Copyright | (c) 2013-2018 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
AWS Firewall Manager
This is the AWS Firewall Manager API Reference . This guide is for developers who need detailed information about the AWS Firewall Manager API actions, data types, and errors. For detailed information about AWS Firewall Manager features, see the AWS Firewall Manager Developer Guide .
- fms :: Service
- _InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidOperationException :: AsError a => Getting (First ServiceError) a ServiceError
- _ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- module Network.AWS.FMS.ListPolicies
- module Network.AWS.FMS.GetComplianceDetail
- module Network.AWS.FMS.GetNotificationChannel
- module Network.AWS.FMS.GetAdminAccount
- module Network.AWS.FMS.ListComplianceStatus
- module Network.AWS.FMS.PutPolicy
- module Network.AWS.FMS.DeletePolicy
- module Network.AWS.FMS.DisassociateAdminAccount
- module Network.AWS.FMS.PutNotificationChannel
- module Network.AWS.FMS.DeleteNotificationChannel
- module Network.AWS.FMS.AssociateAdminAccount
- module Network.AWS.FMS.GetPolicy
- data PolicyComplianceStatusType
- data SecurityServiceType = Waf
- data ViolationReason
- data ComplianceViolator
- complianceViolator :: ComplianceViolator
- cvResourceId :: Lens' ComplianceViolator (Maybe Text)
- cvResourceType :: Lens' ComplianceViolator (Maybe Text)
- cvViolationReason :: Lens' ComplianceViolator (Maybe ViolationReason)
- data EvaluationResult
- evaluationResult :: EvaluationResult
- erViolatorCount :: Lens' EvaluationResult (Maybe Natural)
- erComplianceStatus :: Lens' EvaluationResult (Maybe PolicyComplianceStatusType)
- erEvaluationLimitExceeded :: Lens' EvaluationResult (Maybe Bool)
- data Policy
- policy :: Text -> SecurityServicePolicyData -> Text -> Bool -> Bool -> Policy
- pPolicyId :: Lens' Policy (Maybe Text)
- pResourceTags :: Lens' Policy [ResourceTag]
- pPolicyUpdateToken :: Lens' Policy (Maybe Text)
- pPolicyName :: Lens' Policy Text
- pSecurityServicePolicyData :: Lens' Policy SecurityServicePolicyData
- pResourceType :: Lens' Policy Text
- pExcludeResourceTags :: Lens' Policy Bool
- pRemediationEnabled :: Lens' Policy Bool
- data PolicyComplianceDetail
- policyComplianceDetail :: PolicyComplianceDetail
- pcdExpiredAt :: Lens' PolicyComplianceDetail (Maybe UTCTime)
- pcdPolicyId :: Lens' PolicyComplianceDetail (Maybe Text)
- pcdViolators :: Lens' PolicyComplianceDetail [ComplianceViolator]
- pcdEvaluationLimitExceeded :: Lens' PolicyComplianceDetail (Maybe Bool)
- pcdPolicyOwner :: Lens' PolicyComplianceDetail (Maybe Text)
- pcdMemberAccount :: Lens' PolicyComplianceDetail (Maybe Text)
- data PolicyComplianceStatus
- policyComplianceStatus :: PolicyComplianceStatus
- pcsEvaluationResults :: Lens' PolicyComplianceStatus [EvaluationResult]
- pcsLastUpdated :: Lens' PolicyComplianceStatus (Maybe UTCTime)
- pcsPolicyName :: Lens' PolicyComplianceStatus (Maybe Text)
- pcsPolicyId :: Lens' PolicyComplianceStatus (Maybe Text)
- pcsPolicyOwner :: Lens' PolicyComplianceStatus (Maybe Text)
- pcsMemberAccount :: Lens' PolicyComplianceStatus (Maybe Text)
- data PolicySummary
- policySummary :: PolicySummary
- psPolicyName :: Lens' PolicySummary (Maybe Text)
- psRemediationEnabled :: Lens' PolicySummary (Maybe Bool)
- psResourceType :: Lens' PolicySummary (Maybe Text)
- psPolicyId :: Lens' PolicySummary (Maybe Text)
- psPolicyARN :: Lens' PolicySummary (Maybe Text)
- psSecurityServiceType :: Lens' PolicySummary (Maybe SecurityServiceType)
- data ResourceTag
- resourceTag :: Text -> ResourceTag
- rtValue :: Lens' ResourceTag (Maybe Text)
- rtKey :: Lens' ResourceTag Text
- data SecurityServicePolicyData
- securityServicePolicyData :: SecurityServiceType -> SecurityServicePolicyData
- sspdManagedServiceData :: Lens' SecurityServicePolicyData (Maybe Text)
- sspdType :: Lens' SecurityServicePolicyData SecurityServiceType
Service Configuration
API version 2018-01-01
of the Amazon Firewall Management Service SDK configuration.
Errors
Error matchers are designed for use with the functions provided by
Control.Exception.Lens.
This allows catching (and rethrowing) service specific errors returned
by FMS
.
InternalErrorException
_InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because of a system problem, even though the request was valid. Retry your request.
InvalidInputException
_InvalidInputException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The parameters of the request were invalid.
InvalidOperationException
_InvalidOperationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because there was nothing to do. For example, you might have submitted an AssociateAdminAccount
request, but the account ID that you submitted was already set as the AWS Firewall Manager administrator.
ResourceNotFoundException
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The specified resource was not found.
LimitExceededException
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation exceeds a resource limit, for example, the maximum number of policy
objects that you can create for an AWS account. For more information, see Firewall Manager Limits in the AWS WAF Developer Guide .
Waiters
Waiters poll by repeatedly sending a request until some remote success condition
configured by the Wait
specification is fulfilled. The Wait
specification
determines how many attempts should be made, in addition to delay and retry strategies.
Operations
Some AWS operations return results that are incomplete and require subsequent
requests in order to obtain the entire result set. The process of sending
subsequent requests to continue where a previous request left off is called
pagination. For example, the ListObjects
operation of Amazon S3 returns up to
1000 objects at a time, and you must send subsequent requests with the
appropriate Marker in order to retrieve the next page of results.
Operations that have an AWSPager
instance can transparently perform subsequent
requests, correctly setting Markers and other request facets to iterate through
the entire result set of a truncated API operation. Operations which support
this have an additional note in the documentation.
Many operations have the ability to filter results on the server side. See the individual operation parameters for details.
ListPolicies
module Network.AWS.FMS.ListPolicies
GetComplianceDetail
GetNotificationChannel
GetAdminAccount
ListComplianceStatus
PutPolicy
module Network.AWS.FMS.PutPolicy
DeletePolicy
module Network.AWS.FMS.DeletePolicy
DisassociateAdminAccount
PutNotificationChannel
DeleteNotificationChannel
AssociateAdminAccount
GetPolicy
module Network.AWS.FMS.GetPolicy
Types
PolicyComplianceStatusType
data PolicyComplianceStatusType Source #
SecurityServiceType
data SecurityServiceType Source #
ViolationReason
data ViolationReason Source #
ComplianceViolator
data ComplianceViolator Source #
Details of the resource that is not protected by the policy.
See: complianceViolator
smart constructor.
complianceViolator :: ComplianceViolator Source #
Creates a value of ComplianceViolator
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
cvResourceId
- The resource ID.cvResourceType
- The resource type. This is in the format shown in AWS Resource Types Reference . Valid values areAWS::ElasticLoadBalancingV2::LoadBalancer
orAWS::CloudFront::Distribution
.cvViolationReason
- The reason that the resource is not protected by the policy.
cvResourceId :: Lens' ComplianceViolator (Maybe Text) Source #
The resource ID.
cvResourceType :: Lens' ComplianceViolator (Maybe Text) Source #
The resource type. This is in the format shown in AWS Resource Types Reference . Valid values are AWS::ElasticLoadBalancingV2::LoadBalancer
or AWS::CloudFront::Distribution
.
cvViolationReason :: Lens' ComplianceViolator (Maybe ViolationReason) Source #
The reason that the resource is not protected by the policy.
EvaluationResult
data EvaluationResult Source #
Describes the compliance status for the account. An account is considered non-compliant if it includes resources that are not protected by the specified policy.
See: evaluationResult
smart constructor.
evaluationResult :: EvaluationResult Source #
Creates a value of EvaluationResult
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
erViolatorCount
- Number of resources that are non-compliant with the specified policy. A resource is considered non-compliant if it is not associated with the specified policy.erComplianceStatus
- Describes an AWS account's compliance with the AWS Firewall Manager policy.erEvaluationLimitExceeded
- Indicates that over 100 resources are non-compliant with the AWS Firewall Manager policy.
erViolatorCount :: Lens' EvaluationResult (Maybe Natural) Source #
Number of resources that are non-compliant with the specified policy. A resource is considered non-compliant if it is not associated with the specified policy.
erComplianceStatus :: Lens' EvaluationResult (Maybe PolicyComplianceStatusType) Source #
Describes an AWS account's compliance with the AWS Firewall Manager policy.
erEvaluationLimitExceeded :: Lens' EvaluationResult (Maybe Bool) Source #
Indicates that over 100 resources are non-compliant with the AWS Firewall Manager policy.
Policy
An AWS Firewall Manager policy.
See: policy
smart constructor.
Creates a value of Policy
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pPolicyId
- The ID of the AWS Firewall Manager policy.pResourceTags
- An array ofResourceTag
objects.pPolicyUpdateToken
- A unique identifier for each update to the policy. When issuing aPutPolicy
request, thePolicyUpdateToken
in the request must match thePolicyUpdateToken
of the current policy version. To get thePolicyUpdateToken
of the current policy version, use aGetPolicy
request.pPolicyName
- The friendly name of the AWS Firewall Manager policy.pSecurityServicePolicyData
- Details about the security service that is being used to protect the resources.pResourceType
- The type of resource to protect with the policy, either an Application Load Balancer or a CloudFront distribution. This is in the format shown in AWS Resource Types Reference . Valid values areAWS::ElasticLoadBalancingV2::LoadBalancer
orAWS::CloudFront::Distribution
.pExcludeResourceTags
- If set toTrue
, resources with the tags that are specified in theResourceTag
array are not protected by the policy. If set toFalse
, and theResourceTag
array is not null, only resources with the specified tags are associated with the policy.pRemediationEnabled
- Indicates if the policy should be automatically applied to new resources.
pResourceTags :: Lens' Policy [ResourceTag] Source #
An array of ResourceTag
objects.
pPolicyUpdateToken :: Lens' Policy (Maybe Text) Source #
A unique identifier for each update to the policy. When issuing a PutPolicy
request, the PolicyUpdateToken
in the request must match the PolicyUpdateToken
of the current policy version. To get the PolicyUpdateToken
of the current policy version, use a GetPolicy
request.
pSecurityServicePolicyData :: Lens' Policy SecurityServicePolicyData Source #
Details about the security service that is being used to protect the resources.
pResourceType :: Lens' Policy Text Source #
The type of resource to protect with the policy, either an Application Load Balancer or a CloudFront distribution. This is in the format shown in AWS Resource Types Reference . Valid values are AWS::ElasticLoadBalancingV2::LoadBalancer
or AWS::CloudFront::Distribution
.
pExcludeResourceTags :: Lens' Policy Bool Source #
If set to True
, resources with the tags that are specified in the ResourceTag
array are not protected by the policy. If set to False
, and the ResourceTag
array is not null, only resources with the specified tags are associated with the policy.
pRemediationEnabled :: Lens' Policy Bool Source #
Indicates if the policy should be automatically applied to new resources.
PolicyComplianceDetail
data PolicyComplianceDetail Source #
Describes the non-compliant resources in a member account for a specific AWS Firewall Manager policy. A maximum of 100 entries are displayed. If more than 100 resources are non-compliant, EvaluationLimitExceeded
is set to True
.
See: policyComplianceDetail
smart constructor.
policyComplianceDetail :: PolicyComplianceDetail Source #
Creates a value of PolicyComplianceDetail
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pcdExpiredAt
- A time stamp that indicates when the returned information should be considered out-of-date.pcdPolicyId
- The ID of the AWS Firewall Manager policy.pcdViolators
- An array of resources that are not protected by the policy.pcdEvaluationLimitExceeded
- Indicates if over 100 resources are non-compliant with the AWS Firewall Manager policy.pcdPolicyOwner
- The AWS account that created the AWS Firewall Manager policy.pcdMemberAccount
- The AWS account ID.
pcdExpiredAt :: Lens' PolicyComplianceDetail (Maybe UTCTime) Source #
A time stamp that indicates when the returned information should be considered out-of-date.
pcdPolicyId :: Lens' PolicyComplianceDetail (Maybe Text) Source #
The ID of the AWS Firewall Manager policy.
pcdViolators :: Lens' PolicyComplianceDetail [ComplianceViolator] Source #
An array of resources that are not protected by the policy.
pcdEvaluationLimitExceeded :: Lens' PolicyComplianceDetail (Maybe Bool) Source #
Indicates if over 100 resources are non-compliant with the AWS Firewall Manager policy.
pcdPolicyOwner :: Lens' PolicyComplianceDetail (Maybe Text) Source #
The AWS account that created the AWS Firewall Manager policy.
pcdMemberAccount :: Lens' PolicyComplianceDetail (Maybe Text) Source #
The AWS account ID.
PolicyComplianceStatus
data PolicyComplianceStatus Source #
Indicates whether the account is compliant with the specified policy. An account is considered non-compliant if it includes resources that are not protected by the policy.
See: policyComplianceStatus
smart constructor.
policyComplianceStatus :: PolicyComplianceStatus Source #
Creates a value of PolicyComplianceStatus
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pcsEvaluationResults
- An array ofEvaluationResult
objects.pcsLastUpdated
- Time stamp of the last update to theEvaluationResult
objects.pcsPolicyName
- The friendly name of the AWS Firewall Manager policy.pcsPolicyId
- The ID of the AWS Firewall Manager policy.pcsPolicyOwner
- The AWS account that created the AWS Firewall Manager policy.pcsMemberAccount
- The member account ID.
pcsEvaluationResults :: Lens' PolicyComplianceStatus [EvaluationResult] Source #
An array of EvaluationResult
objects.
pcsLastUpdated :: Lens' PolicyComplianceStatus (Maybe UTCTime) Source #
Time stamp of the last update to the EvaluationResult
objects.
pcsPolicyName :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The friendly name of the AWS Firewall Manager policy.
pcsPolicyId :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The ID of the AWS Firewall Manager policy.
pcsPolicyOwner :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The AWS account that created the AWS Firewall Manager policy.
pcsMemberAccount :: Lens' PolicyComplianceStatus (Maybe Text) Source #
The member account ID.
PolicySummary
data PolicySummary Source #
Details of the AWS Firewall Manager policy.
See: policySummary
smart constructor.
policySummary :: PolicySummary Source #
Creates a value of PolicySummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
psPolicyName
- The friendly name of the specified policy.psRemediationEnabled
- Indicates if the policy should be automatically applied to new resources.psResourceType
- The type of resource to protect with the policy, either an Application Load Balancer or a CloudFront distribution. This is in the format shown in AWS Resource Types Reference . Valid values areAWS::ElasticLoadBalancingV2::LoadBalancer
orAWS::CloudFront::Distribution
.psPolicyId
- The ID of the specified policy.psPolicyARN
- The Amazon Resource Name (ARN) of the specified policy.psSecurityServiceType
- The service that the policy is using to protect the resources. This value isWAF
.
psPolicyName :: Lens' PolicySummary (Maybe Text) Source #
The friendly name of the specified policy.
psRemediationEnabled :: Lens' PolicySummary (Maybe Bool) Source #
Indicates if the policy should be automatically applied to new resources.
psResourceType :: Lens' PolicySummary (Maybe Text) Source #
The type of resource to protect with the policy, either an Application Load Balancer or a CloudFront distribution. This is in the format shown in AWS Resource Types Reference . Valid values are AWS::ElasticLoadBalancingV2::LoadBalancer
or AWS::CloudFront::Distribution
.
psPolicyId :: Lens' PolicySummary (Maybe Text) Source #
The ID of the specified policy.
psPolicyARN :: Lens' PolicySummary (Maybe Text) Source #
The Amazon Resource Name (ARN) of the specified policy.
psSecurityServiceType :: Lens' PolicySummary (Maybe SecurityServiceType) Source #
The service that the policy is using to protect the resources. This value is WAF
.
ResourceTag
data ResourceTag Source #
The resource tags that AWS Firewall Manager uses to determine if a particular resource should be included or excluded from protection by the AWS Firewall Manager policy. Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. Tags are combined with an "OR." That is, if you add more than one tag, if any of the tags matches, the resource is considered a match for the include or exclude. Working with Tag Editor .
See: resourceTag
smart constructor.
:: Text | |
-> ResourceTag |
Creates a value of ResourceTag
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
SecurityServicePolicyData
data SecurityServicePolicyData Source #
Details about the security service that is being used to protect the resources.
See: securityServicePolicyData
smart constructor.
securityServicePolicyData Source #
Creates a value of SecurityServicePolicyData
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
sspdManagedServiceData
- Details about the service. This containsWAF
data in JSON format, as shown in the following example:ManagedServiceData": "{"type": "WAF", "ruleGroups": [{"id": "12345678-1bcd-9012-efga-0987654321ab", "overrideAction" : {"type": "COUNT"}}], "defaultAction": {"type": "BLOCK"}}
sspdType
- The service that the policy is using to protect the resources. This value isWAF
.
sspdManagedServiceData :: Lens' SecurityServicePolicyData (Maybe Text) Source #
Details about the service. This contains WAF
data in JSON format, as shown in the following example: ManagedServiceData": "{"type": "WAF", "ruleGroups": [{"id": "12345678-1bcd-9012-efga-0987654321ab", "overrideAction" : {"type": "COUNT"}}], "defaultAction": {"type": "BLOCK"}}
sspdType :: Lens' SecurityServicePolicyData SecurityServiceType Source #
The service that the policy is using to protect the resources. This value is WAF
.