logo
Expand description

AWS Firewall Manager

This is the AWS Firewall Manager API Reference. This guide is for developers who need detailed information about the AWS Firewall Manager API actions, data types, and errors. For detailed information about AWS Firewall Manager features, see the AWS Firewall Manager Developer Guide.

Some API actions require explicit resource permissions. For information, see the developer guide topic Firewall Manager required permissions for API actions.

If you’re using the service, you’re probably looking for FmsClient and Fms.

Structs

An individual AWS Firewall Manager application.

An AWS Firewall Manager applications list.

Details of the AWS Firewall Manager applications list.

Violations for an EC2 instance resource.

Violations for network interfaces associated with an EC2 instance.

Details of the rule violation in a security group when compared to the master security group of the AWS Firewall Manager policy.

Details of the resource that is not protected by the policy.

A DNS Firewall rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.

The VPC that Firewall Manager was applying a DNS Fireall policy to reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed due to the limit.

A rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.

Describes the compliance status for the account. An account is considered noncompliant if it includes resources that are not protected by the specified policy or that don't comply with the policy.

A client for the FMS API.

Violation details for AWS Network Firewall for a subnet that's not associated to the expected Firewall Manager managed route table.

Violation details for AWS Network Firewall for a subnet that doesn't have a Firewall Manager managed firewall in its VPC.

Violation details for AWS Network Firewall for an Availability Zone that's missing the expected Firewall Manager managed subnet.

The definition of the AWS Network Firewall firewall policy.

Violation details for AWS Network Firewall for a firewall policy that has a different NetworkFirewallPolicyDescription than is required by the Firewall Manager policy.

The reference rule that partially matches the ViolationTarget rule and violation reason.

An AWS Firewall Manager policy.

Describes the noncompliant resources in a member account for a specific AWS Firewall Manager policy. A maximum of 100 entries are displayed. If more than 100 resources are noncompliant, EvaluationLimitExceeded is set to True.

Indicates whether the account is compliant with the specified policy. An account is considered noncompliant if it includes resources that are not protected by the policy, for AWS WAF and Shield Advanced policies, or that are noncompliant with the policy, for security group policies.

Details of the AWS Firewall Manager policy.

An AWS Firewall Manager protocols list.

Details of the AWS Firewall Manager protocols list.

The resource tags that AWS Firewall Manager uses to determine if a particular resource should be included or excluded from the AWS Firewall Manager policy. Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value. Firewall Manager combines the tags with "AND" so that, if you add more than one tag to a policy scope, a resource must have all the specified tags to be included or excluded. For more information, see Working with Tag Editor.

Violation detail based on resource type.

Remediation option for the rule specified in the ViolationTarget.

Describes a set of permissions for a security group rule.

Details about the security service that is being used to protect the resources.

AWS Network Firewall stateful rule group, used in a NetworkFirewallPolicyDescription.

AWS Network Firewall stateless rule group, used in a NetworkFirewallPolicyDescription.

A collection of key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource.

Violations for a resource based on the specified AWS Firewall Manager policy and AWS account.

Enums

Errors returned by AssociateAdminAccount

Errors returned by DeleteAppsList

Errors returned by DeleteNotificationChannel

Errors returned by DeletePolicy

Errors returned by DeleteProtocolsList

Errors returned by DisassociateAdminAccount

Errors returned by GetAdminAccount

Errors returned by GetAppsList

Errors returned by GetComplianceDetail

Errors returned by GetNotificationChannel

Errors returned by GetPolicy

Errors returned by GetProtectionStatus

Errors returned by GetProtocolsList

Errors returned by GetViolationDetails

Errors returned by ListAppsLists

Errors returned by ListComplianceStatus

Errors returned by ListMemberAccounts

Errors returned by ListPolicies

Errors returned by ListProtocolsLists

Errors returned by ListTagsForResource

Errors returned by PutAppsList

Errors returned by PutNotificationChannel

Errors returned by PutPolicy

Errors returned by PutProtocolsList

Errors returned by TagResource

Errors returned by UntagResource

Traits

Trait representing the capabilities of the FMS API. FMS clients implement this trait.