Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
- Service Configuration
- Errors
- AccountRoleStatus
- CustomerPolicyScopeIdType
- DependentServiceName
- DestinationType
- FailedItemReason
- FirewallDeploymentModel
- MarketplaceSubscriptionOnboardingStatus
- NetworkFirewallOverrideAction
- PolicyComplianceStatusType
- RemediationActionType
- RuleOrder
- SecurityServiceType
- TargetType
- ThirdPartyFirewall
- ThirdPartyFirewallAssociationStatus
- ViolationReason
- ActionTarget
- App
- AppsListData
- AppsListDataSummary
- AwsEc2InstanceViolation
- AwsEc2NetworkInterfaceViolation
- AwsVPCSecurityGroupViolation
- ComplianceViolator
- DiscoveredResource
- DnsDuplicateRuleGroupViolation
- DnsRuleGroupLimitExceededViolation
- DnsRuleGroupPriorityConflictViolation
- EC2AssociateRouteTableAction
- EC2CopyRouteTableAction
- EC2CreateRouteAction
- EC2CreateRouteTableAction
- EC2DeleteRouteAction
- EC2ReplaceRouteAction
- EC2ReplaceRouteTableAssociationAction
- EvaluationResult
- ExpectedRoute
- FMSPolicyUpdateFirewallCreationConfigAction
- FailedItem
- FirewallSubnetIsOutOfScopeViolation
- FirewallSubnetMissingVPCEndpointViolation
- NetworkFirewallBlackHoleRouteDetectedViolation
- NetworkFirewallInternetTrafficNotInspectedViolation
- NetworkFirewallInvalidRouteConfigurationViolation
- NetworkFirewallMissingExpectedRTViolation
- NetworkFirewallMissingExpectedRoutesViolation
- NetworkFirewallMissingFirewallViolation
- NetworkFirewallMissingSubnetViolation
- NetworkFirewallPolicy
- NetworkFirewallPolicyDescription
- NetworkFirewallPolicyModifiedViolation
- NetworkFirewallStatefulRuleGroupOverride
- NetworkFirewallUnexpectedFirewallRoutesViolation
- NetworkFirewallUnexpectedGatewayRoutesViolation
- PartialMatch
- Policy
- PolicyComplianceDetail
- PolicyComplianceStatus
- PolicyOption
- PolicySummary
- PossibleRemediationAction
- PossibleRemediationActions
- ProtocolsListData
- ProtocolsListDataSummary
- RemediationAction
- RemediationActionWithOrder
- Resource
- ResourceSet
- ResourceSetSummary
- ResourceTag
- ResourceViolation
- Route
- RouteHasOutOfScopeEndpointViolation
- SecurityGroupRemediationAction
- SecurityGroupRuleDescription
- SecurityServicePolicyData
- StatefulEngineOptions
- StatefulRuleGroup
- StatelessRuleGroup
- Tag
- ThirdPartyFirewallFirewallPolicy
- ThirdPartyFirewallMissingExpectedRouteTableViolation
- ThirdPartyFirewallMissingFirewallViolation
- ThirdPartyFirewallMissingSubnetViolation
- ThirdPartyFirewallPolicy
- ViolationDetail
Synopsis
- defaultService :: Service
- _InternalErrorException :: AsError a => Fold a ServiceError
- _InvalidInputException :: AsError a => Fold a ServiceError
- _InvalidOperationException :: AsError a => Fold a ServiceError
- _InvalidTypeException :: AsError a => Fold a ServiceError
- _LimitExceededException :: AsError a => Fold a ServiceError
- _ResourceNotFoundException :: AsError a => Fold a ServiceError
- newtype AccountRoleStatus where
- AccountRoleStatus' { }
- pattern AccountRoleStatus_CREATING :: AccountRoleStatus
- pattern AccountRoleStatus_DELETED :: AccountRoleStatus
- pattern AccountRoleStatus_DELETING :: AccountRoleStatus
- pattern AccountRoleStatus_PENDING_DELETION :: AccountRoleStatus
- pattern AccountRoleStatus_READY :: AccountRoleStatus
- newtype CustomerPolicyScopeIdType where
- newtype DependentServiceName where
- newtype DestinationType where
- DestinationType' { }
- pattern DestinationType_IPV4 :: DestinationType
- pattern DestinationType_IPV6 :: DestinationType
- pattern DestinationType_PREFIX_LIST :: DestinationType
- newtype FailedItemReason where
- FailedItemReason' { }
- pattern FailedItemReason_NOT_VALID_ACCOUNT_ID :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_ARN :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_PARTITION :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_REGION :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_RESOURCE_TYPE :: FailedItemReason
- pattern FailedItemReason_NOT_VALID_SERVICE :: FailedItemReason
- newtype FirewallDeploymentModel where
- newtype MarketplaceSubscriptionOnboardingStatus where
- MarketplaceSubscriptionOnboardingStatus' { }
- pattern MarketplaceSubscriptionOnboardingStatus_COMPLETE :: MarketplaceSubscriptionOnboardingStatus
- pattern MarketplaceSubscriptionOnboardingStatus_NOT_COMPLETE :: MarketplaceSubscriptionOnboardingStatus
- pattern MarketplaceSubscriptionOnboardingStatus_NO_SUBSCRIPTION :: MarketplaceSubscriptionOnboardingStatus
- newtype NetworkFirewallOverrideAction where
- newtype PolicyComplianceStatusType where
- newtype RemediationActionType where
- newtype RuleOrder where
- RuleOrder' { }
- pattern RuleOrder_DEFAULT_ACTION_ORDER :: RuleOrder
- pattern RuleOrder_STRICT_ORDER :: RuleOrder
- newtype SecurityServiceType where
- SecurityServiceType' { }
- pattern SecurityServiceType_DNS_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_IMPORT_NETWORK_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_NETWORK_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_SECURITY_GROUPS_COMMON :: SecurityServiceType
- pattern SecurityServiceType_SECURITY_GROUPS_CONTENT_AUDIT :: SecurityServiceType
- pattern SecurityServiceType_SECURITY_GROUPS_USAGE_AUDIT :: SecurityServiceType
- pattern SecurityServiceType_SHIELD_ADVANCED :: SecurityServiceType
- pattern SecurityServiceType_THIRD_PARTY_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_WAF :: SecurityServiceType
- pattern SecurityServiceType_WAFV2 :: SecurityServiceType
- newtype TargetType where
- TargetType' { }
- pattern TargetType_CARRIER_GATEWAY :: TargetType
- pattern TargetType_EGRESS_ONLY_INTERNET_GATEWAY :: TargetType
- pattern TargetType_GATEWAY :: TargetType
- pattern TargetType_INSTANCE :: TargetType
- pattern TargetType_LOCAL_GATEWAY :: TargetType
- pattern TargetType_NAT_GATEWAY :: TargetType
- pattern TargetType_NETWORK_INTERFACE :: TargetType
- pattern TargetType_TRANSIT_GATEWAY :: TargetType
- pattern TargetType_VPC_ENDPOINT :: TargetType
- pattern TargetType_VPC_PEERING_CONNECTION :: TargetType
- newtype ThirdPartyFirewall where
- newtype ThirdPartyFirewallAssociationStatus where
- ThirdPartyFirewallAssociationStatus' { }
- pattern ThirdPartyFirewallAssociationStatus_NOT_EXIST :: ThirdPartyFirewallAssociationStatus
- pattern ThirdPartyFirewallAssociationStatus_OFFBOARDING :: ThirdPartyFirewallAssociationStatus
- pattern ThirdPartyFirewallAssociationStatus_OFFBOARD_COMPLETE :: ThirdPartyFirewallAssociationStatus
- pattern ThirdPartyFirewallAssociationStatus_ONBOARDING :: ThirdPartyFirewallAssociationStatus
- pattern ThirdPartyFirewallAssociationStatus_ONBOARD_COMPLETE :: ThirdPartyFirewallAssociationStatus
- newtype ViolationReason where
- ViolationReason' { }
- pattern ViolationReason_BLACK_HOLE_ROUTE_DETECTED :: ViolationReason
- pattern ViolationReason_BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET :: ViolationReason
- pattern ViolationReason_FIREWALL_SUBNET_IS_OUT_OF_SCOPE :: ViolationReason
- pattern ViolationReason_FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE :: ViolationReason
- pattern ViolationReason_FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT :: ViolationReason
- pattern ViolationReason_FMS_CREATED_SECURITY_GROUP_EDITED :: ViolationReason
- pattern ViolationReason_INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE :: ViolationReason
- pattern ViolationReason_INTERNET_TRAFFIC_NOT_INSPECTED :: ViolationReason
- pattern ViolationReason_INVALID_ROUTE_CONFIGURATION :: ViolationReason
- pattern ViolationReason_MISSING_EXPECTED_ROUTE_TABLE :: ViolationReason
- pattern ViolationReason_MISSING_FIREWALL :: ViolationReason
- pattern ViolationReason_MISSING_FIREWALL_SUBNET_IN_AZ :: ViolationReason
- pattern ViolationReason_MISSING_TARGET_GATEWAY :: ViolationReason
- pattern ViolationReason_NETWORK_FIREWALL_POLICY_MODIFIED :: ViolationReason
- pattern ViolationReason_RESOURCE_INCORRECT_WEB_ACL :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_DNS_FIREWALL :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_SECURITY_GROUP :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_SHIELD_PROTECTION :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_WEB_ACL :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION :: ViolationReason
- pattern ViolationReason_RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP :: ViolationReason
- pattern ViolationReason_ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT :: ViolationReason
- pattern ViolationReason_SECURITY_GROUP_REDUNDANT :: ViolationReason
- pattern ViolationReason_SECURITY_GROUP_UNUSED :: ViolationReason
- pattern ViolationReason_TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY :: ViolationReason
- pattern ViolationReason_UNEXPECTED_FIREWALL_ROUTES :: ViolationReason
- pattern ViolationReason_UNEXPECTED_TARGET_GATEWAY_ROUTES :: ViolationReason
- pattern ViolationReason_WEB_ACL_MISSING_RULE_GROUP :: ViolationReason
- data ActionTarget = ActionTarget' {
- description :: Maybe Text
- resourceId :: Maybe Text
- newActionTarget :: ActionTarget
- actionTarget_description :: Lens' ActionTarget (Maybe Text)
- actionTarget_resourceId :: Lens' ActionTarget (Maybe Text)
- data App = App' {}
- newApp :: Text -> Text -> Natural -> App
- app_appName :: Lens' App Text
- app_protocol :: Lens' App Text
- app_port :: Lens' App Natural
- data AppsListData = AppsListData' {}
- newAppsListData :: Text -> AppsListData
- appsListData_createTime :: Lens' AppsListData (Maybe UTCTime)
- appsListData_lastUpdateTime :: Lens' AppsListData (Maybe UTCTime)
- appsListData_listId :: Lens' AppsListData (Maybe Text)
- appsListData_listUpdateToken :: Lens' AppsListData (Maybe Text)
- appsListData_previousAppsList :: Lens' AppsListData (Maybe (HashMap Text [App]))
- appsListData_listName :: Lens' AppsListData Text
- appsListData_appsList :: Lens' AppsListData [App]
- data AppsListDataSummary = AppsListDataSummary' {}
- newAppsListDataSummary :: AppsListDataSummary
- appsListDataSummary_appsList :: Lens' AppsListDataSummary (Maybe [App])
- appsListDataSummary_listArn :: Lens' AppsListDataSummary (Maybe Text)
- appsListDataSummary_listId :: Lens' AppsListDataSummary (Maybe Text)
- appsListDataSummary_listName :: Lens' AppsListDataSummary (Maybe Text)
- data AwsEc2InstanceViolation = AwsEc2InstanceViolation' {}
- newAwsEc2InstanceViolation :: AwsEc2InstanceViolation
- awsEc2InstanceViolation_awsEc2NetworkInterfaceViolations :: Lens' AwsEc2InstanceViolation (Maybe [AwsEc2NetworkInterfaceViolation])
- awsEc2InstanceViolation_violationTarget :: Lens' AwsEc2InstanceViolation (Maybe Text)
- data AwsEc2NetworkInterfaceViolation = AwsEc2NetworkInterfaceViolation' {}
- newAwsEc2NetworkInterfaceViolation :: AwsEc2NetworkInterfaceViolation
- awsEc2NetworkInterfaceViolation_violatingSecurityGroups :: Lens' AwsEc2NetworkInterfaceViolation (Maybe [Text])
- awsEc2NetworkInterfaceViolation_violationTarget :: Lens' AwsEc2NetworkInterfaceViolation (Maybe Text)
- data AwsVPCSecurityGroupViolation = AwsVPCSecurityGroupViolation' {}
- newAwsVPCSecurityGroupViolation :: AwsVPCSecurityGroupViolation
- awsVPCSecurityGroupViolation_partialMatches :: Lens' AwsVPCSecurityGroupViolation (Maybe [PartialMatch])
- awsVPCSecurityGroupViolation_possibleSecurityGroupRemediationActions :: Lens' AwsVPCSecurityGroupViolation (Maybe [SecurityGroupRemediationAction])
- awsVPCSecurityGroupViolation_violationTarget :: Lens' AwsVPCSecurityGroupViolation (Maybe Text)
- awsVPCSecurityGroupViolation_violationTargetDescription :: Lens' AwsVPCSecurityGroupViolation (Maybe Text)
- data ComplianceViolator = ComplianceViolator' {}
- newComplianceViolator :: ComplianceViolator
- complianceViolator_metadata :: Lens' ComplianceViolator (Maybe (HashMap Text Text))
- complianceViolator_resourceId :: Lens' ComplianceViolator (Maybe Text)
- complianceViolator_resourceType :: Lens' ComplianceViolator (Maybe Text)
- complianceViolator_violationReason :: Lens' ComplianceViolator (Maybe ViolationReason)
- data DiscoveredResource = DiscoveredResource' {}
- newDiscoveredResource :: DiscoveredResource
- discoveredResource_accountId :: Lens' DiscoveredResource (Maybe Text)
- discoveredResource_name :: Lens' DiscoveredResource (Maybe Text)
- discoveredResource_type :: Lens' DiscoveredResource (Maybe Text)
- discoveredResource_uri :: Lens' DiscoveredResource (Maybe Text)
- data DnsDuplicateRuleGroupViolation = DnsDuplicateRuleGroupViolation' {}
- newDnsDuplicateRuleGroupViolation :: DnsDuplicateRuleGroupViolation
- dnsDuplicateRuleGroupViolation_violationTarget :: Lens' DnsDuplicateRuleGroupViolation (Maybe Text)
- dnsDuplicateRuleGroupViolation_violationTargetDescription :: Lens' DnsDuplicateRuleGroupViolation (Maybe Text)
- data DnsRuleGroupLimitExceededViolation = DnsRuleGroupLimitExceededViolation' {}
- newDnsRuleGroupLimitExceededViolation :: DnsRuleGroupLimitExceededViolation
- dnsRuleGroupLimitExceededViolation_numberOfRuleGroupsAlreadyAssociated :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Int)
- dnsRuleGroupLimitExceededViolation_violationTarget :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Text)
- dnsRuleGroupLimitExceededViolation_violationTargetDescription :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Text)
- data DnsRuleGroupPriorityConflictViolation = DnsRuleGroupPriorityConflictViolation' {}
- newDnsRuleGroupPriorityConflictViolation :: DnsRuleGroupPriorityConflictViolation
- dnsRuleGroupPriorityConflictViolation_conflictingPolicyId :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text)
- dnsRuleGroupPriorityConflictViolation_conflictingPriority :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Natural)
- dnsRuleGroupPriorityConflictViolation_unavailablePriorities :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe [Natural])
- dnsRuleGroupPriorityConflictViolation_violationTarget :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text)
- dnsRuleGroupPriorityConflictViolation_violationTargetDescription :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text)
- data EC2AssociateRouteTableAction = EC2AssociateRouteTableAction' {}
- newEC2AssociateRouteTableAction :: ActionTarget -> EC2AssociateRouteTableAction
- eC2AssociateRouteTableAction_description :: Lens' EC2AssociateRouteTableAction (Maybe Text)
- eC2AssociateRouteTableAction_gatewayId :: Lens' EC2AssociateRouteTableAction (Maybe ActionTarget)
- eC2AssociateRouteTableAction_subnetId :: Lens' EC2AssociateRouteTableAction (Maybe ActionTarget)
- eC2AssociateRouteTableAction_routeTableId :: Lens' EC2AssociateRouteTableAction ActionTarget
- data EC2CopyRouteTableAction = EC2CopyRouteTableAction' {}
- newEC2CopyRouteTableAction :: ActionTarget -> ActionTarget -> EC2CopyRouteTableAction
- eC2CopyRouteTableAction_description :: Lens' EC2CopyRouteTableAction (Maybe Text)
- eC2CopyRouteTableAction_vpcId :: Lens' EC2CopyRouteTableAction ActionTarget
- eC2CopyRouteTableAction_routeTableId :: Lens' EC2CopyRouteTableAction ActionTarget
- data EC2CreateRouteAction = EC2CreateRouteAction' {}
- newEC2CreateRouteAction :: ActionTarget -> EC2CreateRouteAction
- eC2CreateRouteAction_description :: Lens' EC2CreateRouteAction (Maybe Text)
- eC2CreateRouteAction_destinationCidrBlock :: Lens' EC2CreateRouteAction (Maybe Text)
- eC2CreateRouteAction_destinationIpv6CidrBlock :: Lens' EC2CreateRouteAction (Maybe Text)
- eC2CreateRouteAction_destinationPrefixListId :: Lens' EC2CreateRouteAction (Maybe Text)
- eC2CreateRouteAction_gatewayId :: Lens' EC2CreateRouteAction (Maybe ActionTarget)
- eC2CreateRouteAction_vpcEndpointId :: Lens' EC2CreateRouteAction (Maybe ActionTarget)
- eC2CreateRouteAction_routeTableId :: Lens' EC2CreateRouteAction ActionTarget
- data EC2CreateRouteTableAction = EC2CreateRouteTableAction' {}
- newEC2CreateRouteTableAction :: ActionTarget -> EC2CreateRouteTableAction
- eC2CreateRouteTableAction_description :: Lens' EC2CreateRouteTableAction (Maybe Text)
- eC2CreateRouteTableAction_vpcId :: Lens' EC2CreateRouteTableAction ActionTarget
- data EC2DeleteRouteAction = EC2DeleteRouteAction' {}
- newEC2DeleteRouteAction :: ActionTarget -> EC2DeleteRouteAction
- eC2DeleteRouteAction_description :: Lens' EC2DeleteRouteAction (Maybe Text)
- eC2DeleteRouteAction_destinationCidrBlock :: Lens' EC2DeleteRouteAction (Maybe Text)
- eC2DeleteRouteAction_destinationIpv6CidrBlock :: Lens' EC2DeleteRouteAction (Maybe Text)
- eC2DeleteRouteAction_destinationPrefixListId :: Lens' EC2DeleteRouteAction (Maybe Text)
- eC2DeleteRouteAction_routeTableId :: Lens' EC2DeleteRouteAction ActionTarget
- data EC2ReplaceRouteAction = EC2ReplaceRouteAction' {}
- newEC2ReplaceRouteAction :: ActionTarget -> EC2ReplaceRouteAction
- eC2ReplaceRouteAction_description :: Lens' EC2ReplaceRouteAction (Maybe Text)
- eC2ReplaceRouteAction_destinationCidrBlock :: Lens' EC2ReplaceRouteAction (Maybe Text)
- eC2ReplaceRouteAction_destinationIpv6CidrBlock :: Lens' EC2ReplaceRouteAction (Maybe Text)
- eC2ReplaceRouteAction_destinationPrefixListId :: Lens' EC2ReplaceRouteAction (Maybe Text)
- eC2ReplaceRouteAction_gatewayId :: Lens' EC2ReplaceRouteAction (Maybe ActionTarget)
- eC2ReplaceRouteAction_routeTableId :: Lens' EC2ReplaceRouteAction ActionTarget
- data EC2ReplaceRouteTableAssociationAction = EC2ReplaceRouteTableAssociationAction' {}
- newEC2ReplaceRouteTableAssociationAction :: ActionTarget -> ActionTarget -> EC2ReplaceRouteTableAssociationAction
- eC2ReplaceRouteTableAssociationAction_description :: Lens' EC2ReplaceRouteTableAssociationAction (Maybe Text)
- eC2ReplaceRouteTableAssociationAction_associationId :: Lens' EC2ReplaceRouteTableAssociationAction ActionTarget
- eC2ReplaceRouteTableAssociationAction_routeTableId :: Lens' EC2ReplaceRouteTableAssociationAction ActionTarget
- data EvaluationResult = EvaluationResult' {}
- newEvaluationResult :: EvaluationResult
- evaluationResult_complianceStatus :: Lens' EvaluationResult (Maybe PolicyComplianceStatusType)
- evaluationResult_evaluationLimitExceeded :: Lens' EvaluationResult (Maybe Bool)
- evaluationResult_violatorCount :: Lens' EvaluationResult (Maybe Natural)
- data ExpectedRoute = ExpectedRoute' {
- allowedTargets :: Maybe [Text]
- contributingSubnets :: Maybe [Text]
- ipV4Cidr :: Maybe Text
- ipV6Cidr :: Maybe Text
- prefixListId :: Maybe Text
- routeTableId :: Maybe Text
- newExpectedRoute :: ExpectedRoute
- expectedRoute_allowedTargets :: Lens' ExpectedRoute (Maybe [Text])
- expectedRoute_contributingSubnets :: Lens' ExpectedRoute (Maybe [Text])
- expectedRoute_ipV4Cidr :: Lens' ExpectedRoute (Maybe Text)
- expectedRoute_ipV6Cidr :: Lens' ExpectedRoute (Maybe Text)
- expectedRoute_prefixListId :: Lens' ExpectedRoute (Maybe Text)
- expectedRoute_routeTableId :: Lens' ExpectedRoute (Maybe Text)
- data FMSPolicyUpdateFirewallCreationConfigAction = FMSPolicyUpdateFirewallCreationConfigAction' {}
- newFMSPolicyUpdateFirewallCreationConfigAction :: FMSPolicyUpdateFirewallCreationConfigAction
- fMSPolicyUpdateFirewallCreationConfigAction_description :: Lens' FMSPolicyUpdateFirewallCreationConfigAction (Maybe Text)
- fMSPolicyUpdateFirewallCreationConfigAction_firewallCreationConfig :: Lens' FMSPolicyUpdateFirewallCreationConfigAction (Maybe Text)
- data FailedItem = FailedItem' {}
- newFailedItem :: FailedItem
- failedItem_reason :: Lens' FailedItem (Maybe FailedItemReason)
- failedItem_uri :: Lens' FailedItem (Maybe Text)
- data FirewallSubnetIsOutOfScopeViolation = FirewallSubnetIsOutOfScopeViolation' {}
- newFirewallSubnetIsOutOfScopeViolation :: FirewallSubnetIsOutOfScopeViolation
- firewallSubnetIsOutOfScopeViolation_firewallSubnetId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text)
- firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZone :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text)
- firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZoneId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text)
- firewallSubnetIsOutOfScopeViolation_vpcEndpointId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text)
- firewallSubnetIsOutOfScopeViolation_vpcId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text)
- data FirewallSubnetMissingVPCEndpointViolation = FirewallSubnetMissingVPCEndpointViolation' {}
- newFirewallSubnetMissingVPCEndpointViolation :: FirewallSubnetMissingVPCEndpointViolation
- firewallSubnetMissingVPCEndpointViolation_firewallSubnetId :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text)
- firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZone :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text)
- firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZoneId :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text)
- firewallSubnetMissingVPCEndpointViolation_vpcId :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text)
- data NetworkFirewallBlackHoleRouteDetectedViolation = NetworkFirewallBlackHoleRouteDetectedViolation' {
- routeTableId :: Maybe Text
- violatingRoutes :: Maybe [Route]
- violationTarget :: Maybe Text
- vpcId :: Maybe Text
- newNetworkFirewallBlackHoleRouteDetectedViolation :: NetworkFirewallBlackHoleRouteDetectedViolation
- networkFirewallBlackHoleRouteDetectedViolation_routeTableId :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text)
- networkFirewallBlackHoleRouteDetectedViolation_violatingRoutes :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe [Route])
- networkFirewallBlackHoleRouteDetectedViolation_violationTarget :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text)
- networkFirewallBlackHoleRouteDetectedViolation_vpcId :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text)
- data NetworkFirewallInternetTrafficNotInspectedViolation = NetworkFirewallInternetTrafficNotInspectedViolation' {
- actualFirewallSubnetRoutes :: Maybe [Route]
- actualInternetGatewayRoutes :: Maybe [Route]
- currentFirewallSubnetRouteTable :: Maybe Text
- currentInternetGatewayRouteTable :: Maybe Text
- expectedFirewallEndpoint :: Maybe Text
- expectedFirewallSubnetRoutes :: Maybe [ExpectedRoute]
- expectedInternetGatewayRoutes :: Maybe [ExpectedRoute]
- firewallSubnetId :: Maybe Text
- internetGatewayId :: Maybe Text
- isRouteTableUsedInDifferentAZ :: Maybe Bool
- routeTableId :: Maybe Text
- subnetAvailabilityZone :: Maybe Text
- subnetId :: Maybe Text
- violatingRoutes :: Maybe [Route]
- vpcId :: Maybe Text
- newNetworkFirewallInternetTrafficNotInspectedViolation :: NetworkFirewallInternetTrafficNotInspectedViolation
- networkFirewallInternetTrafficNotInspectedViolation_actualFirewallSubnetRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route])
- networkFirewallInternetTrafficNotInspectedViolation_actualInternetGatewayRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route])
- networkFirewallInternetTrafficNotInspectedViolation_currentFirewallSubnetRouteTable :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_currentInternetGatewayRouteTable :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallEndpoint :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallSubnetRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [ExpectedRoute])
- networkFirewallInternetTrafficNotInspectedViolation_expectedInternetGatewayRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [ExpectedRoute])
- networkFirewallInternetTrafficNotInspectedViolation_firewallSubnetId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_internetGatewayId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_isRouteTableUsedInDifferentAZ :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Bool)
- networkFirewallInternetTrafficNotInspectedViolation_routeTableId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_subnetAvailabilityZone :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_subnetId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_violatingRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route])
- networkFirewallInternetTrafficNotInspectedViolation_vpcId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- data NetworkFirewallInvalidRouteConfigurationViolation = NetworkFirewallInvalidRouteConfigurationViolation' {
- actualFirewallEndpoint :: Maybe Text
- actualFirewallSubnetId :: Maybe Text
- actualFirewallSubnetRoutes :: Maybe [Route]
- actualInternetGatewayRoutes :: Maybe [Route]
- affectedSubnets :: Maybe [Text]
- currentFirewallSubnetRouteTable :: Maybe Text
- currentInternetGatewayRouteTable :: Maybe Text
- expectedFirewallEndpoint :: Maybe Text
- expectedFirewallSubnetId :: Maybe Text
- expectedFirewallSubnetRoutes :: Maybe [ExpectedRoute]
- expectedInternetGatewayRoutes :: Maybe [ExpectedRoute]
- internetGatewayId :: Maybe Text
- isRouteTableUsedInDifferentAZ :: Maybe Bool
- routeTableId :: Maybe Text
- violatingRoute :: Maybe Route
- vpcId :: Maybe Text
- newNetworkFirewallInvalidRouteConfigurationViolation :: NetworkFirewallInvalidRouteConfigurationViolation
- networkFirewallInvalidRouteConfigurationViolation_actualFirewallEndpoint :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Route])
- networkFirewallInvalidRouteConfigurationViolation_actualInternetGatewayRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Route])
- networkFirewallInvalidRouteConfigurationViolation_affectedSubnets :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Text])
- networkFirewallInvalidRouteConfigurationViolation_currentFirewallSubnetRouteTable :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_currentInternetGatewayRouteTable :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_expectedFirewallEndpoint :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [ExpectedRoute])
- networkFirewallInvalidRouteConfigurationViolation_expectedInternetGatewayRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [ExpectedRoute])
- networkFirewallInvalidRouteConfigurationViolation_internetGatewayId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_isRouteTableUsedInDifferentAZ :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Bool)
- networkFirewallInvalidRouteConfigurationViolation_routeTableId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_violatingRoute :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Route)
- networkFirewallInvalidRouteConfigurationViolation_vpcId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- data NetworkFirewallMissingExpectedRTViolation = NetworkFirewallMissingExpectedRTViolation' {}
- newNetworkFirewallMissingExpectedRTViolation :: NetworkFirewallMissingExpectedRTViolation
- networkFirewallMissingExpectedRTViolation_availabilityZone :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- networkFirewallMissingExpectedRTViolation_currentRouteTable :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- networkFirewallMissingExpectedRTViolation_expectedRouteTable :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- networkFirewallMissingExpectedRTViolation_vpc :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- networkFirewallMissingExpectedRTViolation_violationTarget :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- data NetworkFirewallMissingExpectedRoutesViolation = NetworkFirewallMissingExpectedRoutesViolation' {}
- newNetworkFirewallMissingExpectedRoutesViolation :: NetworkFirewallMissingExpectedRoutesViolation
- networkFirewallMissingExpectedRoutesViolation_expectedRoutes :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe [ExpectedRoute])
- networkFirewallMissingExpectedRoutesViolation_violationTarget :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe Text)
- networkFirewallMissingExpectedRoutesViolation_vpcId :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe Text)
- data NetworkFirewallMissingFirewallViolation = NetworkFirewallMissingFirewallViolation' {}
- newNetworkFirewallMissingFirewallViolation :: NetworkFirewallMissingFirewallViolation
- networkFirewallMissingFirewallViolation_availabilityZone :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text)
- networkFirewallMissingFirewallViolation_targetViolationReason :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text)
- networkFirewallMissingFirewallViolation_vpc :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text)
- networkFirewallMissingFirewallViolation_violationTarget :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text)
- data NetworkFirewallMissingSubnetViolation = NetworkFirewallMissingSubnetViolation' {}
- newNetworkFirewallMissingSubnetViolation :: NetworkFirewallMissingSubnetViolation
- networkFirewallMissingSubnetViolation_availabilityZone :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text)
- networkFirewallMissingSubnetViolation_targetViolationReason :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text)
- networkFirewallMissingSubnetViolation_vpc :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text)
- networkFirewallMissingSubnetViolation_violationTarget :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text)
- data NetworkFirewallPolicy = NetworkFirewallPolicy' {}
- newNetworkFirewallPolicy :: NetworkFirewallPolicy
- networkFirewallPolicy_firewallDeploymentModel :: Lens' NetworkFirewallPolicy (Maybe FirewallDeploymentModel)
- data NetworkFirewallPolicyDescription = NetworkFirewallPolicyDescription' {
- statefulDefaultActions :: Maybe [Text]
- statefulEngineOptions :: Maybe StatefulEngineOptions
- statefulRuleGroups :: Maybe [StatefulRuleGroup]
- statelessCustomActions :: Maybe [Text]
- statelessDefaultActions :: Maybe [Text]
- statelessFragmentDefaultActions :: Maybe [Text]
- statelessRuleGroups :: Maybe [StatelessRuleGroup]
- newNetworkFirewallPolicyDescription :: NetworkFirewallPolicyDescription
- networkFirewallPolicyDescription_statefulDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text])
- networkFirewallPolicyDescription_statefulEngineOptions :: Lens' NetworkFirewallPolicyDescription (Maybe StatefulEngineOptions)
- networkFirewallPolicyDescription_statefulRuleGroups :: Lens' NetworkFirewallPolicyDescription (Maybe [StatefulRuleGroup])
- networkFirewallPolicyDescription_statelessCustomActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text])
- networkFirewallPolicyDescription_statelessDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text])
- networkFirewallPolicyDescription_statelessFragmentDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text])
- networkFirewallPolicyDescription_statelessRuleGroups :: Lens' NetworkFirewallPolicyDescription (Maybe [StatelessRuleGroup])
- data NetworkFirewallPolicyModifiedViolation = NetworkFirewallPolicyModifiedViolation' {}
- newNetworkFirewallPolicyModifiedViolation :: NetworkFirewallPolicyModifiedViolation
- networkFirewallPolicyModifiedViolation_currentPolicyDescription :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe NetworkFirewallPolicyDescription)
- networkFirewallPolicyModifiedViolation_expectedPolicyDescription :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe NetworkFirewallPolicyDescription)
- networkFirewallPolicyModifiedViolation_violationTarget :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe Text)
- data NetworkFirewallStatefulRuleGroupOverride = NetworkFirewallStatefulRuleGroupOverride' {}
- newNetworkFirewallStatefulRuleGroupOverride :: NetworkFirewallStatefulRuleGroupOverride
- networkFirewallStatefulRuleGroupOverride_action :: Lens' NetworkFirewallStatefulRuleGroupOverride (Maybe NetworkFirewallOverrideAction)
- data NetworkFirewallUnexpectedFirewallRoutesViolation = NetworkFirewallUnexpectedFirewallRoutesViolation' {}
- newNetworkFirewallUnexpectedFirewallRoutesViolation :: NetworkFirewallUnexpectedFirewallRoutesViolation
- networkFirewallUnexpectedFirewallRoutesViolation_firewallEndpoint :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text)
- networkFirewallUnexpectedFirewallRoutesViolation_firewallSubnetId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text)
- networkFirewallUnexpectedFirewallRoutesViolation_routeTableId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text)
- networkFirewallUnexpectedFirewallRoutesViolation_violatingRoutes :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe [Route])
- networkFirewallUnexpectedFirewallRoutesViolation_vpcId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text)
- data NetworkFirewallUnexpectedGatewayRoutesViolation = NetworkFirewallUnexpectedGatewayRoutesViolation' {}
- newNetworkFirewallUnexpectedGatewayRoutesViolation :: NetworkFirewallUnexpectedGatewayRoutesViolation
- networkFirewallUnexpectedGatewayRoutesViolation_gatewayId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text)
- networkFirewallUnexpectedGatewayRoutesViolation_routeTableId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text)
- networkFirewallUnexpectedGatewayRoutesViolation_violatingRoutes :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe [Route])
- networkFirewallUnexpectedGatewayRoutesViolation_vpcId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text)
- data PartialMatch = PartialMatch' {}
- newPartialMatch :: PartialMatch
- partialMatch_reference :: Lens' PartialMatch (Maybe Text)
- partialMatch_targetViolationReasons :: Lens' PartialMatch (Maybe [Text])
- data Policy = Policy' {
- deleteUnusedFMManagedResources :: Maybe Bool
- excludeMap :: Maybe (HashMap CustomerPolicyScopeIdType [Text])
- includeMap :: Maybe (HashMap CustomerPolicyScopeIdType [Text])
- policyDescription :: Maybe Text
- policyId :: Maybe Text
- policyUpdateToken :: Maybe Text
- resourceSetIds :: Maybe [Text]
- resourceTags :: Maybe [ResourceTag]
- resourceTypeList :: Maybe [Text]
- policyName :: Text
- securityServicePolicyData :: SecurityServicePolicyData
- resourceType :: Text
- excludeResourceTags :: Bool
- remediationEnabled :: Bool
- newPolicy :: Text -> SecurityServicePolicyData -> Text -> Bool -> Bool -> Policy
- policy_deleteUnusedFMManagedResources :: Lens' Policy (Maybe Bool)
- policy_excludeMap :: Lens' Policy (Maybe (HashMap CustomerPolicyScopeIdType [Text]))
- policy_includeMap :: Lens' Policy (Maybe (HashMap CustomerPolicyScopeIdType [Text]))
- policy_policyDescription :: Lens' Policy (Maybe Text)
- policy_policyId :: Lens' Policy (Maybe Text)
- policy_policyUpdateToken :: Lens' Policy (Maybe Text)
- policy_resourceSetIds :: Lens' Policy (Maybe [Text])
- policy_resourceTags :: Lens' Policy (Maybe [ResourceTag])
- policy_resourceTypeList :: Lens' Policy (Maybe [Text])
- policy_policyName :: Lens' Policy Text
- policy_securityServicePolicyData :: Lens' Policy SecurityServicePolicyData
- policy_resourceType :: Lens' Policy Text
- policy_excludeResourceTags :: Lens' Policy Bool
- policy_remediationEnabled :: Lens' Policy Bool
- data PolicyComplianceDetail = PolicyComplianceDetail' {}
- newPolicyComplianceDetail :: PolicyComplianceDetail
- policyComplianceDetail_evaluationLimitExceeded :: Lens' PolicyComplianceDetail (Maybe Bool)
- policyComplianceDetail_expiredAt :: Lens' PolicyComplianceDetail (Maybe UTCTime)
- policyComplianceDetail_issueInfoMap :: Lens' PolicyComplianceDetail (Maybe (HashMap DependentServiceName Text))
- policyComplianceDetail_memberAccount :: Lens' PolicyComplianceDetail (Maybe Text)
- policyComplianceDetail_policyId :: Lens' PolicyComplianceDetail (Maybe Text)
- policyComplianceDetail_policyOwner :: Lens' PolicyComplianceDetail (Maybe Text)
- policyComplianceDetail_violators :: Lens' PolicyComplianceDetail (Maybe [ComplianceViolator])
- data PolicyComplianceStatus = PolicyComplianceStatus' {}
- newPolicyComplianceStatus :: PolicyComplianceStatus
- policyComplianceStatus_evaluationResults :: Lens' PolicyComplianceStatus (Maybe [EvaluationResult])
- policyComplianceStatus_issueInfoMap :: Lens' PolicyComplianceStatus (Maybe (HashMap DependentServiceName Text))
- policyComplianceStatus_lastUpdated :: Lens' PolicyComplianceStatus (Maybe UTCTime)
- policyComplianceStatus_memberAccount :: Lens' PolicyComplianceStatus (Maybe Text)
- policyComplianceStatus_policyId :: Lens' PolicyComplianceStatus (Maybe Text)
- policyComplianceStatus_policyName :: Lens' PolicyComplianceStatus (Maybe Text)
- policyComplianceStatus_policyOwner :: Lens' PolicyComplianceStatus (Maybe Text)
- data PolicyOption = PolicyOption' {}
- newPolicyOption :: PolicyOption
- policyOption_networkFirewallPolicy :: Lens' PolicyOption (Maybe NetworkFirewallPolicy)
- policyOption_thirdPartyFirewallPolicy :: Lens' PolicyOption (Maybe ThirdPartyFirewallPolicy)
- data PolicySummary = PolicySummary' {}
- newPolicySummary :: PolicySummary
- policySummary_deleteUnusedFMManagedResources :: Lens' PolicySummary (Maybe Bool)
- policySummary_policyArn :: Lens' PolicySummary (Maybe Text)
- policySummary_policyId :: Lens' PolicySummary (Maybe Text)
- policySummary_policyName :: Lens' PolicySummary (Maybe Text)
- policySummary_remediationEnabled :: Lens' PolicySummary (Maybe Bool)
- policySummary_resourceType :: Lens' PolicySummary (Maybe Text)
- policySummary_securityServiceType :: Lens' PolicySummary (Maybe SecurityServiceType)
- data PossibleRemediationAction = PossibleRemediationAction' {}
- newPossibleRemediationAction :: PossibleRemediationAction
- possibleRemediationAction_description :: Lens' PossibleRemediationAction (Maybe Text)
- possibleRemediationAction_isDefaultAction :: Lens' PossibleRemediationAction (Maybe Bool)
- possibleRemediationAction_orderedRemediationActions :: Lens' PossibleRemediationAction [RemediationActionWithOrder]
- data PossibleRemediationActions = PossibleRemediationActions' {}
- newPossibleRemediationActions :: PossibleRemediationActions
- possibleRemediationActions_actions :: Lens' PossibleRemediationActions (Maybe [PossibleRemediationAction])
- possibleRemediationActions_description :: Lens' PossibleRemediationActions (Maybe Text)
- data ProtocolsListData = ProtocolsListData' {
- createTime :: Maybe POSIX
- lastUpdateTime :: Maybe POSIX
- listId :: Maybe Text
- listUpdateToken :: Maybe Text
- previousProtocolsList :: Maybe (HashMap Text [Text])
- listName :: Text
- protocolsList :: [Text]
- newProtocolsListData :: Text -> ProtocolsListData
- protocolsListData_createTime :: Lens' ProtocolsListData (Maybe UTCTime)
- protocolsListData_lastUpdateTime :: Lens' ProtocolsListData (Maybe UTCTime)
- protocolsListData_listId :: Lens' ProtocolsListData (Maybe Text)
- protocolsListData_listUpdateToken :: Lens' ProtocolsListData (Maybe Text)
- protocolsListData_previousProtocolsList :: Lens' ProtocolsListData (Maybe (HashMap Text [Text]))
- protocolsListData_listName :: Lens' ProtocolsListData Text
- protocolsListData_protocolsList :: Lens' ProtocolsListData [Text]
- data ProtocolsListDataSummary = ProtocolsListDataSummary' {}
- newProtocolsListDataSummary :: ProtocolsListDataSummary
- protocolsListDataSummary_listArn :: Lens' ProtocolsListDataSummary (Maybe Text)
- protocolsListDataSummary_listId :: Lens' ProtocolsListDataSummary (Maybe Text)
- protocolsListDataSummary_listName :: Lens' ProtocolsListDataSummary (Maybe Text)
- protocolsListDataSummary_protocolsList :: Lens' ProtocolsListDataSummary (Maybe [Text])
- data RemediationAction = RemediationAction' {
- description :: Maybe Text
- eC2AssociateRouteTableAction :: Maybe EC2AssociateRouteTableAction
- eC2CopyRouteTableAction :: Maybe EC2CopyRouteTableAction
- eC2CreateRouteAction :: Maybe EC2CreateRouteAction
- eC2CreateRouteTableAction :: Maybe EC2CreateRouteTableAction
- eC2DeleteRouteAction :: Maybe EC2DeleteRouteAction
- eC2ReplaceRouteAction :: Maybe EC2ReplaceRouteAction
- eC2ReplaceRouteTableAssociationAction :: Maybe EC2ReplaceRouteTableAssociationAction
- fMSPolicyUpdateFirewallCreationConfigAction :: Maybe FMSPolicyUpdateFirewallCreationConfigAction
- newRemediationAction :: RemediationAction
- remediationAction_description :: Lens' RemediationAction (Maybe Text)
- remediationAction_eC2AssociateRouteTableAction :: Lens' RemediationAction (Maybe EC2AssociateRouteTableAction)
- remediationAction_eC2CopyRouteTableAction :: Lens' RemediationAction (Maybe EC2CopyRouteTableAction)
- remediationAction_eC2CreateRouteAction :: Lens' RemediationAction (Maybe EC2CreateRouteAction)
- remediationAction_eC2CreateRouteTableAction :: Lens' RemediationAction (Maybe EC2CreateRouteTableAction)
- remediationAction_eC2DeleteRouteAction :: Lens' RemediationAction (Maybe EC2DeleteRouteAction)
- remediationAction_eC2ReplaceRouteAction :: Lens' RemediationAction (Maybe EC2ReplaceRouteAction)
- remediationAction_eC2ReplaceRouteTableAssociationAction :: Lens' RemediationAction (Maybe EC2ReplaceRouteTableAssociationAction)
- remediationAction_fMSPolicyUpdateFirewallCreationConfigAction :: Lens' RemediationAction (Maybe FMSPolicyUpdateFirewallCreationConfigAction)
- data RemediationActionWithOrder = RemediationActionWithOrder' {}
- newRemediationActionWithOrder :: RemediationActionWithOrder
- remediationActionWithOrder_order :: Lens' RemediationActionWithOrder (Maybe Int)
- remediationActionWithOrder_remediationAction :: Lens' RemediationActionWithOrder (Maybe RemediationAction)
- data Resource = Resource' {}
- newResource :: Text -> Resource
- resource_accountId :: Lens' Resource (Maybe Text)
- resource_uri :: Lens' Resource Text
- data ResourceSet = ResourceSet' {
- description :: Maybe Text
- id :: Maybe Text
- lastUpdateTime :: Maybe POSIX
- updateToken :: Maybe Text
- name :: Text
- resourceTypeList :: [Text]
- newResourceSet :: Text -> ResourceSet
- resourceSet_description :: Lens' ResourceSet (Maybe Text)
- resourceSet_id :: Lens' ResourceSet (Maybe Text)
- resourceSet_lastUpdateTime :: Lens' ResourceSet (Maybe UTCTime)
- resourceSet_updateToken :: Lens' ResourceSet (Maybe Text)
- resourceSet_name :: Lens' ResourceSet Text
- resourceSet_resourceTypeList :: Lens' ResourceSet [Text]
- data ResourceSetSummary = ResourceSetSummary' {}
- newResourceSetSummary :: ResourceSetSummary
- resourceSetSummary_description :: Lens' ResourceSetSummary (Maybe Text)
- resourceSetSummary_id :: Lens' ResourceSetSummary (Maybe Text)
- resourceSetSummary_lastUpdateTime :: Lens' ResourceSetSummary (Maybe UTCTime)
- resourceSetSummary_name :: Lens' ResourceSetSummary (Maybe Text)
- data ResourceTag = ResourceTag' {}
- newResourceTag :: Text -> ResourceTag
- resourceTag_value :: Lens' ResourceTag (Maybe Text)
- resourceTag_key :: Lens' ResourceTag Text
- data ResourceViolation = ResourceViolation' {
- awsEc2InstanceViolation :: Maybe AwsEc2InstanceViolation
- awsEc2NetworkInterfaceViolation :: Maybe AwsEc2NetworkInterfaceViolation
- awsVPCSecurityGroupViolation :: Maybe AwsVPCSecurityGroupViolation
- dnsDuplicateRuleGroupViolation :: Maybe DnsDuplicateRuleGroupViolation
- dnsRuleGroupLimitExceededViolation :: Maybe DnsRuleGroupLimitExceededViolation
- dnsRuleGroupPriorityConflictViolation :: Maybe DnsRuleGroupPriorityConflictViolation
- firewallSubnetIsOutOfScopeViolation :: Maybe FirewallSubnetIsOutOfScopeViolation
- firewallSubnetMissingVPCEndpointViolation :: Maybe FirewallSubnetMissingVPCEndpointViolation
- networkFirewallBlackHoleRouteDetectedViolation :: Maybe NetworkFirewallBlackHoleRouteDetectedViolation
- networkFirewallInternetTrafficNotInspectedViolation :: Maybe NetworkFirewallInternetTrafficNotInspectedViolation
- networkFirewallInvalidRouteConfigurationViolation :: Maybe NetworkFirewallInvalidRouteConfigurationViolation
- networkFirewallMissingExpectedRTViolation :: Maybe NetworkFirewallMissingExpectedRTViolation
- networkFirewallMissingExpectedRoutesViolation :: Maybe NetworkFirewallMissingExpectedRoutesViolation
- networkFirewallMissingFirewallViolation :: Maybe NetworkFirewallMissingFirewallViolation
- networkFirewallMissingSubnetViolation :: Maybe NetworkFirewallMissingSubnetViolation
- networkFirewallPolicyModifiedViolation :: Maybe NetworkFirewallPolicyModifiedViolation
- networkFirewallUnexpectedFirewallRoutesViolation :: Maybe NetworkFirewallUnexpectedFirewallRoutesViolation
- networkFirewallUnexpectedGatewayRoutesViolation :: Maybe NetworkFirewallUnexpectedGatewayRoutesViolation
- possibleRemediationActions :: Maybe PossibleRemediationActions
- routeHasOutOfScopeEndpointViolation :: Maybe RouteHasOutOfScopeEndpointViolation
- thirdPartyFirewallMissingExpectedRouteTableViolation :: Maybe ThirdPartyFirewallMissingExpectedRouteTableViolation
- thirdPartyFirewallMissingFirewallViolation :: Maybe ThirdPartyFirewallMissingFirewallViolation
- thirdPartyFirewallMissingSubnetViolation :: Maybe ThirdPartyFirewallMissingSubnetViolation
- newResourceViolation :: ResourceViolation
- resourceViolation_awsEc2InstanceViolation :: Lens' ResourceViolation (Maybe AwsEc2InstanceViolation)
- resourceViolation_awsEc2NetworkInterfaceViolation :: Lens' ResourceViolation (Maybe AwsEc2NetworkInterfaceViolation)
- resourceViolation_awsVPCSecurityGroupViolation :: Lens' ResourceViolation (Maybe AwsVPCSecurityGroupViolation)
- resourceViolation_dnsDuplicateRuleGroupViolation :: Lens' ResourceViolation (Maybe DnsDuplicateRuleGroupViolation)
- resourceViolation_dnsRuleGroupLimitExceededViolation :: Lens' ResourceViolation (Maybe DnsRuleGroupLimitExceededViolation)
- resourceViolation_dnsRuleGroupPriorityConflictViolation :: Lens' ResourceViolation (Maybe DnsRuleGroupPriorityConflictViolation)
- resourceViolation_firewallSubnetIsOutOfScopeViolation :: Lens' ResourceViolation (Maybe FirewallSubnetIsOutOfScopeViolation)
- resourceViolation_firewallSubnetMissingVPCEndpointViolation :: Lens' ResourceViolation (Maybe FirewallSubnetMissingVPCEndpointViolation)
- resourceViolation_networkFirewallBlackHoleRouteDetectedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallBlackHoleRouteDetectedViolation)
- resourceViolation_networkFirewallInternetTrafficNotInspectedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallInternetTrafficNotInspectedViolation)
- resourceViolation_networkFirewallInvalidRouteConfigurationViolation :: Lens' ResourceViolation (Maybe NetworkFirewallInvalidRouteConfigurationViolation)
- resourceViolation_networkFirewallMissingExpectedRTViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingExpectedRTViolation)
- resourceViolation_networkFirewallMissingExpectedRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingExpectedRoutesViolation)
- resourceViolation_networkFirewallMissingFirewallViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingFirewallViolation)
- resourceViolation_networkFirewallMissingSubnetViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingSubnetViolation)
- resourceViolation_networkFirewallPolicyModifiedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallPolicyModifiedViolation)
- resourceViolation_networkFirewallUnexpectedFirewallRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallUnexpectedFirewallRoutesViolation)
- resourceViolation_networkFirewallUnexpectedGatewayRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallUnexpectedGatewayRoutesViolation)
- resourceViolation_possibleRemediationActions :: Lens' ResourceViolation (Maybe PossibleRemediationActions)
- resourceViolation_routeHasOutOfScopeEndpointViolation :: Lens' ResourceViolation (Maybe RouteHasOutOfScopeEndpointViolation)
- resourceViolation_thirdPartyFirewallMissingExpectedRouteTableViolation :: Lens' ResourceViolation (Maybe ThirdPartyFirewallMissingExpectedRouteTableViolation)
- resourceViolation_thirdPartyFirewallMissingFirewallViolation :: Lens' ResourceViolation (Maybe ThirdPartyFirewallMissingFirewallViolation)
- resourceViolation_thirdPartyFirewallMissingSubnetViolation :: Lens' ResourceViolation (Maybe ThirdPartyFirewallMissingSubnetViolation)
- data Route = Route' {}
- newRoute :: Route
- route_destination :: Lens' Route (Maybe Text)
- route_destinationType :: Lens' Route (Maybe DestinationType)
- route_target :: Lens' Route (Maybe Text)
- route_targetType :: Lens' Route (Maybe TargetType)
- data RouteHasOutOfScopeEndpointViolation = RouteHasOutOfScopeEndpointViolation' {
- currentFirewallSubnetRouteTable :: Maybe Text
- currentInternetGatewayRouteTable :: Maybe Text
- firewallSubnetId :: Maybe Text
- firewallSubnetRoutes :: Maybe [Route]
- internetGatewayId :: Maybe Text
- internetGatewayRoutes :: Maybe [Route]
- routeTableId :: Maybe Text
- subnetAvailabilityZone :: Maybe Text
- subnetAvailabilityZoneId :: Maybe Text
- subnetId :: Maybe Text
- violatingRoutes :: Maybe [Route]
- vpcId :: Maybe Text
- newRouteHasOutOfScopeEndpointViolation :: RouteHasOutOfScopeEndpointViolation
- routeHasOutOfScopeEndpointViolation_currentFirewallSubnetRouteTable :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_currentInternetGatewayRouteTable :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_firewallSubnetId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_firewallSubnetRoutes :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe [Route])
- routeHasOutOfScopeEndpointViolation_internetGatewayId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_internetGatewayRoutes :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe [Route])
- routeHasOutOfScopeEndpointViolation_routeTableId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_subnetAvailabilityZone :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_subnetAvailabilityZoneId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_subnetId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- routeHasOutOfScopeEndpointViolation_violatingRoutes :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe [Route])
- routeHasOutOfScopeEndpointViolation_vpcId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text)
- data SecurityGroupRemediationAction = SecurityGroupRemediationAction' {}
- newSecurityGroupRemediationAction :: SecurityGroupRemediationAction
- securityGroupRemediationAction_description :: Lens' SecurityGroupRemediationAction (Maybe Text)
- securityGroupRemediationAction_isDefaultAction :: Lens' SecurityGroupRemediationAction (Maybe Bool)
- securityGroupRemediationAction_remediationActionType :: Lens' SecurityGroupRemediationAction (Maybe RemediationActionType)
- securityGroupRemediationAction_remediationResult :: Lens' SecurityGroupRemediationAction (Maybe SecurityGroupRuleDescription)
- data SecurityGroupRuleDescription = SecurityGroupRuleDescription' {}
- newSecurityGroupRuleDescription :: SecurityGroupRuleDescription
- securityGroupRuleDescription_fromPort :: Lens' SecurityGroupRuleDescription (Maybe Natural)
- securityGroupRuleDescription_iPV4Range :: Lens' SecurityGroupRuleDescription (Maybe Text)
- securityGroupRuleDescription_iPV6Range :: Lens' SecurityGroupRuleDescription (Maybe Text)
- securityGroupRuleDescription_prefixListId :: Lens' SecurityGroupRuleDescription (Maybe Text)
- securityGroupRuleDescription_protocol :: Lens' SecurityGroupRuleDescription (Maybe Text)
- securityGroupRuleDescription_toPort :: Lens' SecurityGroupRuleDescription (Maybe Natural)
- data SecurityServicePolicyData = SecurityServicePolicyData' {}
- newSecurityServicePolicyData :: SecurityServiceType -> SecurityServicePolicyData
- securityServicePolicyData_managedServiceData :: Lens' SecurityServicePolicyData (Maybe Text)
- securityServicePolicyData_policyOption :: Lens' SecurityServicePolicyData (Maybe PolicyOption)
- securityServicePolicyData_type :: Lens' SecurityServicePolicyData SecurityServiceType
- data StatefulEngineOptions = StatefulEngineOptions' {}
- newStatefulEngineOptions :: StatefulEngineOptions
- statefulEngineOptions_ruleOrder :: Lens' StatefulEngineOptions (Maybe RuleOrder)
- data StatefulRuleGroup = StatefulRuleGroup' {}
- newStatefulRuleGroup :: StatefulRuleGroup
- statefulRuleGroup_override :: Lens' StatefulRuleGroup (Maybe NetworkFirewallStatefulRuleGroupOverride)
- statefulRuleGroup_priority :: Lens' StatefulRuleGroup (Maybe Int)
- statefulRuleGroup_resourceId :: Lens' StatefulRuleGroup (Maybe Text)
- statefulRuleGroup_ruleGroupName :: Lens' StatefulRuleGroup (Maybe Text)
- data StatelessRuleGroup = StatelessRuleGroup' {}
- newStatelessRuleGroup :: StatelessRuleGroup
- statelessRuleGroup_priority :: Lens' StatelessRuleGroup (Maybe Natural)
- statelessRuleGroup_resourceId :: Lens' StatelessRuleGroup (Maybe Text)
- statelessRuleGroup_ruleGroupName :: Lens' StatelessRuleGroup (Maybe Text)
- data Tag = Tag' {}
- newTag :: Text -> Text -> Tag
- tag_key :: Lens' Tag Text
- tag_value :: Lens' Tag Text
- data ThirdPartyFirewallFirewallPolicy = ThirdPartyFirewallFirewallPolicy' {}
- newThirdPartyFirewallFirewallPolicy :: ThirdPartyFirewallFirewallPolicy
- thirdPartyFirewallFirewallPolicy_firewallPolicyId :: Lens' ThirdPartyFirewallFirewallPolicy (Maybe Text)
- thirdPartyFirewallFirewallPolicy_firewallPolicyName :: Lens' ThirdPartyFirewallFirewallPolicy (Maybe Text)
- data ThirdPartyFirewallMissingExpectedRouteTableViolation = ThirdPartyFirewallMissingExpectedRouteTableViolation' {}
- newThirdPartyFirewallMissingExpectedRouteTableViolation :: ThirdPartyFirewallMissingExpectedRouteTableViolation
- thirdPartyFirewallMissingExpectedRouteTableViolation_availabilityZone :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text)
- thirdPartyFirewallMissingExpectedRouteTableViolation_currentRouteTable :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text)
- thirdPartyFirewallMissingExpectedRouteTableViolation_expectedRouteTable :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text)
- thirdPartyFirewallMissingExpectedRouteTableViolation_vpc :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text)
- thirdPartyFirewallMissingExpectedRouteTableViolation_violationTarget :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text)
- data ThirdPartyFirewallMissingFirewallViolation = ThirdPartyFirewallMissingFirewallViolation' {}
- newThirdPartyFirewallMissingFirewallViolation :: ThirdPartyFirewallMissingFirewallViolation
- thirdPartyFirewallMissingFirewallViolation_availabilityZone :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text)
- thirdPartyFirewallMissingFirewallViolation_targetViolationReason :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text)
- thirdPartyFirewallMissingFirewallViolation_vpc :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text)
- thirdPartyFirewallMissingFirewallViolation_violationTarget :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text)
- data ThirdPartyFirewallMissingSubnetViolation = ThirdPartyFirewallMissingSubnetViolation' {}
- newThirdPartyFirewallMissingSubnetViolation :: ThirdPartyFirewallMissingSubnetViolation
- thirdPartyFirewallMissingSubnetViolation_availabilityZone :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text)
- thirdPartyFirewallMissingSubnetViolation_targetViolationReason :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text)
- thirdPartyFirewallMissingSubnetViolation_vpc :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text)
- thirdPartyFirewallMissingSubnetViolation_violationTarget :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text)
- data ThirdPartyFirewallPolicy = ThirdPartyFirewallPolicy' {}
- newThirdPartyFirewallPolicy :: ThirdPartyFirewallPolicy
- thirdPartyFirewallPolicy_firewallDeploymentModel :: Lens' ThirdPartyFirewallPolicy (Maybe FirewallDeploymentModel)
- data ViolationDetail = ViolationDetail' {}
- newViolationDetail :: Text -> Text -> Text -> Text -> ViolationDetail
- violationDetail_resourceDescription :: Lens' ViolationDetail (Maybe Text)
- violationDetail_resourceTags :: Lens' ViolationDetail (Maybe [Tag])
- violationDetail_policyId :: Lens' ViolationDetail Text
- violationDetail_memberAccount :: Lens' ViolationDetail Text
- violationDetail_resourceId :: Lens' ViolationDetail Text
- violationDetail_resourceType :: Lens' ViolationDetail Text
- violationDetail_resourceViolations :: Lens' ViolationDetail [ResourceViolation]
Service Configuration
defaultService :: Service Source #
API version 2018-01-01
of the Amazon Firewall Management Service SDK configuration.
Errors
_InternalErrorException :: AsError a => Fold a ServiceError Source #
The operation failed because of a system problem, even though the request was valid. Retry your request.
_InvalidInputException :: AsError a => Fold a ServiceError Source #
The parameters of the request were invalid.
_InvalidOperationException :: AsError a => Fold a ServiceError Source #
The operation failed because there was nothing to do or the operation
wasn't possible. For example, you might have submitted an
AssociateAdminAccount
request for an account ID that was already set
as the Firewall Manager administrator. Or you might have tried to access
a Region that's disabled by default, and that you need to enable for
the Firewall Manager administrator account and for Organizations before
you can access it.
_InvalidTypeException :: AsError a => Fold a ServiceError Source #
The value of the Type
parameter is invalid.
_LimitExceededException :: AsError a => Fold a ServiceError Source #
The operation exceeds a resource limit, for example, the maximum number
of policy
objects that you can create for an Amazon Web Services
account. For more information, see
Firewall Manager Limits
in the WAF Developer Guide.
_ResourceNotFoundException :: AsError a => Fold a ServiceError Source #
The specified resource was not found.
AccountRoleStatus
newtype AccountRoleStatus Source #
pattern AccountRoleStatus_CREATING :: AccountRoleStatus | |
pattern AccountRoleStatus_DELETED :: AccountRoleStatus | |
pattern AccountRoleStatus_DELETING :: AccountRoleStatus | |
pattern AccountRoleStatus_PENDING_DELETION :: AccountRoleStatus | |
pattern AccountRoleStatus_READY :: AccountRoleStatus |
Instances
CustomerPolicyScopeIdType
newtype CustomerPolicyScopeIdType Source #
pattern CustomerPolicyScopeIdType_ACCOUNT :: CustomerPolicyScopeIdType | |
pattern CustomerPolicyScopeIdType_ORG_UNIT :: CustomerPolicyScopeIdType |
Instances
DependentServiceName
newtype DependentServiceName Source #
pattern DependentServiceName_AWSCONFIG :: DependentServiceName | |
pattern DependentServiceName_AWSSHIELD_ADVANCED :: DependentServiceName | |
pattern DependentServiceName_AWSVPC :: DependentServiceName | |
pattern DependentServiceName_AWSWAF :: DependentServiceName |
Instances
DestinationType
newtype DestinationType Source #
pattern DestinationType_IPV4 :: DestinationType | |
pattern DestinationType_IPV6 :: DestinationType | |
pattern DestinationType_PREFIX_LIST :: DestinationType |
Instances
FailedItemReason
newtype FailedItemReason Source #
pattern FailedItemReason_NOT_VALID_ACCOUNT_ID :: FailedItemReason | |
pattern FailedItemReason_NOT_VALID_ARN :: FailedItemReason | |
pattern FailedItemReason_NOT_VALID_PARTITION :: FailedItemReason | |
pattern FailedItemReason_NOT_VALID_REGION :: FailedItemReason | |
pattern FailedItemReason_NOT_VALID_RESOURCE_TYPE :: FailedItemReason | |
pattern FailedItemReason_NOT_VALID_SERVICE :: FailedItemReason |
Instances
FirewallDeploymentModel
newtype FirewallDeploymentModel Source #
pattern FirewallDeploymentModel_CENTRALIZED :: FirewallDeploymentModel | |
pattern FirewallDeploymentModel_DISTRIBUTED :: FirewallDeploymentModel |
Instances
MarketplaceSubscriptionOnboardingStatus
newtype MarketplaceSubscriptionOnboardingStatus Source #
Instances
NetworkFirewallOverrideAction
newtype NetworkFirewallOverrideAction Source #
Instances
PolicyComplianceStatusType
newtype PolicyComplianceStatusType Source #
pattern PolicyComplianceStatusType_COMPLIANT :: PolicyComplianceStatusType | |
pattern PolicyComplianceStatusType_NON_COMPLIANT :: PolicyComplianceStatusType |
Instances
RemediationActionType
newtype RemediationActionType Source #
pattern RemediationActionType_MODIFY :: RemediationActionType | |
pattern RemediationActionType_REMOVE :: RemediationActionType |
Instances
RuleOrder
pattern RuleOrder_DEFAULT_ACTION_ORDER :: RuleOrder | |
pattern RuleOrder_STRICT_ORDER :: RuleOrder |
Instances
SecurityServiceType
newtype SecurityServiceType Source #
Instances
TargetType
newtype TargetType Source #
pattern TargetType_CARRIER_GATEWAY :: TargetType | |
pattern TargetType_EGRESS_ONLY_INTERNET_GATEWAY :: TargetType | |
pattern TargetType_GATEWAY :: TargetType | |
pattern TargetType_INSTANCE :: TargetType | |
pattern TargetType_LOCAL_GATEWAY :: TargetType | |
pattern TargetType_NAT_GATEWAY :: TargetType | |
pattern TargetType_NETWORK_INTERFACE :: TargetType | |
pattern TargetType_TRANSIT_GATEWAY :: TargetType | |
pattern TargetType_VPC_ENDPOINT :: TargetType | |
pattern TargetType_VPC_PEERING_CONNECTION :: TargetType |
Instances
ThirdPartyFirewall
newtype ThirdPartyFirewall Source #
pattern ThirdPartyFirewall_FORTIGATE_CLOUD_NATIVE_FIREWALL :: ThirdPartyFirewall | |
pattern ThirdPartyFirewall_PALO_ALTO_NETWORKS_CLOUD_NGFW :: ThirdPartyFirewall |
Instances
ThirdPartyFirewallAssociationStatus
newtype ThirdPartyFirewallAssociationStatus Source #
Instances
ViolationReason
newtype ViolationReason Source #
Instances
ActionTarget
data ActionTarget Source #
Describes a remediation action target.
See: newActionTarget
smart constructor.
ActionTarget' | |
|
Instances
newActionTarget :: ActionTarget Source #
Create a value of ActionTarget
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:ActionTarget'
, actionTarget_description
- A description of the remediation action target.
$sel:resourceId:ActionTarget'
, actionTarget_resourceId
- The ID of the remediation target.
actionTarget_description :: Lens' ActionTarget (Maybe Text) Source #
A description of the remediation action target.
actionTarget_resourceId :: Lens' ActionTarget (Maybe Text) Source #
The ID of the remediation target.
App
An individual Firewall Manager application.
See: newApp
smart constructor.
Instances
FromJSON App Source # | |
ToJSON App Source # | |
Defined in Amazonka.FMS.Types.App | |
Generic App Source # | |
Read App Source # | |
Show App Source # | |
NFData App Source # | |
Defined in Amazonka.FMS.Types.App | |
Eq App Source # | |
Hashable App Source # | |
Defined in Amazonka.FMS.Types.App | |
type Rep App Source # | |
Defined in Amazonka.FMS.Types.App type Rep App = D1 ('MetaData "App" "Amazonka.FMS.Types.App" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "App'" 'PrefixI 'True) (S1 ('MetaSel ('Just "appName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: (S1 ('MetaSel ('Just "protocol") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "port") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Natural)))) |
Create a value of App
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:appName:App'
, app_appName
- The application's name.
$sel:protocol:App'
, app_protocol
- The IP protocol name or number. The name can be one of tcp
, udp
, or
icmp
. For information on possible numbers, see
Protocol Numbers.
$sel:port:App'
, app_port
- The application's port number, for example 80
.
app_protocol :: Lens' App Text Source #
The IP protocol name or number. The name can be one of tcp
, udp
, or
icmp
. For information on possible numbers, see
Protocol Numbers.
AppsListData
data AppsListData Source #
An Firewall Manager applications list.
See: newAppsListData
smart constructor.
AppsListData' | |
|
Instances
Create a value of AppsListData
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:createTime:AppsListData'
, appsListData_createTime
- The time that the Firewall Manager applications list was created.
$sel:lastUpdateTime:AppsListData'
, appsListData_lastUpdateTime
- The time that the Firewall Manager applications list was last updated.
$sel:listId:AppsListData'
, appsListData_listId
- The ID of the Firewall Manager applications list.
$sel:listUpdateToken:AppsListData'
, appsListData_listUpdateToken
- A unique identifier for each update to the list. When you update the
list, the update token must match the token of the current version of
the application list. You can retrieve the update token by getting the
list.
$sel:previousAppsList:AppsListData'
, appsListData_previousAppsList
- A map of previous version numbers to their corresponding App
object
arrays.
$sel:listName:AppsListData'
, appsListData_listName
- The name of the Firewall Manager applications list.
$sel:appsList:AppsListData'
, appsListData_appsList
- An array of applications in the Firewall Manager applications list.
appsListData_createTime :: Lens' AppsListData (Maybe UTCTime) Source #
The time that the Firewall Manager applications list was created.
appsListData_lastUpdateTime :: Lens' AppsListData (Maybe UTCTime) Source #
The time that the Firewall Manager applications list was last updated.
appsListData_listId :: Lens' AppsListData (Maybe Text) Source #
The ID of the Firewall Manager applications list.
appsListData_listUpdateToken :: Lens' AppsListData (Maybe Text) Source #
A unique identifier for each update to the list. When you update the list, the update token must match the token of the current version of the application list. You can retrieve the update token by getting the list.
appsListData_previousAppsList :: Lens' AppsListData (Maybe (HashMap Text [App])) Source #
A map of previous version numbers to their corresponding App
object
arrays.
appsListData_listName :: Lens' AppsListData Text Source #
The name of the Firewall Manager applications list.
appsListData_appsList :: Lens' AppsListData [App] Source #
An array of applications in the Firewall Manager applications list.
AppsListDataSummary
data AppsListDataSummary Source #
Details of the Firewall Manager applications list.
See: newAppsListDataSummary
smart constructor.
Instances
newAppsListDataSummary :: AppsListDataSummary Source #
Create a value of AppsListDataSummary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:appsList:AppsListDataSummary'
, appsListDataSummary_appsList
- An array of App
objects in the Firewall Manager applications list.
$sel:listArn:AppsListDataSummary'
, appsListDataSummary_listArn
- The Amazon Resource Name (ARN) of the applications list.
$sel:listId:AppsListDataSummary'
, appsListDataSummary_listId
- The ID of the applications list.
$sel:listName:AppsListDataSummary'
, appsListDataSummary_listName
- The name of the applications list.
appsListDataSummary_appsList :: Lens' AppsListDataSummary (Maybe [App]) Source #
An array of App
objects in the Firewall Manager applications list.
appsListDataSummary_listArn :: Lens' AppsListDataSummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the applications list.
appsListDataSummary_listId :: Lens' AppsListDataSummary (Maybe Text) Source #
The ID of the applications list.
appsListDataSummary_listName :: Lens' AppsListDataSummary (Maybe Text) Source #
The name of the applications list.
AwsEc2InstanceViolation
data AwsEc2InstanceViolation Source #
Violation detail for an EC2 instance resource.
See: newAwsEc2InstanceViolation
smart constructor.
AwsEc2InstanceViolation' | |
|
Instances
newAwsEc2InstanceViolation :: AwsEc2InstanceViolation Source #
Create a value of AwsEc2InstanceViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:awsEc2NetworkInterfaceViolations:AwsEc2InstanceViolation'
, awsEc2InstanceViolation_awsEc2NetworkInterfaceViolations
- Violation detail for network interfaces associated with the EC2
instance.
AwsEc2InstanceViolation
, awsEc2InstanceViolation_violationTarget
- The resource ID of the EC2 instance.
awsEc2InstanceViolation_awsEc2NetworkInterfaceViolations :: Lens' AwsEc2InstanceViolation (Maybe [AwsEc2NetworkInterfaceViolation]) Source #
Violation detail for network interfaces associated with the EC2 instance.
awsEc2InstanceViolation_violationTarget :: Lens' AwsEc2InstanceViolation (Maybe Text) Source #
The resource ID of the EC2 instance.
AwsEc2NetworkInterfaceViolation
data AwsEc2NetworkInterfaceViolation Source #
Violation detail for network interfaces associated with an EC2 instance.
See: newAwsEc2NetworkInterfaceViolation
smart constructor.
AwsEc2NetworkInterfaceViolation' | |
|
Instances
newAwsEc2NetworkInterfaceViolation :: AwsEc2NetworkInterfaceViolation Source #
Create a value of AwsEc2NetworkInterfaceViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violatingSecurityGroups:AwsEc2NetworkInterfaceViolation'
, awsEc2NetworkInterfaceViolation_violatingSecurityGroups
- List of security groups that violate the rules specified in the primary
security group of the Firewall Manager policy.
$sel:violationTarget:AwsEc2NetworkInterfaceViolation'
, awsEc2NetworkInterfaceViolation_violationTarget
- The resource ID of the network interface.
awsEc2NetworkInterfaceViolation_violatingSecurityGroups :: Lens' AwsEc2NetworkInterfaceViolation (Maybe [Text]) Source #
List of security groups that violate the rules specified in the primary security group of the Firewall Manager policy.
awsEc2NetworkInterfaceViolation_violationTarget :: Lens' AwsEc2NetworkInterfaceViolation (Maybe Text) Source #
The resource ID of the network interface.
AwsVPCSecurityGroupViolation
data AwsVPCSecurityGroupViolation Source #
Violation detail for the rule violation in a security group when compared to the primary security group of the Firewall Manager policy.
See: newAwsVPCSecurityGroupViolation
smart constructor.
AwsVPCSecurityGroupViolation' | |
|
Instances
newAwsVPCSecurityGroupViolation :: AwsVPCSecurityGroupViolation Source #
Create a value of AwsVPCSecurityGroupViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:partialMatches:AwsVPCSecurityGroupViolation'
, awsVPCSecurityGroupViolation_partialMatches
- List of rules specified in the security group of the Firewall Manager
policy that partially match the ViolationTarget
rule.
$sel:possibleSecurityGroupRemediationActions:AwsVPCSecurityGroupViolation'
, awsVPCSecurityGroupViolation_possibleSecurityGroupRemediationActions
- Remediation options for the rule specified in the ViolationTarget
.
$sel:violationTarget:AwsVPCSecurityGroupViolation'
, awsVPCSecurityGroupViolation_violationTarget
- The security group rule that is being evaluated.
$sel:violationTargetDescription:AwsVPCSecurityGroupViolation'
, awsVPCSecurityGroupViolation_violationTargetDescription
- A description of the security group that violates the policy.
awsVPCSecurityGroupViolation_partialMatches :: Lens' AwsVPCSecurityGroupViolation (Maybe [PartialMatch]) Source #
List of rules specified in the security group of the Firewall Manager
policy that partially match the ViolationTarget
rule.
awsVPCSecurityGroupViolation_possibleSecurityGroupRemediationActions :: Lens' AwsVPCSecurityGroupViolation (Maybe [SecurityGroupRemediationAction]) Source #
Remediation options for the rule specified in the ViolationTarget
.
awsVPCSecurityGroupViolation_violationTarget :: Lens' AwsVPCSecurityGroupViolation (Maybe Text) Source #
The security group rule that is being evaluated.
awsVPCSecurityGroupViolation_violationTargetDescription :: Lens' AwsVPCSecurityGroupViolation (Maybe Text) Source #
A description of the security group that violates the policy.
ComplianceViolator
data ComplianceViolator Source #
Details of the resource that is not protected by the policy.
See: newComplianceViolator
smart constructor.
ComplianceViolator' | |
|
Instances
newComplianceViolator :: ComplianceViolator Source #
Create a value of ComplianceViolator
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:metadata:ComplianceViolator'
, complianceViolator_metadata
- Metadata about the resource that doesn't comply with the policy scope.
$sel:resourceId:ComplianceViolator'
, complianceViolator_resourceId
- The resource ID.
$sel:resourceType:ComplianceViolator'
, complianceViolator_resourceType
- The resource type. This is in the format shown in the
Amazon Web Services Resource Types Reference.
For example: AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::CloudFront::Distribution
, or
AWS::NetworkFirewall::FirewallPolicy
.
$sel:violationReason:ComplianceViolator'
, complianceViolator_violationReason
- The reason that the resource is not protected by the policy.
complianceViolator_metadata :: Lens' ComplianceViolator (Maybe (HashMap Text Text)) Source #
Metadata about the resource that doesn't comply with the policy scope.
complianceViolator_resourceId :: Lens' ComplianceViolator (Maybe Text) Source #
The resource ID.
complianceViolator_resourceType :: Lens' ComplianceViolator (Maybe Text) Source #
The resource type. This is in the format shown in the
Amazon Web Services Resource Types Reference.
For example: AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::CloudFront::Distribution
, or
AWS::NetworkFirewall::FirewallPolicy
.
complianceViolator_violationReason :: Lens' ComplianceViolator (Maybe ViolationReason) Source #
The reason that the resource is not protected by the policy.
DiscoveredResource
data DiscoveredResource Source #
A resource in the organization that's available to be associated with a Firewall Manager resource set.
See: newDiscoveredResource
smart constructor.
Instances
newDiscoveredResource :: DiscoveredResource Source #
Create a value of DiscoveredResource
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountId:DiscoveredResource'
, discoveredResource_accountId
- The Amazon Web Services account ID associated with the discovered
resource.
$sel:name:DiscoveredResource'
, discoveredResource_name
- The name of the discovered resource.
$sel:type':DiscoveredResource'
, discoveredResource_type
- The type of the discovered resource.
$sel:uri:DiscoveredResource'
, discoveredResource_uri
- The universal resource identifier (URI) of the discovered resource.
discoveredResource_accountId :: Lens' DiscoveredResource (Maybe Text) Source #
The Amazon Web Services account ID associated with the discovered resource.
discoveredResource_name :: Lens' DiscoveredResource (Maybe Text) Source #
The name of the discovered resource.
discoveredResource_type :: Lens' DiscoveredResource (Maybe Text) Source #
The type of the discovered resource.
discoveredResource_uri :: Lens' DiscoveredResource (Maybe Text) Source #
The universal resource identifier (URI) of the discovered resource.
DnsDuplicateRuleGroupViolation
data DnsDuplicateRuleGroupViolation Source #
A DNS Firewall rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.
See: newDnsDuplicateRuleGroupViolation
smart constructor.
DnsDuplicateRuleGroupViolation' | |
|
Instances
newDnsDuplicateRuleGroupViolation :: DnsDuplicateRuleGroupViolation Source #
Create a value of DnsDuplicateRuleGroupViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violationTarget:DnsDuplicateRuleGroupViolation'
, dnsDuplicateRuleGroupViolation_violationTarget
- Information about the VPC ID.
$sel:violationTargetDescription:DnsDuplicateRuleGroupViolation'
, dnsDuplicateRuleGroupViolation_violationTargetDescription
- A description of the violation that specifies the rule group and VPC.
dnsDuplicateRuleGroupViolation_violationTarget :: Lens' DnsDuplicateRuleGroupViolation (Maybe Text) Source #
Information about the VPC ID.
dnsDuplicateRuleGroupViolation_violationTargetDescription :: Lens' DnsDuplicateRuleGroupViolation (Maybe Text) Source #
A description of the violation that specifies the rule group and VPC.
DnsRuleGroupLimitExceededViolation
data DnsRuleGroupLimitExceededViolation Source #
The VPC that Firewall Manager was applying a DNS Fireall policy to reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed due to the limit.
See: newDnsRuleGroupLimitExceededViolation
smart constructor.
DnsRuleGroupLimitExceededViolation' | |
|
Instances
newDnsRuleGroupLimitExceededViolation :: DnsRuleGroupLimitExceededViolation Source #
Create a value of DnsRuleGroupLimitExceededViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:numberOfRuleGroupsAlreadyAssociated:DnsRuleGroupLimitExceededViolation'
, dnsRuleGroupLimitExceededViolation_numberOfRuleGroupsAlreadyAssociated
- The number of rule groups currently associated with the VPC.
$sel:violationTarget:DnsRuleGroupLimitExceededViolation'
, dnsRuleGroupLimitExceededViolation_violationTarget
- Information about the VPC ID.
$sel:violationTargetDescription:DnsRuleGroupLimitExceededViolation'
, dnsRuleGroupLimitExceededViolation_violationTargetDescription
- A description of the violation that specifies the rule group and VPC.
dnsRuleGroupLimitExceededViolation_numberOfRuleGroupsAlreadyAssociated :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Int) Source #
The number of rule groups currently associated with the VPC.
dnsRuleGroupLimitExceededViolation_violationTarget :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Text) Source #
Information about the VPC ID.
dnsRuleGroupLimitExceededViolation_violationTargetDescription :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Text) Source #
A description of the violation that specifies the rule group and VPC.
DnsRuleGroupPriorityConflictViolation
data DnsRuleGroupPriorityConflictViolation Source #
A rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.
See: newDnsRuleGroupPriorityConflictViolation
smart constructor.
DnsRuleGroupPriorityConflictViolation' | |
|
Instances
newDnsRuleGroupPriorityConflictViolation :: DnsRuleGroupPriorityConflictViolation Source #
Create a value of DnsRuleGroupPriorityConflictViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:conflictingPolicyId:DnsRuleGroupPriorityConflictViolation'
, dnsRuleGroupPriorityConflictViolation_conflictingPolicyId
- The ID of the Firewall Manager DNS Firewall policy that was already
applied to the VPC. This policy contains the rule group that's already
associated with the VPC.
$sel:conflictingPriority:DnsRuleGroupPriorityConflictViolation'
, dnsRuleGroupPriorityConflictViolation_conflictingPriority
- The priority setting of the two conflicting rule groups.
$sel:unavailablePriorities:DnsRuleGroupPriorityConflictViolation'
, dnsRuleGroupPriorityConflictViolation_unavailablePriorities
- The priorities of rule groups that are already associated with the VPC.
To retry your operation, choose priority settings that aren't in this
list for the rule groups in your new DNS Firewall policy.
$sel:violationTarget:DnsRuleGroupPriorityConflictViolation'
, dnsRuleGroupPriorityConflictViolation_violationTarget
- Information about the VPC ID.
$sel:violationTargetDescription:DnsRuleGroupPriorityConflictViolation'
, dnsRuleGroupPriorityConflictViolation_violationTargetDescription
- A description of the violation that specifies the VPC and the rule group
that's already associated with it.
dnsRuleGroupPriorityConflictViolation_conflictingPolicyId :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text) Source #
The ID of the Firewall Manager DNS Firewall policy that was already applied to the VPC. This policy contains the rule group that's already associated with the VPC.
dnsRuleGroupPriorityConflictViolation_conflictingPriority :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Natural) Source #
The priority setting of the two conflicting rule groups.
dnsRuleGroupPriorityConflictViolation_unavailablePriorities :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe [Natural]) Source #
The priorities of rule groups that are already associated with the VPC. To retry your operation, choose priority settings that aren't in this list for the rule groups in your new DNS Firewall policy.
dnsRuleGroupPriorityConflictViolation_violationTarget :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text) Source #
Information about the VPC ID.
dnsRuleGroupPriorityConflictViolation_violationTargetDescription :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text) Source #
A description of the violation that specifies the VPC and the rule group that's already associated with it.
EC2AssociateRouteTableAction
data EC2AssociateRouteTableAction Source #
The action of associating an EC2 resource, such as a subnet or internet gateway, with a route table.
See: newEC2AssociateRouteTableAction
smart constructor.
EC2AssociateRouteTableAction' | |
|
Instances
newEC2AssociateRouteTableAction Source #
Create a value of EC2AssociateRouteTableAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2AssociateRouteTableAction
, eC2AssociateRouteTableAction_description
- A description of the EC2 route table that is associated with the
remediation action.
$sel:gatewayId:EC2AssociateRouteTableAction'
, eC2AssociateRouteTableAction_gatewayId
- The ID of the gateway to be used with the EC2 route table that is
associated with the remediation action.
$sel:subnetId:EC2AssociateRouteTableAction'
, eC2AssociateRouteTableAction_subnetId
- The ID of the subnet for the EC2 route table that is associated with the
remediation action.
$sel:routeTableId:EC2AssociateRouteTableAction'
, eC2AssociateRouteTableAction_routeTableId
- The ID of the EC2 route table that is associated with the remediation
action.
eC2AssociateRouteTableAction_description :: Lens' EC2AssociateRouteTableAction (Maybe Text) Source #
A description of the EC2 route table that is associated with the remediation action.
eC2AssociateRouteTableAction_gatewayId :: Lens' EC2AssociateRouteTableAction (Maybe ActionTarget) Source #
The ID of the gateway to be used with the EC2 route table that is associated with the remediation action.
eC2AssociateRouteTableAction_subnetId :: Lens' EC2AssociateRouteTableAction (Maybe ActionTarget) Source #
The ID of the subnet for the EC2 route table that is associated with the remediation action.
eC2AssociateRouteTableAction_routeTableId :: Lens' EC2AssociateRouteTableAction ActionTarget Source #
The ID of the EC2 route table that is associated with the remediation action.
EC2CopyRouteTableAction
data EC2CopyRouteTableAction Source #
An action that copies the EC2 route table for use in remediation.
See: newEC2CopyRouteTableAction
smart constructor.
EC2CopyRouteTableAction' | |
|
Instances
newEC2CopyRouteTableAction Source #
Create a value of EC2CopyRouteTableAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2CopyRouteTableAction
, eC2CopyRouteTableAction_description
- A description of the copied EC2 route table that is associated with the
remediation action.
$sel:vpcId:EC2CopyRouteTableAction'
, eC2CopyRouteTableAction_vpcId
- The VPC ID of the copied EC2 route table that is associated with the
remediation action.
$sel:routeTableId:EC2CopyRouteTableAction'
, eC2CopyRouteTableAction_routeTableId
- The ID of the copied EC2 route table that is associated with the
remediation action.
eC2CopyRouteTableAction_description :: Lens' EC2CopyRouteTableAction (Maybe Text) Source #
A description of the copied EC2 route table that is associated with the remediation action.
eC2CopyRouteTableAction_vpcId :: Lens' EC2CopyRouteTableAction ActionTarget Source #
The VPC ID of the copied EC2 route table that is associated with the remediation action.
eC2CopyRouteTableAction_routeTableId :: Lens' EC2CopyRouteTableAction ActionTarget Source #
The ID of the copied EC2 route table that is associated with the remediation action.
EC2CreateRouteAction
data EC2CreateRouteAction Source #
Information about the CreateRoute action in Amazon EC2.
See: newEC2CreateRouteAction
smart constructor.
EC2CreateRouteAction' | |
|
Instances
newEC2CreateRouteAction Source #
Create a value of EC2CreateRouteAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2CreateRouteAction
, eC2CreateRouteAction_description
- A description of CreateRoute action in Amazon EC2.
$sel:destinationCidrBlock:EC2CreateRouteAction'
, eC2CreateRouteAction_destinationCidrBlock
- Information about the IPv4 CIDR address block used for the destination
match.
$sel:destinationIpv6CidrBlock:EC2CreateRouteAction'
, eC2CreateRouteAction_destinationIpv6CidrBlock
- Information about the IPv6 CIDR block destination.
$sel:destinationPrefixListId:EC2CreateRouteAction'
, eC2CreateRouteAction_destinationPrefixListId
- Information about the ID of a prefix list used for the destination
match.
$sel:gatewayId:EC2CreateRouteAction'
, eC2CreateRouteAction_gatewayId
- Information about the ID of an internet gateway or virtual private
gateway attached to your VPC.
$sel:vpcEndpointId:EC2CreateRouteAction'
, eC2CreateRouteAction_vpcEndpointId
- Information about the ID of a VPC endpoint. Supported for Gateway Load
Balancer endpoints only.
$sel:routeTableId:EC2CreateRouteAction'
, eC2CreateRouteAction_routeTableId
- Information about the ID of the route table for the route.
eC2CreateRouteAction_description :: Lens' EC2CreateRouteAction (Maybe Text) Source #
A description of CreateRoute action in Amazon EC2.
eC2CreateRouteAction_destinationCidrBlock :: Lens' EC2CreateRouteAction (Maybe Text) Source #
Information about the IPv4 CIDR address block used for the destination match.
eC2CreateRouteAction_destinationIpv6CidrBlock :: Lens' EC2CreateRouteAction (Maybe Text) Source #
Information about the IPv6 CIDR block destination.
eC2CreateRouteAction_destinationPrefixListId :: Lens' EC2CreateRouteAction (Maybe Text) Source #
Information about the ID of a prefix list used for the destination match.
eC2CreateRouteAction_gatewayId :: Lens' EC2CreateRouteAction (Maybe ActionTarget) Source #
Information about the ID of an internet gateway or virtual private gateway attached to your VPC.
eC2CreateRouteAction_vpcEndpointId :: Lens' EC2CreateRouteAction (Maybe ActionTarget) Source #
Information about the ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only.
eC2CreateRouteAction_routeTableId :: Lens' EC2CreateRouteAction ActionTarget Source #
Information about the ID of the route table for the route.
EC2CreateRouteTableAction
data EC2CreateRouteTableAction Source #
Information about the CreateRouteTable action in Amazon EC2.
See: newEC2CreateRouteTableAction
smart constructor.
EC2CreateRouteTableAction' | |
|
Instances
newEC2CreateRouteTableAction Source #
Create a value of EC2CreateRouteTableAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2CreateRouteTableAction
, eC2CreateRouteTableAction_description
- A description of the CreateRouteTable action.
$sel:vpcId:EC2CreateRouteTableAction'
, eC2CreateRouteTableAction_vpcId
- Information about the ID of a VPC.
eC2CreateRouteTableAction_description :: Lens' EC2CreateRouteTableAction (Maybe Text) Source #
A description of the CreateRouteTable action.
eC2CreateRouteTableAction_vpcId :: Lens' EC2CreateRouteTableAction ActionTarget Source #
Information about the ID of a VPC.
EC2DeleteRouteAction
data EC2DeleteRouteAction Source #
Information about the DeleteRoute action in Amazon EC2.
See: newEC2DeleteRouteAction
smart constructor.
EC2DeleteRouteAction' | |
|
Instances
newEC2DeleteRouteAction Source #
Create a value of EC2DeleteRouteAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2DeleteRouteAction
, eC2DeleteRouteAction_description
- A description of the DeleteRoute action.
$sel:destinationCidrBlock:EC2DeleteRouteAction'
, eC2DeleteRouteAction_destinationCidrBlock
- Information about the IPv4 CIDR range for the route. The value you
specify must match the CIDR for the route exactly.
$sel:destinationIpv6CidrBlock:EC2DeleteRouteAction'
, eC2DeleteRouteAction_destinationIpv6CidrBlock
- Information about the IPv6 CIDR range for the route. The value you
specify must match the CIDR for the route exactly.
$sel:destinationPrefixListId:EC2DeleteRouteAction'
, eC2DeleteRouteAction_destinationPrefixListId
- Information about the ID of the prefix list for the route.
$sel:routeTableId:EC2DeleteRouteAction'
, eC2DeleteRouteAction_routeTableId
- Information about the ID of the route table.
eC2DeleteRouteAction_description :: Lens' EC2DeleteRouteAction (Maybe Text) Source #
A description of the DeleteRoute action.
eC2DeleteRouteAction_destinationCidrBlock :: Lens' EC2DeleteRouteAction (Maybe Text) Source #
Information about the IPv4 CIDR range for the route. The value you specify must match the CIDR for the route exactly.
eC2DeleteRouteAction_destinationIpv6CidrBlock :: Lens' EC2DeleteRouteAction (Maybe Text) Source #
Information about the IPv6 CIDR range for the route. The value you specify must match the CIDR for the route exactly.
eC2DeleteRouteAction_destinationPrefixListId :: Lens' EC2DeleteRouteAction (Maybe Text) Source #
Information about the ID of the prefix list for the route.
eC2DeleteRouteAction_routeTableId :: Lens' EC2DeleteRouteAction ActionTarget Source #
Information about the ID of the route table.
EC2ReplaceRouteAction
data EC2ReplaceRouteAction Source #
Information about the ReplaceRoute action in Amazon EC2.
See: newEC2ReplaceRouteAction
smart constructor.
EC2ReplaceRouteAction' | |
|
Instances
newEC2ReplaceRouteAction Source #
Create a value of EC2ReplaceRouteAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2ReplaceRouteAction
, eC2ReplaceRouteAction_description
- A description of the ReplaceRoute action in Amazon EC2.
$sel:destinationCidrBlock:EC2ReplaceRouteAction'
, eC2ReplaceRouteAction_destinationCidrBlock
- Information about the IPv4 CIDR address block used for the destination
match. The value that you provide must match the CIDR of an existing
route in the table.
$sel:destinationIpv6CidrBlock:EC2ReplaceRouteAction'
, eC2ReplaceRouteAction_destinationIpv6CidrBlock
- Information about the IPv6 CIDR address block used for the destination
match. The value that you provide must match the CIDR of an existing
route in the table.
$sel:destinationPrefixListId:EC2ReplaceRouteAction'
, eC2ReplaceRouteAction_destinationPrefixListId
- Information about the ID of the prefix list for the route.
$sel:gatewayId:EC2ReplaceRouteAction'
, eC2ReplaceRouteAction_gatewayId
- Information about the ID of an internet gateway or virtual private
gateway.
$sel:routeTableId:EC2ReplaceRouteAction'
, eC2ReplaceRouteAction_routeTableId
- Information about the ID of the route table.
eC2ReplaceRouteAction_description :: Lens' EC2ReplaceRouteAction (Maybe Text) Source #
A description of the ReplaceRoute action in Amazon EC2.
eC2ReplaceRouteAction_destinationCidrBlock :: Lens' EC2ReplaceRouteAction (Maybe Text) Source #
Information about the IPv4 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table.
eC2ReplaceRouteAction_destinationIpv6CidrBlock :: Lens' EC2ReplaceRouteAction (Maybe Text) Source #
Information about the IPv6 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table.
eC2ReplaceRouteAction_destinationPrefixListId :: Lens' EC2ReplaceRouteAction (Maybe Text) Source #
Information about the ID of the prefix list for the route.
eC2ReplaceRouteAction_gatewayId :: Lens' EC2ReplaceRouteAction (Maybe ActionTarget) Source #
Information about the ID of an internet gateway or virtual private gateway.
eC2ReplaceRouteAction_routeTableId :: Lens' EC2ReplaceRouteAction ActionTarget Source #
Information about the ID of the route table.
EC2ReplaceRouteTableAssociationAction
data EC2ReplaceRouteTableAssociationAction Source #
Information about the ReplaceRouteTableAssociation action in Amazon EC2.
See: newEC2ReplaceRouteTableAssociationAction
smart constructor.
EC2ReplaceRouteTableAssociationAction' | |
|
Instances
newEC2ReplaceRouteTableAssociationAction Source #
Create a value of EC2ReplaceRouteTableAssociationAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
EC2ReplaceRouteTableAssociationAction
, eC2ReplaceRouteTableAssociationAction_description
- A description of the ReplaceRouteTableAssociation action in Amazon EC2.
$sel:associationId:EC2ReplaceRouteTableAssociationAction'
, eC2ReplaceRouteTableAssociationAction_associationId
- Information about the association ID.
$sel:routeTableId:EC2ReplaceRouteTableAssociationAction'
, eC2ReplaceRouteTableAssociationAction_routeTableId
- Information about the ID of the new route table to associate with the
subnet.
eC2ReplaceRouteTableAssociationAction_description :: Lens' EC2ReplaceRouteTableAssociationAction (Maybe Text) Source #
A description of the ReplaceRouteTableAssociation action in Amazon EC2.
eC2ReplaceRouteTableAssociationAction_associationId :: Lens' EC2ReplaceRouteTableAssociationAction ActionTarget Source #
Information about the association ID.
eC2ReplaceRouteTableAssociationAction_routeTableId :: Lens' EC2ReplaceRouteTableAssociationAction ActionTarget Source #
Information about the ID of the new route table to associate with the subnet.
EvaluationResult
data EvaluationResult Source #
Describes the compliance status for the account. An account is considered noncompliant if it includes resources that are not protected by the specified policy or that don't comply with the policy.
See: newEvaluationResult
smart constructor.
EvaluationResult' | |
|
Instances
newEvaluationResult :: EvaluationResult Source #
Create a value of EvaluationResult
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:complianceStatus:EvaluationResult'
, evaluationResult_complianceStatus
- Describes an Amazon Web Services account's compliance with the Firewall
Manager policy.
$sel:evaluationLimitExceeded:EvaluationResult'
, evaluationResult_evaluationLimitExceeded
- Indicates that over 100 resources are noncompliant with the Firewall
Manager policy.
$sel:violatorCount:EvaluationResult'
, evaluationResult_violatorCount
- The number of resources that are noncompliant with the specified policy.
For WAF and Shield Advanced policies, a resource is considered
noncompliant if it is not associated with the policy. For security group
policies, a resource is considered noncompliant if it doesn't comply
with the rules of the policy and remediation is disabled or not
possible.
evaluationResult_complianceStatus :: Lens' EvaluationResult (Maybe PolicyComplianceStatusType) Source #
Describes an Amazon Web Services account's compliance with the Firewall Manager policy.
evaluationResult_evaluationLimitExceeded :: Lens' EvaluationResult (Maybe Bool) Source #
Indicates that over 100 resources are noncompliant with the Firewall Manager policy.
evaluationResult_violatorCount :: Lens' EvaluationResult (Maybe Natural) Source #
The number of resources that are noncompliant with the specified policy. For WAF and Shield Advanced policies, a resource is considered noncompliant if it is not associated with the policy. For security group policies, a resource is considered noncompliant if it doesn't comply with the rules of the policy and remediation is disabled or not possible.
ExpectedRoute
data ExpectedRoute Source #
Information about the expected route in the route table.
See: newExpectedRoute
smart constructor.
ExpectedRoute' | |
|
Instances
newExpectedRoute :: ExpectedRoute Source #
Create a value of ExpectedRoute
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:allowedTargets:ExpectedRoute'
, expectedRoute_allowedTargets
- Information about the allowed targets.
$sel:contributingSubnets:ExpectedRoute'
, expectedRoute_contributingSubnets
- Information about the contributing subnets.
$sel:ipV4Cidr:ExpectedRoute'
, expectedRoute_ipV4Cidr
- Information about the IPv4 CIDR block.
$sel:ipV6Cidr:ExpectedRoute'
, expectedRoute_ipV6Cidr
- Information about the IPv6 CIDR block.
$sel:prefixListId:ExpectedRoute'
, expectedRoute_prefixListId
- Information about the ID of the prefix list for the route.
$sel:routeTableId:ExpectedRoute'
, expectedRoute_routeTableId
- Information about the route table ID.
expectedRoute_allowedTargets :: Lens' ExpectedRoute (Maybe [Text]) Source #
Information about the allowed targets.
expectedRoute_contributingSubnets :: Lens' ExpectedRoute (Maybe [Text]) Source #
Information about the contributing subnets.
expectedRoute_ipV4Cidr :: Lens' ExpectedRoute (Maybe Text) Source #
Information about the IPv4 CIDR block.
expectedRoute_ipV6Cidr :: Lens' ExpectedRoute (Maybe Text) Source #
Information about the IPv6 CIDR block.
expectedRoute_prefixListId :: Lens' ExpectedRoute (Maybe Text) Source #
Information about the ID of the prefix list for the route.
expectedRoute_routeTableId :: Lens' ExpectedRoute (Maybe Text) Source #
Information about the route table ID.
FMSPolicyUpdateFirewallCreationConfigAction
data FMSPolicyUpdateFirewallCreationConfigAction Source #
Contains information about the actions that you can take to remediate
scope violations caused by your policy's FirewallCreationConfig
.
FirewallCreationConfig
is an optional configuration that you can use
to choose which Availability Zones Firewall Manager creates Network
Firewall endpoints in.
See: newFMSPolicyUpdateFirewallCreationConfigAction
smart constructor.
FMSPolicyUpdateFirewallCreationConfigAction' | |
|
Instances
newFMSPolicyUpdateFirewallCreationConfigAction :: FMSPolicyUpdateFirewallCreationConfigAction Source #
Create a value of FMSPolicyUpdateFirewallCreationConfigAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:FMSPolicyUpdateFirewallCreationConfigAction'
, fMSPolicyUpdateFirewallCreationConfigAction_description
- Describes the remedial action.
$sel:firewallCreationConfig:FMSPolicyUpdateFirewallCreationConfigAction'
, fMSPolicyUpdateFirewallCreationConfigAction_firewallCreationConfig
- A FirewallCreationConfig
that you can copy into your current policy's
SecurityServiceData
in order to remedy scope violations.
fMSPolicyUpdateFirewallCreationConfigAction_description :: Lens' FMSPolicyUpdateFirewallCreationConfigAction (Maybe Text) Source #
Describes the remedial action.
fMSPolicyUpdateFirewallCreationConfigAction_firewallCreationConfig :: Lens' FMSPolicyUpdateFirewallCreationConfigAction (Maybe Text) Source #
A FirewallCreationConfig
that you can copy into your current policy's
SecurityServiceData
in order to remedy scope violations.
FailedItem
data FailedItem Source #
Details of a resource that failed when trying to update it's association to a resource set.
See: newFailedItem
smart constructor.
Instances
newFailedItem :: FailedItem Source #
Create a value of FailedItem
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:reason:FailedItem'
, failedItem_reason
- The reason the resource's association could not be updated.
$sel:uri:FailedItem'
, failedItem_uri
- The univeral resource indicator (URI) of the resource that failed.
failedItem_reason :: Lens' FailedItem (Maybe FailedItemReason) Source #
The reason the resource's association could not be updated.
failedItem_uri :: Lens' FailedItem (Maybe Text) Source #
The univeral resource indicator (URI) of the resource that failed.
FirewallSubnetIsOutOfScopeViolation
data FirewallSubnetIsOutOfScopeViolation Source #
Contains details about the firewall subnet that violates the policy scope.
See: newFirewallSubnetIsOutOfScopeViolation
smart constructor.
FirewallSubnetIsOutOfScopeViolation' | |
|
Instances
newFirewallSubnetIsOutOfScopeViolation :: FirewallSubnetIsOutOfScopeViolation Source #
Create a value of FirewallSubnetIsOutOfScopeViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallSubnetId:FirewallSubnetIsOutOfScopeViolation'
, firewallSubnetIsOutOfScopeViolation_firewallSubnetId
- The ID of the firewall subnet that violates the policy scope.
$sel:subnetAvailabilityZone:FirewallSubnetIsOutOfScopeViolation'
, firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZone
- The Availability Zone of the firewall subnet that violates the policy
scope.
$sel:subnetAvailabilityZoneId:FirewallSubnetIsOutOfScopeViolation'
, firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZoneId
- The Availability Zone ID of the firewall subnet that violates the policy
scope.
$sel:vpcEndpointId:FirewallSubnetIsOutOfScopeViolation'
, firewallSubnetIsOutOfScopeViolation_vpcEndpointId
- The VPC endpoint ID of the firewall subnet that violates the policy
scope.
$sel:vpcId:FirewallSubnetIsOutOfScopeViolation'
, firewallSubnetIsOutOfScopeViolation_vpcId
- The VPC ID of the firewall subnet that violates the policy scope.
firewallSubnetIsOutOfScopeViolation_firewallSubnetId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text) Source #
The ID of the firewall subnet that violates the policy scope.
firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZone :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text) Source #
The Availability Zone of the firewall subnet that violates the policy scope.
firewallSubnetIsOutOfScopeViolation_subnetAvailabilityZoneId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text) Source #
The Availability Zone ID of the firewall subnet that violates the policy scope.
firewallSubnetIsOutOfScopeViolation_vpcEndpointId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text) Source #
The VPC endpoint ID of the firewall subnet that violates the policy scope.
firewallSubnetIsOutOfScopeViolation_vpcId :: Lens' FirewallSubnetIsOutOfScopeViolation (Maybe Text) Source #
The VPC ID of the firewall subnet that violates the policy scope.
FirewallSubnetMissingVPCEndpointViolation
data FirewallSubnetMissingVPCEndpointViolation Source #
The violation details for a firewall subnet's VPC endpoint that's deleted or missing.
See: newFirewallSubnetMissingVPCEndpointViolation
smart constructor.
FirewallSubnetMissingVPCEndpointViolation' | |
|
Instances
newFirewallSubnetMissingVPCEndpointViolation :: FirewallSubnetMissingVPCEndpointViolation Source #
Create a value of FirewallSubnetMissingVPCEndpointViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallSubnetId:FirewallSubnetMissingVPCEndpointViolation'
, firewallSubnetMissingVPCEndpointViolation_firewallSubnetId
- The ID of the firewall that this VPC endpoint is associated with.
$sel:subnetAvailabilityZone:FirewallSubnetMissingVPCEndpointViolation'
, firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZone
- The name of the Availability Zone of the deleted VPC subnet.
$sel:subnetAvailabilityZoneId:FirewallSubnetMissingVPCEndpointViolation'
, firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZoneId
- The ID of the Availability Zone of the deleted VPC subnet.
$sel:vpcId:FirewallSubnetMissingVPCEndpointViolation'
, firewallSubnetMissingVPCEndpointViolation_vpcId
- The resource ID of the VPC associated with the deleted VPC subnet.
firewallSubnetMissingVPCEndpointViolation_firewallSubnetId :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text) Source #
The ID of the firewall that this VPC endpoint is associated with.
firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZone :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text) Source #
The name of the Availability Zone of the deleted VPC subnet.
firewallSubnetMissingVPCEndpointViolation_subnetAvailabilityZoneId :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text) Source #
The ID of the Availability Zone of the deleted VPC subnet.
firewallSubnetMissingVPCEndpointViolation_vpcId :: Lens' FirewallSubnetMissingVPCEndpointViolation (Maybe Text) Source #
The resource ID of the VPC associated with the deleted VPC subnet.
NetworkFirewallBlackHoleRouteDetectedViolation
data NetworkFirewallBlackHoleRouteDetectedViolation Source #
Violation detail for an internet gateway route with an inactive state in the customer subnet route table or Network Firewall subnet route table.
See: newNetworkFirewallBlackHoleRouteDetectedViolation
smart constructor.
NetworkFirewallBlackHoleRouteDetectedViolation' | |
|
Instances
newNetworkFirewallBlackHoleRouteDetectedViolation :: NetworkFirewallBlackHoleRouteDetectedViolation Source #
Create a value of NetworkFirewallBlackHoleRouteDetectedViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:routeTableId:NetworkFirewallBlackHoleRouteDetectedViolation'
, networkFirewallBlackHoleRouteDetectedViolation_routeTableId
- Information about the route table ID.
$sel:violatingRoutes:NetworkFirewallBlackHoleRouteDetectedViolation'
, networkFirewallBlackHoleRouteDetectedViolation_violatingRoutes
- Information about the route or routes that are in violation.
$sel:violationTarget:NetworkFirewallBlackHoleRouteDetectedViolation'
, networkFirewallBlackHoleRouteDetectedViolation_violationTarget
- The subnet that has an inactive state.
$sel:vpcId:NetworkFirewallBlackHoleRouteDetectedViolation'
, networkFirewallBlackHoleRouteDetectedViolation_vpcId
- Information about the VPC ID.
networkFirewallBlackHoleRouteDetectedViolation_routeTableId :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text) Source #
Information about the route table ID.
networkFirewallBlackHoleRouteDetectedViolation_violatingRoutes :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe [Route]) Source #
Information about the route or routes that are in violation.
networkFirewallBlackHoleRouteDetectedViolation_violationTarget :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text) Source #
The subnet that has an inactive state.
networkFirewallBlackHoleRouteDetectedViolation_vpcId :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text) Source #
Information about the VPC ID.
NetworkFirewallInternetTrafficNotInspectedViolation
data NetworkFirewallInternetTrafficNotInspectedViolation Source #
Violation detail for the subnet for which internet traffic that hasn't been inspected.
See: newNetworkFirewallInternetTrafficNotInspectedViolation
smart constructor.
NetworkFirewallInternetTrafficNotInspectedViolation' | |
|
Instances
newNetworkFirewallInternetTrafficNotInspectedViolation :: NetworkFirewallInternetTrafficNotInspectedViolation Source #
Create a value of NetworkFirewallInternetTrafficNotInspectedViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actualFirewallSubnetRoutes:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_actualFirewallSubnetRoutes
- The actual firewall subnet routes.
$sel:actualInternetGatewayRoutes:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_actualInternetGatewayRoutes
- The actual internet gateway routes.
$sel:currentFirewallSubnetRouteTable:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_currentFirewallSubnetRouteTable
- Information about the subnet route table for the current firewall.
$sel:currentInternetGatewayRouteTable:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_currentInternetGatewayRouteTable
- The current route table for the internet gateway.
$sel:expectedFirewallEndpoint:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallEndpoint
- The expected endpoint for the current firewall.
$sel:expectedFirewallSubnetRoutes:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallSubnetRoutes
- The firewall subnet routes that are expected.
$sel:expectedInternetGatewayRoutes:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_expectedInternetGatewayRoutes
- The internet gateway routes that are expected.
$sel:firewallSubnetId:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_firewallSubnetId
- The firewall subnet ID.
$sel:internetGatewayId:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_internetGatewayId
- The internet gateway ID.
$sel:isRouteTableUsedInDifferentAZ:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_isRouteTableUsedInDifferentAZ
- Information about whether the route table is used in another
Availability Zone.
NetworkFirewallInternetTrafficNotInspectedViolation
, networkFirewallInternetTrafficNotInspectedViolation_routeTableId
- Information about the route table ID.
$sel:subnetAvailabilityZone:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_subnetAvailabilityZone
- The subnet Availability Zone.
$sel:subnetId:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_subnetId
- The subnet ID.
$sel:violatingRoutes:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_violatingRoutes
- The route or routes that are in violation.
$sel:vpcId:NetworkFirewallInternetTrafficNotInspectedViolation'
, networkFirewallInternetTrafficNotInspectedViolation_vpcId
- Information about the VPC ID.
networkFirewallInternetTrafficNotInspectedViolation_actualFirewallSubnetRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route]) Source #
The actual firewall subnet routes.
networkFirewallInternetTrafficNotInspectedViolation_actualInternetGatewayRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route]) Source #
The actual internet gateway routes.
networkFirewallInternetTrafficNotInspectedViolation_currentFirewallSubnetRouteTable :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
Information about the subnet route table for the current firewall.
networkFirewallInternetTrafficNotInspectedViolation_currentInternetGatewayRouteTable :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The current route table for the internet gateway.
networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallEndpoint :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The expected endpoint for the current firewall.
networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallSubnetRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [ExpectedRoute]) Source #
The firewall subnet routes that are expected.
networkFirewallInternetTrafficNotInspectedViolation_expectedInternetGatewayRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [ExpectedRoute]) Source #
The internet gateway routes that are expected.
networkFirewallInternetTrafficNotInspectedViolation_firewallSubnetId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The firewall subnet ID.
networkFirewallInternetTrafficNotInspectedViolation_internetGatewayId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The internet gateway ID.
networkFirewallInternetTrafficNotInspectedViolation_isRouteTableUsedInDifferentAZ :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Bool) Source #
Information about whether the route table is used in another Availability Zone.
networkFirewallInternetTrafficNotInspectedViolation_routeTableId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
Information about the route table ID.
networkFirewallInternetTrafficNotInspectedViolation_subnetAvailabilityZone :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The subnet Availability Zone.
networkFirewallInternetTrafficNotInspectedViolation_subnetId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The subnet ID.
networkFirewallInternetTrafficNotInspectedViolation_violatingRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route]) Source #
The route or routes that are in violation.
networkFirewallInternetTrafficNotInspectedViolation_vpcId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
Information about the VPC ID.
NetworkFirewallInvalidRouteConfigurationViolation
data NetworkFirewallInvalidRouteConfigurationViolation Source #
Violation detail for the improperly configured subnet route. It's possible there is a missing route table route, or a configuration that causes traffic to cross an Availability Zone boundary.
See: newNetworkFirewallInvalidRouteConfigurationViolation
smart constructor.
NetworkFirewallInvalidRouteConfigurationViolation' | |
|
Instances
newNetworkFirewallInvalidRouteConfigurationViolation :: NetworkFirewallInvalidRouteConfigurationViolation Source #
Create a value of NetworkFirewallInvalidRouteConfigurationViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actualFirewallEndpoint:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_actualFirewallEndpoint
- The actual firewall endpoint.
$sel:actualFirewallSubnetId:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetId
- The actual subnet ID for the firewall.
$sel:actualFirewallSubnetRoutes:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetRoutes
- The actual firewall subnet routes that are expected.
$sel:actualInternetGatewayRoutes:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_actualInternetGatewayRoutes
- The actual internet gateway routes.
$sel:affectedSubnets:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_affectedSubnets
- The subnets that are affected.
$sel:currentFirewallSubnetRouteTable:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_currentFirewallSubnetRouteTable
- The subnet route table for the current firewall.
$sel:currentInternetGatewayRouteTable:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_currentInternetGatewayRouteTable
- The route table for the current internet gateway.
$sel:expectedFirewallEndpoint:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_expectedFirewallEndpoint
- The firewall endpoint that's expected.
$sel:expectedFirewallSubnetId:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetId
- The expected subnet ID for the firewall.
$sel:expectedFirewallSubnetRoutes:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetRoutes
- The firewall subnet routes that are expected.
$sel:expectedInternetGatewayRoutes:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_expectedInternetGatewayRoutes
- The expected routes for the internet gateway.
$sel:internetGatewayId:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_internetGatewayId
- The internet gateway ID.
$sel:isRouteTableUsedInDifferentAZ:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_isRouteTableUsedInDifferentAZ
- Information about whether the route table is used in another
Availability Zone.
NetworkFirewallInvalidRouteConfigurationViolation
, networkFirewallInvalidRouteConfigurationViolation_routeTableId
- The route table ID.
$sel:violatingRoute:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_violatingRoute
- The route that's in violation.
$sel:vpcId:NetworkFirewallInvalidRouteConfigurationViolation'
, networkFirewallInvalidRouteConfigurationViolation_vpcId
- Information about the VPC ID.
networkFirewallInvalidRouteConfigurationViolation_actualFirewallEndpoint :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The actual firewall endpoint.
networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The actual subnet ID for the firewall.
networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Route]) Source #
The actual firewall subnet routes that are expected.
networkFirewallInvalidRouteConfigurationViolation_actualInternetGatewayRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Route]) Source #
The actual internet gateway routes.
networkFirewallInvalidRouteConfigurationViolation_affectedSubnets :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Text]) Source #
The subnets that are affected.
networkFirewallInvalidRouteConfigurationViolation_currentFirewallSubnetRouteTable :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The subnet route table for the current firewall.
networkFirewallInvalidRouteConfigurationViolation_currentInternetGatewayRouteTable :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The route table for the current internet gateway.
networkFirewallInvalidRouteConfigurationViolation_expectedFirewallEndpoint :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The firewall endpoint that's expected.
networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The expected subnet ID for the firewall.
networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [ExpectedRoute]) Source #
The firewall subnet routes that are expected.
networkFirewallInvalidRouteConfigurationViolation_expectedInternetGatewayRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [ExpectedRoute]) Source #
The expected routes for the internet gateway.
networkFirewallInvalidRouteConfigurationViolation_internetGatewayId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The internet gateway ID.
networkFirewallInvalidRouteConfigurationViolation_isRouteTableUsedInDifferentAZ :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Bool) Source #
Information about whether the route table is used in another Availability Zone.
networkFirewallInvalidRouteConfigurationViolation_routeTableId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The route table ID.
networkFirewallInvalidRouteConfigurationViolation_violatingRoute :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Route) Source #
The route that's in violation.
networkFirewallInvalidRouteConfigurationViolation_vpcId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
Information about the VPC ID.
NetworkFirewallMissingExpectedRTViolation
data NetworkFirewallMissingExpectedRTViolation Source #
Violation detail for Network Firewall for a subnet that's not associated to the expected Firewall Manager managed route table.
See: newNetworkFirewallMissingExpectedRTViolation
smart constructor.
NetworkFirewallMissingExpectedRTViolation' | |
|
Instances
newNetworkFirewallMissingExpectedRTViolation :: NetworkFirewallMissingExpectedRTViolation Source #
Create a value of NetworkFirewallMissingExpectedRTViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:NetworkFirewallMissingExpectedRTViolation'
, networkFirewallMissingExpectedRTViolation_availabilityZone
- The Availability Zone of a violating subnet.
$sel:currentRouteTable:NetworkFirewallMissingExpectedRTViolation'
, networkFirewallMissingExpectedRTViolation_currentRouteTable
- The resource ID of the current route table that's associated with the
subnet, if one is available.
$sel:expectedRouteTable:NetworkFirewallMissingExpectedRTViolation'
, networkFirewallMissingExpectedRTViolation_expectedRouteTable
- The resource ID of the route table that should be associated with the
subnet.
$sel:vpc:NetworkFirewallMissingExpectedRTViolation'
, networkFirewallMissingExpectedRTViolation_vpc
- The resource ID of the VPC associated with a violating subnet.
$sel:violationTarget:NetworkFirewallMissingExpectedRTViolation'
, networkFirewallMissingExpectedRTViolation_violationTarget
- The ID of the Network Firewall or VPC resource that's in violation.
networkFirewallMissingExpectedRTViolation_availabilityZone :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The Availability Zone of a violating subnet.
networkFirewallMissingExpectedRTViolation_currentRouteTable :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The resource ID of the current route table that's associated with the subnet, if one is available.
networkFirewallMissingExpectedRTViolation_expectedRouteTable :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The resource ID of the route table that should be associated with the subnet.
networkFirewallMissingExpectedRTViolation_vpc :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The resource ID of the VPC associated with a violating subnet.
networkFirewallMissingExpectedRTViolation_violationTarget :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallMissingExpectedRoutesViolation
data NetworkFirewallMissingExpectedRoutesViolation Source #
Violation detail for an expected route missing in Network Firewall.
See: newNetworkFirewallMissingExpectedRoutesViolation
smart constructor.
NetworkFirewallMissingExpectedRoutesViolation' | |
|
Instances
newNetworkFirewallMissingExpectedRoutesViolation :: NetworkFirewallMissingExpectedRoutesViolation Source #
Create a value of NetworkFirewallMissingExpectedRoutesViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:expectedRoutes:NetworkFirewallMissingExpectedRoutesViolation'
, networkFirewallMissingExpectedRoutesViolation_expectedRoutes
- The expected routes.
$sel:violationTarget:NetworkFirewallMissingExpectedRoutesViolation'
, networkFirewallMissingExpectedRoutesViolation_violationTarget
- The target of the violation.
$sel:vpcId:NetworkFirewallMissingExpectedRoutesViolation'
, networkFirewallMissingExpectedRoutesViolation_vpcId
- Information about the VPC ID.
networkFirewallMissingExpectedRoutesViolation_expectedRoutes :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe [ExpectedRoute]) Source #
The expected routes.
networkFirewallMissingExpectedRoutesViolation_violationTarget :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe Text) Source #
The target of the violation.
networkFirewallMissingExpectedRoutesViolation_vpcId :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe Text) Source #
Information about the VPC ID.
NetworkFirewallMissingFirewallViolation
data NetworkFirewallMissingFirewallViolation Source #
Violation detail for Network Firewall for a subnet that doesn't have a Firewall Manager managed firewall in its VPC.
See: newNetworkFirewallMissingFirewallViolation
smart constructor.
NetworkFirewallMissingFirewallViolation' | |
|
Instances
newNetworkFirewallMissingFirewallViolation :: NetworkFirewallMissingFirewallViolation Source #
Create a value of NetworkFirewallMissingFirewallViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:NetworkFirewallMissingFirewallViolation'
, networkFirewallMissingFirewallViolation_availabilityZone
- The Availability Zone of a violating subnet.
$sel:targetViolationReason:NetworkFirewallMissingFirewallViolation'
, networkFirewallMissingFirewallViolation_targetViolationReason
- The reason the resource has this violation, if one is available.
$sel:vpc:NetworkFirewallMissingFirewallViolation'
, networkFirewallMissingFirewallViolation_vpc
- The resource ID of the VPC associated with a violating subnet.
$sel:violationTarget:NetworkFirewallMissingFirewallViolation'
, networkFirewallMissingFirewallViolation_violationTarget
- The ID of the Network Firewall or VPC resource that's in violation.
networkFirewallMissingFirewallViolation_availabilityZone :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text) Source #
The Availability Zone of a violating subnet.
networkFirewallMissingFirewallViolation_targetViolationReason :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text) Source #
The reason the resource has this violation, if one is available.
networkFirewallMissingFirewallViolation_vpc :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text) Source #
The resource ID of the VPC associated with a violating subnet.
networkFirewallMissingFirewallViolation_violationTarget :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text) Source #
The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallMissingSubnetViolation
data NetworkFirewallMissingSubnetViolation Source #
Violation detail for Network Firewall for an Availability Zone that's missing the expected Firewall Manager managed subnet.
See: newNetworkFirewallMissingSubnetViolation
smart constructor.
NetworkFirewallMissingSubnetViolation' | |
|
Instances
newNetworkFirewallMissingSubnetViolation :: NetworkFirewallMissingSubnetViolation Source #
Create a value of NetworkFirewallMissingSubnetViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:NetworkFirewallMissingSubnetViolation'
, networkFirewallMissingSubnetViolation_availabilityZone
- The Availability Zone of a violating subnet.
$sel:targetViolationReason:NetworkFirewallMissingSubnetViolation'
, networkFirewallMissingSubnetViolation_targetViolationReason
- The reason the resource has this violation, if one is available.
$sel:vpc:NetworkFirewallMissingSubnetViolation'
, networkFirewallMissingSubnetViolation_vpc
- The resource ID of the VPC associated with a violating subnet.
$sel:violationTarget:NetworkFirewallMissingSubnetViolation'
, networkFirewallMissingSubnetViolation_violationTarget
- The ID of the Network Firewall or VPC resource that's in violation.
networkFirewallMissingSubnetViolation_availabilityZone :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text) Source #
The Availability Zone of a violating subnet.
networkFirewallMissingSubnetViolation_targetViolationReason :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text) Source #
The reason the resource has this violation, if one is available.
networkFirewallMissingSubnetViolation_vpc :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text) Source #
The resource ID of the VPC associated with a violating subnet.
networkFirewallMissingSubnetViolation_violationTarget :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text) Source #
The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallPolicy
data NetworkFirewallPolicy Source #
Configures the firewall policy deployment model of Network Firewall. For information about Network Firewall deployment models, see Network Firewall example architectures with routing in the Network Firewall Developer Guide.
See: newNetworkFirewallPolicy
smart constructor.
NetworkFirewallPolicy' | |
|
Instances
newNetworkFirewallPolicy :: NetworkFirewallPolicy Source #
Create a value of NetworkFirewallPolicy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallDeploymentModel:NetworkFirewallPolicy'
, networkFirewallPolicy_firewallDeploymentModel
- Defines the deployment model to use for the firewall policy. To use a
distributed model, set
PolicyOption
to NULL
.
networkFirewallPolicy_firewallDeploymentModel :: Lens' NetworkFirewallPolicy (Maybe FirewallDeploymentModel) Source #
Defines the deployment model to use for the firewall policy. To use a
distributed model, set
PolicyOption
to NULL
.
NetworkFirewallPolicyDescription
data NetworkFirewallPolicyDescription Source #
The definition of the Network Firewall firewall policy.
See: newNetworkFirewallPolicyDescription
smart constructor.
NetworkFirewallPolicyDescription' | |
|
Instances
newNetworkFirewallPolicyDescription :: NetworkFirewallPolicyDescription Source #
Create a value of NetworkFirewallPolicyDescription
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:statefulDefaultActions:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statefulDefaultActions
- The default actions to take on a packet that doesn't match any stateful
rules. The stateful default action is optional, and is only valid when
using the strict rule order.
Valid values of the stateful default action:
- aws:drop_strict
- aws:drop_established
- aws:alert_strict
- aws:alert_established
$sel:statefulEngineOptions:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statefulEngineOptions
- Additional options governing how Network Firewall handles stateful
rules. The stateful rule groups that you use in your policy must have
stateful rule options settings that are compatible with these settings.
$sel:statefulRuleGroups:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statefulRuleGroups
- The stateful rule groups that are used in the Network Firewall firewall
policy.
$sel:statelessCustomActions:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statelessCustomActions
- Names of custom actions that are available for use in the stateless
default actions settings.
$sel:statelessDefaultActions:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statelessDefaultActions
- The actions to take on packets that don't match any of the stateless
rule groups.
$sel:statelessFragmentDefaultActions:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statelessFragmentDefaultActions
- The actions to take on packet fragments that don't match any of the
stateless rule groups.
$sel:statelessRuleGroups:NetworkFirewallPolicyDescription'
, networkFirewallPolicyDescription_statelessRuleGroups
- The stateless rule groups that are used in the Network Firewall firewall
policy.
networkFirewallPolicyDescription_statefulDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text]) Source #
The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is optional, and is only valid when using the strict rule order.
Valid values of the stateful default action:
- aws:drop_strict
- aws:drop_established
- aws:alert_strict
- aws:alert_established
networkFirewallPolicyDescription_statefulEngineOptions :: Lens' NetworkFirewallPolicyDescription (Maybe StatefulEngineOptions) Source #
Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that you use in your policy must have stateful rule options settings that are compatible with these settings.
networkFirewallPolicyDescription_statefulRuleGroups :: Lens' NetworkFirewallPolicyDescription (Maybe [StatefulRuleGroup]) Source #
The stateful rule groups that are used in the Network Firewall firewall policy.
networkFirewallPolicyDescription_statelessCustomActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text]) Source #
Names of custom actions that are available for use in the stateless default actions settings.
networkFirewallPolicyDescription_statelessDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text]) Source #
The actions to take on packets that don't match any of the stateless rule groups.
networkFirewallPolicyDescription_statelessFragmentDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text]) Source #
The actions to take on packet fragments that don't match any of the stateless rule groups.
networkFirewallPolicyDescription_statelessRuleGroups :: Lens' NetworkFirewallPolicyDescription (Maybe [StatelessRuleGroup]) Source #
The stateless rule groups that are used in the Network Firewall firewall policy.
NetworkFirewallPolicyModifiedViolation
data NetworkFirewallPolicyModifiedViolation Source #
Violation detail for Network Firewall for a firewall policy that has a different NetworkFirewallPolicyDescription than is required by the Firewall Manager policy.
See: newNetworkFirewallPolicyModifiedViolation
smart constructor.
NetworkFirewallPolicyModifiedViolation' | |
|
Instances
newNetworkFirewallPolicyModifiedViolation :: NetworkFirewallPolicyModifiedViolation Source #
Create a value of NetworkFirewallPolicyModifiedViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:currentPolicyDescription:NetworkFirewallPolicyModifiedViolation'
, networkFirewallPolicyModifiedViolation_currentPolicyDescription
- The policy that's currently in use in the individual account.
$sel:expectedPolicyDescription:NetworkFirewallPolicyModifiedViolation'
, networkFirewallPolicyModifiedViolation_expectedPolicyDescription
- The policy that should be in use in the individual account in order to
be compliant.
$sel:violationTarget:NetworkFirewallPolicyModifiedViolation'
, networkFirewallPolicyModifiedViolation_violationTarget
- The ID of the Network Firewall or VPC resource that's in violation.
networkFirewallPolicyModifiedViolation_currentPolicyDescription :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe NetworkFirewallPolicyDescription) Source #
The policy that's currently in use in the individual account.
networkFirewallPolicyModifiedViolation_expectedPolicyDescription :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe NetworkFirewallPolicyDescription) Source #
The policy that should be in use in the individual account in order to be compliant.
networkFirewallPolicyModifiedViolation_violationTarget :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe Text) Source #
The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallStatefulRuleGroupOverride
data NetworkFirewallStatefulRuleGroupOverride Source #
The setting that allows the policy owner to change the behavior of the rule group within a policy.
See: newNetworkFirewallStatefulRuleGroupOverride
smart constructor.
NetworkFirewallStatefulRuleGroupOverride' | |
|
Instances
FromJSON NetworkFirewallStatefulRuleGroupOverride Source # | |
Generic NetworkFirewallStatefulRuleGroupOverride Source # | |
Read NetworkFirewallStatefulRuleGroupOverride Source # | |
Show NetworkFirewallStatefulRuleGroupOverride Source # | |
NFData NetworkFirewallStatefulRuleGroupOverride Source # | |
Eq NetworkFirewallStatefulRuleGroupOverride Source # | |
Hashable NetworkFirewallStatefulRuleGroupOverride Source # | |
type Rep NetworkFirewallStatefulRuleGroupOverride Source # | |
Defined in Amazonka.FMS.Types.NetworkFirewallStatefulRuleGroupOverride type Rep NetworkFirewallStatefulRuleGroupOverride = D1 ('MetaData "NetworkFirewallStatefulRuleGroupOverride" "Amazonka.FMS.Types.NetworkFirewallStatefulRuleGroupOverride" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "NetworkFirewallStatefulRuleGroupOverride'" 'PrefixI 'True) (S1 ('MetaSel ('Just "action") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe NetworkFirewallOverrideAction)))) |
newNetworkFirewallStatefulRuleGroupOverride :: NetworkFirewallStatefulRuleGroupOverride Source #
Create a value of NetworkFirewallStatefulRuleGroupOverride
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:action:NetworkFirewallStatefulRuleGroupOverride'
, networkFirewallStatefulRuleGroupOverride_action
- The action that changes the rule group from DROP
to ALERT
. This only
applies to managed rule groups.
networkFirewallStatefulRuleGroupOverride_action :: Lens' NetworkFirewallStatefulRuleGroupOverride (Maybe NetworkFirewallOverrideAction) Source #
The action that changes the rule group from DROP
to ALERT
. This only
applies to managed rule groups.
NetworkFirewallUnexpectedFirewallRoutesViolation
data NetworkFirewallUnexpectedFirewallRoutesViolation Source #
Violation detail for an unexpected route that's present in a route table.
See: newNetworkFirewallUnexpectedFirewallRoutesViolation
smart constructor.
NetworkFirewallUnexpectedFirewallRoutesViolation' | |
|
Instances
newNetworkFirewallUnexpectedFirewallRoutesViolation :: NetworkFirewallUnexpectedFirewallRoutesViolation Source #
Create a value of NetworkFirewallUnexpectedFirewallRoutesViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallEndpoint:NetworkFirewallUnexpectedFirewallRoutesViolation'
, networkFirewallUnexpectedFirewallRoutesViolation_firewallEndpoint
- The endpoint of the firewall.
$sel:firewallSubnetId:NetworkFirewallUnexpectedFirewallRoutesViolation'
, networkFirewallUnexpectedFirewallRoutesViolation_firewallSubnetId
- The subnet ID for the firewall.
$sel:routeTableId:NetworkFirewallUnexpectedFirewallRoutesViolation'
, networkFirewallUnexpectedFirewallRoutesViolation_routeTableId
- The ID of the route table.
$sel:violatingRoutes:NetworkFirewallUnexpectedFirewallRoutesViolation'
, networkFirewallUnexpectedFirewallRoutesViolation_violatingRoutes
- The routes that are in violation.
$sel:vpcId:NetworkFirewallUnexpectedFirewallRoutesViolation'
, networkFirewallUnexpectedFirewallRoutesViolation_vpcId
- Information about the VPC ID.
networkFirewallUnexpectedFirewallRoutesViolation_firewallEndpoint :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text) Source #
The endpoint of the firewall.
networkFirewallUnexpectedFirewallRoutesViolation_firewallSubnetId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text) Source #
The subnet ID for the firewall.
networkFirewallUnexpectedFirewallRoutesViolation_routeTableId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text) Source #
The ID of the route table.
networkFirewallUnexpectedFirewallRoutesViolation_violatingRoutes :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe [Route]) Source #
The routes that are in violation.
networkFirewallUnexpectedFirewallRoutesViolation_vpcId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text) Source #
Information about the VPC ID.
NetworkFirewallUnexpectedGatewayRoutesViolation
data NetworkFirewallUnexpectedGatewayRoutesViolation Source #
Violation detail for an unexpected gateway route that’s present in a route table.
See: newNetworkFirewallUnexpectedGatewayRoutesViolation
smart constructor.
Instances
newNetworkFirewallUnexpectedGatewayRoutesViolation :: NetworkFirewallUnexpectedGatewayRoutesViolation Source #
Create a value of NetworkFirewallUnexpectedGatewayRoutesViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:gatewayId:NetworkFirewallUnexpectedGatewayRoutesViolation'
, networkFirewallUnexpectedGatewayRoutesViolation_gatewayId
- Information about the gateway ID.
$sel:routeTableId:NetworkFirewallUnexpectedGatewayRoutesViolation'
, networkFirewallUnexpectedGatewayRoutesViolation_routeTableId
- Information about the route table.
$sel:violatingRoutes:NetworkFirewallUnexpectedGatewayRoutesViolation'
, networkFirewallUnexpectedGatewayRoutesViolation_violatingRoutes
- The routes that are in violation.
$sel:vpcId:NetworkFirewallUnexpectedGatewayRoutesViolation'
, networkFirewallUnexpectedGatewayRoutesViolation_vpcId
- Information about the VPC ID.
networkFirewallUnexpectedGatewayRoutesViolation_gatewayId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text) Source #
Information about the gateway ID.
networkFirewallUnexpectedGatewayRoutesViolation_routeTableId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text) Source #
Information about the route table.
networkFirewallUnexpectedGatewayRoutesViolation_violatingRoutes :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe [Route]) Source #
The routes that are in violation.
networkFirewallUnexpectedGatewayRoutesViolation_vpcId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text) Source #
Information about the VPC ID.
PartialMatch
data PartialMatch Source #
The reference rule that partially matches the ViolationTarget
rule and
violation reason.
See: newPartialMatch
smart constructor.
Instances
newPartialMatch :: PartialMatch Source #
Create a value of PartialMatch
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:reference:PartialMatch'
, partialMatch_reference
- The reference rule from the primary security group of the Firewall
Manager policy.
$sel:targetViolationReasons:PartialMatch'
, partialMatch_targetViolationReasons
- The violation reason.
partialMatch_reference :: Lens' PartialMatch (Maybe Text) Source #
The reference rule from the primary security group of the Firewall Manager policy.
partialMatch_targetViolationReasons :: Lens' PartialMatch (Maybe [Text]) Source #
The violation reason.
Policy
An Firewall Manager policy.
See: newPolicy
smart constructor.
Policy' | |
|
Instances
Create a value of Policy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:deleteUnusedFMManagedResources:Policy'
, policy_deleteUnusedFMManagedResources
- Indicates whether Firewall Manager should automatically remove
protections from resources that leave the policy scope and clean up
resources that Firewall Manager is managing for accounts when those
accounts leave policy scope. For example, Firewall Manager will
disassociate a Firewall Manager managed web ACL from a protected
customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
$sel:excludeMap:Policy'
, policy_excludeMap
- Specifies the Amazon Web Services account IDs and Organizations
organizational units (OUs) to exclude from the policy. Specifying an OU
is the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a
later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap
, Firewall Manager applies the policy to all accounts
specified by the IncludeMap
, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT
. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}
. - Specify OUs by setting the key to
ORG_UNIT
. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}
. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
$sel:includeMap:Policy'
, policy_includeMap
- Specifies the Amazon Web Services account IDs and Organizations
organizational units (OUs) to include in the policy. Specifying an OU is
the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a
later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap
, Firewall Manager applies the policy to all accounts
specified by the IncludeMap
, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT
. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}
. - Specify OUs by setting the key to
ORG_UNIT
. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}
. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
$sel:policyDescription:Policy'
, policy_policyDescription
- The definition of the Network Firewall firewall policy.
$sel:policyId:Policy'
, policy_policyId
- The ID of the Firewall Manager policy.
$sel:policyUpdateToken:Policy'
, policy_policyUpdateToken
- A unique identifier for each update to the policy. When issuing a
PutPolicy
request, the PolicyUpdateToken
in the request must match
the PolicyUpdateToken
of the current policy version. To get the
PolicyUpdateToken
of the current policy version, use a GetPolicy
request.
$sel:resourceSetIds:Policy'
, policy_resourceSetIds
- The unique identifiers of the resource sets used by the policy.
$sel:resourceTags:Policy'
, policy_resourceTags
- An array of ResourceTag
objects.
$sel:resourceTypeList:Policy'
, policy_resourceTypeList
- An array of ResourceType
objects. Use this only to specify multiple
resource types. To specify a single resource type, use ResourceType
.
$sel:policyName:Policy'
, policy_policyName
- The name of the Firewall Manager policy.
$sel:securityServicePolicyData:Policy'
, policy_securityServicePolicyData
- Details about the security service that is being used to protect the
resources.
$sel:resourceType:Policy'
, policy_resourceType
- The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
To apply this policy to multiple resource types, specify a resource type
of ResourceTypeList
and then specify the resource types in a
ResourceTypeList
.
For WAF and Shield Advanced, resource types include
AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::ElasticLoadBalancing::LoadBalancer
, AWS::EC2::EIP
, and
AWS::CloudFront::Distribution
. For a security group common policy,
valid values are AWS::EC2::NetworkInterface
and AWS::EC2::Instance
.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup
, AWS::EC2::NetworkInterface
, and
AWS::EC2::Instance
. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup
. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC
.
$sel:excludeResourceTags:Policy'
, policy_excludeResourceTags
- If set to True
, resources with the tags that are specified in the
ResourceTag
array are not in scope of the policy. If set to False
,
and the ResourceTag
array is not null, only resources with the
specified tags are in scope of the policy.
$sel:remediationEnabled:Policy'
, policy_remediationEnabled
- Indicates if the policy should be automatically applied to new
resources.
policy_deleteUnusedFMManagedResources :: Lens' Policy (Maybe Bool) Source #
Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
policy_excludeMap :: Lens' Policy (Maybe (HashMap CustomerPolicyScopeIdType [Text])) Source #
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap
, Firewall Manager applies the policy to all accounts
specified by the IncludeMap
, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT
. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}
. - Specify OUs by setting the key to
ORG_UNIT
. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}
. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
policy_includeMap :: Lens' Policy (Maybe (HashMap CustomerPolicyScopeIdType [Text])) Source #
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap
, Firewall Manager applies the policy to all accounts
specified by the IncludeMap
, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT
. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}
. - Specify OUs by setting the key to
ORG_UNIT
. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}
. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
policy_policyDescription :: Lens' Policy (Maybe Text) Source #
The definition of the Network Firewall firewall policy.
policy_policyUpdateToken :: Lens' Policy (Maybe Text) Source #
A unique identifier for each update to the policy. When issuing a
PutPolicy
request, the PolicyUpdateToken
in the request must match
the PolicyUpdateToken
of the current policy version. To get the
PolicyUpdateToken
of the current policy version, use a GetPolicy
request.
policy_resourceSetIds :: Lens' Policy (Maybe [Text]) Source #
The unique identifiers of the resource sets used by the policy.
policy_resourceTags :: Lens' Policy (Maybe [ResourceTag]) Source #
An array of ResourceTag
objects.
policy_resourceTypeList :: Lens' Policy (Maybe [Text]) Source #
An array of ResourceType
objects. Use this only to specify multiple
resource types. To specify a single resource type, use ResourceType
.
policy_securityServicePolicyData :: Lens' Policy SecurityServicePolicyData Source #
Details about the security service that is being used to protect the resources.
policy_resourceType :: Lens' Policy Text Source #
The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
To apply this policy to multiple resource types, specify a resource type
of ResourceTypeList
and then specify the resource types in a
ResourceTypeList
.
For WAF and Shield Advanced, resource types include
AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::ElasticLoadBalancing::LoadBalancer
, AWS::EC2::EIP
, and
AWS::CloudFront::Distribution
. For a security group common policy,
valid values are AWS::EC2::NetworkInterface
and AWS::EC2::Instance
.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup
, AWS::EC2::NetworkInterface
, and
AWS::EC2::Instance
. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup
. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC
.
policy_excludeResourceTags :: Lens' Policy Bool Source #
If set to True
, resources with the tags that are specified in the
ResourceTag
array are not in scope of the policy. If set to False
,
and the ResourceTag
array is not null, only resources with the
specified tags are in scope of the policy.
policy_remediationEnabled :: Lens' Policy Bool Source #
Indicates if the policy should be automatically applied to new resources.
PolicyComplianceDetail
data PolicyComplianceDetail Source #
Describes the noncompliant resources in a member account for a specific
Firewall Manager policy. A maximum of 100 entries are displayed. If more
than 100 resources are noncompliant, EvaluationLimitExceeded
is set to
True
.
See: newPolicyComplianceDetail
smart constructor.
PolicyComplianceDetail' | |
|
Instances
newPolicyComplianceDetail :: PolicyComplianceDetail Source #
Create a value of PolicyComplianceDetail
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:evaluationLimitExceeded:PolicyComplianceDetail'
, policyComplianceDetail_evaluationLimitExceeded
- Indicates if over 100 resources are noncompliant with the Firewall
Manager policy.
$sel:expiredAt:PolicyComplianceDetail'
, policyComplianceDetail_expiredAt
- A timestamp that indicates when the returned information should be
considered out of date.
$sel:issueInfoMap:PolicyComplianceDetail'
, policyComplianceDetail_issueInfoMap
- Details about problems with dependent services, such as WAF or Config,
and the error message received that indicates the problem with the
service.
$sel:memberAccount:PolicyComplianceDetail'
, policyComplianceDetail_memberAccount
- The Amazon Web Services account ID.
$sel:policyId:PolicyComplianceDetail'
, policyComplianceDetail_policyId
- The ID of the Firewall Manager policy.
$sel:policyOwner:PolicyComplianceDetail'
, policyComplianceDetail_policyOwner
- The Amazon Web Services account that created the Firewall Manager
policy.
$sel:violators:PolicyComplianceDetail'
, policyComplianceDetail_violators
- An array of resources that aren't protected by the WAF or Shield
Advanced policy or that aren't in compliance with the security group
policy.
policyComplianceDetail_evaluationLimitExceeded :: Lens' PolicyComplianceDetail (Maybe Bool) Source #
Indicates if over 100 resources are noncompliant with the Firewall Manager policy.
policyComplianceDetail_expiredAt :: Lens' PolicyComplianceDetail (Maybe UTCTime) Source #
A timestamp that indicates when the returned information should be considered out of date.
policyComplianceDetail_issueInfoMap :: Lens' PolicyComplianceDetail (Maybe (HashMap DependentServiceName Text)) Source #
Details about problems with dependent services, such as WAF or Config, and the error message received that indicates the problem with the service.
policyComplianceDetail_memberAccount :: Lens' PolicyComplianceDetail (Maybe Text) Source #
The Amazon Web Services account ID.
policyComplianceDetail_policyId :: Lens' PolicyComplianceDetail (Maybe Text) Source #
The ID of the Firewall Manager policy.
policyComplianceDetail_policyOwner :: Lens' PolicyComplianceDetail (Maybe Text) Source #
The Amazon Web Services account that created the Firewall Manager policy.
policyComplianceDetail_violators :: Lens' PolicyComplianceDetail (Maybe [ComplianceViolator]) Source #
An array of resources that aren't protected by the WAF or Shield Advanced policy or that aren't in compliance with the security group policy.
PolicyComplianceStatus
data PolicyComplianceStatus Source #
Indicates whether the account is compliant with the specified policy. An account is considered noncompliant if it includes resources that are not protected by the policy, for WAF and Shield Advanced policies, or that are noncompliant with the policy, for security group policies.
See: newPolicyComplianceStatus
smart constructor.
PolicyComplianceStatus' | |
|
Instances
newPolicyComplianceStatus :: PolicyComplianceStatus Source #
Create a value of PolicyComplianceStatus
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:evaluationResults:PolicyComplianceStatus'
, policyComplianceStatus_evaluationResults
- An array of EvaluationResult
objects.
$sel:issueInfoMap:PolicyComplianceStatus'
, policyComplianceStatus_issueInfoMap
- Details about problems with dependent services, such as WAF or Config,
and the error message received that indicates the problem with the
service.
$sel:lastUpdated:PolicyComplianceStatus'
, policyComplianceStatus_lastUpdated
- Timestamp of the last update to the EvaluationResult
objects.
$sel:memberAccount:PolicyComplianceStatus'
, policyComplianceStatus_memberAccount
- The member account ID.
$sel:policyId:PolicyComplianceStatus'
, policyComplianceStatus_policyId
- The ID of the Firewall Manager policy.
$sel:policyName:PolicyComplianceStatus'
, policyComplianceStatus_policyName
- The name of the Firewall Manager policy.
$sel:policyOwner:PolicyComplianceStatus'
, policyComplianceStatus_policyOwner
- The Amazon Web Services account that created the Firewall Manager
policy.
policyComplianceStatus_evaluationResults :: Lens' PolicyComplianceStatus (Maybe [EvaluationResult]) Source #
An array of EvaluationResult
objects.
policyComplianceStatus_issueInfoMap :: Lens' PolicyComplianceStatus (Maybe (HashMap DependentServiceName Text)) Source #
Details about problems with dependent services, such as WAF or Config, and the error message received that indicates the problem with the service.
policyComplianceStatus_lastUpdated :: Lens' PolicyComplianceStatus (Maybe UTCTime) Source #
Timestamp of the last update to the EvaluationResult
objects.
policyComplianceStatus_memberAccount :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The member account ID.
policyComplianceStatus_policyId :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The ID of the Firewall Manager policy.
policyComplianceStatus_policyName :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The name of the Firewall Manager policy.
policyComplianceStatus_policyOwner :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The Amazon Web Services account that created the Firewall Manager policy.
PolicyOption
data PolicyOption Source #
Contains the Network Firewall firewall policy options to configure the policy's deployment model and third-party firewall policy settings.
See: newPolicyOption
smart constructor.
PolicyOption' | |
|
Instances
newPolicyOption :: PolicyOption Source #
Create a value of PolicyOption
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:networkFirewallPolicy:PolicyOption'
, policyOption_networkFirewallPolicy
- Defines the deployment model to use for the firewall policy.
$sel:thirdPartyFirewallPolicy:PolicyOption'
, policyOption_thirdPartyFirewallPolicy
- Defines the policy options for a third-party firewall policy.
policyOption_networkFirewallPolicy :: Lens' PolicyOption (Maybe NetworkFirewallPolicy) Source #
Defines the deployment model to use for the firewall policy.
policyOption_thirdPartyFirewallPolicy :: Lens' PolicyOption (Maybe ThirdPartyFirewallPolicy) Source #
Defines the policy options for a third-party firewall policy.
PolicySummary
data PolicySummary Source #
Details of the Firewall Manager policy.
See: newPolicySummary
smart constructor.
PolicySummary' | |
|
Instances
newPolicySummary :: PolicySummary Source #
Create a value of PolicySummary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:deleteUnusedFMManagedResources:PolicySummary'
, policySummary_deleteUnusedFMManagedResources
- Indicates whether Firewall Manager should automatically remove
protections from resources that leave the policy scope and clean up
resources that Firewall Manager is managing for accounts when those
accounts leave policy scope. For example, Firewall Manager will
disassociate a Firewall Manager managed web ACL from a protected
customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
$sel:policyArn:PolicySummary'
, policySummary_policyArn
- The Amazon Resource Name (ARN) of the specified policy.
$sel:policyId:PolicySummary'
, policySummary_policyId
- The ID of the specified policy.
$sel:policyName:PolicySummary'
, policySummary_policyName
- The name of the specified policy.
$sel:remediationEnabled:PolicySummary'
, policySummary_remediationEnabled
- Indicates if the policy should be automatically applied to new
resources.
$sel:resourceType:PolicySummary'
, policySummary_resourceType
- The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
For WAF and Shield Advanced, examples include
AWS::ElasticLoadBalancingV2::LoadBalancer
and
AWS::CloudFront::Distribution
. For a security group common policy,
valid values are AWS::EC2::NetworkInterface
and AWS::EC2::Instance
.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup
, AWS::EC2::NetworkInterface
, and
AWS::EC2::Instance
. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup
. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC
.
$sel:securityServiceType:PolicySummary'
, policySummary_securityServiceType
- The service that the policy is using to protect the resources. This
specifies the type of policy that is created, either an WAF policy, a
Shield Advanced policy, or a security group policy.
policySummary_deleteUnusedFMManagedResources :: Lens' PolicySummary (Maybe Bool) Source #
Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
policySummary_policyArn :: Lens' PolicySummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the specified policy.
policySummary_policyId :: Lens' PolicySummary (Maybe Text) Source #
The ID of the specified policy.
policySummary_policyName :: Lens' PolicySummary (Maybe Text) Source #
The name of the specified policy.
policySummary_remediationEnabled :: Lens' PolicySummary (Maybe Bool) Source #
Indicates if the policy should be automatically applied to new resources.
policySummary_resourceType :: Lens' PolicySummary (Maybe Text) Source #
The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
For WAF and Shield Advanced, examples include
AWS::ElasticLoadBalancingV2::LoadBalancer
and
AWS::CloudFront::Distribution
. For a security group common policy,
valid values are AWS::EC2::NetworkInterface
and AWS::EC2::Instance
.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup
, AWS::EC2::NetworkInterface
, and
AWS::EC2::Instance
. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup
. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC
.
policySummary_securityServiceType :: Lens' PolicySummary (Maybe SecurityServiceType) Source #
The service that the policy is using to protect the resources. This specifies the type of policy that is created, either an WAF policy, a Shield Advanced policy, or a security group policy.
PossibleRemediationAction
data PossibleRemediationAction Source #
A list of remediation actions.
See: newPossibleRemediationAction
smart constructor.
PossibleRemediationAction' | |
|
Instances
newPossibleRemediationAction :: PossibleRemediationAction Source #
Create a value of PossibleRemediationAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:PossibleRemediationAction'
, possibleRemediationAction_description
- A description of the list of remediation actions.
$sel:isDefaultAction:PossibleRemediationAction'
, possibleRemediationAction_isDefaultAction
- Information about whether an action is taken by default.
$sel:orderedRemediationActions:PossibleRemediationAction'
, possibleRemediationAction_orderedRemediationActions
- The ordered list of remediation actions.
possibleRemediationAction_description :: Lens' PossibleRemediationAction (Maybe Text) Source #
A description of the list of remediation actions.
possibleRemediationAction_isDefaultAction :: Lens' PossibleRemediationAction (Maybe Bool) Source #
Information about whether an action is taken by default.
possibleRemediationAction_orderedRemediationActions :: Lens' PossibleRemediationAction [RemediationActionWithOrder] Source #
The ordered list of remediation actions.
PossibleRemediationActions
data PossibleRemediationActions Source #
A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.
See: newPossibleRemediationActions
smart constructor.
PossibleRemediationActions' | |
|
Instances
newPossibleRemediationActions :: PossibleRemediationActions Source #
Create a value of PossibleRemediationActions
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actions:PossibleRemediationActions'
, possibleRemediationActions_actions
- Information about the actions.
PossibleRemediationActions
, possibleRemediationActions_description
- A description of the possible remediation actions list.
possibleRemediationActions_actions :: Lens' PossibleRemediationActions (Maybe [PossibleRemediationAction]) Source #
Information about the actions.
possibleRemediationActions_description :: Lens' PossibleRemediationActions (Maybe Text) Source #
A description of the possible remediation actions list.
ProtocolsListData
data ProtocolsListData Source #
An Firewall Manager protocols list.
See: newProtocolsListData
smart constructor.
ProtocolsListData' | |
|
Instances
Create a value of ProtocolsListData
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:createTime:ProtocolsListData'
, protocolsListData_createTime
- The time that the Firewall Manager protocols list was created.
$sel:lastUpdateTime:ProtocolsListData'
, protocolsListData_lastUpdateTime
- The time that the Firewall Manager protocols list was last updated.
$sel:listId:ProtocolsListData'
, protocolsListData_listId
- The ID of the Firewall Manager protocols list.
$sel:listUpdateToken:ProtocolsListData'
, protocolsListData_listUpdateToken
- A unique identifier for each update to the list. When you update the
list, the update token must match the token of the current version of
the application list. You can retrieve the update token by getting the
list.
$sel:previousProtocolsList:ProtocolsListData'
, protocolsListData_previousProtocolsList
- A map of previous version numbers to their corresponding protocol
arrays.
$sel:listName:ProtocolsListData'
, protocolsListData_listName
- The name of the Firewall Manager protocols list.
$sel:protocolsList:ProtocolsListData'
, protocolsListData_protocolsList
- An array of protocols in the Firewall Manager protocols list.
protocolsListData_createTime :: Lens' ProtocolsListData (Maybe UTCTime) Source #
The time that the Firewall Manager protocols list was created.
protocolsListData_lastUpdateTime :: Lens' ProtocolsListData (Maybe UTCTime) Source #
The time that the Firewall Manager protocols list was last updated.
protocolsListData_listId :: Lens' ProtocolsListData (Maybe Text) Source #
The ID of the Firewall Manager protocols list.
protocolsListData_listUpdateToken :: Lens' ProtocolsListData (Maybe Text) Source #
A unique identifier for each update to the list. When you update the list, the update token must match the token of the current version of the application list. You can retrieve the update token by getting the list.
protocolsListData_previousProtocolsList :: Lens' ProtocolsListData (Maybe (HashMap Text [Text])) Source #
A map of previous version numbers to their corresponding protocol arrays.
protocolsListData_listName :: Lens' ProtocolsListData Text Source #
The name of the Firewall Manager protocols list.
protocolsListData_protocolsList :: Lens' ProtocolsListData [Text] Source #
An array of protocols in the Firewall Manager protocols list.
ProtocolsListDataSummary
data ProtocolsListDataSummary Source #
Details of the Firewall Manager protocols list.
See: newProtocolsListDataSummary
smart constructor.
Instances
newProtocolsListDataSummary :: ProtocolsListDataSummary Source #
Create a value of ProtocolsListDataSummary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:listArn:ProtocolsListDataSummary'
, protocolsListDataSummary_listArn
- The Amazon Resource Name (ARN) of the specified protocols list.
$sel:listId:ProtocolsListDataSummary'
, protocolsListDataSummary_listId
- The ID of the specified protocols list.
$sel:listName:ProtocolsListDataSummary'
, protocolsListDataSummary_listName
- The name of the specified protocols list.
$sel:protocolsList:ProtocolsListDataSummary'
, protocolsListDataSummary_protocolsList
- An array of protocols in the Firewall Manager protocols list.
protocolsListDataSummary_listArn :: Lens' ProtocolsListDataSummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the specified protocols list.
protocolsListDataSummary_listId :: Lens' ProtocolsListDataSummary (Maybe Text) Source #
The ID of the specified protocols list.
protocolsListDataSummary_listName :: Lens' ProtocolsListDataSummary (Maybe Text) Source #
The name of the specified protocols list.
protocolsListDataSummary_protocolsList :: Lens' ProtocolsListDataSummary (Maybe [Text]) Source #
An array of protocols in the Firewall Manager protocols list.
RemediationAction
data RemediationAction Source #
Information about an individual action you can take to remediate a violation.
See: newRemediationAction
smart constructor.
RemediationAction' | |
|
Instances
newRemediationAction :: RemediationAction Source #
Create a value of RemediationAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
RemediationAction
, remediationAction_description
- A description of a remediation action.
$sel:eC2AssociateRouteTableAction:RemediationAction'
, remediationAction_eC2AssociateRouteTableAction
- Information about the AssociateRouteTable action in the Amazon EC2 API.
$sel:eC2CopyRouteTableAction:RemediationAction'
, remediationAction_eC2CopyRouteTableAction
- Information about the CopyRouteTable action in the Amazon EC2 API.
$sel:eC2CreateRouteAction:RemediationAction'
, remediationAction_eC2CreateRouteAction
- Information about the CreateRoute action in the Amazon EC2 API.
$sel:eC2CreateRouteTableAction:RemediationAction'
, remediationAction_eC2CreateRouteTableAction
- Information about the CreateRouteTable action in the Amazon EC2 API.
$sel:eC2DeleteRouteAction:RemediationAction'
, remediationAction_eC2DeleteRouteAction
- Information about the DeleteRoute action in the Amazon EC2 API.
$sel:eC2ReplaceRouteAction:RemediationAction'
, remediationAction_eC2ReplaceRouteAction
- Information about the ReplaceRoute action in the Amazon EC2 API.
$sel:eC2ReplaceRouteTableAssociationAction:RemediationAction'
, remediationAction_eC2ReplaceRouteTableAssociationAction
- Information about the ReplaceRouteTableAssociation action in the Amazon
EC2 API.
$sel:fMSPolicyUpdateFirewallCreationConfigAction:RemediationAction'
, remediationAction_fMSPolicyUpdateFirewallCreationConfigAction
- The remedial action to take when updating a firewall configuration.
remediationAction_description :: Lens' RemediationAction (Maybe Text) Source #
A description of a remediation action.
remediationAction_eC2AssociateRouteTableAction :: Lens' RemediationAction (Maybe EC2AssociateRouteTableAction) Source #
Information about the AssociateRouteTable action in the Amazon EC2 API.
remediationAction_eC2CopyRouteTableAction :: Lens' RemediationAction (Maybe EC2CopyRouteTableAction) Source #
Information about the CopyRouteTable action in the Amazon EC2 API.
remediationAction_eC2CreateRouteAction :: Lens' RemediationAction (Maybe EC2CreateRouteAction) Source #
Information about the CreateRoute action in the Amazon EC2 API.
remediationAction_eC2CreateRouteTableAction :: Lens' RemediationAction (Maybe EC2CreateRouteTableAction) Source #
Information about the CreateRouteTable action in the Amazon EC2 API.
remediationAction_eC2DeleteRouteAction :: Lens' RemediationAction (Maybe EC2DeleteRouteAction) Source #
Information about the DeleteRoute action in the Amazon EC2 API.
remediationAction_eC2ReplaceRouteAction :: Lens' RemediationAction (Maybe EC2ReplaceRouteAction) Source #
Information about the ReplaceRoute action in the Amazon EC2 API.
remediationAction_eC2ReplaceRouteTableAssociationAction :: Lens' RemediationAction (Maybe EC2ReplaceRouteTableAssociationAction) Source #
Information about the ReplaceRouteTableAssociation action in the Amazon EC2 API.
remediationAction_fMSPolicyUpdateFirewallCreationConfigAction :: Lens' RemediationAction (Maybe FMSPolicyUpdateFirewallCreationConfigAction) Source #
The remedial action to take when updating a firewall configuration.
RemediationActionWithOrder
data RemediationActionWithOrder Source #
An ordered list of actions you can take to remediate a violation.
See: newRemediationActionWithOrder
smart constructor.
RemediationActionWithOrder' | |
|
Instances
newRemediationActionWithOrder :: RemediationActionWithOrder Source #
Create a value of RemediationActionWithOrder
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:order:RemediationActionWithOrder'
, remediationActionWithOrder_order
- The order of the remediation actions in the list.
$sel:remediationAction:RemediationActionWithOrder'
, remediationActionWithOrder_remediationAction
- Information about an action you can take to remediate a violation.
remediationActionWithOrder_order :: Lens' RemediationActionWithOrder (Maybe Int) Source #
The order of the remediation actions in the list.
remediationActionWithOrder_remediationAction :: Lens' RemediationActionWithOrder (Maybe RemediationAction) Source #
Information about an action you can take to remediate a violation.
Resource
Details of a resource that is associated to an Firewall Manager resource set.
See: newResource
smart constructor.
Instances
FromJSON Resource Source # | |
Generic Resource Source # | |
Read Resource Source # | |
Show Resource Source # | |
NFData Resource Source # | |
Defined in Amazonka.FMS.Types.Resource | |
Eq Resource Source # | |
Hashable Resource Source # | |
Defined in Amazonka.FMS.Types.Resource | |
type Rep Resource Source # | |
Defined in Amazonka.FMS.Types.Resource type Rep Resource = D1 ('MetaData "Resource" "Amazonka.FMS.Types.Resource" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "Resource'" 'PrefixI 'True) (S1 ('MetaSel ('Just "accountId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "uri") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) |
Create a value of Resource
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:accountId:Resource'
, resource_accountId
- The Amazon Web Services account ID that the associated resource belongs
to.
$sel:uri:Resource'
, resource_uri
- The resource's universal resource indicator (URI).
resource_accountId :: Lens' Resource (Maybe Text) Source #
The Amazon Web Services account ID that the associated resource belongs to.
ResourceSet
data ResourceSet Source #
A set of resources to include in a policy.
See: newResourceSet
smart constructor.
ResourceSet' | |
|
Instances
Create a value of ResourceSet
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:ResourceSet'
, resourceSet_description
- A description of the resource set.
$sel:id:ResourceSet'
, resourceSet_id
- A unique identifier for the resource set. This ID is returned in the
responses to create and list commands. You provide it to operations like
update and delete.
$sel:lastUpdateTime:ResourceSet'
, resourceSet_lastUpdateTime
- The last time that the resource set was changed.
$sel:updateToken:ResourceSet'
, resourceSet_updateToken
- An optional token that you can use for optimistic locking. Firewall
Manager returns a token to your requests that access the resource set.
The token marks the state of the resource set resource at the time of
the request. Update tokens are not allowed when creating a resource set.
After creation, each subsequent update call to the resource set requires
the update token.
To make an unconditional change to the resource set, omit the token in your update request. Without the token, Firewall Manager performs your updates regardless of whether the resource set has changed since you last retrieved it.
To make a conditional change to the resource set, provide the token in
your update request. Firewall Manager uses the token to ensure that the
resource set hasn't changed since you last retrieved it. If it has
changed, the operation fails with an InvalidTokenException
. If this
happens, retrieve the resource set again to get a current copy of it
with a new token. Reapply your changes as needed, then try the operation
again using the new token.
$sel:name:ResourceSet'
, resourceSet_name
- The descriptive name of the resource set. You can't change the name of
a resource set after you create it.
$sel:resourceTypeList:ResourceSet'
, resourceSet_resourceTypeList
- Determines the resources that can be associated to the resource set.
Depending on your setting for max results and the number of resource
sets, a single call might not return the full list.
resourceSet_description :: Lens' ResourceSet (Maybe Text) Source #
A description of the resource set.
resourceSet_id :: Lens' ResourceSet (Maybe Text) Source #
A unique identifier for the resource set. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.
resourceSet_lastUpdateTime :: Lens' ResourceSet (Maybe UTCTime) Source #
The last time that the resource set was changed.
resourceSet_updateToken :: Lens' ResourceSet (Maybe Text) Source #
An optional token that you can use for optimistic locking. Firewall Manager returns a token to your requests that access the resource set. The token marks the state of the resource set resource at the time of the request. Update tokens are not allowed when creating a resource set. After creation, each subsequent update call to the resource set requires the update token.
To make an unconditional change to the resource set, omit the token in your update request. Without the token, Firewall Manager performs your updates regardless of whether the resource set has changed since you last retrieved it.
To make a conditional change to the resource set, provide the token in
your update request. Firewall Manager uses the token to ensure that the
resource set hasn't changed since you last retrieved it. If it has
changed, the operation fails with an InvalidTokenException
. If this
happens, retrieve the resource set again to get a current copy of it
with a new token. Reapply your changes as needed, then try the operation
again using the new token.
resourceSet_name :: Lens' ResourceSet Text Source #
The descriptive name of the resource set. You can't change the name of a resource set after you create it.
resourceSet_resourceTypeList :: Lens' ResourceSet [Text] Source #
Determines the resources that can be associated to the resource set. Depending on your setting for max results and the number of resource sets, a single call might not return the full list.
ResourceSetSummary
data ResourceSetSummary Source #
Summarizes the resource sets used in a policy.
See: newResourceSetSummary
smart constructor.
ResourceSetSummary' | |
|
Instances
newResourceSetSummary :: ResourceSetSummary Source #
Create a value of ResourceSetSummary
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:ResourceSetSummary'
, resourceSetSummary_description
- A description of the resource set.
$sel:id:ResourceSetSummary'
, resourceSetSummary_id
- A unique identifier for the resource set. This ID is returned in the
responses to create and list commands. You provide it to operations like
update and delete.
$sel:lastUpdateTime:ResourceSetSummary'
, resourceSetSummary_lastUpdateTime
- The last time that the resource set was changed.
$sel:name:ResourceSetSummary'
, resourceSetSummary_name
- The descriptive name of the resource set. You can't change the name of
a resource set after you create it.
resourceSetSummary_description :: Lens' ResourceSetSummary (Maybe Text) Source #
A description of the resource set.
resourceSetSummary_id :: Lens' ResourceSetSummary (Maybe Text) Source #
A unique identifier for the resource set. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.
resourceSetSummary_lastUpdateTime :: Lens' ResourceSetSummary (Maybe UTCTime) Source #
The last time that the resource set was changed.
resourceSetSummary_name :: Lens' ResourceSetSummary (Maybe Text) Source #
The descriptive name of the resource set. You can't change the name of a resource set after you create it.
ResourceTag
data ResourceTag Source #
The resource tags that Firewall Manager uses to determine if a particular resource should be included or excluded from the Firewall Manager policy. Tags enable you to categorize your Amazon Web Services resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value. Firewall Manager combines the tags with "AND" so that, if you add more than one tag to a policy scope, a resource must have all the specified tags to be included or excluded. For more information, see Working with Tag Editor.
See: newResourceTag
smart constructor.
Instances
Create a value of ResourceTag
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:value:ResourceTag'
, resourceTag_value
- The resource tag value.
$sel:key:ResourceTag'
, resourceTag_key
- The resource tag key.
resourceTag_value :: Lens' ResourceTag (Maybe Text) Source #
The resource tag value.
resourceTag_key :: Lens' ResourceTag Text Source #
The resource tag key.
ResourceViolation
data ResourceViolation Source #
Violation detail based on resource type.
See: newResourceViolation
smart constructor.
ResourceViolation' | |
|
Instances
newResourceViolation :: ResourceViolation Source #
Create a value of ResourceViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:awsEc2InstanceViolation:ResourceViolation'
, resourceViolation_awsEc2InstanceViolation
- Violation detail for an EC2 instance.
$sel:awsEc2NetworkInterfaceViolation:ResourceViolation'
, resourceViolation_awsEc2NetworkInterfaceViolation
- Violation detail for a network interface.
$sel:awsVPCSecurityGroupViolation:ResourceViolation'
, resourceViolation_awsVPCSecurityGroupViolation
- Violation detail for security groups.
$sel:dnsDuplicateRuleGroupViolation:ResourceViolation'
, resourceViolation_dnsDuplicateRuleGroupViolation
- Violation detail for a DNS Firewall policy that indicates that a rule
group that Firewall Manager tried to associate with a VPC is already
associated with the VPC and can't be associated again.
$sel:dnsRuleGroupLimitExceededViolation:ResourceViolation'
, resourceViolation_dnsRuleGroupLimitExceededViolation
- Violation detail for a DNS Firewall policy that indicates that the VPC
reached the limit for associated DNS Firewall rule groups. Firewall
Manager tried to associate another rule group with the VPC and failed.
$sel:dnsRuleGroupPriorityConflictViolation:ResourceViolation'
, resourceViolation_dnsRuleGroupPriorityConflictViolation
- Violation detail for a DNS Firewall policy that indicates that a rule
group that Firewall Manager tried to associate with a VPC has the same
priority as a rule group that's already associated.
$sel:firewallSubnetIsOutOfScopeViolation:ResourceViolation'
, resourceViolation_firewallSubnetIsOutOfScopeViolation
- Contains details about the firewall subnet that violates the policy
scope.
$sel:firewallSubnetMissingVPCEndpointViolation:ResourceViolation'
, resourceViolation_firewallSubnetMissingVPCEndpointViolation
- The violation details for a third-party firewall's VPC endpoint subnet
that was deleted.
$sel:networkFirewallBlackHoleRouteDetectedViolation:ResourceViolation'
, resourceViolation_networkFirewallBlackHoleRouteDetectedViolation
- Undocumented member.
$sel:networkFirewallInternetTrafficNotInspectedViolation:ResourceViolation'
, resourceViolation_networkFirewallInternetTrafficNotInspectedViolation
- Violation detail for the subnet for which internet traffic hasn't been
inspected.
$sel:networkFirewallInvalidRouteConfigurationViolation:ResourceViolation'
, resourceViolation_networkFirewallInvalidRouteConfigurationViolation
- The route configuration is invalid.
$sel:networkFirewallMissingExpectedRTViolation:ResourceViolation'
, resourceViolation_networkFirewallMissingExpectedRTViolation
- Violation detail for an Network Firewall policy that indicates that a
subnet is not associated with the expected Firewall Manager managed
route table.
$sel:networkFirewallMissingExpectedRoutesViolation:ResourceViolation'
, resourceViolation_networkFirewallMissingExpectedRoutesViolation
- Expected routes are missing from Network Firewall.
$sel:networkFirewallMissingFirewallViolation:ResourceViolation'
, resourceViolation_networkFirewallMissingFirewallViolation
- Violation detail for an Network Firewall policy that indicates that a
subnet has no Firewall Manager managed firewall in its VPC.
$sel:networkFirewallMissingSubnetViolation:ResourceViolation'
, resourceViolation_networkFirewallMissingSubnetViolation
- Violation detail for an Network Firewall policy that indicates that an
Availability Zone is missing the expected Firewall Manager managed
subnet.
$sel:networkFirewallPolicyModifiedViolation:ResourceViolation'
, resourceViolation_networkFirewallPolicyModifiedViolation
- Violation detail for an Network Firewall policy that indicates that a
firewall policy in an individual account has been modified in a way that
makes it noncompliant. For example, the individual account owner might
have deleted a rule group, changed the priority of a stateless rule
group, or changed a policy default action.
$sel:networkFirewallUnexpectedFirewallRoutesViolation:ResourceViolation'
, resourceViolation_networkFirewallUnexpectedFirewallRoutesViolation
- There's an unexpected firewall route.
$sel:networkFirewallUnexpectedGatewayRoutesViolation:ResourceViolation'
, resourceViolation_networkFirewallUnexpectedGatewayRoutesViolation
- There's an unexpected gateway route.
$sel:possibleRemediationActions:ResourceViolation'
, resourceViolation_possibleRemediationActions
- A list of possible remediation action lists. Each individual possible
remediation action is a list of individual remediation actions.
$sel:routeHasOutOfScopeEndpointViolation:ResourceViolation'
, resourceViolation_routeHasOutOfScopeEndpointViolation
- Contains details about the route endpoint that violates the policy
scope.
$sel:thirdPartyFirewallMissingExpectedRouteTableViolation:ResourceViolation'
, resourceViolation_thirdPartyFirewallMissingExpectedRouteTableViolation
- The violation details for a third-party firewall that has the Firewall
Manager managed route table that was associated with the third-party
firewall has been deleted.
$sel:thirdPartyFirewallMissingFirewallViolation:ResourceViolation'
, resourceViolation_thirdPartyFirewallMissingFirewallViolation
- The violation details for a third-party firewall that's been deleted.
$sel:thirdPartyFirewallMissingSubnetViolation:ResourceViolation'
, resourceViolation_thirdPartyFirewallMissingSubnetViolation
- The violation details for a third-party firewall's subnet that's been
deleted.
resourceViolation_awsEc2InstanceViolation :: Lens' ResourceViolation (Maybe AwsEc2InstanceViolation) Source #
Violation detail for an EC2 instance.
resourceViolation_awsEc2NetworkInterfaceViolation :: Lens' ResourceViolation (Maybe AwsEc2NetworkInterfaceViolation) Source #
Violation detail for a network interface.
resourceViolation_awsVPCSecurityGroupViolation :: Lens' ResourceViolation (Maybe AwsVPCSecurityGroupViolation) Source #
Violation detail for security groups.
resourceViolation_dnsDuplicateRuleGroupViolation :: Lens' ResourceViolation (Maybe DnsDuplicateRuleGroupViolation) Source #
Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.
resourceViolation_dnsRuleGroupLimitExceededViolation :: Lens' ResourceViolation (Maybe DnsRuleGroupLimitExceededViolation) Source #
Violation detail for a DNS Firewall policy that indicates that the VPC reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed.
resourceViolation_dnsRuleGroupPriorityConflictViolation :: Lens' ResourceViolation (Maybe DnsRuleGroupPriorityConflictViolation) Source #
Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.
resourceViolation_firewallSubnetIsOutOfScopeViolation :: Lens' ResourceViolation (Maybe FirewallSubnetIsOutOfScopeViolation) Source #
Contains details about the firewall subnet that violates the policy scope.
resourceViolation_firewallSubnetMissingVPCEndpointViolation :: Lens' ResourceViolation (Maybe FirewallSubnetMissingVPCEndpointViolation) Source #
The violation details for a third-party firewall's VPC endpoint subnet that was deleted.
resourceViolation_networkFirewallBlackHoleRouteDetectedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallBlackHoleRouteDetectedViolation) Source #
Undocumented member.
resourceViolation_networkFirewallInternetTrafficNotInspectedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallInternetTrafficNotInspectedViolation) Source #
Violation detail for the subnet for which internet traffic hasn't been inspected.
resourceViolation_networkFirewallInvalidRouteConfigurationViolation :: Lens' ResourceViolation (Maybe NetworkFirewallInvalidRouteConfigurationViolation) Source #
The route configuration is invalid.
resourceViolation_networkFirewallMissingExpectedRTViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingExpectedRTViolation) Source #
Violation detail for an Network Firewall policy that indicates that a subnet is not associated with the expected Firewall Manager managed route table.
resourceViolation_networkFirewallMissingExpectedRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingExpectedRoutesViolation) Source #
Expected routes are missing from Network Firewall.
resourceViolation_networkFirewallMissingFirewallViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingFirewallViolation) Source #
Violation detail for an Network Firewall policy that indicates that a subnet has no Firewall Manager managed firewall in its VPC.
resourceViolation_networkFirewallMissingSubnetViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingSubnetViolation) Source #
Violation detail for an Network Firewall policy that indicates that an Availability Zone is missing the expected Firewall Manager managed subnet.
resourceViolation_networkFirewallPolicyModifiedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallPolicyModifiedViolation) Source #
Violation detail for an Network Firewall policy that indicates that a firewall policy in an individual account has been modified in a way that makes it noncompliant. For example, the individual account owner might have deleted a rule group, changed the priority of a stateless rule group, or changed a policy default action.
resourceViolation_networkFirewallUnexpectedFirewallRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallUnexpectedFirewallRoutesViolation) Source #
There's an unexpected firewall route.
resourceViolation_networkFirewallUnexpectedGatewayRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallUnexpectedGatewayRoutesViolation) Source #
There's an unexpected gateway route.
resourceViolation_possibleRemediationActions :: Lens' ResourceViolation (Maybe PossibleRemediationActions) Source #
A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.
resourceViolation_routeHasOutOfScopeEndpointViolation :: Lens' ResourceViolation (Maybe RouteHasOutOfScopeEndpointViolation) Source #
Contains details about the route endpoint that violates the policy scope.
resourceViolation_thirdPartyFirewallMissingExpectedRouteTableViolation :: Lens' ResourceViolation (Maybe ThirdPartyFirewallMissingExpectedRouteTableViolation) Source #
The violation details for a third-party firewall that has the Firewall Manager managed route table that was associated with the third-party firewall has been deleted.
resourceViolation_thirdPartyFirewallMissingFirewallViolation :: Lens' ResourceViolation (Maybe ThirdPartyFirewallMissingFirewallViolation) Source #
The violation details for a third-party firewall that's been deleted.
resourceViolation_thirdPartyFirewallMissingSubnetViolation :: Lens' ResourceViolation (Maybe ThirdPartyFirewallMissingSubnetViolation) Source #
The violation details for a third-party firewall's subnet that's been deleted.
Route
Describes a route in a route table.
See: newRoute
smart constructor.
Route' | |
|
Instances
FromJSON Route Source # | |
Generic Route Source # | |
Read Route Source # | |
Show Route Source # | |
NFData Route Source # | |
Defined in Amazonka.FMS.Types.Route | |
Eq Route Source # | |
Hashable Route Source # | |
Defined in Amazonka.FMS.Types.Route | |
type Rep Route Source # | |
Defined in Amazonka.FMS.Types.Route type Rep Route = D1 ('MetaData "Route" "Amazonka.FMS.Types.Route" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "Route'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "destination") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "destinationType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe DestinationType))) :*: (S1 ('MetaSel ('Just "target") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "targetType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe TargetType))))) |
Create a value of Route
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:destination:Route'
, route_destination
- The destination of the route.
$sel:destinationType:Route'
, route_destinationType
- The type of destination for the route.
$sel:target:Route'
, route_target
- The route's target.
$sel:targetType:Route'
, route_targetType
- The type of target for the route.
route_destinationType :: Lens' Route (Maybe DestinationType) Source #
The type of destination for the route.
route_targetType :: Lens' Route (Maybe TargetType) Source #
The type of target for the route.
RouteHasOutOfScopeEndpointViolation
data RouteHasOutOfScopeEndpointViolation Source #
Contains details about the route endpoint that violates the policy scope.
See: newRouteHasOutOfScopeEndpointViolation
smart constructor.
RouteHasOutOfScopeEndpointViolation' | |
|
Instances
newRouteHasOutOfScopeEndpointViolation :: RouteHasOutOfScopeEndpointViolation Source #
Create a value of RouteHasOutOfScopeEndpointViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:currentFirewallSubnetRouteTable:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_currentFirewallSubnetRouteTable
- The route table associated with the current firewall subnet.
$sel:currentInternetGatewayRouteTable:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_currentInternetGatewayRouteTable
- The current route table associated with the Internet Gateway.
$sel:firewallSubnetId:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_firewallSubnetId
- The ID of the firewall subnet.
$sel:firewallSubnetRoutes:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_firewallSubnetRoutes
- The list of firewall subnet routes.
$sel:internetGatewayId:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_internetGatewayId
- The ID of the Internet Gateway.
$sel:internetGatewayRoutes:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_internetGatewayRoutes
- The routes in the route table associated with the Internet Gateway.
$sel:routeTableId:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_routeTableId
- The ID of the route table.
$sel:subnetAvailabilityZone:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_subnetAvailabilityZone
- The subnet's Availability Zone.
$sel:subnetAvailabilityZoneId:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_subnetAvailabilityZoneId
- The ID of the subnet's Availability Zone.
$sel:subnetId:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_subnetId
- The ID of the subnet associated with the route that violates the policy
scope.
$sel:violatingRoutes:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_violatingRoutes
- The list of routes that violate the route table.
$sel:vpcId:RouteHasOutOfScopeEndpointViolation'
, routeHasOutOfScopeEndpointViolation_vpcId
- The VPC ID of the route that violates the policy scope.
routeHasOutOfScopeEndpointViolation_currentFirewallSubnetRouteTable :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The route table associated with the current firewall subnet.
routeHasOutOfScopeEndpointViolation_currentInternetGatewayRouteTable :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The current route table associated with the Internet Gateway.
routeHasOutOfScopeEndpointViolation_firewallSubnetId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The ID of the firewall subnet.
routeHasOutOfScopeEndpointViolation_firewallSubnetRoutes :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe [Route]) Source #
The list of firewall subnet routes.
routeHasOutOfScopeEndpointViolation_internetGatewayId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The ID of the Internet Gateway.
routeHasOutOfScopeEndpointViolation_internetGatewayRoutes :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe [Route]) Source #
The routes in the route table associated with the Internet Gateway.
routeHasOutOfScopeEndpointViolation_routeTableId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The ID of the route table.
routeHasOutOfScopeEndpointViolation_subnetAvailabilityZone :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The subnet's Availability Zone.
routeHasOutOfScopeEndpointViolation_subnetAvailabilityZoneId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The ID of the subnet's Availability Zone.
routeHasOutOfScopeEndpointViolation_subnetId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The ID of the subnet associated with the route that violates the policy scope.
routeHasOutOfScopeEndpointViolation_violatingRoutes :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe [Route]) Source #
The list of routes that violate the route table.
routeHasOutOfScopeEndpointViolation_vpcId :: Lens' RouteHasOutOfScopeEndpointViolation (Maybe Text) Source #
The VPC ID of the route that violates the policy scope.
SecurityGroupRemediationAction
data SecurityGroupRemediationAction Source #
Remediation option for the rule specified in the ViolationTarget
.
See: newSecurityGroupRemediationAction
smart constructor.
SecurityGroupRemediationAction' | |
|
Instances
newSecurityGroupRemediationAction :: SecurityGroupRemediationAction Source #
Create a value of SecurityGroupRemediationAction
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:SecurityGroupRemediationAction'
, securityGroupRemediationAction_description
- Brief description of the action that will be performed.
$sel:isDefaultAction:SecurityGroupRemediationAction'
, securityGroupRemediationAction_isDefaultAction
- Indicates if the current action is the default action.
$sel:remediationActionType:SecurityGroupRemediationAction'
, securityGroupRemediationAction_remediationActionType
- The remediation action that will be performed.
$sel:remediationResult:SecurityGroupRemediationAction'
, securityGroupRemediationAction_remediationResult
- The final state of the rule specified in the ViolationTarget
after it
is remediated.
securityGroupRemediationAction_description :: Lens' SecurityGroupRemediationAction (Maybe Text) Source #
Brief description of the action that will be performed.
securityGroupRemediationAction_isDefaultAction :: Lens' SecurityGroupRemediationAction (Maybe Bool) Source #
Indicates if the current action is the default action.
securityGroupRemediationAction_remediationActionType :: Lens' SecurityGroupRemediationAction (Maybe RemediationActionType) Source #
The remediation action that will be performed.
securityGroupRemediationAction_remediationResult :: Lens' SecurityGroupRemediationAction (Maybe SecurityGroupRuleDescription) Source #
The final state of the rule specified in the ViolationTarget
after it
is remediated.
SecurityGroupRuleDescription
data SecurityGroupRuleDescription Source #
Describes a set of permissions for a security group rule.
See: newSecurityGroupRuleDescription
smart constructor.
SecurityGroupRuleDescription' | |
|
Instances
newSecurityGroupRuleDescription :: SecurityGroupRuleDescription Source #
Create a value of SecurityGroupRuleDescription
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:fromPort:SecurityGroupRuleDescription'
, securityGroupRuleDescription_fromPort
- The start of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 type number. A value of -1
indicates all ICMP/ICMPv6
types.
$sel:iPV4Range:SecurityGroupRuleDescription'
, securityGroupRuleDescription_iPV4Range
- The IPv4 ranges for the security group rule.
$sel:iPV6Range:SecurityGroupRuleDescription'
, securityGroupRuleDescription_iPV6Range
- The IPv6 ranges for the security group rule.
$sel:prefixListId:SecurityGroupRuleDescription'
, securityGroupRuleDescription_prefixListId
- The ID of the prefix list for the security group rule.
$sel:protocol:SecurityGroupRuleDescription'
, securityGroupRuleDescription_protocol
- The IP protocol name (tcp
, udp
, icmp
, icmpv6
) or number.
$sel:toPort:SecurityGroupRuleDescription'
, securityGroupRuleDescription_toPort
- The end of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 code. A value of -1
indicates all ICMP/ICMPv6 codes.
securityGroupRuleDescription_fromPort :: Lens' SecurityGroupRuleDescription (Maybe Natural) Source #
The start of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 type number. A value of -1
indicates all ICMP/ICMPv6
types.
securityGroupRuleDescription_iPV4Range :: Lens' SecurityGroupRuleDescription (Maybe Text) Source #
The IPv4 ranges for the security group rule.
securityGroupRuleDescription_iPV6Range :: Lens' SecurityGroupRuleDescription (Maybe Text) Source #
The IPv6 ranges for the security group rule.
securityGroupRuleDescription_prefixListId :: Lens' SecurityGroupRuleDescription (Maybe Text) Source #
The ID of the prefix list for the security group rule.
securityGroupRuleDescription_protocol :: Lens' SecurityGroupRuleDescription (Maybe Text) Source #
The IP protocol name (tcp
, udp
, icmp
, icmpv6
) or number.
securityGroupRuleDescription_toPort :: Lens' SecurityGroupRuleDescription (Maybe Natural) Source #
The end of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 code. A value of -1
indicates all ICMP/ICMPv6 codes.
SecurityServicePolicyData
data SecurityServicePolicyData Source #
Details about the security service that is being used to protect the resources.
See: newSecurityServicePolicyData
smart constructor.
SecurityServicePolicyData' | |
|
Instances
newSecurityServicePolicyData Source #
Create a value of SecurityServicePolicyData
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:managedServiceData:SecurityServicePolicyData'
, securityServicePolicyData_managedServiceData
- Details about the service that are specific to the service type, in JSON
format.
Example:
DNS_FIREWALL
"{\"type\":\"DNS_FIREWALL\",\"preProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-1\",\"priority\":10}],\"postProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-2\",\"priority\":9911}]}"
Valid values for
preProcessRuleGroups
are between 1 and 99. Valid values forpostProcessRuleGroups
are between 9901 and 10000.Example:
NETWORK_FIREWALL
- Centralized deployment model"{\"type\":\"NETWORK_FIREWALL\",\"awsNetworkFirewallConfig\":{\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}},\"firewallDeploymentModel\":{\"centralizedFirewallDeploymentModel\":{\"centralizedFirewallOrchestrationConfig\":{\"inspectionVpcIds\":[{\"resourceId\":\"vpc-1234\",\"accountId\":\"123456789011\"}],\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneId\":null,\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]}]}},\"allowedIPV4CidrList\":[]}}}}"
To use the centralized deployment model, you must set PolicyOption to
CENTRALIZED
.Example:
NETWORK_FIREWALL
- Distributed deployment model with automatic Availability Zone configuration"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"OFF\"},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}}"
With automatic Availbility Zone configuration, Firewall Manager chooses which Availability Zones to create the endpoints in. To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
NETWORK_FIREWALL
- Distributed deployment model with automatic Availability Zone configuration and route management"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"]},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\": \"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}}"
To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
NETWORK_FIREWALL
- Distributed deployment model with custom Availability Zone configuration"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\", \"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}},{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"fragmentmetricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"firewallCreationConfig\":{ \"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]},{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[ \"10.0.0.0/28\"]}]} },\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"OFF\",\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":boolean}}"
With custom Availability Zone configuration, you define which specific Availability Zones to create endpoints in by configuring
firewallCreationConfig
. To configure the Availability Zones infirewallCreationConfig
, specify either theavailabilityZoneName
oravailabilityZoneId
parameter, not both parameters.To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
NETWORK_FIREWALL
- Distributed deployment model with custom Availability Zone configuration and route management"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}},{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"fragmentmetricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]},{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]}]}},\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"],\"routeManagementConfig\":{\"allowCrossAZTrafficIfNoEndpoint\":true}},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":boolean}}"
To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
THIRD_PARTY_FIREWALL
"{ "type":"THIRD_PARTY_FIREWALL", "thirdPartyFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW", "thirdPartyFirewallConfig":{ "thirdPartyFirewallPolicyList":["global-1"] }, "firewallDeploymentModel":{ "distributedFirewallDeploymentModel":{ "distributedFirewallOrchestrationConfig":{ "firewallCreationConfig":{ "endpointLocation":{ "availabilityZoneConfigList":[ { "availabilityZoneName":"${AvailabilityZone}" } ] } }, "allowedIPV4CidrList":[ ] } } } }"
Example:
SECURITY_GROUPS_COMMON
"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"
Example:
SECURITY_GROUPS_COMMON
- Security group tag distribution""{\"type\":\"SECURITY_GROUPS_COMMON\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"revertManualSecurityGroupChanges\":true,\"exclusiveResourceSecurityGroupManagement\":false,\"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":false,\"enableTagDistribution\":true}""
Firewall Manager automatically distributes tags from the primary group to the security groups created by this policy. To use security group tag distribution, you must also set
revertManualSecurityGroupChanges
totrue
, otherwise Firewall Manager won't be able to create the policy. When you enablerevertManualSecurityGroupChanges
, Firewall Manager identifies and reports when the security groups created by this policy become non-compliant.Firewall Manager won't distrubute system tags added by Amazon Web Services services into the replica security groups. System tags begin with the
aws:
prefix.Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns
"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":true,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"
Example:
SECURITY_GROUPS_CONTENT_AUDIT
"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"
The security group action for content audit can be
ALLOW
orDENY
. ForALLOW
, all in-scope security group rules must be within the allowed range of the policy's security group rules. ForDENY
, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.Example:
SECURITY_GROUPS_USAGE_AUDIT
"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"
Specification for
SHIELD_ADVANCED
for Amazon CloudFront distributions"{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": {\"automaticResponseStatus\":\"ENABLED|IGNORED|DISABLED\", \"automaticResponseAction\":\"BLOCK|COUNT\"}, \"overrideCustomerWebaclClassic\":true|false}"
For example:
"{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": {\"automaticResponseStatus\":\"ENABLED\", \"automaticResponseAction\":\"COUNT\"}}"
The default value for
automaticResponseStatus
isIGNORED
. The value forautomaticResponseAction
is only required whenautomaticResponseStatus
is set toENABLED
. The default value foroverrideCustomerWebaclClassic
isfalse
.For other resource types that you can protect with a Shield Advanced policy, this
ManagedServiceData
configuration is an empty string.Example:
WAFV2
"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAmazonIpReputationList\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"
In the
loggingConfiguration
, you can specify onelogDestinationConfigs
, you can optionally provide up to 20redactedFields
, and theRedactedFieldType
must be one ofURI
,QUERY_STRING
,HEADER
, orMETHOD
.Example:
WAFV2
- Firewall Manager support for WAF managed rule group versioning"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"versionEnabled\":true,\"version\":\"Version_2.0\",\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesCommonRuleSet\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"
To use a specific version of a WAF managed rule group in your Firewall Manager policy, you must set
versionEnabled
totrue
, and setversion
to the version you'd like to use. If you don't setversionEnabled
totrue
, or if you omitversionEnabled
, then Firewall Manager uses the default version of the WAF managed rule group.Example:
WAF Classic
"{\"type\": \"WAF\", \"ruleGroups\": [{\"id\":\"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}"
$sel:policyOption:SecurityServicePolicyData'
, securityServicePolicyData_policyOption
- Contains the Network Firewall firewall policy options to configure a
centralized deployment model.
$sel:type':SecurityServicePolicyData'
, securityServicePolicyData_type
- The service that the policy is using to protect the resources. This
specifies the type of policy that is created, either an WAF policy, a
Shield Advanced policy, or a security group policy. For security group
policies, Firewall Manager supports one security group for each common
policy and for each content audit policy. This is an adjustable limit
that you can increase by contacting Amazon Web Services Support.
securityServicePolicyData_managedServiceData :: Lens' SecurityServicePolicyData (Maybe Text) Source #
Details about the service that are specific to the service type, in JSON format.
Example:
DNS_FIREWALL
"{\"type\":\"DNS_FIREWALL\",\"preProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-1\",\"priority\":10}],\"postProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-2\",\"priority\":9911}]}"
Valid values for
preProcessRuleGroups
are between 1 and 99. Valid values forpostProcessRuleGroups
are between 9901 and 10000.Example:
NETWORK_FIREWALL
- Centralized deployment model"{\"type\":\"NETWORK_FIREWALL\",\"awsNetworkFirewallConfig\":{\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}},\"firewallDeploymentModel\":{\"centralizedFirewallDeploymentModel\":{\"centralizedFirewallOrchestrationConfig\":{\"inspectionVpcIds\":[{\"resourceId\":\"vpc-1234\",\"accountId\":\"123456789011\"}],\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneId\":null,\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]}]}},\"allowedIPV4CidrList\":[]}}}}"
To use the centralized deployment model, you must set PolicyOption to
CENTRALIZED
.Example:
NETWORK_FIREWALL
- Distributed deployment model with automatic Availability Zone configuration"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"OFF\"},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}}"
With automatic Availbility Zone configuration, Firewall Manager chooses which Availability Zones to create the endpoints in. To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
NETWORK_FIREWALL
- Distributed deployment model with automatic Availability Zone configuration and route management"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":[\"10.0.0.0/28\",\"192.168.0.0/28\"],\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"]},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\": \"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}}"
To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
NETWORK_FIREWALL
- Distributed deployment model with custom Availability Zone configuration"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\", \"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}},{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"fragmentmetricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"firewallCreationConfig\":{ \"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]},{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[ \"10.0.0.0/28\"]}]} },\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"OFF\",\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":boolean}}"
With custom Availability Zone configuration, you define which specific Availability Zones to create endpoints in by configuring
firewallCreationConfig
. To configure the Availability Zones infirewallCreationConfig
, specify either theavailabilityZoneName
oravailabilityZoneId
parameter, not both parameters.To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
NETWORK_FIREWALL
- Distributed deployment model with custom Availability Zone configuration and route management"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"fragmentcustomactionname\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}},{\"actionName\":\"fragmentcustomactionname\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"fragmentmetricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallOrchestrationConfig\":{\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]},{\"availabilityZoneName\":\"us-east-1b\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]}]}},\"singleFirewallEndpointPerVPC\":false,\"allowedIPV4CidrList\":null,\"routeManagementAction\":\"MONITOR\",\"routeManagementTargetTypes\":[\"InternetGateway\"],\"routeManagementConfig\":{\"allowCrossAZTrafficIfNoEndpoint\":true}},\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":boolean}}"
To use the distributed deployment model, you must set PolicyOption to
NULL
.Example:
THIRD_PARTY_FIREWALL
"{ "type":"THIRD_PARTY_FIREWALL", "thirdPartyFirewall":"PALO_ALTO_NETWORKS_CLOUD_NGFW", "thirdPartyFirewallConfig":{ "thirdPartyFirewallPolicyList":["global-1"] }, "firewallDeploymentModel":{ "distributedFirewallDeploymentModel":{ "distributedFirewallOrchestrationConfig":{ "firewallCreationConfig":{ "endpointLocation":{ "availabilityZoneConfigList":[ { "availabilityZoneName":"${AvailabilityZone}" } ] } }, "allowedIPV4CidrList":[ ] } } } }"
Example:
SECURITY_GROUPS_COMMON
"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"
Example:
SECURITY_GROUPS_COMMON
- Security group tag distribution""{\"type\":\"SECURITY_GROUPS_COMMON\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"revertManualSecurityGroupChanges\":true,\"exclusiveResourceSecurityGroupManagement\":false,\"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":false,\"enableTagDistribution\":true}""
Firewall Manager automatically distributes tags from the primary group to the security groups created by this policy. To use security group tag distribution, you must also set
revertManualSecurityGroupChanges
totrue
, otherwise Firewall Manager won't be able to create the policy. When you enablerevertManualSecurityGroupChanges
, Firewall Manager identifies and reports when the security groups created by this policy become non-compliant.Firewall Manager won't distrubute system tags added by Amazon Web Services services into the replica security groups. System tags begin with the
aws:
prefix.Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns
"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":true,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"
Example:
SECURITY_GROUPS_CONTENT_AUDIT
"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"
The security group action for content audit can be
ALLOW
orDENY
. ForALLOW
, all in-scope security group rules must be within the allowed range of the policy's security group rules. ForDENY
, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.Example:
SECURITY_GROUPS_USAGE_AUDIT
"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"
Specification for
SHIELD_ADVANCED
for Amazon CloudFront distributions"{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": {\"automaticResponseStatus\":\"ENABLED|IGNORED|DISABLED\", \"automaticResponseAction\":\"BLOCK|COUNT\"}, \"overrideCustomerWebaclClassic\":true|false}"
For example:
"{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": {\"automaticResponseStatus\":\"ENABLED\", \"automaticResponseAction\":\"COUNT\"}}"
The default value for
automaticResponseStatus
isIGNORED
. The value forautomaticResponseAction
is only required whenautomaticResponseStatus
is set toENABLED
. The default value foroverrideCustomerWebaclClassic
isfalse
.For other resource types that you can protect with a Shield Advanced policy, this
ManagedServiceData
configuration is an empty string.Example:
WAFV2
"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAmazonIpReputationList\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"
In the
loggingConfiguration
, you can specify onelogDestinationConfigs
, you can optionally provide up to 20redactedFields
, and theRedactedFieldType
must be one ofURI
,QUERY_STRING
,HEADER
, orMETHOD
.Example:
WAFV2
- Firewall Manager support for WAF managed rule group versioning"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"versionEnabled\":true,\"version\":\"Version_2.0\",\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesCommonRuleSet\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"
To use a specific version of a WAF managed rule group in your Firewall Manager policy, you must set
versionEnabled
totrue
, and setversion
to the version you'd like to use. If you don't setversionEnabled
totrue
, or if you omitversionEnabled
, then Firewall Manager uses the default version of the WAF managed rule group.Example:
WAF Classic
"{\"type\": \"WAF\", \"ruleGroups\": [{\"id\":\"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}"
securityServicePolicyData_policyOption :: Lens' SecurityServicePolicyData (Maybe PolicyOption) Source #
Contains the Network Firewall firewall policy options to configure a centralized deployment model.
securityServicePolicyData_type :: Lens' SecurityServicePolicyData SecurityServiceType Source #
The service that the policy is using to protect the resources. This specifies the type of policy that is created, either an WAF policy, a Shield Advanced policy, or a security group policy. For security group policies, Firewall Manager supports one security group for each common policy and for each content audit policy. This is an adjustable limit that you can increase by contacting Amazon Web Services Support.
StatefulEngineOptions
data StatefulEngineOptions Source #
Configuration settings for the handling of the stateful rule groups in a Network Firewall firewall policy.
See: newStatefulEngineOptions
smart constructor.
StatefulEngineOptions' | |
|
Instances
newStatefulEngineOptions :: StatefulEngineOptions Source #
Create a value of StatefulEngineOptions
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:ruleOrder:StatefulEngineOptions'
, statefulEngineOptions_ruleOrder
- Indicates how to manage the order of stateful rule evaluation for the
policy. DEFAULT_ACTION_ORDER
is the default behavior. Stateful rules
are provided to the rule engine as Suricata compatible strings, and
Suricata evaluates them based on certain settings. For more information,
see
Evaluation order for stateful rules
in the Network Firewall Developer Guide.
statefulEngineOptions_ruleOrder :: Lens' StatefulEngineOptions (Maybe RuleOrder) Source #
Indicates how to manage the order of stateful rule evaluation for the
policy. DEFAULT_ACTION_ORDER
is the default behavior. Stateful rules
are provided to the rule engine as Suricata compatible strings, and
Suricata evaluates them based on certain settings. For more information,
see
Evaluation order for stateful rules
in the Network Firewall Developer Guide.
StatefulRuleGroup
data StatefulRuleGroup Source #
Network Firewall stateful rule group, used in a NetworkFirewallPolicyDescription.
See: newStatefulRuleGroup
smart constructor.
StatefulRuleGroup' | |
|
Instances
newStatefulRuleGroup :: StatefulRuleGroup Source #
Create a value of StatefulRuleGroup
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:override:StatefulRuleGroup'
, statefulRuleGroup_override
- The action that allows the policy owner to override the behavior of the
rule group within a policy.
$sel:priority:StatefulRuleGroup'
, statefulRuleGroup_priority
- An integer setting that indicates the order in which to run the stateful
rule groups in a single Network Firewall firewall policy. This setting
only applies to firewall policies that specify the STRICT_ORDER
rule
order in the stateful engine options settings.
Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy. For information about
You can change the priority settings of your rule groups at any time. To make it easier to insert rule groups later, number them so there's a wide range in between, for example use 100, 200, and so on.
$sel:resourceId:StatefulRuleGroup'
, statefulRuleGroup_resourceId
- The resource ID of the rule group.
$sel:ruleGroupName:StatefulRuleGroup'
, statefulRuleGroup_ruleGroupName
- The name of the rule group.
statefulRuleGroup_override :: Lens' StatefulRuleGroup (Maybe NetworkFirewallStatefulRuleGroupOverride) Source #
The action that allows the policy owner to override the behavior of the rule group within a policy.
statefulRuleGroup_priority :: Lens' StatefulRuleGroup (Maybe Int) Source #
An integer setting that indicates the order in which to run the stateful
rule groups in a single Network Firewall firewall policy. This setting
only applies to firewall policies that specify the STRICT_ORDER
rule
order in the stateful engine options settings.
Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy. For information about
You can change the priority settings of your rule groups at any time. To make it easier to insert rule groups later, number them so there's a wide range in between, for example use 100, 200, and so on.
statefulRuleGroup_resourceId :: Lens' StatefulRuleGroup (Maybe Text) Source #
The resource ID of the rule group.
statefulRuleGroup_ruleGroupName :: Lens' StatefulRuleGroup (Maybe Text) Source #
The name of the rule group.
StatelessRuleGroup
data StatelessRuleGroup Source #
Network Firewall stateless rule group, used in a NetworkFirewallPolicyDescription.
See: newStatelessRuleGroup
smart constructor.
StatelessRuleGroup' | |
|
Instances
newStatelessRuleGroup :: StatelessRuleGroup Source #
Create a value of StatelessRuleGroup
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:priority:StatelessRuleGroup'
, statelessRuleGroup_priority
- The priority of the rule group. Network Firewall evaluates the stateless
rule groups in a firewall policy starting from the lowest priority
setting.
$sel:resourceId:StatelessRuleGroup'
, statelessRuleGroup_resourceId
- The resource ID of the rule group.
$sel:ruleGroupName:StatelessRuleGroup'
, statelessRuleGroup_ruleGroupName
- The name of the rule group.
statelessRuleGroup_priority :: Lens' StatelessRuleGroup (Maybe Natural) Source #
The priority of the rule group. Network Firewall evaluates the stateless rule groups in a firewall policy starting from the lowest priority setting.
statelessRuleGroup_resourceId :: Lens' StatelessRuleGroup (Maybe Text) Source #
The resource ID of the rule group.
statelessRuleGroup_ruleGroupName :: Lens' StatelessRuleGroup (Maybe Text) Source #
The name of the rule group.
Tag
A collection of key:value pairs associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each Amazon Web Services resource.
See: newTag
smart constructor.
Tag' | |
|
Instances
FromJSON Tag Source # | |
ToJSON Tag Source # | |
Defined in Amazonka.FMS.Types.Tag | |
Generic Tag Source # | |
Read Tag Source # | |
Show Tag Source # | |
NFData Tag Source # | |
Defined in Amazonka.FMS.Types.Tag | |
Eq Tag Source # | |
Hashable Tag Source # | |
Defined in Amazonka.FMS.Types.Tag | |
type Rep Tag Source # | |
Defined in Amazonka.FMS.Types.Tag type Rep Tag = D1 ('MetaData "Tag" "Amazonka.FMS.Types.Tag" "amazonka-fms-2.0-351knTjuYAjE9GRQTo0ohx" 'False) (C1 ('MetaCons "Tag'" 'PrefixI 'True) (S1 ('MetaSel ('Just "key") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "value") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) |
Create a value of Tag
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:key:Tag'
, tag_key
- Part of the key:value pair that defines a tag. You can use a tag key to
describe a category of information, such as "customer." Tag keys are
case-sensitive.
$sel:value:Tag'
, tag_value
- Part of the key:value pair that defines a tag. You can use a tag value
to describe a specific value within a category, such as "companyA" or
"companyB." Tag values are case-sensitive.
tag_key :: Lens' Tag Text Source #
Part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as "customer." Tag keys are case-sensitive.
tag_value :: Lens' Tag Text Source #
Part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as "companyA" or "companyB." Tag values are case-sensitive.
ThirdPartyFirewallFirewallPolicy
data ThirdPartyFirewallFirewallPolicy Source #
Configures the third-party firewall's firewall policy.
See: newThirdPartyFirewallFirewallPolicy
smart constructor.
ThirdPartyFirewallFirewallPolicy' | |
|
Instances
newThirdPartyFirewallFirewallPolicy :: ThirdPartyFirewallFirewallPolicy Source #
Create a value of ThirdPartyFirewallFirewallPolicy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallPolicyId:ThirdPartyFirewallFirewallPolicy'
, thirdPartyFirewallFirewallPolicy_firewallPolicyId
- The ID of the specified firewall policy.
$sel:firewallPolicyName:ThirdPartyFirewallFirewallPolicy'
, thirdPartyFirewallFirewallPolicy_firewallPolicyName
- The name of the specified firewall policy.
thirdPartyFirewallFirewallPolicy_firewallPolicyId :: Lens' ThirdPartyFirewallFirewallPolicy (Maybe Text) Source #
The ID of the specified firewall policy.
thirdPartyFirewallFirewallPolicy_firewallPolicyName :: Lens' ThirdPartyFirewallFirewallPolicy (Maybe Text) Source #
The name of the specified firewall policy.
ThirdPartyFirewallMissingExpectedRouteTableViolation
data ThirdPartyFirewallMissingExpectedRouteTableViolation Source #
The violation details for a third-party firewall that's not associated with an Firewall Manager managed route table.
See: newThirdPartyFirewallMissingExpectedRouteTableViolation
smart constructor.
ThirdPartyFirewallMissingExpectedRouteTableViolation' | |
|
Instances
newThirdPartyFirewallMissingExpectedRouteTableViolation :: ThirdPartyFirewallMissingExpectedRouteTableViolation Source #
Create a value of ThirdPartyFirewallMissingExpectedRouteTableViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:ThirdPartyFirewallMissingExpectedRouteTableViolation'
, thirdPartyFirewallMissingExpectedRouteTableViolation_availabilityZone
- The Availability Zone of the firewall subnet that's causing the
violation.
$sel:currentRouteTable:ThirdPartyFirewallMissingExpectedRouteTableViolation'
, thirdPartyFirewallMissingExpectedRouteTableViolation_currentRouteTable
- The resource ID of the current route table that's associated with the
subnet, if one is available.
$sel:expectedRouteTable:ThirdPartyFirewallMissingExpectedRouteTableViolation'
, thirdPartyFirewallMissingExpectedRouteTableViolation_expectedRouteTable
- The resource ID of the route table that should be associated with the
subnet.
$sel:vpc:ThirdPartyFirewallMissingExpectedRouteTableViolation'
, thirdPartyFirewallMissingExpectedRouteTableViolation_vpc
- The resource ID of the VPC associated with a fireawll subnet that's
causing the violation.
$sel:violationTarget:ThirdPartyFirewallMissingExpectedRouteTableViolation'
, thirdPartyFirewallMissingExpectedRouteTableViolation_violationTarget
- The ID of the third-party firewall or VPC resource that's causing the
violation.
thirdPartyFirewallMissingExpectedRouteTableViolation_availabilityZone :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text) Source #
The Availability Zone of the firewall subnet that's causing the violation.
thirdPartyFirewallMissingExpectedRouteTableViolation_currentRouteTable :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text) Source #
The resource ID of the current route table that's associated with the subnet, if one is available.
thirdPartyFirewallMissingExpectedRouteTableViolation_expectedRouteTable :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text) Source #
The resource ID of the route table that should be associated with the subnet.
thirdPartyFirewallMissingExpectedRouteTableViolation_vpc :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text) Source #
The resource ID of the VPC associated with a fireawll subnet that's causing the violation.
thirdPartyFirewallMissingExpectedRouteTableViolation_violationTarget :: Lens' ThirdPartyFirewallMissingExpectedRouteTableViolation (Maybe Text) Source #
The ID of the third-party firewall or VPC resource that's causing the violation.
ThirdPartyFirewallMissingFirewallViolation
data ThirdPartyFirewallMissingFirewallViolation Source #
The violation details about a third-party firewall's subnet that doesn't have a Firewall Manager managed firewall in its VPC.
See: newThirdPartyFirewallMissingFirewallViolation
smart constructor.
ThirdPartyFirewallMissingFirewallViolation' | |
|
Instances
newThirdPartyFirewallMissingFirewallViolation :: ThirdPartyFirewallMissingFirewallViolation Source #
Create a value of ThirdPartyFirewallMissingFirewallViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:ThirdPartyFirewallMissingFirewallViolation'
, thirdPartyFirewallMissingFirewallViolation_availabilityZone
- The Availability Zone of the third-party firewall that's causing the
violation.
$sel:targetViolationReason:ThirdPartyFirewallMissingFirewallViolation'
, thirdPartyFirewallMissingFirewallViolation_targetViolationReason
- The reason the resource is causing this violation, if a reason is
available.
$sel:vpc:ThirdPartyFirewallMissingFirewallViolation'
, thirdPartyFirewallMissingFirewallViolation_vpc
- The resource ID of the VPC associated with a third-party firewall.
$sel:violationTarget:ThirdPartyFirewallMissingFirewallViolation'
, thirdPartyFirewallMissingFirewallViolation_violationTarget
- The ID of the third-party firewall that's causing the violation.
thirdPartyFirewallMissingFirewallViolation_availabilityZone :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text) Source #
The Availability Zone of the third-party firewall that's causing the violation.
thirdPartyFirewallMissingFirewallViolation_targetViolationReason :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text) Source #
The reason the resource is causing this violation, if a reason is available.
thirdPartyFirewallMissingFirewallViolation_vpc :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text) Source #
The resource ID of the VPC associated with a third-party firewall.
thirdPartyFirewallMissingFirewallViolation_violationTarget :: Lens' ThirdPartyFirewallMissingFirewallViolation (Maybe Text) Source #
The ID of the third-party firewall that's causing the violation.
ThirdPartyFirewallMissingSubnetViolation
data ThirdPartyFirewallMissingSubnetViolation Source #
The violation details for a third-party firewall for an Availability Zone that's missing the Firewall Manager managed subnet.
See: newThirdPartyFirewallMissingSubnetViolation
smart constructor.
ThirdPartyFirewallMissingSubnetViolation' | |
|
Instances
newThirdPartyFirewallMissingSubnetViolation :: ThirdPartyFirewallMissingSubnetViolation Source #
Create a value of ThirdPartyFirewallMissingSubnetViolation
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:availabilityZone:ThirdPartyFirewallMissingSubnetViolation'
, thirdPartyFirewallMissingSubnetViolation_availabilityZone
- The Availability Zone of a subnet that's causing the violation.
$sel:targetViolationReason:ThirdPartyFirewallMissingSubnetViolation'
, thirdPartyFirewallMissingSubnetViolation_targetViolationReason
- The reason the resource is causing the violation, if a reason is
available.
$sel:vpc:ThirdPartyFirewallMissingSubnetViolation'
, thirdPartyFirewallMissingSubnetViolation_vpc
- The resource ID of the VPC associated with a subnet that's causing the
violation.
$sel:violationTarget:ThirdPartyFirewallMissingSubnetViolation'
, thirdPartyFirewallMissingSubnetViolation_violationTarget
- The ID of the third-party firewall or VPC resource that's causing the
violation.
thirdPartyFirewallMissingSubnetViolation_availabilityZone :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text) Source #
The Availability Zone of a subnet that's causing the violation.
thirdPartyFirewallMissingSubnetViolation_targetViolationReason :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text) Source #
The reason the resource is causing the violation, if a reason is available.
thirdPartyFirewallMissingSubnetViolation_vpc :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text) Source #
The resource ID of the VPC associated with a subnet that's causing the violation.
thirdPartyFirewallMissingSubnetViolation_violationTarget :: Lens' ThirdPartyFirewallMissingSubnetViolation (Maybe Text) Source #
The ID of the third-party firewall or VPC resource that's causing the violation.
ThirdPartyFirewallPolicy
data ThirdPartyFirewallPolicy Source #
Configures the deployment model for the third-party firewall.
See: newThirdPartyFirewallPolicy
smart constructor.
ThirdPartyFirewallPolicy' | |
|
Instances
newThirdPartyFirewallPolicy :: ThirdPartyFirewallPolicy Source #
Create a value of ThirdPartyFirewallPolicy
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallDeploymentModel:ThirdPartyFirewallPolicy'
, thirdPartyFirewallPolicy_firewallDeploymentModel
- Defines the deployment model to use for the third-party firewall policy.
thirdPartyFirewallPolicy_firewallDeploymentModel :: Lens' ThirdPartyFirewallPolicy (Maybe FirewallDeploymentModel) Source #
Defines the deployment model to use for the third-party firewall policy.
ViolationDetail
data ViolationDetail Source #
Violations for a resource based on the specified Firewall Manager policy and Amazon Web Services account.
See: newViolationDetail
smart constructor.
ViolationDetail' | |
|
Instances
:: Text | |
-> Text | |
-> Text | |
-> Text | |
-> ViolationDetail |
Create a value of ViolationDetail
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceDescription:ViolationDetail'
, violationDetail_resourceDescription
- Brief description for the requested resource.
$sel:resourceTags:ViolationDetail'
, violationDetail_resourceTags
- The ResourceTag
objects associated with the resource.
$sel:policyId:ViolationDetail'
, violationDetail_policyId
- The ID of the Firewall Manager policy that the violation details were
requested for.
$sel:memberAccount:ViolationDetail'
, violationDetail_memberAccount
- The Amazon Web Services account that the violation details were
requested for.
$sel:resourceId:ViolationDetail'
, violationDetail_resourceId
- The resource ID that the violation details were requested for.
$sel:resourceType:ViolationDetail'
, violationDetail_resourceType
- The resource type that the violation details were requested for.
$sel:resourceViolations:ViolationDetail'
, violationDetail_resourceViolations
- List of violations for the requested resource.
violationDetail_resourceDescription :: Lens' ViolationDetail (Maybe Text) Source #
Brief description for the requested resource.
violationDetail_resourceTags :: Lens' ViolationDetail (Maybe [Tag]) Source #
The ResourceTag
objects associated with the resource.
violationDetail_policyId :: Lens' ViolationDetail Text Source #
The ID of the Firewall Manager policy that the violation details were requested for.
violationDetail_memberAccount :: Lens' ViolationDetail Text Source #
The Amazon Web Services account that the violation details were requested for.
violationDetail_resourceId :: Lens' ViolationDetail Text Source #
The resource ID that the violation details were requested for.
violationDetail_resourceType :: Lens' ViolationDetail Text Source #
The resource type that the violation details were requested for.
violationDetail_resourceViolations :: Lens' ViolationDetail [ResourceViolation] Source #
List of violations for the requested resource.