The number of audits per page.
_Default value: 100_The pagination token.
| ### Examples CURL Example: ```curl curl --location --request GET 'https://result
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "results": [ { "requestedTimestamp": "2021-09-15T02:53:39.725Z", "requestedBy": "arn:aws:sts::error
| # Objects ## Create new object [Back to top](#top)Create new object referencing a cloud resource or fixed resource
``` POST /objects ``` ### Parameters - `Parameter` | Name | Type | Description | | ----- | ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | ----- | ------------ | | id | `String[1..100]` |The object's id.
_Allowed values: "[ 0-9a-zA-Z_-]+"\_ | | type | `string` |The object's type 'Address' | 'Cidr' | 'Arn' | 'Tagged'
| | value | `value` |The object's value, can a an ARN or A tag list
e.g ARN arn:aws:ec2:ap-southeast-2:<account_number>:subnet/subnet-123 e.g A tag list {
"value": "1",
"key": "FF_TEST"
}
created object values
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "object": { "id": "Onprem_Server", "type": "Address", "value": "172.16.1.20", "createdBy": "arn:aws:sts::1000000:assumed-role/ObjectExtensionSecOpsAdminRole/DeviceClient", "lastUpdated": "2021-09-15T06:39:38.997Z" } } ``` ### Error response #### Error response - `Error 400` | Name | Type | Description | | ---------------------- | ---- | ---------------------------------------------------------------------------- | ------ | ----- | ------------- | | UnsupportedObjectType | |Supported object type 'SinglePort' , 'Any' , 'PortRange'
| | InvalidObjectValue | |When request contains unsupported object value, supported 'Address' | 'Cidr' | 'Arn' | 'Tagged';
| | ObjectInvalidReference | |When requested object is not reference to a concrete resource with IP
| | BadRequest | |NONE_COMPLIANT due to violate OPA policy
| #### Error response - `Error 502` | Name | Type | Description | | ---- | ---- | ----------- | | Time | |out
| #### Error response - `Error 503` | Name | Type | Description | | -------- | ---- | ------------ | | Internal | |error
| ## Delete an object [Back to top](#top)Delete an object referencing a cloud resource or fixed resource
``` DELETE /objects/{id} ``` ### Parameters - `Parameter` | Name | Type | Description | | ---- | ------ | ----------------------- | | id | `UUID` |The object's id.
| ### Examples CURL Example: ```curl curl --location --request DELETE 'https://updated
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "id": "object_id" } ``` ### Error response #### Error response - `Error 404` | Name | Type | Description | | ------ | ---- | ---------------- | | object | |not found
| #### Error response - `Error 400` | Name | Type | Description | | ------- | ---- | ------------------- | | Invalid | |object value
| #### Error response - `Error 502` | Name | Type | Description | | ---- | ---- | ----------- | | Time | |out
| #### Error response - `Error 503` | Name | Type | Description | | -------- | ---- | ------------ | | Internal | |error
| ## Get an object [Back to top](#top)Get an object referencing a cloud resource or fixed resource
``` GET /objects/{id} ``` ### Examples CURL Example: ```curl curl --location --request GET 'https://updated
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "object": { "id": "Onprem_Server", "type": "Address", "value": "172.16.1.20", "createdBy": "arn:aws:sts::1000000:assumed-role/ObjectExtensionSecOpsAdminRole/DeviceClient", "lastUpdated": "2021-09-15T06:39:38.997Z" } } ``` ### Error response #### Error response - `Error 404` | Name | Type | Description | | ------ | ---- | ---------------- | | Object | |not found
| #### Error response - `Error 400` | Name | Type | Description | | ------- | ---- | ------------------- | | Invalid | |Object value
| #### Error response - `Error 502` | Name | Type | Description | | ---- | ---- | ----------- | | Time | |out
| #### Error response - `Error 503` | Name | Type | Description | | -------- | ---- | ------------ | | Internal | |error
| ## List objects [Back to top](#top)List objects
``` GET /objects ``` ### Parameters - `Optional Query Parameters` | Name | Type | Description | | --------- | -------- | ------------------------------------------------------------------------------------------------- | | limit | `number` | **optional**The number of object per page.
_Default value: 100_The pagination token.
| ### Examples CURL Example: ```curl curl --location --request GET 'https://results
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "results": [ { "value": "arn:aws:ec2:ap-southeast-2:10000:vpc/vpc-0c315768612ee4eb1", "lastUpdated": "2021-09-15T02:53:38.350Z", "id": "Ec2_VPC_int_kbxZPcQP9dz3Fc3PsqZ23y", "createdBy": "arn:aws:sts::10000:assumed-role/ObjectExtensionSecOpsAdminRole/ObjectExtensionSecOpsAdminRole", "type": "Arn" } } ``` ### Error response #### Error response - `Error 502` | Name | Type | Description | | ------- | ---- | ------------------------ | | Timeout | |Service timed out
| #### Error response - `Error 503` | Name | Type | Description | | ------------- | ---- | ------------------------------ | | InternalError | |Internal error occurred
| ## Update an object [Back to top](#top)Update an object referencing a cloud resource or fixed resource
``` PUT /objects ``` ### Parameters - `Parameter` | Name | Type | Description | | ----- | ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | ----- | ------------ | | id | `String[1..100]` |The object's id. id The object's id.
_Allowed values: "[ 0-9a-zA-Z_-]+"\_ | | type | `string` |The object's type 'Address' | 'Cidr' | 'Arn' | 'Tagged'
| | value | `value` |The object's value, can a an ARN or A tag list
e.g ARN arn:aws:ec2:ap-southeast-2:<account_number>:subnet/subnet-123 e.g A tag list {
"value": "1",
"key": "FF_TEST"
}
updated
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "object": { "id": "Onprem_Server", "type": "Address", "value": "172.16.1.20", "createdBy": "arn:aws:sts::1000000:assumed-role/ObjectExtensionSecOpsAdminRole/DeviceClient", "lastUpdated": "2021-09-15T06:39:38.997Z" } } ``` ### Error response #### Error response - `Error 400` | Name | Type | Description | | --------------------- | ---- | ---------------------------------------------------------------------- | ------ | ----- | ------------- | | UnsupportedObjectType | |Supported object type 'SinglePort' , 'Any' , 'PortRange'
| | InvalidObjectValue | |When request contains unsupported object value, supported 'Address' | 'Cidr' | 'Arn' | 'Tagged';
| | BadRequest | |NONE_COMPLIANT due to violate OPA policy
| #### Error response - `Error 502` | Name | Type | Description | | ---- | ---- | ----------- | | Time | |out
| #### Error response - `Error 503` | Name | Type | Description | | -------- | ---- | ------------ | | Internal | |error
| # Rule ## Create new rule [Back to top](#top)Create new rule in a rule bundle referencing a cloud resource or fixed resource
``` POST /rulebundles/{id}/rules ``` ### Parameters - `Parameter` | Name | Type | Description | | ------------ | -------- | ---------------------------------------------------- | ---- | --------- | | protocol | `string` |The protocol for this rule supported tcp | udp | icmp
| | action | `string` |The action specified for this rule supported drop | pass | alert
| | source | `string` |The object's id as a source of this rule
| | destination | `string` |The object's id as a destination of this rule
| | ruleBundleId | `string` |The bundle ID this rule attaches to
| ### Examples CURL Example: ```curl curl --location --request POST 'https://created
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 201 OK { "rule": { "protocol": "tcp", "action": "drop", "source": "Ec2_Arn_DEMO", "destination": "Onprem_Server", "status": "PENDING", "ruleBundleId": "integration-CRUD-test-group-4dadbfc5-58f2-4e3d-a9bc-193753a49a23", "lastUpdated": "2021-09-16T23:11:56.198Z", "id": "88bc676a-4917-490e-92ab-610a545c5baf", "destinationPort": { "type": "SinglePort", "value": '123' }, "sourcePort": { "type": "Any" }, "version": 0 } } ``` ### Error response #### Error response - `Error 400` | Name | Type | Description | | ---------- | ---- | ------------------------------------------------------------ | | BadRequest | |Rule bundle id path parameter cannot be null or empty
| #### Error response - `Error 403` | Name | Type | Description | | --------- | ---- | --------------------------------------------------------------- | | Forbidden | |Requestor's arn is not authorized to perform this action
| #### Error response - `Error 500` | Name | Type | Description | | ----------- | ---- | --------------------------------------------- | | RemoteError | |Unable to determine user accessibility
| ## Delete a rule [Back to top](#top)Delete a rule in a rule bundle
``` DELETE /rulebundles/{id}/rules/{ruleId} ``` ### Examples CURL Example: ```curl curl --location --request GET 'https://created
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "ruleId": "rule_id" } ``` ### Error response #### Error response - `Error 400` | Name | Type | Description | | ---------- | ---- | ------------------------------------------------------------ | | BadRequest | |Rule bundle id path parameter cannot be null or empty
| #### Error response - `Error 403` | Name | Type | Description | | --------- | ---- | --------------------------------------------------------------- | | Forbidden | |Requestor's arn is not authorized to perform this action
| #### Error response - `Error 500` | Name | Type | Description | | ----------- | ---- | --------------------------------------- | | RemoteError | |Error while creating rule object
| ## Get a rule [Back to top](#top)Get a rule in a rule bundle referencing a cloud resource or fixed resource
``` GET /rulebundles/{id}/rules/{ruleId} ``` ### Examples CURL Example: ```curl curl --location --request GET 'https://created
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "rule": { "protocol": "tcp", "action": "drop", "source": "Ec2_Arn_DEMO", "destination": "Onprem_Server", "status": "PENDING", "ruleBundleId": "ruleGroup_Id", "lastUpdated": "2021-09-16T23:11:56.198Z", "id": "rule_id", "destinationPort": { "type": "SinglePort", "value": '123' }, "sourcePort": { "type": "Any" }, "version": 0 } } ``` ### Error response #### Error response - `Error 400` | Name | Type | Description | | ---------- | ---- | ------------------------------------------------------------ | | BadRequest | |Rule bundle id path parameter cannot be null or empty
| #### Error response - `Error 403` | Name | Type | Description | | --------- | ---- | --------------------------------------------------------------- | | Forbidden | |Requestor's arn is not authorized to perform this action
| #### Error response - `Error 500` | Name | Type | Description | | ----------- | ---- | --------------------------------------- | | RemoteError | |Error while creating rule object
| ## List rules [Back to top](#top)List rule bundles belongs to requestor's arn
``` GET /rulebundles/{id}/rules ``` ### Parameters - `Optional Query Parameters` | Name | Type | Description | | --------- | -------- | ------------------------------------------------------------------------------------------------- | | limit | `number` | **optional**The number of object per page.
_Default value: 100_The pagination token.
| ### Examples CURL Example: ```curl curl --location --request GET 'https://results
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "results": [ { "id": "rule_id", "version": 536, "lastUpdated": "2021-09-15T02:53:53.754Z", "action": "drop", "protocol": "udp", "status": "ACTIVE", "ruleBundleId": "rulebundle_id", "destination": "Ec2_SUBNET", "source": "Onprem_Server", "failureReasons": [], "destinationPort": { "type": "SinglePort", "value": '123' }, "sourcePort": { "type": "Any" }, } ], "nextToken": "rule_id_2" } ``` ### Error response #### Error response - `Error 502` | Name | Type | Description | | ------- | ---- | ------------------------ | | Timeout | |Service timed out
| #### Error response - `Error 503` | Name | Type | Description | | ------------- | ---- | ------------------------------ | | InternalError | |Internal error occurred
| ## Update a rule [Back to top](#top)Update rule in a rule bundle referencing a cloud resource or fixed resource
``` PUT /rulebundles/{id}/rules/{ruleId} ``` ### Parameters - `Parameter` | Name | Type | Description | | ------------ | -------- | ---------------------------------------------------- | ------- | --------- | | protocol | `string` |The protocol for this rule supported tcp | udp
| | action | `string` |The action specified for this rule supported drop | pass | alert
| | source | `string` |The object's id as a source of this rule
| | destination | `string` |The object's id as a destination of this rule
| | ruleBundleId | `string` |The bundle ID this rule attaches to
| ### Examples CURL Example: ```curl curl --location --request PUT 'https://created
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "rule": { "protocol": "tcp", "action": "drop", "source": "Ec2_Arn_DEMO", "destination": "Onprem_Server", "status": "PENDING", "ruleBundleId": "integration-CRUD-test-group-4dadbfc5-58f2-4e3d-a9bc-193753a49a23", "lastUpdated": "2021-09-16T23:11:56.198Z", "id": "88bc676a-4917-490e-92ab-610a545c5baf", "destinationPort": { "type": "SinglePort", "value": '123' }, "sourcePort": { "type": "Any" }, "version": 0 } } ``` ### Error response #### Error response - `Error 400` | Name | Type | Description | | ---------- | ---- | ------------------------------------------------------------ | | BadRequest | |Rule bundle id path parameter cannot be null or empty
| #### Error response - `Error 403` | Name | Type | Description | | --------- | ---- | --------------------------------------------------------------- | | Forbidden | |Requestor's arn is not authorized to perform this action
| #### Error response - `Error 500` | Name | Type | Description | | ----------- | ---- | --------------------------------------------- | | RemoteError | |Unable to determine user accessibility
| # RuleBundle ## Create new rule bundle [Back to top](#top)Create new rule bundle referencing a cloud resource or fixed resource
``` POST /rulebundles ``` ### Parameters - `Parameter` | Name | Type | Description | | ------------ | ---------------- | ------------------------------------------------------------------------------------ | | description | `string` |Description of this rule bundle
| | id | `String[1..100]` |The object's id. id Id of this rule bundle
_Allowed values: "[0-9a-zA-Z_-]+"\_ | | ownerGroup | `list[]` |The owner group, this is SecOpsAdminRole provided by the solution
| | ruleGroupArn | `string` |The underlying AWS network firewall rule bundle arn
| ### Examples CURL Example: ```curl curl --location --request POST 'https://Bundle created
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 201 OK { "id": "demo-bundle" } ``` ### Error response #### Error response - `Error 400` | Name | Type | Description | | ----------- | ---- | ------------------- | | Unsupported | |Port Type
| | Invalid | |Object value
| #### Error response - `Error 502` | Name | Type | Description | | ---- | ---- | ----------- | | Time | |out
| #### Error response - `Error 503` | Name | Type | Description | | -------- | ---- | ------------ | | Internal | |error
| ## Delete rule bundle [Back to top](#top)Delete a rule bundle
``` DELETE /rulebundles/{id} ``` ### Examples CURL Example: ```curl curl --location --request DELETE 'https://updated
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "id": "demo-group-demo1" } ``` ### Error response #### Error response - `Error 404` | Name | Type | Description | | ------ | ---- | ---------------- | | Object | |not found
| #### Error response - `Error 400` | Name | Type | Description | | ------- | ---- | ------------------- | | Invalid | |Object value
| #### Error response - `Error 502` | Name | Type | Description | | ---- | ---- | ----------- | | Time | |out
| #### Error response - `Error 503` | Name | Type | Description | | -------- | ---- | ------------ | | Internal | |error
| ## Get a rule bundle [Back to top](#top)Get get rule bundle
``` GET /rulebundles ``` ### Examples CURL Example: ```curl curl --location --request GET 'https://Bundle created
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "id":"demo-group-demo", "description": "demo rule bundle", "ownerGroup": [ "arn:aws:iam::Requestor's arn is not authorized to perform this action
| #### Error response - `Error 404` | Name | Type | Description | | -------- | ---- | ----------------------------------------------- | | NotFound | |The rule bundle with {id} does not exits
| #### Error response - `Error 400` | Name | Type | Description | | ---------- | ---- | ----------------------------------- | | BadRequest | |ruleGroupArn does not exists
| #### Error response - `Error 502` | Name | Type | Description | | ------- | ---- | ----------- | | Timeout | | | #### Error response - `Error 503` | Name | Type | Description | | ------------------ | ---- | ----------- | | ServiceUnavailable | | | ## List rule bundles [Back to top](#top)List rule bundles belongs to this requestor's arn
``` GET /rulebundles ``` ### Parameters - `Optional Query Parameters` | Name | Type | Description | | --------- | -------- | ------------------------------------------------------------------------------------------------- | | limit | `number` | **optional**The number of object per page.
_Default value: 100_The pagination token.
| ### Examples CURL Example: ```curl curl --location --request GET 'https://results
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "results": [ { "ruleGroupArn": "arn:aws:network-firewall:ap-southeast-2:Service timed out
| #### Error response - `Error 503` | Name | Type | Description | | ------------- | ---- | ------------------------------ | | InternalError | |Internal error occurred
| ## Update a rule bundle [Back to top](#top)Create new rule bundle to encapsulate the underling Network firewall rule bundles
``` PUT /rulebundles ``` ### Parameters - `Parameter` | Name | Type | Description | | ------------ | -------- | ------------------------------------------------------------------------ | | description | `string` |Description of this rule bundle
| | id | `string` |Id of this rule bundle
| | ownerGroup | `list[]` |The owner group, this is SecOpsAdminRole provided by the solution
| | ruleGroupArn | `string` |The underlying AWS network firewall rule bundle arn
| ### Examples CURL Example: ```curl curl --location --request PUT 'https://Group created
| ### Success response example #### Success response example - `Success-Response: ` ```json HTTP/1.1 200 OK { "ruleBundleId": "demo-group-demo" } ``` ### Error response #### Error response - `Error 403` | Name | Type | Description | | --------- | ---- | --------------------------------------------------------------- | | Forbidden | |Requestor's arn is not authorized to perform this action
| #### Error response - `Error 409` | Name | Type | Description | | -------- | ---- | ---------------------------------- | | Conflict | |Requested id already exists
| #### Error response - `Error 400` | Name | Type | Description | | ---------- | ---- | ----------------------------------- | | BadRequest | |ruleGroupArn does not exists
| #### Error response - `Error 502` | Name | Type | Description | | ------- | ---- | ----------- | | Timeout | | | #### Error response - `Error 503` | Name | Type | Description | | ------------------ | ---- | ----------- | | ServiceUnavailable | | |