| Class | Description |
|---|---|
| AccountScope |
Configures the accounts within the administrator's Organizations organization that the specified Firewall Manager
administrator can apply policies to.
|
| ActionTarget |
Describes a remediation action target.
|
| AdminAccountSummary |
Contains high level information about the Firewall Manager administrator account.
|
| AdminScope |
Defines the resources that the Firewall Manager administrator can manage.
|
| App |
An individual Firewall Manager application.
|
| AppsListData |
An Firewall Manager applications list.
|
| AppsListDataSummary |
Details of the Firewall Manager applications list.
|
| AssociateAdminAccountRequest | |
| AssociateAdminAccountResult | |
| AssociateThirdPartyFirewallRequest | |
| AssociateThirdPartyFirewallResult | |
| AwsEc2InstanceViolation |
Violation detail for an EC2 instance resource.
|
| AwsEc2NetworkInterfaceViolation |
Violation detail for network interfaces associated with an EC2 instance.
|
| AwsVPCSecurityGroupViolation |
Violation detail for the rule violation in a security group when compared to the primary security group of the
Firewall Manager policy.
|
| BatchAssociateResourceRequest | |
| BatchAssociateResourceResult | |
| BatchDisassociateResourceRequest | |
| BatchDisassociateResourceResult | |
| ComplianceViolator |
Details of the resource that is not protected by the policy.
|
| CreateNetworkAclAction |
Information about the
CreateNetworkAcl action in Amazon EC2. |
| CreateNetworkAclEntriesAction |
Information about the
CreateNetworkAclEntries action in Amazon EC2. |
| DeleteAppsListRequest | |
| DeleteAppsListResult | |
| DeleteNetworkAclEntriesAction |
Information about the
DeleteNetworkAclEntries action in Amazon EC2. |
| DeleteNotificationChannelRequest | |
| DeleteNotificationChannelResult | |
| DeletePolicyRequest | |
| DeletePolicyResult | |
| DeleteProtocolsListRequest | |
| DeleteProtocolsListResult | |
| DeleteResourceSetRequest | |
| DeleteResourceSetResult | |
| DisassociateAdminAccountRequest | |
| DisassociateAdminAccountResult | |
| DisassociateThirdPartyFirewallRequest | |
| DisassociateThirdPartyFirewallResult | |
| DiscoveredResource |
A resource in the organization that's available to be associated with a Firewall Manager resource set.
|
| DnsDuplicateRuleGroupViolation |
A DNS Firewall rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and
can't be associated again.
|
| DnsRuleGroupLimitExceededViolation |
The VPC that Firewall Manager was applying a DNS Fireall policy to reached the limit for associated DNS Firewall rule
groups.
|
| DnsRuleGroupPriorityConflictViolation |
A rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already
associated.
|
| EC2AssociateRouteTableAction |
The action of associating an EC2 resource, such as a subnet or internet gateway, with a route table.
|
| EC2CopyRouteTableAction |
An action that copies the EC2 route table for use in remediation.
|
| EC2CreateRouteAction |
Information about the CreateRoute action in Amazon EC2.
|
| EC2CreateRouteTableAction |
Information about the CreateRouteTable action in Amazon EC2.
|
| EC2DeleteRouteAction |
Information about the DeleteRoute action in Amazon EC2.
|
| EC2ReplaceRouteAction |
Information about the ReplaceRoute action in Amazon EC2.
|
| EC2ReplaceRouteTableAssociationAction |
Information about the ReplaceRouteTableAssociation action in Amazon EC2.
|
| EntryDescription |
Describes a single rule in a network ACL.
|
| EntryViolation |
Detailed information about an entry violation in a network ACL.
|
| EvaluationResult |
Describes the compliance status for the account.
|
| ExpectedRoute |
Information about the expected route in the route table.
|
| FailedItem |
Details of a resource that failed when trying to update it's association to a resource set.
|
| FirewallSubnetIsOutOfScopeViolation |
Contains details about the firewall subnet that violates the policy scope.
|
| FirewallSubnetMissingVPCEndpointViolation |
The violation details for a firewall subnet's VPC endpoint that's deleted or missing.
|
| FMSPolicyUpdateFirewallCreationConfigAction |
Contains information about the actions that you can take to remediate scope violations caused by your policy's
FirewallCreationConfig. |
| GetAdminAccountRequest | |
| GetAdminAccountResult | |
| GetAdminScopeRequest | |
| GetAdminScopeResult | |
| GetAppsListRequest | |
| GetAppsListResult | |
| GetComplianceDetailRequest | |
| GetComplianceDetailResult | |
| GetNotificationChannelRequest | |
| GetNotificationChannelResult | |
| GetPolicyRequest | |
| GetPolicyResult | |
| GetProtectionStatusRequest | |
| GetProtectionStatusResult | |
| GetProtocolsListRequest | |
| GetProtocolsListResult | |
| GetResourceSetRequest | |
| GetResourceSetResult | |
| GetThirdPartyFirewallAssociationStatusRequest | |
| GetThirdPartyFirewallAssociationStatusResult | |
| GetViolationDetailsRequest | |
| GetViolationDetailsResult | |
| InvalidNetworkAclEntriesViolation |
Violation detail for the entries in a network ACL resource.
|
| ListAdminAccountsForOrganizationRequest | |
| ListAdminAccountsForOrganizationResult | |
| ListAdminsManagingAccountRequest | |
| ListAdminsManagingAccountResult | |
| ListAppsListsRequest | |
| ListAppsListsResult | |
| ListComplianceStatusRequest | |
| ListComplianceStatusResult | |
| ListDiscoveredResourcesRequest | |
| ListDiscoveredResourcesResult | |
| ListMemberAccountsRequest | |
| ListMemberAccountsResult | |
| ListPoliciesRequest | |
| ListPoliciesResult | |
| ListProtocolsListsRequest | |
| ListProtocolsListsResult | |
| ListResourceSetResourcesRequest | |
| ListResourceSetResourcesResult | |
| ListResourceSetsRequest | |
| ListResourceSetsResult | |
| ListTagsForResourceRequest | |
| ListTagsForResourceResult | |
| ListThirdPartyFirewallFirewallPoliciesRequest | |
| ListThirdPartyFirewallFirewallPoliciesResult | |
| NetworkAclCommonPolicy |
Defines a Firewall Manager network ACL policy.
|
| NetworkAclEntry |
Describes a rule in a network ACL.
|
| NetworkAclEntrySet |
The configuration of the first and last rules for the network ACL policy, and the remediation settings for each.
|
| NetworkAclIcmpTypeCode |
ICMP protocol: The ICMP type and code.
|
| NetworkAclPortRange |
TCP or UDP protocols: The range of ports the rule applies to.
|
| NetworkFirewallBlackHoleRouteDetectedViolation |
Violation detail for an internet gateway route with an inactive state in the customer subnet route table or Network
Firewall subnet route table.
|
| NetworkFirewallInternetTrafficNotInspectedViolation |
Violation detail for the subnet for which internet traffic that hasn't been inspected.
|
| NetworkFirewallInvalidRouteConfigurationViolation |
Violation detail for the improperly configured subnet route.
|
| NetworkFirewallMissingExpectedRoutesViolation |
Violation detail for an expected route missing in Network Firewall.
|
| NetworkFirewallMissingExpectedRTViolation |
Violation detail for Network Firewall for a subnet that's not associated to the expected Firewall Manager managed
route table.
|
| NetworkFirewallMissingFirewallViolation |
Violation detail for Network Firewall for a subnet that doesn't have a Firewall Manager managed firewall in its VPC.
|
| NetworkFirewallMissingSubnetViolation |
Violation detail for Network Firewall for an Availability Zone that's missing the expected Firewall Manager managed
subnet.
|
| NetworkFirewallPolicy |
Configures the firewall policy deployment model of Network Firewall.
|
| NetworkFirewallPolicyDescription |
The definition of the Network Firewall firewall policy.
|
| NetworkFirewallPolicyModifiedViolation |
Violation detail for Network Firewall for a firewall policy that has a different
NetworkFirewallPolicyDescription than is required by the Firewall Manager policy.
|
| NetworkFirewallStatefulRuleGroupOverride |
The setting that allows the policy owner to change the behavior of the rule group within a policy.
|
| NetworkFirewallUnexpectedFirewallRoutesViolation |
Violation detail for an unexpected route that's present in a route table.
|
| NetworkFirewallUnexpectedGatewayRoutesViolation |
Violation detail for an unexpected gateway route that’s present in a route table.
|
| OrganizationalUnitScope |
Defines the Organizations organizational units (OUs) that the specified Firewall Manager administrator can apply
policies to.
|
| PartialMatch |
The reference rule that partially matches the
ViolationTarget rule and violation reason. |
| Policy |
An Firewall Manager policy.
|
| PolicyComplianceDetail |
Describes the noncompliant resources in a member account for a specific Firewall Manager policy.
|
| PolicyComplianceStatus |
Indicates whether the account is compliant with the specified policy.
|
| PolicyOption |
Contains the settings to configure a network ACL policy, a Network Firewall firewall policy deployment model, or a
third-party firewall policy.
|
| PolicySummary |
Details of the Firewall Manager policy.
|
| PolicyTypeScope |
Defines the policy types that the specified Firewall Manager administrator can manage.
|
| PossibleRemediationAction |
A list of remediation actions.
|
| PossibleRemediationActions |
A list of possible remediation action lists.
|
| ProtocolsListData |
An Firewall Manager protocols list.
|
| ProtocolsListDataSummary |
Details of the Firewall Manager protocols list.
|
| PutAdminAccountRequest | |
| PutAdminAccountResult | |
| PutAppsListRequest | |
| PutAppsListResult | |
| PutNotificationChannelRequest | |
| PutNotificationChannelResult | |
| PutPolicyRequest | |
| PutPolicyResult | |
| PutProtocolsListRequest | |
| PutProtocolsListResult | |
| PutResourceSetRequest | |
| PutResourceSetResult | |
| RegionScope |
Defines the Amazon Web Services Regions that the specified Firewall Manager administrator can manage.
|
| RemediationAction |
Information about an individual action you can take to remediate a violation.
|
| RemediationActionWithOrder |
An ordered list of actions you can take to remediate a violation.
|
| ReplaceNetworkAclAssociationAction |
Information about the
ReplaceNetworkAclAssociation action in Amazon EC2. |
| Resource |
Details of a resource that is associated to an Firewall Manager resource set.
|
| ResourceSet |
A set of resources to include in a policy.
|
| ResourceSetSummary |
Summarizes the resource sets used in a policy.
|
| ResourceTag |
The resource tags that Firewall Manager uses to determine if a particular resource should be included or excluded
from the Firewall Manager policy.
|
| ResourceViolation |
Violation detail based on resource type.
|
| Route |
Describes a route in a route table.
|
| RouteHasOutOfScopeEndpointViolation |
Contains details about the route endpoint that violates the policy scope.
|
| SecurityGroupRemediationAction |
Remediation option for the rule specified in the
ViolationTarget. |
| SecurityGroupRuleDescription |
Describes a set of permissions for a security group rule.
|
| SecurityServicePolicyData |
Details about the security service that is being used to protect the resources.
|
| StatefulEngineOptions |
Configuration settings for the handling of the stateful rule groups in a Network Firewall firewall policy.
|
| StatefulRuleGroup |
Network Firewall stateful rule group, used in a NetworkFirewallPolicyDescription.
|
| StatelessRuleGroup |
Network Firewall stateless rule group, used in a NetworkFirewallPolicyDescription.
|
| Tag |
A collection of key:value pairs associated with an Amazon Web Services resource.
|
| TagResourceRequest | |
| TagResourceResult | |
| ThirdPartyFirewallFirewallPolicy |
Configures the third-party firewall's firewall policy.
|
| ThirdPartyFirewallMissingExpectedRouteTableViolation |
The violation details for a third-party firewall that's not associated with an Firewall Manager managed route table.
|
| ThirdPartyFirewallMissingFirewallViolation |
The violation details about a third-party firewall's subnet that doesn't have a Firewall Manager managed firewall in
its VPC.
|
| ThirdPartyFirewallMissingSubnetViolation |
The violation details for a third-party firewall for an Availability Zone that's missing the Firewall Manager managed
subnet.
|
| ThirdPartyFirewallPolicy |
Configures the deployment model for the third-party firewall.
|
| UntagResourceRequest | |
| UntagResourceResult | |
| ViolationDetail |
Violations for a resource based on the specified Firewall Manager policy and Amazon Web Services account.
|
| Exception | Description |
|---|---|
| AWSFMSException |
Base exception for all service exceptions thrown by Firewall Management Service
|
| InternalErrorException |
The operation failed because of a system problem, even though the request was valid.
|
| InvalidInputException |
The parameters of the request were invalid.
|
| InvalidOperationException |
The operation failed because there was nothing to do or the operation wasn't possible.
|
| InvalidTypeException |
The value of the
Type parameter is invalid. |
| LimitExceededException |
The operation exceeds a resource limit, for example, the maximum number of
policy objects that you can
create for an Amazon Web Services account. |
| ResourceNotFoundException |
The specified resource was not found.
|