You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::FMS::Types::Policy

Inherits:
Struct
  • Object
show all
Defined in:
(unknown)

Overview

Note:

When passing Policy as input to an Aws::Client method, you can use a vanilla Hash:

{
  policy_id: "PolicyId",
  policy_name: "ResourceName", # required
  policy_update_token: "PolicyUpdateToken",
  security_service_policy_data: { # required
    type: "WAF", # required, accepts WAF, SHIELD_ADVANCED, SECURITY_GROUPS_COMMON, SECURITY_GROUPS_CONTENT_AUDIT, SECURITY_GROUPS_USAGE_AUDIT
    managed_service_data: "ManagedServiceData",
  },
  resource_type: "ResourceType", # required
  resource_type_list: ["ResourceType"],
  resource_tags: [
    {
      key: "TagKey", # required
      value: "TagValue",
    },
  ],
  exclude_resource_tags: false, # required
  remediation_enabled: false, # required
  include_map: {
    "ACCOUNT" => ["CustomerPolicyScopeId"],
  },
  exclude_map: {
    "ACCOUNT" => ["CustomerPolicyScopeId"],
  },
}

An AWS Firewall Manager policy.

Returned by:

Instance Attribute Summary collapse

Instance Attribute Details

#exclude_mapHash<String,Array<String>>

Specifies the AWS account IDs to exclude from the policy. The IncludeMap values are evaluated first, with all the appropriate account IDs added to the policy. Then the accounts listed in ExcludeMap are removed, resulting in the final list of accounts to add to the policy.

The key to the map is ACCOUNT. For example, a valid ExcludeMap would be {“ACCOUNT” : [“accountID1”, “accountID2”]}.

Returns:

  • (Hash<String,Array<String>>)

    Specifies the AWS account IDs to exclude from the policy.

#exclude_resource_tagsBoolean

If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.

Returns:

  • (Boolean)

    If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy.

#include_mapHash<String,Array<String>>

Specifies the AWS account IDs to include in the policy. If IncludeMap is null, all accounts in the organization in AWS Organizations are included in the policy. If IncludeMap is not null, only values listed in IncludeMap are included in the policy.

The key to the map is ACCOUNT. For example, a valid IncludeMap would be {“ACCOUNT” : [“accountID1”, “accountID2”]}.

Returns:

  • (Hash<String,Array<String>>)

    Specifies the AWS account IDs to include in the policy.

#policy_idString

The ID of the AWS Firewall Manager policy.

Returns:

  • (String)

    The ID of the AWS Firewall Manager policy.

#policy_nameString

The friendly name of the AWS Firewall Manager policy.

Returns:

  • (String)

    The friendly name of the AWS Firewall Manager policy.

#policy_update_tokenString

A unique identifier for each update to the policy. When issuing a PutPolicy request, the PolicyUpdateToken in the request must match the PolicyUpdateToken of the current policy version. To get the PolicyUpdateToken of the current policy version, use a GetPolicy request.

Returns:

  • (String)

    A unique identifier for each update to the policy.

#remediation_enabledBoolean

Indicates if the policy should be automatically applied to new resources.

Returns:

  • (Boolean)

    Indicates if the policy should be automatically applied to new resources.

#resource_tagsArray<Types::ResourceTag>

An array of ResourceTag objects.

Returns:

#resource_typeString

The type of resource protected by or in scope of the policy. This is in the format shown in the AWS Resource Types Reference. For AWS WAF and Shield Advanced, examples include AWS::ElasticLoadBalancingV2::LoadBalancer and AWS::CloudFront::Distribution. For a security group common policy, valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a security group content audit policy, valid values are AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and AWS::EC2::Instance. For a security group usage audit policy, the value is AWS::EC2::SecurityGroup.

Returns:

  • (String)

    The type of resource protected by or in scope of the policy.

#resource_type_listArray<String>

An array of ResourceType.

Returns:

  • (Array<String>)

    An array of ResourceType.

#security_service_policy_dataTypes::SecurityServicePolicyData

Details about the security service that is being used to protect the resources.

Returns: