{-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DuplicateRecordFields #-} {-# LANGUAGE NamedFieldPuns #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE StrictData #-} {-# LANGUAGE NoImplicitPrelude #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} {-# OPTIONS_GHC -fno-warn-unused-matches #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Amazonka.FMS.Types.SecurityServicePolicyData -- Copyright : (c) 2013-2021 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com> -- Stability : auto-generated -- Portability : non-portable (GHC extensions) module Amazonka.FMS.Types.SecurityServicePolicyData where import qualified Amazonka.Core as Core import Amazonka.FMS.Types.SecurityServiceType import qualified Amazonka.Lens as Lens import qualified Amazonka.Prelude as Prelude -- | Details about the security service that is being used to protect the -- resources. -- -- /See:/ 'newSecurityServicePolicyData' smart constructor. data SecurityServicePolicyData = SecurityServicePolicyData' { -- | Details about the service that are specific to the service type, in JSON -- format. For service type @SHIELD_ADVANCED@, this is an empty string. -- -- - Example: @DNS_FIREWALL@ -- -- @\"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"@ -- -- Valid values for @preProcessRuleGroups@ are between 1 and 99. Valid -- values for @postProcessRuleGroups@ are between 9901 and 10000. -- -- - Example: @NETWORK_FIREWALL@ -- -- @\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup\/rulegroup2\\\",\\\"priority\\\":10}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:pass\\\",\\\"custom1\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"custom2\\\",\\\"aws:pass\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"custom1\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension1\\\"}]}}},{\\\"actionName\\\":\\\"custom2\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension2\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup\/rulegroup1\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":true,\\\"allowedIPV4CidrList\\\":[\\\"10.24.34.0\/28\\\"]} }\"@ -- -- - Example: @WAFV2@ -- -- @\"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAmazonIpReputationList\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[{\\\"name\\\":\\\"NoUserAgent_HEADER\\\"}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream\/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"@ -- -- In the @loggingConfiguration@, you can specify one -- @logDestinationConfigs@, you can optionally provide up to 20 -- @redactedFields@, and the @RedactedFieldType@ must be one of @URI@, -- @QUERY_STRING@, @HEADER@, or @METHOD@. -- -- - Example: @WAF Classic@ -- -- @\"{\\\"type\\\": \\\"WAF\\\", \\\"ruleGroups\\\": [{\\\"id\\\":\\\"12345678-1bcd-9012-efga-0987654321ab\\\", \\\"overrideAction\\\" : {\\\"type\\\": \\\"COUNT\\\"}}], \\\"defaultAction\\\": {\\\"type\\\": \\\"BLOCK\\\"}}\"@ -- -- - Example: @SECURITY_GROUPS_COMMON@ -- -- @\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"@ -- -- - Example: Shared VPCs. Apply the preceding policy to resources in -- shared VPCs as well as to those in VPCs that the account owns -- -- @\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":true,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"@ -- -- - Example: @SECURITY_GROUPS_CONTENT_AUDIT@ -- -- @\"{\\\"type\\\":\\\"SECURITY_GROUPS_CONTENT_AUDIT\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"securityGroupAction\\\":{\\\"type\\\":\\\"ALLOW\\\"}}\"@ -- -- The security group action for content audit can be @ALLOW@ or -- @DENY@. For @ALLOW@, all in-scope security group rules must be -- within the allowed range of the policy\'s security group rules. For -- @DENY@, all in-scope security group rules must not contain a value -- or a range that matches a rule value or range in the policy security -- group. -- -- - Example: @SECURITY_GROUPS_USAGE_AUDIT@ -- -- @\"{\\\"type\\\":\\\"SECURITY_GROUPS_USAGE_AUDIT\\\",\\\"deleteUnusedSecurityGroups\\\":true,\\\"coalesceRedundantSecurityGroups\\\":true}\"@ SecurityServicePolicyData -> Maybe Text managedServiceData :: Prelude.Maybe Prelude.Text, -- | The service that the policy is using to protect the resources. This -- specifies the type of policy that is created, either an WAF policy, a -- Shield Advanced policy, or a security group policy. For security group -- policies, Firewall Manager supports one security group for each common -- policy and for each content audit policy. This is an adjustable limit -- that you can increase by contacting Amazon Web Services Support. SecurityServicePolicyData -> SecurityServiceType type' :: SecurityServiceType } deriving (SecurityServicePolicyData -> SecurityServicePolicyData -> Bool (SecurityServicePolicyData -> SecurityServicePolicyData -> Bool) -> (SecurityServicePolicyData -> SecurityServicePolicyData -> Bool) -> Eq SecurityServicePolicyData forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a /= :: SecurityServicePolicyData -> SecurityServicePolicyData -> Bool $c/= :: SecurityServicePolicyData -> SecurityServicePolicyData -> Bool == :: SecurityServicePolicyData -> SecurityServicePolicyData -> Bool $c== :: SecurityServicePolicyData -> SecurityServicePolicyData -> Bool Prelude.Eq, ReadPrec [SecurityServicePolicyData] ReadPrec SecurityServicePolicyData Int -> ReadS SecurityServicePolicyData ReadS [SecurityServicePolicyData] (Int -> ReadS SecurityServicePolicyData) -> ReadS [SecurityServicePolicyData] -> ReadPrec SecurityServicePolicyData -> ReadPrec [SecurityServicePolicyData] -> Read SecurityServicePolicyData forall a. (Int -> ReadS a) -> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a readListPrec :: ReadPrec [SecurityServicePolicyData] $creadListPrec :: ReadPrec [SecurityServicePolicyData] readPrec :: ReadPrec SecurityServicePolicyData $creadPrec :: ReadPrec SecurityServicePolicyData readList :: ReadS [SecurityServicePolicyData] $creadList :: ReadS [SecurityServicePolicyData] readsPrec :: Int -> ReadS SecurityServicePolicyData $creadsPrec :: Int -> ReadS SecurityServicePolicyData Prelude.Read, Int -> SecurityServicePolicyData -> ShowS [SecurityServicePolicyData] -> ShowS SecurityServicePolicyData -> String (Int -> SecurityServicePolicyData -> ShowS) -> (SecurityServicePolicyData -> String) -> ([SecurityServicePolicyData] -> ShowS) -> Show SecurityServicePolicyData forall a. (Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a showList :: [SecurityServicePolicyData] -> ShowS $cshowList :: [SecurityServicePolicyData] -> ShowS show :: SecurityServicePolicyData -> String $cshow :: SecurityServicePolicyData -> String showsPrec :: Int -> SecurityServicePolicyData -> ShowS $cshowsPrec :: Int -> SecurityServicePolicyData -> ShowS Prelude.Show, (forall x. SecurityServicePolicyData -> Rep SecurityServicePolicyData x) -> (forall x. Rep SecurityServicePolicyData x -> SecurityServicePolicyData) -> Generic SecurityServicePolicyData forall x. Rep SecurityServicePolicyData x -> SecurityServicePolicyData forall x. SecurityServicePolicyData -> Rep SecurityServicePolicyData x forall a. (forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a $cto :: forall x. Rep SecurityServicePolicyData x -> SecurityServicePolicyData $cfrom :: forall x. SecurityServicePolicyData -> Rep SecurityServicePolicyData x Prelude.Generic) -- | -- Create a value of 'SecurityServicePolicyData' with all optional fields omitted. -- -- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields. -- -- The following record fields are available, with the corresponding lenses provided -- for backwards compatibility: -- -- 'managedServiceData', 'securityServicePolicyData_managedServiceData' - Details about the service that are specific to the service type, in JSON -- format. For service type @SHIELD_ADVANCED@, this is an empty string. -- -- - Example: @DNS_FIREWALL@ -- -- @\"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"@ -- -- Valid values for @preProcessRuleGroups@ are between 1 and 99. Valid -- values for @postProcessRuleGroups@ are between 9901 and 10000. -- -- - Example: @NETWORK_FIREWALL@ -- -- @\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup\/rulegroup2\\\",\\\"priority\\\":10}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:pass\\\",\\\"custom1\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"custom2\\\",\\\"aws:pass\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"custom1\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension1\\\"}]}}},{\\\"actionName\\\":\\\"custom2\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension2\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup\/rulegroup1\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":true,\\\"allowedIPV4CidrList\\\":[\\\"10.24.34.0\/28\\\"]} }\"@ -- -- - Example: @WAFV2@ -- -- @\"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAmazonIpReputationList\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[{\\\"name\\\":\\\"NoUserAgent_HEADER\\\"}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream\/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"@ -- -- In the @loggingConfiguration@, you can specify one -- @logDestinationConfigs@, you can optionally provide up to 20 -- @redactedFields@, and the @RedactedFieldType@ must be one of @URI@, -- @QUERY_STRING@, @HEADER@, or @METHOD@. -- -- - Example: @WAF Classic@ -- -- @\"{\\\"type\\\": \\\"WAF\\\", \\\"ruleGroups\\\": [{\\\"id\\\":\\\"12345678-1bcd-9012-efga-0987654321ab\\\", \\\"overrideAction\\\" : {\\\"type\\\": \\\"COUNT\\\"}}], \\\"defaultAction\\\": {\\\"type\\\": \\\"BLOCK\\\"}}\"@ -- -- - Example: @SECURITY_GROUPS_COMMON@ -- -- @\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"@ -- -- - Example: Shared VPCs. Apply the preceding policy to resources in -- shared VPCs as well as to those in VPCs that the account owns -- -- @\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":true,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"@ -- -- - Example: @SECURITY_GROUPS_CONTENT_AUDIT@ -- -- @\"{\\\"type\\\":\\\"SECURITY_GROUPS_CONTENT_AUDIT\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"securityGroupAction\\\":{\\\"type\\\":\\\"ALLOW\\\"}}\"@ -- -- The security group action for content audit can be @ALLOW@ or -- @DENY@. For @ALLOW@, all in-scope security group rules must be -- within the allowed range of the policy\'s security group rules. For -- @DENY@, all in-scope security group rules must not contain a value -- or a range that matches a rule value or range in the policy security -- group. -- -- - Example: @SECURITY_GROUPS_USAGE_AUDIT@ -- -- @\"{\\\"type\\\":\\\"SECURITY_GROUPS_USAGE_AUDIT\\\",\\\"deleteUnusedSecurityGroups\\\":true,\\\"coalesceRedundantSecurityGroups\\\":true}\"@ -- -- 'type'', 'securityServicePolicyData_type' - The service that the policy is using to protect the resources. This -- specifies the type of policy that is created, either an WAF policy, a -- Shield Advanced policy, or a security group policy. For security group -- policies, Firewall Manager supports one security group for each common -- policy and for each content audit policy. This is an adjustable limit -- that you can increase by contacting Amazon Web Services Support. newSecurityServicePolicyData :: -- | 'type'' SecurityServiceType -> SecurityServicePolicyData newSecurityServicePolicyData :: SecurityServiceType -> SecurityServicePolicyData newSecurityServicePolicyData SecurityServiceType pType_ = SecurityServicePolicyData' :: Maybe Text -> SecurityServiceType -> SecurityServicePolicyData SecurityServicePolicyData' { $sel:managedServiceData:SecurityServicePolicyData' :: Maybe Text managedServiceData = Maybe Text forall a. Maybe a Prelude.Nothing, $sel:type':SecurityServicePolicyData' :: SecurityServiceType type' = SecurityServiceType pType_ } -- | Details about the service that are specific to the service type, in JSON -- format. For service type @SHIELD_ADVANCED@, this is an empty string. -- -- - Example: @DNS_FIREWALL@ -- -- @\"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"@ -- -- Valid values for @preProcessRuleGroups@ are between 1 and 99. Valid -- values for @postProcessRuleGroups@ are between 9901 and 10000. -- -- - Example: @NETWORK_FIREWALL@ -- -- @\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup\/rulegroup2\\\",\\\"priority\\\":10}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:pass\\\",\\\"custom1\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"custom2\\\",\\\"aws:pass\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"custom1\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension1\\\"}]}}},{\\\"actionName\\\":\\\"custom2\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension2\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup\/rulegroup1\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":true,\\\"allowedIPV4CidrList\\\":[\\\"10.24.34.0\/28\\\"]} }\"@ -- -- - Example: @WAFV2@ -- -- @\"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAmazonIpReputationList\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[{\\\"name\\\":\\\"NoUserAgent_HEADER\\\"}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream\/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"@ -- -- In the @loggingConfiguration@, you can specify one -- @logDestinationConfigs@, you can optionally provide up to 20 -- @redactedFields@, and the @RedactedFieldType@ must be one of @URI@, -- @QUERY_STRING@, @HEADER@, or @METHOD@. -- -- - Example: @WAF Classic@ -- -- @\"{\\\"type\\\": \\\"WAF\\\", \\\"ruleGroups\\\": [{\\\"id\\\":\\\"12345678-1bcd-9012-efga-0987654321ab\\\", \\\"overrideAction\\\" : {\\\"type\\\": \\\"COUNT\\\"}}], \\\"defaultAction\\\": {\\\"type\\\": \\\"BLOCK\\\"}}\"@ -- -- - Example: @SECURITY_GROUPS_COMMON@ -- -- @\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"@ -- -- - Example: Shared VPCs. Apply the preceding policy to resources in -- shared VPCs as well as to those in VPCs that the account owns -- -- @\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":true,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"@ -- -- - Example: @SECURITY_GROUPS_CONTENT_AUDIT@ -- -- @\"{\\\"type\\\":\\\"SECURITY_GROUPS_CONTENT_AUDIT\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"securityGroupAction\\\":{\\\"type\\\":\\\"ALLOW\\\"}}\"@ -- -- The security group action for content audit can be @ALLOW@ or -- @DENY@. For @ALLOW@, all in-scope security group rules must be -- within the allowed range of the policy\'s security group rules. For -- @DENY@, all in-scope security group rules must not contain a value -- or a range that matches a rule value or range in the policy security -- group. -- -- - Example: @SECURITY_GROUPS_USAGE_AUDIT@ -- -- @\"{\\\"type\\\":\\\"SECURITY_GROUPS_USAGE_AUDIT\\\",\\\"deleteUnusedSecurityGroups\\\":true,\\\"coalesceRedundantSecurityGroups\\\":true}\"@ securityServicePolicyData_managedServiceData :: Lens.Lens' SecurityServicePolicyData (Prelude.Maybe Prelude.Text) securityServicePolicyData_managedServiceData :: (Maybe Text -> f (Maybe Text)) -> SecurityServicePolicyData -> f SecurityServicePolicyData securityServicePolicyData_managedServiceData = (SecurityServicePolicyData -> Maybe Text) -> (SecurityServicePolicyData -> Maybe Text -> SecurityServicePolicyData) -> Lens SecurityServicePolicyData SecurityServicePolicyData (Maybe Text) (Maybe Text) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\SecurityServicePolicyData' {Maybe Text managedServiceData :: Maybe Text $sel:managedServiceData:SecurityServicePolicyData' :: SecurityServicePolicyData -> Maybe Text managedServiceData} -> Maybe Text managedServiceData) (\s :: SecurityServicePolicyData s@SecurityServicePolicyData' {} Maybe Text a -> SecurityServicePolicyData s {$sel:managedServiceData:SecurityServicePolicyData' :: Maybe Text managedServiceData = Maybe Text a} :: SecurityServicePolicyData) -- | The service that the policy is using to protect the resources. This -- specifies the type of policy that is created, either an WAF policy, a -- Shield Advanced policy, or a security group policy. For security group -- policies, Firewall Manager supports one security group for each common -- policy and for each content audit policy. This is an adjustable limit -- that you can increase by contacting Amazon Web Services Support. securityServicePolicyData_type :: Lens.Lens' SecurityServicePolicyData SecurityServiceType securityServicePolicyData_type :: (SecurityServiceType -> f SecurityServiceType) -> SecurityServicePolicyData -> f SecurityServicePolicyData securityServicePolicyData_type = (SecurityServicePolicyData -> SecurityServiceType) -> (SecurityServicePolicyData -> SecurityServiceType -> SecurityServicePolicyData) -> Lens SecurityServicePolicyData SecurityServicePolicyData SecurityServiceType SecurityServiceType forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\SecurityServicePolicyData' {SecurityServiceType type' :: SecurityServiceType $sel:type':SecurityServicePolicyData' :: SecurityServicePolicyData -> SecurityServiceType type'} -> SecurityServiceType type') (\s :: SecurityServicePolicyData s@SecurityServicePolicyData' {} SecurityServiceType a -> SecurityServicePolicyData s {$sel:type':SecurityServicePolicyData' :: SecurityServiceType type' = SecurityServiceType a} :: SecurityServicePolicyData) instance Core.FromJSON SecurityServicePolicyData where parseJSON :: Value -> Parser SecurityServicePolicyData parseJSON = String -> (Object -> Parser SecurityServicePolicyData) -> Value -> Parser SecurityServicePolicyData forall a. String -> (Object -> Parser a) -> Value -> Parser a Core.withObject String "SecurityServicePolicyData" ( \Object x -> Maybe Text -> SecurityServiceType -> SecurityServicePolicyData SecurityServicePolicyData' (Maybe Text -> SecurityServiceType -> SecurityServicePolicyData) -> Parser (Maybe Text) -> Parser (SecurityServiceType -> SecurityServicePolicyData) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> (Object x Object -> Text -> Parser (Maybe Text) forall a. FromJSON a => Object -> Text -> Parser (Maybe a) Core..:? Text "ManagedServiceData") Parser (SecurityServiceType -> SecurityServicePolicyData) -> Parser SecurityServiceType -> Parser SecurityServicePolicyData forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b Prelude.<*> (Object x Object -> Text -> Parser SecurityServiceType forall a. FromJSON a => Object -> Text -> Parser a Core..: Text "Type") ) instance Prelude.Hashable SecurityServicePolicyData instance Prelude.NFData SecurityServicePolicyData instance Core.ToJSON SecurityServicePolicyData where toJSON :: SecurityServicePolicyData -> Value toJSON SecurityServicePolicyData' {Maybe Text SecurityServiceType type' :: SecurityServiceType managedServiceData :: Maybe Text $sel:type':SecurityServicePolicyData' :: SecurityServicePolicyData -> SecurityServiceType $sel:managedServiceData:SecurityServicePolicyData' :: SecurityServicePolicyData -> Maybe Text ..} = [Pair] -> Value Core.object ( [Maybe Pair] -> [Pair] forall a. [Maybe a] -> [a] Prelude.catMaybes [ (Text "ManagedServiceData" Text -> Text -> Pair forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe Text managedServiceData, Pair -> Maybe Pair forall a. a -> Maybe a Prelude.Just (Text "Type" Text -> SecurityServiceType -> Pair forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv Core..= SecurityServiceType type') ] )