Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
- Operations
- AssociateAdminAccount
- AssociateThirdPartyFirewall
- BatchAssociateResource
- BatchDisassociateResource
- DeleteAppsList
- DeleteNotificationChannel
- DeletePolicy
- DeleteProtocolsList
- DeleteResourceSet
- DisassociateAdminAccount
- DisassociateThirdPartyFirewall
- GetAdminAccount
- GetAppsList
- GetComplianceDetail
- GetNotificationChannel
- GetPolicy
- GetProtectionStatus
- GetProtocolsList
- GetResourceSet
- GetThirdPartyFirewallAssociationStatus
- GetViolationDetails
- ListAppsLists
- ListComplianceStatus
- ListDiscoveredResources
- ListMemberAccounts
- ListPolicies
- ListProtocolsLists
- ListResourceSetResources
- ListResourceSets
- ListTagsForResource
- ListThirdPartyFirewallFirewallPolicies
- PutAppsList
- PutNotificationChannel
- PutPolicy
- PutProtocolsList
- PutResourceSet
- TagResource
- UntagResource
- Types
- ActionTarget
- App
- AppsListData
- AppsListDataSummary
- AwsEc2InstanceViolation
- AwsEc2NetworkInterfaceViolation
- AwsVPCSecurityGroupViolation
- ComplianceViolator
- DiscoveredResource
- DnsDuplicateRuleGroupViolation
- DnsRuleGroupLimitExceededViolation
- DnsRuleGroupPriorityConflictViolation
- EC2AssociateRouteTableAction
- EC2CopyRouteTableAction
- EC2CreateRouteAction
- EC2CreateRouteTableAction
- EC2DeleteRouteAction
- EC2ReplaceRouteAction
- EC2ReplaceRouteTableAssociationAction
- EvaluationResult
- ExpectedRoute
- FMSPolicyUpdateFirewallCreationConfigAction
- FailedItem
- FirewallSubnetIsOutOfScopeViolation
- FirewallSubnetMissingVPCEndpointViolation
- NetworkFirewallBlackHoleRouteDetectedViolation
- NetworkFirewallInternetTrafficNotInspectedViolation
- NetworkFirewallInvalidRouteConfigurationViolation
- NetworkFirewallMissingExpectedRTViolation
- NetworkFirewallMissingExpectedRoutesViolation
- NetworkFirewallMissingFirewallViolation
- NetworkFirewallMissingSubnetViolation
- NetworkFirewallPolicy
- NetworkFirewallPolicyDescription
- NetworkFirewallPolicyModifiedViolation
- NetworkFirewallStatefulRuleGroupOverride
- NetworkFirewallUnexpectedFirewallRoutesViolation
- NetworkFirewallUnexpectedGatewayRoutesViolation
- PartialMatch
- Policy
- PolicyComplianceDetail
- PolicyComplianceStatus
- PolicyOption
- PolicySummary
- PossibleRemediationAction
- PossibleRemediationActions
- ProtocolsListData
- ProtocolsListDataSummary
- RemediationAction
- RemediationActionWithOrder
- Resource
- ResourceSet
- ResourceSetSummary
- ResourceTag
- ResourceViolation
- Route
- RouteHasOutOfScopeEndpointViolation
- SecurityGroupRemediationAction
- SecurityGroupRuleDescription
- SecurityServicePolicyData
- StatefulEngineOptions
- StatefulRuleGroup
- StatelessRuleGroup
- Tag
- ThirdPartyFirewallFirewallPolicy
- ThirdPartyFirewallMissingExpectedRouteTableViolation
- ThirdPartyFirewallMissingFirewallViolation
- ThirdPartyFirewallMissingSubnetViolation
- ThirdPartyFirewallPolicy
- ViolationDetail
Synopsis
- associateAdminAccount_adminAccount :: Lens' AssociateAdminAccount Text
- associateThirdPartyFirewall_thirdPartyFirewall :: Lens' AssociateThirdPartyFirewall ThirdPartyFirewall
- associateThirdPartyFirewallResponse_thirdPartyFirewallStatus :: Lens' AssociateThirdPartyFirewallResponse (Maybe ThirdPartyFirewallAssociationStatus)
- associateThirdPartyFirewallResponse_httpStatus :: Lens' AssociateThirdPartyFirewallResponse Int
- batchAssociateResource_resourceSetIdentifier :: Lens' BatchAssociateResource Text
- batchAssociateResource_items :: Lens' BatchAssociateResource [Text]
- batchAssociateResourceResponse_httpStatus :: Lens' BatchAssociateResourceResponse Int
- batchAssociateResourceResponse_resourceSetIdentifier :: Lens' BatchAssociateResourceResponse Text
- batchAssociateResourceResponse_failedItems :: Lens' BatchAssociateResourceResponse [FailedItem]
- batchDisassociateResource_resourceSetIdentifier :: Lens' BatchDisassociateResource Text
- batchDisassociateResource_items :: Lens' BatchDisassociateResource [Text]
- batchDisassociateResourceResponse_httpStatus :: Lens' BatchDisassociateResourceResponse Int
- batchDisassociateResourceResponse_resourceSetIdentifier :: Lens' BatchDisassociateResourceResponse Text
- batchDisassociateResourceResponse_failedItems :: Lens' BatchDisassociateResourceResponse [FailedItem]
- deleteAppsList_listId :: Lens' DeleteAppsList Text
- deletePolicy_deleteAllPolicyResources :: Lens' DeletePolicy (Maybe Bool)
- deletePolicy_policyId :: Lens' DeletePolicy Text
- deleteProtocolsList_listId :: Lens' DeleteProtocolsList Text
- deleteResourceSet_identifier :: Lens' DeleteResourceSet Text
- disassociateThirdPartyFirewall_thirdPartyFirewall :: Lens' DisassociateThirdPartyFirewall ThirdPartyFirewall
- disassociateThirdPartyFirewallResponse_thirdPartyFirewallStatus :: Lens' DisassociateThirdPartyFirewallResponse (Maybe ThirdPartyFirewallAssociationStatus)
- disassociateThirdPartyFirewallResponse_httpStatus :: Lens' DisassociateThirdPartyFirewallResponse Int
- getAdminAccountResponse_adminAccount :: Lens' GetAdminAccountResponse (Maybe Text)
- getAdminAccountResponse_roleStatus :: Lens' GetAdminAccountResponse (Maybe AccountRoleStatus)
- getAdminAccountResponse_httpStatus :: Lens' GetAdminAccountResponse Int
- getAppsList_defaultList :: Lens' GetAppsList (Maybe Bool)
- getAppsList_listId :: Lens' GetAppsList Text
- getAppsListResponse_appsList :: Lens' GetAppsListResponse (Maybe AppsListData)
- getAppsListResponse_appsListArn :: Lens' GetAppsListResponse (Maybe Text)
- getAppsListResponse_httpStatus :: Lens' GetAppsListResponse Int
- getComplianceDetail_policyId :: Lens' GetComplianceDetail Text
- getComplianceDetail_memberAccount :: Lens' GetComplianceDetail Text
- getComplianceDetailResponse_policyComplianceDetail :: Lens' GetComplianceDetailResponse (Maybe PolicyComplianceDetail)
- getComplianceDetailResponse_httpStatus :: Lens' GetComplianceDetailResponse Int
- getNotificationChannelResponse_snsRoleName :: Lens' GetNotificationChannelResponse (Maybe Text)
- getNotificationChannelResponse_snsTopicArn :: Lens' GetNotificationChannelResponse (Maybe Text)
- getNotificationChannelResponse_httpStatus :: Lens' GetNotificationChannelResponse Int
- getPolicy_policyId :: Lens' GetPolicy Text
- getPolicyResponse_policy :: Lens' GetPolicyResponse (Maybe Policy)
- getPolicyResponse_policyArn :: Lens' GetPolicyResponse (Maybe Text)
- getPolicyResponse_httpStatus :: Lens' GetPolicyResponse Int
- getProtectionStatus_endTime :: Lens' GetProtectionStatus (Maybe UTCTime)
- getProtectionStatus_maxResults :: Lens' GetProtectionStatus (Maybe Natural)
- getProtectionStatus_memberAccountId :: Lens' GetProtectionStatus (Maybe Text)
- getProtectionStatus_nextToken :: Lens' GetProtectionStatus (Maybe Text)
- getProtectionStatus_startTime :: Lens' GetProtectionStatus (Maybe UTCTime)
- getProtectionStatus_policyId :: Lens' GetProtectionStatus Text
- getProtectionStatusResponse_adminAccountId :: Lens' GetProtectionStatusResponse (Maybe Text)
- getProtectionStatusResponse_data :: Lens' GetProtectionStatusResponse (Maybe Text)
- getProtectionStatusResponse_nextToken :: Lens' GetProtectionStatusResponse (Maybe Text)
- getProtectionStatusResponse_serviceType :: Lens' GetProtectionStatusResponse (Maybe SecurityServiceType)
- getProtectionStatusResponse_httpStatus :: Lens' GetProtectionStatusResponse Int
- getProtocolsList_defaultList :: Lens' GetProtocolsList (Maybe Bool)
- getProtocolsList_listId :: Lens' GetProtocolsList Text
- getProtocolsListResponse_protocolsList :: Lens' GetProtocolsListResponse (Maybe ProtocolsListData)
- getProtocolsListResponse_protocolsListArn :: Lens' GetProtocolsListResponse (Maybe Text)
- getProtocolsListResponse_httpStatus :: Lens' GetProtocolsListResponse Int
- getResourceSet_identifier :: Lens' GetResourceSet Text
- getResourceSetResponse_httpStatus :: Lens' GetResourceSetResponse Int
- getResourceSetResponse_resourceSet :: Lens' GetResourceSetResponse ResourceSet
- getResourceSetResponse_resourceSetArn :: Lens' GetResourceSetResponse Text
- getThirdPartyFirewallAssociationStatus_thirdPartyFirewall :: Lens' GetThirdPartyFirewallAssociationStatus ThirdPartyFirewall
- getThirdPartyFirewallAssociationStatusResponse_marketplaceOnboardingStatus :: Lens' GetThirdPartyFirewallAssociationStatusResponse (Maybe MarketplaceSubscriptionOnboardingStatus)
- getThirdPartyFirewallAssociationStatusResponse_thirdPartyFirewallStatus :: Lens' GetThirdPartyFirewallAssociationStatusResponse (Maybe ThirdPartyFirewallAssociationStatus)
- getThirdPartyFirewallAssociationStatusResponse_httpStatus :: Lens' GetThirdPartyFirewallAssociationStatusResponse Int
- getViolationDetails_policyId :: Lens' GetViolationDetails Text
- getViolationDetails_memberAccount :: Lens' GetViolationDetails Text
- getViolationDetails_resourceId :: Lens' GetViolationDetails Text
- getViolationDetails_resourceType :: Lens' GetViolationDetails Text
- getViolationDetailsResponse_violationDetail :: Lens' GetViolationDetailsResponse (Maybe ViolationDetail)
- getViolationDetailsResponse_httpStatus :: Lens' GetViolationDetailsResponse Int
- listAppsLists_defaultLists :: Lens' ListAppsLists (Maybe Bool)
- listAppsLists_nextToken :: Lens' ListAppsLists (Maybe Text)
- listAppsLists_maxResults :: Lens' ListAppsLists Natural
- listAppsListsResponse_appsLists :: Lens' ListAppsListsResponse (Maybe [AppsListDataSummary])
- listAppsListsResponse_nextToken :: Lens' ListAppsListsResponse (Maybe Text)
- listAppsListsResponse_httpStatus :: Lens' ListAppsListsResponse Int
- listComplianceStatus_maxResults :: Lens' ListComplianceStatus (Maybe Natural)
- listComplianceStatus_nextToken :: Lens' ListComplianceStatus (Maybe Text)
- listComplianceStatus_policyId :: Lens' ListComplianceStatus Text
- listComplianceStatusResponse_nextToken :: Lens' ListComplianceStatusResponse (Maybe Text)
- listComplianceStatusResponse_policyComplianceStatusList :: Lens' ListComplianceStatusResponse (Maybe [PolicyComplianceStatus])
- listComplianceStatusResponse_httpStatus :: Lens' ListComplianceStatusResponse Int
- listDiscoveredResources_maxResults :: Lens' ListDiscoveredResources (Maybe Natural)
- listDiscoveredResources_nextToken :: Lens' ListDiscoveredResources (Maybe Text)
- listDiscoveredResources_memberAccountIds :: Lens' ListDiscoveredResources [Text]
- listDiscoveredResources_resourceType :: Lens' ListDiscoveredResources Text
- listDiscoveredResourcesResponse_items :: Lens' ListDiscoveredResourcesResponse (Maybe [DiscoveredResource])
- listDiscoveredResourcesResponse_nextToken :: Lens' ListDiscoveredResourcesResponse (Maybe Text)
- listDiscoveredResourcesResponse_httpStatus :: Lens' ListDiscoveredResourcesResponse Int
- listMemberAccounts_maxResults :: Lens' ListMemberAccounts (Maybe Natural)
- listMemberAccounts_nextToken :: Lens' ListMemberAccounts (Maybe Text)
- listMemberAccountsResponse_memberAccounts :: Lens' ListMemberAccountsResponse (Maybe [Text])
- listMemberAccountsResponse_nextToken :: Lens' ListMemberAccountsResponse (Maybe Text)
- listMemberAccountsResponse_httpStatus :: Lens' ListMemberAccountsResponse Int
- listPolicies_maxResults :: Lens' ListPolicies (Maybe Natural)
- listPolicies_nextToken :: Lens' ListPolicies (Maybe Text)
- listPoliciesResponse_nextToken :: Lens' ListPoliciesResponse (Maybe Text)
- listPoliciesResponse_policyList :: Lens' ListPoliciesResponse (Maybe [PolicySummary])
- listPoliciesResponse_httpStatus :: Lens' ListPoliciesResponse Int
- listProtocolsLists_defaultLists :: Lens' ListProtocolsLists (Maybe Bool)
- listProtocolsLists_nextToken :: Lens' ListProtocolsLists (Maybe Text)
- listProtocolsLists_maxResults :: Lens' ListProtocolsLists Natural
- listProtocolsListsResponse_nextToken :: Lens' ListProtocolsListsResponse (Maybe Text)
- listProtocolsListsResponse_protocolsLists :: Lens' ListProtocolsListsResponse (Maybe [ProtocolsListDataSummary])
- listProtocolsListsResponse_httpStatus :: Lens' ListProtocolsListsResponse Int
- listResourceSetResources_maxResults :: Lens' ListResourceSetResources (Maybe Natural)
- listResourceSetResources_nextToken :: Lens' ListResourceSetResources (Maybe Text)
- listResourceSetResources_identifier :: Lens' ListResourceSetResources Text
- listResourceSetResourcesResponse_nextToken :: Lens' ListResourceSetResourcesResponse (Maybe Text)
- listResourceSetResourcesResponse_httpStatus :: Lens' ListResourceSetResourcesResponse Int
- listResourceSetResourcesResponse_items :: Lens' ListResourceSetResourcesResponse [Resource]
- listResourceSets_maxResults :: Lens' ListResourceSets (Maybe Natural)
- listResourceSets_nextToken :: Lens' ListResourceSets (Maybe Text)
- listResourceSetsResponse_nextToken :: Lens' ListResourceSetsResponse (Maybe Text)
- listResourceSetsResponse_resourceSets :: Lens' ListResourceSetsResponse (Maybe [ResourceSetSummary])
- listResourceSetsResponse_httpStatus :: Lens' ListResourceSetsResponse Int
- listTagsForResource_resourceArn :: Lens' ListTagsForResource Text
- listTagsForResourceResponse_tagList :: Lens' ListTagsForResourceResponse (Maybe [Tag])
- listTagsForResourceResponse_httpStatus :: Lens' ListTagsForResourceResponse Int
- listThirdPartyFirewallFirewallPolicies_nextToken :: Lens' ListThirdPartyFirewallFirewallPolicies (Maybe Text)
- listThirdPartyFirewallFirewallPolicies_thirdPartyFirewall :: Lens' ListThirdPartyFirewallFirewallPolicies ThirdPartyFirewall
- listThirdPartyFirewallFirewallPolicies_maxResults :: Lens' ListThirdPartyFirewallFirewallPolicies Natural
- listThirdPartyFirewallFirewallPoliciesResponse_nextToken :: Lens' ListThirdPartyFirewallFirewallPoliciesResponse (Maybe Text)
- listThirdPartyFirewallFirewallPoliciesResponse_thirdPartyFirewallFirewallPolicies :: Lens' ListThirdPartyFirewallFirewallPoliciesResponse (Maybe [ThirdPartyFirewallFirewallPolicy])
- listThirdPartyFirewallFirewallPoliciesResponse_httpStatus :: Lens' ListThirdPartyFirewallFirewallPoliciesResponse Int
- putAppsList_tagList :: Lens' PutAppsList (Maybe [Tag])
- putAppsList_appsList :: Lens' PutAppsList AppsListData
- putAppsListResponse_appsList :: Lens' PutAppsListResponse (Maybe AppsListData)
- putAppsListResponse_appsListArn :: Lens' PutAppsListResponse (Maybe Text)
- putAppsListResponse_httpStatus :: Lens' PutAppsListResponse Int
- putNotificationChannel_snsTopicArn :: Lens' PutNotificationChannel Text
- putNotificationChannel_snsRoleName :: Lens' PutNotificationChannel Text
- putPolicy_tagList :: Lens' PutPolicy (Maybe [Tag])
- putPolicy_policy :: Lens' PutPolicy Policy
- putPolicyResponse_policy :: Lens' PutPolicyResponse (Maybe Policy)
- putPolicyResponse_policyArn :: Lens' PutPolicyResponse (Maybe Text)
- putPolicyResponse_httpStatus :: Lens' PutPolicyResponse Int
- putProtocolsList_tagList :: Lens' PutProtocolsList (Maybe [Tag])
- putProtocolsList_protocolsList :: Lens' PutProtocolsList ProtocolsListData
- putProtocolsListResponse_protocolsList :: Lens' PutProtocolsListResponse (Maybe ProtocolsListData)
- putProtocolsListResponse_protocolsListArn :: Lens' PutProtocolsListResponse (Maybe Text)
- putProtocolsListResponse_httpStatus :: Lens' PutProtocolsListResponse Int
- putResourceSet_tagList :: Lens' PutResourceSet (Maybe [Tag])
- putResourceSet_resourceSet :: Lens' PutResourceSet ResourceSet
- putResourceSetResponse_httpStatus :: Lens' PutResourceSetResponse Int
- putResourceSetResponse_resourceSet :: Lens' PutResourceSetResponse ResourceSet
- putResourceSetResponse_resourceSetArn :: Lens' PutResourceSetResponse Text
- tagResource_resourceArn :: Lens' TagResource Text
- tagResource_tagList :: Lens' TagResource [Tag]
- tagResourceResponse_httpStatus :: Lens' TagResourceResponse Int
- untagResource_resourceArn :: Lens' UntagResource Text
- untagResource_tagKeys :: Lens' UntagResource [Text]
- untagResourceResponse_httpStatus :: Lens' UntagResourceResponse Int
- actionTarget_description :: Lens' ActionTarget (Maybe Text)
- actionTarget_resourceId :: Lens' ActionTarget (Maybe Text)
- app_appName :: Lens' App Text
- app_protocol :: Lens' App Text
- app_port :: Lens' App Natural
- appsListData_createTime :: Lens' AppsListData (Maybe UTCTime)
- appsListData_lastUpdateTime :: Lens' AppsListData (Maybe UTCTime)
- appsListData_listId :: Lens' AppsListData (Maybe Text)
- appsListData_listUpdateToken :: Lens' AppsListData (Maybe Text)
- appsListData_previousAppsList :: Lens' AppsListData (Maybe (HashMap Text [App]))
- appsListData_listName :: Lens' AppsListData Text
- appsListData_appsList :: Lens' AppsListData [App]
- appsListDataSummary_appsList :: Lens' AppsListDataSummary (Maybe [App])
- appsListDataSummary_listArn :: Lens' AppsListDataSummary (Maybe Text)
- appsListDataSummary_listId :: Lens' AppsListDataSummary (Maybe Text)
- appsListDataSummary_listName :: Lens' AppsListDataSummary (Maybe Text)
- awsEc2InstanceViolation_awsEc2NetworkInterfaceViolations :: Lens' AwsEc2InstanceViolation (Maybe [AwsEc2NetworkInterfaceViolation])
- awsEc2InstanceViolation_violationTarget :: Lens' AwsEc2InstanceViolation (Maybe Text)
- awsEc2NetworkInterfaceViolation_violatingSecurityGroups :: Lens' AwsEc2NetworkInterfaceViolation (Maybe [Text])
- awsEc2NetworkInterfaceViolation_violationTarget :: Lens' AwsEc2NetworkInterfaceViolation (Maybe Text)
- awsVPCSecurityGroupViolation_partialMatches :: Lens' AwsVPCSecurityGroupViolation (Maybe [PartialMatch])
- awsVPCSecurityGroupViolation_possibleSecurityGroupRemediationActions :: Lens' AwsVPCSecurityGroupViolation (Maybe [SecurityGroupRemediationAction])
- awsVPCSecurityGroupViolation_violationTarget :: Lens' AwsVPCSecurityGroupViolation (Maybe Text)
- awsVPCSecurityGroupViolation_violationTargetDescription :: Lens' AwsVPCSecurityGroupViolation (Maybe Text)
- complianceViolator_metadata :: Lens' ComplianceViolator (Maybe (HashMap Text Text))
- complianceViolator_resourceId :: Lens' ComplianceViolator (Maybe Text)
- complianceViolator_resourceType :: Lens' ComplianceViolator (Maybe Text)
- complianceViolator_violationReason :: Lens' ComplianceViolator (Maybe ViolationReason)
- discoveredResource_accountId :: Lens' DiscoveredResource (Maybe Text)
- discoveredResource_name :: Lens' DiscoveredResource (Maybe Text)
- discoveredResource_type :: Lens' DiscoveredResource (Maybe Text)
- discoveredResource_uri :: Lens' DiscoveredResource (Maybe Text)
- dnsDuplicateRuleGroupViolation_violationTarget :: Lens' DnsDuplicateRuleGroupViolation (Maybe Text)
- dnsDuplicateRuleGroupViolation_violationTargetDescription :: Lens' DnsDuplicateRuleGroupViolation (Maybe Text)
- dnsRuleGroupLimitExceededViolation_numberOfRuleGroupsAlreadyAssociated :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Int)
- dnsRuleGroupLimitExceededViolation_violationTarget :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Text)
- dnsRuleGroupLimitExceededViolation_violationTargetDescription :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Text)
- dnsRuleGroupPriorityConflictViolation_conflictingPolicyId :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text)
- dnsRuleGroupPriorityConflictViolation_conflictingPriority :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Natural)
- dnsRuleGroupPriorityConflictViolation_unavailablePriorities :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe [Natural])
- dnsRuleGroupPriorityConflictViolation_violationTarget :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text)
- dnsRuleGroupPriorityConflictViolation_violationTargetDescription :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text)
- eC2AssociateRouteTableAction_description :: Lens' EC2AssociateRouteTableAction (Maybe Text)
- eC2AssociateRouteTableAction_gatewayId :: Lens' EC2AssociateRouteTableAction (Maybe ActionTarget)
- eC2AssociateRouteTableAction_subnetId :: Lens' EC2AssociateRouteTableAction (Maybe ActionTarget)
- eC2AssociateRouteTableAction_routeTableId :: Lens' EC2AssociateRouteTableAction ActionTarget
- eC2CopyRouteTableAction_description :: Lens' EC2CopyRouteTableAction (Maybe Text)
- eC2CopyRouteTableAction_vpcId :: Lens' EC2CopyRouteTableAction ActionTarget
- eC2CopyRouteTableAction_routeTableId :: Lens' EC2CopyRouteTableAction ActionTarget
- eC2CreateRouteAction_description :: Lens' EC2CreateRouteAction (Maybe Text)
- eC2CreateRouteAction_destinationCidrBlock :: Lens' EC2CreateRouteAction (Maybe Text)
- eC2CreateRouteAction_destinationIpv6CidrBlock :: Lens' EC2CreateRouteAction (Maybe Text)
- eC2CreateRouteAction_destinationPrefixListId :: Lens' EC2CreateRouteAction (Maybe Text)
- eC2CreateRouteAction_gatewayId :: Lens' EC2CreateRouteAction (Maybe ActionTarget)
- eC2CreateRouteAction_vpcEndpointId :: Lens' EC2CreateRouteAction (Maybe ActionTarget)
- eC2CreateRouteAction_routeTableId :: Lens' EC2CreateRouteAction ActionTarget
- eC2CreateRouteTableAction_description :: Lens' EC2CreateRouteTableAction (Maybe Text)
- eC2CreateRouteTableAction_vpcId :: Lens' EC2CreateRouteTableAction ActionTarget
- eC2DeleteRouteAction_description :: Lens' EC2DeleteRouteAction (Maybe Text)
- eC2DeleteRouteAction_destinationCidrBlock :: Lens' EC2DeleteRouteAction (Maybe Text)
- eC2DeleteRouteAction_destinationIpv6CidrBlock :: Lens' EC2DeleteRouteAction (Maybe Text)
- eC2DeleteRouteAction_destinationPrefixListId :: Lens' EC2DeleteRouteAction (Maybe Text)
- eC2DeleteRouteAction_routeTableId :: Lens' EC2DeleteRouteAction ActionTarget
- eC2ReplaceRouteAction_description :: Lens' EC2ReplaceRouteAction (Maybe Text)
- eC2ReplaceRouteAction_destinationCidrBlock :: Lens' EC2ReplaceRouteAction (Maybe Text)
- eC2ReplaceRouteAction_destinationIpv6CidrBlock :: Lens' EC2ReplaceRouteAction (Maybe Text)
- eC2ReplaceRouteAction_destinationPrefixListId :: Lens' EC2ReplaceRouteAction (Maybe Text)
- eC2ReplaceRouteAction_gatewayId :: Lens' EC2ReplaceRouteAction (Maybe ActionTarget)
- eC2ReplaceRouteAction_routeTableId :: Lens' EC2ReplaceRouteAction ActionTarget
- eC2ReplaceRouteTableAssociationAction_description :: Lens' EC2ReplaceRouteTableAssociationAction (Maybe Text)
- eC2ReplaceRouteTableAssociationAction_associationId :: Lens' EC2ReplaceRouteTableAssociationAction ActionTarget
- eC2ReplaceRouteTableAssociationAction_routeTableId :: Lens' EC2ReplaceRouteTableAssociationAction ActionTarget
- evaluationResult_complianceStatus :: Lens' EvaluationResult (Maybe PolicyComplianceStatusType)
- evaluationResult_evaluationLimitExceeded :: Lens' EvaluationResult (Maybe Bool)
- evaluationResult_violatorCount :: Lens' EvaluationResult (Maybe Natural)
- expectedRoute_allowedTargets :: Lens' ExpectedRoute (Maybe [Text])
- expectedRoute_contributingSubnets :: Lens' ExpectedRoute (Maybe [Text])
- expectedRoute_ipV4Cidr :: Lens' ExpectedRoute (Maybe Text)
- expectedRoute_ipV6Cidr :: Lens' ExpectedRoute (Maybe Text)
- expectedRoute_prefixListId :: Lens' ExpectedRoute (Maybe Text)
- expectedRoute_routeTableId :: Lens' ExpectedRoute (Maybe Text)
- fMSPolicyUpdateFirewallCreationConfigAction_description :: Lens' FMSPolicyUpdateFirewallCreationConfigAction (Maybe Text)
- fMSPolicyUpdateFirewallCreationConfigAction_firewallCreationConfig :: Lens' FMSPolicyUpdateFirewallCreationConfigAction (Maybe Text)
- failedItem_reason :: Lens' FailedItem (Maybe FailedItemReason)
- failedItem_uri :: Lens' FailedItem (Maybe Text)
- firewallSubnetIsOutOfScopeViolation_firewallSubnetId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text)
- firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZone :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text)
- firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZoneId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text)
- firewallSubnetIsOutOfScopeViolation_vpcEndpointId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text)
- firewallSubnetIsOutOfScopeViolation_vpcId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text)
- firewallSubnetMissingVPCEndpointViolation_firewallSubnetId :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text)
- firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZone :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text)
- firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZoneId :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text)
- firewallSubnetMissingVPCEndpointViolation_vpcId :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text)
- networkFirewallBlackHoleRouteDetectedViolation_routeTableId :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text)
- networkFirewallBlackHoleRouteDetectedViolation_violatingRoutes :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe [Route])
- networkFirewallBlackHoleRouteDetectedViolation_violationTarget :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text)
- networkFirewallBlackHoleRouteDetectedViolation_vpcId :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_actualFirewallSubnetRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route])
- networkFirewallInternetTrafficNotInspectedViolation_actualInternetGatewayRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route])
- networkFirewallInternetTrafficNotInspectedViolation_currentFirewallSubnetRouteTable :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_currentInternetGatewayRouteTable :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallEndpoint :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallSubnetRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [ExpectedRoute])
- networkFirewallInternetTrafficNotInspectedViolation_expectedInternetGatewayRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [ExpectedRoute])
- networkFirewallInternetTrafficNotInspectedViolation_firewallSubnetId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_internetGatewayId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_isRouteTableUsedInDifferentAZ :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Bool)
- networkFirewallInternetTrafficNotInspectedViolation_routeTableId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_subnetAvailabilityZone :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_subnetId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_violatingRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route])
- networkFirewallInternetTrafficNotInspectedViolation_vpcId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_actualFirewallEndpoint :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Route])
- networkFirewallInvalidRouteConfigurationViolation_actualInternetGatewayRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Route])
- networkFirewallInvalidRouteConfigurationViolation_affectedSubnets :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Text])
- networkFirewallInvalidRouteConfigurationViolation_currentFirewallSubnetRouteTable :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_currentInternetGatewayRouteTable :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_expectedFirewallEndpoint :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [ExpectedRoute])
- networkFirewallInvalidRouteConfigurationViolation_expectedInternetGatewayRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [ExpectedRoute])
- networkFirewallInvalidRouteConfigurationViolation_internetGatewayId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_isRouteTableUsedInDifferentAZ :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Bool)
- networkFirewallInvalidRouteConfigurationViolation_routeTableId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_violatingRoute :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Route)
- networkFirewallInvalidRouteConfigurationViolation_vpcId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallMissingExpectedRTViolation_availabilityZone :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- networkFirewallMissingExpectedRTViolation_currentRouteTable :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- networkFirewallMissingExpectedRTViolation_expectedRouteTable :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- networkFirewallMissingExpectedRTViolation_vpc :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- networkFirewallMissingExpectedRTViolation_violationTarget :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- networkFirewallMissingExpectedRoutesViolation_expectedRoutes :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe [ExpectedRoute])
- networkFirewallMissingExpectedRoutesViolation_violationTarget :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe Text)
- networkFirewallMissingExpectedRoutesViolation_vpcId :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe Text)
- networkFirewallMissingFirewallViolation_availabilityZone :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text)
- networkFirewallMissingFirewallViolation_targetViolationReason :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text)
- networkFirewallMissingFirewallViolation_vpc :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text)
- networkFirewallMissingFirewallViolation_violationTarget :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text)
- networkFirewallMissingSubnetViolation_availabilityZone :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text)
- networkFirewallMissingSubnetViolation_targetViolationReason :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text)
- networkFirewallMissingSubnetViolation_vpc :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text)
- networkFirewallMissingSubnetViolation_violationTarget :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text)
- networkFirewallPolicy_firewallDeploymentModel :: Lens' NetworkFirewallPolicy (Maybe FirewallDeploymentModel)
- networkFirewallPolicyDescription_statefulDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text])
- networkFirewallPolicyDescription_statefulEngineOptions :: Lens' NetworkFirewallPolicyDescription (Maybe StatefulEngineOptions)
- networkFirewallPolicyDescription_statefulRuleGroups :: Lens' NetworkFirewallPolicyDescription (Maybe [StatefulRuleGroup])
- networkFirewallPolicyDescription_statelessCustomActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text])
- networkFirewallPolicyDescription_statelessDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text])
- networkFirewallPolicyDescription_statelessFragmentDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text])
- networkFirewallPolicyDescription_statelessRuleGroups :: Lens' NetworkFirewallPolicyDescription (Maybe [StatelessRuleGroup])
- networkFirewallPolicyModifiedViolation_currentPolicyDescription :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe NetworkFirewallPolicyDescription)
- networkFirewallPolicyModifiedViolation_expectedPolicyDescription :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe NetworkFirewallPolicyDescription)
- networkFirewallPolicyModifiedViolation_violationTarget :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe Text)
- networkFirewallStatefulRuleGroupOverride_action :: Lens' NetworkFirewallStatefulRuleGroupOverride (Maybe NetworkFirewallOverrideAction)
- networkFirewallUnexpectedFirewallRoutesViolation_firewallEndpoint :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text)
- networkFirewallUnexpectedFirewallRoutesViolation_firewallSubnetId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text)
- networkFirewallUnexpectedFirewallRoutesViolation_routeTableId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text)
- networkFirewallUnexpectedFirewallRoutesViolation_violatingRoutes :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe [Route])
- networkFirewallUnexpectedFirewallRoutesViolation_vpcId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text)
- networkFirewallUnexpectedGatewayRoutesViolation_gatewayId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text)
- networkFirewallUnexpectedGatewayRoutesViolation_routeTableId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text)
- networkFirewallUnexpectedGatewayRoutesViolation_violatingRoutes :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe [Route])
- networkFirewallUnexpectedGatewayRoutesViolation_vpcId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text)
- partialMatch_reference :: Lens' PartialMatch (Maybe Text)
- partialMatch_targetViolationReasons :: Lens' PartialMatch (Maybe [Text])
- policy_deleteUnusedFMManagedResources :: Lens' Policy (Maybe Bool)
- policy_excludeMap :: Lens' Policy (Maybe (HashMap CustomerPolicyScopeIdType [Text]))
- policy_includeMap :: Lens' Policy (Maybe (HashMap CustomerPolicyScopeIdType [Text]))
- policy_policyDescription :: Lens' Policy (Maybe Text)
- policy_policyId :: Lens' Policy (Maybe Text)
- policy_policyUpdateToken :: Lens' Policy (Maybe Text)
- policy_resourceSetIds :: Lens' Policy (Maybe [Text])
- policy_resourceTags :: Lens' Policy (Maybe [ResourceTag])
- policy_resourceTypeList :: Lens' Policy (Maybe [Text])
- policy_policyName :: Lens' Policy Text
- policy_securityServicePolicyData :: Lens' Policy SecurityServicePolicyData
- policy_resourceType :: Lens' Policy Text
- policy_excludeResourceTags :: Lens' Policy Bool
- policy_remediationEnabled :: Lens' Policy Bool
- policyComplianceDetail_evaluationLimitExceeded :: Lens' PolicyComplianceDetail (Maybe Bool)
- policyComplianceDetail_expiredAt :: Lens' PolicyComplianceDetail (Maybe UTCTime)
- policyComplianceDetail_issueInfoMap :: Lens' PolicyComplianceDetail (Maybe (HashMap DependentServiceName Text))
- policyComplianceDetail_memberAccount :: Lens' PolicyComplianceDetail (Maybe Text)
- policyComplianceDetail_policyId :: Lens' PolicyComplianceDetail (Maybe Text)
- policyComplianceDetail_policyOwner :: Lens' PolicyComplianceDetail (Maybe Text)
- policyComplianceDetail_violators :: Lens' PolicyComplianceDetail (Maybe [ComplianceViolator])
- policyComplianceStatus_evaluationResults :: Lens' PolicyComplianceStatus (Maybe [EvaluationResult])
- policyComplianceStatus_issueInfoMap :: Lens' PolicyComplianceStatus (Maybe (HashMap DependentServiceName Text))
- policyComplianceStatus_lastUpdated :: Lens' PolicyComplianceStatus (Maybe UTCTime)
- policyComplianceStatus_memberAccount :: Lens' PolicyComplianceStatus (Maybe Text)
- policyComplianceStatus_policyId :: Lens' PolicyComplianceStatus (Maybe Text)
- policyComplianceStatus_policyName :: Lens' PolicyComplianceStatus (Maybe Text)
- policyComplianceStatus_policyOwner :: Lens' PolicyComplianceStatus (Maybe Text)
- policyOption_networkFirewallPolicy :: Lens' PolicyOption (Maybe NetworkFirewallPolicy)
- policyOption_thirdPartyFirewallPolicy :: Lens' PolicyOption (Maybe ThirdPartyFirewallPolicy)
- policySummary_deleteUnusedFMManagedResources :: Lens' PolicySummary (Maybe Bool)
- policySummary_policyArn :: Lens' PolicySummary (Maybe Text)
- policySummary_policyId :: Lens' PolicySummary (Maybe Text)
- policySummary_policyName :: Lens' PolicySummary (Maybe Text)
- policySummary_remediationEnabled :: Lens' PolicySummary (Maybe Bool)
- policySummary_resourceType :: Lens' PolicySummary (Maybe Text)
- policySummary_securityServiceType :: Lens' PolicySummary (Maybe SecurityServiceType)
- possibleRemediationAction_description :: Lens' PossibleRemediationAction (Maybe Text)
- possibleRemediationAction_isDefaultAction :: Lens' PossibleRemediationAction (Maybe Bool)
- possibleRemediationAction_orderedRemediationActions :: Lens' PossibleRemediationAction [RemediationActionWithOrder]
- possibleRemediationActions_actions :: Lens' PossibleRemediationActions (Maybe [PossibleRemediationAction])
- possibleRemediationActions_description :: Lens' PossibleRemediationActions (Maybe Text)
- protocolsListData_createTime :: Lens' ProtocolsListData (Maybe UTCTime)
- protocolsListData_lastUpdateTime :: Lens' ProtocolsListData (Maybe UTCTime)
- protocolsListData_listId :: Lens' ProtocolsListData (Maybe Text)
- protocolsListData_listUpdateToken :: Lens' ProtocolsListData (Maybe Text)
- protocolsListData_previousProtocolsList :: Lens' ProtocolsListData (Maybe (HashMap Text [Text]))
- protocolsListData_listName :: Lens' ProtocolsListData Text
- protocolsListData_protocolsList :: Lens' ProtocolsListData [Text]
- protocolsListDataSummary_listArn :: Lens' ProtocolsListDataSummary (Maybe Text)
- protocolsListDataSummary_listId :: Lens' ProtocolsListDataSummary (Maybe Text)
- protocolsListDataSummary_listName :: Lens' ProtocolsListDataSummary (Maybe Text)
- protocolsListDataSummary_protocolsList :: Lens' ProtocolsListDataSummary (Maybe [Text])
- remediationAction_description :: Lens' RemediationAction (Maybe Text)
- remediationAction_eC2AssociateRouteTableAction :: Lens' RemediationAction (Maybe EC2AssociateRouteTableAction)
- remediationAction_eC2CopyRouteTableAction :: Lens' RemediationAction (Maybe EC2CopyRouteTableAction)
- remediationAction_eC2CreateRouteAction :: Lens' RemediationAction (Maybe EC2CreateRouteAction)
- remediationAction_eC2CreateRouteTableAction :: Lens' RemediationAction (Maybe EC2CreateRouteTableAction)
- remediationAction_eC2DeleteRouteAction :: Lens' RemediationAction (Maybe EC2DeleteRouteAction)
- remediationAction_eC2ReplaceRouteAction :: Lens' RemediationAction (Maybe EC2ReplaceRouteAction)
- remediationAction_eC2ReplaceRouteTableAssociationAction :: Lens' RemediationAction (Maybe EC2ReplaceRouteTableAssociationAction)
- remediationAction_fMSPolicyUpdateFirewallCreationConfigAction :: Lens' RemediationAction (Maybe FMSPolicyUpdateFirewallCreationConfigAction)
- remediationActionWithOrder_order :: Lens' RemediationActionWithOrder (Maybe Int)
- remediationActionWithOrder_remediationAction :: Lens' RemediationActionWithOrder (Maybe RemediationAction)
- resource_accountId :: Lens' Resource (Maybe Text)
- resource_uri :: Lens' Resource Text
- resourceSet_description :: Lens' ResourceSet (Maybe Text)
- resourceSet_id :: Lens' ResourceSet (Maybe Text)
- resourceSet_lastUpdateTime :: Lens' ResourceSet (Maybe UTCTime)
- resourceSet_updateToken :: Lens' ResourceSet (Maybe Text)
- resourceSet_name :: Lens' ResourceSet Text
- resourceSet_resourceTypeList :: Lens' ResourceSet [Text]
- resourceSetSummary_description :: Lens' ResourceSetSummary (Maybe Text)
- resourceSetSummary_id :: Lens' ResourceSetSummary (Maybe Text)
- resourceSetSummary_lastUpdateTime :: Lens' ResourceSetSummary (Maybe UTCTime)
- resourceSetSummary_name :: Lens' ResourceSetSummary (Maybe Text)
- resourceTag_value :: Lens' ResourceTag (Maybe Text)
- resourceTag_key :: Lens' ResourceTag Text
- resourceViolation_awsEc2InstanceViolation :: Lens' ResourceViolation (Maybe AwsEc2InstanceViolation)
- resourceViolation_awsEc2NetworkInterfaceViolation :: Lens' ResourceViolation (Maybe AwsEc2NetworkInterfaceViolation)
- resourceViolation_awsVPCSecurityGroupViolation :: Lens' ResourceViolation (Maybe AwsVPCSecurityGroupViolation)
- resourceViolation_dnsDuplicateRuleGroupViolation :: Lens' ResourceViolation (Maybe DnsDuplicateRuleGroupViolation)
- resourceViolation_dnsRuleGroupLimitExceededViolation :: Lens' ResourceViolation (Maybe DnsRuleGroupLimitExceededViolation)
- resourceViolation_dnsRuleGroupPriorityConflictViolation :: Lens' ResourceViolation (Maybe DnsRuleGroupPriorityConflictViolation)
- resourceViolation_firewallSubnetIsOutOfScopeViolation :: Lens' ResourceViolation (Maybe FirewallSubnetIsOutOfScopeViolation)
- resourceViolation_firewallSubnetMissingVPCEndpointViolation :: Lens' ResourceViolation (Maybe FirewallSubnetMissingVPCEndpointViolation)
- resourceViolation_networkFirewallBlackHoleRouteDetectedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallBlackHoleRouteDetectedViolation)
- resourceViolation_networkFirewallInternetTrafficNotInspectedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallInternetTrafficNotInspectedViolation)
- resourceViolation_networkFirewallInvalidRouteConfigurationViolation :: Lens' ResourceViolation (Maybe NetworkFirewallInvalidRouteConfigurationViolation)
- resourceViolation_networkFirewallMissingExpectedRTViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingExpectedRTViolation)
- resourceViolation_networkFirewallMissingExpectedRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingExpectedRoutesViolation)
- resourceViolation_networkFirewallMissingFirewallViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingFirewallViolation)
- resourceViolation_networkFirewallMissingSubnetViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingSubnetViolation)
- resourceViolation_networkFirewallPolicyModifiedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallPolicyModifiedViolation)
- resourceViolation_networkFirewallUnexpectedFirewallRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallUnexpectedFirewallRoutesViolation)
- resourceViolation_networkFirewallUnexpectedGatewayRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallUnexpectedGatewayRoutesViolation)
- resourceViolation_possibleRemediationActions :: Lens' ResourceViolation (Maybe PossibleRemediationActions)
- resourceViolation_routeHasOutOfScopeEndpointViolation :: Lens' ResourceViolation (Maybe RouteHasOutOfScopeEndpointViolation)
- resourceViolation_thirdPartyFirewallMissingExpectedRouteTableViolation :: Lens' ResourceViolation (Maybe ThirdPartyFirewallMissingExpectedRouteTableViolation)
- resourceViolation_thirdPartyFirewallMissingFirewallViolation :: Lens' ResourceViolation (Maybe ThirdPartyFirewallMissingFirewallViolation)
- resourceViolation_thirdPartyFirewallMissingSubnetViolation :: Lens' ResourceViolation (Maybe ThirdPartyFirewallMissingSubnetViolation)
- route_destination :: Lens' Route (Maybe Text)
- route_destinationType :: Lens' Route (Maybe DestinationType)
- route_target :: Lens' Route (Maybe Text)
- route_targetType :: Lens' Route (Maybe TargetType)
- routeHasOutOfScopeEndpointViolation_currentFirewallSubnetRouteTable :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_currentInternetGatewayRouteTable :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_firewallSubnetId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_firewallSubnetRoutes :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe [Route])
- routeHasOutOfScopeEndpointViolation_internetGatewayId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_internetGatewayRoutes :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe [Route])
- routeHasOutOfScopeEndpointViolation_routeTableId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_subnetAvailabilityZone :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_subnetAvailabilityZoneId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_subnetId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_violatingRoutes :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe [Route])
- routeHasOutOfScopeEndpointViolation_vpcId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- securityGroupRemediationAction_description :: Lens' SecurityGroupRemediationAction (Maybe Text)
- securityGroupRemediationAction_isDefaultAction :: Lens' SecurityGroupRemediationAction (Maybe Bool)
- securityGroupRemediationAction_remediationActionType :: Lens' SecurityGroupRemediationAction (Maybe RemediationActionType)
- securityGroupRemediationAction_remediationResult :: Lens' SecurityGroupRemediationAction (Maybe SecurityGroupRuleDescription)
- securityGroupRuleDescription_fromPort :: Lens' SecurityGroupRuleDescription (Maybe Natural)
- securityGroupRuleDescription_iPV4Range :: Lens' SecurityGroupRuleDescription (Maybe Text)
- securityGroupRuleDescription_iPV6Range :: Lens' SecurityGroupRuleDescription (Maybe Text)
- securityGroupRuleDescription_prefixListId :: Lens' SecurityGroupRuleDescription (Maybe Text)
- securityGroupRuleDescription_protocol :: Lens' SecurityGroupRuleDescription (Maybe Text)
- securityGroupRuleDescription_toPort :: Lens' SecurityGroupRuleDescription (Maybe Natural)
- securityServicePolicyData_managedServiceData :: Lens' SecurityServicePolicyData (Maybe Text)
- securityServicePolicyData_policyOption :: Lens' SecurityServicePolicyData (Maybe PolicyOption)
- securityServicePolicyData_type :: Lens' SecurityServicePolicyData SecurityServiceType
- statefulEngineOptions_ruleOrder :: Lens' StatefulEngineOptions (Maybe RuleOrder)
- statefulRuleGroup_override :: Lens' StatefulRuleGroup (Maybe NetworkFirewallStatefulRuleGroupOverride)
- statefulRuleGroup_priority :: Lens' StatefulRuleGroup (Maybe Int)
- statefulRuleGroup_resourceId :: Lens' StatefulRuleGroup (Maybe Text)
- statefulRuleGroup_ruleGroupName :: Lens' StatefulRuleGroup (Maybe Text)
- statelessRuleGroup_priority :: Lens' StatelessRuleGroup (Maybe Natural)
- statelessRuleGroup_resourceId :: Lens' StatelessRuleGroup (Maybe Text)
- statelessRuleGroup_ruleGroupName :: Lens' StatelessRuleGroup (Maybe Text)
- tag_key :: Lens' Tag Text
- tag_value :: Lens' Tag Text
- thirdPartyFirewallFirewallPolicy_firewallPolicyId :: Lens' ThirdPartyFirewallFirewallPolicy (Maybe Text)
- thirdPartyFirewallFirewallPolicy_firewallPolicyName :: Lens' ThirdPartyFirewallFirewallPolicy (Maybe Text)
- thirdPartyFirewallMissingExpectedRouteTableViolation_availabilityZone :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text)
- thirdPartyFirewallMissingExpectedRouteTableViolation_currentRouteTable :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text)
- thirdPartyFirewallMissingExpectedRouteTableViolation_expectedRouteTable :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text)
- thirdPartyFirewallMissingExpectedRouteTableViolation_vpc :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text)
- thirdPartyFirewallMissingExpectedRouteTableViolation_violationTarget :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text)
- thirdPartyFirewallMissingFirewallViolation_availabilityZone :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text)
- thirdPartyFirewallMissingFirewallViolation_targetViolationReason :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text)
- thirdPartyFirewallMissingFirewallViolation_vpc :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text)
- thirdPartyFirewallMissingFirewallViolation_violationTarget :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text)
- thirdPartyFirewallMissingSubnetViolation_availabilityZone :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text)
- thirdPartyFirewallMissingSubnetViolation_targetViolationReason :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text)
- thirdPartyFirewallMissingSubnetViolation_vpc :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text)
- thirdPartyFirewallMissingSubnetViolation_violationTarget :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text)
- thirdPartyFirewallPolicy_firewallDeploymentModel :: Lens' ThirdPartyFirewallPolicy (Maybe FirewallDeploymentModel)
- violationDetail_resourceDescription :: Lens' ViolationDetail (Maybe Text)
- violationDetail_resourceTags :: Lens' ViolationDetail (Maybe [Tag])
- violationDetail_policyId :: Lens' ViolationDetail Text
- violationDetail_memberAccount :: Lens' ViolationDetail Text
- violationDetail_resourceId :: Lens' ViolationDetail Text
- violationDetail_resourceType :: Lens' ViolationDetail Text
- violationDetail_resourceViolations :: Lens' ViolationDetail [ResourceViolation]
Operations
AssociateAdminAccount
associateAdminAccount_adminAccount :: Lens' AssociateAdminAccount Text Source #
The Amazon Web Services account ID to associate with Firewall Manager as the Firewall Manager administrator account. This must be an Organizations member account. For more information about Organizations, see Managing the Amazon Web Services Accounts in Your Organization.
AssociateThirdPartyFirewall
associateThirdPartyFirewall_thirdPartyFirewall :: Lens' AssociateThirdPartyFirewall ThirdPartyFirewall Source #
The name of the third-party firewall vendor.
associateThirdPartyFirewallResponse_thirdPartyFirewallStatus :: Lens' AssociateThirdPartyFirewallResponse (Maybe ThirdPartyFirewallAssociationStatus) Source #
The current status for setting a Firewall Manager policy administrator's account as an administrator of the third-party firewall tenant.
ONBOARDING
- The Firewall Manager policy administrator is being designated as a tenant administrator.ONBOARD_COMPLETE
- The Firewall Manager policy administrator is designated as a tenant administrator.OFFBOARDING
- The Firewall Manager policy administrator is being removed as a tenant administrator.OFFBOARD_COMPLETE
- The Firewall Manager policy administrator has been removed as a tenant administrator.NOT_EXIST
- The Firewall Manager policy administrator doesn't exist as a tenant administrator.
associateThirdPartyFirewallResponse_httpStatus :: Lens' AssociateThirdPartyFirewallResponse Int Source #
The response's http status code.
BatchAssociateResource
batchAssociateResource_resourceSetIdentifier :: Lens' BatchAssociateResource Text Source #
A unique identifier for the resource set, used in a TODO to refer to the resource set.
batchAssociateResource_items :: Lens' BatchAssociateResource [Text] Source #
The uniform resource identifiers (URIs) of resources that should be associated to the resource set. The URIs must be Amazon Resource Names (ARNs).
batchAssociateResourceResponse_httpStatus :: Lens' BatchAssociateResourceResponse Int Source #
The response's http status code.
batchAssociateResourceResponse_resourceSetIdentifier :: Lens' BatchAssociateResourceResponse Text Source #
A unique identifier for the resource set, used in a TODO to refer to the resource set.
batchAssociateResourceResponse_failedItems :: Lens' BatchAssociateResourceResponse [FailedItem] Source #
The resources that failed to associate to the resource set.
BatchDisassociateResource
batchDisassociateResource_resourceSetIdentifier :: Lens' BatchDisassociateResource Text Source #
A unique identifier for the resource set, used in a TODO to refer to the resource set.
batchDisassociateResource_items :: Lens' BatchDisassociateResource [Text] Source #
The uniform resource identifiers (URI) of resources that should be disassociated from the resource set. The URIs must be Amazon Resource Names (ARNs).
batchDisassociateResourceResponse_httpStatus :: Lens' BatchDisassociateResourceResponse Int Source #
The response's http status code.
batchDisassociateResourceResponse_resourceSetIdentifier :: Lens' BatchDisassociateResourceResponse Text Source #
A unique identifier for the resource set, used in a TODO to refer to the resource set.
batchDisassociateResourceResponse_failedItems :: Lens' BatchDisassociateResourceResponse [FailedItem] Source #
The resources that failed to disassociate from the resource set.
DeleteAppsList
deleteAppsList_listId :: Lens' DeleteAppsList Text Source #
The ID of the applications list that you want to delete. You can
retrieve this ID from PutAppsList
, ListAppsLists
, and GetAppsList
.
DeleteNotificationChannel
DeletePolicy
deletePolicy_deleteAllPolicyResources :: Lens' DeletePolicy (Maybe Bool) Source #
If True
, the request performs cleanup according to the policy type.
For WAF and Shield Advanced policies, the cleanup does the following:
- Deletes rule groups created by Firewall Manager
- Removes web ACLs from in-scope resources
- Deletes web ACLs that contain no rules or rule groups
For security group policies, the cleanup does the following for each security group in the policy:
- Disassociates the security group from in-scope resources
- Deletes the security group if it was created through Firewall Manager and if it's no longer associated with any resources through another policy
After the cleanup, in-scope resources are no longer protected by web ACLs in this policy. Protection of out-of-scope resources remains unchanged. Scope is determined by tags that you create and accounts that you associate with the policy. When creating the policy, if you specify that only resources in specific accounts or with specific tags are in scope of the policy, those accounts and resources are handled by the policy. All others are out of scope. If you don't specify tags or accounts, all resources are in scope.
deletePolicy_policyId :: Lens' DeletePolicy Text Source #
The ID of the policy that you want to delete. You can retrieve this ID
from PutPolicy
and ListPolicies
.
DeleteProtocolsList
deleteProtocolsList_listId :: Lens' DeleteProtocolsList Text Source #
The ID of the protocols list that you want to delete. You can retrieve
this ID from PutProtocolsList
, ListProtocolsLists
, and
GetProtocolsLost
.
DeleteResourceSet
deleteResourceSet_identifier :: Lens' DeleteResourceSet Text Source #
A unique identifier for the resource set, used in a TODO to refer to the resource set.
DisassociateAdminAccount
DisassociateThirdPartyFirewall
disassociateThirdPartyFirewall_thirdPartyFirewall :: Lens' DisassociateThirdPartyFirewall ThirdPartyFirewall Source #
The name of the third-party firewall vendor.
disassociateThirdPartyFirewallResponse_thirdPartyFirewallStatus :: Lens' DisassociateThirdPartyFirewallResponse (Maybe ThirdPartyFirewallAssociationStatus) Source #
The current status for the disassociation of a Firewall Manager administrators account with a third-party firewall.
disassociateThirdPartyFirewallResponse_httpStatus :: Lens' DisassociateThirdPartyFirewallResponse Int Source #
The response's http status code.
GetAdminAccount
getAdminAccountResponse_adminAccount :: Lens' GetAdminAccountResponse (Maybe Text) Source #
The Amazon Web Services account that is set as the Firewall Manager administrator.
getAdminAccountResponse_roleStatus :: Lens' GetAdminAccountResponse (Maybe AccountRoleStatus) Source #
The status of the Amazon Web Services account that you set as the Firewall Manager administrator.
getAdminAccountResponse_httpStatus :: Lens' GetAdminAccountResponse Int Source #
The response's http status code.
GetAppsList
getAppsList_defaultList :: Lens' GetAppsList (Maybe Bool) Source #
Specifies whether the list to retrieve is a default list owned by Firewall Manager.
getAppsList_listId :: Lens' GetAppsList Text Source #
The ID of the Firewall Manager applications list that you want the details for.
getAppsListResponse_appsList :: Lens' GetAppsListResponse (Maybe AppsListData) Source #
Information about the specified Firewall Manager applications list.
getAppsListResponse_appsListArn :: Lens' GetAppsListResponse (Maybe Text) Source #
The Amazon Resource Name (ARN) of the applications list.
getAppsListResponse_httpStatus :: Lens' GetAppsListResponse Int Source #
The response's http status code.
GetComplianceDetail
getComplianceDetail_policyId :: Lens' GetComplianceDetail Text Source #
The ID of the policy that you want to get the details for. PolicyId
is
returned by PutPolicy
and by ListPolicies
.
getComplianceDetail_memberAccount :: Lens' GetComplianceDetail Text Source #
The Amazon Web Services account that owns the resources that you want to get the details for.
getComplianceDetailResponse_policyComplianceDetail :: Lens' GetComplianceDetailResponse (Maybe PolicyComplianceDetail) Source #
Information about the resources and the policy that you specified in the
GetComplianceDetail
request.
getComplianceDetailResponse_httpStatus :: Lens' GetComplianceDetailResponse Int Source #
The response's http status code.
GetNotificationChannel
getNotificationChannelResponse_snsRoleName :: Lens' GetNotificationChannelResponse (Maybe Text) Source #
The IAM role that is used by Firewall Manager to record activity to SNS.
getNotificationChannelResponse_snsTopicArn :: Lens' GetNotificationChannelResponse (Maybe Text) Source #
The SNS topic that records Firewall Manager activity.
getNotificationChannelResponse_httpStatus :: Lens' GetNotificationChannelResponse Int Source #
The response's http status code.
GetPolicy
getPolicy_policyId :: Lens' GetPolicy Text Source #
The ID of the Firewall Manager policy that you want the details for.
getPolicyResponse_policy :: Lens' GetPolicyResponse (Maybe Policy) Source #
Information about the specified Firewall Manager policy.
getPolicyResponse_policyArn :: Lens' GetPolicyResponse (Maybe Text) Source #
The Amazon Resource Name (ARN) of the specified policy.
getPolicyResponse_httpStatus :: Lens' GetPolicyResponse Int Source #
The response's http status code.
GetProtectionStatus
getProtectionStatus_endTime :: Lens' GetProtectionStatus (Maybe UTCTime) Source #
The end of the time period to query for the attacks. This is a
timestamp
type. The request syntax listing indicates a number
type
because the default used by Firewall Manager is Unix time in seconds.
However, any valid timestamp
format is allowed.
getProtectionStatus_maxResults :: Lens' GetProtectionStatus (Maybe Natural) Source #
Specifies the number of objects that you want Firewall Manager to return
for this request. If you have more objects than the number that you
specify for MaxResults
, the response includes a NextToken
value that
you can use to get another batch of objects.
getProtectionStatus_memberAccountId :: Lens' GetProtectionStatus (Maybe Text) Source #
The Amazon Web Services account that is in scope of the policy that you want to get the details for.
getProtectionStatus_nextToken :: Lens' GetProtectionStatus (Maybe Text) Source #
If you specify a value for MaxResults
and you have more objects than
the number that you specify for MaxResults
, Firewall Manager returns a
NextToken
value in the response, which you can use to retrieve another
group of objects. For the second and subsequent GetProtectionStatus
requests, specify the value of NextToken
from the previous response to
get information about another batch of objects.
getProtectionStatus_startTime :: Lens' GetProtectionStatus (Maybe UTCTime) Source #
The start of the time period to query for the attacks. This is a
timestamp
type. The request syntax listing indicates a number
type
because the default used by Firewall Manager is Unix time in seconds.
However, any valid timestamp
format is allowed.
getProtectionStatus_policyId :: Lens' GetProtectionStatus Text Source #
The ID of the policy for which you want to get the attack information.
getProtectionStatusResponse_adminAccountId :: Lens' GetProtectionStatusResponse (Maybe Text) Source #
The ID of the Firewall Manager administrator account for this policy.
getProtectionStatusResponse_data :: Lens' GetProtectionStatusResponse (Maybe Text) Source #
Details about the attack, including the following:
- Attack type
- Account ID
- ARN of the resource attacked
- Start time of the attack
- End time of the attack (ongoing attacks will not have an end time)
The details are in JSON format.
getProtectionStatusResponse_nextToken :: Lens' GetProtectionStatusResponse (Maybe Text) Source #
If you have more objects than the number that you specified for
MaxResults
in the request, the response includes a NextToken
value.
To list more objects, submit another GetProtectionStatus
request, and
specify the NextToken
value from the response in the NextToken
value
in the next request.
Amazon Web Services SDKs provide auto-pagination that identify
NextToken
in a response and make subsequent request calls
automatically on your behalf. However, this feature is not supported by
GetProtectionStatus
. You must submit subsequent requests with
NextToken
using your own processes.
getProtectionStatusResponse_serviceType :: Lens' GetProtectionStatusResponse (Maybe SecurityServiceType) Source #
The service type that is protected by the policy. Currently, this is
always SHIELD_ADVANCED
.
getProtectionStatusResponse_httpStatus :: Lens' GetProtectionStatusResponse Int Source #
The response's http status code.
GetProtocolsList
getProtocolsList_defaultList :: Lens' GetProtocolsList (Maybe Bool) Source #
Specifies whether the list to retrieve is a default list owned by Firewall Manager.
getProtocolsList_listId :: Lens' GetProtocolsList Text Source #
The ID of the Firewall Manager protocols list that you want the details for.
getProtocolsListResponse_protocolsList :: Lens' GetProtocolsListResponse (Maybe ProtocolsListData) Source #
Information about the specified Firewall Manager protocols list.
getProtocolsListResponse_protocolsListArn :: Lens' GetProtocolsListResponse (Maybe Text) Source #
The Amazon Resource Name (ARN) of the specified protocols list.
getProtocolsListResponse_httpStatus :: Lens' GetProtocolsListResponse Int Source #
The response's http status code.
GetResourceSet
getResourceSet_identifier :: Lens' GetResourceSet Text Source #
A unique identifier for the resource set, used in a TODO to refer to the resource set.
getResourceSetResponse_httpStatus :: Lens' GetResourceSetResponse Int Source #
The response's http status code.
getResourceSetResponse_resourceSet :: Lens' GetResourceSetResponse ResourceSet Source #
Information about the specified resource set.
getResourceSetResponse_resourceSetArn :: Lens' GetResourceSetResponse Text Source #
The Amazon Resource Name (ARN) of the resource set.
GetThirdPartyFirewallAssociationStatus
getThirdPartyFirewallAssociationStatus_thirdPartyFirewall :: Lens' GetThirdPartyFirewallAssociationStatus ThirdPartyFirewall Source #
The name of the third-party firewall vendor.
getThirdPartyFirewallAssociationStatusResponse_marketplaceOnboardingStatus :: Lens' GetThirdPartyFirewallAssociationStatusResponse (Maybe MarketplaceSubscriptionOnboardingStatus) Source #
The status for subscribing to the third-party firewall vendor in the Amazon Web Services Marketplace.
NO_SUBSCRIPTION
- The Firewall Manager policy administrator isn't subscribed to the third-party firewall service in the Amazon Web Services Marketplace.NOT_COMPLETE
- The Firewall Manager policy administrator is in the process of subscribing to the third-party firewall service in the Amazon Web Services Marketplace, but doesn't yet have an active subscription.COMPLETE
- The Firewall Manager policy administrator has an active subscription to the third-party firewall service in the Amazon Web Services Marketplace.
getThirdPartyFirewallAssociationStatusResponse_thirdPartyFirewallStatus :: Lens' GetThirdPartyFirewallAssociationStatusResponse (Maybe ThirdPartyFirewallAssociationStatus) Source #
The current status for setting a Firewall Manager policy administrators account as an administrator of the third-party firewall tenant.
ONBOARDING
- The Firewall Manager policy administrator is being designated as a tenant administrator.ONBOARD_COMPLETE
- The Firewall Manager policy administrator is designated as a tenant administrator.OFFBOARDING
- The Firewall Manager policy administrator is being removed as a tenant administrator.OFFBOARD_COMPLETE
- The Firewall Manager policy administrator has been removed as a tenant administrator.NOT_EXIST
- The Firewall Manager policy administrator doesn't exist as a tenant administrator.
getThirdPartyFirewallAssociationStatusResponse_httpStatus :: Lens' GetThirdPartyFirewallAssociationStatusResponse Int Source #
The response's http status code.
GetViolationDetails
getViolationDetails_policyId :: Lens' GetViolationDetails Text Source #
The ID of the Firewall Manager policy that you want the details for. This currently only supports security group content audit policies.
getViolationDetails_memberAccount :: Lens' GetViolationDetails Text Source #
The Amazon Web Services account ID that you want the details for.
getViolationDetails_resourceId :: Lens' GetViolationDetails Text Source #
The ID of the resource that has violations.
getViolationDetails_resourceType :: Lens' GetViolationDetails Text Source #
The resource type. This is in the format shown in the
Amazon Web Services Resource Types Reference.
Supported resource types are: AWS::EC2::Instance
,
AWS::EC2::NetworkInterface
, AWS::EC2::SecurityGroup
,
AWS::NetworkFirewall::FirewallPolicy
, and AWS::EC2::Subnet
.
getViolationDetailsResponse_violationDetail :: Lens' GetViolationDetailsResponse (Maybe ViolationDetail) Source #
Violation detail for a resource.
getViolationDetailsResponse_httpStatus :: Lens' GetViolationDetailsResponse Int Source #
The response's http status code.
ListAppsLists
listAppsLists_defaultLists :: Lens' ListAppsLists (Maybe Bool) Source #
Specifies whether the lists to retrieve are default lists owned by Firewall Manager.
listAppsLists_nextToken :: Lens' ListAppsLists (Maybe Text) Source #
If you specify a value for MaxResults
in your list request, and you
have more objects than the maximum, Firewall Manager returns this token
in the response. For all but the first request, you provide the token
returned by the prior request in the request parameters, to retrieve the
next batch of objects.
listAppsLists_maxResults :: Lens' ListAppsLists Natural Source #
The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken
value that you can use in a
subsequent call to get the next batch of objects.
If you don't specify this, Firewall Manager returns all available objects.
listAppsListsResponse_appsLists :: Lens' ListAppsListsResponse (Maybe [AppsListDataSummary]) Source #
An array of AppsListDataSummary
objects.
listAppsListsResponse_nextToken :: Lens' ListAppsListsResponse (Maybe Text) Source #
If you specify a value for MaxResults
in your list request, and you
have more objects than the maximum, Firewall Manager returns this token
in the response. You can use this token in subsequent requests to
retrieve the next batch of objects.
listAppsListsResponse_httpStatus :: Lens' ListAppsListsResponse Int Source #
The response's http status code.
ListComplianceStatus
listComplianceStatus_maxResults :: Lens' ListComplianceStatus (Maybe Natural) Source #
Specifies the number of PolicyComplianceStatus
objects that you want
Firewall Manager to return for this request. If you have more
PolicyComplianceStatus
objects than the number that you specify for
MaxResults
, the response includes a NextToken
value that you can use
to get another batch of PolicyComplianceStatus
objects.
listComplianceStatus_nextToken :: Lens' ListComplianceStatus (Maybe Text) Source #
If you specify a value for MaxResults
and you have more
PolicyComplianceStatus
objects than the number that you specify for
MaxResults
, Firewall Manager returns a NextToken
value in the
response that allows you to list another group of
PolicyComplianceStatus
objects. For the second and subsequent
ListComplianceStatus
requests, specify the value of NextToken
from
the previous response to get information about another batch of
PolicyComplianceStatus
objects.
listComplianceStatus_policyId :: Lens' ListComplianceStatus Text Source #
The ID of the Firewall Manager policy that you want the details for.
listComplianceStatusResponse_nextToken :: Lens' ListComplianceStatusResponse (Maybe Text) Source #
If you have more PolicyComplianceStatus
objects than the number that
you specified for MaxResults
in the request, the response includes a
NextToken
value. To list more PolicyComplianceStatus
objects, submit
another ListComplianceStatus
request, and specify the NextToken
value from the response in the NextToken
value in the next request.
listComplianceStatusResponse_policyComplianceStatusList :: Lens' ListComplianceStatusResponse (Maybe [PolicyComplianceStatus]) Source #
An array of PolicyComplianceStatus
objects.
listComplianceStatusResponse_httpStatus :: Lens' ListComplianceStatusResponse Int Source #
The response's http status code.
ListDiscoveredResources
listDiscoveredResources_maxResults :: Lens' ListDiscoveredResources (Maybe Natural) Source #
The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken
value that you can use in a
subsequent call to get the next batch of objects.
listDiscoveredResources_nextToken :: Lens' ListDiscoveredResources (Maybe Text) Source #
When you request a list of objects with a MaxResults
setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken
value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
listDiscoveredResources_memberAccountIds :: Lens' ListDiscoveredResources [Text] Source #
The Amazon Web Services account IDs to discover resources in. Only one account is supported per request. The account must be a member of your organization.
listDiscoveredResources_resourceType :: Lens' ListDiscoveredResources Text Source #
The type of resources to discover.
listDiscoveredResourcesResponse_items :: Lens' ListDiscoveredResourcesResponse (Maybe [DiscoveredResource]) Source #
Details of the resources that were discovered.
listDiscoveredResourcesResponse_nextToken :: Lens' ListDiscoveredResourcesResponse (Maybe Text) Source #
When you request a list of objects with a MaxResults
setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken
value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
listDiscoveredResourcesResponse_httpStatus :: Lens' ListDiscoveredResourcesResponse Int Source #
The response's http status code.
ListMemberAccounts
listMemberAccounts_maxResults :: Lens' ListMemberAccounts (Maybe Natural) Source #
Specifies the number of member account IDs that you want Firewall
Manager to return for this request. If you have more IDs than the number
that you specify for MaxResults
, the response includes a NextToken
value that you can use to get another batch of member account IDs.
listMemberAccounts_nextToken :: Lens' ListMemberAccounts (Maybe Text) Source #
If you specify a value for MaxResults
and you have more account IDs
than the number that you specify for MaxResults
, Firewall Manager
returns a NextToken
value in the response that allows you to list
another group of IDs. For the second and subsequent
ListMemberAccountsRequest
requests, specify the value of NextToken
from the previous response to get information about another batch of
member account IDs.
listMemberAccountsResponse_memberAccounts :: Lens' ListMemberAccountsResponse (Maybe [Text]) Source #
An array of account IDs.
listMemberAccountsResponse_nextToken :: Lens' ListMemberAccountsResponse (Maybe Text) Source #
If you have more member account IDs than the number that you specified
for MaxResults
in the request, the response includes a NextToken
value. To list more IDs, submit another ListMemberAccounts
request,
and specify the NextToken
value from the response in the NextToken
value in the next request.
listMemberAccountsResponse_httpStatus :: Lens' ListMemberAccountsResponse Int Source #
The response's http status code.
ListPolicies
listPolicies_maxResults :: Lens' ListPolicies (Maybe Natural) Source #
Specifies the number of PolicySummary
objects that you want Firewall
Manager to return for this request. If you have more PolicySummary
objects than the number that you specify for MaxResults
, the response
includes a NextToken
value that you can use to get another batch of
PolicySummary
objects.
listPolicies_nextToken :: Lens' ListPolicies (Maybe Text) Source #
If you specify a value for MaxResults
and you have more
PolicySummary
objects than the number that you specify for
MaxResults
, Firewall Manager returns a NextToken
value in the
response that allows you to list another group of PolicySummary
objects. For the second and subsequent ListPolicies
requests, specify
the value of NextToken
from the previous response to get information
about another batch of PolicySummary
objects.
listPoliciesResponse_nextToken :: Lens' ListPoliciesResponse (Maybe Text) Source #
If you have more PolicySummary
objects than the number that you
specified for MaxResults
in the request, the response includes a
NextToken
value. To list more PolicySummary
objects, submit another
ListPolicies
request, and specify the NextToken
value from the
response in the NextToken
value in the next request.
listPoliciesResponse_policyList :: Lens' ListPoliciesResponse (Maybe [PolicySummary]) Source #
An array of PolicySummary
objects.
listPoliciesResponse_httpStatus :: Lens' ListPoliciesResponse Int Source #
The response's http status code.
ListProtocolsLists
listProtocolsLists_defaultLists :: Lens' ListProtocolsLists (Maybe Bool) Source #
Specifies whether the lists to retrieve are default lists owned by Firewall Manager.
listProtocolsLists_nextToken :: Lens' ListProtocolsLists (Maybe Text) Source #
If you specify a value for MaxResults
in your list request, and you
have more objects than the maximum, Firewall Manager returns this token
in the response. For all but the first request, you provide the token
returned by the prior request in the request parameters, to retrieve the
next batch of objects.
listProtocolsLists_maxResults :: Lens' ListProtocolsLists Natural Source #
The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken
value that you can use in a
subsequent call to get the next batch of objects.
If you don't specify this, Firewall Manager returns all available objects.
listProtocolsListsResponse_nextToken :: Lens' ListProtocolsListsResponse (Maybe Text) Source #
If you specify a value for MaxResults
in your list request, and you
have more objects than the maximum, Firewall Manager returns this token
in the response. You can use this token in subsequent requests to
retrieve the next batch of objects.
listProtocolsListsResponse_protocolsLists :: Lens' ListProtocolsListsResponse (Maybe [ProtocolsListDataSummary]) Source #
An array of ProtocolsListDataSummary
objects.
listProtocolsListsResponse_httpStatus :: Lens' ListProtocolsListsResponse Int Source #
The response's http status code.
ListResourceSetResources
listResourceSetResources_maxResults :: Lens' ListResourceSetResources (Maybe Natural) Source #
The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken
value that you can use in a
subsequent call to get the next batch of objects.
listResourceSetResources_nextToken :: Lens' ListResourceSetResources (Maybe Text) Source #
When you request a list of objects with a MaxResults
setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken
value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
listResourceSetResources_identifier :: Lens' ListResourceSetResources Text Source #
A unique identifier for the resource set, used in a TODO to refer to the resource set.
listResourceSetResourcesResponse_nextToken :: Lens' ListResourceSetResourcesResponse (Maybe Text) Source #
When you request a list of objects with a MaxResults
setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken
value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
listResourceSetResourcesResponse_httpStatus :: Lens' ListResourceSetResourcesResponse Int Source #
The response's http status code.
listResourceSetResourcesResponse_items :: Lens' ListResourceSetResourcesResponse [Resource] Source #
An array of the associated resources' uniform resource identifiers (URI).
ListResourceSets
listResourceSets_maxResults :: Lens' ListResourceSets (Maybe Natural) Source #
The maximum number of objects that you want Firewall Manager to return
for this request. If more objects are available, in the response,
Firewall Manager provides a NextToken
value that you can use in a
subsequent call to get the next batch of objects.
listResourceSets_nextToken :: Lens' ListResourceSets (Maybe Text) Source #
When you request a list of objects with a MaxResults
setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken
value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
listResourceSetsResponse_nextToken :: Lens' ListResourceSetsResponse (Maybe Text) Source #
When you request a list of objects with a MaxResults
setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Firewall Manager returns a NextToken
value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
listResourceSetsResponse_resourceSets :: Lens' ListResourceSetsResponse (Maybe [ResourceSetSummary]) Source #
An array of ResourceSetSummary
objects.
listResourceSetsResponse_httpStatus :: Lens' ListResourceSetsResponse Int Source #
The response's http status code.
ListTagsForResource
listTagsForResource_resourceArn :: Lens' ListTagsForResource Text Source #
The Amazon Resource Name (ARN) of the resource to return tags for. The Firewall Manager resources that support tagging are policies, applications lists, and protocols lists.
listTagsForResourceResponse_tagList :: Lens' ListTagsForResourceResponse (Maybe [Tag]) Source #
The tags associated with the resource.
listTagsForResourceResponse_httpStatus :: Lens' ListTagsForResourceResponse Int Source #
The response's http status code.
ListThirdPartyFirewallFirewallPolicies
listThirdPartyFirewallFirewallPolicies_nextToken :: Lens' ListThirdPartyFirewallFirewallPolicies (Maybe Text) Source #
If the previous response included a NextToken
element, the specified
third-party firewall vendor is associated with more third-party firewall
policies. To get more third-party firewall policies, submit another
ListThirdPartyFirewallFirewallPoliciesRequest
request.
For the value of NextToken
, specify the value of NextToken
from the
previous response. If the previous response didn't include a
NextToken
element, there are no more third-party firewall policies to
get.
listThirdPartyFirewallFirewallPolicies_thirdPartyFirewall :: Lens' ListThirdPartyFirewallFirewallPolicies ThirdPartyFirewall Source #
The name of the third-party firewall vendor.
listThirdPartyFirewallFirewallPolicies_maxResults :: Lens' ListThirdPartyFirewallFirewallPolicies Natural Source #
The maximum number of third-party firewall policies that you want
Firewall Manager to return. If the specified third-party firewall vendor
is associated with more than MaxResults
firewall policies, the
response includes a NextToken
element. NextToken
contains an
encrypted token that identifies the first third-party firewall policies
that Firewall Manager will return if you submit another request.
listThirdPartyFirewallFirewallPoliciesResponse_nextToken :: Lens' ListThirdPartyFirewallFirewallPoliciesResponse (Maybe Text) Source #
The value that you will use for NextToken
in the next
ListThirdPartyFirewallFirewallPolicies
request.
listThirdPartyFirewallFirewallPoliciesResponse_thirdPartyFirewallFirewallPolicies :: Lens' ListThirdPartyFirewallFirewallPoliciesResponse (Maybe [ThirdPartyFirewallFirewallPolicy]) Source #
A list that contains one ThirdPartyFirewallFirewallPolicies
element
for each third-party firewall policies that the specified third-party
firewall vendor is associated with. Each
ThirdPartyFirewallFirewallPolicies
element contains the firewall
policy name and ID.
listThirdPartyFirewallFirewallPoliciesResponse_httpStatus :: Lens' ListThirdPartyFirewallFirewallPoliciesResponse Int Source #
The response's http status code.
PutAppsList
putAppsList_tagList :: Lens' PutAppsList (Maybe [Tag]) Source #
The tags associated with the resource.
putAppsList_appsList :: Lens' PutAppsList AppsListData Source #
The details of the Firewall Manager applications list to be created.
putAppsListResponse_appsList :: Lens' PutAppsListResponse (Maybe AppsListData) Source #
The details of the Firewall Manager applications list.
putAppsListResponse_appsListArn :: Lens' PutAppsListResponse (Maybe Text) Source #
The Amazon Resource Name (ARN) of the applications list.
putAppsListResponse_httpStatus :: Lens' PutAppsListResponse Int Source #
The response's http status code.
PutNotificationChannel
putNotificationChannel_snsTopicArn :: Lens' PutNotificationChannel Text Source #
The Amazon Resource Name (ARN) of the SNS topic that collects notifications from Firewall Manager.
putNotificationChannel_snsRoleName :: Lens' PutNotificationChannel Text Source #
The Amazon Resource Name (ARN) of the IAM role that allows Amazon SNS to record Firewall Manager activity.
PutPolicy
putPolicy_tagList :: Lens' PutPolicy (Maybe [Tag]) Source #
The tags to add to the Amazon Web Services resource.
putPolicy_policy :: Lens' PutPolicy Policy Source #
The details of the Firewall Manager policy to be created.
putPolicyResponse_policy :: Lens' PutPolicyResponse (Maybe Policy) Source #
The details of the Firewall Manager policy.
putPolicyResponse_policyArn :: Lens' PutPolicyResponse (Maybe Text) Source #
The Amazon Resource Name (ARN) of the policy.
putPolicyResponse_httpStatus :: Lens' PutPolicyResponse Int Source #
The response's http status code.
PutProtocolsList
putProtocolsList_tagList :: Lens' PutProtocolsList (Maybe [Tag]) Source #
The tags associated with the resource.
putProtocolsList_protocolsList :: Lens' PutProtocolsList ProtocolsListData Source #
The details of the Firewall Manager protocols list to be created.
putProtocolsListResponse_protocolsList :: Lens' PutProtocolsListResponse (Maybe ProtocolsListData) Source #
The details of the Firewall Manager protocols list.
putProtocolsListResponse_protocolsListArn :: Lens' PutProtocolsListResponse (Maybe Text) Source #
The Amazon Resource Name (ARN) of the protocols list.
putProtocolsListResponse_httpStatus :: Lens' PutProtocolsListResponse Int Source #
The response's http status code.
PutResourceSet
putResourceSet_tagList :: Lens' PutResourceSet (Maybe [Tag]) Source #
Retrieves the tags associated with the specified resource set. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
putResourceSet_resourceSet :: Lens' PutResourceSet ResourceSet Source #
Details about the resource set to be created or updated.>
putResourceSetResponse_httpStatus :: Lens' PutResourceSetResponse Int Source #
The response's http status code.
putResourceSetResponse_resourceSet :: Lens' PutResourceSetResponse ResourceSet Source #
Details about the resource set.
putResourceSetResponse_resourceSetArn :: Lens' PutResourceSetResponse Text Source #
The Amazon Resource Name (ARN) of the resource set.
TagResource
tagResource_resourceArn :: Lens' TagResource Text Source #
The Amazon Resource Name (ARN) of the resource to return tags for. The Firewall Manager resources that support tagging are policies, applications lists, and protocols lists.
tagResource_tagList :: Lens' TagResource [Tag] Source #
The tags to add to the resource.
tagResourceResponse_httpStatus :: Lens' TagResourceResponse Int Source #
The response's http status code.
UntagResource
untagResource_resourceArn :: Lens' UntagResource Text Source #
The Amazon Resource Name (ARN) of the resource to return tags for. The Firewall Manager resources that support tagging are policies, applications lists, and protocols lists.
untagResource_tagKeys :: Lens' UntagResource [Text] Source #
The keys of the tags to remove from the resource.
untagResourceResponse_httpStatus :: Lens' UntagResourceResponse Int Source #
The response's http status code.
Types
ActionTarget
actionTarget_description :: Lens' ActionTarget (Maybe Text) Source #
A description of the remediation action target.
actionTarget_resourceId :: Lens' ActionTarget (Maybe Text) Source #
The ID of the remediation target.
App
app_protocol :: Lens' App Text Source #
The IP protocol name or number. The name can be one of tcp
, udp
, or
icmp
. For information on possible numbers, see
Protocol Numbers.
AppsListData
appsListData_createTime :: Lens' AppsListData (Maybe UTCTime) Source #
The time that the Firewall Manager applications list was created.
appsListData_lastUpdateTime :: Lens' AppsListData (Maybe UTCTime) Source #
The time that the Firewall Manager applications list was last updated.
appsListData_listId :: Lens' AppsListData (Maybe Text) Source #
The ID of the Firewall Manager applications list.
appsListData_listUpdateToken :: Lens' AppsListData (Maybe Text) Source #
A unique identifier for each update to the list. When you update the list, the update token must match the token of the current version of the application list. You can retrieve the update token by getting the list.
appsListData_previousAppsList :: Lens' AppsListData (Maybe (HashMap Text [App])) Source #
A map of previous version numbers to their corresponding App
object
arrays.
appsListData_listName :: Lens' AppsListData Text Source #
The name of the Firewall Manager applications list.
appsListData_appsList :: Lens' AppsListData [App] Source #
An array of applications in the Firewall Manager applications list.
AppsListDataSummary
appsListDataSummary_appsList :: Lens' AppsListDataSummary (Maybe [App]) Source #
An array of App
objects in the Firewall Manager applications list.
appsListDataSummary_listArn :: Lens' AppsListDataSummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the applications list.
appsListDataSummary_listId :: Lens' AppsListDataSummary (Maybe Text) Source #
The ID of the applications list.
appsListDataSummary_listName :: Lens' AppsListDataSummary (Maybe Text) Source #
The name of the applications list.
AwsEc2InstanceViolation
awsEc2InstanceViolation_awsEc2NetworkInterfaceViolations :: Lens' AwsEc2InstanceViolation (Maybe [AwsEc2NetworkInterfaceViolation]) Source #
Violation detail for network interfaces associated with the EC2 instance.
awsEc2InstanceViolation_violationTarget :: Lens' AwsEc2InstanceViolation (Maybe Text) Source #
The resource ID of the EC2 instance.
AwsEc2NetworkInterfaceViolation
awsEc2NetworkInterfaceViolation_violatingSecurityGroups :: Lens' AwsEc2NetworkInterfaceViolation (Maybe [Text]) Source #
List of security groups that violate the rules specified in the primary security group of the Firewall Manager policy.
awsEc2NetworkInterfaceViolation_violationTarget :: Lens' AwsEc2NetworkInterfaceViolation (Maybe Text) Source #
The resource ID of the network interface.
AwsVPCSecurityGroupViolation
awsVPCSecurityGroupViolation_partialMatches :: Lens' AwsVPCSecurityGroupViolation (Maybe [PartialMatch]) Source #
List of rules specified in the security group of the Firewall Manager
policy that partially match the ViolationTarget
rule.
awsVPCSecurityGroupViolation_possibleSecurityGroupRemediationActions :: Lens' AwsVPCSecurityGroupViolation (Maybe [SecurityGroupRemediationAction]) Source #
Remediation options for the rule specified in the ViolationTarget
.
awsVPCSecurityGroupViolation_violationTarget :: Lens' AwsVPCSecurityGroupViolation (Maybe Text) Source #
The security group rule that is being evaluated.
awsVPCSecurityGroupViolation_violationTargetDescription :: Lens' AwsVPCSecurityGroupViolation (Maybe Text) Source #
A description of the security group that violates the policy.
ComplianceViolator
complianceViolator_metadata :: Lens' ComplianceViolator (Maybe (HashMap Text Text)) Source #
Metadata about the resource that doesn't comply with the policy scope.
complianceViolator_resourceId :: Lens' ComplianceViolator (Maybe Text) Source #
The resource ID.
complianceViolator_resourceType :: Lens' ComplianceViolator (Maybe Text) Source #
The resource type. This is in the format shown in the
Amazon Web Services Resource Types Reference.
For example: AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::CloudFront::Distribution
, or
AWS::NetworkFirewall::FirewallPolicy
.
complianceViolator_violationReason :: Lens' ComplianceViolator (Maybe ViolationReason) Source #
The reason that the resource is not protected by the policy.
DiscoveredResource
discoveredResource_accountId :: Lens' DiscoveredResource (Maybe Text) Source #
The Amazon Web Services account ID associated with the discovered resource.
discoveredResource_name :: Lens' DiscoveredResource (Maybe Text) Source #
The name of the discovered resource.
discoveredResource_type :: Lens' DiscoveredResource (Maybe Text) Source #
The type of the discovered resource.
discoveredResource_uri :: Lens' DiscoveredResource (Maybe Text) Source #
The universal resource identifier (URI) of the discovered resource.
DnsDuplicateRuleGroupViolation
dnsDuplicateRuleGroupViolation_violationTarget :: Lens' DnsDuplicateRuleGroupViolation (Maybe Text) Source #
Information about the VPC ID.
dnsDuplicateRuleGroupViolation_violationTargetDescription :: Lens' DnsDuplicateRuleGroupViolation (Maybe Text) Source #
A description of the violation that specifies the rule group and VPC.
DnsRuleGroupLimitExceededViolation
dnsRuleGroupLimitExceededViolation_numberOfRuleGroupsAlreadyAssociated :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Int) Source #
The number of rule groups currently associated with the VPC.
dnsRuleGroupLimitExceededViolation_violationTarget :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Text) Source #
Information about the VPC ID.
dnsRuleGroupLimitExceededViolation_violationTargetDescription :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Text) Source #
A description of the violation that specifies the rule group and VPC.
DnsRuleGroupPriorityConflictViolation
dnsRuleGroupPriorityConflictViolation_conflictingPolicyId :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text) Source #
The ID of the Firewall Manager DNS Firewall policy that was already applied to the VPC. This policy contains the rule group that's already associated with the VPC.
dnsRuleGroupPriorityConflictViolation_conflictingPriority :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Natural) Source #
The priority setting of the two conflicting rule groups.
dnsRuleGroupPriorityConflictViolation_unavailablePriorities :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe [Natural]) Source #
The priorities of rule groups that are already associated with the VPC. To retry your operation, choose priority settings that aren't in this list for the rule groups in your new DNS Firewall policy.
dnsRuleGroupPriorityConflictViolation_violationTarget :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text) Source #
Information about the VPC ID.
dnsRuleGroupPriorityConflictViolation_violationTargetDescription :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text) Source #
A description of the violation that specifies the VPC and the rule group that's already associated with it.
EC2AssociateRouteTableAction
eC2AssociateRouteTableAction_description :: Lens' EC2AssociateRouteTableAction (Maybe Text) Source #
A description of the EC2 route table that is associated with the remediation action.
eC2AssociateRouteTableAction_gatewayId :: Lens' EC2AssociateRouteTableAction (Maybe ActionTarget) Source #
The ID of the gateway to be used with the EC2 route table that is associated with the remediation action.
eC2AssociateRouteTableAction_subnetId :: Lens' EC2AssociateRouteTableAction (Maybe ActionTarget) Source #
The ID of the subnet for the EC2 route table that is associated with the remediation action.
eC2AssociateRouteTableAction_routeTableId :: Lens' EC2AssociateRouteTableAction ActionTarget Source #
The ID of the EC2 route table that is associated with the remediation action.
EC2CopyRouteTableAction
eC2CopyRouteTableAction_description :: Lens' EC2CopyRouteTableAction (Maybe Text) Source #
A description of the copied EC2 route table that is associated with the remediation action.
eC2CopyRouteTableAction_vpcId :: Lens' EC2CopyRouteTableAction ActionTarget Source #
The VPC ID of the copied EC2 route table that is associated with the remediation action.
eC2CopyRouteTableAction_routeTableId :: Lens' EC2CopyRouteTableAction ActionTarget Source #
The ID of the copied EC2 route table that is associated with the remediation action.
EC2CreateRouteAction
eC2CreateRouteAction_description :: Lens' EC2CreateRouteAction (Maybe Text) Source #
A description of CreateRoute action in Amazon EC2.
eC2CreateRouteAction_destinationCidrBlock :: Lens' EC2CreateRouteAction (Maybe Text) Source #
Information about the IPv4 CIDR address block used for the destination match.
eC2CreateRouteAction_destinationIpv6CidrBlock :: Lens' EC2CreateRouteAction (Maybe Text) Source #
Information about the IPv6 CIDR block destination.
eC2CreateRouteAction_destinationPrefixListId :: Lens' EC2CreateRouteAction (Maybe Text) Source #
Information about the ID of a prefix list used for the destination match.
eC2CreateRouteAction_gatewayId :: Lens' EC2CreateRouteAction (Maybe ActionTarget) Source #
Information about the ID of an internet gateway or virtual private gateway attached to your VPC.
eC2CreateRouteAction_vpcEndpointId :: Lens' EC2CreateRouteAction (Maybe ActionTarget) Source #
Information about the ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only.
eC2CreateRouteAction_routeTableId :: Lens' EC2CreateRouteAction ActionTarget Source #
Information about the ID of the route table for the route.
EC2CreateRouteTableAction
eC2CreateRouteTableAction_description :: Lens' EC2CreateRouteTableAction (Maybe Text) Source #
A description of the CreateRouteTable action.
eC2CreateRouteTableAction_vpcId :: Lens' EC2CreateRouteTableAction ActionTarget Source #
Information about the ID of a VPC.
EC2DeleteRouteAction
eC2DeleteRouteAction_description :: Lens' EC2DeleteRouteAction (Maybe Text) Source #
A description of the DeleteRoute action.
eC2DeleteRouteAction_destinationCidrBlock :: Lens' EC2DeleteRouteAction (Maybe Text) Source #
Information about the IPv4 CIDR range for the route. The value you specify must match the CIDR for the route exactly.
eC2DeleteRouteAction_destinationIpv6CidrBlock :: Lens' EC2DeleteRouteAction (Maybe Text) Source #
Information about the IPv6 CIDR range for the route. The value you specify must match the CIDR for the route exactly.
eC2DeleteRouteAction_destinationPrefixListId :: Lens' EC2DeleteRouteAction (Maybe Text) Source #
Information about the ID of the prefix list for the route.
eC2DeleteRouteAction_routeTableId :: Lens' EC2DeleteRouteAction ActionTarget Source #
Information about the ID of the route table.
EC2ReplaceRouteAction
eC2ReplaceRouteAction_description :: Lens' EC2ReplaceRouteAction (Maybe Text) Source #
A description of the ReplaceRoute action in Amazon EC2.
eC2ReplaceRouteAction_destinationCidrBlock :: Lens' EC2ReplaceRouteAction (Maybe Text) Source #
Information about the IPv4 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table.
eC2ReplaceRouteAction_destinationIpv6CidrBlock :: Lens' EC2ReplaceRouteAction (Maybe Text) Source #
Information about the IPv6 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table.
eC2ReplaceRouteAction_destinationPrefixListId :: Lens' EC2ReplaceRouteAction (Maybe Text) Source #
Information about the ID of the prefix list for the route.
eC2ReplaceRouteAction_gatewayId :: Lens' EC2ReplaceRouteAction (Maybe ActionTarget) Source #
Information about the ID of an internet gateway or virtual private gateway.
eC2ReplaceRouteAction_routeTableId :: Lens' EC2ReplaceRouteAction ActionTarget Source #
Information about the ID of the route table.
EC2ReplaceRouteTableAssociationAction
eC2ReplaceRouteTableAssociationAction_description :: Lens' EC2ReplaceRouteTableAssociationAction (Maybe Text) Source #
A description of the ReplaceRouteTableAssociation action in Amazon EC2.
eC2ReplaceRouteTableAssociationAction_associationId :: Lens' EC2ReplaceRouteTableAssociationAction ActionTarget Source #
Information about the association ID.
eC2ReplaceRouteTableAssociationAction_routeTableId :: Lens' EC2ReplaceRouteTableAssociationAction ActionTarget Source #
Information about the ID of the new route table to associate with the subnet.
EvaluationResult
evaluationResult_complianceStatus :: Lens' EvaluationResult (Maybe PolicyComplianceStatusType) Source #
Describes an Amazon Web Services account's compliance with the Firewall Manager policy.
evaluationResult_evaluationLimitExceeded :: Lens' EvaluationResult (Maybe Bool) Source #
Indicates that over 100 resources are noncompliant with the Firewall Manager policy.
evaluationResult_violatorCount :: Lens' EvaluationResult (Maybe Natural) Source #
The number of resources that are noncompliant with the specified policy. For WAF and Shield Advanced policies, a resource is considered noncompliant if it is not associated with the policy. For security group policies, a resource is considered noncompliant if it doesn't comply with the rules of the policy and remediation is disabled or not possible.
ExpectedRoute
expectedRoute_allowedTargets :: Lens' ExpectedRoute (Maybe [Text]) Source #
Information about the allowed targets.
expectedRoute_contributingSubnets :: Lens' ExpectedRoute (Maybe [Text]) Source #
Information about the contributing subnets.
expectedRoute_ipV4Cidr :: Lens' ExpectedRoute (Maybe Text) Source #
Information about the IPv4 CIDR block.
expectedRoute_ipV6Cidr :: Lens' ExpectedRoute (Maybe Text) Source #
Information about the IPv6 CIDR block.
expectedRoute_prefixListId :: Lens' ExpectedRoute (Maybe Text) Source #
Information about the ID of the prefix list for the route.
expectedRoute_routeTableId :: Lens' ExpectedRoute (Maybe Text) Source #
Information about the route table ID.
FMSPolicyUpdateFirewallCreationConfigAction
fMSPolicyUpdateFirewallCreationConfigAction_description :: Lens' FMSPolicyUpdateFirewallCreationConfigAction (Maybe Text) Source #
Describes the remedial action.
fMSPolicyUpdateFirewallCreationConfigAction_firewallCreationConfig :: Lens' FMSPolicyUpdateFirewallCreationConfigAction (Maybe Text) Source #
A FirewallCreationConfig
that you can copy into your current policy's
SecurityServiceData
in order to remedy scope violations.
FailedItem
failedItem_reason :: Lens' FailedItem (Maybe FailedItemReason) Source #
The reason the resource's association could not be updated.
failedItem_uri :: Lens' FailedItem (Maybe Text) Source #
The univeral resource indicator (URI) of the resource that failed.
FirewallSubnetIsOutOfScopeViolation
firewallSubnetIsOutOfScopeViolation_firewallSubnetId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text) Source #
The ID of the firewall subnet that violates the policy scope.
firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZone :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text) Source #
The Availability Zone of the firewall subnet that violates the policy scope.
firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZoneId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text) Source #
The Availability Zone ID of the firewall subnet that violates the policy scope.
firewallSubnetIsOutOfScopeViolation_vpcEndpointId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text) Source #
The VPC endpoint ID of the firewall subnet that violates the policy scope.
firewallSubnetIsOutOfScopeViolation_vpcId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text) Source #
The VPC ID of the firewall subnet that violates the policy scope.
FirewallSubnetMissingVPCEndpointViolation
firewallSubnetMissingVPCEndpointViolation_firewallSubnetId :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text) Source #
The ID of the firewall that this VPC endpoint is associated with.
firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZone :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text) Source #
The name of the Availability Zone of the deleted VPC subnet.
firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZoneId :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text) Source #
The ID of the Availability Zone of the deleted VPC subnet.
firewallSubnetMissingVPCEndpointViolation_vpcId :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text) Source #
The resource ID of the VPC associated with the deleted VPC subnet.
NetworkFirewallBlackHoleRouteDetectedViolation
networkFirewallBlackHoleRouteDetectedViolation_routeTableId :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text) Source #
Information about the route table ID.
networkFirewallBlackHoleRouteDetectedViolation_violatingRoutes :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe [Route]) Source #
Information about the route or routes that are in violation.
networkFirewallBlackHoleRouteDetectedViolation_violationTarget :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text) Source #
The subnet that has an inactive state.
networkFirewallBlackHoleRouteDetectedViolation_vpcId :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text) Source #
Information about the VPC ID.
NetworkFirewallInternetTrafficNotInspectedViolation
networkFirewallInternetTrafficNotInspectedViolation_actualFirewallSubnetRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route]) Source #
The actual firewall subnet routes.
networkFirewallInternetTrafficNotInspectedViolation_actualInternetGatewayRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route]) Source #
The actual internet gateway routes.
networkFirewallInternetTrafficNotInspectedViolation_currentFirewallSubnetRouteTable :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
Information about the subnet route table for the current firewall.
networkFirewallInternetTrafficNotInspectedViolation_currentInternetGatewayRouteTable :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The current route table for the internet gateway.
networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallEndpoint :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The expected endpoint for the current firewall.
networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallSubnetRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [ExpectedRoute]) Source #
The firewall subnet routes that are expected.
networkFirewallInternetTrafficNotInspectedViolation_expectedInternetGatewayRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [ExpectedRoute]) Source #
The internet gateway routes that are expected.
networkFirewallInternetTrafficNotInspectedViolation_firewallSubnetId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The firewall subnet ID.
networkFirewallInternetTrafficNotInspectedViolation_internetGatewayId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The internet gateway ID.
networkFirewallInternetTrafficNotInspectedViolation_isRouteTableUsedInDifferentAZ :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Bool) Source #
Information about whether the route table is used in another Availability Zone.
networkFirewallInternetTrafficNotInspectedViolation_routeTableId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
Information about the route table ID.
networkFirewallInternetTrafficNotInspectedViolation_subnetAvailabilityZone :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The subnet Availability Zone.
networkFirewallInternetTrafficNotInspectedViolation_subnetId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The subnet ID.
networkFirewallInternetTrafficNotInspectedViolation_violatingRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route]) Source #
The route or routes that are in violation.
networkFirewallInternetTrafficNotInspectedViolation_vpcId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
Information about the VPC ID.
NetworkFirewallInvalidRouteConfigurationViolation
networkFirewallInvalidRouteConfigurationViolation_actualFirewallEndpoint :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The actual firewall endpoint.
networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The actual subnet ID for the firewall.
networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Route]) Source #
The actual firewall subnet routes that are expected.
networkFirewallInvalidRouteConfigurationViolation_actualInternetGatewayRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Route]) Source #
The actual internet gateway routes.
networkFirewallInvalidRouteConfigurationViolation_affectedSubnets :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Text]) Source #
The subnets that are affected.
networkFirewallInvalidRouteConfigurationViolation_currentFirewallSubnetRouteTable :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The subnet route table for the current firewall.
networkFirewallInvalidRouteConfigurationViolation_currentInternetGatewayRouteTable :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The route table for the current internet gateway.
networkFirewallInvalidRouteConfigurationViolation_expectedFirewallEndpoint :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The firewall endpoint that's expected.
networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The expected subnet ID for the firewall.
networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [ExpectedRoute]) Source #
The firewall subnet routes that are expected.
networkFirewallInvalidRouteConfigurationViolation_expectedInternetGatewayRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [ExpectedRoute]) Source #
The expected routes for the internet gateway.
networkFirewallInvalidRouteConfigurationViolation_internetGatewayId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The internet gateway ID.
networkFirewallInvalidRouteConfigurationViolation_isRouteTableUsedInDifferentAZ :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Bool) Source #
Information about whether the route table is used in another Availability Zone.
networkFirewallInvalidRouteConfigurationViolation_routeTableId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The route table ID.
networkFirewallInvalidRouteConfigurationViolation_violatingRoute :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Route) Source #
The route that's in violation.
networkFirewallInvalidRouteConfigurationViolation_vpcId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
Information about the VPC ID.
NetworkFirewallMissingExpectedRTViolation
networkFirewallMissingExpectedRTViolation_availabilityZone :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The Availability Zone of a violating subnet.
networkFirewallMissingExpectedRTViolation_currentRouteTable :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The resource ID of the current route table that's associated with the subnet, if one is available.
networkFirewallMissingExpectedRTViolation_expectedRouteTable :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The resource ID of the route table that should be associated with the subnet.
networkFirewallMissingExpectedRTViolation_vpc :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The resource ID of the VPC associated with a violating subnet.
networkFirewallMissingExpectedRTViolation_violationTarget :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallMissingExpectedRoutesViolation
networkFirewallMissingExpectedRoutesViolation_expectedRoutes :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe [ExpectedRoute]) Source #
The expected routes.
networkFirewallMissingExpectedRoutesViolation_violationTarget :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe Text) Source #
The target of the violation.
networkFirewallMissingExpectedRoutesViolation_vpcId :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe Text) Source #
Information about the VPC ID.
NetworkFirewallMissingFirewallViolation
networkFirewallMissingFirewallViolation_availabilityZone :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text) Source #
The Availability Zone of a violating subnet.
networkFirewallMissingFirewallViolation_targetViolationReason :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text) Source #
The reason the resource has this violation, if one is available.
networkFirewallMissingFirewallViolation_vpc :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text) Source #
The resource ID of the VPC associated with a violating subnet.
networkFirewallMissingFirewallViolation_violationTarget :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text) Source #
The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallMissingSubnetViolation
networkFirewallMissingSubnetViolation_availabilityZone :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text) Source #
The Availability Zone of a violating subnet.
networkFirewallMissingSubnetViolation_targetViolationReason :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text) Source #
The reason the resource has this violation, if one is available.
networkFirewallMissingSubnetViolation_vpc :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text) Source #
The resource ID of the VPC associated with a violating subnet.
networkFirewallMissingSubnetViolation_violationTarget :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text) Source #
The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallPolicy
networkFirewallPolicy_firewallDeploymentModel :: Lens' NetworkFirewallPolicy (Maybe FirewallDeploymentModel) Source #
Defines the deployment model to use for the firewall policy. To use a
distributed model, set
PolicyOption
to NULL
.
NetworkFirewallPolicyDescription
networkFirewallPolicyDescription_statefulDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text]) Source #
The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is optional, and is only valid when using the strict rule order.
Valid values of the stateful default action:
- aws:drop_strict
- aws:drop_established
- aws:alert_strict
- aws:alert_established
networkFirewallPolicyDescription_statefulEngineOptions :: Lens' NetworkFirewallPolicyDescription (Maybe StatefulEngineOptions) Source #
Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that you use in your policy must have stateful rule options settings that are compatible with these settings.
networkFirewallPolicyDescription_statefulRuleGroups :: Lens' NetworkFirewallPolicyDescription (Maybe [StatefulRuleGroup]) Source #
The stateful rule groups that are used in the Network Firewall firewall policy.
networkFirewallPolicyDescription_statelessCustomActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text]) Source #
Names of custom actions that are available for use in the stateless default actions settings.
networkFirewallPolicyDescription_statelessDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text]) Source #
The actions to take on packets that don't match any of the stateless rule groups.
networkFirewallPolicyDescription_statelessFragmentDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text]) Source #
The actions to take on packet fragments that don't match any of the stateless rule groups.
networkFirewallPolicyDescription_statelessRuleGroups :: Lens' NetworkFirewallPolicyDescription (Maybe [StatelessRuleGroup]) Source #
The stateless rule groups that are used in the Network Firewall firewall policy.
NetworkFirewallPolicyModifiedViolation
networkFirewallPolicyModifiedViolation_currentPolicyDescription :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe NetworkFirewallPolicyDescription) Source #
The policy that's currently in use in the individual account.
networkFirewallPolicyModifiedViolation_expectedPolicyDescription :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe NetworkFirewallPolicyDescription) Source #
The policy that should be in use in the individual account in order to be compliant.
networkFirewallPolicyModifiedViolation_violationTarget :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe Text) Source #
The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallStatefulRuleGroupOverride
networkFirewallStatefulRuleGroupOverride_action :: Lens' NetworkFirewallStatefulRuleGroupOverride (Maybe NetworkFirewallOverrideAction) Source #
The action that changes the rule group from DROP
to ALERT
. This only
applies to managed rule groups.
NetworkFirewallUnexpectedFirewallRoutesViolation
networkFirewallUnexpectedFirewallRoutesViolation_firewallEndpoint :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text) Source #
The endpoint of the firewall.
networkFirewallUnexpectedFirewallRoutesViolation_firewallSubnetId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text) Source #
The subnet ID for the firewall.
networkFirewallUnexpectedFirewallRoutesViolation_routeTableId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text) Source #
The ID of the route table.
networkFirewallUnexpectedFirewallRoutesViolation_violatingRoutes :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe [Route]) Source #
The routes that are in violation.
networkFirewallUnexpectedFirewallRoutesViolation_vpcId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text) Source #
Information about the VPC ID.
NetworkFirewallUnexpectedGatewayRoutesViolation
networkFirewallUnexpectedGatewayRoutesViolation_gatewayId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text) Source #
Information about the gateway ID.
networkFirewallUnexpectedGatewayRoutesViolation_routeTableId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text) Source #
Information about the route table.
networkFirewallUnexpectedGatewayRoutesViolation_violatingRoutes :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe [Route]) Source #
The routes that are in violation.
networkFirewallUnexpectedGatewayRoutesViolation_vpcId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text) Source #
Information about the VPC ID.
PartialMatch
partialMatch_reference :: Lens' PartialMatch (Maybe Text) Source #
The reference rule from the primary security group of the Firewall Manager policy.
partialMatch_targetViolationReasons :: Lens' PartialMatch (Maybe [Text]) Source #
The violation reason.
Policy
policy_deleteUnusedFMManagedResources :: Lens' Policy (Maybe Bool) Source #
Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
policy_excludeMap :: Lens' Policy (Maybe (HashMap CustomerPolicyScopeIdType [Text])) Source #
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap
, Firewall Manager applies the policy to all accounts
specified by the IncludeMap
, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT
. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}
. - Specify OUs by setting the key to
ORG_UNIT
. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}
. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
policy_includeMap :: Lens' Policy (Maybe (HashMap CustomerPolicyScopeIdType [Text])) Source #
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap
, Firewall Manager applies the policy to all accounts
specified by the IncludeMap
, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT
. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}
. - Specify OUs by setting the key to
ORG_UNIT
. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}
. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
policy_policyDescription :: Lens' Policy (Maybe Text) Source #
The definition of the Network Firewall firewall policy.
policy_policyUpdateToken :: Lens' Policy (Maybe Text) Source #
A unique identifier for each update to the policy. When issuing a
PutPolicy
request, the PolicyUpdateToken
in the request must match
the PolicyUpdateToken
of the current policy version. To get the
PolicyUpdateToken
of the current policy version, use a GetPolicy
request.
policy_resourceSetIds :: Lens' Policy (Maybe [Text]) Source #
The unique identifiers of the resource sets used by the policy.
policy_resourceTags :: Lens' Policy (Maybe [ResourceTag]) Source #
An array of ResourceTag
objects.
policy_resourceTypeList :: Lens' Policy (Maybe [Text]) Source #
An array of ResourceType
objects. Use this only to specify multiple
resource types. To specify a single resource type, use ResourceType
.
policy_securityServicePolicyData :: Lens' Policy SecurityServicePolicyData Source #
Details about the security service that is being used to protect the resources.
policy_resourceType :: Lens' Policy Text Source #
The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
To apply this policy to multiple resource types, specify a resource type
of ResourceTypeList
and then specify the resource types in a
ResourceTypeList
.
For WAF and Shield Advanced, resource types include
AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::ElasticLoadBalancing::LoadBalancer
, AWS::EC2::EIP
, and
AWS::CloudFront::Distribution
. For a security group common policy,
valid values are AWS::EC2::NetworkInterface
and AWS::EC2::Instance
.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup
, AWS::EC2::NetworkInterface
, and
AWS::EC2::Instance
. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup
. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC
.
policy_excludeResourceTags :: Lens' Policy Bool Source #
If set to True
, resources with the tags that are specified in the
ResourceTag
array are not in scope of the policy. If set to False
,
and the ResourceTag
array is not null, only resources with the
specified tags are in scope of the policy.
policy_remediationEnabled :: Lens' Policy Bool Source #
Indicates if the policy should be automatically applied to new resources.
PolicyComplianceDetail
policyComplianceDetail_evaluationLimitExceeded :: Lens' PolicyComplianceDetail (Maybe Bool) Source #
Indicates if over 100 resources are noncompliant with the Firewall Manager policy.
policyComplianceDetail_expiredAt :: Lens' PolicyComplianceDetail (Maybe UTCTime) Source #
A timestamp that indicates when the returned information should be considered out of date.
policyComplianceDetail_issueInfoMap :: Lens' PolicyComplianceDetail (Maybe (HashMap DependentServiceName Text)) Source #
Details about problems with dependent services, such as WAF or Config, and the error message received that indicates the problem with the service.
policyComplianceDetail_memberAccount :: Lens' PolicyComplianceDetail (Maybe Text) Source #
The Amazon Web Services account ID.
policyComplianceDetail_policyId :: Lens' PolicyComplianceDetail (Maybe Text) Source #
The ID of the Firewall Manager policy.
policyComplianceDetail_policyOwner :: Lens' PolicyComplianceDetail (Maybe Text) Source #
The Amazon Web Services account that created the Firewall Manager policy.
policyComplianceDetail_violators :: Lens' PolicyComplianceDetail (Maybe [ComplianceViolator]) Source #
An array of resources that aren't protected by the WAF or Shield Advanced policy or that aren't in compliance with the security group policy.
PolicyComplianceStatus
policyComplianceStatus_evaluationResults :: Lens' PolicyComplianceStatus (Maybe [EvaluationResult]) Source #
An array of EvaluationResult
objects.
policyComplianceStatus_issueInfoMap :: Lens' PolicyComplianceStatus (Maybe (HashMap DependentServiceName Text)) Source #
Details about problems with dependent services, such as WAF or Config, and the error message received that indicates the problem with the service.
policyComplianceStatus_lastUpdated :: Lens' PolicyComplianceStatus (Maybe UTCTime) Source #
Timestamp of the last update to the EvaluationResult
objects.
policyComplianceStatus_memberAccount :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The member account ID.
policyComplianceStatus_policyId :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The ID of the Firewall Manager policy.
policyComplianceStatus_policyName :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The name of the Firewall Manager policy.
policyComplianceStatus_policyOwner :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The Amazon Web Services account that created the Firewall Manager policy.
PolicyOption
policyOption_networkFirewallPolicy :: Lens' PolicyOption (Maybe NetworkFirewallPolicy) Source #
Defines the deployment model to use for the firewall policy.
policyOption_thirdPartyFirewallPolicy :: Lens' PolicyOption (Maybe ThirdPartyFirewallPolicy) Source #
Defines the policy options for a third-party firewall policy.
PolicySummary
policySummary_deleteUnusedFMManagedResources :: Lens' PolicySummary (Maybe Bool) Source #
Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
policySummary_policyArn :: Lens' PolicySummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the specified policy.
policySummary_policyId :: Lens' PolicySummary (Maybe Text) Source #
The ID of the specified policy.
policySummary_policyName :: Lens' PolicySummary (Maybe Text) Source #
The name of the specified policy.
policySummary_remediationEnabled :: Lens' PolicySummary (Maybe Bool) Source #
Indicates if the policy should be automatically applied to new resources.
policySummary_resourceType :: Lens' PolicySummary (Maybe Text) Source #
The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
For WAF and Shield Advanced, examples include
AWS::ElasticLoadBalancingV2::LoadBalancer
and
AWS::CloudFront::Distribution
. For a security group common policy,
valid values are AWS::EC2::NetworkInterface
and AWS::EC2::Instance
.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup
, AWS::EC2::NetworkInterface
, and
AWS::EC2::Instance
. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup
. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC
.
policySummary_securityServiceType :: Lens' PolicySummary (Maybe SecurityServiceType) Source #
The service that the policy is using to protect the resources. This specifies the type of policy that is created, either an WAF policy, a Shield Advanced policy, or a security group policy.
PossibleRemediationAction
possibleRemediationAction_description :: Lens' PossibleRemediationAction (Maybe Text) Source #
A description of the list of remediation actions.
possibleRemediationAction_isDefaultAction :: Lens' PossibleRemediationAction (Maybe Bool) Source #
Information about whether an action is taken by default.
possibleRemediationAction_orderedRemediationActions :: Lens' PossibleRemediationAction [RemediationActionWithOrder] Source #
The ordered list of remediation actions.
PossibleRemediationActions
possibleRemediationActions_actions :: Lens' PossibleRemediationActions (Maybe [PossibleRemediationAction]) Source #
Information about the actions.
possibleRemediationActions_description :: Lens' PossibleRemediationActions (Maybe Text) Source #
A description of the possible remediation actions list.
ProtocolsListData
protocolsListData_createTime :: Lens' ProtocolsListData (Maybe UTCTime) Source #
The time that the Firewall Manager protocols list was created.
protocolsListData_lastUpdateTime :: Lens' ProtocolsListData (Maybe UTCTime) Source #
The time that the Firewall Manager protocols list was last updated.
protocolsListData_listId :: Lens' ProtocolsListData (Maybe Text) Source #
The ID of the Firewall Manager protocols list.
protocolsListData_listUpdateToken :: Lens' ProtocolsListData (Maybe Text) Source #
A unique identifier for each update to the list. When you update the list, the update token must match the token of the current version of the application list. You can retrieve the update token by getting the list.
protocolsListData_previousProtocolsList :: Lens' ProtocolsListData (Maybe (HashMap Text [Text])) Source #
A map of previous version numbers to their corresponding protocol arrays.
protocolsListData_listName :: Lens' ProtocolsListData Text Source #
The name of the Firewall Manager protocols list.
protocolsListData_protocolsList :: Lens' ProtocolsListData [Text] Source #
An array of protocols in the Firewall Manager protocols list.
ProtocolsListDataSummary
protocolsListDataSummary_listArn :: Lens' ProtocolsListDataSummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the specified protocols list.
protocolsListDataSummary_listId :: Lens' ProtocolsListDataSummary (Maybe Text) Source #
The ID of the specified protocols list.
protocolsListDataSummary_listName :: Lens' ProtocolsListDataSummary (Maybe Text) Source #
The name of the specified protocols list.
protocolsListDataSummary_protocolsList :: Lens' ProtocolsListDataSummary (Maybe [Text]) Source #
An array of protocols in the Firewall Manager protocols list.
RemediationAction
remediationAction_description :: Lens' RemediationAction (Maybe Text) Source #
A description of a remediation action.
remediationAction_eC2AssociateRouteTableAction :: Lens' RemediationAction (Maybe EC2AssociateRouteTableAction) Source #
Information about the AssociateRouteTable action in the Amazon EC2 API.
remediationAction_eC2CopyRouteTableAction :: Lens' RemediationAction (Maybe EC2CopyRouteTableAction) Source #
Information about the CopyRouteTable action in the Amazon EC2 API.
remediationAction_eC2CreateRouteAction :: Lens' RemediationAction (Maybe EC2CreateRouteAction) Source #
Information about the CreateRoute action in the Amazon EC2 API.
remediationAction_eC2CreateRouteTableAction :: Lens' RemediationAction (Maybe EC2CreateRouteTableAction) Source #
Information about the CreateRouteTable action in the Amazon EC2 API.
remediationAction_eC2DeleteRouteAction :: Lens' RemediationAction (Maybe EC2DeleteRouteAction) Source #
Information about the DeleteRoute action in the Amazon EC2 API.
remediationAction_eC2ReplaceRouteAction :: Lens' RemediationAction (Maybe EC2ReplaceRouteAction) Source #
Information about the ReplaceRoute action in the Amazon EC2 API.
remediationAction_eC2ReplaceRouteTableAssociationAction :: Lens' RemediationAction (Maybe EC2ReplaceRouteTableAssociationAction) Source #
Information about the ReplaceRouteTableAssociation action in the Amazon EC2 API.
remediationAction_fMSPolicyUpdateFirewallCreationConfigAction :: Lens' RemediationAction (Maybe FMSPolicyUpdateFirewallCreationConfigAction) Source #
The remedial action to take when updating a firewall configuration.
RemediationActionWithOrder
remediationActionWithOrder_order :: Lens' RemediationActionWithOrder (Maybe Int) Source #
The order of the remediation actions in the list.
remediationActionWithOrder_remediationAction :: Lens' RemediationActionWithOrder (Maybe RemediationAction) Source #
Information about an action you can take to remediate a violation.
Resource
resource_accountId :: Lens' Resource (Maybe Text) Source #
The Amazon Web Services account ID that the associated resource belongs to.
ResourceSet
resourceSet_description :: Lens' ResourceSet (Maybe Text) Source #
A description of the resource set.
resourceSet_id :: Lens' ResourceSet (Maybe Text) Source #
A unique identifier for the resource set. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.
resourceSet_lastUpdateTime :: Lens' ResourceSet (Maybe UTCTime) Source #
The last time that the resource set was changed.
resourceSet_updateToken :: Lens' ResourceSet (Maybe Text) Source #
An optional token that you can use for optimistic locking. Firewall Manager returns a token to your requests that access the resource set. The token marks the state of the resource set resource at the time of the request. Update tokens are not allowed when creating a resource set. After creation, each subsequent update call to the resource set requires the update token.
To make an unconditional change to the resource set, omit the token in your update request. Without the token, Firewall Manager performs your updates regardless of whether the resource set has changed since you last retrieved it.
To make a conditional change to the resource set, provide the token in
your update request. Firewall Manager uses the token to ensure that the
resource set hasn't changed since you last retrieved it. If it has
changed, the operation fails with an InvalidTokenException
. If this
happens, retrieve the resource set again to get a current copy of it
with a new token. Reapply your changes as needed, then try the operation
again using the new token.
resourceSet_name :: Lens' ResourceSet Text Source #
The descriptive name of the resource set. You can't change the name of a resource set after you create it.
resourceSet_resourceTypeList :: Lens' ResourceSet [Text] Source #
Determines the resources that can be associated to the resource set. Depending on your setting for max results and the number of resource sets, a single call might not return the full list.
ResourceSetSummary
resourceSetSummary_description :: Lens' ResourceSetSummary (Maybe Text) Source #
A description of the resource set.
resourceSetSummary_id :: Lens' ResourceSetSummary (Maybe Text) Source #
A unique identifier for the resource set. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.
resourceSetSummary_lastUpdateTime :: Lens' ResourceSetSummary (Maybe UTCTime) Source #
The last time that the resource set was changed.
resourceSetSummary_name :: Lens' ResourceSetSummary (Maybe Text) Source #
The descriptive name of the resource set. You can't change the name of a resource set after you create it.
ResourceTag
resourceTag_value :: Lens' ResourceTag (Maybe Text) Source #
The resource tag value.
resourceTag_key :: Lens' ResourceTag Text Source #
The resource tag key.
ResourceViolation
resourceViolation_awsEc2InstanceViolation :: Lens' ResourceViolation (Maybe AwsEc2InstanceViolation) Source #
Violation detail for an EC2 instance.
resourceViolation_awsEc2NetworkInterfaceViolation :: Lens' ResourceViolation (Maybe AwsEc2NetworkInterfaceViolation) Source #
Violation detail for a network interface.
resourceViolation_awsVPCSecurityGroupViolation :: Lens' ResourceViolation (Maybe AwsVPCSecurityGroupViolation) Source #
Violation detail for security groups.
resourceViolation_dnsDuplicateRuleGroupViolation :: Lens' ResourceViolation (Maybe DnsDuplicateRuleGroupViolation) Source #
Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.
resourceViolation_dnsRuleGroupLimitExceededViolation :: Lens' ResourceViolation (Maybe DnsRuleGroupLimitExceededViolation) Source #
Violation detail for a DNS Firewall policy that indicates that the VPC reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed.
resourceViolation_dnsRuleGroupPriorityConflictViolation :: Lens' ResourceViolation (Maybe DnsRuleGroupPriorityConflictViolation) Source #
Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.
resourceViolation_firewallSubnetIsOutOfScopeViolation :: Lens' ResourceViolation (Maybe FirewallSubnetIsOutOfScopeViolation) Source #
Contains details about the firewall subnet that violates the policy scope.
resourceViolation_firewallSubnetMissingVPCEndpointViolation :: Lens' ResourceViolation (Maybe FirewallSubnetMissingVPCEndpointViolation) Source #
The violation details for a third-party firewall's VPC endpoint subnet that was deleted.
resourceViolation_networkFirewallBlackHoleRouteDetectedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallBlackHoleRouteDetectedViolation) Source #
Undocumented member.
resourceViolation_networkFirewallInternetTrafficNotInspectedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallInternetTrafficNotInspectedViolation) Source #
Violation detail for the subnet for which internet traffic hasn't been inspected.
resourceViolation_networkFirewallInvalidRouteConfigurationViolation :: Lens' ResourceViolation (Maybe NetworkFirewallInvalidRouteConfigurationViolation) Source #
The route configuration is invalid.
resourceViolation_networkFirewallMissingExpectedRTViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingExpectedRTViolation) Source #
Violation detail for an Network Firewall policy that indicates that a subnet is not associated with the expected Firewall Manager managed route table.
resourceViolation_networkFirewallMissingExpectedRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingExpectedRoutesViolation) Source #
Expected routes are missing from Network Firewall.
resourceViolation_networkFirewallMissingFirewallViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingFirewallViolation) Source #
Violation detail for an Network Firewall policy that indicates that a subnet has no Firewall Manager managed firewall in its VPC.
resourceViolation_networkFirewallMissingSubnetViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingSubnetViolation) Source #
Violation detail for an Network Firewall policy that indicates that an Availability Zone is missing the expected Firewall Manager managed subnet.
resourceViolation_networkFirewallPolicyModifiedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallPolicyModifiedViolation) Source #
Violation detail for an Network Firewall policy that indicates that a firewall policy in an individual account has been modified in a way that makes it noncompliant. For example, the individual account owner might have deleted a rule group, changed the priority of a stateless rule group, or changed a policy default action.
resourceViolation_networkFirewallUnexpectedFirewallRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallUnexpectedFirewallRoutesViolation) Source #
There's an unexpected firewall route.
resourceViolation_networkFirewallUnexpectedGatewayRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallUnexpectedGatewayRoutesViolation) Source #
There's an unexpected gateway route.
resourceViolation_possibleRemediationActions :: Lens' ResourceViolation (Maybe PossibleRemediationActions) Source #
A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.
resourceViolation_routeHasOutOfScopeEndpointViolation :: Lens' ResourceViolation (Maybe RouteHasOutOfScopeEndpointViolation) Source #
Contains details about the route endpoint that violates the policy scope.
resourceViolation_thirdPartyFirewallMissingExpectedRouteTableViolation :: Lens' ResourceViolation (Maybe ThirdPartyFirewallMissingExpectedRouteTableViolation) Source #
The violation details for a third-party firewall that has the Firewall Manager managed route table that was associated with the third-party firewall has been deleted.
resourceViolation_thirdPartyFirewallMissingFirewallViolation :: Lens' ResourceViolation (Maybe ThirdPartyFirewallMissingFirewallViolation) Source #
The violation details for a third-party firewall that's been deleted.
resourceViolation_thirdPartyFirewallMissingSubnetViolation :: Lens' ResourceViolation (Maybe ThirdPartyFirewallMissingSubnetViolation) Source #
The violation details for a third-party firewall's subnet that's been deleted.
Route
route_destinationType :: Lens' Route (Maybe DestinationType) Source #
The type of destination for the route.
route_targetType :: Lens' Route (Maybe TargetType) Source #
The type of target for the route.
RouteHasOutOfScopeEndpointViolation
routeHasOutOfScopeEndpointViolation_currentFirewallSubnetRouteTable :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The route table associated with the current firewall subnet.
routeHasOutOfScopeEndpointViolation_currentInternetGatewayRouteTable :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The current route table associated with the Internet Gateway.
routeHasOutOfScopeEndpointViolation_firewallSubnetId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The ID of the firewall subnet.
routeHasOutOfScopeEndpointViolation_firewallSubnetRoutes :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe [Route]) Source #
The list of firewall subnet routes.
routeHasOutOfScopeEndpointViolation_internetGatewayId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The ID of the Internet Gateway.
routeHasOutOfScopeEndpointViolation_internetGatewayRoutes :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe [Route]) Source #
The routes in the route table associated with the Internet Gateway.
routeHasOutOfScopeEndpointViolation_routeTableId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The ID of the route table.
routeHasOutOfScopeEndpointViolation_subnetAvailabilityZone :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The subnet's Availability Zone.
routeHasOutOfScopeEndpointViolation_subnetAvailabilityZoneId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The ID of the subnet's Availability Zone.
routeHasOutOfScopeEndpointViolation_subnetId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The ID of the subnet associated with the route that violates the policy scope.
routeHasOutOfScopeEndpointViolation_violatingRoutes :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe [Route]) Source #
The list of routes that violate the route table.
routeHasOutOfScopeEndpointViolation_vpcId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The VPC ID of the route that violates the policy scope.
SecurityGroupRemediationAction
securityGroupRemediationAction_description :: Lens' SecurityGroupRemediationAction (Maybe Text) Source #
Brief description of the action that will be performed.
securityGroupRemediationAction_isDefaultAction :: Lens' SecurityGroupRemediationAction (Maybe Bool) Source #
Indicates if the current action is the default action.
securityGroupRemediationAction_remediationActionType :: Lens' SecurityGroupRemediationAction (Maybe RemediationActionType) Source #
The remediation action that will be performed.
securityGroupRemediationAction_remediationResult :: Lens' SecurityGroupRemediationAction (Maybe SecurityGroupRuleDescription) Source #
The final state of the rule specified in the ViolationTarget
after it
is remediated.
SecurityGroupRuleDescription
securityGroupRuleDescription_fromPort :: Lens' SecurityGroupRuleDescription (Maybe Natural) Source #
The start of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 type number. A value of -1
indicates all ICMP/ICMPv6
types.
securityGroupRuleDescription_iPV4Range :: Lens' SecurityGroupRuleDescription (Maybe Text) Source #
The IPv4 ranges for the security group rule.
securityGroupRuleDescription_iPV6Range :: Lens' SecurityGroupRuleDescription (Maybe Text) Source #
The IPv6 ranges for the security group rule.
securityGroupRuleDescription_prefixListId :: Lens' SecurityGroupRuleDescription (Maybe Text) Source #
The ID of the prefix list for the security group rule.
securityGroupRuleDescription_protocol :: Lens' SecurityGroupRuleDescription (Maybe Text) Source #
The IP protocol name (tcp
, udp
, icmp
, icmpv6
) or number.
securityGroupRuleDescription_toPort :: Lens' SecurityGroupRuleDescription (Maybe Natural) Source #
The end of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 code. A value of -1
indicates all ICMP/ICMPv6 codes.
SecurityServicePolicyData
securityServicePolicyData_managedServiceData :: Lens' SecurityServicePolicyData (Maybe Text) Source #
Details about the service that are specific to the service type, in JSON format.
Example:
DNS_FIREWALL
"{\"type\":\"DNS_FIREWALL\",\"preProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-1\",\"priority\":10}],\"postProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-2\",\"priority\":9911}]}"
Valid values for
preProcessRuleGroups
are between 1 and 99. Valid values forpostProcessRuleGroups
are between 9901 and 10000.Example:
NETWORK_FIREWALL
- Centralized deployment model"{\"type\":\"NETWORK_FIREWALL\",\"awsNetworkFirewallConfig\":{\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}},\"firewallDeploymentModel\":{\"centralizedFirewallDeploymentModel\":{\"centralizedFirewallOrchestrationConfig\":{\"inspectionVpcIds\":[{\"resourceId\":\"vpc-1234\",\"accountId\":\"123456789011\"}],\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneId\":null,\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]}]}},\"allowedIPV4CidrList\":[]}}}}"
To use the centralized deployment model, you must set PolicyOption to
CENTRALIZED
.Example:
NETWORK_FIREWALL
- Distributed deployment model with automatic Availability Zone configuration"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"OFF\"},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}}"
With automatic Availbility Zone configuration, Firewall Manager chooses which Availability Zones to create the endpoints in. To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
NETWORK_FIREWALL
- Distributed deployment model with automatic Availability Zone configuration and route management"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"]},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\": \"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}}"
To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
NETWORK_FIREWALL
- Distributed deployment model with custom Availability Zone configuration"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\", \"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}},{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"fragmentmetricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"firewallCreationConfig\":{ \"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]},{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[ \"10.0.0.0/28\"]}]} },\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"OFF\",\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":boolean}}"
With custom Availability Zone configuration, you define which specific Availability Zones to create endpoints in by configuring
firewallCreationConfig
. To configure the Availability Zones infirewallCreationConfig
, specify either theavailabilityZoneName
oravailabilityZoneId
parameter, not both parameters.To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
NETWORK_FIREWALL
- Distributed deployment model with custom Availability Zone configuration and route management"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}},{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"fragmentmetricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]},{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]}]}},\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"],\"routeManagementConfig\":{\"allowCrossAZTrafficIfNoEndpoint\":true}},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":boolean}}"
To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
THIRD_PARTY_FIREWALL
"{ "type":"THIRD_PARTY_FIREWALL", "thirdPartyFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW", "thirdPartyFirewallConfig":{ "thirdPartyFirewallPolicyList":["global-1"] }, "firewallDeploymentModel":{ "distributedFirewallDeploymentModel":{ "distributedFirewallOrchestrationConfig":{ "firewallCreationConfig":{ "endpointLocation":{ "availabilityZoneConfigList":[ { "availabilityZoneName":"${AvailabilityZone}" } ] } }, "allowedIPV4CidrList":[ ] } } } }"
Example:
SECURITY_GROUPS_COMMON
"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"
Example:
SECURITY_GROUPS_COMMON
- Security group tag distribution""{\"type\":\"SECURITY_GROUPS_COMMON\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"revertManualSecurityGroupChanges\":true,\"exclusiveResourceSecurityGroupManagement\":false,\"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":false,\"enableTagDistribution\":true}""
Firewall Manager automatically distributes tags from the primary group to the security groups created by this policy. To use security group tag distribution, you must also set
revertManualSecurityGroupChanges
totrue
, otherwise Firewall Manager won't be able to create the policy. When you enablerevertManualSecurityGroupChanges
, Firewall Manager identifies and reports when the security groups created by this policy become non-compliant.Firewall Manager won't distrubute system tags added by Amazon Web Services services into the replica security groups. System tags begin with the
aws:
prefix.Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns
"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":true,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"
Example:
SECURITY_GROUPS_CONTENT_AUDIT
"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"
The security group action for content audit can be
ALLOW
orDENY
. ForALLOW
, all in-scope security group rules must be within the allowed range of the policy's security group rules. ForDENY
, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.Example:
SECURITY_GROUPS_USAGE_AUDIT
"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"
Specification for
SHIELD_ADVANCED
for Amazon CloudFront distributions"{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": {\"automaticResponseStatus\":\"ENABLED|IGNORED|DISABLED\", \"automaticResponseAction\":\"BLOCK|COUNT\"}, \"overrideCustomerWebaclClassic\":true|false}"
For example:
"{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": {\"automaticResponseStatus\":\"ENABLED\", \"automaticResponseAction\":\"COUNT\"}}"
The default value for
automaticResponseStatus
isIGNORED
. The value forautomaticResponseAction
is only required whenautomaticResponseStatus
is set toENABLED
. The default value foroverrideCustomerWebaclClassic
isfalse
.For other resource types that you can protect with a Shield Advanced policy, this
ManagedServiceData
configuration is an empty string.Example:
WAFV2
"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAmazonIpReputationList\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"
In the
loggingConfiguration
, you can specify onelogDestinationConfigs
, you can optionally provide up to 20redactedFields
, and theRedactedFieldType
must be one ofURI
,QUERY_STRING
,HEADER
, orMETHOD
.Example:
WAFV2
- Firewall Manager support for WAF managed rule group versioning"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"versionEnabled\":true,\"version\":\"Version_2.0\",\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesCommonRuleSet\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"
To use a specific version of a WAF managed rule group in your Firewall Manager policy, you must set
versionEnabled
totrue
, and setversion
to the version you'd like to use. If you don't setversionEnabled
totrue
, or if you omitversionEnabled
, then Firewall Manager uses the default version of the WAF managed rule group.Example:
WAF Classic
"{\"type\": \"WAF\", \"ruleGroups\": [{\"id\":\"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}"
securityServicePolicyData_policyOption :: Lens' SecurityServicePolicyData (Maybe PolicyOption) Source #
Contains the Network Firewall firewall policy options to configure a centralized deployment model.
securityServicePolicyData_type :: Lens' SecurityServicePolicyData SecurityServiceType Source #
The service that the policy is using to protect the resources. This specifies the type of policy that is created, either an WAF policy, a Shield Advanced policy, or a security group policy. For security group policies, Firewall Manager supports one security group for each common policy and for each content audit policy. This is an adjustable limit that you can increase by contacting Amazon Web Services Support.
StatefulEngineOptions
statefulEngineOptions_ruleOrder :: Lens' StatefulEngineOptions (Maybe RuleOrder) Source #
Indicates how to manage the order of stateful rule evaluation for the
policy. DEFAULT_ACTION_ORDER
is the default behavior. Stateful rules
are provided to the rule engine as Suricata compatible strings, and
Suricata evaluates them based on certain settings. For more information,
see
Evaluation order for stateful rules
in the Network Firewall Developer Guide.
StatefulRuleGroup
statefulRuleGroup_override :: Lens' StatefulRuleGroup (Maybe NetworkFirewallStatefulRuleGroupOverride) Source #
The action that allows the policy owner to override the behavior of the rule group within a policy.
statefulRuleGroup_priority :: Lens' StatefulRuleGroup (Maybe Int) Source #
An integer setting that indicates the order in which to run the stateful
rule groups in a single Network Firewall firewall policy. This setting
only applies to firewall policies that specify the STRICT_ORDER
rule
order in the stateful engine options settings.
Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy. For information about
You can change the priority settings of your rule groups at any time. To make it easier to insert rule groups later, number them so there's a wide range in between, for example use 100, 200, and so on.
statefulRuleGroup_resourceId :: Lens' StatefulRuleGroup (Maybe Text) Source #
The resource ID of the rule group.
statefulRuleGroup_ruleGroupName :: Lens' StatefulRuleGroup (Maybe Text) Source #
The name of the rule group.
StatelessRuleGroup
statelessRuleGroup_priority :: Lens' StatelessRuleGroup (Maybe Natural) Source #
The priority of the rule group. Network Firewall evaluates the stateless rule groups in a firewall policy starting from the lowest priority setting.
statelessRuleGroup_resourceId :: Lens' StatelessRuleGroup (Maybe Text) Source #
The resource ID of the rule group.
statelessRuleGroup_ruleGroupName :: Lens' StatelessRuleGroup (Maybe Text) Source #
The name of the rule group.
Tag
tag_key :: Lens' Tag Text Source #
Part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as "customer." Tag keys are case-sensitive.
tag_value :: Lens' Tag Text Source #
Part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as "companyA" or "companyB." Tag values are case-sensitive.
ThirdPartyFirewallFirewallPolicy
thirdPartyFirewallFirewallPolicy_firewallPolicyId :: Lens' ThirdPartyFirewallFirewallPolicy (Maybe Text) Source #
The ID of the specified firewall policy.
thirdPartyFirewallFirewallPolicy_firewallPolicyName :: Lens' ThirdPartyFirewallFirewallPolicy (Maybe Text) Source #
The name of the specified firewall policy.
ThirdPartyFirewallMissingExpectedRouteTableViolation
thirdPartyFirewallMissingExpectedRouteTableViolation_availabilityZone :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text) Source #
The Availability Zone of the firewall subnet that's causing the violation.
thirdPartyFirewallMissingExpectedRouteTableViolation_currentRouteTable :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text) Source #
The resource ID of the current route table that's associated with the subnet, if one is available.
thirdPartyFirewallMissingExpectedRouteTableViolation_expectedRouteTable :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text) Source #
The resource ID of the route table that should be associated with the subnet.
thirdPartyFirewallMissingExpectedRouteTableViolation_vpc :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text) Source #
The resource ID of the VPC associated with a fireawll subnet that's causing the violation.
thirdPartyFirewallMissingExpectedRouteTableViolation_violationTarget :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text) Source #
The ID of the third-party firewall or VPC resource that's causing the violation.
ThirdPartyFirewallMissingFirewallViolation
thirdPartyFirewallMissingFirewallViolation_availabilityZone :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text) Source #
The Availability Zone of the third-party firewall that's causing the violation.
thirdPartyFirewallMissingFirewallViolation_targetViolationReason :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text) Source #
The reason the resource is causing this violation, if a reason is available.
thirdPartyFirewallMissingFirewallViolation_vpc :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text) Source #
The resource ID of the VPC associated with a third-party firewall.
thirdPartyFirewallMissingFirewallViolation_violationTarget :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text) Source #
The ID of the third-party firewall that's causing the violation.
ThirdPartyFirewallMissingSubnetViolation
thirdPartyFirewallMissingSubnetViolation_availabilityZone :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text) Source #
The Availability Zone of a subnet that's causing the violation.
thirdPartyFirewallMissingSubnetViolation_targetViolationReason :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text) Source #
The reason the resource is causing the violation, if a reason is available.
thirdPartyFirewallMissingSubnetViolation_vpc :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text) Source #
The resource ID of the VPC associated with a subnet that's causing the violation.
thirdPartyFirewallMissingSubnetViolation_violationTarget :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text) Source #
The ID of the third-party firewall or VPC resource that's causing the violation.
ThirdPartyFirewallPolicy
thirdPartyFirewallPolicy_firewallDeploymentModel :: Lens' ThirdPartyFirewallPolicy (Maybe FirewallDeploymentModel) Source #
Defines the deployment model to use for the third-party firewall policy.
ViolationDetail
violationDetail_resourceDescription :: Lens' ViolationDetail (Maybe Text) Source #
Brief description for the requested resource.
violationDetail_resourceTags :: Lens' ViolationDetail (Maybe [Tag]) Source #
The ResourceTag
objects associated with the resource.
violationDetail_policyId :: Lens' ViolationDetail Text Source #
The ID of the Firewall Manager policy that the violation details were requested for.
violationDetail_memberAccount :: Lens' ViolationDetail Text Source #
The Amazon Web Services account that the violation details were requested for.
violationDetail_resourceId :: Lens' ViolationDetail Text Source #
The resource ID that the violation details were requested for.
violationDetail_resourceType :: Lens' ViolationDetail Text Source #
The resource type that the violation details were requested for.
violationDetail_resourceViolations :: Lens' ViolationDetail [ResourceViolation] Source #
List of violations for the requested resource.