| Copyright | (c) 2013-2023 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | Safe-Inferred |
| Language | Haskell2010 |
Amazonka.FMS
Contents
- Service Configuration
- Errors
- Waiters
- Operations
- AssociateAdminAccount
- AssociateThirdPartyFirewall
- BatchAssociateResource
- BatchDisassociateResource
- DeleteAppsList
- DeleteNotificationChannel
- DeletePolicy
- DeleteProtocolsList
- DeleteResourceSet
- DisassociateAdminAccount
- DisassociateThirdPartyFirewall
- GetAdminAccount
- GetAppsList
- GetComplianceDetail
- GetNotificationChannel
- GetPolicy
- GetProtectionStatus
- GetProtocolsList
- GetResourceSet
- GetThirdPartyFirewallAssociationStatus
- GetViolationDetails
- ListAppsLists (Paginated)
- ListComplianceStatus (Paginated)
- ListDiscoveredResources
- ListMemberAccounts (Paginated)
- ListPolicies (Paginated)
- ListProtocolsLists (Paginated)
- ListResourceSetResources
- ListResourceSets
- ListTagsForResource
- ListThirdPartyFirewallFirewallPolicies (Paginated)
- PutAppsList
- PutNotificationChannel
- PutPolicy
- PutProtocolsList
- PutResourceSet
- TagResource
- UntagResource
- Types
- AccountRoleStatus
- CustomerPolicyScopeIdType
- DependentServiceName
- DestinationType
- FailedItemReason
- FirewallDeploymentModel
- MarketplaceSubscriptionOnboardingStatus
- NetworkFirewallOverrideAction
- PolicyComplianceStatusType
- RemediationActionType
- RuleOrder
- SecurityServiceType
- TargetType
- ThirdPartyFirewall
- ThirdPartyFirewallAssociationStatus
- ViolationReason
- ActionTarget
- App
- AppsListData
- AppsListDataSummary
- AwsEc2InstanceViolation
- AwsEc2NetworkInterfaceViolation
- AwsVPCSecurityGroupViolation
- ComplianceViolator
- DiscoveredResource
- DnsDuplicateRuleGroupViolation
- DnsRuleGroupLimitExceededViolation
- DnsRuleGroupPriorityConflictViolation
- EC2AssociateRouteTableAction
- EC2CopyRouteTableAction
- EC2CreateRouteAction
- EC2CreateRouteTableAction
- EC2DeleteRouteAction
- EC2ReplaceRouteAction
- EC2ReplaceRouteTableAssociationAction
- EvaluationResult
- ExpectedRoute
- FMSPolicyUpdateFirewallCreationConfigAction
- FailedItem
- FirewallSubnetIsOutOfScopeViolation
- FirewallSubnetMissingVPCEndpointViolation
- NetworkFirewallBlackHoleRouteDetectedViolation
- NetworkFirewallInternetTrafficNotInspectedViolation
- NetworkFirewallInvalidRouteConfigurationViolation
- NetworkFirewallMissingExpectedRTViolation
- NetworkFirewallMissingExpectedRoutesViolation
- NetworkFirewallMissingFirewallViolation
- NetworkFirewallMissingSubnetViolation
- NetworkFirewallPolicy
- NetworkFirewallPolicyDescription
- NetworkFirewallPolicyModifiedViolation
- NetworkFirewallStatefulRuleGroupOverride
- NetworkFirewallUnexpectedFirewallRoutesViolation
- NetworkFirewallUnexpectedGatewayRoutesViolation
- PartialMatch
- Policy
- PolicyComplianceDetail
- PolicyComplianceStatus
- PolicyOption
- PolicySummary
- PossibleRemediationAction
- PossibleRemediationActions
- ProtocolsListData
- ProtocolsListDataSummary
- RemediationAction
- RemediationActionWithOrder
- Resource
- ResourceSet
- ResourceSetSummary
- ResourceTag
- ResourceViolation
- Route
- RouteHasOutOfScopeEndpointViolation
- SecurityGroupRemediationAction
- SecurityGroupRuleDescription
- SecurityServicePolicyData
- StatefulEngineOptions
- StatefulRuleGroup
- StatelessRuleGroup
- Tag
- ThirdPartyFirewallFirewallPolicy
- ThirdPartyFirewallMissingExpectedRouteTableViolation
- ThirdPartyFirewallMissingFirewallViolation
- ThirdPartyFirewallMissingSubnetViolation
- ThirdPartyFirewallPolicy
- ViolationDetail
Description
Derived from API version 2018-01-01 of the AWS service descriptions, licensed under Apache 2.0.
This is the Firewall Manager API Reference. This guide is for developers who need detailed information about the Firewall Manager API actions, data types, and errors. For detailed information about Firewall Manager features, see the Firewall Manager Developer Guide.
Some API actions require explicit resource permissions. For information, see the developer guide topic Firewall Manager required permissions for API actions.
Synopsis
- defaultService :: Service
- _InternalErrorException :: AsError a => Fold a ServiceError
- _InvalidInputException :: AsError a => Fold a ServiceError
- _InvalidOperationException :: AsError a => Fold a ServiceError
- _InvalidTypeException :: AsError a => Fold a ServiceError
- _LimitExceededException :: AsError a => Fold a ServiceError
- _ResourceNotFoundException :: AsError a => Fold a ServiceError
- data AssociateAdminAccount = AssociateAdminAccount' Text
- newAssociateAdminAccount :: Text -> AssociateAdminAccount
- data AssociateAdminAccountResponse = AssociateAdminAccountResponse' {
- newAssociateAdminAccountResponse :: AssociateAdminAccountResponse
- data AssociateThirdPartyFirewall = AssociateThirdPartyFirewall' ThirdPartyFirewall
- newAssociateThirdPartyFirewall :: ThirdPartyFirewall -> AssociateThirdPartyFirewall
- data AssociateThirdPartyFirewallResponse = AssociateThirdPartyFirewallResponse' (Maybe ThirdPartyFirewallAssociationStatus) Int
- newAssociateThirdPartyFirewallResponse :: Int -> AssociateThirdPartyFirewallResponse
- data BatchAssociateResource = BatchAssociateResource' Text [Text]
- newBatchAssociateResource :: Text -> BatchAssociateResource
- data BatchAssociateResourceResponse = BatchAssociateResourceResponse' Int Text [FailedItem]
- newBatchAssociateResourceResponse :: Int -> Text -> BatchAssociateResourceResponse
- data BatchDisassociateResource = BatchDisassociateResource' Text [Text]
- newBatchDisassociateResource :: Text -> BatchDisassociateResource
- data BatchDisassociateResourceResponse = BatchDisassociateResourceResponse' Int Text [FailedItem]
- newBatchDisassociateResourceResponse :: Int -> Text -> BatchDisassociateResourceResponse
- data DeleteAppsList = DeleteAppsList' Text
- newDeleteAppsList :: Text -> DeleteAppsList
- data DeleteAppsListResponse = DeleteAppsListResponse' {
- newDeleteAppsListResponse :: DeleteAppsListResponse
- data DeleteNotificationChannel = DeleteNotificationChannel' {
- newDeleteNotificationChannel :: DeleteNotificationChannel
- data DeleteNotificationChannelResponse = DeleteNotificationChannelResponse' {
- newDeleteNotificationChannelResponse :: DeleteNotificationChannelResponse
- data DeletePolicy = DeletePolicy' (Maybe Bool) Text
- newDeletePolicy :: Text -> DeletePolicy
- data DeletePolicyResponse = DeletePolicyResponse' {
- newDeletePolicyResponse :: DeletePolicyResponse
- data DeleteProtocolsList = DeleteProtocolsList' Text
- newDeleteProtocolsList :: Text -> DeleteProtocolsList
- data DeleteProtocolsListResponse = DeleteProtocolsListResponse' {
- newDeleteProtocolsListResponse :: DeleteProtocolsListResponse
- data DeleteResourceSet = DeleteResourceSet' Text
- newDeleteResourceSet :: Text -> DeleteResourceSet
- data DeleteResourceSetResponse = DeleteResourceSetResponse' {
- newDeleteResourceSetResponse :: DeleteResourceSetResponse
- data DisassociateAdminAccount = DisassociateAdminAccount' {
- newDisassociateAdminAccount :: DisassociateAdminAccount
- data DisassociateAdminAccountResponse = DisassociateAdminAccountResponse' {
- newDisassociateAdminAccountResponse :: DisassociateAdminAccountResponse
- data DisassociateThirdPartyFirewall = DisassociateThirdPartyFirewall' ThirdPartyFirewall
- newDisassociateThirdPartyFirewall :: ThirdPartyFirewall -> DisassociateThirdPartyFirewall
- data DisassociateThirdPartyFirewallResponse = DisassociateThirdPartyFirewallResponse' (Maybe ThirdPartyFirewallAssociationStatus) Int
- newDisassociateThirdPartyFirewallResponse :: Int -> DisassociateThirdPartyFirewallResponse
- data GetAdminAccount = GetAdminAccount' {
- newGetAdminAccount :: GetAdminAccount
- data GetAdminAccountResponse = GetAdminAccountResponse' (Maybe Text) (Maybe AccountRoleStatus) Int
- newGetAdminAccountResponse :: Int -> GetAdminAccountResponse
- data GetAppsList = GetAppsList' (Maybe Bool) Text
- newGetAppsList :: Text -> GetAppsList
- data GetAppsListResponse = GetAppsListResponse' (Maybe AppsListData) (Maybe Text) Int
- newGetAppsListResponse :: Int -> GetAppsListResponse
- data GetComplianceDetail = GetComplianceDetail' Text Text
- newGetComplianceDetail :: Text -> Text -> GetComplianceDetail
- data GetComplianceDetailResponse = GetComplianceDetailResponse' (Maybe PolicyComplianceDetail) Int
- newGetComplianceDetailResponse :: Int -> GetComplianceDetailResponse
- data GetNotificationChannel = GetNotificationChannel' {
- newGetNotificationChannel :: GetNotificationChannel
- data GetNotificationChannelResponse = GetNotificationChannelResponse' (Maybe Text) (Maybe Text) Int
- newGetNotificationChannelResponse :: Int -> GetNotificationChannelResponse
- data GetPolicy = GetPolicy' Text
- newGetPolicy :: Text -> GetPolicy
- data GetPolicyResponse = GetPolicyResponse' (Maybe Policy) (Maybe Text) Int
- newGetPolicyResponse :: Int -> GetPolicyResponse
- data GetProtectionStatus = GetProtectionStatus' (Maybe POSIX) (Maybe Natural) (Maybe Text) (Maybe Text) (Maybe POSIX) Text
- newGetProtectionStatus :: Text -> GetProtectionStatus
- data GetProtectionStatusResponse = GetProtectionStatusResponse' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe SecurityServiceType) Int
- newGetProtectionStatusResponse :: Int -> GetProtectionStatusResponse
- data GetProtocolsList = GetProtocolsList' (Maybe Bool) Text
- newGetProtocolsList :: Text -> GetProtocolsList
- data GetProtocolsListResponse = GetProtocolsListResponse' (Maybe ProtocolsListData) (Maybe Text) Int
- newGetProtocolsListResponse :: Int -> GetProtocolsListResponse
- data GetResourceSet = GetResourceSet' Text
- newGetResourceSet :: Text -> GetResourceSet
- data GetResourceSetResponse = GetResourceSetResponse' Int ResourceSet Text
- newGetResourceSetResponse :: Int -> ResourceSet -> Text -> GetResourceSetResponse
- data GetThirdPartyFirewallAssociationStatus = GetThirdPartyFirewallAssociationStatus' ThirdPartyFirewall
- newGetThirdPartyFirewallAssociationStatus :: ThirdPartyFirewall -> GetThirdPartyFirewallAssociationStatus
- data GetThirdPartyFirewallAssociationStatusResponse = GetThirdPartyFirewallAssociationStatusResponse' (Maybe MarketplaceSubscriptionOnboardingStatus) (Maybe ThirdPartyFirewallAssociationStatus) Int
- newGetThirdPartyFirewallAssociationStatusResponse :: Int -> GetThirdPartyFirewallAssociationStatusResponse
- data GetViolationDetails = GetViolationDetails' Text Text Text Text
- newGetViolationDetails :: Text -> Text -> Text -> Text -> GetViolationDetails
- data GetViolationDetailsResponse = GetViolationDetailsResponse' (Maybe ViolationDetail) Int
- newGetViolationDetailsResponse :: Int -> GetViolationDetailsResponse
- data ListAppsLists = ListAppsLists' (Maybe Bool) (Maybe Text) Natural
- newListAppsLists :: Natural -> ListAppsLists
- data ListAppsListsResponse = ListAppsListsResponse' (Maybe [AppsListDataSummary]) (Maybe Text) Int
- newListAppsListsResponse :: Int -> ListAppsListsResponse
- data ListComplianceStatus = ListComplianceStatus' (Maybe Natural) (Maybe Text) Text
- newListComplianceStatus :: Text -> ListComplianceStatus
- data ListComplianceStatusResponse = ListComplianceStatusResponse' (Maybe Text) (Maybe [PolicyComplianceStatus]) Int
- newListComplianceStatusResponse :: Int -> ListComplianceStatusResponse
- data ListDiscoveredResources = ListDiscoveredResources' (Maybe Natural) (Maybe Text) [Text] Text
- newListDiscoveredResources :: Text -> ListDiscoveredResources
- data ListDiscoveredResourcesResponse = ListDiscoveredResourcesResponse' (Maybe [DiscoveredResource]) (Maybe Text) Int
- newListDiscoveredResourcesResponse :: Int -> ListDiscoveredResourcesResponse
- data ListMemberAccounts = ListMemberAccounts' (Maybe Natural) (Maybe Text)
- newListMemberAccounts :: ListMemberAccounts
- data ListMemberAccountsResponse = ListMemberAccountsResponse' (Maybe [Text]) (Maybe Text) Int
- newListMemberAccountsResponse :: Int -> ListMemberAccountsResponse
- data ListPolicies = ListPolicies' (Maybe Natural) (Maybe Text)
- newListPolicies :: ListPolicies
- data ListPoliciesResponse = ListPoliciesResponse' (Maybe Text) (Maybe [PolicySummary]) Int
- newListPoliciesResponse :: Int -> ListPoliciesResponse
- data ListProtocolsLists = ListProtocolsLists' (Maybe Bool) (Maybe Text) Natural
- newListProtocolsLists :: Natural -> ListProtocolsLists
- data ListProtocolsListsResponse = ListProtocolsListsResponse' (Maybe Text) (Maybe [ProtocolsListDataSummary]) Int
- newListProtocolsListsResponse :: Int -> ListProtocolsListsResponse
- data ListResourceSetResources = ListResourceSetResources' (Maybe Natural) (Maybe Text) Text
- newListResourceSetResources :: Text -> ListResourceSetResources
- data ListResourceSetResourcesResponse = ListResourceSetResourcesResponse' (Maybe Text) Int [Resource]
- newListResourceSetResourcesResponse :: Int -> ListResourceSetResourcesResponse
- data ListResourceSets = ListResourceSets' (Maybe Natural) (Maybe Text)
- newListResourceSets :: ListResourceSets
- data ListResourceSetsResponse = ListResourceSetsResponse' (Maybe Text) (Maybe [ResourceSetSummary]) Int
- newListResourceSetsResponse :: Int -> ListResourceSetsResponse
- data ListTagsForResource = ListTagsForResource' Text
- newListTagsForResource :: Text -> ListTagsForResource
- data ListTagsForResourceResponse = ListTagsForResourceResponse' (Maybe [Tag]) Int
- newListTagsForResourceResponse :: Int -> ListTagsForResourceResponse
- data ListThirdPartyFirewallFirewallPolicies = ListThirdPartyFirewallFirewallPolicies' (Maybe Text) ThirdPartyFirewall Natural
- newListThirdPartyFirewallFirewallPolicies :: ThirdPartyFirewall -> Natural -> ListThirdPartyFirewallFirewallPolicies
- data ListThirdPartyFirewallFirewallPoliciesResponse = ListThirdPartyFirewallFirewallPoliciesResponse' (Maybe Text) (Maybe [ThirdPartyFirewallFirewallPolicy]) Int
- newListThirdPartyFirewallFirewallPoliciesResponse :: Int -> ListThirdPartyFirewallFirewallPoliciesResponse
- data PutAppsList = PutAppsList' (Maybe [Tag]) AppsListData
- newPutAppsList :: AppsListData -> PutAppsList
- data PutAppsListResponse = PutAppsListResponse' (Maybe AppsListData) (Maybe Text) Int
- newPutAppsListResponse :: Int -> PutAppsListResponse
- data PutNotificationChannel = PutNotificationChannel' Text Text
- newPutNotificationChannel :: Text -> Text -> PutNotificationChannel
- data PutNotificationChannelResponse = PutNotificationChannelResponse' {
- newPutNotificationChannelResponse :: PutNotificationChannelResponse
- data PutPolicy = PutPolicy' (Maybe [Tag]) Policy
- newPutPolicy :: Policy -> PutPolicy
- data PutPolicyResponse = PutPolicyResponse' (Maybe Policy) (Maybe Text) Int
- newPutPolicyResponse :: Int -> PutPolicyResponse
- data PutProtocolsList = PutProtocolsList' (Maybe [Tag]) ProtocolsListData
- newPutProtocolsList :: ProtocolsListData -> PutProtocolsList
- data PutProtocolsListResponse = PutProtocolsListResponse' (Maybe ProtocolsListData) (Maybe Text) Int
- newPutProtocolsListResponse :: Int -> PutProtocolsListResponse
- data PutResourceSet = PutResourceSet' (Maybe [Tag]) ResourceSet
- newPutResourceSet :: ResourceSet -> PutResourceSet
- data PutResourceSetResponse = PutResourceSetResponse' Int ResourceSet Text
- newPutResourceSetResponse :: Int -> ResourceSet -> Text -> PutResourceSetResponse
- data TagResource = TagResource' Text [Tag]
- newTagResource :: Text -> TagResource
- data TagResourceResponse = TagResourceResponse' Int
- newTagResourceResponse :: Int -> TagResourceResponse
- data UntagResource = UntagResource' Text [Text]
- newUntagResource :: Text -> UntagResource
- data UntagResourceResponse = UntagResourceResponse' Int
- newUntagResourceResponse :: Int -> UntagResourceResponse
- newtype AccountRoleStatus where
- AccountRoleStatus' { }
- pattern AccountRoleStatus_CREATING :: AccountRoleStatus
- pattern AccountRoleStatus_DELETED :: AccountRoleStatus
- pattern AccountRoleStatus_DELETING :: AccountRoleStatus
- pattern AccountRoleStatus_PENDING_DELETION :: AccountRoleStatus
- pattern AccountRoleStatus_READY :: AccountRoleStatus
- newtype CustomerPolicyScopeIdType where
- newtype DependentServiceName where
- newtype DestinationType where
- DestinationType' { }
- pattern DestinationType_IPV4 :: DestinationType
- pattern DestinationType_IPV6 :: DestinationType
- pattern DestinationType_PREFIX_LIST :: DestinationType
- newtype FailedItemReason where
- FailedItemReason' { }
- pattern FailedItemReason_NOT_VALID_ACCOUNT_ID :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_ARN :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_PARTITION :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_REGION :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_RESOURCE_TYPE :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_SERVICE :: FailedItemReason
- newtype FirewallDeploymentModel where
- newtype MarketplaceSubscriptionOnboardingStatus where
- MarketplaceSubscriptionOnboardingStatus' { }
- pattern MarketplaceSubscriptionOnboardingStatus_COMPLETE :: MarketplaceSubscriptionOnboardingStatus
- pattern MarketplaceSubscriptionOnboardingStatus_NOT_COMPLETE :: MarketplaceSubscriptionOnboardingStatus
- pattern MarketplaceSubscriptionOnboardingStatus_NO_SUBSCRIPTION :: MarketplaceSubscriptionOnboardingStatus
- newtype NetworkFirewallOverrideAction where
- newtype PolicyComplianceStatusType where
- newtype RemediationActionType where
- newtype RuleOrder where
- RuleOrder' { }
- pattern RuleOrder_DEFAULT_ACTION_ORDER :: RuleOrder
- pattern RuleOrder_STRICT_ORDER :: RuleOrder
- newtype SecurityServiceType where
- SecurityServiceType' { }
- pattern SecurityServiceType_DNS_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_IMPORT_NETWORK_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_NETWORK_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_SECURITY_GROUPS_COMMON :: SecurityServiceType
- pattern SecurityServiceType_SECURITY_GROUPS_CONTENT_AUDIT :: SecurityServiceType
- pattern SecurityServiceType_SECURITY_GROUPS_USAGE_AUDIT :: SecurityServiceType
- pattern SecurityServiceType_SHIELD_ADVANCED :: SecurityServiceType
- pattern SecurityServiceType_THIRD_PARTY_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_WAF :: SecurityServiceType
- pattern SecurityServiceType_WAFV2 :: SecurityServiceType
- newtype TargetType where
- TargetType' { }
- pattern TargetType_CARRIER_GATEWAY :: TargetType
- pattern TargetType_EGRESS_ONLY_INTERNET_GATEWAY :: TargetType
- pattern TargetType_GATEWAY :: TargetType
- pattern TargetType_INSTANCE :: TargetType
- pattern TargetType_LOCAL_GATEWAY :: TargetType
- pattern TargetType_NAT_GATEWAY :: TargetType
- pattern TargetType_NETWORK_INTERFACE :: TargetType
- pattern TargetType_TRANSIT_GATEWAY :: TargetType
- pattern TargetType_VPC_ENDPOINT :: TargetType
- pattern TargetType_VPC_PEERING_CONNECTION :: TargetType
- newtype ThirdPartyFirewall where
- newtype ThirdPartyFirewallAssociationStatus where
- ThirdPartyFirewallAssociationStatus' { }
- pattern ThirdPartyFirewallAssociationStatus_NOT_EXIST :: ThirdPartyFirewallAssociationStatus
- pattern ThirdPartyFirewallAssociationStatus_OFFBOARDING :: ThirdPartyFirewallAssociationStatus
- pattern ThirdPartyFirewallAssociationStatus_OFFBOARD_COMPLETE :: ThirdPartyFirewallAssociationStatus
- pattern ThirdPartyFirewallAssociationStatus_ONBOARDING :: ThirdPartyFirewallAssociationStatus
- pattern ThirdPartyFirewallAssociationStatus_ONBOARD_COMPLETE :: ThirdPartyFirewallAssociationStatus
- newtype ViolationReason where
- ViolationReason' { }
- pattern ViolationReason_BLACK_HOLE_ROUTE_DETECTED :: ViolationReason
- pattern ViolationReason_BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET :: ViolationReason
- pattern ViolationReason_FIREWALL_SUBNET_IS_OUT_OF_SCOPE :: ViolationReason
- pattern ViolationReason_FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE :: ViolationReason
- pattern ViolationReason_FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT :: ViolationReason
- pattern ViolationReason_FMS_CREATED_SECURITY_GROUP_EDITED :: ViolationReason
- pattern ViolationReason_INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE :: ViolationReason
- pattern ViolationReason_INTERNET_TRAFFIC_NOT_INSPECTED :: ViolationReason
- pattern ViolationReason_INVALID_ROUTE_CONFIGURATION :: ViolationReason
- pattern ViolationReason_MISSING_EXPECTED_ROUTE_TABLE :: ViolationReason
- pattern ViolationReason_MISSING_FIREWALL :: ViolationReason
- pattern ViolationReason_MISSING_FIREWALL_SUBNET_IN_AZ :: ViolationReason
- pattern ViolationReason_MISSING_TARGET_GATEWAY :: ViolationReason
- pattern ViolationReason_NETWORK_FIREWALL_POLICY_MODIFIED :: ViolationReason
- pattern ViolationReason_RESOURCE_INCORRECT_WEB_ACL :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_DNS_FIREWALL :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_SECURITY_GROUP :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_SHIELD_PROTECTION :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_WEB_ACL :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION :: ViolationReason
- pattern ViolationReason_RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP :: ViolationReason
- pattern ViolationReason_ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT :: ViolationReason
- pattern ViolationReason_SECURITY_GROUP_REDUNDANT :: ViolationReason
- pattern ViolationReason_SECURITY_GROUP_UNUSED :: ViolationReason
- pattern ViolationReason_TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY :: ViolationReason
- pattern ViolationReason_UNEXPECTED_FIREWALL_ROUTES :: ViolationReason
- pattern ViolationReason_UNEXPECTED_TARGET_GATEWAY_ROUTES :: ViolationReason
- pattern ViolationReason_WEB_ACL_MISSING_RULE_GROUP :: ViolationReason
- data ActionTarget = ActionTarget' (Maybe Text) (Maybe Text)
- newActionTarget :: ActionTarget
- data App = App' Text Text Natural
- newApp :: Text -> Text -> Natural -> App
- data AppsListData = AppsListData' (Maybe POSIX) (Maybe POSIX) (Maybe Text) (Maybe Text) (Maybe (HashMap Text [App])) Text [App]
- newAppsListData :: Text -> AppsListData
- data AppsListDataSummary = AppsListDataSummary' (Maybe [App]) (Maybe Text) (Maybe Text) (Maybe Text)
- newAppsListDataSummary :: AppsListDataSummary
- data AwsEc2InstanceViolation = AwsEc2InstanceViolation' (Maybe [AwsEc2NetworkInterfaceViolation]) (Maybe Text)
- newAwsEc2InstanceViolation :: AwsEc2InstanceViolation
- data AwsEc2NetworkInterfaceViolation = AwsEc2NetworkInterfaceViolation' (Maybe [Text]) (Maybe Text)
- newAwsEc2NetworkInterfaceViolation :: AwsEc2NetworkInterfaceViolation
- data AwsVPCSecurityGroupViolation = AwsVPCSecurityGroupViolation' (Maybe [PartialMatch]) (Maybe [SecurityGroupRemediationAction]) (Maybe Text) (Maybe Text)
- newAwsVPCSecurityGroupViolation :: AwsVPCSecurityGroupViolation
- data ComplianceViolator = ComplianceViolator' (Maybe (HashMap Text Text)) (Maybe Text) (Maybe Text) (Maybe ViolationReason)
- newComplianceViolator :: ComplianceViolator
- data DiscoveredResource = DiscoveredResource' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newDiscoveredResource :: DiscoveredResource
- data DnsDuplicateRuleGroupViolation = DnsDuplicateRuleGroupViolation' (Maybe Text) (Maybe Text)
- newDnsDuplicateRuleGroupViolation :: DnsDuplicateRuleGroupViolation
- data DnsRuleGroupLimitExceededViolation = DnsRuleGroupLimitExceededViolation' (Maybe Int) (Maybe Text) (Maybe Text)
- newDnsRuleGroupLimitExceededViolation :: DnsRuleGroupLimitExceededViolation
- data DnsRuleGroupPriorityConflictViolation = DnsRuleGroupPriorityConflictViolation' (Maybe Text) (Maybe Natural) (Maybe [Natural]) (Maybe Text) (Maybe Text)
- newDnsRuleGroupPriorityConflictViolation :: DnsRuleGroupPriorityConflictViolation
- data EC2AssociateRouteTableAction = EC2AssociateRouteTableAction' (Maybe Text) (Maybe ActionTarget) (Maybe ActionTarget) ActionTarget
- newEC2AssociateRouteTableAction :: ActionTarget -> EC2AssociateRouteTableAction
- data EC2CopyRouteTableAction = EC2CopyRouteTableAction' (Maybe Text) ActionTarget ActionTarget
- newEC2CopyRouteTableAction :: ActionTarget -> ActionTarget -> EC2CopyRouteTableAction
- data EC2CreateRouteAction = EC2CreateRouteAction' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe ActionTarget) (Maybe ActionTarget) ActionTarget
- newEC2CreateRouteAction :: ActionTarget -> EC2CreateRouteAction
- data EC2CreateRouteTableAction = EC2CreateRouteTableAction' (Maybe Text) ActionTarget
- newEC2CreateRouteTableAction :: ActionTarget -> EC2CreateRouteTableAction
- data EC2DeleteRouteAction = EC2DeleteRouteAction' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) ActionTarget
- newEC2DeleteRouteAction :: ActionTarget -> EC2DeleteRouteAction
- data EC2ReplaceRouteAction = EC2ReplaceRouteAction' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe ActionTarget) ActionTarget
- newEC2ReplaceRouteAction :: ActionTarget -> EC2ReplaceRouteAction
- data EC2ReplaceRouteTableAssociationAction = EC2ReplaceRouteTableAssociationAction' (Maybe Text) ActionTarget ActionTarget
- newEC2ReplaceRouteTableAssociationAction :: ActionTarget -> ActionTarget -> EC2ReplaceRouteTableAssociationAction
- data EvaluationResult = EvaluationResult' (Maybe PolicyComplianceStatusType) (Maybe Bool) (Maybe Natural)
- newEvaluationResult :: EvaluationResult
- data ExpectedRoute = ExpectedRoute' (Maybe [Text]) (Maybe [Text]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newExpectedRoute :: ExpectedRoute
- data FMSPolicyUpdateFirewallCreationConfigAction = FMSPolicyUpdateFirewallCreationConfigAction' (Maybe Text) (Maybe Text)
- newFMSPolicyUpdateFirewallCreationConfigAction :: FMSPolicyUpdateFirewallCreationConfigAction
- data FailedItem = FailedItem' (Maybe FailedItemReason) (Maybe Text)
- newFailedItem :: FailedItem
- data FirewallSubnetIsOutOfScopeViolation = FirewallSubnetIsOutOfScopeViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newFirewallSubnetIsOutOfScopeViolation :: FirewallSubnetIsOutOfScopeViolation
- data FirewallSubnetMissingVPCEndpointViolation = FirewallSubnetMissingVPCEndpointViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newFirewallSubnetMissingVPCEndpointViolation :: FirewallSubnetMissingVPCEndpointViolation
- data NetworkFirewallBlackHoleRouteDetectedViolation = NetworkFirewallBlackHoleRouteDetectedViolation' (Maybe Text) (Maybe [Route]) (Maybe Text) (Maybe Text)
- newNetworkFirewallBlackHoleRouteDetectedViolation :: NetworkFirewallBlackHoleRouteDetectedViolation
- data NetworkFirewallInternetTrafficNotInspectedViolation = NetworkFirewallInternetTrafficNotInspectedViolation' (Maybe [Route]) (Maybe [Route]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [ExpectedRoute]) (Maybe [ExpectedRoute]) (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text)
- newNetworkFirewallInternetTrafficNotInspectedViolation :: NetworkFirewallInternetTrafficNotInspectedViolation
- data NetworkFirewallInvalidRouteConfigurationViolation = NetworkFirewallInvalidRouteConfigurationViolation' (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe [Route]) (Maybe [Text]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [ExpectedRoute]) (Maybe [ExpectedRoute]) (Maybe Text) (Maybe Bool) (Maybe Text) (Maybe Route) (Maybe Text)
- newNetworkFirewallInvalidRouteConfigurationViolation :: NetworkFirewallInvalidRouteConfigurationViolation
- data NetworkFirewallMissingExpectedRTViolation = NetworkFirewallMissingExpectedRTViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newNetworkFirewallMissingExpectedRTViolation :: NetworkFirewallMissingExpectedRTViolation
- data NetworkFirewallMissingExpectedRoutesViolation = NetworkFirewallMissingExpectedRoutesViolation' (Maybe [ExpectedRoute]) (Maybe Text) (Maybe Text)
- newNetworkFirewallMissingExpectedRoutesViolation :: NetworkFirewallMissingExpectedRoutesViolation
- data NetworkFirewallMissingFirewallViolation = NetworkFirewallMissingFirewallViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newNetworkFirewallMissingFirewallViolation :: NetworkFirewallMissingFirewallViolation
- data NetworkFirewallMissingSubnetViolation = NetworkFirewallMissingSubnetViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newNetworkFirewallMissingSubnetViolation :: NetworkFirewallMissingSubnetViolation
- data NetworkFirewallPolicy = NetworkFirewallPolicy' (Maybe FirewallDeploymentModel)
- newNetworkFirewallPolicy :: NetworkFirewallPolicy
- data NetworkFirewallPolicyDescription = NetworkFirewallPolicyDescription' (Maybe [Text]) (Maybe StatefulEngineOptions) (Maybe [StatefulRuleGroup]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [StatelessRuleGroup])
- newNetworkFirewallPolicyDescription :: NetworkFirewallPolicyDescription
- data NetworkFirewallPolicyModifiedViolation = NetworkFirewallPolicyModifiedViolation' (Maybe NetworkFirewallPolicyDescription) (Maybe NetworkFirewallPolicyDescription) (Maybe Text)
- newNetworkFirewallPolicyModifiedViolation :: NetworkFirewallPolicyModifiedViolation
- data NetworkFirewallStatefulRuleGroupOverride = NetworkFirewallStatefulRuleGroupOverride' (Maybe NetworkFirewallOverrideAction)
- newNetworkFirewallStatefulRuleGroupOverride :: NetworkFirewallStatefulRuleGroupOverride
- data NetworkFirewallUnexpectedFirewallRoutesViolation = NetworkFirewallUnexpectedFirewallRoutesViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text)
- newNetworkFirewallUnexpectedFirewallRoutesViolation :: NetworkFirewallUnexpectedFirewallRoutesViolation
- data NetworkFirewallUnexpectedGatewayRoutesViolation = NetworkFirewallUnexpectedGatewayRoutesViolation' (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text)
- newNetworkFirewallUnexpectedGatewayRoutesViolation :: NetworkFirewallUnexpectedGatewayRoutesViolation
- data PartialMatch = PartialMatch' (Maybe Text) (Maybe [Text])
- newPartialMatch :: PartialMatch
- data Policy = Policy' (Maybe Bool) (Maybe (HashMap CustomerPolicyScopeIdType [Text])) (Maybe (HashMap CustomerPolicyScopeIdType [Text])) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Text]) (Maybe [ResourceTag]) (Maybe [Text]) Text SecurityServicePolicyData Text Bool Bool
- newPolicy :: Text -> SecurityServicePolicyData -> Text -> Bool -> Bool -> Policy
- data PolicyComplianceDetail = PolicyComplianceDetail' (Maybe Bool) (Maybe POSIX) (Maybe (HashMap DependentServiceName Text)) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [ComplianceViolator])
- newPolicyComplianceDetail :: PolicyComplianceDetail
- data PolicyComplianceStatus = PolicyComplianceStatus' (Maybe [EvaluationResult]) (Maybe (HashMap DependentServiceName Text)) (Maybe POSIX) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newPolicyComplianceStatus :: PolicyComplianceStatus
- data PolicyOption = PolicyOption' (Maybe NetworkFirewallPolicy) (Maybe ThirdPartyFirewallPolicy)
- newPolicyOption :: PolicyOption
- data PolicySummary = PolicySummary' (Maybe Bool) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) (Maybe SecurityServiceType)
- newPolicySummary :: PolicySummary
- data PossibleRemediationAction = PossibleRemediationAction' (Maybe Text) (Maybe Bool) [RemediationActionWithOrder]
- newPossibleRemediationAction :: PossibleRemediationAction
- data PossibleRemediationActions = PossibleRemediationActions' (Maybe [PossibleRemediationAction]) (Maybe Text)
- newPossibleRemediationActions :: PossibleRemediationActions
- data ProtocolsListData = ProtocolsListData' (Maybe POSIX) (Maybe POSIX) (Maybe Text) (Maybe Text) (Maybe (HashMap Text [Text])) Text [Text]
- newProtocolsListData :: Text -> ProtocolsListData
- data ProtocolsListDataSummary = ProtocolsListDataSummary' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Text])
- newProtocolsListDataSummary :: ProtocolsListDataSummary
- data RemediationAction = RemediationAction' (Maybe Text) (Maybe EC2AssociateRouteTableAction) (Maybe EC2CopyRouteTableAction) (Maybe EC2CreateRouteAction) (Maybe EC2CreateRouteTableAction) (Maybe EC2DeleteRouteAction) (Maybe EC2ReplaceRouteAction) (Maybe EC2ReplaceRouteTableAssociationAction) (Maybe FMSPolicyUpdateFirewallCreationConfigAction)
- newRemediationAction :: RemediationAction
- data RemediationActionWithOrder = RemediationActionWithOrder' (Maybe Int) (Maybe RemediationAction)
- newRemediationActionWithOrder :: RemediationActionWithOrder
- data Resource = Resource' (Maybe Text) Text
- newResource :: Text -> Resource
- data ResourceSet = ResourceSet' (Maybe Text) (Maybe Text) (Maybe POSIX) (Maybe Text) Text [Text]
- newResourceSet :: Text -> ResourceSet
- data ResourceSetSummary = ResourceSetSummary' (Maybe Text) (Maybe Text) (Maybe POSIX) (Maybe Text)
- newResourceSetSummary :: ResourceSetSummary
- data ResourceTag = ResourceTag' (Maybe Text) Text
- newResourceTag :: Text -> ResourceTag
- data ResourceViolation = ResourceViolation' (Maybe AwsEc2InstanceViolation) (Maybe AwsEc2NetworkInterfaceViolation) (Maybe AwsVPCSecurityGroupViolation) (Maybe DnsDuplicateRuleGroupViolation) (Maybe DnsRuleGroupLimitExceededViolation) (Maybe DnsRuleGroupPriorityConflictViolation) (Maybe FirewallSubnetIsOutOfScopeViolation) (Maybe FirewallSubnetMissingVPCEndpointViolation) (Maybe NetworkFirewallBlackHoleRouteDetectedViolation) (Maybe NetworkFirewallInternetTrafficNotInspectedViolation) (Maybe NetworkFirewallInvalidRouteConfigurationViolation) (Maybe NetworkFirewallMissingExpectedRTViolation) (Maybe NetworkFirewallMissingExpectedRoutesViolation) (Maybe NetworkFirewallMissingFirewallViolation) (Maybe NetworkFirewallMissingSubnetViolation) (Maybe NetworkFirewallPolicyModifiedViolation) (Maybe NetworkFirewallUnexpectedFirewallRoutesViolation) (Maybe NetworkFirewallUnexpectedGatewayRoutesViolation) (Maybe PossibleRemediationActions) (Maybe RouteHasOutOfScopeEndpointViolation) (Maybe ThirdPartyFirewallMissingExpectedRouteTableViolation) (Maybe ThirdPartyFirewallMissingFirewallViolation) (Maybe ThirdPartyFirewallMissingSubnetViolation)
- newResourceViolation :: ResourceViolation
- data Route = Route' (Maybe Text) (Maybe DestinationType) (Maybe Text) (Maybe TargetType)
- newRoute :: Route
- data RouteHasOutOfScopeEndpointViolation = RouteHasOutOfScopeEndpointViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text) (Maybe [Route]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text)
- newRouteHasOutOfScopeEndpointViolation :: RouteHasOutOfScopeEndpointViolation
- data SecurityGroupRemediationAction = SecurityGroupRemediationAction' (Maybe Text) (Maybe Bool) (Maybe RemediationActionType) (Maybe SecurityGroupRuleDescription)
- newSecurityGroupRemediationAction :: SecurityGroupRemediationAction
- data SecurityGroupRuleDescription = SecurityGroupRuleDescription' (Maybe Natural) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Natural)
- newSecurityGroupRuleDescription :: SecurityGroupRuleDescription
- data SecurityServicePolicyData = SecurityServicePolicyData' (Maybe Text) (Maybe PolicyOption) SecurityServiceType
- newSecurityServicePolicyData :: SecurityServiceType -> SecurityServicePolicyData
- data StatefulEngineOptions = StatefulEngineOptions' (Maybe RuleOrder)
- newStatefulEngineOptions :: StatefulEngineOptions
- data StatefulRuleGroup = StatefulRuleGroup' (Maybe NetworkFirewallStatefulRuleGroupOverride) (Maybe Int) (Maybe Text) (Maybe Text)
- newStatefulRuleGroup :: StatefulRuleGroup
- data StatelessRuleGroup = StatelessRuleGroup' (Maybe Natural) (Maybe Text) (Maybe Text)
- newStatelessRuleGroup :: StatelessRuleGroup
- data Tag = Tag' Text Text
- newTag :: Text -> Text -> Tag
- data ThirdPartyFirewallFirewallPolicy = ThirdPartyFirewallFirewallPolicy' (Maybe Text) (Maybe Text)
- newThirdPartyFirewallFirewallPolicy :: ThirdPartyFirewallFirewallPolicy
- data ThirdPartyFirewallMissingExpectedRouteTableViolation = ThirdPartyFirewallMissingExpectedRouteTableViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newThirdPartyFirewallMissingExpectedRouteTableViolation :: ThirdPartyFirewallMissingExpectedRouteTableViolation
- data ThirdPartyFirewallMissingFirewallViolation = ThirdPartyFirewallMissingFirewallViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newThirdPartyFirewallMissingFirewallViolation :: ThirdPartyFirewallMissingFirewallViolation
- data ThirdPartyFirewallMissingSubnetViolation = ThirdPartyFirewallMissingSubnetViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newThirdPartyFirewallMissingSubnetViolation :: ThirdPartyFirewallMissingSubnetViolation
- data ThirdPartyFirewallPolicy = ThirdPartyFirewallPolicy' (Maybe FirewallDeploymentModel)
- newThirdPartyFirewallPolicy :: ThirdPartyFirewallPolicy
- data ViolationDetail = ViolationDetail' (Maybe Text) (Maybe [Tag]) Text Text Text Text [ResourceViolation]
- newViolationDetail :: Text -> Text -> Text -> Text -> ViolationDetail
Service Configuration
defaultService :: Service Source #
API version 2018-01-01 of the Amazon Firewall Management Service SDK configuration.
Errors
Error matchers are designed for use with the functions provided by
Control.Exception.Lens.
This allows catching (and rethrowing) service specific errors returned
by FMS.
InternalErrorException
_InternalErrorException :: AsError a => Fold a ServiceError Source #
The operation failed because of a system problem, even though the request was valid. Retry your request.
InvalidInputException
_InvalidInputException :: AsError a => Fold a ServiceError Source #
The parameters of the request were invalid.
InvalidOperationException
_InvalidOperationException :: AsError a => Fold a ServiceError Source #
The operation failed because there was nothing to do or the operation
wasn't possible. For example, you might have submitted an
AssociateAdminAccount request for an account ID that was already set
as the Firewall Manager administrator. Or you might have tried to access
a Region that's disabled by default, and that you need to enable for
the Firewall Manager administrator account and for Organizations before
you can access it.
InvalidTypeException
_InvalidTypeException :: AsError a => Fold a ServiceError Source #
The value of the Type parameter is invalid.
LimitExceededException
_LimitExceededException :: AsError a => Fold a ServiceError Source #
The operation exceeds a resource limit, for example, the maximum number
of policy objects that you can create for an Amazon Web Services
account. For more information, see
Firewall Manager Limits
in the WAF Developer Guide.
ResourceNotFoundException
_ResourceNotFoundException :: AsError a => Fold a ServiceError Source #
The specified resource was not found.
Waiters
Waiters poll by repeatedly sending a request until some remote success condition
configured by the Wait specification is fulfilled. The Wait specification
determines how many attempts should be made, in addition to delay and retry strategies.
Operations
Some AWS operations return results that are incomplete and require subsequent
requests in order to obtain the entire result set. The process of sending
subsequent requests to continue where a previous request left off is called
pagination. For example, the ListObjects operation of Amazon S3 returns up to
1000 objects at a time, and you must send subsequent requests with the
appropriate Marker in order to retrieve the next page of results.
Operations that have an AWSPager instance can transparently perform subsequent
requests, correctly setting Markers and other request facets to iterate through
the entire result set of a truncated API operation. Operations which support
this have an additional note in the documentation.
Many operations have the ability to filter results on the server side. See the individual operation parameters for details.
AssociateAdminAccount
data AssociateAdminAccount Source #
See: newAssociateAdminAccount smart constructor.
Constructors
| AssociateAdminAccount' Text |
Instances
newAssociateAdminAccount Source #
Create a value of AssociateAdminAccount with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:adminAccount:AssociateAdminAccount', associateAdminAccount_adminAccount - The Amazon Web Services account ID to associate with Firewall Manager as
the Firewall Manager administrator account. This must be an
Organizations member account. For more information about Organizations,
see
Managing the Amazon Web Services Accounts in Your Organization.
data AssociateAdminAccountResponse Source #
See: newAssociateAdminAccountResponse smart constructor.
Constructors
| AssociateAdminAccountResponse' | |
Instances
| Generic AssociateAdminAccountResponse Source # | |
Defined in Amazonka.FMS.AssociateAdminAccount Associated Types type Rep AssociateAdminAccountResponse :: Type -> Type # | |
| Read AssociateAdminAccountResponse Source # | |
| Show AssociateAdminAccountResponse Source # | |
Defined in Amazonka.FMS.AssociateAdminAccount Methods showsPrec :: Int -> AssociateAdminAccountResponse -> ShowS # show :: AssociateAdminAccountResponse -> String # showList :: [AssociateAdminAccountResponse] -> ShowS # | |
| NFData AssociateAdminAccountResponse Source # | |
Defined in Amazonka.FMS.AssociateAdminAccount Methods rnf :: AssociateAdminAccountResponse -> () # | |
| Eq AssociateAdminAccountResponse Source # | |
Defined in Amazonka.FMS.AssociateAdminAccount | |
| type Rep AssociateAdminAccountResponse Source # | |
Defined in Amazonka.FMS.AssociateAdminAccount | |
newAssociateAdminAccountResponse :: AssociateAdminAccountResponse Source #
Create a value of AssociateAdminAccountResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
AssociateThirdPartyFirewall
data AssociateThirdPartyFirewall Source #
See: newAssociateThirdPartyFirewall smart constructor.
Constructors
| AssociateThirdPartyFirewall' ThirdPartyFirewall |
Instances
newAssociateThirdPartyFirewall Source #
Arguments
| :: ThirdPartyFirewall | |
| -> AssociateThirdPartyFirewall |
Create a value of AssociateThirdPartyFirewall with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:thirdPartyFirewall:AssociateThirdPartyFirewall', associateThirdPartyFirewall_thirdPartyFirewall - The name of the third-party firewall vendor.
data AssociateThirdPartyFirewallResponse Source #
See: newAssociateThirdPartyFirewallResponse smart constructor.
Instances
newAssociateThirdPartyFirewallResponse Source #
Arguments
| :: Int | |
| -> AssociateThirdPartyFirewallResponse |
Create a value of AssociateThirdPartyFirewallResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:thirdPartyFirewallStatus:AssociateThirdPartyFirewallResponse', associateThirdPartyFirewallResponse_thirdPartyFirewallStatus - The current status for setting a Firewall Manager policy
administrator's account as an administrator of the third-party firewall
tenant.
ONBOARDING- The Firewall Manager policy administrator is being designated as a tenant administrator.ONBOARD_COMPLETE- The Firewall Manager policy administrator is designated as a tenant administrator.OFFBOARDING- The Firewall Manager policy administrator is being removed as a tenant administrator.OFFBOARD_COMPLETE- The Firewall Manager policy administrator has been removed as a tenant administrator.NOT_EXIST- The Firewall Manager policy administrator doesn't exist as a tenant administrator.
$sel:httpStatus:AssociateThirdPartyFirewallResponse', associateThirdPartyFirewallResponse_httpStatus - The response's http status code.
BatchAssociateResource
data BatchAssociateResource Source #
See: newBatchAssociateResource smart constructor.
Constructors
| BatchAssociateResource' Text [Text] |
Instances
newBatchAssociateResource Source #
Arguments
| :: Text | |
| -> BatchAssociateResource |
Create a value of BatchAssociateResource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
BatchAssociateResource, batchAssociateResource_resourceSetIdentifier - A unique identifier for the resource set, used in a TODO to refer to the
resource set.
$sel:items:BatchAssociateResource', batchAssociateResource_items - The uniform resource identifiers (URIs) of resources that should be
associated to the resource set. The URIs must be Amazon Resource Names
(ARNs).
data BatchAssociateResourceResponse Source #
See: newBatchAssociateResourceResponse smart constructor.
Constructors
| BatchAssociateResourceResponse' Int Text [FailedItem] |
Instances
newBatchAssociateResourceResponse Source #
Arguments
| :: Int | |
| -> Text | |
| -> BatchAssociateResourceResponse |
Create a value of BatchAssociateResourceResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:BatchAssociateResourceResponse', batchAssociateResourceResponse_httpStatus - The response's http status code.
BatchAssociateResource, batchAssociateResourceResponse_resourceSetIdentifier - A unique identifier for the resource set, used in a TODO to refer to the
resource set.
$sel:failedItems:BatchAssociateResourceResponse', batchAssociateResourceResponse_failedItems - The resources that failed to associate to the resource set.
BatchDisassociateResource
data BatchDisassociateResource Source #
See: newBatchDisassociateResource smart constructor.
Constructors
| BatchDisassociateResource' Text [Text] |
Instances
newBatchDisassociateResource Source #
Arguments
| :: Text | |
| -> BatchDisassociateResource |
Create a value of BatchDisassociateResource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
BatchDisassociateResource, batchDisassociateResource_resourceSetIdentifier - A unique identifier for the resource set, used in a TODO to refer to the
resource set.
$sel:items:BatchDisassociateResource', batchDisassociateResource_items - The uniform resource identifiers (URI) of resources that should be
disassociated from the resource set. The URIs must be Amazon Resource
Names (ARNs).
data BatchDisassociateResourceResponse Source #
See: newBatchDisassociateResourceResponse smart constructor.
Constructors
| BatchDisassociateResourceResponse' Int Text [FailedItem] |
Instances
newBatchDisassociateResourceResponse Source #
Arguments
| :: Int | |
| -> Text | |
| -> BatchDisassociateResourceResponse |
Create a value of BatchDisassociateResourceResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:BatchDisassociateResourceResponse', batchDisassociateResourceResponse_httpStatus - The response's http status code.
BatchDisassociateResource, batchDisassociateResourceResponse_resourceSetIdentifier - A unique identifier for the resource set, used in a TODO to refer to the
resource set.
$sel:failedItems:BatchDisassociateResourceResponse', batchDisassociateResourceResponse_failedItems - The resources that failed to disassociate from the resource set.
DeleteAppsList
data DeleteAppsList Source #
See: newDeleteAppsList smart constructor.
Constructors
| DeleteAppsList' Text |
Instances
Arguments
| :: Text | |
| -> DeleteAppsList |
Create a value of DeleteAppsList with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
DeleteAppsList, deleteAppsList_listId - The ID of the applications list that you want to delete. You can
retrieve this ID from PutAppsList, ListAppsLists, and GetAppsList.
data DeleteAppsListResponse Source #
See: newDeleteAppsListResponse smart constructor.
Constructors
| DeleteAppsListResponse' | |
Instances
| Generic DeleteAppsListResponse Source # | |
Defined in Amazonka.FMS.DeleteAppsList Associated Types type Rep DeleteAppsListResponse :: Type -> Type # Methods from :: DeleteAppsListResponse -> Rep DeleteAppsListResponse x # to :: Rep DeleteAppsListResponse x -> DeleteAppsListResponse # | |
| Read DeleteAppsListResponse Source # | |
Defined in Amazonka.FMS.DeleteAppsList | |
| Show DeleteAppsListResponse Source # | |
Defined in Amazonka.FMS.DeleteAppsList Methods showsPrec :: Int -> DeleteAppsListResponse -> ShowS # show :: DeleteAppsListResponse -> String # showList :: [DeleteAppsListResponse] -> ShowS # | |
| NFData DeleteAppsListResponse Source # | |
Defined in Amazonka.FMS.DeleteAppsList Methods rnf :: DeleteAppsListResponse -> () # | |
| Eq DeleteAppsListResponse Source # | |
Defined in Amazonka.FMS.DeleteAppsList Methods (==) :: DeleteAppsListResponse -> DeleteAppsListResponse -> Bool # (/=) :: DeleteAppsListResponse -> DeleteAppsListResponse -> Bool # | |
| type Rep DeleteAppsListResponse Source # | |
newDeleteAppsListResponse :: DeleteAppsListResponse Source #
Create a value of DeleteAppsListResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
DeleteNotificationChannel
data DeleteNotificationChannel Source #
See: newDeleteNotificationChannel smart constructor.
Constructors
| DeleteNotificationChannel' | |
Instances
newDeleteNotificationChannel :: DeleteNotificationChannel Source #
Create a value of DeleteNotificationChannel with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
data DeleteNotificationChannelResponse Source #
See: newDeleteNotificationChannelResponse smart constructor.
Constructors
| DeleteNotificationChannelResponse' | |
Instances
| Generic DeleteNotificationChannelResponse Source # | |
Defined in Amazonka.FMS.DeleteNotificationChannel Associated Types type Rep DeleteNotificationChannelResponse :: Type -> Type # | |
| Read DeleteNotificationChannelResponse Source # | |
| Show DeleteNotificationChannelResponse Source # | |
Defined in Amazonka.FMS.DeleteNotificationChannel Methods showsPrec :: Int -> DeleteNotificationChannelResponse -> ShowS # | |
| NFData DeleteNotificationChannelResponse Source # | |
Defined in Amazonka.FMS.DeleteNotificationChannel Methods rnf :: DeleteNotificationChannelResponse -> () # | |
| Eq DeleteNotificationChannelResponse Source # | |
| type Rep DeleteNotificationChannelResponse Source # | |
Defined in Amazonka.FMS.DeleteNotificationChannel | |
newDeleteNotificationChannelResponse :: DeleteNotificationChannelResponse Source #
Create a value of DeleteNotificationChannelResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
DeletePolicy
data DeletePolicy Source #
See: newDeletePolicy smart constructor.
Constructors
| DeletePolicy' (Maybe Bool) Text |
Instances
Arguments
| :: Text | |
| -> DeletePolicy |
Create a value of DeletePolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:deleteAllPolicyResources:DeletePolicy', deletePolicy_deleteAllPolicyResources - If True, the request performs cleanup according to the policy type.
For WAF and Shield Advanced policies, the cleanup does the following:
- Deletes rule groups created by Firewall Manager
- Removes web ACLs from in-scope resources
- Deletes web ACLs that contain no rules or rule groups
For security group policies, the cleanup does the following for each security group in the policy:
- Disassociates the security group from in-scope resources
- Deletes the security group if it was created through Firewall Manager and if it's no longer associated with any resources through another policy
After the cleanup, in-scope resources are no longer protected by web ACLs in this policy. Protection of out-of-scope resources remains unchanged. Scope is determined by tags that you create and accounts that you associate with the policy. When creating the policy, if you specify that only resources in specific accounts or with specific tags are in scope of the policy, those accounts and resources are handled by the policy. All others are out of scope. If you don't specify tags or accounts, all resources are in scope.
DeletePolicy, deletePolicy_policyId - The ID of the policy that you want to delete. You can retrieve this ID
from PutPolicy and ListPolicies.
data DeletePolicyResponse Source #
See: newDeletePolicyResponse smart constructor.
Constructors
| DeletePolicyResponse' | |
Instances
newDeletePolicyResponse :: DeletePolicyResponse Source #
Create a value of DeletePolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
DeleteProtocolsList
data DeleteProtocolsList Source #
See: newDeleteProtocolsList smart constructor.
Constructors
| DeleteProtocolsList' Text |
Instances
newDeleteProtocolsList Source #
Arguments
| :: Text | |
| -> DeleteProtocolsList |
Create a value of DeleteProtocolsList with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
DeleteProtocolsList, deleteProtocolsList_listId - The ID of the protocols list that you want to delete. You can retrieve
this ID from PutProtocolsList, ListProtocolsLists, and
GetProtocolsLost.
data DeleteProtocolsListResponse Source #
See: newDeleteProtocolsListResponse smart constructor.
Constructors
| DeleteProtocolsListResponse' | |
Instances
newDeleteProtocolsListResponse :: DeleteProtocolsListResponse Source #
Create a value of DeleteProtocolsListResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
DeleteResourceSet
data DeleteResourceSet Source #
See: newDeleteResourceSet smart constructor.
Constructors
| DeleteResourceSet' Text |
Instances
Arguments
| :: Text | |
| -> DeleteResourceSet |
Create a value of DeleteResourceSet with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identifier:DeleteResourceSet', deleteResourceSet_identifier - A unique identifier for the resource set, used in a TODO to refer to the
resource set.
data DeleteResourceSetResponse Source #
See: newDeleteResourceSetResponse smart constructor.
Constructors
| DeleteResourceSetResponse' | |
Instances
newDeleteResourceSetResponse :: DeleteResourceSetResponse Source #
Create a value of DeleteResourceSetResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
DisassociateAdminAccount
data DisassociateAdminAccount Source #
See: newDisassociateAdminAccount smart constructor.
Constructors
| DisassociateAdminAccount' | |
Instances
newDisassociateAdminAccount :: DisassociateAdminAccount Source #
Create a value of DisassociateAdminAccount with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
data DisassociateAdminAccountResponse Source #
See: newDisassociateAdminAccountResponse smart constructor.
Constructors
| DisassociateAdminAccountResponse' | |
Instances
| Generic DisassociateAdminAccountResponse Source # | |
Defined in Amazonka.FMS.DisassociateAdminAccount Associated Types type Rep DisassociateAdminAccountResponse :: Type -> Type # | |
| Read DisassociateAdminAccountResponse Source # | |
| Show DisassociateAdminAccountResponse Source # | |
Defined in Amazonka.FMS.DisassociateAdminAccount Methods showsPrec :: Int -> DisassociateAdminAccountResponse -> ShowS # | |
| NFData DisassociateAdminAccountResponse Source # | |
Defined in Amazonka.FMS.DisassociateAdminAccount Methods rnf :: DisassociateAdminAccountResponse -> () # | |
| Eq DisassociateAdminAccountResponse Source # | |
| type Rep DisassociateAdminAccountResponse Source # | |
Defined in Amazonka.FMS.DisassociateAdminAccount | |
newDisassociateAdminAccountResponse :: DisassociateAdminAccountResponse Source #
Create a value of DisassociateAdminAccountResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
DisassociateThirdPartyFirewall
data DisassociateThirdPartyFirewall Source #
See: newDisassociateThirdPartyFirewall smart constructor.
Constructors
| DisassociateThirdPartyFirewall' ThirdPartyFirewall |
Instances
newDisassociateThirdPartyFirewall Source #
Arguments
| :: ThirdPartyFirewall | |
| -> DisassociateThirdPartyFirewall |
Create a value of DisassociateThirdPartyFirewall with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:thirdPartyFirewall:DisassociateThirdPartyFirewall', disassociateThirdPartyFirewall_thirdPartyFirewall - The name of the third-party firewall vendor.
data DisassociateThirdPartyFirewallResponse Source #
See: newDisassociateThirdPartyFirewallResponse smart constructor.
Instances
newDisassociateThirdPartyFirewallResponse Source #
Arguments
| :: Int | |
| -> DisassociateThirdPartyFirewallResponse |
Create a value of DisassociateThirdPartyFirewallResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:thirdPartyFirewallStatus:DisassociateThirdPartyFirewallResponse', disassociateThirdPartyFirewallResponse_thirdPartyFirewallStatus - The current status for the disassociation of a Firewall Manager
administrators account with a third-party firewall.
$sel:httpStatus:DisassociateThirdPartyFirewallResponse', disassociateThirdPartyFirewallResponse_httpStatus - The response's http status code.
GetAdminAccount
data GetAdminAccount Source #
See: newGetAdminAccount smart constructor.
Constructors
| GetAdminAccount' | |
Instances
newGetAdminAccount :: GetAdminAccount Source #
Create a value of GetAdminAccount with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
data GetAdminAccountResponse Source #
See: newGetAdminAccountResponse smart constructor.
Constructors
| GetAdminAccountResponse' (Maybe Text) (Maybe AccountRoleStatus) Int |
Instances
newGetAdminAccountResponse Source #
Create a value of GetAdminAccountResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:adminAccount:GetAdminAccountResponse', getAdminAccountResponse_adminAccount - The Amazon Web Services account that is set as the Firewall Manager
administrator.
$sel:roleStatus:GetAdminAccountResponse', getAdminAccountResponse_roleStatus - The status of the Amazon Web Services account that you set as the
Firewall Manager administrator.
$sel:httpStatus:GetAdminAccountResponse', getAdminAccountResponse_httpStatus - The response's http status code.
GetAppsList
data GetAppsList Source #
See: newGetAppsList smart constructor.
Constructors
| GetAppsList' (Maybe Bool) Text |
Instances
Arguments
| :: Text | |
| -> GetAppsList |
Create a value of GetAppsList with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:defaultList:GetAppsList', getAppsList_defaultList - Specifies whether the list to retrieve is a default list owned by
Firewall Manager.
GetAppsList, getAppsList_listId - The ID of the Firewall Manager applications list that you want the
details for.
data GetAppsListResponse Source #
See: newGetAppsListResponse smart constructor.
Constructors
| GetAppsListResponse' (Maybe AppsListData) (Maybe Text) Int |
Instances
newGetAppsListResponse Source #
Arguments
| :: Int | |
| -> GetAppsListResponse |
Create a value of GetAppsListResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
GetAppsListResponse, getAppsListResponse_appsList - Information about the specified Firewall Manager applications list.
$sel:appsListArn:GetAppsListResponse', getAppsListResponse_appsListArn - The Amazon Resource Name (ARN) of the applications list.
$sel:httpStatus:GetAppsListResponse', getAppsListResponse_httpStatus - The response's http status code.
GetComplianceDetail
data GetComplianceDetail Source #
See: newGetComplianceDetail smart constructor.
Constructors
| GetComplianceDetail' Text Text |
Instances
newGetComplianceDetail Source #
Arguments
| :: Text | |
| -> Text | |
| -> GetComplianceDetail |
Create a value of GetComplianceDetail with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
GetComplianceDetail, getComplianceDetail_policyId - The ID of the policy that you want to get the details for. PolicyId is
returned by PutPolicy and by ListPolicies.
GetComplianceDetail, getComplianceDetail_memberAccount - The Amazon Web Services account that owns the resources that you want to
get the details for.
data GetComplianceDetailResponse Source #
See: newGetComplianceDetailResponse smart constructor.
Constructors
| GetComplianceDetailResponse' (Maybe PolicyComplianceDetail) Int |
Instances
newGetComplianceDetailResponse Source #
Create a value of GetComplianceDetailResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:policyComplianceDetail:GetComplianceDetailResponse', getComplianceDetailResponse_policyComplianceDetail - Information about the resources and the policy that you specified in the
GetComplianceDetail request.
$sel:httpStatus:GetComplianceDetailResponse', getComplianceDetailResponse_httpStatus - The response's http status code.
GetNotificationChannel
data GetNotificationChannel Source #
See: newGetNotificationChannel smart constructor.
Constructors
| GetNotificationChannel' | |
Instances
newGetNotificationChannel :: GetNotificationChannel Source #
Create a value of GetNotificationChannel with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
data GetNotificationChannelResponse Source #
See: newGetNotificationChannelResponse smart constructor.
Instances
newGetNotificationChannelResponse Source #
Create a value of GetNotificationChannelResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:snsRoleName:GetNotificationChannelResponse', getNotificationChannelResponse_snsRoleName - The IAM role that is used by Firewall Manager to record activity to SNS.
$sel:snsTopicArn:GetNotificationChannelResponse', getNotificationChannelResponse_snsTopicArn - The SNS topic that records Firewall Manager activity.
$sel:httpStatus:GetNotificationChannelResponse', getNotificationChannelResponse_httpStatus - The response's http status code.
GetPolicy
See: newGetPolicy smart constructor.
Constructors
| GetPolicy' Text |
Instances
Create a value of GetPolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
GetPolicy, getPolicy_policyId - The ID of the Firewall Manager policy that you want the details for.
data GetPolicyResponse Source #
See: newGetPolicyResponse smart constructor.
Instances
Arguments
| :: Int | |
| -> GetPolicyResponse |
Create a value of GetPolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:policy:GetPolicyResponse', getPolicyResponse_policy - Information about the specified Firewall Manager policy.
GetPolicyResponse, getPolicyResponse_policyArn - The Amazon Resource Name (ARN) of the specified policy.
$sel:httpStatus:GetPolicyResponse', getPolicyResponse_httpStatus - The response's http status code.
GetProtectionStatus
data GetProtectionStatus Source #
See: newGetProtectionStatus smart constructor.
Constructors
| GetProtectionStatus' (Maybe POSIX) (Maybe Natural) (Maybe Text) (Maybe Text) (Maybe POSIX) Text |
Instances
newGetProtectionStatus Source #
Arguments
| :: Text | |
| -> GetProtectionStatus |
Create a value of GetProtectionStatus with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:endTime:GetProtectionStatus', getProtectionStatus_endTime - The end of the time period to query for the attacks. This is a
timestamp type. The request syntax listing indicates a number type
because the default used by Firewall Manager is Unix time in seconds.
However, any valid timestamp format is allowed.
$sel:maxResults:GetProtectionStatus', getProtectionStatus_maxResults - Specifies the number of objects that you want Firewall Manager to return
for this request. If you have more objects than the number that you
specify for MaxResults, the response includes a NextToken value that
you can use to get another batch of objects.
$sel:memberAccountId:GetProtectionStatus', getProtectionStatus_memberAccountId - The Amazon Web Services account that is in scope of the policy that you
want to get the details for.
GetProtectionStatus, getProtectionStatus_nextToken - If you specify a value for MaxResults and you have more objects than
the number that you specify for MaxResults, Firewall Manager returns a
NextToken value in the response, which you can use to retrieve another
group of objects. For the second and subsequent GetProtectionStatus
requests, specify the value of NextToken from the previous response to
get information about another batch of objects.
$sel:startTime:GetProtectionStatus', getProtectionStatus_startTime - The start of the time period to query for the attacks. This is a
timestamp type. The request syntax listing indicates a number type
because the default used by Firewall Manager is Unix time in seconds.
However, any valid timestamp format is allowed.
GetProtectionStatus, getProtectionStatus_policyId - The ID of the policy for which you want to get the attack information.
data GetProtectionStatusResponse Source #
See: newGetProtectionStatusResponse smart constructor.
Constructors
| GetProtectionStatusResponse' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe SecurityServiceType) Int |
Instances
newGetProtectionStatusResponse Source #
Create a value of GetProtectionStatusResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:adminAccountId:GetProtectionStatusResponse', getProtectionStatusResponse_adminAccountId - The ID of the Firewall Manager administrator account for this policy.
$sel:data':GetProtectionStatusResponse', getProtectionStatusResponse_data - Details about the attack, including the following:
- Attack type
- Account ID
- ARN of the resource attacked
- Start time of the attack
- End time of the attack (ongoing attacks will not have an end time)
The details are in JSON format.
GetProtectionStatus, getProtectionStatusResponse_nextToken - If you have more objects than the number that you specified for
MaxResults in the request, the response includes a NextToken value.
To list more objects, submit another GetProtectionStatus request, and
specify the NextToken value from the response in the NextToken value
in the next request.
Amazon Web Services SDKs provide auto-pagination that identify
NextToken in a response and make subsequent request calls
automatically on your behalf. However, this feature is not supported by
GetProtectionStatus. You must submit subsequent requests with
NextToken using your own processes.
$sel:serviceType:GetProtectionStatusResponse', getProtectionStatusResponse_serviceType - The service type that is protected by the policy. Currently, this is
always SHIELD_ADVANCED.
$sel:httpStatus:GetProtectionStatusResponse', getProtectionStatusResponse_httpStatus - The response's http status code.
GetProtocolsList
data GetProtocolsList Source #
See: newGetProtocolsList smart constructor.
Constructors
| GetProtocolsList' (Maybe Bool) Text |
Instances
Arguments
| :: Text | |
| -> GetProtocolsList |
Create a value of GetProtocolsList with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:defaultList:GetProtocolsList', getProtocolsList_defaultList - Specifies whether the list to retrieve is a default list owned by
Firewall Manager.
GetProtocolsList, getProtocolsList_listId - The ID of the Firewall Manager protocols list that you want the details
for.
data GetProtocolsListResponse Source #
See: newGetProtocolsListResponse smart constructor.
Constructors
| GetProtocolsListResponse' (Maybe ProtocolsListData) (Maybe Text) Int |
Instances
newGetProtocolsListResponse Source #
Create a value of GetProtocolsListResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
GetProtocolsListResponse, getProtocolsListResponse_protocolsList - Information about the specified Firewall Manager protocols list.
$sel:protocolsListArn:GetProtocolsListResponse', getProtocolsListResponse_protocolsListArn - The Amazon Resource Name (ARN) of the specified protocols list.
$sel:httpStatus:GetProtocolsListResponse', getProtocolsListResponse_httpStatus - The response's http status code.
GetResourceSet
data GetResourceSet Source #
See: newGetResourceSet smart constructor.
Constructors
| GetResourceSet' Text |
Instances
Arguments
| :: Text | |
| -> GetResourceSet |
Create a value of GetResourceSet with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:identifier:GetResourceSet', getResourceSet_identifier - A unique identifier for the resource set, used in a TODO to refer to the
resource set.
data GetResourceSetResponse Source #
See: newGetResourceSetResponse smart constructor.
Constructors
| GetResourceSetResponse' Int ResourceSet Text |
Instances
newGetResourceSetResponse Source #
Arguments
| :: Int | |
| -> ResourceSet | |
| -> Text | |
| -> GetResourceSetResponse |
Create a value of GetResourceSetResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:GetResourceSetResponse', getResourceSetResponse_httpStatus - The response's http status code.
$sel:resourceSet:GetResourceSetResponse', getResourceSetResponse_resourceSet - Information about the specified resource set.
$sel:resourceSetArn:GetResourceSetResponse', getResourceSetResponse_resourceSetArn - The Amazon Resource Name (ARN) of the resource set.
GetThirdPartyFirewallAssociationStatus
data GetThirdPartyFirewallAssociationStatus Source #
See: newGetThirdPartyFirewallAssociationStatus smart constructor.
Instances
newGetThirdPartyFirewallAssociationStatus Source #
Arguments
| :: ThirdPartyFirewall |
|
| -> GetThirdPartyFirewallAssociationStatus |
Create a value of GetThirdPartyFirewallAssociationStatus with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:thirdPartyFirewall:GetThirdPartyFirewallAssociationStatus', getThirdPartyFirewallAssociationStatus_thirdPartyFirewall - The name of the third-party firewall vendor.
data GetThirdPartyFirewallAssociationStatusResponse Source #
See: newGetThirdPartyFirewallAssociationStatusResponse smart constructor.
Constructors
| GetThirdPartyFirewallAssociationStatusResponse' (Maybe MarketplaceSubscriptionOnboardingStatus) (Maybe ThirdPartyFirewallAssociationStatus) Int |
Instances
newGetThirdPartyFirewallAssociationStatusResponse Source #
Arguments
| :: Int |
|
| -> GetThirdPartyFirewallAssociationStatusResponse |
Create a value of GetThirdPartyFirewallAssociationStatusResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:marketplaceOnboardingStatus:GetThirdPartyFirewallAssociationStatusResponse', getThirdPartyFirewallAssociationStatusResponse_marketplaceOnboardingStatus - The status for subscribing to the third-party firewall vendor in the
Amazon Web Services Marketplace.
NO_SUBSCRIPTION- The Firewall Manager policy administrator isn't subscribed to the third-party firewall service in the Amazon Web Services Marketplace.NOT_COMPLETE- The Firewall Manager policy administrator is in the process of subscribing to the third-party firewall service in the Amazon Web Services Marketplace, but doesn't yet have an active subscription.COMPLETE- The Firewall Manager policy administrator has an active subscription to the third-party firewall service in the Amazon Web Services Marketplace.
$sel:thirdPartyFirewallStatus:GetThirdPartyFirewallAssociationStatusResponse', getThirdPartyFirewallAssociationStatusResponse_thirdPartyFirewallStatus - The current status for setting a Firewall Manager policy administrators
account as an administrator of the third-party firewall tenant.
ONBOARDING- The Firewall Manager policy administrator is being designated as a tenant administrator.ONBOARD_COMPLETE- The Firewall Manager policy administrator is designated as a tenant administrator.OFFBOARDING- The Firewall Manager policy administrator is being removed as a tenant administrator.OFFBOARD_COMPLETE- The Firewall Manager policy administrator has been removed as a tenant administrator.NOT_EXIST- The Firewall Manager policy administrator doesn't exist as a tenant administrator.
$sel:httpStatus:GetThirdPartyFirewallAssociationStatusResponse', getThirdPartyFirewallAssociationStatusResponse_httpStatus - The response's http status code.
GetViolationDetails
data GetViolationDetails Source #
See: newGetViolationDetails smart constructor.
Constructors
| GetViolationDetails' Text Text Text Text |
Instances
newGetViolationDetails Source #
Arguments
| :: Text | |
| -> Text | |
| -> Text | |
| -> Text | |
| -> GetViolationDetails |
Create a value of GetViolationDetails with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
GetViolationDetails, getViolationDetails_policyId - The ID of the Firewall Manager policy that you want the details for.
This currently only supports security group content audit policies.
GetViolationDetails, getViolationDetails_memberAccount - The Amazon Web Services account ID that you want the details for.
GetViolationDetails, getViolationDetails_resourceId - The ID of the resource that has violations.
GetViolationDetails, getViolationDetails_resourceType - The resource type. This is in the format shown in the
Amazon Web Services Resource Types Reference.
Supported resource types are: AWS::EC2::Instance,
AWS::EC2::NetworkInterface, AWS::EC2::SecurityGroup,
AWS::NetworkFirewall::FirewallPolicy, and AWS::EC2::Subnet.
data GetViolationDetailsResponse Source #
See: newGetViolationDetailsResponse smart constructor.
Constructors
| GetViolationDetailsResponse' (Maybe ViolationDetail) Int |
Instances
newGetViolationDetailsResponse Source #
Create a value of GetViolationDetailsResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violationDetail:GetViolationDetailsResponse', getViolationDetailsResponse_violationDetail - Violation detail for a resource.
$sel:httpStatus:GetViolationDetailsResponse', getViolationDetailsResponse_httpStatus - The response's http status code.
ListAppsLists (Paginated)
data ListAppsLists Source #
See: newListAppsLists smart constructor.
Instances
Arguments
| :: Natural | |
| -> ListAppsLists |
Create a value of ListAppsLists with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:defaultLists:ListAppsLists', listAppsLists_defaultLists - Specifies whether the lists to retrieve are default lists owned by
Firewall Manager.
ListAppsLists, listAppsLists_nextToken - If you specify a value for MaxResults in your list request, and you
have more objects than the maximum, Firewall Manager returns this token
in the response. For all but the first request, you provide the token
returned by the prior request in the request parameters, to retrieve the
next batch of objects.
$sel:maxResults:ListAppsLists', listAppsLists_maxResults - The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken value that you can use in a
subsequent call to get the next batch of objects.
If you don't specify this, Firewall Manager returns all available objects.
data ListAppsListsResponse Source #
See: newListAppsListsResponse smart constructor.
Constructors
| ListAppsListsResponse' (Maybe [AppsListDataSummary]) (Maybe Text) Int |
Instances
newListAppsListsResponse Source #
Create a value of ListAppsListsResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:appsLists:ListAppsListsResponse', listAppsListsResponse_appsLists - An array of AppsListDataSummary objects.
ListAppsLists, listAppsListsResponse_nextToken - If you specify a value for MaxResults in your list request, and you
have more objects than the maximum, Firewall Manager returns this token
in the response. You can use this token in subsequent requests to
retrieve the next batch of objects.
$sel:httpStatus:ListAppsListsResponse', listAppsListsResponse_httpStatus - The response's http status code.
ListComplianceStatus (Paginated)
data ListComplianceStatus Source #
See: newListComplianceStatus smart constructor.
Instances
newListComplianceStatus Source #
Arguments
| :: Text | |
| -> ListComplianceStatus |
Create a value of ListComplianceStatus with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListComplianceStatus', listComplianceStatus_maxResults - Specifies the number of PolicyComplianceStatus objects that you want
Firewall Manager to return for this request. If you have more
PolicyComplianceStatus objects than the number that you specify for
MaxResults, the response includes a NextToken value that you can use
to get another batch of PolicyComplianceStatus objects.
ListComplianceStatus, listComplianceStatus_nextToken - If you specify a value for MaxResults and you have more
PolicyComplianceStatus objects than the number that you specify for
MaxResults, Firewall Manager returns a NextToken value in the
response that allows you to list another group of
PolicyComplianceStatus objects. For the second and subsequent
ListComplianceStatus requests, specify the value of NextToken from
the previous response to get information about another batch of
PolicyComplianceStatus objects.
ListComplianceStatus, listComplianceStatus_policyId - The ID of the Firewall Manager policy that you want the details for.
data ListComplianceStatusResponse Source #
See: newListComplianceStatusResponse smart constructor.
Constructors
| ListComplianceStatusResponse' (Maybe Text) (Maybe [PolicyComplianceStatus]) Int |
Instances
newListComplianceStatusResponse Source #
Create a value of ListComplianceStatusResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListComplianceStatus, listComplianceStatusResponse_nextToken - If you have more PolicyComplianceStatus objects than the number that
you specified for MaxResults in the request, the response includes a
NextToken value. To list more PolicyComplianceStatus objects, submit
another ListComplianceStatus request, and specify the NextToken
value from the response in the NextToken value in the next request.
$sel:policyComplianceStatusList:ListComplianceStatusResponse', listComplianceStatusResponse_policyComplianceStatusList - An array of PolicyComplianceStatus objects.
$sel:httpStatus:ListComplianceStatusResponse', listComplianceStatusResponse_httpStatus - The response's http status code.
ListDiscoveredResources
data ListDiscoveredResources Source #
See: newListDiscoveredResources smart constructor.
Instances
newListDiscoveredResources Source #
Arguments
| :: Text | |
| -> ListDiscoveredResources |
Create a value of ListDiscoveredResources with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListDiscoveredResources', listDiscoveredResources_maxResults - The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken value that you can use in a
subsequent call to get the next batch of objects.
ListDiscoveredResources, listDiscoveredResources_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:memberAccountIds:ListDiscoveredResources', listDiscoveredResources_memberAccountIds - The Amazon Web Services account IDs to discover resources in. Only one
account is supported per request. The account must be a member of your
organization.
ListDiscoveredResources, listDiscoveredResources_resourceType - The type of resources to discover.
data ListDiscoveredResourcesResponse Source #
See: newListDiscoveredResourcesResponse smart constructor.
Constructors
| ListDiscoveredResourcesResponse' (Maybe [DiscoveredResource]) (Maybe Text) Int |
Instances
newListDiscoveredResourcesResponse Source #
Create a value of ListDiscoveredResourcesResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:items:ListDiscoveredResourcesResponse', listDiscoveredResourcesResponse_items - Details of the resources that were discovered.
ListDiscoveredResources, listDiscoveredResourcesResponse_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:httpStatus:ListDiscoveredResourcesResponse', listDiscoveredResourcesResponse_httpStatus - The response's http status code.
ListMemberAccounts (Paginated)
data ListMemberAccounts Source #
See: newListMemberAccounts smart constructor.
Constructors
| ListMemberAccounts' (Maybe Natural) (Maybe Text) |
Instances
newListMemberAccounts :: ListMemberAccounts Source #
Create a value of ListMemberAccounts with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListMemberAccounts', listMemberAccounts_maxResults - Specifies the number of member account IDs that you want Firewall
Manager to return for this request. If you have more IDs than the number
that you specify for MaxResults, the response includes a NextToken
value that you can use to get another batch of member account IDs.
ListMemberAccounts, listMemberAccounts_nextToken - If you specify a value for MaxResults and you have more account IDs
than the number that you specify for MaxResults, Firewall Manager
returns a NextToken value in the response that allows you to list
another group of IDs. For the second and subsequent
ListMemberAccountsRequest requests, specify the value of NextToken
from the previous response to get information about another batch of
member account IDs.
data ListMemberAccountsResponse Source #
See: newListMemberAccountsResponse smart constructor.
Instances
newListMemberAccountsResponse Source #
Create a value of ListMemberAccountsResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:memberAccounts:ListMemberAccountsResponse', listMemberAccountsResponse_memberAccounts - An array of account IDs.
ListMemberAccounts, listMemberAccountsResponse_nextToken - If you have more member account IDs than the number that you specified
for MaxResults in the request, the response includes a NextToken
value. To list more IDs, submit another ListMemberAccounts request,
and specify the NextToken value from the response in the NextToken
value in the next request.
$sel:httpStatus:ListMemberAccountsResponse', listMemberAccountsResponse_httpStatus - The response's http status code.
ListPolicies (Paginated)
data ListPolicies Source #
See: newListPolicies smart constructor.
Constructors
| ListPolicies' (Maybe Natural) (Maybe Text) |
Instances
newListPolicies :: ListPolicies Source #
Create a value of ListPolicies with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListPolicies', listPolicies_maxResults - Specifies the number of PolicySummary objects that you want Firewall
Manager to return for this request. If you have more PolicySummary
objects than the number that you specify for MaxResults, the response
includes a NextToken value that you can use to get another batch of
PolicySummary objects.
ListPolicies, listPolicies_nextToken - If you specify a value for MaxResults and you have more
PolicySummary objects than the number that you specify for
MaxResults, Firewall Manager returns a NextToken value in the
response that allows you to list another group of PolicySummary
objects. For the second and subsequent ListPolicies requests, specify
the value of NextToken from the previous response to get information
about another batch of PolicySummary objects.
data ListPoliciesResponse Source #
See: newListPoliciesResponse smart constructor.
Constructors
| ListPoliciesResponse' (Maybe Text) (Maybe [PolicySummary]) Int |
Instances
newListPoliciesResponse Source #
Arguments
| :: Int | |
| -> ListPoliciesResponse |
Create a value of ListPoliciesResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListPolicies, listPoliciesResponse_nextToken - If you have more PolicySummary objects than the number that you
specified for MaxResults in the request, the response includes a
NextToken value. To list more PolicySummary objects, submit another
ListPolicies request, and specify the NextToken value from the
response in the NextToken value in the next request.
$sel:policyList:ListPoliciesResponse', listPoliciesResponse_policyList - An array of PolicySummary objects.
$sel:httpStatus:ListPoliciesResponse', listPoliciesResponse_httpStatus - The response's http status code.
ListProtocolsLists (Paginated)
data ListProtocolsLists Source #
See: newListProtocolsLists smart constructor.
Instances
newListProtocolsLists Source #
Arguments
| :: Natural | |
| -> ListProtocolsLists |
Create a value of ListProtocolsLists with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:defaultLists:ListProtocolsLists', listProtocolsLists_defaultLists - Specifies whether the lists to retrieve are default lists owned by
Firewall Manager.
ListProtocolsLists, listProtocolsLists_nextToken - If you specify a value for MaxResults in your list request, and you
have more objects than the maximum, Firewall Manager returns this token
in the response. For all but the first request, you provide the token
returned by the prior request in the request parameters, to retrieve the
next batch of objects.
$sel:maxResults:ListProtocolsLists', listProtocolsLists_maxResults - The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken value that you can use in a
subsequent call to get the next batch of objects.
If you don't specify this, Firewall Manager returns all available objects.
data ListProtocolsListsResponse Source #
See: newListProtocolsListsResponse smart constructor.
Constructors
| ListProtocolsListsResponse' (Maybe Text) (Maybe [ProtocolsListDataSummary]) Int |
Instances
newListProtocolsListsResponse Source #
Create a value of ListProtocolsListsResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListProtocolsLists, listProtocolsListsResponse_nextToken - If you specify a value for MaxResults in your list request, and you
have more objects than the maximum, Firewall Manager returns this token
in the response. You can use this token in subsequent requests to
retrieve the next batch of objects.
$sel:protocolsLists:ListProtocolsListsResponse', listProtocolsListsResponse_protocolsLists - An array of ProtocolsListDataSummary objects.
$sel:httpStatus:ListProtocolsListsResponse', listProtocolsListsResponse_httpStatus - The response's http status code.
ListResourceSetResources
data ListResourceSetResources Source #
See: newListResourceSetResources smart constructor.
Instances
newListResourceSetResources Source #
Create a value of ListResourceSetResources with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListResourceSetResources', listResourceSetResources_maxResults - The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken value that you can use in a
subsequent call to get the next batch of objects.
ListResourceSetResources, listResourceSetResources_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:identifier:ListResourceSetResources', listResourceSetResources_identifier - A unique identifier for the resource set, used in a TODO to refer to the
resource set.
data ListResourceSetResourcesResponse Source #
See: newListResourceSetResourcesResponse smart constructor.
Constructors
| ListResourceSetResourcesResponse' (Maybe Text) Int [Resource] |
Instances
newListResourceSetResourcesResponse Source #
Create a value of ListResourceSetResourcesResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListResourceSetResources, listResourceSetResourcesResponse_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:httpStatus:ListResourceSetResourcesResponse', listResourceSetResourcesResponse_httpStatus - The response's http status code.
$sel:items:ListResourceSetResourcesResponse', listResourceSetResourcesResponse_items - An array of the associated resources' uniform resource identifiers
(URI).
ListResourceSets
data ListResourceSets Source #
See: newListResourceSets smart constructor.
Constructors
| ListResourceSets' (Maybe Natural) (Maybe Text) |
Instances
newListResourceSets :: ListResourceSets Source #
Create a value of ListResourceSets with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:maxResults:ListResourceSets', listResourceSets_maxResults - The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken value that you can use in a
subsequent call to get the next batch of objects.
ListResourceSets, listResourceSets_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
data ListResourceSetsResponse Source #
See: newListResourceSetsResponse smart constructor.
Constructors
| ListResourceSetsResponse' (Maybe Text) (Maybe [ResourceSetSummary]) Int |
Instances
newListResourceSetsResponse Source #
Create a value of ListResourceSetsResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListResourceSets, listResourceSetsResponse_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:resourceSets:ListResourceSetsResponse', listResourceSetsResponse_resourceSets - An array of ResourceSetSummary objects.
$sel:httpStatus:ListResourceSetsResponse', listResourceSetsResponse_httpStatus - The response's http status code.
ListTagsForResource
data ListTagsForResource Source #
See: newListTagsForResource smart constructor.
Constructors
| ListTagsForResource' Text |
Instances
newListTagsForResource Source #
Arguments
| :: Text | |
| -> ListTagsForResource |
Create a value of ListTagsForResource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:ListTagsForResource', listTagsForResource_resourceArn - The Amazon Resource Name (ARN) of the resource to return tags for. The
Firewall Manager resources that support tagging are policies,
applications lists, and protocols lists.
data ListTagsForResourceResponse Source #
See: newListTagsForResourceResponse smart constructor.
Constructors
| ListTagsForResourceResponse' (Maybe [Tag]) Int |
Instances
newListTagsForResourceResponse Source #
Create a value of ListTagsForResourceResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:tagList:ListTagsForResourceResponse', listTagsForResourceResponse_tagList - The tags associated with the resource.
$sel:httpStatus:ListTagsForResourceResponse', listTagsForResourceResponse_httpStatus - The response's http status code.
ListThirdPartyFirewallFirewallPolicies (Paginated)
data ListThirdPartyFirewallFirewallPolicies Source #
See: newListThirdPartyFirewallFirewallPolicies smart constructor.
Instances
newListThirdPartyFirewallFirewallPolicies Source #
Arguments
| :: ThirdPartyFirewall |
|
| -> Natural | |
| -> ListThirdPartyFirewallFirewallPolicies |
Create a value of ListThirdPartyFirewallFirewallPolicies with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListThirdPartyFirewallFirewallPolicies, listThirdPartyFirewallFirewallPolicies_nextToken - If the previous response included a NextToken element, the specified
third-party firewall vendor is associated with more third-party firewall
policies. To get more third-party firewall policies, submit another
ListThirdPartyFirewallFirewallPoliciesRequest request.
For the value of NextToken, specify the value of NextToken from the
previous response. If the previous response didn't include a
NextToken element, there are no more third-party firewall policies to
get.
$sel:thirdPartyFirewall:ListThirdPartyFirewallFirewallPolicies', listThirdPartyFirewallFirewallPolicies_thirdPartyFirewall - The name of the third-party firewall vendor.
$sel:maxResults:ListThirdPartyFirewallFirewallPolicies', listThirdPartyFirewallFirewallPolicies_maxResults - The maximum number of third-party firewall policies that you want
Firewall Manager to return. If the specified third-party firewall vendor
is associated with more than MaxResults firewall policies, the
response includes a NextToken element. NextToken contains an
encrypted token that identifies the first third-party firewall policies
that Firewall Manager will return if you submit another request.
data ListThirdPartyFirewallFirewallPoliciesResponse Source #
See: newListThirdPartyFirewallFirewallPoliciesResponse smart constructor.
Constructors
| ListThirdPartyFirewallFirewallPoliciesResponse' (Maybe Text) (Maybe [ThirdPartyFirewallFirewallPolicy]) Int |
Instances
newListThirdPartyFirewallFirewallPoliciesResponse Source #
Arguments
| :: Int |
|
| -> ListThirdPartyFirewallFirewallPoliciesResponse |
Create a value of ListThirdPartyFirewallFirewallPoliciesResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
ListThirdPartyFirewallFirewallPolicies, listThirdPartyFirewallFirewallPoliciesResponse_nextToken - The value that you will use for NextToken in the next
ListThirdPartyFirewallFirewallPolicies request.
$sel:thirdPartyFirewallFirewallPolicies:ListThirdPartyFirewallFirewallPoliciesResponse', listThirdPartyFirewallFirewallPoliciesResponse_thirdPartyFirewallFirewallPolicies - A list that contains one ThirdPartyFirewallFirewallPolicies element
for each third-party firewall policies that the specified third-party
firewall vendor is associated with. Each
ThirdPartyFirewallFirewallPolicies element contains the firewall
policy name and ID.
$sel:httpStatus:ListThirdPartyFirewallFirewallPoliciesResponse', listThirdPartyFirewallFirewallPoliciesResponse_httpStatus - The response's http status code.
PutAppsList
data PutAppsList Source #
See: newPutAppsList smart constructor.
Constructors
| PutAppsList' (Maybe [Tag]) AppsListData |
Instances
Arguments
| :: AppsListData | |
| -> PutAppsList |
Create a value of PutAppsList with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:tagList:PutAppsList', putAppsList_tagList - The tags associated with the resource.
PutAppsList, putAppsList_appsList - The details of the Firewall Manager applications list to be created.
data PutAppsListResponse Source #
See: newPutAppsListResponse smart constructor.
Constructors
| PutAppsListResponse' (Maybe AppsListData) (Maybe Text) Int |
Instances
newPutAppsListResponse Source #
Arguments
| :: Int | |
| -> PutAppsListResponse |
Create a value of PutAppsListResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
PutAppsList, putAppsListResponse_appsList - The details of the Firewall Manager applications list.
$sel:appsListArn:PutAppsListResponse', putAppsListResponse_appsListArn - The Amazon Resource Name (ARN) of the applications list.
$sel:httpStatus:PutAppsListResponse', putAppsListResponse_httpStatus - The response's http status code.
PutNotificationChannel
data PutNotificationChannel Source #
See: newPutNotificationChannel smart constructor.
Constructors
| PutNotificationChannel' Text Text |
Instances
newPutNotificationChannel Source #
Arguments
| :: Text | |
| -> Text | |
| -> PutNotificationChannel |
Create a value of PutNotificationChannel with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:snsTopicArn:PutNotificationChannel', putNotificationChannel_snsTopicArn - The Amazon Resource Name (ARN) of the SNS topic that collects
notifications from Firewall Manager.
$sel:snsRoleName:PutNotificationChannel', putNotificationChannel_snsRoleName - The Amazon Resource Name (ARN) of the IAM role that allows Amazon SNS to
record Firewall Manager activity.
data PutNotificationChannelResponse Source #
See: newPutNotificationChannelResponse smart constructor.
Constructors
| PutNotificationChannelResponse' | |
Instances
| Generic PutNotificationChannelResponse Source # | |
Defined in Amazonka.FMS.PutNotificationChannel Associated Types type Rep PutNotificationChannelResponse :: Type -> Type # | |
| Read PutNotificationChannelResponse Source # | |
| Show PutNotificationChannelResponse Source # | |
Defined in Amazonka.FMS.PutNotificationChannel Methods showsPrec :: Int -> PutNotificationChannelResponse -> ShowS # show :: PutNotificationChannelResponse -> String # showList :: [PutNotificationChannelResponse] -> ShowS # | |
| NFData PutNotificationChannelResponse Source # | |
Defined in Amazonka.FMS.PutNotificationChannel Methods rnf :: PutNotificationChannelResponse -> () # | |
| Eq PutNotificationChannelResponse Source # | |
Defined in Amazonka.FMS.PutNotificationChannel | |
| type Rep PutNotificationChannelResponse Source # | |
Defined in Amazonka.FMS.PutNotificationChannel | |
newPutNotificationChannelResponse :: PutNotificationChannelResponse Source #
Create a value of PutNotificationChannelResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
PutPolicy
See: newPutPolicy smart constructor.
Constructors
| PutPolicy' (Maybe [Tag]) Policy |
Instances
Create a value of PutPolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:tagList:PutPolicy', putPolicy_tagList - The tags to add to the Amazon Web Services resource.
PutPolicy, putPolicy_policy - The details of the Firewall Manager policy to be created.
data PutPolicyResponse Source #
See: newPutPolicyResponse smart constructor.
Instances
Arguments
| :: Int | |
| -> PutPolicyResponse |
Create a value of PutPolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
PutPolicy, putPolicyResponse_policy - The details of the Firewall Manager policy.
PutPolicyResponse, putPolicyResponse_policyArn - The Amazon Resource Name (ARN) of the policy.
$sel:httpStatus:PutPolicyResponse', putPolicyResponse_httpStatus - The response's http status code.
PutProtocolsList
data PutProtocolsList Source #
See: newPutProtocolsList smart constructor.
Constructors
| PutProtocolsList' (Maybe [Tag]) ProtocolsListData |
Instances
Arguments
| :: ProtocolsListData | |
| -> PutProtocolsList |
Create a value of PutProtocolsList with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:tagList:PutProtocolsList', putProtocolsList_tagList - The tags associated with the resource.
PutProtocolsList, putProtocolsList_protocolsList - The details of the Firewall Manager protocols list to be created.
data PutProtocolsListResponse Source #
See: newPutProtocolsListResponse smart constructor.
Constructors
| PutProtocolsListResponse' (Maybe ProtocolsListData) (Maybe Text) Int |
Instances
newPutProtocolsListResponse Source #
Create a value of PutProtocolsListResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
PutProtocolsList, putProtocolsListResponse_protocolsList - The details of the Firewall Manager protocols list.
$sel:protocolsListArn:PutProtocolsListResponse', putProtocolsListResponse_protocolsListArn - The Amazon Resource Name (ARN) of the protocols list.
$sel:httpStatus:PutProtocolsListResponse', putProtocolsListResponse_httpStatus - The response's http status code.
PutResourceSet
data PutResourceSet Source #
See: newPutResourceSet smart constructor.
Constructors
| PutResourceSet' (Maybe [Tag]) ResourceSet |
Instances
Arguments
| :: ResourceSet | |
| -> PutResourceSet |
Create a value of PutResourceSet with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:tagList:PutResourceSet', putResourceSet_tagList - Retrieves the tags associated with the specified resource set. Tags are
key:value pairs that you can use to categorize and manage your
resources, for purposes like billing. For example, you might set the tag
key to "customer" and the value to the customer name or ID. You can
specify one or more tags to add to each Amazon Web Services resource, up
to 50 tags for a resource.
PutResourceSet, putResourceSet_resourceSet - Details about the resource set to be created or updated.>
data PutResourceSetResponse Source #
See: newPutResourceSetResponse smart constructor.
Constructors
| PutResourceSetResponse' Int ResourceSet Text |
Instances
newPutResourceSetResponse Source #
Arguments
| :: Int | |
| -> ResourceSet | |
| -> Text | |
| -> PutResourceSetResponse |
Create a value of PutResourceSetResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:PutResourceSetResponse', putResourceSetResponse_httpStatus - The response's http status code.
PutResourceSet, putResourceSetResponse_resourceSet - Details about the resource set.
$sel:resourceSetArn:PutResourceSetResponse', putResourceSetResponse_resourceSetArn - The Amazon Resource Name (ARN) of the resource set.
TagResource
data TagResource Source #
See: newTagResource smart constructor.
Constructors
| TagResource' Text [Tag] |
Instances
Arguments
| :: Text | |
| -> TagResource |
Create a value of TagResource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:TagResource', tagResource_resourceArn - The Amazon Resource Name (ARN) of the resource to return tags for. The
Firewall Manager resources that support tagging are policies,
applications lists, and protocols lists.
$sel:tagList:TagResource', tagResource_tagList - The tags to add to the resource.
data TagResourceResponse Source #
See: newTagResourceResponse smart constructor.
Constructors
| TagResourceResponse' Int |
Instances
newTagResourceResponse Source #
Arguments
| :: Int | |
| -> TagResourceResponse |
Create a value of TagResourceResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:TagResourceResponse', tagResourceResponse_httpStatus - The response's http status code.
UntagResource
data UntagResource Source #
See: newUntagResource smart constructor.
Constructors
| UntagResource' Text [Text] |
Instances
Arguments
| :: Text | |
| -> UntagResource |
Create a value of UntagResource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:UntagResource', untagResource_resourceArn - The Amazon Resource Name (ARN) of the resource to return tags for. The
Firewall Manager resources that support tagging are policies,
applications lists, and protocols lists.
$sel:tagKeys:UntagResource', untagResource_tagKeys - The keys of the tags to remove from the resource.
data UntagResourceResponse Source #
See: newUntagResourceResponse smart constructor.
Constructors
| UntagResourceResponse' Int |
Instances
newUntagResourceResponse Source #
Create a value of UntagResourceResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:UntagResourceResponse', untagResourceResponse_httpStatus - The response's http status code.
Types
AccountRoleStatus
newtype AccountRoleStatus Source #
Constructors
| AccountRoleStatus' | |
Fields | |
Bundled Patterns
| pattern AccountRoleStatus_CREATING :: AccountRoleStatus | |
| pattern AccountRoleStatus_DELETED :: AccountRoleStatus | |
| pattern AccountRoleStatus_DELETING :: AccountRoleStatus | |
| pattern AccountRoleStatus_PENDING_DELETION :: AccountRoleStatus | |
| pattern AccountRoleStatus_READY :: AccountRoleStatus |
Instances
CustomerPolicyScopeIdType
newtype CustomerPolicyScopeIdType Source #
Constructors
| CustomerPolicyScopeIdType' | |
Fields | |
Bundled Patterns
| pattern CustomerPolicyScopeIdType_ACCOUNT :: CustomerPolicyScopeIdType | |
| pattern CustomerPolicyScopeIdType_ORG_UNIT :: CustomerPolicyScopeIdType |
Instances
DependentServiceName
newtype DependentServiceName Source #
Constructors
| DependentServiceName' | |
Fields | |
Bundled Patterns
| pattern DependentServiceName_AWSCONFIG :: DependentServiceName | |
| pattern DependentServiceName_AWSSHIELD_ADVANCED :: DependentServiceName | |
| pattern DependentServiceName_AWSVPC :: DependentServiceName | |
| pattern DependentServiceName_AWSWAF :: DependentServiceName |
Instances
DestinationType
newtype DestinationType Source #
Constructors
| DestinationType' | |
Fields | |
Bundled Patterns
| pattern DestinationType_IPV4 :: DestinationType | |
| pattern DestinationType_IPV6 :: DestinationType | |
| pattern DestinationType_PREFIX_LIST :: DestinationType |
Instances
FailedItemReason
newtype FailedItemReason Source #
Constructors
| FailedItemReason' | |
Fields | |
Bundled Patterns
| pattern FailedItemReason_NOT_VALID_ACCOUNT_ID :: FailedItemReason | |
| pattern FailedItemReason_NOT_VALID_ARN :: FailedItemReason | |
| pattern FailedItemReason_NOT_VALID_PARTITION :: FailedItemReason | |
| pattern FailedItemReason_NOT_VALID_REGION :: FailedItemReason | |
| pattern FailedItemReason_NOT_VALID_RESOURCE_TYPE :: FailedItemReason | |
| pattern FailedItemReason_NOT_VALID_SERVICE :: FailedItemReason |
Instances
FirewallDeploymentModel
newtype FirewallDeploymentModel Source #
Constructors
| FirewallDeploymentModel' | |
Fields | |
Bundled Patterns
| pattern FirewallDeploymentModel_CENTRALIZED :: FirewallDeploymentModel | |
| pattern FirewallDeploymentModel_DISTRIBUTED :: FirewallDeploymentModel |
Instances
MarketplaceSubscriptionOnboardingStatus
newtype MarketplaceSubscriptionOnboardingStatus Source #
Constructors
| MarketplaceSubscriptionOnboardingStatus' | |
Bundled Patterns
Instances
NetworkFirewallOverrideAction
newtype NetworkFirewallOverrideAction Source #
Constructors
| NetworkFirewallOverrideAction' | |
Fields | |
Bundled Patterns
| pattern NetworkFirewallOverrideAction_DROP_TO_ALERT :: NetworkFirewallOverrideAction |
Instances
PolicyComplianceStatusType
newtype PolicyComplianceStatusType Source #
Constructors
| PolicyComplianceStatusType' | |
Fields | |
Bundled Patterns
| pattern PolicyComplianceStatusType_COMPLIANT :: PolicyComplianceStatusType | |
| pattern PolicyComplianceStatusType_NON_COMPLIANT :: PolicyComplianceStatusType |
Instances
RemediationActionType
newtype RemediationActionType Source #
Constructors
| RemediationActionType' | |
Fields | |
Bundled Patterns
| pattern RemediationActionType_MODIFY :: RemediationActionType | |
| pattern RemediationActionType_REMOVE :: RemediationActionType |
Instances
RuleOrder
Constructors
| RuleOrder' | |
Fields | |
Bundled Patterns
| pattern RuleOrder_DEFAULT_ACTION_ORDER :: RuleOrder | |
| pattern RuleOrder_STRICT_ORDER :: RuleOrder |
Instances
SecurityServiceType
newtype SecurityServiceType Source #
Constructors
| SecurityServiceType' | |
Fields | |
Bundled Patterns
Instances
TargetType
newtype TargetType Source #
Constructors
| TargetType' | |
Fields | |
Bundled Patterns
| pattern TargetType_CARRIER_GATEWAY :: TargetType | |
| pattern TargetType_EGRESS_ONLY_INTERNET_GATEWAY :: TargetType | |
| pattern TargetType_GATEWAY :: TargetType | |
| pattern TargetType_INSTANCE :: TargetType | |
| pattern TargetType_LOCAL_GATEWAY :: TargetType | |
| pattern TargetType_NAT_GATEWAY :: TargetType | |
| pattern TargetType_NETWORK_INTERFACE :: TargetType | |
| pattern TargetType_TRANSIT_GATEWAY :: TargetType | |
| pattern TargetType_VPC_ENDPOINT :: TargetType | |
| pattern TargetType_VPC_PEERING_CONNECTION :: TargetType |
Instances
ThirdPartyFirewall
newtype ThirdPartyFirewall Source #
Constructors
| ThirdPartyFirewall' | |
Fields | |
Bundled Patterns
| pattern ThirdPartyFirewall_FORTIGATE_CLOUD_NATIVE_FIREWALL :: ThirdPartyFirewall | |
| pattern ThirdPartyFirewall_PALO_ALTO_NETWORKS_CLOUD_NGFW :: ThirdPartyFirewall |
Instances
ThirdPartyFirewallAssociationStatus
newtype ThirdPartyFirewallAssociationStatus Source #
Constructors
| ThirdPartyFirewallAssociationStatus' | |
Bundled Patterns
Instances
ViolationReason
newtype ViolationReason Source #
Constructors
| ViolationReason' | |
Fields | |
Bundled Patterns
Instances
ActionTarget
data ActionTarget Source #
Describes a remediation action target.
See: newActionTarget smart constructor.
Constructors
| ActionTarget' (Maybe Text) (Maybe Text) |
Instances
newActionTarget :: ActionTarget Source #
Create a value of ActionTarget with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:ActionTarget', actionTarget_description - A description of the remediation action target.
$sel:resourceId:ActionTarget', actionTarget_resourceId - The ID of the remediation target.
App
An individual Firewall Manager application.
See: newApp smart constructor.
Instances
| FromJSON App Source # | |
| ToJSON App Source # | |
Defined in Amazonka.FMS.Types.App | |
| Generic App Source # | |
| Read App Source # | |
| Show App Source # | |
| NFData App Source # | |
Defined in Amazonka.FMS.Types.App | |
| Eq App Source # | |
| Hashable App Source # | |
Defined in Amazonka.FMS.Types.App | |
| type Rep App Source # | |
Defined in Amazonka.FMS.Types.App type Rep App = D1 ('MetaData "App" "Amazonka.FMS.Types.App" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "App'" 'PrefixI 'True) (S1 ('MetaSel ('Just "appName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: (S1 ('MetaSel ('Just "protocol") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "port") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Natural)))) | |
Create a value of App with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:appName:App', app_appName - The application's name.
$sel:protocol:App', app_protocol - The IP protocol name or number. The name can be one of tcp, udp, or
icmp. For information on possible numbers, see
Protocol Numbers.
$sel:port:App', app_port - The application's port number, for example 80.
AppsListData
data AppsListData Source #
An Firewall Manager applications list.
See: newAppsListData smart constructor.
Constructors
| AppsListData' (Maybe POSIX) (Maybe POSIX) (Maybe Text) (Maybe Text) (Maybe (HashMap Text [App])) Text [App] |
Instances
Arguments
| :: Text | |
| -> AppsListData |
Create a value of AppsListData with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:createTime:AppsListData', appsListData_createTime - The time that the Firewall Manager applications list was created.
$sel:lastUpdateTime:AppsListData', appsListData_lastUpdateTime - The time that the Firewall Manager applications list was last updated.
$sel:listId:AppsListData', appsListData_listId - The ID of the Firewall Manager applications list.
$sel:listUpdateToken:AppsListData', appsListData_listUpdateToken - A unique identifier for each update to the list. When you update the
list, the update token must match the token of the current version of
the application list. You can retrieve the update token by getting the
list.
$sel:previousAppsList:AppsListData', appsListData_previousAppsList - A map of previous version numbers to their corresponding App object
arrays.
$sel:listName:AppsListData', appsListData_listName - The name of the Firewall Manager applications list.
$sel:appsList:AppsListData', appsListData_appsList - An array of applications in the Firewall Manager applications list.
AppsListDataSummary
data AppsListDataSummary Source #
Details of the Firewall Manager applications list.
See: newAppsListDataSummary smart constructor.
Instances
newAppsListDataSummary :: AppsListDataSummary Source #
Create a value of AppsListDataSummary with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:appsList:AppsListDataSummary', appsListDataSummary_appsList - An array of App objects in the Firewall Manager applications list.
$sel:listArn:AppsListDataSummary', appsListDataSummary_listArn - The Amazon Resource Name (ARN) of the applications list.
$sel:listId:AppsListDataSummary', appsListDataSummary_listId - The ID of the applications list.
$sel:listName:AppsListDataSummary', appsListDataSummary_listName - The name of the applications list.
AwsEc2InstanceViolation
data AwsEc2InstanceViolation Source #
Violation detail for an EC2 instance resource.
See: newAwsEc2InstanceViolation smart constructor.
Constructors
| AwsEc2InstanceViolation' (Maybe [AwsEc2NetworkInterfaceViolation]) (Maybe Text) |
Instances
newAwsEc2InstanceViolation :: AwsEc2InstanceViolation Source #
Create a value of AwsEc2InstanceViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:awsEc2NetworkInterfaceViolations:AwsEc2InstanceViolation', awsEc2InstanceViolation_awsEc2NetworkInterfaceViolations - Violation detail for network interfaces associated with the EC2
instance.
AwsEc2InstanceViolation, awsEc2InstanceViolation_violationTarget - The resource ID of the EC2 instance.
AwsEc2NetworkInterfaceViolation
data AwsEc2NetworkInterfaceViolation Source #
Violation detail for network interfaces associated with an EC2 instance.
See: newAwsEc2NetworkInterfaceViolation smart constructor.
Constructors
| AwsEc2NetworkInterfaceViolation' (Maybe [Text]) (Maybe Text) |
Instances
newAwsEc2NetworkInterfaceViolation :: AwsEc2NetworkInterfaceViolation Source #
Create a value of AwsEc2NetworkInterfaceViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violatingSecurityGroups:AwsEc2NetworkInterfaceViolation', awsEc2NetworkInterfaceViolation_violatingSecurityGroups - List of security groups that violate the rules specified in the primary
security group of the Firewall Manager policy.
$sel:violationTarget:AwsEc2NetworkInterfaceViolation', awsEc2NetworkInterfaceViolation_violationTarget - The resource ID of the network interface.
AwsVPCSecurityGroupViolation
data AwsVPCSecurityGroupViolation Source #
Violation detail for the rule violation in a security group when compared to the primary security group of the Firewall Manager policy.
See: newAwsVPCSecurityGroupViolation smart constructor.
Constructors
| AwsVPCSecurityGroupViolation' (Maybe [PartialMatch]) (Maybe [SecurityGroupRemediationAction]) (Maybe Text) (Maybe Text) |
Instances
newAwsVPCSecurityGroupViolation :: AwsVPCSecurityGroupViolation Source #
Create a value of AwsVPCSecurityGroupViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:partialMatches:AwsVPCSecurityGroupViolation', awsVPCSecurityGroupViolation_partialMatches - List of rules specified in the security group of the Firewall Manager
policy that partially match the ViolationTarget rule.
$sel:possibleSecurityGroupRemediationActions:AwsVPCSecurityGroupViolation', awsVPCSecurityGroupViolation_possibleSecurityGroupRemediationActions - Remediation options for the rule specified in the ViolationTarget.
$sel:violationTarget:AwsVPCSecurityGroupViolation', awsVPCSecurityGroupViolation_violationTarget - The security group rule that is being evaluated.
$sel:violationTargetDescription:AwsVPCSecurityGroupViolation', awsVPCSecurityGroupViolation_violationTargetDescription - A description of the security group that violates the policy.
ComplianceViolator
data ComplianceViolator Source #
Details of the resource that is not protected by the policy.
See: newComplianceViolator smart constructor.
Constructors
| ComplianceViolator' (Maybe (HashMap Text Text)) (Maybe Text) (Maybe Text) (Maybe ViolationReason) |
Instances
newComplianceViolator :: ComplianceViolator Source #
Create a value of ComplianceViolator with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:metadata:ComplianceViolator', complianceViolator_metadata - Metadata about the resource that doesn't comply with the policy scope.
$sel:resourceId:ComplianceViolator', complianceViolator_resourceId - The resource ID.
$sel:resourceType:ComplianceViolator', complianceViolator_resourceType - The resource type. This is in the format shown in the
Amazon Web Services Resource Types Reference.
For example: AWS::ElasticLoadBalancingV2::LoadBalancer,
AWS::CloudFront::Distribution, or
AWS::NetworkFirewall::FirewallPolicy.
$sel:violationReason:ComplianceViolator', complianceViolator_violationReason - The reason that the resource is not protected by the policy.
DiscoveredResource
data DiscoveredResource Source #
A resource in the organization that's available to be associated with a Firewall Manager resource set.
See: newDiscoveredResource smart constructor.
Instances
newDiscoveredResource :: DiscoveredResource Source #
Create a value of DiscoveredResource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountId:DiscoveredResource', discoveredResource_accountId - The Amazon Web Services account ID associated with the discovered
resource.
$sel:name:DiscoveredResource', discoveredResource_name - The name of the discovered resource.
$sel:type':DiscoveredResource', discoveredResource_type - The type of the discovered resource.
$sel:uri:DiscoveredResource', discoveredResource_uri - The universal resource identifier (URI) of the discovered resource.
DnsDuplicateRuleGroupViolation
data DnsDuplicateRuleGroupViolation Source #
A DNS Firewall rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.
See: newDnsDuplicateRuleGroupViolation smart constructor.
Constructors
| DnsDuplicateRuleGroupViolation' (Maybe Text) (Maybe Text) |
Instances
newDnsDuplicateRuleGroupViolation :: DnsDuplicateRuleGroupViolation Source #
Create a value of DnsDuplicateRuleGroupViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violationTarget:DnsDuplicateRuleGroupViolation', dnsDuplicateRuleGroupViolation_violationTarget - Information about the VPC ID.
$sel:violationTargetDescription:DnsDuplicateRuleGroupViolation', dnsDuplicateRuleGroupViolation_violationTargetDescription - A description of the violation that specifies the rule group and VPC.
DnsRuleGroupLimitExceededViolation
data DnsRuleGroupLimitExceededViolation Source #
The VPC that Firewall Manager was applying a DNS Fireall policy to reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed due to the limit.
See: newDnsRuleGroupLimitExceededViolation smart constructor.
Instances
newDnsRuleGroupLimitExceededViolation :: DnsRuleGroupLimitExceededViolation Source #
Create a value of DnsRuleGroupLimitExceededViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:numberOfRuleGroupsAlreadyAssociated:DnsRuleGroupLimitExceededViolation', dnsRuleGroupLimitExceededViolation_numberOfRuleGroupsAlreadyAssociated - The number of rule groups currently associated with the VPC.
$sel:violationTarget:DnsRuleGroupLimitExceededViolation', dnsRuleGroupLimitExceededViolation_violationTarget - Information about the VPC ID.
$sel:violationTargetDescription:DnsRuleGroupLimitExceededViolation', dnsRuleGroupLimitExceededViolation_violationTargetDescription - A description of the violation that specifies the rule group and VPC.
DnsRuleGroupPriorityConflictViolation
data DnsRuleGroupPriorityConflictViolation Source #
A rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.
See: newDnsRuleGroupPriorityConflictViolation smart constructor.
Constructors
| DnsRuleGroupPriorityConflictViolation' (Maybe Text) (Maybe Natural) (Maybe [Natural]) (Maybe Text) (Maybe Text) |
Instances
newDnsRuleGroupPriorityConflictViolation :: DnsRuleGroupPriorityConflictViolation Source #
Create a value of DnsRuleGroupPriorityConflictViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:conflictingPolicyId:DnsRuleGroupPriorityConflictViolation', dnsRuleGroupPriorityConflictViolation_conflictingPolicyId - The ID of the Firewall Manager DNS Firewall policy that was already
applied to the VPC. This policy contains the rule group that's already
associated with the VPC.
$sel:conflictingPriority:DnsRuleGroupPriorityConflictViolation', dnsRuleGroupPriorityConflictViolation_conflictingPriority - The priority setting of the two conflicting rule groups.
$sel:unavailablePriorities:DnsRuleGroupPriorityConflictViolation', dnsRuleGroupPriorityConflictViolation_unavailablePriorities - The priorities of rule groups that are already associated with the VPC.
To retry your operation, choose priority settings that aren't in this
list for the rule groups in your new DNS Firewall policy.
$sel:violationTarget:DnsRuleGroupPriorityConflictViolation', dnsRuleGroupPriorityConflictViolation_violationTarget - Information about the VPC ID.
$sel:violationTargetDescription:DnsRuleGroupPriorityConflictViolation', dnsRuleGroupPriorityConflictViolation_violationTargetDescription - A description of the violation that specifies the VPC and the rule group
that's already associated with it.
EC2AssociateRouteTableAction
data EC2AssociateRouteTableAction Source #
The action of associating an EC2 resource, such as a subnet or internet gateway, with a route table.
See: newEC2AssociateRouteTableAction smart constructor.
Constructors
| EC2AssociateRouteTableAction' (Maybe Text) (Maybe ActionTarget) (Maybe ActionTarget) ActionTarget |
Instances
newEC2AssociateRouteTableAction Source #
Arguments
| :: ActionTarget | |
| -> EC2AssociateRouteTableAction |
Create a value of EC2AssociateRouteTableAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2AssociateRouteTableAction, eC2AssociateRouteTableAction_description - A description of the EC2 route table that is associated with the
remediation action.
$sel:gatewayId:EC2AssociateRouteTableAction', eC2AssociateRouteTableAction_gatewayId - The ID of the gateway to be used with the EC2 route table that is
associated with the remediation action.
$sel:subnetId:EC2AssociateRouteTableAction', eC2AssociateRouteTableAction_subnetId - The ID of the subnet for the EC2 route table that is associated with the
remediation action.
$sel:routeTableId:EC2AssociateRouteTableAction', eC2AssociateRouteTableAction_routeTableId - The ID of the EC2 route table that is associated with the remediation
action.
EC2CopyRouteTableAction
data EC2CopyRouteTableAction Source #
An action that copies the EC2 route table for use in remediation.
See: newEC2CopyRouteTableAction smart constructor.
Constructors
| EC2CopyRouteTableAction' (Maybe Text) ActionTarget ActionTarget |
Instances
newEC2CopyRouteTableAction Source #
Arguments
| :: ActionTarget | |
| -> ActionTarget | |
| -> EC2CopyRouteTableAction |
Create a value of EC2CopyRouteTableAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2CopyRouteTableAction, eC2CopyRouteTableAction_description - A description of the copied EC2 route table that is associated with the
remediation action.
$sel:vpcId:EC2CopyRouteTableAction', eC2CopyRouteTableAction_vpcId - The VPC ID of the copied EC2 route table that is associated with the
remediation action.
$sel:routeTableId:EC2CopyRouteTableAction', eC2CopyRouteTableAction_routeTableId - The ID of the copied EC2 route table that is associated with the
remediation action.
EC2CreateRouteAction
data EC2CreateRouteAction Source #
Information about the CreateRoute action in Amazon EC2.
See: newEC2CreateRouteAction smart constructor.
Constructors
| EC2CreateRouteAction' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe ActionTarget) (Maybe ActionTarget) ActionTarget |
Instances
newEC2CreateRouteAction Source #
Create a value of EC2CreateRouteAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2CreateRouteAction, eC2CreateRouteAction_description - A description of CreateRoute action in Amazon EC2.
$sel:destinationCidrBlock:EC2CreateRouteAction', eC2CreateRouteAction_destinationCidrBlock - Information about the IPv4 CIDR address block used for the destination
match.
$sel:destinationIpv6CidrBlock:EC2CreateRouteAction', eC2CreateRouteAction_destinationIpv6CidrBlock - Information about the IPv6 CIDR block destination.
$sel:destinationPrefixListId:EC2CreateRouteAction', eC2CreateRouteAction_destinationPrefixListId - Information about the ID of a prefix list used for the destination
match.
$sel:gatewayId:EC2CreateRouteAction', eC2CreateRouteAction_gatewayId - Information about the ID of an internet gateway or virtual private
gateway attached to your VPC.
$sel:vpcEndpointId:EC2CreateRouteAction', eC2CreateRouteAction_vpcEndpointId - Information about the ID of a VPC endpoint. Supported for Gateway Load
Balancer endpoints only.
$sel:routeTableId:EC2CreateRouteAction', eC2CreateRouteAction_routeTableId - Information about the ID of the route table for the route.
EC2CreateRouteTableAction
data EC2CreateRouteTableAction Source #
Information about the CreateRouteTable action in Amazon EC2.
See: newEC2CreateRouteTableAction smart constructor.
Constructors
| EC2CreateRouteTableAction' (Maybe Text) ActionTarget |
Instances
newEC2CreateRouteTableAction Source #
Create a value of EC2CreateRouteTableAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2CreateRouteTableAction, eC2CreateRouteTableAction_description - A description of the CreateRouteTable action.
$sel:vpcId:EC2CreateRouteTableAction', eC2CreateRouteTableAction_vpcId - Information about the ID of a VPC.
EC2DeleteRouteAction
data EC2DeleteRouteAction Source #
Information about the DeleteRoute action in Amazon EC2.
See: newEC2DeleteRouteAction smart constructor.
Constructors
| EC2DeleteRouteAction' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) ActionTarget |
Instances
newEC2DeleteRouteAction Source #
Create a value of EC2DeleteRouteAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2DeleteRouteAction, eC2DeleteRouteAction_description - A description of the DeleteRoute action.
$sel:destinationCidrBlock:EC2DeleteRouteAction', eC2DeleteRouteAction_destinationCidrBlock - Information about the IPv4 CIDR range for the route. The value you
specify must match the CIDR for the route exactly.
$sel:destinationIpv6CidrBlock:EC2DeleteRouteAction', eC2DeleteRouteAction_destinationIpv6CidrBlock - Information about the IPv6 CIDR range for the route. The value you
specify must match the CIDR for the route exactly.
$sel:destinationPrefixListId:EC2DeleteRouteAction', eC2DeleteRouteAction_destinationPrefixListId - Information about the ID of the prefix list for the route.
$sel:routeTableId:EC2DeleteRouteAction', eC2DeleteRouteAction_routeTableId - Information about the ID of the route table.
EC2ReplaceRouteAction
data EC2ReplaceRouteAction Source #
Information about the ReplaceRoute action in Amazon EC2.
See: newEC2ReplaceRouteAction smart constructor.
Constructors
| EC2ReplaceRouteAction' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe ActionTarget) ActionTarget |
Instances
newEC2ReplaceRouteAction Source #
Create a value of EC2ReplaceRouteAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2ReplaceRouteAction, eC2ReplaceRouteAction_description - A description of the ReplaceRoute action in Amazon EC2.
$sel:destinationCidrBlock:EC2ReplaceRouteAction', eC2ReplaceRouteAction_destinationCidrBlock - Information about the IPv4 CIDR address block used for the destination
match. The value that you provide must match the CIDR of an existing
route in the table.
$sel:destinationIpv6CidrBlock:EC2ReplaceRouteAction', eC2ReplaceRouteAction_destinationIpv6CidrBlock - Information about the IPv6 CIDR address block used for the destination
match. The value that you provide must match the CIDR of an existing
route in the table.
$sel:destinationPrefixListId:EC2ReplaceRouteAction', eC2ReplaceRouteAction_destinationPrefixListId - Information about the ID of the prefix list for the route.
$sel:gatewayId:EC2ReplaceRouteAction', eC2ReplaceRouteAction_gatewayId - Information about the ID of an internet gateway or virtual private
gateway.
$sel:routeTableId:EC2ReplaceRouteAction', eC2ReplaceRouteAction_routeTableId - Information about the ID of the route table.
EC2ReplaceRouteTableAssociationAction
data EC2ReplaceRouteTableAssociationAction Source #
Information about the ReplaceRouteTableAssociation action in Amazon EC2.
See: newEC2ReplaceRouteTableAssociationAction smart constructor.
Constructors
| EC2ReplaceRouteTableAssociationAction' (Maybe Text) ActionTarget ActionTarget |
Instances
newEC2ReplaceRouteTableAssociationAction Source #
Arguments
| :: ActionTarget | |
| -> ActionTarget | |
| -> EC2ReplaceRouteTableAssociationAction |
Create a value of EC2ReplaceRouteTableAssociationAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2ReplaceRouteTableAssociationAction, eC2ReplaceRouteTableAssociationAction_description - A description of the ReplaceRouteTableAssociation action in Amazon EC2.
$sel:associationId:EC2ReplaceRouteTableAssociationAction', eC2ReplaceRouteTableAssociationAction_associationId - Information about the association ID.
$sel:routeTableId:EC2ReplaceRouteTableAssociationAction', eC2ReplaceRouteTableAssociationAction_routeTableId - Information about the ID of the new route table to associate with the
subnet.
EvaluationResult
data EvaluationResult Source #
Describes the compliance status for the account. An account is considered noncompliant if it includes resources that are not protected by the specified policy or that don't comply with the policy.
See: newEvaluationResult smart constructor.
Constructors
| EvaluationResult' (Maybe PolicyComplianceStatusType) (Maybe Bool) (Maybe Natural) |
Instances
newEvaluationResult :: EvaluationResult Source #
Create a value of EvaluationResult with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:complianceStatus:EvaluationResult', evaluationResult_complianceStatus - Describes an Amazon Web Services account's compliance with the Firewall
Manager policy.
$sel:evaluationLimitExceeded:EvaluationResult', evaluationResult_evaluationLimitExceeded - Indicates that over 100 resources are noncompliant with the Firewall
Manager policy.
$sel:violatorCount:EvaluationResult', evaluationResult_violatorCount - The number of resources that are noncompliant with the specified policy.
For WAF and Shield Advanced policies, a resource is considered
noncompliant if it is not associated with the policy. For security group
policies, a resource is considered noncompliant if it doesn't comply
with the rules of the policy and remediation is disabled or not
possible.
ExpectedRoute
data ExpectedRoute Source #
Information about the expected route in the route table.
See: newExpectedRoute smart constructor.
Constructors
| ExpectedRoute' (Maybe [Text]) (Maybe [Text]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newExpectedRoute :: ExpectedRoute Source #
Create a value of ExpectedRoute with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:allowedTargets:ExpectedRoute', expectedRoute_allowedTargets - Information about the allowed targets.
$sel:contributingSubnets:ExpectedRoute', expectedRoute_contributingSubnets - Information about the contributing subnets.
$sel:ipV4Cidr:ExpectedRoute', expectedRoute_ipV4Cidr - Information about the IPv4 CIDR block.
$sel:ipV6Cidr:ExpectedRoute', expectedRoute_ipV6Cidr - Information about the IPv6 CIDR block.
$sel:prefixListId:ExpectedRoute', expectedRoute_prefixListId - Information about the ID of the prefix list for the route.
$sel:routeTableId:ExpectedRoute', expectedRoute_routeTableId - Information about the route table ID.
FMSPolicyUpdateFirewallCreationConfigAction
data FMSPolicyUpdateFirewallCreationConfigAction Source #
Contains information about the actions that you can take to remediate
scope violations caused by your policy's FirewallCreationConfig.
FirewallCreationConfig is an optional configuration that you can use
to choose which Availability Zones Firewall Manager creates Network
Firewall endpoints in.
See: newFMSPolicyUpdateFirewallCreationConfigAction smart constructor.
Constructors
| FMSPolicyUpdateFirewallCreationConfigAction' (Maybe Text) (Maybe Text) |
Instances
newFMSPolicyUpdateFirewallCreationConfigAction :: FMSPolicyUpdateFirewallCreationConfigAction Source #
Create a value of FMSPolicyUpdateFirewallCreationConfigAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:FMSPolicyUpdateFirewallCreationConfigAction', fMSPolicyUpdateFirewallCreationConfigAction_description - Describes the remedial action.
$sel:firewallCreationConfig:FMSPolicyUpdateFirewallCreationConfigAction', fMSPolicyUpdateFirewallCreationConfigAction_firewallCreationConfig - A FirewallCreationConfig that you can copy into your current policy's
SecurityServiceData
in order to remedy scope violations.
FailedItem
data FailedItem Source #
Details of a resource that failed when trying to update it's association to a resource set.
See: newFailedItem smart constructor.
Constructors
| FailedItem' (Maybe FailedItemReason) (Maybe Text) |
Instances
newFailedItem :: FailedItem Source #
Create a value of FailedItem with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:reason:FailedItem', failedItem_reason - The reason the resource's association could not be updated.
$sel:uri:FailedItem', failedItem_uri - The univeral resource indicator (URI) of the resource that failed.
FirewallSubnetIsOutOfScopeViolation
data FirewallSubnetIsOutOfScopeViolation Source #
Contains details about the firewall subnet that violates the policy scope.
See: newFirewallSubnetIsOutOfScopeViolation smart constructor.
Constructors
| FirewallSubnetIsOutOfScopeViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newFirewallSubnetIsOutOfScopeViolation :: FirewallSubnetIsOutOfScopeViolation Source #
Create a value of FirewallSubnetIsOutOfScopeViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallSubnetId:FirewallSubnetIsOutOfScopeViolation', firewallSubnetIsOutOfScopeViolation_firewallSubnetId - The ID of the firewall subnet that violates the policy scope.
$sel:subnetAvailabilityZone:FirewallSubnetIsOutOfScopeViolation', firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZone - The Availability Zone of the firewall subnet that violates the policy
scope.
$sel:subnetAvailabilityZoneId:FirewallSubnetIsOutOfScopeViolation', firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZoneId - The Availability Zone ID of the firewall subnet that violates the policy
scope.
$sel:vpcEndpointId:FirewallSubnetIsOutOfScopeViolation', firewallSubnetIsOutOfScopeViolation_vpcEndpointId - The VPC endpoint ID of the firewall subnet that violates the policy
scope.
$sel:vpcId:FirewallSubnetIsOutOfScopeViolation', firewallSubnetIsOutOfScopeViolation_vpcId - The VPC ID of the firewall subnet that violates the policy scope.
FirewallSubnetMissingVPCEndpointViolation
data FirewallSubnetMissingVPCEndpointViolation Source #
The violation details for a firewall subnet's VPC endpoint that's deleted or missing.
See: newFirewallSubnetMissingVPCEndpointViolation smart constructor.
Constructors
| FirewallSubnetMissingVPCEndpointViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newFirewallSubnetMissingVPCEndpointViolation :: FirewallSubnetMissingVPCEndpointViolation Source #
Create a value of FirewallSubnetMissingVPCEndpointViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallSubnetId:FirewallSubnetMissingVPCEndpointViolation', firewallSubnetMissingVPCEndpointViolation_firewallSubnetId - The ID of the firewall that this VPC endpoint is associated with.
$sel:subnetAvailabilityZone:FirewallSubnetMissingVPCEndpointViolation', firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZone - The name of the Availability Zone of the deleted VPC subnet.
$sel:subnetAvailabilityZoneId:FirewallSubnetMissingVPCEndpointViolation', firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZoneId - The ID of the Availability Zone of the deleted VPC subnet.
$sel:vpcId:FirewallSubnetMissingVPCEndpointViolation', firewallSubnetMissingVPCEndpointViolation_vpcId - The resource ID of the VPC associated with the deleted VPC subnet.
NetworkFirewallBlackHoleRouteDetectedViolation
data NetworkFirewallBlackHoleRouteDetectedViolation Source #
Violation detail for an internet gateway route with an inactive state in the customer subnet route table or Network Firewall subnet route table.
See: newNetworkFirewallBlackHoleRouteDetectedViolation smart constructor.
Constructors
| NetworkFirewallBlackHoleRouteDetectedViolation' (Maybe Text) (Maybe [Route]) (Maybe Text) (Maybe Text) |
Instances
newNetworkFirewallBlackHoleRouteDetectedViolation :: NetworkFirewallBlackHoleRouteDetectedViolation Source #
Create a value of NetworkFirewallBlackHoleRouteDetectedViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:routeTableId:NetworkFirewallBlackHoleRouteDetectedViolation', networkFirewallBlackHoleRouteDetectedViolation_routeTableId - Information about the route table ID.
$sel:violatingRoutes:NetworkFirewallBlackHoleRouteDetectedViolation', networkFirewallBlackHoleRouteDetectedViolation_violatingRoutes - Information about the route or routes that are in violation.
$sel:violationTarget:NetworkFirewallBlackHoleRouteDetectedViolation', networkFirewallBlackHoleRouteDetectedViolation_violationTarget - The subnet that has an inactive state.
$sel:vpcId:NetworkFirewallBlackHoleRouteDetectedViolation', networkFirewallBlackHoleRouteDetectedViolation_vpcId - Information about the VPC ID.
NetworkFirewallInternetTrafficNotInspectedViolation
data NetworkFirewallInternetTrafficNotInspectedViolation Source #
Violation detail for the subnet for which internet traffic that hasn't been inspected.
See: newNetworkFirewallInternetTrafficNotInspectedViolation smart constructor.
Constructors
| NetworkFirewallInternetTrafficNotInspectedViolation' (Maybe [Route]) (Maybe [Route]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [ExpectedRoute]) (Maybe [ExpectedRoute]) (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text) |
Instances
newNetworkFirewallInternetTrafficNotInspectedViolation :: NetworkFirewallInternetTrafficNotInspectedViolation Source #
Create a value of NetworkFirewallInternetTrafficNotInspectedViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actualFirewallSubnetRoutes:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_actualFirewallSubnetRoutes - The actual firewall subnet routes.
$sel:actualInternetGatewayRoutes:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_actualInternetGatewayRoutes - The actual internet gateway routes.
$sel:currentFirewallSubnetRouteTable:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_currentFirewallSubnetRouteTable - Information about the subnet route table for the current firewall.
$sel:currentInternetGatewayRouteTable:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_currentInternetGatewayRouteTable - The current route table for the internet gateway.
$sel:expectedFirewallEndpoint:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallEndpoint - The expected endpoint for the current firewall.
$sel:expectedFirewallSubnetRoutes:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallSubnetRoutes - The firewall subnet routes that are expected.
$sel:expectedInternetGatewayRoutes:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_expectedInternetGatewayRoutes - The internet gateway routes that are expected.
$sel:firewallSubnetId:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_firewallSubnetId - The firewall subnet ID.
$sel:internetGatewayId:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_internetGatewayId - The internet gateway ID.
$sel:isRouteTableUsedInDifferentAZ:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_isRouteTableUsedInDifferentAZ - Information about whether the route table is used in another
Availability Zone.
NetworkFirewallInternetTrafficNotInspectedViolation, networkFirewallInternetTrafficNotInspectedViolation_routeTableId - Information about the route table ID.
$sel:subnetAvailabilityZone:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_subnetAvailabilityZone - The subnet Availability Zone.
$sel:subnetId:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_subnetId - The subnet ID.
$sel:violatingRoutes:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_violatingRoutes - The route or routes that are in violation.
$sel:vpcId:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_vpcId - Information about the VPC ID.
NetworkFirewallInvalidRouteConfigurationViolation
data NetworkFirewallInvalidRouteConfigurationViolation Source #
Violation detail for the improperly configured subnet route. It's possible there is a missing route table route, or a configuration that causes traffic to cross an Availability Zone boundary.
See: newNetworkFirewallInvalidRouteConfigurationViolation smart constructor.
Constructors
| NetworkFirewallInvalidRouteConfigurationViolation' (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe [Route]) (Maybe [Text]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [ExpectedRoute]) (Maybe [ExpectedRoute]) (Maybe Text) (Maybe Bool) (Maybe Text) (Maybe Route) (Maybe Text) |
Instances
newNetworkFirewallInvalidRouteConfigurationViolation :: NetworkFirewallInvalidRouteConfigurationViolation Source #
Create a value of NetworkFirewallInvalidRouteConfigurationViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actualFirewallEndpoint:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_actualFirewallEndpoint - The actual firewall endpoint.
$sel:actualFirewallSubnetId:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetId - The actual subnet ID for the firewall.
$sel:actualFirewallSubnetRoutes:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetRoutes - The actual firewall subnet routes that are expected.
$sel:actualInternetGatewayRoutes:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_actualInternetGatewayRoutes - The actual internet gateway routes.
$sel:affectedSubnets:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_affectedSubnets - The subnets that are affected.
$sel:currentFirewallSubnetRouteTable:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_currentFirewallSubnetRouteTable - The subnet route table for the current firewall.
$sel:currentInternetGatewayRouteTable:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_currentInternetGatewayRouteTable - The route table for the current internet gateway.
$sel:expectedFirewallEndpoint:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_expectedFirewallEndpoint - The firewall endpoint that's expected.
$sel:expectedFirewallSubnetId:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetId - The expected subnet ID for the firewall.
$sel:expectedFirewallSubnetRoutes:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetRoutes - The firewall subnet routes that are expected.
$sel:expectedInternetGatewayRoutes:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_expectedInternetGatewayRoutes - The expected routes for the internet gateway.
$sel:internetGatewayId:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_internetGatewayId - The internet gateway ID.
$sel:isRouteTableUsedInDifferentAZ:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_isRouteTableUsedInDifferentAZ - Information about whether the route table is used in another
Availability Zone.
NetworkFirewallInvalidRouteConfigurationViolation, networkFirewallInvalidRouteConfigurationViolation_routeTableId - The route table ID.
$sel:violatingRoute:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_violatingRoute - The route that's in violation.
$sel:vpcId:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_vpcId - Information about the VPC ID.
NetworkFirewallMissingExpectedRTViolation
data NetworkFirewallMissingExpectedRTViolation Source #
Violation detail for Network Firewall for a subnet that's not associated to the expected Firewall Manager managed route table.
See: newNetworkFirewallMissingExpectedRTViolation smart constructor.
Constructors
| NetworkFirewallMissingExpectedRTViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newNetworkFirewallMissingExpectedRTViolation :: NetworkFirewallMissingExpectedRTViolation Source #
Create a value of NetworkFirewallMissingExpectedRTViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:NetworkFirewallMissingExpectedRTViolation', networkFirewallMissingExpectedRTViolation_availabilityZone - The Availability Zone of a violating subnet.
$sel:currentRouteTable:NetworkFirewallMissingExpectedRTViolation', networkFirewallMissingExpectedRTViolation_currentRouteTable - The resource ID of the current route table that's associated with the
subnet, if one is available.
$sel:expectedRouteTable:NetworkFirewallMissingExpectedRTViolation', networkFirewallMissingExpectedRTViolation_expectedRouteTable - The resource ID of the route table that should be associated with the
subnet.
$sel:vpc:NetworkFirewallMissingExpectedRTViolation', networkFirewallMissingExpectedRTViolation_vpc - The resource ID of the VPC associated with a violating subnet.
$sel:violationTarget:NetworkFirewallMissingExpectedRTViolation', networkFirewallMissingExpectedRTViolation_violationTarget - The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallMissingExpectedRoutesViolation
data NetworkFirewallMissingExpectedRoutesViolation Source #
Violation detail for an expected route missing in Network Firewall.
See: newNetworkFirewallMissingExpectedRoutesViolation smart constructor.
Constructors
| NetworkFirewallMissingExpectedRoutesViolation' (Maybe [ExpectedRoute]) (Maybe Text) (Maybe Text) |
Instances
newNetworkFirewallMissingExpectedRoutesViolation :: NetworkFirewallMissingExpectedRoutesViolation Source #
Create a value of NetworkFirewallMissingExpectedRoutesViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:expectedRoutes:NetworkFirewallMissingExpectedRoutesViolation', networkFirewallMissingExpectedRoutesViolation_expectedRoutes - The expected routes.
$sel:violationTarget:NetworkFirewallMissingExpectedRoutesViolation', networkFirewallMissingExpectedRoutesViolation_violationTarget - The target of the violation.
$sel:vpcId:NetworkFirewallMissingExpectedRoutesViolation', networkFirewallMissingExpectedRoutesViolation_vpcId - Information about the VPC ID.
NetworkFirewallMissingFirewallViolation
data NetworkFirewallMissingFirewallViolation Source #
Violation detail for Network Firewall for a subnet that doesn't have a Firewall Manager managed firewall in its VPC.
See: newNetworkFirewallMissingFirewallViolation smart constructor.
Constructors
| NetworkFirewallMissingFirewallViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newNetworkFirewallMissingFirewallViolation :: NetworkFirewallMissingFirewallViolation Source #
Create a value of NetworkFirewallMissingFirewallViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:NetworkFirewallMissingFirewallViolation', networkFirewallMissingFirewallViolation_availabilityZone - The Availability Zone of a violating subnet.
$sel:targetViolationReason:NetworkFirewallMissingFirewallViolation', networkFirewallMissingFirewallViolation_targetViolationReason - The reason the resource has this violation, if one is available.
$sel:vpc:NetworkFirewallMissingFirewallViolation', networkFirewallMissingFirewallViolation_vpc - The resource ID of the VPC associated with a violating subnet.
$sel:violationTarget:NetworkFirewallMissingFirewallViolation', networkFirewallMissingFirewallViolation_violationTarget - The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallMissingSubnetViolation
data NetworkFirewallMissingSubnetViolation Source #
Violation detail for Network Firewall for an Availability Zone that's missing the expected Firewall Manager managed subnet.
See: newNetworkFirewallMissingSubnetViolation smart constructor.
Constructors
| NetworkFirewallMissingSubnetViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newNetworkFirewallMissingSubnetViolation :: NetworkFirewallMissingSubnetViolation Source #
Create a value of NetworkFirewallMissingSubnetViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:NetworkFirewallMissingSubnetViolation', networkFirewallMissingSubnetViolation_availabilityZone - The Availability Zone of a violating subnet.
$sel:targetViolationReason:NetworkFirewallMissingSubnetViolation', networkFirewallMissingSubnetViolation_targetViolationReason - The reason the resource has this violation, if one is available.
$sel:vpc:NetworkFirewallMissingSubnetViolation', networkFirewallMissingSubnetViolation_vpc - The resource ID of the VPC associated with a violating subnet.
$sel:violationTarget:NetworkFirewallMissingSubnetViolation', networkFirewallMissingSubnetViolation_violationTarget - The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallPolicy
data NetworkFirewallPolicy Source #
Configures the firewall policy deployment model of Network Firewall. For information about Network Firewall deployment models, see Network Firewall example architectures with routing in the Network Firewall Developer Guide.
See: newNetworkFirewallPolicy smart constructor.
Constructors
| NetworkFirewallPolicy' (Maybe FirewallDeploymentModel) |
Instances
newNetworkFirewallPolicy :: NetworkFirewallPolicy Source #
Create a value of NetworkFirewallPolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallDeploymentModel:NetworkFirewallPolicy', networkFirewallPolicy_firewallDeploymentModel - Defines the deployment model to use for the firewall policy. To use a
distributed model, set
PolicyOption
to NULL.
NetworkFirewallPolicyDescription
data NetworkFirewallPolicyDescription Source #
The definition of the Network Firewall firewall policy.
See: newNetworkFirewallPolicyDescription smart constructor.
Constructors
| NetworkFirewallPolicyDescription' (Maybe [Text]) (Maybe StatefulEngineOptions) (Maybe [StatefulRuleGroup]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [StatelessRuleGroup]) |
Instances
newNetworkFirewallPolicyDescription :: NetworkFirewallPolicyDescription Source #
Create a value of NetworkFirewallPolicyDescription with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:statefulDefaultActions:NetworkFirewallPolicyDescription', networkFirewallPolicyDescription_statefulDefaultActions - The default actions to take on a packet that doesn't match any stateful
rules. The stateful default action is optional, and is only valid when
using the strict rule order.
Valid values of the stateful default action:
- aws:drop_strict
- aws:drop_established
- aws:alert_strict
- aws:alert_established
$sel:statefulEngineOptions:NetworkFirewallPolicyDescription', networkFirewallPolicyDescription_statefulEngineOptions - Additional options governing how Network Firewall handles stateful
rules. The stateful rule groups that you use in your policy must have
stateful rule options settings that are compatible with these settings.
$sel:statefulRuleGroups:NetworkFirewallPolicyDescription', networkFirewallPolicyDescription_statefulRuleGroups - The stateful rule groups that are used in the Network Firewall firewall
policy.
$sel:statelessCustomActions:NetworkFirewallPolicyDescription', networkFirewallPolicyDescription_statelessCustomActions - Names of custom actions that are available for use in the stateless
default actions settings.
$sel:statelessDefaultActions:NetworkFirewallPolicyDescription', networkFirewallPolicyDescription_statelessDefaultActions - The actions to take on packets that don't match any of the stateless
rule groups.
$sel:statelessFragmentDefaultActions:NetworkFirewallPolicyDescription', networkFirewallPolicyDescription_statelessFragmentDefaultActions - The actions to take on packet fragments that don't match any of the
stateless rule groups.
$sel:statelessRuleGroups:NetworkFirewallPolicyDescription', networkFirewallPolicyDescription_statelessRuleGroups - The stateless rule groups that are used in the Network Firewall firewall
policy.
NetworkFirewallPolicyModifiedViolation
data NetworkFirewallPolicyModifiedViolation Source #
Violation detail for Network Firewall for a firewall policy that has a different NetworkFirewallPolicyDescription than is required by the Firewall Manager policy.
See: newNetworkFirewallPolicyModifiedViolation smart constructor.
Constructors
| NetworkFirewallPolicyModifiedViolation' (Maybe NetworkFirewallPolicyDescription) (Maybe NetworkFirewallPolicyDescription) (Maybe Text) |
Instances
newNetworkFirewallPolicyModifiedViolation :: NetworkFirewallPolicyModifiedViolation Source #
Create a value of NetworkFirewallPolicyModifiedViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:currentPolicyDescription:NetworkFirewallPolicyModifiedViolation', networkFirewallPolicyModifiedViolation_currentPolicyDescription - The policy that's currently in use in the individual account.
$sel:expectedPolicyDescription:NetworkFirewallPolicyModifiedViolation', networkFirewallPolicyModifiedViolation_expectedPolicyDescription - The policy that should be in use in the individual account in order to
be compliant.
$sel:violationTarget:NetworkFirewallPolicyModifiedViolation', networkFirewallPolicyModifiedViolation_violationTarget - The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallStatefulRuleGroupOverride
data NetworkFirewallStatefulRuleGroupOverride Source #
The setting that allows the policy owner to change the behavior of the rule group within a policy.
See: newNetworkFirewallStatefulRuleGroupOverride smart constructor.
Instances
newNetworkFirewallStatefulRuleGroupOverride :: NetworkFirewallStatefulRuleGroupOverride Source #
Create a value of NetworkFirewallStatefulRuleGroupOverride with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:action:NetworkFirewallStatefulRuleGroupOverride', networkFirewallStatefulRuleGroupOverride_action - The action that changes the rule group from DROP to ALERT. This only
applies to managed rule groups.
NetworkFirewallUnexpectedFirewallRoutesViolation
data NetworkFirewallUnexpectedFirewallRoutesViolation Source #
Violation detail for an unexpected route that's present in a route table.
See: newNetworkFirewallUnexpectedFirewallRoutesViolation smart constructor.
Constructors
| NetworkFirewallUnexpectedFirewallRoutesViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text) |
Instances
newNetworkFirewallUnexpectedFirewallRoutesViolation :: NetworkFirewallUnexpectedFirewallRoutesViolation Source #
Create a value of NetworkFirewallUnexpectedFirewallRoutesViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallEndpoint:NetworkFirewallUnexpectedFirewallRoutesViolation', networkFirewallUnexpectedFirewallRoutesViolation_firewallEndpoint - The endpoint of the firewall.
$sel:firewallSubnetId:NetworkFirewallUnexpectedFirewallRoutesViolation', networkFirewallUnexpectedFirewallRoutesViolation_firewallSubnetId - The subnet ID for the firewall.
$sel:routeTableId:NetworkFirewallUnexpectedFirewallRoutesViolation', networkFirewallUnexpectedFirewallRoutesViolation_routeTableId - The ID of the route table.
$sel:violatingRoutes:NetworkFirewallUnexpectedFirewallRoutesViolation', networkFirewallUnexpectedFirewallRoutesViolation_violatingRoutes - The routes that are in violation.
$sel:vpcId:NetworkFirewallUnexpectedFirewallRoutesViolation', networkFirewallUnexpectedFirewallRoutesViolation_vpcId - Information about the VPC ID.
NetworkFirewallUnexpectedGatewayRoutesViolation
data NetworkFirewallUnexpectedGatewayRoutesViolation Source #
Violation detail for an unexpected gateway route that’s present in a route table.
See: newNetworkFirewallUnexpectedGatewayRoutesViolation smart constructor.
Constructors
| NetworkFirewallUnexpectedGatewayRoutesViolation' (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text) |
Instances
newNetworkFirewallUnexpectedGatewayRoutesViolation :: NetworkFirewallUnexpectedGatewayRoutesViolation Source #
Create a value of NetworkFirewallUnexpectedGatewayRoutesViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:gatewayId:NetworkFirewallUnexpectedGatewayRoutesViolation', networkFirewallUnexpectedGatewayRoutesViolation_gatewayId - Information about the gateway ID.
$sel:routeTableId:NetworkFirewallUnexpectedGatewayRoutesViolation', networkFirewallUnexpectedGatewayRoutesViolation_routeTableId - Information about the route table.
$sel:violatingRoutes:NetworkFirewallUnexpectedGatewayRoutesViolation', networkFirewallUnexpectedGatewayRoutesViolation_violatingRoutes - The routes that are in violation.
$sel:vpcId:NetworkFirewallUnexpectedGatewayRoutesViolation', networkFirewallUnexpectedGatewayRoutesViolation_vpcId - Information about the VPC ID.
PartialMatch
data PartialMatch Source #
The reference rule that partially matches the ViolationTarget rule and
violation reason.
See: newPartialMatch smart constructor.
Constructors
| PartialMatch' (Maybe Text) (Maybe [Text]) |
Instances
newPartialMatch :: PartialMatch Source #
Create a value of PartialMatch with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:reference:PartialMatch', partialMatch_reference - The reference rule from the primary security group of the Firewall
Manager policy.
$sel:targetViolationReasons:PartialMatch', partialMatch_targetViolationReasons - The violation reason.
Policy
An Firewall Manager policy.
See: newPolicy smart constructor.
Constructors
| Policy' (Maybe Bool) (Maybe (HashMap CustomerPolicyScopeIdType [Text])) (Maybe (HashMap CustomerPolicyScopeIdType [Text])) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Text]) (Maybe [ResourceTag]) (Maybe [Text]) Text SecurityServicePolicyData Text Bool Bool |
Instances
Create a value of Policy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:deleteUnusedFMManagedResources:Policy', policy_deleteUnusedFMManagedResources - Indicates whether Firewall Manager should automatically remove
protections from resources that leave the policy scope and clean up
resources that Firewall Manager is managing for accounts when those
accounts leave policy scope. For example, Firewall Manager will
disassociate a Firewall Manager managed web ACL from a protected
customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
$sel:excludeMap:Policy', policy_excludeMap - Specifies the Amazon Web Services account IDs and Organizations
organizational units (OUs) to exclude from the policy. Specifying an OU
is the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a
later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap, Firewall Manager applies the policy to all accounts
specified by the IncludeMap, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}. - Specify OUs by setting the key to
ORG_UNIT. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
$sel:includeMap:Policy', policy_includeMap - Specifies the Amazon Web Services account IDs and Organizations
organizational units (OUs) to include in the policy. Specifying an OU is
the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a
later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap, Firewall Manager applies the policy to all accounts
specified by the IncludeMap, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}. - Specify OUs by setting the key to
ORG_UNIT. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
$sel:policyDescription:Policy', policy_policyDescription - The definition of the Network Firewall firewall policy.
$sel:policyId:Policy', policy_policyId - The ID of the Firewall Manager policy.
$sel:policyUpdateToken:Policy', policy_policyUpdateToken - A unique identifier for each update to the policy. When issuing a
PutPolicy request, the PolicyUpdateToken in the request must match
the PolicyUpdateToken of the current policy version. To get the
PolicyUpdateToken of the current policy version, use a GetPolicy
request.
$sel:resourceSetIds:Policy', policy_resourceSetIds - The unique identifiers of the resource sets used by the policy.
$sel:resourceTags:Policy', policy_resourceTags - An array of ResourceTag objects.
$sel:resourceTypeList:Policy', policy_resourceTypeList - An array of ResourceType objects. Use this only to specify multiple
resource types. To specify a single resource type, use ResourceType.
$sel:policyName:Policy', policy_policyName - The name of the Firewall Manager policy.
$sel:securityServicePolicyData:Policy', policy_securityServicePolicyData - Details about the security service that is being used to protect the
resources.
$sel:resourceType:Policy', policy_resourceType - The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
To apply this policy to multiple resource types, specify a resource type
of ResourceTypeList and then specify the resource types in a
ResourceTypeList.
For WAF and Shield Advanced, resource types include
AWS::ElasticLoadBalancingV2::LoadBalancer,
AWS::ElasticLoadBalancing::LoadBalancer, AWS::EC2::EIP, and
AWS::CloudFront::Distribution. For a security group common policy,
valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and
AWS::EC2::Instance. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC.
$sel:excludeResourceTags:Policy', policy_excludeResourceTags - If set to True, resources with the tags that are specified in the
ResourceTag array are not in scope of the policy. If set to False,
and the ResourceTag array is not null, only resources with the
specified tags are in scope of the policy.
$sel:remediationEnabled:Policy', policy_remediationEnabled - Indicates if the policy should be automatically applied to new
resources.
PolicyComplianceDetail
data PolicyComplianceDetail Source #
Describes the noncompliant resources in a member account for a specific
Firewall Manager policy. A maximum of 100 entries are displayed. If more
than 100 resources are noncompliant, EvaluationLimitExceeded is set to
True.
See: newPolicyComplianceDetail smart constructor.
Constructors
| PolicyComplianceDetail' (Maybe Bool) (Maybe POSIX) (Maybe (HashMap DependentServiceName Text)) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [ComplianceViolator]) |
Instances
newPolicyComplianceDetail :: PolicyComplianceDetail Source #
Create a value of PolicyComplianceDetail with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:evaluationLimitExceeded:PolicyComplianceDetail', policyComplianceDetail_evaluationLimitExceeded - Indicates if over 100 resources are noncompliant with the Firewall
Manager policy.
$sel:expiredAt:PolicyComplianceDetail', policyComplianceDetail_expiredAt - A timestamp that indicates when the returned information should be
considered out of date.
$sel:issueInfoMap:PolicyComplianceDetail', policyComplianceDetail_issueInfoMap - Details about problems with dependent services, such as WAF or Config,
and the error message received that indicates the problem with the
service.
$sel:memberAccount:PolicyComplianceDetail', policyComplianceDetail_memberAccount - The Amazon Web Services account ID.
$sel:policyId:PolicyComplianceDetail', policyComplianceDetail_policyId - The ID of the Firewall Manager policy.
$sel:policyOwner:PolicyComplianceDetail', policyComplianceDetail_policyOwner - The Amazon Web Services account that created the Firewall Manager
policy.
$sel:violators:PolicyComplianceDetail', policyComplianceDetail_violators - An array of resources that aren't protected by the WAF or Shield
Advanced policy or that aren't in compliance with the security group
policy.
PolicyComplianceStatus
data PolicyComplianceStatus Source #
Indicates whether the account is compliant with the specified policy. An account is considered noncompliant if it includes resources that are not protected by the policy, for WAF and Shield Advanced policies, or that are noncompliant with the policy, for security group policies.
See: newPolicyComplianceStatus smart constructor.
Constructors
| PolicyComplianceStatus' (Maybe [EvaluationResult]) (Maybe (HashMap DependentServiceName Text)) (Maybe POSIX) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newPolicyComplianceStatus :: PolicyComplianceStatus Source #
Create a value of PolicyComplianceStatus with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:evaluationResults:PolicyComplianceStatus', policyComplianceStatus_evaluationResults - An array of EvaluationResult objects.
$sel:issueInfoMap:PolicyComplianceStatus', policyComplianceStatus_issueInfoMap - Details about problems with dependent services, such as WAF or Config,
and the error message received that indicates the problem with the
service.
$sel:lastUpdated:PolicyComplianceStatus', policyComplianceStatus_lastUpdated - Timestamp of the last update to the EvaluationResult objects.
$sel:memberAccount:PolicyComplianceStatus', policyComplianceStatus_memberAccount - The member account ID.
$sel:policyId:PolicyComplianceStatus', policyComplianceStatus_policyId - The ID of the Firewall Manager policy.
$sel:policyName:PolicyComplianceStatus', policyComplianceStatus_policyName - The name of the Firewall Manager policy.
$sel:policyOwner:PolicyComplianceStatus', policyComplianceStatus_policyOwner - The Amazon Web Services account that created the Firewall Manager
policy.
PolicyOption
data PolicyOption Source #
Contains the Network Firewall firewall policy options to configure the policy's deployment model and third-party firewall policy settings.
See: newPolicyOption smart constructor.
Constructors
| PolicyOption' (Maybe NetworkFirewallPolicy) (Maybe ThirdPartyFirewallPolicy) |
Instances
newPolicyOption :: PolicyOption Source #
Create a value of PolicyOption with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:networkFirewallPolicy:PolicyOption', policyOption_networkFirewallPolicy - Defines the deployment model to use for the firewall policy.
$sel:thirdPartyFirewallPolicy:PolicyOption', policyOption_thirdPartyFirewallPolicy - Defines the policy options for a third-party firewall policy.
PolicySummary
data PolicySummary Source #
Details of the Firewall Manager policy.
See: newPolicySummary smart constructor.
Constructors
| PolicySummary' (Maybe Bool) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) (Maybe SecurityServiceType) |
Instances
newPolicySummary :: PolicySummary Source #
Create a value of PolicySummary with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:deleteUnusedFMManagedResources:PolicySummary', policySummary_deleteUnusedFMManagedResources - Indicates whether Firewall Manager should automatically remove
protections from resources that leave the policy scope and clean up
resources that Firewall Manager is managing for accounts when those
accounts leave policy scope. For example, Firewall Manager will
disassociate a Firewall Manager managed web ACL from a protected
customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
$sel:policyArn:PolicySummary', policySummary_policyArn - The Amazon Resource Name (ARN) of the specified policy.
$sel:policyId:PolicySummary', policySummary_policyId - The ID of the specified policy.
$sel:policyName:PolicySummary', policySummary_policyName - The name of the specified policy.
$sel:remediationEnabled:PolicySummary', policySummary_remediationEnabled - Indicates if the policy should be automatically applied to new
resources.
$sel:resourceType:PolicySummary', policySummary_resourceType - The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
For WAF and Shield Advanced, examples include
AWS::ElasticLoadBalancingV2::LoadBalancer and
AWS::CloudFront::Distribution. For a security group common policy,
valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and
AWS::EC2::Instance. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC.
$sel:securityServiceType:PolicySummary', policySummary_securityServiceType - The service that the policy is using to protect the resources. This
specifies the type of policy that is created, either an WAF policy, a
Shield Advanced policy, or a security group policy.
PossibleRemediationAction
data PossibleRemediationAction Source #
A list of remediation actions.
See: newPossibleRemediationAction smart constructor.
Constructors
| PossibleRemediationAction' (Maybe Text) (Maybe Bool) [RemediationActionWithOrder] |
Instances
newPossibleRemediationAction :: PossibleRemediationAction Source #
Create a value of PossibleRemediationAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:PossibleRemediationAction', possibleRemediationAction_description - A description of the list of remediation actions.
$sel:isDefaultAction:PossibleRemediationAction', possibleRemediationAction_isDefaultAction - Information about whether an action is taken by default.
$sel:orderedRemediationActions:PossibleRemediationAction', possibleRemediationAction_orderedRemediationActions - The ordered list of remediation actions.
PossibleRemediationActions
data PossibleRemediationActions Source #
A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.
See: newPossibleRemediationActions smart constructor.
Constructors
| PossibleRemediationActions' (Maybe [PossibleRemediationAction]) (Maybe Text) |
Instances
newPossibleRemediationActions :: PossibleRemediationActions Source #
Create a value of PossibleRemediationActions with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actions:PossibleRemediationActions', possibleRemediationActions_actions - Information about the actions.
PossibleRemediationActions, possibleRemediationActions_description - A description of the possible remediation actions list.
ProtocolsListData
data ProtocolsListData Source #
An Firewall Manager protocols list.
See: newProtocolsListData smart constructor.
Constructors
| ProtocolsListData' (Maybe POSIX) (Maybe POSIX) (Maybe Text) (Maybe Text) (Maybe (HashMap Text [Text])) Text [Text] |
Instances
Arguments
| :: Text | |
| -> ProtocolsListData |
Create a value of ProtocolsListData with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:createTime:ProtocolsListData', protocolsListData_createTime - The time that the Firewall Manager protocols list was created.
$sel:lastUpdateTime:ProtocolsListData', protocolsListData_lastUpdateTime - The time that the Firewall Manager protocols list was last updated.
$sel:listId:ProtocolsListData', protocolsListData_listId - The ID of the Firewall Manager protocols list.
$sel:listUpdateToken:ProtocolsListData', protocolsListData_listUpdateToken - A unique identifier for each update to the list. When you update the
list, the update token must match the token of the current version of
the application list. You can retrieve the update token by getting the
list.
$sel:previousProtocolsList:ProtocolsListData', protocolsListData_previousProtocolsList - A map of previous version numbers to their corresponding protocol
arrays.
$sel:listName:ProtocolsListData', protocolsListData_listName - The name of the Firewall Manager protocols list.
$sel:protocolsList:ProtocolsListData', protocolsListData_protocolsList - An array of protocols in the Firewall Manager protocols list.
ProtocolsListDataSummary
data ProtocolsListDataSummary Source #
Details of the Firewall Manager protocols list.
See: newProtocolsListDataSummary smart constructor.
Instances
newProtocolsListDataSummary :: ProtocolsListDataSummary Source #
Create a value of ProtocolsListDataSummary with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:listArn:ProtocolsListDataSummary', protocolsListDataSummary_listArn - The Amazon Resource Name (ARN) of the specified protocols list.
$sel:listId:ProtocolsListDataSummary', protocolsListDataSummary_listId - The ID of the specified protocols list.
$sel:listName:ProtocolsListDataSummary', protocolsListDataSummary_listName - The name of the specified protocols list.
$sel:protocolsList:ProtocolsListDataSummary', protocolsListDataSummary_protocolsList - An array of protocols in the Firewall Manager protocols list.
RemediationAction
data RemediationAction Source #
Information about an individual action you can take to remediate a violation.
See: newRemediationAction smart constructor.
Constructors
Instances
newRemediationAction :: RemediationAction Source #
Create a value of RemediationAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
RemediationAction, remediationAction_description - A description of a remediation action.
$sel:eC2AssociateRouteTableAction:RemediationAction', remediationAction_eC2AssociateRouteTableAction - Information about the AssociateRouteTable action in the Amazon EC2 API.
$sel:eC2CopyRouteTableAction:RemediationAction', remediationAction_eC2CopyRouteTableAction - Information about the CopyRouteTable action in the Amazon EC2 API.
$sel:eC2CreateRouteAction:RemediationAction', remediationAction_eC2CreateRouteAction - Information about the CreateRoute action in the Amazon EC2 API.
$sel:eC2CreateRouteTableAction:RemediationAction', remediationAction_eC2CreateRouteTableAction - Information about the CreateRouteTable action in the Amazon EC2 API.
$sel:eC2DeleteRouteAction:RemediationAction', remediationAction_eC2DeleteRouteAction - Information about the DeleteRoute action in the Amazon EC2 API.
$sel:eC2ReplaceRouteAction:RemediationAction', remediationAction_eC2ReplaceRouteAction - Information about the ReplaceRoute action in the Amazon EC2 API.
$sel:eC2ReplaceRouteTableAssociationAction:RemediationAction', remediationAction_eC2ReplaceRouteTableAssociationAction - Information about the ReplaceRouteTableAssociation action in the Amazon
EC2 API.
$sel:fMSPolicyUpdateFirewallCreationConfigAction:RemediationAction', remediationAction_fMSPolicyUpdateFirewallCreationConfigAction - The remedial action to take when updating a firewall configuration.
RemediationActionWithOrder
data RemediationActionWithOrder Source #
An ordered list of actions you can take to remediate a violation.
See: newRemediationActionWithOrder smart constructor.
Constructors
| RemediationActionWithOrder' (Maybe Int) (Maybe RemediationAction) |
Instances
newRemediationActionWithOrder :: RemediationActionWithOrder Source #
Create a value of RemediationActionWithOrder with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:order:RemediationActionWithOrder', remediationActionWithOrder_order - The order of the remediation actions in the list.
$sel:remediationAction:RemediationActionWithOrder', remediationActionWithOrder_remediationAction - Information about an action you can take to remediate a violation.
Resource
Details of a resource that is associated to an Firewall Manager resource set.
See: newResource smart constructor.
Instances
| FromJSON Resource Source # | |
| Generic Resource Source # | |
| Read Resource Source # | |
| Show Resource Source # | |
| NFData Resource Source # | |
Defined in Amazonka.FMS.Types.Resource | |
| Eq Resource Source # | |
| Hashable Resource Source # | |
Defined in Amazonka.FMS.Types.Resource | |
| type Rep Resource Source # | |
Defined in Amazonka.FMS.Types.Resource type Rep Resource = D1 ('MetaData "Resource" "Amazonka.FMS.Types.Resource" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "Resource'" 'PrefixI 'True) (S1 ('MetaSel ('Just "accountId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "uri") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) | |
Create a value of Resource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountId:Resource', resource_accountId - The Amazon Web Services account ID that the associated resource belongs
to.
$sel:uri:Resource', resource_uri - The resource's universal resource indicator (URI).
ResourceSet
data ResourceSet Source #
A set of resources to include in a policy.
See: newResourceSet smart constructor.
Instances
Arguments
| :: Text | |
| -> ResourceSet |
Create a value of ResourceSet with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:ResourceSet', resourceSet_description - A description of the resource set.
$sel:id:ResourceSet', resourceSet_id - A unique identifier for the resource set. This ID is returned in the
responses to create and list commands. You provide it to operations like
update and delete.
$sel:lastUpdateTime:ResourceSet', resourceSet_lastUpdateTime - The last time that the resource set was changed.
$sel:updateToken:ResourceSet', resourceSet_updateToken - An optional token that you can use for optimistic locking. Firewall
Manager returns a token to your requests that access the resource set.
The token marks the state of the resource set resource at the time of
the request. Update tokens are not allowed when creating a resource set.
After creation, each subsequent update call to the resource set requires
the update token.
To make an unconditional change to the resource set, omit the token in your update request. Without the token, Firewall Manager performs your updates regardless of whether the resource set has changed since you last retrieved it.
To make a conditional change to the resource set, provide the token in
your update request. Firewall Manager uses the token to ensure that the
resource set hasn't changed since you last retrieved it. If it has
changed, the operation fails with an InvalidTokenException. If this
happens, retrieve the resource set again to get a current copy of it
with a new token. Reapply your changes as needed, then try the operation
again using the new token.
$sel:name:ResourceSet', resourceSet_name - The descriptive name of the resource set. You can't change the name of
a resource set after you create it.
$sel:resourceTypeList:ResourceSet', resourceSet_resourceTypeList - Determines the resources that can be associated to the resource set.
Depending on your setting for max results and the number of resource
sets, a single call might not return the full list.
ResourceSetSummary
data ResourceSetSummary Source #
Summarizes the resource sets used in a policy.
See: newResourceSetSummary smart constructor.
Instances
newResourceSetSummary :: ResourceSetSummary Source #
Create a value of ResourceSetSummary with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:ResourceSetSummary', resourceSetSummary_description - A description of the resource set.
$sel:id:ResourceSetSummary', resourceSetSummary_id - A unique identifier for the resource set. This ID is returned in the
responses to create and list commands. You provide it to operations like
update and delete.
$sel:lastUpdateTime:ResourceSetSummary', resourceSetSummary_lastUpdateTime - The last time that the resource set was changed.
$sel:name:ResourceSetSummary', resourceSetSummary_name - The descriptive name of the resource set. You can't change the name of
a resource set after you create it.
ResourceTag
data ResourceTag Source #
The resource tags that Firewall Manager uses to determine if a particular resource should be included or excluded from the Firewall Manager policy. Tags enable you to categorize your Amazon Web Services resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value. Firewall Manager combines the tags with "AND" so that, if you add more than one tag to a policy scope, a resource must have all the specified tags to be included or excluded. For more information, see Working with Tag Editor.
See: newResourceTag smart constructor.
Constructors
| ResourceTag' (Maybe Text) Text |
Instances
Arguments
| :: Text | |
| -> ResourceTag |
Create a value of ResourceTag with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:value:ResourceTag', resourceTag_value - The resource tag value.
$sel:key:ResourceTag', resourceTag_key - The resource tag key.
ResourceViolation
data ResourceViolation Source #
Violation detail based on resource type.
See: newResourceViolation smart constructor.
Constructors
Instances
newResourceViolation :: ResourceViolation Source #
Create a value of ResourceViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:awsEc2InstanceViolation:ResourceViolation', resourceViolation_awsEc2InstanceViolation - Violation detail for an EC2 instance.
$sel:awsEc2NetworkInterfaceViolation:ResourceViolation', resourceViolation_awsEc2NetworkInterfaceViolation - Violation detail for a network interface.
$sel:awsVPCSecurityGroupViolation:ResourceViolation', resourceViolation_awsVPCSecurityGroupViolation - Violation detail for security groups.
$sel:dnsDuplicateRuleGroupViolation:ResourceViolation', resourceViolation_dnsDuplicateRuleGroupViolation - Violation detail for a DNS Firewall policy that indicates that a rule
group that Firewall Manager tried to associate with a VPC is already
associated with the VPC and can't be associated again.
$sel:dnsRuleGroupLimitExceededViolation:ResourceViolation', resourceViolation_dnsRuleGroupLimitExceededViolation - Violation detail for a DNS Firewall policy that indicates that the VPC
reached the limit for associated DNS Firewall rule groups. Firewall
Manager tried to associate another rule group with the VPC and failed.
$sel:dnsRuleGroupPriorityConflictViolation:ResourceViolation', resourceViolation_dnsRuleGroupPriorityConflictViolation - Violation detail for a DNS Firewall policy that indicates that a rule
group that Firewall Manager tried to associate with a VPC has the same
priority as a rule group that's already associated.
$sel:firewallSubnetIsOutOfScopeViolation:ResourceViolation', resourceViolation_firewallSubnetIsOutOfScopeViolation - Contains details about the firewall subnet that violates the policy
scope.
$sel:firewallSubnetMissingVPCEndpointViolation:ResourceViolation', resourceViolation_firewallSubnetMissingVPCEndpointViolation - The violation details for a third-party firewall's VPC endpoint subnet
that was deleted.
$sel:networkFirewallBlackHoleRouteDetectedViolation:ResourceViolation', resourceViolation_networkFirewallBlackHoleRouteDetectedViolation - Undocumented member.
$sel:networkFirewallInternetTrafficNotInspectedViolation:ResourceViolation', resourceViolation_networkFirewallInternetTrafficNotInspectedViolation - Violation detail for the subnet for which internet traffic hasn't been
inspected.
$sel:networkFirewallInvalidRouteConfigurationViolation:ResourceViolation', resourceViolation_networkFirewallInvalidRouteConfigurationViolation - The route configuration is invalid.
$sel:networkFirewallMissingExpectedRTViolation:ResourceViolation', resourceViolation_networkFirewallMissingExpectedRTViolation - Violation detail for an Network Firewall policy that indicates that a
subnet is not associated with the expected Firewall Manager managed
route table.
$sel:networkFirewallMissingExpectedRoutesViolation:ResourceViolation', resourceViolation_networkFirewallMissingExpectedRoutesViolation - Expected routes are missing from Network Firewall.
$sel:networkFirewallMissingFirewallViolation:ResourceViolation', resourceViolation_networkFirewallMissingFirewallViolation - Violation detail for an Network Firewall policy that indicates that a
subnet has no Firewall Manager managed firewall in its VPC.
$sel:networkFirewallMissingSubnetViolation:ResourceViolation', resourceViolation_networkFirewallMissingSubnetViolation - Violation detail for an Network Firewall policy that indicates that an
Availability Zone is missing the expected Firewall Manager managed
subnet.
$sel:networkFirewallPolicyModifiedViolation:ResourceViolation', resourceViolation_networkFirewallPolicyModifiedViolation - Violation detail for an Network Firewall policy that indicates that a
firewall policy in an individual account has been modified in a way that
makes it noncompliant. For example, the individual account owner might
have deleted a rule group, changed the priority of a stateless rule
group, or changed a policy default action.
$sel:networkFirewallUnexpectedFirewallRoutesViolation:ResourceViolation', resourceViolation_networkFirewallUnexpectedFirewallRoutesViolation - There's an unexpected firewall route.
$sel:networkFirewallUnexpectedGatewayRoutesViolation:ResourceViolation', resourceViolation_networkFirewallUnexpectedGatewayRoutesViolation - There's an unexpected gateway route.
$sel:possibleRemediationActions:ResourceViolation', resourceViolation_possibleRemediationActions - A list of possible remediation action lists. Each individual possible
remediation action is a list of individual remediation actions.
$sel:routeHasOutOfScopeEndpointViolation:ResourceViolation', resourceViolation_routeHasOutOfScopeEndpointViolation - Contains details about the route endpoint that violates the policy
scope.
$sel:thirdPartyFirewallMissingExpectedRouteTableViolation:ResourceViolation', resourceViolation_thirdPartyFirewallMissingExpectedRouteTableViolation - The violation details for a third-party firewall that has the Firewall
Manager managed route table that was associated with the third-party
firewall has been deleted.
$sel:thirdPartyFirewallMissingFirewallViolation:ResourceViolation', resourceViolation_thirdPartyFirewallMissingFirewallViolation - The violation details for a third-party firewall that's been deleted.
$sel:thirdPartyFirewallMissingSubnetViolation:ResourceViolation', resourceViolation_thirdPartyFirewallMissingSubnetViolation - The violation details for a third-party firewall's subnet that's been
deleted.
Route
Describes a route in a route table.
See: newRoute smart constructor.
Constructors
| Route' (Maybe Text) (Maybe DestinationType) (Maybe Text) (Maybe TargetType) |
Instances
| FromJSON Route Source # | |
| Generic Route Source # | |
| Read Route Source # | |
| Show Route Source # | |
| NFData Route Source # | |
Defined in Amazonka.FMS.Types.Route | |
| Eq Route Source # | |
| Hashable Route Source # | |
Defined in Amazonka.FMS.Types.Route | |
| type Rep Route Source # | |
Defined in Amazonka.FMS.Types.Route type Rep Route = D1 ('MetaData "Route" "Amazonka.FMS.Types.Route" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "Route'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "destination") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "destinationType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe DestinationType))) :*: (S1 ('MetaSel ('Just "target") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "targetType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe TargetType))))) | |
Create a value of Route with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:destination:Route', route_destination - The destination of the route.
$sel:destinationType:Route', route_destinationType - The type of destination for the route.
$sel:target:Route', route_target - The route's target.
$sel:targetType:Route', route_targetType - The type of target for the route.
RouteHasOutOfScopeEndpointViolation
data RouteHasOutOfScopeEndpointViolation Source #
Contains details about the route endpoint that violates the policy scope.
See: newRouteHasOutOfScopeEndpointViolation smart constructor.
Constructors
| RouteHasOutOfScopeEndpointViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text) (Maybe [Route]) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe [Route]) (Maybe Text) |
Instances
newRouteHasOutOfScopeEndpointViolation :: RouteHasOutOfScopeEndpointViolation Source #
Create a value of RouteHasOutOfScopeEndpointViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:currentFirewallSubnetRouteTable:RouteHasOutOfScopeEndpointViolation', routeHasOutOfScopeEndpointViolation_currentFirewallSubnetRouteTable - The route table associated with the current firewall subnet.
$sel:currentInternetGatewayRouteTable:RouteHasOutOfScopeEndpointViolation', routeHasOutOfScopeEndpointViolation_currentInternetGatewayRouteTable - The current route table associated with the Internet Gateway.
$sel:firewallSubnetId:RouteHasOutOfScopeEndpointViolation', routeHasOutOfScopeEndpointViolation_firewallSubnetId - The ID of the firewall subnet.
$sel:firewallSubnetRoutes:RouteHasOutOfScopeEndpointViolation', routeHasOutOfScopeEndpointViolation_firewallSubnetRoutes - The list of firewall subnet routes.
$sel:internetGatewayId:RouteHasOutOfScopeEndpointViolation', routeHasOutOfScopeEndpointViolation_internetGatewayId - The ID of the Internet Gateway.
$sel:internetGatewayRoutes:RouteHasOutOfScopeEndpointViolation', routeHasOutOfScopeEndpointViolation_internetGatewayRoutes - The routes in the route table associated with the Internet Gateway.
$sel:routeTableId:RouteHasOutOfScopeEndpointViolation', routeHasOutOfScopeEndpointViolation_routeTableId - The ID of the route table.
$sel:subnetAvailabilityZone:RouteHasOutOfScopeEndpointViolation', routeHasOutOfScopeEndpointViolation_subnetAvailabilityZone - The subnet's Availability Zone.
$sel:subnetAvailabilityZoneId:RouteHasOutOfScopeEndpointViolation', routeHasOutOfScopeEndpointViolation_subnetAvailabilityZoneId - The ID of the subnet's Availability Zone.
$sel:subnetId:RouteHasOutOfScopeEndpointViolation', routeHasOutOfScopeEndpointViolation_subnetId - The ID of the subnet associated with the route that violates the policy
scope.
$sel:violatingRoutes:RouteHasOutOfScopeEndpointViolation', routeHasOutOfScopeEndpointViolation_violatingRoutes - The list of routes that violate the route table.
$sel:vpcId:RouteHasOutOfScopeEndpointViolation', routeHasOutOfScopeEndpointViolation_vpcId - The VPC ID of the route that violates the policy scope.
SecurityGroupRemediationAction
data SecurityGroupRemediationAction Source #
Remediation option for the rule specified in the ViolationTarget.
See: newSecurityGroupRemediationAction smart constructor.
Constructors
| SecurityGroupRemediationAction' (Maybe Text) (Maybe Bool) (Maybe RemediationActionType) (Maybe SecurityGroupRuleDescription) |
Instances
newSecurityGroupRemediationAction :: SecurityGroupRemediationAction Source #
Create a value of SecurityGroupRemediationAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:SecurityGroupRemediationAction', securityGroupRemediationAction_description - Brief description of the action that will be performed.
$sel:isDefaultAction:SecurityGroupRemediationAction', securityGroupRemediationAction_isDefaultAction - Indicates if the current action is the default action.
$sel:remediationActionType:SecurityGroupRemediationAction', securityGroupRemediationAction_remediationActionType - The remediation action that will be performed.
$sel:remediationResult:SecurityGroupRemediationAction', securityGroupRemediationAction_remediationResult - The final state of the rule specified in the ViolationTarget after it
is remediated.
SecurityGroupRuleDescription
data SecurityGroupRuleDescription Source #
Describes a set of permissions for a security group rule.
See: newSecurityGroupRuleDescription smart constructor.
Constructors
| SecurityGroupRuleDescription' (Maybe Natural) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Natural) |
Instances
newSecurityGroupRuleDescription :: SecurityGroupRuleDescription Source #
Create a value of SecurityGroupRuleDescription with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:fromPort:SecurityGroupRuleDescription', securityGroupRuleDescription_fromPort - The start of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6
types.
$sel:iPV4Range:SecurityGroupRuleDescription', securityGroupRuleDescription_iPV4Range - The IPv4 ranges for the security group rule.
$sel:iPV6Range:SecurityGroupRuleDescription', securityGroupRuleDescription_iPV6Range - The IPv6 ranges for the security group rule.
$sel:prefixListId:SecurityGroupRuleDescription', securityGroupRuleDescription_prefixListId - The ID of the prefix list for the security group rule.
$sel:protocol:SecurityGroupRuleDescription', securityGroupRuleDescription_protocol - The IP protocol name (tcp, udp, icmp, icmpv6) or number.
$sel:toPort:SecurityGroupRuleDescription', securityGroupRuleDescription_toPort - The end of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes.
SecurityServicePolicyData
data SecurityServicePolicyData Source #
Details about the security service that is being used to protect the resources.
See: newSecurityServicePolicyData smart constructor.
Constructors
| SecurityServicePolicyData' (Maybe Text) (Maybe PolicyOption) SecurityServiceType |
Instances
newSecurityServicePolicyData Source #
Create a value of SecurityServicePolicyData with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:managedServiceData:SecurityServicePolicyData', securityServicePolicyData_managedServiceData - Details about the service that are specific to the service type, in JSON
format.
Example:
DNS_FIREWALL"{\"type\":\"DNS_FIREWALL\",\"preProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-1\",\"priority\":10}],\"postProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-2\",\"priority\":9911}]}"Valid values for
preProcessRuleGroupsare between 1 and 99. Valid values forpostProcessRuleGroupsare between 9901 and 10000.Example:
NETWORK_FIREWALL- Centralized deployment model"{\"type\":\"NETWORK_FIREWALL\",\"awsNetworkFirewallConfig\":{\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}},\"firewallDeploymentModel\":{\"centralizedFirewallDeploymentModel\":{\"centralizedFirewallOrchestrationConfig\":{\"inspectionVpcIds\":[{\"resourceId\":\"vpc-1234\",\"accountId\":\"123456789011\"}],\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneId\":null,\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]}]}},\"allowedIPV4CidrList\":[]}}}}"To use the centralized deployment model, you must set PolicyOption to
CENTRALIZED.Example:
NETWORK_FIREWALL- Distributed deployment model with automatic Availability Zone configuration"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"OFF\"},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}}"With automatic Availbility Zone configuration, Firewall Manager chooses which Availability Zones to create the endpoints in. To use the distributed deployment model, you must set PolicyOption to
NULL.Example:
NETWORK_FIREWALL- Distributed deployment model with automatic Availability Zone configuration and route management"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"]},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\": \"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}}"To use the distributed deployment model, you must set PolicyOption to
NULL.Example:
NETWORK_FIREWALL- Distributed deployment model with custom Availability Zone configuration"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\", \"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}},{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"fragmentmetricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"firewallCreationConfig\":{ \"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]},{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[ \"10.0.0.0/28\"]}]} },\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"OFF\",\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":boolean}}"With custom Availability Zone configuration, you define which specific Availability Zones to create endpoints in by configuring
firewallCreationConfig. To configure the Availability Zones infirewallCreationConfig, specify either theavailabilityZoneNameoravailabilityZoneIdparameter, not both parameters.To use the distributed deployment model, you must set PolicyOption to
NULL.Example:
NETWORK_FIREWALL- Distributed deployment model with custom Availability Zone configuration and route management"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}},{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"fragmentmetricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]},{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]}]}},\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"],\"routeManagementConfig\":{\"allowCrossAZTrafficIfNoEndpoint\":true}},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":boolean}}"To use the distributed deployment model, you must set PolicyOption to
NULL.Example:
THIRD_PARTY_FIREWALL"{ "type":"THIRD_PARTY_FIREWALL", "thirdPartyFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW", "thirdPartyFirewallConfig":{ "thirdPartyFirewallPolicyList":["global-1"] }, "firewallDeploymentModel":{ "distributedFirewallDeploymentModel":{ "distributedFirewallOrchestrationConfig":{ "firewallCreationConfig":{ "endpointLocation":{ "availabilityZoneConfigList":[ { "availabilityZoneName":"${AvailabilityZone}" } ] } }, "allowedIPV4CidrList":[ ] } } } }"Example:
SECURITY_GROUPS_COMMON"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"Example:
SECURITY_GROUPS_COMMON- Security group tag distribution""{\"type\":\"SECURITY_GROUPS_COMMON\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"revertManualSecurityGroupChanges\":true,\"exclusiveResourceSecurityGroupManagement\":false,\"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":false,\"enableTagDistribution\":true}""Firewall Manager automatically distributes tags from the primary group to the security groups created by this policy. To use security group tag distribution, you must also set
revertManualSecurityGroupChangestotrue, otherwise Firewall Manager won't be able to create the policy. When you enablerevertManualSecurityGroupChanges, Firewall Manager identifies and reports when the security groups created by this policy become non-compliant.Firewall Manager won't distrubute system tags added by Amazon Web Services services into the replica security groups. System tags begin with the
aws:prefix.Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns
"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":true,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"Example:
SECURITY_GROUPS_CONTENT_AUDIT"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"The security group action for content audit can be
ALLOWorDENY. ForALLOW, all in-scope security group rules must be within the allowed range of the policy's security group rules. ForDENY, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.Example:
SECURITY_GROUPS_USAGE_AUDIT"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"Specification for
SHIELD_ADVANCEDfor Amazon CloudFront distributions"{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": {\"automaticResponseStatus\":\"ENABLED|IGNORED|DISABLED\", \"automaticResponseAction\":\"BLOCK|COUNT\"}, \"overrideCustomerWebaclClassic\":true|false}"For example:
"{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": {\"automaticResponseStatus\":\"ENABLED\", \"automaticResponseAction\":\"COUNT\"}}"The default value for
automaticResponseStatusisIGNORED. The value forautomaticResponseActionis only required whenautomaticResponseStatusis set toENABLED. The default value foroverrideCustomerWebaclClassicisfalse.For other resource types that you can protect with a Shield Advanced policy, this
ManagedServiceDataconfiguration is an empty string.Example:
WAFV2"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAmazonIpReputationList\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"In the
loggingConfiguration, you can specify onelogDestinationConfigs, you can optionally provide up to 20redactedFields, and theRedactedFieldTypemust be one ofURI,QUERY_STRING,HEADER, orMETHOD.Example:
WAFV2- Firewall Manager support for WAF managed rule group versioning"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"versionEnabled\":true,\"version\":\"Version_2.0\",\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesCommonRuleSet\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"To use a specific version of a WAF managed rule group in your Firewall Manager policy, you must set
versionEnabledtotrue, and setversionto the version you'd like to use. If you don't setversionEnabledtotrue, or if you omitversionEnabled, then Firewall Manager uses the default version of the WAF managed rule group.Example:
WAF Classic"{\"type\": \"WAF\", \"ruleGroups\": [{\"id\":\"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}"
$sel:policyOption:SecurityServicePolicyData', securityServicePolicyData_policyOption - Contains the Network Firewall firewall policy options to configure a
centralized deployment model.
$sel:type':SecurityServicePolicyData', securityServicePolicyData_type - The service that the policy is using to protect the resources. This
specifies the type of policy that is created, either an WAF policy, a
Shield Advanced policy, or a security group policy. For security group
policies, Firewall Manager supports one security group for each common
policy and for each content audit policy. This is an adjustable limit
that you can increase by contacting Amazon Web Services Support.
StatefulEngineOptions
data StatefulEngineOptions Source #
Configuration settings for the handling of the stateful rule groups in a Network Firewall firewall policy.
See: newStatefulEngineOptions smart constructor.
Constructors
| StatefulEngineOptions' (Maybe RuleOrder) |
Instances
newStatefulEngineOptions :: StatefulEngineOptions Source #
Create a value of StatefulEngineOptions with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:ruleOrder:StatefulEngineOptions', statefulEngineOptions_ruleOrder - Indicates how to manage the order of stateful rule evaluation for the
policy. DEFAULT_ACTION_ORDER is the default behavior. Stateful rules
are provided to the rule engine as Suricata compatible strings, and
Suricata evaluates them based on certain settings. For more information,
see
Evaluation order for stateful rules
in the Network Firewall Developer Guide.
StatefulRuleGroup
data StatefulRuleGroup Source #
Network Firewall stateful rule group, used in a NetworkFirewallPolicyDescription.
See: newStatefulRuleGroup smart constructor.
Constructors
| StatefulRuleGroup' (Maybe NetworkFirewallStatefulRuleGroupOverride) (Maybe Int) (Maybe Text) (Maybe Text) |
Instances
newStatefulRuleGroup :: StatefulRuleGroup Source #
Create a value of StatefulRuleGroup with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:override:StatefulRuleGroup', statefulRuleGroup_override - The action that allows the policy owner to override the behavior of the
rule group within a policy.
$sel:priority:StatefulRuleGroup', statefulRuleGroup_priority - An integer setting that indicates the order in which to run the stateful
rule groups in a single Network Firewall firewall policy. This setting
only applies to firewall policies that specify the STRICT_ORDER rule
order in the stateful engine options settings.
Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy. For information about
You can change the priority settings of your rule groups at any time. To make it easier to insert rule groups later, number them so there's a wide range in between, for example use 100, 200, and so on.
$sel:resourceId:StatefulRuleGroup', statefulRuleGroup_resourceId - The resource ID of the rule group.
$sel:ruleGroupName:StatefulRuleGroup', statefulRuleGroup_ruleGroupName - The name of the rule group.
StatelessRuleGroup
data StatelessRuleGroup Source #
Network Firewall stateless rule group, used in a NetworkFirewallPolicyDescription.
See: newStatelessRuleGroup smart constructor.
Instances
newStatelessRuleGroup :: StatelessRuleGroup Source #
Create a value of StatelessRuleGroup with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:priority:StatelessRuleGroup', statelessRuleGroup_priority - The priority of the rule group. Network Firewall evaluates the stateless
rule groups in a firewall policy starting from the lowest priority
setting.
$sel:resourceId:StatelessRuleGroup', statelessRuleGroup_resourceId - The resource ID of the rule group.
$sel:ruleGroupName:StatelessRuleGroup', statelessRuleGroup_ruleGroupName - The name of the rule group.
Tag
A collection of key:value pairs associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each Amazon Web Services resource.
See: newTag smart constructor.
Instances
| FromJSON Tag Source # | |
| ToJSON Tag Source # | |
Defined in Amazonka.FMS.Types.Tag | |
| Generic Tag Source # | |
| Read Tag Source # | |
| Show Tag Source # | |
| NFData Tag Source # | |
Defined in Amazonka.FMS.Types.Tag | |
| Eq Tag Source # | |
| Hashable Tag Source # | |
Defined in Amazonka.FMS.Types.Tag | |
| type Rep Tag Source # | |
Defined in Amazonka.FMS.Types.Tag type Rep Tag = D1 ('MetaData "Tag" "Amazonka.FMS.Types.Tag" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "Tag'" 'PrefixI 'True) (S1 ('MetaSel ('Just "key") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "value") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) | |
Create a value of Tag with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:key:Tag', tag_key - Part of the key:value pair that defines a tag. You can use a tag key to
describe a category of information, such as "customer." Tag keys are
case-sensitive.
$sel:value:Tag', tag_value - Part of the key:value pair that defines a tag. You can use a tag value
to describe a specific value within a category, such as "companyA" or
"companyB." Tag values are case-sensitive.
ThirdPartyFirewallFirewallPolicy
data ThirdPartyFirewallFirewallPolicy Source #
Configures the third-party firewall's firewall policy.
See: newThirdPartyFirewallFirewallPolicy smart constructor.
Constructors
| ThirdPartyFirewallFirewallPolicy' (Maybe Text) (Maybe Text) |
Instances
newThirdPartyFirewallFirewallPolicy :: ThirdPartyFirewallFirewallPolicy Source #
Create a value of ThirdPartyFirewallFirewallPolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallPolicyId:ThirdPartyFirewallFirewallPolicy', thirdPartyFirewallFirewallPolicy_firewallPolicyId - The ID of the specified firewall policy.
$sel:firewallPolicyName:ThirdPartyFirewallFirewallPolicy', thirdPartyFirewallFirewallPolicy_firewallPolicyName - The name of the specified firewall policy.
ThirdPartyFirewallMissingExpectedRouteTableViolation
data ThirdPartyFirewallMissingExpectedRouteTableViolation Source #
The violation details for a third-party firewall that's not associated with an Firewall Manager managed route table.
See: newThirdPartyFirewallMissingExpectedRouteTableViolation smart constructor.
Constructors
| ThirdPartyFirewallMissingExpectedRouteTableViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newThirdPartyFirewallMissingExpectedRouteTableViolation :: ThirdPartyFirewallMissingExpectedRouteTableViolation Source #
Create a value of ThirdPartyFirewallMissingExpectedRouteTableViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:ThirdPartyFirewallMissingExpectedRouteTableViolation', thirdPartyFirewallMissingExpectedRouteTableViolation_availabilityZone - The Availability Zone of the firewall subnet that's causing the
violation.
$sel:currentRouteTable:ThirdPartyFirewallMissingExpectedRouteTableViolation', thirdPartyFirewallMissingExpectedRouteTableViolation_currentRouteTable - The resource ID of the current route table that's associated with the
subnet, if one is available.
$sel:expectedRouteTable:ThirdPartyFirewallMissingExpectedRouteTableViolation', thirdPartyFirewallMissingExpectedRouteTableViolation_expectedRouteTable - The resource ID of the route table that should be associated with the
subnet.
$sel:vpc:ThirdPartyFirewallMissingExpectedRouteTableViolation', thirdPartyFirewallMissingExpectedRouteTableViolation_vpc - The resource ID of the VPC associated with a fireawll subnet that's
causing the violation.
$sel:violationTarget:ThirdPartyFirewallMissingExpectedRouteTableViolation', thirdPartyFirewallMissingExpectedRouteTableViolation_violationTarget - The ID of the third-party firewall or VPC resource that's causing the
violation.
ThirdPartyFirewallMissingFirewallViolation
data ThirdPartyFirewallMissingFirewallViolation Source #
The violation details about a third-party firewall's subnet that doesn't have a Firewall Manager managed firewall in its VPC.
See: newThirdPartyFirewallMissingFirewallViolation smart constructor.
Constructors
| ThirdPartyFirewallMissingFirewallViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newThirdPartyFirewallMissingFirewallViolation :: ThirdPartyFirewallMissingFirewallViolation Source #
Create a value of ThirdPartyFirewallMissingFirewallViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:ThirdPartyFirewallMissingFirewallViolation', thirdPartyFirewallMissingFirewallViolation_availabilityZone - The Availability Zone of the third-party firewall that's causing the
violation.
$sel:targetViolationReason:ThirdPartyFirewallMissingFirewallViolation', thirdPartyFirewallMissingFirewallViolation_targetViolationReason - The reason the resource is causing this violation, if a reason is
available.
$sel:vpc:ThirdPartyFirewallMissingFirewallViolation', thirdPartyFirewallMissingFirewallViolation_vpc - The resource ID of the VPC associated with a third-party firewall.
$sel:violationTarget:ThirdPartyFirewallMissingFirewallViolation', thirdPartyFirewallMissingFirewallViolation_violationTarget - The ID of the third-party firewall that's causing the violation.
ThirdPartyFirewallMissingSubnetViolation
data ThirdPartyFirewallMissingSubnetViolation Source #
The violation details for a third-party firewall for an Availability Zone that's missing the Firewall Manager managed subnet.
See: newThirdPartyFirewallMissingSubnetViolation smart constructor.
Constructors
| ThirdPartyFirewallMissingSubnetViolation' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) |
Instances
newThirdPartyFirewallMissingSubnetViolation :: ThirdPartyFirewallMissingSubnetViolation Source #
Create a value of ThirdPartyFirewallMissingSubnetViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:ThirdPartyFirewallMissingSubnetViolation', thirdPartyFirewallMissingSubnetViolation_availabilityZone - The Availability Zone of a subnet that's causing the violation.
$sel:targetViolationReason:ThirdPartyFirewallMissingSubnetViolation', thirdPartyFirewallMissingSubnetViolation_targetViolationReason - The reason the resource is causing the violation, if a reason is
available.
$sel:vpc:ThirdPartyFirewallMissingSubnetViolation', thirdPartyFirewallMissingSubnetViolation_vpc - The resource ID of the VPC associated with a subnet that's causing the
violation.
$sel:violationTarget:ThirdPartyFirewallMissingSubnetViolation', thirdPartyFirewallMissingSubnetViolation_violationTarget - The ID of the third-party firewall or VPC resource that's causing the
violation.
ThirdPartyFirewallPolicy
data ThirdPartyFirewallPolicy Source #
Configures the deployment model for the third-party firewall.
See: newThirdPartyFirewallPolicy smart constructor.
Constructors
| ThirdPartyFirewallPolicy' (Maybe FirewallDeploymentModel) |
Instances
newThirdPartyFirewallPolicy :: ThirdPartyFirewallPolicy Source #
Create a value of ThirdPartyFirewallPolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallDeploymentModel:ThirdPartyFirewallPolicy', thirdPartyFirewallPolicy_firewallDeploymentModel - Defines the deployment model to use for the third-party firewall policy.
ViolationDetail
data ViolationDetail Source #
Violations for a resource based on the specified Firewall Manager policy and Amazon Web Services account.
See: newViolationDetail smart constructor.
Constructors
| ViolationDetail' (Maybe Text) (Maybe [Tag]) Text Text Text Text [ResourceViolation] |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> Text | |
| -> Text | |
| -> ViolationDetail |
Create a value of ViolationDetail with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceDescription:ViolationDetail', violationDetail_resourceDescription - Brief description for the requested resource.
$sel:resourceTags:ViolationDetail', violationDetail_resourceTags - The ResourceTag objects associated with the resource.
$sel:policyId:ViolationDetail', violationDetail_policyId - The ID of the Firewall Manager policy that the violation details were
requested for.
$sel:memberAccount:ViolationDetail', violationDetail_memberAccount - The Amazon Web Services account that the violation details were
requested for.
$sel:resourceId:ViolationDetail', violationDetail_resourceId - The resource ID that the violation details were requested for.
$sel:resourceType:ViolationDetail', violationDetail_resourceType - The resource type that the violation details were requested for.
$sel:resourceViolations:ViolationDetail', violationDetail_resourceViolations - List of violations for the requested resource.