Documentation

Violation detail based on resource type.

See: newResourceViolation smart constructor.

Create a value of ResourceViolation with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:awsEc2InstanceViolation:ResourceViolation', resourceViolation_awsEc2InstanceViolation - Violation detail for an EC2 instance.

$sel:awsEc2NetworkInterfaceViolation:ResourceViolation', resourceViolation_awsEc2NetworkInterfaceViolation - Violation detail for a network interface.

$sel:awsVPCSecurityGroupViolation:ResourceViolation', resourceViolation_awsVPCSecurityGroupViolation - Violation detail for security groups.

$sel:dnsDuplicateRuleGroupViolation:ResourceViolation', resourceViolation_dnsDuplicateRuleGroupViolation - Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.

$sel:dnsRuleGroupLimitExceededViolation:ResourceViolation', resourceViolation_dnsRuleGroupLimitExceededViolation - Violation detail for a DNS Firewall policy that indicates that the VPC reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed.

$sel:dnsRuleGroupPriorityConflictViolation:ResourceViolation', resourceViolation_dnsRuleGroupPriorityConflictViolation - Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.

$sel:firewallSubnetIsOutOfScopeViolation:ResourceViolation', resourceViolation_firewallSubnetIsOutOfScopeViolation - Contains details about the firewall subnet that violates the policy scope.

$sel:firewallSubnetMissingVPCEndpointViolation:ResourceViolation', resourceViolation_firewallSubnetMissingVPCEndpointViolation - The violation details for a third-party firewall's VPC endpoint subnet that was deleted.

$sel:networkFirewallBlackHoleRouteDetectedViolation:ResourceViolation', resourceViolation_networkFirewallBlackHoleRouteDetectedViolation - Undocumented member.

$sel:networkFirewallInternetTrafficNotInspectedViolation:ResourceViolation', resourceViolation_networkFirewallInternetTrafficNotInspectedViolation - Violation detail for the subnet for which internet traffic hasn't been inspected.

$sel:networkFirewallInvalidRouteConfigurationViolation:ResourceViolation', resourceViolation_networkFirewallInvalidRouteConfigurationViolation - The route configuration is invalid.

$sel:networkFirewallMissingExpectedRTViolation:ResourceViolation', resourceViolation_networkFirewallMissingExpectedRTViolation - Violation detail for an Network Firewall policy that indicates that a subnet is not associated with the expected Firewall Manager managed route table.

$sel:networkFirewallMissingExpectedRoutesViolation:ResourceViolation', resourceViolation_networkFirewallMissingExpectedRoutesViolation - Expected routes are missing from Network Firewall.

$sel:networkFirewallMissingFirewallViolation:ResourceViolation', resourceViolation_networkFirewallMissingFirewallViolation - Violation detail for an Network Firewall policy that indicates that a subnet has no Firewall Manager managed firewall in its VPC.

$sel:networkFirewallMissingSubnetViolation:ResourceViolation', resourceViolation_networkFirewallMissingSubnetViolation - Violation detail for an Network Firewall policy that indicates that an Availability Zone is missing the expected Firewall Manager managed subnet.

$sel:networkFirewallPolicyModifiedViolation:ResourceViolation', resourceViolation_networkFirewallPolicyModifiedViolation - Violation detail for an Network Firewall policy that indicates that a firewall policy in an individual account has been modified in a way that makes it noncompliant. For example, the individual account owner might have deleted a rule group, changed the priority of a stateless rule group, or changed a policy default action.

$sel:networkFirewallUnexpectedFirewallRoutesViolation:ResourceViolation', resourceViolation_networkFirewallUnexpectedFirewallRoutesViolation - There's an unexpected firewall route.

$sel:networkFirewallUnexpectedGatewayRoutesViolation:ResourceViolation', resourceViolation_networkFirewallUnexpectedGatewayRoutesViolation - There's an unexpected gateway route.

$sel:possibleRemediationActions:ResourceViolation', resourceViolation_possibleRemediationActions - A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.

$sel:routeHasOutOfScopeEndpointViolation:ResourceViolation', resourceViolation_routeHasOutOfScopeEndpointViolation - Contains details about the route endpoint that violates the policy scope.

$sel:thirdPartyFirewallMissingExpectedRouteTableViolation:ResourceViolation', resourceViolation_thirdPartyFirewallMissingExpectedRouteTableViolation - The violation details for a third-party firewall that has the Firewall Manager managed route table that was associated with the third-party firewall has been deleted.

$sel:thirdPartyFirewallMissingFirewallViolation:ResourceViolation', resourceViolation_thirdPartyFirewallMissingFirewallViolation - The violation details for a third-party firewall that's been deleted.

$sel:thirdPartyFirewallMissingSubnetViolation:ResourceViolation', resourceViolation_thirdPartyFirewallMissingSubnetViolation - The violation details for a third-party firewall's subnet that's been deleted.

Violation detail for an EC2 instance.

Violation detail for a network interface.

Violation detail for security groups.

Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.

Violation detail for a DNS Firewall policy that indicates that the VPC reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed.

Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.

Contains details about the firewall subnet that violates the policy scope.

The violation details for a third-party firewall's VPC endpoint subnet that was deleted.

Undocumented member.

Violation detail for the subnet for which internet traffic hasn't been inspected.

The route configuration is invalid.

Violation detail for an Network Firewall policy that indicates that a subnet is not associated with the expected Firewall Manager managed route table.

Expected routes are missing from Network Firewall.

Violation detail for an Network Firewall policy that indicates that a subnet has no Firewall Manager managed firewall in its VPC.

Violation detail for an Network Firewall policy that indicates that an Availability Zone is missing the expected Firewall Manager managed subnet.

Violation detail for an Network Firewall policy that indicates that a firewall policy in an individual account has been modified in a way that makes it noncompliant. For example, the individual account owner might have deleted a rule group, changed the priority of a stateless rule group, or changed a policy default action.

There's an unexpected firewall route.

There's an unexpected gateway route.

A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.

Contains details about the route endpoint that violates the policy scope.

The violation details for a third-party firewall that has the Firewall Manager managed route table that was associated with the third-party firewall has been deleted.

The violation details for a third-party firewall that's been deleted.

The violation details for a third-party firewall's subnet that's been deleted.