Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
- Service Configuration
- Errors
- Waiters
- Operations
- AssociateAdminAccount
- AssociateThirdPartyFirewall
- BatchAssociateResource
- BatchDisassociateResource
- DeleteAppsList
- DeleteNotificationChannel
- DeletePolicy
- DeleteProtocolsList
- DeleteResourceSet
- DisassociateAdminAccount
- DisassociateThirdPartyFirewall
- GetAdminAccount
- GetAppsList
- GetComplianceDetail
- GetNotificationChannel
- GetPolicy
- GetProtectionStatus
- GetProtocolsList
- GetResourceSet
- GetThirdPartyFirewallAssociationStatus
- GetViolationDetails
- ListAppsLists (Paginated)
- ListComplianceStatus (Paginated)
- ListDiscoveredResources
- ListMemberAccounts (Paginated)
- ListPolicies (Paginated)
- ListProtocolsLists (Paginated)
- ListResourceSetResources
- ListResourceSets
- ListTagsForResource
- ListThirdPartyFirewallFirewallPolicies (Paginated)
- PutAppsList
- PutNotificationChannel
- PutPolicy
- PutProtocolsList
- PutResourceSet
- TagResource
- UntagResource
- Types
- AccountRoleStatus
- CustomerPolicyScopeIdType
- DependentServiceName
- DestinationType
- FailedItemReason
- FirewallDeploymentModel
- MarketplaceSubscriptionOnboardingStatus
- NetworkFirewallOverrideAction
- PolicyComplianceStatusType
- RemediationActionType
- RuleOrder
- SecurityServiceType
- TargetType
- ThirdPartyFirewall
- ThirdPartyFirewallAssociationStatus
- ViolationReason
- ActionTarget
- App
- AppsListData
- AppsListDataSummary
- AwsEc2InstanceViolation
- AwsEc2NetworkInterfaceViolation
- AwsVPCSecurityGroupViolation
- ComplianceViolator
- DiscoveredResource
- DnsDuplicateRuleGroupViolation
- DnsRuleGroupLimitExceededViolation
- DnsRuleGroupPriorityConflictViolation
- EC2AssociateRouteTableAction
- EC2CopyRouteTableAction
- EC2CreateRouteAction
- EC2CreateRouteTableAction
- EC2DeleteRouteAction
- EC2ReplaceRouteAction
- EC2ReplaceRouteTableAssociationAction
- EvaluationResult
- ExpectedRoute
- FMSPolicyUpdateFirewallCreationConfigAction
- FailedItem
- FirewallSubnetIsOutOfScopeViolation
- FirewallSubnetMissingVPCEndpointViolation
- NetworkFirewallBlackHoleRouteDetectedViolation
- NetworkFirewallInternetTrafficNotInspectedViolation
- NetworkFirewallInvalidRouteConfigurationViolation
- NetworkFirewallMissingExpectedRTViolation
- NetworkFirewallMissingExpectedRoutesViolation
- NetworkFirewallMissingFirewallViolation
- NetworkFirewallMissingSubnetViolation
- NetworkFirewallPolicy
- NetworkFirewallPolicyDescription
- NetworkFirewallPolicyModifiedViolation
- NetworkFirewallStatefulRuleGroupOverride
- NetworkFirewallUnexpectedFirewallRoutesViolation
- NetworkFirewallUnexpectedGatewayRoutesViolation
- PartialMatch
- Policy
- PolicyComplianceDetail
- PolicyComplianceStatus
- PolicyOption
- PolicySummary
- PossibleRemediationAction
- PossibleRemediationActions
- ProtocolsListData
- ProtocolsListDataSummary
- RemediationAction
- RemediationActionWithOrder
- Resource
- ResourceSet
- ResourceSetSummary
- ResourceTag
- ResourceViolation
- Route
- RouteHasOutOfScopeEndpointViolation
- SecurityGroupRemediationAction
- SecurityGroupRuleDescription
- SecurityServicePolicyData
- StatefulEngineOptions
- StatefulRuleGroup
- StatelessRuleGroup
- Tag
- ThirdPartyFirewallFirewallPolicy
- ThirdPartyFirewallMissingExpectedRouteTableViolation
- ThirdPartyFirewallMissingFirewallViolation
- ThirdPartyFirewallMissingSubnetViolation
- ThirdPartyFirewallPolicy
- ViolationDetail
Derived from API version 2018-01-01
of the AWS service descriptions, licensed under Apache 2.0.
This is the Firewall Manager API Reference. This guide is for developers who need detailed information about the Firewall Manager API actions, data types, and errors. For detailed information about Firewall Manager features, see the Firewall Manager Developer Guide.
Some API actions require explicit resource permissions. For information, see the developer guide topic Firewall Manager required permissions for API actions.
Synopsis
- defaultService :: Service
- _InternalErrorException :: AsError a => Fold a ServiceError
- _InvalidInputException :: AsError a => Fold a ServiceError
- _InvalidOperationException :: AsError a => Fold a ServiceError
- _InvalidTypeException :: AsError a => Fold a ServiceError
- _LimitExceededException :: AsError a => Fold a ServiceError
- _ResourceNotFoundException :: AsError a => Fold a ServiceError
- data AssociateAdminAccount = AssociateAdminAccount' Text
- newAssociateAdminAccount :: Text -> AssociateAdminAccount
- data AssociateAdminAccountResponse = AssociateAdminAccountResponse' {
- newAssociateAdminAccountResponse :: AssociateAdminAccountResponse
- data AssociateThirdPartyFirewall = AssociateThirdPartyFirewall' ThirdPartyFirewall
- newAssociateThirdPartyFirewall :: ThirdPartyFirewall -> AssociateThirdPartyFirewall
- data AssociateThirdPartyFirewallResponse = AssociateThirdPartyFirewallResponse' (Maybe ThirdPartyFirewallAssociationStatus) Int
- newAssociateThirdPartyFirewallResponse :: Int -> AssociateThirdPartyFirewallResponse
- data BatchAssociateResource = BatchAssociateResource' Text [Text]
- newBatchAssociateResource :: Text -> BatchAssociateResource
- data BatchAssociateResourceResponse = BatchAssociateResourceResponse' Int Text [FailedItem]
- newBatchAssociateResourceResponse :: Int -> Text -> BatchAssociateResourceResponse
- data BatchDisassociateResource = BatchDisassociateResource' Text [Text]
- newBatchDisassociateResource :: Text -> BatchDisassociateResource
- data BatchDisassociateResourceResponse = BatchDisassociateResourceResponse' Int Text [FailedItem]
- newBatchDisassociateResourceResponse :: Int -> Text -> BatchDisassociateResourceResponse
- data DeleteAppsList = DeleteAppsList' Text
- newDeleteAppsList :: Text -> DeleteAppsList
- data DeleteAppsListResponse = DeleteAppsListResponse' {
- newDeleteAppsListResponse :: DeleteAppsListResponse
- data DeleteNotificationChannel = DeleteNotificationChannel' {
- newDeleteNotificationChannel :: DeleteNotificationChannel
- data DeleteNotificationChannelResponse = DeleteNotificationChannelResponse' {
- newDeleteNotificationChannelResponse :: DeleteNotificationChannelResponse
- data DeletePolicy = DeletePolicy' (Maybe Bool) Text
- newDeletePolicy :: Text -> DeletePolicy
- data DeletePolicyResponse = DeletePolicyResponse' {
- newDeletePolicyResponse :: DeletePolicyResponse
- data DeleteProtocolsList = DeleteProtocolsList' Text
- newDeleteProtocolsList :: Text -> DeleteProtocolsList
- data DeleteProtocolsListResponse = DeleteProtocolsListResponse' {
- newDeleteProtocolsListResponse :: DeleteProtocolsListResponse
- data DeleteResourceSet = DeleteResourceSet' Text
- newDeleteResourceSet :: Text -> DeleteResourceSet
- data DeleteResourceSetResponse = DeleteResourceSetResponse' {
- newDeleteResourceSetResponse :: DeleteResourceSetResponse
- data DisassociateAdminAccount = DisassociateAdminAccount' {
- newDisassociateAdminAccount :: DisassociateAdminAccount
- data DisassociateAdminAccountResponse = DisassociateAdminAccountResponse' {
- newDisassociateAdminAccountResponse :: DisassociateAdminAccountResponse
- data DisassociateThirdPartyFirewall = DisassociateThirdPartyFirewall' ThirdPartyFirewall
- newDisassociateThirdPartyFirewall :: ThirdPartyFirewall -> DisassociateThirdPartyFirewall
- data DisassociateThirdPartyFirewallResponse = DisassociateThirdPartyFirewallResponse' (Maybe ThirdPartyFirewallAssociationStatus) Int
- newDisassociateThirdPartyFirewallResponse :: Int -> DisassociateThirdPartyFirewallResponse
- data GetAdminAccount = GetAdminAccount' {
- newGetAdminAccount :: GetAdminAccount
- data GetAdminAccountResponse = GetAdminAccountResponse' (Maybe Text) (Maybe AccountRoleStatus) Int
- newGetAdminAccountResponse :: Int -> GetAdminAccountResponse
- data GetAppsList = GetAppsList' (Maybe Bool) Text
- newGetAppsList :: Text -> GetAppsList
- data GetAppsListResponse = GetAppsListResponse' (Maybe AppsListData) (Maybe Text) Int
- newGetAppsListResponse :: Int -> GetAppsListResponse
- data GetComplianceDetail = GetComplianceDetail' Text Text
- newGetComplianceDetail :: Text -> Text -> GetComplianceDetail
- data GetComplianceDetailResponse = GetComplianceDetailResponse' (Maybe PolicyComplianceDetail) Int
- newGetComplianceDetailResponse :: Int -> GetComplianceDetailResponse
- data GetNotificationChannel = GetNotificationChannel' {
- newGetNotificationChannel :: GetNotificationChannel
- data GetNotificationChannelResponse = GetNotificationChannelResponse' (Maybe Text) (Maybe Text) Int
- newGetNotificationChannelResponse :: Int -> GetNotificationChannelResponse
- data GetPolicy = GetPolicy' Text
- newGetPolicy :: Text -> GetPolicy
- data GetPolicyResponse = GetPolicyResponse' (Maybe Policy) (Maybe Text) Int
- newGetPolicyResponse :: Int -> GetPolicyResponse
- data GetProtectionStatus = GetProtectionStatus' (Maybe POSIX) (Maybe Natural) (Maybe Text) (Maybe Text) (Maybe POSIX) Text
- newGetProtectionStatus :: Text -> GetProtectionStatus
- data GetProtectionStatusResponse = GetProtectionStatusResponse' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe SecurityServiceType) Int
- newGetProtectionStatusResponse :: Int -> GetProtectionStatusResponse
- data GetProtocolsList = GetProtocolsList' (Maybe Bool) Text
- newGetProtocolsList :: Text -> GetProtocolsList
- data GetProtocolsListResponse = GetProtocolsListResponse' (Maybe ProtocolsListData) (Maybe Text) Int
- newGetProtocolsListResponse :: Int -> GetProtocolsListResponse
- data GetResourceSet = GetResourceSet' Text
- newGetResourceSet :: Text -> GetResourceSet
- data GetResourceSetResponse = GetResourceSetResponse' Int ResourceSet Text
- newGetResourceSetResponse :: Int -> ResourceSet -> Text -> GetResourceSetResponse
- data GetThirdPartyFirewallAssociationStatus = GetThirdPartyFirewallAssociationStatus' ThirdPartyFirewall
- newGetThirdPartyFirewallAssociationStatus :: ThirdPartyFirewall -> GetThirdPartyFirewallAssociationStatus
- data GetThirdPartyFirewallAssociationStatusResponse = GetThirdPartyFirewallAssociationStatusResponse' (Maybe MarketplaceSubscriptionOnboardingStatus) (Maybe ThirdPartyFirewallAssociationStatus) Int
- newGetThirdPartyFirewallAssociationStatusResponse :: Int -> GetThirdPartyFirewallAssociationStatusResponse
- data GetViolationDetails = GetViolationDetails' Text Text Text Text
- newGetViolationDetails :: Text -> Text -> Text -> Text -> GetViolationDetails
- data GetViolationDetailsResponse = GetViolationDetailsResponse' (Maybe ViolationDetail) Int
- newGetViolationDetailsResponse :: Int -> GetViolationDetailsResponse
- data ListAppsLists = ListAppsLists' (Maybe Bool) (Maybe Text) Natural
- newListAppsLists :: Natural -> ListAppsLists
- data ListAppsListsResponse = ListAppsListsResponse' (Maybe [AppsListDataSummary]) (Maybe Text) Int
- newListAppsListsResponse :: Int -> ListAppsListsResponse
- data ListComplianceStatus = ListComplianceStatus' (Maybe Natural) (Maybe Text) Text
- newListComplianceStatus :: Text -> ListComplianceStatus
- data ListComplianceStatusResponse = ListComplianceStatusResponse' (Maybe Text) (Maybe [PolicyComplianceStatus]) Int
- newListComplianceStatusResponse :: Int -> ListComplianceStatusResponse
- data ListDiscoveredResources = ListDiscoveredResources' (Maybe Natural) (Maybe Text) [Text] Text
- newListDiscoveredResources :: Text -> ListDiscoveredResources
- data ListDiscoveredResourcesResponse = ListDiscoveredResourcesResponse' (Maybe [DiscoveredResource]) (Maybe Text) Int
- newListDiscoveredResourcesResponse :: Int -> ListDiscoveredResourcesResponse
- data ListMemberAccounts = ListMemberAccounts' (Maybe Natural) (Maybe Text)
- newListMemberAccounts :: ListMemberAccounts
- data ListMemberAccountsResponse = ListMemberAccountsResponse' (Maybe [Text]) (Maybe Text) Int
- newListMemberAccountsResponse :: Int -> ListMemberAccountsResponse
- data ListPolicies = ListPolicies' (Maybe Natural) (Maybe Text)
- newListPolicies :: ListPolicies
- data ListPoliciesResponse = ListPoliciesResponse' (Maybe Text) (Maybe [PolicySummary]) Int
- newListPoliciesResponse :: Int -> ListPoliciesResponse
- data ListProtocolsLists = ListProtocolsLists' (Maybe Bool) (Maybe Text) Natural
- newListProtocolsLists :: Natural -> ListProtocolsLists
- data ListProtocolsListsResponse = ListProtocolsListsResponse' (Maybe Text) (Maybe [ProtocolsListDataSummary]) Int
- newListProtocolsListsResponse :: Int -> ListProtocolsListsResponse
- data ListResourceSetResources = ListResourceSetResources' (Maybe Natural) (Maybe Text) Text
- newListResourceSetResources :: Text -> ListResourceSetResources
- data ListResourceSetResourcesResponse = ListResourceSetResourcesResponse' (Maybe Text) Int [Resource]
- newListResourceSetResourcesResponse :: Int -> ListResourceSetResourcesResponse
- data ListResourceSets = ListResourceSets' (Maybe Natural) (Maybe Text)
- newListResourceSets :: ListResourceSets
- data ListResourceSetsResponse = ListResourceSetsResponse' (Maybe Text) (Maybe [ResourceSetSummary]) Int
- newListResourceSetsResponse :: Int -> ListResourceSetsResponse
- data ListTagsForResource = ListTagsForResource' Text
- newListTagsForResource :: Text -> ListTagsForResource
- data ListTagsForResourceResponse = ListTagsForResourceResponse' (Maybe [Tag]) Int
- newListTagsForResourceResponse :: Int -> ListTagsForResourceResponse
- data ListThirdPartyFirewallFirewallPolicies = ListThirdPartyFirewallFirewallPolicies' (Maybe Text) ThirdPartyFirewall Natural
- newListThirdPartyFirewallFirewallPolicies :: ThirdPartyFirewall -> Natural -> ListThirdPartyFirewallFirewallPolicies
- data ListThirdPartyFirewallFirewallPoliciesResponse = ListThirdPartyFirewallFirewallPoliciesResponse' (Maybe Text) (Maybe [ThirdPartyFirewallFirewallPolicy]) Int
- newListThirdPartyFirewallFirewallPoliciesResponse :: Int -> ListThirdPartyFirewallFirewallPoliciesResponse
- data PutAppsList = PutAppsList' (Maybe [Tag]) AppsListData
- newPutAppsList :: AppsListData -> PutAppsList
- data PutAppsListResponse = PutAppsListResponse' (Maybe AppsListData) (Maybe Text) Int
- newPutAppsListResponse :: Int -> PutAppsListResponse
- data PutNotificationChannel = PutNotificationChannel' Text Text
- newPutNotificationChannel :: Text -> Text -> PutNotificationChannel
- data PutNotificationChannelResponse = PutNotificationChannelResponse' {
- newPutNotificationChannelResponse :: PutNotificationChannelResponse
- data PutPolicy = PutPolicy' (Maybe [Tag]) Policy
- newPutPolicy :: Policy -> PutPolicy
- data PutPolicyResponse = PutPolicyResponse' (Maybe Policy) (Maybe Text) Int
- newPutPolicyResponse :: Int -> PutPolicyResponse
- data PutProtocolsList = PutProtocolsList' (Maybe [Tag]) ProtocolsListData
- newPutProtocolsList :: ProtocolsListData -> PutProtocolsList
- data PutProtocolsListResponse = PutProtocolsListResponse' (Maybe ProtocolsListData) (Maybe Text) Int
- newPutProtocolsListResponse :: Int -> PutProtocolsListResponse
- data PutResourceSet = PutResourceSet' (Maybe [Tag]) ResourceSet
- newPutResourceSet :: ResourceSet -> PutResourceSet
- data PutResourceSetResponse = PutResourceSetResponse' Int ResourceSet Text
- newPutResourceSetResponse :: Int -> ResourceSet -> Text -> PutResourceSetResponse
- data TagResource = TagResource' Text [Tag]
- newTagResource :: Text -> TagResource
- data TagResourceResponse = TagResourceResponse' Int
- newTagResourceResponse :: Int -> TagResourceResponse
- data UntagResource = UntagResource' Text [Text]
- newUntagResource :: Text -> UntagResource
- data UntagResourceResponse = UntagResourceResponse' Int
- newUntagResourceResponse :: Int -> UntagResourceResponse
- newtype AccountRoleStatus where
- AccountRoleStatus' { }
- pattern AccountRoleStatus_CREATING :: AccountRoleStatus
- pattern AccountRoleStatus_DELETED :: AccountRoleStatus
- pattern AccountRoleStatus_DELETING :: AccountRoleStatus
- pattern AccountRoleStatus_PENDING_DELETION :: AccountRoleStatus
- pattern AccountRoleStatus_READY :: AccountRoleStatus
- newtype CustomerPolicyScopeIdType where
- newtype DependentServiceName where
- newtype DestinationType where
- DestinationType' { }
- pattern DestinationType_IPV4 :: DestinationType
- pattern DestinationType_IPV6 :: DestinationType
- pattern DestinationType_PREFIX_LIST :: DestinationType
- newtype FailedItemReason where
- FailedItemReason' { }
- pattern FailedItemReason_NOT_VALID_ACCOUNT_ID :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_ARN :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_PARTITION :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_REGION :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_RESOURCE_TYPE :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_SERVICE :: FailedItemReason
- newtype FirewallDeploymentModel where
- newtype MarketplaceSubscriptionOnboardingStatus where
- MarketplaceSubscriptionOnboardingStatus' { }
- pattern MarketplaceSubscriptionOnboardingStatus_COMPLETE :: MarketplaceSubscriptionOnboardingStatus
- pattern MarketplaceSubscriptionOnboardingStatus_NOT_COMPLETE :: MarketplaceSubscriptionOnboardingStatus
- pattern MarketplaceSubscriptionOnboardingStatus_NO_SUBSCRIPTION :: MarketplaceSubscriptionOnboardingStatus
- newtype NetworkFirewallOverrideAction where
- newtype PolicyComplianceStatusType where
- newtype RemediationActionType where
- newtype RuleOrder where
- RuleOrder' { }
- pattern RuleOrder_DEFAULT_ACTION_ORDER :: RuleOrder
- pattern RuleOrder_STRICT_ORDER :: RuleOrder
- newtype SecurityServiceType where
- SecurityServiceType' { }
- pattern SecurityServiceType_DNS_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_IMPORT_NETWORK_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_NETWORK_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_SECURITY_GROUPS_COMMON :: SecurityServiceType
- pattern SecurityServiceType_SECURITY_GROUPS_CONTENT_AUDIT :: SecurityServiceType
- pattern SecurityServiceType_SECURITY_GROUPS_USAGE_AUDIT :: SecurityServiceType
- pattern SecurityServiceType_SHIELD_ADVANCED :: SecurityServiceType
- pattern SecurityServiceType_THIRD_PARTY_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_WAF :: SecurityServiceType
- pattern SecurityServiceType_WAFV2 :: SecurityServiceType
- newtype TargetType where
- TargetType' { }
- pattern TargetType_CARRIER_GATEWAY :: TargetType
- pattern TargetType_EGRESS_ONLY_INTERNET_GATEWAY :: TargetType
- pattern TargetType_GATEWAY :: TargetType
- pattern TargetType_INSTANCE :: TargetType
- pattern TargetType_LOCAL_GATEWAY :: TargetType
- pattern TargetType_NAT_GATEWAY :: TargetType
- pattern TargetType_NETWORK_INTERFACE :: TargetType
- pattern TargetType_TRANSIT_GATEWAY :: TargetType
- pattern TargetType_VPC_ENDPOINT :: TargetType
- pattern TargetType_VPC_PEERING_CONNECTION :: TargetType
- newtype ThirdPartyFirewall where
- newtype ThirdPartyFirewallAssociationStatus where
- ThirdPartyFirewallAssociationStatus' { }
- pattern ThirdPartyFirewallAssociationStatus_NOT_EXIST :: ThirdPartyFirewallAssociationStatus
- pattern ThirdPartyFirewallAssociationStatus_OFFBOARDING :: ThirdPartyFirewallAssociationStatus
- pattern ThirdPartyFirewallAssociationStatus_OFFBOARD_COMPLETE :: ThirdPartyFirewallAssociationStatus
- pattern ThirdPartyFirewallAssociationStatus_ONBOARDING :: ThirdPartyFirewallAssociationStatus
- pattern ThirdPartyFirewallAssociationStatus_ONBOARD_COMPLETE :: ThirdPartyFirewallAssociationStatus
- newtype ViolationReason where
- ViolationReason' { }
- pattern ViolationReason_BLACK_HOLE_ROUTE_DETECTED :: ViolationReason
- pattern ViolationReason_BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET :: ViolationReason
- pattern ViolationReason_FIREWALL_SUBNET_IS_OUT_OF_SCOPE :: ViolationReason
- pattern ViolationReason_FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE :: ViolationReason
- pattern ViolationReason_FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT :: ViolationReason
- pattern ViolationReason_FMS_CREATED_SECURITY_GROUP_EDITED :: ViolationReason
- pattern ViolationReason_INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE :: ViolationReason
- pattern ViolationReason_INTERNET_TRAFFIC_NOT_INSPECTED :: ViolationReason
- pattern ViolationReason_INVALID_ROUTE_CONFIGURATION :: ViolationReason
- pattern ViolationReason_MISSING_EXPECTED_ROUTE_TABLE :: ViolationReason
- pattern ViolationReason_MISSING_FIREWALL :: ViolationReason
- pattern ViolationReason_MISSING_FIREWALL_SUBNET_IN_AZ :: ViolationReason
- pattern ViolationReason_MISSING_TARGET_GATEWAY :: ViolationReason
- pattern ViolationReason_NETWORK_FIREWALL_POLICY_MODIFIED :: ViolationReason
- pattern ViolationReason_RESOURCE_INCORRECT_WEB_ACL :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_DNS_FIREWALL :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_SECURITY_GROUP :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_SHIELD_PROTECTION :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_WEB_ACL :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION :: ViolationReason
- pattern ViolationReason_RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP :: ViolationReason
- pattern ViolationReason_ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT :: ViolationReason
- pattern ViolationReason_SECURITY_GROUP_REDUNDANT :: ViolationReason
- pattern ViolationReason_SECURITY_GROUP_UNUSED :: ViolationReason
- pattern ViolationReason_TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY :: ViolationReason
- pattern ViolationReason_UNEXPECTED_FIREWALL_ROUTES :: ViolationReason
- pattern ViolationReason_UNEXPECTED_TARGET_GATEWAY_ROUTES :: ViolationReason
- pattern ViolationReason_WEB_ACL_MISSING_RULE_GROUP :: ViolationReason
- data ActionTarget = ActionTarget' (Maybe Text) (Maybe Text)
- newActionTarget :: ActionTarget
- data App = App' Text Text Natural
- newApp :: Text -> Text -> Natural -> App
- data AppsListData = AppsListData' (Maybe POSIX) (Maybe POSIX) (Maybe Text) (Maybe Text) (Maybe (HashMap Text [App])) Text [App]
- newAppsListData :: Text -> AppsListData
- data AppsListDataSummary = AppsListDataSummary' (Maybe [App]) (Maybe Text) (Maybe Text) (Maybe Text)
- newAppsListDataSummary :: AppsListDataSummary
- data AwsEc2InstanceViolation = AwsEc2InstanceViolation' (Maybe [AwsEc2NetworkInterfaceViolation]) (Maybe Text)
- newAwsEc2InstanceViolation :: AwsEc2InstanceViolation
- data AwsEc2NetworkInterfaceViolation = AwsEc2NetworkInterfaceViolation' (Maybe [Text]) (Maybe Text)
- newAwsEc2NetworkInterfaceViolation :: AwsEc2NetworkInterfaceViolation
- data AwsVPCSecurityGroupViolation = AwsVPCSecurityGroupViolation' (Maybe [PartialMatch]) (Maybe [SecurityGroupRemediationAction]) (Maybe Text) (Maybe Text)
- newAwsVPCSecurityGroupViolation :: AwsVPCSecurityGroupViolation
- data ComplianceViolator = ComplianceViolator' (Maybe (HashMap Text Text)) (Maybe Text) (Maybe Text) (Maybe ViolationReason)
- newComplianceViolator :: ComplianceViolator
- data DiscoveredResource = DiscoveredResource' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newDiscoveredResource :: DiscoveredResource
- data DnsDuplicateRuleGroupViolation = DnsDuplicateRuleGroupViolation' (Maybe Text) (Maybe Text)
- newDnsDuplicateRuleGroupViolation :: DnsDuplicateRuleGroupViolation
- data DnsRuleGroupLimitExceededViolation = DnsRuleGroupLimitExceededViolation' (Maybe Int) (Maybe Text) (Maybe Text)
- newDnsRuleGroupLimitExceededViolation :: DnsRuleGroupLimitExceededViolation
- data DnsRuleGroupPriorityConflictViolation = DnsRuleGroupPriorityConflictViolation' (Maybe Text) (Maybe Natural) (Maybe [Natural]) (Maybe Text) (Maybe Text)
- newDnsRuleGroupPriorityConflictViolation :: DnsRuleGroupPriorityConflictViolation
- data EC2AssociateRouteTableAction = EC2AssociateRouteTableAction' (Maybe Text) (Maybe ActionTarget) (Maybe ActionTarget) ActionTarget
- newEC2AssociateRouteTableAction :: ActionTarget -> EC2AssociateRouteTableAction
- data EC2CopyRouteTableAction = EC2CopyRouteTableAction' (Maybe Text) ActionTarget ActionTarget
- newEC2CopyRouteTableAction :: ActionTarget -> ActionTarget -> EC2CopyRouteTableAction
- data EC2CreateRouteAction = EC2CreateRouteAction' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe ActionTarget) (Maybe ActionTarget) ActionTarget
- newEC2CreateRouteAction :: ActionTarget -> EC2CreateRouteAction
- data EC2CreateRouteTableAction = EC2CreateRouteTableAction' (Maybe Text) ActionTarget
- newEC2CreateRouteTableAction :: ActionTarget -> EC2CreateRouteTableAction
- data EC2DeleteRouteAction = EC2DeleteRouteAction' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) ActionTarget
- newEC2DeleteRouteAction :: ActionTarget -> EC2DeleteRouteAction
- data EC2ReplaceRouteAction = EC2ReplaceRouteAction' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe ActionTarget) ActionTarget
- newEC2ReplaceRouteAction :: ActionTarget -> EC2ReplaceRouteAction
- data EC2ReplaceRouteTableAssociationAction = EC2ReplaceRouteTableAssociationAction' (Maybe Text) ActionTarget ActionTarget
- newEC2ReplaceRouteTableAssociationAction :: ActionTarget -> ActionTarget -> EC2ReplaceRouteTableAssociationAction
- data EvaluationResult = EvaluationResult' (Maybe PolicyComplianceStatusType) (Maybe Bool) (Maybe Natural)
- newEvaluationResult :: EvaluationResult
- data ExpectedRoute = ExpectedRoute' (Maybe [Text]) (Maybe [Text]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newExpectedRoute :: ExpectedRoute
- data FMSPolicyUpdateFirewallCreationConfigAction = FMSPolicyUpdateFirewallCreationConfigAction' (Maybe Text) (Maybe Text)
- newFMSPolicyUpdateFirewallCreationConfigAction :: FMSPolicyUpdateFirewallCreationConfigAction
- data FailedItem = FailedItem' (Maybe FailedItemReason) (Maybe Text)
- newFailedItem :: FailedItem
- data FirewallSubnetIsOutOfScopeViolation = FirewallSubnetIsOutOfScopeViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newFirewallSubnetIsOutOfScopeViolation :: FirewallSubnetIsOutOfScopeViolation
- data FirewallSubnetMissingVPCEndpointViolation = FirewallSubnetMissingVPCEndpointViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newFirewallSubnetMissingVPCEndpointViolation :: FirewallSubnetMissingVPCEndpointViolation
- data NetworkFirewallBlackHoleRouteDetectedViolation = NetworkFirewallBlackHoleRouteDetectedViolation' (Maybe Text) (Maybe [Route]) (Maybe Text) (Maybe Text)
- newNetworkFirewallBlackHoleRouteDetectedViolation :: NetworkFirewallBlackHoleRouteDetectedViolation
- data NetworkFirewallInternetTrafficNotInspectedViolation = NetworkFirewallInternetTrafficNotInspectedViolation' (Maybe [Route]) (Maybe [Route]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [ExpectedRoute]) (Maybe [ExpectedRoute]) (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text)
- newNetworkFirewallInternetTrafficNotInspectedViolation :: NetworkFirewallInternetTrafficNotInspectedViolation
- data NetworkFirewallInvalidRouteConfigurationViolation = NetworkFirewallInvalidRouteConfigurationViolation' (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe [Route]) (Maybe [Text]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [ExpectedRoute]) (Maybe [ExpectedRoute]) (Maybe Text) (Maybe Bool) (Maybe Text) (Maybe Route) (Maybe Text)
- newNetworkFirewallInvalidRouteConfigurationViolation :: NetworkFirewallInvalidRouteConfigurationViolation
- data NetworkFirewallMissingExpectedRTViolation = NetworkFirewallMissingExpectedRTViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newNetworkFirewallMissingExpectedRTViolation :: NetworkFirewallMissingExpectedRTViolation
- data NetworkFirewallMissingExpectedRoutesViolation = NetworkFirewallMissingExpectedRoutesViolation' (Maybe [ExpectedRoute]) (Maybe Text) (Maybe Text)
- newNetworkFirewallMissingExpectedRoutesViolation :: NetworkFirewallMissingExpectedRoutesViolation
- data NetworkFirewallMissingFirewallViolation = NetworkFirewallMissingFirewallViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newNetworkFirewallMissingFirewallViolation :: NetworkFirewallMissingFirewallViolation
- data NetworkFirewallMissingSubnetViolation = NetworkFirewallMissingSubnetViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newNetworkFirewallMissingSubnetViolation :: NetworkFirewallMissingSubnetViolation
- data NetworkFirewallPolicy = NetworkFirewallPolicy' (Maybe FirewallDeploymentModel)
- newNetworkFirewallPolicy :: NetworkFirewallPolicy
- data NetworkFirewallPolicyDescription = NetworkFirewallPolicyDescription' (Maybe [Text]) (Maybe StatefulEngineOptions) (Maybe [StatefulRuleGroup]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [StatelessRuleGroup])
- newNetworkFirewallPolicyDescription :: NetworkFirewallPolicyDescription
- data NetworkFirewallPolicyModifiedViolation = NetworkFirewallPolicyModifiedViolation' (Maybe NetworkFirewallPolicyDescription) (Maybe NetworkFirewallPolicyDescription) (Maybe Text)
- newNetworkFirewallPolicyModifiedViolation :: NetworkFirewallPolicyModifiedViolation
- data NetworkFirewallStatefulRuleGroupOverride = NetworkFirewallStatefulRuleGroupOverride' (Maybe NetworkFirewallOverrideAction)
- newNetworkFirewallStatefulRuleGroupOverride :: NetworkFirewallStatefulRuleGroupOverride
- data NetworkFirewallUnexpectedFirewallRoutesViolation = NetworkFirewallUnexpectedFirewallRoutesViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text)
- newNetworkFirewallUnexpectedFirewallRoutesViolation :: NetworkFirewallUnexpectedFirewallRoutesViolation
- data NetworkFirewallUnexpectedGatewayRoutesViolation = NetworkFirewallUnexpectedGatewayRoutesViolation' (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text)
- newNetworkFirewallUnexpectedGatewayRoutesViolation :: NetworkFirewallUnexpectedGatewayRoutesViolation
- data PartialMatch = PartialMatch' (Maybe Text) (Maybe [Text])
- newPartialMatch :: PartialMatch
- data Policy = Policy' (Maybe Bool) (Maybe (HashMap CustomerPolicyScopeIdType [Text])) (Maybe (HashMap CustomerPolicyScopeIdType [Text])) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Text]) (Maybe [ResourceTag]) (Maybe [Text]) Text SecurityServicePolicyData Text Bool Bool
- newPolicy :: Text -> SecurityServicePolicyData -> Text -> Bool -> Bool -> Policy
- data PolicyComplianceDetail = PolicyComplianceDetail' (Maybe Bool) (Maybe POSIX) (Maybe (HashMap DependentServiceName Text)) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [ComplianceViolator])
- newPolicyComplianceDetail :: PolicyComplianceDetail
- data PolicyComplianceStatus = PolicyComplianceStatus' (Maybe [EvaluationResult]) (Maybe (HashMap DependentServiceName Text)) (Maybe POSIX) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newPolicyComplianceStatus :: PolicyComplianceStatus
- data PolicyOption = PolicyOption' (Maybe NetworkFirewallPolicy) (Maybe ThirdPartyFirewallPolicy)
- newPolicyOption :: PolicyOption
- data PolicySummary = PolicySummary' (Maybe Bool) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) (Maybe SecurityServiceType)
- newPolicySummary :: PolicySummary
- data PossibleRemediationAction = PossibleRemediationAction' (Maybe Text) (Maybe Bool) [RemediationActionWithOrder]
- newPossibleRemediationAction :: PossibleRemediationAction
- data PossibleRemediationActions = PossibleRemediationActions' (Maybe [PossibleRemediationAction]) (Maybe Text)
- newPossibleRemediationActions :: PossibleRemediationActions
- data ProtocolsListData = ProtocolsListData' (Maybe POSIX) (Maybe POSIX) (Maybe Text) (Maybe Text) (Maybe (HashMap Text [Text])) Text [Text]
- newProtocolsListData :: Text -> ProtocolsListData
- data ProtocolsListDataSummary = ProtocolsListDataSummary' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Text])
- newProtocolsListDataSummary :: ProtocolsListDataSummary
- data RemediationAction = RemediationAction' (Maybe Text) (Maybe EC2AssociateRouteTableAction) (Maybe EC2CopyRouteTableAction) (Maybe EC2CreateRouteAction) (Maybe EC2CreateRouteTableAction) (Maybe EC2DeleteRouteAction) (Maybe EC2ReplaceRouteAction) (Maybe EC2ReplaceRouteTableAssociationAction) (Maybe FMSPolicyUpdateFirewallCreationConfigAction)
- newRemediationAction :: RemediationAction
- data RemediationActionWithOrder = RemediationActionWithOrder' (Maybe Int) (Maybe RemediationAction)
- newRemediationActionWithOrder :: RemediationActionWithOrder
- data Resource = Resource' (Maybe Text) Text
- newResource :: Text -> Resource
- data ResourceSet = ResourceSet' (Maybe Text) (Maybe Text) (Maybe POSIX) (Maybe Text) Text [Text]
- newResourceSet :: Text -> ResourceSet
- data ResourceSetSummary = ResourceSetSummary' (Maybe Text) (Maybe Text) (Maybe POSIX) (Maybe Text)
- newResourceSetSummary :: ResourceSetSummary
- data ResourceTag = ResourceTag' (Maybe Text) Text
- newResourceTag :: Text -> ResourceTag
- data ResourceViolation = ResourceViolation' (Maybe AwsEc2InstanceViolation) (Maybe AwsEc2NetworkInterfaceViolation) (Maybe AwsVPCSecurityGroupViolation) (Maybe DnsDuplicateRuleGroupViolation) (Maybe DnsRuleGroupLimitExceededViolation) (Maybe DnsRuleGroupPriorityConflictViolation) (Maybe FirewallSubnetIsOutOfScopeViolation) (Maybe FirewallSubnetMissingVPCEndpointViolation) (Maybe NetworkFirewallBlackHoleRouteDetectedViolation) (Maybe NetworkFirewallInternetTrafficNotInspectedViolation) (Maybe NetworkFirewallInvalidRouteConfigurationViolation) (Maybe NetworkFirewallMissingExpectedRTViolation) (Maybe NetworkFirewallMissingExpectedRoutesViolation) (Maybe NetworkFirewallMissingFirewallViolation) (Maybe NetworkFirewallMissingSubnetViolation) (Maybe NetworkFirewallPolicyModifiedViolation) (Maybe NetworkFirewallUnexpectedFirewallRoutesViolation) (Maybe NetworkFirewallUnexpectedGatewayRoutesViolation) (Maybe PossibleRemediationActions) (Maybe RouteHasOutOfScopeEndpointViolation) (Maybe ThirdPartyFirewallMissingExpectedRouteTableViolation) (Maybe ThirdPartyFirewallMissingFirewallViolation) (Maybe ThirdPartyFirewallMissingSubnetViolation)
- newResourceViolation :: ResourceViolation
- data Route = Route' (Maybe Text) (Maybe DestinationType) (Maybe Text) (Maybe TargetType)
- newRoute :: Route
- data RouteHasOutOfScopeEndpointViolation = RouteHasOutOfScopeEndpointViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text) (Maybe [Route]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text)
- newRouteHasOutOfScopeEndpointViolation :: RouteHasOutOfScopeEndpointViolation
- data SecurityGroupRemediationAction = SecurityGroupRemediationAction' (Maybe Text) (Maybe Bool) (Maybe RemediationActionType) (Maybe SecurityGroupRuleDescription)
- newSecurityGroupRemediationAction :: SecurityGroupRemediationAction
- data SecurityGroupRuleDescription = SecurityGroupRuleDescription' (Maybe Natural) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Natural)
- newSecurityGroupRuleDescription :: SecurityGroupRuleDescription
- data SecurityServicePolicyData = SecurityServicePolicyData' (Maybe Text) (Maybe PolicyOption) SecurityServiceType
- newSecurityServicePolicyData :: SecurityServiceType -> SecurityServicePolicyData
- data StatefulEngineOptions = StatefulEngineOptions' (Maybe RuleOrder)
- newStatefulEngineOptions :: StatefulEngineOptions
- data StatefulRuleGroup = StatefulRuleGroup' (Maybe NetworkFirewallStatefulRuleGroupOverride) (Maybe Int) (Maybe Text) (Maybe Text)
- newStatefulRuleGroup :: StatefulRuleGroup
- data StatelessRuleGroup = StatelessRuleGroup' (Maybe Natural) (Maybe Text) (Maybe Text)
- newStatelessRuleGroup :: StatelessRuleGroup
- data Tag = Tag' Text Text
- newTag :: Text -> Text -> Tag
- data ThirdPartyFirewallFirewallPolicy = ThirdPartyFirewallFirewallPolicy' (Maybe Text) (Maybe Text)
- newThirdPartyFirewallFirewallPolicy :: ThirdPartyFirewallFirewallPolicy
- data ThirdPartyFirewallMissingExpectedRouteTableViolation = ThirdPartyFirewallMissingExpectedRouteTableViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newThirdPartyFirewallMissingExpectedRouteTableViolation :: ThirdPartyFirewallMissingExpectedRouteTableViolation
- data ThirdPartyFirewallMissingFirewallViolation = ThirdPartyFirewallMissingFirewallViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newThirdPartyFirewallMissingFirewallViolation :: ThirdPartyFirewallMissingFirewallViolation
- data ThirdPartyFirewallMissingSubnetViolation = ThirdPartyFirewallMissingSubnetViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newThirdPartyFirewallMissingSubnetViolation :: ThirdPartyFirewallMissingSubnetViolation
- data ThirdPartyFirewallPolicy = ThirdPartyFirewallPolicy' (Maybe FirewallDeploymentModel)
- newThirdPartyFirewallPolicy :: ThirdPartyFirewallPolicy
- data ViolationDetail = ViolationDetail' (Maybe Text) (Maybe [Tag]) Text Text Text Text [ResourceViolation]
- newViolationDetail :: Text -> Text -> Text -> Text -> ViolationDetail
Service Configuration
defaultService :: Service Source #
API version 2018-01-01
of the Amazon Firewall Management Service SDK configuration.
Errors
Error matchers are designed for use with the functions provided by
Control.Exception.Lens.
This allows catching (and rethrowing) service specific errors returned
by FMS
.
InternalErrorException
_InternalErrorException :: AsError a => Fold a ServiceError Source #
The operation failed because of a system problem, even though the request was valid. Retry your request.
InvalidInputException
_InvalidInputException :: AsError a => Fold a ServiceError Source #
The parameters of the request were invalid.
InvalidOperationException
_InvalidOperationException :: AsError a => Fold a ServiceError Source #
The operation failed because there was nothing to do or the operation
wasn't possible. For example, you might have submitted an
AssociateAdminAccount
request for an account ID that was already set
as the Firewall Manager administrator. Or you might have tried to access
a Region that's disabled by default, and that you need to enable for
the Firewall Manager administrator account and for Organizations before
you can access it.
InvalidTypeException
_InvalidTypeException :: AsError a => Fold a ServiceError Source #
The value of the Type
parameter is invalid.
LimitExceededException
_LimitExceededException :: AsError a => Fold a ServiceError Source #
The operation exceeds a resource limit, for example, the maximum number
of policy
objects that you can create for an Amazon Web Services
account. For more information, see
Firewall Manager Limits
in the WAF Developer Guide.
ResourceNotFoundException
_ResourceNotFoundException :: AsError a => Fold a ServiceError Source #
The specified resource was not found.
Waiters
Waiters poll by repeatedly sending a request until some remote success condition
configured by the Wait
specification is fulfilled. The Wait
specification
determines how many attempts should be made, in addition to delay and retry strategies.
Operations
Some AWS operations return results that are incomplete and require subsequent
requests in order to obtain the entire result set. The process of sending
subsequent requests to continue where a previous request left off is called
pagination. For example, the ListObjects
operation of Amazon S3 returns up to
1000 objects at a time, and you must send subsequent requests with the
appropriate Marker in order to retrieve the next page of results.
Operations that have an AWSPager
instance can transparently perform subsequent
requests, correctly setting Markers and other request facets to iterate through
the entire result set of a truncated API operation. Operations which support
this have an additional note in the documentation.
Many operations have the ability to filter results on the server side. See the individual operation parameters for details.
AssociateAdminAccount
data AssociateAdminAccount Source #
See: newAssociateAdminAccount
smart constructor.
Instances
newAssociateAdminAccount Source #
Create a value of AssociateAdminAccount
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:adminAccount:AssociateAdminAccount'
, associateAdminAccount_adminAccount
- The Amazon Web Services account ID to associate with Firewall Manager as
the Firewall Manager administrator account. This must be an
Organizations member account. For more information about Organizations,
see
Managing the Amazon Web Services Accounts in Your Organization.
data AssociateAdminAccountResponse Source #
See: newAssociateAdminAccountResponse
smart constructor.
Instances
newAssociateAdminAccountResponse :: AssociateAdminAccountResponse Source #
Create a value of AssociateAdminAccountResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
AssociateThirdPartyFirewall
data AssociateThirdPartyFirewall Source #
See: newAssociateThirdPartyFirewall
smart constructor.
Instances
newAssociateThirdPartyFirewall Source #
Create a value of AssociateThirdPartyFirewall
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:thirdPartyFirewall:AssociateThirdPartyFirewall'
, associateThirdPartyFirewall_thirdPartyFirewall
- The name of the third-party firewall vendor.
data AssociateThirdPartyFirewallResponse Source #
See: newAssociateThirdPartyFirewallResponse
smart constructor.
Instances
Generic AssociateThirdPartyFirewallResponse Source # | |
Read AssociateThirdPartyFirewallResponse Source # | |
Show AssociateThirdPartyFirewallResponse Source # | |
NFData AssociateThirdPartyFirewallResponse Source # | |
Defined in Amazonka.FMS.AssociateThirdPartyFirewall rnf :: AssociateThirdPartyFirewallResponse -> () # | |
Eq AssociateThirdPartyFirewallResponse Source # | |
type Rep AssociateThirdPartyFirewallResponse Source # | |
Defined in Amazonka.FMS.AssociateThirdPartyFirewall type Rep AssociateThirdPartyFirewallResponse = D1 ('MetaData "AssociateThirdPartyFirewallResponse" "Amazonka.FMS.AssociateThirdPartyFirewall" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "AssociateThirdPartyFirewallResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "thirdPartyFirewallStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe ThirdPartyFirewallAssociationStatus)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int))) |
newAssociateThirdPartyFirewallResponse Source #
Create a value of AssociateThirdPartyFirewallResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:thirdPartyFirewallStatus:AssociateThirdPartyFirewallResponse'
, associateThirdPartyFirewallResponse_thirdPartyFirewallStatus
- The current status for setting a Firewall Manager policy
administrator's account as an administrator of the third-party firewall
tenant.
ONBOARDING
- The Firewall Manager policy administrator is being designated as a tenant administrator.ONBOARD_COMPLETE
- The Firewall Manager policy administrator is designated as a tenant administrator.OFFBOARDING
- The Firewall Manager policy administrator is being removed as a tenant administrator.OFFBOARD_COMPLETE
- The Firewall Manager policy administrator has been removed as a tenant administrator.NOT_EXIST
- The Firewall Manager policy administrator doesn't exist as a tenant administrator.
$sel:httpStatus:AssociateThirdPartyFirewallResponse'
, associateThirdPartyFirewallResponse_httpStatus
- The response's http status code.
BatchAssociateResource
data BatchAssociateResource Source #
See: newBatchAssociateResource
smart constructor.
Instances
newBatchAssociateResource Source #
Create a value of BatchAssociateResource
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
BatchAssociateResource
, batchAssociateResource_resourceSetIdentifier
- A unique identifier for the resource set, used in a TODO to refer to the
resource set.
$sel:items:BatchAssociateResource'
, batchAssociateResource_items
- The uniform resource identifiers (URIs) of resources that should be
associated to the resource set. The URIs must be Amazon Resource Names
(ARNs).
data BatchAssociateResourceResponse Source #
See: newBatchAssociateResourceResponse
smart constructor.
Instances
newBatchAssociateResourceResponse Source #
Create a value of BatchAssociateResourceResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:BatchAssociateResourceResponse'
, batchAssociateResourceResponse_httpStatus
- The response's http status code.
BatchAssociateResource
, batchAssociateResourceResponse_resourceSetIdentifier
- A unique identifier for the resource set, used in a TODO to refer to the
resource set.
$sel:failedItems:BatchAssociateResourceResponse'
, batchAssociateResourceResponse_failedItems
- The resources that failed to associate to the resource set.
BatchDisassociateResource
data BatchDisassociateResource Source #
See: newBatchDisassociateResource
smart constructor.
Instances
newBatchDisassociateResource Source #
Create a value of BatchDisassociateResource
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
BatchDisassociateResource
, batchDisassociateResource_resourceSetIdentifier
- A unique identifier for the resource set, used in a TODO to refer to the
resource set.
$sel:items:BatchDisassociateResource'
, batchDisassociateResource_items
- The uniform resource identifiers (URI) of resources that should be
disassociated from the resource set. The URIs must be Amazon Resource
Names (ARNs).
data BatchDisassociateResourceResponse Source #
See: newBatchDisassociateResourceResponse
smart constructor.
Instances
newBatchDisassociateResourceResponse Source #
Create a value of BatchDisassociateResourceResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:BatchDisassociateResourceResponse'
, batchDisassociateResourceResponse_httpStatus
- The response's http status code.
BatchDisassociateResource
, batchDisassociateResourceResponse_resourceSetIdentifier
- A unique identifier for the resource set, used in a TODO to refer to the
resource set.
$sel:failedItems:BatchDisassociateResourceResponse'
, batchDisassociateResourceResponse_failedItems
- The resources that failed to disassociate from the resource set.
DeleteAppsList
data DeleteAppsList Source #
See: newDeleteAppsList
smart constructor.
Instances
Create a value of DeleteAppsList
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
DeleteAppsList
, deleteAppsList_listId
- The ID of the applications list that you want to delete. You can
retrieve this ID from PutAppsList
, ListAppsLists
, and GetAppsList
.
data DeleteAppsListResponse Source #
See: newDeleteAppsListResponse
smart constructor.
Instances
Generic DeleteAppsListResponse Source # | |
Defined in Amazonka.FMS.DeleteAppsList type Rep DeleteAppsListResponse :: Type -> Type # | |
Read DeleteAppsListResponse Source # | |
Show DeleteAppsListResponse Source # | |
Defined in Amazonka.FMS.DeleteAppsList showsPrec :: Int -> DeleteAppsListResponse -> ShowS # show :: DeleteAppsListResponse -> String # showList :: [DeleteAppsListResponse] -> ShowS # | |
NFData DeleteAppsListResponse Source # | |
Defined in Amazonka.FMS.DeleteAppsList rnf :: DeleteAppsListResponse -> () # | |
Eq DeleteAppsListResponse Source # | |
Defined in Amazonka.FMS.DeleteAppsList | |
type Rep DeleteAppsListResponse Source # | |
newDeleteAppsListResponse :: DeleteAppsListResponse Source #
Create a value of DeleteAppsListResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
DeleteNotificationChannel
data DeleteNotificationChannel Source #
See: newDeleteNotificationChannel
smart constructor.
Instances
newDeleteNotificationChannel :: DeleteNotificationChannel Source #
Create a value of DeleteNotificationChannel
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
data DeleteNotificationChannelResponse Source #
See: newDeleteNotificationChannelResponse
smart constructor.
Instances
newDeleteNotificationChannelResponse :: DeleteNotificationChannelResponse Source #
Create a value of DeleteNotificationChannelResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
DeletePolicy
data DeletePolicy Source #
See: newDeletePolicy
smart constructor.
Instances
Create a value of DeletePolicy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:deleteAllPolicyResources:DeletePolicy'
, deletePolicy_deleteAllPolicyResources
- If True
, the request performs cleanup according to the policy type.
For WAF and Shield Advanced policies, the cleanup does the following:
- Deletes rule groups created by Firewall Manager
- Removes web ACLs from in-scope resources
- Deletes web ACLs that contain no rules or rule groups
For security group policies, the cleanup does the following for each security group in the policy:
- Disassociates the security group from in-scope resources
- Deletes the security group if it was created through Firewall Manager and if it's no longer associated with any resources through another policy
After the cleanup, in-scope resources are no longer protected by web ACLs in this policy. Protection of out-of-scope resources remains unchanged. Scope is determined by tags that you create and accounts that you associate with the policy. When creating the policy, if you specify that only resources in specific accounts or with specific tags are in scope of the policy, those accounts and resources are handled by the policy. All others are out of scope. If you don't specify tags or accounts, all resources are in scope.
DeletePolicy
, deletePolicy_policyId
- The ID of the policy that you want to delete. You can retrieve this ID
from PutPolicy
and ListPolicies
.
data DeletePolicyResponse Source #
See: newDeletePolicyResponse
smart constructor.
Instances
Generic DeletePolicyResponse Source # | |
Defined in Amazonka.FMS.DeletePolicy type Rep DeletePolicyResponse :: Type -> Type # from :: DeletePolicyResponse -> Rep DeletePolicyResponse x # to :: Rep DeletePolicyResponse x -> DeletePolicyResponse # | |
Read DeletePolicyResponse Source # | |
Defined in Amazonka.FMS.DeletePolicy | |
Show DeletePolicyResponse Source # | |
Defined in Amazonka.FMS.DeletePolicy showsPrec :: Int -> DeletePolicyResponse -> ShowS # show :: DeletePolicyResponse -> String # showList :: [DeletePolicyResponse] -> ShowS # | |
NFData DeletePolicyResponse Source # | |
Defined in Amazonka.FMS.DeletePolicy rnf :: DeletePolicyResponse -> () # | |
Eq DeletePolicyResponse Source # | |
Defined in Amazonka.FMS.DeletePolicy (==) :: DeletePolicyResponse -> DeletePolicyResponse -> Bool # (/=) :: DeletePolicyResponse -> DeletePolicyResponse -> Bool # | |
type Rep DeletePolicyResponse Source # | |
newDeletePolicyResponse :: DeletePolicyResponse Source #
Create a value of DeletePolicyResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
DeleteProtocolsList
data DeleteProtocolsList Source #
See: newDeleteProtocolsList
smart constructor.
Instances
newDeleteProtocolsList Source #
Create a value of DeleteProtocolsList
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
DeleteProtocolsList
, deleteProtocolsList_listId
- The ID of the protocols list that you want to delete. You can retrieve
this ID from PutProtocolsList
, ListProtocolsLists
, and
GetProtocolsLost
.
data DeleteProtocolsListResponse Source #
See: newDeleteProtocolsListResponse
smart constructor.
Instances
newDeleteProtocolsListResponse :: DeleteProtocolsListResponse Source #
Create a value of DeleteProtocolsListResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
DeleteResourceSet
data DeleteResourceSet Source #
See: newDeleteResourceSet
smart constructor.
Instances
Create a value of DeleteResourceSet
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identifier:DeleteResourceSet'
, deleteResourceSet_identifier
- A unique identifier for the resource set, used in a TODO to refer to the
resource set.
data DeleteResourceSetResponse Source #
See: newDeleteResourceSetResponse
smart constructor.
Instances
Generic DeleteResourceSetResponse Source # | |
Defined in Amazonka.FMS.DeleteResourceSet type Rep DeleteResourceSetResponse :: Type -> Type # | |
Read DeleteResourceSetResponse Source # | |
Show DeleteResourceSetResponse Source # | |
Defined in Amazonka.FMS.DeleteResourceSet showsPrec :: Int -> DeleteResourceSetResponse -> ShowS # show :: DeleteResourceSetResponse -> String # showList :: [DeleteResourceSetResponse] -> ShowS # | |
NFData DeleteResourceSetResponse Source # | |
Defined in Amazonka.FMS.DeleteResourceSet rnf :: DeleteResourceSetResponse -> () # | |
Eq DeleteResourceSetResponse Source # | |
Defined in Amazonka.FMS.DeleteResourceSet | |
type Rep DeleteResourceSetResponse Source # | |
newDeleteResourceSetResponse :: DeleteResourceSetResponse Source #
Create a value of DeleteResourceSetResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
DisassociateAdminAccount
data DisassociateAdminAccount Source #
See: newDisassociateAdminAccount
smart constructor.
Instances
newDisassociateAdminAccount :: DisassociateAdminAccount Source #
Create a value of DisassociateAdminAccount
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
data DisassociateAdminAccountResponse Source #
See: newDisassociateAdminAccountResponse
smart constructor.
Instances
newDisassociateAdminAccountResponse :: DisassociateAdminAccountResponse Source #
Create a value of DisassociateAdminAccountResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
DisassociateThirdPartyFirewall
data DisassociateThirdPartyFirewall Source #
See: newDisassociateThirdPartyFirewall
smart constructor.
Instances
newDisassociateThirdPartyFirewall Source #
Create a value of DisassociateThirdPartyFirewall
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:thirdPartyFirewall:DisassociateThirdPartyFirewall'
, disassociateThirdPartyFirewall_thirdPartyFirewall
- The name of the third-party firewall vendor.
data DisassociateThirdPartyFirewallResponse Source #
See: newDisassociateThirdPartyFirewallResponse
smart constructor.
Instances
newDisassociateThirdPartyFirewallResponse Source #
Create a value of DisassociateThirdPartyFirewallResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:thirdPartyFirewallStatus:DisassociateThirdPartyFirewallResponse'
, disassociateThirdPartyFirewallResponse_thirdPartyFirewallStatus
- The current status for the disassociation of a Firewall Manager
administrators account with a third-party firewall.
$sel:httpStatus:DisassociateThirdPartyFirewallResponse'
, disassociateThirdPartyFirewallResponse_httpStatus
- The response's http status code.
GetAdminAccount
data GetAdminAccount Source #
See: newGetAdminAccount
smart constructor.
Instances
newGetAdminAccount :: GetAdminAccount Source #
Create a value of GetAdminAccount
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
data GetAdminAccountResponse Source #
See: newGetAdminAccountResponse
smart constructor.
Instances
newGetAdminAccountResponse Source #
Create a value of GetAdminAccountResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:adminAccount:GetAdminAccountResponse'
, getAdminAccountResponse_adminAccount
- The Amazon Web Services account that is set as the Firewall Manager
administrator.
$sel:roleStatus:GetAdminAccountResponse'
, getAdminAccountResponse_roleStatus
- The status of the Amazon Web Services account that you set as the
Firewall Manager administrator.
$sel:httpStatus:GetAdminAccountResponse'
, getAdminAccountResponse_httpStatus
- The response's http status code.
GetAppsList
data GetAppsList Source #
See: newGetAppsList
smart constructor.
Instances
Create a value of GetAppsList
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:defaultList:GetAppsList'
, getAppsList_defaultList
- Specifies whether the list to retrieve is a default list owned by
Firewall Manager.
GetAppsList
, getAppsList_listId
- The ID of the Firewall Manager applications list that you want the
details for.
data GetAppsListResponse Source #
See: newGetAppsListResponse
smart constructor.
Instances
newGetAppsListResponse Source #
Create a value of GetAppsListResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
GetAppsListResponse
, getAppsListResponse_appsList
- Information about the specified Firewall Manager applications list.
$sel:appsListArn:GetAppsListResponse'
, getAppsListResponse_appsListArn
- The Amazon Resource Name (ARN) of the applications list.
$sel:httpStatus:GetAppsListResponse'
, getAppsListResponse_httpStatus
- The response's http status code.
GetComplianceDetail
data GetComplianceDetail Source #
See: newGetComplianceDetail
smart constructor.
Instances
newGetComplianceDetail Source #
Create a value of GetComplianceDetail
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
GetComplianceDetail
, getComplianceDetail_policyId
- The ID of the policy that you want to get the details for. PolicyId
is
returned by PutPolicy
and by ListPolicies
.
GetComplianceDetail
, getComplianceDetail_memberAccount
- The Amazon Web Services account that owns the resources that you want to
get the details for.
data GetComplianceDetailResponse Source #
See: newGetComplianceDetailResponse
smart constructor.
Instances
newGetComplianceDetailResponse Source #
Create a value of GetComplianceDetailResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:policyComplianceDetail:GetComplianceDetailResponse'
, getComplianceDetailResponse_policyComplianceDetail
- Information about the resources and the policy that you specified in the
GetComplianceDetail
request.
$sel:httpStatus:GetComplianceDetailResponse'
, getComplianceDetailResponse_httpStatus
- The response's http status code.
GetNotificationChannel
data GetNotificationChannel Source #
See: newGetNotificationChannel
smart constructor.
Instances
newGetNotificationChannel :: GetNotificationChannel Source #
Create a value of GetNotificationChannel
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
data GetNotificationChannelResponse Source #
See: newGetNotificationChannelResponse
smart constructor.
Instances
newGetNotificationChannelResponse Source #
Create a value of GetNotificationChannelResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:snsRoleName:GetNotificationChannelResponse'
, getNotificationChannelResponse_snsRoleName
- The IAM role that is used by Firewall Manager to record activity to SNS.
$sel:snsTopicArn:GetNotificationChannelResponse'
, getNotificationChannelResponse_snsTopicArn
- The SNS topic that records Firewall Manager activity.
$sel:httpStatus:GetNotificationChannelResponse'
, getNotificationChannelResponse_httpStatus
- The response's http status code.
GetPolicy
See: newGetPolicy
smart constructor.
Instances
Create a value of GetPolicy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
GetPolicy
, getPolicy_policyId
- The ID of the Firewall Manager policy that you want the details for.
data GetPolicyResponse Source #
See: newGetPolicyResponse
smart constructor.
Instances
Create a value of GetPolicyResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:policy:GetPolicyResponse'
, getPolicyResponse_policy
- Information about the specified Firewall Manager policy.
GetPolicyResponse
, getPolicyResponse_policyArn
- The Amazon Resource Name (ARN) of the specified policy.
$sel:httpStatus:GetPolicyResponse'
, getPolicyResponse_httpStatus
- The response's http status code.
GetProtectionStatus
data GetProtectionStatus Source #
See: newGetProtectionStatus
smart constructor.
Instances
newGetProtectionStatus Source #
Create a value of GetProtectionStatus
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:endTime:GetProtectionStatus'
, getProtectionStatus_endTime
- The end of the time period to query for the attacks. This is a
timestamp
type. The request syntax listing indicates a number
type
because the default used by Firewall Manager is Unix time in seconds.
However, any valid timestamp
format is allowed.
$sel:maxResults:GetProtectionStatus'
, getProtectionStatus_maxResults
- Specifies the number of objects that you want Firewall Manager to return
for this request. If you have more objects than the number that you
specify for MaxResults
, the response includes a NextToken
value that
you can use to get another batch of objects.
$sel:memberAccountId:GetProtectionStatus'
, getProtectionStatus_memberAccountId
- The Amazon Web Services account that is in scope of the policy that you
want to get the details for.
GetProtectionStatus
, getProtectionStatus_nextToken
- If you specify a value for MaxResults
and you have more objects than
the number that you specify for MaxResults
, Firewall Manager returns a
NextToken
value in the response, which you can use to retrieve another
group of objects. For the second and subsequent GetProtectionStatus
requests, specify the value of NextToken
from the previous response to
get information about another batch of objects.
$sel:startTime:GetProtectionStatus'
, getProtectionStatus_startTime
- The start of the time period to query for the attacks. This is a
timestamp
type. The request syntax listing indicates a number
type
because the default used by Firewall Manager is Unix time in seconds.
However, any valid timestamp
format is allowed.
GetProtectionStatus
, getProtectionStatus_policyId
- The ID of the policy for which you want to get the attack information.
data GetProtectionStatusResponse Source #
See: newGetProtectionStatusResponse
smart constructor.
Instances
newGetProtectionStatusResponse Source #
Create a value of GetProtectionStatusResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:adminAccountId:GetProtectionStatusResponse'
, getProtectionStatusResponse_adminAccountId
- The ID of the Firewall Manager administrator account for this policy.
$sel:data':GetProtectionStatusResponse'
, getProtectionStatusResponse_data
- Details about the attack, including the following:
- Attack type
- Account ID
- ARN of the resource attacked
- Start time of the attack
- End time of the attack (ongoing attacks will not have an end time)
The details are in JSON format.
GetProtectionStatus
, getProtectionStatusResponse_nextToken
- If you have more objects than the number that you specified for
MaxResults
in the request, the response includes a NextToken
value.
To list more objects, submit another GetProtectionStatus
request, and
specify the NextToken
value from the response in the NextToken
value
in the next request.
Amazon Web Services SDKs provide auto-pagination that identify
NextToken
in a response and make subsequent request calls
automatically on your behalf. However, this feature is not supported by
GetProtectionStatus
. You must submit subsequent requests with
NextToken
using your own processes.
$sel:serviceType:GetProtectionStatusResponse'
, getProtectionStatusResponse_serviceType
- The service type that is protected by the policy. Currently, this is
always SHIELD_ADVANCED
.
$sel:httpStatus:GetProtectionStatusResponse'
, getProtectionStatusResponse_httpStatus
- The response's http status code.
GetProtocolsList
data GetProtocolsList Source #
See: newGetProtocolsList
smart constructor.
Instances
Create a value of GetProtocolsList
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:defaultList:GetProtocolsList'
, getProtocolsList_defaultList
- Specifies whether the list to retrieve is a default list owned by
Firewall Manager.
GetProtocolsList
, getProtocolsList_listId
- The ID of the Firewall Manager protocols list that you want the details
for.
data GetProtocolsListResponse Source #
See: newGetProtocolsListResponse
smart constructor.
Instances
newGetProtocolsListResponse Source #
Create a value of GetProtocolsListResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
GetProtocolsListResponse
, getProtocolsListResponse_protocolsList
- Information about the specified Firewall Manager protocols list.
$sel:protocolsListArn:GetProtocolsListResponse'
, getProtocolsListResponse_protocolsListArn
- The Amazon Resource Name (ARN) of the specified protocols list.
$sel:httpStatus:GetProtocolsListResponse'
, getProtocolsListResponse_httpStatus
- The response's http status code.
GetResourceSet
data GetResourceSet Source #
See: newGetResourceSet
smart constructor.
Instances
Create a value of GetResourceSet
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identifier:GetResourceSet'
, getResourceSet_identifier
- A unique identifier for the resource set, used in a TODO to refer to the
resource set.
data GetResourceSetResponse Source #
See: newGetResourceSetResponse
smart constructor.
Instances
newGetResourceSetResponse Source #
:: Int | |
-> ResourceSet | |
-> Text | |
-> GetResourceSetResponse |
Create a value of GetResourceSetResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:GetResourceSetResponse'
, getResourceSetResponse_httpStatus
- The response's http status code.
$sel:resourceSet:GetResourceSetResponse'
, getResourceSetResponse_resourceSet
- Information about the specified resource set.
$sel:resourceSetArn:GetResourceSetResponse'
, getResourceSetResponse_resourceSetArn
- The Amazon Resource Name (ARN) of the resource set.
GetThirdPartyFirewallAssociationStatus
data GetThirdPartyFirewallAssociationStatus Source #
See: newGetThirdPartyFirewallAssociationStatus
smart constructor.
Instances
newGetThirdPartyFirewallAssociationStatus Source #
:: ThirdPartyFirewall |
|
-> GetThirdPartyFirewallAssociationStatus |
Create a value of GetThirdPartyFirewallAssociationStatus
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:thirdPartyFirewall:GetThirdPartyFirewallAssociationStatus'
, getThirdPartyFirewallAssociationStatus_thirdPartyFirewall
- The name of the third-party firewall vendor.
data GetThirdPartyFirewallAssociationStatusResponse Source #
See: newGetThirdPartyFirewallAssociationStatusResponse
smart constructor.
GetThirdPartyFirewallAssociationStatusResponse' (Maybe MarketplaceSubscriptionOnboardingStatus) (Maybe ThirdPartyFirewallAssociationStatus) Int |
Instances
newGetThirdPartyFirewallAssociationStatusResponse Source #
:: Int |
|
-> GetThirdPartyFirewallAssociationStatusResponse |
Create a value of GetThirdPartyFirewallAssociationStatusResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:marketplaceOnboardingStatus:GetThirdPartyFirewallAssociationStatusResponse'
, getThirdPartyFirewallAssociationStatusResponse_marketplaceOnboardingStatus
- The status for subscribing to the third-party firewall vendor in the
Amazon Web Services Marketplace.
NO_SUBSCRIPTION
- The Firewall Manager policy administrator isn't subscribed to the third-party firewall service in the Amazon Web Services Marketplace.NOT_COMPLETE
- The Firewall Manager policy administrator is in the process of subscribing to the third-party firewall service in the Amazon Web Services Marketplace, but doesn't yet have an active subscription.COMPLETE
- The Firewall Manager policy administrator has an active subscription to the third-party firewall service in the Amazon Web Services Marketplace.
$sel:thirdPartyFirewallStatus:GetThirdPartyFirewallAssociationStatusResponse'
, getThirdPartyFirewallAssociationStatusResponse_thirdPartyFirewallStatus
- The current status for setting a Firewall Manager policy administrators
account as an administrator of the third-party firewall tenant.
ONBOARDING
- The Firewall Manager policy administrator is being designated as a tenant administrator.ONBOARD_COMPLETE
- The Firewall Manager policy administrator is designated as a tenant administrator.OFFBOARDING
- The Firewall Manager policy administrator is being removed as a tenant administrator.OFFBOARD_COMPLETE
- The Firewall Manager policy administrator has been removed as a tenant administrator.NOT_EXIST
- The Firewall Manager policy administrator doesn't exist as a tenant administrator.
$sel:httpStatus:GetThirdPartyFirewallAssociationStatusResponse'
, getThirdPartyFirewallAssociationStatusResponse_httpStatus
- The response's http status code.
GetViolationDetails
data GetViolationDetails Source #
See: newGetViolationDetails
smart constructor.
Instances
newGetViolationDetails Source #
:: Text | |
-> Text | |
-> Text | |
-> Text | |
-> GetViolationDetails |
Create a value of GetViolationDetails
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
GetViolationDetails
, getViolationDetails_policyId
- The ID of the Firewall Manager policy that you want the details for.
This currently only supports security group content audit policies.
GetViolationDetails
, getViolationDetails_memberAccount
- The Amazon Web Services account ID that you want the details for.
GetViolationDetails
, getViolationDetails_resourceId
- The ID of the resource that has violations.
GetViolationDetails
, getViolationDetails_resourceType
- The resource type. This is in the format shown in the
Amazon Web Services Resource Types Reference.
Supported resource types are: AWS::EC2::Instance
,
AWS::EC2::NetworkInterface
, AWS::EC2::SecurityGroup
,
AWS::NetworkFirewall::FirewallPolicy
, and AWS::EC2::Subnet
.
data GetViolationDetailsResponse Source #
See: newGetViolationDetailsResponse
smart constructor.
Instances
newGetViolationDetailsResponse Source #
Create a value of GetViolationDetailsResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violationDetail:GetViolationDetailsResponse'
, getViolationDetailsResponse_violationDetail
- Violation detail for a resource.
$sel:httpStatus:GetViolationDetailsResponse'
, getViolationDetailsResponse_httpStatus
- The response's http status code.
ListAppsLists (Paginated)
data ListAppsLists Source #
See: newListAppsLists
smart constructor.
Instances
Create a value of ListAppsLists
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:defaultLists:ListAppsLists'
, listAppsLists_defaultLists
- Specifies whether the lists to retrieve are default lists owned by
Firewall Manager.
ListAppsLists
, listAppsLists_nextToken
- If you specify a value for MaxResults
in your list request, and you
have more objects than the maximum, Firewall Manager returns this token
in the response. For all but the first request, you provide the token
returned by the prior request in the request parameters, to retrieve the
next batch of objects.
$sel:maxResults:ListAppsLists'
, listAppsLists_maxResults
- The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken
value that you can use in a
subsequent call to get the next batch of objects.
If you don't specify this, Firewall Manager returns all available objects.
data ListAppsListsResponse Source #
See: newListAppsListsResponse
smart constructor.
Instances
newListAppsListsResponse Source #
Create a value of ListAppsListsResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:appsLists:ListAppsListsResponse'
, listAppsListsResponse_appsLists
- An array of AppsListDataSummary
objects.
ListAppsLists
, listAppsListsResponse_nextToken
- If you specify a value for MaxResults
in your list request, and you
have more objects than the maximum, Firewall Manager returns this token
in the response. You can use this token in subsequent requests to
retrieve the next batch of objects.
$sel:httpStatus:ListAppsListsResponse'
, listAppsListsResponse_httpStatus
- The response's http status code.
ListComplianceStatus (Paginated)
data ListComplianceStatus Source #
See: newListComplianceStatus
smart constructor.
Instances
newListComplianceStatus Source #
Create a value of ListComplianceStatus
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListComplianceStatus'
, listComplianceStatus_maxResults
- Specifies the number of PolicyComplianceStatus
objects that you want
Firewall Manager to return for this request. If you have more
PolicyComplianceStatus
objects than the number that you specify for
MaxResults
, the response includes a NextToken
value that you can use
to get another batch of PolicyComplianceStatus
objects.
ListComplianceStatus
, listComplianceStatus_nextToken
- If you specify a value for MaxResults
and you have more
PolicyComplianceStatus
objects than the number that you specify for
MaxResults
, Firewall Manager returns a NextToken
value in the
response that allows you to list another group of
PolicyComplianceStatus
objects. For the second and subsequent
ListComplianceStatus
requests, specify the value of NextToken
from
the previous response to get information about another batch of
PolicyComplianceStatus
objects.
ListComplianceStatus
, listComplianceStatus_policyId
- The ID of the Firewall Manager policy that you want the details for.
data ListComplianceStatusResponse Source #
See: newListComplianceStatusResponse
smart constructor.
Instances
newListComplianceStatusResponse Source #
Create a value of ListComplianceStatusResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListComplianceStatus
, listComplianceStatusResponse_nextToken
- If you have more PolicyComplianceStatus
objects than the number that
you specified for MaxResults
in the request, the response includes a
NextToken
value. To list more PolicyComplianceStatus
objects, submit
another ListComplianceStatus
request, and specify the NextToken
value from the response in the NextToken
value in the next request.
$sel:policyComplianceStatusList:ListComplianceStatusResponse'
, listComplianceStatusResponse_policyComplianceStatusList
- An array of PolicyComplianceStatus
objects.
$sel:httpStatus:ListComplianceStatusResponse'
, listComplianceStatusResponse_httpStatus
- The response's http status code.
ListDiscoveredResources
data ListDiscoveredResources Source #
See: newListDiscoveredResources
smart constructor.
Instances
newListDiscoveredResources Source #
Create a value of ListDiscoveredResources
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListDiscoveredResources'
, listDiscoveredResources_maxResults
- The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken
value that you can use in a
subsequent call to get the next batch of objects.
ListDiscoveredResources
, listDiscoveredResources_nextToken
- When you request a list of objects with a MaxResults
setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken
value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:memberAccountIds:ListDiscoveredResources'
, listDiscoveredResources_memberAccountIds
- The Amazon Web Services account IDs to discover resources in. Only one
account is supported per request. The account must be a member of your
organization.
ListDiscoveredResources
, listDiscoveredResources_resourceType
- The type of resources to discover.
data ListDiscoveredResourcesResponse Source #
See: newListDiscoveredResourcesResponse
smart constructor.
Instances
newListDiscoveredResourcesResponse Source #
Create a value of ListDiscoveredResourcesResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:items:ListDiscoveredResourcesResponse'
, listDiscoveredResourcesResponse_items
- Details of the resources that were discovered.
ListDiscoveredResources
, listDiscoveredResourcesResponse_nextToken
- When you request a list of objects with a MaxResults
setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken
value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:httpStatus:ListDiscoveredResourcesResponse'
, listDiscoveredResourcesResponse_httpStatus
- The response's http status code.
ListMemberAccounts (Paginated)
data ListMemberAccounts Source #
See: newListMemberAccounts
smart constructor.
Instances
newListMemberAccounts :: ListMemberAccounts Source #
Create a value of ListMemberAccounts
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListMemberAccounts'
, listMemberAccounts_maxResults
- Specifies the number of member account IDs that you want Firewall
Manager to return for this request. If you have more IDs than the number
that you specify for MaxResults
, the response includes a NextToken
value that you can use to get another batch of member account IDs.
ListMemberAccounts
, listMemberAccounts_nextToken
- If you specify a value for MaxResults
and you have more account IDs
than the number that you specify for MaxResults
, Firewall Manager
returns a NextToken
value in the response that allows you to list
another group of IDs. For the second and subsequent
ListMemberAccountsRequest
requests, specify the value of NextToken
from the previous response to get information about another batch of
member account IDs.
data ListMemberAccountsResponse Source #
See: newListMemberAccountsResponse
smart constructor.
Instances
newListMemberAccountsResponse Source #
Create a value of ListMemberAccountsResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:memberAccounts:ListMemberAccountsResponse'
, listMemberAccountsResponse_memberAccounts
- An array of account IDs.
ListMemberAccounts
, listMemberAccountsResponse_nextToken
- If you have more member account IDs than the number that you specified
for MaxResults
in the request, the response includes a NextToken
value. To list more IDs, submit another ListMemberAccounts
request,
and specify the NextToken
value from the response in the NextToken
value in the next request.
$sel:httpStatus:ListMemberAccountsResponse'
, listMemberAccountsResponse_httpStatus
- The response's http status code.
ListPolicies (Paginated)
data ListPolicies Source #
See: newListPolicies
smart constructor.
Instances
newListPolicies :: ListPolicies Source #
Create a value of ListPolicies
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListPolicies'
, listPolicies_maxResults
- Specifies the number of PolicySummary
objects that you want Firewall
Manager to return for this request. If you have more PolicySummary
objects than the number that you specify for MaxResults
, the response
includes a NextToken
value that you can use to get another batch of
PolicySummary
objects.
ListPolicies
, listPolicies_nextToken
- If you specify a value for MaxResults
and you have more
PolicySummary
objects than the number that you specify for
MaxResults
, Firewall Manager returns a NextToken
value in the
response that allows you to list another group of PolicySummary
objects. For the second and subsequent ListPolicies
requests, specify
the value of NextToken
from the previous response to get information
about another batch of PolicySummary
objects.
data ListPoliciesResponse Source #
See: newListPoliciesResponse
smart constructor.
Instances
newListPoliciesResponse Source #
Create a value of ListPoliciesResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListPolicies
, listPoliciesResponse_nextToken
- If you have more PolicySummary
objects than the number that you
specified for MaxResults
in the request, the response includes a
NextToken
value. To list more PolicySummary
objects, submit another
ListPolicies
request, and specify the NextToken
value from the
response in the NextToken
value in the next request.
$sel:policyList:ListPoliciesResponse'
, listPoliciesResponse_policyList
- An array of PolicySummary
objects.
$sel:httpStatus:ListPoliciesResponse'
, listPoliciesResponse_httpStatus
- The response's http status code.
ListProtocolsLists (Paginated)
data ListProtocolsLists Source #
See: newListProtocolsLists
smart constructor.
Instances
newListProtocolsLists Source #
Create a value of ListProtocolsLists
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:defaultLists:ListProtocolsLists'
, listProtocolsLists_defaultLists
- Specifies whether the lists to retrieve are default lists owned by
Firewall Manager.
ListProtocolsLists
, listProtocolsLists_nextToken
- If you specify a value for MaxResults
in your list request, and you
have more objects than the maximum, Firewall Manager returns this token
in the response. For all but the first request, you provide the token
returned by the prior request in the request parameters, to retrieve the
next batch of objects.
$sel:maxResults:ListProtocolsLists'
, listProtocolsLists_maxResults
- The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken
value that you can use in a
subsequent call to get the next batch of objects.
If you don't specify this, Firewall Manager returns all available objects.
data ListProtocolsListsResponse Source #
See: newListProtocolsListsResponse
smart constructor.
Instances
newListProtocolsListsResponse Source #
Create a value of ListProtocolsListsResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListProtocolsLists
, listProtocolsListsResponse_nextToken
- If you specify a value for MaxResults
in your list request, and you
have more objects than the maximum, Firewall Manager returns this token
in the response. You can use this token in subsequent requests to
retrieve the next batch of objects.
$sel:protocolsLists:ListProtocolsListsResponse'
, listProtocolsListsResponse_protocolsLists
- An array of ProtocolsListDataSummary
objects.
$sel:httpStatus:ListProtocolsListsResponse'
, listProtocolsListsResponse_httpStatus
- The response's http status code.
ListResourceSetResources
data ListResourceSetResources Source #
See: newListResourceSetResources
smart constructor.
Instances
newListResourceSetResources Source #
Create a value of ListResourceSetResources
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListResourceSetResources'
, listResourceSetResources_maxResults
- The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken
value that you can use in a
subsequent call to get the next batch of objects.
ListResourceSetResources
, listResourceSetResources_nextToken
- When you request a list of objects with a MaxResults
setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken
value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:identifier:ListResourceSetResources'
, listResourceSetResources_identifier
- A unique identifier for the resource set, used in a TODO to refer to the
resource set.
data ListResourceSetResourcesResponse Source #
See: newListResourceSetResourcesResponse
smart constructor.
Instances
newListResourceSetResourcesResponse Source #
Create a value of ListResourceSetResourcesResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListResourceSetResources
, listResourceSetResourcesResponse_nextToken
- When you request a list of objects with a MaxResults
setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken
value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:httpStatus:ListResourceSetResourcesResponse'
, listResourceSetResourcesResponse_httpStatus
- The response's http status code.
$sel:items:ListResourceSetResourcesResponse'
, listResourceSetResourcesResponse_items
- An array of the associated resources' uniform resource identifiers
(URI).
ListResourceSets
data ListResourceSets Source #
See: newListResourceSets
smart constructor.
Instances
newListResourceSets :: ListResourceSets Source #
Create a value of ListResourceSets
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListResourceSets'
, listResourceSets_maxResults
- The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken
value that you can use in a
subsequent call to get the next batch of objects.
ListResourceSets
, listResourceSets_nextToken
- When you request a list of objects with a MaxResults
setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken
value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
data ListResourceSetsResponse Source #
See: newListResourceSetsResponse
smart constructor.
Instances
newListResourceSetsResponse Source #
Create a value of ListResourceSetsResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListResourceSets
, listResourceSetsResponse_nextToken
- When you request a list of objects with a MaxResults
setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken
value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:resourceSets:ListResourceSetsResponse'
, listResourceSetsResponse_resourceSets
- An array of ResourceSetSummary
objects.
$sel:httpStatus:ListResourceSetsResponse'
, listResourceSetsResponse_httpStatus
- The response's http status code.
ListTagsForResource
data ListTagsForResource Source #
See: newListTagsForResource
smart constructor.
Instances
newListTagsForResource Source #
Create a value of ListTagsForResource
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:ListTagsForResource'
, listTagsForResource_resourceArn
- The Amazon Resource Name (ARN) of the resource to return tags for. The
Firewall Manager resources that support tagging are policies,
applications lists, and protocols lists.
data ListTagsForResourceResponse Source #
See: newListTagsForResourceResponse
smart constructor.
Instances
newListTagsForResourceResponse Source #
Create a value of ListTagsForResourceResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:tagList:ListTagsForResourceResponse'
, listTagsForResourceResponse_tagList
- The tags associated with the resource.
$sel:httpStatus:ListTagsForResourceResponse'
, listTagsForResourceResponse_httpStatus
- The response's http status code.
ListThirdPartyFirewallFirewallPolicies (Paginated)
data ListThirdPartyFirewallFirewallPolicies Source #
See: newListThirdPartyFirewallFirewallPolicies
smart constructor.
Instances
newListThirdPartyFirewallFirewallPolicies Source #
:: ThirdPartyFirewall |
|
-> Natural | |
-> ListThirdPartyFirewallFirewallPolicies |
Create a value of ListThirdPartyFirewallFirewallPolicies
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListThirdPartyFirewallFirewallPolicies
, listThirdPartyFirewallFirewallPolicies_nextToken
- If the previous response included a NextToken
element, the specified
third-party firewall vendor is associated with more third-party firewall
policies. To get more third-party firewall policies, submit another
ListThirdPartyFirewallFirewallPoliciesRequest
request.
For the value of NextToken
, specify the value of NextToken
from the
previous response. If the previous response didn't include a
NextToken
element, there are no more third-party firewall policies to
get.
$sel:thirdPartyFirewall:ListThirdPartyFirewallFirewallPolicies'
, listThirdPartyFirewallFirewallPolicies_thirdPartyFirewall
- The name of the third-party firewall vendor.
$sel:maxResults:ListThirdPartyFirewallFirewallPolicies'
, listThirdPartyFirewallFirewallPolicies_maxResults
- The maximum number of third-party firewall policies that you want
Firewall Manager to return. If the specified third-party firewall vendor
is associated with more than MaxResults
firewall policies, the
response includes a NextToken
element. NextToken
contains an
encrypted token that identifies the first third-party firewall policies
that Firewall Manager will return if you submit another request.
data ListThirdPartyFirewallFirewallPoliciesResponse Source #
See: newListThirdPartyFirewallFirewallPoliciesResponse
smart constructor.
ListThirdPartyFirewallFirewallPoliciesResponse' (Maybe Text) (Maybe [ThirdPartyFirewallFirewallPolicy]) Int |
Instances
newListThirdPartyFirewallFirewallPoliciesResponse Source #
:: Int |
|
-> ListThirdPartyFirewallFirewallPoliciesResponse |
Create a value of ListThirdPartyFirewallFirewallPoliciesResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListThirdPartyFirewallFirewallPolicies
, listThirdPartyFirewallFirewallPoliciesResponse_nextToken
- The value that you will use for NextToken
in the next
ListThirdPartyFirewallFirewallPolicies
request.
$sel:thirdPartyFirewallFirewallPolicies:ListThirdPartyFirewallFirewallPoliciesResponse'
, listThirdPartyFirewallFirewallPoliciesResponse_thirdPartyFirewallFirewallPolicies
- A list that contains one ThirdPartyFirewallFirewallPolicies
element
for each third-party firewall policies that the specified third-party
firewall vendor is associated with. Each
ThirdPartyFirewallFirewallPolicies
element contains the firewall
policy name and ID.
$sel:httpStatus:ListThirdPartyFirewallFirewallPoliciesResponse'
, listThirdPartyFirewallFirewallPoliciesResponse_httpStatus
- The response's http status code.
PutAppsList
data PutAppsList Source #
See: newPutAppsList
smart constructor.
Instances
Create a value of PutAppsList
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:tagList:PutAppsList'
, putAppsList_tagList
- The tags associated with the resource.
PutAppsList
, putAppsList_appsList
- The details of the Firewall Manager applications list to be created.
data PutAppsListResponse Source #
See: newPutAppsListResponse
smart constructor.
Instances
newPutAppsListResponse Source #
Create a value of PutAppsListResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
PutAppsList
, putAppsListResponse_appsList
- The details of the Firewall Manager applications list.
$sel:appsListArn:PutAppsListResponse'
, putAppsListResponse_appsListArn
- The Amazon Resource Name (ARN) of the applications list.
$sel:httpStatus:PutAppsListResponse'
, putAppsListResponse_httpStatus
- The response's http status code.
PutNotificationChannel
data PutNotificationChannel Source #
See: newPutNotificationChannel
smart constructor.
Instances
newPutNotificationChannel Source #
:: Text | |
-> Text | |
-> PutNotificationChannel |
Create a value of PutNotificationChannel
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:snsTopicArn:PutNotificationChannel'
, putNotificationChannel_snsTopicArn
- The Amazon Resource Name (ARN) of the SNS topic that collects
notifications from Firewall Manager.
$sel:snsRoleName:PutNotificationChannel'
, putNotificationChannel_snsRoleName
- The Amazon Resource Name (ARN) of the IAM role that allows Amazon SNS to
record Firewall Manager activity.
data PutNotificationChannelResponse Source #
See: newPutNotificationChannelResponse
smart constructor.
Instances
newPutNotificationChannelResponse :: PutNotificationChannelResponse Source #
Create a value of PutNotificationChannelResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
PutPolicy
See: newPutPolicy
smart constructor.
PutPolicy' (Maybe [Tag]) Policy |
Instances
Create a value of PutPolicy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:tagList:PutPolicy'
, putPolicy_tagList
- The tags to add to the Amazon Web Services resource.
PutPolicy
, putPolicy_policy
- The details of the Firewall Manager policy to be created.
data PutPolicyResponse Source #
See: newPutPolicyResponse
smart constructor.
Instances
Create a value of PutPolicyResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
PutPolicy
, putPolicyResponse_policy
- The details of the Firewall Manager policy.
PutPolicyResponse
, putPolicyResponse_policyArn
- The Amazon Resource Name (ARN) of the policy.
$sel:httpStatus:PutPolicyResponse'
, putPolicyResponse_httpStatus
- The response's http status code.
PutProtocolsList
data PutProtocolsList Source #
See: newPutProtocolsList
smart constructor.
Instances
Create a value of PutProtocolsList
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:tagList:PutProtocolsList'
, putProtocolsList_tagList
- The tags associated with the resource.
PutProtocolsList
, putProtocolsList_protocolsList
- The details of the Firewall Manager protocols list to be created.
data PutProtocolsListResponse Source #
See: newPutProtocolsListResponse
smart constructor.
Instances
newPutProtocolsListResponse Source #
Create a value of PutProtocolsListResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
PutProtocolsList
, putProtocolsListResponse_protocolsList
- The details of the Firewall Manager protocols list.
$sel:protocolsListArn:PutProtocolsListResponse'
, putProtocolsListResponse_protocolsListArn
- The Amazon Resource Name (ARN) of the protocols list.
$sel:httpStatus:PutProtocolsListResponse'
, putProtocolsListResponse_httpStatus
- The response's http status code.
PutResourceSet
data PutResourceSet Source #
See: newPutResourceSet
smart constructor.
Instances
Create a value of PutResourceSet
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:tagList:PutResourceSet'
, putResourceSet_tagList
- Retrieves the tags associated with the specified resource set. Tags are
key:value pairs that you can use to categorize and manage your
resources, for purposes like billing. For example, you might set the tag
key to "customer" and the value to the customer name or ID. You can
specify one or more tags to add to each Amazon Web Services resource, up
to 50 tags for a resource.
PutResourceSet
, putResourceSet_resourceSet
- Details about the resource set to be created or updated.>
data PutResourceSetResponse Source #
See: newPutResourceSetResponse
smart constructor.
Instances
newPutResourceSetResponse Source #
:: Int | |
-> ResourceSet | |
-> Text | |
-> PutResourceSetResponse |
Create a value of PutResourceSetResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:PutResourceSetResponse'
, putResourceSetResponse_httpStatus
- The response's http status code.
PutResourceSet
, putResourceSetResponse_resourceSet
- Details about the resource set.
$sel:resourceSetArn:PutResourceSetResponse'
, putResourceSetResponse_resourceSetArn
- The Amazon Resource Name (ARN) of the resource set.
TagResource
data TagResource Source #
See: newTagResource
smart constructor.
Instances
Create a value of TagResource
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:TagResource'
, tagResource_resourceArn
- The Amazon Resource Name (ARN) of the resource to return tags for. The
Firewall Manager resources that support tagging are policies,
applications lists, and protocols lists.
$sel:tagList:TagResource'
, tagResource_tagList
- The tags to add to the resource.
data TagResourceResponse Source #
See: newTagResourceResponse
smart constructor.
Instances
newTagResourceResponse Source #
Create a value of TagResourceResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:TagResourceResponse'
, tagResourceResponse_httpStatus
- The response's http status code.
UntagResource
data UntagResource Source #
See: newUntagResource
smart constructor.
Instances
Create a value of UntagResource
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:UntagResource'
, untagResource_resourceArn
- The Amazon Resource Name (ARN) of the resource to return tags for. The
Firewall Manager resources that support tagging are policies,
applications lists, and protocols lists.
$sel:tagKeys:UntagResource'
, untagResource_tagKeys
- The keys of the tags to remove from the resource.
data UntagResourceResponse Source #
See: newUntagResourceResponse
smart constructor.
Instances
newUntagResourceResponse Source #
Create a value of UntagResourceResponse
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:UntagResourceResponse'
, untagResourceResponse_httpStatus
- The response's http status code.
Types
AccountRoleStatus
newtype AccountRoleStatus Source #
pattern AccountRoleStatus_CREATING :: AccountRoleStatus | |
pattern AccountRoleStatus_DELETED :: AccountRoleStatus | |
pattern AccountRoleStatus_DELETING :: AccountRoleStatus | |
pattern AccountRoleStatus_PENDING_DELETION :: AccountRoleStatus | |
pattern AccountRoleStatus_READY :: AccountRoleStatus |
Instances
CustomerPolicyScopeIdType
newtype CustomerPolicyScopeIdType Source #
pattern CustomerPolicyScopeIdType_ACCOUNT :: CustomerPolicyScopeIdType | |
pattern CustomerPolicyScopeIdType_ORG_UNIT :: CustomerPolicyScopeIdType |
Instances
DependentServiceName
newtype DependentServiceName Source #
pattern DependentServiceName_AWSCONFIG :: DependentServiceName | |
pattern DependentServiceName_AWSSHIELD_ADVANCED :: DependentServiceName | |
pattern DependentServiceName_AWSVPC :: DependentServiceName | |
pattern DependentServiceName_AWSWAF :: DependentServiceName |
Instances
DestinationType
newtype DestinationType Source #
pattern DestinationType_IPV4 :: DestinationType | |
pattern DestinationType_IPV6 :: DestinationType | |
pattern DestinationType_PREFIX_LIST :: DestinationType |
Instances
FailedItemReason
newtype FailedItemReason Source #
pattern FailedItemReason_NOT_VALID_ACCOUNT_ID :: FailedItemReason | |
pattern FailedItemReason_NOT_VALID_ARN :: FailedItemReason | |
pattern FailedItemReason_NOT_VALID_PARTITION :: FailedItemReason | |
pattern FailedItemReason_NOT_VALID_REGION :: FailedItemReason | |
pattern FailedItemReason_NOT_VALID_RESOURCE_TYPE :: FailedItemReason | |
pattern FailedItemReason_NOT_VALID_SERVICE :: FailedItemReason |
Instances
FirewallDeploymentModel
newtype FirewallDeploymentModel Source #
pattern FirewallDeploymentModel_CENTRALIZED :: FirewallDeploymentModel | |
pattern FirewallDeploymentModel_DISTRIBUTED :: FirewallDeploymentModel |
Instances
MarketplaceSubscriptionOnboardingStatus
newtype MarketplaceSubscriptionOnboardingStatus Source #
Instances
NetworkFirewallOverrideAction
newtype NetworkFirewallOverrideAction Source #
Instances
PolicyComplianceStatusType
newtype PolicyComplianceStatusType Source #
pattern PolicyComplianceStatusType_COMPLIANT :: PolicyComplianceStatusType | |
pattern PolicyComplianceStatusType_NON_COMPLIANT :: PolicyComplianceStatusType |
Instances
RemediationActionType
newtype RemediationActionType Source #
pattern RemediationActionType_MODIFY :: RemediationActionType | |
pattern RemediationActionType_REMOVE :: RemediationActionType |
Instances
RuleOrder
pattern RuleOrder_DEFAULT_ACTION_ORDER :: RuleOrder | |
pattern RuleOrder_STRICT_ORDER :: RuleOrder |
Instances
SecurityServiceType
newtype SecurityServiceType Source #
Instances
TargetType
newtype TargetType Source #
pattern TargetType_CARRIER_GATEWAY :: TargetType | |
pattern TargetType_EGRESS_ONLY_INTERNET_GATEWAY :: TargetType | |
pattern TargetType_GATEWAY :: TargetType | |
pattern TargetType_INSTANCE :: TargetType | |
pattern TargetType_LOCAL_GATEWAY :: TargetType | |
pattern TargetType_NAT_GATEWAY :: TargetType | |
pattern TargetType_NETWORK_INTERFACE :: TargetType | |
pattern TargetType_TRANSIT_GATEWAY :: TargetType | |
pattern TargetType_VPC_ENDPOINT :: TargetType | |
pattern TargetType_VPC_PEERING_CONNECTION :: TargetType |
Instances
ThirdPartyFirewall
newtype ThirdPartyFirewall Source #
pattern ThirdPartyFirewall_FORTIGATE_CLOUD_NATIVE_FIREWALL :: ThirdPartyFirewall | |
pattern ThirdPartyFirewall_PALO_ALTO_NETWORKS_CLOUD_NGFW :: ThirdPartyFirewall |
Instances
ThirdPartyFirewallAssociationStatus
newtype ThirdPartyFirewallAssociationStatus Source #
Instances
ViolationReason
newtype ViolationReason Source #
Instances
ActionTarget
data ActionTarget Source #
Describes a remediation action target.
See: newActionTarget
smart constructor.
ActionTarget' (Maybe Text) (Maybe Text) |
Instances
newActionTarget :: ActionTarget Source #
Create a value of ActionTarget
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:ActionTarget'
, actionTarget_description
- A description of the remediation action target.
$sel:resourceId:ActionTarget'
, actionTarget_resourceId
- The ID of the remediation target.
App
An individual Firewall Manager application.
See: newApp
smart constructor.
Instances
FromJSON App Source # | |
ToJSON App Source # | |
Defined in Amazonka.FMS.Types.App | |
Generic App Source # | |
Read App Source # | |
Show App Source # | |
NFData App Source # | |
Defined in Amazonka.FMS.Types.App | |
Eq App Source # | |
Hashable App Source # | |
Defined in Amazonka.FMS.Types.App | |
type Rep App Source # | |
Defined in Amazonka.FMS.Types.App type Rep App = D1 ('MetaData "App" "Amazonka.FMS.Types.App" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "App'" 'PrefixI 'True) (S1 ('MetaSel ('Just "appName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: (S1 ('MetaSel ('Just "protocol") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "port") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Natural)))) |
Create a value of App
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:appName:App'
, app_appName
- The application's name.
$sel:protocol:App'
, app_protocol
- The IP protocol name or number. The name can be one of tcp
, udp
, or
icmp
. For information on possible numbers, see
Protocol Numbers.
$sel:port:App'
, app_port
- The application's port number, for example 80
.
AppsListData
data AppsListData Source #
An Firewall Manager applications list.
See: newAppsListData
smart constructor.
AppsListData' (Maybe POSIX) (Maybe POSIX) (Maybe Text) (Maybe Text) (Maybe (HashMap Text [App])) Text [App] |
Instances
Create a value of AppsListData
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:createTime:AppsListData'
, appsListData_createTime
- The time that the Firewall Manager applications list was created.
$sel:lastUpdateTime:AppsListData'
, appsListData_lastUpdateTime
- The time that the Firewall Manager applications list was last updated.
$sel:listId:AppsListData'
, appsListData_listId
- The ID of the Firewall Manager applications list.
$sel:listUpdateToken:AppsListData'
, appsListData_listUpdateToken
- A unique identifier for each update to the list. When you update the
list, the update token must match the token of the current version of
the application list. You can retrieve the update token by getting the
list.
$sel:previousAppsList:AppsListData'
, appsListData_previousAppsList
- A map of previous version numbers to their corresponding App
object
arrays.
$sel:listName:AppsListData'
, appsListData_listName
- The name of the Firewall Manager applications list.
$sel:appsList:AppsListData'
, appsListData_appsList
- An array of applications in the Firewall Manager applications list.
AppsListDataSummary
data AppsListDataSummary Source #
Details of the Firewall Manager applications list.
See: newAppsListDataSummary
smart constructor.
Instances
newAppsListDataSummary :: AppsListDataSummary Source #
Create a value of AppsListDataSummary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:appsList:AppsListDataSummary'
, appsListDataSummary_appsList
- An array of App
objects in the Firewall Manager applications list.
$sel:listArn:AppsListDataSummary'
, appsListDataSummary_listArn
- The Amazon Resource Name (ARN) of the applications list.
$sel:listId:AppsListDataSummary'
, appsListDataSummary_listId
- The ID of the applications list.
$sel:listName:AppsListDataSummary'
, appsListDataSummary_listName
- The name of the applications list.
AwsEc2InstanceViolation
data AwsEc2InstanceViolation Source #
Violation detail for an EC2 instance resource.
See: newAwsEc2InstanceViolation
smart constructor.
Instances
newAwsEc2InstanceViolation :: AwsEc2InstanceViolation Source #
Create a value of AwsEc2InstanceViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:awsEc2NetworkInterfaceViolations:AwsEc2InstanceViolation'
, awsEc2InstanceViolation_awsEc2NetworkInterfaceViolations
- Violation detail for network interfaces associated with the EC2
instance.
AwsEc2InstanceViolation
, awsEc2InstanceViolation_violationTarget
- The resource ID of the EC2 instance.
AwsEc2NetworkInterfaceViolation
data AwsEc2NetworkInterfaceViolation Source #
Violation detail for network interfaces associated with an EC2 instance.
See: newAwsEc2NetworkInterfaceViolation
smart constructor.
Instances
newAwsEc2NetworkInterfaceViolation :: AwsEc2NetworkInterfaceViolation Source #
Create a value of AwsEc2NetworkInterfaceViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violatingSecurityGroups:AwsEc2NetworkInterfaceViolation'
, awsEc2NetworkInterfaceViolation_violatingSecurityGroups
- List of security groups that violate the rules specified in the primary
security group of the Firewall Manager policy.
$sel:violationTarget:AwsEc2NetworkInterfaceViolation'
, awsEc2NetworkInterfaceViolation_violationTarget
- The resource ID of the network interface.
AwsVPCSecurityGroupViolation
data AwsVPCSecurityGroupViolation Source #
Violation detail for the rule violation in a security group when compared to the primary security group of the Firewall Manager policy.
See: newAwsVPCSecurityGroupViolation
smart constructor.
AwsVPCSecurityGroupViolation' (Maybe [PartialMatch]) (Maybe [SecurityGroupRemediationAction]) (Maybe Text) (Maybe Text) |
Instances
newAwsVPCSecurityGroupViolation :: AwsVPCSecurityGroupViolation Source #
Create a value of AwsVPCSecurityGroupViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:partialMatches:AwsVPCSecurityGroupViolation'
, awsVPCSecurityGroupViolation_partialMatches
- List of rules specified in the security group of the Firewall Manager
policy that partially match the ViolationTarget
rule.
$sel:possibleSecurityGroupRemediationActions:AwsVPCSecurityGroupViolation'
, awsVPCSecurityGroupViolation_possibleSecurityGroupRemediationActions
- Remediation options for the rule specified in the ViolationTarget
.
$sel:violationTarget:AwsVPCSecurityGroupViolation'
, awsVPCSecurityGroupViolation_violationTarget
- The security group rule that is being evaluated.
$sel:violationTargetDescription:AwsVPCSecurityGroupViolation'
, awsVPCSecurityGroupViolation_violationTargetDescription
- A description of the security group that violates the policy.
ComplianceViolator
data ComplianceViolator Source #
Details of the resource that is not protected by the policy.
See: newComplianceViolator
smart constructor.
Instances
newComplianceViolator :: ComplianceViolator Source #
Create a value of ComplianceViolator
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:metadata:ComplianceViolator'
, complianceViolator_metadata
- Metadata about the resource that doesn't comply with the policy scope.
$sel:resourceId:ComplianceViolator'
, complianceViolator_resourceId
- The resource ID.
$sel:resourceType:ComplianceViolator'
, complianceViolator_resourceType
- The resource type. This is in the format shown in the
Amazon Web Services Resource Types Reference.
For example: AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::CloudFront::Distribution
, or
AWS::NetworkFirewall::FirewallPolicy
.
$sel:violationReason:ComplianceViolator'
, complianceViolator_violationReason
- The reason that the resource is not protected by the policy.
DiscoveredResource
data DiscoveredResource Source #
A resource in the organization that's available to be associated with a Firewall Manager resource set.
See: newDiscoveredResource
smart constructor.
Instances
newDiscoveredResource :: DiscoveredResource Source #
Create a value of DiscoveredResource
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountId:DiscoveredResource'
, discoveredResource_accountId
- The Amazon Web Services account ID associated with the discovered
resource.
$sel:name:DiscoveredResource'
, discoveredResource_name
- The name of the discovered resource.
$sel:type':DiscoveredResource'
, discoveredResource_type
- The type of the discovered resource.
$sel:uri:DiscoveredResource'
, discoveredResource_uri
- The universal resource identifier (URI) of the discovered resource.
DnsDuplicateRuleGroupViolation
data DnsDuplicateRuleGroupViolation Source #
A DNS Firewall rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.
See: newDnsDuplicateRuleGroupViolation
smart constructor.
Instances
newDnsDuplicateRuleGroupViolation :: DnsDuplicateRuleGroupViolation Source #
Create a value of DnsDuplicateRuleGroupViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violationTarget:DnsDuplicateRuleGroupViolation'
, dnsDuplicateRuleGroupViolation_violationTarget
- Information about the VPC ID.
$sel:violationTargetDescription:DnsDuplicateRuleGroupViolation'
, dnsDuplicateRuleGroupViolation_violationTargetDescription
- A description of the violation that specifies the rule group and VPC.
DnsRuleGroupLimitExceededViolation
data DnsRuleGroupLimitExceededViolation Source #
The VPC that Firewall Manager was applying a DNS Fireall policy to reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed due to the limit.
See: newDnsRuleGroupLimitExceededViolation
smart constructor.
Instances
newDnsRuleGroupLimitExceededViolation :: DnsRuleGroupLimitExceededViolation Source #
Create a value of DnsRuleGroupLimitExceededViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:numberOfRuleGroupsAlreadyAssociated:DnsRuleGroupLimitExceededViolation'
, dnsRuleGroupLimitExceededViolation_numberOfRuleGroupsAlreadyAssociated
- The number of rule groups currently associated with the VPC.
$sel:violationTarget:DnsRuleGroupLimitExceededViolation'
, dnsRuleGroupLimitExceededViolation_violationTarget
- Information about the VPC ID.
$sel:violationTargetDescription:DnsRuleGroupLimitExceededViolation'
, dnsRuleGroupLimitExceededViolation_violationTargetDescription
- A description of the violation that specifies the rule group and VPC.
DnsRuleGroupPriorityConflictViolation
data DnsRuleGroupPriorityConflictViolation Source #
A rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.
See: newDnsRuleGroupPriorityConflictViolation
smart constructor.
DnsRuleGroupPriorityConflictViolation' (Maybe Text) (Maybe Natural) (Maybe [Natural]) (Maybe Text) (Maybe Text) |
Instances
newDnsRuleGroupPriorityConflictViolation :: DnsRuleGroupPriorityConflictViolation Source #
Create a value of DnsRuleGroupPriorityConflictViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:conflictingPolicyId:DnsRuleGroupPriorityConflictViolation'
, dnsRuleGroupPriorityConflictViolation_conflictingPolicyId
- The ID of the Firewall Manager DNS Firewall policy that was already
applied to the VPC. This policy contains the rule group that's already
associated with the VPC.
$sel:conflictingPriority:DnsRuleGroupPriorityConflictViolation'
, dnsRuleGroupPriorityConflictViolation_conflictingPriority
- The priority setting of the two conflicting rule groups.
$sel:unavailablePriorities:DnsRuleGroupPriorityConflictViolation'
, dnsRuleGroupPriorityConflictViolation_unavailablePriorities
- The priorities of rule groups that are already associated with the VPC.
To retry your operation, choose priority settings that aren't in this
list for the rule groups in your new DNS Firewall policy.
$sel:violationTarget:DnsRuleGroupPriorityConflictViolation'
, dnsRuleGroupPriorityConflictViolation_violationTarget
- Information about the VPC ID.
$sel:violationTargetDescription:DnsRuleGroupPriorityConflictViolation'
, dnsRuleGroupPriorityConflictViolation_violationTargetDescription
- A description of the violation that specifies the VPC and the rule group
that's already associated with it.
EC2AssociateRouteTableAction
data EC2AssociateRouteTableAction Source #
The action of associating an EC2 resource, such as a subnet or internet gateway, with a route table.
See: newEC2AssociateRouteTableAction
smart constructor.
Instances
newEC2AssociateRouteTableAction Source #
Create a value of EC2AssociateRouteTableAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2AssociateRouteTableAction
, eC2AssociateRouteTableAction_description
- A description of the EC2 route table that is associated with the
remediation action.
$sel:gatewayId:EC2AssociateRouteTableAction'
, eC2AssociateRouteTableAction_gatewayId
- The ID of the gateway to be used with the EC2 route table that is
associated with the remediation action.
$sel:subnetId:EC2AssociateRouteTableAction'
, eC2AssociateRouteTableAction_subnetId
- The ID of the subnet for the EC2 route table that is associated with the
remediation action.
$sel:routeTableId:EC2AssociateRouteTableAction'
, eC2AssociateRouteTableAction_routeTableId
- The ID of the EC2 route table that is associated with the remediation
action.
EC2CopyRouteTableAction
data EC2CopyRouteTableAction Source #
An action that copies the EC2 route table for use in remediation.
See: newEC2CopyRouteTableAction
smart constructor.
Instances
newEC2CopyRouteTableAction Source #
Create a value of EC2CopyRouteTableAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2CopyRouteTableAction
, eC2CopyRouteTableAction_description
- A description of the copied EC2 route table that is associated with the
remediation action.
$sel:vpcId:EC2CopyRouteTableAction'
, eC2CopyRouteTableAction_vpcId
- The VPC ID of the copied EC2 route table that is associated with the
remediation action.
$sel:routeTableId:EC2CopyRouteTableAction'
, eC2CopyRouteTableAction_routeTableId
- The ID of the copied EC2 route table that is associated with the
remediation action.
EC2CreateRouteAction
data EC2CreateRouteAction Source #
Information about the CreateRoute action in Amazon EC2.
See: newEC2CreateRouteAction
smart constructor.
EC2CreateRouteAction' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe ActionTarget) (Maybe ActionTarget) ActionTarget |
Instances
newEC2CreateRouteAction Source #
Create a value of EC2CreateRouteAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2CreateRouteAction
, eC2CreateRouteAction_description
- A description of CreateRoute action in Amazon EC2.
$sel:destinationCidrBlock:EC2CreateRouteAction'
, eC2CreateRouteAction_destinationCidrBlock
- Information about the IPv4 CIDR address block used for the destination
match.
$sel:destinationIpv6CidrBlock:EC2CreateRouteAction'
, eC2CreateRouteAction_destinationIpv6CidrBlock
- Information about the IPv6 CIDR block destination.
$sel:destinationPrefixListId:EC2CreateRouteAction'
, eC2CreateRouteAction_destinationPrefixListId
- Information about the ID of a prefix list used for the destination
match.
$sel:gatewayId:EC2CreateRouteAction'
, eC2CreateRouteAction_gatewayId
- Information about the ID of an internet gateway or virtual private
gateway attached to your VPC.
$sel:vpcEndpointId:EC2CreateRouteAction'
, eC2CreateRouteAction_vpcEndpointId
- Information about the ID of a VPC endpoint. Supported for Gateway Load
Balancer endpoints only.
$sel:routeTableId:EC2CreateRouteAction'
, eC2CreateRouteAction_routeTableId
- Information about the ID of the route table for the route.
EC2CreateRouteTableAction
data EC2CreateRouteTableAction Source #
Information about the CreateRouteTable action in Amazon EC2.
See: newEC2CreateRouteTableAction
smart constructor.
Instances
newEC2CreateRouteTableAction Source #
Create a value of EC2CreateRouteTableAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2CreateRouteTableAction
, eC2CreateRouteTableAction_description
- A description of the CreateRouteTable action.
$sel:vpcId:EC2CreateRouteTableAction'
, eC2CreateRouteTableAction_vpcId
- Information about the ID of a VPC.
EC2DeleteRouteAction
data EC2DeleteRouteAction Source #
Information about the DeleteRoute action in Amazon EC2.
See: newEC2DeleteRouteAction
smart constructor.
Instances
newEC2DeleteRouteAction Source #
Create a value of EC2DeleteRouteAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2DeleteRouteAction
, eC2DeleteRouteAction_description
- A description of the DeleteRoute action.
$sel:destinationCidrBlock:EC2DeleteRouteAction'
, eC2DeleteRouteAction_destinationCidrBlock
- Information about the IPv4 CIDR range for the route. The value you
specify must match the CIDR for the route exactly.
$sel:destinationIpv6CidrBlock:EC2DeleteRouteAction'
, eC2DeleteRouteAction_destinationIpv6CidrBlock
- Information about the IPv6 CIDR range for the route. The value you
specify must match the CIDR for the route exactly.
$sel:destinationPrefixListId:EC2DeleteRouteAction'
, eC2DeleteRouteAction_destinationPrefixListId
- Information about the ID of the prefix list for the route.
$sel:routeTableId:EC2DeleteRouteAction'
, eC2DeleteRouteAction_routeTableId
- Information about the ID of the route table.
EC2ReplaceRouteAction
data EC2ReplaceRouteAction Source #
Information about the ReplaceRoute action in Amazon EC2.
See: newEC2ReplaceRouteAction
smart constructor.
EC2ReplaceRouteAction' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe ActionTarget) ActionTarget |
Instances
newEC2ReplaceRouteAction Source #
Create a value of EC2ReplaceRouteAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2ReplaceRouteAction
, eC2ReplaceRouteAction_description
- A description of the ReplaceRoute action in Amazon EC2.
$sel:destinationCidrBlock:EC2ReplaceRouteAction'
, eC2ReplaceRouteAction_destinationCidrBlock
- Information about the IPv4 CIDR address block used for the destination
match. The value that you provide must match the CIDR of an existing
route in the table.
$sel:destinationIpv6CidrBlock:EC2ReplaceRouteAction'
, eC2ReplaceRouteAction_destinationIpv6CidrBlock
- Information about the IPv6 CIDR address block used for the destination
match. The value that you provide must match the CIDR of an existing
route in the table.
$sel:destinationPrefixListId:EC2ReplaceRouteAction'
, eC2ReplaceRouteAction_destinationPrefixListId
- Information about the ID of the prefix list for the route.
$sel:gatewayId:EC2ReplaceRouteAction'
, eC2ReplaceRouteAction_gatewayId
- Information about the ID of an internet gateway or virtual private
gateway.
$sel:routeTableId:EC2ReplaceRouteAction'
, eC2ReplaceRouteAction_routeTableId
- Information about the ID of the route table.
EC2ReplaceRouteTableAssociationAction
data EC2ReplaceRouteTableAssociationAction Source #
Information about the ReplaceRouteTableAssociation action in Amazon EC2.
See: newEC2ReplaceRouteTableAssociationAction
smart constructor.
Instances
newEC2ReplaceRouteTableAssociationAction Source #
Create a value of EC2ReplaceRouteTableAssociationAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2ReplaceRouteTableAssociationAction
, eC2ReplaceRouteTableAssociationAction_description
- A description of the ReplaceRouteTableAssociation action in Amazon EC2.
$sel:associationId:EC2ReplaceRouteTableAssociationAction'
, eC2ReplaceRouteTableAssociationAction_associationId
- Information about the association ID.
$sel:routeTableId:EC2ReplaceRouteTableAssociationAction'
, eC2ReplaceRouteTableAssociationAction_routeTableId
- Information about the ID of the new route table to associate with the
subnet.
EvaluationResult
data EvaluationResult Source #
Describes the compliance status for the account. An account is considered noncompliant if it includes resources that are not protected by the specified policy or that don't comply with the policy.
See: newEvaluationResult
smart constructor.
Instances
newEvaluationResult :: EvaluationResult Source #
Create a value of EvaluationResult
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:complianceStatus:EvaluationResult'
, evaluationResult_complianceStatus
- Describes an Amazon Web Services account's compliance with the Firewall
Manager policy.
$sel:evaluationLimitExceeded:EvaluationResult'
, evaluationResult_evaluationLimitExceeded
- Indicates that over 100 resources are noncompliant with the Firewall
Manager policy.
$sel:violatorCount:EvaluationResult'
, evaluationResult_violatorCount
- The number of resources that are noncompliant with the specified policy.
For WAF and Shield Advanced policies, a resource is considered
noncompliant if it is not associated with the policy. For security group
policies, a resource is considered noncompliant if it doesn't comply
with the rules of the policy and remediation is disabled or not
possible.
ExpectedRoute
data ExpectedRoute Source #
Information about the expected route in the route table.
See: newExpectedRoute
smart constructor.
Instances
newExpectedRoute :: ExpectedRoute Source #
Create a value of ExpectedRoute
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:allowedTargets:ExpectedRoute'
, expectedRoute_allowedTargets
- Information about the allowed targets.
$sel:contributingSubnets:ExpectedRoute'
, expectedRoute_contributingSubnets
- Information about the contributing subnets.
$sel:ipV4Cidr:ExpectedRoute'
, expectedRoute_ipV4Cidr
- Information about the IPv4 CIDR block.
$sel:ipV6Cidr:ExpectedRoute'
, expectedRoute_ipV6Cidr
- Information about the IPv6 CIDR block.
$sel:prefixListId:ExpectedRoute'
, expectedRoute_prefixListId
- Information about the ID of the prefix list for the route.
$sel:routeTableId:ExpectedRoute'
, expectedRoute_routeTableId
- Information about the route table ID.
FMSPolicyUpdateFirewallCreationConfigAction
data FMSPolicyUpdateFirewallCreationConfigAction Source #
Contains information about the actions that you can take to remediate
scope violations caused by your policy's FirewallCreationConfig
.
FirewallCreationConfig
is an optional configuration that you can use
to choose which Availability Zones Firewall Manager creates Network
Firewall endpoints in.
See: newFMSPolicyUpdateFirewallCreationConfigAction
smart constructor.
Instances
newFMSPolicyUpdateFirewallCreationConfigAction :: FMSPolicyUpdateFirewallCreationConfigAction Source #
Create a value of FMSPolicyUpdateFirewallCreationConfigAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:FMSPolicyUpdateFirewallCreationConfigAction'
, fMSPolicyUpdateFirewallCreationConfigAction_description
- Describes the remedial action.
$sel:firewallCreationConfig:FMSPolicyUpdateFirewallCreationConfigAction'
, fMSPolicyUpdateFirewallCreationConfigAction_firewallCreationConfig
- A FirewallCreationConfig
that you can copy into your current policy's
SecurityServiceData
in order to remedy scope violations.
FailedItem
data FailedItem Source #
Details of a resource that failed when trying to update it's association to a resource set.
See: newFailedItem
smart constructor.
Instances
newFailedItem :: FailedItem Source #
Create a value of FailedItem
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:reason:FailedItem'
, failedItem_reason
- The reason the resource's association could not be updated.
$sel:uri:FailedItem'
, failedItem_uri
- The univeral resource indicator (URI) of the resource that failed.
FirewallSubnetIsOutOfScopeViolation
data FirewallSubnetIsOutOfScopeViolation Source #
Contains details about the firewall subnet that violates the policy scope.
See: newFirewallSubnetIsOutOfScopeViolation
smart constructor.
FirewallSubnetIsOutOfScopeViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newFirewallSubnetIsOutOfScopeViolation :: FirewallSubnetIsOutOfScopeViolation Source #
Create a value of FirewallSubnetIsOutOfScopeViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallSubnetId:FirewallSubnetIsOutOfScopeViolation'
, firewallSubnetIsOutOfScopeViolation_firewallSubnetId
- The ID of the firewall subnet that violates the policy scope.
$sel:subnetAvailabilityZone:FirewallSubnetIsOutOfScopeViolation'
, firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZone
- The Availability Zone of the firewall subnet that violates the policy
scope.
$sel:subnetAvailabilityZoneId:FirewallSubnetIsOutOfScopeViolation'
, firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZoneId
- The Availability Zone ID of the firewall subnet that violates the policy
scope.
$sel:vpcEndpointId:FirewallSubnetIsOutOfScopeViolation'
, firewallSubnetIsOutOfScopeViolation_vpcEndpointId
- The VPC endpoint ID of the firewall subnet that violates the policy
scope.
$sel:vpcId:FirewallSubnetIsOutOfScopeViolation'
, firewallSubnetIsOutOfScopeViolation_vpcId
- The VPC ID of the firewall subnet that violates the policy scope.
FirewallSubnetMissingVPCEndpointViolation
data FirewallSubnetMissingVPCEndpointViolation Source #
The violation details for a firewall subnet's VPC endpoint that's deleted or missing.
See: newFirewallSubnetMissingVPCEndpointViolation
smart constructor.
Instances
newFirewallSubnetMissingVPCEndpointViolation :: FirewallSubnetMissingVPCEndpointViolation Source #
Create a value of FirewallSubnetMissingVPCEndpointViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallSubnetId:FirewallSubnetMissingVPCEndpointViolation'
, firewallSubnetMissingVPCEndpointViolation_firewallSubnetId
- The ID of the firewall that this VPC endpoint is associated with.
$sel:subnetAvailabilityZone:FirewallSubnetMissingVPCEndpointViolation'
, firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZone
- The name of the Availability Zone of the deleted VPC subnet.
$sel:subnetAvailabilityZoneId:FirewallSubnetMissingVPCEndpointViolation'
, firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZoneId
- The ID of the Availability Zone of the deleted VPC subnet.
$sel:vpcId:FirewallSubnetMissingVPCEndpointViolation'
, firewallSubnetMissingVPCEndpointViolation_vpcId
- The resource ID of the VPC associated with the deleted VPC subnet.
NetworkFirewallBlackHoleRouteDetectedViolation
data NetworkFirewallBlackHoleRouteDetectedViolation Source #
Violation detail for an internet gateway route with an inactive state in the customer subnet route table or Network Firewall subnet route table.
See: newNetworkFirewallBlackHoleRouteDetectedViolation
smart constructor.
NetworkFirewallBlackHoleRouteDetectedViolation' (Maybe Text) (Maybe [Route]) (Maybe Text) (Maybe Text) |
Instances
newNetworkFirewallBlackHoleRouteDetectedViolation :: NetworkFirewallBlackHoleRouteDetectedViolation Source #
Create a value of NetworkFirewallBlackHoleRouteDetectedViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:routeTableId:NetworkFirewallBlackHoleRouteDetectedViolation'
, networkFirewallBlackHoleRouteDetectedViolation_routeTableId
- Information about the route table ID.
$sel:violatingRoutes:NetworkFirewallBlackHoleRouteDetectedViolation'
, networkFirewallBlackHoleRouteDetectedViolation_violatingRoutes
- Information about the route or routes that are in violation.
$sel:violationTarget:NetworkFirewallBlackHoleRouteDetectedViolation'
, networkFirewallBlackHoleRouteDetectedViolation_violationTarget
- The subnet that has an inactive state.
$sel:vpcId:NetworkFirewallBlackHoleRouteDetectedViolation'
, networkFirewallBlackHoleRouteDetectedViolation_vpcId
- Information about the VPC ID.
NetworkFirewallInternetTrafficNotInspectedViolation
data NetworkFirewallInternetTrafficNotInspectedViolation Source #
Violation detail for the subnet for which internet traffic that hasn't been inspected.
See: newNetworkFirewallInternetTrafficNotInspectedViolation
smart constructor.
NetworkFirewallInternetTrafficNotInspectedViolation' (Maybe [Route]) (Maybe [Route]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [ExpectedRoute]) (Maybe [ExpectedRoute]) (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text) |
Instances
newNetworkFirewallInternetTrafficNotInspectedViolation :: NetworkFirewallInternetTrafficNotInspectedViolation Source #
Create a value of NetworkFirewallInternetTrafficNotInspectedViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actualFirewallSubnetRoutes:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_actualFirewallSubnetRoutes
- The actual firewall subnet routes.
$sel:actualInternetGatewayRoutes:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_actualInternetGatewayRoutes
- The actual internet gateway routes.
$sel:currentFirewallSubnetRouteTable:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_currentFirewallSubnetRouteTable
- Information about the subnet route table for the current firewall.
$sel:currentInternetGatewayRouteTable:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_currentInternetGatewayRouteTable
- The current route table for the internet gateway.
$sel:expectedFirewallEndpoint:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallEndpoint
- The expected endpoint for the current firewall.
$sel:expectedFirewallSubnetRoutes:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallSubnetRoutes
- The firewall subnet routes that are expected.
$sel:expectedInternetGatewayRoutes:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_expectedInternetGatewayRoutes
- The internet gateway routes that are expected.
$sel:firewallSubnetId:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_firewallSubnetId
- The firewall subnet ID.
$sel:internetGatewayId:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_internetGatewayId
- The internet gateway ID.
$sel:isRouteTableUsedInDifferentAZ:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_isRouteTableUsedInDifferentAZ
- Information about whether the route table is used in another
Availability Zone.
NetworkFirewallInternetTrafficNotInspectedViolation
, networkFirewallInternetTrafficNotInspectedViolation_routeTableId
- Information about the route table ID.
$sel:subnetAvailabilityZone:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_subnetAvailabilityZone
- The subnet Availability Zone.
$sel:subnetId:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_subnetId
- The subnet ID.
$sel:violatingRoutes:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_violatingRoutes
- The route or routes that are in violation.
$sel:vpcId:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_vpcId
- Information about the VPC ID.
NetworkFirewallInvalidRouteConfigurationViolation
data NetworkFirewallInvalidRouteConfigurationViolation Source #
Violation detail for the improperly configured subnet route. It's possible there is a missing route table route, or a configuration that causes traffic to cross an Availability Zone boundary.
See: newNetworkFirewallInvalidRouteConfigurationViolation
smart constructor.
NetworkFirewallInvalidRouteConfigurationViolation' (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe [Route]) (Maybe [Text]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [ExpectedRoute]) (Maybe [ExpectedRoute]) (Maybe Text) (Maybe Bool) (Maybe Text) (Maybe Route) (Maybe Text) |
Instances
newNetworkFirewallInvalidRouteConfigurationViolation :: NetworkFirewallInvalidRouteConfigurationViolation Source #
Create a value of NetworkFirewallInvalidRouteConfigurationViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actualFirewallEndpoint:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_actualFirewallEndpoint
- The actual firewall endpoint.
$sel:actualFirewallSubnetId:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetId
- The actual subnet ID for the firewall.
$sel:actualFirewallSubnetRoutes:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetRoutes
- The actual firewall subnet routes that are expected.
$sel:actualInternetGatewayRoutes:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_actualInternetGatewayRoutes
- The actual internet gateway routes.
$sel:affectedSubnets:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_affectedSubnets
- The subnets that are affected.
$sel:currentFirewallSubnetRouteTable:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_currentFirewallSubnetRouteTable
- The subnet route table for the current firewall.
$sel:currentInternetGatewayRouteTable:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_currentInternetGatewayRouteTable
- The route table for the current internet gateway.
$sel:expectedFirewallEndpoint:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_expectedFirewallEndpoint
- The firewall endpoint that's expected.
$sel:expectedFirewallSubnetId:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetId
- The expected subnet ID for the firewall.
$sel:expectedFirewallSubnetRoutes:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetRoutes
- The firewall subnet routes that are expected.
$sel:expectedInternetGatewayRoutes:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_expectedInternetGatewayRoutes
- The expected routes for the internet gateway.
$sel:internetGatewayId:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_internetGatewayId
- The internet gateway ID.
$sel:isRouteTableUsedInDifferentAZ:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_isRouteTableUsedInDifferentAZ
- Information about whether the route table is used in another
Availability Zone.
NetworkFirewallInvalidRouteConfigurationViolation
, networkFirewallInvalidRouteConfigurationViolation_routeTableId
- The route table ID.
$sel:violatingRoute:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_violatingRoute
- The route that's in violation.
$sel:vpcId:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_vpcId
- Information about the VPC ID.
NetworkFirewallMissingExpectedRTViolation
data NetworkFirewallMissingExpectedRTViolation Source #
Violation detail for Network Firewall for a subnet that's not associated to the expected Firewall Manager managed route table.
See: newNetworkFirewallMissingExpectedRTViolation
smart constructor.
NetworkFirewallMissingExpectedRTViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newNetworkFirewallMissingExpectedRTViolation :: NetworkFirewallMissingExpectedRTViolation Source #
Create a value of NetworkFirewallMissingExpectedRTViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:NetworkFirewallMissingExpectedRTViolation'
, networkFirewallMissingExpectedRTViolation_availabilityZone
- The Availability Zone of a violating subnet.
$sel:currentRouteTable:NetworkFirewallMissingExpectedRTViolation'
, networkFirewallMissingExpectedRTViolation_currentRouteTable
- The resource ID of the current route table that's associated with the
subnet, if one is available.
$sel:expectedRouteTable:NetworkFirewallMissingExpectedRTViolation'
, networkFirewallMissingExpectedRTViolation_expectedRouteTable
- The resource ID of the route table that should be associated with the
subnet.
$sel:vpc:NetworkFirewallMissingExpectedRTViolation'
, networkFirewallMissingExpectedRTViolation_vpc
- The resource ID of the VPC associated with a violating subnet.
$sel:violationTarget:NetworkFirewallMissingExpectedRTViolation'
, networkFirewallMissingExpectedRTViolation_violationTarget
- The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallMissingExpectedRoutesViolation
data NetworkFirewallMissingExpectedRoutesViolation Source #
Violation detail for an expected route missing in Network Firewall.
See: newNetworkFirewallMissingExpectedRoutesViolation
smart constructor.
Instances
newNetworkFirewallMissingExpectedRoutesViolation :: NetworkFirewallMissingExpectedRoutesViolation Source #
Create a value of NetworkFirewallMissingExpectedRoutesViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:expectedRoutes:NetworkFirewallMissingExpectedRoutesViolation'
, networkFirewallMissingExpectedRoutesViolation_expectedRoutes
- The expected routes.
$sel:violationTarget:NetworkFirewallMissingExpectedRoutesViolation'
, networkFirewallMissingExpectedRoutesViolation_violationTarget
- The target of the violation.
$sel:vpcId:NetworkFirewallMissingExpectedRoutesViolation'
, networkFirewallMissingExpectedRoutesViolation_vpcId
- Information about the VPC ID.
NetworkFirewallMissingFirewallViolation
data NetworkFirewallMissingFirewallViolation Source #
Violation detail for Network Firewall for a subnet that doesn't have a Firewall Manager managed firewall in its VPC.
See: newNetworkFirewallMissingFirewallViolation
smart constructor.
Instances
newNetworkFirewallMissingFirewallViolation :: NetworkFirewallMissingFirewallViolation Source #
Create a value of NetworkFirewallMissingFirewallViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:NetworkFirewallMissingFirewallViolation'
, networkFirewallMissingFirewallViolation_availabilityZone
- The Availability Zone of a violating subnet.
$sel:targetViolationReason:NetworkFirewallMissingFirewallViolation'
, networkFirewallMissingFirewallViolation_targetViolationReason
- The reason the resource has this violation, if one is available.
$sel:vpc:NetworkFirewallMissingFirewallViolation'
, networkFirewallMissingFirewallViolation_vpc
- The resource ID of the VPC associated with a violating subnet.
$sel:violationTarget:NetworkFirewallMissingFirewallViolation'
, networkFirewallMissingFirewallViolation_violationTarget
- The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallMissingSubnetViolation
data NetworkFirewallMissingSubnetViolation Source #
Violation detail for Network Firewall for an Availability Zone that's missing the expected Firewall Manager managed subnet.
See: newNetworkFirewallMissingSubnetViolation
smart constructor.
Instances
newNetworkFirewallMissingSubnetViolation :: NetworkFirewallMissingSubnetViolation Source #
Create a value of NetworkFirewallMissingSubnetViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:NetworkFirewallMissingSubnetViolation'
, networkFirewallMissingSubnetViolation_availabilityZone
- The Availability Zone of a violating subnet.
$sel:targetViolationReason:NetworkFirewallMissingSubnetViolation'
, networkFirewallMissingSubnetViolation_targetViolationReason
- The reason the resource has this violation, if one is available.
$sel:vpc:NetworkFirewallMissingSubnetViolation'
, networkFirewallMissingSubnetViolation_vpc
- The resource ID of the VPC associated with a violating subnet.
$sel:violationTarget:NetworkFirewallMissingSubnetViolation'
, networkFirewallMissingSubnetViolation_violationTarget
- The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallPolicy
data NetworkFirewallPolicy Source #
Configures the firewall policy deployment model of Network Firewall. For information about Network Firewall deployment models, see Network Firewall example architectures with routing in the Network Firewall Developer Guide.
See: newNetworkFirewallPolicy
smart constructor.
Instances
newNetworkFirewallPolicy :: NetworkFirewallPolicy Source #
Create a value of NetworkFirewallPolicy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallDeploymentModel:NetworkFirewallPolicy'
, networkFirewallPolicy_firewallDeploymentModel
- Defines the deployment model to use for the firewall policy. To use a
distributed model, set
PolicyOption
to NULL
.
NetworkFirewallPolicyDescription
data NetworkFirewallPolicyDescription Source #
The definition of the Network Firewall firewall policy.
See: newNetworkFirewallPolicyDescription
smart constructor.
NetworkFirewallPolicyDescription' (Maybe [Text]) (Maybe StatefulEngineOptions) (Maybe [StatefulRuleGroup]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [StatelessRuleGroup]) |
Instances
newNetworkFirewallPolicyDescription :: NetworkFirewallPolicyDescription Source #
Create a value of NetworkFirewallPolicyDescription
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:statefulDefaultActions:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statefulDefaultActions
- The default actions to take on a packet that doesn't match any stateful
rules. The stateful default action is optional, and is only valid when
using the strict rule order.
Valid values of the stateful default action:
- aws:drop_strict
- aws:drop_established
- aws:alert_strict
- aws:alert_established
$sel:statefulEngineOptions:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statefulEngineOptions
- Additional options governing how Network Firewall handles stateful
rules. The stateful rule groups that you use in your policy must have
stateful rule options settings that are compatible with these settings.
$sel:statefulRuleGroups:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statefulRuleGroups
- The stateful rule groups that are used in the Network Firewall firewall
policy.
$sel:statelessCustomActions:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statelessCustomActions
- Names of custom actions that are available for use in the stateless
default actions settings.
$sel:statelessDefaultActions:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statelessDefaultActions
- The actions to take on packets that don't match any of the stateless
rule groups.
$sel:statelessFragmentDefaultActions:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statelessFragmentDefaultActions
- The actions to take on packet fragments that don't match any of the
stateless rule groups.
$sel:statelessRuleGroups:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statelessRuleGroups
- The stateless rule groups that are used in the Network Firewall firewall
policy.
NetworkFirewallPolicyModifiedViolation
data NetworkFirewallPolicyModifiedViolation Source #
Violation detail for Network Firewall for a firewall policy that has a different NetworkFirewallPolicyDescription than is required by the Firewall Manager policy.
See: newNetworkFirewallPolicyModifiedViolation
smart constructor.
NetworkFirewallPolicyModifiedViolation' (Maybe NetworkFirewallPolicyDescription) (Maybe NetworkFirewallPolicyDescription) (Maybe Text) |
Instances
newNetworkFirewallPolicyModifiedViolation :: NetworkFirewallPolicyModifiedViolation Source #
Create a value of NetworkFirewallPolicyModifiedViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:currentPolicyDescription:NetworkFirewallPolicyModifiedViolation'
, networkFirewallPolicyModifiedViolation_currentPolicyDescription
- The policy that's currently in use in the individual account.
$sel:expectedPolicyDescription:NetworkFirewallPolicyModifiedViolation'
, networkFirewallPolicyModifiedViolation_expectedPolicyDescription
- The policy that should be in use in the individual account in order to
be compliant.
$sel:violationTarget:NetworkFirewallPolicyModifiedViolation'
, networkFirewallPolicyModifiedViolation_violationTarget
- The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallStatefulRuleGroupOverride
data NetworkFirewallStatefulRuleGroupOverride Source #
The setting that allows the policy owner to change the behavior of the rule group within a policy.
See: newNetworkFirewallStatefulRuleGroupOverride
smart constructor.
Instances
FromJSON NetworkFirewallStatefulRuleGroupOverride Source # | |
Generic NetworkFirewallStatefulRuleGroupOverride Source # | |
Read NetworkFirewallStatefulRuleGroupOverride Source # | |
Show NetworkFirewallStatefulRuleGroupOverride Source # | |
NFData NetworkFirewallStatefulRuleGroupOverride Source # | |
Eq NetworkFirewallStatefulRuleGroupOverride Source # | |
Hashable NetworkFirewallStatefulRuleGroupOverride Source # | |
type Rep NetworkFirewallStatefulRuleGroupOverride Source # | |
Defined in Amazonka.FMS.Types.NetworkFirewallStatefulRuleGroupOverride type Rep NetworkFirewallStatefulRuleGroupOverride = D1 ('MetaData "NetworkFirewallStatefulRuleGroupOverride" "Amazonka.FMS.Types.NetworkFirewallStatefulRuleGroupOverride" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "NetworkFirewallStatefulRuleGroupOverride'" 'PrefixI 'True) (S1 ('MetaSel ('Just "action") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe NetworkFirewallOverrideAction)))) |
newNetworkFirewallStatefulRuleGroupOverride :: NetworkFirewallStatefulRuleGroupOverride Source #
Create a value of NetworkFirewallStatefulRuleGroupOverride
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:action:NetworkFirewallStatefulRuleGroupOverride'
, networkFirewallStatefulRuleGroupOverride_action
- The action that changes the rule group from DROP
to ALERT
. This only
applies to managed rule groups.
NetworkFirewallUnexpectedFirewallRoutesViolation
data NetworkFirewallUnexpectedFirewallRoutesViolation Source #
Violation detail for an unexpected route that's present in a route table.
See: newNetworkFirewallUnexpectedFirewallRoutesViolation
smart constructor.
NetworkFirewallUnexpectedFirewallRoutesViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text) |
Instances
newNetworkFirewallUnexpectedFirewallRoutesViolation :: NetworkFirewallUnexpectedFirewallRoutesViolation Source #
Create a value of NetworkFirewallUnexpectedFirewallRoutesViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallEndpoint:NetworkFirewallUnexpectedFirewallRoutesViolation'
, networkFirewallUnexpectedFirewallRoutesViolation_firewallEndpoint
- The endpoint of the firewall.
$sel:firewallSubnetId:NetworkFirewallUnexpectedFirewallRoutesViolation'
, networkFirewallUnexpectedFirewallRoutesViolation_firewallSubnetId
- The subnet ID for the firewall.
$sel:routeTableId:NetworkFirewallUnexpectedFirewallRoutesViolation'
, networkFirewallUnexpectedFirewallRoutesViolation_routeTableId
- The ID of the route table.
$sel:violatingRoutes:NetworkFirewallUnexpectedFirewallRoutesViolation'
, networkFirewallUnexpectedFirewallRoutesViolation_violatingRoutes
- The routes that are in violation.
$sel:vpcId:NetworkFirewallUnexpectedFirewallRoutesViolation'
, networkFirewallUnexpectedFirewallRoutesViolation_vpcId
- Information about the VPC ID.
NetworkFirewallUnexpectedGatewayRoutesViolation
data NetworkFirewallUnexpectedGatewayRoutesViolation Source #
Violation detail for an unexpected gateway route that’s present in a route table.
See: newNetworkFirewallUnexpectedGatewayRoutesViolation
smart constructor.
NetworkFirewallUnexpectedGatewayRoutesViolation' (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text) |
Instances
newNetworkFirewallUnexpectedGatewayRoutesViolation :: NetworkFirewallUnexpectedGatewayRoutesViolation Source #
Create a value of NetworkFirewallUnexpectedGatewayRoutesViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:gatewayId:NetworkFirewallUnexpectedGatewayRoutesViolation'
, networkFirewallUnexpectedGatewayRoutesViolation_gatewayId
- Information about the gateway ID.
$sel:routeTableId:NetworkFirewallUnexpectedGatewayRoutesViolation'
, networkFirewallUnexpectedGatewayRoutesViolation_routeTableId
- Information about the route table.
$sel:violatingRoutes:NetworkFirewallUnexpectedGatewayRoutesViolation'
, networkFirewallUnexpectedGatewayRoutesViolation_violatingRoutes
- The routes that are in violation.
$sel:vpcId:NetworkFirewallUnexpectedGatewayRoutesViolation'
, networkFirewallUnexpectedGatewayRoutesViolation_vpcId
- Information about the VPC ID.
PartialMatch
data PartialMatch Source #
The reference rule that partially matches the ViolationTarget
rule and
violation reason.
See: newPartialMatch
smart constructor.
PartialMatch' (Maybe Text) (Maybe [Text]) |
Instances
newPartialMatch :: PartialMatch Source #
Create a value of PartialMatch
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:reference:PartialMatch'
, partialMatch_reference
- The reference rule from the primary security group of the Firewall
Manager policy.
$sel:targetViolationReasons:PartialMatch'
, partialMatch_targetViolationReasons
- The violation reason.
Policy
An Firewall Manager policy.
See: newPolicy
smart constructor.
Policy' (Maybe Bool) (Maybe (HashMap CustomerPolicyScopeIdType [Text])) (Maybe (HashMap CustomerPolicyScopeIdType [Text])) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Text]) (Maybe [ResourceTag]) (Maybe [Text]) Text SecurityServicePolicyData Text Bool Bool |
Instances
Create a value of Policy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:deleteUnusedFMManagedResources:Policy'
, policy_deleteUnusedFMManagedResources
- Indicates whether Firewall Manager should automatically remove
protections from resources that leave the policy scope and clean up
resources that Firewall Manager is managing for accounts when those
accounts leave policy scope. For example, Firewall Manager will
disassociate a Firewall Manager managed web ACL from a protected
customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
$sel:excludeMap:Policy'
, policy_excludeMap
- Specifies the Amazon Web Services account IDs and Organizations
organizational units (OUs) to exclude from the policy. Specifying an OU
is the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a
later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap
, Firewall Manager applies the policy to all accounts
specified by the IncludeMap
, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT
. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}
. - Specify OUs by setting the key to
ORG_UNIT
. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}
. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
$sel:includeMap:Policy'
, policy_includeMap
- Specifies the Amazon Web Services account IDs and Organizations
organizational units (OUs) to include in the policy. Specifying an OU is
the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a
later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap
, Firewall Manager applies the policy to all accounts
specified by the IncludeMap
, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT
. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}
. - Specify OUs by setting the key to
ORG_UNIT
. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}
. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
$sel:policyDescription:Policy'
, policy_policyDescription
- The definition of the Network Firewall firewall policy.
$sel:policyId:Policy'
, policy_policyId
- The ID of the Firewall Manager policy.
$sel:policyUpdateToken:Policy'
, policy_policyUpdateToken
- A unique identifier for each update to the policy. When issuing a
PutPolicy
request, the PolicyUpdateToken
in the request must match
the PolicyUpdateToken
of the current policy version. To get the
PolicyUpdateToken
of the current policy version, use a GetPolicy
request.
$sel:resourceSetIds:Policy'
, policy_resourceSetIds
- The unique identifiers of the resource sets used by the policy.
$sel:resourceTags:Policy'
, policy_resourceTags
- An array of ResourceTag
objects.
$sel:resourceTypeList:Policy'
, policy_resourceTypeList
- An array of ResourceType
objects. Use this only to specify multiple
resource types. To specify a single resource type, use ResourceType
.
$sel:policyName:Policy'
, policy_policyName
- The name of the Firewall Manager policy.
$sel:securityServicePolicyData:Policy'
, policy_securityServicePolicyData
- Details about the security service that is being used to protect the
resources.
$sel:resourceType:Policy'
, policy_resourceType
- The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
To apply this policy to multiple resource types, specify a resource type
of ResourceTypeList
and then specify the resource types in a
ResourceTypeList
.
For WAF and Shield Advanced, resource types include
AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::ElasticLoadBalancing::LoadBalancer
, AWS::EC2::EIP
, and
AWS::CloudFront::Distribution
. For a security group common policy,
valid values are AWS::EC2::NetworkInterface
and AWS::EC2::Instance
.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup
, AWS::EC2::NetworkInterface
, and
AWS::EC2::Instance
. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup
. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC
.
$sel:excludeResourceTags:Policy'
, policy_excludeResourceTags
- If set to True
, resources with the tags that are specified in the
ResourceTag
array are not in scope of the policy. If set to False
,
and the ResourceTag
array is not null, only resources with the
specified tags are in scope of the policy.
$sel:remediationEnabled:Policy'
, policy_remediationEnabled
- Indicates if the policy should be automatically applied to new
resources.
PolicyComplianceDetail
data PolicyComplianceDetail Source #
Describes the noncompliant resources in a member account for a specific
Firewall Manager policy. A maximum of 100 entries are displayed. If more
than 100 resources are noncompliant, EvaluationLimitExceeded
is set to
True
.
See: newPolicyComplianceDetail
smart constructor.
PolicyComplianceDetail' (Maybe Bool) (Maybe POSIX) (Maybe (HashMap DependentServiceName Text)) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [ComplianceViolator]) |
Instances
newPolicyComplianceDetail :: PolicyComplianceDetail Source #
Create a value of PolicyComplianceDetail
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:evaluationLimitExceeded:PolicyComplianceDetail'
, policyComplianceDetail_evaluationLimitExceeded
- Indicates if over 100 resources are noncompliant with the Firewall
Manager policy.
$sel:expiredAt:PolicyComplianceDetail'
, policyComplianceDetail_expiredAt
- A timestamp that indicates when the returned information should be
considered out of date.
$sel:issueInfoMap:PolicyComplianceDetail'
, policyComplianceDetail_issueInfoMap
- Details about problems with dependent services, such as WAF or Config,
and the error message received that indicates the problem with the
service.
$sel:memberAccount:PolicyComplianceDetail'
, policyComplianceDetail_memberAccount
- The Amazon Web Services account ID.
$sel:policyId:PolicyComplianceDetail'
, policyComplianceDetail_policyId
- The ID of the Firewall Manager policy.
$sel:policyOwner:PolicyComplianceDetail'
, policyComplianceDetail_policyOwner
- The Amazon Web Services account that created the Firewall Manager
policy.
$sel:violators:PolicyComplianceDetail'
, policyComplianceDetail_violators
- An array of resources that aren't protected by the WAF or Shield
Advanced policy or that aren't in compliance with the security group
policy.
PolicyComplianceStatus
data PolicyComplianceStatus Source #
Indicates whether the account is compliant with the specified policy. An account is considered noncompliant if it includes resources that are not protected by the policy, for WAF and Shield Advanced policies, or that are noncompliant with the policy, for security group policies.
See: newPolicyComplianceStatus
smart constructor.
PolicyComplianceStatus' (Maybe [EvaluationResult]) (Maybe (HashMap DependentServiceName Text)) (Maybe POSIX) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newPolicyComplianceStatus :: PolicyComplianceStatus Source #
Create a value of PolicyComplianceStatus
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:evaluationResults:PolicyComplianceStatus'
, policyComplianceStatus_evaluationResults
- An array of EvaluationResult
objects.
$sel:issueInfoMap:PolicyComplianceStatus'
, policyComplianceStatus_issueInfoMap
- Details about problems with dependent services, such as WAF or Config,
and the error message received that indicates the problem with the
service.
$sel:lastUpdated:PolicyComplianceStatus'
, policyComplianceStatus_lastUpdated
- Timestamp of the last update to the EvaluationResult
objects.
$sel:memberAccount:PolicyComplianceStatus'
, policyComplianceStatus_memberAccount
- The member account ID.
$sel:policyId:PolicyComplianceStatus'
, policyComplianceStatus_policyId
- The ID of the Firewall Manager policy.
$sel:policyName:PolicyComplianceStatus'
, policyComplianceStatus_policyName
- The name of the Firewall Manager policy.
$sel:policyOwner:PolicyComplianceStatus'
, policyComplianceStatus_policyOwner
- The Amazon Web Services account that created the Firewall Manager
policy.
PolicyOption
data PolicyOption Source #
Contains the Network Firewall firewall policy options to configure the policy's deployment model and third-party firewall policy settings.
See: newPolicyOption
smart constructor.
Instances
newPolicyOption :: PolicyOption Source #
Create a value of PolicyOption
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:networkFirewallPolicy:PolicyOption'
, policyOption_networkFirewallPolicy
- Defines the deployment model to use for the firewall policy.
$sel:thirdPartyFirewallPolicy:PolicyOption'
, policyOption_thirdPartyFirewallPolicy
- Defines the policy options for a third-party firewall policy.
PolicySummary
data PolicySummary Source #
Details of the Firewall Manager policy.
See: newPolicySummary
smart constructor.
PolicySummary' (Maybe Bool) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) (Maybe SecurityServiceType) |
Instances
newPolicySummary :: PolicySummary Source #
Create a value of PolicySummary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:deleteUnusedFMManagedResources:PolicySummary'
, policySummary_deleteUnusedFMManagedResources
- Indicates whether Firewall Manager should automatically remove
protections from resources that leave the policy scope and clean up
resources that Firewall Manager is managing for accounts when those
accounts leave policy scope. For example, Firewall Manager will
disassociate a Firewall Manager managed web ACL from a protected
customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
$sel:policyArn:PolicySummary'
, policySummary_policyArn
- The Amazon Resource Name (ARN) of the specified policy.
$sel:policyId:PolicySummary'
, policySummary_policyId
- The ID of the specified policy.
$sel:policyName:PolicySummary'
, policySummary_policyName
- The name of the specified policy.
$sel:remediationEnabled:PolicySummary'
, policySummary_remediationEnabled
- Indicates if the policy should be automatically applied to new
resources.
$sel:resourceType:PolicySummary'
, policySummary_resourceType
- The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
For WAF and Shield Advanced, examples include
AWS::ElasticLoadBalancingV2::LoadBalancer
and
AWS::CloudFront::Distribution
. For a security group common policy,
valid values are AWS::EC2::NetworkInterface
and AWS::EC2::Instance
.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup
, AWS::EC2::NetworkInterface
, and
AWS::EC2::Instance
. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup
. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC
.
$sel:securityServiceType:PolicySummary'
, policySummary_securityServiceType
- The service that the policy is using to protect the resources. This
specifies the type of policy that is created, either an WAF policy, a
Shield Advanced policy, or a security group policy.
PossibleRemediationAction
data PossibleRemediationAction Source #
A list of remediation actions.
See: newPossibleRemediationAction
smart constructor.
Instances
newPossibleRemediationAction :: PossibleRemediationAction Source #
Create a value of PossibleRemediationAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:PossibleRemediationAction'
, possibleRemediationAction_description
- A description of the list of remediation actions.
$sel:isDefaultAction:PossibleRemediationAction'
, possibleRemediationAction_isDefaultAction
- Information about whether an action is taken by default.
$sel:orderedRemediationActions:PossibleRemediationAction'
, possibleRemediationAction_orderedRemediationActions
- The ordered list of remediation actions.
PossibleRemediationActions
data PossibleRemediationActions Source #
A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.
See: newPossibleRemediationActions
smart constructor.
Instances
newPossibleRemediationActions :: PossibleRemediationActions Source #
Create a value of PossibleRemediationActions
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actions:PossibleRemediationActions'
, possibleRemediationActions_actions
- Information about the actions.
PossibleRemediationActions
, possibleRemediationActions_description
- A description of the possible remediation actions list.
ProtocolsListData
data ProtocolsListData Source #
An Firewall Manager protocols list.
See: newProtocolsListData
smart constructor.
ProtocolsListData' (Maybe POSIX) (Maybe POSIX) (Maybe Text) (Maybe Text) (Maybe (HashMap Text [Text])) Text [Text] |
Instances
Create a value of ProtocolsListData
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:createTime:ProtocolsListData'
, protocolsListData_createTime
- The time that the Firewall Manager protocols list was created.
$sel:lastUpdateTime:ProtocolsListData'
, protocolsListData_lastUpdateTime
- The time that the Firewall Manager protocols list was last updated.
$sel:listId:ProtocolsListData'
, protocolsListData_listId
- The ID of the Firewall Manager protocols list.
$sel:listUpdateToken:ProtocolsListData'
, protocolsListData_listUpdateToken
- A unique identifier for each update to the list. When you update the
list, the update token must match the token of the current version of
the application list. You can retrieve the update token by getting the
list.
$sel:previousProtocolsList:ProtocolsListData'
, protocolsListData_previousProtocolsList
- A map of previous version numbers to their corresponding protocol
arrays.
$sel:listName:ProtocolsListData'
, protocolsListData_listName
- The name of the Firewall Manager protocols list.
$sel:protocolsList:ProtocolsListData'
, protocolsListData_protocolsList
- An array of protocols in the Firewall Manager protocols list.
ProtocolsListDataSummary
data ProtocolsListDataSummary Source #
Details of the Firewall Manager protocols list.
See: newProtocolsListDataSummary
smart constructor.
Instances
newProtocolsListDataSummary :: ProtocolsListDataSummary Source #
Create a value of ProtocolsListDataSummary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:listArn:ProtocolsListDataSummary'
, protocolsListDataSummary_listArn
- The Amazon Resource Name (ARN) of the specified protocols list.
$sel:listId:ProtocolsListDataSummary'
, protocolsListDataSummary_listId
- The ID of the specified protocols list.
$sel:listName:ProtocolsListDataSummary'
, protocolsListDataSummary_listName
- The name of the specified protocols list.
$sel:protocolsList:ProtocolsListDataSummary'
, protocolsListDataSummary_protocolsList
- An array of protocols in the Firewall Manager protocols list.
RemediationAction
data RemediationAction Source #
Information about an individual action you can take to remediate a violation.
See: newRemediationAction
smart constructor.
Instances
newRemediationAction :: RemediationAction Source #
Create a value of RemediationAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
RemediationAction
, remediationAction_description
- A description of a remediation action.
$sel:eC2AssociateRouteTableAction:RemediationAction'
, remediationAction_eC2AssociateRouteTableAction
- Information about the AssociateRouteTable action in the Amazon EC2 API.
$sel:eC2CopyRouteTableAction:RemediationAction'
, remediationAction_eC2CopyRouteTableAction
- Information about the CopyRouteTable action in the Amazon EC2 API.
$sel:eC2CreateRouteAction:RemediationAction'
, remediationAction_eC2CreateRouteAction
- Information about the CreateRoute action in the Amazon EC2 API.
$sel:eC2CreateRouteTableAction:RemediationAction'
, remediationAction_eC2CreateRouteTableAction
- Information about the CreateRouteTable action in the Amazon EC2 API.
$sel:eC2DeleteRouteAction:RemediationAction'
, remediationAction_eC2DeleteRouteAction
- Information about the DeleteRoute action in the Amazon EC2 API.
$sel:eC2ReplaceRouteAction:RemediationAction'
, remediationAction_eC2ReplaceRouteAction
- Information about the ReplaceRoute action in the Amazon EC2 API.
$sel:eC2ReplaceRouteTableAssociationAction:RemediationAction'
, remediationAction_eC2ReplaceRouteTableAssociationAction
- Information about the ReplaceRouteTableAssociation action in the Amazon
EC2 API.
$sel:fMSPolicyUpdateFirewallCreationConfigAction:RemediationAction'
, remediationAction_fMSPolicyUpdateFirewallCreationConfigAction
- The remedial action to take when updating a firewall configuration.
RemediationActionWithOrder
data RemediationActionWithOrder Source #
An ordered list of actions you can take to remediate a violation.
See: newRemediationActionWithOrder
smart constructor.
Instances
newRemediationActionWithOrder :: RemediationActionWithOrder Source #
Create a value of RemediationActionWithOrder
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:order:RemediationActionWithOrder'
, remediationActionWithOrder_order
- The order of the remediation actions in the list.
$sel:remediationAction:RemediationActionWithOrder'
, remediationActionWithOrder_remediationAction
- Information about an action you can take to remediate a violation.
Resource
Details of a resource that is associated to an Firewall Manager resource set.
See: newResource
smart constructor.
Instances
FromJSON Resource Source # | |
Generic Resource Source # | |
Read Resource Source # | |
Show Resource Source # | |
NFData Resource Source # | |
Defined in Amazonka.FMS.Types.Resource | |
Eq Resource Source # | |
Hashable Resource Source # | |
Defined in Amazonka.FMS.Types.Resource | |
type Rep Resource Source # | |
Defined in Amazonka.FMS.Types.Resource type Rep Resource = D1 ('MetaData "Resource" "Amazonka.FMS.Types.Resource" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "Resource'" 'PrefixI 'True) (S1 ('MetaSel ('Just "accountId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "uri") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) |
Create a value of Resource
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountId:Resource'
, resource_accountId
- The Amazon Web Services account ID that the associated resource belongs
to.
$sel:uri:Resource'
, resource_uri
- The resource's universal resource indicator (URI).
ResourceSet
data ResourceSet Source #
A set of resources to include in a policy.
See: newResourceSet
smart constructor.
Instances
Create a value of ResourceSet
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:ResourceSet'
, resourceSet_description
- A description of the resource set.
$sel:id:ResourceSet'
, resourceSet_id
- A unique identifier for the resource set. This ID is returned in the
responses to create and list commands. You provide it to operations like
update and delete.
$sel:lastUpdateTime:ResourceSet'
, resourceSet_lastUpdateTime
- The last time that the resource set was changed.
$sel:updateToken:ResourceSet'
, resourceSet_updateToken
- An optional token that you can use for optimistic locking. Firewall
Manager returns a token to your requests that access the resource set.
The token marks the state of the resource set resource at the time of
the request. Update tokens are not allowed when creating a resource set.
After creation, each subsequent update call to the resource set requires
the update token.
To make an unconditional change to the resource set, omit the token in your update request. Without the token, Firewall Manager performs your updates regardless of whether the resource set has changed since you last retrieved it.
To make a conditional change to the resource set, provide the token in
your update request. Firewall Manager uses the token to ensure that the
resource set hasn't changed since you last retrieved it. If it has
changed, the operation fails with an InvalidTokenException
. If this
happens, retrieve the resource set again to get a current copy of it
with a new token. Reapply your changes as needed, then try the operation
again using the new token.
$sel:name:ResourceSet'
, resourceSet_name
- The descriptive name of the resource set. You can't change the name of
a resource set after you create it.
$sel:resourceTypeList:ResourceSet'
, resourceSet_resourceTypeList
- Determines the resources that can be associated to the resource set.
Depending on your setting for max results and the number of resource
sets, a single call might not return the full list.
ResourceSetSummary
data ResourceSetSummary Source #
Summarizes the resource sets used in a policy.
See: newResourceSetSummary
smart constructor.
Instances
newResourceSetSummary :: ResourceSetSummary Source #
Create a value of ResourceSetSummary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:ResourceSetSummary'
, resourceSetSummary_description
- A description of the resource set.
$sel:id:ResourceSetSummary'
, resourceSetSummary_id
- A unique identifier for the resource set. This ID is returned in the
responses to create and list commands. You provide it to operations like
update and delete.
$sel:lastUpdateTime:ResourceSetSummary'
, resourceSetSummary_lastUpdateTime
- The last time that the resource set was changed.
$sel:name:ResourceSetSummary'
, resourceSetSummary_name
- The descriptive name of the resource set. You can't change the name of
a resource set after you create it.
ResourceTag
data ResourceTag Source #
The resource tags that Firewall Manager uses to determine if a particular resource should be included or excluded from the Firewall Manager policy. Tags enable you to categorize your Amazon Web Services resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value. Firewall Manager combines the tags with "AND" so that, if you add more than one tag to a policy scope, a resource must have all the specified tags to be included or excluded. For more information, see Working with Tag Editor.
See: newResourceTag
smart constructor.
Instances
Create a value of ResourceTag
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:value:ResourceTag'
, resourceTag_value
- The resource tag value.
$sel:key:ResourceTag'
, resourceTag_key
- The resource tag key.
ResourceViolation
data ResourceViolation Source #
Violation detail based on resource type.
See: newResourceViolation
smart constructor.
Instances
newResourceViolation :: ResourceViolation Source #
Create a value of ResourceViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:awsEc2InstanceViolation:ResourceViolation'
, resourceViolation_awsEc2InstanceViolation
- Violation detail for an EC2 instance.
$sel:awsEc2NetworkInterfaceViolation:ResourceViolation'
, resourceViolation_awsEc2NetworkInterfaceViolation
- Violation detail for a network interface.
$sel:awsVPCSecurityGroupViolation:ResourceViolation'
, resourceViolation_awsVPCSecurityGroupViolation
- Violation detail for security groups.
$sel:dnsDuplicateRuleGroupViolation:ResourceViolation'
, resourceViolation_dnsDuplicateRuleGroupViolation
- Violation detail for a DNS Firewall policy that indicates that a rule
group that Firewall Manager tried to associate with a VPC is already
associated with the VPC and can't be associated again.
$sel:dnsRuleGroupLimitExceededViolation:ResourceViolation'
, resourceViolation_dnsRuleGroupLimitExceededViolation
- Violation detail for a DNS Firewall policy that indicates that the VPC
reached the limit for associated DNS Firewall rule groups. Firewall
Manager tried to associate another rule group with the VPC and failed.
$sel:dnsRuleGroupPriorityConflictViolation:ResourceViolation'
, resourceViolation_dnsRuleGroupPriorityConflictViolation
- Violation detail for a DNS Firewall policy that indicates that a rule
group that Firewall Manager tried to associate with a VPC has the same
priority as a rule group that's already associated.
$sel:firewallSubnetIsOutOfScopeViolation:ResourceViolation'
, resourceViolation_firewallSubnetIsOutOfScopeViolation
- Contains details about the firewall subnet that violates the policy
scope.
$sel:firewallSubnetMissingVPCEndpointViolation:ResourceViolation'
, resourceViolation_firewallSubnetMissingVPCEndpointViolation
- The violation details for a third-party firewall's VPC endpoint subnet
that was deleted.
$sel:networkFirewallBlackHoleRouteDetectedViolation:ResourceViolation'
, resourceViolation_networkFirewallBlackHoleRouteDetectedViolation
- Undocumented member.
$sel:networkFirewallInternetTrafficNotInspectedViolation:ResourceViolation'
, resourceViolation_networkFirewallInternetTrafficNotInspectedViolation
- Violation detail for the subnet for which internet traffic hasn't been
inspected.
$sel:networkFirewallInvalidRouteConfigurationViolation:ResourceViolation'
, resourceViolation_networkFirewallInvalidRouteConfigurationViolation
- The route configuration is invalid.
$sel:networkFirewallMissingExpectedRTViolation:ResourceViolation'
, resourceViolation_networkFirewallMissingExpectedRTViolation
- Violation detail for an Network Firewall policy that indicates that a
subnet is not associated with the expected Firewall Manager managed
route table.
$sel:networkFirewallMissingExpectedRoutesViolation:ResourceViolation'
, resourceViolation_networkFirewallMissingExpectedRoutesViolation
- Expected routes are missing from Network Firewall.
$sel:networkFirewallMissingFirewallViolation:ResourceViolation'
, resourceViolation_networkFirewallMissingFirewallViolation
- Violation detail for an Network Firewall policy that indicates that a
subnet has no Firewall Manager managed firewall in its VPC.
$sel:networkFirewallMissingSubnetViolation:ResourceViolation'
, resourceViolation_networkFirewallMissingSubnetViolation
- Violation detail for an Network Firewall policy that indicates that an
Availability Zone is missing the expected Firewall Manager managed
subnet.
$sel:networkFirewallPolicyModifiedViolation:ResourceViolation'
, resourceViolation_networkFirewallPolicyModifiedViolation
- Violation detail for an Network Firewall policy that indicates that a
firewall policy in an individual account has been modified in a way that
makes it noncompliant. For example, the individual account owner might
have deleted a rule group, changed the priority of a stateless rule
group, or changed a policy default action.
$sel:networkFirewallUnexpectedFirewallRoutesViolation:ResourceViolation'
, resourceViolation_networkFirewallUnexpectedFirewallRoutesViolation
- There's an unexpected firewall route.
$sel:networkFirewallUnexpectedGatewayRoutesViolation:ResourceViolation'
, resourceViolation_networkFirewallUnexpectedGatewayRoutesViolation
- There's an unexpected gateway route.
$sel:possibleRemediationActions:ResourceViolation'
, resourceViolation_possibleRemediationActions
- A list of possible remediation action lists. Each individual possible
remediation action is a list of individual remediation actions.
$sel:routeHasOutOfScopeEndpointViolation:ResourceViolation'
, resourceViolation_routeHasOutOfScopeEndpointViolation
- Contains details about the route endpoint that violates the policy
scope.
$sel:thirdPartyFirewallMissingExpectedRouteTableViolation:ResourceViolation'
, resourceViolation_thirdPartyFirewallMissingExpectedRouteTableViolation
- The violation details for a third-party firewall that has the Firewall
Manager managed route table that was associated with the third-party
firewall has been deleted.
$sel:thirdPartyFirewallMissingFirewallViolation:ResourceViolation'
, resourceViolation_thirdPartyFirewallMissingFirewallViolation
- The violation details for a third-party firewall that's been deleted.
$sel:thirdPartyFirewallMissingSubnetViolation:ResourceViolation'
, resourceViolation_thirdPartyFirewallMissingSubnetViolation
- The violation details for a third-party firewall's subnet that's been
deleted.
Route
Describes a route in a route table.
See: newRoute
smart constructor.
Route' (Maybe Text) (Maybe DestinationType) (Maybe Text) (Maybe TargetType) |
Instances
FromJSON Route Source # | |
Generic Route Source # | |
Read Route Source # | |
Show Route Source # | |
NFData Route Source # | |
Defined in Amazonka.FMS.Types.Route | |
Eq Route Source # | |
Hashable Route Source # | |
Defined in Amazonka.FMS.Types.Route | |
type Rep Route Source # | |
Defined in Amazonka.FMS.Types.Route type Rep Route = D1 ('MetaData "Route" "Amazonka.FMS.Types.Route" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "Route'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "destination") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "destinationType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe DestinationType))) :*: (S1 ('MetaSel ('Just "target") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "targetType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe TargetType))))) |
Create a value of Route
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:destination:Route'
, route_destination
- The destination of the route.
$sel:destinationType:Route'
, route_destinationType
- The type of destination for the route.
$sel:target:Route'
, route_target
- The route's target.
$sel:targetType:Route'
, route_targetType
- The type of target for the route.
RouteHasOutOfScopeEndpointViolation
data RouteHasOutOfScopeEndpointViolation Source #
Contains details about the route endpoint that violates the policy scope.
See: newRouteHasOutOfScopeEndpointViolation
smart constructor.
RouteHasOutOfScopeEndpointViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text) (Maybe [Route]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text) |
Instances
newRouteHasOutOfScopeEndpointViolation :: RouteHasOutOfScopeEndpointViolation Source #
Create a value of RouteHasOutOfScopeEndpointViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:currentFirewallSubnetRouteTable:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_currentFirewallSubnetRouteTable
- The route table associated with the current firewall subnet.
$sel:currentInternetGatewayRouteTable:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_currentInternetGatewayRouteTable
- The current route table associated with the Internet Gateway.
$sel:firewallSubnetId:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_firewallSubnetId
- The ID of the firewall subnet.
$sel:firewallSubnetRoutes:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_firewallSubnetRoutes
- The list of firewall subnet routes.
$sel:internetGatewayId:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_internetGatewayId
- The ID of the Internet Gateway.
$sel:internetGatewayRoutes:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_internetGatewayRoutes
- The routes in the route table associated with the Internet Gateway.
$sel:routeTableId:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_routeTableId
- The ID of the route table.
$sel:subnetAvailabilityZone:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_subnetAvailabilityZone
- The subnet's Availability Zone.
$sel:subnetAvailabilityZoneId:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_subnetAvailabilityZoneId
- The ID of the subnet's Availability Zone.
$sel:subnetId:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_subnetId
- The ID of the subnet associated with the route that violates the policy
scope.
$sel:violatingRoutes:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_violatingRoutes
- The list of routes that violate the route table.
$sel:vpcId:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_vpcId
- The VPC ID of the route that violates the policy scope.
SecurityGroupRemediationAction
data SecurityGroupRemediationAction Source #
Remediation option for the rule specified in the ViolationTarget
.
See: newSecurityGroupRemediationAction
smart constructor.
SecurityGroupRemediationAction' (Maybe Text) (Maybe Bool) (Maybe RemediationActionType) (Maybe SecurityGroupRuleDescription) |
Instances
newSecurityGroupRemediationAction :: SecurityGroupRemediationAction Source #
Create a value of SecurityGroupRemediationAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:SecurityGroupRemediationAction'
, securityGroupRemediationAction_description
- Brief description of the action that will be performed.
$sel:isDefaultAction:SecurityGroupRemediationAction'
, securityGroupRemediationAction_isDefaultAction
- Indicates if the current action is the default action.
$sel:remediationActionType:SecurityGroupRemediationAction'
, securityGroupRemediationAction_remediationActionType
- The remediation action that will be performed.
$sel:remediationResult:SecurityGroupRemediationAction'
, securityGroupRemediationAction_remediationResult
- The final state of the rule specified in the ViolationTarget
after it
is remediated.
SecurityGroupRuleDescription
data SecurityGroupRuleDescription Source #
Describes a set of permissions for a security group rule.
See: newSecurityGroupRuleDescription
smart constructor.
SecurityGroupRuleDescription' (Maybe Natural) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Natural) |
Instances
newSecurityGroupRuleDescription :: SecurityGroupRuleDescription Source #
Create a value of SecurityGroupRuleDescription
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:fromPort:SecurityGroupRuleDescription'
, securityGroupRuleDescription_fromPort
- The start of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 type number. A value of -1
indicates all ICMP/ICMPv6
types.
$sel:iPV4Range:SecurityGroupRuleDescription'
, securityGroupRuleDescription_iPV4Range
- The IPv4 ranges for the security group rule.
$sel:iPV6Range:SecurityGroupRuleDescription'
, securityGroupRuleDescription_iPV6Range
- The IPv6 ranges for the security group rule.
$sel:prefixListId:SecurityGroupRuleDescription'
, securityGroupRuleDescription_prefixListId
- The ID of the prefix list for the security group rule.
$sel:protocol:SecurityGroupRuleDescription'
, securityGroupRuleDescription_protocol
- The IP protocol name (tcp
, udp
, icmp
, icmpv6
) or number.
$sel:toPort:SecurityGroupRuleDescription'
, securityGroupRuleDescription_toPort
- The end of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 code. A value of -1
indicates all ICMP/ICMPv6 codes.
SecurityServicePolicyData
data SecurityServicePolicyData Source #
Details about the security service that is being used to protect the resources.
See: newSecurityServicePolicyData
smart constructor.
Instances
newSecurityServicePolicyData Source #
Create a value of SecurityServicePolicyData
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:managedServiceData:SecurityServicePolicyData'
, securityServicePolicyData_managedServiceData
- Details about the service that are specific to the service type, in JSON
format.
Example:
DNS_FIREWALL
"{\"type\":\"DNS_FIREWALL\",\"preProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-1\",\"priority\":10}],\"postProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-2\",\"priority\":9911}]}"
Valid values for
preProcessRuleGroups
are between 1 and 99. Valid values forpostProcessRuleGroups
are between 9901 and 10000.Example:
NETWORK_FIREWALL
- Centralized deployment model"{\"type\":\"NETWORK_FIREWALL\",\"awsNetworkFirewallConfig\":{\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}},\"firewallDeploymentModel\":{\"centralizedFirewallDeploymentModel\":{\"centralizedFirewallOrchestrationConfig\":{\"inspectionVpcIds\":[{\"resourceId\":\"vpc-1234\",\"accountId\":\"123456789011\"}],\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneId\":null,\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]}]}},\"allowedIPV4CidrList\":[]}}}}"
To use the centralized deployment model, you must set PolicyOption to
CENTRALIZED
.Example:
NETWORK_FIREWALL
- Distributed deployment model with automatic Availability Zone configuration"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"OFF\"},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}}"
With automatic Availbility Zone configuration, Firewall Manager chooses which Availability Zones to create the endpoints in. To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
NETWORK_FIREWALL
- Distributed deployment model with automatic Availability Zone configuration and route management"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"]},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\": \"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}}"
To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
NETWORK_FIREWALL
- Distributed deployment model with custom Availability Zone configuration"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\", \"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}},{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"fragmentmetricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"firewallCreationConfig\":{ \"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]},{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[ \"10.0.0.0/28\"]}]} },\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"OFF\",\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":boolean}}"
With custom Availability Zone configuration, you define which specific Availability Zones to create endpoints in by configuring
firewallCreationConfig
. To configure the Availability Zones infirewallCreationConfig
, specify either theavailabilityZoneName
oravailabilityZoneId
parameter, not both parameters.To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
NETWORK_FIREWALL
- Distributed deployment model with custom Availability Zone configuration and route management"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}},{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"fragmentmetricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]},{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]}]}},\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"],\"routeManagementConfig\":{\"allowCrossAZTrafficIfNoEndpoint\":true}},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":boolean}}"
To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
THIRD_PARTY_FIREWALL
"{ "type":"THIRD_PARTY_FIREWALL", "thirdPartyFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW", "thirdPartyFirewallConfig":{ "thirdPartyFirewallPolicyList":["global-1"] }, "firewallDeploymentModel":{ "distributedFirewallDeploymentModel":{ "distributedFirewallOrchestrationConfig":{ "firewallCreationConfig":{ "endpointLocation":{ "availabilityZoneConfigList":[ { "availabilityZoneName":"${AvailabilityZone}" } ] } }, "allowedIPV4CidrList":[ ] } } } }"
Example:
SECURITY_GROUPS_COMMON
"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"
Example:
SECURITY_GROUPS_COMMON
- Security group tag distribution""{\"type\":\"SECURITY_GROUPS_COMMON\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"revertManualSecurityGroupChanges\":true,\"exclusiveResourceSecurityGroupManagement\":false,\"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":false,\"enableTagDistribution\":true}""
Firewall Manager automatically distributes tags from the primary group to the security groups created by this policy. To use security group tag distribution, you must also set
revertManualSecurityGroupChanges
totrue
, otherwise Firewall Manager won't be able to create the policy. When you enablerevertManualSecurityGroupChanges
, Firewall Manager identifies and reports when the security groups created by this policy become non-compliant.Firewall Manager won't distrubute system tags added by Amazon Web Services services into the replica security groups. System tags begin with the
aws:
prefix.Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns
"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":true,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"
Example:
SECURITY_GROUPS_CONTENT_AUDIT
"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"
The security group action for content audit can be
ALLOW
orDENY
. ForALLOW
, all in-scope security group rules must be within the allowed range of the policy's security group rules. ForDENY
, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.Example:
SECURITY_GROUPS_USAGE_AUDIT
"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"
Specification for
SHIELD_ADVANCED
for Amazon CloudFront distributions"{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": {\"automaticResponseStatus\":\"ENABLED|IGNORED|DISABLED\", \"automaticResponseAction\":\"BLOCK|COUNT\"}, \"overrideCustomerWebaclClassic\":true|false}"
For example:
"{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": {\"automaticResponseStatus\":\"ENABLED\", \"automaticResponseAction\":\"COUNT\"}}"
The default value for
automaticResponseStatus
isIGNORED
. The value forautomaticResponseAction
is only required whenautomaticResponseStatus
is set toENABLED
. The default value foroverrideCustomerWebaclClassic
isfalse
.For other resource types that you can protect with a Shield Advanced policy, this
ManagedServiceData
configuration is an empty string.Example:
WAFV2
"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAmazonIpReputationList\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"
In the
loggingConfiguration
, you can specify onelogDestinationConfigs
, you can optionally provide up to 20redactedFields
, and theRedactedFieldType
must be one ofURI
,QUERY_STRING
,HEADER
, orMETHOD
.Example:
WAFV2
- Firewall Manager support for WAF managed rule group versioning"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"versionEnabled\":true,\"version\":\"Version_2.0\",\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesCommonRuleSet\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"
To use a specific version of a WAF managed rule group in your Firewall Manager policy, you must set
versionEnabled
totrue
, and setversion
to the version you'd like to use. If you don't setversionEnabled
totrue
, or if you omitversionEnabled
, then Firewall Manager uses the default version of the WAF managed rule group.Example:
WAF Classic
"{\"type\": \"WAF\", \"ruleGroups\": [{\"id\":\"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}"
$sel:policyOption:SecurityServicePolicyData'
, securityServicePolicyData_policyOption
- Contains the Network Firewall firewall policy options to configure a
centralized deployment model.
$sel:type':SecurityServicePolicyData'
, securityServicePolicyData_type
- The service that the policy is using to protect the resources. This
specifies the type of policy that is created, either an WAF policy, a
Shield Advanced policy, or a security group policy. For security group
policies, Firewall Manager supports one security group for each common
policy and for each content audit policy. This is an adjustable limit
that you can increase by contacting Amazon Web Services Support.
StatefulEngineOptions
data StatefulEngineOptions Source #
Configuration settings for the handling of the stateful rule groups in a Network Firewall firewall policy.
See: newStatefulEngineOptions
smart constructor.
Instances
newStatefulEngineOptions :: StatefulEngineOptions Source #
Create a value of StatefulEngineOptions
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:ruleOrder:StatefulEngineOptions'
, statefulEngineOptions_ruleOrder
- Indicates how to manage the order of stateful rule evaluation for the
policy. DEFAULT_ACTION_ORDER
is the default behavior. Stateful rules
are provided to the rule engine as Suricata compatible strings, and
Suricata evaluates them based on certain settings. For more information,
see
Evaluation order for stateful rules
in the Network Firewall Developer Guide.
StatefulRuleGroup
data StatefulRuleGroup Source #
Network Firewall stateful rule group, used in a NetworkFirewallPolicyDescription.
See: newStatefulRuleGroup
smart constructor.
StatefulRuleGroup' (Maybe NetworkFirewallStatefulRuleGroupOverride) (Maybe Int) (Maybe Text) (Maybe Text) |
Instances
newStatefulRuleGroup :: StatefulRuleGroup Source #
Create a value of StatefulRuleGroup
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:override:StatefulRuleGroup'
, statefulRuleGroup_override
- The action that allows the policy owner to override the behavior of the
rule group within a policy.
$sel:priority:StatefulRuleGroup'
, statefulRuleGroup_priority
- An integer setting that indicates the order in which to run the stateful
rule groups in a single Network Firewall firewall policy. This setting
only applies to firewall policies that specify the STRICT_ORDER
rule
order in the stateful engine options settings.
Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy. For information about
You can change the priority settings of your rule groups at any time. To make it easier to insert rule groups later, number them so there's a wide range in between, for example use 100, 200, and so on.
$sel:resourceId:StatefulRuleGroup'
, statefulRuleGroup_resourceId
- The resource ID of the rule group.
$sel:ruleGroupName:StatefulRuleGroup'
, statefulRuleGroup_ruleGroupName
- The name of the rule group.
StatelessRuleGroup
data StatelessRuleGroup Source #
Network Firewall stateless rule group, used in a NetworkFirewallPolicyDescription.
See: newStatelessRuleGroup
smart constructor.
Instances
newStatelessRuleGroup :: StatelessRuleGroup Source #
Create a value of StatelessRuleGroup
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:priority:StatelessRuleGroup'
, statelessRuleGroup_priority
- The priority of the rule group. Network Firewall evaluates the stateless
rule groups in a firewall policy starting from the lowest priority
setting.
$sel:resourceId:StatelessRuleGroup'
, statelessRuleGroup_resourceId
- The resource ID of the rule group.
$sel:ruleGroupName:StatelessRuleGroup'
, statelessRuleGroup_ruleGroupName
- The name of the rule group.
Tag
A collection of key:value pairs associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each Amazon Web Services resource.
See: newTag
smart constructor.
Instances
FromJSON Tag Source # | |
ToJSON Tag Source # | |
Defined in Amazonka.FMS.Types.Tag | |
Generic Tag Source # | |
Read Tag Source # | |
Show Tag Source # | |
NFData Tag Source # | |
Defined in Amazonka.FMS.Types.Tag | |
Eq Tag Source # | |
Hashable Tag Source # | |
Defined in Amazonka.FMS.Types.Tag | |
type Rep Tag Source # | |
Defined in Amazonka.FMS.Types.Tag type Rep Tag = D1 ('MetaData "Tag" "Amazonka.FMS.Types.Tag" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "Tag'" 'PrefixI 'True) (S1 ('MetaSel ('Just "key") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "value") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) |
Create a value of Tag
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:key:Tag'
, tag_key
- Part of the key:value pair that defines a tag. You can use a tag key to
describe a category of information, such as "customer." Tag keys are
case-sensitive.
$sel:value:Tag'
, tag_value
- Part of the key:value pair that defines a tag. You can use a tag value
to describe a specific value within a category, such as "companyA" or
"companyB." Tag values are case-sensitive.
ThirdPartyFirewallFirewallPolicy
data ThirdPartyFirewallFirewallPolicy Source #
Configures the third-party firewall's firewall policy.
See: newThirdPartyFirewallFirewallPolicy
smart constructor.
Instances
newThirdPartyFirewallFirewallPolicy :: ThirdPartyFirewallFirewallPolicy Source #
Create a value of ThirdPartyFirewallFirewallPolicy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallPolicyId:ThirdPartyFirewallFirewallPolicy'
, thirdPartyFirewallFirewallPolicy_firewallPolicyId
- The ID of the specified firewall policy.
$sel:firewallPolicyName:ThirdPartyFirewallFirewallPolicy'
, thirdPartyFirewallFirewallPolicy_firewallPolicyName
- The name of the specified firewall policy.
ThirdPartyFirewallMissingExpectedRouteTableViolation
data ThirdPartyFirewallMissingExpectedRouteTableViolation Source #
The violation details for a third-party firewall that's not associated with an Firewall Manager managed route table.
See: newThirdPartyFirewallMissingExpectedRouteTableViolation
smart constructor.
ThirdPartyFirewallMissingExpectedRouteTableViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newThirdPartyFirewallMissingExpectedRouteTableViolation :: ThirdPartyFirewallMissingExpectedRouteTableViolation Source #
Create a value of ThirdPartyFirewallMissingExpectedRouteTableViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:ThirdPartyFirewallMissingExpectedRouteTableViolation'
, thirdPartyFirewallMissingExpectedRouteTableViolation_availabilityZone
- The Availability Zone of the firewall subnet that's causing the
violation.
$sel:currentRouteTable:ThirdPartyFirewallMissingExpectedRouteTableViolation'
, thirdPartyFirewallMissingExpectedRouteTableViolation_currentRouteTable
- The resource ID of the current route table that's associated with the
subnet, if one is available.
$sel:expectedRouteTable:ThirdPartyFirewallMissingExpectedRouteTableViolation'
, thirdPartyFirewallMissingExpectedRouteTableViolation_expectedRouteTable
- The resource ID of the route table that should be associated with the
subnet.
$sel:vpc:ThirdPartyFirewallMissingExpectedRouteTableViolation'
, thirdPartyFirewallMissingExpectedRouteTableViolation_vpc
- The resource ID of the VPC associated with a fireawll subnet that's
causing the violation.
$sel:violationTarget:ThirdPartyFirewallMissingExpectedRouteTableViolation'
, thirdPartyFirewallMissingExpectedRouteTableViolation_violationTarget
- The ID of the third-party firewall or VPC resource that's causing the
violation.
ThirdPartyFirewallMissingFirewallViolation
data ThirdPartyFirewallMissingFirewallViolation Source #
The violation details about a third-party firewall's subnet that doesn't have a Firewall Manager managed firewall in its VPC.
See: newThirdPartyFirewallMissingFirewallViolation
smart constructor.
Instances
newThirdPartyFirewallMissingFirewallViolation :: ThirdPartyFirewallMissingFirewallViolation Source #
Create a value of ThirdPartyFirewallMissingFirewallViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:ThirdPartyFirewallMissingFirewallViolation'
, thirdPartyFirewallMissingFirewallViolation_availabilityZone
- The Availability Zone of the third-party firewall that's causing the
violation.
$sel:targetViolationReason:ThirdPartyFirewallMissingFirewallViolation'
, thirdPartyFirewallMissingFirewallViolation_targetViolationReason
- The reason the resource is causing this violation, if a reason is
available.
$sel:vpc:ThirdPartyFirewallMissingFirewallViolation'
, thirdPartyFirewallMissingFirewallViolation_vpc
- The resource ID of the VPC associated with a third-party firewall.
$sel:violationTarget:ThirdPartyFirewallMissingFirewallViolation'
, thirdPartyFirewallMissingFirewallViolation_violationTarget
- The ID of the third-party firewall that's causing the violation.
ThirdPartyFirewallMissingSubnetViolation
data ThirdPartyFirewallMissingSubnetViolation Source #
The violation details for a third-party firewall for an Availability Zone that's missing the Firewall Manager managed subnet.
See: newThirdPartyFirewallMissingSubnetViolation
smart constructor.
Instances
newThirdPartyFirewallMissingSubnetViolation :: ThirdPartyFirewallMissingSubnetViolation Source #
Create a value of ThirdPartyFirewallMissingSubnetViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:ThirdPartyFirewallMissingSubnetViolation'
, thirdPartyFirewallMissingSubnetViolation_availabilityZone
- The Availability Zone of a subnet that's causing the violation.
$sel:targetViolationReason:ThirdPartyFirewallMissingSubnetViolation'
, thirdPartyFirewallMissingSubnetViolation_targetViolationReason
- The reason the resource is causing the violation, if a reason is
available.
$sel:vpc:ThirdPartyFirewallMissingSubnetViolation'
, thirdPartyFirewallMissingSubnetViolation_vpc
- The resource ID of the VPC associated with a subnet that's causing the
violation.
$sel:violationTarget:ThirdPartyFirewallMissingSubnetViolation'
, thirdPartyFirewallMissingSubnetViolation_violationTarget
- The ID of the third-party firewall or VPC resource that's causing the
violation.
ThirdPartyFirewallPolicy
data ThirdPartyFirewallPolicy Source #
Configures the deployment model for the third-party firewall.
See: newThirdPartyFirewallPolicy
smart constructor.
Instances
newThirdPartyFirewallPolicy :: ThirdPartyFirewallPolicy Source #
Create a value of ThirdPartyFirewallPolicy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallDeploymentModel:ThirdPartyFirewallPolicy'
, thirdPartyFirewallPolicy_firewallDeploymentModel
- Defines the deployment model to use for the third-party firewall policy.
ViolationDetail
data ViolationDetail Source #
Violations for a resource based on the specified Firewall Manager policy and Amazon Web Services account.
See: newViolationDetail
smart constructor.
ViolationDetail' (Maybe Text) (Maybe [Tag]) Text Text Text Text [ResourceViolation] |
Instances
:: Text | |
-> Text | |
-> Text | |
-> Text | |
-> ViolationDetail |
Create a value of ViolationDetail
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceDescription:ViolationDetail'
, violationDetail_resourceDescription
- Brief description for the requested resource.
$sel:resourceTags:ViolationDetail'
, violationDetail_resourceTags
- The ResourceTag
objects associated with the resource.
$sel:policyId:ViolationDetail'
, violationDetail_policyId
- The ID of the Firewall Manager policy that the violation details were
requested for.
$sel:memberAccount:ViolationDetail'
, violationDetail_memberAccount
- The Amazon Web Services account that the violation details were
requested for.
$sel:resourceId:ViolationDetail'
, violationDetail_resourceId
- The resource ID that the violation details were requested for.
$sel:resourceType:ViolationDetail'
, violationDetail_resourceType
- The resource type that the violation details were requested for.
$sel:resourceViolations:ViolationDetail'
, violationDetail_resourceViolations
- List of violations for the requested resource.