@aws-sdk/client-fms 3.379.1 → 3.385.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist-types/models/models_0.d.ts +489 -0
  2. package/package.json +5 -5
package/dist-types/models/models_0.d.ts CHANGED
@@ -21,14 +21,17 @@ export type AccountRoleStatus = (typeof AccountRoleStatus)[keyof typeof AccountR
21
21
  */
22
22
  export interface AccountScope {
23
23
  /**
24
+ * @public
24
25
  * <p>The list of accounts within the organization that the specified Firewall Manager administrator either can or cannot apply policies to, based on the value of <code>ExcludeSpecifiedAccounts</code>. If <code>ExcludeSpecifiedAccounts</code> is set to <code>true</code>, then the Firewall Manager administrator can apply policies to all members of the organization except for the accounts in this list. If <code>ExcludeSpecifiedAccounts</code> is set to <code>false</code>, then the Firewall Manager administrator can only apply policies to the accounts in this list.</p>
25
26
  */
26
27
  Accounts?: string[];
27
28
  /**
29
+ * @public
28
30
  * <p>A boolean value that indicates if the administrator can apply policies to all accounts within an organization. If true, the administrator can apply policies to all accounts within the organization. You can either enable management of all accounts through this operation, or you can specify a list of accounts to manage in <code>AccountScope$Accounts</code>. You cannot specify both.</p>
29
31
  */
30
32
  AllAccountsEnabled?: boolean;
31
33
  /**
34
+ * @public
32
35
  * <p>A boolean value that excludes the accounts in <code>AccountScope$Accounts</code> from the administrator's scope. If true, the Firewall Manager administrator can apply policies to all members of the organization except for the accounts listed in <code>AccountScope$Accounts</code>. You can either specify a list of accounts to exclude by <code>AccountScope$Accounts</code>, or you can enable management of all accounts by <code>AccountScope$AllAccountsEnabled</code>. You cannot specify both.</p>
33
36
  */
34
37
  ExcludeSpecifiedAccounts?: boolean;
@@ -39,10 +42,12 @@ export interface AccountScope {
39
42
  */
40
43
  export interface ActionTarget {
41
44
  /**
45
+ * @public
42
46
  * <p>The ID of the remediation target.</p>
43
47
  */
44
48
  ResourceId?: string;
45
49
  /**
50
+ * @public
46
51
  * <p>A description of the remediation action target.</p>
47
52
  */
48
53
  Description?: string;
@@ -67,14 +72,17 @@ export type OrganizationStatus = (typeof OrganizationStatus)[keyof typeof Organi
67
72
  */
68
73
  export interface AdminAccountSummary {
69
74
  /**
75
+ * @public
70
76
  * <p>The Amazon Web Services account ID of the Firewall Manager administrator's account.</p>
71
77
  */
72
78
  AdminAccount?: string;
73
79
  /**
80
+ * @public
74
81
  * <p>A boolean value that indicates if the administrator is the default administrator. If true, then this is the default administrator account. The default administrator can manage third-party firewalls and has full administrative scope. There is only one default administrator account per organization. For information about Firewall Manager default administrator accounts, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/fms-administrators.html">Managing Firewall Manager administrators</a> in the <i>Firewall Manager Developer Guide</i>.</p>
75
82
  */
76
83
  DefaultAdmin?: boolean;
77
84
  /**
85
+ * @public
78
86
  * <p>The current status of the request to onboard a member account as an Firewall Manager administator.</p>
79
87
  * <ul>
80
88
  * <li>
@@ -104,14 +112,17 @@ export interface AdminAccountSummary {
104
112
  */
105
113
  export interface OrganizationalUnitScope {
106
114
  /**
115
+ * @public
107
116
  * <p>The list of OUs within the organization that the specified Firewall Manager administrator either can or cannot apply policies to, based on the value of <code>OrganizationalUnitScope$ExcludeSpecifiedOrganizationalUnits</code>. If <code>OrganizationalUnitScope$ExcludeSpecifiedOrganizationalUnits</code> is set to <code>true</code>, then the Firewall Manager administrator can apply policies to all OUs in the organization except for the OUs in this list. If <code>OrganizationalUnitScope$ExcludeSpecifiedOrganizationalUnits</code> is set to <code>false</code>, then the Firewall Manager administrator can only apply policies to the OUs in this list.</p>
108
117
  */
109
118
  OrganizationalUnits?: string[];
110
119
  /**
120
+ * @public
111
121
  * <p>A boolean value that indicates if the administrator can apply policies to all OUs within an organization. If true, the administrator can manage all OUs within the organization. You can either enable management of all OUs through this operation, or you can specify OUs to manage in <code>OrganizationalUnitScope$OrganizationalUnits</code>. You cannot specify both.</p>
112
122
  */
113
123
  AllOrganizationalUnitsEnabled?: boolean;
114
124
  /**
125
+ * @public
115
126
  * <p>A boolean value that excludes the OUs in <code>OrganizationalUnitScope$OrganizationalUnits</code> from the administrator's scope. If true, the Firewall Manager administrator can apply policies to all OUs in the organization except for the OUs listed in <code>OrganizationalUnitScope$OrganizationalUnits</code>. You can either specify a list of OUs to exclude by <code>OrganizationalUnitScope$OrganizationalUnits</code>, or you can enable management of all OUs by <code>OrganizationalUnitScope$AllOrganizationalUnitsEnabled</code>. You cannot specify both.</p>
116
127
  */
117
128
  ExcludeSpecifiedOrganizationalUnits?: boolean;
@@ -142,10 +153,12 @@ export type SecurityServiceType = (typeof SecurityServiceType)[keyof typeof Secu
142
153
  */
143
154
  export interface PolicyTypeScope {
144
155
  /**
156
+ * @public
145
157
  * <p>The list of policy types that the specified Firewall Manager administrator can manage.</p>
146
158
  */
147
159
  PolicyTypes?: (SecurityServiceType | string)[];
148
160
  /**
161
+ * @public
149
162
  * <p>Allows the specified Firewall Manager administrator to manage all Firewall Manager policy types, except for third-party policy types. Third-party policy types can only be managed by the Firewall Manager default administrator.</p>
150
163
  */
151
164
  AllPolicyTypesEnabled?: boolean;
@@ -156,10 +169,12 @@ export interface PolicyTypeScope {
156
169
  */
157
170
  export interface RegionScope {
158
171
  /**
172
+ * @public
159
173
  * <p>The Amazon Web Services Regions that the specified Firewall Manager administrator can perform actions in.</p>
160
174
  */
161
175
  Regions?: string[];
162
176
  /**
177
+ * @public
163
178
  * <p>Allows the specified Firewall Manager administrator to manage all Amazon Web Services Regions.</p>
164
179
  */
165
180
  AllRegionsEnabled?: boolean;
@@ -170,19 +185,23 @@ export interface RegionScope {
170
185
  */
171
186
  export interface AdminScope {
172
187
  /**
188
+ * @public
173
189
  * <p>Defines the accounts that the specified Firewall Manager administrator can apply policies to.</p>
174
190
  */
175
191
  AccountScope?: AccountScope;
176
192
  /**
193
+ * @public
177
194
  * <p>Defines the Organizations organizational units that the specified Firewall Manager administrator can apply policies to. For more information about OUs in Organizations, see <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html">Managing organizational units (OUs)
178
195
  * </a> in the <i>Organizations User Guide</i>.</p>
179
196
  */
180
197
  OrganizationalUnitScope?: OrganizationalUnitScope;
181
198
  /**
199
+ * @public
182
200
  * <p>Defines the Amazon Web Services Regions that the specified Firewall Manager administrator can perform actions in.</p>
183
201
  */
184
202
  RegionScope?: RegionScope;
185
203
  /**
204
+ * @public
186
205
  * <p>Defines the Firewall Manager policy types that the specified Firewall Manager administrator can create and manage.</p>
187
206
  */
188
207
  PolicyTypeScope?: PolicyTypeScope;
@@ -193,14 +212,17 @@ export interface AdminScope {
193
212
  */
194
213
  export interface App {
195
214
  /**
215
+ * @public
196
216
  * <p>The application's name.</p>
197
217
  */
198
218
  AppName: string | undefined;
199
219
  /**
220
+ * @public
200
221
  * <p>The IP protocol name or number. The name can be one of <code>tcp</code>, <code>udp</code>, or <code>icmp</code>. For information on possible numbers, see <a href="https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml">Protocol Numbers</a>.</p>
201
222
  */
202
223
  Protocol: string | undefined;
203
224
  /**
225
+ * @public
204
226
  * <p>The application's port number, for example <code>80</code>.</p>
205
227
  */
206
228
  Port: number | undefined;
@@ -211,32 +233,39 @@ export interface App {
211
233
  */
212
234
  export interface AppsListData {
213
235
  /**
236
+ * @public
214
237
  * <p>The ID of the Firewall Manager applications list.</p>
215
238
  */
216
239
  ListId?: string;
217
240
  /**
241
+ * @public
218
242
  * <p>The name of the Firewall Manager applications list.</p>
219
243
  */
220
244
  ListName: string | undefined;
221
245
  /**
246
+ * @public
222
247
  * <p>A unique identifier for each update to the list. When you update
223
248
  * the list, the update token must match the token of the current version of the application list.
224
249
  * You can retrieve the update token by getting the list. </p>
225
250
  */
226
251
  ListUpdateToken?: string;
227
252
  /**
253
+ * @public
228
254
  * <p>The time that the Firewall Manager applications list was created.</p>
229
255
  */
230
256
  CreateTime?: Date;
231
257
  /**
258
+ * @public
232
259
  * <p>The time that the Firewall Manager applications list was last updated.</p>
233
260
  */
234
261
  LastUpdateTime?: Date;
235
262
  /**
263
+ * @public
236
264
  * <p>An array of applications in the Firewall Manager applications list.</p>
237
265
  */
238
266
  AppsList: App[] | undefined;
239
267
  /**
268
+ * @public
240
269
  * <p>A map of previous version numbers to their corresponding <code>App</code> object arrays.</p>
241
270
  */
242
271
  PreviousAppsList?: Record<string, App[]>;
@@ -247,18 +276,22 @@ export interface AppsListData {
247
276
  */
248
277
  export interface AppsListDataSummary {
249
278
  /**
279
+ * @public
250
280
  * <p>The Amazon Resource Name (ARN) of the applications list.</p>
251
281
  */
252
282
  ListArn?: string;
253
283
  /**
284
+ * @public
254
285
  * <p>The ID of the applications list.</p>
255
286
  */
256
287
  ListId?: string;
257
288
  /**
289
+ * @public
258
290
  * <p>The name of the applications list.</p>
259
291
  */
260
292
  ListName?: string;
261
293
  /**
294
+ * @public
262
295
  * <p>An array of <code>App</code> objects in the Firewall Manager applications list.</p>
263
296
  */
264
297
  AppsList?: App[];
@@ -268,6 +301,7 @@ export interface AppsListDataSummary {
268
301
  */
269
302
  export interface AssociateAdminAccountRequest {
270
303
  /**
304
+ * @public
271
305
  * <p>The Amazon Web Services account ID to associate with Firewall Manager as the Firewall Manager
272
306
  * default administrator account. This account must be
273
307
  * a member account of the organization in Organizations whose resources you want to protect.
@@ -366,6 +400,7 @@ export type ThirdPartyFirewall = (typeof ThirdPartyFirewall)[keyof typeof ThirdP
366
400
  */
367
401
  export interface AssociateThirdPartyFirewallRequest {
368
402
  /**
403
+ * @public
369
404
  * <p>The name of the third-party firewall vendor.</p>
370
405
  */
371
406
  ThirdPartyFirewall: ThirdPartyFirewall | string | undefined;
@@ -390,6 +425,7 @@ export type ThirdPartyFirewallAssociationStatus = (typeof ThirdPartyFirewallAsso
390
425
  */
391
426
  export interface AssociateThirdPartyFirewallResponse {
392
427
  /**
428
+ * @public
393
429
  * <p>The current status for setting a Firewall Manager policy administrator's account as an administrator of the third-party firewall tenant.</p>
394
430
  * <ul>
395
431
  * <li>
@@ -422,10 +458,12 @@ export interface AssociateThirdPartyFirewallResponse {
422
458
  */
423
459
  export interface AwsEc2NetworkInterfaceViolation {
424
460
  /**
461
+ * @public
425
462
  * <p>The resource ID of the network interface.</p>
426
463
  */
427
464
  ViolationTarget?: string;
428
465
  /**
466
+ * @public
429
467
  * <p>List of security groups that violate the rules specified in the primary security group of the Firewall Manager policy.</p>
430
468
  */
431
469
  ViolatingSecurityGroups?: string[];
@@ -436,10 +474,12 @@ export interface AwsEc2NetworkInterfaceViolation {
436
474
  */
437
475
  export interface AwsEc2InstanceViolation {
438
476
  /**
477
+ * @public
439
478
  * <p>The resource ID of the EC2 instance.</p>
440
479
  */
441
480
  ViolationTarget?: string;
442
481
  /**
482
+ * @public
443
483
  * <p>Violation detail for network interfaces associated with the EC2 instance.</p>
444
484
  */
445
485
  AwsEc2NetworkInterfaceViolations?: AwsEc2NetworkInterfaceViolation[];
@@ -449,10 +489,12 @@ export interface AwsEc2InstanceViolation {
449
489
  */
450
490
  export interface BatchAssociateResourceRequest {
451
491
  /**
492
+ * @public
452
493
  * <p>A unique identifier for the resource set, used in a request to refer to the resource set.</p>
453
494
  */
454
495
  ResourceSetIdentifier: string | undefined;
455
496
  /**
497
+ * @public
456
498
  * <p>The uniform resource identifiers (URIs) of resources that should be associated to the resource set. The URIs must be Amazon Resource Names (ARNs).</p>
457
499
  */
458
500
  Items: string[] | undefined;
@@ -479,10 +521,12 @@ export type FailedItemReason = (typeof FailedItemReason)[keyof typeof FailedItem
479
521
  */
480
522
  export interface FailedItem {
481
523
  /**
524
+ * @public
482
525
  * <p>The univeral resource indicator (URI) of the resource that failed.</p>
483
526
  */
484
527
  URI?: string;
485
528
  /**
529
+ * @public
486
530
  * <p>The reason the resource's association could not be updated.</p>
487
531
  */
488
532
  Reason?: FailedItemReason | string;
@@ -492,10 +536,12 @@ export interface FailedItem {
492
536
  */
493
537
  export interface BatchAssociateResourceResponse {
494
538
  /**
539
+ * @public
495
540
  * <p>A unique identifier for the resource set, used in a request to refer to the resource set.</p>
496
541
  */
497
542
  ResourceSetIdentifier: string | undefined;
498
543
  /**
544
+ * @public
499
545
  * <p>The resources that failed to associate to the resource set.</p>
500
546
  */
501
547
  FailedItems: FailedItem[] | undefined;
@@ -505,10 +551,12 @@ export interface BatchAssociateResourceResponse {
505
551
  */
506
552
  export interface BatchDisassociateResourceRequest {
507
553
  /**
554
+ * @public
508
555
  * <p>A unique identifier for the resource set, used in a request to refer to the resource set.</p>
509
556
  */
510
557
  ResourceSetIdentifier: string | undefined;
511
558
  /**
559
+ * @public
512
560
  * <p>The uniform resource identifiers (URI) of resources that should be disassociated from the resource set. The URIs must be Amazon Resource Names (ARNs).</p>
513
561
  */
514
562
  Items: string[] | undefined;
@@ -518,10 +566,12 @@ export interface BatchDisassociateResourceRequest {
518
566
  */
519
567
  export interface BatchDisassociateResourceResponse {
520
568
  /**
569
+ * @public
521
570
  * <p>A unique identifier for the resource set, used in a request to refer to the resource set.</p>
522
571
  */
523
572
  ResourceSetIdentifier: string | undefined;
524
573
  /**
574
+ * @public
525
575
  * <p>The resources that failed to disassociate from the resource set.</p>
526
576
  */
527
577
  FailedItems: FailedItem[] | undefined;
@@ -531,6 +581,7 @@ export interface BatchDisassociateResourceResponse {
531
581
  */
532
582
  export interface DeleteAppsListRequest {
533
583
  /**
584
+ * @public
534
585
  * <p>The ID of the applications list that you want to delete. You can retrieve this ID from
535
586
  * <code>PutAppsList</code>, <code>ListAppsLists</code>, and <code>GetAppsList</code>.</p>
536
587
  */
@@ -546,11 +597,13 @@ export interface DeleteNotificationChannelRequest {
546
597
  */
547
598
  export interface DeletePolicyRequest {
548
599
  /**
600
+ * @public
549
601
  * <p>The ID of the policy that you want to delete. You can retrieve this ID from
550
602
  * <code>PutPolicy</code> and <code>ListPolicies</code>.</p>
551
603
  */
552
604
  PolicyId: string | undefined;
553
605
  /**
606
+ * @public
554
607
  * <p>If <code>True</code>, the request performs cleanup according to the policy type. </p>
555
608
  * <p>For WAF and Shield Advanced policies, the cleanup does the following:</p>
556
609
  * <ul>
@@ -589,6 +642,7 @@ export interface DeletePolicyRequest {
589
642
  */
590
643
  export interface DeleteProtocolsListRequest {
591
644
  /**
645
+ * @public
592
646
  * <p>The ID of the protocols list that you want to delete. You can retrieve this ID from
593
647
  * <code>PutProtocolsList</code>, <code>ListProtocolsLists</code>, and <code>GetProtocolsLost</code>.</p>
594
648
  */
@@ -599,6 +653,7 @@ export interface DeleteProtocolsListRequest {
599
653
  */
600
654
  export interface DeleteResourceSetRequest {
601
655
  /**
656
+ * @public
602
657
  * <p>A unique identifier for the resource set, used in a request to refer to the resource set.</p>
603
658
  */
604
659
  Identifier: string | undefined;
@@ -613,6 +668,7 @@ export interface DisassociateAdminAccountRequest {
613
668
  */
614
669
  export interface DisassociateThirdPartyFirewallRequest {
615
670
  /**
671
+ * @public
616
672
  * <p>The name of the third-party firewall vendor.</p>
617
673
  */
618
674
  ThirdPartyFirewall: ThirdPartyFirewall | string | undefined;
@@ -622,6 +678,7 @@ export interface DisassociateThirdPartyFirewallRequest {
622
678
  */
623
679
  export interface DisassociateThirdPartyFirewallResponse {
624
680
  /**
681
+ * @public
625
682
  * <p>The current status for the disassociation of a Firewall Manager administrators account with a third-party firewall.</p>
626
683
  */
627
684
  ThirdPartyFirewallStatus?: ThirdPartyFirewallAssociationStatus | string;
@@ -636,10 +693,12 @@ export interface GetAdminAccountRequest {
636
693
  */
637
694
  export interface GetAdminAccountResponse {
638
695
  /**
696
+ * @public
639
697
  * <p>The account that is set as the Firewall Manager default administrator.</p>
640
698
  */
641
699
  AdminAccount?: string;
642
700
  /**
701
+ * @public
643
702
  * <p>The status of the account that you set as the Firewall Manager
644
703
  * default administrator.</p>
645
704
  */
@@ -650,6 +709,7 @@ export interface GetAdminAccountResponse {
650
709
  */
651
710
  export interface GetAdminScopeRequest {
652
711
  /**
712
+ * @public
653
713
  * <p>The administator account that you want to get the details for.</p>
654
714
  */
655
715
  AdminAccount: string | undefined;
@@ -659,10 +719,12 @@ export interface GetAdminScopeRequest {
659
719
  */
660
720
  export interface GetAdminScopeResponse {
661
721
  /**
722
+ * @public
662
723
  * <p>Contains details about the administrative scope of the requested account.</p>
663
724
  */
664
725
  AdminScope?: AdminScope;
665
726
  /**
727
+ * @public
666
728
  * <p>The current status of the request to onboard a member account as an Firewall Manager administator.</p>
667
729
  * <ul>
668
730
  * <li>
@@ -690,10 +752,12 @@ export interface GetAdminScopeResponse {
690
752
  */
691
753
  export interface GetAppsListRequest {
692
754
  /**
755
+ * @public
693
756
  * <p>The ID of the Firewall Manager applications list that you want the details for.</p>
694
757
  */
695
758
  ListId: string | undefined;
696
759
  /**
760
+ * @public
697
761
  * <p>Specifies whether the list to retrieve is a default list owned by Firewall Manager.</p>
698
762
  */
699
763
  DefaultList?: boolean;
@@ -703,10 +767,12 @@ export interface GetAppsListRequest {
703
767
  */
704
768
  export interface GetAppsListResponse {
705
769
  /**
770
+ * @public
706
771
  * <p>Information about the specified Firewall Manager applications list.</p>
707
772
  */
708
773
  AppsList?: AppsListData;
709
774
  /**
775
+ * @public
710
776
  * <p>The Amazon Resource Name (ARN) of the applications list.</p>
711
777
  */
712
778
  AppsListArn?: string;
@@ -716,11 +782,13 @@ export interface GetAppsListResponse {
716
782
  */
717
783
  export interface GetComplianceDetailRequest {
718
784
  /**
785
+ * @public
719
786
  * <p>The ID of the policy that you want to get the details for. <code>PolicyId</code> is
720
787
  * returned by <code>PutPolicy</code> and by <code>ListPolicies</code>.</p>
721
788
  */
722
789
  PolicyId: string | undefined;
723
790
  /**
791
+ * @public
724
792
  * <p>The Amazon Web Services account that owns the resources that you want to get the details for.</p>
725
793
  */
726
794
  MemberAccount: string | undefined;
@@ -783,14 +851,17 @@ export type ViolationReason = (typeof ViolationReason)[keyof typeof ViolationRea
783
851
  */
784
852
  export interface ComplianceViolator {
785
853
  /**
854
+ * @public
786
855
  * <p>The resource ID.</p>
787
856
  */
788
857
  ResourceId?: string;
789
858
  /**
859
+ * @public
790
860
  * <p>The reason that the resource is not protected by the policy.</p>
791
861
  */
792
862
  ViolationReason?: ViolationReason | string;
793
863
  /**
864
+ * @public
794
865
  * <p>The resource type. This is in the format shown in the <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Amazon Web Services Resource Types Reference</a>. For example:
795
866
  * <code>AWS::ElasticLoadBalancingV2::LoadBalancer</code>,
796
867
  * <code>AWS::CloudFront::Distribution</code>, or
@@ -798,6 +869,7 @@ export interface ComplianceViolator {
798
869
  */
799
870
  ResourceType?: string;
800
871
  /**
872
+ * @public
801
873
  * <p>Metadata about the resource that doesn't comply with the policy scope.</p>
802
874
  */
803
875
  Metadata?: Record<string, string>;
@@ -810,33 +882,40 @@ export interface ComplianceViolator {
810
882
  */
811
883
  export interface PolicyComplianceDetail {
812
884
  /**
885
+ * @public
813
886
  * <p>The Amazon Web Services account that created the Firewall Manager policy.</p>
814
887
  */
815
888
  PolicyOwner?: string;
816
889
  /**
890
+ * @public
817
891
  * <p>The ID of the Firewall Manager policy.</p>
818
892
  */
819
893
  PolicyId?: string;
820
894
  /**
895
+ * @public
821
896
  * <p>The Amazon Web Services account ID.</p>
822
897
  */
823
898
  MemberAccount?: string;
824
899
  /**
900
+ * @public
825
901
  * <p>An array of resources that aren't protected by the WAF or Shield Advanced policy or
826
902
  * that aren't in compliance with the security group policy.</p>
827
903
  */
828
904
  Violators?: ComplianceViolator[];
829
905
  /**
906
+ * @public
830
907
  * <p>Indicates if over 100 resources are noncompliant with the Firewall Manager
831
908
  * policy.</p>
832
909
  */
833
910
  EvaluationLimitExceeded?: boolean;
834
911
  /**
912
+ * @public
835
913
  * <p>A timestamp that indicates when the returned information should be considered out of
836
914
  * date.</p>
837
915
  */
838
916
  ExpiredAt?: Date;
839
917
  /**
918
+ * @public
840
919
  * <p>Details about problems with dependent services, such as WAF or Config,
841
920
  * and the error message received that indicates the problem with the service.</p>
842
921
  */
@@ -847,6 +926,7 @@ export interface PolicyComplianceDetail {
847
926
  */
848
927
  export interface GetComplianceDetailResponse {
849
928
  /**
929
+ * @public
850
930
  * <p>Information about the resources and the policy that you specified in the
851
931
  * <code>GetComplianceDetail</code> request.</p>
852
932
  */
@@ -862,10 +942,12 @@ export interface GetNotificationChannelRequest {
862
942
  */
863
943
  export interface GetNotificationChannelResponse {
864
944
  /**
945
+ * @public
865
946
  * <p>The SNS topic that records Firewall Manager activity. </p>
866
947
  */
867
948
  SnsTopicArn?: string;
868
949
  /**
950
+ * @public
869
951
  * <p>The IAM role that is used by Firewall Manager to record activity to SNS.</p>
870
952
  */
871
953
  SnsRoleName?: string;
@@ -875,6 +957,7 @@ export interface GetNotificationChannelResponse {
875
957
  */
876
958
  export interface GetPolicyRequest {
877
959
  /**
960
+ * @public
878
961
  * <p>The ID of the Firewall Manager policy that you want the details for.</p>
879
962
  */
880
963
  PolicyId: string | undefined;
@@ -915,10 +998,12 @@ export type CustomerPolicyStatus = (typeof CustomerPolicyStatus)[keyof typeof Cu
915
998
  */
916
999
  export interface ResourceTag {
917
1000
  /**
1001
+ * @public
918
1002
  * <p>The resource tag key.</p>
919
1003
  */
920
1004
  Key: string | undefined;
921
1005
  /**
1006
+ * @public
922
1007
  * <p>The resource tag value.</p>
923
1008
  */
924
1009
  Value?: string;
@@ -944,6 +1029,7 @@ export type FirewallDeploymentModel = (typeof FirewallDeploymentModel)[keyof typ
944
1029
  */
945
1030
  export interface NetworkFirewallPolicy {
946
1031
  /**
1032
+ * @public
947
1033
  * <p>Defines the deployment model to use for the firewall policy. To use a distributed model,
948
1034
  * set <a href="https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html">PolicyOption</a> to <code>NULL</code>.</p>
949
1035
  */
@@ -955,6 +1041,7 @@ export interface NetworkFirewallPolicy {
955
1041
  */
956
1042
  export interface ThirdPartyFirewallPolicy {
957
1043
  /**
1044
+ * @public
958
1045
  * <p>Defines the deployment model to use for the third-party firewall policy.</p>
959
1046
  */
960
1047
  FirewallDeploymentModel?: FirewallDeploymentModel | string;
@@ -965,10 +1052,12 @@ export interface ThirdPartyFirewallPolicy {
965
1052
  */
966
1053
  export interface PolicyOption {
967
1054
  /**
1055
+ * @public
968
1056
  * <p>Defines the deployment model to use for the firewall policy.</p>
969
1057
  */
970
1058
  NetworkFirewallPolicy?: NetworkFirewallPolicy;
971
1059
  /**
1060
+ * @public
972
1061
  * <p>Defines the policy options for a third-party firewall policy.</p>
973
1062
  */
974
1063
  ThirdPartyFirewallPolicy?: ThirdPartyFirewallPolicy;
@@ -979,6 +1068,7 @@ export interface PolicyOption {
979
1068
  */
980
1069
  export interface SecurityServicePolicyData {
981
1070
  /**
1071
+ * @public
982
1072
  * <p>The service that the policy is using to protect the resources. This specifies the type of
983
1073
  * policy that is created, either an WAF policy, a Shield Advanced policy, or a security
984
1074
  * group policy. For security group policies, Firewall Manager supports one security group for
@@ -987,6 +1077,7 @@ export interface SecurityServicePolicyData {
987
1077
  */
988
1078
  Type: SecurityServiceType | string | undefined;
989
1079
  /**
1080
+ * @public
990
1081
  * <p>Details about the service that are specific to the service type, in JSON format. </p>
991
1082
  * <ul>
992
1083
  * <li>
@@ -1232,6 +1323,7 @@ export interface SecurityServicePolicyData {
1232
1323
  */
1233
1324
  ManagedServiceData?: string;
1234
1325
  /**
1326
+ * @public
1235
1327
  * <p>Contains the Network Firewall firewall policy options to configure a centralized deployment
1236
1328
  * model.</p>
1237
1329
  */
@@ -1243,14 +1335,17 @@ export interface SecurityServicePolicyData {
1243
1335
  */
1244
1336
  export interface Policy {
1245
1337
  /**
1338
+ * @public
1246
1339
  * <p>The ID of the Firewall Manager policy.</p>
1247
1340
  */
1248
1341
  PolicyId?: string;
1249
1342
  /**
1343
+ * @public
1250
1344
  * <p>The name of the Firewall Manager policy.</p>
1251
1345
  */
1252
1346
  PolicyName: string | undefined;
1253
1347
  /**
1348
+ * @public
1254
1349
  * <p>A unique identifier for each update to the policy. When issuing a <code>PutPolicy</code>
1255
1350
  * request, the <code>PolicyUpdateToken</code> in the request must match the
1256
1351
  * <code>PolicyUpdateToken</code> of the current policy version. To get the
@@ -1259,10 +1354,12 @@ export interface Policy {
1259
1354
  */
1260
1355
  PolicyUpdateToken?: string;
1261
1356
  /**
1357
+ * @public
1262
1358
  * <p>Details about the security service that is being used to protect the resources.</p>
1263
1359
  */
1264
1360
  SecurityServicePolicyData: SecurityServicePolicyData | undefined;
1265
1361
  /**
1362
+ * @public
1266
1363
  * <p>The type of resource protected by or in scope of the policy. This is in the format shown
1267
1364
  * in the <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Amazon Web Services Resource Types Reference</a>.
1268
1365
  * To apply this policy to multiple resource types, specify a resource type of <code>ResourceTypeList</code> and then specify the resource types in a <code>ResourceTypeList</code>.</p>
@@ -1277,14 +1374,17 @@ export interface Policy {
1277
1374
  */
1278
1375
  ResourceType: string | undefined;
1279
1376
  /**
1377
+ * @public
1280
1378
  * <p>An array of <code>ResourceType</code> objects. Use this only to specify multiple resource types. To specify a single resource type, use <code>ResourceType</code>.</p>
1281
1379
  */
1282
1380
  ResourceTypeList?: string[];
1283
1381
  /**
1382
+ * @public
1284
1383
  * <p>An array of <code>ResourceTag</code> objects.</p>
1285
1384
  */
1286
1385
  ResourceTags?: ResourceTag[];
1287
1386
  /**
1387
+ * @public
1288
1388
  * <p>If set to <code>True</code>, resources with the tags that are specified in the
1289
1389
  * <code>ResourceTag</code> array are not in scope of the policy. If set to <code>False</code>,
1290
1390
  * and the <code>ResourceTag</code> array is not null, only resources with the specified tags are
@@ -1292,10 +1392,12 @@ export interface Policy {
1292
1392
  */
1293
1393
  ExcludeResourceTags: boolean | undefined;
1294
1394
  /**
1395
+ * @public
1295
1396
  * <p>Indicates if the policy should be automatically applied to new resources.</p>
1296
1397
  */
1297
1398
  RemediationEnabled: boolean | undefined;
1298
1399
  /**
1400
+ * @public
1299
1401
  * <p>Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources
1300
1402
  * that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL
1301
1403
  * from a protected customer resource when the customer resource leaves policy scope. </p>
@@ -1304,6 +1406,7 @@ export interface Policy {
1304
1406
  */
1305
1407
  DeleteUnusedFMManagedResources?: boolean;
1306
1408
  /**
1409
+ * @public
1307
1410
  * <p>Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the policy.
1308
1411
  * Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.</p>
1309
1412
  * <p>You can specify inclusions or exclusions, but not both. If you specify an <code>IncludeMap</code>, Firewall Manager
@@ -1328,6 +1431,7 @@ export interface Policy {
1328
1431
  */
1329
1432
  IncludeMap?: Record<string, string[]>;
1330
1433
  /**
1434
+ * @public
1331
1435
  * <p>Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the policy.
1332
1436
  * Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.</p>
1333
1437
  * <p>You can specify inclusions or exclusions, but not both. If you specify an <code>IncludeMap</code>, Firewall Manager
@@ -1352,14 +1456,17 @@ export interface Policy {
1352
1456
  */
1353
1457
  ExcludeMap?: Record<string, string[]>;
1354
1458
  /**
1459
+ * @public
1355
1460
  * <p>The unique identifiers of the resource sets used by the policy.</p>
1356
1461
  */
1357
1462
  ResourceSetIds?: string[];
1358
1463
  /**
1464
+ * @public
1359
1465
  * <p>The definition of the Network Firewall firewall policy.</p>
1360
1466
  */
1361
1467
  PolicyDescription?: string;
1362
1468
  /**
1469
+ * @public
1363
1470
  * <p>Indicates whether the policy is in or out of an admin's policy or Region scope.</p>
1364
1471
  * <ul>
1365
1472
  * <li>
@@ -1379,10 +1486,12 @@ export interface Policy {
1379
1486
  */
1380
1487
  export interface GetPolicyResponse {
1381
1488
  /**
1489
+ * @public
1382
1490
  * <p>Information about the specified Firewall Manager policy.</p>
1383
1491
  */
1384
1492
  Policy?: Policy;
1385
1493
  /**
1494
+ * @public
1386
1495
  * <p>The Amazon Resource Name (ARN) of the specified policy.</p>
1387
1496
  */
1388
1497
  PolicyArn?: string;
@@ -1405,27 +1514,32 @@ export declare class InvalidTypeException extends __BaseException {
1405
1514
  */
1406
1515
  export interface GetProtectionStatusRequest {
1407
1516
  /**
1517
+ * @public
1408
1518
  * <p>The ID of the policy for which you want to get the attack information.</p>
1409
1519
  */
1410
1520
  PolicyId: string | undefined;
1411
1521
  /**
1522
+ * @public
1412
1523
  * <p>The Amazon Web Services account that is in scope of the policy that you want to get the details
1413
1524
  * for.</p>
1414
1525
  */
1415
1526
  MemberAccountId?: string;
1416
1527
  /**
1528
+ * @public
1417
1529
  * <p>The start of the time period to query for the attacks. This is a <code>timestamp</code> type. The
1418
1530
  * request syntax listing indicates a <code>number</code> type because the default used by Firewall Manager is Unix time in seconds. However, any valid <code>timestamp</code> format is
1419
1531
  * allowed.</p>
1420
1532
  */
1421
1533
  StartTime?: Date;
1422
1534
  /**
1535
+ * @public
1423
1536
  * <p>The end of the time period to query for the attacks. This is a <code>timestamp</code> type. The
1424
1537
  * request syntax listing indicates a <code>number</code> type because the default used by Firewall Manager is Unix time in seconds. However, any valid <code>timestamp</code> format is
1425
1538
  * allowed.</p>
1426
1539
  */
1427
1540
  EndTime?: Date;
1428
1541
  /**
1542
+ * @public
1429
1543
  * <p>If you specify a value for <code>MaxResults</code> and you have more objects than the number that you specify
1430
1544
  * for <code>MaxResults</code>, Firewall Manager returns a <code>NextToken</code> value in the response, which you can use to retrieve another group of
1431
1545
  * objects. For the second and subsequent <code>GetProtectionStatus</code> requests, specify the value of <code>NextToken</code>
@@ -1433,6 +1547,7 @@ export interface GetProtectionStatusRequest {
1433
1547
  */
1434
1548
  NextToken?: string;
1435
1549
  /**
1550
+ * @public
1436
1551
  * <p>Specifies the number of objects that you want Firewall Manager to return for this request. If you have more
1437
1552
  * objects than the number that you specify for <code>MaxResults</code>, the response includes a
1438
1553
  * <code>NextToken</code> value that you can use to get another batch of objects.</p>
@@ -1444,15 +1559,18 @@ export interface GetProtectionStatusRequest {
1444
1559
  */
1445
1560
  export interface GetProtectionStatusResponse {
1446
1561
  /**
1562
+ * @public
1447
1563
  * <p>The ID of the Firewall Manager administrator account for this policy.</p>
1448
1564
  */
1449
1565
  AdminAccountId?: string;
1450
1566
  /**
1567
+ * @public
1451
1568
  * <p>The service type that is protected by the policy. Currently, this is always
1452
1569
  * <code>SHIELD_ADVANCED</code>.</p>
1453
1570
  */
1454
1571
  ServiceType?: SecurityServiceType | string;
1455
1572
  /**
1573
+ * @public
1456
1574
  * <p>Details about the attack, including the following:</p>
1457
1575
  * <ul>
1458
1576
  * <li>
@@ -1475,6 +1593,7 @@ export interface GetProtectionStatusResponse {
1475
1593
  */
1476
1594
  Data?: string;
1477
1595
  /**
1596
+ * @public
1478
1597
  * <p>If you have more objects than the number that you specified for <code>MaxResults</code> in the request,
1479
1598
  * the response includes a <code>NextToken</code> value. To list more objects, submit another
1480
1599
  * <code>GetProtectionStatus</code> request, and specify the <code>NextToken</code> value from the response in the
@@ -1491,10 +1610,12 @@ export interface GetProtectionStatusResponse {
1491
1610
  */
1492
1611
  export interface GetProtocolsListRequest {
1493
1612
  /**
1613
+ * @public
1494
1614
  * <p>The ID of the Firewall Manager protocols list that you want the details for.</p>
1495
1615
  */
1496
1616
  ListId: string | undefined;
1497
1617
  /**
1618
+ * @public
1498
1619
  * <p>Specifies whether the list to retrieve is a default list owned by Firewall Manager.</p>
1499
1620
  */
1500
1621
  DefaultList?: boolean;
@@ -1505,32 +1626,39 @@ export interface GetProtocolsListRequest {
1505
1626
  */
1506
1627
  export interface ProtocolsListData {
1507
1628
  /**
1629
+ * @public
1508
1630
  * <p>The ID of the Firewall Manager protocols list.</p>
1509
1631
  */
1510
1632
  ListId?: string;
1511
1633
  /**
1634
+ * @public
1512
1635
  * <p>The name of the Firewall Manager protocols list.</p>
1513
1636
  */
1514
1637
  ListName: string | undefined;
1515
1638
  /**
1639
+ * @public
1516
1640
  * <p>A unique identifier for each update to the list. When you update
1517
1641
  * the list, the update token must match the token of the current version of the application list.
1518
1642
  * You can retrieve the update token by getting the list. </p>
1519
1643
  */
1520
1644
  ListUpdateToken?: string;
1521
1645
  /**
1646
+ * @public
1522
1647
  * <p>The time that the Firewall Manager protocols list was created.</p>
1523
1648
  */
1524
1649
  CreateTime?: Date;
1525
1650
  /**
1651
+ * @public
1526
1652
  * <p>The time that the Firewall Manager protocols list was last updated.</p>
1527
1653
  */
1528
1654
  LastUpdateTime?: Date;
1529
1655
  /**
1656
+ * @public
1530
1657
  * <p>An array of protocols in the Firewall Manager protocols list.</p>
1531
1658
  */
1532
1659
  ProtocolsList: string[] | undefined;
1533
1660
  /**
1661
+ * @public
1534
1662
  * <p>A map of previous version numbers to their corresponding protocol arrays.</p>
1535
1663
  */
1536
1664
  PreviousProtocolsList?: Record<string, string[]>;
@@ -1540,10 +1668,12 @@ export interface ProtocolsListData {
1540
1668
  */
1541
1669
  export interface GetProtocolsListResponse {
1542
1670
  /**
1671
+ * @public
1543
1672
  * <p>Information about the specified Firewall Manager protocols list.</p>
1544
1673
  */
1545
1674
  ProtocolsList?: ProtocolsListData;
1546
1675
  /**
1676
+ * @public
1547
1677
  * <p>The Amazon Resource Name (ARN) of the specified protocols list.</p>
1548
1678
  */
1549
1679
  ProtocolsListArn?: string;
@@ -1553,6 +1683,7 @@ export interface GetProtocolsListResponse {
1553
1683
  */
1554
1684
  export interface GetResourceSetRequest {
1555
1685
  /**
1686
+ * @public
1556
1687
  * <p>A unique identifier for the resource set, used in a request to refer to the resource set.</p>
1557
1688
  */
1558
1689
  Identifier: string | undefined;
@@ -1575,18 +1706,22 @@ export type ResourceSetStatus = (typeof ResourceSetStatus)[keyof typeof Resource
1575
1706
  */
1576
1707
  export interface ResourceSet {
1577
1708
  /**
1709
+ * @public
1578
1710
  * <p>A unique identifier for the resource set. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.</p>
1579
1711
  */
1580
1712
  Id?: string;
1581
1713
  /**
1714
+ * @public
1582
1715
  * <p>The descriptive name of the resource set. You can't change the name of a resource set after you create it.</p>
1583
1716
  */
1584
1717
  Name: string | undefined;
1585
1718
  /**
1719
+ * @public
1586
1720
  * <p>A description of the resource set.</p>
1587
1721
  */
1588
1722
  Description?: string;
1589
1723
  /**
1724
+ * @public
1590
1725
  * <p>An optional token that you can use for optimistic locking. Firewall Manager returns a token to your requests that access the resource set. The token marks the state of the resource set resource at the time of the request. Update tokens are not allowed when creating a resource set. After creation, each subsequent update call to the resource set requires the update token.
1591
1726
  * </p>
1592
1727
  * <p>To make an unconditional change to the resource set, omit the token in your update request. Without the token, Firewall Manager performs your updates regardless of whether the resource set has changed since you last retrieved it.</p>
@@ -1594,16 +1729,19 @@ export interface ResourceSet {
1594
1729
  */
1595
1730
  UpdateToken?: string;
1596
1731
  /**
1732
+ * @public
1597
1733
  * <p>Determines the resources that can be associated to the resource set. Depending on
1598
1734
  * your setting for max results and the number of resource sets, a single call might not
1599
1735
  * return the full list.</p>
1600
1736
  */
1601
1737
  ResourceTypeList: string[] | undefined;
1602
1738
  /**
1739
+ * @public
1603
1740
  * <p>The last time that the resource set was changed.</p>
1604
1741
  */
1605
1742
  LastUpdateTime?: Date;
1606
1743
  /**
1744
+ * @public
1607
1745
  * <p>Indicates whether the resource set is in or out of an admin's Region scope.</p>
1608
1746
  * <ul>
1609
1747
  * <li>
@@ -1623,10 +1761,12 @@ export interface ResourceSet {
1623
1761
  */
1624
1762
  export interface GetResourceSetResponse {
1625
1763
  /**
1764
+ * @public
1626
1765
  * <p>Information about the specified resource set.</p>
1627
1766
  */
1628
1767
  ResourceSet: ResourceSet | undefined;
1629
1768
  /**
1769
+ * @public
1630
1770
  * <p>The Amazon Resource Name (ARN) of the resource set.</p>
1631
1771
  */
1632
1772
  ResourceSetArn: string | undefined;
@@ -1636,6 +1776,7 @@ export interface GetResourceSetResponse {
1636
1776
  */
1637
1777
  export interface GetThirdPartyFirewallAssociationStatusRequest {
1638
1778
  /**
1779
+ * @public
1639
1780
  * <p>The name of the third-party firewall vendor.</p>
1640
1781
  */
1641
1782
  ThirdPartyFirewall: ThirdPartyFirewall | string | undefined;
@@ -1658,6 +1799,7 @@ export type MarketplaceSubscriptionOnboardingStatus = (typeof MarketplaceSubscri
1658
1799
  */
1659
1800
  export interface GetThirdPartyFirewallAssociationStatusResponse {
1660
1801
  /**
1802
+ * @public
1661
1803
  * <p>The current status for setting a Firewall Manager policy administrators account as an administrator of the third-party firewall tenant.</p>
1662
1804
  * <ul>
1663
1805
  * <li>
@@ -1684,6 +1826,7 @@ export interface GetThirdPartyFirewallAssociationStatusResponse {
1684
1826
  */
1685
1827
  ThirdPartyFirewallStatus?: ThirdPartyFirewallAssociationStatus | string;
1686
1828
  /**
1829
+ * @public
1687
1830
  * <p>The status for subscribing to the third-party firewall vendor in the Amazon Web Services Marketplace.</p>
1688
1831
  * <ul>
1689
1832
  * <li>
@@ -1707,18 +1850,22 @@ export interface GetThirdPartyFirewallAssociationStatusResponse {
1707
1850
  */
1708
1851
  export interface GetViolationDetailsRequest {
1709
1852
  /**
1853
+ * @public
1710
1854
  * <p>The ID of the Firewall Manager policy that you want the details for. This currently only supports security group content audit policies.</p>
1711
1855
  */
1712
1856
  PolicyId: string | undefined;
1713
1857
  /**
1858
+ * @public
1714
1859
  * <p>The Amazon Web Services account ID that you want the details for.</p>
1715
1860
  */
1716
1861
  MemberAccount: string | undefined;
1717
1862
  /**
1863
+ * @public
1718
1864
  * <p>The ID of the resource that has violations.</p>
1719
1865
  */
1720
1866
  ResourceId: string | undefined;
1721
1867
  /**
1868
+ * @public
1722
1869
  * <p>The resource type. This is in the format shown in the <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Amazon Web Services Resource Types Reference</a>.
1723
1870
  * Supported resource types are:
1724
1871
  * <code>AWS::EC2::Instance</code>,
@@ -1736,10 +1883,12 @@ export interface GetViolationDetailsRequest {
1736
1883
  */
1737
1884
  export interface Tag {
1738
1885
  /**
1886
+ * @public
1739
1887
  * <p>Part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as "customer." Tag keys are case-sensitive.</p>
1740
1888
  */
1741
1889
  Key: string | undefined;
1742
1890
  /**
1891
+ * @public
1743
1892
  * <p>Part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as "companyA" or "companyB." Tag values are case-sensitive. </p>
1744
1893
  */
1745
1894
  Value: string | undefined;
@@ -1750,10 +1899,12 @@ export interface Tag {
1750
1899
  */
1751
1900
  export interface PartialMatch {
1752
1901
  /**
1902
+ * @public
1753
1903
  * <p>The reference rule from the primary security group of the Firewall Manager policy.</p>
1754
1904
  */
1755
1905
  Reference?: string;
1756
1906
  /**
1907
+ * @public
1757
1908
  * <p>The violation reason.</p>
1758
1909
  */
1759
1910
  TargetViolationReasons?: string[];
@@ -1776,26 +1927,32 @@ export type RemediationActionType = (typeof RemediationActionType)[keyof typeof
1776
1927
  */
1777
1928
  export interface SecurityGroupRuleDescription {
1778
1929
  /**
1930
+ * @public
1779
1931
  * <p>The IPv4 ranges for the security group rule.</p>
1780
1932
  */
1781
1933
  IPV4Range?: string;
1782
1934
  /**
1935
+ * @public
1783
1936
  * <p>The IPv6 ranges for the security group rule.</p>
1784
1937
  */
1785
1938
  IPV6Range?: string;
1786
1939
  /**
1940
+ * @public
1787
1941
  * <p>The ID of the prefix list for the security group rule.</p>
1788
1942
  */
1789
1943
  PrefixListId?: string;
1790
1944
  /**
1945
+ * @public
1791
1946
  * <p>The IP protocol name (<code>tcp</code>, <code>udp</code>, <code>icmp</code>, <code>icmpv6</code>) or number.</p>
1792
1947
  */
1793
1948
  Protocol?: string;
1794
1949
  /**
1950
+ * @public
1795
1951
  * <p>The start of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of <code>-1</code> indicates all ICMP/ICMPv6 types.</p>
1796
1952
  */
1797
1953
  FromPort?: number;
1798
1954
  /**
1955
+ * @public
1799
1956
  * <p>The end of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of <code>-1</code> indicates all ICMP/ICMPv6 codes.</p>
1800
1957
  */
1801
1958
  ToPort?: number;
@@ -1806,18 +1963,22 @@ export interface SecurityGroupRuleDescription {
1806
1963
  */
1807
1964
  export interface SecurityGroupRemediationAction {
1808
1965
  /**
1966
+ * @public
1809
1967
  * <p>The remediation action that will be performed.</p>
1810
1968
  */
1811
1969
  RemediationActionType?: RemediationActionType | string;
1812
1970
  /**
1971
+ * @public
1813
1972
  * <p>Brief description of the action that will be performed.</p>
1814
1973
  */
1815
1974
  Description?: string;
1816
1975
  /**
1976
+ * @public
1817
1977
  * <p>The final state of the rule specified in the <code>ViolationTarget</code> after it is remediated.</p>
1818
1978
  */
1819
1979
  RemediationResult?: SecurityGroupRuleDescription;
1820
1980
  /**
1981
+ * @public
1821
1982
  * <p>Indicates if the current action is the default action.</p>
1822
1983
  */
1823
1984
  IsDefaultAction?: boolean;
@@ -1828,18 +1989,22 @@ export interface SecurityGroupRemediationAction {
1828
1989
  */
1829
1990
  export interface AwsVPCSecurityGroupViolation {
1830
1991
  /**
1992
+ * @public
1831
1993
  * <p>The security group rule that is being evaluated.</p>
1832
1994
  */
1833
1995
  ViolationTarget?: string;
1834
1996
  /**
1997
+ * @public
1835
1998
  * <p>A description of the security group that violates the policy.</p>
1836
1999
  */
1837
2000
  ViolationTargetDescription?: string;
1838
2001
  /**
2002
+ * @public
1839
2003
  * <p>List of rules specified in the security group of the Firewall Manager policy that partially match the <code>ViolationTarget</code> rule.</p>
1840
2004
  */
1841
2005
  PartialMatches?: PartialMatch[];
1842
2006
  /**
2007
+ * @public
1843
2008
  * <p>Remediation options for the rule specified in the <code>ViolationTarget</code>.</p>
1844
2009
  */
1845
2010
  PossibleSecurityGroupRemediationActions?: SecurityGroupRemediationAction[];
@@ -1851,10 +2016,12 @@ export interface AwsVPCSecurityGroupViolation {
1851
2016
  */
1852
2017
  export interface DnsDuplicateRuleGroupViolation {
1853
2018
  /**
2019
+ * @public
1854
2020
  * <p>Information about the VPC ID. </p>
1855
2021
  */
1856
2022
  ViolationTarget?: string;
1857
2023
  /**
2024
+ * @public
1858
2025
  * <p>A description of the violation that specifies the rule group and VPC.</p>
1859
2026
  */
1860
2027
  ViolationTargetDescription?: string;
@@ -1865,14 +2032,17 @@ export interface DnsDuplicateRuleGroupViolation {
1865
2032
  */
1866
2033
  export interface DnsRuleGroupLimitExceededViolation {
1867
2034
  /**
2035
+ * @public
1868
2036
  * <p>Information about the VPC ID. </p>
1869
2037
  */
1870
2038
  ViolationTarget?: string;
1871
2039
  /**
2040
+ * @public
1872
2041
  * <p>A description of the violation that specifies the rule group and VPC.</p>
1873
2042
  */
1874
2043
  ViolationTargetDescription?: string;
1875
2044
  /**
2045
+ * @public
1876
2046
  * <p>The number of rule groups currently associated with the VPC. </p>
1877
2047
  */
1878
2048
  NumberOfRuleGroupsAlreadyAssociated?: number;
@@ -1884,23 +2054,28 @@ export interface DnsRuleGroupLimitExceededViolation {
1884
2054
  */
1885
2055
  export interface DnsRuleGroupPriorityConflictViolation {
1886
2056
  /**
2057
+ * @public
1887
2058
  * <p>Information about the VPC ID. </p>
1888
2059
  */
1889
2060
  ViolationTarget?: string;
1890
2061
  /**
2062
+ * @public
1891
2063
  * <p>A description of the violation that specifies the VPC and the rule group that's already associated with it.</p>
1892
2064
  */
1893
2065
  ViolationTargetDescription?: string;
1894
2066
  /**
2067
+ * @public
1895
2068
  * <p>The priority setting of the two conflicting rule groups.</p>
1896
2069
  */
1897
2070
  ConflictingPriority?: number;
1898
2071
  /**
2072
+ * @public
1899
2073
  * <p>The ID of the Firewall Manager DNS Firewall policy that was already applied to the VPC.
1900
2074
  * This policy contains the rule group that's already associated with the VPC. </p>
1901
2075
  */
1902
2076
  ConflictingPolicyId?: string;
1903
2077
  /**
2078
+ * @public
1904
2079
  * <p>The priorities of rule groups that are already associated with the VPC. To retry your operation,
1905
2080
  * choose priority settings that aren't in this list for the rule groups in your new DNS Firewall policy. </p>
1906
2081
  */
@@ -1912,22 +2087,27 @@ export interface DnsRuleGroupPriorityConflictViolation {
1912
2087
  */
1913
2088
  export interface FirewallSubnetIsOutOfScopeViolation {
1914
2089
  /**
2090
+ * @public
1915
2091
  * <p>The ID of the firewall subnet that violates the policy scope.</p>
1916
2092
  */
1917
2093
  FirewallSubnetId?: string;
1918
2094
  /**
2095
+ * @public
1919
2096
  * <p>The VPC ID of the firewall subnet that violates the policy scope.</p>
1920
2097
  */
1921
2098
  VpcId?: string;
1922
2099
  /**
2100
+ * @public
1923
2101
  * <p>The Availability Zone of the firewall subnet that violates the policy scope.</p>
1924
2102
  */
1925
2103
  SubnetAvailabilityZone?: string;
1926
2104
  /**
2105
+ * @public
1927
2106
  * <p>The Availability Zone ID of the firewall subnet that violates the policy scope.</p>
1928
2107
  */
1929
2108
  SubnetAvailabilityZoneId?: string;
1930
2109
  /**
2110
+ * @public
1931
2111
  * <p>The VPC endpoint ID of the firewall subnet that violates the policy scope.</p>
1932
2112
  */
1933
2113
  VpcEndpointId?: string;
@@ -1938,18 +2118,22 @@ export interface FirewallSubnetIsOutOfScopeViolation {
1938
2118
  */
1939
2119
  export interface FirewallSubnetMissingVPCEndpointViolation {
1940
2120
  /**
2121
+ * @public
1941
2122
  * <p>The ID of the firewall that this VPC endpoint is associated with.</p>
1942
2123
  */
1943
2124
  FirewallSubnetId?: string;
1944
2125
  /**
2126
+ * @public
1945
2127
  * <p>The resource ID of the VPC associated with the deleted VPC subnet.</p>
1946
2128
  */
1947
2129
  VpcId?: string;
1948
2130
  /**
2131
+ * @public
1949
2132
  * <p>The name of the Availability Zone of the deleted VPC subnet.</p>
1950
2133
  */
1951
2134
  SubnetAvailabilityZone?: string;
1952
2135
  /**
2136
+ * @public
1953
2137
  * <p>The ID of the Availability Zone of the deleted VPC subnet.</p>
1954
2138
  */
1955
2139
  SubnetAvailabilityZoneId?: string;
@@ -1993,18 +2177,22 @@ export type TargetType = (typeof TargetType)[keyof typeof TargetType];
1993
2177
  */
1994
2178
  export interface Route {
1995
2179
  /**
2180
+ * @public
1996
2181
  * <p>The type of destination for the route.</p>
1997
2182
  */
1998
2183
  DestinationType?: DestinationType | string;
1999
2184
  /**
2185
+ * @public
2000
2186
  * <p>The type of target for the route.</p>
2001
2187
  */
2002
2188
  TargetType?: TargetType | string;
2003
2189
  /**
2190
+ * @public
2004
2191
  * <p>The destination of the route.</p>
2005
2192
  */
2006
2193
  Destination?: string;
2007
2194
  /**
2195
+ * @public
2008
2196
  * <p>The route's target.</p>
2009
2197
  */
2010
2198
  Target?: string;
@@ -2015,18 +2203,22 @@ export interface Route {
2015
2203
  */
2016
2204
  export interface NetworkFirewallBlackHoleRouteDetectedViolation {
2017
2205
  /**
2206
+ * @public
2018
2207
  * <p>The subnet that has an inactive state.</p>
2019
2208
  */
2020
2209
  ViolationTarget?: string;
2021
2210
  /**
2211
+ * @public
2022
2212
  * <p>Information about the route table ID.</p>
2023
2213
  */
2024
2214
  RouteTableId?: string;
2025
2215
  /**
2216
+ * @public
2026
2217
  * <p>Information about the VPC ID.</p>
2027
2218
  */
2028
2219
  VpcId?: string;
2029
2220
  /**
2221
+ * @public
2030
2222
  * <p>Information about the route or routes that are in violation.</p>
2031
2223
  */
2032
2224
  ViolatingRoutes?: Route[];
@@ -2037,26 +2229,32 @@ export interface NetworkFirewallBlackHoleRouteDetectedViolation {
2037
2229
  */
2038
2230
  export interface ExpectedRoute {
2039
2231
  /**
2232
+ * @public
2040
2233
  * <p>Information about the IPv4 CIDR block.</p>
2041
2234
  */
2042
2235
  IpV4Cidr?: string;
2043
2236
  /**
2237
+ * @public
2044
2238
  * <p>Information about the ID of the prefix list for the route.</p>
2045
2239
  */
2046
2240
  PrefixListId?: string;
2047
2241
  /**
2242
+ * @public
2048
2243
  * <p>Information about the IPv6 CIDR block.</p>
2049
2244
  */
2050
2245
  IpV6Cidr?: string;
2051
2246
  /**
2247
+ * @public
2052
2248
  * <p>Information about the contributing subnets.</p>
2053
2249
  */
2054
2250
  ContributingSubnets?: string[];
2055
2251
  /**
2252
+ * @public
2056
2253
  * <p>Information about the allowed targets.</p>
2057
2254
  */
2058
2255
  AllowedTargets?: string[];
2059
2256
  /**
2257
+ * @public
2060
2258
  * <p>Information about the route table ID.</p>
2061
2259
  */
2062
2260
  RouteTableId?: string;
@@ -2067,62 +2265,77 @@ export interface ExpectedRoute {
2067
2265
  */
2068
2266
  export interface NetworkFirewallInternetTrafficNotInspectedViolation {
2069
2267
  /**
2268
+ * @public
2070
2269
  * <p>The subnet ID.</p>
2071
2270
  */
2072
2271
  SubnetId?: string;
2073
2272
  /**
2273
+ * @public
2074
2274
  * <p>The subnet Availability Zone.</p>
2075
2275
  */
2076
2276
  SubnetAvailabilityZone?: string;
2077
2277
  /**
2278
+ * @public
2078
2279
  * <p>Information about the route table ID.</p>
2079
2280
  */
2080
2281
  RouteTableId?: string;
2081
2282
  /**
2283
+ * @public
2082
2284
  * <p>The route or routes that are in violation.</p>
2083
2285
  */
2084
2286
  ViolatingRoutes?: Route[];
2085
2287
  /**
2288
+ * @public
2086
2289
  * <p>Information about whether the route table is used in another Availability Zone.</p>
2087
2290
  */
2088
2291
  IsRouteTableUsedInDifferentAZ?: boolean;
2089
2292
  /**
2293
+ * @public
2090
2294
  * <p>Information about the subnet route table for the current firewall.</p>
2091
2295
  */
2092
2296
  CurrentFirewallSubnetRouteTable?: string;
2093
2297
  /**
2298
+ * @public
2094
2299
  * <p>The expected endpoint for the current firewall.</p>
2095
2300
  */
2096
2301
  ExpectedFirewallEndpoint?: string;
2097
2302
  /**
2303
+ * @public
2098
2304
  * <p>The firewall subnet ID.</p>
2099
2305
  */
2100
2306
  FirewallSubnetId?: string;
2101
2307
  /**
2308
+ * @public
2102
2309
  * <p>The firewall subnet routes that are expected.</p>
2103
2310
  */
2104
2311
  ExpectedFirewallSubnetRoutes?: ExpectedRoute[];
2105
2312
  /**
2313
+ * @public
2106
2314
  * <p>The actual firewall subnet routes.</p>
2107
2315
  */
2108
2316
  ActualFirewallSubnetRoutes?: Route[];
2109
2317
  /**
2318
+ * @public
2110
2319
  * <p>The internet gateway ID.</p>
2111
2320
  */
2112
2321
  InternetGatewayId?: string;
2113
2322
  /**
2323
+ * @public
2114
2324
  * <p>The current route table for the internet gateway.</p>
2115
2325
  */
2116
2326
  CurrentInternetGatewayRouteTable?: string;
2117
2327
  /**
2328
+ * @public
2118
2329
  * <p>The internet gateway routes that are expected.</p>
2119
2330
  */
2120
2331
  ExpectedInternetGatewayRoutes?: ExpectedRoute[];
2121
2332
  /**
2333
+ * @public
2122
2334
  * <p>The actual internet gateway routes.</p>
2123
2335
  */
2124
2336
  ActualInternetGatewayRoutes?: Route[];
2125
2337
  /**
2338
+ * @public
2126
2339
  * <p>Information about the VPC ID.</p>
2127
2340
  */
2128
2341
  VpcId?: string;
@@ -2134,66 +2347,82 @@ export interface NetworkFirewallInternetTrafficNotInspectedViolation {
2134
2347
  */
2135
2348
  export interface NetworkFirewallInvalidRouteConfigurationViolation {
2136
2349
  /**
2350
+ * @public
2137
2351
  * <p>The subnets that are affected.</p>
2138
2352
  */
2139
2353
  AffectedSubnets?: string[];
2140
2354
  /**
2355
+ * @public
2141
2356
  * <p>The route table ID.</p>
2142
2357
  */
2143
2358
  RouteTableId?: string;
2144
2359
  /**
2360
+ * @public
2145
2361
  * <p>Information about whether the route table is used in another Availability Zone.</p>
2146
2362
  */
2147
2363
  IsRouteTableUsedInDifferentAZ?: boolean;
2148
2364
  /**
2365
+ * @public
2149
2366
  * <p>The route that's in violation.</p>
2150
2367
  */
2151
2368
  ViolatingRoute?: Route;
2152
2369
  /**
2370
+ * @public
2153
2371
  * <p>The subnet route table for the current firewall.</p>
2154
2372
  */
2155
2373
  CurrentFirewallSubnetRouteTable?: string;
2156
2374
  /**
2375
+ * @public
2157
2376
  * <p>The firewall endpoint that's expected.</p>
2158
2377
  */
2159
2378
  ExpectedFirewallEndpoint?: string;
2160
2379
  /**
2380
+ * @public
2161
2381
  * <p>The actual firewall endpoint.</p>
2162
2382
  */
2163
2383
  ActualFirewallEndpoint?: string;
2164
2384
  /**
2385
+ * @public
2165
2386
  * <p>The expected subnet ID for the firewall.</p>
2166
2387
  */
2167
2388
  ExpectedFirewallSubnetId?: string;
2168
2389
  /**
2390
+ * @public
2169
2391
  * <p>The actual subnet ID for the firewall.</p>
2170
2392
  */
2171
2393
  ActualFirewallSubnetId?: string;
2172
2394
  /**
2395
+ * @public
2173
2396
  * <p>The firewall subnet routes that are expected.</p>
2174
2397
  */
2175
2398
  ExpectedFirewallSubnetRoutes?: ExpectedRoute[];
2176
2399
  /**
2400
+ * @public
2177
2401
  * <p>The actual firewall subnet routes that are expected.</p>
2178
2402
  */
2179
2403
  ActualFirewallSubnetRoutes?: Route[];
2180
2404
  /**
2405
+ * @public
2181
2406
  * <p>The internet gateway ID.</p>
2182
2407
  */
2183
2408
  InternetGatewayId?: string;
2184
2409
  /**
2410
+ * @public
2185
2411
  * <p>The route table for the current internet gateway.</p>
2186
2412
  */
2187
2413
  CurrentInternetGatewayRouteTable?: string;
2188
2414
  /**
2415
+ * @public
2189
2416
  * <p>The expected routes for the internet gateway.</p>
2190
2417
  */
2191
2418
  ExpectedInternetGatewayRoutes?: ExpectedRoute[];
2192
2419
  /**
2420
+ * @public
2193
2421
  * <p>The actual internet gateway routes.</p>
2194
2422
  */
2195
2423
  ActualInternetGatewayRoutes?: Route[];
2196
2424
  /**
2425
+ * @public
2197
2426
  * <p>Information about the VPC ID.</p>
2198
2427
  */
2199
2428
  VpcId?: string;
@@ -2204,14 +2433,17 @@ export interface NetworkFirewallInvalidRouteConfigurationViolation {
2204
2433
  */
2205
2434
  export interface NetworkFirewallMissingExpectedRoutesViolation {
2206
2435
  /**
2436
+ * @public
2207
2437
  * <p>The target of the violation.</p>
2208
2438
  */
2209
2439
  ViolationTarget?: string;
2210
2440
  /**
2441
+ * @public
2211
2442
  * <p>The expected routes.</p>
2212
2443
  */
2213
2444
  ExpectedRoutes?: ExpectedRoute[];
2214
2445
  /**
2446
+ * @public
2215
2447
  * <p>Information about the VPC ID.</p>
2216
2448
  */
2217
2449
  VpcId?: string;
@@ -2223,22 +2455,27 @@ export interface NetworkFirewallMissingExpectedRoutesViolation {
2223
2455
  */
2224
2456
  export interface NetworkFirewallMissingExpectedRTViolation {
2225
2457
  /**
2458
+ * @public
2226
2459
  * <p>The ID of the Network Firewall or VPC resource that's in violation.</p>
2227
2460
  */
2228
2461
  ViolationTarget?: string;
2229
2462
  /**
2463
+ * @public
2230
2464
  * <p>The resource ID of the VPC associated with a violating subnet.</p>
2231
2465
  */
2232
2466
  VPC?: string;
2233
2467
  /**
2468
+ * @public
2234
2469
  * <p>The Availability Zone of a violating subnet. </p>
2235
2470
  */
2236
2471
  AvailabilityZone?: string;
2237
2472
  /**
2473
+ * @public
2238
2474
  * <p>The resource ID of the current route table that's associated with the subnet, if one is available.</p>
2239
2475
  */
2240
2476
  CurrentRouteTable?: string;
2241
2477
  /**
2478
+ * @public
2242
2479
  * <p>The resource ID of the route table that should be associated with the subnet.</p>
2243
2480
  */
2244
2481
  ExpectedRouteTable?: string;
@@ -2250,18 +2487,22 @@ export interface NetworkFirewallMissingExpectedRTViolation {
2250
2487
  */
2251
2488
  export interface NetworkFirewallMissingFirewallViolation {
2252
2489
  /**
2490
+ * @public
2253
2491
  * <p>The ID of the Network Firewall or VPC resource that's in violation.</p>
2254
2492
  */
2255
2493
  ViolationTarget?: string;
2256
2494
  /**
2495
+ * @public
2257
2496
  * <p>The resource ID of the VPC associated with a violating subnet.</p>
2258
2497
  */
2259
2498
  VPC?: string;
2260
2499
  /**
2500
+ * @public
2261
2501
  * <p>The Availability Zone of a violating subnet. </p>
2262
2502
  */
2263
2503
  AvailabilityZone?: string;
2264
2504
  /**
2505
+ * @public
2265
2506
  * <p>The reason the resource has this violation, if one is available. </p>
2266
2507
  */
2267
2508
  TargetViolationReason?: string;
@@ -2273,18 +2514,22 @@ export interface NetworkFirewallMissingFirewallViolation {
2273
2514
  */
2274
2515
  export interface NetworkFirewallMissingSubnetViolation {
2275
2516
  /**
2517
+ * @public
2276
2518
  * <p>The ID of the Network Firewall or VPC resource that's in violation.</p>
2277
2519
  */
2278
2520
  ViolationTarget?: string;
2279
2521
  /**
2522
+ * @public
2280
2523
  * <p>The resource ID of the VPC associated with a violating subnet.</p>
2281
2524
  */
2282
2525
  VPC?: string;
2283
2526
  /**
2527
+ * @public
2284
2528
  * <p>The Availability Zone of a violating subnet. </p>
2285
2529
  */
2286
2530
  AvailabilityZone?: string;
2287
2531
  /**
2532
+ * @public
2288
2533
  * <p>The reason the resource has this violation, if one is available. </p>
2289
2534
  */
2290
2535
  TargetViolationReason?: string;
@@ -2307,6 +2552,7 @@ export type RuleOrder = (typeof RuleOrder)[keyof typeof RuleOrder];
2307
2552
  */
2308
2553
  export interface StatefulEngineOptions {
2309
2554
  /**
2555
+ * @public
2310
2556
  * <p>Indicates how to manage the order of stateful rule evaluation for the policy.
2311
2557
  * <code>DEFAULT_ACTION_ORDER</code> is the default behavior. Stateful rules are provided to the rule engine
2312
2558
  * as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more
@@ -2331,6 +2577,7 @@ export type NetworkFirewallOverrideAction = (typeof NetworkFirewallOverrideActio
2331
2577
  */
2332
2578
  export interface NetworkFirewallStatefulRuleGroupOverride {
2333
2579
  /**
2580
+ * @public
2334
2581
  * <p>The action that changes the rule group from <code>DROP</code> to <code>ALERT</code>. This only applies to managed rule groups.</p>
2335
2582
  */
2336
2583
  Action?: NetworkFirewallOverrideAction | string;
@@ -2341,14 +2588,17 @@ export interface NetworkFirewallStatefulRuleGroupOverride {
2341
2588
  */
2342
2589
  export interface StatefulRuleGroup {
2343
2590
  /**
2591
+ * @public
2344
2592
  * <p>The name of the rule group.</p>
2345
2593
  */
2346
2594
  RuleGroupName?: string;
2347
2595
  /**
2596
+ * @public
2348
2597
  * <p>The resource ID of the rule group.</p>
2349
2598
  */
2350
2599
  ResourceId?: string;
2351
2600
  /**
2601
+ * @public
2352
2602
  * <p>An integer setting that indicates the order in which to run the stateful rule groups in a single
2353
2603
  * Network Firewall firewall policy. This setting only applies to firewall policies that specify the <code>STRICT_ORDER</code>
2354
2604
  * rule order in the stateful engine options settings.</p>
@@ -2363,6 +2613,7 @@ export interface StatefulRuleGroup {
2363
2613
  */
2364
2614
  Priority?: number;
2365
2615
  /**
2616
+ * @public
2366
2617
  * <p>The action that allows the policy owner to override the behavior of the rule group within a policy.</p>
2367
2618
  */
2368
2619
  Override?: NetworkFirewallStatefulRuleGroupOverride;
@@ -2373,14 +2624,17 @@ export interface StatefulRuleGroup {
2373
2624
  */
2374
2625
  export interface StatelessRuleGroup {
2375
2626
  /**
2627
+ * @public
2376
2628
  * <p>The name of the rule group.</p>
2377
2629
  */
2378
2630
  RuleGroupName?: string;
2379
2631
  /**
2632
+ * @public
2380
2633
  * <p>The resource ID of the rule group.</p>
2381
2634
  */
2382
2635
  ResourceId?: string;
2383
2636
  /**
2637
+ * @public
2384
2638
  * <p>The priority of the rule group. Network Firewall evaluates the stateless rule groups in a firewall policy starting from the lowest priority setting. </p>
2385
2639
  */
2386
2640
  Priority?: number;
@@ -2391,26 +2645,32 @@ export interface StatelessRuleGroup {
2391
2645
  */
2392
2646
  export interface NetworkFirewallPolicyDescription {
2393
2647
  /**
2648
+ * @public
2394
2649
  * <p>The stateless rule groups that are used in the Network Firewall firewall policy. </p>
2395
2650
  */
2396
2651
  StatelessRuleGroups?: StatelessRuleGroup[];
2397
2652
  /**
2653
+ * @public
2398
2654
  * <p>The actions to take on packets that don't match any of the stateless rule groups. </p>
2399
2655
  */
2400
2656
  StatelessDefaultActions?: string[];
2401
2657
  /**
2658
+ * @public
2402
2659
  * <p>The actions to take on packet fragments that don't match any of the stateless rule groups. </p>
2403
2660
  */
2404
2661
  StatelessFragmentDefaultActions?: string[];
2405
2662
  /**
2663
+ * @public
2406
2664
  * <p>Names of custom actions that are available for use in the stateless default actions settings.</p>
2407
2665
  */
2408
2666
  StatelessCustomActions?: string[];
2409
2667
  /**
2668
+ * @public
2410
2669
  * <p>The stateful rule groups that are used in the Network Firewall firewall policy. </p>
2411
2670
  */
2412
2671
  StatefulRuleGroups?: StatefulRuleGroup[];
2413
2672
  /**
2673
+ * @public
2414
2674
  * <p>The default actions to take on a packet that doesn't match any stateful rules. The stateful default
2415
2675
  * action is optional, and is only valid when using the strict rule order.</p>
2416
2676
  * <p>
@@ -2433,6 +2693,7 @@ export interface NetworkFirewallPolicyDescription {
2433
2693
  */
2434
2694
  StatefulDefaultActions?: string[];
2435
2695
  /**
2696
+ * @public
2436
2697
  * <p>Additional options governing how Network Firewall handles stateful rules. The stateful rule groups
2437
2698
  * that you use in your policy must have stateful rule options settings that are compatible with these
2438
2699
  * settings.</p>
@@ -2446,14 +2707,17 @@ export interface NetworkFirewallPolicyDescription {
2446
2707
  */
2447
2708
  export interface NetworkFirewallPolicyModifiedViolation {
2448
2709
  /**
2710
+ * @public
2449
2711
  * <p>The ID of the Network Firewall or VPC resource that's in violation.</p>
2450
2712
  */
2451
2713
  ViolationTarget?: string;
2452
2714
  /**
2715
+ * @public
2453
2716
  * <p>The policy that's currently in use in the individual account. </p>
2454
2717
  */
2455
2718
  CurrentPolicyDescription?: NetworkFirewallPolicyDescription;
2456
2719
  /**
2720
+ * @public
2457
2721
  * <p>The policy that should be in use in the individual account in order to be compliant. </p>
2458
2722
  */
2459
2723
  ExpectedPolicyDescription?: NetworkFirewallPolicyDescription;
@@ -2464,22 +2728,27 @@ export interface NetworkFirewallPolicyModifiedViolation {
2464
2728
  */
2465
2729
  export interface NetworkFirewallUnexpectedFirewallRoutesViolation {
2466
2730
  /**
2731
+ * @public
2467
2732
  * <p>The subnet ID for the firewall.</p>
2468
2733
  */
2469
2734
  FirewallSubnetId?: string;
2470
2735
  /**
2736
+ * @public
2471
2737
  * <p>The routes that are in violation.</p>
2472
2738
  */
2473
2739
  ViolatingRoutes?: Route[];
2474
2740
  /**
2741
+ * @public
2475
2742
  * <p>The ID of the route table.</p>
2476
2743
  */
2477
2744
  RouteTableId?: string;
2478
2745
  /**
2746
+ * @public
2479
2747
  * <p>The endpoint of the firewall.</p>
2480
2748
  */
2481
2749
  FirewallEndpoint?: string;
2482
2750
  /**
2751
+ * @public
2483
2752
  * <p>Information about the VPC ID.</p>
2484
2753
  */
2485
2754
  VpcId?: string;
@@ -2490,18 +2759,22 @@ export interface NetworkFirewallUnexpectedFirewallRoutesViolation {
2490
2759
  */
2491
2760
  export interface NetworkFirewallUnexpectedGatewayRoutesViolation {
2492
2761
  /**
2762
+ * @public
2493
2763
  * <p>Information about the gateway ID.</p>
2494
2764
  */
2495
2765
  GatewayId?: string;
2496
2766
  /**
2767
+ * @public
2497
2768
  * <p>The routes that are in violation.</p>
2498
2769
  */
2499
2770
  ViolatingRoutes?: Route[];
2500
2771
  /**
2772
+ * @public
2501
2773
  * <p>Information about the route table.</p>
2502
2774
  */
2503
2775
  RouteTableId?: string;
2504
2776
  /**
2777
+ * @public
2505
2778
  * <p>Information about the VPC ID.</p>
2506
2779
  */
2507
2780
  VpcId?: string;
@@ -2512,18 +2785,22 @@ export interface NetworkFirewallUnexpectedGatewayRoutesViolation {
2512
2785
  */
2513
2786
  export interface EC2AssociateRouteTableAction {
2514
2787
  /**
2788
+ * @public
2515
2789
  * <p>A description of the EC2 route table that is associated with the remediation action.</p>
2516
2790
  */
2517
2791
  Description?: string;
2518
2792
  /**
2793
+ * @public
2519
2794
  * <p>The ID of the EC2 route table that is associated with the remediation action.</p>
2520
2795
  */
2521
2796
  RouteTableId: ActionTarget | undefined;
2522
2797
  /**
2798
+ * @public
2523
2799
  * <p>The ID of the subnet for the EC2 route table that is associated with the remediation action.</p>
2524
2800
  */
2525
2801
  SubnetId?: ActionTarget;
2526
2802
  /**
2803
+ * @public
2527
2804
  * <p>The ID of the gateway to be used with the EC2 route table that is associated with the remediation action.</p>
2528
2805
  */
2529
2806
  GatewayId?: ActionTarget;
@@ -2534,14 +2811,17 @@ export interface EC2AssociateRouteTableAction {
2534
2811
  */
2535
2812
  export interface EC2CopyRouteTableAction {
2536
2813
  /**
2814
+ * @public
2537
2815
  * <p>A description of the copied EC2 route table that is associated with the remediation action.</p>
2538
2816
  */
2539
2817
  Description?: string;
2540
2818
  /**
2819
+ * @public
2541
2820
  * <p>The VPC ID of the copied EC2 route table that is associated with the remediation action.</p>
2542
2821
  */
2543
2822
  VpcId: ActionTarget | undefined;
2544
2823
  /**
2824
+ * @public
2545
2825
  * <p>The ID of the copied EC2 route table that is associated with the remediation action.</p>
2546
2826
  */
2547
2827
  RouteTableId: ActionTarget | undefined;
@@ -2552,30 +2832,37 @@ export interface EC2CopyRouteTableAction {
2552
2832
  */
2553
2833
  export interface EC2CreateRouteAction {
2554
2834
  /**
2835
+ * @public
2555
2836
  * <p>A description of CreateRoute action in Amazon EC2.</p>
2556
2837
  */
2557
2838
  Description?: string;
2558
2839
  /**
2840
+ * @public
2559
2841
  * <p>Information about the IPv4 CIDR address block used for the destination match.</p>
2560
2842
  */
2561
2843
  DestinationCidrBlock?: string;
2562
2844
  /**
2845
+ * @public
2563
2846
  * <p>Information about the ID of a prefix list used for the destination match.</p>
2564
2847
  */
2565
2848
  DestinationPrefixListId?: string;
2566
2849
  /**
2850
+ * @public
2567
2851
  * <p>Information about the IPv6 CIDR block destination.</p>
2568
2852
  */
2569
2853
  DestinationIpv6CidrBlock?: string;
2570
2854
  /**
2855
+ * @public
2571
2856
  * <p>Information about the ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only.</p>
2572
2857
  */
2573
2858
  VpcEndpointId?: ActionTarget;
2574
2859
  /**
2860
+ * @public
2575
2861
  * <p>Information about the ID of an internet gateway or virtual private gateway attached to your VPC.</p>
2576
2862
  */
2577
2863
  GatewayId?: ActionTarget;
2578
2864
  /**
2865
+ * @public
2579
2866
  * <p>Information about the ID of the route table for the route.</p>
2580
2867
  */
2581
2868
  RouteTableId: ActionTarget | undefined;
@@ -2586,10 +2873,12 @@ export interface EC2CreateRouteAction {
2586
2873
  */
2587
2874
  export interface EC2CreateRouteTableAction {
2588
2875
  /**
2876
+ * @public
2589
2877
  * <p>A description of the CreateRouteTable action.</p>
2590
2878
  */
2591
2879
  Description?: string;
2592
2880
  /**
2881
+ * @public
2593
2882
  * <p>Information about the ID of a VPC.</p>
2594
2883
  */
2595
2884
  VpcId: ActionTarget | undefined;
@@ -2600,22 +2889,27 @@ export interface EC2CreateRouteTableAction {
2600
2889
  */
2601
2890
  export interface EC2DeleteRouteAction {
2602
2891
  /**
2892
+ * @public
2603
2893
  * <p>A description of the DeleteRoute action.</p>
2604
2894
  */
2605
2895
  Description?: string;
2606
2896
  /**
2897
+ * @public
2607
2898
  * <p>Information about the IPv4 CIDR range for the route. The value you specify must match the CIDR for the route exactly.</p>
2608
2899
  */
2609
2900
  DestinationCidrBlock?: string;
2610
2901
  /**
2902
+ * @public
2611
2903
  * <p>Information about the ID of the prefix list for the route.</p>
2612
2904
  */
2613
2905
  DestinationPrefixListId?: string;
2614
2906
  /**
2907
+ * @public
2615
2908
  * <p>Information about the IPv6 CIDR range for the route. The value you specify must match the CIDR for the route exactly.</p>
2616
2909
  */
2617
2910
  DestinationIpv6CidrBlock?: string;
2618
2911
  /**
2912
+ * @public
2619
2913
  * <p>Information about the ID of the route table.</p>
2620
2914
  */
2621
2915
  RouteTableId: ActionTarget | undefined;
@@ -2626,26 +2920,32 @@ export interface EC2DeleteRouteAction {
2626
2920
  */
2627
2921
  export interface EC2ReplaceRouteAction {
2628
2922
  /**
2923
+ * @public
2629
2924
  * <p>A description of the ReplaceRoute action in Amazon EC2.</p>
2630
2925
  */
2631
2926
  Description?: string;
2632
2927
  /**
2928
+ * @public
2633
2929
  * <p>Information about the IPv4 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table.</p>
2634
2930
  */
2635
2931
  DestinationCidrBlock?: string;
2636
2932
  /**
2933
+ * @public
2637
2934
  * <p>Information about the ID of the prefix list for the route.</p>
2638
2935
  */
2639
2936
  DestinationPrefixListId?: string;
2640
2937
  /**
2938
+ * @public
2641
2939
  * <p>Information about the IPv6 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table.</p>
2642
2940
  */
2643
2941
  DestinationIpv6CidrBlock?: string;
2644
2942
  /**
2943
+ * @public
2645
2944
  * <p>Information about the ID of an internet gateway or virtual private gateway.</p>
2646
2945
  */
2647
2946
  GatewayId?: ActionTarget;
2648
2947
  /**
2948
+ * @public
2649
2949
  * <p>Information about the ID of the route table.</p>
2650
2950
  */
2651
2951
  RouteTableId: ActionTarget | undefined;
@@ -2656,14 +2956,17 @@ export interface EC2ReplaceRouteAction {
2656
2956
  */
2657
2957
  export interface EC2ReplaceRouteTableAssociationAction {
2658
2958
  /**
2959
+ * @public
2659
2960
  * <p>A description of the ReplaceRouteTableAssociation action in Amazon EC2.</p>
2660
2961
  */
2661
2962
  Description?: string;
2662
2963
  /**
2964
+ * @public
2663
2965
  * <p>Information about the association ID.</p>
2664
2966
  */
2665
2967
  AssociationId: ActionTarget | undefined;
2666
2968
  /**
2969
+ * @public
2667
2970
  * <p>Information about the ID of the new route table to associate with the subnet.</p>
2668
2971
  */
2669
2972
  RouteTableId: ActionTarget | undefined;
@@ -2677,10 +2980,12 @@ export interface EC2ReplaceRouteTableAssociationAction {
2677
2980
  */
2678
2981
  export interface FMSPolicyUpdateFirewallCreationConfigAction {
2679
2982
  /**
2983
+ * @public
2680
2984
  * <p>Describes the remedial action.</p>
2681
2985
  */
2682
2986
  Description?: string;
2683
2987
  /**
2988
+ * @public
2684
2989
  * <p>A <code>FirewallCreationConfig</code> that you can copy into your current policy's
2685
2990
  * <a href="https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_SecurityServicePolicyData.html">SecurityServiceData</a> in order to remedy scope violations.</p>
2686
2991
  */
@@ -2692,38 +2997,47 @@ export interface FMSPolicyUpdateFirewallCreationConfigAction {
2692
2997
  */
2693
2998
  export interface RemediationAction {
2694
2999
  /**
3000
+ * @public
2695
3001
  * <p>A description of a remediation action.</p>
2696
3002
  */
2697
3003
  Description?: string;
2698
3004
  /**
3005
+ * @public
2699
3006
  * <p>Information about the CreateRoute action in the Amazon EC2 API.</p>
2700
3007
  */
2701
3008
  EC2CreateRouteAction?: EC2CreateRouteAction;
2702
3009
  /**
3010
+ * @public
2703
3011
  * <p>Information about the ReplaceRoute action in the Amazon EC2 API.</p>
2704
3012
  */
2705
3013
  EC2ReplaceRouteAction?: EC2ReplaceRouteAction;
2706
3014
  /**
3015
+ * @public
2707
3016
  * <p>Information about the DeleteRoute action in the Amazon EC2 API.</p>
2708
3017
  */
2709
3018
  EC2DeleteRouteAction?: EC2DeleteRouteAction;
2710
3019
  /**
3020
+ * @public
2711
3021
  * <p>Information about the CopyRouteTable action in the Amazon EC2 API.</p>
2712
3022
  */
2713
3023
  EC2CopyRouteTableAction?: EC2CopyRouteTableAction;
2714
3024
  /**
3025
+ * @public
2715
3026
  * <p>Information about the ReplaceRouteTableAssociation action in the Amazon EC2 API.</p>
2716
3027
  */
2717
3028
  EC2ReplaceRouteTableAssociationAction?: EC2ReplaceRouteTableAssociationAction;
2718
3029
  /**
3030
+ * @public
2719
3031
  * <p>Information about the AssociateRouteTable action in the Amazon EC2 API.</p>
2720
3032
  */
2721
3033
  EC2AssociateRouteTableAction?: EC2AssociateRouteTableAction;
2722
3034
  /**
3035
+ * @public
2723
3036
  * <p>Information about the CreateRouteTable action in the Amazon EC2 API.</p>
2724
3037
  */
2725
3038
  EC2CreateRouteTableAction?: EC2CreateRouteTableAction;
2726
3039
  /**
3040
+ * @public
2727
3041
  * <p>The remedial action to take when updating a firewall configuration.</p>
2728
3042
  */
2729
3043
  FMSPolicyUpdateFirewallCreationConfigAction?: FMSPolicyUpdateFirewallCreationConfigAction;
@@ -2734,10 +3048,12 @@ export interface RemediationAction {
2734
3048
  */
2735
3049
  export interface RemediationActionWithOrder {
2736
3050
  /**
3051
+ * @public
2737
3052
  * <p>Information about an action you can take to remediate a violation.</p>
2738
3053
  */
2739
3054
  RemediationAction?: RemediationAction;
2740
3055
  /**
3056
+ * @public
2741
3057
  * <p>The order of the remediation actions in the list.</p>
2742
3058
  */
2743
3059
  Order?: number;
@@ -2748,14 +3064,17 @@ export interface RemediationActionWithOrder {
2748
3064
  */
2749
3065
  export interface PossibleRemediationAction {
2750
3066
  /**
3067
+ * @public
2751
3068
  * <p>A description of the list of remediation actions.</p>
2752
3069
  */
2753
3070
  Description?: string;
2754
3071
  /**
3072
+ * @public
2755
3073
  * <p>The ordered list of remediation actions.</p>
2756
3074
  */
2757
3075
  OrderedRemediationActions: RemediationActionWithOrder[] | undefined;
2758
3076
  /**
3077
+ * @public
2759
3078
  * <p>Information about whether an action is taken by default.</p>
2760
3079
  */
2761
3080
  IsDefaultAction?: boolean;
@@ -2766,10 +3085,12 @@ export interface PossibleRemediationAction {
2766
3085
  */
2767
3086
  export interface PossibleRemediationActions {
2768
3087
  /**
3088
+ * @public
2769
3089
  * <p>A description of the possible remediation actions list.</p>
2770
3090
  */
2771
3091
  Description?: string;
2772
3092
  /**
3093
+ * @public
2773
3094
  * <p>Information about the actions.</p>
2774
3095
  */
2775
3096
  Actions?: PossibleRemediationAction[];
@@ -2780,50 +3101,62 @@ export interface PossibleRemediationActions {
2780
3101
  */
2781
3102
  export interface RouteHasOutOfScopeEndpointViolation {
2782
3103
  /**
3104
+ * @public
2783
3105
  * <p>The ID of the subnet associated with the route that violates the policy scope.</p>
2784
3106
  */
2785
3107
  SubnetId?: string;
2786
3108
  /**
3109
+ * @public
2787
3110
  * <p>The VPC ID of the route that violates the policy scope.</p>
2788
3111
  */
2789
3112
  VpcId?: string;
2790
3113
  /**
3114
+ * @public
2791
3115
  * <p>The ID of the route table.</p>
2792
3116
  */
2793
3117
  RouteTableId?: string;
2794
3118
  /**
3119
+ * @public
2795
3120
  * <p>The list of routes that violate the route table.</p>
2796
3121
  */
2797
3122
  ViolatingRoutes?: Route[];
2798
3123
  /**
3124
+ * @public
2799
3125
  * <p>The subnet's Availability Zone.</p>
2800
3126
  */
2801
3127
  SubnetAvailabilityZone?: string;
2802
3128
  /**
3129
+ * @public
2803
3130
  * <p>The ID of the subnet's Availability Zone.</p>
2804
3131
  */
2805
3132
  SubnetAvailabilityZoneId?: string;
2806
3133
  /**
3134
+ * @public
2807
3135
  * <p>The route table associated with the current firewall subnet.</p>
2808
3136
  */
2809
3137
  CurrentFirewallSubnetRouteTable?: string;
2810
3138
  /**
3139
+ * @public
2811
3140
  * <p>The ID of the firewall subnet.</p>
2812
3141
  */
2813
3142
  FirewallSubnetId?: string;
2814
3143
  /**
3144
+ * @public
2815
3145
  * <p>The list of firewall subnet routes.</p>
2816
3146
  */
2817
3147
  FirewallSubnetRoutes?: Route[];
2818
3148
  /**
3149
+ * @public
2819
3150
  * <p>The ID of the Internet Gateway.</p>
2820
3151
  */
2821
3152
  InternetGatewayId?: string;
2822
3153
  /**
3154
+ * @public
2823
3155
  * <p>The current route table associated with the Internet Gateway.</p>
2824
3156
  */
2825
3157
  CurrentInternetGatewayRouteTable?: string;
2826
3158
  /**
3159
+ * @public
2827
3160
  * <p>The routes in the route table associated with the Internet Gateway.</p>
2828
3161
  */
2829
3162
  InternetGatewayRoutes?: Route[];
@@ -2834,22 +3167,27 @@ export interface RouteHasOutOfScopeEndpointViolation {
2834
3167
  */
2835
3168
  export interface ThirdPartyFirewallMissingExpectedRouteTableViolation {
2836
3169
  /**
3170
+ * @public
2837
3171
  * <p>The ID of the third-party firewall or VPC resource that's causing the violation.</p>
2838
3172
  */
2839
3173
  ViolationTarget?: string;
2840
3174
  /**
3175
+ * @public
2841
3176
  * <p>The resource ID of the VPC associated with a fireawll subnet that's causing the violation.</p>
2842
3177
  */
2843
3178
  VPC?: string;
2844
3179
  /**
3180
+ * @public
2845
3181
  * <p>The Availability Zone of the firewall subnet that's causing the violation.</p>
2846
3182
  */
2847
3183
  AvailabilityZone?: string;
2848
3184
  /**
3185
+ * @public
2849
3186
  * <p>The resource ID of the current route table that's associated with the subnet, if one is available.</p>
2850
3187
  */
2851
3188
  CurrentRouteTable?: string;
2852
3189
  /**
3190
+ * @public
2853
3191
  * <p>The resource ID of the route table that should be associated with the subnet.</p>
2854
3192
  */
2855
3193
  ExpectedRouteTable?: string;
@@ -2860,18 +3198,22 @@ export interface ThirdPartyFirewallMissingExpectedRouteTableViolation {
2860
3198
  */
2861
3199
  export interface ThirdPartyFirewallMissingFirewallViolation {
2862
3200
  /**
3201
+ * @public
2863
3202
  * <p>The ID of the third-party firewall that's causing the violation.</p>
2864
3203
  */
2865
3204
  ViolationTarget?: string;
2866
3205
  /**
3206
+ * @public
2867
3207
  * <p>The resource ID of the VPC associated with a third-party firewall.</p>
2868
3208
  */
2869
3209
  VPC?: string;
2870
3210
  /**
3211
+ * @public
2871
3212
  * <p>The Availability Zone of the third-party firewall that's causing the violation.</p>
2872
3213
  */
2873
3214
  AvailabilityZone?: string;
2874
3215
  /**
3216
+ * @public
2875
3217
  * <p>The reason the resource is causing this violation, if a reason is available.</p>
2876
3218
  */
2877
3219
  TargetViolationReason?: string;
@@ -2882,18 +3224,22 @@ export interface ThirdPartyFirewallMissingFirewallViolation {
2882
3224
  */
2883
3225
  export interface ThirdPartyFirewallMissingSubnetViolation {
2884
3226
  /**
3227
+ * @public
2885
3228
  * <p>The ID of the third-party firewall or VPC resource that's causing the violation.</p>
2886
3229
  */
2887
3230
  ViolationTarget?: string;
2888
3231
  /**
3232
+ * @public
2889
3233
  * <p>The resource ID of the VPC associated with a subnet that's causing the violation.</p>
2890
3234
  */
2891
3235
  VPC?: string;
2892
3236
  /**
3237
+ * @public
2893
3238
  * <p>The Availability Zone of a subnet that's causing the violation.</p>
2894
3239
  */
2895
3240
  AvailabilityZone?: string;
2896
3241
  /**
3242
+ * @public
2897
3243
  * <p>The reason the resource is causing the violation, if a reason is available.</p>
2898
3244
  */
2899
3245
  TargetViolationReason?: string;
@@ -2904,33 +3250,40 @@ export interface ThirdPartyFirewallMissingSubnetViolation {
2904
3250
  */
2905
3251
  export interface ResourceViolation {
2906
3252
  /**
3253
+ * @public
2907
3254
  * <p>Violation detail for security groups.</p>
2908
3255
  */
2909
3256
  AwsVPCSecurityGroupViolation?: AwsVPCSecurityGroupViolation;
2910
3257
  /**
3258
+ * @public
2911
3259
  * <p>Violation detail for a network interface.</p>
2912
3260
  */
2913
3261
  AwsEc2NetworkInterfaceViolation?: AwsEc2NetworkInterfaceViolation;
2914
3262
  /**
3263
+ * @public
2915
3264
  * <p>Violation detail for an EC2 instance.</p>
2916
3265
  */
2917
3266
  AwsEc2InstanceViolation?: AwsEc2InstanceViolation;
2918
3267
  /**
3268
+ * @public
2919
3269
  * <p>Violation detail for an Network Firewall policy that indicates that a subnet has no Firewall Manager
2920
3270
  * managed firewall in its VPC. </p>
2921
3271
  */
2922
3272
  NetworkFirewallMissingFirewallViolation?: NetworkFirewallMissingFirewallViolation;
2923
3273
  /**
3274
+ * @public
2924
3275
  * <p>Violation detail for an Network Firewall policy that indicates that an Availability Zone is
2925
3276
  * missing the expected Firewall Manager managed subnet.</p>
2926
3277
  */
2927
3278
  NetworkFirewallMissingSubnetViolation?: NetworkFirewallMissingSubnetViolation;
2928
3279
  /**
3280
+ * @public
2929
3281
  * <p>Violation detail for an Network Firewall policy that indicates that a subnet
2930
3282
  * is not associated with the expected Firewall Manager managed route table. </p>
2931
3283
  */
2932
3284
  NetworkFirewallMissingExpectedRTViolation?: NetworkFirewallMissingExpectedRTViolation;
2933
3285
  /**
3286
+ * @public
2934
3287
  * <p>Violation detail for an Network Firewall policy that indicates that a firewall policy
2935
3288
  * in an individual account has been modified in a way that makes it noncompliant.
2936
3289
  * For example, the individual account owner might have deleted a rule group,
@@ -2938,68 +3291,84 @@ export interface ResourceViolation {
2938
3291
  */
2939
3292
  NetworkFirewallPolicyModifiedViolation?: NetworkFirewallPolicyModifiedViolation;
2940
3293
  /**
3294
+ * @public
2941
3295
  * <p>Violation detail for the subnet for which internet traffic hasn't been inspected.</p>
2942
3296
  */
2943
3297
  NetworkFirewallInternetTrafficNotInspectedViolation?: NetworkFirewallInternetTrafficNotInspectedViolation;
2944
3298
  /**
3299
+ * @public
2945
3300
  * <p>The route configuration is invalid.</p>
2946
3301
  */
2947
3302
  NetworkFirewallInvalidRouteConfigurationViolation?: NetworkFirewallInvalidRouteConfigurationViolation;
2948
3303
  /**
3304
+ * @public
2949
3305
  * <p>Violation detail for an internet gateway route with an inactive state in the customer subnet route table or Network Firewall subnet route table.</p>
2950
3306
  */
2951
3307
  NetworkFirewallBlackHoleRouteDetectedViolation?: NetworkFirewallBlackHoleRouteDetectedViolation;
2952
3308
  /**
3309
+ * @public
2953
3310
  * <p>There's an unexpected firewall route.</p>
2954
3311
  */
2955
3312
  NetworkFirewallUnexpectedFirewallRoutesViolation?: NetworkFirewallUnexpectedFirewallRoutesViolation;
2956
3313
  /**
3314
+ * @public
2957
3315
  * <p>There's an unexpected gateway route.</p>
2958
3316
  */
2959
3317
  NetworkFirewallUnexpectedGatewayRoutesViolation?: NetworkFirewallUnexpectedGatewayRoutesViolation;
2960
3318
  /**
3319
+ * @public
2961
3320
  * <p>Expected routes are missing from Network Firewall.</p>
2962
3321
  */
2963
3322
  NetworkFirewallMissingExpectedRoutesViolation?: NetworkFirewallMissingExpectedRoutesViolation;
2964
3323
  /**
3324
+ * @public
2965
3325
  * <p>Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager
2966
3326
  * tried to associate with a VPC has the same priority as a rule group that's already associated. </p>
2967
3327
  */
2968
3328
  DnsRuleGroupPriorityConflictViolation?: DnsRuleGroupPriorityConflictViolation;
2969
3329
  /**
3330
+ * @public
2970
3331
  * <p>Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager
2971
3332
  * tried to associate with a VPC is already associated with the VPC and can't be associated again. </p>
2972
3333
  */
2973
3334
  DnsDuplicateRuleGroupViolation?: DnsDuplicateRuleGroupViolation;
2974
3335
  /**
3336
+ * @public
2975
3337
  * <p>Violation detail for a DNS Firewall policy that indicates that the VPC reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed. </p>
2976
3338
  */
2977
3339
  DnsRuleGroupLimitExceededViolation?: DnsRuleGroupLimitExceededViolation;
2978
3340
  /**
3341
+ * @public
2979
3342
  * <p>A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.</p>
2980
3343
  */
2981
3344
  PossibleRemediationActions?: PossibleRemediationActions;
2982
3345
  /**
3346
+ * @public
2983
3347
  * <p>Contains details about the firewall subnet that violates the policy scope.</p>
2984
3348
  */
2985
3349
  FirewallSubnetIsOutOfScopeViolation?: FirewallSubnetIsOutOfScopeViolation;
2986
3350
  /**
3351
+ * @public
2987
3352
  * <p>Contains details about the route endpoint that violates the policy scope.</p>
2988
3353
  */
2989
3354
  RouteHasOutOfScopeEndpointViolation?: RouteHasOutOfScopeEndpointViolation;
2990
3355
  /**
3356
+ * @public
2991
3357
  * <p>The violation details for a third-party firewall that's been deleted.</p>
2992
3358
  */
2993
3359
  ThirdPartyFirewallMissingFirewallViolation?: ThirdPartyFirewallMissingFirewallViolation;
2994
3360
  /**
3361
+ * @public
2995
3362
  * <p>The violation details for a third-party firewall's subnet that's been deleted.</p>
2996
3363
  */
2997
3364
  ThirdPartyFirewallMissingSubnetViolation?: ThirdPartyFirewallMissingSubnetViolation;
2998
3365
  /**
3366
+ * @public
2999
3367
  * <p>The violation details for a third-party firewall that has the Firewall Manager managed route table that was associated with the third-party firewall has been deleted.</p>
3000
3368
  */
3001
3369
  ThirdPartyFirewallMissingExpectedRouteTableViolation?: ThirdPartyFirewallMissingExpectedRouteTableViolation;
3002
3370
  /**
3371
+ * @public
3003
3372
  * <p>The violation details for a third-party firewall's VPC endpoint subnet that was deleted.</p>
3004
3373
  */
3005
3374
  FirewallSubnetMissingVPCEndpointViolation?: FirewallSubnetMissingVPCEndpointViolation;
@@ -3010,30 +3379,37 @@ export interface ResourceViolation {
3010
3379
  */
3011
3380
  export interface ViolationDetail {
3012
3381
  /**
3382
+ * @public
3013
3383
  * <p>The ID of the Firewall Manager policy that the violation details were requested for.</p>
3014
3384
  */
3015
3385
  PolicyId: string | undefined;
3016
3386
  /**
3387
+ * @public
3017
3388
  * <p>The Amazon Web Services account that the violation details were requested for.</p>
3018
3389
  */
3019
3390
  MemberAccount: string | undefined;
3020
3391
  /**
3392
+ * @public
3021
3393
  * <p>The resource ID that the violation details were requested for.</p>
3022
3394
  */
3023
3395
  ResourceId: string | undefined;
3024
3396
  /**
3397
+ * @public
3025
3398
  * <p>The resource type that the violation details were requested for.</p>
3026
3399
  */
3027
3400
  ResourceType: string | undefined;
3028
3401
  /**
3402
+ * @public
3029
3403
  * <p>List of violations for the requested resource.</p>
3030
3404
  */
3031
3405
  ResourceViolations: ResourceViolation[] | undefined;
3032
3406
  /**
3407
+ * @public
3033
3408
  * <p>The <code>ResourceTag</code> objects associated with the resource.</p>
3034
3409
  */
3035
3410
  ResourceTags?: Tag[];
3036
3411
  /**
3412
+ * @public
3037
3413
  * <p>Brief description for the requested resource.</p>
3038
3414
  */
3039
3415
  ResourceDescription?: string;
@@ -3043,6 +3419,7 @@ export interface ViolationDetail {
3043
3419
  */
3044
3420
  export interface GetViolationDetailsResponse {
3045
3421
  /**
3422
+ * @public
3046
3423
  * <p>Violation detail for a resource.</p>
3047
3424
  */
3048
3425
  ViolationDetail?: ViolationDetail;
@@ -3052,12 +3429,14 @@ export interface GetViolationDetailsResponse {
3052
3429
  */
3053
3430
  export interface ListAdminAccountsForOrganizationRequest {
3054
3431
  /**
3432
+ * @public
3055
3433
  * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
3056
3434
  * for retrieval exceeds the maximum you requested, Firewall Manager returns a <code>NextToken</code>
3057
3435
  * value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
3058
3436
  */
3059
3437
  NextToken?: string;
3060
3438
  /**
3439
+ * @public
3061
3440
  * <p>The maximum number of objects that you want Firewall Manager to return for this request. If more
3062
3441
  * objects are available, in the response, Firewall Manager provides a
3063
3442
  * <code>NextToken</code> value that you can use in a subsequent call to get the next batch of objects.</p>
@@ -3069,10 +3448,12 @@ export interface ListAdminAccountsForOrganizationRequest {
3069
3448
  */
3070
3449
  export interface ListAdminAccountsForOrganizationResponse {
3071
3450
  /**
3451
+ * @public
3072
3452
  * <p>A list of Firewall Manager administrator accounts within the organization that were onboarded as administrators by <a>AssociateAdminAccount</a> or <a>PutAdminAccount</a>.</p>
3073
3453
  */
3074
3454
  AdminAccounts?: AdminAccountSummary[];
3075
3455
  /**
3456
+ * @public
3076
3457
  * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
3077
3458
  * for retrieval exceeds the maximum you requested, Firewall Manager returns a <code>NextToken</code>
3078
3459
  * value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
@@ -3084,12 +3465,14 @@ export interface ListAdminAccountsForOrganizationResponse {
3084
3465
  */
3085
3466
  export interface ListAdminsManagingAccountRequest {
3086
3467
  /**
3468
+ * @public
3087
3469
  * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
3088
3470
  * for retrieval exceeds the maximum you requested, Firewall Manager returns a <code>NextToken</code>
3089
3471
  * value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
3090
3472
  */
3091
3473
  NextToken?: string;
3092
3474
  /**
3475
+ * @public
3093
3476
  * <p>The maximum number of objects that you want Firewall Manager to return for this request. If more
3094
3477
  * objects are available, in the response, Firewall Manager provides a
3095
3478
  * <code>NextToken</code> value that you can use in a subsequent call to get the next batch of objects.</p>
@@ -3101,10 +3484,12 @@ export interface ListAdminsManagingAccountRequest {
3101
3484
  */
3102
3485
  export interface ListAdminsManagingAccountResponse {
3103
3486
  /**
3487
+ * @public
3104
3488
  * <p>The list of accounts who manage member accounts within their <a>AdminScope</a>.</p>
3105
3489
  */
3106
3490
  AdminAccounts?: string[];
3107
3491
  /**
3492
+ * @public
3108
3493
  * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
3109
3494
  * for retrieval exceeds the maximum you requested, Firewall Manager returns a <code>NextToken</code>
3110
3495
  * value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
@@ -3116,16 +3501,19 @@ export interface ListAdminsManagingAccountResponse {
3116
3501
  */
3117
3502
  export interface ListAppsListsRequest {
3118
3503
  /**
3504
+ * @public
3119
3505
  * <p>Specifies whether the lists to retrieve are default lists owned by Firewall Manager.</p>
3120
3506
  */
3121
3507
  DefaultLists?: boolean;
3122
3508
  /**
3509
+ * @public
3123
3510
  * <p>If you specify a value for <code>MaxResults</code> in your list request, and you have more objects than the maximum,
3124
3511
  * Firewall Manager returns this token in the response. For all but the first request, you provide the token returned by the prior request
3125
3512
  * in the request parameters, to retrieve the next batch of objects.</p>
3126
3513
  */
3127
3514
  NextToken?: string;
3128
3515
  /**
3516
+ * @public
3129
3517
  * <p>The maximum number of objects that you want Firewall Manager to return for this request. If more
3130
3518
  * objects are available, in the response, Firewall Manager provides a
3131
3519
  * <code>NextToken</code> value that you can use in a subsequent call to get the next batch of objects.</p>
@@ -3138,10 +3526,12 @@ export interface ListAppsListsRequest {
3138
3526
  */
3139
3527
  export interface ListAppsListsResponse {
3140
3528
  /**
3529
+ * @public
3141
3530
  * <p>An array of <code>AppsListDataSummary</code> objects.</p>
3142
3531
  */
3143
3532
  AppsLists?: AppsListDataSummary[];
3144
3533
  /**
3534
+ * @public
3145
3535
  * <p>If you specify a value for <code>MaxResults</code> in your list request, and you have more objects than the maximum,
3146
3536
  * Firewall Manager returns this token in the response. You can use this token in subsequent requests to retrieve the next batch of objects.</p>
3147
3537
  */
@@ -3152,10 +3542,12 @@ export interface ListAppsListsResponse {
3152
3542
  */
3153
3543
  export interface ListComplianceStatusRequest {
3154
3544
  /**
3545
+ * @public
3155
3546
  * <p>The ID of the Firewall Manager policy that you want the details for.</p>
3156
3547
  */
3157
3548
  PolicyId: string | undefined;
3158
3549
  /**
3550
+ * @public
3159
3551
  * <p>If you specify a value for <code>MaxResults</code> and you have more
3160
3552
  * <code>PolicyComplianceStatus</code> objects than the number that you specify for
3161
3553
  * <code>MaxResults</code>, Firewall Manager returns a <code>NextToken</code> value in the
@@ -3166,6 +3558,7 @@ export interface ListComplianceStatusRequest {
3166
3558
  */
3167
3559
  NextToken?: string;
3168
3560
  /**
3561
+ * @public
3169
3562
  * <p>Specifies the number of <code>PolicyComplianceStatus</code> objects that you want
3170
3563
  * Firewall Manager to return for this request. If you have more
3171
3564
  * <code>PolicyComplianceStatus</code> objects than the number that you specify for
@@ -3194,10 +3587,12 @@ export type PolicyComplianceStatusType = (typeof PolicyComplianceStatusType)[key
3194
3587
  */
3195
3588
  export interface EvaluationResult {
3196
3589
  /**
3590
+ * @public
3197
3591
  * <p>Describes an Amazon Web Services account's compliance with the Firewall Manager policy.</p>
3198
3592
  */
3199
3593
  ComplianceStatus?: PolicyComplianceStatusType | string;
3200
3594
  /**
3595
+ * @public
3201
3596
  * <p>The number of resources that are noncompliant with the specified policy. For WAF and
3202
3597
  * Shield Advanced policies, a resource is considered noncompliant if it is not associated with
3203
3598
  * the policy. For security group policies, a resource is considered noncompliant if it doesn't
@@ -3205,6 +3600,7 @@ export interface EvaluationResult {
3205
3600
  */
3206
3601
  ViolatorCount?: number;
3207
3602
  /**
3603
+ * @public
3208
3604
  * <p>Indicates that over 100 resources are noncompliant with the Firewall Manager
3209
3605
  * policy.</p>
3210
3606
  */
@@ -3219,30 +3615,37 @@ export interface EvaluationResult {
3219
3615
  */
3220
3616
  export interface PolicyComplianceStatus {
3221
3617
  /**
3618
+ * @public
3222
3619
  * <p>The Amazon Web Services account that created the Firewall Manager policy.</p>
3223
3620
  */
3224
3621
  PolicyOwner?: string;
3225
3622
  /**
3623
+ * @public
3226
3624
  * <p>The ID of the Firewall Manager policy.</p>
3227
3625
  */
3228
3626
  PolicyId?: string;
3229
3627
  /**
3628
+ * @public
3230
3629
  * <p>The name of the Firewall Manager policy.</p>
3231
3630
  */
3232
3631
  PolicyName?: string;
3233
3632
  /**
3633
+ * @public
3234
3634
  * <p>The member account ID.</p>
3235
3635
  */
3236
3636
  MemberAccount?: string;
3237
3637
  /**
3638
+ * @public
3238
3639
  * <p>An array of <code>EvaluationResult</code> objects.</p>
3239
3640
  */
3240
3641
  EvaluationResults?: EvaluationResult[];
3241
3642
  /**
3643
+ * @public
3242
3644
  * <p>Timestamp of the last update to the <code>EvaluationResult</code> objects.</p>
3243
3645
  */
3244
3646
  LastUpdated?: Date;
3245
3647
  /**
3648
+ * @public
3246
3649
  * <p>Details about problems with dependent services, such as WAF or Config,
3247
3650
  * and the error message received that indicates the problem with the service.</p>
3248
3651
  */
@@ -3253,10 +3656,12 @@ export interface PolicyComplianceStatus {
3253
3656
  */
3254
3657
  export interface ListComplianceStatusResponse {
3255
3658
  /**
3659
+ * @public
3256
3660
  * <p>An array of <code>PolicyComplianceStatus</code> objects.</p>
3257
3661
  */
3258
3662
  PolicyComplianceStatusList?: PolicyComplianceStatus[];
3259
3663
  /**
3664
+ * @public
3260
3665
  * <p>If you have more <code>PolicyComplianceStatus</code> objects than the number that you
3261
3666
  * specified for <code>MaxResults</code> in the request, the response includes a
3262
3667
  * <code>NextToken</code> value. To list more <code>PolicyComplianceStatus</code> objects,
@@ -3271,20 +3676,24 @@ export interface ListComplianceStatusResponse {
3271
3676
  */
3272
3677
  export interface ListDiscoveredResourcesRequest {
3273
3678
  /**
3679
+ * @public
3274
3680
  * <p>The Amazon Web Services account IDs to discover resources in. Only one account is supported per request. The account must be a member of your organization.</p>
3275
3681
  */
3276
3682
  MemberAccountIds: string[] | undefined;
3277
3683
  /**
3684
+ * @public
3278
3685
  * <p>The type of resources to discover.</p>
3279
3686
  */
3280
3687
  ResourceType: string | undefined;
3281
3688
  /**
3689
+ * @public
3282
3690
  * <p>The maximum number of objects that you want Firewall Manager to return for this request. If more
3283
3691
  * objects are available, in the response, Firewall Manager provides a
3284
3692
  * <code>NextToken</code> value that you can use in a subsequent call to get the next batch of objects.</p>
3285
3693
  */
3286
3694
  MaxResults?: number;
3287
3695
  /**
3696
+ * @public
3288
3697
  * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
3289
3698
  * for retrieval exceeds the maximum you requested, Firewall Manager returns a <code>NextToken</code>
3290
3699
  * value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
@@ -3297,18 +3706,22 @@ export interface ListDiscoveredResourcesRequest {
3297
3706
  */
3298
3707
  export interface DiscoveredResource {
3299
3708
  /**
3709
+ * @public
3300
3710
  * <p>The universal resource identifier (URI) of the discovered resource.</p>
3301
3711
  */
3302
3712
  URI?: string;
3303
3713
  /**
3714
+ * @public
3304
3715
  * <p>The Amazon Web Services account ID associated with the discovered resource.</p>
3305
3716
  */
3306
3717
  AccountId?: string;
3307
3718
  /**
3719
+ * @public
3308
3720
  * <p>The type of the discovered resource.</p>
3309
3721
  */
3310
3722
  Type?: string;
3311
3723
  /**
3724
+ * @public
3312
3725
  * <p>The name of the discovered resource.</p>
3313
3726
  */
3314
3727
  Name?: string;
@@ -3318,10 +3731,12 @@ export interface DiscoveredResource {
3318
3731
  */
3319
3732
  export interface ListDiscoveredResourcesResponse {
3320
3733
  /**
3734
+ * @public
3321
3735
  * <p>Details of the resources that were discovered.</p>
3322
3736
  */
3323
3737
  Items?: DiscoveredResource[];
3324
3738
  /**
3739
+ * @public
3325
3740
  * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
3326
3741
  * for retrieval exceeds the maximum you requested, Firewall Manager returns a <code>NextToken</code>
3327
3742
  * value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
@@ -3333,6 +3748,7 @@ export interface ListDiscoveredResourcesResponse {
3333
3748
  */
3334
3749
  export interface ListMemberAccountsRequest {
3335
3750
  /**
3751
+ * @public
3336
3752
  * <p>If you specify a value for <code>MaxResults</code> and you have more account IDs than the
3337
3753
  * number that you specify for <code>MaxResults</code>, Firewall Manager returns a
3338
3754
  * <code>NextToken</code> value in the response that allows you to list another group of IDs.
@@ -3342,6 +3758,7 @@ export interface ListMemberAccountsRequest {
3342
3758
  */
3343
3759
  NextToken?: string;
3344
3760
  /**
3761
+ * @public
3345
3762
  * <p>Specifies the number of member account IDs that you want Firewall Manager to return
3346
3763
  * for this request. If you have more IDs than the number that you specify for
3347
3764
  * <code>MaxResults</code>, the response includes a <code>NextToken</code> value that you can
@@ -3354,10 +3771,12 @@ export interface ListMemberAccountsRequest {
3354
3771
  */
3355
3772
  export interface ListMemberAccountsResponse {
3356
3773
  /**
3774
+ * @public
3357
3775
  * <p>An array of account IDs.</p>
3358
3776
  */
3359
3777
  MemberAccounts?: string[];
3360
3778
  /**
3779
+ * @public
3361
3780
  * <p>If you have more member account IDs than the number that you specified for
3362
3781
  * <code>MaxResults</code> in the request, the response includes a <code>NextToken</code>
3363
3782
  * value. To list more IDs, submit another <code>ListMemberAccounts</code> request, and specify
@@ -3371,6 +3790,7 @@ export interface ListMemberAccountsResponse {
3371
3790
  */
3372
3791
  export interface ListPoliciesRequest {
3373
3792
  /**
3793
+ * @public
3374
3794
  * <p>If you specify a value for <code>MaxResults</code> and you have more
3375
3795
  * <code>PolicySummary</code> objects than the number that you specify for
3376
3796
  * <code>MaxResults</code>, Firewall Manager returns a <code>NextToken</code> value in the
@@ -3381,6 +3801,7 @@ export interface ListPoliciesRequest {
3381
3801
  */
3382
3802
  NextToken?: string;
3383
3803
  /**
3804
+ * @public
3384
3805
  * <p>Specifies the number of <code>PolicySummary</code> objects that you want Firewall Manager to return for this request. If you have more <code>PolicySummary</code> objects than
3385
3806
  * the number that you specify for <code>MaxResults</code>, the response includes a
3386
3807
  * <code>NextToken</code> value that you can use to get another batch of
@@ -3394,18 +3815,22 @@ export interface ListPoliciesRequest {
3394
3815
  */
3395
3816
  export interface PolicySummary {
3396
3817
  /**
3818
+ * @public
3397
3819
  * <p>The Amazon Resource Name (ARN) of the specified policy.</p>
3398
3820
  */
3399
3821
  PolicyArn?: string;
3400
3822
  /**
3823
+ * @public
3401
3824
  * <p>The ID of the specified policy.</p>
3402
3825
  */
3403
3826
  PolicyId?: string;
3404
3827
  /**
3828
+ * @public
3405
3829
  * <p>The name of the specified policy.</p>
3406
3830
  */
3407
3831
  PolicyName?: string;
3408
3832
  /**
3833
+ * @public
3409
3834
  * <p>The type of resource protected by or in scope of the policy. This is in the format shown
3410
3835
  * in the <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Amazon Web Services Resource Types Reference</a>.
3411
3836
  * For WAF and Shield Advanced, examples include
@@ -3419,16 +3844,19 @@ export interface PolicySummary {
3419
3844
  */
3420
3845
  ResourceType?: string;
3421
3846
  /**
3847
+ * @public
3422
3848
  * <p>The service that the policy is using to protect the resources. This specifies the type of
3423
3849
  * policy that is created, either an WAF policy, a Shield Advanced policy, or a security
3424
3850
  * group policy.</p>
3425
3851
  */
3426
3852
  SecurityServiceType?: SecurityServiceType | string;
3427
3853
  /**
3854
+ * @public
3428
3855
  * <p>Indicates if the policy should be automatically applied to new resources.</p>
3429
3856
  */
3430
3857
  RemediationEnabled?: boolean;
3431
3858
  /**
3859
+ * @public
3432
3860
  * <p>Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources
3433
3861
  * that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL
3434
3862
  * from a protected customer resource when the customer resource leaves policy scope. </p>
@@ -3437,6 +3865,7 @@ export interface PolicySummary {
3437
3865
  */
3438
3866
  DeleteUnusedFMManagedResources?: boolean;
3439
3867
  /**
3868
+ * @public
3440
3869
  * <p>Indicates whether the policy is in or out of an admin's policy or Region scope.</p>
3441
3870
  * <ul>
3442
3871
  * <li>
@@ -3456,10 +3885,12 @@ export interface PolicySummary {
3456
3885
  */
3457
3886
  export interface ListPoliciesResponse {
3458
3887
  /**
3888
+ * @public
3459
3889
  * <p>An array of <code>PolicySummary</code> objects.</p>
3460
3890
  */
3461
3891
  PolicyList?: PolicySummary[];
3462
3892
  /**
3893
+ * @public
3463
3894
  * <p>If you have more <code>PolicySummary</code> objects than the number that you specified for
3464
3895
  * <code>MaxResults</code> in the request, the response includes a <code>NextToken</code>
3465
3896
  * value. To list more <code>PolicySummary</code> objects, submit another
@@ -3473,16 +3904,19 @@ export interface ListPoliciesResponse {
3473
3904
  */
3474
3905
  export interface ListProtocolsListsRequest {
3475
3906
  /**
3907
+ * @public
3476
3908
  * <p>Specifies whether the lists to retrieve are default lists owned by Firewall Manager.</p>
3477
3909
  */
3478
3910
  DefaultLists?: boolean;
3479
3911
  /**
3912
+ * @public
3480
3913
  * <p>If you specify a value for <code>MaxResults</code> in your list request, and you have more objects than the maximum,
3481
3914
  * Firewall Manager returns this token in the response. For all but the first request, you provide the token returned by the prior request
3482
3915
  * in the request parameters, to retrieve the next batch of objects.</p>
3483
3916
  */
3484
3917
  NextToken?: string;
3485
3918
  /**
3919
+ * @public
3486
3920
  * <p>The maximum number of objects that you want Firewall Manager to return for this request. If more
3487
3921
  * objects are available, in the response, Firewall Manager provides a
3488
3922
  * <code>NextToken</code> value that you can use in a subsequent call to get the next batch of objects.</p>
@@ -3496,18 +3930,22 @@ export interface ListProtocolsListsRequest {
3496
3930
  */
3497
3931
  export interface ProtocolsListDataSummary {
3498
3932
  /**
3933
+ * @public
3499
3934
  * <p>The Amazon Resource Name (ARN) of the specified protocols list.</p>
3500
3935
  */
3501
3936
  ListArn?: string;
3502
3937
  /**
3938
+ * @public
3503
3939
  * <p>The ID of the specified protocols list.</p>
3504
3940
  */
3505
3941
  ListId?: string;
3506
3942
  /**
3943
+ * @public
3507
3944
  * <p>The name of the specified protocols list.</p>
3508
3945
  */
3509
3946
  ListName?: string;
3510
3947
  /**
3948
+ * @public
3511
3949
  * <p>An array of protocols in the Firewall Manager protocols list.</p>
3512
3950
  */
3513
3951
  ProtocolsList?: string[];
@@ -3517,10 +3955,12 @@ export interface ProtocolsListDataSummary {
3517
3955
  */
3518
3956
  export interface ListProtocolsListsResponse {
3519
3957
  /**
3958
+ * @public
3520
3959
  * <p>An array of <code>ProtocolsListDataSummary</code> objects.</p>
3521
3960
  */
3522
3961
  ProtocolsLists?: ProtocolsListDataSummary[];
3523
3962
  /**
3963
+ * @public
3524
3964
  * <p>If you specify a value for <code>MaxResults</code> in your list request, and you have more objects than the maximum,
3525
3965
  * Firewall Manager returns this token in the response. You can use this token in subsequent requests to retrieve the next batch of objects.</p>
3526
3966
  */
@@ -3531,16 +3971,19 @@ export interface ListProtocolsListsResponse {
3531
3971
  */
3532
3972
  export interface ListResourceSetResourcesRequest {
3533
3973
  /**
3974
+ * @public
3534
3975
  * <p>A unique identifier for the resource set, used in a request to refer to the resource set.</p>
3535
3976
  */
3536
3977
  Identifier: string | undefined;
3537
3978
  /**
3979
+ * @public
3538
3980
  * <p>The maximum number of objects that you want Firewall Manager to return for this request. If more
3539
3981
  * objects are available, in the response, Firewall Manager provides a
3540
3982
  * <code>NextToken</code> value that you can use in a subsequent call to get the next batch of objects.</p>
3541
3983
  */
3542
3984
  MaxResults?: number;
3543
3985
  /**
3986
+ * @public
3544
3987
  * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
3545
3988
  * for retrieval exceeds the maximum you requested, Firewall Manager returns a <code>NextToken</code>
3546
3989
  * value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
@@ -3553,10 +3996,12 @@ export interface ListResourceSetResourcesRequest {
3553
3996
  */
3554
3997
  export interface Resource {
3555
3998
  /**
3999
+ * @public
3556
4000
  * <p>The resource's universal resource indicator (URI).</p>
3557
4001
  */
3558
4002
  URI: string | undefined;
3559
4003
  /**
4004
+ * @public
3560
4005
  * <p>The Amazon Web Services account ID that the associated resource belongs to.</p>
3561
4006
  */
3562
4007
  AccountId?: string;
@@ -3566,10 +4011,12 @@ export interface Resource {
3566
4011
  */
3567
4012
  export interface ListResourceSetResourcesResponse {
3568
4013
  /**
4014
+ * @public
3569
4015
  * <p>An array of the associated resources' uniform resource identifiers (URI).</p>
3570
4016
  */
3571
4017
  Items: Resource[] | undefined;
3572
4018
  /**
4019
+ * @public
3573
4020
  * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
3574
4021
  * for retrieval exceeds the maximum you requested, Firewall Manager returns a <code>NextToken</code>
3575
4022
  * value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
@@ -3581,12 +4028,14 @@ export interface ListResourceSetResourcesResponse {
3581
4028
  */
3582
4029
  export interface ListResourceSetsRequest {
3583
4030
  /**
4031
+ * @public
3584
4032
  * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
3585
4033
  * for retrieval exceeds the maximum you requested, Firewall Manager returns a <code>NextToken</code>
3586
4034
  * value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
3587
4035
  */
3588
4036
  NextToken?: string;
3589
4037
  /**
4038
+ * @public
3590
4039
  * <p>The maximum number of objects that you want Firewall Manager to return for this request. If more
3591
4040
  * objects are available, in the response, Firewall Manager provides a
3592
4041
  * <code>NextToken</code> value that you can use in a subsequent call to get the next batch of objects.</p>
@@ -3599,22 +4048,27 @@ export interface ListResourceSetsRequest {
3599
4048
  */
3600
4049
  export interface ResourceSetSummary {
3601
4050
  /**
4051
+ * @public
3602
4052
  * <p>A unique identifier for the resource set. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.</p>
3603
4053
  */
3604
4054
  Id?: string;
3605
4055
  /**
4056
+ * @public
3606
4057
  * <p>The descriptive name of the resource set. You can't change the name of a resource set after you create it.</p>
3607
4058
  */
3608
4059
  Name?: string;
3609
4060
  /**
4061
+ * @public
3610
4062
  * <p>A description of the resource set.</p>
3611
4063
  */
3612
4064
  Description?: string;
3613
4065
  /**
4066
+ * @public
3614
4067
  * <p>The last time that the resource set was changed.</p>
3615
4068
  */
3616
4069
  LastUpdateTime?: Date;
3617
4070
  /**
4071
+ * @public
3618
4072
  * <p>Indicates whether the resource set is in or out of an admin's Region scope.</p>
3619
4073
  * <ul>
3620
4074
  * <li>
@@ -3634,10 +4088,12 @@ export interface ResourceSetSummary {
3634
4088
  */
3635
4089
  export interface ListResourceSetsResponse {
3636
4090
  /**
4091
+ * @public
3637
4092
  * <p>An array of <code>ResourceSetSummary</code> objects.</p>
3638
4093
  */
3639
4094
  ResourceSets?: ResourceSetSummary[];
3640
4095
  /**
4096
+ * @public
3641
4097
  * <p>When you request a list of objects with a <code>MaxResults</code> setting, if the number of objects that are still available
3642
4098
  * for retrieval exceeds the maximum you requested, Firewall Manager returns a <code>NextToken</code>
3643
4099
  * value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.</p>
@@ -3649,6 +4105,7 @@ export interface ListResourceSetsResponse {
3649
4105
  */
3650
4106
  export interface ListTagsForResourceRequest {
3651
4107
  /**
4108
+ * @public
3652
4109
  * <p>The Amazon Resource Name (ARN) of the resource to return tags for. The Firewall Manager resources that support tagging are policies, applications lists, and protocols lists. </p>
3653
4110
  */
3654
4111
  ResourceArn: string | undefined;
@@ -3658,6 +4115,7 @@ export interface ListTagsForResourceRequest {
3658
4115
  */
3659
4116
  export interface ListTagsForResourceResponse {
3660
4117
  /**
4118
+ * @public
3661
4119
  * <p>The tags associated with the resource.</p>
3662
4120
  */
3663
4121
  TagList?: Tag[];
@@ -3667,10 +4125,12 @@ export interface ListTagsForResourceResponse {
3667
4125
  */
3668
4126
  export interface ListThirdPartyFirewallFirewallPoliciesRequest {
3669
4127
  /**
4128
+ * @public
3670
4129
  * <p>The name of the third-party firewall vendor.</p>
3671
4130
  */
3672
4131
  ThirdPartyFirewall: ThirdPartyFirewall | string | undefined;
3673
4132
  /**
4133
+ * @public
3674
4134
  * <p>If the previous response included a <code>NextToken</code> element, the specified third-party firewall vendor is associated with more
3675
4135
  * third-party firewall policies. To get more third-party firewall policies, submit another <code>ListThirdPartyFirewallFirewallPoliciesRequest</code> request.</p>
3676
4136
  * <p>
@@ -3681,6 +4141,7 @@ export interface ListThirdPartyFirewallFirewallPoliciesRequest {
3681
4141
  */
3682
4142
  NextToken?: string;
3683
4143
  /**
4144
+ * @public
3684
4145
  * <p>The maximum number of third-party firewall policies that you want Firewall Manager to return. If
3685
4146
  * the specified third-party firewall vendor is associated with more than <code>MaxResults</code> firewall policies, the response includes a
3686
4147
  * <code>NextToken</code> element. <code>NextToken</code> contains an encrypted token that identifies the first third-party firewall policies
@@ -3694,10 +4155,12 @@ export interface ListThirdPartyFirewallFirewallPoliciesRequest {
3694
4155
  */
3695
4156
  export interface ThirdPartyFirewallFirewallPolicy {
3696
4157
  /**
4158
+ * @public
3697
4159
  * <p>The ID of the specified firewall policy.</p>
3698
4160
  */
3699
4161
  FirewallPolicyId?: string;
3700
4162
  /**
4163
+ * @public
3701
4164
  * <p>The name of the specified firewall policy.</p>
3702
4165
  */
3703
4166
  FirewallPolicyName?: string;
@@ -3707,11 +4170,13 @@ export interface ThirdPartyFirewallFirewallPolicy {
3707
4170
  */
3708
4171
  export interface ListThirdPartyFirewallFirewallPoliciesResponse {
3709
4172
  /**
4173
+ * @public
3710
4174
  * <p>A list that contains one <code>ThirdPartyFirewallFirewallPolicies</code> element for each third-party firewall policies that the specified
3711
4175
  * third-party firewall vendor is associated with. Each <code>ThirdPartyFirewallFirewallPolicies</code> element contains the firewall policy name and ID.</p>
3712
4176
  */
3713
4177
  ThirdPartyFirewallFirewallPolicies?: ThirdPartyFirewallFirewallPolicy[];
3714
4178
  /**
4179
+ * @public
3715
4180
  * <p>The value that you will use for <code>NextToken</code> in the next <code>ListThirdPartyFirewallFirewallPolicies</code> request.</p>
3716
4181
  */
3717
4182
  NextToken?: string;
@@ -3721,11 +4186,13 @@ export interface ListThirdPartyFirewallFirewallPoliciesResponse {
3721
4186
  */
3722
4187
  export interface PutAdminAccountRequest {
3723
4188
  /**
4189
+ * @public
3724
4190
  * <p>The Amazon Web Services account ID to add as an Firewall Manager administrator account. The account must be a member of the organization that was onboarded to Firewall Manager by <a>AssociateAdminAccount</a>. For more information about Organizations, see
3725
4191
  * <a href="https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts.html">Managing the Amazon Web Services Accounts in Your Organization</a>.</p>
3726
4192
  */
3727
4193
  AdminAccount: string | undefined;
3728
4194
  /**
4195
+ * @public
3729
4196
  * <p>Configures the resources that the specified Firewall Manager administrator can manage. As a best practice, set the administrative scope according to the principles of least privilege. Only grant the administrator the specific resources or permissions that they need to perform the duties of their role.</p>
3730
4197
  */
3731
4198
  AdminScope?: AdminScope;
@@ -3735,10 +4202,12 @@ export interface PutAdminAccountRequest {
3735
4202
  */
3736
4203
  export interface PutAppsListRequest {
3737
4204
  /**
4205
+ * @public
3738
4206
  * <p>The details of the Firewall Manager applications list to be created.</p>
3739
4207
  */
3740
4208
  AppsList: AppsListData | undefined;
3741
4209
  /**
4210
+ * @public
3742
4211
  * <p>The tags associated with the resource.</p>
3743
4212
  */
3744
4213
  TagList?: Tag[];
@@ -3748,10 +4217,12 @@ export interface PutAppsListRequest {
3748
4217
  */
3749
4218
  export interface PutAppsListResponse {
3750
4219
  /**
4220
+ * @public
3751
4221
  * <p>The details of the Firewall Manager applications list.</p>
3752
4222
  */
3753
4223
  AppsList?: AppsListData;
3754
4224
  /**
4225
+ * @public
3755
4226
  * <p>The Amazon Resource Name (ARN) of the applications list.</p>
3756
4227
  */
3757
4228
  AppsListArn?: string;
@@ -3761,11 +4232,13 @@ export interface PutAppsListResponse {
3761
4232
  */
3762
4233
  export interface PutNotificationChannelRequest {
3763
4234
  /**
4235
+ * @public
3764
4236
  * <p>The Amazon Resource Name (ARN) of the SNS topic that collects notifications from
3765
4237
  * Firewall Manager.</p>
3766
4238
  */
3767
4239
  SnsTopicArn: string | undefined;
3768
4240
  /**
4241
+ * @public
3769
4242
  * <p>The Amazon Resource Name (ARN) of the IAM role that allows Amazon SNS to record
3770
4243
  * Firewall Manager activity. </p>
3771
4244
  */
@@ -3776,10 +4249,12 @@ export interface PutNotificationChannelRequest {
3776
4249
  */
3777
4250
  export interface PutPolicyRequest {
3778
4251
  /**
4252
+ * @public
3779
4253
  * <p>The details of the Firewall Manager policy to be created.</p>
3780
4254
  */
3781
4255
  Policy: Policy | undefined;
3782
4256
  /**
4257
+ * @public
3783
4258
  * <p>The tags to add to the Amazon Web Services resource.</p>
3784
4259
  */
3785
4260
  TagList?: Tag[];
@@ -3789,10 +4264,12 @@ export interface PutPolicyRequest {
3789
4264
  */
3790
4265
  export interface PutPolicyResponse {
3791
4266
  /**
4267
+ * @public
3792
4268
  * <p>The details of the Firewall Manager policy.</p>
3793
4269
  */
3794
4270
  Policy?: Policy;
3795
4271
  /**
4272
+ * @public
3796
4273
  * <p>The Amazon Resource Name (ARN) of the policy.</p>
3797
4274
  */
3798
4275
  PolicyArn?: string;
@@ -3802,10 +4279,12 @@ export interface PutPolicyResponse {
3802
4279
  */
3803
4280
  export interface PutProtocolsListRequest {
3804
4281
  /**
4282
+ * @public
3805
4283
  * <p>The details of the Firewall Manager protocols list to be created.</p>
3806
4284
  */
3807
4285
  ProtocolsList: ProtocolsListData | undefined;
3808
4286
  /**
4287
+ * @public
3809
4288
  * <p>The tags associated with the resource.</p>
3810
4289
  */
3811
4290
  TagList?: Tag[];
@@ -3815,10 +4294,12 @@ export interface PutProtocolsListRequest {
3815
4294
  */
3816
4295
  export interface PutProtocolsListResponse {
3817
4296
  /**
4297
+ * @public
3818
4298
  * <p>The details of the Firewall Manager protocols list.</p>
3819
4299
  */
3820
4300
  ProtocolsList?: ProtocolsListData;
3821
4301
  /**
4302
+ * @public
3822
4303
  * <p>The Amazon Resource Name (ARN) of the protocols list.</p>
3823
4304
  */
3824
4305
  ProtocolsListArn?: string;
@@ -3828,10 +4309,12 @@ export interface PutProtocolsListResponse {
3828
4309
  */
3829
4310
  export interface PutResourceSetRequest {
3830
4311
  /**
4312
+ * @public
3831
4313
  * <p>Details about the resource set to be created or updated.></p>
3832
4314
  */
3833
4315
  ResourceSet: ResourceSet | undefined;
3834
4316
  /**
4317
+ * @public
3835
4318
  * <p>Retrieves the tags associated with the specified resource set. Tags are key:value pairs that
3836
4319
  * you can use to categorize and manage your resources, for purposes like billing. For
3837
4320
  * example, you might set the tag key to "customer" and the value to the customer name or ID.
@@ -3845,10 +4328,12 @@ export interface PutResourceSetRequest {
3845
4328
  */
3846
4329
  export interface PutResourceSetResponse {
3847
4330
  /**
4331
+ * @public
3848
4332
  * <p>Details about the resource set.</p>
3849
4333
  */
3850
4334
  ResourceSet: ResourceSet | undefined;
3851
4335
  /**
4336
+ * @public
3852
4337
  * <p>The Amazon Resource Name (ARN) of the resource set.</p>
3853
4338
  */
3854
4339
  ResourceSetArn: string | undefined;
@@ -3858,10 +4343,12 @@ export interface PutResourceSetResponse {
3858
4343
  */
3859
4344
  export interface TagResourceRequest {
3860
4345
  /**
4346
+ * @public
3861
4347
  * <p>The Amazon Resource Name (ARN) of the resource to return tags for. The Firewall Manager resources that support tagging are policies, applications lists, and protocols lists. </p>
3862
4348
  */
3863
4349
  ResourceArn: string | undefined;
3864
4350
  /**
4351
+ * @public
3865
4352
  * <p>The tags to add to the resource.</p>
3866
4353
  */
3867
4354
  TagList: Tag[] | undefined;
@@ -3876,10 +4363,12 @@ export interface TagResourceResponse {
3876
4363
  */
3877
4364
  export interface UntagResourceRequest {
3878
4365
  /**
4366
+ * @public
3879
4367
  * <p>The Amazon Resource Name (ARN) of the resource to return tags for. The Firewall Manager resources that support tagging are policies, applications lists, and protocols lists. </p>
3880
4368
  */
3881
4369
  ResourceArn: string | undefined;
3882
4370
  /**
4371
+ * @public
3883
4372
  * <p>The keys of the tags to remove from the resource. </p>
3884
4373
  */
3885
4374
  TagKeys: string[] | undefined;