/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
/*
* Do not modify this file. This file is generated from the fms-2018-01-01.normal.json service model.
*/
using System;
using System.Collections.Generic;
using System.Xml.Serialization;
using System.Text;
using System.IO;
using System.Net;
using Amazon.Runtime;
using Amazon.Runtime.Internal;
namespace Amazon.FMS.Model
{
///
/// An Firewall Manager policy.
///
public partial class Policy
{
private bool? _deleteUnusedFMManagedResources;
private Dictionary> _excludeMap = new Dictionary>();
private bool? _excludeResourceTags;
private Dictionary> _includeMap = new Dictionary>();
private string _policyDescription;
private string _policyId;
private string _policyName;
private CustomerPolicyStatus _policyStatus;
private string _policyUpdateToken;
private bool? _remediationEnabled;
private List _resourceSetIds = new List();
private List _resourceTags = new List();
private string _resourceType;
private List _resourceTypeList = new List();
private SecurityServicePolicyData _securityServicePolicyData;
///
/// Gets and sets the property DeleteUnusedFMManagedResources.
///
/// Indicates whether Firewall Manager should automatically remove protections from resources
/// that leave the policy scope and clean up resources that Firewall Manager is managing
/// for accounts when those accounts leave policy scope. For example, Firewall Manager
/// will disassociate a Firewall Manager managed web ACL from a protected customer resource
/// when the customer resource leaves policy scope.
///
///
///
/// By default, Firewall Manager doesn't remove protections or delete Firewall Manager
/// managed resources.
///
///
///
/// This option is not available for Shield Advanced or WAF Classic policies.
///
///
public bool DeleteUnusedFMManagedResources
{
get { return this._deleteUnusedFMManagedResources.GetValueOrDefault(); }
set { this._deleteUnusedFMManagedResources = value; }
}
// Check to see if DeleteUnusedFMManagedResources property is set
internal bool IsSetDeleteUnusedFMManagedResources()
{
return this._deleteUnusedFMManagedResources.HasValue;
}
///
/// Gets and sets the property ExcludeMap.
///
/// Specifies the Amazon Web Services account IDs and Organizations organizational units
/// (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying
/// all accounts in the OU and in any of its child OUs, including any child OUs and accounts
/// that are added at a later time.
///
///
///
/// You can specify inclusions or exclusions, but not both. If you specify an IncludeMap,
/// Firewall Manager applies the policy to all accounts specified by the IncludeMap,
/// and does not evaluate any ExcludeMap specifications. If you do not specify
/// an IncludeMap, then Firewall Manager applies the policy to all accounts
/// except for those specified by the ExcludeMap.
///
///
///
/// You can specify account IDs, OUs, or a combination:
///
/// -
///
/// Specify account IDs by setting the key to
ACCOUNT. For example, the following
/// is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.
///
/// -
///
/// Specify OUs by setting the key to
ORG_UNIT. For example, the following
/// is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
///
/// -
///
/// Specify accounts and OUs together in a single map, separated with a comma. For example,
/// the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT”
/// : [“ouid111”, “ouid112”]}.
///
///
///
public Dictionary> ExcludeMap
{
get { return this._excludeMap; }
set { this._excludeMap = value; }
}
// Check to see if ExcludeMap property is set
internal bool IsSetExcludeMap()
{
return this._excludeMap != null && this._excludeMap.Count > 0;
}
///
/// Gets and sets the property ExcludeResourceTags.
///
/// If set to True, resources with the tags that are specified in the ResourceTag
/// array are not in scope of the policy. If set to False, and the ResourceTag
/// array is not null, only resources with the specified tags are in scope of the policy.
///
///
[AWSProperty(Required=true)]
public bool ExcludeResourceTags
{
get { return this._excludeResourceTags.GetValueOrDefault(); }
set { this._excludeResourceTags = value; }
}
// Check to see if ExcludeResourceTags property is set
internal bool IsSetExcludeResourceTags()
{
return this._excludeResourceTags.HasValue;
}
///
/// Gets and sets the property IncludeMap.
///
/// Specifies the Amazon Web Services account IDs and Organizations organizational units
/// (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all
/// accounts in the OU and in any of its child OUs, including any child OUs and accounts
/// that are added at a later time.
///
///
///
/// You can specify inclusions or exclusions, but not both. If you specify an IncludeMap,
/// Firewall Manager applies the policy to all accounts specified by the IncludeMap,
/// and does not evaluate any ExcludeMap specifications. If you do not specify
/// an IncludeMap, then Firewall Manager applies the policy to all accounts
/// except for those specified by the ExcludeMap.
///
///
///
/// You can specify account IDs, OUs, or a combination:
///
/// -
///
/// Specify account IDs by setting the key to
ACCOUNT. For example, the following
/// is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.
///
/// -
///
/// Specify OUs by setting the key to
ORG_UNIT. For example, the following
/// is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
///
/// -
///
/// Specify accounts and OUs together in a single map, separated with a comma. For example,
/// the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT”
/// : [“ouid111”, “ouid112”]}.
///
///
///
public Dictionary> IncludeMap
{
get { return this._includeMap; }
set { this._includeMap = value; }
}
// Check to see if IncludeMap property is set
internal bool IsSetIncludeMap()
{
return this._includeMap != null && this._includeMap.Count > 0;
}
///
/// Gets and sets the property PolicyDescription.
///
/// The definition of the Network Firewall firewall policy.
///
///
[AWSProperty(Max=256)]
public string PolicyDescription
{
get { return this._policyDescription; }
set { this._policyDescription = value; }
}
// Check to see if PolicyDescription property is set
internal bool IsSetPolicyDescription()
{
return this._policyDescription != null;
}
///
/// Gets and sets the property PolicyId.
///
/// The ID of the Firewall Manager policy.
///
///
[AWSProperty(Min=36, Max=36)]
public string PolicyId
{
get { return this._policyId; }
set { this._policyId = value; }
}
// Check to see if PolicyId property is set
internal bool IsSetPolicyId()
{
return this._policyId != null;
}
///
/// Gets and sets the property PolicyName.
///
/// The name of the Firewall Manager policy.
///
///
[AWSProperty(Required=true, Min=1, Max=128)]
public string PolicyName
{
get { return this._policyName; }
set { this._policyName = value; }
}
// Check to see if PolicyName property is set
internal bool IsSetPolicyName()
{
return this._policyName != null;
}
///
/// Gets and sets the property PolicyStatus.
///
/// Indicates whether the policy is in or out of an admin's policy or Region scope.
///
/// -
///
///
ACTIVE - The administrator can manage and delete the policy.
///
/// -
///
///
OUT_OF_ADMIN_SCOPE - The administrator can view the policy, but they
/// can't edit or delete the policy. Existing policy protections stay in place. Any new
/// resources that come into scope of the policy won't be protected.
///
///
///
public CustomerPolicyStatus PolicyStatus
{
get { return this._policyStatus; }
set { this._policyStatus = value; }
}
// Check to see if PolicyStatus property is set
internal bool IsSetPolicyStatus()
{
return this._policyStatus != null;
}
///
/// Gets and sets the property PolicyUpdateToken.
///
/// A unique identifier for each update to the policy. When issuing a PutPolicy
/// request, the PolicyUpdateToken in the request must match the PolicyUpdateToken
/// of the current policy version. To get the PolicyUpdateToken of the current
/// policy version, use a GetPolicy request.
///
///
[AWSProperty(Min=1, Max=1024)]
public string PolicyUpdateToken
{
get { return this._policyUpdateToken; }
set { this._policyUpdateToken = value; }
}
// Check to see if PolicyUpdateToken property is set
internal bool IsSetPolicyUpdateToken()
{
return this._policyUpdateToken != null;
}
///
/// Gets and sets the property RemediationEnabled.
///
/// Indicates if the policy should be automatically applied to new resources.
///
///
[AWSProperty(Required=true)]
public bool RemediationEnabled
{
get { return this._remediationEnabled.GetValueOrDefault(); }
set { this._remediationEnabled = value; }
}
// Check to see if RemediationEnabled property is set
internal bool IsSetRemediationEnabled()
{
return this._remediationEnabled.HasValue;
}
///
/// Gets and sets the property ResourceSetIds.
///
/// The unique identifiers of the resource sets used by the policy.
///
///
public List ResourceSetIds
{
get { return this._resourceSetIds; }
set { this._resourceSetIds = value; }
}
// Check to see if ResourceSetIds property is set
internal bool IsSetResourceSetIds()
{
return this._resourceSetIds != null && this._resourceSetIds.Count > 0;
}
///
/// Gets and sets the property ResourceTags.
///
/// An array of ResourceTag objects.
///
///
[AWSProperty(Min=0, Max=8)]
public List ResourceTags
{
get { return this._resourceTags; }
set { this._resourceTags = value; }
}
// Check to see if ResourceTags property is set
internal bool IsSetResourceTags()
{
return this._resourceTags != null && this._resourceTags.Count > 0;
}
///
/// Gets and sets the property ResourceType.
///
/// The type of resource protected by or in scope of the policy. This is in the format
/// shown in the Amazon
/// Web Services Resource Types Reference. To apply this policy to multiple resource
/// types, specify a resource type of ResourceTypeList and then specify the
/// resource types in a ResourceTypeList.
///
///
///
/// For WAF and Shield Advanced, resource types include AWS::ElasticLoadBalancingV2::LoadBalancer,
/// AWS::ElasticLoadBalancing::LoadBalancer, AWS::EC2::EIP,
/// and AWS::CloudFront::Distribution. For a security group common policy,
/// valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance.
/// For a security group content audit policy, valid values are AWS::EC2::SecurityGroup,
/// AWS::EC2::NetworkInterface, and AWS::EC2::Instance. For
/// a security group usage audit policy, the value is AWS::EC2::SecurityGroup.
/// For an Network Firewall policy or DNS Firewall policy, the value is AWS::EC2::VPC.
///
///
[AWSProperty(Required=true, Min=1, Max=128)]
public string ResourceType
{
get { return this._resourceType; }
set { this._resourceType = value; }
}
// Check to see if ResourceType property is set
internal bool IsSetResourceType()
{
return this._resourceType != null;
}
///
/// Gets and sets the property ResourceTypeList.
///
/// An array of ResourceType objects. Use this only to specify multiple resource
/// types. To specify a single resource type, use ResourceType.
///
///
public List ResourceTypeList
{
get { return this._resourceTypeList; }
set { this._resourceTypeList = value; }
}
// Check to see if ResourceTypeList property is set
internal bool IsSetResourceTypeList()
{
return this._resourceTypeList != null && this._resourceTypeList.Count > 0;
}
///
/// Gets and sets the property SecurityServicePolicyData.
///
/// Details about the security service that is being used to protect the resources.
///
///
[AWSProperty(Required=true)]
public SecurityServicePolicyData SecurityServicePolicyData
{
get { return this._securityServicePolicyData; }
set { this._securityServicePolicyData = value; }
}
// Check to see if SecurityServicePolicyData property is set
internal bool IsSetSecurityServicePolicyData()
{
return this._securityServicePolicyData != null;
}
}
}