awscc.fms_policy¶
Filters¶
event
reduce
value
Actions¶
delete¶
Parent base class for filters and actions.
properties:
type:
enum:
- delete
required:
- type
Permissions - fms:DeletePolicy
update¶
Parent base class for filters and actions.
definitions:
AccountId:
description: An AWS account ID.
maxLength: 12
minLength: 12
pattern: ^([0-9]*)$
type: string
IEMap:
additionalProperties: false
description: An FMS includeMap or excludeMap.
properties:
ACCOUNT:
insertionOrder: true
items:
description: An AWS account ID.
maxLength: 12
minLength: 12
pattern: ^([0-9]*)$
type: string
type: array
ORGUNIT:
insertionOrder: true
items:
description: An Organizational Unit ID.
maxLength: 68
minLength: 16
pattern: ^(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$
type: string
type: array
type: object
OrganizationalUnitId:
description: An Organizational Unit ID.
maxLength: 68
minLength: 16
pattern: ^(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$
type: string
PolicyTag:
additionalProperties: false
description: A policy tag.
properties:
Key:
maxLength: 128
minLength: 1
pattern: ^([^\s]*)$
type: string
Value:
maxLength: 256
pattern: ^([^\s]*)$
type: string
required:
- Key
- Value
type: object
ResourceArn:
description: A resource ARN.
maxLength: 1024
minLength: 1
pattern: ^([^\s]*)$
type: string
ResourceTag:
additionalProperties: false
description: A resource tag.
properties:
Key:
maxLength: 128
minLength: 1
type: string
Value:
maxLength: 256
type: string
required:
- Key
type: object
ResourceType:
description: An AWS resource type
maxLength: 128
minLength: 1
pattern: ^([^\s]*)$
type: string
properties:
DeleteAllPolicyResources:
type: boolean
ExcludeMap:
additionalProperties: false
description: An FMS includeMap or excludeMap.
properties:
ACCOUNT:
insertionOrder: true
items:
description: An AWS account ID.
maxLength: 12
minLength: 12
pattern: ^([0-9]*)$
type: string
type: array
ORGUNIT:
insertionOrder: true
items:
description: An Organizational Unit ID.
maxLength: 68
minLength: 16
pattern: ^(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$
type: string
type: array
type: object
ExcludeResourceTags:
type: boolean
IncludeMap:
additionalProperties: false
description: An FMS includeMap or excludeMap.
properties:
ACCOUNT:
insertionOrder: true
items:
description: An AWS account ID.
maxLength: 12
minLength: 12
pattern: ^([0-9]*)$
type: string
type: array
ORGUNIT:
insertionOrder: true
items:
description: An Organizational Unit ID.
maxLength: 68
minLength: 16
pattern: ^(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})$
type: string
type: array
type: object
PolicyName:
maxLength: 1024
minLength: 1
pattern: ^([a-zA-Z0-9_.:/=+\-@]+)$
type: string
RemediationEnabled:
type: boolean
ResourceTags:
insertionOrder: true
items:
additionalProperties: false
description: A resource tag.
properties:
Key:
maxLength: 128
minLength: 1
type: string
Value:
maxLength: 256
type: string
required:
- Key
type: object
maxItems: 8
type: array
ResourceType:
description: An AWS resource type
maxLength: 128
minLength: 1
pattern: ^([^\s]*)$
type: string
ResourceTypeList:
insertionOrder: true
items:
description: An AWS resource type
maxLength: 128
minLength: 1
pattern: ^([^\s]*)$
type: string
type: array
ResourcesCleanUp:
type: boolean
SecurityServicePolicyData:
additionalProperties: false
properties:
ManagedServiceData:
maxLength: 4096
minLength: 1
type: string
Type:
enum:
- WAF
- WAFV2
- SHIELD_ADVANCED
- SECURITY_GROUPS_COMMON
- SECURITY_GROUPS_CONTENT_AUDIT
- SECURITY_GROUPS_USAGE_AUDIT
- NETWORK_FIREWALL
- DNS_FIREWALL
type: string
required:
- Type
type: object
Tags:
insertionOrder: true
items:
additionalProperties: false
description: A policy tag.
properties:
Key:
maxLength: 128
minLength: 1
pattern: ^([^\s]*)$
type: string
Value:
maxLength: 256
pattern: ^([^\s]*)$
type: string
required:
- Key
- Value
type: object
type: array
type:
enum:
- update
Permissions - fms:PutPolicy, fms:GetPolicy, fms:TagResource, fms:UntagResource, fms:ListTagsForResource, waf-regional:ListRuleGroups, wafv2:CheckCapacity, wafv2:ListRuleGroups, wafv2:ListAvailableManagedRuleGroups, network-firewall:DescribeRuleGroup, route53resolver:ListFirewallRuleGroups