1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package fms 4 5import ( 6 "fmt" 7 "time" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awsutil" 11 "github.com/aws/aws-sdk-go/aws/request" 12 "github.com/aws/aws-sdk-go/private/protocol" 13 "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" 14) 15 16const opAssociateAdminAccount = "AssociateAdminAccount" 17 18// AssociateAdminAccountRequest generates a "aws/request.Request" representing the 19// client's request for the AssociateAdminAccount operation. The "output" return 20// value will be populated with the request's response once the request completes 21// successfully. 22// 23// Use "Send" method on the returned Request to send the API call to the service. 24// the "output" return value is not valid until after Send returns without error. 25// 26// See AssociateAdminAccount for more information on using the AssociateAdminAccount 27// API call, and error handling. 28// 29// This method is useful when you want to inject custom logic or configuration 30// into the SDK's request lifecycle. Such as custom headers, or retry logic. 31// 32// 33// // Example sending a request using the AssociateAdminAccountRequest method. 34// req, resp := client.AssociateAdminAccountRequest(params) 35// 36// err := req.Send() 37// if err == nil { // resp is now filled 38// fmt.Println(resp) 39// } 40// 41// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateAdminAccount 42func (c *FMS) AssociateAdminAccountRequest(input *AssociateAdminAccountInput) (req *request.Request, output *AssociateAdminAccountOutput) { 43 op := &request.Operation{ 44 Name: opAssociateAdminAccount, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &AssociateAdminAccountInput{} 51 } 52 53 output = &AssociateAdminAccountOutput{} 54 req = c.newRequest(op, input, output) 55 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 56 return 57} 58 59// AssociateAdminAccount API operation for Firewall Management Service. 60// 61// Sets the AWS Firewall Manager administrator account. AWS Firewall Manager 62// must be associated with the master account of your AWS organization or associated 63// with a member account that has the appropriate permissions. If the account 64// ID that you submit is not an AWS Organizations master account, AWS Firewall 65// Manager will set the appropriate permissions for the given member account. 66// 67// The account that you associate with AWS Firewall Manager is called the AWS 68// Firewall Manager administrator account. 69// 70// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 71// with awserr.Error's Code and Message methods to get detailed information about 72// the error. 73// 74// See the AWS API reference guide for Firewall Management Service's 75// API operation AssociateAdminAccount for usage and error information. 76// 77// Returned Error Codes: 78// * ErrCodeInvalidOperationException "InvalidOperationException" 79// The operation failed because there was nothing to do. For example, you might 80// have submitted an AssociateAdminAccount request, but the account ID that 81// you submitted was already set as the AWS Firewall Manager administrator. 82// 83// * ErrCodeInvalidInputException "InvalidInputException" 84// The parameters of the request were invalid. 85// 86// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 87// The specified resource was not found. 88// 89// * ErrCodeInternalErrorException "InternalErrorException" 90// The operation failed because of a system problem, even though the request 91// was valid. Retry your request. 92// 93// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateAdminAccount 94func (c *FMS) AssociateAdminAccount(input *AssociateAdminAccountInput) (*AssociateAdminAccountOutput, error) { 95 req, out := c.AssociateAdminAccountRequest(input) 96 return out, req.Send() 97} 98 99// AssociateAdminAccountWithContext is the same as AssociateAdminAccount with the addition of 100// the ability to pass a context and additional request options. 101// 102// See AssociateAdminAccount for details on how to use this API operation. 103// 104// The context must be non-nil and will be used for request cancellation. If 105// the context is nil a panic will occur. In the future the SDK may create 106// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 107// for more information on using Contexts. 108func (c *FMS) AssociateAdminAccountWithContext(ctx aws.Context, input *AssociateAdminAccountInput, opts ...request.Option) (*AssociateAdminAccountOutput, error) { 109 req, out := c.AssociateAdminAccountRequest(input) 110 req.SetContext(ctx) 111 req.ApplyOptions(opts...) 112 return out, req.Send() 113} 114 115const opDeleteNotificationChannel = "DeleteNotificationChannel" 116 117// DeleteNotificationChannelRequest generates a "aws/request.Request" representing the 118// client's request for the DeleteNotificationChannel operation. The "output" return 119// value will be populated with the request's response once the request completes 120// successfully. 121// 122// Use "Send" method on the returned Request to send the API call to the service. 123// the "output" return value is not valid until after Send returns without error. 124// 125// See DeleteNotificationChannel for more information on using the DeleteNotificationChannel 126// API call, and error handling. 127// 128// This method is useful when you want to inject custom logic or configuration 129// into the SDK's request lifecycle. Such as custom headers, or retry logic. 130// 131// 132// // Example sending a request using the DeleteNotificationChannelRequest method. 133// req, resp := client.DeleteNotificationChannelRequest(params) 134// 135// err := req.Send() 136// if err == nil { // resp is now filled 137// fmt.Println(resp) 138// } 139// 140// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteNotificationChannel 141func (c *FMS) DeleteNotificationChannelRequest(input *DeleteNotificationChannelInput) (req *request.Request, output *DeleteNotificationChannelOutput) { 142 op := &request.Operation{ 143 Name: opDeleteNotificationChannel, 144 HTTPMethod: "POST", 145 HTTPPath: "/", 146 } 147 148 if input == nil { 149 input = &DeleteNotificationChannelInput{} 150 } 151 152 output = &DeleteNotificationChannelOutput{} 153 req = c.newRequest(op, input, output) 154 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 155 return 156} 157 158// DeleteNotificationChannel API operation for Firewall Management Service. 159// 160// Deletes an AWS Firewall Manager association with the IAM role and the Amazon 161// Simple Notification Service (SNS) topic that is used to record AWS Firewall 162// Manager SNS logs. 163// 164// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 165// with awserr.Error's Code and Message methods to get detailed information about 166// the error. 167// 168// See the AWS API reference guide for Firewall Management Service's 169// API operation DeleteNotificationChannel for usage and error information. 170// 171// Returned Error Codes: 172// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 173// The specified resource was not found. 174// 175// * ErrCodeInvalidOperationException "InvalidOperationException" 176// The operation failed because there was nothing to do. For example, you might 177// have submitted an AssociateAdminAccount request, but the account ID that 178// you submitted was already set as the AWS Firewall Manager administrator. 179// 180// * ErrCodeInternalErrorException "InternalErrorException" 181// The operation failed because of a system problem, even though the request 182// was valid. Retry your request. 183// 184// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeleteNotificationChannel 185func (c *FMS) DeleteNotificationChannel(input *DeleteNotificationChannelInput) (*DeleteNotificationChannelOutput, error) { 186 req, out := c.DeleteNotificationChannelRequest(input) 187 return out, req.Send() 188} 189 190// DeleteNotificationChannelWithContext is the same as DeleteNotificationChannel with the addition of 191// the ability to pass a context and additional request options. 192// 193// See DeleteNotificationChannel for details on how to use this API operation. 194// 195// The context must be non-nil and will be used for request cancellation. If 196// the context is nil a panic will occur. In the future the SDK may create 197// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 198// for more information on using Contexts. 199func (c *FMS) DeleteNotificationChannelWithContext(ctx aws.Context, input *DeleteNotificationChannelInput, opts ...request.Option) (*DeleteNotificationChannelOutput, error) { 200 req, out := c.DeleteNotificationChannelRequest(input) 201 req.SetContext(ctx) 202 req.ApplyOptions(opts...) 203 return out, req.Send() 204} 205 206const opDeletePolicy = "DeletePolicy" 207 208// DeletePolicyRequest generates a "aws/request.Request" representing the 209// client's request for the DeletePolicy operation. The "output" return 210// value will be populated with the request's response once the request completes 211// successfully. 212// 213// Use "Send" method on the returned Request to send the API call to the service. 214// the "output" return value is not valid until after Send returns without error. 215// 216// See DeletePolicy for more information on using the DeletePolicy 217// API call, and error handling. 218// 219// This method is useful when you want to inject custom logic or configuration 220// into the SDK's request lifecycle. Such as custom headers, or retry logic. 221// 222// 223// // Example sending a request using the DeletePolicyRequest method. 224// req, resp := client.DeletePolicyRequest(params) 225// 226// err := req.Send() 227// if err == nil { // resp is now filled 228// fmt.Println(resp) 229// } 230// 231// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeletePolicy 232func (c *FMS) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Request, output *DeletePolicyOutput) { 233 op := &request.Operation{ 234 Name: opDeletePolicy, 235 HTTPMethod: "POST", 236 HTTPPath: "/", 237 } 238 239 if input == nil { 240 input = &DeletePolicyInput{} 241 } 242 243 output = &DeletePolicyOutput{} 244 req = c.newRequest(op, input, output) 245 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 246 return 247} 248 249// DeletePolicy API operation for Firewall Management Service. 250// 251// Permanently deletes an AWS Firewall Manager policy. 252// 253// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 254// with awserr.Error's Code and Message methods to get detailed information about 255// the error. 256// 257// See the AWS API reference guide for Firewall Management Service's 258// API operation DeletePolicy for usage and error information. 259// 260// Returned Error Codes: 261// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 262// The specified resource was not found. 263// 264// * ErrCodeInvalidOperationException "InvalidOperationException" 265// The operation failed because there was nothing to do. For example, you might 266// have submitted an AssociateAdminAccount request, but the account ID that 267// you submitted was already set as the AWS Firewall Manager administrator. 268// 269// * ErrCodeInternalErrorException "InternalErrorException" 270// The operation failed because of a system problem, even though the request 271// was valid. Retry your request. 272// 273// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DeletePolicy 274func (c *FMS) DeletePolicy(input *DeletePolicyInput) (*DeletePolicyOutput, error) { 275 req, out := c.DeletePolicyRequest(input) 276 return out, req.Send() 277} 278 279// DeletePolicyWithContext is the same as DeletePolicy with the addition of 280// the ability to pass a context and additional request options. 281// 282// See DeletePolicy for details on how to use this API operation. 283// 284// The context must be non-nil and will be used for request cancellation. If 285// the context is nil a panic will occur. In the future the SDK may create 286// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 287// for more information on using Contexts. 288func (c *FMS) DeletePolicyWithContext(ctx aws.Context, input *DeletePolicyInput, opts ...request.Option) (*DeletePolicyOutput, error) { 289 req, out := c.DeletePolicyRequest(input) 290 req.SetContext(ctx) 291 req.ApplyOptions(opts...) 292 return out, req.Send() 293} 294 295const opDisassociateAdminAccount = "DisassociateAdminAccount" 296 297// DisassociateAdminAccountRequest generates a "aws/request.Request" representing the 298// client's request for the DisassociateAdminAccount operation. The "output" return 299// value will be populated with the request's response once the request completes 300// successfully. 301// 302// Use "Send" method on the returned Request to send the API call to the service. 303// the "output" return value is not valid until after Send returns without error. 304// 305// See DisassociateAdminAccount for more information on using the DisassociateAdminAccount 306// API call, and error handling. 307// 308// This method is useful when you want to inject custom logic or configuration 309// into the SDK's request lifecycle. Such as custom headers, or retry logic. 310// 311// 312// // Example sending a request using the DisassociateAdminAccountRequest method. 313// req, resp := client.DisassociateAdminAccountRequest(params) 314// 315// err := req.Send() 316// if err == nil { // resp is now filled 317// fmt.Println(resp) 318// } 319// 320// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateAdminAccount 321func (c *FMS) DisassociateAdminAccountRequest(input *DisassociateAdminAccountInput) (req *request.Request, output *DisassociateAdminAccountOutput) { 322 op := &request.Operation{ 323 Name: opDisassociateAdminAccount, 324 HTTPMethod: "POST", 325 HTTPPath: "/", 326 } 327 328 if input == nil { 329 input = &DisassociateAdminAccountInput{} 330 } 331 332 output = &DisassociateAdminAccountOutput{} 333 req = c.newRequest(op, input, output) 334 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 335 return 336} 337 338// DisassociateAdminAccount API operation for Firewall Management Service. 339// 340// Disassociates the account that has been set as the AWS Firewall Manager administrator 341// account. To set a different account as the administrator account, you must 342// submit an AssociateAdminAccount request. 343// 344// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 345// with awserr.Error's Code and Message methods to get detailed information about 346// the error. 347// 348// See the AWS API reference guide for Firewall Management Service's 349// API operation DisassociateAdminAccount for usage and error information. 350// 351// Returned Error Codes: 352// * ErrCodeInvalidOperationException "InvalidOperationException" 353// The operation failed because there was nothing to do. For example, you might 354// have submitted an AssociateAdminAccount request, but the account ID that 355// you submitted was already set as the AWS Firewall Manager administrator. 356// 357// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 358// The specified resource was not found. 359// 360// * ErrCodeInternalErrorException "InternalErrorException" 361// The operation failed because of a system problem, even though the request 362// was valid. Retry your request. 363// 364// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateAdminAccount 365func (c *FMS) DisassociateAdminAccount(input *DisassociateAdminAccountInput) (*DisassociateAdminAccountOutput, error) { 366 req, out := c.DisassociateAdminAccountRequest(input) 367 return out, req.Send() 368} 369 370// DisassociateAdminAccountWithContext is the same as DisassociateAdminAccount with the addition of 371// the ability to pass a context and additional request options. 372// 373// See DisassociateAdminAccount for details on how to use this API operation. 374// 375// The context must be non-nil and will be used for request cancellation. If 376// the context is nil a panic will occur. In the future the SDK may create 377// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 378// for more information on using Contexts. 379func (c *FMS) DisassociateAdminAccountWithContext(ctx aws.Context, input *DisassociateAdminAccountInput, opts ...request.Option) (*DisassociateAdminAccountOutput, error) { 380 req, out := c.DisassociateAdminAccountRequest(input) 381 req.SetContext(ctx) 382 req.ApplyOptions(opts...) 383 return out, req.Send() 384} 385 386const opGetAdminAccount = "GetAdminAccount" 387 388// GetAdminAccountRequest generates a "aws/request.Request" representing the 389// client's request for the GetAdminAccount operation. The "output" return 390// value will be populated with the request's response once the request completes 391// successfully. 392// 393// Use "Send" method on the returned Request to send the API call to the service. 394// the "output" return value is not valid until after Send returns without error. 395// 396// See GetAdminAccount for more information on using the GetAdminAccount 397// API call, and error handling. 398// 399// This method is useful when you want to inject custom logic or configuration 400// into the SDK's request lifecycle. Such as custom headers, or retry logic. 401// 402// 403// // Example sending a request using the GetAdminAccountRequest method. 404// req, resp := client.GetAdminAccountRequest(params) 405// 406// err := req.Send() 407// if err == nil { // resp is now filled 408// fmt.Println(resp) 409// } 410// 411// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminAccount 412func (c *FMS) GetAdminAccountRequest(input *GetAdminAccountInput) (req *request.Request, output *GetAdminAccountOutput) { 413 op := &request.Operation{ 414 Name: opGetAdminAccount, 415 HTTPMethod: "POST", 416 HTTPPath: "/", 417 } 418 419 if input == nil { 420 input = &GetAdminAccountInput{} 421 } 422 423 output = &GetAdminAccountOutput{} 424 req = c.newRequest(op, input, output) 425 return 426} 427 428// GetAdminAccount API operation for Firewall Management Service. 429// 430// Returns the AWS Organizations master account that is associated with AWS 431// Firewall Manager as the AWS Firewall Manager administrator. 432// 433// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 434// with awserr.Error's Code and Message methods to get detailed information about 435// the error. 436// 437// See the AWS API reference guide for Firewall Management Service's 438// API operation GetAdminAccount for usage and error information. 439// 440// Returned Error Codes: 441// * ErrCodeInvalidOperationException "InvalidOperationException" 442// The operation failed because there was nothing to do. For example, you might 443// have submitted an AssociateAdminAccount request, but the account ID that 444// you submitted was already set as the AWS Firewall Manager administrator. 445// 446// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 447// The specified resource was not found. 448// 449// * ErrCodeInternalErrorException "InternalErrorException" 450// The operation failed because of a system problem, even though the request 451// was valid. Retry your request. 452// 453// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetAdminAccount 454func (c *FMS) GetAdminAccount(input *GetAdminAccountInput) (*GetAdminAccountOutput, error) { 455 req, out := c.GetAdminAccountRequest(input) 456 return out, req.Send() 457} 458 459// GetAdminAccountWithContext is the same as GetAdminAccount with the addition of 460// the ability to pass a context and additional request options. 461// 462// See GetAdminAccount for details on how to use this API operation. 463// 464// The context must be non-nil and will be used for request cancellation. If 465// the context is nil a panic will occur. In the future the SDK may create 466// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 467// for more information on using Contexts. 468func (c *FMS) GetAdminAccountWithContext(ctx aws.Context, input *GetAdminAccountInput, opts ...request.Option) (*GetAdminAccountOutput, error) { 469 req, out := c.GetAdminAccountRequest(input) 470 req.SetContext(ctx) 471 req.ApplyOptions(opts...) 472 return out, req.Send() 473} 474 475const opGetComplianceDetail = "GetComplianceDetail" 476 477// GetComplianceDetailRequest generates a "aws/request.Request" representing the 478// client's request for the GetComplianceDetail operation. The "output" return 479// value will be populated with the request's response once the request completes 480// successfully. 481// 482// Use "Send" method on the returned Request to send the API call to the service. 483// the "output" return value is not valid until after Send returns without error. 484// 485// See GetComplianceDetail for more information on using the GetComplianceDetail 486// API call, and error handling. 487// 488// This method is useful when you want to inject custom logic or configuration 489// into the SDK's request lifecycle. Such as custom headers, or retry logic. 490// 491// 492// // Example sending a request using the GetComplianceDetailRequest method. 493// req, resp := client.GetComplianceDetailRequest(params) 494// 495// err := req.Send() 496// if err == nil { // resp is now filled 497// fmt.Println(resp) 498// } 499// 500// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetComplianceDetail 501func (c *FMS) GetComplianceDetailRequest(input *GetComplianceDetailInput) (req *request.Request, output *GetComplianceDetailOutput) { 502 op := &request.Operation{ 503 Name: opGetComplianceDetail, 504 HTTPMethod: "POST", 505 HTTPPath: "/", 506 } 507 508 if input == nil { 509 input = &GetComplianceDetailInput{} 510 } 511 512 output = &GetComplianceDetailOutput{} 513 req = c.newRequest(op, input, output) 514 return 515} 516 517// GetComplianceDetail API operation for Firewall Management Service. 518// 519// Returns detailed compliance information about the specified member account. 520// Details include resources that are in and out of compliance with the specified 521// policy. Resources are considered noncompliant for AWS WAF and Shield Advanced 522// policies if the specified policy has not been applied to them. Resources 523// are considered noncompliant for security group policies if they are in scope 524// of the policy, they violate one or more of the policy rules, and remediation 525// is disabled or not possible. 526// 527// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 528// with awserr.Error's Code and Message methods to get detailed information about 529// the error. 530// 531// See the AWS API reference guide for Firewall Management Service's 532// API operation GetComplianceDetail for usage and error information. 533// 534// Returned Error Codes: 535// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 536// The specified resource was not found. 537// 538// * ErrCodeInternalErrorException "InternalErrorException" 539// The operation failed because of a system problem, even though the request 540// was valid. Retry your request. 541// 542// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetComplianceDetail 543func (c *FMS) GetComplianceDetail(input *GetComplianceDetailInput) (*GetComplianceDetailOutput, error) { 544 req, out := c.GetComplianceDetailRequest(input) 545 return out, req.Send() 546} 547 548// GetComplianceDetailWithContext is the same as GetComplianceDetail with the addition of 549// the ability to pass a context and additional request options. 550// 551// See GetComplianceDetail for details on how to use this API operation. 552// 553// The context must be non-nil and will be used for request cancellation. If 554// the context is nil a panic will occur. In the future the SDK may create 555// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 556// for more information on using Contexts. 557func (c *FMS) GetComplianceDetailWithContext(ctx aws.Context, input *GetComplianceDetailInput, opts ...request.Option) (*GetComplianceDetailOutput, error) { 558 req, out := c.GetComplianceDetailRequest(input) 559 req.SetContext(ctx) 560 req.ApplyOptions(opts...) 561 return out, req.Send() 562} 563 564const opGetNotificationChannel = "GetNotificationChannel" 565 566// GetNotificationChannelRequest generates a "aws/request.Request" representing the 567// client's request for the GetNotificationChannel operation. The "output" return 568// value will be populated with the request's response once the request completes 569// successfully. 570// 571// Use "Send" method on the returned Request to send the API call to the service. 572// the "output" return value is not valid until after Send returns without error. 573// 574// See GetNotificationChannel for more information on using the GetNotificationChannel 575// API call, and error handling. 576// 577// This method is useful when you want to inject custom logic or configuration 578// into the SDK's request lifecycle. Such as custom headers, or retry logic. 579// 580// 581// // Example sending a request using the GetNotificationChannelRequest method. 582// req, resp := client.GetNotificationChannelRequest(params) 583// 584// err := req.Send() 585// if err == nil { // resp is now filled 586// fmt.Println(resp) 587// } 588// 589// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetNotificationChannel 590func (c *FMS) GetNotificationChannelRequest(input *GetNotificationChannelInput) (req *request.Request, output *GetNotificationChannelOutput) { 591 op := &request.Operation{ 592 Name: opGetNotificationChannel, 593 HTTPMethod: "POST", 594 HTTPPath: "/", 595 } 596 597 if input == nil { 598 input = &GetNotificationChannelInput{} 599 } 600 601 output = &GetNotificationChannelOutput{} 602 req = c.newRequest(op, input, output) 603 return 604} 605 606// GetNotificationChannel API operation for Firewall Management Service. 607// 608// Information about the Amazon Simple Notification Service (SNS) topic that 609// is used to record AWS Firewall Manager SNS logs. 610// 611// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 612// with awserr.Error's Code and Message methods to get detailed information about 613// the error. 614// 615// See the AWS API reference guide for Firewall Management Service's 616// API operation GetNotificationChannel for usage and error information. 617// 618// Returned Error Codes: 619// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 620// The specified resource was not found. 621// 622// * ErrCodeInvalidOperationException "InvalidOperationException" 623// The operation failed because there was nothing to do. For example, you might 624// have submitted an AssociateAdminAccount request, but the account ID that 625// you submitted was already set as the AWS Firewall Manager administrator. 626// 627// * ErrCodeInternalErrorException "InternalErrorException" 628// The operation failed because of a system problem, even though the request 629// was valid. Retry your request. 630// 631// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetNotificationChannel 632func (c *FMS) GetNotificationChannel(input *GetNotificationChannelInput) (*GetNotificationChannelOutput, error) { 633 req, out := c.GetNotificationChannelRequest(input) 634 return out, req.Send() 635} 636 637// GetNotificationChannelWithContext is the same as GetNotificationChannel with the addition of 638// the ability to pass a context and additional request options. 639// 640// See GetNotificationChannel for details on how to use this API operation. 641// 642// The context must be non-nil and will be used for request cancellation. If 643// the context is nil a panic will occur. In the future the SDK may create 644// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 645// for more information on using Contexts. 646func (c *FMS) GetNotificationChannelWithContext(ctx aws.Context, input *GetNotificationChannelInput, opts ...request.Option) (*GetNotificationChannelOutput, error) { 647 req, out := c.GetNotificationChannelRequest(input) 648 req.SetContext(ctx) 649 req.ApplyOptions(opts...) 650 return out, req.Send() 651} 652 653const opGetPolicy = "GetPolicy" 654 655// GetPolicyRequest generates a "aws/request.Request" representing the 656// client's request for the GetPolicy operation. The "output" return 657// value will be populated with the request's response once the request completes 658// successfully. 659// 660// Use "Send" method on the returned Request to send the API call to the service. 661// the "output" return value is not valid until after Send returns without error. 662// 663// See GetPolicy for more information on using the GetPolicy 664// API call, and error handling. 665// 666// This method is useful when you want to inject custom logic or configuration 667// into the SDK's request lifecycle. Such as custom headers, or retry logic. 668// 669// 670// // Example sending a request using the GetPolicyRequest method. 671// req, resp := client.GetPolicyRequest(params) 672// 673// err := req.Send() 674// if err == nil { // resp is now filled 675// fmt.Println(resp) 676// } 677// 678// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetPolicy 679func (c *FMS) GetPolicyRequest(input *GetPolicyInput) (req *request.Request, output *GetPolicyOutput) { 680 op := &request.Operation{ 681 Name: opGetPolicy, 682 HTTPMethod: "POST", 683 HTTPPath: "/", 684 } 685 686 if input == nil { 687 input = &GetPolicyInput{} 688 } 689 690 output = &GetPolicyOutput{} 691 req = c.newRequest(op, input, output) 692 return 693} 694 695// GetPolicy API operation for Firewall Management Service. 696// 697// Returns information about the specified AWS Firewall Manager policy. 698// 699// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 700// with awserr.Error's Code and Message methods to get detailed information about 701// the error. 702// 703// See the AWS API reference guide for Firewall Management Service's 704// API operation GetPolicy for usage and error information. 705// 706// Returned Error Codes: 707// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 708// The specified resource was not found. 709// 710// * ErrCodeInvalidOperationException "InvalidOperationException" 711// The operation failed because there was nothing to do. For example, you might 712// have submitted an AssociateAdminAccount request, but the account ID that 713// you submitted was already set as the AWS Firewall Manager administrator. 714// 715// * ErrCodeInternalErrorException "InternalErrorException" 716// The operation failed because of a system problem, even though the request 717// was valid. Retry your request. 718// 719// * ErrCodeInvalidTypeException "InvalidTypeException" 720// The value of the Type parameter is invalid. 721// 722// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetPolicy 723func (c *FMS) GetPolicy(input *GetPolicyInput) (*GetPolicyOutput, error) { 724 req, out := c.GetPolicyRequest(input) 725 return out, req.Send() 726} 727 728// GetPolicyWithContext is the same as GetPolicy with the addition of 729// the ability to pass a context and additional request options. 730// 731// See GetPolicy for details on how to use this API operation. 732// 733// The context must be non-nil and will be used for request cancellation. If 734// the context is nil a panic will occur. In the future the SDK may create 735// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 736// for more information on using Contexts. 737func (c *FMS) GetPolicyWithContext(ctx aws.Context, input *GetPolicyInput, opts ...request.Option) (*GetPolicyOutput, error) { 738 req, out := c.GetPolicyRequest(input) 739 req.SetContext(ctx) 740 req.ApplyOptions(opts...) 741 return out, req.Send() 742} 743 744const opGetProtectionStatus = "GetProtectionStatus" 745 746// GetProtectionStatusRequest generates a "aws/request.Request" representing the 747// client's request for the GetProtectionStatus operation. The "output" return 748// value will be populated with the request's response once the request completes 749// successfully. 750// 751// Use "Send" method on the returned Request to send the API call to the service. 752// the "output" return value is not valid until after Send returns without error. 753// 754// See GetProtectionStatus for more information on using the GetProtectionStatus 755// API call, and error handling. 756// 757// This method is useful when you want to inject custom logic or configuration 758// into the SDK's request lifecycle. Such as custom headers, or retry logic. 759// 760// 761// // Example sending a request using the GetProtectionStatusRequest method. 762// req, resp := client.GetProtectionStatusRequest(params) 763// 764// err := req.Send() 765// if err == nil { // resp is now filled 766// fmt.Println(resp) 767// } 768// 769// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtectionStatus 770func (c *FMS) GetProtectionStatusRequest(input *GetProtectionStatusInput) (req *request.Request, output *GetProtectionStatusOutput) { 771 op := &request.Operation{ 772 Name: opGetProtectionStatus, 773 HTTPMethod: "POST", 774 HTTPPath: "/", 775 } 776 777 if input == nil { 778 input = &GetProtectionStatusInput{} 779 } 780 781 output = &GetProtectionStatusOutput{} 782 req = c.newRequest(op, input, output) 783 return 784} 785 786// GetProtectionStatus API operation for Firewall Management Service. 787// 788// If you created a Shield Advanced policy, returns policy-level attack summary 789// information in the event of a potential DDoS attack. Other policy types are 790// currently unsupported. 791// 792// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 793// with awserr.Error's Code and Message methods to get detailed information about 794// the error. 795// 796// See the AWS API reference guide for Firewall Management Service's 797// API operation GetProtectionStatus for usage and error information. 798// 799// Returned Error Codes: 800// * ErrCodeInvalidInputException "InvalidInputException" 801// The parameters of the request were invalid. 802// 803// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 804// The specified resource was not found. 805// 806// * ErrCodeInternalErrorException "InternalErrorException" 807// The operation failed because of a system problem, even though the request 808// was valid. Retry your request. 809// 810// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetProtectionStatus 811func (c *FMS) GetProtectionStatus(input *GetProtectionStatusInput) (*GetProtectionStatusOutput, error) { 812 req, out := c.GetProtectionStatusRequest(input) 813 return out, req.Send() 814} 815 816// GetProtectionStatusWithContext is the same as GetProtectionStatus with the addition of 817// the ability to pass a context and additional request options. 818// 819// See GetProtectionStatus for details on how to use this API operation. 820// 821// The context must be non-nil and will be used for request cancellation. If 822// the context is nil a panic will occur. In the future the SDK may create 823// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 824// for more information on using Contexts. 825func (c *FMS) GetProtectionStatusWithContext(ctx aws.Context, input *GetProtectionStatusInput, opts ...request.Option) (*GetProtectionStatusOutput, error) { 826 req, out := c.GetProtectionStatusRequest(input) 827 req.SetContext(ctx) 828 req.ApplyOptions(opts...) 829 return out, req.Send() 830} 831 832const opListComplianceStatus = "ListComplianceStatus" 833 834// ListComplianceStatusRequest generates a "aws/request.Request" representing the 835// client's request for the ListComplianceStatus operation. The "output" return 836// value will be populated with the request's response once the request completes 837// successfully. 838// 839// Use "Send" method on the returned Request to send the API call to the service. 840// the "output" return value is not valid until after Send returns without error. 841// 842// See ListComplianceStatus for more information on using the ListComplianceStatus 843// API call, and error handling. 844// 845// This method is useful when you want to inject custom logic or configuration 846// into the SDK's request lifecycle. Such as custom headers, or retry logic. 847// 848// 849// // Example sending a request using the ListComplianceStatusRequest method. 850// req, resp := client.ListComplianceStatusRequest(params) 851// 852// err := req.Send() 853// if err == nil { // resp is now filled 854// fmt.Println(resp) 855// } 856// 857// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListComplianceStatus 858func (c *FMS) ListComplianceStatusRequest(input *ListComplianceStatusInput) (req *request.Request, output *ListComplianceStatusOutput) { 859 op := &request.Operation{ 860 Name: opListComplianceStatus, 861 HTTPMethod: "POST", 862 HTTPPath: "/", 863 Paginator: &request.Paginator{ 864 InputTokens: []string{"NextToken"}, 865 OutputTokens: []string{"NextToken"}, 866 LimitToken: "MaxResults", 867 TruncationToken: "", 868 }, 869 } 870 871 if input == nil { 872 input = &ListComplianceStatusInput{} 873 } 874 875 output = &ListComplianceStatusOutput{} 876 req = c.newRequest(op, input, output) 877 return 878} 879 880// ListComplianceStatus API operation for Firewall Management Service. 881// 882// Returns an array of PolicyComplianceStatus objects in the response. Use PolicyComplianceStatus 883// to get a summary of which member accounts are protected by the specified 884// policy. 885// 886// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 887// with awserr.Error's Code and Message methods to get detailed information about 888// the error. 889// 890// See the AWS API reference guide for Firewall Management Service's 891// API operation ListComplianceStatus for usage and error information. 892// 893// Returned Error Codes: 894// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 895// The specified resource was not found. 896// 897// * ErrCodeInternalErrorException "InternalErrorException" 898// The operation failed because of a system problem, even though the request 899// was valid. Retry your request. 900// 901// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListComplianceStatus 902func (c *FMS) ListComplianceStatus(input *ListComplianceStatusInput) (*ListComplianceStatusOutput, error) { 903 req, out := c.ListComplianceStatusRequest(input) 904 return out, req.Send() 905} 906 907// ListComplianceStatusWithContext is the same as ListComplianceStatus with the addition of 908// the ability to pass a context and additional request options. 909// 910// See ListComplianceStatus for details on how to use this API operation. 911// 912// The context must be non-nil and will be used for request cancellation. If 913// the context is nil a panic will occur. In the future the SDK may create 914// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 915// for more information on using Contexts. 916func (c *FMS) ListComplianceStatusWithContext(ctx aws.Context, input *ListComplianceStatusInput, opts ...request.Option) (*ListComplianceStatusOutput, error) { 917 req, out := c.ListComplianceStatusRequest(input) 918 req.SetContext(ctx) 919 req.ApplyOptions(opts...) 920 return out, req.Send() 921} 922 923// ListComplianceStatusPages iterates over the pages of a ListComplianceStatus operation, 924// calling the "fn" function with the response data for each page. To stop 925// iterating, return false from the fn function. 926// 927// See ListComplianceStatus method for more information on how to use this operation. 928// 929// Note: This operation can generate multiple requests to a service. 930// 931// // Example iterating over at most 3 pages of a ListComplianceStatus operation. 932// pageNum := 0 933// err := client.ListComplianceStatusPages(params, 934// func(page *fms.ListComplianceStatusOutput, lastPage bool) bool { 935// pageNum++ 936// fmt.Println(page) 937// return pageNum <= 3 938// }) 939// 940func (c *FMS) ListComplianceStatusPages(input *ListComplianceStatusInput, fn func(*ListComplianceStatusOutput, bool) bool) error { 941 return c.ListComplianceStatusPagesWithContext(aws.BackgroundContext(), input, fn) 942} 943 944// ListComplianceStatusPagesWithContext same as ListComplianceStatusPages except 945// it takes a Context and allows setting request options on the pages. 946// 947// The context must be non-nil and will be used for request cancellation. If 948// the context is nil a panic will occur. In the future the SDK may create 949// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 950// for more information on using Contexts. 951func (c *FMS) ListComplianceStatusPagesWithContext(ctx aws.Context, input *ListComplianceStatusInput, fn func(*ListComplianceStatusOutput, bool) bool, opts ...request.Option) error { 952 p := request.Pagination{ 953 NewRequest: func() (*request.Request, error) { 954 var inCpy *ListComplianceStatusInput 955 if input != nil { 956 tmp := *input 957 inCpy = &tmp 958 } 959 req, _ := c.ListComplianceStatusRequest(inCpy) 960 req.SetContext(ctx) 961 req.ApplyOptions(opts...) 962 return req, nil 963 }, 964 } 965 966 cont := true 967 for p.Next() && cont { 968 cont = fn(p.Page().(*ListComplianceStatusOutput), !p.HasNextPage()) 969 } 970 return p.Err() 971} 972 973const opListMemberAccounts = "ListMemberAccounts" 974 975// ListMemberAccountsRequest generates a "aws/request.Request" representing the 976// client's request for the ListMemberAccounts operation. The "output" return 977// value will be populated with the request's response once the request completes 978// successfully. 979// 980// Use "Send" method on the returned Request to send the API call to the service. 981// the "output" return value is not valid until after Send returns without error. 982// 983// See ListMemberAccounts for more information on using the ListMemberAccounts 984// API call, and error handling. 985// 986// This method is useful when you want to inject custom logic or configuration 987// into the SDK's request lifecycle. Such as custom headers, or retry logic. 988// 989// 990// // Example sending a request using the ListMemberAccountsRequest method. 991// req, resp := client.ListMemberAccountsRequest(params) 992// 993// err := req.Send() 994// if err == nil { // resp is now filled 995// fmt.Println(resp) 996// } 997// 998// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListMemberAccounts 999func (c *FMS) ListMemberAccountsRequest(input *ListMemberAccountsInput) (req *request.Request, output *ListMemberAccountsOutput) { 1000 op := &request.Operation{ 1001 Name: opListMemberAccounts, 1002 HTTPMethod: "POST", 1003 HTTPPath: "/", 1004 Paginator: &request.Paginator{ 1005 InputTokens: []string{"NextToken"}, 1006 OutputTokens: []string{"NextToken"}, 1007 LimitToken: "MaxResults", 1008 TruncationToken: "", 1009 }, 1010 } 1011 1012 if input == nil { 1013 input = &ListMemberAccountsInput{} 1014 } 1015 1016 output = &ListMemberAccountsOutput{} 1017 req = c.newRequest(op, input, output) 1018 return 1019} 1020 1021// ListMemberAccounts API operation for Firewall Management Service. 1022// 1023// Returns a MemberAccounts object that lists the member accounts in the administrator's 1024// AWS organization. 1025// 1026// The ListMemberAccounts must be submitted by the account that is set as the 1027// AWS Firewall Manager administrator. 1028// 1029// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1030// with awserr.Error's Code and Message methods to get detailed information about 1031// the error. 1032// 1033// See the AWS API reference guide for Firewall Management Service's 1034// API operation ListMemberAccounts for usage and error information. 1035// 1036// Returned Error Codes: 1037// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1038// The specified resource was not found. 1039// 1040// * ErrCodeInternalErrorException "InternalErrorException" 1041// The operation failed because of a system problem, even though the request 1042// was valid. Retry your request. 1043// 1044// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListMemberAccounts 1045func (c *FMS) ListMemberAccounts(input *ListMemberAccountsInput) (*ListMemberAccountsOutput, error) { 1046 req, out := c.ListMemberAccountsRequest(input) 1047 return out, req.Send() 1048} 1049 1050// ListMemberAccountsWithContext is the same as ListMemberAccounts with the addition of 1051// the ability to pass a context and additional request options. 1052// 1053// See ListMemberAccounts for details on how to use this API operation. 1054// 1055// The context must be non-nil and will be used for request cancellation. If 1056// the context is nil a panic will occur. In the future the SDK may create 1057// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1058// for more information on using Contexts. 1059func (c *FMS) ListMemberAccountsWithContext(ctx aws.Context, input *ListMemberAccountsInput, opts ...request.Option) (*ListMemberAccountsOutput, error) { 1060 req, out := c.ListMemberAccountsRequest(input) 1061 req.SetContext(ctx) 1062 req.ApplyOptions(opts...) 1063 return out, req.Send() 1064} 1065 1066// ListMemberAccountsPages iterates over the pages of a ListMemberAccounts operation, 1067// calling the "fn" function with the response data for each page. To stop 1068// iterating, return false from the fn function. 1069// 1070// See ListMemberAccounts method for more information on how to use this operation. 1071// 1072// Note: This operation can generate multiple requests to a service. 1073// 1074// // Example iterating over at most 3 pages of a ListMemberAccounts operation. 1075// pageNum := 0 1076// err := client.ListMemberAccountsPages(params, 1077// func(page *fms.ListMemberAccountsOutput, lastPage bool) bool { 1078// pageNum++ 1079// fmt.Println(page) 1080// return pageNum <= 3 1081// }) 1082// 1083func (c *FMS) ListMemberAccountsPages(input *ListMemberAccountsInput, fn func(*ListMemberAccountsOutput, bool) bool) error { 1084 return c.ListMemberAccountsPagesWithContext(aws.BackgroundContext(), input, fn) 1085} 1086 1087// ListMemberAccountsPagesWithContext same as ListMemberAccountsPages except 1088// it takes a Context and allows setting request options on the pages. 1089// 1090// The context must be non-nil and will be used for request cancellation. If 1091// the context is nil a panic will occur. In the future the SDK may create 1092// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1093// for more information on using Contexts. 1094func (c *FMS) ListMemberAccountsPagesWithContext(ctx aws.Context, input *ListMemberAccountsInput, fn func(*ListMemberAccountsOutput, bool) bool, opts ...request.Option) error { 1095 p := request.Pagination{ 1096 NewRequest: func() (*request.Request, error) { 1097 var inCpy *ListMemberAccountsInput 1098 if input != nil { 1099 tmp := *input 1100 inCpy = &tmp 1101 } 1102 req, _ := c.ListMemberAccountsRequest(inCpy) 1103 req.SetContext(ctx) 1104 req.ApplyOptions(opts...) 1105 return req, nil 1106 }, 1107 } 1108 1109 cont := true 1110 for p.Next() && cont { 1111 cont = fn(p.Page().(*ListMemberAccountsOutput), !p.HasNextPage()) 1112 } 1113 return p.Err() 1114} 1115 1116const opListPolicies = "ListPolicies" 1117 1118// ListPoliciesRequest generates a "aws/request.Request" representing the 1119// client's request for the ListPolicies operation. The "output" return 1120// value will be populated with the request's response once the request completes 1121// successfully. 1122// 1123// Use "Send" method on the returned Request to send the API call to the service. 1124// the "output" return value is not valid until after Send returns without error. 1125// 1126// See ListPolicies for more information on using the ListPolicies 1127// API call, and error handling. 1128// 1129// This method is useful when you want to inject custom logic or configuration 1130// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1131// 1132// 1133// // Example sending a request using the ListPoliciesRequest method. 1134// req, resp := client.ListPoliciesRequest(params) 1135// 1136// err := req.Send() 1137// if err == nil { // resp is now filled 1138// fmt.Println(resp) 1139// } 1140// 1141// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListPolicies 1142func (c *FMS) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Request, output *ListPoliciesOutput) { 1143 op := &request.Operation{ 1144 Name: opListPolicies, 1145 HTTPMethod: "POST", 1146 HTTPPath: "/", 1147 Paginator: &request.Paginator{ 1148 InputTokens: []string{"NextToken"}, 1149 OutputTokens: []string{"NextToken"}, 1150 LimitToken: "MaxResults", 1151 TruncationToken: "", 1152 }, 1153 } 1154 1155 if input == nil { 1156 input = &ListPoliciesInput{} 1157 } 1158 1159 output = &ListPoliciesOutput{} 1160 req = c.newRequest(op, input, output) 1161 return 1162} 1163 1164// ListPolicies API operation for Firewall Management Service. 1165// 1166// Returns an array of PolicySummary objects in the response. 1167// 1168// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1169// with awserr.Error's Code and Message methods to get detailed information about 1170// the error. 1171// 1172// See the AWS API reference guide for Firewall Management Service's 1173// API operation ListPolicies for usage and error information. 1174// 1175// Returned Error Codes: 1176// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1177// The specified resource was not found. 1178// 1179// * ErrCodeInvalidOperationException "InvalidOperationException" 1180// The operation failed because there was nothing to do. For example, you might 1181// have submitted an AssociateAdminAccount request, but the account ID that 1182// you submitted was already set as the AWS Firewall Manager administrator. 1183// 1184// * ErrCodeLimitExceededException "LimitExceededException" 1185// The operation exceeds a resource limit, for example, the maximum number of 1186// policy objects that you can create for an AWS account. For more information, 1187// see Firewall Manager Limits (https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) 1188// in the AWS WAF Developer Guide. 1189// 1190// * ErrCodeInternalErrorException "InternalErrorException" 1191// The operation failed because of a system problem, even though the request 1192// was valid. Retry your request. 1193// 1194// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListPolicies 1195func (c *FMS) ListPolicies(input *ListPoliciesInput) (*ListPoliciesOutput, error) { 1196 req, out := c.ListPoliciesRequest(input) 1197 return out, req.Send() 1198} 1199 1200// ListPoliciesWithContext is the same as ListPolicies with the addition of 1201// the ability to pass a context and additional request options. 1202// 1203// See ListPolicies for details on how to use this API operation. 1204// 1205// The context must be non-nil and will be used for request cancellation. If 1206// the context is nil a panic will occur. In the future the SDK may create 1207// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1208// for more information on using Contexts. 1209func (c *FMS) ListPoliciesWithContext(ctx aws.Context, input *ListPoliciesInput, opts ...request.Option) (*ListPoliciesOutput, error) { 1210 req, out := c.ListPoliciesRequest(input) 1211 req.SetContext(ctx) 1212 req.ApplyOptions(opts...) 1213 return out, req.Send() 1214} 1215 1216// ListPoliciesPages iterates over the pages of a ListPolicies operation, 1217// calling the "fn" function with the response data for each page. To stop 1218// iterating, return false from the fn function. 1219// 1220// See ListPolicies method for more information on how to use this operation. 1221// 1222// Note: This operation can generate multiple requests to a service. 1223// 1224// // Example iterating over at most 3 pages of a ListPolicies operation. 1225// pageNum := 0 1226// err := client.ListPoliciesPages(params, 1227// func(page *fms.ListPoliciesOutput, lastPage bool) bool { 1228// pageNum++ 1229// fmt.Println(page) 1230// return pageNum <= 3 1231// }) 1232// 1233func (c *FMS) ListPoliciesPages(input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool) error { 1234 return c.ListPoliciesPagesWithContext(aws.BackgroundContext(), input, fn) 1235} 1236 1237// ListPoliciesPagesWithContext same as ListPoliciesPages except 1238// it takes a Context and allows setting request options on the pages. 1239// 1240// The context must be non-nil and will be used for request cancellation. If 1241// the context is nil a panic will occur. In the future the SDK may create 1242// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1243// for more information on using Contexts. 1244func (c *FMS) ListPoliciesPagesWithContext(ctx aws.Context, input *ListPoliciesInput, fn func(*ListPoliciesOutput, bool) bool, opts ...request.Option) error { 1245 p := request.Pagination{ 1246 NewRequest: func() (*request.Request, error) { 1247 var inCpy *ListPoliciesInput 1248 if input != nil { 1249 tmp := *input 1250 inCpy = &tmp 1251 } 1252 req, _ := c.ListPoliciesRequest(inCpy) 1253 req.SetContext(ctx) 1254 req.ApplyOptions(opts...) 1255 return req, nil 1256 }, 1257 } 1258 1259 cont := true 1260 for p.Next() && cont { 1261 cont = fn(p.Page().(*ListPoliciesOutput), !p.HasNextPage()) 1262 } 1263 return p.Err() 1264} 1265 1266const opPutNotificationChannel = "PutNotificationChannel" 1267 1268// PutNotificationChannelRequest generates a "aws/request.Request" representing the 1269// client's request for the PutNotificationChannel operation. The "output" return 1270// value will be populated with the request's response once the request completes 1271// successfully. 1272// 1273// Use "Send" method on the returned Request to send the API call to the service. 1274// the "output" return value is not valid until after Send returns without error. 1275// 1276// See PutNotificationChannel for more information on using the PutNotificationChannel 1277// API call, and error handling. 1278// 1279// This method is useful when you want to inject custom logic or configuration 1280// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1281// 1282// 1283// // Example sending a request using the PutNotificationChannelRequest method. 1284// req, resp := client.PutNotificationChannelRequest(params) 1285// 1286// err := req.Send() 1287// if err == nil { // resp is now filled 1288// fmt.Println(resp) 1289// } 1290// 1291// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutNotificationChannel 1292func (c *FMS) PutNotificationChannelRequest(input *PutNotificationChannelInput) (req *request.Request, output *PutNotificationChannelOutput) { 1293 op := &request.Operation{ 1294 Name: opPutNotificationChannel, 1295 HTTPMethod: "POST", 1296 HTTPPath: "/", 1297 } 1298 1299 if input == nil { 1300 input = &PutNotificationChannelInput{} 1301 } 1302 1303 output = &PutNotificationChannelOutput{} 1304 req = c.newRequest(op, input, output) 1305 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 1306 return 1307} 1308 1309// PutNotificationChannel API operation for Firewall Management Service. 1310// 1311// Designates the IAM role and Amazon Simple Notification Service (SNS) topic 1312// that AWS Firewall Manager uses to record SNS logs. 1313// 1314// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1315// with awserr.Error's Code and Message methods to get detailed information about 1316// the error. 1317// 1318// See the AWS API reference guide for Firewall Management Service's 1319// API operation PutNotificationChannel for usage and error information. 1320// 1321// Returned Error Codes: 1322// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1323// The specified resource was not found. 1324// 1325// * ErrCodeInvalidOperationException "InvalidOperationException" 1326// The operation failed because there was nothing to do. For example, you might 1327// have submitted an AssociateAdminAccount request, but the account ID that 1328// you submitted was already set as the AWS Firewall Manager administrator. 1329// 1330// * ErrCodeInternalErrorException "InternalErrorException" 1331// The operation failed because of a system problem, even though the request 1332// was valid. Retry your request. 1333// 1334// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutNotificationChannel 1335func (c *FMS) PutNotificationChannel(input *PutNotificationChannelInput) (*PutNotificationChannelOutput, error) { 1336 req, out := c.PutNotificationChannelRequest(input) 1337 return out, req.Send() 1338} 1339 1340// PutNotificationChannelWithContext is the same as PutNotificationChannel with the addition of 1341// the ability to pass a context and additional request options. 1342// 1343// See PutNotificationChannel for details on how to use this API operation. 1344// 1345// The context must be non-nil and will be used for request cancellation. If 1346// the context is nil a panic will occur. In the future the SDK may create 1347// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1348// for more information on using Contexts. 1349func (c *FMS) PutNotificationChannelWithContext(ctx aws.Context, input *PutNotificationChannelInput, opts ...request.Option) (*PutNotificationChannelOutput, error) { 1350 req, out := c.PutNotificationChannelRequest(input) 1351 req.SetContext(ctx) 1352 req.ApplyOptions(opts...) 1353 return out, req.Send() 1354} 1355 1356const opPutPolicy = "PutPolicy" 1357 1358// PutPolicyRequest generates a "aws/request.Request" representing the 1359// client's request for the PutPolicy operation. The "output" return 1360// value will be populated with the request's response once the request completes 1361// successfully. 1362// 1363// Use "Send" method on the returned Request to send the API call to the service. 1364// the "output" return value is not valid until after Send returns without error. 1365// 1366// See PutPolicy for more information on using the PutPolicy 1367// API call, and error handling. 1368// 1369// This method is useful when you want to inject custom logic or configuration 1370// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1371// 1372// 1373// // Example sending a request using the PutPolicyRequest method. 1374// req, resp := client.PutPolicyRequest(params) 1375// 1376// err := req.Send() 1377// if err == nil { // resp is now filled 1378// fmt.Println(resp) 1379// } 1380// 1381// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutPolicy 1382func (c *FMS) PutPolicyRequest(input *PutPolicyInput) (req *request.Request, output *PutPolicyOutput) { 1383 op := &request.Operation{ 1384 Name: opPutPolicy, 1385 HTTPMethod: "POST", 1386 HTTPPath: "/", 1387 } 1388 1389 if input == nil { 1390 input = &PutPolicyInput{} 1391 } 1392 1393 output = &PutPolicyOutput{} 1394 req = c.newRequest(op, input, output) 1395 return 1396} 1397 1398// PutPolicy API operation for Firewall Management Service. 1399// 1400// Creates an AWS Firewall Manager policy. 1401// 1402// Firewall Manager provides the following types of policies: 1403// 1404// * A Shield Advanced policy, which applies Shield Advanced protection to 1405// specified accounts and resources 1406// 1407// * An AWS WAF policy, which contains a rule group and defines which resources 1408// are to be protected by that rule group 1409// 1410// * A security group policy, which manages VPC security groups across your 1411// AWS organization. 1412// 1413// Each policy is specific to one of the three types. If you want to enforce 1414// more than one policy type across accounts, you can create multiple policies. 1415// You can create multiple policies for each type. 1416// 1417// You must be subscribed to Shield Advanced to create a Shield Advanced policy. 1418// For more information about subscribing to Shield Advanced, see CreateSubscription 1419// (https://docs.aws.amazon.com/waf/latest/DDOSAPIReference/API_CreateSubscription.html). 1420// 1421// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1422// with awserr.Error's Code and Message methods to get detailed information about 1423// the error. 1424// 1425// See the AWS API reference guide for Firewall Management Service's 1426// API operation PutPolicy for usage and error information. 1427// 1428// Returned Error Codes: 1429// * ErrCodeResourceNotFoundException "ResourceNotFoundException" 1430// The specified resource was not found. 1431// 1432// * ErrCodeInvalidOperationException "InvalidOperationException" 1433// The operation failed because there was nothing to do. For example, you might 1434// have submitted an AssociateAdminAccount request, but the account ID that 1435// you submitted was already set as the AWS Firewall Manager administrator. 1436// 1437// * ErrCodeInvalidInputException "InvalidInputException" 1438// The parameters of the request were invalid. 1439// 1440// * ErrCodeLimitExceededException "LimitExceededException" 1441// The operation exceeds a resource limit, for example, the maximum number of 1442// policy objects that you can create for an AWS account. For more information, 1443// see Firewall Manager Limits (https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) 1444// in the AWS WAF Developer Guide. 1445// 1446// * ErrCodeInternalErrorException "InternalErrorException" 1447// The operation failed because of a system problem, even though the request 1448// was valid. Retry your request. 1449// 1450// * ErrCodeInvalidTypeException "InvalidTypeException" 1451// The value of the Type parameter is invalid. 1452// 1453// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutPolicy 1454func (c *FMS) PutPolicy(input *PutPolicyInput) (*PutPolicyOutput, error) { 1455 req, out := c.PutPolicyRequest(input) 1456 return out, req.Send() 1457} 1458 1459// PutPolicyWithContext is the same as PutPolicy with the addition of 1460// the ability to pass a context and additional request options. 1461// 1462// See PutPolicy for details on how to use this API operation. 1463// 1464// The context must be non-nil and will be used for request cancellation. If 1465// the context is nil a panic will occur. In the future the SDK may create 1466// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1467// for more information on using Contexts. 1468func (c *FMS) PutPolicyWithContext(ctx aws.Context, input *PutPolicyInput, opts ...request.Option) (*PutPolicyOutput, error) { 1469 req, out := c.PutPolicyRequest(input) 1470 req.SetContext(ctx) 1471 req.ApplyOptions(opts...) 1472 return out, req.Send() 1473} 1474 1475type AssociateAdminAccountInput struct { 1476 _ struct{} `type:"structure"` 1477 1478 // The AWS account ID to associate with AWS Firewall Manager as the AWS Firewall 1479 // Manager administrator account. This can be an AWS Organizations master account 1480 // or a member account. For more information about AWS Organizations and master 1481 // accounts, see Managing the AWS Accounts in Your Organization (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts.html). 1482 // 1483 // AdminAccount is a required field 1484 AdminAccount *string `min:"1" type:"string" required:"true"` 1485} 1486 1487// String returns the string representation 1488func (s AssociateAdminAccountInput) String() string { 1489 return awsutil.Prettify(s) 1490} 1491 1492// GoString returns the string representation 1493func (s AssociateAdminAccountInput) GoString() string { 1494 return s.String() 1495} 1496 1497// Validate inspects the fields of the type to determine if they are valid. 1498func (s *AssociateAdminAccountInput) Validate() error { 1499 invalidParams := request.ErrInvalidParams{Context: "AssociateAdminAccountInput"} 1500 if s.AdminAccount == nil { 1501 invalidParams.Add(request.NewErrParamRequired("AdminAccount")) 1502 } 1503 if s.AdminAccount != nil && len(*s.AdminAccount) < 1 { 1504 invalidParams.Add(request.NewErrParamMinLen("AdminAccount", 1)) 1505 } 1506 1507 if invalidParams.Len() > 0 { 1508 return invalidParams 1509 } 1510 return nil 1511} 1512 1513// SetAdminAccount sets the AdminAccount field's value. 1514func (s *AssociateAdminAccountInput) SetAdminAccount(v string) *AssociateAdminAccountInput { 1515 s.AdminAccount = &v 1516 return s 1517} 1518 1519type AssociateAdminAccountOutput struct { 1520 _ struct{} `type:"structure"` 1521} 1522 1523// String returns the string representation 1524func (s AssociateAdminAccountOutput) String() string { 1525 return awsutil.Prettify(s) 1526} 1527 1528// GoString returns the string representation 1529func (s AssociateAdminAccountOutput) GoString() string { 1530 return s.String() 1531} 1532 1533// Details of the resource that is not protected by the policy. 1534type ComplianceViolator struct { 1535 _ struct{} `type:"structure"` 1536 1537 // The resource ID. 1538 ResourceId *string `min:"1" type:"string"` 1539 1540 // The resource type. This is in the format shown in the AWS Resource Types 1541 // Reference (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html). 1542 // For example: AWS::ElasticLoadBalancingV2::LoadBalancer or AWS::CloudFront::Distribution. 1543 ResourceType *string `min:"1" type:"string"` 1544 1545 // The reason that the resource is not protected by the policy. 1546 ViolationReason *string `type:"string" enum:"ViolationReason"` 1547} 1548 1549// String returns the string representation 1550func (s ComplianceViolator) String() string { 1551 return awsutil.Prettify(s) 1552} 1553 1554// GoString returns the string representation 1555func (s ComplianceViolator) GoString() string { 1556 return s.String() 1557} 1558 1559// SetResourceId sets the ResourceId field's value. 1560func (s *ComplianceViolator) SetResourceId(v string) *ComplianceViolator { 1561 s.ResourceId = &v 1562 return s 1563} 1564 1565// SetResourceType sets the ResourceType field's value. 1566func (s *ComplianceViolator) SetResourceType(v string) *ComplianceViolator { 1567 s.ResourceType = &v 1568 return s 1569} 1570 1571// SetViolationReason sets the ViolationReason field's value. 1572func (s *ComplianceViolator) SetViolationReason(v string) *ComplianceViolator { 1573 s.ViolationReason = &v 1574 return s 1575} 1576 1577type DeleteNotificationChannelInput struct { 1578 _ struct{} `type:"structure"` 1579} 1580 1581// String returns the string representation 1582func (s DeleteNotificationChannelInput) String() string { 1583 return awsutil.Prettify(s) 1584} 1585 1586// GoString returns the string representation 1587func (s DeleteNotificationChannelInput) GoString() string { 1588 return s.String() 1589} 1590 1591type DeleteNotificationChannelOutput struct { 1592 _ struct{} `type:"structure"` 1593} 1594 1595// String returns the string representation 1596func (s DeleteNotificationChannelOutput) String() string { 1597 return awsutil.Prettify(s) 1598} 1599 1600// GoString returns the string representation 1601func (s DeleteNotificationChannelOutput) GoString() string { 1602 return s.String() 1603} 1604 1605type DeletePolicyInput struct { 1606 _ struct{} `type:"structure"` 1607 1608 // If True, the request performs cleanup according to the policy type. 1609 // 1610 // For AWS WAF and Shield Advanced policies, the cleanup does the following: 1611 // 1612 // * Deletes rule groups created by AWS Firewall Manager 1613 // 1614 // * Removes web ACLs from in-scope resources 1615 // 1616 // * Deletes web ACLs that contain no rules or rule groups 1617 // 1618 // For security group policies, the cleanup does the following for each security 1619 // group in the policy: 1620 // 1621 // * Disassociates the security group from in-scope resources 1622 // 1623 // * Deletes the security group if it was created through Firewall Manager 1624 // and if it's no longer associated with any resources through another policy 1625 // 1626 // After the cleanup, in-scope resources are no longer protected by web ACLs 1627 // in this policy. Protection of out-of-scope resources remains unchanged. Scope 1628 // is determined by tags that you create and accounts that you associate with 1629 // the policy. When creating the policy, if you specify that only resources 1630 // in specific accounts or with specific tags are in scope of the policy, those 1631 // accounts and resources are handled by the policy. All others are out of scope. 1632 // If you don't specify tags or accounts, all resources are in scope. 1633 DeleteAllPolicyResources *bool `type:"boolean"` 1634 1635 // The ID of the policy that you want to delete. PolicyId is returned by PutPolicy 1636 // and by ListPolicies. 1637 // 1638 // PolicyId is a required field 1639 PolicyId *string `min:"36" type:"string" required:"true"` 1640} 1641 1642// String returns the string representation 1643func (s DeletePolicyInput) String() string { 1644 return awsutil.Prettify(s) 1645} 1646 1647// GoString returns the string representation 1648func (s DeletePolicyInput) GoString() string { 1649 return s.String() 1650} 1651 1652// Validate inspects the fields of the type to determine if they are valid. 1653func (s *DeletePolicyInput) Validate() error { 1654 invalidParams := request.ErrInvalidParams{Context: "DeletePolicyInput"} 1655 if s.PolicyId == nil { 1656 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 1657 } 1658 if s.PolicyId != nil && len(*s.PolicyId) < 36 { 1659 invalidParams.Add(request.NewErrParamMinLen("PolicyId", 36)) 1660 } 1661 1662 if invalidParams.Len() > 0 { 1663 return invalidParams 1664 } 1665 return nil 1666} 1667 1668// SetDeleteAllPolicyResources sets the DeleteAllPolicyResources field's value. 1669func (s *DeletePolicyInput) SetDeleteAllPolicyResources(v bool) *DeletePolicyInput { 1670 s.DeleteAllPolicyResources = &v 1671 return s 1672} 1673 1674// SetPolicyId sets the PolicyId field's value. 1675func (s *DeletePolicyInput) SetPolicyId(v string) *DeletePolicyInput { 1676 s.PolicyId = &v 1677 return s 1678} 1679 1680type DeletePolicyOutput struct { 1681 _ struct{} `type:"structure"` 1682} 1683 1684// String returns the string representation 1685func (s DeletePolicyOutput) String() string { 1686 return awsutil.Prettify(s) 1687} 1688 1689// GoString returns the string representation 1690func (s DeletePolicyOutput) GoString() string { 1691 return s.String() 1692} 1693 1694type DisassociateAdminAccountInput struct { 1695 _ struct{} `type:"structure"` 1696} 1697 1698// String returns the string representation 1699func (s DisassociateAdminAccountInput) String() string { 1700 return awsutil.Prettify(s) 1701} 1702 1703// GoString returns the string representation 1704func (s DisassociateAdminAccountInput) GoString() string { 1705 return s.String() 1706} 1707 1708type DisassociateAdminAccountOutput struct { 1709 _ struct{} `type:"structure"` 1710} 1711 1712// String returns the string representation 1713func (s DisassociateAdminAccountOutput) String() string { 1714 return awsutil.Prettify(s) 1715} 1716 1717// GoString returns the string representation 1718func (s DisassociateAdminAccountOutput) GoString() string { 1719 return s.String() 1720} 1721 1722// Describes the compliance status for the account. An account is considered 1723// noncompliant if it includes resources that are not protected by the specified 1724// policy or that don't comply with the policy. 1725type EvaluationResult struct { 1726 _ struct{} `type:"structure"` 1727 1728 // Describes an AWS account's compliance with the AWS Firewall Manager policy. 1729 ComplianceStatus *string `type:"string" enum:"PolicyComplianceStatusType"` 1730 1731 // Indicates that over 100 resources are noncompliant with the AWS Firewall 1732 // Manager policy. 1733 EvaluationLimitExceeded *bool `type:"boolean"` 1734 1735 // The number of resources that are noncompliant with the specified policy. 1736 // For AWS WAF and Shield Advanced policies, a resource is considered noncompliant 1737 // if it is not associated with the policy. For security group policies, a resource 1738 // is considered noncompliant if it doesn't comply with the rules of the policy 1739 // and remediation is disabled or not possible. 1740 ViolatorCount *int64 `type:"long"` 1741} 1742 1743// String returns the string representation 1744func (s EvaluationResult) String() string { 1745 return awsutil.Prettify(s) 1746} 1747 1748// GoString returns the string representation 1749func (s EvaluationResult) GoString() string { 1750 return s.String() 1751} 1752 1753// SetComplianceStatus sets the ComplianceStatus field's value. 1754func (s *EvaluationResult) SetComplianceStatus(v string) *EvaluationResult { 1755 s.ComplianceStatus = &v 1756 return s 1757} 1758 1759// SetEvaluationLimitExceeded sets the EvaluationLimitExceeded field's value. 1760func (s *EvaluationResult) SetEvaluationLimitExceeded(v bool) *EvaluationResult { 1761 s.EvaluationLimitExceeded = &v 1762 return s 1763} 1764 1765// SetViolatorCount sets the ViolatorCount field's value. 1766func (s *EvaluationResult) SetViolatorCount(v int64) *EvaluationResult { 1767 s.ViolatorCount = &v 1768 return s 1769} 1770 1771type GetAdminAccountInput struct { 1772 _ struct{} `type:"structure"` 1773} 1774 1775// String returns the string representation 1776func (s GetAdminAccountInput) String() string { 1777 return awsutil.Prettify(s) 1778} 1779 1780// GoString returns the string representation 1781func (s GetAdminAccountInput) GoString() string { 1782 return s.String() 1783} 1784 1785type GetAdminAccountOutput struct { 1786 _ struct{} `type:"structure"` 1787 1788 // The AWS account that is set as the AWS Firewall Manager administrator. 1789 AdminAccount *string `min:"1" type:"string"` 1790 1791 // The status of the AWS account that you set as the AWS Firewall Manager administrator. 1792 RoleStatus *string `type:"string" enum:"AccountRoleStatus"` 1793} 1794 1795// String returns the string representation 1796func (s GetAdminAccountOutput) String() string { 1797 return awsutil.Prettify(s) 1798} 1799 1800// GoString returns the string representation 1801func (s GetAdminAccountOutput) GoString() string { 1802 return s.String() 1803} 1804 1805// SetAdminAccount sets the AdminAccount field's value. 1806func (s *GetAdminAccountOutput) SetAdminAccount(v string) *GetAdminAccountOutput { 1807 s.AdminAccount = &v 1808 return s 1809} 1810 1811// SetRoleStatus sets the RoleStatus field's value. 1812func (s *GetAdminAccountOutput) SetRoleStatus(v string) *GetAdminAccountOutput { 1813 s.RoleStatus = &v 1814 return s 1815} 1816 1817type GetComplianceDetailInput struct { 1818 _ struct{} `type:"structure"` 1819 1820 // The AWS account that owns the resources that you want to get the details 1821 // for. 1822 // 1823 // MemberAccount is a required field 1824 MemberAccount *string `min:"1" type:"string" required:"true"` 1825 1826 // The ID of the policy that you want to get the details for. PolicyId is returned 1827 // by PutPolicy and by ListPolicies. 1828 // 1829 // PolicyId is a required field 1830 PolicyId *string `min:"36" type:"string" required:"true"` 1831} 1832 1833// String returns the string representation 1834func (s GetComplianceDetailInput) String() string { 1835 return awsutil.Prettify(s) 1836} 1837 1838// GoString returns the string representation 1839func (s GetComplianceDetailInput) GoString() string { 1840 return s.String() 1841} 1842 1843// Validate inspects the fields of the type to determine if they are valid. 1844func (s *GetComplianceDetailInput) Validate() error { 1845 invalidParams := request.ErrInvalidParams{Context: "GetComplianceDetailInput"} 1846 if s.MemberAccount == nil { 1847 invalidParams.Add(request.NewErrParamRequired("MemberAccount")) 1848 } 1849 if s.MemberAccount != nil && len(*s.MemberAccount) < 1 { 1850 invalidParams.Add(request.NewErrParamMinLen("MemberAccount", 1)) 1851 } 1852 if s.PolicyId == nil { 1853 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 1854 } 1855 if s.PolicyId != nil && len(*s.PolicyId) < 36 { 1856 invalidParams.Add(request.NewErrParamMinLen("PolicyId", 36)) 1857 } 1858 1859 if invalidParams.Len() > 0 { 1860 return invalidParams 1861 } 1862 return nil 1863} 1864 1865// SetMemberAccount sets the MemberAccount field's value. 1866func (s *GetComplianceDetailInput) SetMemberAccount(v string) *GetComplianceDetailInput { 1867 s.MemberAccount = &v 1868 return s 1869} 1870 1871// SetPolicyId sets the PolicyId field's value. 1872func (s *GetComplianceDetailInput) SetPolicyId(v string) *GetComplianceDetailInput { 1873 s.PolicyId = &v 1874 return s 1875} 1876 1877type GetComplianceDetailOutput struct { 1878 _ struct{} `type:"structure"` 1879 1880 // Information about the resources and the policy that you specified in the 1881 // GetComplianceDetail request. 1882 PolicyComplianceDetail *PolicyComplianceDetail `type:"structure"` 1883} 1884 1885// String returns the string representation 1886func (s GetComplianceDetailOutput) String() string { 1887 return awsutil.Prettify(s) 1888} 1889 1890// GoString returns the string representation 1891func (s GetComplianceDetailOutput) GoString() string { 1892 return s.String() 1893} 1894 1895// SetPolicyComplianceDetail sets the PolicyComplianceDetail field's value. 1896func (s *GetComplianceDetailOutput) SetPolicyComplianceDetail(v *PolicyComplianceDetail) *GetComplianceDetailOutput { 1897 s.PolicyComplianceDetail = v 1898 return s 1899} 1900 1901type GetNotificationChannelInput struct { 1902 _ struct{} `type:"structure"` 1903} 1904 1905// String returns the string representation 1906func (s GetNotificationChannelInput) String() string { 1907 return awsutil.Prettify(s) 1908} 1909 1910// GoString returns the string representation 1911func (s GetNotificationChannelInput) GoString() string { 1912 return s.String() 1913} 1914 1915type GetNotificationChannelOutput struct { 1916 _ struct{} `type:"structure"` 1917 1918 // The IAM role that is used by AWS Firewall Manager to record activity to SNS. 1919 SnsRoleName *string `min:"1" type:"string"` 1920 1921 // The SNS topic that records AWS Firewall Manager activity. 1922 SnsTopicArn *string `min:"1" type:"string"` 1923} 1924 1925// String returns the string representation 1926func (s GetNotificationChannelOutput) String() string { 1927 return awsutil.Prettify(s) 1928} 1929 1930// GoString returns the string representation 1931func (s GetNotificationChannelOutput) GoString() string { 1932 return s.String() 1933} 1934 1935// SetSnsRoleName sets the SnsRoleName field's value. 1936func (s *GetNotificationChannelOutput) SetSnsRoleName(v string) *GetNotificationChannelOutput { 1937 s.SnsRoleName = &v 1938 return s 1939} 1940 1941// SetSnsTopicArn sets the SnsTopicArn field's value. 1942func (s *GetNotificationChannelOutput) SetSnsTopicArn(v string) *GetNotificationChannelOutput { 1943 s.SnsTopicArn = &v 1944 return s 1945} 1946 1947type GetPolicyInput struct { 1948 _ struct{} `type:"structure"` 1949 1950 // The ID of the AWS Firewall Manager policy that you want the details for. 1951 // 1952 // PolicyId is a required field 1953 PolicyId *string `min:"36" type:"string" required:"true"` 1954} 1955 1956// String returns the string representation 1957func (s GetPolicyInput) String() string { 1958 return awsutil.Prettify(s) 1959} 1960 1961// GoString returns the string representation 1962func (s GetPolicyInput) GoString() string { 1963 return s.String() 1964} 1965 1966// Validate inspects the fields of the type to determine if they are valid. 1967func (s *GetPolicyInput) Validate() error { 1968 invalidParams := request.ErrInvalidParams{Context: "GetPolicyInput"} 1969 if s.PolicyId == nil { 1970 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 1971 } 1972 if s.PolicyId != nil && len(*s.PolicyId) < 36 { 1973 invalidParams.Add(request.NewErrParamMinLen("PolicyId", 36)) 1974 } 1975 1976 if invalidParams.Len() > 0 { 1977 return invalidParams 1978 } 1979 return nil 1980} 1981 1982// SetPolicyId sets the PolicyId field's value. 1983func (s *GetPolicyInput) SetPolicyId(v string) *GetPolicyInput { 1984 s.PolicyId = &v 1985 return s 1986} 1987 1988type GetPolicyOutput struct { 1989 _ struct{} `type:"structure"` 1990 1991 // Information about the specified AWS Firewall Manager policy. 1992 Policy *Policy `type:"structure"` 1993 1994 // The Amazon Resource Name (ARN) of the specified policy. 1995 PolicyArn *string `min:"1" type:"string"` 1996} 1997 1998// String returns the string representation 1999func (s GetPolicyOutput) String() string { 2000 return awsutil.Prettify(s) 2001} 2002 2003// GoString returns the string representation 2004func (s GetPolicyOutput) GoString() string { 2005 return s.String() 2006} 2007 2008// SetPolicy sets the Policy field's value. 2009func (s *GetPolicyOutput) SetPolicy(v *Policy) *GetPolicyOutput { 2010 s.Policy = v 2011 return s 2012} 2013 2014// SetPolicyArn sets the PolicyArn field's value. 2015func (s *GetPolicyOutput) SetPolicyArn(v string) *GetPolicyOutput { 2016 s.PolicyArn = &v 2017 return s 2018} 2019 2020type GetProtectionStatusInput struct { 2021 _ struct{} `type:"structure"` 2022 2023 // The end of the time period to query for the attacks. This is a timestamp 2024 // type. The request syntax listing indicates a number type because the default 2025 // used by AWS Firewall Manager is Unix time in seconds. However, any valid 2026 // timestamp format is allowed. 2027 EndTime *time.Time `type:"timestamp"` 2028 2029 // Specifies the number of objects that you want AWS Firewall Manager to return 2030 // for this request. If you have more objects than the number that you specify 2031 // for MaxResults, the response includes a NextToken value that you can use 2032 // to get another batch of objects. 2033 MaxResults *int64 `min:"1" type:"integer"` 2034 2035 // The AWS account that is in scope of the policy that you want to get the details 2036 // for. 2037 MemberAccountId *string `min:"1" type:"string"` 2038 2039 // If you specify a value for MaxResults and you have more objects than the 2040 // number that you specify for MaxResults, AWS Firewall Manager returns a NextToken 2041 // value in the response, which you can use to retrieve another group of objects. 2042 // For the second and subsequent GetProtectionStatus requests, specify the value 2043 // of NextToken from the previous response to get information about another 2044 // batch of objects. 2045 NextToken *string `min:"1" type:"string"` 2046 2047 // The ID of the policy for which you want to get the attack information. 2048 // 2049 // PolicyId is a required field 2050 PolicyId *string `min:"36" type:"string" required:"true"` 2051 2052 // The start of the time period to query for the attacks. This is a timestamp 2053 // type. The request syntax listing indicates a number type because the default 2054 // used by AWS Firewall Manager is Unix time in seconds. However, any valid 2055 // timestamp format is allowed. 2056 StartTime *time.Time `type:"timestamp"` 2057} 2058 2059// String returns the string representation 2060func (s GetProtectionStatusInput) String() string { 2061 return awsutil.Prettify(s) 2062} 2063 2064// GoString returns the string representation 2065func (s GetProtectionStatusInput) GoString() string { 2066 return s.String() 2067} 2068 2069// Validate inspects the fields of the type to determine if they are valid. 2070func (s *GetProtectionStatusInput) Validate() error { 2071 invalidParams := request.ErrInvalidParams{Context: "GetProtectionStatusInput"} 2072 if s.MaxResults != nil && *s.MaxResults < 1 { 2073 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 2074 } 2075 if s.MemberAccountId != nil && len(*s.MemberAccountId) < 1 { 2076 invalidParams.Add(request.NewErrParamMinLen("MemberAccountId", 1)) 2077 } 2078 if s.NextToken != nil && len(*s.NextToken) < 1 { 2079 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 2080 } 2081 if s.PolicyId == nil { 2082 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 2083 } 2084 if s.PolicyId != nil && len(*s.PolicyId) < 36 { 2085 invalidParams.Add(request.NewErrParamMinLen("PolicyId", 36)) 2086 } 2087 2088 if invalidParams.Len() > 0 { 2089 return invalidParams 2090 } 2091 return nil 2092} 2093 2094// SetEndTime sets the EndTime field's value. 2095func (s *GetProtectionStatusInput) SetEndTime(v time.Time) *GetProtectionStatusInput { 2096 s.EndTime = &v 2097 return s 2098} 2099 2100// SetMaxResults sets the MaxResults field's value. 2101func (s *GetProtectionStatusInput) SetMaxResults(v int64) *GetProtectionStatusInput { 2102 s.MaxResults = &v 2103 return s 2104} 2105 2106// SetMemberAccountId sets the MemberAccountId field's value. 2107func (s *GetProtectionStatusInput) SetMemberAccountId(v string) *GetProtectionStatusInput { 2108 s.MemberAccountId = &v 2109 return s 2110} 2111 2112// SetNextToken sets the NextToken field's value. 2113func (s *GetProtectionStatusInput) SetNextToken(v string) *GetProtectionStatusInput { 2114 s.NextToken = &v 2115 return s 2116} 2117 2118// SetPolicyId sets the PolicyId field's value. 2119func (s *GetProtectionStatusInput) SetPolicyId(v string) *GetProtectionStatusInput { 2120 s.PolicyId = &v 2121 return s 2122} 2123 2124// SetStartTime sets the StartTime field's value. 2125func (s *GetProtectionStatusInput) SetStartTime(v time.Time) *GetProtectionStatusInput { 2126 s.StartTime = &v 2127 return s 2128} 2129 2130type GetProtectionStatusOutput struct { 2131 _ struct{} `type:"structure"` 2132 2133 // The ID of the AWS Firewall administrator account for this policy. 2134 AdminAccountId *string `min:"1" type:"string"` 2135 2136 // Details about the attack, including the following: 2137 // 2138 // * Attack type 2139 // 2140 // * Account ID 2141 // 2142 // * ARN of the resource attacked 2143 // 2144 // * Start time of the attack 2145 // 2146 // * End time of the attack (ongoing attacks will not have an end time) 2147 // 2148 // The details are in JSON format. 2149 Data *string `type:"string"` 2150 2151 // If you have more objects than the number that you specified for MaxResults 2152 // in the request, the response includes a NextToken value. To list more objects, 2153 // submit another GetProtectionStatus request, and specify the NextToken value 2154 // from the response in the NextToken value in the next request. 2155 // 2156 // AWS SDKs provide auto-pagination that identify NextToken in a response and 2157 // make subsequent request calls automatically on your behalf. However, this 2158 // feature is not supported by GetProtectionStatus. You must submit subsequent 2159 // requests with NextToken using your own processes. 2160 NextToken *string `min:"1" type:"string"` 2161 2162 // The service type that is protected by the policy. Currently, this is always 2163 // SHIELD_ADVANCED. 2164 ServiceType *string `type:"string" enum:"SecurityServiceType"` 2165} 2166 2167// String returns the string representation 2168func (s GetProtectionStatusOutput) String() string { 2169 return awsutil.Prettify(s) 2170} 2171 2172// GoString returns the string representation 2173func (s GetProtectionStatusOutput) GoString() string { 2174 return s.String() 2175} 2176 2177// SetAdminAccountId sets the AdminAccountId field's value. 2178func (s *GetProtectionStatusOutput) SetAdminAccountId(v string) *GetProtectionStatusOutput { 2179 s.AdminAccountId = &v 2180 return s 2181} 2182 2183// SetData sets the Data field's value. 2184func (s *GetProtectionStatusOutput) SetData(v string) *GetProtectionStatusOutput { 2185 s.Data = &v 2186 return s 2187} 2188 2189// SetNextToken sets the NextToken field's value. 2190func (s *GetProtectionStatusOutput) SetNextToken(v string) *GetProtectionStatusOutput { 2191 s.NextToken = &v 2192 return s 2193} 2194 2195// SetServiceType sets the ServiceType field's value. 2196func (s *GetProtectionStatusOutput) SetServiceType(v string) *GetProtectionStatusOutput { 2197 s.ServiceType = &v 2198 return s 2199} 2200 2201type ListComplianceStatusInput struct { 2202 _ struct{} `type:"structure"` 2203 2204 // Specifies the number of PolicyComplianceStatus objects that you want AWS 2205 // Firewall Manager to return for this request. If you have more PolicyComplianceStatus 2206 // objects than the number that you specify for MaxResults, the response includes 2207 // a NextToken value that you can use to get another batch of PolicyComplianceStatus 2208 // objects. 2209 MaxResults *int64 `min:"1" type:"integer"` 2210 2211 // If you specify a value for MaxResults and you have more PolicyComplianceStatus 2212 // objects than the number that you specify for MaxResults, AWS Firewall Manager 2213 // returns a NextToken value in the response that allows you to list another 2214 // group of PolicyComplianceStatus objects. For the second and subsequent ListComplianceStatus 2215 // requests, specify the value of NextToken from the previous response to get 2216 // information about another batch of PolicyComplianceStatus objects. 2217 NextToken *string `min:"1" type:"string"` 2218 2219 // The ID of the AWS Firewall Manager policy that you want the details for. 2220 // 2221 // PolicyId is a required field 2222 PolicyId *string `min:"36" type:"string" required:"true"` 2223} 2224 2225// String returns the string representation 2226func (s ListComplianceStatusInput) String() string { 2227 return awsutil.Prettify(s) 2228} 2229 2230// GoString returns the string representation 2231func (s ListComplianceStatusInput) GoString() string { 2232 return s.String() 2233} 2234 2235// Validate inspects the fields of the type to determine if they are valid. 2236func (s *ListComplianceStatusInput) Validate() error { 2237 invalidParams := request.ErrInvalidParams{Context: "ListComplianceStatusInput"} 2238 if s.MaxResults != nil && *s.MaxResults < 1 { 2239 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 2240 } 2241 if s.NextToken != nil && len(*s.NextToken) < 1 { 2242 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 2243 } 2244 if s.PolicyId == nil { 2245 invalidParams.Add(request.NewErrParamRequired("PolicyId")) 2246 } 2247 if s.PolicyId != nil && len(*s.PolicyId) < 36 { 2248 invalidParams.Add(request.NewErrParamMinLen("PolicyId", 36)) 2249 } 2250 2251 if invalidParams.Len() > 0 { 2252 return invalidParams 2253 } 2254 return nil 2255} 2256 2257// SetMaxResults sets the MaxResults field's value. 2258func (s *ListComplianceStatusInput) SetMaxResults(v int64) *ListComplianceStatusInput { 2259 s.MaxResults = &v 2260 return s 2261} 2262 2263// SetNextToken sets the NextToken field's value. 2264func (s *ListComplianceStatusInput) SetNextToken(v string) *ListComplianceStatusInput { 2265 s.NextToken = &v 2266 return s 2267} 2268 2269// SetPolicyId sets the PolicyId field's value. 2270func (s *ListComplianceStatusInput) SetPolicyId(v string) *ListComplianceStatusInput { 2271 s.PolicyId = &v 2272 return s 2273} 2274 2275type ListComplianceStatusOutput struct { 2276 _ struct{} `type:"structure"` 2277 2278 // If you have more PolicyComplianceStatus objects than the number that you 2279 // specified for MaxResults in the request, the response includes a NextToken 2280 // value. To list more PolicyComplianceStatus objects, submit another ListComplianceStatus 2281 // request, and specify the NextToken value from the response in the NextToken 2282 // value in the next request. 2283 NextToken *string `min:"1" type:"string"` 2284 2285 // An array of PolicyComplianceStatus objects. 2286 PolicyComplianceStatusList []*PolicyComplianceStatus `type:"list"` 2287} 2288 2289// String returns the string representation 2290func (s ListComplianceStatusOutput) String() string { 2291 return awsutil.Prettify(s) 2292} 2293 2294// GoString returns the string representation 2295func (s ListComplianceStatusOutput) GoString() string { 2296 return s.String() 2297} 2298 2299// SetNextToken sets the NextToken field's value. 2300func (s *ListComplianceStatusOutput) SetNextToken(v string) *ListComplianceStatusOutput { 2301 s.NextToken = &v 2302 return s 2303} 2304 2305// SetPolicyComplianceStatusList sets the PolicyComplianceStatusList field's value. 2306func (s *ListComplianceStatusOutput) SetPolicyComplianceStatusList(v []*PolicyComplianceStatus) *ListComplianceStatusOutput { 2307 s.PolicyComplianceStatusList = v 2308 return s 2309} 2310 2311type ListMemberAccountsInput struct { 2312 _ struct{} `type:"structure"` 2313 2314 // Specifies the number of member account IDs that you want AWS Firewall Manager 2315 // to return for this request. If you have more IDs than the number that you 2316 // specify for MaxResults, the response includes a NextToken value that you 2317 // can use to get another batch of member account IDs. 2318 MaxResults *int64 `min:"1" type:"integer"` 2319 2320 // If you specify a value for MaxResults and you have more account IDs than 2321 // the number that you specify for MaxResults, AWS Firewall Manager returns 2322 // a NextToken value in the response that allows you to list another group of 2323 // IDs. For the second and subsequent ListMemberAccountsRequest requests, specify 2324 // the value of NextToken from the previous response to get information about 2325 // another batch of member account IDs. 2326 NextToken *string `min:"1" type:"string"` 2327} 2328 2329// String returns the string representation 2330func (s ListMemberAccountsInput) String() string { 2331 return awsutil.Prettify(s) 2332} 2333 2334// GoString returns the string representation 2335func (s ListMemberAccountsInput) GoString() string { 2336 return s.String() 2337} 2338 2339// Validate inspects the fields of the type to determine if they are valid. 2340func (s *ListMemberAccountsInput) Validate() error { 2341 invalidParams := request.ErrInvalidParams{Context: "ListMemberAccountsInput"} 2342 if s.MaxResults != nil && *s.MaxResults < 1 { 2343 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 2344 } 2345 if s.NextToken != nil && len(*s.NextToken) < 1 { 2346 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 2347 } 2348 2349 if invalidParams.Len() > 0 { 2350 return invalidParams 2351 } 2352 return nil 2353} 2354 2355// SetMaxResults sets the MaxResults field's value. 2356func (s *ListMemberAccountsInput) SetMaxResults(v int64) *ListMemberAccountsInput { 2357 s.MaxResults = &v 2358 return s 2359} 2360 2361// SetNextToken sets the NextToken field's value. 2362func (s *ListMemberAccountsInput) SetNextToken(v string) *ListMemberAccountsInput { 2363 s.NextToken = &v 2364 return s 2365} 2366 2367type ListMemberAccountsOutput struct { 2368 _ struct{} `type:"structure"` 2369 2370 // An array of account IDs. 2371 MemberAccounts []*string `type:"list"` 2372 2373 // If you have more member account IDs than the number that you specified for 2374 // MaxResults in the request, the response includes a NextToken value. To list 2375 // more IDs, submit another ListMemberAccounts request, and specify the NextToken 2376 // value from the response in the NextToken value in the next request. 2377 NextToken *string `min:"1" type:"string"` 2378} 2379 2380// String returns the string representation 2381func (s ListMemberAccountsOutput) String() string { 2382 return awsutil.Prettify(s) 2383} 2384 2385// GoString returns the string representation 2386func (s ListMemberAccountsOutput) GoString() string { 2387 return s.String() 2388} 2389 2390// SetMemberAccounts sets the MemberAccounts field's value. 2391func (s *ListMemberAccountsOutput) SetMemberAccounts(v []*string) *ListMemberAccountsOutput { 2392 s.MemberAccounts = v 2393 return s 2394} 2395 2396// SetNextToken sets the NextToken field's value. 2397func (s *ListMemberAccountsOutput) SetNextToken(v string) *ListMemberAccountsOutput { 2398 s.NextToken = &v 2399 return s 2400} 2401 2402type ListPoliciesInput struct { 2403 _ struct{} `type:"structure"` 2404 2405 // Specifies the number of PolicySummary objects that you want AWS Firewall 2406 // Manager to return for this request. If you have more PolicySummary objects 2407 // than the number that you specify for MaxResults, the response includes a 2408 // NextToken value that you can use to get another batch of PolicySummary objects. 2409 MaxResults *int64 `min:"1" type:"integer"` 2410 2411 // If you specify a value for MaxResults and you have more PolicySummary objects 2412 // than the number that you specify for MaxResults, AWS Firewall Manager returns 2413 // a NextToken value in the response that allows you to list another group of 2414 // PolicySummary objects. For the second and subsequent ListPolicies requests, 2415 // specify the value of NextToken from the previous response to get information 2416 // about another batch of PolicySummary objects. 2417 NextToken *string `min:"1" type:"string"` 2418} 2419 2420// String returns the string representation 2421func (s ListPoliciesInput) String() string { 2422 return awsutil.Prettify(s) 2423} 2424 2425// GoString returns the string representation 2426func (s ListPoliciesInput) GoString() string { 2427 return s.String() 2428} 2429 2430// Validate inspects the fields of the type to determine if they are valid. 2431func (s *ListPoliciesInput) Validate() error { 2432 invalidParams := request.ErrInvalidParams{Context: "ListPoliciesInput"} 2433 if s.MaxResults != nil && *s.MaxResults < 1 { 2434 invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) 2435 } 2436 if s.NextToken != nil && len(*s.NextToken) < 1 { 2437 invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) 2438 } 2439 2440 if invalidParams.Len() > 0 { 2441 return invalidParams 2442 } 2443 return nil 2444} 2445 2446// SetMaxResults sets the MaxResults field's value. 2447func (s *ListPoliciesInput) SetMaxResults(v int64) *ListPoliciesInput { 2448 s.MaxResults = &v 2449 return s 2450} 2451 2452// SetNextToken sets the NextToken field's value. 2453func (s *ListPoliciesInput) SetNextToken(v string) *ListPoliciesInput { 2454 s.NextToken = &v 2455 return s 2456} 2457 2458type ListPoliciesOutput struct { 2459 _ struct{} `type:"structure"` 2460 2461 // If you have more PolicySummary objects than the number that you specified 2462 // for MaxResults in the request, the response includes a NextToken value. To 2463 // list more PolicySummary objects, submit another ListPolicies request, and 2464 // specify the NextToken value from the response in the NextToken value in the 2465 // next request. 2466 NextToken *string `min:"1" type:"string"` 2467 2468 // An array of PolicySummary objects. 2469 PolicyList []*PolicySummary `type:"list"` 2470} 2471 2472// String returns the string representation 2473func (s ListPoliciesOutput) String() string { 2474 return awsutil.Prettify(s) 2475} 2476 2477// GoString returns the string representation 2478func (s ListPoliciesOutput) GoString() string { 2479 return s.String() 2480} 2481 2482// SetNextToken sets the NextToken field's value. 2483func (s *ListPoliciesOutput) SetNextToken(v string) *ListPoliciesOutput { 2484 s.NextToken = &v 2485 return s 2486} 2487 2488// SetPolicyList sets the PolicyList field's value. 2489func (s *ListPoliciesOutput) SetPolicyList(v []*PolicySummary) *ListPoliciesOutput { 2490 s.PolicyList = v 2491 return s 2492} 2493 2494// An AWS Firewall Manager policy. 2495type Policy struct { 2496 _ struct{} `type:"structure"` 2497 2498 // Specifies the AWS account IDs to exclude from the policy. The IncludeMap 2499 // values are evaluated first, with all the appropriate account IDs added to 2500 // the policy. Then the accounts listed in ExcludeMap are removed, resulting 2501 // in the final list of accounts to add to the policy. 2502 // 2503 // The key to the map is ACCOUNT. For example, a valid ExcludeMap would be {“ACCOUNT” 2504 // : [“accountID1”, “accountID2”]}. 2505 ExcludeMap map[string][]*string `type:"map"` 2506 2507 // If set to True, resources with the tags that are specified in the ResourceTag 2508 // array are not in scope of the policy. If set to False, and the ResourceTag 2509 // array is not null, only resources with the specified tags are in scope of 2510 // the policy. 2511 // 2512 // ExcludeResourceTags is a required field 2513 ExcludeResourceTags *bool `type:"boolean" required:"true"` 2514 2515 // Specifies the AWS account IDs to include in the policy. If IncludeMap is 2516 // null, all accounts in the organization in AWS Organizations are included 2517 // in the policy. If IncludeMap is not null, only values listed in IncludeMap 2518 // are included in the policy. 2519 // 2520 // The key to the map is ACCOUNT. For example, a valid IncludeMap would be {“ACCOUNT” 2521 // : [“accountID1”, “accountID2”]}. 2522 IncludeMap map[string][]*string `type:"map"` 2523 2524 // The ID of the AWS Firewall Manager policy. 2525 PolicyId *string `min:"36" type:"string"` 2526 2527 // The friendly name of the AWS Firewall Manager policy. 2528 // 2529 // PolicyName is a required field 2530 PolicyName *string `min:"1" type:"string" required:"true"` 2531 2532 // A unique identifier for each update to the policy. When issuing a PutPolicy 2533 // request, the PolicyUpdateToken in the request must match the PolicyUpdateToken 2534 // of the current policy version. To get the PolicyUpdateToken of the current 2535 // policy version, use a GetPolicy request. 2536 PolicyUpdateToken *string `min:"1" type:"string"` 2537 2538 // Indicates if the policy should be automatically applied to new resources. 2539 // 2540 // RemediationEnabled is a required field 2541 RemediationEnabled *bool `type:"boolean" required:"true"` 2542 2543 // An array of ResourceTag objects. 2544 ResourceTags []*ResourceTag `type:"list"` 2545 2546 // The type of resource protected by or in scope of the policy. This is in the 2547 // format shown in the AWS Resource Types Reference (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html). 2548 // For AWS WAF and Shield Advanced, examples include AWS::ElasticLoadBalancingV2::LoadBalancer 2549 // and AWS::CloudFront::Distribution. For a security group common policy, valid 2550 // values are AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a security 2551 // group content audit policy, valid values are AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, 2552 // and AWS::EC2::Instance. For a security group usage audit policy, the value 2553 // is AWS::EC2::SecurityGroup. 2554 // 2555 // ResourceType is a required field 2556 ResourceType *string `min:"1" type:"string" required:"true"` 2557 2558 // An array of ResourceType. 2559 ResourceTypeList []*string `type:"list"` 2560 2561 // Details about the security service that is being used to protect the resources. 2562 // 2563 // SecurityServicePolicyData is a required field 2564 SecurityServicePolicyData *SecurityServicePolicyData `type:"structure" required:"true"` 2565} 2566 2567// String returns the string representation 2568func (s Policy) String() string { 2569 return awsutil.Prettify(s) 2570} 2571 2572// GoString returns the string representation 2573func (s Policy) GoString() string { 2574 return s.String() 2575} 2576 2577// Validate inspects the fields of the type to determine if they are valid. 2578func (s *Policy) Validate() error { 2579 invalidParams := request.ErrInvalidParams{Context: "Policy"} 2580 if s.ExcludeResourceTags == nil { 2581 invalidParams.Add(request.NewErrParamRequired("ExcludeResourceTags")) 2582 } 2583 if s.PolicyId != nil && len(*s.PolicyId) < 36 { 2584 invalidParams.Add(request.NewErrParamMinLen("PolicyId", 36)) 2585 } 2586 if s.PolicyName == nil { 2587 invalidParams.Add(request.NewErrParamRequired("PolicyName")) 2588 } 2589 if s.PolicyName != nil && len(*s.PolicyName) < 1 { 2590 invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1)) 2591 } 2592 if s.PolicyUpdateToken != nil && len(*s.PolicyUpdateToken) < 1 { 2593 invalidParams.Add(request.NewErrParamMinLen("PolicyUpdateToken", 1)) 2594 } 2595 if s.RemediationEnabled == nil { 2596 invalidParams.Add(request.NewErrParamRequired("RemediationEnabled")) 2597 } 2598 if s.ResourceType == nil { 2599 invalidParams.Add(request.NewErrParamRequired("ResourceType")) 2600 } 2601 if s.ResourceType != nil && len(*s.ResourceType) < 1 { 2602 invalidParams.Add(request.NewErrParamMinLen("ResourceType", 1)) 2603 } 2604 if s.SecurityServicePolicyData == nil { 2605 invalidParams.Add(request.NewErrParamRequired("SecurityServicePolicyData")) 2606 } 2607 if s.ResourceTags != nil { 2608 for i, v := range s.ResourceTags { 2609 if v == nil { 2610 continue 2611 } 2612 if err := v.Validate(); err != nil { 2613 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "ResourceTags", i), err.(request.ErrInvalidParams)) 2614 } 2615 } 2616 } 2617 if s.SecurityServicePolicyData != nil { 2618 if err := s.SecurityServicePolicyData.Validate(); err != nil { 2619 invalidParams.AddNested("SecurityServicePolicyData", err.(request.ErrInvalidParams)) 2620 } 2621 } 2622 2623 if invalidParams.Len() > 0 { 2624 return invalidParams 2625 } 2626 return nil 2627} 2628 2629// SetExcludeMap sets the ExcludeMap field's value. 2630func (s *Policy) SetExcludeMap(v map[string][]*string) *Policy { 2631 s.ExcludeMap = v 2632 return s 2633} 2634 2635// SetExcludeResourceTags sets the ExcludeResourceTags field's value. 2636func (s *Policy) SetExcludeResourceTags(v bool) *Policy { 2637 s.ExcludeResourceTags = &v 2638 return s 2639} 2640 2641// SetIncludeMap sets the IncludeMap field's value. 2642func (s *Policy) SetIncludeMap(v map[string][]*string) *Policy { 2643 s.IncludeMap = v 2644 return s 2645} 2646 2647// SetPolicyId sets the PolicyId field's value. 2648func (s *Policy) SetPolicyId(v string) *Policy { 2649 s.PolicyId = &v 2650 return s 2651} 2652 2653// SetPolicyName sets the PolicyName field's value. 2654func (s *Policy) SetPolicyName(v string) *Policy { 2655 s.PolicyName = &v 2656 return s 2657} 2658 2659// SetPolicyUpdateToken sets the PolicyUpdateToken field's value. 2660func (s *Policy) SetPolicyUpdateToken(v string) *Policy { 2661 s.PolicyUpdateToken = &v 2662 return s 2663} 2664 2665// SetRemediationEnabled sets the RemediationEnabled field's value. 2666func (s *Policy) SetRemediationEnabled(v bool) *Policy { 2667 s.RemediationEnabled = &v 2668 return s 2669} 2670 2671// SetResourceTags sets the ResourceTags field's value. 2672func (s *Policy) SetResourceTags(v []*ResourceTag) *Policy { 2673 s.ResourceTags = v 2674 return s 2675} 2676 2677// SetResourceType sets the ResourceType field's value. 2678func (s *Policy) SetResourceType(v string) *Policy { 2679 s.ResourceType = &v 2680 return s 2681} 2682 2683// SetResourceTypeList sets the ResourceTypeList field's value. 2684func (s *Policy) SetResourceTypeList(v []*string) *Policy { 2685 s.ResourceTypeList = v 2686 return s 2687} 2688 2689// SetSecurityServicePolicyData sets the SecurityServicePolicyData field's value. 2690func (s *Policy) SetSecurityServicePolicyData(v *SecurityServicePolicyData) *Policy { 2691 s.SecurityServicePolicyData = v 2692 return s 2693} 2694 2695// Describes the noncompliant resources in a member account for a specific AWS 2696// Firewall Manager policy. A maximum of 100 entries are displayed. If more 2697// than 100 resources are noncompliant, EvaluationLimitExceeded is set to True. 2698type PolicyComplianceDetail struct { 2699 _ struct{} `type:"structure"` 2700 2701 // Indicates if over 100 resources are noncompliant with the AWS Firewall Manager 2702 // policy. 2703 EvaluationLimitExceeded *bool `type:"boolean"` 2704 2705 // A timestamp that indicates when the returned information should be considered 2706 // out of date. 2707 ExpiredAt *time.Time `type:"timestamp"` 2708 2709 // Details about problems with dependent services, such as AWS WAF or AWS Config, 2710 // that are causing a resource to be noncompliant. The details include the name 2711 // of the dependent service and the error message received that indicates the 2712 // problem with the service. 2713 IssueInfoMap map[string]*string `type:"map"` 2714 2715 // The AWS account ID. 2716 MemberAccount *string `min:"1" type:"string"` 2717 2718 // The ID of the AWS Firewall Manager policy. 2719 PolicyId *string `min:"36" type:"string"` 2720 2721 // The AWS account that created the AWS Firewall Manager policy. 2722 PolicyOwner *string `min:"1" type:"string"` 2723 2724 // An array of resources that aren't protected by the AWS WAF or Shield Advanced 2725 // policy or that aren't in compliance with the security group policy. 2726 Violators []*ComplianceViolator `type:"list"` 2727} 2728 2729// String returns the string representation 2730func (s PolicyComplianceDetail) String() string { 2731 return awsutil.Prettify(s) 2732} 2733 2734// GoString returns the string representation 2735func (s PolicyComplianceDetail) GoString() string { 2736 return s.String() 2737} 2738 2739// SetEvaluationLimitExceeded sets the EvaluationLimitExceeded field's value. 2740func (s *PolicyComplianceDetail) SetEvaluationLimitExceeded(v bool) *PolicyComplianceDetail { 2741 s.EvaluationLimitExceeded = &v 2742 return s 2743} 2744 2745// SetExpiredAt sets the ExpiredAt field's value. 2746func (s *PolicyComplianceDetail) SetExpiredAt(v time.Time) *PolicyComplianceDetail { 2747 s.ExpiredAt = &v 2748 return s 2749} 2750 2751// SetIssueInfoMap sets the IssueInfoMap field's value. 2752func (s *PolicyComplianceDetail) SetIssueInfoMap(v map[string]*string) *PolicyComplianceDetail { 2753 s.IssueInfoMap = v 2754 return s 2755} 2756 2757// SetMemberAccount sets the MemberAccount field's value. 2758func (s *PolicyComplianceDetail) SetMemberAccount(v string) *PolicyComplianceDetail { 2759 s.MemberAccount = &v 2760 return s 2761} 2762 2763// SetPolicyId sets the PolicyId field's value. 2764func (s *PolicyComplianceDetail) SetPolicyId(v string) *PolicyComplianceDetail { 2765 s.PolicyId = &v 2766 return s 2767} 2768 2769// SetPolicyOwner sets the PolicyOwner field's value. 2770func (s *PolicyComplianceDetail) SetPolicyOwner(v string) *PolicyComplianceDetail { 2771 s.PolicyOwner = &v 2772 return s 2773} 2774 2775// SetViolators sets the Violators field's value. 2776func (s *PolicyComplianceDetail) SetViolators(v []*ComplianceViolator) *PolicyComplianceDetail { 2777 s.Violators = v 2778 return s 2779} 2780 2781// Indicates whether the account is compliant with the specified policy. An 2782// account is considered noncompliant if it includes resources that are not 2783// protected by the policy, for AWS WAF and Shield Advanced policies, or that 2784// are noncompliant with the policy, for security group policies. 2785type PolicyComplianceStatus struct { 2786 _ struct{} `type:"structure"` 2787 2788 // An array of EvaluationResult objects. 2789 EvaluationResults []*EvaluationResult `type:"list"` 2790 2791 // Details about problems with dependent services, such as AWS WAF or AWS Config, 2792 // that are causing a resource to be noncompliant. The details include the name 2793 // of the dependent service and the error message received that indicates the 2794 // problem with the service. 2795 IssueInfoMap map[string]*string `type:"map"` 2796 2797 // Timestamp of the last update to the EvaluationResult objects. 2798 LastUpdated *time.Time `type:"timestamp"` 2799 2800 // The member account ID. 2801 MemberAccount *string `min:"1" type:"string"` 2802 2803 // The ID of the AWS Firewall Manager policy. 2804 PolicyId *string `min:"36" type:"string"` 2805 2806 // The friendly name of the AWS Firewall Manager policy. 2807 PolicyName *string `min:"1" type:"string"` 2808 2809 // The AWS account that created the AWS Firewall Manager policy. 2810 PolicyOwner *string `min:"1" type:"string"` 2811} 2812 2813// String returns the string representation 2814func (s PolicyComplianceStatus) String() string { 2815 return awsutil.Prettify(s) 2816} 2817 2818// GoString returns the string representation 2819func (s PolicyComplianceStatus) GoString() string { 2820 return s.String() 2821} 2822 2823// SetEvaluationResults sets the EvaluationResults field's value. 2824func (s *PolicyComplianceStatus) SetEvaluationResults(v []*EvaluationResult) *PolicyComplianceStatus { 2825 s.EvaluationResults = v 2826 return s 2827} 2828 2829// SetIssueInfoMap sets the IssueInfoMap field's value. 2830func (s *PolicyComplianceStatus) SetIssueInfoMap(v map[string]*string) *PolicyComplianceStatus { 2831 s.IssueInfoMap = v 2832 return s 2833} 2834 2835// SetLastUpdated sets the LastUpdated field's value. 2836func (s *PolicyComplianceStatus) SetLastUpdated(v time.Time) *PolicyComplianceStatus { 2837 s.LastUpdated = &v 2838 return s 2839} 2840 2841// SetMemberAccount sets the MemberAccount field's value. 2842func (s *PolicyComplianceStatus) SetMemberAccount(v string) *PolicyComplianceStatus { 2843 s.MemberAccount = &v 2844 return s 2845} 2846 2847// SetPolicyId sets the PolicyId field's value. 2848func (s *PolicyComplianceStatus) SetPolicyId(v string) *PolicyComplianceStatus { 2849 s.PolicyId = &v 2850 return s 2851} 2852 2853// SetPolicyName sets the PolicyName field's value. 2854func (s *PolicyComplianceStatus) SetPolicyName(v string) *PolicyComplianceStatus { 2855 s.PolicyName = &v 2856 return s 2857} 2858 2859// SetPolicyOwner sets the PolicyOwner field's value. 2860func (s *PolicyComplianceStatus) SetPolicyOwner(v string) *PolicyComplianceStatus { 2861 s.PolicyOwner = &v 2862 return s 2863} 2864 2865// Details of the AWS Firewall Manager policy. 2866type PolicySummary struct { 2867 _ struct{} `type:"structure"` 2868 2869 // The Amazon Resource Name (ARN) of the specified policy. 2870 PolicyArn *string `min:"1" type:"string"` 2871 2872 // The ID of the specified policy. 2873 PolicyId *string `min:"36" type:"string"` 2874 2875 // The friendly name of the specified policy. 2876 PolicyName *string `min:"1" type:"string"` 2877 2878 // Indicates if the policy should be automatically applied to new resources. 2879 RemediationEnabled *bool `type:"boolean"` 2880 2881 // The type of resource protected by or in scope of the policy. This is in the 2882 // format shown in the AWS Resource Types Reference (https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html). 2883 // For AWS WAF and Shield Advanced, examples include AWS::ElasticLoadBalancingV2::LoadBalancer 2884 // and AWS::CloudFront::Distribution. For a security group common policy, valid 2885 // values are AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a security 2886 // group content audit policy, valid values are AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, 2887 // and AWS::EC2::Instance. For a security group usage audit policy, the value 2888 // is AWS::EC2::SecurityGroup. 2889 ResourceType *string `min:"1" type:"string"` 2890 2891 // The service that the policy is using to protect the resources. This specifies 2892 // the type of policy that is created, either an AWS WAF policy, a Shield Advanced 2893 // policy, or a security group policy. 2894 SecurityServiceType *string `type:"string" enum:"SecurityServiceType"` 2895} 2896 2897// String returns the string representation 2898func (s PolicySummary) String() string { 2899 return awsutil.Prettify(s) 2900} 2901 2902// GoString returns the string representation 2903func (s PolicySummary) GoString() string { 2904 return s.String() 2905} 2906 2907// SetPolicyArn sets the PolicyArn field's value. 2908func (s *PolicySummary) SetPolicyArn(v string) *PolicySummary { 2909 s.PolicyArn = &v 2910 return s 2911} 2912 2913// SetPolicyId sets the PolicyId field's value. 2914func (s *PolicySummary) SetPolicyId(v string) *PolicySummary { 2915 s.PolicyId = &v 2916 return s 2917} 2918 2919// SetPolicyName sets the PolicyName field's value. 2920func (s *PolicySummary) SetPolicyName(v string) *PolicySummary { 2921 s.PolicyName = &v 2922 return s 2923} 2924 2925// SetRemediationEnabled sets the RemediationEnabled field's value. 2926func (s *PolicySummary) SetRemediationEnabled(v bool) *PolicySummary { 2927 s.RemediationEnabled = &v 2928 return s 2929} 2930 2931// SetResourceType sets the ResourceType field's value. 2932func (s *PolicySummary) SetResourceType(v string) *PolicySummary { 2933 s.ResourceType = &v 2934 return s 2935} 2936 2937// SetSecurityServiceType sets the SecurityServiceType field's value. 2938func (s *PolicySummary) SetSecurityServiceType(v string) *PolicySummary { 2939 s.SecurityServiceType = &v 2940 return s 2941} 2942 2943type PutNotificationChannelInput struct { 2944 _ struct{} `type:"structure"` 2945 2946 // The Amazon Resource Name (ARN) of the IAM role that allows Amazon SNS to 2947 // record AWS Firewall Manager activity. 2948 // 2949 // SnsRoleName is a required field 2950 SnsRoleName *string `min:"1" type:"string" required:"true"` 2951 2952 // The Amazon Resource Name (ARN) of the SNS topic that collects notifications 2953 // from AWS Firewall Manager. 2954 // 2955 // SnsTopicArn is a required field 2956 SnsTopicArn *string `min:"1" type:"string" required:"true"` 2957} 2958 2959// String returns the string representation 2960func (s PutNotificationChannelInput) String() string { 2961 return awsutil.Prettify(s) 2962} 2963 2964// GoString returns the string representation 2965func (s PutNotificationChannelInput) GoString() string { 2966 return s.String() 2967} 2968 2969// Validate inspects the fields of the type to determine if they are valid. 2970func (s *PutNotificationChannelInput) Validate() error { 2971 invalidParams := request.ErrInvalidParams{Context: "PutNotificationChannelInput"} 2972 if s.SnsRoleName == nil { 2973 invalidParams.Add(request.NewErrParamRequired("SnsRoleName")) 2974 } 2975 if s.SnsRoleName != nil && len(*s.SnsRoleName) < 1 { 2976 invalidParams.Add(request.NewErrParamMinLen("SnsRoleName", 1)) 2977 } 2978 if s.SnsTopicArn == nil { 2979 invalidParams.Add(request.NewErrParamRequired("SnsTopicArn")) 2980 } 2981 if s.SnsTopicArn != nil && len(*s.SnsTopicArn) < 1 { 2982 invalidParams.Add(request.NewErrParamMinLen("SnsTopicArn", 1)) 2983 } 2984 2985 if invalidParams.Len() > 0 { 2986 return invalidParams 2987 } 2988 return nil 2989} 2990 2991// SetSnsRoleName sets the SnsRoleName field's value. 2992func (s *PutNotificationChannelInput) SetSnsRoleName(v string) *PutNotificationChannelInput { 2993 s.SnsRoleName = &v 2994 return s 2995} 2996 2997// SetSnsTopicArn sets the SnsTopicArn field's value. 2998func (s *PutNotificationChannelInput) SetSnsTopicArn(v string) *PutNotificationChannelInput { 2999 s.SnsTopicArn = &v 3000 return s 3001} 3002 3003type PutNotificationChannelOutput struct { 3004 _ struct{} `type:"structure"` 3005} 3006 3007// String returns the string representation 3008func (s PutNotificationChannelOutput) String() string { 3009 return awsutil.Prettify(s) 3010} 3011 3012// GoString returns the string representation 3013func (s PutNotificationChannelOutput) GoString() string { 3014 return s.String() 3015} 3016 3017type PutPolicyInput struct { 3018 _ struct{} `type:"structure"` 3019 3020 // The details of the AWS Firewall Manager policy to be created. 3021 // 3022 // Policy is a required field 3023 Policy *Policy `type:"structure" required:"true"` 3024} 3025 3026// String returns the string representation 3027func (s PutPolicyInput) String() string { 3028 return awsutil.Prettify(s) 3029} 3030 3031// GoString returns the string representation 3032func (s PutPolicyInput) GoString() string { 3033 return s.String() 3034} 3035 3036// Validate inspects the fields of the type to determine if they are valid. 3037func (s *PutPolicyInput) Validate() error { 3038 invalidParams := request.ErrInvalidParams{Context: "PutPolicyInput"} 3039 if s.Policy == nil { 3040 invalidParams.Add(request.NewErrParamRequired("Policy")) 3041 } 3042 if s.Policy != nil { 3043 if err := s.Policy.Validate(); err != nil { 3044 invalidParams.AddNested("Policy", err.(request.ErrInvalidParams)) 3045 } 3046 } 3047 3048 if invalidParams.Len() > 0 { 3049 return invalidParams 3050 } 3051 return nil 3052} 3053 3054// SetPolicy sets the Policy field's value. 3055func (s *PutPolicyInput) SetPolicy(v *Policy) *PutPolicyInput { 3056 s.Policy = v 3057 return s 3058} 3059 3060type PutPolicyOutput struct { 3061 _ struct{} `type:"structure"` 3062 3063 // The details of the AWS Firewall Manager policy that was created. 3064 Policy *Policy `type:"structure"` 3065 3066 // The Amazon Resource Name (ARN) of the policy that was created. 3067 PolicyArn *string `min:"1" type:"string"` 3068} 3069 3070// String returns the string representation 3071func (s PutPolicyOutput) String() string { 3072 return awsutil.Prettify(s) 3073} 3074 3075// GoString returns the string representation 3076func (s PutPolicyOutput) GoString() string { 3077 return s.String() 3078} 3079 3080// SetPolicy sets the Policy field's value. 3081func (s *PutPolicyOutput) SetPolicy(v *Policy) *PutPolicyOutput { 3082 s.Policy = v 3083 return s 3084} 3085 3086// SetPolicyArn sets the PolicyArn field's value. 3087func (s *PutPolicyOutput) SetPolicyArn(v string) *PutPolicyOutput { 3088 s.PolicyArn = &v 3089 return s 3090} 3091 3092// The resource tags that AWS Firewall Manager uses to determine if a particular 3093// resource should be included or excluded from the AWS Firewall Manager policy. 3094// Tags enable you to categorize your AWS resources in different ways, for example, 3095// by purpose, owner, or environment. Each tag consists of a key and an optional 3096// value. Firewall Manager combines the tags with "AND" so that, if you add 3097// more than one tag to a policy scope, a resource must have all the specified 3098// tags to be included or excluded. For more information, see Working with Tag 3099// Editor (https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/tag-editor.html). 3100type ResourceTag struct { 3101 _ struct{} `type:"structure"` 3102 3103 // The resource tag key. 3104 // 3105 // Key is a required field 3106 Key *string `min:"1" type:"string" required:"true"` 3107 3108 // The resource tag value. 3109 Value *string `type:"string"` 3110} 3111 3112// String returns the string representation 3113func (s ResourceTag) String() string { 3114 return awsutil.Prettify(s) 3115} 3116 3117// GoString returns the string representation 3118func (s ResourceTag) GoString() string { 3119 return s.String() 3120} 3121 3122// Validate inspects the fields of the type to determine if they are valid. 3123func (s *ResourceTag) Validate() error { 3124 invalidParams := request.ErrInvalidParams{Context: "ResourceTag"} 3125 if s.Key == nil { 3126 invalidParams.Add(request.NewErrParamRequired("Key")) 3127 } 3128 if s.Key != nil && len(*s.Key) < 1 { 3129 invalidParams.Add(request.NewErrParamMinLen("Key", 1)) 3130 } 3131 3132 if invalidParams.Len() > 0 { 3133 return invalidParams 3134 } 3135 return nil 3136} 3137 3138// SetKey sets the Key field's value. 3139func (s *ResourceTag) SetKey(v string) *ResourceTag { 3140 s.Key = &v 3141 return s 3142} 3143 3144// SetValue sets the Value field's value. 3145func (s *ResourceTag) SetValue(v string) *ResourceTag { 3146 s.Value = &v 3147 return s 3148} 3149 3150// Details about the security service that is being used to protect the resources. 3151type SecurityServicePolicyData struct { 3152 _ struct{} `type:"structure"` 3153 3154 // Details about the service that are specific to the service type, in JSON 3155 // format. For service type SHIELD_ADVANCED, this is an empty string. 3156 // 3157 // * Example: WAF ManagedServiceData": "{\"type\": \"WAF\", \"ruleGroups\": 3158 // [{\"id\": \"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" 3159 // : {\"type\": \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}} 3160 // 3161 // * Example: SECURITY_GROUPS_COMMON "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false,\"securityGroups\":[{\"id\":\" 3162 // sg-000e55995d61a06bd\"}]}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} 3163 // 3164 // * Example: SECURITY_GROUPS_CONTENT_AUDIT "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_CONTENT_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\" 3165 // sg-000e55995d61a06bd \"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} 3166 // The security group action for content audit can be ALLOW or DENY. For 3167 // ALLOW, all in-scope security group rules must be within the allowed range 3168 // of the policy's security group rules. For DENY, all in-scope security 3169 // group rules must not contain a value or a range that matches a rule value 3170 // or range in the policy security group. 3171 // 3172 // * Example: SECURITY_GROUPS_USAGE_AUDIT "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_USAGE_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"},"RemediationEnabled":false,"Resou 3173 // rceType":"AWS::EC2::SecurityGroup"} 3174 ManagedServiceData *string `min:"1" type:"string"` 3175 3176 // The service that the policy is using to protect the resources. This specifies 3177 // the type of policy that is created, either an AWS WAF policy, a Shield Advanced 3178 // policy, or a security group policy. For security group policies, Firewall 3179 // Manager supports one security group for each common policy and for each content 3180 // audit policy. This is an adjustable limit that you can increase by contacting 3181 // AWS Support. 3182 // 3183 // Type is a required field 3184 Type *string `type:"string" required:"true" enum:"SecurityServiceType"` 3185} 3186 3187// String returns the string representation 3188func (s SecurityServicePolicyData) String() string { 3189 return awsutil.Prettify(s) 3190} 3191 3192// GoString returns the string representation 3193func (s SecurityServicePolicyData) GoString() string { 3194 return s.String() 3195} 3196 3197// Validate inspects the fields of the type to determine if they are valid. 3198func (s *SecurityServicePolicyData) Validate() error { 3199 invalidParams := request.ErrInvalidParams{Context: "SecurityServicePolicyData"} 3200 if s.ManagedServiceData != nil && len(*s.ManagedServiceData) < 1 { 3201 invalidParams.Add(request.NewErrParamMinLen("ManagedServiceData", 1)) 3202 } 3203 if s.Type == nil { 3204 invalidParams.Add(request.NewErrParamRequired("Type")) 3205 } 3206 3207 if invalidParams.Len() > 0 { 3208 return invalidParams 3209 } 3210 return nil 3211} 3212 3213// SetManagedServiceData sets the ManagedServiceData field's value. 3214func (s *SecurityServicePolicyData) SetManagedServiceData(v string) *SecurityServicePolicyData { 3215 s.ManagedServiceData = &v 3216 return s 3217} 3218 3219// SetType sets the Type field's value. 3220func (s *SecurityServicePolicyData) SetType(v string) *SecurityServicePolicyData { 3221 s.Type = &v 3222 return s 3223} 3224 3225const ( 3226 // AccountRoleStatusReady is a AccountRoleStatus enum value 3227 AccountRoleStatusReady = "READY" 3228 3229 // AccountRoleStatusCreating is a AccountRoleStatus enum value 3230 AccountRoleStatusCreating = "CREATING" 3231 3232 // AccountRoleStatusPendingDeletion is a AccountRoleStatus enum value 3233 AccountRoleStatusPendingDeletion = "PENDING_DELETION" 3234 3235 // AccountRoleStatusDeleting is a AccountRoleStatus enum value 3236 AccountRoleStatusDeleting = "DELETING" 3237 3238 // AccountRoleStatusDeleted is a AccountRoleStatus enum value 3239 AccountRoleStatusDeleted = "DELETED" 3240) 3241 3242const ( 3243 // CustomerPolicyScopeIdTypeAccount is a CustomerPolicyScopeIdType enum value 3244 CustomerPolicyScopeIdTypeAccount = "ACCOUNT" 3245) 3246 3247const ( 3248 // DependentServiceNameAwsconfig is a DependentServiceName enum value 3249 DependentServiceNameAwsconfig = "AWSCONFIG" 3250 3251 // DependentServiceNameAwswaf is a DependentServiceName enum value 3252 DependentServiceNameAwswaf = "AWSWAF" 3253 3254 // DependentServiceNameAwsshieldAdvanced is a DependentServiceName enum value 3255 DependentServiceNameAwsshieldAdvanced = "AWSSHIELD_ADVANCED" 3256 3257 // DependentServiceNameAwsvpc is a DependentServiceName enum value 3258 DependentServiceNameAwsvpc = "AWSVPC" 3259) 3260 3261const ( 3262 // PolicyComplianceStatusTypeCompliant is a PolicyComplianceStatusType enum value 3263 PolicyComplianceStatusTypeCompliant = "COMPLIANT" 3264 3265 // PolicyComplianceStatusTypeNonCompliant is a PolicyComplianceStatusType enum value 3266 PolicyComplianceStatusTypeNonCompliant = "NON_COMPLIANT" 3267) 3268 3269const ( 3270 // SecurityServiceTypeWaf is a SecurityServiceType enum value 3271 SecurityServiceTypeWaf = "WAF" 3272 3273 // SecurityServiceTypeShieldAdvanced is a SecurityServiceType enum value 3274 SecurityServiceTypeShieldAdvanced = "SHIELD_ADVANCED" 3275 3276 // SecurityServiceTypeSecurityGroupsCommon is a SecurityServiceType enum value 3277 SecurityServiceTypeSecurityGroupsCommon = "SECURITY_GROUPS_COMMON" 3278 3279 // SecurityServiceTypeSecurityGroupsContentAudit is a SecurityServiceType enum value 3280 SecurityServiceTypeSecurityGroupsContentAudit = "SECURITY_GROUPS_CONTENT_AUDIT" 3281 3282 // SecurityServiceTypeSecurityGroupsUsageAudit is a SecurityServiceType enum value 3283 SecurityServiceTypeSecurityGroupsUsageAudit = "SECURITY_GROUPS_USAGE_AUDIT" 3284) 3285 3286const ( 3287 // ViolationReasonWebAclMissingRuleGroup is a ViolationReason enum value 3288 ViolationReasonWebAclMissingRuleGroup = "WEB_ACL_MISSING_RULE_GROUP" 3289 3290 // ViolationReasonResourceMissingWebAcl is a ViolationReason enum value 3291 ViolationReasonResourceMissingWebAcl = "RESOURCE_MISSING_WEB_ACL" 3292 3293 // ViolationReasonResourceIncorrectWebAcl is a ViolationReason enum value 3294 ViolationReasonResourceIncorrectWebAcl = "RESOURCE_INCORRECT_WEB_ACL" 3295 3296 // ViolationReasonResourceMissingShieldProtection is a ViolationReason enum value 3297 ViolationReasonResourceMissingShieldProtection = "RESOURCE_MISSING_SHIELD_PROTECTION" 3298 3299 // ViolationReasonResourceMissingWebAclOrShieldProtection is a ViolationReason enum value 3300 ViolationReasonResourceMissingWebAclOrShieldProtection = "RESOURCE_MISSING_WEB_ACL_OR_SHIELD_PROTECTION" 3301 3302 // ViolationReasonResourceMissingSecurityGroup is a ViolationReason enum value 3303 ViolationReasonResourceMissingSecurityGroup = "RESOURCE_MISSING_SECURITY_GROUP" 3304 3305 // ViolationReasonResourceViolatesAuditSecurityGroup is a ViolationReason enum value 3306 ViolationReasonResourceViolatesAuditSecurityGroup = "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP" 3307 3308 // ViolationReasonSecurityGroupUnused is a ViolationReason enum value 3309 ViolationReasonSecurityGroupUnused = "SECURITY_GROUP_UNUSED" 3310 3311 // ViolationReasonSecurityGroupRedundant is a ViolationReason enum value 3312 ViolationReasonSecurityGroupRedundant = "SECURITY_GROUP_REDUNDANT" 3313) 3314