@Generated(value="com.amazonaws:aws-java-sdk-code-generator") public class Policy extends Object implements Serializable, Cloneable, StructuredPojo
An Firewall Manager policy.
Constructor and Description |
---|
Policy() |
Modifier and Type | Method and Description |
---|---|
Policy |
addExcludeMapEntry(String key,
List<String> value)
Add a single ExcludeMap entry
|
Policy |
addIncludeMapEntry(String key,
List<String> value)
Add a single IncludeMap entry
|
Policy |
clearExcludeMapEntries()
Removes all the entries added into ExcludeMap.
|
Policy |
clearIncludeMapEntries()
Removes all the entries added into IncludeMap.
|
Policy |
clone() |
boolean |
equals(Object obj) |
Boolean |
getDeleteUnusedFMManagedResources()
Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy
scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy
scope.
|
Map<String,List<String>> |
getExcludeMap()
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the
policy.
|
Boolean |
getExcludeResourceTags()
If set to
True , resources with the tags that are specified in the ResourceTag array are
not in scope of the policy. |
Map<String,List<String>> |
getIncludeMap()
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the
policy.
|
String |
getPolicyDescription()
Your description of the Firewall Manager policy.
|
String |
getPolicyId()
The ID of the Firewall Manager policy.
|
String |
getPolicyName()
The name of the Firewall Manager policy.
|
String |
getPolicyStatus()
Indicates whether the policy is in or out of an admin's policy or Region scope.
|
String |
getPolicyUpdateToken()
A unique identifier for each update to the policy.
|
Boolean |
getRemediationEnabled()
Indicates if the policy should be automatically applied to new resources.
|
List<String> |
getResourceSetIds()
The unique identifiers of the resource sets used by the policy.
|
List<ResourceTag> |
getResourceTags()
An array of
ResourceTag objects. |
String |
getResourceType()
The type of resource protected by or in scope of the policy.
|
List<String> |
getResourceTypeList()
An array of
ResourceType objects. |
SecurityServicePolicyData |
getSecurityServicePolicyData()
Details about the security service that is being used to protect the resources.
|
int |
hashCode() |
Boolean |
isDeleteUnusedFMManagedResources()
Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy
scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy
scope.
|
Boolean |
isExcludeResourceTags()
If set to
True , resources with the tags that are specified in the ResourceTag array are
not in scope of the policy. |
Boolean |
isRemediationEnabled()
Indicates if the policy should be automatically applied to new resources.
|
void |
marshall(ProtocolMarshaller protocolMarshaller)
Marshalls this structured data using the given
ProtocolMarshaller . |
void |
setDeleteUnusedFMManagedResources(Boolean deleteUnusedFMManagedResources)
Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy
scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy
scope.
|
void |
setExcludeMap(Map<String,List<String>> excludeMap)
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the
policy.
|
void |
setExcludeResourceTags(Boolean excludeResourceTags)
If set to
True , resources with the tags that are specified in the ResourceTag array are
not in scope of the policy. |
void |
setIncludeMap(Map<String,List<String>> includeMap)
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the
policy.
|
void |
setPolicyDescription(String policyDescription)
Your description of the Firewall Manager policy.
|
void |
setPolicyId(String policyId)
The ID of the Firewall Manager policy.
|
void |
setPolicyName(String policyName)
The name of the Firewall Manager policy.
|
void |
setPolicyStatus(String policyStatus)
Indicates whether the policy is in or out of an admin's policy or Region scope.
|
void |
setPolicyUpdateToken(String policyUpdateToken)
A unique identifier for each update to the policy.
|
void |
setRemediationEnabled(Boolean remediationEnabled)
Indicates if the policy should be automatically applied to new resources.
|
void |
setResourceSetIds(Collection<String> resourceSetIds)
The unique identifiers of the resource sets used by the policy.
|
void |
setResourceTags(Collection<ResourceTag> resourceTags)
An array of
ResourceTag objects. |
void |
setResourceType(String resourceType)
The type of resource protected by or in scope of the policy.
|
void |
setResourceTypeList(Collection<String> resourceTypeList)
An array of
ResourceType objects. |
void |
setSecurityServicePolicyData(SecurityServicePolicyData securityServicePolicyData)
Details about the security service that is being used to protect the resources.
|
String |
toString()
Returns a string representation of this object.
|
Policy |
withDeleteUnusedFMManagedResources(Boolean deleteUnusedFMManagedResources)
Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy
scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy
scope.
|
Policy |
withExcludeMap(Map<String,List<String>> excludeMap)
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the
policy.
|
Policy |
withExcludeResourceTags(Boolean excludeResourceTags)
If set to
True , resources with the tags that are specified in the ResourceTag array are
not in scope of the policy. |
Policy |
withIncludeMap(Map<String,List<String>> includeMap)
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the
policy.
|
Policy |
withPolicyDescription(String policyDescription)
Your description of the Firewall Manager policy.
|
Policy |
withPolicyId(String policyId)
The ID of the Firewall Manager policy.
|
Policy |
withPolicyName(String policyName)
The name of the Firewall Manager policy.
|
Policy |
withPolicyStatus(CustomerPolicyStatus policyStatus)
Indicates whether the policy is in or out of an admin's policy or Region scope.
|
Policy |
withPolicyStatus(String policyStatus)
Indicates whether the policy is in or out of an admin's policy or Region scope.
|
Policy |
withPolicyUpdateToken(String policyUpdateToken)
A unique identifier for each update to the policy.
|
Policy |
withRemediationEnabled(Boolean remediationEnabled)
Indicates if the policy should be automatically applied to new resources.
|
Policy |
withResourceSetIds(Collection<String> resourceSetIds)
The unique identifiers of the resource sets used by the policy.
|
Policy |
withResourceSetIds(String... resourceSetIds)
The unique identifiers of the resource sets used by the policy.
|
Policy |
withResourceTags(Collection<ResourceTag> resourceTags)
An array of
ResourceTag objects. |
Policy |
withResourceTags(ResourceTag... resourceTags)
An array of
ResourceTag objects. |
Policy |
withResourceType(String resourceType)
The type of resource protected by or in scope of the policy.
|
Policy |
withResourceTypeList(Collection<String> resourceTypeList)
An array of
ResourceType objects. |
Policy |
withResourceTypeList(String... resourceTypeList)
An array of
ResourceType objects. |
Policy |
withSecurityServicePolicyData(SecurityServicePolicyData securityServicePolicyData)
Details about the security service that is being used to protect the resources.
|
public void setPolicyId(String policyId)
The ID of the Firewall Manager policy.
policyId
- The ID of the Firewall Manager policy.public String getPolicyId()
The ID of the Firewall Manager policy.
public Policy withPolicyId(String policyId)
The ID of the Firewall Manager policy.
policyId
- The ID of the Firewall Manager policy.public void setPolicyName(String policyName)
The name of the Firewall Manager policy.
policyName
- The name of the Firewall Manager policy.public String getPolicyName()
The name of the Firewall Manager policy.
public Policy withPolicyName(String policyName)
The name of the Firewall Manager policy.
policyName
- The name of the Firewall Manager policy.public void setPolicyUpdateToken(String policyUpdateToken)
A unique identifier for each update to the policy. When issuing a PutPolicy
request, the
PolicyUpdateToken
in the request must match the PolicyUpdateToken
of the current policy
version. To get the PolicyUpdateToken
of the current policy version, use a GetPolicy
request.
policyUpdateToken
- A unique identifier for each update to the policy. When issuing a PutPolicy
request, the
PolicyUpdateToken
in the request must match the PolicyUpdateToken
of the current
policy version. To get the PolicyUpdateToken
of the current policy version, use a
GetPolicy
request.public String getPolicyUpdateToken()
A unique identifier for each update to the policy. When issuing a PutPolicy
request, the
PolicyUpdateToken
in the request must match the PolicyUpdateToken
of the current policy
version. To get the PolicyUpdateToken
of the current policy version, use a GetPolicy
request.
PutPolicy
request, the
PolicyUpdateToken
in the request must match the PolicyUpdateToken
of the
current policy version. To get the PolicyUpdateToken
of the current policy version, use a
GetPolicy
request.public Policy withPolicyUpdateToken(String policyUpdateToken)
A unique identifier for each update to the policy. When issuing a PutPolicy
request, the
PolicyUpdateToken
in the request must match the PolicyUpdateToken
of the current policy
version. To get the PolicyUpdateToken
of the current policy version, use a GetPolicy
request.
policyUpdateToken
- A unique identifier for each update to the policy. When issuing a PutPolicy
request, the
PolicyUpdateToken
in the request must match the PolicyUpdateToken
of the current
policy version. To get the PolicyUpdateToken
of the current policy version, use a
GetPolicy
request.public void setSecurityServicePolicyData(SecurityServicePolicyData securityServicePolicyData)
Details about the security service that is being used to protect the resources.
securityServicePolicyData
- Details about the security service that is being used to protect the resources.public SecurityServicePolicyData getSecurityServicePolicyData()
Details about the security service that is being used to protect the resources.
public Policy withSecurityServicePolicyData(SecurityServicePolicyData securityServicePolicyData)
Details about the security service that is being used to protect the resources.
securityServicePolicyData
- Details about the security service that is being used to protect the resources.public void setResourceType(String resourceType)
The type of resource protected by or in scope of the policy. This is in the format shown in the Amazon
Web Services Resource Types Reference. To apply this policy to multiple resource types, specify a resource
type of ResourceTypeList
and then specify the resource types in a ResourceTypeList
.
The following are valid resource types for each Firewall Manager policy type:
Amazon Web Services WAF Classic - AWS::ApiGateway::Stage
, AWS::CloudFront::Distribution
, and AWS::ElasticLoadBalancingV2::LoadBalancer
.
WAF - AWS::ApiGateway::Stage
, AWS::ElasticLoadBalancingV2::LoadBalancer
, and
AWS::CloudFront::Distribution
.
Shield Advanced - AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::ElasticLoadBalancing::LoadBalancer
, AWS::EC2::EIP
, and
AWS::CloudFront::Distribution
.
Network ACL - AWS::EC2::Subnet
.
Security group usage audit - AWS::EC2::SecurityGroup
.
Security group content audit - AWS::EC2::SecurityGroup
, AWS::EC2::NetworkInterface
, and
AWS::EC2::Instance
.
DNS Firewall, Network Firewall, and third-party firewall - AWS::EC2::VPC
.
resourceType
- The type of resource protected by or in scope of the policy. This is in the format shown in the Amazon Web Services Resource Types Reference. To apply this policy to multiple resource types,
specify a resource type of ResourceTypeList
and then specify the resource types in a
ResourceTypeList
.
The following are valid resource types for each Firewall Manager policy type:
Amazon Web Services WAF Classic - AWS::ApiGateway::Stage
,
AWS::CloudFront::Distribution
, and AWS::ElasticLoadBalancingV2::LoadBalancer
.
WAF - AWS::ApiGateway::Stage
, AWS::ElasticLoadBalancingV2::LoadBalancer
, and
AWS::CloudFront::Distribution
.
Shield Advanced - AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::ElasticLoadBalancing::LoadBalancer
, AWS::EC2::EIP
, and
AWS::CloudFront::Distribution
.
Network ACL - AWS::EC2::Subnet
.
Security group usage audit - AWS::EC2::SecurityGroup
.
Security group content audit - AWS::EC2::SecurityGroup
,
AWS::EC2::NetworkInterface
, and AWS::EC2::Instance
.
DNS Firewall, Network Firewall, and third-party firewall - AWS::EC2::VPC
.
public String getResourceType()
The type of resource protected by or in scope of the policy. This is in the format shown in the Amazon
Web Services Resource Types Reference. To apply this policy to multiple resource types, specify a resource
type of ResourceTypeList
and then specify the resource types in a ResourceTypeList
.
The following are valid resource types for each Firewall Manager policy type:
Amazon Web Services WAF Classic - AWS::ApiGateway::Stage
, AWS::CloudFront::Distribution
, and AWS::ElasticLoadBalancingV2::LoadBalancer
.
WAF - AWS::ApiGateway::Stage
, AWS::ElasticLoadBalancingV2::LoadBalancer
, and
AWS::CloudFront::Distribution
.
Shield Advanced - AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::ElasticLoadBalancing::LoadBalancer
, AWS::EC2::EIP
, and
AWS::CloudFront::Distribution
.
Network ACL - AWS::EC2::Subnet
.
Security group usage audit - AWS::EC2::SecurityGroup
.
Security group content audit - AWS::EC2::SecurityGroup
, AWS::EC2::NetworkInterface
, and
AWS::EC2::Instance
.
DNS Firewall, Network Firewall, and third-party firewall - AWS::EC2::VPC
.
ResourceTypeList
and then specify the resource types in a
ResourceTypeList
.
The following are valid resource types for each Firewall Manager policy type:
Amazon Web Services WAF Classic - AWS::ApiGateway::Stage
,
AWS::CloudFront::Distribution
, and AWS::ElasticLoadBalancingV2::LoadBalancer
.
WAF - AWS::ApiGateway::Stage
, AWS::ElasticLoadBalancingV2::LoadBalancer
, and
AWS::CloudFront::Distribution
.
Shield Advanced - AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::ElasticLoadBalancing::LoadBalancer
, AWS::EC2::EIP
, and
AWS::CloudFront::Distribution
.
Network ACL - AWS::EC2::Subnet
.
Security group usage audit - AWS::EC2::SecurityGroup
.
Security group content audit - AWS::EC2::SecurityGroup
,
AWS::EC2::NetworkInterface
, and AWS::EC2::Instance
.
DNS Firewall, Network Firewall, and third-party firewall - AWS::EC2::VPC
.
public Policy withResourceType(String resourceType)
The type of resource protected by or in scope of the policy. This is in the format shown in the Amazon
Web Services Resource Types Reference. To apply this policy to multiple resource types, specify a resource
type of ResourceTypeList
and then specify the resource types in a ResourceTypeList
.
The following are valid resource types for each Firewall Manager policy type:
Amazon Web Services WAF Classic - AWS::ApiGateway::Stage
, AWS::CloudFront::Distribution
, and AWS::ElasticLoadBalancingV2::LoadBalancer
.
WAF - AWS::ApiGateway::Stage
, AWS::ElasticLoadBalancingV2::LoadBalancer
, and
AWS::CloudFront::Distribution
.
Shield Advanced - AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::ElasticLoadBalancing::LoadBalancer
, AWS::EC2::EIP
, and
AWS::CloudFront::Distribution
.
Network ACL - AWS::EC2::Subnet
.
Security group usage audit - AWS::EC2::SecurityGroup
.
Security group content audit - AWS::EC2::SecurityGroup
, AWS::EC2::NetworkInterface
, and
AWS::EC2::Instance
.
DNS Firewall, Network Firewall, and third-party firewall - AWS::EC2::VPC
.
resourceType
- The type of resource protected by or in scope of the policy. This is in the format shown in the Amazon Web Services Resource Types Reference. To apply this policy to multiple resource types,
specify a resource type of ResourceTypeList
and then specify the resource types in a
ResourceTypeList
.
The following are valid resource types for each Firewall Manager policy type:
Amazon Web Services WAF Classic - AWS::ApiGateway::Stage
,
AWS::CloudFront::Distribution
, and AWS::ElasticLoadBalancingV2::LoadBalancer
.
WAF - AWS::ApiGateway::Stage
, AWS::ElasticLoadBalancingV2::LoadBalancer
, and
AWS::CloudFront::Distribution
.
Shield Advanced - AWS::ElasticLoadBalancingV2::LoadBalancer
,
AWS::ElasticLoadBalancing::LoadBalancer
, AWS::EC2::EIP
, and
AWS::CloudFront::Distribution
.
Network ACL - AWS::EC2::Subnet
.
Security group usage audit - AWS::EC2::SecurityGroup
.
Security group content audit - AWS::EC2::SecurityGroup
,
AWS::EC2::NetworkInterface
, and AWS::EC2::Instance
.
DNS Firewall, Network Firewall, and third-party firewall - AWS::EC2::VPC
.
public List<String> getResourceTypeList()
An array of ResourceType
objects. Use this only to specify multiple resource types. To specify a
single resource type, use ResourceType
.
ResourceType
objects. Use this only to specify multiple resource types. To
specify a single resource type, use ResourceType
.public void setResourceTypeList(Collection<String> resourceTypeList)
An array of ResourceType
objects. Use this only to specify multiple resource types. To specify a
single resource type, use ResourceType
.
resourceTypeList
- An array of ResourceType
objects. Use this only to specify multiple resource types. To
specify a single resource type, use ResourceType
.public Policy withResourceTypeList(String... resourceTypeList)
An array of ResourceType
objects. Use this only to specify multiple resource types. To specify a
single resource type, use ResourceType
.
NOTE: This method appends the values to the existing list (if any). Use
setResourceTypeList(java.util.Collection)
or withResourceTypeList(java.util.Collection)
if you
want to override the existing values.
resourceTypeList
- An array of ResourceType
objects. Use this only to specify multiple resource types. To
specify a single resource type, use ResourceType
.public Policy withResourceTypeList(Collection<String> resourceTypeList)
An array of ResourceType
objects. Use this only to specify multiple resource types. To specify a
single resource type, use ResourceType
.
resourceTypeList
- An array of ResourceType
objects. Use this only to specify multiple resource types. To
specify a single resource type, use ResourceType
.public List<ResourceTag> getResourceTags()
An array of ResourceTag
objects.
ResourceTag
objects.public void setResourceTags(Collection<ResourceTag> resourceTags)
An array of ResourceTag
objects.
resourceTags
- An array of ResourceTag
objects.public Policy withResourceTags(ResourceTag... resourceTags)
An array of ResourceTag
objects.
NOTE: This method appends the values to the existing list (if any). Use
setResourceTags(java.util.Collection)
or withResourceTags(java.util.Collection)
if you want to
override the existing values.
resourceTags
- An array of ResourceTag
objects.public Policy withResourceTags(Collection<ResourceTag> resourceTags)
An array of ResourceTag
objects.
resourceTags
- An array of ResourceTag
objects.public void setExcludeResourceTags(Boolean excludeResourceTags)
If set to True
, resources with the tags that are specified in the ResourceTag
array are
not in scope of the policy. If set to False
, and the ResourceTag
array is not null,
only resources with the specified tags are in scope of the policy.
excludeResourceTags
- If set to True
, resources with the tags that are specified in the ResourceTag
array are not in scope of the policy. If set to False
, and the ResourceTag
array
is not null, only resources with the specified tags are in scope of the policy.public Boolean getExcludeResourceTags()
If set to True
, resources with the tags that are specified in the ResourceTag
array are
not in scope of the policy. If set to False
, and the ResourceTag
array is not null,
only resources with the specified tags are in scope of the policy.
True
, resources with the tags that are specified in the ResourceTag
array are not in scope of the policy. If set to False
, and the ResourceTag
array is not null, only resources with the specified tags are in scope of the policy.public Policy withExcludeResourceTags(Boolean excludeResourceTags)
If set to True
, resources with the tags that are specified in the ResourceTag
array are
not in scope of the policy. If set to False
, and the ResourceTag
array is not null,
only resources with the specified tags are in scope of the policy.
excludeResourceTags
- If set to True
, resources with the tags that are specified in the ResourceTag
array are not in scope of the policy. If set to False
, and the ResourceTag
array
is not null, only resources with the specified tags are in scope of the policy.public Boolean isExcludeResourceTags()
If set to True
, resources with the tags that are specified in the ResourceTag
array are
not in scope of the policy. If set to False
, and the ResourceTag
array is not null,
only resources with the specified tags are in scope of the policy.
True
, resources with the tags that are specified in the ResourceTag
array are not in scope of the policy. If set to False
, and the ResourceTag
array is not null, only resources with the specified tags are in scope of the policy.public void setRemediationEnabled(Boolean remediationEnabled)
Indicates if the policy should be automatically applied to new resources.
remediationEnabled
- Indicates if the policy should be automatically applied to new resources.public Boolean getRemediationEnabled()
Indicates if the policy should be automatically applied to new resources.
public Policy withRemediationEnabled(Boolean remediationEnabled)
Indicates if the policy should be automatically applied to new resources.
remediationEnabled
- Indicates if the policy should be automatically applied to new resources.public Boolean isRemediationEnabled()
Indicates if the policy should be automatically applied to new resources.
public void setDeleteUnusedFMManagedResources(Boolean deleteUnusedFMManagedResources)
Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
deleteUnusedFMManagedResources
- Indicates whether Firewall Manager should automatically remove protections from resources that leave the
policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts
leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL
from a protected customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
public Boolean getDeleteUnusedFMManagedResources()
Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
public Policy withDeleteUnusedFMManagedResources(Boolean deleteUnusedFMManagedResources)
Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
deleteUnusedFMManagedResources
- Indicates whether Firewall Manager should automatically remove protections from resources that leave the
policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts
leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL
from a protected customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
public Boolean isDeleteUnusedFMManagedResources()
Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.
This option is not available for Shield Advanced or WAF Classic policies.
public Map<String,List<String>> getIncludeMap()
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, Firewall
Manager applies the policy to all accounts specified by the IncludeMap
, and does not evaluate any
ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall Manager
applies the policy to all accounts except for those specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid
map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
,
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does
not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall Manager applies the policy to all accounts except for those specified by the
ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid
map: {“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is
a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
public void setIncludeMap(Map<String,List<String>> includeMap)
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, Firewall
Manager applies the policy to all accounts specified by the IncludeMap
, and does not evaluate any
ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall Manager
applies the policy to all accounts except for those specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid
map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
includeMap
- Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in
the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
,
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does not
evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
,
then Firewall Manager applies the policy to all accounts except for those specified by the
ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a
valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
public Policy withIncludeMap(Map<String,List<String>> includeMap)
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, Firewall
Manager applies the policy to all accounts specified by the IncludeMap
, and does not evaluate any
ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall Manager
applies the policy to all accounts except for those specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid
map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
includeMap
- Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in
the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
,
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does not
evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
,
then Firewall Manager applies the policy to all accounts except for those specified by the
ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a
valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
public Policy addIncludeMapEntry(String key, List<String> value)
public Policy clearIncludeMapEntries()
public Map<String,List<String>> getExcludeMap()
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, Firewall
Manager applies the policy to all accounts specified by the IncludeMap
, and does not evaluate any
ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall Manager
applies the policy to all accounts except for those specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid
map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
,
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does
not evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall Manager applies the policy to all accounts except for those specified by the
ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid
map: {“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is
a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
public void setExcludeMap(Map<String,List<String>> excludeMap)
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, Firewall
Manager applies the policy to all accounts specified by the IncludeMap
, and does not evaluate any
ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall Manager
applies the policy to all accounts except for those specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid
map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
excludeMap
- Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from
the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
,
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does not
evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
,
then Firewall Manager applies the policy to all accounts except for those specified by the
ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a
valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
public Policy withExcludeMap(Map<String,List<String>> excludeMap)
Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, Firewall
Manager applies the policy to all accounts specified by the IncludeMap
, and does not evaluate any
ExcludeMap
specifications. If you do not specify an IncludeMap
, then Firewall Manager
applies the policy to all accounts except for those specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid
map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
excludeMap
- Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from
the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
,
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does not
evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
,
then Firewall Manager applies the policy to all accounts except for those specified by the
ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a
valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
public Policy addExcludeMapEntry(String key, List<String> value)
public Policy clearExcludeMapEntries()
public List<String> getResourceSetIds()
The unique identifiers of the resource sets used by the policy.
public void setResourceSetIds(Collection<String> resourceSetIds)
The unique identifiers of the resource sets used by the policy.
resourceSetIds
- The unique identifiers of the resource sets used by the policy.public Policy withResourceSetIds(String... resourceSetIds)
The unique identifiers of the resource sets used by the policy.
NOTE: This method appends the values to the existing list (if any). Use
setResourceSetIds(java.util.Collection)
or withResourceSetIds(java.util.Collection)
if you want
to override the existing values.
resourceSetIds
- The unique identifiers of the resource sets used by the policy.public Policy withResourceSetIds(Collection<String> resourceSetIds)
The unique identifiers of the resource sets used by the policy.
resourceSetIds
- The unique identifiers of the resource sets used by the policy.public void setPolicyDescription(String policyDescription)
Your description of the Firewall Manager policy.
policyDescription
- Your description of the Firewall Manager policy.public String getPolicyDescription()
Your description of the Firewall Manager policy.
public Policy withPolicyDescription(String policyDescription)
Your description of the Firewall Manager policy.
policyDescription
- Your description of the Firewall Manager policy.public void setPolicyStatus(String policyStatus)
Indicates whether the policy is in or out of an admin's policy or Region scope.
ACTIVE
- The administrator can manage and delete the policy.
OUT_OF_ADMIN_SCOPE
- The administrator can view the policy, but they can't edit or delete the
policy. Existing policy protections stay in place. Any new resources that come into scope of the policy won't be
protected.
policyStatus
- Indicates whether the policy is in or out of an admin's policy or Region scope.
ACTIVE
- The administrator can manage and delete the policy.
OUT_OF_ADMIN_SCOPE
- The administrator can view the policy, but they can't edit or delete the
policy. Existing policy protections stay in place. Any new resources that come into scope of the policy
won't be protected.
CustomerPolicyStatus
public String getPolicyStatus()
Indicates whether the policy is in or out of an admin's policy or Region scope.
ACTIVE
- The administrator can manage and delete the policy.
OUT_OF_ADMIN_SCOPE
- The administrator can view the policy, but they can't edit or delete the
policy. Existing policy protections stay in place. Any new resources that come into scope of the policy won't be
protected.
ACTIVE
- The administrator can manage and delete the policy.
OUT_OF_ADMIN_SCOPE
- The administrator can view the policy, but they can't edit or delete
the policy. Existing policy protections stay in place. Any new resources that come into scope of the
policy won't be protected.
CustomerPolicyStatus
public Policy withPolicyStatus(String policyStatus)
Indicates whether the policy is in or out of an admin's policy or Region scope.
ACTIVE
- The administrator can manage and delete the policy.
OUT_OF_ADMIN_SCOPE
- The administrator can view the policy, but they can't edit or delete the
policy. Existing policy protections stay in place. Any new resources that come into scope of the policy won't be
protected.
policyStatus
- Indicates whether the policy is in or out of an admin's policy or Region scope.
ACTIVE
- The administrator can manage and delete the policy.
OUT_OF_ADMIN_SCOPE
- The administrator can view the policy, but they can't edit or delete the
policy. Existing policy protections stay in place. Any new resources that come into scope of the policy
won't be protected.
CustomerPolicyStatus
public Policy withPolicyStatus(CustomerPolicyStatus policyStatus)
Indicates whether the policy is in or out of an admin's policy or Region scope.
ACTIVE
- The administrator can manage and delete the policy.
OUT_OF_ADMIN_SCOPE
- The administrator can view the policy, but they can't edit or delete the
policy. Existing policy protections stay in place. Any new resources that come into scope of the policy won't be
protected.
policyStatus
- Indicates whether the policy is in or out of an admin's policy or Region scope.
ACTIVE
- The administrator can manage and delete the policy.
OUT_OF_ADMIN_SCOPE
- The administrator can view the policy, but they can't edit or delete the
policy. Existing policy protections stay in place. Any new resources that come into scope of the policy
won't be protected.
CustomerPolicyStatus
public String toString()
toString
in class Object
Object.toString()
public void marshall(ProtocolMarshaller protocolMarshaller)
StructuredPojo
ProtocolMarshaller
.marshall
in interface StructuredPojo
protocolMarshaller
- Implementation of ProtocolMarshaller
used to marshall this object's data.