Struct rusoto_fms::SecurityServicePolicyData [−][src]
pub struct SecurityServicePolicyData { pub managed_service_data: Option<String>, pub type_: String, }
Expand description
Details about the security service that is being used to protect the resources.
Fields
managed_service_data: Option<String>
Details about the service that are specific to the service type, in JSON format. For service type SHIELDADVANCED
, this is an empty string.
-
Example:
NETWORKFIREWALL
"{"type":"NETWORKFIREWALL","networkFirewallStatelessRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2","priority":10}],"networkFirewallStatelessDefaultActions":["aws:pass","custom1"],"networkFirewallStatelessFragmentDefaultActions":["custom2","aws:pass"],"networkFirewallStatelessCustomActions":[{"actionName":"custom1","actionDefinition":{"publishMetricAction":{"dimensions":[{"value":"dimension1"}]}}},{"actionName":"custom2","actionDefinition":{"publishMetricAction":{"dimensions":[{"value":"dimension2"}]}}}],"networkFirewallStatefulRuleGroupReferences":[{"resourceARN":"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1"}],"networkFirewallOrchestrationConfig":{"singleFirewallEndpointPerVPC":true,"allowedIPV4CidrList":["10.24.34.0/28"]} }"
-
Example:
WAFV2
"{"type":"WAFV2","preProcessRuleGroups":[{"ruleGroupArn":null,"overrideAction":{"type":"NONE"},"managedRuleGroupIdentifier":{"version":null,"vendorName":"AWS","managedRuleGroupName":"AWSManagedRulesAmazonIpReputationList"},"ruleGroupType":"ManagedRuleGroup","excludeRules":[]}],"postProcessRuleGroups":[],"defaultAction":{"type":"ALLOW"},"overrideCustomerWebACLAssociation":false,"loggingConfiguration":{"logDestinationConfigs":["arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination"],"redactedFields":[{"redactedFieldType":"SingleHeader","redactedFieldValue":"Cookies"},{"redactedFieldType":"Method"}]}}"
In the
loggingConfiguration
, you can specify onelogDestinationConfigs
, you can optionally provide up to 20redactedFields
, and theRedactedFieldType
must be one ofURI
,QUERYSTRING
,HEADER
, orMETHOD
. -
Example:
WAF Classic
"{"type": "WAF", "ruleGroups": [{"id":"12345678-1bcd-9012-efga-0987654321ab", "overrideAction" : {"type": "COUNT"}}], "defaultAction": {"type": "BLOCK"}}"
-
Example:
SECURITYGROUPSCOMMON
"{"type":"SECURITYGROUPSCOMMON","revertManualSecurityGroupChanges":false,"exclusiveResourceSecurityGroupManagement":false, "applyToAllEC2InstanceENIs":false,"securityGroups":[{"id":" sg-000e55995d61a06bd"}]}"
-
Example:
SECURITYGROUPSCONTENTAUDIT
"{"type":"SECURITYGROUPSCONTENTAUDIT","securityGroups":[{"id":"sg-000e55995d61a06bd"}],"securityGroupAction":{"type":"ALLOW"}}"
The security group action for content audit can be
ALLOW
orDENY
. ForALLOW
, all in-scope security group rules must be within the allowed range of the policy's security group rules. ForDENY
, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group. -
Example:
SECURITYGROUPSUSAGEAUDIT
"{"type":"SECURITYGROUPSUSAGEAUDIT","deleteUnusedSecurityGroups":true,"coalesceRedundantSecurityGroups":true}"
type_: String
The service that the policy is using to protect the resources. This specifies the type of policy that is created, either an AWS WAF policy, a Shield Advanced policy, or a security group policy. For security group policies, Firewall Manager supports one security group for each common policy and for each content audit policy. This is an adjustable limit that you can increase by contacting AWS Support.
Trait Implementations
Returns the “default value” for a type. Read more
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error> where
__D: Deserializer<'de>,
Deserialize this value from the given Serde deserializer. Read more
This method tests for self
and other
values to be equal, and is used
by ==
. Read more
This method tests for !=
.
Auto Trait Implementations
impl RefUnwindSafe for SecurityServicePolicyData
impl Send for SecurityServicePolicyData
impl Sync for SecurityServicePolicyData
impl Unpin for SecurityServicePolicyData
impl UnwindSafe for SecurityServicePolicyData
Blanket Implementations
Mutably borrows from an owned value. Read more
Instruments this type with the provided Span
, returning an
Instrumented
wrapper. Read more
type Output = T
type Output = T
Should always be Self