2020/07/20 - Firewall Management Service - 9 new api methods
Changes Added managed policies for auditing security group rules, including the use of managed application and protocol lists.
Retrieves violations for a resource based on the specified AWS Firewall Manager policy and AWS account.
See also: AWS API Documentation
Request Syntax
client.get_violation_details( PolicyId='string', MemberAccount='string', ResourceId='string', ResourceType='string' )
string
[REQUIRED]
The ID of the AWS Firewall Manager policy that you want the details for. This currently only supports security group content audit policies.
string
[REQUIRED]
The AWS account ID that you want the details for.
string
[REQUIRED]
The ID of the resource that has violations.
string
[REQUIRED]
The resource type. This is in the format shown in the AWS Resource Types Reference . Supported resource types are: AWS::EC2::Instance , AWS::EC2::NetworkInterface , or AWS::EC2::SecurityGroup .
dict
Response Syntax
{ 'ViolationDetail': { 'PolicyId': 'string', 'MemberAccount': 'string', 'ResourceId': 'string', 'ResourceType': 'string', 'ResourceViolations': [ { 'AwsVPCSecurityGroupViolation': { 'ViolationTarget': 'string', 'ViolationTargetDescription': 'string', 'PartialMatches': [ { 'Reference': 'string', 'TargetViolationReasons': [ 'string', ] }, ], 'PossibleSecurityGroupRemediationActions': [ { 'RemediationActionType': 'REMOVE'|'MODIFY', 'Description': 'string', 'RemediationResult': { 'IPV4Range': 'string', 'IPV6Range': 'string', 'PrefixListId': 'string', 'Protocol': 'string', 'FromPort': 123, 'ToPort': 123 }, 'IsDefaultAction': True|False }, ] }, 'AwsEc2NetworkInterfaceViolation': { 'ViolationTarget': 'string', 'ViolatingSecurityGroups': [ 'string', ] }, 'AwsEc2InstanceViolation': { 'ViolationTarget': 'string', 'AwsEc2NetworkInterfaceViolations': [ { 'ViolationTarget': 'string', 'ViolatingSecurityGroups': [ 'string', ] }, ] } }, ], 'ResourceTags': [ { 'Key': 'string', 'Value': 'string' }, ], 'ResourceDescription': 'string' } }
Response Structure
(dict) --
ViolationDetail (dict) --
Violation detail for a resource.
PolicyId (string) --
The ID of the AWS Firewall Manager policy that the violation details were requested for.
MemberAccount (string) --
The AWS account that the violation details were requested for.
ResourceId (string) --
The resource ID that the violation details were requested for.
ResourceType (string) --
The resource type that the violation details were requested for.
ResourceViolations (list) --
List of violations for the requested resource.
(dict) --
Violation detail based on resource type.
AwsVPCSecurityGroupViolation (dict) --
Violation details for security groups.
ViolationTarget (string) --
The security group rule that is being evaluated.
ViolationTargetDescription (string) --
A description of the security group that violates the policy.
PartialMatches (list) --
List of rules specified in the security group of the AWS Firewall Manager policy that partially match the ViolationTarget rule.
(dict) --
The reference rule that partially matches the ViolationTarget rule and violation reason.
Reference (string) --
The reference rule from the master security group of the AWS Firewall Manager policy.
TargetViolationReasons (list) --
The violation reason.
(string) --
PossibleSecurityGroupRemediationActions (list) --
Remediation options for the rule specified in the ViolationTarget .
(dict) --
Remediation option for the rule specified in the ViolationTarget .
RemediationActionType (string) --
The remediation action that will be performed.
Description (string) --
Brief description of the action that will be performed.
RemediationResult (dict) --
The final state of the rule specified in the ViolationTarget after it is remediated.
IPV4Range (string) --
The IPv4 ranges for the security group rule.
IPV6Range (string) --
The IPv6 ranges for the security group rule.
PrefixListId (string) --
The ID of the prefix list for the security group rule.
Protocol (string) --
The IP protocol name (tcp , udp , icmp , icmpv6 ) or number.
FromPort (integer) --
The start of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types.
ToPort (integer) --
The end of the port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes.
IsDefaultAction (boolean) --
Indicates if the current action is the default action.
AwsEc2NetworkInterfaceViolation (dict) --
Violation details for network interface.
ViolationTarget (string) --
The resource ID of the network interface.
ViolatingSecurityGroups (list) --
List of security groups that violate the rules specified in the master security group of the AWS Firewall Manager policy.
(string) --
AwsEc2InstanceViolation (dict) --
Violation details for an EC2 instance.
ViolationTarget (string) --
The resource ID of the EC2 instance.
AwsEc2NetworkInterfaceViolations (list) --
Violations for network interfaces associated with the EC2 instance.
(dict) --
Violations for network interfaces associated with an EC2 instance.
ViolationTarget (string) --
The resource ID of the network interface.
ViolatingSecurityGroups (list) --
List of security groups that violate the rules specified in the master security group of the AWS Firewall Manager policy.
(string) --
ResourceTags (list) --
The ResourceTag objects associated with the resource.
(dict) --
A collection of key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource.
Key (string) --
Part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as "customer." Tag keys are case-sensitive.
Value (string) --
Part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as "companyA" or "companyB." Tag values are case-sensitive.
ResourceDescription (string) --
Brief description for the requested resource.
Returns an array of ProtocolsListDataSummary objects.
See also: AWS API Documentation
Request Syntax
client.list_protocols_lists( DefaultLists=True|False, NextToken='string', MaxResults=123 )
boolean
Specifies whether the lists to retrieve are default lists owned by AWS Firewall Manager.
string
If you specify a value for MaxResults in your list request, and you have more objects than the maximum, AWS Firewall Manager returns this token in the response. For all but the first request, you provide the token returned by the prior request in the request parameters, to retrieve the next batch of objects.
integer
[REQUIRED]
The maximum number of objects that you want AWS Firewall Manager to return for this request. If more objects are available, in the response, AWS Firewall Manager provides a NextToken value that you can use in a subsequent call to get the next batch of objects.
If you don't specify this, AWS Firewall Manager returns all available objects.
dict
Response Syntax
{ 'ProtocolsLists': [ { 'ListArn': 'string', 'ListId': 'string', 'ListName': 'string', 'ProtocolsList': [ 'string', ] }, ], 'NextToken': 'string' }
Response Structure
(dict) --
ProtocolsLists (list) --
An array of ProtocolsListDataSummary objects.
(dict) --
Details of the AWS Firewall Manager protocols list.
ListArn (string) --
The Amazon Resource Name (ARN) of the specified protocols list.
ListId (string) --
The ID of the specified protocols list.
ListName (string) --
The name of the specified protocols list.
ProtocolsList (list) --
An array of protocols in the AWS Firewall Manager protocols list.
(string) --
NextToken (string) --
If you specify a value for MaxResults in your list request, and you have more objects than the maximum, AWS Firewall Manager returns this token in the response. You can use this token in subsequent requests to retrieve the next batch of objects.
Creates an AWS Firewall Manager applications list.
See also: AWS API Documentation
Request Syntax
client.put_apps_list( AppsList={ 'ListId': 'string', 'ListName': 'string', 'ListUpdateToken': 'string', 'CreateTime': datetime(2015, 1, 1), 'LastUpdateTime': datetime(2015, 1, 1), 'AppsList': [ { 'AppName': 'string', 'Protocol': 'string', 'Port': 123 }, ], 'PreviousAppsList': { 'string': [ { 'AppName': 'string', 'Protocol': 'string', 'Port': 123 }, ] } }, TagList=[ { 'Key': 'string', 'Value': 'string' }, ] )
dict
[REQUIRED]
The details of the AWS Firewall Manager applications list to be created.
ListId (string) --
The ID of the AWS Firewall Manager applications list.
ListName (string) -- [REQUIRED]
The name of the AWS Firewall Manager applications list.
ListUpdateToken (string) --
A unique identifier for each update to the list. When you update the list, the update token must match the token of the current version of the application list. You can retrieve the update token by getting the list.
CreateTime (datetime) --
The time that the AWS Firewall Manager applications list was created.
LastUpdateTime (datetime) --
The time that the AWS Firewall Manager applications list was last updated.
AppsList (list) -- [REQUIRED]
An array of applications in the AWS Firewall Manager applications list.
(dict) --
An individual AWS Firewall Manager application.
AppName (string) -- [REQUIRED]
The application's name.
Protocol (string) -- [REQUIRED]
The IP protocol name or number. The name can be one of tcp , udp , or icmp . For information on possible numbers, see Protocol Numbers .
Port (integer) -- [REQUIRED]
The application's port number, for example 80 .
PreviousAppsList (dict) --
A map of previous version numbers to their corresponding App object arrays.
(string) --
(list) --
(dict) --
An individual AWS Firewall Manager application.
AppName (string) -- [REQUIRED]
The application's name.
Protocol (string) -- [REQUIRED]
The IP protocol name or number. The name can be one of tcp , udp , or icmp . For information on possible numbers, see Protocol Numbers .
Port (integer) -- [REQUIRED]
The application's port number, for example 80 .
list
The tags associated with the resource.
(dict) --
A collection of key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource.
Key (string) -- [REQUIRED]
Part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as "customer." Tag keys are case-sensitive.
Value (string) -- [REQUIRED]
Part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as "companyA" or "companyB." Tag values are case-sensitive.
dict
Response Syntax
{ 'AppsList': { 'ListId': 'string', 'ListName': 'string', 'ListUpdateToken': 'string', 'CreateTime': datetime(2015, 1, 1), 'LastUpdateTime': datetime(2015, 1, 1), 'AppsList': [ { 'AppName': 'string', 'Protocol': 'string', 'Port': 123 }, ], 'PreviousAppsList': { 'string': [ { 'AppName': 'string', 'Protocol': 'string', 'Port': 123 }, ] } }, 'AppsListArn': 'string' }
Response Structure
(dict) --
AppsList (dict) --
The details of the AWS Firewall Manager applications list.
ListId (string) --
The ID of the AWS Firewall Manager applications list.
ListName (string) --
The name of the AWS Firewall Manager applications list.
ListUpdateToken (string) --
A unique identifier for each update to the list. When you update the list, the update token must match the token of the current version of the application list. You can retrieve the update token by getting the list.
CreateTime (datetime) --
The time that the AWS Firewall Manager applications list was created.
LastUpdateTime (datetime) --
The time that the AWS Firewall Manager applications list was last updated.
AppsList (list) --
An array of applications in the AWS Firewall Manager applications list.
(dict) --
An individual AWS Firewall Manager application.
AppName (string) --
The application's name.
Protocol (string) --
The IP protocol name or number. The name can be one of tcp , udp , or icmp . For information on possible numbers, see Protocol Numbers .
Port (integer) --
The application's port number, for example 80 .
PreviousAppsList (dict) --
A map of previous version numbers to their corresponding App object arrays.
(string) --
(list) --
(dict) --
An individual AWS Firewall Manager application.
AppName (string) --
The application's name.
Protocol (string) --
The IP protocol name or number. The name can be one of tcp , udp , or icmp . For information on possible numbers, see Protocol Numbers .
Port (integer) --
The application's port number, for example 80 .
AppsListArn (string) --
The Amazon Resource Name (ARN) of the applications list.
Permanently deletes an AWS Firewall Manager applications list.
See also: AWS API Documentation
Request Syntax
client.delete_apps_list( ListId='string' )
string
[REQUIRED]
The ID of the applications list that you want to delete. You can retrieve this ID from PutAppsList , ListAppsLists , and GetAppsList .
None
Permanently deletes an AWS Firewall Manager protocols list.
See also: AWS API Documentation
Request Syntax
client.delete_protocols_list( ListId='string' )
string
[REQUIRED]
The ID of the protocols list that you want to delete. You can retrieve this ID from PutProtocolsList , ListProtocolsLists , and GetProtocolsLost .
None
Returns an array of AppsListDataSummary objects.
See also: AWS API Documentation
Request Syntax
client.list_apps_lists( DefaultLists=True|False, NextToken='string', MaxResults=123 )
boolean
Specifies whether the lists to retrieve are default lists owned by AWS Firewall Manager.
string
If you specify a value for MaxResults in your list request, and you have more objects than the maximum, AWS Firewall Manager returns this token in the response. For all but the first request, you provide the token returned by the prior request in the request parameters, to retrieve the next batch of objects.
integer
[REQUIRED]
The maximum number of objects that you want AWS Firewall Manager to return for this request. If more objects are available, in the response, AWS Firewall Manager provides a NextToken value that you can use in a subsequent call to get the next batch of objects.
If you don't specify this, AWS Firewall Manager returns all available objects.
dict
Response Syntax
{ 'AppsLists': [ { 'ListArn': 'string', 'ListId': 'string', 'ListName': 'string', 'AppsList': [ { 'AppName': 'string', 'Protocol': 'string', 'Port': 123 }, ] }, ], 'NextToken': 'string' }
Response Structure
(dict) --
AppsLists (list) --
An array of AppsListDataSummary objects.
(dict) --
Details of the AWS Firewall Manager applications list.
ListArn (string) --
The Amazon Resource Name (ARN) of the applications list.
ListId (string) --
The ID of the applications list.
ListName (string) --
The name of the applications list.
AppsList (list) --
An array of App objects in the AWS Firewall Manager applications list.
(dict) --
An individual AWS Firewall Manager application.
AppName (string) --
The application's name.
Protocol (string) --
The IP protocol name or number. The name can be one of tcp , udp , or icmp . For information on possible numbers, see Protocol Numbers .
Port (integer) --
The application's port number, for example 80 .
NextToken (string) --
If you specify a value for MaxResults in your list request, and you have more objects than the maximum, AWS Firewall Manager returns this token in the response. You can use this token in subsequent requests to retrieve the next batch of objects.
Returns information about the specified AWS Firewall Manager protocols list.
See also: AWS API Documentation
Request Syntax
client.get_protocols_list( ListId='string', DefaultList=True|False )
string
[REQUIRED]
The ID of the AWS Firewall Manager protocols list that you want the details for.
boolean
Specifies whether the list to retrieve is a default list owned by AWS Firewall Manager.
dict
Response Syntax
{ 'ProtocolsList': { 'ListId': 'string', 'ListName': 'string', 'ListUpdateToken': 'string', 'CreateTime': datetime(2015, 1, 1), 'LastUpdateTime': datetime(2015, 1, 1), 'ProtocolsList': [ 'string', ], 'PreviousProtocolsList': { 'string': [ 'string', ] } }, 'ProtocolsListArn': 'string' }
Response Structure
(dict) --
ProtocolsList (dict) --
Information about the specified AWS Firewall Manager protocols list.
ListId (string) --
The ID of the AWS Firewall Manager protocols list.
ListName (string) --
The name of the AWS Firewall Manager protocols list.
ListUpdateToken (string) --
A unique identifier for each update to the list. When you update the list, the update token must match the token of the current version of the application list. You can retrieve the update token by getting the list.
CreateTime (datetime) --
The time that the AWS Firewall Manager protocols list was created.
LastUpdateTime (datetime) --
The time that the AWS Firewall Manager protocols list was last updated.
ProtocolsList (list) --
An array of protocols in the AWS Firewall Manager protocols list.
(string) --
PreviousProtocolsList (dict) --
A map of previous version numbers to their corresponding protocol arrays.
(string) --
(list) --
(string) --
ProtocolsListArn (string) --
The Amazon Resource Name (ARN) of the specified protocols list.
Creates an AWS Firewall Manager protocols list.
See also: AWS API Documentation
Request Syntax
client.put_protocols_list( ProtocolsList={ 'ListId': 'string', 'ListName': 'string', 'ListUpdateToken': 'string', 'CreateTime': datetime(2015, 1, 1), 'LastUpdateTime': datetime(2015, 1, 1), 'ProtocolsList': [ 'string', ], 'PreviousProtocolsList': { 'string': [ 'string', ] } }, TagList=[ { 'Key': 'string', 'Value': 'string' }, ] )
dict
[REQUIRED]
The details of the AWS Firewall Manager protocols list to be created.
ListId (string) --
The ID of the AWS Firewall Manager protocols list.
ListName (string) -- [REQUIRED]
The name of the AWS Firewall Manager protocols list.
ListUpdateToken (string) --
A unique identifier for each update to the list. When you update the list, the update token must match the token of the current version of the application list. You can retrieve the update token by getting the list.
CreateTime (datetime) --
The time that the AWS Firewall Manager protocols list was created.
LastUpdateTime (datetime) --
The time that the AWS Firewall Manager protocols list was last updated.
ProtocolsList (list) -- [REQUIRED]
An array of protocols in the AWS Firewall Manager protocols list.
(string) --
PreviousProtocolsList (dict) --
A map of previous version numbers to their corresponding protocol arrays.
(string) --
(list) --
(string) --
list
The tags associated with the resource.
(dict) --
A collection of key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource.
Key (string) -- [REQUIRED]
Part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as "customer." Tag keys are case-sensitive.
Value (string) -- [REQUIRED]
Part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as "companyA" or "companyB." Tag values are case-sensitive.
dict
Response Syntax
{ 'ProtocolsList': { 'ListId': 'string', 'ListName': 'string', 'ListUpdateToken': 'string', 'CreateTime': datetime(2015, 1, 1), 'LastUpdateTime': datetime(2015, 1, 1), 'ProtocolsList': [ 'string', ], 'PreviousProtocolsList': { 'string': [ 'string', ] } }, 'ProtocolsListArn': 'string' }
Response Structure
(dict) --
ProtocolsList (dict) --
The details of the AWS Firewall Manager protocols list.
ListId (string) --
The ID of the AWS Firewall Manager protocols list.
ListName (string) --
The name of the AWS Firewall Manager protocols list.
ListUpdateToken (string) --
A unique identifier for each update to the list. When you update the list, the update token must match the token of the current version of the application list. You can retrieve the update token by getting the list.
CreateTime (datetime) --
The time that the AWS Firewall Manager protocols list was created.
LastUpdateTime (datetime) --
The time that the AWS Firewall Manager protocols list was last updated.
ProtocolsList (list) --
An array of protocols in the AWS Firewall Manager protocols list.
(string) --
PreviousProtocolsList (dict) --
A map of previous version numbers to their corresponding protocol arrays.
(string) --
(list) --
(string) --
ProtocolsListArn (string) --
The Amazon Resource Name (ARN) of the protocols list.
Returns information about the specified AWS Firewall Manager applications list.
See also: AWS API Documentation
Request Syntax
client.get_apps_list( ListId='string', DefaultList=True|False )
string
[REQUIRED]
The ID of the AWS Firewall Manager applications list that you want the details for.
boolean
Specifies whether the list to retrieve is a default list owned by AWS Firewall Manager.
dict
Response Syntax
{ 'AppsList': { 'ListId': 'string', 'ListName': 'string', 'ListUpdateToken': 'string', 'CreateTime': datetime(2015, 1, 1), 'LastUpdateTime': datetime(2015, 1, 1), 'AppsList': [ { 'AppName': 'string', 'Protocol': 'string', 'Port': 123 }, ], 'PreviousAppsList': { 'string': [ { 'AppName': 'string', 'Protocol': 'string', 'Port': 123 }, ] } }, 'AppsListArn': 'string' }
Response Structure
(dict) --
AppsList (dict) --
Information about the specified AWS Firewall Manager applications list.
ListId (string) --
The ID of the AWS Firewall Manager applications list.
ListName (string) --
The name of the AWS Firewall Manager applications list.
ListUpdateToken (string) --
A unique identifier for each update to the list. When you update the list, the update token must match the token of the current version of the application list. You can retrieve the update token by getting the list.
CreateTime (datetime) --
The time that the AWS Firewall Manager applications list was created.
LastUpdateTime (datetime) --
The time that the AWS Firewall Manager applications list was last updated.
AppsList (list) --
An array of applications in the AWS Firewall Manager applications list.
(dict) --
An individual AWS Firewall Manager application.
AppName (string) --
The application's name.
Protocol (string) --
The IP protocol name or number. The name can be one of tcp , udp , or icmp . For information on possible numbers, see Protocol Numbers .
Port (integer) --
The application's port number, for example 80 .
PreviousAppsList (dict) --
A map of previous version numbers to their corresponding App object arrays.
(string) --
(list) --
(dict) --
An individual AWS Firewall Manager application.
AppName (string) --
The application's name.
Protocol (string) --
The IP protocol name or number. The name can be one of tcp , udp , or icmp . For information on possible numbers, see Protocol Numbers .
Port (integer) --
The application's port number, for example 80 .
AppsListArn (string) --
The Amazon Resource Name (ARN) of the applications list.