
|
* </li>
|
|
735
853
|
* <li>
|
|
736
854
|
* <p>Example: <code>SECURITY_GROUPS_COMMON</code>
|
|
737
855
|
* </p>
|
|
738
856
|
* <p>
|
|
739
|
-
* <code>"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false,
|
|
740
|
-
* \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\"
|
|
741
|
-
* sg-000e55995d61a06bd\"}]}"</code>
|
|
857
|
+
* <code>"\{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false,
|
|
858
|
+
* \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[\{\"id\":\"
|
|
859
|
+
* sg-000e55995d61a06bd\"\}]\}"</code>
|
|
742
860
|
* </p>
|
|
743
861
|
* </li>
|
|
744
862
|
* <li>
|
|
745
863
|
* <p>Example: <code>SECURITY_GROUPS_COMMON</code> - Security group tag distribution
|
|
746
864
|
* </p>
|
|
747
865
|
* <p>
|
|
748
|
-
* <code>""{\"type\":\"SECURITY_GROUPS_COMMON\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"revertManualSecurityGroupChanges\":true,\"exclusiveResourceSecurityGroupManagement\":false,\"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":false,\"enableTagDistribution\":true}""</code>
|
|
866
|
+
* <code>""\{\"type\":\"SECURITY_GROUPS_COMMON\",\"securityGroups\":[\{\"id\":\"sg-000e55995d61a06bd\"\}],\"revertManualSecurityGroupChanges\":true,\"exclusiveResourceSecurityGroupManagement\":false,\"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":false,\"enableTagDistribution\":true\}""</code>
|
|
749
867
|
* </p>
|
|
750
868
|
* <p>
|
|
751
869
|
* Firewall Manager automatically distributes tags from the primary group to the security groups created by this policy. To use security group tag distribution, you must also set <code>revertManualSecurityGroupChanges</code> to <code>true</code>, otherwise Firewall Manager won't be able to create the policy. When you enable <code>revertManualSecurityGroupChanges</code>, Firewall Manager identifies and reports when the security groups created by this policy become non-compliant.
|
|
@@ -758,16 +876,16 @@ export interface SecurityServicePolicyData {
|
|
|
758
876
|
* <p>Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as
|
|
759
877
|
* well as to those in VPCs that the account owns </p>
|
|
760
878
|
* <p>
|
|
761
|
-
* <code>"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false,
|
|
762
|
-
* \"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":true,\"securityGroups\":[{\"id\":\"
|
|
763
|
-
* sg-000e55995d61a06bd\"}]}"</code>
|
|
879
|
+
* <code>"\{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false,
|
|
880
|
+
* \"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":true,\"securityGroups\":[\{\"id\":\"
|
|
881
|
+
* sg-000e55995d61a06bd\"\}]\}"</code>
|
|
764
882
|
* </p>
|
|
765
883
|
* </li>
|
|
766
884
|
* <li>
|
|
767
885
|
* <p>Example: <code>SECURITY_GROUPS_CONTENT_AUDIT</code>
|
|
768
886
|
* </p>
|
|
769
887
|
* <p>
|
|
770
|
-
* <code>"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"securityGroupAction\"
|
|
888
|
+
* <code>"\{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[\{\"id\":\"sg-000e55995d61a06bd\"\}],\"securityGroupAction\":\{\"type\":\"ALLOW\"\}\}"</code>
|
|
771
889
|
* </p>
|
|
772
890
|
* <p>The security group action for content audit can be <code>ALLOW</code> or
|
|
773
891
|
* <code>DENY</code>. For <code>ALLOW</code>, all in-scope security group rules must
|
|
@@ -779,21 +897,21 @@ export interface SecurityServicePolicyData {
|
|
|
779
897
|
* <p>Example: <code>SECURITY_GROUPS_USAGE_AUDIT</code>
|
|
780
898
|
* </p>
|
|
781
899
|
* <p>
|
|
782
|
-
* <code>"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"</code>
|
|
900
|
+
* <code>"\{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true\}"</code>
|
|
783
901
|
* </p>
|
|
784
902
|
* </li>
|
|
785
903
|
* <li>
|
|
786
904
|
* <p>Specification for <code>SHIELD_ADVANCED</code> for Amazon CloudFront distributions </p>
|
|
787
905
|
* <p>
|
|
788
|
-
* <code>"{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\":
|
|
789
|
-
* {\"automaticResponseStatus\":\"ENABLED|IGNORED|DISABLED\",
|
|
790
|
-
* \"automaticResponseAction\":\"BLOCK|COUNT\"},
|
|
791
|
-
* \"overrideCustomerWebaclClassic\":true|false}"</code>
|
|
906
|
+
* <code>"\{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\":
|
|
907
|
+
* \{\"automaticResponseStatus\":\"ENABLED|IGNORED|DISABLED\",
|
|
908
|
+
* \"automaticResponseAction\":\"BLOCK|COUNT\"\},
|
|
909
|
+
* \"overrideCustomerWebaclClassic\":true|false\}"</code>
|
|
792
910
|
* </p>
|
|
793
911
|
* <p>For example:
|
|
794
|
-
* <code>"{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\":
|
|
795
|
-
* {\"automaticResponseStatus\":\"ENABLED\",
|
|
796
|
-
* \"automaticResponseAction\":\"COUNT\"}}"</code>
|
|
912
|
+
* <code>"\{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\":
|
|
913
|
+
* \{\"automaticResponseStatus\":\"ENABLED\",
|
|
914
|
+
* \"automaticResponseAction\":\"COUNT\"\}\}"</code>
|
|
797
915
|
* </p>
|
|
798
916
|
* <p>The default value for <code>automaticResponseStatus</code> is
|
|
799
917
|
* <code>IGNORED</code>. The value for <code>automaticResponseAction</code> is only
|
|
@@ -807,7 +925,7 @@ export interface SecurityServicePolicyData {
|
|
|
807
925
|
* <p>Example: <code>WAFV2</code>
|
|
808
926
|
* </p>
|
|
809
927
|
* <p>
|
|
810
|
-
* <code>"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\"
|
|
928
|
+
* <code>"\{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[\{\"ruleGroupArn\":null,\"overrideAction\":\{\"type\":\"NONE\"\},\"managedRuleGroupIdentifier\":\{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAmazonIpReputationList\"\},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[\{\"name\":\"NoUserAgent_HEADER\"\}]\}],\"postProcessRuleGroups\":[],\"defaultAction\":\{\"type\":\"ALLOW\"\},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":\{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[\{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"\},\{\"redactedFieldType\":\"Method\"\}]\}\}"</code>
|
|
811
929
|
* </p>
|
|
812
930
|
* <p>In the <code>loggingConfiguration</code>, you can specify one
|
|
813
931
|
* <code>logDestinationConfigs</code>, you can optionally provide up to 20
|
|
@@ -819,7 +937,7 @@ export interface SecurityServicePolicyData {
|
|
|
819
937
|
* <p>Example: <code>WAFV2</code> - Firewall Manager support for WAF managed rule group versioning
|
|
820
938
|
* </p>
|
|
821
939
|
* <p>
|
|
822
|
-
* <code>"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\"
|
|
940
|
+
* <code>"\{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[\{\"ruleGroupArn\":null,\"overrideAction\":\{\"type\":\"NONE\"\},\"managedRuleGroupIdentifier\":\{\"versionEnabled\":true,\"version\":\"Version_2.0\",\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesCommonRuleSet\"\},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[\{\"name\":\"NoUserAgent_HEADER\"\}]\}],\"postProcessRuleGroups\":[],\"defaultAction\":\{\"type\":\"ALLOW\"\},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":\{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[\{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"\},\{\"redactedFieldType\":\"Method\"\}]\}\}"</code>
|
|
823
941
|
* </p>
|
|
824
942
|
* <p>
|
|
825
943
|
* To use a specific version of a WAF managed rule group in your Firewall Manager policy, you must set <code>versionEnabled</code> to <code>true</code>, and set <code>version</code> to the version you'd like to use. If you don't set <code>versionEnabled</code> to <code>true</code>, or if you omit <code>versionEnabled</code>, then Firewall Manager uses the default version of the WAF managed rule group.
|
|
@@ -829,9 +947,9 @@ export interface SecurityServicePolicyData {
|
|
|
829
947
|
* <p>Example: <code>WAF Classic</code>
|
|
830
948
|
* </p>
|
|
831
949
|
* <p>
|
|
832
|
-
* <code>"{\"type\": \"WAF\", \"ruleGroups\":
|
|
833
|
-
* [{\"id\":\"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\":
|
|
834
|
-
* \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}"</code>
|
|
950
|
+
* <code>"\{\"type\": \"WAF\", \"ruleGroups\":
|
|
951
|
+
* [\{\"id\":\"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : \{\"type\":
|
|
952
|
+
* \"COUNT\"\}\}], \"defaultAction\": \{\"type\": \"BLOCK\"\}\}"</code>
|
|
835
953
|
* </p>
|
|
836
954
|
* </li>
|
|
837
955
|
* </ul>
|
|
@@ -844,6 +962,7 @@ export interface SecurityServicePolicyData {
|
|
|
844
962
|
PolicyOption?: PolicyOption;
|
|
845
963
|
}
|
|
846
964
|
/**
|
|
965
|
+
* @public
|
|
847
966
|
* <p>An Firewall Manager policy.</p>
|
|
848
967
|
*/
|
|
849
968
|
export interface Policy {
|
|
@@ -919,15 +1038,15 @@ export interface Policy {
|
|
|
919
1038
|
* <ul>
|
|
920
1039
|
* <li>
|
|
921
1040
|
* <p>Specify account IDs by setting the key to <code>ACCOUNT</code>. For example, the following is a valid map:
|
|
922
|
-
* <code
|
|
1041
|
+
* <code>\{“ACCOUNT” : [“accountID1”, “accountID2”]\}</code>.</p>
|
|
923
1042
|
* </li>
|
|
924
1043
|
* <li>
|
|
925
1044
|
* <p>Specify OUs by setting the key to <code>ORG_UNIT</code>. For example, the following is a valid map:
|
|
926
|
-
* <code
|
|
1045
|
+
* <code>\{“ORG_UNIT” : [“ouid111”, “ouid112”]\}</code>.</p>
|
|
927
1046
|
* </li>
|
|
928
1047
|
* <li>
|
|
929
1048
|
* <p>Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map:
|
|
930
|
-
* <code
|
|
1049
|
+
* <code>\{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]\}</code>.</p>
|
|
931
1050
|
* </li>
|
|
932
1051
|
* </ul>
|
|
933
1052
|
*/
|
|
@@ -943,15 +1062,15 @@ export interface Policy {
|
|
|
943
1062
|
* <ul>
|
|
944
1063
|
* <li>
|
|
945
1064
|
* <p>Specify account IDs by setting the key to <code>ACCOUNT</code>. For example, the following is a valid map:
|
|
946
|
-
* <code
|
|
1065
|
+
* <code>\{“ACCOUNT” : [“accountID1”, “accountID2”]\}</code>.</p>
|
|
947
1066
|
* </li>
|
|
948
1067
|
* <li>
|
|
949
1068
|
* <p>Specify OUs by setting the key to <code>ORG_UNIT</code>. For example, the following is a valid map:
|
|
950
|
-
* <code
|
|
1069
|
+
* <code>\{“ORG_UNIT” : [“ouid111”, “ouid112”]\}</code>.</p>
|
|
951
1070
|
* </li>
|
|
952
1071
|
* <li>
|
|
953
1072
|
* <p>Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map:
|
|
954
|
-
* <code
|
|
1073
|
+
* <code>\{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]\}</code>.</p>
|
|
955
1074
|
* </li>
|
|
956
1075
|
* </ul>
|
|
957
1076
|
*/
|
|
@@ -965,6 +1084,9 @@ export interface Policy {
|
|
|
965
1084
|
*/
|
|
966
1085
|
PolicyDescription?: string;
|
|
967
1086
|
}
|
|
1087
|
+
/**
|
|
1088
|
+
* @public
|
|
1089
|
+
*/
|
|
968
1090
|
export interface GetPolicyResponse {
|
|
969
1091
|
/**
|
|
970
1092
|
* <p>Information about the specified Firewall Manager policy.</p>
|
|
@@ -976,6 +1098,7 @@ export interface GetPolicyResponse {
|
|
|
976
1098
|
PolicyArn?: string;
|
|
977
1099
|
}
|
|
978
1100
|
/**
|
|
1101
|
+
* @public
|
|
979
1102
|
* <p>The value of the <code>Type</code> parameter is invalid.</p>
|
|
980
1103
|
*/
|
|
981
1104
|
export declare class InvalidTypeException extends __BaseException {
|
|
@@ -987,6 +1110,9 @@ export declare class InvalidTypeException extends __BaseException {
|
|
|
987
1110
|
*/
|
|
988
1111
|
constructor(opts: __ExceptionOptionType<InvalidTypeException, __BaseException>);
|
|
989
1112
|
}
|
|
1113
|
+
/**
|
|
1114
|
+
* @public
|
|
1115
|
+
*/
|
|
990
1116
|
export interface GetProtectionStatusRequest {
|
|
991
1117
|
/**
|
|
992
1118
|
* <p>The ID of the policy for which you want to get the attack information.</p>
|
|
@@ -1023,6 +1149,9 @@ export interface GetProtectionStatusRequest {
|
|
|
1023
1149
|
*/
|
|
1024
1150
|
MaxResults?: number;
|
|
1025
1151
|
}
|
|
1152
|
+
/**
|
|
1153
|
+
* @public
|
|
1154
|
+
*/
|
|
1026
1155
|
export interface GetProtectionStatusResponse {
|
|
1027
1156
|
/**
|
|
1028
1157
|
* <p>The ID of the Firewall Manager administrator account for this policy.</p>
|
|
@@ -1067,6 +1196,9 @@ export interface GetProtectionStatusResponse {
|
|
|
1067
1196
|
*/
|
|
1068
1197
|
NextToken?: string;
|
|
1069
1198
|
}
|
|
1199
|
+
/**
|
|
1200
|
+
* @public
|
|
1201
|
+
*/
|
|
1070
1202
|
export interface GetProtocolsListRequest {
|
|
1071
1203
|
/**
|
|
1072
1204
|
* <p>The ID of the Firewall Manager protocols list that you want the details for.</p>
|
|
@@ -1078,6 +1210,7 @@ export interface GetProtocolsListRequest {
|
|
|
1078
1210
|
DefaultList?: boolean;
|
|
1079
1211
|
}
|
|
1080
1212
|
/**
|
|
1213
|
+
* @public
|
|
1081
1214
|
* <p>An Firewall Manager protocols list.</p>
|
|
1082
1215
|
*/
|
|
1083
1216
|
export interface ProtocolsListData {
|
|
@@ -1112,6 +1245,9 @@ export interface ProtocolsListData {
|
|
|
1112
1245
|
*/
|
|
1113
1246
|
PreviousProtocolsList?: Record<string, string[]>;
|
|
1114
1247
|
}
|
|
1248
|
+
/**
|
|
1249
|
+
* @public
|
|
1250
|
+
*/
|
|
1115
1251
|
export interface GetProtocolsListResponse {
|
|
1116
1252
|
/**
|
|
1117
1253
|
* <p>Information about the specified Firewall Manager protocols list.</p>
|
|
@@ -1122,6 +1258,9 @@ export interface GetProtocolsListResponse {
|
|
|
1122
1258
|
*/
|
|
1123
1259
|
ProtocolsListArn?: string;
|
|
1124
1260
|
}
|
|
1261
|
+
/**
|
|
1262
|
+
* @public
|
|
1263
|
+
*/
|
|
1125
1264
|
export interface GetResourceSetRequest {
|
|
1126
1265
|
/**
|
|
1127
1266
|
* <p>A unique identifier for the resource set, used in a TODO to refer to the resource set.</p>
|
|
@@ -1129,6 +1268,7 @@ export interface GetResourceSetRequest {
|
|
|
1129
1268
|
Identifier: string | undefined;
|
|
1130
1269
|
}
|
|
1131
1270
|
/**
|
|
1271
|
+
* @public
|
|
1132
1272
|
* <p>A set of resources to include in a policy.</p>
|
|
1133
1273
|
*/
|
|
1134
1274
|
export interface ResourceSet {
|
|
@@ -1162,6 +1302,9 @@ export interface ResourceSet {
|
|
|
1162
1302
|
*/
|
|
1163
1303
|
LastUpdateTime?: Date;
|
|
1164
1304
|
}
|
|
1305
|
+
/**
|
|
1306
|
+
* @public
|
|
1307
|
+
*/
|
|
1165
1308
|
export interface GetResourceSetResponse {
|
|
1166
1309
|
/**
|
|
1167
1310
|
* <p>Information about the specified resource set.</p>
|
|
@@ -1172,17 +1315,26 @@ export interface GetResourceSetResponse {
|
|
|
1172
1315
|
*/
|
|
1173
1316
|
ResourceSetArn: string | undefined;
|
|
1174
1317
|
}
|
|
1318
|
+
/**
|
|
1319
|
+
* @public
|
|
1320
|
+
*/
|
|
1175
1321
|
export interface GetThirdPartyFirewallAssociationStatusRequest {
|
|
1176
1322
|
/**
|
|
1177
1323
|
* <p>The name of the third-party firewall vendor.</p>
|
|
1178
1324
|
*/
|
|
1179
1325
|
ThirdPartyFirewall: ThirdPartyFirewall | string | undefined;
|
|
1180
1326
|
}
|
|
1327
|
+
/**
|
|
1328
|
+
* @public
|
|
1329
|
+
*/
|
|
1181
1330
|
export declare enum MarketplaceSubscriptionOnboardingStatus {
|
|
1182
1331
|
COMPLETE = "COMPLETE",
|
|
1183
1332
|
NOT_COMPLETE = "NOT_COMPLETE",
|
|
1184
1333
|
NO_SUBSCRIPTION = "NO_SUBSCRIPTION"
|
|
1185
1334
|
}
|
|
1335
|
+
/**
|
|
1336
|
+
* @public
|
|
1337
|
+
*/
|
|
1186
1338
|
export interface GetThirdPartyFirewallAssociationStatusResponse {
|
|
1187
1339
|
/**
|
|
1188
1340
|
* <p>The current status for setting a Firewall Manager policy administrators account as an administrator of the third-party firewall tenant.</p>
|
|
@@ -1229,6 +1381,9 @@ export interface GetThirdPartyFirewallAssociationStatusResponse {
|
|
|
1229
1381
|
*/
|
|
1230
1382
|
MarketplaceOnboardingStatus?: MarketplaceSubscriptionOnboardingStatus | string;
|
|
1231
1383
|
}
|
|
1384
|
+
/**
|
|
1385
|
+
* @public
|
|
1386
|
+
*/
|
|
1232
1387
|
export interface GetViolationDetailsRequest {
|
|
1233
1388
|
/**
|
|
1234
1389
|
* <p>The ID of the Firewall Manager policy that you want the details for. This currently only supports security group content audit policies.</p>
|
|
@@ -1255,6 +1410,7 @@ export interface GetViolationDetailsRequest {
|
|
|
1255
1410
|
ResourceType: string | undefined;
|
|
1256
1411
|
}
|
|
1257
1412
|
/**
|
|
1413
|
+
* @public
|
|
1258
1414
|
* <p>A collection of key:value pairs associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each Amazon Web Services resource. </p>
|
|
1259
1415
|
*/
|
|
1260
1416
|
export interface Tag {
|
|
@@ -1268,6 +1424,7 @@ export interface Tag {
|
|
|
1268
1424
|
Value: string | undefined;
|
|
1269
1425
|
}
|
|
1270
1426
|
/**
|
|
1427
|
+
* @public
|
|
1271
1428
|
* <p>The reference rule that partially matches the <code>ViolationTarget</code> rule and violation reason.</p>
|
|
1272
1429
|
*/
|
|
1273
1430
|
export interface PartialMatch {
|
|
@@ -1280,11 +1437,15 @@ export interface PartialMatch {
|
|
|
1280
1437
|
*/
|
|
1281
1438
|
TargetViolationReasons?: string[];
|
|
1282
1439
|
}
|
|
1440
|
+
/**
|
|
1441
|
+
* @public
|
|
1442
|
+
*/
|
|
1283
1443
|
export declare enum RemediationActionType {
|
|
1284
1444
|
Modify = "MODIFY",
|
|
1285
1445
|
Remove = "REMOVE"
|
|
1286
1446
|
}
|
|
1287
1447
|
/**
|
|
1448
|
+
* @public
|
|
1288
1449
|
* <p>Describes a set of permissions for a security group rule.</p>
|
|
1289
1450
|
*/
|
|
1290
1451
|
export interface SecurityGroupRuleDescription {
|
|
@@ -1314,6 +1475,7 @@ export interface SecurityGroupRuleDescription {
|
|
|
1314
1475
|
ToPort?: number;
|
|
1315
1476
|
}
|
|
1316
1477
|
/**
|
|
1478
|
+
* @public
|
|
1317
1479
|
* <p>Remediation option for the rule specified in the <code>ViolationTarget</code>.</p>
|
|
1318
1480
|
*/
|
|
1319
1481
|
export interface SecurityGroupRemediationAction {
|
|
@@ -1335,6 +1497,7 @@ export interface SecurityGroupRemediationAction {
|
|
|
1335
1497
|
IsDefaultAction?: boolean;
|
|
1336
1498
|
}
|
|
1337
1499
|
/**
|
|
1500
|
+
* @public
|
|
1338
1501
|
* <p>Violation detail for the rule violation in a security group when compared to the primary security group of the Firewall Manager policy.</p>
|
|
1339
1502
|
*/
|
|
1340
1503
|
export interface AwsVPCSecurityGroupViolation {
|
|
@@ -1356,6 +1519,7 @@ export interface AwsVPCSecurityGroupViolation {
|
|
|
1356
1519
|
PossibleSecurityGroupRemediationActions?: SecurityGroupRemediationAction[];
|
|
1357
1520
|
}
|
|
1358
1521
|
/**
|
|
1522
|
+
* @public
|
|
1359
1523
|
* <p>A DNS Firewall rule group that Firewall Manager
|
|
1360
1524
|
* tried to associate with a VPC is already associated with the VPC and can't be associated again. </p>
|
|
1361
1525
|
*/
|
|
@@ -1370,6 +1534,7 @@ export interface DnsDuplicateRuleGroupViolation {
|
|
|
1370
1534
|
ViolationTargetDescription?: string;
|
|
1371
1535
|
}
|
|
1372
1536
|
/**
|
|
1537
|
+
* @public
|
|
1373
1538
|
* <p>The VPC that Firewall Manager was applying a DNS Fireall policy to reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed due to the limit. </p>
|
|
1374
1539
|
*/
|
|
1375
1540
|
export interface DnsRuleGroupLimitExceededViolation {
|
|
@@ -1387,6 +1552,7 @@ export interface DnsRuleGroupLimitExceededViolation {
|
|
|
1387
1552
|
NumberOfRuleGroupsAlreadyAssociated?: number;
|
|
1388
1553
|
}
|
|
1389
1554
|
/**
|
|
1555
|
+
* @public
|
|
1390
1556
|
* <p>A rule group that Firewall Manager
|
|
1391
1557
|
* tried to associate with a VPC has the same priority as a rule group that's already associated. </p>
|
|
1392
1558
|
*/
|
|
@@ -1415,6 +1581,7 @@ export interface DnsRuleGroupPriorityConflictViolation {
|
|
|
1415
1581
|
UnavailablePriorities?: number[];
|
|
1416
1582
|
}
|
|
1417
1583
|
/**
|
|
1584
|
+
* @public
|
|
1418
1585
|
* <p>Contains details about the firewall subnet that violates the policy scope.</p>
|
|
1419
1586
|
*/
|
|
1420
1587
|
export interface FirewallSubnetIsOutOfScopeViolation {
|
|
@@ -1440,6 +1607,7 @@ export interface FirewallSubnetIsOutOfScopeViolation {
|
|
|
1440
1607
|
VpcEndpointId?: string;
|
|
1441
1608
|
}
|
|
1442
1609
|
/**
|
|
1610
|
+
* @public
|
|
1443
1611
|
* <p>The violation details for a firewall subnet's VPC endpoint that's deleted or missing.</p>
|
|
1444
1612
|
*/
|
|
1445
1613
|
export interface FirewallSubnetMissingVPCEndpointViolation {
|
|
@@ -1460,11 +1628,17 @@ export interface FirewallSubnetMissingVPCEndpointViolation {
|
|
|
1460
1628
|
*/
|
|
1461
1629
|
SubnetAvailabilityZoneId?: string;
|
|
1462
1630
|
}
|
|
1631
|
+
/**
|
|
1632
|
+
* @public
|
|
1633
|
+
*/
|
|
1463
1634
|
export declare enum DestinationType {
|
|
1464
1635
|
IPV4 = "IPV4",
|
|
1465
1636
|
IPV6 = "IPV6",
|
|
1466
1637
|
PrefixList = "PREFIX_LIST"
|
|
1467
1638
|
}
|
|
1639
|
+
/**
|
|
1640
|
+
* @public
|
|
1641
|
+
*/
|
|
1468
1642
|
export declare enum TargetType {
|
|
1469
1643
|
CarrierGateway = "CARRIER_GATEWAY",
|
|
1470
1644
|
EgressOnlyInternetGateway = "EGRESS_ONLY_INTERNET_GATEWAY",
|
|
@@ -1478,6 +1652,7 @@ export declare enum TargetType {
|
|
|
1478
1652
|
VPCPeeringConnection = "VPC_PEERING_CONNECTION"
|
|
1479
1653
|
}
|
|
1480
1654
|
/**
|
|
1655
|
+
* @public
|
|
1481
1656
|
* <p>Describes a route in a route table.</p>
|
|
1482
1657
|
*/
|
|
1483
1658
|
export interface Route {
|
|
@@ -1499,6 +1674,7 @@ export interface Route {
|
|
|
1499
1674
|
Target?: string;
|
|
1500
1675
|
}
|
|
1501
1676
|
/**
|
|
1677
|
+
* @public
|
|
1502
1678
|
* <p>Violation detail for an internet gateway route with an inactive state in the customer subnet route table or Network Firewall subnet route table.</p>
|
|
1503
1679
|
*/
|
|
1504
1680
|
export interface NetworkFirewallBlackHoleRouteDetectedViolation {
|
|
@@ -1520,6 +1696,7 @@ export interface NetworkFirewallBlackHoleRouteDetectedViolation {
|
|
|
1520
1696
|
ViolatingRoutes?: Route[];
|
|
1521
1697
|
}
|
|
1522
1698
|
/**
|
|
1699
|
+
* @public
|
|
1523
1700
|
* <p>Information about the expected route in the route table.</p>
|
|
1524
1701
|
*/
|
|
1525
1702
|
export interface ExpectedRoute {
|
|
@@ -1549,6 +1726,7 @@ export interface ExpectedRoute {
|
|
|
1549
1726
|
RouteTableId?: string;
|
|
1550
1727
|
}
|
|
1551
1728
|
/**
|
|
1729
|
+
* @public
|
|
1552
1730
|
* <p>Violation detail for the subnet for which internet traffic that hasn't been inspected.</p>
|
|
1553
1731
|
*/
|
|
1554
1732
|
export interface NetworkFirewallInternetTrafficNotInspectedViolation {
|
|
@@ -1614,6 +1792,7 @@ export interface NetworkFirewallInternetTrafficNotInspectedViolation {
|
|
|
1614
1792
|
VpcId?: string;
|
|
1615
1793
|
}
|
|
1616
1794
|
/**
|
|
1795
|
+
* @public
|
|
1617
1796
|
* <p>Violation detail for the improperly configured subnet route. It's possible there is a missing route table route,
|
|
1618
1797
|
* or a configuration that causes traffic to cross an Availability Zone boundary.</p>
|
|
1619
1798
|
*/
|
|
@@ -1684,6 +1863,7 @@ export interface NetworkFirewallInvalidRouteConfigurationViolation {
|
|
|
1684
1863
|
VpcId?: string;
|
|
1685
1864
|
}
|
|
1686
1865
|
/**
|
|
1866
|
+
* @public
|
|
1687
1867
|
* <p>Violation detail for an expected route missing in Network Firewall.</p>
|
|
1688
1868
|
*/
|
|
1689
1869
|
export interface NetworkFirewallMissingExpectedRoutesViolation {
|
|
@@ -1701,6 +1881,7 @@ export interface NetworkFirewallMissingExpectedRoutesViolation {
|
|
|
1701
1881
|
VpcId?: string;
|
|
1702
1882
|
}
|
|
1703
1883
|
/**
|
|
1884
|
+
* @public
|
|
1704
1885
|
* <p>Violation detail for Network Firewall for a subnet that's not associated to the expected
|
|
1705
1886
|
* Firewall Manager managed route table.</p>
|
|
1706
1887
|
*/
|
|
@@ -1727,6 +1908,7 @@ export interface NetworkFirewallMissingExpectedRTViolation {
|
|
|
1727
1908
|
ExpectedRouteTable?: string;
|
|
1728
1909
|
}
|
|
1729
1910
|
/**
|
|
1911
|
+
* @public
|
|
1730
1912
|
* <p>Violation detail for Network Firewall for a subnet that doesn't have a
|
|
1731
1913
|
* Firewall Manager managed firewall in its VPC. </p>
|
|
1732
1914
|
*/
|
|
@@ -1749,6 +1931,7 @@ export interface NetworkFirewallMissingFirewallViolation {
|
|
|
1749
1931
|
TargetViolationReason?: string;
|
|
1750
1932
|
}
|
|
1751
1933
|
/**
|
|
1934
|
+
* @public
|
|
1752
1935
|
* <p>Violation detail for Network Firewall for an Availability Zone that's
|
|
1753
1936
|
* missing the expected Firewall Manager managed subnet.</p>
|
|
1754
1937
|
*/
|
|
@@ -1770,11 +1953,15 @@ export interface NetworkFirewallMissingSubnetViolation {
|
|
|
1770
1953
|
*/
|
|
1771
1954
|
TargetViolationReason?: string;
|
|
1772
1955
|
}
|
|
1956
|
+
/**
|
|
1957
|
+
* @public
|
|
1958
|
+
*/
|
|
1773
1959
|
export declare enum RuleOrder {
|
|
1774
1960
|
DEFAULT_ACTION_ORDER = "DEFAULT_ACTION_ORDER",
|
|
1775
1961
|
STRICT_ORDER = "STRICT_ORDER"
|
|
1776
1962
|
}
|
|
1777
1963
|
/**
|
|
1964
|
+
* @public
|
|
1778
1965
|
* <p>Configuration settings for the handling of the stateful rule groups in a Network Firewall firewall policy.</p>
|
|
1779
1966
|
*/
|
|
1780
1967
|
export interface StatefulEngineOptions {
|
|
@@ -1786,10 +1973,14 @@ export interface StatefulEngineOptions {
|
|
|
1786
1973
|
*/
|
|
1787
1974
|
RuleOrder?: RuleOrder | string;
|
|
1788
1975
|
}
|
|
1976
|
+
/**
|
|
1977
|
+
* @public
|
|
1978
|
+
*/
|
|
1789
1979
|
export declare enum NetworkFirewallOverrideAction {
|
|
1790
1980
|
DROP_TO_ALERT = "DROP_TO_ALERT"
|
|
1791
1981
|
}
|
|
1792
1982
|
/**
|
|
1983
|
+
* @public
|
|
1793
1984
|
* <p>The setting that allows the policy owner to change the behavior of the rule group within a policy.</p>
|
|
1794
1985
|
*/
|
|
1795
1986
|
export interface NetworkFirewallStatefulRuleGroupOverride {
|
|
@@ -1799,6 +1990,7 @@ export interface NetworkFirewallStatefulRuleGroupOverride {
|
|
|
1799
1990
|
Action?: NetworkFirewallOverrideAction | string;
|
|
1800
1991
|
}
|
|
1801
1992
|
/**
|
|
1993
|
+
* @public
|
|
1802
1994
|
* <p>Network Firewall stateful rule group, used in a <a>NetworkFirewallPolicyDescription</a>. </p>
|
|
1803
1995
|
*/
|
|
1804
1996
|
export interface StatefulRuleGroup {
|
|
@@ -1830,6 +2022,7 @@ export interface StatefulRuleGroup {
|
|
|
1830
2022
|
Override?: NetworkFirewallStatefulRuleGroupOverride;
|
|
1831
2023
|
}
|
|
1832
2024
|
/**
|
|
2025
|
+
* @public
|
|
1833
2026
|
* <p>Network Firewall stateless rule group, used in a <a>NetworkFirewallPolicyDescription</a>. </p>
|
|
1834
2027
|
*/
|
|
1835
2028
|
export interface StatelessRuleGroup {
|
|
@@ -1847,6 +2040,7 @@ export interface StatelessRuleGroup {
|
|
|
1847
2040
|
Priority?: number;
|
|
1848
2041
|
}
|
|
1849
2042
|
/**
|
|
2043
|
+
* @public
|
|
1850
2044
|
* <p>The definition of the Network Firewall firewall policy.</p>
|
|
1851
2045
|
*/
|
|
1852
2046
|
export interface NetworkFirewallPolicyDescription {
|
|
@@ -1900,6 +2094,7 @@ export interface NetworkFirewallPolicyDescription {
|
|
|
1900
2094
|
StatefulEngineOptions?: StatefulEngineOptions;
|
|
1901
2095
|
}
|
|
1902
2096
|
/**
|
|
2097
|
+
* @public
|
|
1903
2098
|
* <p>Violation detail for Network Firewall for a firewall policy that has a different
|
|
1904
2099
|
* <a>NetworkFirewallPolicyDescription</a> than is required by the Firewall Manager policy. </p>
|
|
1905
2100
|
*/
|
|
@@ -1918,6 +2113,7 @@ export interface NetworkFirewallPolicyModifiedViolation {
|
|
|
1918
2113
|
ExpectedPolicyDescription?: NetworkFirewallPolicyDescription;
|
|
1919
2114
|
}
|
|
1920
2115
|
/**
|
|
2116
|
+
* @public
|
|
1921
2117
|
* <p>Violation detail for an unexpected route that's present in a route table.</p>
|
|
1922
2118
|
*/
|
|
1923
2119
|
export interface NetworkFirewallUnexpectedFirewallRoutesViolation {
|
|
@@ -1943,6 +2139,7 @@ export interface NetworkFirewallUnexpectedFirewallRoutesViolation {
|
|
|
1943
2139
|
VpcId?: string;
|
|
1944
2140
|
}
|
|
1945
2141
|
/**
|
|
2142
|
+
* @public
|
|
1946
2143
|
* <p>Violation detail for an unexpected gateway route that’s present in a route table.</p>
|
|
1947
2144
|
*/
|
|
1948
2145
|
export interface NetworkFirewallUnexpectedGatewayRoutesViolation {
|
|
@@ -1964,6 +2161,7 @@ export interface NetworkFirewallUnexpectedGatewayRoutesViolation {
|
|
|
1964
2161
|
VpcId?: string;
|
|
1965
2162
|
}
|
|
1966
2163
|
/**
|
|
2164
|
+
* @public
|
|
1967
2165
|
* <p>The action of associating an EC2 resource, such as a subnet or internet gateway, with a route table.</p>
|
|
1968
2166
|
*/
|
|
1969
2167
|
export interface EC2AssociateRouteTableAction {
|
|
@@ -1985,6 +2183,7 @@ export interface EC2AssociateRouteTableAction {
|
|
|
1985
2183
|
GatewayId?: ActionTarget;
|
|
1986
2184
|
}
|
|
1987
2185
|
/**
|
|
2186
|
+
* @public
|
|
1988
2187
|
* <p>An action that copies the EC2 route table for use in remediation.</p>
|
|
1989
2188
|
*/
|
|
1990
2189
|
export interface EC2CopyRouteTableAction {
|
|
@@ -2002,6 +2201,7 @@ export interface EC2CopyRouteTableAction {
|
|
|
2002
2201
|
RouteTableId: ActionTarget | undefined;
|
|
2003
2202
|
}
|
|
2004
2203
|
/**
|
|
2204
|
+
* @public
|
|
2005
2205
|
* <p>Information about the CreateRoute action in Amazon EC2.</p>
|
|
2006
2206
|
*/
|
|
2007
2207
|
export interface EC2CreateRouteAction {
|
|
@@ -2035,6 +2235,7 @@ export interface EC2CreateRouteAction {
|
|
|
2035
2235
|
RouteTableId: ActionTarget | undefined;
|
|
2036
2236
|
}
|
|
2037
2237
|
/**
|
|
2238
|
+
* @public
|
|
2038
2239
|
* <p>Information about the CreateRouteTable action in Amazon EC2.</p>
|
|
2039
2240
|
*/
|
|
2040
2241
|
export interface EC2CreateRouteTableAction {
|
|
@@ -2048,6 +2249,7 @@ export interface EC2CreateRouteTableAction {
|
|
|
2048
2249
|
VpcId: ActionTarget | undefined;
|
|
2049
2250
|
}
|
|
2050
2251
|
/**
|
|
2252
|
+
* @public
|
|
2051
2253
|
* <p>Information about the DeleteRoute action in Amazon EC2.</p>
|
|
2052
2254
|
*/
|
|
2053
2255
|
export interface EC2DeleteRouteAction {
|
|
@@ -2073,6 +2275,7 @@ export interface EC2DeleteRouteAction {
|
|
|
2073
2275
|
RouteTableId: ActionTarget | undefined;
|
|
2074
2276
|
}
|
|
2075
2277
|
/**
|
|
2278
|
+
* @public
|
|
2076
2279
|
* <p>Information about the ReplaceRoute action in Amazon EC2.</p>
|
|
2077
2280
|
*/
|
|
2078
2281
|
export interface EC2ReplaceRouteAction {
|
|
@@ -2102,6 +2305,7 @@ export interface EC2ReplaceRouteAction {
|
|
|
2102
2305
|
RouteTableId: ActionTarget | undefined;
|
|
2103
2306
|
}
|
|
2104
2307
|
/**
|
|
2308
|
+
* @public
|
|
2105
2309
|
* <p>Information about the ReplaceRouteTableAssociation action in Amazon EC2.</p>
|
|
2106
2310
|
*/
|
|
2107
2311
|
export interface EC2ReplaceRouteTableAssociationAction {
|
|
@@ -2119,6 +2323,7 @@ export interface EC2ReplaceRouteTableAssociationAction {
|
|
|
2119
2323
|
RouteTableId: ActionTarget | undefined;
|
|
2120
2324
|
}
|
|
2121
2325
|
/**
|
|
2326
|
+
* @public
|
|
2122
2327
|
* <p>Contains information about the actions that you can take to remediate scope violations
|
|
2123
2328
|
* caused by your policy's <code>FirewallCreationConfig</code>.
|
|
2124
2329
|
* <code>FirewallCreationConfig</code> is an optional configuration that you can use to
|
|
@@ -2136,6 +2341,7 @@ export interface FMSPolicyUpdateFirewallCreationConfigAction {
|
|
|
2136
2341
|
FirewallCreationConfig?: string;
|
|
2137
2342
|
}
|
|
2138
2343
|
/**
|
|
2344
|
+
* @public
|
|
2139
2345
|
* <p>Information about an individual action you can take to remediate a violation.</p>
|
|
2140
2346
|
*/
|
|
2141
2347
|
export interface RemediationAction {
|
|
@@ -2177,6 +2383,7 @@ export interface RemediationAction {
|
|
|
2177
2383
|
FMSPolicyUpdateFirewallCreationConfigAction?: FMSPolicyUpdateFirewallCreationConfigAction;
|
|
2178
2384
|
}
|
|
2179
2385
|
/**
|
|
2386
|
+
* @public
|
|
2180
2387
|
* <p>An ordered list of actions you can take to remediate a violation.</p>
|
|
2181
2388
|
*/
|
|
2182
2389
|
export interface RemediationActionWithOrder {
|
|
@@ -2190,6 +2397,7 @@ export interface RemediationActionWithOrder {
|
|
|
2190
2397
|
Order?: number;
|
|
2191
2398
|
}
|
|
2192
2399
|
/**
|
|
2400
|
+
* @public
|
|
2193
2401
|
* <p>A list of remediation actions.</p>
|
|
2194
2402
|
*/
|
|
2195
2403
|
export interface PossibleRemediationAction {
|
|
@@ -2207,6 +2415,7 @@ export interface PossibleRemediationAction {
|
|
|
2207
2415
|
IsDefaultAction?: boolean;
|
|
2208
2416
|
}
|
|
2209
2417
|
/**
|
|
2418
|
+
* @public
|
|
2210
2419
|
* <p>A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.</p>
|
|
2211
2420
|
*/
|
|
2212
2421
|
export interface PossibleRemediationActions {
|
|
@@ -2220,6 +2429,7 @@ export interface PossibleRemediationActions {
|
|
|
2220
2429
|
Actions?: PossibleRemediationAction[];
|
|
2221
2430
|
}
|
|
2222
2431
|
/**
|
|
2432
|
+
* @public
|
|
2223
2433
|
* <p>Contains details about the route endpoint that violates the policy scope.</p>
|
|
2224
2434
|
*/
|
|
2225
2435
|
export interface RouteHasOutOfScopeEndpointViolation {
|
|
@@ -2273,6 +2483,7 @@ export interface RouteHasOutOfScopeEndpointViolation {
|
|
|
2273
2483
|
InternetGatewayRoutes?: Route[];
|
|
2274
2484
|
}
|
|
2275
2485
|
/**
|
|
2486
|
+
* @public
|
|
2276
2487
|
* <p>The violation details for a third-party firewall that's not associated with an Firewall Manager managed route table.</p>
|
|
2277
2488
|
*/
|
|
2278
2489
|
export interface ThirdPartyFirewallMissingExpectedRouteTableViolation {
|
|
@@ -2298,6 +2509,7 @@ export interface ThirdPartyFirewallMissingExpectedRouteTableViolation {
|
|
|
2298
2509
|
ExpectedRouteTable?: string;
|
|
2299
2510
|
}
|
|
2300
2511
|
/**
|
|
2512
|
+
* @public
|
|
2301
2513
|
* <p>The violation details about a third-party firewall's subnet that doesn't have a Firewall Manager managed firewall in its VPC.</p>
|
|
2302
2514
|
*/
|
|
2303
2515
|
export interface ThirdPartyFirewallMissingFirewallViolation {
|
|
@@ -2319,6 +2531,7 @@ export interface ThirdPartyFirewallMissingFirewallViolation {
|
|
|
2319
2531
|
TargetViolationReason?: string;
|
|
2320
2532
|
}
|
|
2321
2533
|
/**
|
|
2534
|
+
* @public
|
|
2322
2535
|
* <p>The violation details for a third-party firewall for an Availability Zone that's missing the Firewall Manager managed subnet.</p>
|
|
2323
2536
|
*/
|
|
2324
2537
|
export interface ThirdPartyFirewallMissingSubnetViolation {
|
|
@@ -2340,6 +2553,7 @@ export interface ThirdPartyFirewallMissingSubnetViolation {
|
|
|
2340
2553
|
TargetViolationReason?: string;
|
|
2341
2554
|
}
|
|
2342
2555
|
/**
|
|
2556
|
+
* @public
|
|
2343
2557
|
* <p>Violation detail based on resource type.</p>
|
|
2344
2558
|
*/
|
|
2345
2559
|
export interface ResourceViolation {
|
|
@@ -2445,6 +2659,7 @@ export interface ResourceViolation {
|
|
|
2445
2659
|
FirewallSubnetMissingVPCEndpointViolation?: FirewallSubnetMissingVPCEndpointViolation;
|
|
2446
2660
|
}
|
|
2447
2661
|
/**
|
|
2662
|
+
* @public
|
|
2448
2663
|
* <p>Violations for a resource based on the specified Firewall Manager policy and Amazon Web Services account.</p>
|
|
2449
2664
|
*/
|
|
2450
2665
|
export interface ViolationDetail {
|
|
@@ -2477,12 +2692,18 @@ export interface ViolationDetail {
|
|
|
2477
2692
|
*/
|
|
2478
2693
|
ResourceDescription?: string;
|
|
2479
2694
|
}
|
|
2695
|
+
/**
|
|
2696
|
+
* @public
|
|
2697
|
+
*/
|
|
2480
2698
|
export interface GetViolationDetailsResponse {
|
|
2481
2699
|
/**
|
|
2482
2700
|
* <p>Violation detail for a resource.</p>
|
|
2483
2701
|
*/
|
|
2484
2702
|
ViolationDetail?: ViolationDetail;
|
|
2485
2703
|
}
|
|
2704
|
+
/**
|
|
2705
|
+
* @public
|
|
2706
|
+
*/
|
|
2486
2707
|
export interface ListAppsListsRequest {
|
|
2487
2708
|
/**
|
|
2488
2709
|
* <p>Specifies whether the lists to retrieve are default lists owned by Firewall Manager.</p>
|
|
@@ -2502,6 +2723,9 @@ export interface ListAppsListsRequest {
|
|
|
2502
2723
|
*/
|
|
2503
2724
|
MaxResults: number | undefined;
|
|
2504
2725
|
}
|
|
2726
|
+
/**
|
|
2727
|
+
* @public
|
|
2728
|
+
*/
|
|
2505
2729
|
export interface ListAppsListsResponse {
|
|
2506
2730
|
/**
|
|
2507
2731
|
* <p>An array of <code>AppsListDataSummary</code> objects.</p>
|
|
@@ -2513,6 +2737,9 @@ export interface ListAppsListsResponse {
|
|
|
2513
2737
|
*/
|
|
2514
2738
|
NextToken?: string;
|
|
2515
2739
|
}
|
|
2740
|
+
/**
|
|
2741
|
+
* @public
|
|
2742
|
+
*/
|
|
2516
2743
|
export interface ListComplianceStatusRequest {
|
|
2517
2744
|
/**
|
|
2518
2745
|
* <p>The ID of the Firewall Manager policy that you want the details for.</p>
|
|
@@ -2537,11 +2764,15 @@ export interface ListComplianceStatusRequest {
|
|
|
2537
2764
|
*/
|
|
2538
2765
|
MaxResults?: number;
|
|
2539
2766
|
}
|
|
2767
|
+
/**
|
|
2768
|
+
* @public
|
|
2769
|
+
*/
|
|
2540
2770
|
export declare enum PolicyComplianceStatusType {
|
|
2541
2771
|
Compliant = "COMPLIANT",
|
|
2542
2772
|
NonCompliant = "NON_COMPLIANT"
|
|
2543
2773
|
}
|
|
2544
2774
|
/**
|
|
2775
|
+
* @public
|
|
2545
2776
|
* <p>Describes the compliance status for the account. An account is considered noncompliant if
|
|
2546
2777
|
* it includes resources that are not protected by the specified policy or that don't comply with
|
|
2547
2778
|
* the policy.</p>
|
|
@@ -2565,6 +2796,7 @@ export interface EvaluationResult {
|
|
|
2565
2796
|
EvaluationLimitExceeded?: boolean;
|
|
2566
2797
|
}
|
|
2567
2798
|
/**
|
|
2799
|
+
* @public
|
|
2568
2800
|
* <p>Indicates whether the account is compliant with the specified policy. An account is
|
|
2569
2801
|
* considered noncompliant if it includes resources that are not protected by the policy, for
|
|
2570
2802
|
* WAF and Shield Advanced policies, or that are noncompliant with the policy, for security group
|
|
@@ -2601,6 +2833,9 @@ export interface PolicyComplianceStatus {
|
|
|
2601
2833
|
*/
|
|
2602
2834
|
IssueInfoMap?: Record<string, string>;
|
|
2603
2835
|
}
|
|
2836
|
+
/**
|
|
2837
|
+
* @public
|
|
2838
|
+
*/
|
|
2604
2839
|
export interface ListComplianceStatusResponse {
|
|
2605
2840
|
/**
|
|
2606
2841
|
* <p>An array of <code>PolicyComplianceStatus</code> objects.</p>
|
|
@@ -2616,6 +2851,9 @@ export interface ListComplianceStatusResponse {
|
|
|
2616
2851
|
*/
|
|
2617
2852
|
NextToken?: string;
|
|
2618
2853
|
}
|
|
2854
|
+
/**
|
|
2855
|
+
* @public
|
|
2856
|
+
*/
|
|
2619
2857
|
export interface ListDiscoveredResourcesRequest {
|
|
2620
2858
|
/**
|
|
2621
2859
|
* <p>The Amazon Web Services account IDs to discover resources in. Only one account is supported per request. The account must be a member of your organization.</p>
|
|
@@ -2639,6 +2877,7 @@ export interface ListDiscoveredResourcesRequest {
|
|
|
2639
2877
|
NextToken?: string;
|
|
2640
2878
|
}
|
|
2641
2879
|
/**
|
|
2880
|
+
* @public
|
|
2642
2881
|
* <p>A resource in the organization that's available to be associated with a Firewall Manager resource set.</p>
|
|
2643
2882
|
*/
|
|
2644
2883
|
export interface DiscoveredResource {
|
|
@@ -2659,6 +2898,9 @@ export interface DiscoveredResource {
|
|
|
2659
2898
|
*/
|
|
2660
2899
|
Name?: string;
|
|
2661
2900
|
}
|
|
2901
|
+
/**
|
|
2902
|
+
* @public
|
|
2903
|
+
*/
|
|
2662
2904
|
export interface ListDiscoveredResourcesResponse {
|
|
2663
2905
|
/**
|
|
2664
2906
|
* <p>Details of the resources that were discovered.</p>
|
|
@@ -2671,6 +2913,9 @@ export interface ListDiscoveredResourcesResponse {
|
|
|
2671
2913
|
*/
|
|
2672
2914
|
NextToken?: string;
|
|
2673
2915
|
}
|
|
2916
|
+
/**
|
|
2917
|
+
* @public
|
|
2918
|
+
*/
|
|
2674
2919
|
export interface ListMemberAccountsRequest {
|
|
2675
2920
|
/**
|
|
2676
2921
|
* <p>If you specify a value for <code>MaxResults</code> and you have more account IDs than the
|
|
@@ -2689,6 +2934,9 @@ export interface ListMemberAccountsRequest {
|
|
|
2689
2934
|
*/
|
|
2690
2935
|
MaxResults?: number;
|
|
2691
2936
|
}
|
|
2937
|
+
/**
|
|
2938
|
+
* @public
|
|
2939
|
+
*/
|
|
2692
2940
|
export interface ListMemberAccountsResponse {
|
|
2693
2941
|
/**
|
|
2694
2942
|
* <p>An array of account IDs.</p>
|
|
@@ -2703,6 +2951,9 @@ export interface ListMemberAccountsResponse {
|
|
|
2703
2951
|
*/
|
|
2704
2952
|
NextToken?: string;
|
|
2705
2953
|
}
|
|
2954
|
+
/**
|
|
2955
|
+
* @public
|
|
2956
|
+
*/
|
|
2706
2957
|
export interface ListPoliciesRequest {
|
|
2707
2958
|
/**
|
|
2708
2959
|
* <p>If you specify a value for <code>MaxResults</code> and you have more
|
|
@@ -2723,6 +2974,7 @@ export interface ListPoliciesRequest {
|
|
|
2723
2974
|
MaxResults?: number;
|
|
2724
2975
|
}
|
|
2725
2976
|
/**
|
|
2977
|
+
* @public
|
|
2726
2978
|
* <p>Details of the Firewall Manager policy. </p>
|
|
2727
2979
|
*/
|
|
2728
2980
|
export interface PolicySummary {
|
|
@@ -2770,6 +3022,9 @@ export interface PolicySummary {
|
|
|
2770
3022
|
*/
|
|
2771
3023
|
DeleteUnusedFMManagedResources?: boolean;
|
|
2772
3024
|
}
|
|
3025
|
+
/**
|
|
3026
|
+
* @public
|
|
3027
|
+
*/
|
|
2773
3028
|
export interface ListPoliciesResponse {
|
|
2774
3029
|
/**
|
|
2775
3030
|
* <p>An array of <code>PolicySummary</code> objects.</p>
|
|
@@ -2784,6 +3039,9 @@ export interface ListPoliciesResponse {
|
|
|
2784
3039
|
*/
|
|
2785
3040
|
NextToken?: string;
|
|
2786
3041
|
}
|
|
3042
|
+
/**
|
|
3043
|
+
* @public
|
|
3044
|
+
*/
|
|
2787
3045
|
export interface ListProtocolsListsRequest {
|
|
2788
3046
|
/**
|
|
2789
3047
|
* <p>Specifies whether the lists to retrieve are default lists owned by Firewall Manager.</p>
|
|
@@ -2804,6 +3062,7 @@ export interface ListProtocolsListsRequest {
|
|
|
2804
3062
|
MaxResults: number | undefined;
|
|
2805
3063
|
}
|
|
2806
3064
|
/**
|
|
3065
|
+
* @public
|
|
2807
3066
|
* <p>Details of the Firewall Manager protocols list.</p>
|
|
2808
3067
|
*/
|
|
2809
3068
|
export interface ProtocolsListDataSummary {
|
|
@@ -2824,6 +3083,9 @@ export interface ProtocolsListDataSummary {
|
|
|
2824
3083
|
*/
|
|
2825
3084
|
ProtocolsList?: string[];
|
|
2826
3085
|
}
|
|
3086
|
+
/**
|
|
3087
|
+
* @public
|
|
3088
|
+
*/
|
|
2827
3089
|
export interface ListProtocolsListsResponse {
|
|
2828
3090
|
/**
|
|
2829
3091
|
* <p>An array of <code>ProtocolsListDataSummary</code> objects.</p>
|
|
@@ -2835,6 +3097,9 @@ export interface ListProtocolsListsResponse {
|
|
|
2835
3097
|
*/
|
|
2836
3098
|
NextToken?: string;
|
|
2837
3099
|
}
|
|
3100
|
+
/**
|
|
3101
|
+
* @public
|
|
3102
|
+
*/
|
|
2838
3103
|
export interface ListResourceSetResourcesRequest {
|
|
2839
3104
|
/**
|
|
2840
3105
|
* <p>A unique identifier for the resource set, used in a TODO to refer to the resource set.</p>
|
|
@@ -2854,6 +3119,7 @@ export interface ListResourceSetResourcesRequest {
|
|
|
2854
3119
|
NextToken?: string;
|
|
2855
3120
|
}
|
|
2856
3121
|
/**
|
|
3122
|
+
* @public
|
|
2857
3123
|
* <p>Details of a resource that is associated to an Firewall Manager resource set.</p>
|
|
2858
3124
|
*/
|
|
2859
3125
|
export interface Resource {
|
|
@@ -2866,6 +3132,9 @@ export interface Resource {
|
|
|
2866
3132
|
*/
|
|
2867
3133
|
AccountId?: string;
|
|
2868
3134
|
}
|
|
3135
|
+
/**
|
|
3136
|
+
* @public
|
|
3137
|
+
*/
|
|
2869
3138
|
export interface ListResourceSetResourcesResponse {
|
|
2870
3139
|
/**
|
|
2871
3140
|
* <p>An array of the associated resources' uniform resource identifiers (URI).</p>
|
|
@@ -2878,6 +3147,9 @@ export interface ListResourceSetResourcesResponse {
|
|
|
2878
3147
|
*/
|
|
2879
3148
|
NextToken?: string;
|
|
2880
3149
|
}
|
|
3150
|
+
/**
|
|
3151
|
+
* @public
|
|
3152
|
+
*/
|
|
2881
3153
|
export interface ListResourceSetsRequest {
|
|
2882
3154
|
/**
|
|
2883
3155
|
* <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
|
|
@@ -2893,6 +3165,7 @@ export interface ListResourceSetsRequest {
|
|
|
2893
3165
|
MaxResults?: number;
|
|
2894
3166
|
}
|
|
2895
3167
|
/**
|
|
3168
|
+
* @public
|
|
2896
3169
|
* <p>Summarizes the resource sets used in a policy.</p>
|
|
2897
3170
|
*/
|
|
2898
3171
|
export interface ResourceSetSummary {
|
|
@@ -2913,6 +3186,9 @@ export interface ResourceSetSummary {
|
|
|
2913
3186
|
*/
|
|
2914
3187
|
LastUpdateTime?: Date;
|
|
2915
3188
|
}
|
|
3189
|
+
/**
|
|
3190
|
+
* @public
|
|
3191
|
+
*/
|
|
2916
3192
|
export interface ListResourceSetsResponse {
|
|
2917
3193
|
/**
|
|
2918
3194
|
* <p>An array of <code>ResourceSetSummary</code> objects.</p>
|
|
@@ -2925,18 +3201,27 @@ export interface ListResourceSetsResponse {
|
|
|
2925
3201
|
*/
|
|
2926
3202
|
NextToken?: string;
|
|
2927
3203
|
}
|
|
3204
|
+
/**
|
|
3205
|
+
* @public
|
|
3206
|
+
*/
|
|
2928
3207
|
export interface ListTagsForResourceRequest {
|
|
2929
3208
|
/**
|
|
2930
3209
|
* <p>The Amazon Resource Name (ARN) of the resource to return tags for. The Firewall Manager resources that support tagging are policies, applications lists, and protocols lists. </p>
|
|
2931
3210
|
*/
|
|
2932
3211
|
ResourceArn: string | undefined;
|
|
2933
3212
|
}
|
|
3213
|
+
/**
|
|
3214
|
+
* @public
|
|
3215
|
+
*/
|
|
2934
3216
|
export interface ListTagsForResourceResponse {
|
|
2935
3217
|
/**
|
|
2936
3218
|
* <p>The tags associated with the resource.</p>
|
|
2937
3219
|
*/
|
|
2938
3220
|
TagList?: Tag[];
|
|
2939
3221
|
}
|
|
3222
|
+
/**
|
|
3223
|
+
* @public
|
|
3224
|
+
*/
|
|
2940
3225
|
export interface ListThirdPartyFirewallFirewallPoliciesRequest {
|
|
2941
3226
|
/**
|
|
2942
3227
|
* <p>The name of the third-party firewall vendor.</p>
|
|
@@ -2961,6 +3246,7 @@ export interface ListThirdPartyFirewallFirewallPoliciesRequest {
|
|
|
2961
3246
|
MaxResults: number | undefined;
|
|
2962
3247
|
}
|
|
2963
3248
|
/**
|
|
3249
|
+
* @public
|
|
2964
3250
|
* <p>Configures the third-party firewall's firewall policy.</p>
|
|
2965
3251
|
*/
|
|
2966
3252
|
export interface ThirdPartyFirewallFirewallPolicy {
|
|
@@ -2973,6 +3259,9 @@ export interface ThirdPartyFirewallFirewallPolicy {
|
|
|
2973
3259
|
*/
|
|
2974
3260
|
FirewallPolicyName?: string;
|
|
2975
3261
|
}
|
|
3262
|
+
/**
|
|
3263
|
+
* @public
|
|
3264
|
+
*/
|
|
2976
3265
|
export interface ListThirdPartyFirewallFirewallPoliciesResponse {
|
|
2977
3266
|
/**
|
|
2978
3267
|
* <p>A list that contains one <code>ThirdPartyFirewallFirewallPolicies</code> element for each third-party firewall policies that the specified
|
|
@@ -2984,6 +3273,9 @@ export interface ListThirdPartyFirewallFirewallPoliciesResponse {
|
|
|
2984
3273
|
*/
|
|
2985
3274
|
NextToken?: string;
|
|
2986
3275
|
}
|
|
3276
|
+
/**
|
|
3277
|
+
* @public
|
|
3278
|
+
*/
|
|
2987
3279
|
export interface PutAppsListRequest {
|
|
2988
3280
|
/**
|
|
2989
3281
|
* <p>The details of the Firewall Manager applications list to be created.</p>
|
|
@@ -2994,6 +3286,9 @@ export interface PutAppsListRequest {
|
|
|
2994
3286
|
*/
|
|
2995
3287
|
TagList?: Tag[];
|
|
2996
3288
|
}
|
|
3289
|
+
/**
|
|
3290
|
+
* @public
|
|
3291
|
+
*/
|
|
2997
3292
|
export interface PutAppsListResponse {
|
|
2998
3293
|
/**
|
|
2999
3294
|
* <p>The details of the Firewall Manager applications list.</p>
|
|
@@ -3004,6 +3299,9 @@ export interface PutAppsListResponse {
|
|
|
3004
3299
|
*/
|
|
3005
3300
|
AppsListArn?: string;
|
|
3006
3301
|
}
|
|
3302
|
+
/**
|
|
3303
|
+
* @public
|
|
3304
|
+
*/
|
|
3007
3305
|
export interface PutNotificationChannelRequest {
|
|
3008
3306
|
/**
|
|
3009
3307
|
* <p>The Amazon Resource Name (ARN) of the SNS topic that collects notifications from
|
|
@@ -3016,6 +3314,9 @@ export interface PutNotificationChannelRequest {
|
|
|
3016
3314
|
*/
|
|
3017
3315
|
SnsRoleName: string | undefined;
|
|
3018
3316
|
}
|
|
3317
|
+
/**
|
|
3318
|
+
* @public
|
|
3319
|
+
*/
|
|
3019
3320
|
export interface PutPolicyRequest {
|
|
3020
3321
|
/**
|
|
3021
3322
|
* <p>The details of the Firewall Manager policy to be created.</p>
|
|
@@ -3026,6 +3327,9 @@ export interface PutPolicyRequest {
|
|
|
3026
3327
|
*/
|
|
3027
3328
|
TagList?: Tag[];
|
|
3028
3329
|
}
|
|
3330
|
+
/**
|
|
3331
|
+
* @public
|
|
3332
|
+
*/
|
|
3029
3333
|
export interface PutPolicyResponse {
|
|
3030
3334
|
/**
|
|
3031
3335
|
* <p>The details of the Firewall Manager policy.</p>
|
|
@@ -3036,6 +3340,9 @@ export interface PutPolicyResponse {
|
|
|
3036
3340
|
*/
|
|
3037
3341
|
PolicyArn?: string;
|
|
3038
3342
|
}
|
|
3343
|
+
/**
|
|
3344
|
+
* @public
|
|
3345
|
+
*/
|
|
3039
3346
|
export interface PutProtocolsListRequest {
|
|
3040
3347
|
/**
|
|
3041
3348
|
* <p>The details of the Firewall Manager protocols list to be created.</p>
|
|
@@ -3046,6 +3353,9 @@ export interface PutProtocolsListRequest {
|
|
|
3046
3353
|
*/
|
|
3047
3354
|
TagList?: Tag[];
|
|
3048
3355
|
}
|
|
3356
|
+
/**
|
|
3357
|
+
* @public
|
|
3358
|
+
*/
|
|
3049
3359
|
export interface PutProtocolsListResponse {
|
|
3050
3360
|
/**
|
|
3051
3361
|
* <p>The details of the Firewall Manager protocols list.</p>
|
|
@@ -3056,6 +3366,9 @@ export interface PutProtocolsListResponse {
|
|
|
3056
3366
|
*/
|
|
3057
3367
|
ProtocolsListArn?: string;
|
|
3058
3368
|
}
|
|
3369
|
+
/**
|
|
3370
|
+
* @public
|
|
3371
|
+
*/
|
|
3059
3372
|
export interface PutResourceSetRequest {
|
|
3060
3373
|
/**
|
|
3061
3374
|
* <p>Details about the resource set to be created or updated.></p>
|
|
@@ -3070,6 +3383,9 @@ export interface PutResourceSetRequest {
|
|
|
3070
3383
|
*/
|
|
3071
3384
|
TagList?: Tag[];
|
|
3072
3385
|
}
|
|
3386
|
+
/**
|
|
3387
|
+
* @public
|
|
3388
|
+
*/
|
|
3073
3389
|
export interface PutResourceSetResponse {
|
|
3074
3390
|
/**
|
|
3075
3391
|
* <p>Details about the resource set.</p>
|
|
@@ -3080,6 +3396,9 @@ export interface PutResourceSetResponse {
|
|
|
3080
3396
|
*/
|
|
3081
3397
|
ResourceSetArn: string | undefined;
|
|
3082
3398
|
}
|
|
3399
|
+
/**
|
|
3400
|
+
* @public
|
|
3401
|
+
*/
|
|
3083
3402
|
export interface TagResourceRequest {
|
|
3084
3403
|
/**
|
|
3085
3404
|
* <p>The Amazon Resource Name (ARN) of the resource to return tags for. The Firewall Manager resources that support tagging are policies, applications lists, and protocols lists. </p>
|
|
@@ -3090,8 +3409,14 @@ export interface TagResourceRequest {
|
|
|
3090
3409
|
*/
|
|
3091
3410
|
TagList: Tag[] | undefined;
|
|
3092
3411
|
}
|
|
3412
|
+
/**
|
|
3413
|
+
* @public
|
|
3414
|
+
*/
|
|
3093
3415
|
export interface TagResourceResponse {
|
|
3094
3416
|
}
|
|
3417
|
+
/**
|
|
3418
|
+
* @public
|
|
3419
|
+
*/
|
|
3095
3420
|
export interface UntagResourceRequest {
|
|
3096
3421
|
/**
|
|
3097
3422
|
* <p>The Amazon Resource Name (ARN) of the resource to return tags for. The Firewall Manager resources that support tagging are policies, applications lists, and protocols lists. </p>
|
|
@@ -3102,6 +3427,9 @@ export interface UntagResourceRequest {
|
|
|
3102
3427
|
*/
|
|
3103
3428
|
TagKeys: string[] | undefined;
|
|
3104
3429
|
}
|
|
3430
|
+
/**
|
|
3431
|
+
* @public
|
|
3432
|
+
*/
|
|
3105
3433
|
export interface UntagResourceResponse {
|
|
3106
3434
|
}
|
|
3107
3435
|
/**
|