aws.fms.Policy
Explore with Pulumi AI
Provides a resource to create an AWS Firewall Manager policy. You need to be using AWS organizations and have enabled the Firewall Manager administrator account.
NOTE: Due to limitations with testing, we provide it as best effort. If you find it useful, and have the ability to help test or notice issues, consider reaching out to us on GitHub.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleRuleGroup = new aws.wafregional.RuleGroup("example", {
metricName: "WAFRuleGroupExample",
name: "WAF-Rule-Group-Example",
});
const example = new aws.fms.Policy("example", {
name: "FMS-Policy-Example",
excludeResourceTags: false,
remediationEnabled: false,
resourceType: "AWS::ElasticLoadBalancingV2::LoadBalancer",
securityServicePolicyData: {
type: "WAF",
managedServiceData: pulumi.jsonStringify({
type: "WAF",
ruleGroups: [{
id: exampleRuleGroup.id,
overrideAction: {
type: "COUNT",
},
}],
defaultAction: {
type: "BLOCK",
},
overrideCustomerWebACLAssociation: false,
}),
},
tags: {
Name: "example-fms-policy",
},
});
import pulumi
import json
import pulumi_aws as aws
example_rule_group = aws.wafregional.RuleGroup("example",
metric_name="WAFRuleGroupExample",
name="WAF-Rule-Group-Example")
example = aws.fms.Policy("example",
name="FMS-Policy-Example",
exclude_resource_tags=False,
remediation_enabled=False,
resource_type="AWS::ElasticLoadBalancingV2::LoadBalancer",
security_service_policy_data={
"type": "WAF",
"managed_service_data": pulumi.Output.json_dumps({
"type": "WAF",
"ruleGroups": [{
"id": example_rule_group.id,
"overrideAction": {
"type": "COUNT",
},
}],
"defaultAction": {
"type": "BLOCK",
},
"overrideCustomerWebACLAssociation": False,
}),
},
tags={
"Name": "example-fms-policy",
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/fms"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleRuleGroup, err := wafregional.NewRuleGroup(ctx, "example", &wafregional.RuleGroupArgs{
MetricName: pulumi.String("WAFRuleGroupExample"),
Name: pulumi.String("WAF-Rule-Group-Example"),
})
if err != nil {
return err
}
_, err = fms.NewPolicy(ctx, "example", &fms.PolicyArgs{
Name: pulumi.String("FMS-Policy-Example"),
ExcludeResourceTags: pulumi.Bool(false),
RemediationEnabled: pulumi.Bool(false),
ResourceType: pulumi.String("AWS::ElasticLoadBalancingV2::LoadBalancer"),
SecurityServicePolicyData: &fms.PolicySecurityServicePolicyDataArgs{
Type: pulumi.String("WAF"),
ManagedServiceData: exampleRuleGroup.ID().ApplyT(func(id string) (pulumi.String, error) {
var _zero pulumi.String
tmpJSON0, err := json.Marshal(map[string]interface{}{
"type": "WAF",
"ruleGroups": []map[string]interface{}{
map[string]interface{}{
"id": id,
"overrideAction": map[string]interface{}{
"type": "COUNT",
},
},
},
"defaultAction": map[string]interface{}{
"type": "BLOCK",
},
"overrideCustomerWebACLAssociation": false,
})
if err != nil {
return _zero, err
}
json0 := string(tmpJSON0)
return pulumi.String(json0), nil
}).(pulumi.StringOutput),
},
Tags: pulumi.StringMap{
"Name": pulumi.String("example-fms-policy"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleRuleGroup = new Aws.WafRegional.RuleGroup("example", new()
{
MetricName = "WAFRuleGroupExample",
Name = "WAF-Rule-Group-Example",
});
var example = new Aws.Fms.Policy("example", new()
{
Name = "FMS-Policy-Example",
ExcludeResourceTags = false,
RemediationEnabled = false,
ResourceType = "AWS::ElasticLoadBalancingV2::LoadBalancer",
SecurityServicePolicyData = new Aws.Fms.Inputs.PolicySecurityServicePolicyDataArgs
{
Type = "WAF",
ManagedServiceData = Output.JsonSerialize(Output.Create(new Dictionary<string, object?>
{
["type"] = "WAF",
["ruleGroups"] = new[]
{
new Dictionary<string, object?>
{
["id"] = exampleRuleGroup.Id,
["overrideAction"] = new Dictionary<string, object?>
{
["type"] = "COUNT",
},
},
},
["defaultAction"] = new Dictionary<string, object?>
{
["type"] = "BLOCK",
},
["overrideCustomerWebACLAssociation"] = false,
})),
},
Tags =
{
{ "Name", "example-fms-policy" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafregional.RuleGroup;
import com.pulumi.aws.wafregional.RuleGroupArgs;
import com.pulumi.aws.fms.Policy;
import com.pulumi.aws.fms.PolicyArgs;
import com.pulumi.aws.fms.inputs.PolicySecurityServicePolicyDataArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleRuleGroup = new RuleGroup("exampleRuleGroup", RuleGroupArgs.builder()
.metricName("WAFRuleGroupExample")
.name("WAF-Rule-Group-Example")
.build());
var example = new Policy("example", PolicyArgs.builder()
.name("FMS-Policy-Example")
.excludeResourceTags(false)
.remediationEnabled(false)
.resourceType("AWS::ElasticLoadBalancingV2::LoadBalancer")
.securityServicePolicyData(PolicySecurityServicePolicyDataArgs.builder()
.type("WAF")
.managedServiceData(exampleRuleGroup.id().applyValue(id -> serializeJson(
jsonObject(
jsonProperty("type", "WAF"),
jsonProperty("ruleGroups", jsonArray(jsonObject(
jsonProperty("id", id),
jsonProperty("overrideAction", jsonObject(
jsonProperty("type", "COUNT")
))
))),
jsonProperty("defaultAction", jsonObject(
jsonProperty("type", "BLOCK")
)),
jsonProperty("overrideCustomerWebACLAssociation", false)
))))
.build())
.tags(Map.of("Name", "example-fms-policy"))
.build());
}
}
resources:
example:
type: aws:fms:Policy
properties:
name: FMS-Policy-Example
excludeResourceTags: false
remediationEnabled: false
resourceType: AWS::ElasticLoadBalancingV2::LoadBalancer
securityServicePolicyData:
type: WAF
managedServiceData:
fn::toJSON:
type: WAF
ruleGroups:
- id: ${exampleRuleGroup.id}
overrideAction:
type: COUNT
defaultAction:
type: BLOCK
overrideCustomerWebACLAssociation: false
tags:
Name: example-fms-policy
exampleRuleGroup:
type: aws:wafregional:RuleGroup
name: example
properties:
metricName: WAFRuleGroupExample
name: WAF-Rule-Group-Example
Create Policy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);
@overload
def Policy(resource_name: str,
args: PolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Policy(resource_name: str,
opts: Optional[ResourceOptions] = None,
exclude_resource_tags: Optional[bool] = None,
security_service_policy_data: Optional[PolicySecurityServicePolicyDataArgs] = None,
name: Optional[str] = None,
exclude_map: Optional[PolicyExcludeMapArgs] = None,
description: Optional[str] = None,
include_map: Optional[PolicyIncludeMapArgs] = None,
delete_all_policy_resources: Optional[bool] = None,
remediation_enabled: Optional[bool] = None,
resource_set_ids: Optional[Sequence[str]] = None,
resource_tags: Optional[Mapping[str, str]] = None,
resource_type: Optional[str] = None,
resource_type_lists: Optional[Sequence[str]] = None,
delete_unused_fm_managed_resources: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None)
func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)
public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)
public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)
type: aws:fms:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var examplepolicyResourceResourceFromFmspolicy = new Aws.Fms.Policy("examplepolicyResourceResourceFromFmspolicy", new()
{
ExcludeResourceTags = false,
SecurityServicePolicyData = new Aws.Fms.Inputs.PolicySecurityServicePolicyDataArgs
{
Type = "string",
ManagedServiceData = "string",
PolicyOption = new Aws.Fms.Inputs.PolicySecurityServicePolicyDataPolicyOptionArgs
{
NetworkFirewallPolicy = new Aws.Fms.Inputs.PolicySecurityServicePolicyDataPolicyOptionNetworkFirewallPolicyArgs
{
FirewallDeploymentModel = "string",
},
ThirdPartyFirewallPolicy = new Aws.Fms.Inputs.PolicySecurityServicePolicyDataPolicyOptionThirdPartyFirewallPolicyArgs
{
FirewallDeploymentModel = "string",
},
},
},
Name = "string",
ExcludeMap = new Aws.Fms.Inputs.PolicyExcludeMapArgs
{
Accounts = new[]
{
"string",
},
Orgunits = new[]
{
"string",
},
},
Description = "string",
IncludeMap = new Aws.Fms.Inputs.PolicyIncludeMapArgs
{
Accounts = new[]
{
"string",
},
Orgunits = new[]
{
"string",
},
},
DeleteAllPolicyResources = false,
RemediationEnabled = false,
ResourceSetIds = new[]
{
"string",
},
ResourceTags =
{
{ "string", "string" },
},
ResourceType = "string",
ResourceTypeLists = new[]
{
"string",
},
DeleteUnusedFmManagedResources = false,
Tags =
{
{ "string", "string" },
},
});
example, err := fms.NewPolicy(ctx, "examplepolicyResourceResourceFromFmspolicy", &fms.PolicyArgs{
ExcludeResourceTags: pulumi.Bool(false),
SecurityServicePolicyData: &fms.PolicySecurityServicePolicyDataArgs{
Type: pulumi.String("string"),
ManagedServiceData: pulumi.String("string"),
PolicyOption: &fms.PolicySecurityServicePolicyDataPolicyOptionArgs{
NetworkFirewallPolicy: &fms.PolicySecurityServicePolicyDataPolicyOptionNetworkFirewallPolicyArgs{
FirewallDeploymentModel: pulumi.String("string"),
},
ThirdPartyFirewallPolicy: &fms.PolicySecurityServicePolicyDataPolicyOptionThirdPartyFirewallPolicyArgs{
FirewallDeploymentModel: pulumi.String("string"),
},
},
},
Name: pulumi.String("string"),
ExcludeMap: &fms.PolicyExcludeMapArgs{
Accounts: pulumi.StringArray{
pulumi.String("string"),
},
Orgunits: pulumi.StringArray{
pulumi.String("string"),
},
},
Description: pulumi.String("string"),
IncludeMap: &fms.PolicyIncludeMapArgs{
Accounts: pulumi.StringArray{
pulumi.String("string"),
},
Orgunits: pulumi.StringArray{
pulumi.String("string"),
},
},
DeleteAllPolicyResources: pulumi.Bool(false),
RemediationEnabled: pulumi.Bool(false),
ResourceSetIds: pulumi.StringArray{
pulumi.String("string"),
},
ResourceTags: pulumi.StringMap{
"string": pulumi.String("string"),
},
ResourceType: pulumi.String("string"),
ResourceTypeLists: pulumi.StringArray{
pulumi.String("string"),
},
DeleteUnusedFmManagedResources: pulumi.Bool(false),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var examplepolicyResourceResourceFromFmspolicy = new Policy("examplepolicyResourceResourceFromFmspolicy", PolicyArgs.builder()
.excludeResourceTags(false)
.securityServicePolicyData(PolicySecurityServicePolicyDataArgs.builder()
.type("string")
.managedServiceData("string")
.policyOption(PolicySecurityServicePolicyDataPolicyOptionArgs.builder()
.networkFirewallPolicy(PolicySecurityServicePolicyDataPolicyOptionNetworkFirewallPolicyArgs.builder()
.firewallDeploymentModel("string")
.build())
.thirdPartyFirewallPolicy(PolicySecurityServicePolicyDataPolicyOptionThirdPartyFirewallPolicyArgs.builder()
.firewallDeploymentModel("string")
.build())
.build())
.build())
.name("string")
.excludeMap(PolicyExcludeMapArgs.builder()
.accounts("string")
.orgunits("string")
.build())
.description("string")
.includeMap(PolicyIncludeMapArgs.builder()
.accounts("string")
.orgunits("string")
.build())
.deleteAllPolicyResources(false)
.remediationEnabled(false)
.resourceSetIds("string")
.resourceTags(Map.of("string", "string"))
.resourceType("string")
.resourceTypeLists("string")
.deleteUnusedFmManagedResources(false)
.tags(Map.of("string", "string"))
.build());
examplepolicy_resource_resource_from_fmspolicy = aws.fms.Policy("examplepolicyResourceResourceFromFmspolicy",
exclude_resource_tags=False,
security_service_policy_data={
"type": "string",
"managed_service_data": "string",
"policy_option": {
"network_firewall_policy": {
"firewall_deployment_model": "string",
},
"third_party_firewall_policy": {
"firewall_deployment_model": "string",
},
},
},
name="string",
exclude_map={
"accounts": ["string"],
"orgunits": ["string"],
},
description="string",
include_map={
"accounts": ["string"],
"orgunits": ["string"],
},
delete_all_policy_resources=False,
remediation_enabled=False,
resource_set_ids=["string"],
resource_tags={
"string": "string",
},
resource_type="string",
resource_type_lists=["string"],
delete_unused_fm_managed_resources=False,
tags={
"string": "string",
})
const examplepolicyResourceResourceFromFmspolicy = new aws.fms.Policy("examplepolicyResourceResourceFromFmspolicy", {
excludeResourceTags: false,
securityServicePolicyData: {
type: "string",
managedServiceData: "string",
policyOption: {
networkFirewallPolicy: {
firewallDeploymentModel: "string",
},
thirdPartyFirewallPolicy: {
firewallDeploymentModel: "string",
},
},
},
name: "string",
excludeMap: {
accounts: ["string"],
orgunits: ["string"],
},
description: "string",
includeMap: {
accounts: ["string"],
orgunits: ["string"],
},
deleteAllPolicyResources: false,
remediationEnabled: false,
resourceSetIds: ["string"],
resourceTags: {
string: "string",
},
resourceType: "string",
resourceTypeLists: ["string"],
deleteUnusedFmManagedResources: false,
tags: {
string: "string",
},
});
type: aws:fms:Policy
properties:
deleteAllPolicyResources: false
deleteUnusedFmManagedResources: false
description: string
excludeMap:
accounts:
- string
orgunits:
- string
excludeResourceTags: false
includeMap:
accounts:
- string
orgunits:
- string
name: string
remediationEnabled: false
resourceSetIds:
- string
resourceTags:
string: string
resourceType: string
resourceTypeLists:
- string
securityServicePolicyData:
managedServiceData: string
policyOption:
networkFirewallPolicy:
firewallDeploymentModel: string
thirdPartyFirewallPolicy:
firewallDeploymentModel: string
type: string
tags:
string: string
Policy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Policy resource accepts the following input properties:
- bool
- A boolean value, if true the tags that are specified in the
resource_tags
are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy. - Security
Service PolicyPolicy Data Security Service Policy Data - The objects to include in Security Service Policy Data. Documented below.
- Delete
All boolPolicy Resources - If true, the request will also perform a clean-up process. Defaults to
true
. More information can be found here AWS Firewall Manager delete policy - Delete
Unused boolFm Managed Resources - If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to
false
. More information can be found here AWS Firewall Manager policy contents - Description string
- The description of the AWS Network Firewall firewall policy.
- Exclude
Map PolicyExclude Map - A map of lists of accounts and OU's to exclude from the policy.
- Include
Map PolicyInclude Map - A map of lists of accounts and OU's to include in the policy.
- Name string
- The friendly name of the AWS Firewall Manager Policy.
- Remediation
Enabled bool - A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
- Resource
Set List<string>Ids - Dictionary<string, string>
- A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
- Resource
Type string - A resource type to protect. Conflicts with
resource_type_list
. See the FMS API Reference for more information about supported values. - Resource
Type List<string>Lists - A list of resource types to protect. Conflicts with
resource_type
. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead useresource_type
. - Dictionary<string, string>
- Key-value mapping of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level
- bool
- A boolean value, if true the tags that are specified in the
resource_tags
are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy. - Security
Service PolicyPolicy Data Security Service Policy Data Args - The objects to include in Security Service Policy Data. Documented below.
- Delete
All boolPolicy Resources - If true, the request will also perform a clean-up process. Defaults to
true
. More information can be found here AWS Firewall Manager delete policy - Delete
Unused boolFm Managed Resources - If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to
false
. More information can be found here AWS Firewall Manager policy contents - Description string
- The description of the AWS Network Firewall firewall policy.
- Exclude
Map PolicyExclude Map Args - A map of lists of accounts and OU's to exclude from the policy.
- Include
Map PolicyInclude Map Args - A map of lists of accounts and OU's to include in the policy.
- Name string
- The friendly name of the AWS Firewall Manager Policy.
- Remediation
Enabled bool - A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
- Resource
Set []stringIds - map[string]string
- A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
- Resource
Type string - A resource type to protect. Conflicts with
resource_type_list
. See the FMS API Reference for more information about supported values. - Resource
Type []stringLists - A list of resource types to protect. Conflicts with
resource_type
. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead useresource_type
. - map[string]string
- Key-value mapping of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level
- Boolean
- A boolean value, if true the tags that are specified in the
resource_tags
are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy. - security
Service PolicyPolicy Data Security Service Policy Data - The objects to include in Security Service Policy Data. Documented below.
- delete
All BooleanPolicy Resources - If true, the request will also perform a clean-up process. Defaults to
true
. More information can be found here AWS Firewall Manager delete policy - delete
Unused BooleanFm Managed Resources - If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to
false
. More information can be found here AWS Firewall Manager policy contents - description String
- The description of the AWS Network Firewall firewall policy.
- exclude
Map PolicyExclude Map - A map of lists of accounts and OU's to exclude from the policy.
- include
Map PolicyInclude Map - A map of lists of accounts and OU's to include in the policy.
- name String
- The friendly name of the AWS Firewall Manager Policy.
- remediation
Enabled Boolean - A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
- resource
Set List<String>Ids - Map<String,String>
- A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
- resource
Type String - A resource type to protect. Conflicts with
resource_type_list
. See the FMS API Reference for more information about supported values. - resource
Type List<String>Lists - A list of resource types to protect. Conflicts with
resource_type
. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead useresource_type
. - Map<String,String>
- Key-value mapping of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level
- boolean
- A boolean value, if true the tags that are specified in the
resource_tags
are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy. - security
Service PolicyPolicy Data Security Service Policy Data - The objects to include in Security Service Policy Data. Documented below.
- delete
All booleanPolicy Resources - If true, the request will also perform a clean-up process. Defaults to
true
. More information can be found here AWS Firewall Manager delete policy - delete
Unused booleanFm Managed Resources - If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to
false
. More information can be found here AWS Firewall Manager policy contents - description string
- The description of the AWS Network Firewall firewall policy.
- exclude
Map PolicyExclude Map - A map of lists of accounts and OU's to exclude from the policy.
- include
Map PolicyInclude Map - A map of lists of accounts and OU's to include in the policy.
- name string
- The friendly name of the AWS Firewall Manager Policy.
- remediation
Enabled boolean - A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
- resource
Set string[]Ids - {[key: string]: string}
- A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
- resource
Type string - A resource type to protect. Conflicts with
resource_type_list
. See the FMS API Reference for more information about supported values. - resource
Type string[]Lists - A list of resource types to protect. Conflicts with
resource_type
. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead useresource_type
. - {[key: string]: string}
- Key-value mapping of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level
- bool
- A boolean value, if true the tags that are specified in the
resource_tags
are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy. - security_
service_ Policypolicy_ data Security Service Policy Data Args - The objects to include in Security Service Policy Data. Documented below.
- delete_
all_ boolpolicy_ resources - If true, the request will also perform a clean-up process. Defaults to
true
. More information can be found here AWS Firewall Manager delete policy - delete_
unused_ boolfm_ managed_ resources - If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to
false
. More information can be found here AWS Firewall Manager policy contents - description str
- The description of the AWS Network Firewall firewall policy.
- exclude_
map PolicyExclude Map Args - A map of lists of accounts and OU's to exclude from the policy.
- include_
map PolicyInclude Map Args - A map of lists of accounts and OU's to include in the policy.
- name str
- The friendly name of the AWS Firewall Manager Policy.
- remediation_
enabled bool - A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
- resource_
set_ Sequence[str]ids - Mapping[str, str]
- A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
- resource_
type str - A resource type to protect. Conflicts with
resource_type_list
. See the FMS API Reference for more information about supported values. - resource_
type_ Sequence[str]lists - A list of resource types to protect. Conflicts with
resource_type
. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead useresource_type
. - Mapping[str, str]
- Key-value mapping of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level
- Boolean
- A boolean value, if true the tags that are specified in the
resource_tags
are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy. - security
Service Property MapPolicy Data - The objects to include in Security Service Policy Data. Documented below.
- delete
All BooleanPolicy Resources - If true, the request will also perform a clean-up process. Defaults to
true
. More information can be found here AWS Firewall Manager delete policy - delete
Unused BooleanFm Managed Resources - If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to
false
. More information can be found here AWS Firewall Manager policy contents - description String
- The description of the AWS Network Firewall firewall policy.
- exclude
Map Property Map - A map of lists of accounts and OU's to exclude from the policy.
- include
Map Property Map - A map of lists of accounts and OU's to include in the policy.
- name String
- The friendly name of the AWS Firewall Manager Policy.
- remediation
Enabled Boolean - A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
- resource
Set List<String>Ids - Map<String>
- A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
- resource
Type String - A resource type to protect. Conflicts with
resource_type_list
. See the FMS API Reference for more information about supported values. - resource
Type List<String>Lists - A list of resource types to protect. Conflicts with
resource_type
. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead useresource_type
. - Map<String>
- Key-value mapping of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level
Outputs
All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:
- Arn string
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Update stringToken - A unique identifier for each update to the policy.
- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Arn string
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Update stringToken - A unique identifier for each update to the policy.
- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Update StringToken - A unique identifier for each update to the policy.
- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn string
- id string
- The provider-assigned unique ID for this managed resource.
- policy
Update stringToken - A unique identifier for each update to the policy.
- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn str
- id str
- The provider-assigned unique ID for this managed resource.
- policy_
update_ strtoken - A unique identifier for each update to the policy.
- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Update StringToken - A unique identifier for each update to the policy.
- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Look up Existing Policy Resource
Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
delete_all_policy_resources: Optional[bool] = None,
delete_unused_fm_managed_resources: Optional[bool] = None,
description: Optional[str] = None,
exclude_map: Optional[PolicyExcludeMapArgs] = None,
exclude_resource_tags: Optional[bool] = None,
include_map: Optional[PolicyIncludeMapArgs] = None,
name: Optional[str] = None,
policy_update_token: Optional[str] = None,
remediation_enabled: Optional[bool] = None,
resource_set_ids: Optional[Sequence[str]] = None,
resource_tags: Optional[Mapping[str, str]] = None,
resource_type: Optional[str] = None,
resource_type_lists: Optional[Sequence[str]] = None,
security_service_policy_data: Optional[PolicySecurityServicePolicyDataArgs] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None) -> Policy
func GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)
public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)
public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- Delete
All boolPolicy Resources - If true, the request will also perform a clean-up process. Defaults to
true
. More information can be found here AWS Firewall Manager delete policy - Delete
Unused boolFm Managed Resources - If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to
false
. More information can be found here AWS Firewall Manager policy contents - Description string
- The description of the AWS Network Firewall firewall policy.
- Exclude
Map PolicyExclude Map - A map of lists of accounts and OU's to exclude from the policy.
- bool
- A boolean value, if true the tags that are specified in the
resource_tags
are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy. - Include
Map PolicyInclude Map - A map of lists of accounts and OU's to include in the policy.
- Name string
- The friendly name of the AWS Firewall Manager Policy.
- Policy
Update stringToken - A unique identifier for each update to the policy.
- Remediation
Enabled bool - A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
- Resource
Set List<string>Ids - Dictionary<string, string>
- A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
- Resource
Type string - A resource type to protect. Conflicts with
resource_type_list
. See the FMS API Reference for more information about supported values. - Resource
Type List<string>Lists - A list of resource types to protect. Conflicts with
resource_type
. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead useresource_type
. - Security
Service PolicyPolicy Data Security Service Policy Data - The objects to include in Security Service Policy Data. Documented below.
- Dictionary<string, string>
- Key-value mapping of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Arn string
- Delete
All boolPolicy Resources - If true, the request will also perform a clean-up process. Defaults to
true
. More information can be found here AWS Firewall Manager delete policy - Delete
Unused boolFm Managed Resources - If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to
false
. More information can be found here AWS Firewall Manager policy contents - Description string
- The description of the AWS Network Firewall firewall policy.
- Exclude
Map PolicyExclude Map Args - A map of lists of accounts and OU's to exclude from the policy.
- bool
- A boolean value, if true the tags that are specified in the
resource_tags
are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy. - Include
Map PolicyInclude Map Args - A map of lists of accounts and OU's to include in the policy.
- Name string
- The friendly name of the AWS Firewall Manager Policy.
- Policy
Update stringToken - A unique identifier for each update to the policy.
- Remediation
Enabled bool - A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
- Resource
Set []stringIds - map[string]string
- A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
- Resource
Type string - A resource type to protect. Conflicts with
resource_type_list
. See the FMS API Reference for more information about supported values. - Resource
Type []stringLists - A list of resource types to protect. Conflicts with
resource_type
. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead useresource_type
. - Security
Service PolicyPolicy Data Security Service Policy Data Args - The objects to include in Security Service Policy Data. Documented below.
- map[string]string
- Key-value mapping of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- delete
All BooleanPolicy Resources - If true, the request will also perform a clean-up process. Defaults to
true
. More information can be found here AWS Firewall Manager delete policy - delete
Unused BooleanFm Managed Resources - If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to
false
. More information can be found here AWS Firewall Manager policy contents - description String
- The description of the AWS Network Firewall firewall policy.
- exclude
Map PolicyExclude Map - A map of lists of accounts and OU's to exclude from the policy.
- Boolean
- A boolean value, if true the tags that are specified in the
resource_tags
are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy. - include
Map PolicyInclude Map - A map of lists of accounts and OU's to include in the policy.
- name String
- The friendly name of the AWS Firewall Manager Policy.
- policy
Update StringToken - A unique identifier for each update to the policy.
- remediation
Enabled Boolean - A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
- resource
Set List<String>Ids - Map<String,String>
- A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
- resource
Type String - A resource type to protect. Conflicts with
resource_type_list
. See the FMS API Reference for more information about supported values. - resource
Type List<String>Lists - A list of resource types to protect. Conflicts with
resource_type
. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead useresource_type
. - security
Service PolicyPolicy Data Security Service Policy Data - The objects to include in Security Service Policy Data. Documented below.
- Map<String,String>
- Key-value mapping of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn string
- delete
All booleanPolicy Resources - If true, the request will also perform a clean-up process. Defaults to
true
. More information can be found here AWS Firewall Manager delete policy - delete
Unused booleanFm Managed Resources - If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to
false
. More information can be found here AWS Firewall Manager policy contents - description string
- The description of the AWS Network Firewall firewall policy.
- exclude
Map PolicyExclude Map - A map of lists of accounts and OU's to exclude from the policy.
- boolean
- A boolean value, if true the tags that are specified in the
resource_tags
are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy. - include
Map PolicyInclude Map - A map of lists of accounts and OU's to include in the policy.
- name string
- The friendly name of the AWS Firewall Manager Policy.
- policy
Update stringToken - A unique identifier for each update to the policy.
- remediation
Enabled boolean - A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
- resource
Set string[]Ids - {[key: string]: string}
- A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
- resource
Type string - A resource type to protect. Conflicts with
resource_type_list
. See the FMS API Reference for more information about supported values. - resource
Type string[]Lists - A list of resource types to protect. Conflicts with
resource_type
. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead useresource_type
. - security
Service PolicyPolicy Data Security Service Policy Data - The objects to include in Security Service Policy Data. Documented below.
- {[key: string]: string}
- Key-value mapping of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn str
- delete_
all_ boolpolicy_ resources - If true, the request will also perform a clean-up process. Defaults to
true
. More information can be found here AWS Firewall Manager delete policy - delete_
unused_ boolfm_ managed_ resources - If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to
false
. More information can be found here AWS Firewall Manager policy contents - description str
- The description of the AWS Network Firewall firewall policy.
- exclude_
map PolicyExclude Map Args - A map of lists of accounts and OU's to exclude from the policy.
- bool
- A boolean value, if true the tags that are specified in the
resource_tags
are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy. - include_
map PolicyInclude Map Args - A map of lists of accounts and OU's to include in the policy.
- name str
- The friendly name of the AWS Firewall Manager Policy.
- policy_
update_ strtoken - A unique identifier for each update to the policy.
- remediation_
enabled bool - A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
- resource_
set_ Sequence[str]ids - Mapping[str, str]
- A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
- resource_
type str - A resource type to protect. Conflicts with
resource_type_list
. See the FMS API Reference for more information about supported values. - resource_
type_ Sequence[str]lists - A list of resource types to protect. Conflicts with
resource_type
. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead useresource_type
. - security_
service_ Policypolicy_ data Security Service Policy Data Args - The objects to include in Security Service Policy Data. Documented below.
- Mapping[str, str]
- Key-value mapping of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- delete
All BooleanPolicy Resources - If true, the request will also perform a clean-up process. Defaults to
true
. More information can be found here AWS Firewall Manager delete policy - delete
Unused BooleanFm Managed Resources - If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to
false
. More information can be found here AWS Firewall Manager policy contents - description String
- The description of the AWS Network Firewall firewall policy.
- exclude
Map Property Map - A map of lists of accounts and OU's to exclude from the policy.
- Boolean
- A boolean value, if true the tags that are specified in the
resource_tags
are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy. - include
Map Property Map - A map of lists of accounts and OU's to include in the policy.
- name String
- The friendly name of the AWS Firewall Manager Policy.
- policy
Update StringToken - A unique identifier for each update to the policy.
- remediation
Enabled Boolean - A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
- resource
Set List<String>Ids - Map<String>
- A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
- resource
Type String - A resource type to protect. Conflicts with
resource_type_list
. See the FMS API Reference for more information about supported values. - resource
Type List<String>Lists - A list of resource types to protect. Conflicts with
resource_type
. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead useresource_type
. - security
Service Property MapPolicy Data - The objects to include in Security Service Policy Data. Documented below.
- Map<String>
- Key-value mapping of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Supporting Types
PolicyExcludeMap, PolicyExcludeMapArgs
- Accounts List<string>
- A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.
- Orgunits List<string>
A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an
include_map
, AWS Firewall Manager applies the policy to all accounts specified by theinclude_map
, and does not evaluate anyexclude_map
specifications. If you do not specify aninclude_map
, then Firewall Manager applies the policy to all accounts except for those specified by theexclude_map
.
- Accounts []string
- A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.
- Orgunits []string
A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an
include_map
, AWS Firewall Manager applies the policy to all accounts specified by theinclude_map
, and does not evaluate anyexclude_map
specifications. If you do not specify aninclude_map
, then Firewall Manager applies the policy to all accounts except for those specified by theexclude_map
.
- accounts List<String>
- A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.
- orgunits List<String>
A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an
include_map
, AWS Firewall Manager applies the policy to all accounts specified by theinclude_map
, and does not evaluate anyexclude_map
specifications. If you do not specify aninclude_map
, then Firewall Manager applies the policy to all accounts except for those specified by theexclude_map
.
- accounts string[]
- A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.
- orgunits string[]
A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an
include_map
, AWS Firewall Manager applies the policy to all accounts specified by theinclude_map
, and does not evaluate anyexclude_map
specifications. If you do not specify aninclude_map
, then Firewall Manager applies the policy to all accounts except for those specified by theexclude_map
.
- accounts Sequence[str]
- A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.
- orgunits Sequence[str]
A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an
include_map
, AWS Firewall Manager applies the policy to all accounts specified by theinclude_map
, and does not evaluate anyexclude_map
specifications. If you do not specify aninclude_map
, then Firewall Manager applies the policy to all accounts except for those specified by theexclude_map
.
- accounts List<String>
- A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.
- orgunits List<String>
A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an
include_map
, AWS Firewall Manager applies the policy to all accounts specified by theinclude_map
, and does not evaluate anyexclude_map
specifications. If you do not specify aninclude_map
, then Firewall Manager applies the policy to all accounts except for those specified by theexclude_map
.
PolicyIncludeMap, PolicyIncludeMapArgs
- Accounts List<string>
- A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.
- Orgunits List<string>
A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an
include_map
, AWS Firewall Manager applies the policy to all accounts specified by theinclude_map
, and does not evaluate anyexclude_map
specifications. If you do not specify aninclude_map
, then Firewall Manager applies the policy to all accounts except for those specified by theexclude_map
.
- Accounts []string
- A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.
- Orgunits []string
A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an
include_map
, AWS Firewall Manager applies the policy to all accounts specified by theinclude_map
, and does not evaluate anyexclude_map
specifications. If you do not specify aninclude_map
, then Firewall Manager applies the policy to all accounts except for those specified by theexclude_map
.
- accounts List<String>
- A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.
- orgunits List<String>
A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an
include_map
, AWS Firewall Manager applies the policy to all accounts specified by theinclude_map
, and does not evaluate anyexclude_map
specifications. If you do not specify aninclude_map
, then Firewall Manager applies the policy to all accounts except for those specified by theexclude_map
.
- accounts string[]
- A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.
- orgunits string[]
A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an
include_map
, AWS Firewall Manager applies the policy to all accounts specified by theinclude_map
, and does not evaluate anyexclude_map
specifications. If you do not specify aninclude_map
, then Firewall Manager applies the policy to all accounts except for those specified by theexclude_map
.
- accounts Sequence[str]
- A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.
- orgunits Sequence[str]
A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an
include_map
, AWS Firewall Manager applies the policy to all accounts specified by theinclude_map
, and does not evaluate anyexclude_map
specifications. If you do not specify aninclude_map
, then Firewall Manager applies the policy to all accounts except for those specified by theexclude_map
.
- accounts List<String>
- A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.
- orgunits List<String>
A list of IDs of the AWS Organizational Units that you want to include for this AWS FMS Policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an
include_map
, AWS Firewall Manager applies the policy to all accounts specified by theinclude_map
, and does not evaluate anyexclude_map
specifications. If you do not specify aninclude_map
, then Firewall Manager applies the policy to all accounts except for those specified by theexclude_map
.
PolicySecurityServicePolicyData, PolicySecurityServicePolicyDataArgs
- Type string
- The service that the policy is using to protect the resources. For the current list of supported types, please refer to the AWS Firewall Manager SecurityServicePolicyData API Type Reference.
- Managed
Service stringData - Details about the service that are specific to the service type, in JSON format. For service type
SHIELD_ADVANCED
, this is an empty string. Examples depending ontype
can be found in the AWS Firewall Manager SecurityServicePolicyData API Reference. - Policy
Option PolicySecurity Service Policy Data Policy Option - Contains the Network Firewall firewall policy options to configure a centralized deployment model. Documented below.
- Type string
- The service that the policy is using to protect the resources. For the current list of supported types, please refer to the AWS Firewall Manager SecurityServicePolicyData API Type Reference.
- Managed
Service stringData - Details about the service that are specific to the service type, in JSON format. For service type
SHIELD_ADVANCED
, this is an empty string. Examples depending ontype
can be found in the AWS Firewall Manager SecurityServicePolicyData API Reference. - Policy
Option PolicySecurity Service Policy Data Policy Option - Contains the Network Firewall firewall policy options to configure a centralized deployment model. Documented below.
- type String
- The service that the policy is using to protect the resources. For the current list of supported types, please refer to the AWS Firewall Manager SecurityServicePolicyData API Type Reference.
- managed
Service StringData - Details about the service that are specific to the service type, in JSON format. For service type
SHIELD_ADVANCED
, this is an empty string. Examples depending ontype
can be found in the AWS Firewall Manager SecurityServicePolicyData API Reference. - policy
Option PolicySecurity Service Policy Data Policy Option - Contains the Network Firewall firewall policy options to configure a centralized deployment model. Documented below.
- type string
- The service that the policy is using to protect the resources. For the current list of supported types, please refer to the AWS Firewall Manager SecurityServicePolicyData API Type Reference.
- managed
Service stringData - Details about the service that are specific to the service type, in JSON format. For service type
SHIELD_ADVANCED
, this is an empty string. Examples depending ontype
can be found in the AWS Firewall Manager SecurityServicePolicyData API Reference. - policy
Option PolicySecurity Service Policy Data Policy Option - Contains the Network Firewall firewall policy options to configure a centralized deployment model. Documented below.
- type str
- The service that the policy is using to protect the resources. For the current list of supported types, please refer to the AWS Firewall Manager SecurityServicePolicyData API Type Reference.
- managed_
service_ strdata - Details about the service that are specific to the service type, in JSON format. For service type
SHIELD_ADVANCED
, this is an empty string. Examples depending ontype
can be found in the AWS Firewall Manager SecurityServicePolicyData API Reference. - policy_
option PolicySecurity Service Policy Data Policy Option - Contains the Network Firewall firewall policy options to configure a centralized deployment model. Documented below.
- type String
- The service that the policy is using to protect the resources. For the current list of supported types, please refer to the AWS Firewall Manager SecurityServicePolicyData API Type Reference.
- managed
Service StringData - Details about the service that are specific to the service type, in JSON format. For service type
SHIELD_ADVANCED
, this is an empty string. Examples depending ontype
can be found in the AWS Firewall Manager SecurityServicePolicyData API Reference. - policy
Option Property Map - Contains the Network Firewall firewall policy options to configure a centralized deployment model. Documented below.
PolicySecurityServicePolicyDataPolicyOption, PolicySecurityServicePolicyDataPolicyOptionArgs
- Network
Firewall PolicyPolicy Security Service Policy Data Policy Option Network Firewall Policy - Defines the deployment model to use for the firewall policy. Documented below.
- Third
Party PolicyFirewall Policy Security Service Policy Data Policy Option Third Party Firewall Policy
- Network
Firewall PolicyPolicy Security Service Policy Data Policy Option Network Firewall Policy - Defines the deployment model to use for the firewall policy. Documented below.
- Third
Party PolicyFirewall Policy Security Service Policy Data Policy Option Third Party Firewall Policy
- network
Firewall PolicyPolicy Security Service Policy Data Policy Option Network Firewall Policy - Defines the deployment model to use for the firewall policy. Documented below.
- third
Party PolicyFirewall Policy Security Service Policy Data Policy Option Third Party Firewall Policy
- network
Firewall PolicyPolicy Security Service Policy Data Policy Option Network Firewall Policy - Defines the deployment model to use for the firewall policy. Documented below.
- third
Party PolicyFirewall Policy Security Service Policy Data Policy Option Third Party Firewall Policy
- network_
firewall_ Policypolicy Security Service Policy Data Policy Option Network Firewall Policy - Defines the deployment model to use for the firewall policy. Documented below.
- third_
party_ Policyfirewall_ policy Security Service Policy Data Policy Option Third Party Firewall Policy
- network
Firewall Property MapPolicy - Defines the deployment model to use for the firewall policy. Documented below.
- third
Party Property MapFirewall Policy
PolicySecurityServicePolicyDataPolicyOptionNetworkFirewallPolicy, PolicySecurityServicePolicyDataPolicyOptionNetworkFirewallPolicyArgs
- Firewall
Deployment stringModel - Defines the deployment model to use for the third-party firewall policy. Valid values are
CENTRALIZED
andDISTRIBUTED
.
- Firewall
Deployment stringModel - Defines the deployment model to use for the third-party firewall policy. Valid values are
CENTRALIZED
andDISTRIBUTED
.
- firewall
Deployment StringModel - Defines the deployment model to use for the third-party firewall policy. Valid values are
CENTRALIZED
andDISTRIBUTED
.
- firewall
Deployment stringModel - Defines the deployment model to use for the third-party firewall policy. Valid values are
CENTRALIZED
andDISTRIBUTED
.
- firewall_
deployment_ strmodel - Defines the deployment model to use for the third-party firewall policy. Valid values are
CENTRALIZED
andDISTRIBUTED
.
- firewall
Deployment StringModel - Defines the deployment model to use for the third-party firewall policy. Valid values are
CENTRALIZED
andDISTRIBUTED
.
PolicySecurityServicePolicyDataPolicyOptionThirdPartyFirewallPolicy, PolicySecurityServicePolicyDataPolicyOptionThirdPartyFirewallPolicyArgs
- Firewall
Deployment stringModel - Defines the deployment model to use for the third-party firewall policy. Valid values are
CENTRALIZED
andDISTRIBUTED
.
- Firewall
Deployment stringModel - Defines the deployment model to use for the third-party firewall policy. Valid values are
CENTRALIZED
andDISTRIBUTED
.
- firewall
Deployment StringModel - Defines the deployment model to use for the third-party firewall policy. Valid values are
CENTRALIZED
andDISTRIBUTED
.
- firewall
Deployment stringModel - Defines the deployment model to use for the third-party firewall policy. Valid values are
CENTRALIZED
andDISTRIBUTED
.
- firewall_
deployment_ strmodel - Defines the deployment model to use for the third-party firewall policy. Valid values are
CENTRALIZED
andDISTRIBUTED
.
- firewall
Deployment StringModel - Defines the deployment model to use for the third-party firewall policy. Valid values are
CENTRALIZED
andDISTRIBUTED
.
Import
Using pulumi import
, import Firewall Manager policies using the policy ID. For example:
$ pulumi import aws:fms/policy:Policy example 5be49585-a7e3-4c49-dde1-a179fe4a619a
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.