@aws-sdk/client-fms 3.445.0 → 3.450.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist-types/commands/PutPolicyCommand.d.ts +32 -19
- package/dist-types/models/models_0.d.ts +104 -48
- package/package.json +12 -12
package/README.md
CHANGED
|
@@ -168,7 +168,7 @@ try {
|
|
|
168
168
|
const data = await client.send(command);
|
|
169
169
|
// process data.
|
|
170
170
|
} catch (error) {
|
|
171
|
-
const { requestId, cfId, extendedRequestId } = error
|
|
171
|
+
const { requestId, cfId, extendedRequestId } = error.$metadata;
|
|
172
172
|
console.log({ requestId, cfId, extendedRequestId });
|
|
173
173
|
/**
|
|
174
174
|
* The keys within exceptions are also parsed.
|
|
@@ -24,38 +24,51 @@ export interface PutPolicyCommandOutput extends PutPolicyResponse, __MetadataBea
|
|
|
24
24
|
/**
|
|
25
25
|
* @public
|
|
26
26
|
* <p>Creates an Firewall Manager policy.</p>
|
|
27
|
+
* <p>A Firewall Manager policy is specific to the individual policy type. If you want to enforce multiple
|
|
28
|
+
* policy types across accounts, you can create multiple policies. You can create more than one
|
|
29
|
+
* policy for each type. </p>
|
|
30
|
+
* <p>If you add a new account to an organization that you created with Organizations, Firewall Manager
|
|
31
|
+
* automatically applies the policy to the resources in that account that are within scope of
|
|
32
|
+
* the policy. </p>
|
|
27
33
|
* <p>Firewall Manager provides the following types of policies: </p>
|
|
28
34
|
* <ul>
|
|
29
35
|
* <li>
|
|
30
|
-
* <p>
|
|
31
|
-
*
|
|
36
|
+
* <p>
|
|
37
|
+
* <b>Shield Advanced policy</b> - This policy applies Shield Advanced
|
|
38
|
+
* protection to specified accounts and resources. </p>
|
|
32
39
|
* </li>
|
|
33
40
|
* <li>
|
|
34
|
-
* <p>
|
|
41
|
+
* <p>
|
|
42
|
+
* <b>Security Groups policy</b> - This type of policy gives you
|
|
43
|
+
* control over security groups that are in use throughout your organization in
|
|
44
|
+
* Organizations and lets you enforce a baseline set of rules across your organization. </p>
|
|
35
45
|
* </li>
|
|
36
46
|
* <li>
|
|
37
|
-
* <p>
|
|
38
|
-
*
|
|
47
|
+
* <p>
|
|
48
|
+
* <b>Network Firewall policy</b> - This policy applies
|
|
49
|
+
* Network Firewall protection to your organization's VPCs. </p>
|
|
39
50
|
* </li>
|
|
40
51
|
* <li>
|
|
41
|
-
* <p>
|
|
42
|
-
*
|
|
52
|
+
* <p>
|
|
53
|
+
* <b>DNS Firewall policy</b> - This policy applies
|
|
54
|
+
* Amazon Route 53 Resolver DNS Firewall protections to your organization's VPCs. </p>
|
|
43
55
|
* </li>
|
|
44
56
|
* <li>
|
|
45
|
-
* <p>
|
|
46
|
-
*
|
|
47
|
-
*
|
|
48
|
-
*
|
|
49
|
-
*
|
|
50
|
-
*
|
|
57
|
+
* <p>
|
|
58
|
+
* <b>Third-party firewall policy</b> - This policy applies third-party firewall protections. Third-party firewalls are available by subscription through the Amazon Web Services Marketplace console at <a href="https://aws.amazon.com/marketplace">Amazon Web Services Marketplace</a>.</p>
|
|
59
|
+
* <ul>
|
|
60
|
+
* <li>
|
|
61
|
+
* <p>
|
|
62
|
+
* <b>Palo Alto Networks Cloud NGFW policy</b> - This policy applies Palo Alto Networks Cloud Next Generation Firewall (NGFW) protections and Palo Alto Networks Cloud NGFW rulestacks to your organization's VPCs.</p>
|
|
63
|
+
* </li>
|
|
64
|
+
* <li>
|
|
65
|
+
* <p>
|
|
66
|
+
* <b>Fortigate CNF policy</b> - This policy applies
|
|
67
|
+
* Fortigate Cloud Native Firewall (CNF) protections. Fortigate CNF is a cloud-centered solution that blocks Zero-Day threats and secures cloud infrastructures with industry-leading advanced threat prevention, smart web application firewalls (WAF), and API protection.</p>
|
|
68
|
+
* </li>
|
|
69
|
+
* </ul>
|
|
51
70
|
* </li>
|
|
52
71
|
* </ul>
|
|
53
|
-
* <p>Each policy is specific to one of the types. If you want to enforce more than one
|
|
54
|
-
* policy type across accounts, create multiple policies. You can create multiple
|
|
55
|
-
* policies for each type.</p>
|
|
56
|
-
* <p>You must be subscribed to Shield Advanced to create a Shield Advanced policy. For more
|
|
57
|
-
* information about subscribing to Shield Advanced, see
|
|
58
|
-
* <a href="https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_CreateSubscription.html">CreateSubscription</a>.</p>
|
|
59
72
|
* @example
|
|
60
73
|
* Use a bare-bones client and the command you need to make an API call.
|
|
61
74
|
* ```javascript
|
|
@@ -628,6 +628,9 @@ export interface DeletePolicyRequest {
|
|
|
628
628
|
* no longer associated with any resources through another policy</p>
|
|
629
629
|
* </li>
|
|
630
630
|
* </ul>
|
|
631
|
+
* <note>
|
|
632
|
+
* <p>For security group common policies, even if set to <code>False</code>, Firewall Manager deletes all security groups created by Firewall Manager that aren't associated with any other resources through another policy.</p>
|
|
633
|
+
* </note>
|
|
631
634
|
* <p>After the cleanup, in-scope resources are no longer protected by web ACLs in this policy.
|
|
632
635
|
* Protection of out-of-scope resources remains unchanged. Scope is determined by tags that you
|
|
633
636
|
* create and accounts that you associate with the policy. When creating the policy, if you
|
|
@@ -1093,6 +1096,8 @@ export interface SecurityServicePolicyData {
|
|
|
1093
1096
|
* </li>
|
|
1094
1097
|
* <li>
|
|
1095
1098
|
* <p>Example: <code>IMPORT_NETWORK_FIREWALL</code>
|
|
1099
|
+
* </p>
|
|
1100
|
+
* <p>
|
|
1096
1101
|
* <code>"\{\"type\":\"IMPORT_NETWORK_FIREWALL\",\"awsNetworkFirewallConfig\":\{\"networkFirewallStatelessRuleGroupReferences\":[\{\"resourceARN\":\"arn:aws:network-firewall:us-west-2:000000000000:stateless-rulegroup\/rg1\",\"priority\":1\}],\"networkFirewallStatelessDefaultActions\":[\"aws:drop\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:pass\"],\"networkFirewallStatelessCustomActions\":[],\"networkFirewallStatefulRuleGroupReferences\":[\{\"resourceARN\":\"arn:aws:network-firewall:us-west-2:aws-managed:stateful-rulegroup\/ThreatSignaturesEmergingEventsStrictOrder\",\"priority\":8\}],\"networkFirewallStatefulEngineOptions\":\{\"ruleOrder\":\"STRICT_ORDER\"\},\"networkFirewallStatefulDefaultActions\":[\"aws:drop_strict\"]\}\}"</code>
|
|
1097
1102
|
* </p>
|
|
1098
1103
|
* <p>
|
|
@@ -1160,36 +1165,6 @@ export interface SecurityServicePolicyData {
|
|
|
1160
1165
|
* <code>NULL</code>. </p>
|
|
1161
1166
|
* </li>
|
|
1162
1167
|
* <li>
|
|
1163
|
-
* <p>Example: <code>THIRD_PARTY_FIREWALL</code>
|
|
1164
|
-
* </p>
|
|
1165
|
-
* <p>
|
|
1166
|
-
* <code>"\{
|
|
1167
|
-
* "type":"THIRD_PARTY_FIREWALL",
|
|
1168
|
-
* "thirdPartyFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW",
|
|
1169
|
-
* "thirdPartyFirewallConfig":\{
|
|
1170
|
-
* "thirdPartyFirewallPolicyList":["global-1"]
|
|
1171
|
-
* \},
|
|
1172
|
-
* "firewallDeploymentModel":\{
|
|
1173
|
-
* "distributedFirewallDeploymentModel":\{
|
|
1174
|
-
* "distributedFirewallOrchestrationConfig":\{
|
|
1175
|
-
* "firewallCreationConfig":\{
|
|
1176
|
-
* "endpointLocation":\{
|
|
1177
|
-
* "availabilityZoneConfigList":[
|
|
1178
|
-
* \{
|
|
1179
|
-
* "availabilityZoneName":"$\{AvailabilityZone\}"
|
|
1180
|
-
* \}
|
|
1181
|
-
* ]
|
|
1182
|
-
* \}
|
|
1183
|
-
* \},
|
|
1184
|
-
* "allowedIPV4CidrList":[
|
|
1185
|
-
* ]
|
|
1186
|
-
* \}
|
|
1187
|
-
* \}
|
|
1188
|
-
* \}
|
|
1189
|
-
* \}"</code>
|
|
1190
|
-
* </p>
|
|
1191
|
-
* </li>
|
|
1192
|
-
* <li>
|
|
1193
1168
|
* <p>Example: <code>SECURITY_GROUPS_COMMON</code>
|
|
1194
1169
|
* </p>
|
|
1195
1170
|
* <p>
|
|
@@ -1240,12 +1215,18 @@ export interface SecurityServicePolicyData {
|
|
|
1240
1215
|
* </p>
|
|
1241
1216
|
* </li>
|
|
1242
1217
|
* <li>
|
|
1218
|
+
* <p>Example: <code>SHIELD_ADVANCED</code> with web ACL management</p>
|
|
1219
|
+
* <p>
|
|
1220
|
+
* <code>"\{\"type\":\"SHIELD_ADVANCED\",\"optimizeUnassociatedWebACL\":true\}"</code>
|
|
1221
|
+
* </p>
|
|
1222
|
+
* <p>If you set <code>optimizeUnassociatedWebACL</code> to <code>true</code>, Firewall Manager creates web ACLs in accounts within the policy scope if the web ACLs will be used by at least one resource. Firewall Manager creates web ACLs in the accounts within policy scope only if the web ACLs will be used by at least one resource. If at any time an account comes into policy scope, Firewall Manager automatically creates a web ACL in the account if at least one resource will use the web ACL.</p>
|
|
1223
|
+
* <p>Upon enablement, Firewall Manager performs a one-time cleanup of unused web ACLs in your account. The cleanup process can take several hours. If a resource leaves policy scope after Firewall Manager creates a web ACL, Firewall Manager doesn't disassociate the resource from the web ACL. If you want Firewall Manager to clean up the web ACL, you must first manually disassociate the resources from the web ACL, and then enable the manage unused web ACLs option in your policy.</p>
|
|
1224
|
+
* <p>If you set <code>optimizeUnassociatedWebACL</code> to <code>false</code>, and Firewall Manager automatically creates an empty web ACL in each account that's within policy scope.</p>
|
|
1225
|
+
* </li>
|
|
1226
|
+
* <li>
|
|
1243
1227
|
* <p>Specification for <code>SHIELD_ADVANCED</code> for Amazon CloudFront distributions </p>
|
|
1244
1228
|
* <p>
|
|
1245
|
-
* <code>"\{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\":
|
|
1246
|
-
* \{\"automaticResponseStatus\":\"ENABLED|IGNORED|DISABLED\",
|
|
1247
|
-
* \"automaticResponseAction\":\"BLOCK|COUNT\"\},
|
|
1248
|
-
* \"overrideCustomerWebaclClassic\":true|false\}"</code>
|
|
1229
|
+
* <code>"\{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": \{\"automaticResponseStatus\":\"ENABLED|IGNORED|DISABLED\", \"automaticResponseAction\":\"BLOCK|COUNT\"\}, \"overrideCustomerWebaclClassic\":true|false, \"optimizeUnassociatedWebACL\":true|false\}"</code>
|
|
1249
1230
|
* </p>
|
|
1250
1231
|
* <p>For example:
|
|
1251
1232
|
* <code>"\{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\":
|
|
@@ -1261,17 +1242,53 @@ export interface SecurityServicePolicyData {
|
|
|
1261
1242
|
* <code>ManagedServiceData</code> configuration is an empty string.</p>
|
|
1262
1243
|
* </li>
|
|
1263
1244
|
* <li>
|
|
1264
|
-
* <p>Example: <code>
|
|
1245
|
+
* <p>Example: <code>THIRD_PARTY_FIREWALL</code>
|
|
1246
|
+
* </p>
|
|
1247
|
+
* <p>Replace <code>THIRD_PARTY_FIREWALL_NAME</code> with the name of the third-party firewall.</p>
|
|
1248
|
+
* <p>
|
|
1249
|
+
* <code>"\{
|
|
1250
|
+
* "type":"THIRD_PARTY_FIREWALL",
|
|
1251
|
+
* "thirdPartyFirewall":"THIRD_PARTY_FIREWALL_NAME",
|
|
1252
|
+
* "thirdPartyFirewallConfig":\{
|
|
1253
|
+
* "thirdPartyFirewallPolicyList":["global-1"]
|
|
1254
|
+
* \},
|
|
1255
|
+
* "firewallDeploymentModel":\{
|
|
1256
|
+
* "distributedFirewallDeploymentModel":\{
|
|
1257
|
+
* "distributedFirewallOrchestrationConfig":\{
|
|
1258
|
+
* "firewallCreationConfig":\{
|
|
1259
|
+
* "endpointLocation":\{
|
|
1260
|
+
* "availabilityZoneConfigList":[
|
|
1261
|
+
* \{
|
|
1262
|
+
* "availabilityZoneName":"$\{AvailabilityZone\}"
|
|
1263
|
+
* \}
|
|
1264
|
+
* ]
|
|
1265
|
+
* \}
|
|
1266
|
+
* \},
|
|
1267
|
+
* "allowedIPV4CidrList":[
|
|
1268
|
+
* ]
|
|
1269
|
+
* \}
|
|
1270
|
+
* \}
|
|
1271
|
+
* \}
|
|
1272
|
+
* \}"</code>
|
|
1273
|
+
* </p>
|
|
1274
|
+
* </li>
|
|
1275
|
+
* <li>
|
|
1276
|
+
* <p>Example: <code>WAFV2</code> - Account takeover prevention, Bot Control managed rule groups, optimize unassociated web ACL, and rule action override
|
|
1265
1277
|
* </p>
|
|
1266
1278
|
* <p>
|
|
1267
|
-
* <code>"\{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[\{\"ruleGroupArn\":null,\"overrideAction\":\{\"type\":\"NONE\"\},\"managedRuleGroupIdentifier\":\{\"versionEnabled\":null,\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesATPRuleSet\",\"managedRuleGroupConfigs\":[\{\"awsmanagedRulesATPRuleSet\":\{\"loginPath\":\"/loginpath\",\"requestInspection\":\{\"payloadType\":\"FORM_ENCODED|JSON\",\"usernameField\":\{\"identifier\":\"/form/username\"\},\"passwordField\":\{\"identifier\":\"/form/password\"\}\}\}\}]\},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[],\"sampledRequestsEnabled\":true\},\{\"ruleGroupArn\":null,\"overrideAction\":\{\"type\":\"NONE\"\},\"managedRuleGroupIdentifier\":\{\"versionEnabled\":null,\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesBotControlRuleSet\",\"managedRuleGroupConfigs\":[\{\"awsmanagedRulesBotControlRuleSet\":\{\"inspectionLevel\":\"TARGETED|COMMON\"\}\}]\},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[],\"sampledRequestsEnabled\":true,\"ruleActionOverrides\":[\{\"name\":\"Rule1\",\"actionToUse\":\{\"allow|block|count|captcha|challenge\":\{\}\}\},\{\"name\":\"Rule2\",\"actionToUse\":\{\"allow|block|count|captcha|challenge\":\{\}\}\}]\}],\"postProcessRuleGroups\":[],\"defaultAction\":\{\"type\":\"ALLOW\"\},\"customRequestHandling\":null,\"customResponse\":null,\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":null,\"sampledRequestsEnabledForDefaultActions\":true\}"</code>
|
|
1279
|
+
* <code>"\{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[\{\"ruleGroupArn\":null,\"overrideAction\":\{\"type\":\"NONE\"\},\"managedRuleGroupIdentifier\":\{\"versionEnabled\":null,\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesATPRuleSet\",\"managedRuleGroupConfigs\":[\{\"awsmanagedRulesATPRuleSet\":\{\"loginPath\":\"/loginpath\",\"requestInspection\":\{\"payloadType\":\"FORM_ENCODED|JSON\",\"usernameField\":\{\"identifier\":\"/form/username\"\},\"passwordField\":\{\"identifier\":\"/form/password\"\}\}\}\}]\},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[],\"sampledRequestsEnabled\":true\},\{\"ruleGroupArn\":null,\"overrideAction\":\{\"type\":\"NONE\"\},\"managedRuleGroupIdentifier\":\{\"versionEnabled\":null,\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesBotControlRuleSet\",\"managedRuleGroupConfigs\":[\{\"awsmanagedRulesBotControlRuleSet\":\{\"inspectionLevel\":\"TARGETED|COMMON\"\}\}]\},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[],\"sampledRequestsEnabled\":true,\"ruleActionOverrides\":[\{\"name\":\"Rule1\",\"actionToUse\":\{\"allow|block|count|captcha|challenge\":\{\}\}\},\{\"name\":\"Rule2\",\"actionToUse\":\{\"allow|block|count|captcha|challenge\":\{\}\}\}]\}],\"postProcessRuleGroups\":[],\"defaultAction\":\{\"type\":\"ALLOW\"\},\"customRequestHandling\":null,\"customResponse\":null,\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":null,\"sampledRequestsEnabledForDefaultActions\":true,\"optimizeUnassociatedWebACL\":true\}"</code>
|
|
1268
1280
|
* </p>
|
|
1269
1281
|
* <ul>
|
|
1270
1282
|
* <li>
|
|
1283
|
+
* <p>Bot Control - For information about <code>AWSManagedRulesBotControlRuleSet</code> managed rule groups, see <a href="https://docs.aws.amazon.com/waf/latest/APIReference/API_AWSManagedRulesBotControlRuleSet.html">AWSManagedRulesBotControlRuleSet</a> in the <i>WAF API Reference</i>.</p>
|
|
1284
|
+
* </li>
|
|
1285
|
+
* <li>
|
|
1271
1286
|
* <p>Fraud Control account takeover prevention (ATP) - For information about the properties available for <code>AWSManagedRulesATPRuleSet</code> managed rule groups, see <a href="https://docs.aws.amazon.com/waf/latest/APIReference/API_AWSManagedRulesATPRuleSet.html">AWSManagedRulesATPRuleSet</a> in the <i>WAF API Reference</i>.</p>
|
|
1272
1287
|
* </li>
|
|
1273
1288
|
* <li>
|
|
1274
|
-
* <p>
|
|
1289
|
+
* <p>Optimize unassociated web ACL - If you set <code>optimizeUnassociatedWebACL</code> to <code>true</code>, Firewall Manager creates web ACLs in accounts within the policy scope if the web ACLs will be used by at least one resource. Firewall Manager creates web ACLs in the accounts within policy scope only if the web ACLs will be used by at least one resource. If at any time an account comes into policy scope, Firewall Manager automatically creates a web ACL in the account if at least one resource will use the web ACL.</p>
|
|
1290
|
+
* <p>Upon enablement, Firewall Manager performs a one-time cleanup of unused web ACLs in your account. The cleanup process can take several hours. If a resource leaves policy scope after Firewall Manager creates a web ACL, Firewall Manager disassociates the resource from the web ACL, but won't clean up the unused web ACL. Firewall Manager only cleans up unused web ACLs when you first enable management of unused web ACLs in a policy.</p>
|
|
1291
|
+
* <p>If you set <code>optimizeUnassociatedWebACL</code> to <code>false</code> Firewall Manager doesn't manage unused web ACLs, and Firewall Manager automatically creates an empty web ACL in each account that's within policy scope.</p>
|
|
1275
1292
|
* </li>
|
|
1276
1293
|
* <li>
|
|
1277
1294
|
* <p>Rule action overrides - Firewall Manager supports rule action overrides only for managed rule groups. To configure a <code>RuleActionOverrides</code> add the <code>Name</code> of the rule to override, and <code>ActionToUse</code>, which is the new action to use for the rule. For information about using rule action override, see <a href="https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleActionOverride.html">RuleActionOverride</a> in the <i>WAF API Reference</i>.</p>
|
|
@@ -1282,9 +1299,18 @@ export interface SecurityServicePolicyData {
|
|
|
1282
1299
|
* <p>Example: <code>WAFV2</code> - <code>CAPTCHA</code> and <code>Challenge</code> configs
|
|
1283
1300
|
* </p>
|
|
1284
1301
|
* <p>
|
|
1285
|
-
* <code>"\{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[\{\"ruleGroupArn\":null,\"overrideAction\":\{\"type\":\"NONE\"\},\"managedRuleGroupIdentifier\":\{\"versionEnabled\":null,\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAdminProtectionRuleSet\"\},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[],\"sampledRequestsEnabled\":true\}],\"postProcessRuleGroups\":[],\"defaultAction\":\{\"type\":\"ALLOW\"\},\"customRequestHandling\":null,\"customResponse\":null,\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":null,\"sampledRequestsEnabledForDefaultActions\":true,\"captchaConfig\":\{\"immunityTimeProperty\":\{\"immunityTime\":500\}\},\"challengeConfig\":\{\"immunityTimeProperty\":\{\"immunityTime\":800\}\},\"tokenDomains\":[\"google.com\",\"amazon.com\"]\}"</code>
|
|
1302
|
+
* <code>"\{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[\{\"ruleGroupArn\":null,\"overrideAction\":\{\"type\":\"NONE\"\},\"managedRuleGroupIdentifier\":\{\"versionEnabled\":null,\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAdminProtectionRuleSet\"\},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[],\"sampledRequestsEnabled\":true\}],\"postProcessRuleGroups\":[],\"defaultAction\":\{\"type\":\"ALLOW\"\},\"customRequestHandling\":null,\"customResponse\":null,\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":null,\"sampledRequestsEnabledForDefaultActions\":true,\"captchaConfig\":\{\"immunityTimeProperty\":\{\"immunityTime\":500\}\},\"challengeConfig\":\{\"immunityTimeProperty\":\{\"immunityTime\":800\}\},\"tokenDomains\":[\"google.com\",\"amazon.com\"],\"associationConfig\":\{\"requestBody\":\{\"CLOUDFRONT\":\{\"defaultSizeInspectionLimit\":\"KB_16\"\}\}\}\}"</code>
|
|
1286
1303
|
* </p>
|
|
1287
|
-
* <
|
|
1304
|
+
* <ul>
|
|
1305
|
+
* <li>
|
|
1306
|
+
* <p>
|
|
1307
|
+
* <code>CAPTCHA</code> and <code>Challenge</code> configs - If you update the policy's values for <code>associationConfig</code>, <code>captchaConfig</code>, <code>challengeConfig</code>, or <code>tokenDomains</code>, Firewall Manager will overwrite your local web ACLs to contain the new value(s). However, if you don't update the policy's <code>associationConfig</code>, <code>captchaConfig</code>, <code>challengeConfig</code>, or <code>tokenDomains</code> values, the values in your local web ACLs will remain unchanged. For information about association configs, see <a href="https://docs.aws.amazon.com/waf/latest/APIReference/API_AssociationConfig.html">AssociationConfig</a>. For information about CAPTCHA and Challenge configs, see <a href="https://docs.aws.amazon.com/waf/latest/APIReference/API_CaptchaConfig.html">CaptchaConfig</a> and <a href="https://docs.aws.amazon.com/waf/latest/APIReference/API_ChallengeConfig.html">ChallengeConfig</a> in the <i>WAF API Reference</i>.</p>
|
|
1308
|
+
* </li>
|
|
1309
|
+
* <li>
|
|
1310
|
+
* <p>
|
|
1311
|
+
* <code>defaultSizeInspectionLimit</code> - Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to WAF for inspection. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/APIReference/API_RequestBodyAssociatedResourceTypeConfig.html#WAF-Type-RequestBodyAssociatedResourceTypeConfig-DefaultSizeInspectionLimit">DefaultSizeInspectionLimit</a> in the <i>WAF API Reference</i>.</p>
|
|
1312
|
+
* </li>
|
|
1313
|
+
* </ul>
|
|
1288
1314
|
* </li>
|
|
1289
1315
|
* <li>
|
|
1290
1316
|
* <p>Example: <code>WAFV2</code> - Firewall Manager support for WAF managed rule group versioning
|
|
@@ -1363,14 +1389,27 @@ export interface Policy {
|
|
|
1363
1389
|
* <p>The type of resource protected by or in scope of the policy. This is in the format shown
|
|
1364
1390
|
* in the <a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html">Amazon Web Services Resource Types Reference</a>.
|
|
1365
1391
|
* To apply this policy to multiple resource types, specify a resource type of <code>ResourceTypeList</code> and then specify the resource types in a <code>ResourceTypeList</code>.</p>
|
|
1366
|
-
* <p>
|
|
1367
|
-
*
|
|
1368
|
-
*
|
|
1369
|
-
*
|
|
1370
|
-
*
|
|
1371
|
-
*
|
|
1372
|
-
*
|
|
1373
|
-
*
|
|
1392
|
+
* <p>The following are valid resource types for each Firewall Manager policy type:</p>
|
|
1393
|
+
* <ul>
|
|
1394
|
+
* <li>
|
|
1395
|
+
* <p>Amazon Web Services WAF Classic - <code>AWS::ApiGateway::Stage</code>, <code>AWS::CloudFront::Distribution</code>, and <code>AWS::ElasticLoadBalancingV2::LoadBalancer</code>.</p>
|
|
1396
|
+
* </li>
|
|
1397
|
+
* <li>
|
|
1398
|
+
* <p>WAF - <code>AWS::ApiGateway::Stage</code>, <code>AWS::ElasticLoadBalancingV2::LoadBalancer</code>, and <code>AWS::CloudFront::Distribution</code>.</p>
|
|
1399
|
+
* </li>
|
|
1400
|
+
* <li>
|
|
1401
|
+
* <p> DNS Firewall, Network Firewall, and third-party firewall - <code>AWS::EC2::VPC</code>.</p>
|
|
1402
|
+
* </li>
|
|
1403
|
+
* <li>
|
|
1404
|
+
* <p>Shield Advanced - <code>AWS::ElasticLoadBalancingV2::LoadBalancer</code>, <code>AWS::ElasticLoadBalancing::LoadBalancer</code>, <code>AWS::EC2::EIP</code>, and <code>AWS::CloudFront::Distribution</code>.</p>
|
|
1405
|
+
* </li>
|
|
1406
|
+
* <li>
|
|
1407
|
+
* <p>Security group content audit - <code>AWS::EC2::SecurityGroup</code>, <code>AWS::EC2::NetworkInterface</code>, and <code>AWS::EC2::Instance</code>.</p>
|
|
1408
|
+
* </li>
|
|
1409
|
+
* <li>
|
|
1410
|
+
* <p>Security group usage audit - <code>AWS::EC2::SecurityGroup</code>.</p>
|
|
1411
|
+
* </li>
|
|
1412
|
+
* </ul>
|
|
1374
1413
|
*/
|
|
1375
1414
|
ResourceType: string | undefined;
|
|
1376
1415
|
/**
|
|
@@ -1851,7 +1890,24 @@ export interface GetThirdPartyFirewallAssociationStatusResponse {
|
|
|
1851
1890
|
export interface GetViolationDetailsRequest {
|
|
1852
1891
|
/**
|
|
1853
1892
|
* @public
|
|
1854
|
-
* <p>The ID of the Firewall Manager policy that you want the details for.
|
|
1893
|
+
* <p>The ID of the Firewall Manager policy that you want the details for. You can get violation details for the following policy types:</p>
|
|
1894
|
+
* <ul>
|
|
1895
|
+
* <li>
|
|
1896
|
+
* <p>DNS Firewall</p>
|
|
1897
|
+
* </li>
|
|
1898
|
+
* <li>
|
|
1899
|
+
* <p>Imported Network Firewall</p>
|
|
1900
|
+
* </li>
|
|
1901
|
+
* <li>
|
|
1902
|
+
* <p>Network Firewall</p>
|
|
1903
|
+
* </li>
|
|
1904
|
+
* <li>
|
|
1905
|
+
* <p>Security group content audit</p>
|
|
1906
|
+
* </li>
|
|
1907
|
+
* <li>
|
|
1908
|
+
* <p>Third-party firewall</p>
|
|
1909
|
+
* </li>
|
|
1910
|
+
* </ul>
|
|
1855
1911
|
*/
|
|
1856
1912
|
PolicyId: string | undefined;
|
|
1857
1913
|
/**
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@aws-sdk/client-fms",
|
|
3
3
|
"description": "AWS SDK for JavaScript Fms Client for Node.js, Browser and React Native",
|
|
4
|
-
"version": "3.
|
|
4
|
+
"version": "3.450.0",
|
|
5
5
|
"scripts": {
|
|
6
6
|
"build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
|
|
7
7
|
"build:cjs": "tsc -p tsconfig.cjs.json",
|
|
@@ -21,19 +21,19 @@
|
|
|
21
21
|
"dependencies": {
|
|
22
22
|
"@aws-crypto/sha256-browser": "3.0.0",
|
|
23
23
|
"@aws-crypto/sha256-js": "3.0.0",
|
|
24
|
-
"@aws-sdk/client-sts": "3.
|
|
24
|
+
"@aws-sdk/client-sts": "3.450.0",
|
|
25
25
|
"@aws-sdk/core": "3.445.0",
|
|
26
|
-
"@aws-sdk/credential-provider-node": "3.
|
|
27
|
-
"@aws-sdk/middleware-host-header": "3.
|
|
28
|
-
"@aws-sdk/middleware-logger": "3.
|
|
29
|
-
"@aws-sdk/middleware-recursion-detection": "3.
|
|
30
|
-
"@aws-sdk/middleware-signing": "3.
|
|
31
|
-
"@aws-sdk/middleware-user-agent": "3.
|
|
26
|
+
"@aws-sdk/credential-provider-node": "3.450.0",
|
|
27
|
+
"@aws-sdk/middleware-host-header": "3.449.0",
|
|
28
|
+
"@aws-sdk/middleware-logger": "3.449.0",
|
|
29
|
+
"@aws-sdk/middleware-recursion-detection": "3.449.0",
|
|
30
|
+
"@aws-sdk/middleware-signing": "3.449.0",
|
|
31
|
+
"@aws-sdk/middleware-user-agent": "3.449.0",
|
|
32
32
|
"@aws-sdk/region-config-resolver": "3.433.0",
|
|
33
|
-
"@aws-sdk/types": "3.
|
|
34
|
-
"@aws-sdk/util-endpoints": "3.
|
|
35
|
-
"@aws-sdk/util-user-agent-browser": "3.
|
|
36
|
-
"@aws-sdk/util-user-agent-node": "3.
|
|
33
|
+
"@aws-sdk/types": "3.449.0",
|
|
34
|
+
"@aws-sdk/util-endpoints": "3.449.0",
|
|
35
|
+
"@aws-sdk/util-user-agent-browser": "3.449.0",
|
|
36
|
+
"@aws-sdk/util-user-agent-node": "3.449.0",
|
|
37
37
|
"@smithy/config-resolver": "^2.0.16",
|
|
38
38
|
"@smithy/fetch-http-handler": "^2.2.4",
|
|
39
39
|
"@smithy/hash-node": "^2.0.12",
|