| Copyright | (c) 2013-2021 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
Amazonka.FMS.Types
Contents
- Service Configuration
- Errors
- AccountRoleStatus
- CustomerPolicyScopeIdType
- DependentServiceName
- DestinationType
- PolicyComplianceStatusType
- RemediationActionType
- SecurityServiceType
- TargetType
- ViolationReason
- ActionTarget
- App
- AppsListData
- AppsListDataSummary
- AwsEc2InstanceViolation
- AwsEc2NetworkInterfaceViolation
- AwsVPCSecurityGroupViolation
- ComplianceViolator
- DnsDuplicateRuleGroupViolation
- DnsRuleGroupLimitExceededViolation
- DnsRuleGroupPriorityConflictViolation
- EC2AssociateRouteTableAction
- EC2CopyRouteTableAction
- EC2CreateRouteAction
- EC2CreateRouteTableAction
- EC2DeleteRouteAction
- EC2ReplaceRouteAction
- EC2ReplaceRouteTableAssociationAction
- EvaluationResult
- ExpectedRoute
- NetworkFirewallBlackHoleRouteDetectedViolation
- NetworkFirewallInternetTrafficNotInspectedViolation
- NetworkFirewallInvalidRouteConfigurationViolation
- NetworkFirewallMissingExpectedRTViolation
- NetworkFirewallMissingExpectedRoutesViolation
- NetworkFirewallMissingFirewallViolation
- NetworkFirewallMissingSubnetViolation
- NetworkFirewallPolicyDescription
- NetworkFirewallPolicyModifiedViolation
- NetworkFirewallUnexpectedFirewallRoutesViolation
- NetworkFirewallUnexpectedGatewayRoutesViolation
- PartialMatch
- Policy
- PolicyComplianceDetail
- PolicyComplianceStatus
- PolicySummary
- PossibleRemediationAction
- PossibleRemediationActions
- ProtocolsListData
- ProtocolsListDataSummary
- RemediationAction
- RemediationActionWithOrder
- ResourceTag
- ResourceViolation
- Route
- SecurityGroupRemediationAction
- SecurityGroupRuleDescription
- SecurityServicePolicyData
- StatefulRuleGroup
- StatelessRuleGroup
- Tag
- ViolationDetail
Description
Synopsis
- defaultService :: Service
- _InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidOperationException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidTypeException :: AsError a => Getting (First ServiceError) a ServiceError
- _ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- newtype AccountRoleStatus where
- AccountRoleStatus' { }
- pattern AccountRoleStatus_CREATING :: AccountRoleStatus
- pattern AccountRoleStatus_DELETED :: AccountRoleStatus
- pattern AccountRoleStatus_DELETING :: AccountRoleStatus
- pattern AccountRoleStatus_PENDING_DELETION :: AccountRoleStatus
- pattern AccountRoleStatus_READY :: AccountRoleStatus
- newtype CustomerPolicyScopeIdType where
- newtype DependentServiceName where
- newtype DestinationType where
- DestinationType' { }
- pattern DestinationType_IPV4 :: DestinationType
- pattern DestinationType_IPV6 :: DestinationType
- pattern DestinationType_PREFIX_LIST :: DestinationType
- newtype PolicyComplianceStatusType where
- newtype RemediationActionType where
- newtype SecurityServiceType where
- SecurityServiceType' { }
- pattern SecurityServiceType_DNS_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_NETWORK_FIREWALL :: SecurityServiceType
- pattern SecurityServiceType_SECURITY_GROUPS_COMMON :: SecurityServiceType
- pattern SecurityServiceType_SECURITY_GROUPS_CONTENT_AUDIT :: SecurityServiceType
- pattern SecurityServiceType_SECURITY_GROUPS_USAGE_AUDIT :: SecurityServiceType
- pattern SecurityServiceType_SHIELD_ADVANCED :: SecurityServiceType
- pattern SecurityServiceType_WAF :: SecurityServiceType
- pattern SecurityServiceType_WAFV2 :: SecurityServiceType
- newtype TargetType where
- TargetType' { }
- pattern TargetType_CARRIER_GATEWAY :: TargetType
- pattern TargetType_EGRESS_ONLY_INTERNET_GATEWAY :: TargetType
- pattern TargetType_GATEWAY :: TargetType
- pattern TargetType_INSTANCE :: TargetType
- pattern TargetType_LOCAL_GATEWAY :: TargetType
- pattern TargetType_NAT_GATEWAY :: TargetType
- pattern TargetType_NETWORK_INTERFACE :: TargetType
- pattern TargetType_TRANSIT_GATEWAY :: TargetType
- pattern TargetType_VPC_ENDPOINT :: TargetType
- pattern TargetType_VPC_PEERING_CONNECTION :: TargetType
- newtype ViolationReason where
- ViolationReason' { }
- pattern ViolationReason_BLACK_HOLE_ROUTE_DETECTED :: ViolationReason
- pattern ViolationReason_BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET :: ViolationReason
- pattern ViolationReason_FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE :: ViolationReason
- pattern ViolationReason_FMS_CREATED_SECURITY_GROUP_EDITED :: ViolationReason
- pattern ViolationReason_INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE :: ViolationReason
- pattern ViolationReason_INTERNET_TRAFFIC_NOT_INSPECTED :: ViolationReason
- pattern ViolationReason_INVALID_ROUTE_CONFIGURATION :: ViolationReason
- pattern ViolationReason_MISSING_EXPECTED_ROUTE_TABLE :: ViolationReason
- pattern ViolationReason_MISSING_FIREWALL :: ViolationReason
- pattern ViolationReason_MISSING_FIREWALL_SUBNET_IN_AZ :: ViolationReason
- pattern ViolationReason_MISSING_TARGET_GATEWAY :: ViolationReason
- pattern ViolationReason_NETWORK_FIREWALL_POLICY_MODIFIED :: ViolationReason
- pattern ViolationReason_RESOURCE_INCORRECT_WEB_ACL :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_DNS_FIREWALL :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_SECURITY_GROUP :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_SHIELD_PROTECTION :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_WEB_ACL :: ViolationReason
- pattern ViolationReason_RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION :: ViolationReason
- pattern ViolationReason_RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP :: ViolationReason
- pattern ViolationReason_SECURITY_GROUP_REDUNDANT :: ViolationReason
- pattern ViolationReason_SECURITY_GROUP_UNUSED :: ViolationReason
- pattern ViolationReason_TRAFFIC_INSPECTION_CROSSES_AZ_BOUNDARY :: ViolationReason
- pattern ViolationReason_UNEXPECTED_FIREWALL_ROUTES :: ViolationReason
- pattern ViolationReason_UNEXPECTED_TARGET_GATEWAY_ROUTES :: ViolationReason
- pattern ViolationReason_WEB_ACL_MISSING_RULE_GROUP :: ViolationReason
- data ActionTarget = ActionTarget' {
- resourceId :: Maybe Text
- description :: Maybe Text
- newActionTarget :: ActionTarget
- actionTarget_resourceId :: Lens' ActionTarget (Maybe Text)
- actionTarget_description :: Lens' ActionTarget (Maybe Text)
- data App = App' {}
- newApp :: Text -> Text -> Natural -> App
- app_appName :: Lens' App Text
- app_protocol :: Lens' App Text
- app_port :: Lens' App Natural
- data AppsListData = AppsListData' {}
- newAppsListData :: Text -> AppsListData
- appsListData_listUpdateToken :: Lens' AppsListData (Maybe Text)
- appsListData_listId :: Lens' AppsListData (Maybe Text)
- appsListData_lastUpdateTime :: Lens' AppsListData (Maybe UTCTime)
- appsListData_previousAppsList :: Lens' AppsListData (Maybe (HashMap Text [App]))
- appsListData_createTime :: Lens' AppsListData (Maybe UTCTime)
- appsListData_listName :: Lens' AppsListData Text
- appsListData_appsList :: Lens' AppsListData [App]
- data AppsListDataSummary = AppsListDataSummary' {}
- newAppsListDataSummary :: AppsListDataSummary
- appsListDataSummary_listArn :: Lens' AppsListDataSummary (Maybe Text)
- appsListDataSummary_appsList :: Lens' AppsListDataSummary (Maybe [App])
- appsListDataSummary_listId :: Lens' AppsListDataSummary (Maybe Text)
- appsListDataSummary_listName :: Lens' AppsListDataSummary (Maybe Text)
- data AwsEc2InstanceViolation = AwsEc2InstanceViolation' {}
- newAwsEc2InstanceViolation :: AwsEc2InstanceViolation
- awsEc2InstanceViolation_violationTarget :: Lens' AwsEc2InstanceViolation (Maybe Text)
- awsEc2InstanceViolation_awsEc2NetworkInterfaceViolations :: Lens' AwsEc2InstanceViolation (Maybe [AwsEc2NetworkInterfaceViolation])
- data AwsEc2NetworkInterfaceViolation = AwsEc2NetworkInterfaceViolation' {}
- newAwsEc2NetworkInterfaceViolation :: AwsEc2NetworkInterfaceViolation
- awsEc2NetworkInterfaceViolation_violatingSecurityGroups :: Lens' AwsEc2NetworkInterfaceViolation (Maybe [Text])
- awsEc2NetworkInterfaceViolation_violationTarget :: Lens' AwsEc2NetworkInterfaceViolation (Maybe Text)
- data AwsVPCSecurityGroupViolation = AwsVPCSecurityGroupViolation' {}
- newAwsVPCSecurityGroupViolation :: AwsVPCSecurityGroupViolation
- awsVPCSecurityGroupViolation_violationTargetDescription :: Lens' AwsVPCSecurityGroupViolation (Maybe Text)
- awsVPCSecurityGroupViolation_possibleSecurityGroupRemediationActions :: Lens' AwsVPCSecurityGroupViolation (Maybe [SecurityGroupRemediationAction])
- awsVPCSecurityGroupViolation_violationTarget :: Lens' AwsVPCSecurityGroupViolation (Maybe Text)
- awsVPCSecurityGroupViolation_partialMatches :: Lens' AwsVPCSecurityGroupViolation (Maybe [PartialMatch])
- data ComplianceViolator = ComplianceViolator' {}
- newComplianceViolator :: ComplianceViolator
- complianceViolator_resourceId :: Lens' ComplianceViolator (Maybe Text)
- complianceViolator_resourceType :: Lens' ComplianceViolator (Maybe Text)
- complianceViolator_violationReason :: Lens' ComplianceViolator (Maybe ViolationReason)
- data DnsDuplicateRuleGroupViolation = DnsDuplicateRuleGroupViolation' {}
- newDnsDuplicateRuleGroupViolation :: DnsDuplicateRuleGroupViolation
- dnsDuplicateRuleGroupViolation_violationTargetDescription :: Lens' DnsDuplicateRuleGroupViolation (Maybe Text)
- dnsDuplicateRuleGroupViolation_violationTarget :: Lens' DnsDuplicateRuleGroupViolation (Maybe Text)
- data DnsRuleGroupLimitExceededViolation = DnsRuleGroupLimitExceededViolation' {}
- newDnsRuleGroupLimitExceededViolation :: DnsRuleGroupLimitExceededViolation
- dnsRuleGroupLimitExceededViolation_violationTargetDescription :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Text)
- dnsRuleGroupLimitExceededViolation_violationTarget :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Text)
- dnsRuleGroupLimitExceededViolation_numberOfRuleGroupsAlreadyAssociated :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Int)
- data DnsRuleGroupPriorityConflictViolation = DnsRuleGroupPriorityConflictViolation' {}
- newDnsRuleGroupPriorityConflictViolation :: DnsRuleGroupPriorityConflictViolation
- dnsRuleGroupPriorityConflictViolation_conflictingPriority :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Natural)
- dnsRuleGroupPriorityConflictViolation_conflictingPolicyId :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text)
- dnsRuleGroupPriorityConflictViolation_violationTargetDescription :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text)
- dnsRuleGroupPriorityConflictViolation_violationTarget :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text)
- dnsRuleGroupPriorityConflictViolation_unavailablePriorities :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe [Natural])
- data EC2AssociateRouteTableAction = EC2AssociateRouteTableAction' {}
- newEC2AssociateRouteTableAction :: ActionTarget -> EC2AssociateRouteTableAction
- eC2AssociateRouteTableAction_subnetId :: Lens' EC2AssociateRouteTableAction (Maybe ActionTarget)
- eC2AssociateRouteTableAction_gatewayId :: Lens' EC2AssociateRouteTableAction (Maybe ActionTarget)
- eC2AssociateRouteTableAction_description :: Lens' EC2AssociateRouteTableAction (Maybe Text)
- eC2AssociateRouteTableAction_routeTableId :: Lens' EC2AssociateRouteTableAction ActionTarget
- data EC2CopyRouteTableAction = EC2CopyRouteTableAction' {}
- newEC2CopyRouteTableAction :: ActionTarget -> ActionTarget -> EC2CopyRouteTableAction
- eC2CopyRouteTableAction_description :: Lens' EC2CopyRouteTableAction (Maybe Text)
- eC2CopyRouteTableAction_vpcId :: Lens' EC2CopyRouteTableAction ActionTarget
- eC2CopyRouteTableAction_routeTableId :: Lens' EC2CopyRouteTableAction ActionTarget
- data EC2CreateRouteAction = EC2CreateRouteAction' {}
- newEC2CreateRouteAction :: ActionTarget -> EC2CreateRouteAction
- eC2CreateRouteAction_destinationIpv6CidrBlock :: Lens' EC2CreateRouteAction (Maybe Text)
- eC2CreateRouteAction_gatewayId :: Lens' EC2CreateRouteAction (Maybe ActionTarget)
- eC2CreateRouteAction_vpcEndpointId :: Lens' EC2CreateRouteAction (Maybe ActionTarget)
- eC2CreateRouteAction_destinationPrefixListId :: Lens' EC2CreateRouteAction (Maybe Text)
- eC2CreateRouteAction_description :: Lens' EC2CreateRouteAction (Maybe Text)
- eC2CreateRouteAction_destinationCidrBlock :: Lens' EC2CreateRouteAction (Maybe Text)
- eC2CreateRouteAction_routeTableId :: Lens' EC2CreateRouteAction ActionTarget
- data EC2CreateRouteTableAction = EC2CreateRouteTableAction' {}
- newEC2CreateRouteTableAction :: ActionTarget -> EC2CreateRouteTableAction
- eC2CreateRouteTableAction_description :: Lens' EC2CreateRouteTableAction (Maybe Text)
- eC2CreateRouteTableAction_vpcId :: Lens' EC2CreateRouteTableAction ActionTarget
- data EC2DeleteRouteAction = EC2DeleteRouteAction' {}
- newEC2DeleteRouteAction :: ActionTarget -> EC2DeleteRouteAction
- eC2DeleteRouteAction_destinationIpv6CidrBlock :: Lens' EC2DeleteRouteAction (Maybe Text)
- eC2DeleteRouteAction_destinationPrefixListId :: Lens' EC2DeleteRouteAction (Maybe Text)
- eC2DeleteRouteAction_description :: Lens' EC2DeleteRouteAction (Maybe Text)
- eC2DeleteRouteAction_destinationCidrBlock :: Lens' EC2DeleteRouteAction (Maybe Text)
- eC2DeleteRouteAction_routeTableId :: Lens' EC2DeleteRouteAction ActionTarget
- data EC2ReplaceRouteAction = EC2ReplaceRouteAction' {}
- newEC2ReplaceRouteAction :: ActionTarget -> EC2ReplaceRouteAction
- eC2ReplaceRouteAction_destinationIpv6CidrBlock :: Lens' EC2ReplaceRouteAction (Maybe Text)
- eC2ReplaceRouteAction_gatewayId :: Lens' EC2ReplaceRouteAction (Maybe ActionTarget)
- eC2ReplaceRouteAction_destinationPrefixListId :: Lens' EC2ReplaceRouteAction (Maybe Text)
- eC2ReplaceRouteAction_description :: Lens' EC2ReplaceRouteAction (Maybe Text)
- eC2ReplaceRouteAction_destinationCidrBlock :: Lens' EC2ReplaceRouteAction (Maybe Text)
- eC2ReplaceRouteAction_routeTableId :: Lens' EC2ReplaceRouteAction ActionTarget
- data EC2ReplaceRouteTableAssociationAction = EC2ReplaceRouteTableAssociationAction' {}
- newEC2ReplaceRouteTableAssociationAction :: ActionTarget -> ActionTarget -> EC2ReplaceRouteTableAssociationAction
- eC2ReplaceRouteTableAssociationAction_description :: Lens' EC2ReplaceRouteTableAssociationAction (Maybe Text)
- eC2ReplaceRouteTableAssociationAction_associationId :: Lens' EC2ReplaceRouteTableAssociationAction ActionTarget
- eC2ReplaceRouteTableAssociationAction_routeTableId :: Lens' EC2ReplaceRouteTableAssociationAction ActionTarget
- data EvaluationResult = EvaluationResult' {}
- newEvaluationResult :: EvaluationResult
- evaluationResult_violatorCount :: Lens' EvaluationResult (Maybe Natural)
- evaluationResult_complianceStatus :: Lens' EvaluationResult (Maybe PolicyComplianceStatusType)
- evaluationResult_evaluationLimitExceeded :: Lens' EvaluationResult (Maybe Bool)
- data ExpectedRoute = ExpectedRoute' {
- ipV4Cidr :: Maybe Text
- routeTableId :: Maybe Text
- allowedTargets :: Maybe [Text]
- prefixListId :: Maybe Text
- ipV6Cidr :: Maybe Text
- contributingSubnets :: Maybe [Text]
- newExpectedRoute :: ExpectedRoute
- expectedRoute_ipV4Cidr :: Lens' ExpectedRoute (Maybe Text)
- expectedRoute_routeTableId :: Lens' ExpectedRoute (Maybe Text)
- expectedRoute_allowedTargets :: Lens' ExpectedRoute (Maybe [Text])
- expectedRoute_prefixListId :: Lens' ExpectedRoute (Maybe Text)
- expectedRoute_ipV6Cidr :: Lens' ExpectedRoute (Maybe Text)
- expectedRoute_contributingSubnets :: Lens' ExpectedRoute (Maybe [Text])
- data NetworkFirewallBlackHoleRouteDetectedViolation = NetworkFirewallBlackHoleRouteDetectedViolation' {
- routeTableId :: Maybe Text
- vpcId :: Maybe Text
- violatingRoutes :: Maybe [Route]
- violationTarget :: Maybe Text
- newNetworkFirewallBlackHoleRouteDetectedViolation :: NetworkFirewallBlackHoleRouteDetectedViolation
- networkFirewallBlackHoleRouteDetectedViolation_routeTableId :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text)
- networkFirewallBlackHoleRouteDetectedViolation_vpcId :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text)
- networkFirewallBlackHoleRouteDetectedViolation_violatingRoutes :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe [Route])
- networkFirewallBlackHoleRouteDetectedViolation_violationTarget :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text)
- data NetworkFirewallInternetTrafficNotInspectedViolation = NetworkFirewallInternetTrafficNotInspectedViolation' {
- actualInternetGatewayRoutes :: Maybe [Route]
- routeTableId :: Maybe Text
- vpcId :: Maybe Text
- violatingRoutes :: Maybe [Route]
- subnetId :: Maybe Text
- expectedFirewallSubnetRoutes :: Maybe [ExpectedRoute]
- subnetAvailabilityZone :: Maybe Text
- expectedInternetGatewayRoutes :: Maybe [ExpectedRoute]
- currentInternetGatewayRouteTable :: Maybe Text
- firewallSubnetId :: Maybe Text
- currentFirewallSubnetRouteTable :: Maybe Text
- expectedFirewallEndpoint :: Maybe Text
- isRouteTableUsedInDifferentAZ :: Maybe Bool
- internetGatewayId :: Maybe Text
- actualFirewallSubnetRoutes :: Maybe [Route]
- newNetworkFirewallInternetTrafficNotInspectedViolation :: NetworkFirewallInternetTrafficNotInspectedViolation
- networkFirewallInternetTrafficNotInspectedViolation_actualInternetGatewayRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route])
- networkFirewallInternetTrafficNotInspectedViolation_routeTableId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_vpcId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_violatingRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route])
- networkFirewallInternetTrafficNotInspectedViolation_subnetId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallSubnetRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [ExpectedRoute])
- networkFirewallInternetTrafficNotInspectedViolation_subnetAvailabilityZone :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_expectedInternetGatewayRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [ExpectedRoute])
- networkFirewallInternetTrafficNotInspectedViolation_currentInternetGatewayRouteTable :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_firewallSubnetId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_currentFirewallSubnetRouteTable :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallEndpoint :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_isRouteTableUsedInDifferentAZ :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Bool)
- networkFirewallInternetTrafficNotInspectedViolation_internetGatewayId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text)
- networkFirewallInternetTrafficNotInspectedViolation_actualFirewallSubnetRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route])
- data NetworkFirewallInvalidRouteConfigurationViolation = NetworkFirewallInvalidRouteConfigurationViolation' {
- actualInternetGatewayRoutes :: Maybe [Route]
- routeTableId :: Maybe Text
- affectedSubnets :: Maybe [Text]
- vpcId :: Maybe Text
- actualFirewallEndpoint :: Maybe Text
- expectedFirewallSubnetId :: Maybe Text
- expectedFirewallSubnetRoutes :: Maybe [ExpectedRoute]
- expectedInternetGatewayRoutes :: Maybe [ExpectedRoute]
- currentInternetGatewayRouteTable :: Maybe Text
- violatingRoute :: Maybe Route
- currentFirewallSubnetRouteTable :: Maybe Text
- expectedFirewallEndpoint :: Maybe Text
- isRouteTableUsedInDifferentAZ :: Maybe Bool
- actualFirewallSubnetId :: Maybe Text
- internetGatewayId :: Maybe Text
- actualFirewallSubnetRoutes :: Maybe [Route]
- newNetworkFirewallInvalidRouteConfigurationViolation :: NetworkFirewallInvalidRouteConfigurationViolation
- networkFirewallInvalidRouteConfigurationViolation_actualInternetGatewayRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Route])
- networkFirewallInvalidRouteConfigurationViolation_routeTableId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_affectedSubnets :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Text])
- networkFirewallInvalidRouteConfigurationViolation_vpcId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_actualFirewallEndpoint :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [ExpectedRoute])
- networkFirewallInvalidRouteConfigurationViolation_expectedInternetGatewayRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [ExpectedRoute])
- networkFirewallInvalidRouteConfigurationViolation_currentInternetGatewayRouteTable :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_violatingRoute :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Route)
- networkFirewallInvalidRouteConfigurationViolation_currentFirewallSubnetRouteTable :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_expectedFirewallEndpoint :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_isRouteTableUsedInDifferentAZ :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Bool)
- networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_internetGatewayId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text)
- networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Route])
- data NetworkFirewallMissingExpectedRTViolation = NetworkFirewallMissingExpectedRTViolation' {}
- newNetworkFirewallMissingExpectedRTViolation :: NetworkFirewallMissingExpectedRTViolation
- networkFirewallMissingExpectedRTViolation_currentRouteTable :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- networkFirewallMissingExpectedRTViolation_availabilityZone :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- networkFirewallMissingExpectedRTViolation_vpc :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- networkFirewallMissingExpectedRTViolation_violationTarget :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- networkFirewallMissingExpectedRTViolation_expectedRouteTable :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text)
- data NetworkFirewallMissingExpectedRoutesViolation = NetworkFirewallMissingExpectedRoutesViolation' {}
- newNetworkFirewallMissingExpectedRoutesViolation :: NetworkFirewallMissingExpectedRoutesViolation
- networkFirewallMissingExpectedRoutesViolation_expectedRoutes :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe [ExpectedRoute])
- networkFirewallMissingExpectedRoutesViolation_vpcId :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe Text)
- networkFirewallMissingExpectedRoutesViolation_violationTarget :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe Text)
- data NetworkFirewallMissingFirewallViolation = NetworkFirewallMissingFirewallViolation' {}
- newNetworkFirewallMissingFirewallViolation :: NetworkFirewallMissingFirewallViolation
- networkFirewallMissingFirewallViolation_targetViolationReason :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text)
- networkFirewallMissingFirewallViolation_availabilityZone :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text)
- networkFirewallMissingFirewallViolation_vpc :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text)
- networkFirewallMissingFirewallViolation_violationTarget :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text)
- data NetworkFirewallMissingSubnetViolation = NetworkFirewallMissingSubnetViolation' {}
- newNetworkFirewallMissingSubnetViolation :: NetworkFirewallMissingSubnetViolation
- networkFirewallMissingSubnetViolation_targetViolationReason :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text)
- networkFirewallMissingSubnetViolation_availabilityZone :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text)
- networkFirewallMissingSubnetViolation_vpc :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text)
- networkFirewallMissingSubnetViolation_violationTarget :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text)
- data NetworkFirewallPolicyDescription = NetworkFirewallPolicyDescription' {}
- newNetworkFirewallPolicyDescription :: NetworkFirewallPolicyDescription
- networkFirewallPolicyDescription_statefulRuleGroups :: Lens' NetworkFirewallPolicyDescription (Maybe [StatefulRuleGroup])
- networkFirewallPolicyDescription_statelessRuleGroups :: Lens' NetworkFirewallPolicyDescription (Maybe [StatelessRuleGroup])
- networkFirewallPolicyDescription_statelessFragmentDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text])
- networkFirewallPolicyDescription_statelessCustomActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text])
- networkFirewallPolicyDescription_statelessDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text])
- data NetworkFirewallPolicyModifiedViolation = NetworkFirewallPolicyModifiedViolation' {}
- newNetworkFirewallPolicyModifiedViolation :: NetworkFirewallPolicyModifiedViolation
- networkFirewallPolicyModifiedViolation_currentPolicyDescription :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe NetworkFirewallPolicyDescription)
- networkFirewallPolicyModifiedViolation_violationTarget :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe Text)
- networkFirewallPolicyModifiedViolation_expectedPolicyDescription :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe NetworkFirewallPolicyDescription)
- data NetworkFirewallUnexpectedFirewallRoutesViolation = NetworkFirewallUnexpectedFirewallRoutesViolation' {}
- newNetworkFirewallUnexpectedFirewallRoutesViolation :: NetworkFirewallUnexpectedFirewallRoutesViolation
- networkFirewallUnexpectedFirewallRoutesViolation_routeTableId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text)
- networkFirewallUnexpectedFirewallRoutesViolation_vpcId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text)
- networkFirewallUnexpectedFirewallRoutesViolation_violatingRoutes :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe [Route])
- networkFirewallUnexpectedFirewallRoutesViolation_firewallEndpoint :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text)
- networkFirewallUnexpectedFirewallRoutesViolation_firewallSubnetId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text)
- data NetworkFirewallUnexpectedGatewayRoutesViolation = NetworkFirewallUnexpectedGatewayRoutesViolation' {}
- newNetworkFirewallUnexpectedGatewayRoutesViolation :: NetworkFirewallUnexpectedGatewayRoutesViolation
- networkFirewallUnexpectedGatewayRoutesViolation_routeTableId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text)
- networkFirewallUnexpectedGatewayRoutesViolation_vpcId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text)
- networkFirewallUnexpectedGatewayRoutesViolation_violatingRoutes :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe [Route])
- networkFirewallUnexpectedGatewayRoutesViolation_gatewayId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text)
- data PartialMatch = PartialMatch' {}
- newPartialMatch :: PartialMatch
- partialMatch_targetViolationReasons :: Lens' PartialMatch (Maybe [Text])
- partialMatch_reference :: Lens' PartialMatch (Maybe Text)
- data Policy = Policy' {
- policyId :: Maybe Text
- resourceTypeList :: Maybe [Text]
- resourceTags :: Maybe [ResourceTag]
- policyUpdateToken :: Maybe Text
- deleteUnusedFMManagedResources :: Maybe Bool
- excludeMap :: Maybe (HashMap CustomerPolicyScopeIdType [Text])
- includeMap :: Maybe (HashMap CustomerPolicyScopeIdType [Text])
- policyName :: Text
- securityServicePolicyData :: SecurityServicePolicyData
- resourceType :: Text
- excludeResourceTags :: Bool
- remediationEnabled :: Bool
- newPolicy :: Text -> SecurityServicePolicyData -> Text -> Bool -> Bool -> Policy
- policy_policyId :: Lens' Policy (Maybe Text)
- policy_resourceTypeList :: Lens' Policy (Maybe [Text])
- policy_resourceTags :: Lens' Policy (Maybe [ResourceTag])
- policy_policyUpdateToken :: Lens' Policy (Maybe Text)
- policy_deleteUnusedFMManagedResources :: Lens' Policy (Maybe Bool)
- policy_excludeMap :: Lens' Policy (Maybe (HashMap CustomerPolicyScopeIdType [Text]))
- policy_includeMap :: Lens' Policy (Maybe (HashMap CustomerPolicyScopeIdType [Text]))
- policy_policyName :: Lens' Policy Text
- policy_securityServicePolicyData :: Lens' Policy SecurityServicePolicyData
- policy_resourceType :: Lens' Policy Text
- policy_excludeResourceTags :: Lens' Policy Bool
- policy_remediationEnabled :: Lens' Policy Bool
- data PolicyComplianceDetail = PolicyComplianceDetail' {}
- newPolicyComplianceDetail :: PolicyComplianceDetail
- policyComplianceDetail_expiredAt :: Lens' PolicyComplianceDetail (Maybe UTCTime)
- policyComplianceDetail_policyId :: Lens' PolicyComplianceDetail (Maybe Text)
- policyComplianceDetail_violators :: Lens' PolicyComplianceDetail (Maybe [ComplianceViolator])
- policyComplianceDetail_evaluationLimitExceeded :: Lens' PolicyComplianceDetail (Maybe Bool)
- policyComplianceDetail_issueInfoMap :: Lens' PolicyComplianceDetail (Maybe (HashMap DependentServiceName Text))
- policyComplianceDetail_policyOwner :: Lens' PolicyComplianceDetail (Maybe Text)
- policyComplianceDetail_memberAccount :: Lens' PolicyComplianceDetail (Maybe Text)
- data PolicyComplianceStatus = PolicyComplianceStatus' {}
- newPolicyComplianceStatus :: PolicyComplianceStatus
- policyComplianceStatus_evaluationResults :: Lens' PolicyComplianceStatus (Maybe [EvaluationResult])
- policyComplianceStatus_lastUpdated :: Lens' PolicyComplianceStatus (Maybe UTCTime)
- policyComplianceStatus_policyName :: Lens' PolicyComplianceStatus (Maybe Text)
- policyComplianceStatus_policyId :: Lens' PolicyComplianceStatus (Maybe Text)
- policyComplianceStatus_issueInfoMap :: Lens' PolicyComplianceStatus (Maybe (HashMap DependentServiceName Text))
- policyComplianceStatus_policyOwner :: Lens' PolicyComplianceStatus (Maybe Text)
- policyComplianceStatus_memberAccount :: Lens' PolicyComplianceStatus (Maybe Text)
- data PolicySummary = PolicySummary' {}
- newPolicySummary :: PolicySummary
- policySummary_policyName :: Lens' PolicySummary (Maybe Text)
- policySummary_remediationEnabled :: Lens' PolicySummary (Maybe Bool)
- policySummary_resourceType :: Lens' PolicySummary (Maybe Text)
- policySummary_policyId :: Lens' PolicySummary (Maybe Text)
- policySummary_deleteUnusedFMManagedResources :: Lens' PolicySummary (Maybe Bool)
- policySummary_policyArn :: Lens' PolicySummary (Maybe Text)
- policySummary_securityServiceType :: Lens' PolicySummary (Maybe SecurityServiceType)
- data PossibleRemediationAction = PossibleRemediationAction' {}
- newPossibleRemediationAction :: PossibleRemediationAction
- possibleRemediationAction_isDefaultAction :: Lens' PossibleRemediationAction (Maybe Bool)
- possibleRemediationAction_description :: Lens' PossibleRemediationAction (Maybe Text)
- possibleRemediationAction_orderedRemediationActions :: Lens' PossibleRemediationAction [RemediationActionWithOrder]
- data PossibleRemediationActions = PossibleRemediationActions' {}
- newPossibleRemediationActions :: PossibleRemediationActions
- possibleRemediationActions_actions :: Lens' PossibleRemediationActions (Maybe [PossibleRemediationAction])
- possibleRemediationActions_description :: Lens' PossibleRemediationActions (Maybe Text)
- data ProtocolsListData = ProtocolsListData' {
- listUpdateToken :: Maybe Text
- listId :: Maybe Text
- lastUpdateTime :: Maybe POSIX
- previousProtocolsList :: Maybe (HashMap Text [Text])
- createTime :: Maybe POSIX
- listName :: Text
- protocolsList :: [Text]
- newProtocolsListData :: Text -> ProtocolsListData
- protocolsListData_listUpdateToken :: Lens' ProtocolsListData (Maybe Text)
- protocolsListData_listId :: Lens' ProtocolsListData (Maybe Text)
- protocolsListData_lastUpdateTime :: Lens' ProtocolsListData (Maybe UTCTime)
- protocolsListData_previousProtocolsList :: Lens' ProtocolsListData (Maybe (HashMap Text [Text]))
- protocolsListData_createTime :: Lens' ProtocolsListData (Maybe UTCTime)
- protocolsListData_listName :: Lens' ProtocolsListData Text
- protocolsListData_protocolsList :: Lens' ProtocolsListData [Text]
- data ProtocolsListDataSummary = ProtocolsListDataSummary' {}
- newProtocolsListDataSummary :: ProtocolsListDataSummary
- protocolsListDataSummary_protocolsList :: Lens' ProtocolsListDataSummary (Maybe [Text])
- protocolsListDataSummary_listArn :: Lens' ProtocolsListDataSummary (Maybe Text)
- protocolsListDataSummary_listId :: Lens' ProtocolsListDataSummary (Maybe Text)
- protocolsListDataSummary_listName :: Lens' ProtocolsListDataSummary (Maybe Text)
- data RemediationAction = RemediationAction' {
- eC2CreateRouteAction :: Maybe EC2CreateRouteAction
- eC2CopyRouteTableAction :: Maybe EC2CopyRouteTableAction
- eC2ReplaceRouteTableAssociationAction :: Maybe EC2ReplaceRouteTableAssociationAction
- eC2AssociateRouteTableAction :: Maybe EC2AssociateRouteTableAction
- eC2ReplaceRouteAction :: Maybe EC2ReplaceRouteAction
- eC2DeleteRouteAction :: Maybe EC2DeleteRouteAction
- description :: Maybe Text
- eC2CreateRouteTableAction :: Maybe EC2CreateRouteTableAction
- newRemediationAction :: RemediationAction
- remediationAction_eC2CreateRouteAction :: Lens' RemediationAction (Maybe EC2CreateRouteAction)
- remediationAction_eC2CopyRouteTableAction :: Lens' RemediationAction (Maybe EC2CopyRouteTableAction)
- remediationAction_eC2ReplaceRouteTableAssociationAction :: Lens' RemediationAction (Maybe EC2ReplaceRouteTableAssociationAction)
- remediationAction_eC2AssociateRouteTableAction :: Lens' RemediationAction (Maybe EC2AssociateRouteTableAction)
- remediationAction_eC2ReplaceRouteAction :: Lens' RemediationAction (Maybe EC2ReplaceRouteAction)
- remediationAction_eC2DeleteRouteAction :: Lens' RemediationAction (Maybe EC2DeleteRouteAction)
- remediationAction_description :: Lens' RemediationAction (Maybe Text)
- remediationAction_eC2CreateRouteTableAction :: Lens' RemediationAction (Maybe EC2CreateRouteTableAction)
- data RemediationActionWithOrder = RemediationActionWithOrder' {}
- newRemediationActionWithOrder :: RemediationActionWithOrder
- remediationActionWithOrder_remediationAction :: Lens' RemediationActionWithOrder (Maybe RemediationAction)
- remediationActionWithOrder_order :: Lens' RemediationActionWithOrder (Maybe Int)
- data ResourceTag = ResourceTag' {}
- newResourceTag :: Text -> ResourceTag
- resourceTag_value :: Lens' ResourceTag (Maybe Text)
- resourceTag_key :: Lens' ResourceTag Text
- data ResourceViolation = ResourceViolation' {
- possibleRemediationActions :: Maybe PossibleRemediationActions
- networkFirewallBlackHoleRouteDetectedViolation :: Maybe NetworkFirewallBlackHoleRouteDetectedViolation
- dnsRuleGroupLimitExceededViolation :: Maybe DnsRuleGroupLimitExceededViolation
- networkFirewallMissingExpectedRTViolation :: Maybe NetworkFirewallMissingExpectedRTViolation
- networkFirewallInternetTrafficNotInspectedViolation :: Maybe NetworkFirewallInternetTrafficNotInspectedViolation
- networkFirewallMissingFirewallViolation :: Maybe NetworkFirewallMissingFirewallViolation
- networkFirewallMissingSubnetViolation :: Maybe NetworkFirewallMissingSubnetViolation
- awsEc2InstanceViolation :: Maybe AwsEc2InstanceViolation
- networkFirewallMissingExpectedRoutesViolation :: Maybe NetworkFirewallMissingExpectedRoutesViolation
- dnsRuleGroupPriorityConflictViolation :: Maybe DnsRuleGroupPriorityConflictViolation
- awsVPCSecurityGroupViolation :: Maybe AwsVPCSecurityGroupViolation
- networkFirewallPolicyModifiedViolation :: Maybe NetworkFirewallPolicyModifiedViolation
- networkFirewallUnexpectedFirewallRoutesViolation :: Maybe NetworkFirewallUnexpectedFirewallRoutesViolation
- awsEc2NetworkInterfaceViolation :: Maybe AwsEc2NetworkInterfaceViolation
- networkFirewallUnexpectedGatewayRoutesViolation :: Maybe NetworkFirewallUnexpectedGatewayRoutesViolation
- dnsDuplicateRuleGroupViolation :: Maybe DnsDuplicateRuleGroupViolation
- networkFirewallInvalidRouteConfigurationViolation :: Maybe NetworkFirewallInvalidRouteConfigurationViolation
- newResourceViolation :: ResourceViolation
- resourceViolation_possibleRemediationActions :: Lens' ResourceViolation (Maybe PossibleRemediationActions)
- resourceViolation_networkFirewallBlackHoleRouteDetectedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallBlackHoleRouteDetectedViolation)
- resourceViolation_dnsRuleGroupLimitExceededViolation :: Lens' ResourceViolation (Maybe DnsRuleGroupLimitExceededViolation)
- resourceViolation_networkFirewallMissingExpectedRTViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingExpectedRTViolation)
- resourceViolation_networkFirewallInternetTrafficNotInspectedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallInternetTrafficNotInspectedViolation)
- resourceViolation_networkFirewallMissingFirewallViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingFirewallViolation)
- resourceViolation_networkFirewallMissingSubnetViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingSubnetViolation)
- resourceViolation_awsEc2InstanceViolation :: Lens' ResourceViolation (Maybe AwsEc2InstanceViolation)
- resourceViolation_networkFirewallMissingExpectedRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingExpectedRoutesViolation)
- resourceViolation_dnsRuleGroupPriorityConflictViolation :: Lens' ResourceViolation (Maybe DnsRuleGroupPriorityConflictViolation)
- resourceViolation_awsVPCSecurityGroupViolation :: Lens' ResourceViolation (Maybe AwsVPCSecurityGroupViolation)
- resourceViolation_networkFirewallPolicyModifiedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallPolicyModifiedViolation)
- resourceViolation_networkFirewallUnexpectedFirewallRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallUnexpectedFirewallRoutesViolation)
- resourceViolation_awsEc2NetworkInterfaceViolation :: Lens' ResourceViolation (Maybe AwsEc2NetworkInterfaceViolation)
- resourceViolation_networkFirewallUnexpectedGatewayRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallUnexpectedGatewayRoutesViolation)
- resourceViolation_dnsDuplicateRuleGroupViolation :: Lens' ResourceViolation (Maybe DnsDuplicateRuleGroupViolation)
- resourceViolation_networkFirewallInvalidRouteConfigurationViolation :: Lens' ResourceViolation (Maybe NetworkFirewallInvalidRouteConfigurationViolation)
- data Route = Route' {}
- newRoute :: Route
- route_destination :: Lens' Route (Maybe Text)
- route_targetType :: Lens' Route (Maybe TargetType)
- route_destinationType :: Lens' Route (Maybe DestinationType)
- route_target :: Lens' Route (Maybe Text)
- data SecurityGroupRemediationAction = SecurityGroupRemediationAction' {}
- newSecurityGroupRemediationAction :: SecurityGroupRemediationAction
- securityGroupRemediationAction_isDefaultAction :: Lens' SecurityGroupRemediationAction (Maybe Bool)
- securityGroupRemediationAction_remediationResult :: Lens' SecurityGroupRemediationAction (Maybe SecurityGroupRuleDescription)
- securityGroupRemediationAction_description :: Lens' SecurityGroupRemediationAction (Maybe Text)
- securityGroupRemediationAction_remediationActionType :: Lens' SecurityGroupRemediationAction (Maybe RemediationActionType)
- data SecurityGroupRuleDescription = SecurityGroupRuleDescription' {}
- newSecurityGroupRuleDescription :: SecurityGroupRuleDescription
- securityGroupRuleDescription_fromPort :: Lens' SecurityGroupRuleDescription (Maybe Natural)
- securityGroupRuleDescription_protocol :: Lens' SecurityGroupRuleDescription (Maybe Text)
- securityGroupRuleDescription_iPV4Range :: Lens' SecurityGroupRuleDescription (Maybe Text)
- securityGroupRuleDescription_prefixListId :: Lens' SecurityGroupRuleDescription (Maybe Text)
- securityGroupRuleDescription_toPort :: Lens' SecurityGroupRuleDescription (Maybe Natural)
- securityGroupRuleDescription_iPV6Range :: Lens' SecurityGroupRuleDescription (Maybe Text)
- data SecurityServicePolicyData = SecurityServicePolicyData' {}
- newSecurityServicePolicyData :: SecurityServiceType -> SecurityServicePolicyData
- securityServicePolicyData_managedServiceData :: Lens' SecurityServicePolicyData (Maybe Text)
- securityServicePolicyData_type :: Lens' SecurityServicePolicyData SecurityServiceType
- data StatefulRuleGroup = StatefulRuleGroup' {}
- newStatefulRuleGroup :: StatefulRuleGroup
- statefulRuleGroup_resourceId :: Lens' StatefulRuleGroup (Maybe Text)
- statefulRuleGroup_ruleGroupName :: Lens' StatefulRuleGroup (Maybe Text)
- data StatelessRuleGroup = StatelessRuleGroup' {}
- newStatelessRuleGroup :: StatelessRuleGroup
- statelessRuleGroup_resourceId :: Lens' StatelessRuleGroup (Maybe Text)
- statelessRuleGroup_priority :: Lens' StatelessRuleGroup (Maybe Natural)
- statelessRuleGroup_ruleGroupName :: Lens' StatelessRuleGroup (Maybe Text)
- data Tag = Tag' {}
- newTag :: Text -> Text -> Tag
- tag_key :: Lens' Tag Text
- tag_value :: Lens' Tag Text
- data ViolationDetail = ViolationDetail' {}
- newViolationDetail :: Text -> Text -> Text -> Text -> ViolationDetail
- violationDetail_resourceTags :: Lens' ViolationDetail (Maybe [Tag])
- violationDetail_resourceDescription :: Lens' ViolationDetail (Maybe Text)
- violationDetail_policyId :: Lens' ViolationDetail Text
- violationDetail_memberAccount :: Lens' ViolationDetail Text
- violationDetail_resourceId :: Lens' ViolationDetail Text
- violationDetail_resourceType :: Lens' ViolationDetail Text
- violationDetail_resourceViolations :: Lens' ViolationDetail [ResourceViolation]
Service Configuration
defaultService :: Service Source #
API version 2018-01-01 of the Amazon Firewall Management Service SDK configuration.
Errors
_InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because of a system problem, even though the request was valid. Retry your request.
_InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The parameters of the request were invalid.
_InvalidOperationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because there was nothing to do or the operation
wasn't possible. For example, you might have submitted an
AssociateAdminAccount request for an account ID that was already set
as the Firewall Manager administrator. Or you might have tried to access
a Region that's disabled by default, and that you need to enable for
the Firewall Manager administrator account and for Organizations before
you can access it.
_InvalidTypeException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The value of the Type parameter is invalid.
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The specified resource was not found.
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation exceeds a resource limit, for example, the maximum number
of policy objects that you can create for an Amazon Web Services
account. For more information, see
Firewall Manager Limits
in the WAF Developer Guide.
AccountRoleStatus
newtype AccountRoleStatus Source #
Constructors
| AccountRoleStatus' | |
Fields | |
Bundled Patterns
| pattern AccountRoleStatus_CREATING :: AccountRoleStatus | |
| pattern AccountRoleStatus_DELETED :: AccountRoleStatus | |
| pattern AccountRoleStatus_DELETING :: AccountRoleStatus | |
| pattern AccountRoleStatus_PENDING_DELETION :: AccountRoleStatus | |
| pattern AccountRoleStatus_READY :: AccountRoleStatus |
Instances
CustomerPolicyScopeIdType
newtype CustomerPolicyScopeIdType Source #
Constructors
| CustomerPolicyScopeIdType' | |
Fields | |
Bundled Patterns
| pattern CustomerPolicyScopeIdType_ACCOUNT :: CustomerPolicyScopeIdType | |
| pattern CustomerPolicyScopeIdType_ORG_UNIT :: CustomerPolicyScopeIdType |
Instances
DependentServiceName
newtype DependentServiceName Source #
Constructors
| DependentServiceName' | |
Fields | |
Bundled Patterns
| pattern DependentServiceName_AWSCONFIG :: DependentServiceName | |
| pattern DependentServiceName_AWSSHIELD_ADVANCED :: DependentServiceName | |
| pattern DependentServiceName_AWSVPC :: DependentServiceName | |
| pattern DependentServiceName_AWSWAF :: DependentServiceName |
Instances
DestinationType
newtype DestinationType Source #
Constructors
| DestinationType' | |
Fields | |
Bundled Patterns
| pattern DestinationType_IPV4 :: DestinationType | |
| pattern DestinationType_IPV6 :: DestinationType | |
| pattern DestinationType_PREFIX_LIST :: DestinationType |
Instances
PolicyComplianceStatusType
newtype PolicyComplianceStatusType Source #
Constructors
| PolicyComplianceStatusType' | |
Fields | |
Bundled Patterns
| pattern PolicyComplianceStatusType_COMPLIANT :: PolicyComplianceStatusType | |
| pattern PolicyComplianceStatusType_NON_COMPLIANT :: PolicyComplianceStatusType |
Instances
RemediationActionType
newtype RemediationActionType Source #
Constructors
| RemediationActionType' | |
Fields | |
Bundled Patterns
| pattern RemediationActionType_MODIFY :: RemediationActionType | |
| pattern RemediationActionType_REMOVE :: RemediationActionType |
Instances
SecurityServiceType
newtype SecurityServiceType Source #
Constructors
| SecurityServiceType' | |
Fields | |
Bundled Patterns
Instances
TargetType
newtype TargetType Source #
Constructors
| TargetType' | |
Fields | |
Bundled Patterns
| pattern TargetType_CARRIER_GATEWAY :: TargetType | |
| pattern TargetType_EGRESS_ONLY_INTERNET_GATEWAY :: TargetType | |
| pattern TargetType_GATEWAY :: TargetType | |
| pattern TargetType_INSTANCE :: TargetType | |
| pattern TargetType_LOCAL_GATEWAY :: TargetType | |
| pattern TargetType_NAT_GATEWAY :: TargetType | |
| pattern TargetType_NETWORK_INTERFACE :: TargetType | |
| pattern TargetType_TRANSIT_GATEWAY :: TargetType | |
| pattern TargetType_VPC_ENDPOINT :: TargetType | |
| pattern TargetType_VPC_PEERING_CONNECTION :: TargetType |
Instances
ViolationReason
newtype ViolationReason Source #
Constructors
| ViolationReason' | |
Fields | |
Bundled Patterns
Instances
ActionTarget
data ActionTarget Source #
Describes a remediation action target.
See: newActionTarget smart constructor.
Constructors
| ActionTarget' | |
Fields
| |
Instances
newActionTarget :: ActionTarget Source #
Create a value of ActionTarget with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceId:ActionTarget', actionTarget_resourceId - The ID of the remediation target.
$sel:description:ActionTarget', actionTarget_description - A description of the remediation action target.
actionTarget_resourceId :: Lens' ActionTarget (Maybe Text) Source #
The ID of the remediation target.
actionTarget_description :: Lens' ActionTarget (Maybe Text) Source #
A description of the remediation action target.
App
An individual Firewall Manager application.
See: newApp smart constructor.
Constructors
| App' | |
Instances
| Eq App Source # | |
| Read App Source # | |
| Show App Source # | |
| Generic App Source # | |
| NFData App Source # | |
Defined in Amazonka.FMS.Types.App | |
| Hashable App Source # | |
Defined in Amazonka.FMS.Types.App | |
| ToJSON App Source # | |
Defined in Amazonka.FMS.Types.App | |
| FromJSON App Source # | |
| type Rep App Source # | |
Defined in Amazonka.FMS.Types.App type Rep App = D1 ('MetaData "App" "Amazonka.FMS.Types.App" "libZSservicesZSamazonka-fmsZSamazonka-fms" 'False) (C1 ('MetaCons "App'" 'PrefixI 'True) (S1 ('MetaSel ('Just "appName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: (S1 ('MetaSel ('Just "protocol") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "port") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Natural)))) | |
Create a value of App with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:appName:App', app_appName - The application's name.
$sel:protocol:App', app_protocol - The IP protocol name or number. The name can be one of tcp, udp, or
icmp. For information on possible numbers, see
Protocol Numbers.
$sel:port:App', app_port - The application's port number, for example 80.
app_protocol :: Lens' App Text Source #
The IP protocol name or number. The name can be one of tcp, udp, or
icmp. For information on possible numbers, see
Protocol Numbers.
AppsListData
data AppsListData Source #
An Firewall Manager applications list.
See: newAppsListData smart constructor.
Constructors
| AppsListData' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> AppsListData |
Create a value of AppsListData with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:listUpdateToken:AppsListData', appsListData_listUpdateToken - A unique identifier for each update to the list. When you update the
list, the update token must match the token of the current version of
the application list. You can retrieve the update token by getting the
list.
$sel:listId:AppsListData', appsListData_listId - The ID of the Firewall Manager applications list.
$sel:lastUpdateTime:AppsListData', appsListData_lastUpdateTime - The time that the Firewall Manager applications list was last updated.
$sel:previousAppsList:AppsListData', appsListData_previousAppsList - A map of previous version numbers to their corresponding App object
arrays.
$sel:createTime:AppsListData', appsListData_createTime - The time that the Firewall Manager applications list was created.
$sel:listName:AppsListData', appsListData_listName - The name of the Firewall Manager applications list.
$sel:appsList:AppsListData', appsListData_appsList - An array of applications in the Firewall Manager applications list.
appsListData_listUpdateToken :: Lens' AppsListData (Maybe Text) Source #
A unique identifier for each update to the list. When you update the list, the update token must match the token of the current version of the application list. You can retrieve the update token by getting the list.
appsListData_listId :: Lens' AppsListData (Maybe Text) Source #
The ID of the Firewall Manager applications list.
appsListData_lastUpdateTime :: Lens' AppsListData (Maybe UTCTime) Source #
The time that the Firewall Manager applications list was last updated.
appsListData_previousAppsList :: Lens' AppsListData (Maybe (HashMap Text [App])) Source #
A map of previous version numbers to their corresponding App object
arrays.
appsListData_createTime :: Lens' AppsListData (Maybe UTCTime) Source #
The time that the Firewall Manager applications list was created.
appsListData_listName :: Lens' AppsListData Text Source #
The name of the Firewall Manager applications list.
appsListData_appsList :: Lens' AppsListData [App] Source #
An array of applications in the Firewall Manager applications list.
AppsListDataSummary
data AppsListDataSummary Source #
Details of the Firewall Manager applications list.
See: newAppsListDataSummary smart constructor.
Constructors
| AppsListDataSummary' | |
Instances
newAppsListDataSummary :: AppsListDataSummary Source #
Create a value of AppsListDataSummary with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:listArn:AppsListDataSummary', appsListDataSummary_listArn - The Amazon Resource Name (ARN) of the applications list.
$sel:appsList:AppsListDataSummary', appsListDataSummary_appsList - An array of App objects in the Firewall Manager applications list.
$sel:listId:AppsListDataSummary', appsListDataSummary_listId - The ID of the applications list.
$sel:listName:AppsListDataSummary', appsListDataSummary_listName - The name of the applications list.
appsListDataSummary_listArn :: Lens' AppsListDataSummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the applications list.
appsListDataSummary_appsList :: Lens' AppsListDataSummary (Maybe [App]) Source #
An array of App objects in the Firewall Manager applications list.
appsListDataSummary_listId :: Lens' AppsListDataSummary (Maybe Text) Source #
The ID of the applications list.
appsListDataSummary_listName :: Lens' AppsListDataSummary (Maybe Text) Source #
The name of the applications list.
AwsEc2InstanceViolation
data AwsEc2InstanceViolation Source #
Violation detail for an EC2 instance resource.
See: newAwsEc2InstanceViolation smart constructor.
Constructors
| AwsEc2InstanceViolation' | |
Fields
| |
Instances
newAwsEc2InstanceViolation :: AwsEc2InstanceViolation Source #
Create a value of AwsEc2InstanceViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violationTarget:AwsEc2InstanceViolation', awsEc2InstanceViolation_violationTarget - The resource ID of the EC2 instance.
$sel:awsEc2NetworkInterfaceViolations:AwsEc2InstanceViolation', awsEc2InstanceViolation_awsEc2NetworkInterfaceViolations - Violation detail for network interfaces associated with the EC2
instance.
awsEc2InstanceViolation_violationTarget :: Lens' AwsEc2InstanceViolation (Maybe Text) Source #
The resource ID of the EC2 instance.
awsEc2InstanceViolation_awsEc2NetworkInterfaceViolations :: Lens' AwsEc2InstanceViolation (Maybe [AwsEc2NetworkInterfaceViolation]) Source #
Violation detail for network interfaces associated with the EC2 instance.
AwsEc2NetworkInterfaceViolation
data AwsEc2NetworkInterfaceViolation Source #
Violation detail for network interfaces associated with an EC2 instance.
See: newAwsEc2NetworkInterfaceViolation smart constructor.
Constructors
| AwsEc2NetworkInterfaceViolation' | |
Fields
| |
Instances
newAwsEc2NetworkInterfaceViolation :: AwsEc2NetworkInterfaceViolation Source #
Create a value of AwsEc2NetworkInterfaceViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violatingSecurityGroups:AwsEc2NetworkInterfaceViolation', awsEc2NetworkInterfaceViolation_violatingSecurityGroups - List of security groups that violate the rules specified in the primary
security group of the Firewall Manager policy.
$sel:violationTarget:AwsEc2NetworkInterfaceViolation', awsEc2NetworkInterfaceViolation_violationTarget - The resource ID of the network interface.
awsEc2NetworkInterfaceViolation_violatingSecurityGroups :: Lens' AwsEc2NetworkInterfaceViolation (Maybe [Text]) Source #
List of security groups that violate the rules specified in the primary security group of the Firewall Manager policy.
awsEc2NetworkInterfaceViolation_violationTarget :: Lens' AwsEc2NetworkInterfaceViolation (Maybe Text) Source #
The resource ID of the network interface.
AwsVPCSecurityGroupViolation
data AwsVPCSecurityGroupViolation Source #
Violation detail for the rule violation in a security group when compared to the primary security group of the Firewall Manager policy.
See: newAwsVPCSecurityGroupViolation smart constructor.
Constructors
| AwsVPCSecurityGroupViolation' | |
Fields
| |
Instances
newAwsVPCSecurityGroupViolation :: AwsVPCSecurityGroupViolation Source #
Create a value of AwsVPCSecurityGroupViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violationTargetDescription:AwsVPCSecurityGroupViolation', awsVPCSecurityGroupViolation_violationTargetDescription - A description of the security group that violates the policy.
$sel:possibleSecurityGroupRemediationActions:AwsVPCSecurityGroupViolation', awsVPCSecurityGroupViolation_possibleSecurityGroupRemediationActions - Remediation options for the rule specified in the ViolationTarget.
$sel:violationTarget:AwsVPCSecurityGroupViolation', awsVPCSecurityGroupViolation_violationTarget - The security group rule that is being evaluated.
$sel:partialMatches:AwsVPCSecurityGroupViolation', awsVPCSecurityGroupViolation_partialMatches - List of rules specified in the security group of the Firewall Manager
policy that partially match the ViolationTarget rule.
awsVPCSecurityGroupViolation_violationTargetDescription :: Lens' AwsVPCSecurityGroupViolation (Maybe Text) Source #
A description of the security group that violates the policy.
awsVPCSecurityGroupViolation_possibleSecurityGroupRemediationActions :: Lens' AwsVPCSecurityGroupViolation (Maybe [SecurityGroupRemediationAction]) Source #
Remediation options for the rule specified in the ViolationTarget.
awsVPCSecurityGroupViolation_violationTarget :: Lens' AwsVPCSecurityGroupViolation (Maybe Text) Source #
The security group rule that is being evaluated.
awsVPCSecurityGroupViolation_partialMatches :: Lens' AwsVPCSecurityGroupViolation (Maybe [PartialMatch]) Source #
List of rules specified in the security group of the Firewall Manager
policy that partially match the ViolationTarget rule.
ComplianceViolator
data ComplianceViolator Source #
Details of the resource that is not protected by the policy.
See: newComplianceViolator smart constructor.
Constructors
| ComplianceViolator' | |
Fields
| |
Instances
newComplianceViolator :: ComplianceViolator Source #
Create a value of ComplianceViolator with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceId:ComplianceViolator', complianceViolator_resourceId - The resource ID.
$sel:resourceType:ComplianceViolator', complianceViolator_resourceType - The resource type. This is in the format shown in the
Amazon Web Services Resource Types Reference.
For example: AWS::ElasticLoadBalancingV2::LoadBalancer,
AWS::CloudFront::Distribution, or
AWS::NetworkFirewall::FirewallPolicy.
$sel:violationReason:ComplianceViolator', complianceViolator_violationReason - The reason that the resource is not protected by the policy.
complianceViolator_resourceId :: Lens' ComplianceViolator (Maybe Text) Source #
The resource ID.
complianceViolator_resourceType :: Lens' ComplianceViolator (Maybe Text) Source #
The resource type. This is in the format shown in the
Amazon Web Services Resource Types Reference.
For example: AWS::ElasticLoadBalancingV2::LoadBalancer,
AWS::CloudFront::Distribution, or
AWS::NetworkFirewall::FirewallPolicy.
complianceViolator_violationReason :: Lens' ComplianceViolator (Maybe ViolationReason) Source #
The reason that the resource is not protected by the policy.
DnsDuplicateRuleGroupViolation
data DnsDuplicateRuleGroupViolation Source #
A DNS Firewall rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.
See: newDnsDuplicateRuleGroupViolation smart constructor.
Constructors
| DnsDuplicateRuleGroupViolation' | |
Fields
| |
Instances
newDnsDuplicateRuleGroupViolation :: DnsDuplicateRuleGroupViolation Source #
Create a value of DnsDuplicateRuleGroupViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violationTargetDescription:DnsDuplicateRuleGroupViolation', dnsDuplicateRuleGroupViolation_violationTargetDescription - A description of the violation that specifies the rule group and VPC.
$sel:violationTarget:DnsDuplicateRuleGroupViolation', dnsDuplicateRuleGroupViolation_violationTarget - Information about the VPC ID.
dnsDuplicateRuleGroupViolation_violationTargetDescription :: Lens' DnsDuplicateRuleGroupViolation (Maybe Text) Source #
A description of the violation that specifies the rule group and VPC.
dnsDuplicateRuleGroupViolation_violationTarget :: Lens' DnsDuplicateRuleGroupViolation (Maybe Text) Source #
Information about the VPC ID.
DnsRuleGroupLimitExceededViolation
data DnsRuleGroupLimitExceededViolation Source #
The VPC that Firewall Manager was applying a DNS Fireall policy to reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed due to the limit.
See: newDnsRuleGroupLimitExceededViolation smart constructor.
Constructors
| DnsRuleGroupLimitExceededViolation' | |
Fields
| |
Instances
newDnsRuleGroupLimitExceededViolation :: DnsRuleGroupLimitExceededViolation Source #
Create a value of DnsRuleGroupLimitExceededViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violationTargetDescription:DnsRuleGroupLimitExceededViolation', dnsRuleGroupLimitExceededViolation_violationTargetDescription - A description of the violation that specifies the rule group and VPC.
$sel:violationTarget:DnsRuleGroupLimitExceededViolation', dnsRuleGroupLimitExceededViolation_violationTarget - Information about the VPC ID.
$sel:numberOfRuleGroupsAlreadyAssociated:DnsRuleGroupLimitExceededViolation', dnsRuleGroupLimitExceededViolation_numberOfRuleGroupsAlreadyAssociated - The number of rule groups currently associated with the VPC.
dnsRuleGroupLimitExceededViolation_violationTargetDescription :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Text) Source #
A description of the violation that specifies the rule group and VPC.
dnsRuleGroupLimitExceededViolation_violationTarget :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Text) Source #
Information about the VPC ID.
dnsRuleGroupLimitExceededViolation_numberOfRuleGroupsAlreadyAssociated :: Lens' DnsRuleGroupLimitExceededViolation (Maybe Int) Source #
The number of rule groups currently associated with the VPC.
DnsRuleGroupPriorityConflictViolation
data DnsRuleGroupPriorityConflictViolation Source #
A rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.
See: newDnsRuleGroupPriorityConflictViolation smart constructor.
Constructors
| DnsRuleGroupPriorityConflictViolation' | |
Fields
| |
Instances
newDnsRuleGroupPriorityConflictViolation :: DnsRuleGroupPriorityConflictViolation Source #
Create a value of DnsRuleGroupPriorityConflictViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:conflictingPriority:DnsRuleGroupPriorityConflictViolation', dnsRuleGroupPriorityConflictViolation_conflictingPriority - The priority setting of the two conflicting rule groups.
$sel:conflictingPolicyId:DnsRuleGroupPriorityConflictViolation', dnsRuleGroupPriorityConflictViolation_conflictingPolicyId - The ID of the Firewall Manager DNS Firewall policy that was already
applied to the VPC. This policy contains the rule group that's already
associated with the VPC.
$sel:violationTargetDescription:DnsRuleGroupPriorityConflictViolation', dnsRuleGroupPriorityConflictViolation_violationTargetDescription - A description of the violation that specifies the VPC and the rule group
that's already associated with it.
$sel:violationTarget:DnsRuleGroupPriorityConflictViolation', dnsRuleGroupPriorityConflictViolation_violationTarget - Information about the VPC ID.
$sel:unavailablePriorities:DnsRuleGroupPriorityConflictViolation', dnsRuleGroupPriorityConflictViolation_unavailablePriorities - The priorities of rule groups that are already associated with the VPC.
To retry your operation, choose priority settings that aren't in this
list for the rule groups in your new DNS Firewall policy.
dnsRuleGroupPriorityConflictViolation_conflictingPriority :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Natural) Source #
The priority setting of the two conflicting rule groups.
dnsRuleGroupPriorityConflictViolation_conflictingPolicyId :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text) Source #
The ID of the Firewall Manager DNS Firewall policy that was already applied to the VPC. This policy contains the rule group that's already associated with the VPC.
dnsRuleGroupPriorityConflictViolation_violationTargetDescription :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text) Source #
A description of the violation that specifies the VPC and the rule group that's already associated with it.
dnsRuleGroupPriorityConflictViolation_violationTarget :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe Text) Source #
Information about the VPC ID.
dnsRuleGroupPriorityConflictViolation_unavailablePriorities :: Lens' DnsRuleGroupPriorityConflictViolation (Maybe [Natural]) Source #
The priorities of rule groups that are already associated with the VPC. To retry your operation, choose priority settings that aren't in this list for the rule groups in your new DNS Firewall policy.
EC2AssociateRouteTableAction
data EC2AssociateRouteTableAction Source #
The action of associating an EC2 resource, such as a subnet or internet gateway, with a route table.
See: newEC2AssociateRouteTableAction smart constructor.
Constructors
| EC2AssociateRouteTableAction' | |
Fields
| |
Instances
newEC2AssociateRouteTableAction Source #
Arguments
| :: ActionTarget | |
| -> EC2AssociateRouteTableAction |
Create a value of EC2AssociateRouteTableAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:subnetId:EC2AssociateRouteTableAction', eC2AssociateRouteTableAction_subnetId - The ID of the subnet for the EC2 route table that is associated with the
remediation action.
$sel:gatewayId:EC2AssociateRouteTableAction', eC2AssociateRouteTableAction_gatewayId - The ID of the gateway to be used with the EC2 route table that is
associated with the remediation action.
$sel:description:EC2AssociateRouteTableAction', eC2AssociateRouteTableAction_description - A description of the EC2 route table that is associated with the
remediation action.
$sel:routeTableId:EC2AssociateRouteTableAction', eC2AssociateRouteTableAction_routeTableId - The ID of the EC2 route table that is associated with the remediation
action.
eC2AssociateRouteTableAction_subnetId :: Lens' EC2AssociateRouteTableAction (Maybe ActionTarget) Source #
The ID of the subnet for the EC2 route table that is associated with the remediation action.
eC2AssociateRouteTableAction_gatewayId :: Lens' EC2AssociateRouteTableAction (Maybe ActionTarget) Source #
The ID of the gateway to be used with the EC2 route table that is associated with the remediation action.
eC2AssociateRouteTableAction_description :: Lens' EC2AssociateRouteTableAction (Maybe Text) Source #
A description of the EC2 route table that is associated with the remediation action.
eC2AssociateRouteTableAction_routeTableId :: Lens' EC2AssociateRouteTableAction ActionTarget Source #
The ID of the EC2 route table that is associated with the remediation action.
EC2CopyRouteTableAction
data EC2CopyRouteTableAction Source #
An action that copies the EC2 route table for use in remediation.
See: newEC2CopyRouteTableAction smart constructor.
Constructors
| EC2CopyRouteTableAction' | |
Fields
| |
Instances
newEC2CopyRouteTableAction Source #
Arguments
| :: ActionTarget | |
| -> ActionTarget | |
| -> EC2CopyRouteTableAction |
Create a value of EC2CopyRouteTableAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:EC2CopyRouteTableAction', eC2CopyRouteTableAction_description - A description of the copied EC2 route table that is associated with the
remediation action.
$sel:vpcId:EC2CopyRouteTableAction', eC2CopyRouteTableAction_vpcId - The VPC ID of the copied EC2 route table that is associated with the
remediation action.
$sel:routeTableId:EC2CopyRouteTableAction', eC2CopyRouteTableAction_routeTableId - The ID of the copied EC2 route table that is associated with the
remediation action.
eC2CopyRouteTableAction_description :: Lens' EC2CopyRouteTableAction (Maybe Text) Source #
A description of the copied EC2 route table that is associated with the remediation action.
eC2CopyRouteTableAction_vpcId :: Lens' EC2CopyRouteTableAction ActionTarget Source #
The VPC ID of the copied EC2 route table that is associated with the remediation action.
eC2CopyRouteTableAction_routeTableId :: Lens' EC2CopyRouteTableAction ActionTarget Source #
The ID of the copied EC2 route table that is associated with the remediation action.
EC2CreateRouteAction
data EC2CreateRouteAction Source #
Information about the CreateRoute action in Amazon EC2.
See: newEC2CreateRouteAction smart constructor.
Constructors
| EC2CreateRouteAction' | |
Fields
| |
Instances
newEC2CreateRouteAction Source #
Create a value of EC2CreateRouteAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:destinationIpv6CidrBlock:EC2CreateRouteAction', eC2CreateRouteAction_destinationIpv6CidrBlock - Information about the IPv6 CIDR block destination.
$sel:gatewayId:EC2CreateRouteAction', eC2CreateRouteAction_gatewayId - Information about the ID of an internet gateway or virtual private
gateway attached to your VPC.
$sel:vpcEndpointId:EC2CreateRouteAction', eC2CreateRouteAction_vpcEndpointId - Information about the ID of a VPC endpoint. Supported for Gateway Load
Balancer endpoints only.
$sel:destinationPrefixListId:EC2CreateRouteAction', eC2CreateRouteAction_destinationPrefixListId - Information about the ID of a prefix list used for the destination
match.
$sel:description:EC2CreateRouteAction', eC2CreateRouteAction_description - A description of CreateRoute action in Amazon EC2.
$sel:destinationCidrBlock:EC2CreateRouteAction', eC2CreateRouteAction_destinationCidrBlock - Information about the IPv4 CIDR address block used for the destination
match.
$sel:routeTableId:EC2CreateRouteAction', eC2CreateRouteAction_routeTableId - Information about the ID of the route table for the route.
eC2CreateRouteAction_destinationIpv6CidrBlock :: Lens' EC2CreateRouteAction (Maybe Text) Source #
Information about the IPv6 CIDR block destination.
eC2CreateRouteAction_gatewayId :: Lens' EC2CreateRouteAction (Maybe ActionTarget) Source #
Information about the ID of an internet gateway or virtual private gateway attached to your VPC.
eC2CreateRouteAction_vpcEndpointId :: Lens' EC2CreateRouteAction (Maybe ActionTarget) Source #
Information about the ID of a VPC endpoint. Supported for Gateway Load Balancer endpoints only.
eC2CreateRouteAction_destinationPrefixListId :: Lens' EC2CreateRouteAction (Maybe Text) Source #
Information about the ID of a prefix list used for the destination match.
eC2CreateRouteAction_description :: Lens' EC2CreateRouteAction (Maybe Text) Source #
A description of CreateRoute action in Amazon EC2.
eC2CreateRouteAction_destinationCidrBlock :: Lens' EC2CreateRouteAction (Maybe Text) Source #
Information about the IPv4 CIDR address block used for the destination match.
eC2CreateRouteAction_routeTableId :: Lens' EC2CreateRouteAction ActionTarget Source #
Information about the ID of the route table for the route.
EC2CreateRouteTableAction
data EC2CreateRouteTableAction Source #
Information about the CreateRouteTable action in Amazon EC2.
See: newEC2CreateRouteTableAction smart constructor.
Constructors
| EC2CreateRouteTableAction' | |
Fields
| |
Instances
newEC2CreateRouteTableAction Source #
Create a value of EC2CreateRouteTableAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:EC2CreateRouteTableAction', eC2CreateRouteTableAction_description - A description of the CreateRouteTable action.
$sel:vpcId:EC2CreateRouteTableAction', eC2CreateRouteTableAction_vpcId - Information about the ID of a VPC.
eC2CreateRouteTableAction_description :: Lens' EC2CreateRouteTableAction (Maybe Text) Source #
A description of the CreateRouteTable action.
eC2CreateRouteTableAction_vpcId :: Lens' EC2CreateRouteTableAction ActionTarget Source #
Information about the ID of a VPC.
EC2DeleteRouteAction
data EC2DeleteRouteAction Source #
Information about the DeleteRoute action in Amazon EC2.
See: newEC2DeleteRouteAction smart constructor.
Constructors
| EC2DeleteRouteAction' | |
Fields
| |
Instances
newEC2DeleteRouteAction Source #
Create a value of EC2DeleteRouteAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:destinationIpv6CidrBlock:EC2DeleteRouteAction', eC2DeleteRouteAction_destinationIpv6CidrBlock - Information about the IPv6 CIDR range for the route. The value you
specify must match the CIDR for the route exactly.
$sel:destinationPrefixListId:EC2DeleteRouteAction', eC2DeleteRouteAction_destinationPrefixListId - Information about the ID of the prefix list for the route.
$sel:description:EC2DeleteRouteAction', eC2DeleteRouteAction_description - A description of the DeleteRoute action.
$sel:destinationCidrBlock:EC2DeleteRouteAction', eC2DeleteRouteAction_destinationCidrBlock - Information about the IPv4 CIDR range for the route. The value you
specify must match the CIDR for the route exactly.
$sel:routeTableId:EC2DeleteRouteAction', eC2DeleteRouteAction_routeTableId - Information about the ID of the route table.
eC2DeleteRouteAction_destinationIpv6CidrBlock :: Lens' EC2DeleteRouteAction (Maybe Text) Source #
Information about the IPv6 CIDR range for the route. The value you specify must match the CIDR for the route exactly.
eC2DeleteRouteAction_destinationPrefixListId :: Lens' EC2DeleteRouteAction (Maybe Text) Source #
Information about the ID of the prefix list for the route.
eC2DeleteRouteAction_description :: Lens' EC2DeleteRouteAction (Maybe Text) Source #
A description of the DeleteRoute action.
eC2DeleteRouteAction_destinationCidrBlock :: Lens' EC2DeleteRouteAction (Maybe Text) Source #
Information about the IPv4 CIDR range for the route. The value you specify must match the CIDR for the route exactly.
eC2DeleteRouteAction_routeTableId :: Lens' EC2DeleteRouteAction ActionTarget Source #
Information about the ID of the route table.
EC2ReplaceRouteAction
data EC2ReplaceRouteAction Source #
Information about the ReplaceRoute action in Amazon EC2.
See: newEC2ReplaceRouteAction smart constructor.
Constructors
| EC2ReplaceRouteAction' | |
Fields
| |
Instances
newEC2ReplaceRouteAction Source #
Create a value of EC2ReplaceRouteAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:destinationIpv6CidrBlock:EC2ReplaceRouteAction', eC2ReplaceRouteAction_destinationIpv6CidrBlock - Information about the IPv6 CIDR address block used for the destination
match. The value that you provide must match the CIDR of an existing
route in the table.
$sel:gatewayId:EC2ReplaceRouteAction', eC2ReplaceRouteAction_gatewayId - Information about the ID of an internet gateway or virtual private
gateway.
$sel:destinationPrefixListId:EC2ReplaceRouteAction', eC2ReplaceRouteAction_destinationPrefixListId - Information about the ID of the prefix list for the route.
$sel:description:EC2ReplaceRouteAction', eC2ReplaceRouteAction_description - A description of the ReplaceRoute action in Amazon EC2.
$sel:destinationCidrBlock:EC2ReplaceRouteAction', eC2ReplaceRouteAction_destinationCidrBlock - Information about the IPv4 CIDR address block used for the destination
match. The value that you provide must match the CIDR of an existing
route in the table.
$sel:routeTableId:EC2ReplaceRouteAction', eC2ReplaceRouteAction_routeTableId - Information about the ID of the route table.
eC2ReplaceRouteAction_destinationIpv6CidrBlock :: Lens' EC2ReplaceRouteAction (Maybe Text) Source #
Information about the IPv6 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table.
eC2ReplaceRouteAction_gatewayId :: Lens' EC2ReplaceRouteAction (Maybe ActionTarget) Source #
Information about the ID of an internet gateway or virtual private gateway.
eC2ReplaceRouteAction_destinationPrefixListId :: Lens' EC2ReplaceRouteAction (Maybe Text) Source #
Information about the ID of the prefix list for the route.
eC2ReplaceRouteAction_description :: Lens' EC2ReplaceRouteAction (Maybe Text) Source #
A description of the ReplaceRoute action in Amazon EC2.
eC2ReplaceRouteAction_destinationCidrBlock :: Lens' EC2ReplaceRouteAction (Maybe Text) Source #
Information about the IPv4 CIDR address block used for the destination match. The value that you provide must match the CIDR of an existing route in the table.
eC2ReplaceRouteAction_routeTableId :: Lens' EC2ReplaceRouteAction ActionTarget Source #
Information about the ID of the route table.
EC2ReplaceRouteTableAssociationAction
data EC2ReplaceRouteTableAssociationAction Source #
Information about the ReplaceRouteTableAssociation action in Amazon EC2.
See: newEC2ReplaceRouteTableAssociationAction smart constructor.
Constructors
| EC2ReplaceRouteTableAssociationAction' | |
Fields
| |
Instances
newEC2ReplaceRouteTableAssociationAction Source #
Arguments
| :: ActionTarget | |
| -> ActionTarget | |
| -> EC2ReplaceRouteTableAssociationAction |
Create a value of EC2ReplaceRouteTableAssociationAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:EC2ReplaceRouteTableAssociationAction', eC2ReplaceRouteTableAssociationAction_description - A description of the ReplaceRouteTableAssociation action in Amazon EC2.
$sel:associationId:EC2ReplaceRouteTableAssociationAction', eC2ReplaceRouteTableAssociationAction_associationId - Information about the association ID.
$sel:routeTableId:EC2ReplaceRouteTableAssociationAction', eC2ReplaceRouteTableAssociationAction_routeTableId - Information about the ID of the new route table to associate with the
subnet.
eC2ReplaceRouteTableAssociationAction_description :: Lens' EC2ReplaceRouteTableAssociationAction (Maybe Text) Source #
A description of the ReplaceRouteTableAssociation action in Amazon EC2.
eC2ReplaceRouteTableAssociationAction_associationId :: Lens' EC2ReplaceRouteTableAssociationAction ActionTarget Source #
Information about the association ID.
eC2ReplaceRouteTableAssociationAction_routeTableId :: Lens' EC2ReplaceRouteTableAssociationAction ActionTarget Source #
Information about the ID of the new route table to associate with the subnet.
EvaluationResult
data EvaluationResult Source #
Describes the compliance status for the account. An account is considered noncompliant if it includes resources that are not protected by the specified policy or that don't comply with the policy.
See: newEvaluationResult smart constructor.
Constructors
| EvaluationResult' | |
Fields
| |
Instances
newEvaluationResult :: EvaluationResult Source #
Create a value of EvaluationResult with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:violatorCount:EvaluationResult', evaluationResult_violatorCount - The number of resources that are noncompliant with the specified policy.
For WAF and Shield Advanced policies, a resource is considered
noncompliant if it is not associated with the policy. For security group
policies, a resource is considered noncompliant if it doesn't comply
with the rules of the policy and remediation is disabled or not
possible.
$sel:complianceStatus:EvaluationResult', evaluationResult_complianceStatus - Describes an Amazon Web Services account's compliance with the Firewall
Manager policy.
$sel:evaluationLimitExceeded:EvaluationResult', evaluationResult_evaluationLimitExceeded - Indicates that over 100 resources are noncompliant with the Firewall
Manager policy.
evaluationResult_violatorCount :: Lens' EvaluationResult (Maybe Natural) Source #
The number of resources that are noncompliant with the specified policy. For WAF and Shield Advanced policies, a resource is considered noncompliant if it is not associated with the policy. For security group policies, a resource is considered noncompliant if it doesn't comply with the rules of the policy and remediation is disabled or not possible.
evaluationResult_complianceStatus :: Lens' EvaluationResult (Maybe PolicyComplianceStatusType) Source #
Describes an Amazon Web Services account's compliance with the Firewall Manager policy.
evaluationResult_evaluationLimitExceeded :: Lens' EvaluationResult (Maybe Bool) Source #
Indicates that over 100 resources are noncompliant with the Firewall Manager policy.
ExpectedRoute
data ExpectedRoute Source #
Information about the expected route in the route table.
See: newExpectedRoute smart constructor.
Constructors
| ExpectedRoute' | |
Fields
| |
Instances
newExpectedRoute :: ExpectedRoute Source #
Create a value of ExpectedRoute with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:ipV4Cidr:ExpectedRoute', expectedRoute_ipV4Cidr - Information about the IPv4 CIDR block.
$sel:routeTableId:ExpectedRoute', expectedRoute_routeTableId - Information about the route table ID.
$sel:allowedTargets:ExpectedRoute', expectedRoute_allowedTargets - Information about the allowed targets.
$sel:prefixListId:ExpectedRoute', expectedRoute_prefixListId - Information about the ID of the prefix list for the route.
$sel:ipV6Cidr:ExpectedRoute', expectedRoute_ipV6Cidr - Information about the IPv6 CIDR block.
$sel:contributingSubnets:ExpectedRoute', expectedRoute_contributingSubnets - Information about the contributing subnets.
expectedRoute_ipV4Cidr :: Lens' ExpectedRoute (Maybe Text) Source #
Information about the IPv4 CIDR block.
expectedRoute_routeTableId :: Lens' ExpectedRoute (Maybe Text) Source #
Information about the route table ID.
expectedRoute_allowedTargets :: Lens' ExpectedRoute (Maybe [Text]) Source #
Information about the allowed targets.
expectedRoute_prefixListId :: Lens' ExpectedRoute (Maybe Text) Source #
Information about the ID of the prefix list for the route.
expectedRoute_ipV6Cidr :: Lens' ExpectedRoute (Maybe Text) Source #
Information about the IPv6 CIDR block.
expectedRoute_contributingSubnets :: Lens' ExpectedRoute (Maybe [Text]) Source #
Information about the contributing subnets.
NetworkFirewallBlackHoleRouteDetectedViolation
data NetworkFirewallBlackHoleRouteDetectedViolation Source #
Violation detail for an internet gateway route with an inactive state in the customer subnet route table or Network Firewall subnet route table.
See: newNetworkFirewallBlackHoleRouteDetectedViolation smart constructor.
Constructors
| NetworkFirewallBlackHoleRouteDetectedViolation' | |
Fields
| |
Instances
newNetworkFirewallBlackHoleRouteDetectedViolation :: NetworkFirewallBlackHoleRouteDetectedViolation Source #
Create a value of NetworkFirewallBlackHoleRouteDetectedViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:routeTableId:NetworkFirewallBlackHoleRouteDetectedViolation', networkFirewallBlackHoleRouteDetectedViolation_routeTableId - Information about the route table ID.
$sel:vpcId:NetworkFirewallBlackHoleRouteDetectedViolation', networkFirewallBlackHoleRouteDetectedViolation_vpcId - Information about the VPC ID.
$sel:violatingRoutes:NetworkFirewallBlackHoleRouteDetectedViolation', networkFirewallBlackHoleRouteDetectedViolation_violatingRoutes - Information about the route or routes that are in violation.
$sel:violationTarget:NetworkFirewallBlackHoleRouteDetectedViolation', networkFirewallBlackHoleRouteDetectedViolation_violationTarget - The subnet that has an inactive state.
networkFirewallBlackHoleRouteDetectedViolation_routeTableId :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text) Source #
Information about the route table ID.
networkFirewallBlackHoleRouteDetectedViolation_vpcId :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text) Source #
Information about the VPC ID.
networkFirewallBlackHoleRouteDetectedViolation_violatingRoutes :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe [Route]) Source #
Information about the route or routes that are in violation.
networkFirewallBlackHoleRouteDetectedViolation_violationTarget :: Lens' NetworkFirewallBlackHoleRouteDetectedViolation (Maybe Text) Source #
The subnet that has an inactive state.
NetworkFirewallInternetTrafficNotInspectedViolation
data NetworkFirewallInternetTrafficNotInspectedViolation Source #
Violation detail for the subnet for which internet traffic that hasn't been inspected.
See: newNetworkFirewallInternetTrafficNotInspectedViolation smart constructor.
Constructors
| NetworkFirewallInternetTrafficNotInspectedViolation' | |
Fields
| |
Instances
newNetworkFirewallInternetTrafficNotInspectedViolation :: NetworkFirewallInternetTrafficNotInspectedViolation Source #
Create a value of NetworkFirewallInternetTrafficNotInspectedViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actualInternetGatewayRoutes:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_actualInternetGatewayRoutes - The actual internet gateway routes.
$sel:routeTableId:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_routeTableId - Information about the route table ID.
$sel:vpcId:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_vpcId - Information about the VPC ID.
$sel:violatingRoutes:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_violatingRoutes - The route or routes that are in violation.
$sel:subnetId:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_subnetId - The subnet ID.
$sel:expectedFirewallSubnetRoutes:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallSubnetRoutes - The firewall subnet routes that are expected.
$sel:subnetAvailabilityZone:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_subnetAvailabilityZone - The subnet Availability Zone.
$sel:expectedInternetGatewayRoutes:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_expectedInternetGatewayRoutes - The internet gateway routes that are expected.
$sel:currentInternetGatewayRouteTable:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_currentInternetGatewayRouteTable - The current route table for the internet gateway.
$sel:firewallSubnetId:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_firewallSubnetId - The firewall subnet ID.
$sel:currentFirewallSubnetRouteTable:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_currentFirewallSubnetRouteTable - Information about the subnet route table for the current firewall.
$sel:expectedFirewallEndpoint:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallEndpoint - The expected endpoint for the current firewall.
$sel:isRouteTableUsedInDifferentAZ:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_isRouteTableUsedInDifferentAZ - Information about whether the route table is used in another
Availability Zone.
$sel:internetGatewayId:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_internetGatewayId - The internet gateway ID.
$sel:actualFirewallSubnetRoutes:NetworkFirewallInternetTrafficNotInspectedViolation', networkFirewallInternetTrafficNotInspectedViolation_actualFirewallSubnetRoutes - The actual firewall subnet routes.
networkFirewallInternetTrafficNotInspectedViolation_actualInternetGatewayRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route]) Source #
The actual internet gateway routes.
networkFirewallInternetTrafficNotInspectedViolation_routeTableId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
Information about the route table ID.
networkFirewallInternetTrafficNotInspectedViolation_vpcId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
Information about the VPC ID.
networkFirewallInternetTrafficNotInspectedViolation_violatingRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route]) Source #
The route or routes that are in violation.
networkFirewallInternetTrafficNotInspectedViolation_subnetId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The subnet ID.
networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallSubnetRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [ExpectedRoute]) Source #
The firewall subnet routes that are expected.
networkFirewallInternetTrafficNotInspectedViolation_subnetAvailabilityZone :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The subnet Availability Zone.
networkFirewallInternetTrafficNotInspectedViolation_expectedInternetGatewayRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [ExpectedRoute]) Source #
The internet gateway routes that are expected.
networkFirewallInternetTrafficNotInspectedViolation_currentInternetGatewayRouteTable :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The current route table for the internet gateway.
networkFirewallInternetTrafficNotInspectedViolation_firewallSubnetId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The firewall subnet ID.
networkFirewallInternetTrafficNotInspectedViolation_currentFirewallSubnetRouteTable :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
Information about the subnet route table for the current firewall.
networkFirewallInternetTrafficNotInspectedViolation_expectedFirewallEndpoint :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The expected endpoint for the current firewall.
networkFirewallInternetTrafficNotInspectedViolation_isRouteTableUsedInDifferentAZ :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Bool) Source #
Information about whether the route table is used in another Availability Zone.
networkFirewallInternetTrafficNotInspectedViolation_internetGatewayId :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe Text) Source #
The internet gateway ID.
networkFirewallInternetTrafficNotInspectedViolation_actualFirewallSubnetRoutes :: Lens' NetworkFirewallInternetTrafficNotInspectedViolation (Maybe [Route]) Source #
The actual firewall subnet routes.
NetworkFirewallInvalidRouteConfigurationViolation
data NetworkFirewallInvalidRouteConfigurationViolation Source #
Violation detail for the improperly configured subnet route. It's possible there is a missing route table route, or a configuration that causes traffic to cross an Availability Zone boundary.
See: newNetworkFirewallInvalidRouteConfigurationViolation smart constructor.
Constructors
| NetworkFirewallInvalidRouteConfigurationViolation' | |
Fields
| |
Instances
newNetworkFirewallInvalidRouteConfigurationViolation :: NetworkFirewallInvalidRouteConfigurationViolation Source #
Create a value of NetworkFirewallInvalidRouteConfigurationViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actualInternetGatewayRoutes:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_actualInternetGatewayRoutes - The actual internet gateway routes.
$sel:routeTableId:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_routeTableId - The route table ID.
$sel:affectedSubnets:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_affectedSubnets - The subnets that are affected.
$sel:vpcId:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_vpcId - Information about the VPC ID.
$sel:actualFirewallEndpoint:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_actualFirewallEndpoint - The actual firewall endpoint.
$sel:expectedFirewallSubnetId:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetId - The expected subnet ID for the firewall.
$sel:expectedFirewallSubnetRoutes:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetRoutes - The firewall subnet routes that are expected.
$sel:expectedInternetGatewayRoutes:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_expectedInternetGatewayRoutes - The expected routes for the internet gateway.
$sel:currentInternetGatewayRouteTable:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_currentInternetGatewayRouteTable - The route table for the current internet gateway.
$sel:violatingRoute:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_violatingRoute - The route that's in violation.
$sel:currentFirewallSubnetRouteTable:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_currentFirewallSubnetRouteTable - The subnet route table for the current firewall.
$sel:expectedFirewallEndpoint:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_expectedFirewallEndpoint - The firewall endpoint that's expected.
$sel:isRouteTableUsedInDifferentAZ:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_isRouteTableUsedInDifferentAZ - Information about whether the route table is used in another
Availability Zone.
$sel:actualFirewallSubnetId:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetId - The actual subnet ID for the firewall.
$sel:internetGatewayId:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_internetGatewayId - The internet gateway ID.
$sel:actualFirewallSubnetRoutes:NetworkFirewallInvalidRouteConfigurationViolation', networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetRoutes - The actual firewall subnet routes that are expected.
networkFirewallInvalidRouteConfigurationViolation_actualInternetGatewayRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Route]) Source #
The actual internet gateway routes.
networkFirewallInvalidRouteConfigurationViolation_routeTableId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The route table ID.
networkFirewallInvalidRouteConfigurationViolation_affectedSubnets :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Text]) Source #
The subnets that are affected.
networkFirewallInvalidRouteConfigurationViolation_vpcId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
Information about the VPC ID.
networkFirewallInvalidRouteConfigurationViolation_actualFirewallEndpoint :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The actual firewall endpoint.
networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The expected subnet ID for the firewall.
networkFirewallInvalidRouteConfigurationViolation_expectedFirewallSubnetRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [ExpectedRoute]) Source #
The firewall subnet routes that are expected.
networkFirewallInvalidRouteConfigurationViolation_expectedInternetGatewayRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [ExpectedRoute]) Source #
The expected routes for the internet gateway.
networkFirewallInvalidRouteConfigurationViolation_currentInternetGatewayRouteTable :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The route table for the current internet gateway.
networkFirewallInvalidRouteConfigurationViolation_violatingRoute :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Route) Source #
The route that's in violation.
networkFirewallInvalidRouteConfigurationViolation_currentFirewallSubnetRouteTable :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The subnet route table for the current firewall.
networkFirewallInvalidRouteConfigurationViolation_expectedFirewallEndpoint :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The firewall endpoint that's expected.
networkFirewallInvalidRouteConfigurationViolation_isRouteTableUsedInDifferentAZ :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Bool) Source #
Information about whether the route table is used in another Availability Zone.
networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The actual subnet ID for the firewall.
networkFirewallInvalidRouteConfigurationViolation_internetGatewayId :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe Text) Source #
The internet gateway ID.
networkFirewallInvalidRouteConfigurationViolation_actualFirewallSubnetRoutes :: Lens' NetworkFirewallInvalidRouteConfigurationViolation (Maybe [Route]) Source #
The actual firewall subnet routes that are expected.
NetworkFirewallMissingExpectedRTViolation
data NetworkFirewallMissingExpectedRTViolation Source #
Violation detail for Network Firewall for a subnet that's not associated to the expected Firewall Manager managed route table.
See: newNetworkFirewallMissingExpectedRTViolation smart constructor.
Constructors
| NetworkFirewallMissingExpectedRTViolation' | |
Fields
| |
Instances
newNetworkFirewallMissingExpectedRTViolation :: NetworkFirewallMissingExpectedRTViolation Source #
Create a value of NetworkFirewallMissingExpectedRTViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:currentRouteTable:NetworkFirewallMissingExpectedRTViolation', networkFirewallMissingExpectedRTViolation_currentRouteTable - The resource ID of the current route table that's associated with the
subnet, if one is available.
$sel:availabilityZone:NetworkFirewallMissingExpectedRTViolation', networkFirewallMissingExpectedRTViolation_availabilityZone - The Availability Zone of a violating subnet.
$sel:vpc:NetworkFirewallMissingExpectedRTViolation', networkFirewallMissingExpectedRTViolation_vpc - The resource ID of the VPC associated with a violating subnet.
$sel:violationTarget:NetworkFirewallMissingExpectedRTViolation', networkFirewallMissingExpectedRTViolation_violationTarget - The ID of the Network Firewall or VPC resource that's in violation.
$sel:expectedRouteTable:NetworkFirewallMissingExpectedRTViolation', networkFirewallMissingExpectedRTViolation_expectedRouteTable - The resource ID of the route table that should be associated with the
subnet.
networkFirewallMissingExpectedRTViolation_currentRouteTable :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The resource ID of the current route table that's associated with the subnet, if one is available.
networkFirewallMissingExpectedRTViolation_availabilityZone :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The Availability Zone of a violating subnet.
networkFirewallMissingExpectedRTViolation_vpc :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The resource ID of the VPC associated with a violating subnet.
networkFirewallMissingExpectedRTViolation_violationTarget :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The ID of the Network Firewall or VPC resource that's in violation.
networkFirewallMissingExpectedRTViolation_expectedRouteTable :: Lens' NetworkFirewallMissingExpectedRTViolation (Maybe Text) Source #
The resource ID of the route table that should be associated with the subnet.
NetworkFirewallMissingExpectedRoutesViolation
data NetworkFirewallMissingExpectedRoutesViolation Source #
Violation detail for an expected route missing in Network Firewall.
See: newNetworkFirewallMissingExpectedRoutesViolation smart constructor.
Constructors
| NetworkFirewallMissingExpectedRoutesViolation' | |
Fields
| |
Instances
newNetworkFirewallMissingExpectedRoutesViolation :: NetworkFirewallMissingExpectedRoutesViolation Source #
Create a value of NetworkFirewallMissingExpectedRoutesViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:expectedRoutes:NetworkFirewallMissingExpectedRoutesViolation', networkFirewallMissingExpectedRoutesViolation_expectedRoutes - The expected routes.
$sel:vpcId:NetworkFirewallMissingExpectedRoutesViolation', networkFirewallMissingExpectedRoutesViolation_vpcId - Information about the VPC ID.
$sel:violationTarget:NetworkFirewallMissingExpectedRoutesViolation', networkFirewallMissingExpectedRoutesViolation_violationTarget - The target of the violation.
networkFirewallMissingExpectedRoutesViolation_expectedRoutes :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe [ExpectedRoute]) Source #
The expected routes.
networkFirewallMissingExpectedRoutesViolation_vpcId :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe Text) Source #
Information about the VPC ID.
networkFirewallMissingExpectedRoutesViolation_violationTarget :: Lens' NetworkFirewallMissingExpectedRoutesViolation (Maybe Text) Source #
The target of the violation.
NetworkFirewallMissingFirewallViolation
data NetworkFirewallMissingFirewallViolation Source #
Violation detail for Network Firewall for a subnet that doesn't have a Firewall Manager managed firewall in its VPC.
See: newNetworkFirewallMissingFirewallViolation smart constructor.
Constructors
| NetworkFirewallMissingFirewallViolation' | |
Fields
| |
Instances
newNetworkFirewallMissingFirewallViolation :: NetworkFirewallMissingFirewallViolation Source #
Create a value of NetworkFirewallMissingFirewallViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:targetViolationReason:NetworkFirewallMissingFirewallViolation', networkFirewallMissingFirewallViolation_targetViolationReason - The reason the resource has this violation, if one is available.
$sel:availabilityZone:NetworkFirewallMissingFirewallViolation', networkFirewallMissingFirewallViolation_availabilityZone - The Availability Zone of a violating subnet.
$sel:vpc:NetworkFirewallMissingFirewallViolation', networkFirewallMissingFirewallViolation_vpc - The resource ID of the VPC associated with a violating subnet.
$sel:violationTarget:NetworkFirewallMissingFirewallViolation', networkFirewallMissingFirewallViolation_violationTarget - The ID of the Network Firewall or VPC resource that's in violation.
networkFirewallMissingFirewallViolation_targetViolationReason :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text) Source #
The reason the resource has this violation, if one is available.
networkFirewallMissingFirewallViolation_availabilityZone :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text) Source #
The Availability Zone of a violating subnet.
networkFirewallMissingFirewallViolation_vpc :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text) Source #
The resource ID of the VPC associated with a violating subnet.
networkFirewallMissingFirewallViolation_violationTarget :: Lens' NetworkFirewallMissingFirewallViolation (Maybe Text) Source #
The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallMissingSubnetViolation
data NetworkFirewallMissingSubnetViolation Source #
Violation detail for Network Firewall for an Availability Zone that's missing the expected Firewall Manager managed subnet.
See: newNetworkFirewallMissingSubnetViolation smart constructor.
Constructors
| NetworkFirewallMissingSubnetViolation' | |
Fields
| |
Instances
newNetworkFirewallMissingSubnetViolation :: NetworkFirewallMissingSubnetViolation Source #
Create a value of NetworkFirewallMissingSubnetViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:targetViolationReason:NetworkFirewallMissingSubnetViolation', networkFirewallMissingSubnetViolation_targetViolationReason - The reason the resource has this violation, if one is available.
$sel:availabilityZone:NetworkFirewallMissingSubnetViolation', networkFirewallMissingSubnetViolation_availabilityZone - The Availability Zone of a violating subnet.
$sel:vpc:NetworkFirewallMissingSubnetViolation', networkFirewallMissingSubnetViolation_vpc - The resource ID of the VPC associated with a violating subnet.
$sel:violationTarget:NetworkFirewallMissingSubnetViolation', networkFirewallMissingSubnetViolation_violationTarget - The ID of the Network Firewall or VPC resource that's in violation.
networkFirewallMissingSubnetViolation_targetViolationReason :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text) Source #
The reason the resource has this violation, if one is available.
networkFirewallMissingSubnetViolation_availabilityZone :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text) Source #
The Availability Zone of a violating subnet.
networkFirewallMissingSubnetViolation_vpc :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text) Source #
The resource ID of the VPC associated with a violating subnet.
networkFirewallMissingSubnetViolation_violationTarget :: Lens' NetworkFirewallMissingSubnetViolation (Maybe Text) Source #
The ID of the Network Firewall or VPC resource that's in violation.
NetworkFirewallPolicyDescription
data NetworkFirewallPolicyDescription Source #
The definition of the Network Firewall firewall policy.
See: newNetworkFirewallPolicyDescription smart constructor.
Constructors
| NetworkFirewallPolicyDescription' | |
Fields
| |
Instances
newNetworkFirewallPolicyDescription :: NetworkFirewallPolicyDescription Source #
Create a value of NetworkFirewallPolicyDescription with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:statefulRuleGroups:NetworkFirewallPolicyDescription', networkFirewallPolicyDescription_statefulRuleGroups - The stateful rule groups that are used in the Network Firewall firewall
policy.
$sel:statelessRuleGroups:NetworkFirewallPolicyDescription', networkFirewallPolicyDescription_statelessRuleGroups - The stateless rule groups that are used in the Network Firewall firewall
policy.
$sel:statelessFragmentDefaultActions:NetworkFirewallPolicyDescription', networkFirewallPolicyDescription_statelessFragmentDefaultActions - The actions to take on packet fragments that don't match any of the
stateless rule groups.
$sel:statelessCustomActions:NetworkFirewallPolicyDescription', networkFirewallPolicyDescription_statelessCustomActions - Names of custom actions that are available for use in the stateless
default actions settings.
$sel:statelessDefaultActions:NetworkFirewallPolicyDescription', networkFirewallPolicyDescription_statelessDefaultActions - The actions to take on packets that don't match any of the stateless
rule groups.
networkFirewallPolicyDescription_statefulRuleGroups :: Lens' NetworkFirewallPolicyDescription (Maybe [StatefulRuleGroup]) Source #
The stateful rule groups that are used in the Network Firewall firewall policy.
networkFirewallPolicyDescription_statelessRuleGroups :: Lens' NetworkFirewallPolicyDescription (Maybe [StatelessRuleGroup]) Source #
The stateless rule groups that are used in the Network Firewall firewall policy.
networkFirewallPolicyDescription_statelessFragmentDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text]) Source #
The actions to take on packet fragments that don't match any of the stateless rule groups.
networkFirewallPolicyDescription_statelessCustomActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text]) Source #
Names of custom actions that are available for use in the stateless default actions settings.
networkFirewallPolicyDescription_statelessDefaultActions :: Lens' NetworkFirewallPolicyDescription (Maybe [Text]) Source #
The actions to take on packets that don't match any of the stateless rule groups.
NetworkFirewallPolicyModifiedViolation
data NetworkFirewallPolicyModifiedViolation Source #
Violation detail for Network Firewall for a firewall policy that has a different NetworkFirewallPolicyDescription than is required by the Firewall Manager policy.
See: newNetworkFirewallPolicyModifiedViolation smart constructor.
Constructors
| NetworkFirewallPolicyModifiedViolation' | |
Fields
| |
Instances
newNetworkFirewallPolicyModifiedViolation :: NetworkFirewallPolicyModifiedViolation Source #
Create a value of NetworkFirewallPolicyModifiedViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:currentPolicyDescription:NetworkFirewallPolicyModifiedViolation', networkFirewallPolicyModifiedViolation_currentPolicyDescription - The policy that's currently in use in the individual account.
$sel:violationTarget:NetworkFirewallPolicyModifiedViolation', networkFirewallPolicyModifiedViolation_violationTarget - The ID of the Network Firewall or VPC resource that's in violation.
$sel:expectedPolicyDescription:NetworkFirewallPolicyModifiedViolation', networkFirewallPolicyModifiedViolation_expectedPolicyDescription - The policy that should be in use in the individual account in order to
be compliant.
networkFirewallPolicyModifiedViolation_currentPolicyDescription :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe NetworkFirewallPolicyDescription) Source #
The policy that's currently in use in the individual account.
networkFirewallPolicyModifiedViolation_violationTarget :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe Text) Source #
The ID of the Network Firewall or VPC resource that's in violation.
networkFirewallPolicyModifiedViolation_expectedPolicyDescription :: Lens' NetworkFirewallPolicyModifiedViolation (Maybe NetworkFirewallPolicyDescription) Source #
The policy that should be in use in the individual account in order to be compliant.
NetworkFirewallUnexpectedFirewallRoutesViolation
data NetworkFirewallUnexpectedFirewallRoutesViolation Source #
Violation detail for an unexpected route that's present in a route table.
See: newNetworkFirewallUnexpectedFirewallRoutesViolation smart constructor.
Constructors
| NetworkFirewallUnexpectedFirewallRoutesViolation' | |
Fields
| |
Instances
newNetworkFirewallUnexpectedFirewallRoutesViolation :: NetworkFirewallUnexpectedFirewallRoutesViolation Source #
Create a value of NetworkFirewallUnexpectedFirewallRoutesViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:routeTableId:NetworkFirewallUnexpectedFirewallRoutesViolation', networkFirewallUnexpectedFirewallRoutesViolation_routeTableId - The ID of the route table.
$sel:vpcId:NetworkFirewallUnexpectedFirewallRoutesViolation', networkFirewallUnexpectedFirewallRoutesViolation_vpcId - Information about the VPC ID.
$sel:violatingRoutes:NetworkFirewallUnexpectedFirewallRoutesViolation', networkFirewallUnexpectedFirewallRoutesViolation_violatingRoutes - The routes that are in violation.
$sel:firewallEndpoint:NetworkFirewallUnexpectedFirewallRoutesViolation', networkFirewallUnexpectedFirewallRoutesViolation_firewallEndpoint - The endpoint of the firewall.
$sel:firewallSubnetId:NetworkFirewallUnexpectedFirewallRoutesViolation', networkFirewallUnexpectedFirewallRoutesViolation_firewallSubnetId - The subnet ID for the firewall.
networkFirewallUnexpectedFirewallRoutesViolation_routeTableId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text) Source #
The ID of the route table.
networkFirewallUnexpectedFirewallRoutesViolation_vpcId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text) Source #
Information about the VPC ID.
networkFirewallUnexpectedFirewallRoutesViolation_violatingRoutes :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe [Route]) Source #
The routes that are in violation.
networkFirewallUnexpectedFirewallRoutesViolation_firewallEndpoint :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text) Source #
The endpoint of the firewall.
networkFirewallUnexpectedFirewallRoutesViolation_firewallSubnetId :: Lens' NetworkFirewallUnexpectedFirewallRoutesViolation (Maybe Text) Source #
The subnet ID for the firewall.
NetworkFirewallUnexpectedGatewayRoutesViolation
data NetworkFirewallUnexpectedGatewayRoutesViolation Source #
Violation detail for an unexpected gateway route that’s present in a route table.
See: newNetworkFirewallUnexpectedGatewayRoutesViolation smart constructor.
Constructors
| NetworkFirewallUnexpectedGatewayRoutesViolation' | |
Instances
newNetworkFirewallUnexpectedGatewayRoutesViolation :: NetworkFirewallUnexpectedGatewayRoutesViolation Source #
Create a value of NetworkFirewallUnexpectedGatewayRoutesViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:routeTableId:NetworkFirewallUnexpectedGatewayRoutesViolation', networkFirewallUnexpectedGatewayRoutesViolation_routeTableId - Information about the route table.
$sel:vpcId:NetworkFirewallUnexpectedGatewayRoutesViolation', networkFirewallUnexpectedGatewayRoutesViolation_vpcId - Information about the VPC ID.
$sel:violatingRoutes:NetworkFirewallUnexpectedGatewayRoutesViolation', networkFirewallUnexpectedGatewayRoutesViolation_violatingRoutes - The routes that are in violation.
$sel:gatewayId:NetworkFirewallUnexpectedGatewayRoutesViolation', networkFirewallUnexpectedGatewayRoutesViolation_gatewayId - Information about the gateway ID.
networkFirewallUnexpectedGatewayRoutesViolation_routeTableId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text) Source #
Information about the route table.
networkFirewallUnexpectedGatewayRoutesViolation_vpcId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text) Source #
Information about the VPC ID.
networkFirewallUnexpectedGatewayRoutesViolation_violatingRoutes :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe [Route]) Source #
The routes that are in violation.
networkFirewallUnexpectedGatewayRoutesViolation_gatewayId :: Lens' NetworkFirewallUnexpectedGatewayRoutesViolation (Maybe Text) Source #
Information about the gateway ID.
PartialMatch
data PartialMatch Source #
The reference rule that partially matches the ViolationTarget rule and
violation reason.
See: newPartialMatch smart constructor.
Constructors
| PartialMatch' | |
Instances
newPartialMatch :: PartialMatch Source #
Create a value of PartialMatch with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:targetViolationReasons:PartialMatch', partialMatch_targetViolationReasons - The violation reason.
$sel:reference:PartialMatch', partialMatch_reference - The reference rule from the primary security group of the Firewall
Manager policy.
partialMatch_targetViolationReasons :: Lens' PartialMatch (Maybe [Text]) Source #
The violation reason.
partialMatch_reference :: Lens' PartialMatch (Maybe Text) Source #
The reference rule from the primary security group of the Firewall Manager policy.
Policy
An Firewall Manager policy.
See: newPolicy smart constructor.
Constructors
| Policy' | |
Fields
| |
Instances
Create a value of Policy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:policyId:Policy', policy_policyId - The ID of the Firewall Manager policy.
$sel:resourceTypeList:Policy', policy_resourceTypeList - An array of ResourceType objects. Use this only to specify multiple
resource types. To specify a single resource type, use ResourceType.
$sel:resourceTags:Policy', policy_resourceTags - An array of ResourceTag objects.
$sel:policyUpdateToken:Policy', policy_policyUpdateToken - A unique identifier for each update to the policy. When issuing a
PutPolicy request, the PolicyUpdateToken in the request must match
the PolicyUpdateToken of the current policy version. To get the
PolicyUpdateToken of the current policy version, use a GetPolicy
request.
$sel:deleteUnusedFMManagedResources:Policy', policy_deleteUnusedFMManagedResources - Indicates whether Firewall Manager should delete Firewall Manager
managed resources, such as web ACLs and security groups, when they are
not in use by the Firewall Manager policy. By default, Firewall Manager
doesn't delete unused Firewall Manager managed resources. This option
is not available for Shield Advanced or WAF Classic policies.
$sel:excludeMap:Policy', policy_excludeMap - Specifies the Amazon Web Services account IDs and Organizations
organizational units (OUs) to exclude from the policy. Specifying an OU
is the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a
later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap, Firewall Manager applies the policy to all accounts
specified by the IncludeMap, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}. - Specify OUs by setting the key to
ORG_UNIT. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
$sel:includeMap:Policy', policy_includeMap - Specifies the Amazon Web Services account IDs and Organizations
organizational units (OUs) to include in the policy. Specifying an OU is
the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a
later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap, Firewall Manager applies the policy to all accounts
specified by the IncludeMap, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}. - Specify OUs by setting the key to
ORG_UNIT. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
$sel:policyName:Policy', policy_policyName - The name of the Firewall Manager policy.
$sel:securityServicePolicyData:Policy', policy_securityServicePolicyData - Details about the security service that is being used to protect the
resources.
$sel:resourceType:Policy', policy_resourceType - The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
To apply this policy to multiple resource types, specify a resource type
of ResourceTypeList and then specify the resource types in a
ResourceTypeList.
For WAF and Shield Advanced, example resource types include
AWS::ElasticLoadBalancingV2::LoadBalancer and
AWS::CloudFront::Distribution. For a security group common policy,
valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and
AWS::EC2::Instance. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC.
$sel:excludeResourceTags:Policy', policy_excludeResourceTags - If set to True, resources with the tags that are specified in the
ResourceTag array are not in scope of the policy. If set to False,
and the ResourceTag array is not null, only resources with the
specified tags are in scope of the policy.
$sel:remediationEnabled:Policy', policy_remediationEnabled - Indicates if the policy should be automatically applied to new
resources.
policy_resourceTypeList :: Lens' Policy (Maybe [Text]) Source #
An array of ResourceType objects. Use this only to specify multiple
resource types. To specify a single resource type, use ResourceType.
policy_resourceTags :: Lens' Policy (Maybe [ResourceTag]) Source #
An array of ResourceTag objects.
policy_policyUpdateToken :: Lens' Policy (Maybe Text) Source #
A unique identifier for each update to the policy. When issuing a
PutPolicy request, the PolicyUpdateToken in the request must match
the PolicyUpdateToken of the current policy version. To get the
PolicyUpdateToken of the current policy version, use a GetPolicy
request.
policy_deleteUnusedFMManagedResources :: Lens' Policy (Maybe Bool) Source #
Indicates whether Firewall Manager should delete Firewall Manager managed resources, such as web ACLs and security groups, when they are not in use by the Firewall Manager policy. By default, Firewall Manager doesn't delete unused Firewall Manager managed resources. This option is not available for Shield Advanced or WAF Classic policies.
policy_excludeMap :: Lens' Policy (Maybe (HashMap CustomerPolicyScopeIdType [Text])) Source #
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap, Firewall Manager applies the policy to all accounts
specified by the IncludeMap, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}. - Specify OUs by setting the key to
ORG_UNIT. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
policy_includeMap :: Lens' Policy (Maybe (HashMap CustomerPolicyScopeIdType [Text])) Source #
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify
an IncludeMap, Firewall Manager applies the policy to all accounts
specified by the IncludeMap, and does not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap, then Firewall
Manager applies the policy to all accounts except for those specified by
the ExcludeMap.
You can specify account IDs, OUs, or a combination:
- Specify account IDs by setting the key to
ACCOUNT. For example, the following is a valid map:{“ACCOUNT” : [“accountID1”, “accountID2”]}. - Specify OUs by setting the key to
ORG_UNIT. For example, the following is a valid map:{“ORG_UNIT” : [“ouid111”, “ouid112”]}. - Specify accounts and OUs together in a single map, separated with a
comma. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
policy_securityServicePolicyData :: Lens' Policy SecurityServicePolicyData Source #
Details about the security service that is being used to protect the resources.
policy_resourceType :: Lens' Policy Text Source #
The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
To apply this policy to multiple resource types, specify a resource type
of ResourceTypeList and then specify the resource types in a
ResourceTypeList.
For WAF and Shield Advanced, example resource types include
AWS::ElasticLoadBalancingV2::LoadBalancer and
AWS::CloudFront::Distribution. For a security group common policy,
valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and
AWS::EC2::Instance. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC.
policy_excludeResourceTags :: Lens' Policy Bool Source #
If set to True, resources with the tags that are specified in the
ResourceTag array are not in scope of the policy. If set to False,
and the ResourceTag array is not null, only resources with the
specified tags are in scope of the policy.
policy_remediationEnabled :: Lens' Policy Bool Source #
Indicates if the policy should be automatically applied to new resources.
PolicyComplianceDetail
data PolicyComplianceDetail Source #
Describes the noncompliant resources in a member account for a specific
Firewall Manager policy. A maximum of 100 entries are displayed. If more
than 100 resources are noncompliant, EvaluationLimitExceeded is set to
True.
See: newPolicyComplianceDetail smart constructor.
Constructors
| PolicyComplianceDetail' | |
Fields
| |
Instances
newPolicyComplianceDetail :: PolicyComplianceDetail Source #
Create a value of PolicyComplianceDetail with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:expiredAt:PolicyComplianceDetail', policyComplianceDetail_expiredAt - A timestamp that indicates when the returned information should be
considered out of date.
$sel:policyId:PolicyComplianceDetail', policyComplianceDetail_policyId - The ID of the Firewall Manager policy.
$sel:violators:PolicyComplianceDetail', policyComplianceDetail_violators - An array of resources that aren't protected by the WAF or Shield
Advanced policy or that aren't in compliance with the security group
policy.
$sel:evaluationLimitExceeded:PolicyComplianceDetail', policyComplianceDetail_evaluationLimitExceeded - Indicates if over 100 resources are noncompliant with the Firewall
Manager policy.
$sel:issueInfoMap:PolicyComplianceDetail', policyComplianceDetail_issueInfoMap - Details about problems with dependent services, such as WAF or Config,
and the error message received that indicates the problem with the
service.
$sel:policyOwner:PolicyComplianceDetail', policyComplianceDetail_policyOwner - The Amazon Web Services account that created the Firewall Manager
policy.
$sel:memberAccount:PolicyComplianceDetail', policyComplianceDetail_memberAccount - The Amazon Web Services account ID.
policyComplianceDetail_expiredAt :: Lens' PolicyComplianceDetail (Maybe UTCTime) Source #
A timestamp that indicates when the returned information should be considered out of date.
policyComplianceDetail_policyId :: Lens' PolicyComplianceDetail (Maybe Text) Source #
The ID of the Firewall Manager policy.
policyComplianceDetail_violators :: Lens' PolicyComplianceDetail (Maybe [ComplianceViolator]) Source #
An array of resources that aren't protected by the WAF or Shield Advanced policy or that aren't in compliance with the security group policy.
policyComplianceDetail_evaluationLimitExceeded :: Lens' PolicyComplianceDetail (Maybe Bool) Source #
Indicates if over 100 resources are noncompliant with the Firewall Manager policy.
policyComplianceDetail_issueInfoMap :: Lens' PolicyComplianceDetail (Maybe (HashMap DependentServiceName Text)) Source #
Details about problems with dependent services, such as WAF or Config, and the error message received that indicates the problem with the service.
policyComplianceDetail_policyOwner :: Lens' PolicyComplianceDetail (Maybe Text) Source #
The Amazon Web Services account that created the Firewall Manager policy.
policyComplianceDetail_memberAccount :: Lens' PolicyComplianceDetail (Maybe Text) Source #
The Amazon Web Services account ID.
PolicyComplianceStatus
data PolicyComplianceStatus Source #
Indicates whether the account is compliant with the specified policy. An account is considered noncompliant if it includes resources that are not protected by the policy, for WAF and Shield Advanced policies, or that are noncompliant with the policy, for security group policies.
See: newPolicyComplianceStatus smart constructor.
Constructors
| PolicyComplianceStatus' | |
Fields
| |
Instances
newPolicyComplianceStatus :: PolicyComplianceStatus Source #
Create a value of PolicyComplianceStatus with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:evaluationResults:PolicyComplianceStatus', policyComplianceStatus_evaluationResults - An array of EvaluationResult objects.
$sel:lastUpdated:PolicyComplianceStatus', policyComplianceStatus_lastUpdated - Timestamp of the last update to the EvaluationResult objects.
$sel:policyName:PolicyComplianceStatus', policyComplianceStatus_policyName - The name of the Firewall Manager policy.
$sel:policyId:PolicyComplianceStatus', policyComplianceStatus_policyId - The ID of the Firewall Manager policy.
$sel:issueInfoMap:PolicyComplianceStatus', policyComplianceStatus_issueInfoMap - Details about problems with dependent services, such as WAF or Config,
and the error message received that indicates the problem with the
service.
$sel:policyOwner:PolicyComplianceStatus', policyComplianceStatus_policyOwner - The Amazon Web Services account that created the Firewall Manager
policy.
$sel:memberAccount:PolicyComplianceStatus', policyComplianceStatus_memberAccount - The member account ID.
policyComplianceStatus_evaluationResults :: Lens' PolicyComplianceStatus (Maybe [EvaluationResult]) Source #
An array of EvaluationResult objects.
policyComplianceStatus_lastUpdated :: Lens' PolicyComplianceStatus (Maybe UTCTime) Source #
Timestamp of the last update to the EvaluationResult objects.
policyComplianceStatus_policyName :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The name of the Firewall Manager policy.
policyComplianceStatus_policyId :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The ID of the Firewall Manager policy.
policyComplianceStatus_issueInfoMap :: Lens' PolicyComplianceStatus (Maybe (HashMap DependentServiceName Text)) Source #
Details about problems with dependent services, such as WAF or Config, and the error message received that indicates the problem with the service.
policyComplianceStatus_policyOwner :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The Amazon Web Services account that created the Firewall Manager policy.
policyComplianceStatus_memberAccount :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The member account ID.
PolicySummary
data PolicySummary Source #
Details of the Firewall Manager policy.
See: newPolicySummary smart constructor.
Constructors
| PolicySummary' | |
Fields
| |
Instances
newPolicySummary :: PolicySummary Source #
Create a value of PolicySummary with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:policyName:PolicySummary', policySummary_policyName - The name of the specified policy.
$sel:remediationEnabled:PolicySummary', policySummary_remediationEnabled - Indicates if the policy should be automatically applied to new
resources.
$sel:resourceType:PolicySummary', policySummary_resourceType - The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
For WAF and Shield Advanced, examples include
AWS::ElasticLoadBalancingV2::LoadBalancer and
AWS::CloudFront::Distribution. For a security group common policy,
valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and
AWS::EC2::Instance. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC.
$sel:policyId:PolicySummary', policySummary_policyId - The ID of the specified policy.
$sel:deleteUnusedFMManagedResources:PolicySummary', policySummary_deleteUnusedFMManagedResources - Indicates whether Firewall Manager should delete Firewall Manager
managed resources, such as web ACLs and security groups, when they are
not in use by the Firewall Manager policy. By default, Firewall Manager
doesn't delete unused Firewall Manager managed resources. This option
is not available for Shield Advanced or WAF Classic policies.
$sel:policyArn:PolicySummary', policySummary_policyArn - The Amazon Resource Name (ARN) of the specified policy.
$sel:securityServiceType:PolicySummary', policySummary_securityServiceType - The service that the policy is using to protect the resources. This
specifies the type of policy that is created, either an WAF policy, a
Shield Advanced policy, or a security group policy.
policySummary_policyName :: Lens' PolicySummary (Maybe Text) Source #
The name of the specified policy.
policySummary_remediationEnabled :: Lens' PolicySummary (Maybe Bool) Source #
Indicates if the policy should be automatically applied to new resources.
policySummary_resourceType :: Lens' PolicySummary (Maybe Text) Source #
The type of resource protected by or in scope of the policy. This is in
the format shown in the
Amazon Web Services Resource Types Reference.
For WAF and Shield Advanced, examples include
AWS::ElasticLoadBalancingV2::LoadBalancer and
AWS::CloudFront::Distribution. For a security group common policy,
valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance.
For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and
AWS::EC2::Instance. For a security group usage audit policy, the value
is AWS::EC2::SecurityGroup. For an Network Firewall policy or DNS
Firewall policy, the value is AWS::EC2::VPC.
policySummary_policyId :: Lens' PolicySummary (Maybe Text) Source #
The ID of the specified policy.
policySummary_deleteUnusedFMManagedResources :: Lens' PolicySummary (Maybe Bool) Source #
Indicates whether Firewall Manager should delete Firewall Manager managed resources, such as web ACLs and security groups, when they are not in use by the Firewall Manager policy. By default, Firewall Manager doesn't delete unused Firewall Manager managed resources. This option is not available for Shield Advanced or WAF Classic policies.
policySummary_policyArn :: Lens' PolicySummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the specified policy.
policySummary_securityServiceType :: Lens' PolicySummary (Maybe SecurityServiceType) Source #
The service that the policy is using to protect the resources. This specifies the type of policy that is created, either an WAF policy, a Shield Advanced policy, or a security group policy.
PossibleRemediationAction
data PossibleRemediationAction Source #
A list of remediation actions.
See: newPossibleRemediationAction smart constructor.
Constructors
| PossibleRemediationAction' | |
Fields
| |
Instances
newPossibleRemediationAction :: PossibleRemediationAction Source #
Create a value of PossibleRemediationAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:isDefaultAction:PossibleRemediationAction', possibleRemediationAction_isDefaultAction - Information about whether an action is taken by default.
$sel:description:PossibleRemediationAction', possibleRemediationAction_description - A description of the list of remediation actions.
$sel:orderedRemediationActions:PossibleRemediationAction', possibleRemediationAction_orderedRemediationActions - The ordered list of remediation actions.
possibleRemediationAction_isDefaultAction :: Lens' PossibleRemediationAction (Maybe Bool) Source #
Information about whether an action is taken by default.
possibleRemediationAction_description :: Lens' PossibleRemediationAction (Maybe Text) Source #
A description of the list of remediation actions.
possibleRemediationAction_orderedRemediationActions :: Lens' PossibleRemediationAction [RemediationActionWithOrder] Source #
The ordered list of remediation actions.
PossibleRemediationActions
data PossibleRemediationActions Source #
A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.
See: newPossibleRemediationActions smart constructor.
Constructors
| PossibleRemediationActions' | |
Fields
| |
Instances
newPossibleRemediationActions :: PossibleRemediationActions Source #
Create a value of PossibleRemediationActions with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actions:PossibleRemediationActions', possibleRemediationActions_actions - Information about the actions.
$sel:description:PossibleRemediationActions', possibleRemediationActions_description - A description of the possible remediation actions list.
possibleRemediationActions_actions :: Lens' PossibleRemediationActions (Maybe [PossibleRemediationAction]) Source #
Information about the actions.
possibleRemediationActions_description :: Lens' PossibleRemediationActions (Maybe Text) Source #
A description of the possible remediation actions list.
ProtocolsListData
data ProtocolsListData Source #
An Firewall Manager protocols list.
See: newProtocolsListData smart constructor.
Constructors
| ProtocolsListData' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> ProtocolsListData |
Create a value of ProtocolsListData with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:listUpdateToken:ProtocolsListData', protocolsListData_listUpdateToken - A unique identifier for each update to the list. When you update the
list, the update token must match the token of the current version of
the application list. You can retrieve the update token by getting the
list.
$sel:listId:ProtocolsListData', protocolsListData_listId - The ID of the Firewall Manager protocols list.
$sel:lastUpdateTime:ProtocolsListData', protocolsListData_lastUpdateTime - The time that the Firewall Manager protocols list was last updated.
$sel:previousProtocolsList:ProtocolsListData', protocolsListData_previousProtocolsList - A map of previous version numbers to their corresponding protocol
arrays.
$sel:createTime:ProtocolsListData', protocolsListData_createTime - The time that the Firewall Manager protocols list was created.
$sel:listName:ProtocolsListData', protocolsListData_listName - The name of the Firewall Manager protocols list.
$sel:protocolsList:ProtocolsListData', protocolsListData_protocolsList - An array of protocols in the Firewall Manager protocols list.
protocolsListData_listUpdateToken :: Lens' ProtocolsListData (Maybe Text) Source #
A unique identifier for each update to the list. When you update the list, the update token must match the token of the current version of the application list. You can retrieve the update token by getting the list.
protocolsListData_listId :: Lens' ProtocolsListData (Maybe Text) Source #
The ID of the Firewall Manager protocols list.
protocolsListData_lastUpdateTime :: Lens' ProtocolsListData (Maybe UTCTime) Source #
The time that the Firewall Manager protocols list was last updated.
protocolsListData_previousProtocolsList :: Lens' ProtocolsListData (Maybe (HashMap Text [Text])) Source #
A map of previous version numbers to their corresponding protocol arrays.
protocolsListData_createTime :: Lens' ProtocolsListData (Maybe UTCTime) Source #
The time that the Firewall Manager protocols list was created.
protocolsListData_listName :: Lens' ProtocolsListData Text Source #
The name of the Firewall Manager protocols list.
protocolsListData_protocolsList :: Lens' ProtocolsListData [Text] Source #
An array of protocols in the Firewall Manager protocols list.
ProtocolsListDataSummary
data ProtocolsListDataSummary Source #
Details of the Firewall Manager protocols list.
See: newProtocolsListDataSummary smart constructor.
Constructors
| ProtocolsListDataSummary' | |
Fields | |
Instances
newProtocolsListDataSummary :: ProtocolsListDataSummary Source #
Create a value of ProtocolsListDataSummary with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:protocolsList:ProtocolsListDataSummary', protocolsListDataSummary_protocolsList - An array of protocols in the Firewall Manager protocols list.
$sel:listArn:ProtocolsListDataSummary', protocolsListDataSummary_listArn - The Amazon Resource Name (ARN) of the specified protocols list.
$sel:listId:ProtocolsListDataSummary', protocolsListDataSummary_listId - The ID of the specified protocols list.
$sel:listName:ProtocolsListDataSummary', protocolsListDataSummary_listName - The name of the specified protocols list.
protocolsListDataSummary_protocolsList :: Lens' ProtocolsListDataSummary (Maybe [Text]) Source #
An array of protocols in the Firewall Manager protocols list.
protocolsListDataSummary_listArn :: Lens' ProtocolsListDataSummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the specified protocols list.
protocolsListDataSummary_listId :: Lens' ProtocolsListDataSummary (Maybe Text) Source #
The ID of the specified protocols list.
protocolsListDataSummary_listName :: Lens' ProtocolsListDataSummary (Maybe Text) Source #
The name of the specified protocols list.
RemediationAction
data RemediationAction Source #
Information about an individual action you can take to remediate a violation.
See: newRemediationAction smart constructor.
Constructors
| RemediationAction' | |
Fields
| |
Instances
newRemediationAction :: RemediationAction Source #
Create a value of RemediationAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:eC2CreateRouteAction:RemediationAction', remediationAction_eC2CreateRouteAction - Information about the CreateRoute action in the Amazon EC2 API.
$sel:eC2CopyRouteTableAction:RemediationAction', remediationAction_eC2CopyRouteTableAction - Information about the CopyRouteTable action in the Amazon EC2 API.
$sel:eC2ReplaceRouteTableAssociationAction:RemediationAction', remediationAction_eC2ReplaceRouteTableAssociationAction - Information about the ReplaceRouteTableAssociation action in the Amazon
EC2 API.
$sel:eC2AssociateRouteTableAction:RemediationAction', remediationAction_eC2AssociateRouteTableAction - Information about the AssociateRouteTable action in the Amazon EC2 API.
$sel:eC2ReplaceRouteAction:RemediationAction', remediationAction_eC2ReplaceRouteAction - Information about the ReplaceRoute action in the Amazon EC2 API.
$sel:eC2DeleteRouteAction:RemediationAction', remediationAction_eC2DeleteRouteAction - Information about the DeleteRoute action in the Amazon EC2 API.
$sel:description:RemediationAction', remediationAction_description - A description of a remediation action.
$sel:eC2CreateRouteTableAction:RemediationAction', remediationAction_eC2CreateRouteTableAction - Information about the CreateRouteTable action in the Amazon EC2 API.
remediationAction_eC2CreateRouteAction :: Lens' RemediationAction (Maybe EC2CreateRouteAction) Source #
Information about the CreateRoute action in the Amazon EC2 API.
remediationAction_eC2CopyRouteTableAction :: Lens' RemediationAction (Maybe EC2CopyRouteTableAction) Source #
Information about the CopyRouteTable action in the Amazon EC2 API.
remediationAction_eC2ReplaceRouteTableAssociationAction :: Lens' RemediationAction (Maybe EC2ReplaceRouteTableAssociationAction) Source #
Information about the ReplaceRouteTableAssociation action in the Amazon EC2 API.
remediationAction_eC2AssociateRouteTableAction :: Lens' RemediationAction (Maybe EC2AssociateRouteTableAction) Source #
Information about the AssociateRouteTable action in the Amazon EC2 API.
remediationAction_eC2ReplaceRouteAction :: Lens' RemediationAction (Maybe EC2ReplaceRouteAction) Source #
Information about the ReplaceRoute action in the Amazon EC2 API.
remediationAction_eC2DeleteRouteAction :: Lens' RemediationAction (Maybe EC2DeleteRouteAction) Source #
Information about the DeleteRoute action in the Amazon EC2 API.
remediationAction_description :: Lens' RemediationAction (Maybe Text) Source #
A description of a remediation action.
remediationAction_eC2CreateRouteTableAction :: Lens' RemediationAction (Maybe EC2CreateRouteTableAction) Source #
Information about the CreateRouteTable action in the Amazon EC2 API.
RemediationActionWithOrder
data RemediationActionWithOrder Source #
An ordered list of actions you can take to remediate a violation.
See: newRemediationActionWithOrder smart constructor.
Constructors
| RemediationActionWithOrder' | |
Fields
| |
Instances
newRemediationActionWithOrder :: RemediationActionWithOrder Source #
Create a value of RemediationActionWithOrder with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:remediationAction:RemediationActionWithOrder', remediationActionWithOrder_remediationAction - Information about an action you can take to remediate a violation.
$sel:order:RemediationActionWithOrder', remediationActionWithOrder_order - The order of the remediation actions in the list.
remediationActionWithOrder_remediationAction :: Lens' RemediationActionWithOrder (Maybe RemediationAction) Source #
Information about an action you can take to remediate a violation.
remediationActionWithOrder_order :: Lens' RemediationActionWithOrder (Maybe Int) Source #
The order of the remediation actions in the list.
ResourceTag
data ResourceTag Source #
The resource tags that Firewall Manager uses to determine if a particular resource should be included or excluded from the Firewall Manager policy. Tags enable you to categorize your Amazon Web Services resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value. Firewall Manager combines the tags with "AND" so that, if you add more than one tag to a policy scope, a resource must have all the specified tags to be included or excluded. For more information, see Working with Tag Editor.
See: newResourceTag smart constructor.
Constructors
| ResourceTag' | |
Instances
Arguments
| :: Text | |
| -> ResourceTag |
Create a value of ResourceTag with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:value:ResourceTag', resourceTag_value - The resource tag value.
$sel:key:ResourceTag', resourceTag_key - The resource tag key.
resourceTag_value :: Lens' ResourceTag (Maybe Text) Source #
The resource tag value.
resourceTag_key :: Lens' ResourceTag Text Source #
The resource tag key.
ResourceViolation
data ResourceViolation Source #
Violation detail based on resource type.
See: newResourceViolation smart constructor.
Constructors
| ResourceViolation' | |
Fields
| |
Instances
newResourceViolation :: ResourceViolation Source #
Create a value of ResourceViolation with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:possibleRemediationActions:ResourceViolation', resourceViolation_possibleRemediationActions - A list of possible remediation action lists. Each individual possible
remediation action is a list of individual remediation actions.
$sel:networkFirewallBlackHoleRouteDetectedViolation:ResourceViolation', resourceViolation_networkFirewallBlackHoleRouteDetectedViolation - Undocumented member.
$sel:dnsRuleGroupLimitExceededViolation:ResourceViolation', resourceViolation_dnsRuleGroupLimitExceededViolation - Violation detail for a DNS Firewall policy that indicates that the VPC
reached the limit for associated DNS Firewall rule groups. Firewall
Manager tried to associate another rule group with the VPC and failed.
$sel:networkFirewallMissingExpectedRTViolation:ResourceViolation', resourceViolation_networkFirewallMissingExpectedRTViolation - Violation detail for an Network Firewall policy that indicates that a
subnet is not associated with the expected Firewall Manager managed
route table.
$sel:networkFirewallInternetTrafficNotInspectedViolation:ResourceViolation', resourceViolation_networkFirewallInternetTrafficNotInspectedViolation - Violation detail for the subnet for which internet traffic hasn't been
inspected.
$sel:networkFirewallMissingFirewallViolation:ResourceViolation', resourceViolation_networkFirewallMissingFirewallViolation - Violation detail for an Network Firewall policy that indicates that a
subnet has no Firewall Manager managed firewall in its VPC.
$sel:networkFirewallMissingSubnetViolation:ResourceViolation', resourceViolation_networkFirewallMissingSubnetViolation - Violation detail for an Network Firewall policy that indicates that an
Availability Zone is missing the expected Firewall Manager managed
subnet.
$sel:awsEc2InstanceViolation:ResourceViolation', resourceViolation_awsEc2InstanceViolation - Violation detail for an EC2 instance.
$sel:networkFirewallMissingExpectedRoutesViolation:ResourceViolation', resourceViolation_networkFirewallMissingExpectedRoutesViolation - Expected routes are missing from Network Firewall.
$sel:dnsRuleGroupPriorityConflictViolation:ResourceViolation', resourceViolation_dnsRuleGroupPriorityConflictViolation - Violation detail for a DNS Firewall policy that indicates that a rule
group that Firewall Manager tried to associate with a VPC has the same
priority as a rule group that's already associated.
$sel:awsVPCSecurityGroupViolation:ResourceViolation', resourceViolation_awsVPCSecurityGroupViolation - Violation detail for security groups.
$sel:networkFirewallPolicyModifiedViolation:ResourceViolation', resourceViolation_networkFirewallPolicyModifiedViolation - Violation detail for an Network Firewall policy that indicates that a
firewall policy in an individual account has been modified in a way that
makes it noncompliant. For example, the individual account owner might
have deleted a rule group, changed the priority of a stateless rule
group, or changed a policy default action.
$sel:networkFirewallUnexpectedFirewallRoutesViolation:ResourceViolation', resourceViolation_networkFirewallUnexpectedFirewallRoutesViolation - There's an unexpected firewall route.
$sel:awsEc2NetworkInterfaceViolation:ResourceViolation', resourceViolation_awsEc2NetworkInterfaceViolation - Violation detail for a network interface.
$sel:networkFirewallUnexpectedGatewayRoutesViolation:ResourceViolation', resourceViolation_networkFirewallUnexpectedGatewayRoutesViolation - There's an unexpected gateway route.
$sel:dnsDuplicateRuleGroupViolation:ResourceViolation', resourceViolation_dnsDuplicateRuleGroupViolation - Violation detail for a DNS Firewall policy that indicates that a rule
group that Firewall Manager tried to associate with a VPC is already
associated with the VPC and can't be associated again.
$sel:networkFirewallInvalidRouteConfigurationViolation:ResourceViolation', resourceViolation_networkFirewallInvalidRouteConfigurationViolation - The route configuration is invalid.
resourceViolation_possibleRemediationActions :: Lens' ResourceViolation (Maybe PossibleRemediationActions) Source #
A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.
resourceViolation_networkFirewallBlackHoleRouteDetectedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallBlackHoleRouteDetectedViolation) Source #
Undocumented member.
resourceViolation_dnsRuleGroupLimitExceededViolation :: Lens' ResourceViolation (Maybe DnsRuleGroupLimitExceededViolation) Source #
Violation detail for a DNS Firewall policy that indicates that the VPC reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed.
resourceViolation_networkFirewallMissingExpectedRTViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingExpectedRTViolation) Source #
Violation detail for an Network Firewall policy that indicates that a subnet is not associated with the expected Firewall Manager managed route table.
resourceViolation_networkFirewallInternetTrafficNotInspectedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallInternetTrafficNotInspectedViolation) Source #
Violation detail for the subnet for which internet traffic hasn't been inspected.
resourceViolation_networkFirewallMissingFirewallViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingFirewallViolation) Source #
Violation detail for an Network Firewall policy that indicates that a subnet has no Firewall Manager managed firewall in its VPC.
resourceViolation_networkFirewallMissingSubnetViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingSubnetViolation) Source #
Violation detail for an Network Firewall policy that indicates that an Availability Zone is missing the expected Firewall Manager managed subnet.
resourceViolation_awsEc2InstanceViolation :: Lens' ResourceViolation (Maybe AwsEc2InstanceViolation) Source #
Violation detail for an EC2 instance.
resourceViolation_networkFirewallMissingExpectedRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallMissingExpectedRoutesViolation) Source #
Expected routes are missing from Network Firewall.
resourceViolation_dnsRuleGroupPriorityConflictViolation :: Lens' ResourceViolation (Maybe DnsRuleGroupPriorityConflictViolation) Source #
Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.
resourceViolation_awsVPCSecurityGroupViolation :: Lens' ResourceViolation (Maybe AwsVPCSecurityGroupViolation) Source #
Violation detail for security groups.
resourceViolation_networkFirewallPolicyModifiedViolation :: Lens' ResourceViolation (Maybe NetworkFirewallPolicyModifiedViolation) Source #
Violation detail for an Network Firewall policy that indicates that a firewall policy in an individual account has been modified in a way that makes it noncompliant. For example, the individual account owner might have deleted a rule group, changed the priority of a stateless rule group, or changed a policy default action.
resourceViolation_networkFirewallUnexpectedFirewallRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallUnexpectedFirewallRoutesViolation) Source #
There's an unexpected firewall route.
resourceViolation_awsEc2NetworkInterfaceViolation :: Lens' ResourceViolation (Maybe AwsEc2NetworkInterfaceViolation) Source #
Violation detail for a network interface.
resourceViolation_networkFirewallUnexpectedGatewayRoutesViolation :: Lens' ResourceViolation (Maybe NetworkFirewallUnexpectedGatewayRoutesViolation) Source #
There's an unexpected gateway route.
resourceViolation_dnsDuplicateRuleGroupViolation :: Lens' ResourceViolation (Maybe DnsDuplicateRuleGroupViolation) Source #
Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.
resourceViolation_networkFirewallInvalidRouteConfigurationViolation :: Lens' ResourceViolation (Maybe NetworkFirewallInvalidRouteConfigurationViolation) Source #
The route configuration is invalid.
Route
Describes a route in a route table.
See: newRoute smart constructor.
Constructors
| Route' | |
Fields
| |
Instances
| Eq Route Source # | |
| Read Route Source # | |
| Show Route Source # | |
| Generic Route Source # | |
| NFData Route Source # | |
Defined in Amazonka.FMS.Types.Route | |
| Hashable Route Source # | |
Defined in Amazonka.FMS.Types.Route | |
| FromJSON Route Source # | |
| type Rep Route Source # | |
Defined in Amazonka.FMS.Types.Route type Rep Route = D1 ('MetaData "Route" "Amazonka.FMS.Types.Route" "libZSservicesZSamazonka-fmsZSamazonka-fms" 'False) (C1 ('MetaCons "Route'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "destination") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "targetType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe TargetType))) :*: (S1 ('MetaSel ('Just "destinationType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe DestinationType)) :*: S1 ('MetaSel ('Just "target") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))))) | |
Create a value of Route with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:destination:Route', route_destination - The destination of the route.
$sel:targetType:Route', route_targetType - The type of target for the route.
$sel:destinationType:Route', route_destinationType - The type of destination for the route.
$sel:target:Route', route_target - The route's target.
route_targetType :: Lens' Route (Maybe TargetType) Source #
The type of target for the route.
route_destinationType :: Lens' Route (Maybe DestinationType) Source #
The type of destination for the route.
SecurityGroupRemediationAction
data SecurityGroupRemediationAction Source #
Remediation option for the rule specified in the ViolationTarget.
See: newSecurityGroupRemediationAction smart constructor.
Constructors
| SecurityGroupRemediationAction' | |
Fields
| |
Instances
newSecurityGroupRemediationAction :: SecurityGroupRemediationAction Source #
Create a value of SecurityGroupRemediationAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:isDefaultAction:SecurityGroupRemediationAction', securityGroupRemediationAction_isDefaultAction - Indicates if the current action is the default action.
$sel:remediationResult:SecurityGroupRemediationAction', securityGroupRemediationAction_remediationResult - The final state of the rule specified in the ViolationTarget after it
is remediated.
$sel:description:SecurityGroupRemediationAction', securityGroupRemediationAction_description - Brief description of the action that will be performed.
$sel:remediationActionType:SecurityGroupRemediationAction', securityGroupRemediationAction_remediationActionType - The remediation action that will be performed.
securityGroupRemediationAction_isDefaultAction :: Lens' SecurityGroupRemediationAction (Maybe Bool) Source #
Indicates if the current action is the default action.
securityGroupRemediationAction_remediationResult :: Lens' SecurityGroupRemediationAction (Maybe SecurityGroupRuleDescription) Source #
The final state of the rule specified in the ViolationTarget after it
is remediated.
securityGroupRemediationAction_description :: Lens' SecurityGroupRemediationAction (Maybe Text) Source #
Brief description of the action that will be performed.
securityGroupRemediationAction_remediationActionType :: Lens' SecurityGroupRemediationAction (Maybe RemediationActionType) Source #
The remediation action that will be performed.
SecurityGroupRuleDescription
data SecurityGroupRuleDescription Source #
Describes a set of permissions for a security group rule.
See: newSecurityGroupRuleDescription smart constructor.
Constructors
| SecurityGroupRuleDescription' | |
Fields
| |
Instances
newSecurityGroupRuleDescription :: SecurityGroupRuleDescription Source #
Create a value of SecurityGroupRuleDescription with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:fromPort:SecurityGroupRuleDescription', securityGroupRuleDescription_fromPort - The start of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6
types.
$sel:protocol:SecurityGroupRuleDescription', securityGroupRuleDescription_protocol - The IP protocol name (tcp, udp, icmp, icmpv6) or number.
$sel:iPV4Range:SecurityGroupRuleDescription', securityGroupRuleDescription_iPV4Range - The IPv4 ranges for the security group rule.
$sel:prefixListId:SecurityGroupRuleDescription', securityGroupRuleDescription_prefixListId - The ID of the prefix list for the security group rule.
$sel:toPort:SecurityGroupRuleDescription', securityGroupRuleDescription_toPort - The end of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes.
$sel:iPV6Range:SecurityGroupRuleDescription', securityGroupRuleDescription_iPV6Range - The IPv6 ranges for the security group rule.
securityGroupRuleDescription_fromPort :: Lens' SecurityGroupRuleDescription (Maybe Natural) Source #
The start of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6
types.
securityGroupRuleDescription_protocol :: Lens' SecurityGroupRuleDescription (Maybe Text) Source #
The IP protocol name (tcp, udp, icmp, icmpv6) or number.
securityGroupRuleDescription_iPV4Range :: Lens' SecurityGroupRuleDescription (Maybe Text) Source #
The IPv4 ranges for the security group rule.
securityGroupRuleDescription_prefixListId :: Lens' SecurityGroupRuleDescription (Maybe Text) Source #
The ID of the prefix list for the security group rule.
securityGroupRuleDescription_toPort :: Lens' SecurityGroupRuleDescription (Maybe Natural) Source #
The end of the port range for the TCP and UDP protocols, or an
ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes.
securityGroupRuleDescription_iPV6Range :: Lens' SecurityGroupRuleDescription (Maybe Text) Source #
The IPv6 ranges for the security group rule.
SecurityServicePolicyData
data SecurityServicePolicyData Source #
Details about the security service that is being used to protect the resources.
See: newSecurityServicePolicyData smart constructor.
Constructors
| SecurityServicePolicyData' | |
Fields
| |
Instances
newSecurityServicePolicyData Source #
Create a value of SecurityServicePolicyData with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:managedServiceData:SecurityServicePolicyData', securityServicePolicyData_managedServiceData - Details about the service that are specific to the service type, in JSON
format. For service type SHIELD_ADVANCED, this is an empty string.
Example:
DNS_FIREWALL"{\"type\":\"DNS_FIREWALL\",\"preProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-1\",\"priority\":10}],\"postProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-2\",\"priority\":9911}]}"Valid values for
preProcessRuleGroupsare between 1 and 99. Valid values forpostProcessRuleGroupsare between 9901 and 10000.Example:
NETWORK_FIREWALL"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2\",\"priority\":10}],\"networkFirewallStatelessDefaultActions\":[\"aws:pass\",\"custom1\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"custom2\",\"aws:pass\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"custom1\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"dimension1\"}]}}},{\"actionName\":\"custom2\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"dimension2\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":true,\"allowedIPV4CidrList\":[\"10.24.34.0/28\"]} }"Example:
WAFV2"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAmazonIpReputationList\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"In the
loggingConfiguration, you can specify onelogDestinationConfigs, you can optionally provide up to 20redactedFields, and theRedactedFieldTypemust be one ofURI,QUERY_STRING,HEADER, orMETHOD.Example:
WAF Classic"{\"type\": \"WAF\", \"ruleGroups\": [{\"id\":\"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}"Example:
SECURITY_GROUPS_COMMON"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns
"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":true,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"Example:
SECURITY_GROUPS_CONTENT_AUDIT"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"The security group action for content audit can be
ALLOWorDENY. ForALLOW, all in-scope security group rules must be within the allowed range of the policy's security group rules. ForDENY, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.Example:
SECURITY_GROUPS_USAGE_AUDIT"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"
$sel:type':SecurityServicePolicyData', securityServicePolicyData_type - The service that the policy is using to protect the resources. This
specifies the type of policy that is created, either an WAF policy, a
Shield Advanced policy, or a security group policy. For security group
policies, Firewall Manager supports one security group for each common
policy and for each content audit policy. This is an adjustable limit
that you can increase by contacting Amazon Web Services Support.
securityServicePolicyData_managedServiceData :: Lens' SecurityServicePolicyData (Maybe Text) Source #
Details about the service that are specific to the service type, in JSON
format. For service type SHIELD_ADVANCED, this is an empty string.
Example:
DNS_FIREWALL"{\"type\":\"DNS_FIREWALL\",\"preProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-1\",\"priority\":10}],\"postProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-2\",\"priority\":9911}]}"Valid values for
preProcessRuleGroupsare between 1 and 99. Valid values forpostProcessRuleGroupsare between 9901 and 10000.Example:
NETWORK_FIREWALL"{\"type\":\"NETWORK_FIREWALL\",\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2\",\"priority\":10}],\"networkFirewallStatelessDefaultActions\":[\"aws:pass\",\"custom1\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"custom2\",\"aws:pass\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"custom1\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"dimension1\"}]}}},{\"actionName\":\"custom2\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"dimension2\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1\"}],\"networkFirewallOrchestrationConfig\":{\"singleFirewallEndpointPerVPC\":true,\"allowedIPV4CidrList\":[\"10.24.34.0/28\"]} }"Example:
WAFV2"{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"version\":null,\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesAmazonIpReputationList\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}"In the
loggingConfiguration, you can specify onelogDestinationConfigs, you can optionally provide up to 20redactedFields, and theRedactedFieldTypemust be one ofURI,QUERY_STRING,HEADER, orMETHOD.Example:
WAF Classic"{\"type\": \"WAF\", \"ruleGroups\": [{\"id\":\"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}"Example:
SECURITY_GROUPS_COMMON"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns
"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, \"applyToAllEC2InstanceENIs\":false,\"includeSharedVPC\":true,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}"Example:
SECURITY_GROUPS_CONTENT_AUDIT"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\"sg-000e55995d61a06bd\"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"The security group action for content audit can be
ALLOWorDENY. ForALLOW, all in-scope security group rules must be within the allowed range of the policy's security group rules. ForDENY, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.Example:
SECURITY_GROUPS_USAGE_AUDIT"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"
securityServicePolicyData_type :: Lens' SecurityServicePolicyData SecurityServiceType Source #
The service that the policy is using to protect the resources. This specifies the type of policy that is created, either an WAF policy, a Shield Advanced policy, or a security group policy. For security group policies, Firewall Manager supports one security group for each common policy and for each content audit policy. This is an adjustable limit that you can increase by contacting Amazon Web Services Support.
StatefulRuleGroup
data StatefulRuleGroup Source #
Network Firewall stateful rule group, used in a NetworkFirewallPolicyDescription.
See: newStatefulRuleGroup smart constructor.
Constructors
| StatefulRuleGroup' | |
Fields
| |
Instances
newStatefulRuleGroup :: StatefulRuleGroup Source #
Create a value of StatefulRuleGroup with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceId:StatefulRuleGroup', statefulRuleGroup_resourceId - The resource ID of the rule group.
$sel:ruleGroupName:StatefulRuleGroup', statefulRuleGroup_ruleGroupName - The name of the rule group.
statefulRuleGroup_resourceId :: Lens' StatefulRuleGroup (Maybe Text) Source #
The resource ID of the rule group.
statefulRuleGroup_ruleGroupName :: Lens' StatefulRuleGroup (Maybe Text) Source #
The name of the rule group.
StatelessRuleGroup
data StatelessRuleGroup Source #
Network Firewall stateless rule group, used in a NetworkFirewallPolicyDescription.
See: newStatelessRuleGroup smart constructor.
Constructors
| StatelessRuleGroup' | |
Fields
| |
Instances
newStatelessRuleGroup :: StatelessRuleGroup Source #
Create a value of StatelessRuleGroup with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceId:StatelessRuleGroup', statelessRuleGroup_resourceId - The resource ID of the rule group.
$sel:priority:StatelessRuleGroup', statelessRuleGroup_priority - The priority of the rule group. Network Firewall evaluates the stateless
rule groups in a firewall policy starting from the lowest priority
setting.
$sel:ruleGroupName:StatelessRuleGroup', statelessRuleGroup_ruleGroupName - The name of the rule group.
statelessRuleGroup_resourceId :: Lens' StatelessRuleGroup (Maybe Text) Source #
The resource ID of the rule group.
statelessRuleGroup_priority :: Lens' StatelessRuleGroup (Maybe Natural) Source #
The priority of the rule group. Network Firewall evaluates the stateless rule groups in a firewall policy starting from the lowest priority setting.
statelessRuleGroup_ruleGroupName :: Lens' StatelessRuleGroup (Maybe Text) Source #
The name of the rule group.
Tag
A collection of key:value pairs associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each Amazon Web Services resource.
See: newTag smart constructor.
Constructors
| Tag' | |
Fields
| |
Instances
| Eq Tag Source # | |
| Read Tag Source # | |
| Show Tag Source # | |
| Generic Tag Source # | |
| NFData Tag Source # | |
Defined in Amazonka.FMS.Types.Tag | |
| Hashable Tag Source # | |
Defined in Amazonka.FMS.Types.Tag | |
| ToJSON Tag Source # | |
Defined in Amazonka.FMS.Types.Tag | |
| FromJSON Tag Source # | |
| type Rep Tag Source # | |
Defined in Amazonka.FMS.Types.Tag type Rep Tag = D1 ('MetaData "Tag" "Amazonka.FMS.Types.Tag" "libZSservicesZSamazonka-fmsZSamazonka-fms" 'False) (C1 ('MetaCons "Tag'" 'PrefixI 'True) (S1 ('MetaSel ('Just "key") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "value") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) | |
Create a value of Tag with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:key:Tag', tag_key - Part of the key:value pair that defines a tag. You can use a tag key to
describe a category of information, such as "customer." Tag keys are
case-sensitive.
$sel:value:Tag', tag_value - Part of the key:value pair that defines a tag. You can use a tag value
to describe a specific value within a category, such as "companyA" or
"companyB." Tag values are case-sensitive.
tag_key :: Lens' Tag Text Source #
Part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as "customer." Tag keys are case-sensitive.
tag_value :: Lens' Tag Text Source #
Part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as "companyA" or "companyB." Tag values are case-sensitive.
ViolationDetail
data ViolationDetail Source #
Violations for a resource based on the specified Firewall Manager policy and Amazon Web Services account.
See: newViolationDetail smart constructor.
Constructors
| ViolationDetail' | |
Fields
| |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> Text | |
| -> Text | |
| -> ViolationDetail |
Create a value of ViolationDetail with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceTags:ViolationDetail', violationDetail_resourceTags - The ResourceTag objects associated with the resource.
$sel:resourceDescription:ViolationDetail', violationDetail_resourceDescription - Brief description for the requested resource.
$sel:policyId:ViolationDetail', violationDetail_policyId - The ID of the Firewall Manager policy that the violation details were
requested for.
$sel:memberAccount:ViolationDetail', violationDetail_memberAccount - The Amazon Web Services account that the violation details were
requested for.
$sel:resourceId:ViolationDetail', violationDetail_resourceId - The resource ID that the violation details were requested for.
$sel:resourceType:ViolationDetail', violationDetail_resourceType - The resource type that the violation details were requested for.
$sel:resourceViolations:ViolationDetail', violationDetail_resourceViolations - List of violations for the requested resource.
violationDetail_resourceTags :: Lens' ViolationDetail (Maybe [Tag]) Source #
The ResourceTag objects associated with the resource.
violationDetail_resourceDescription :: Lens' ViolationDetail (Maybe Text) Source #
Brief description for the requested resource.
violationDetail_policyId :: Lens' ViolationDetail Text Source #
The ID of the Firewall Manager policy that the violation details were requested for.
violationDetail_memberAccount :: Lens' ViolationDetail Text Source #
The Amazon Web Services account that the violation details were requested for.
violationDetail_resourceId :: Lens' ViolationDetail Text Source #
The resource ID that the violation details were requested for.
violationDetail_resourceType :: Lens' ViolationDetail Text Source #
The resource type that the violation details were requested for.
violationDetail_resourceViolations :: Lens' ViolationDetail [ResourceViolation] Source #
List of violations for the requested resource.