Expand description
This is the AWS Firewall Manager API Reference. This guide is for developers who need detailed information about the AWS Firewall Manager API actions, data types, and errors. For detailed information about AWS Firewall Manager features, see the AWS Firewall Manager Developer Guide.
Some API actions require explicit resource permissions. For information, see the developer guide topic Firewall Manager required permissions for API actions.
If you’re using the service, you’re probably looking for FmsClient and Fms.
Structs§
- App
An individual AWS Firewall Manager application.
- Apps
List Data An AWS Firewall Manager applications list.
- Apps
List Data Summary Details of the AWS Firewall Manager applications list.
- Associate
Admin Account Request - AwsEc2
Instance Violation Violations for an EC2 instance resource.
- AwsEc2
Network Interface Violation Violations for network interfaces associated with an EC2 instance.
- AwsVPC
Security Group Violation Details of the rule violation in a security group when compared to the master security group of the AWS Firewall Manager policy.
- Compliance
Violator Details of the resource that is not protected by the policy.
- Delete
Apps List Request - Delete
Notification Channel Request - Delete
Policy Request - Delete
Protocols List Request - Disassociate
Admin Account Request - DnsDuplicate
Rule Group Violation A DNS Firewall rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.
- DnsRule
Group Limit Exceeded Violation The VPC that Firewall Manager was applying a DNS Fireall policy to reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed due to the limit.
- DnsRule
Group Priority Conflict Violation A rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.
- Evaluation
Result Describes the compliance status for the account. An account is considered noncompliant if it includes resources that are not protected by the specified policy or that don't comply with the policy.
- FmsClient
- A client for the FMS API.
- GetAdmin
Account Request - GetAdmin
Account Response - GetApps
List Request - GetApps
List Response - GetCompliance
Detail Request - GetCompliance
Detail Response - GetNotification
Channel Request - GetNotification
Channel Response - GetPolicy
Request - GetPolicy
Response - GetProtection
Status Request - GetProtection
Status Response - GetProtocols
List Request - GetProtocols
List Response - GetViolation
Details Request - GetViolation
Details Response - List
Apps Lists Request - List
Apps Lists Response - List
Compliance Status Request - List
Compliance Status Response - List
Member Accounts Request - List
Member Accounts Response - List
Policies Request - List
Policies Response - List
Protocols Lists Request - List
Protocols Lists Response - List
Tags ForResource Request - List
Tags ForResource Response - Network
Firewall Missing ExpectedRT Violation Violation details for AWS Network Firewall for a subnet that's not associated to the expected Firewall Manager managed route table.
- Network
Firewall Missing Firewall Violation Violation details for AWS Network Firewall for a subnet that doesn't have a Firewall Manager managed firewall in its VPC.
- Network
Firewall Missing Subnet Violation Violation details for AWS Network Firewall for an Availability Zone that's missing the expected Firewall Manager managed subnet.
- Network
Firewall Policy Description The definition of the AWS Network Firewall firewall policy.
- Network
Firewall Policy Modified Violation Violation details for AWS Network Firewall for a firewall policy that has a different NetworkFirewallPolicyDescription than is required by the Firewall Manager policy.
- Partial
Match The reference rule that partially matches the
ViolationTargetrule and violation reason.- Policy
An AWS Firewall Manager policy.
- Policy
Compliance Detail Describes the noncompliant resources in a member account for a specific AWS Firewall Manager policy. A maximum of 100 entries are displayed. If more than 100 resources are noncompliant,
EvaluationLimitExceededis set toTrue.- Policy
Compliance Status Indicates whether the account is compliant with the specified policy. An account is considered noncompliant if it includes resources that are not protected by the policy, for AWS WAF and Shield Advanced policies, or that are noncompliant with the policy, for security group policies.
- Policy
Summary Details of the AWS Firewall Manager policy.
- Protocols
List Data An AWS Firewall Manager protocols list.
- Protocols
List Data Summary Details of the AWS Firewall Manager protocols list.
- PutApps
List Request - PutApps
List Response - PutNotification
Channel Request - PutPolicy
Request - PutPolicy
Response - PutProtocols
List Request - PutProtocols
List Response - Resource
Tag The resource tags that AWS Firewall Manager uses to determine if a particular resource should be included or excluded from the AWS Firewall Manager policy. Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value. Firewall Manager combines the tags with "AND" so that, if you add more than one tag to a policy scope, a resource must have all the specified tags to be included or excluded. For more information, see Working with Tag Editor.
- Resource
Violation Violation detail based on resource type.
- Security
Group Remediation Action Remediation option for the rule specified in the
ViolationTarget.- Security
Group Rule Description Describes a set of permissions for a security group rule.
- Security
Service Policy Data Details about the security service that is being used to protect the resources.
- Stateful
Rule Group AWS Network Firewall stateful rule group, used in a NetworkFirewallPolicyDescription.
- Stateless
Rule Group AWS Network Firewall stateless rule group, used in a NetworkFirewallPolicyDescription.
- Tag
A collection of key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource.
- TagResource
Request - TagResource
Response - Untag
Resource Request - Untag
Resource Response - Violation
Detail Violations for a resource based on the specified AWS Firewall Manager policy and AWS account.
Enums§
- Associate
Admin Account Error - Errors returned by AssociateAdminAccount
- Delete
Apps List Error - Errors returned by DeleteAppsList
- Delete
Notification Channel Error - Errors returned by DeleteNotificationChannel
- Delete
Policy Error - Errors returned by DeletePolicy
- Delete
Protocols List Error - Errors returned by DeleteProtocolsList
- Disassociate
Admin Account Error - Errors returned by DisassociateAdminAccount
- GetAdmin
Account Error - Errors returned by GetAdminAccount
- GetApps
List Error - Errors returned by GetAppsList
- GetCompliance
Detail Error - Errors returned by GetComplianceDetail
- GetNotification
Channel Error - Errors returned by GetNotificationChannel
- GetPolicy
Error - Errors returned by GetPolicy
- GetProtection
Status Error - Errors returned by GetProtectionStatus
- GetProtocols
List Error - Errors returned by GetProtocolsList
- GetViolation
Details Error - Errors returned by GetViolationDetails
- List
Apps Lists Error - Errors returned by ListAppsLists
- List
Compliance Status Error - Errors returned by ListComplianceStatus
- List
Member Accounts Error - Errors returned by ListMemberAccounts
- List
Policies Error - Errors returned by ListPolicies
- List
Protocols Lists Error - Errors returned by ListProtocolsLists
- List
Tags ForResource Error - Errors returned by ListTagsForResource
- PutApps
List Error - Errors returned by PutAppsList
- PutNotification
Channel Error - Errors returned by PutNotificationChannel
- PutPolicy
Error - Errors returned by PutPolicy
- PutProtocols
List Error - Errors returned by PutProtocolsList
- TagResource
Error - Errors returned by TagResource
- Untag
Resource Error - Errors returned by UntagResource
Traits§
- Fms
- Trait representing the capabilities of the FMS API. FMS clients implement this trait.