Class CfnPolicy
An AWS Firewall Manager policy.
Inherited Members
Namespace: Amazon.CDK.AWS.FMS
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnPolicy : CfnResource, IInspectable, ITaggableV2
Syntax (vb)
Public Class CfnPolicy
Inherits CfnResource
Implements IInspectable, ITaggableV2
Remarks
Firewall Manager provides the following types of policies:
Each policy is specific to one of the types. If you want to enforce more than one policy type across accounts, create multiple policies. You can create multiple policies for each type.
These policies require some setup to use. For more information, see the sections on prerequisites and getting started under AWS Firewall Manager .
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-fms-policy.html
CloudformationResource: AWS::FMS::Policy
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.FMS;
var cfnPolicy = new CfnPolicy(this, "MyCfnPolicy", new CfnPolicyProps {
ExcludeResourceTags = false,
PolicyName = "policyName",
RemediationEnabled = false,
SecurityServicePolicyData = new SecurityServicePolicyDataProperty {
Type = "type",
// the properties below are optional
ManagedServiceData = "managedServiceData",
PolicyOption = new PolicyOptionProperty {
NetworkFirewallPolicy = new NetworkFirewallPolicyProperty {
FirewallDeploymentModel = "firewallDeploymentModel"
},
ThirdPartyFirewallPolicy = new ThirdPartyFirewallPolicyProperty {
FirewallDeploymentModel = "firewallDeploymentModel"
}
}
},
// the properties below are optional
DeleteAllPolicyResources = false,
ExcludeMap = new Dictionary<string, string[]?> {
{ "account", new [] { "account" } },
{ "orgunit", new [] { "orgunit" } }
},
IncludeMap = new Dictionary<string, string[]?> {
{ "account", new [] { "account" } },
{ "orgunit", new [] { "orgunit" } }
},
PolicyDescription = "policyDescription",
ResourcesCleanUp = false,
ResourceSetIds = new [] { "resourceSetIds" },
ResourceTags = new [] { new ResourceTagProperty {
Key = "key",
// the properties below are optional
Value = "value"
} },
ResourceType = "resourceType",
ResourceTypeList = new [] { "resourceTypeList" },
Tags = new [] { new PolicyTagProperty {
Key = "key",
Value = "value"
} }
});
Synopsis
Constructors
CfnPolicy(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
CfnPolicy(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
CfnPolicy(Construct, String, ICfnPolicyProps) |
Properties
AttrArn | The Amazon Resource Name (ARN) of the policy. |
AttrId | The ID of the policy. |
CdkTagManager | Tag Manager which manages the tags for this resource. |
CFN_RESOURCE_TYPE_NAME | The CloudFormation resource type name for this resource class. |
CfnProperties | |
DeleteAllPolicyResources | Used when deleting a policy. |
ExcludeMap | Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. |
ExcludeResourceTags | Used only when tags are specified in the |
IncludeMap | Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. |
PolicyDescription | Your description of the AWS Firewall Manager policy. |
PolicyName | The name of the AWS Firewall Manager policy. |
RemediationEnabled | Indicates if the policy should be automatically applied to new resources. |
ResourcesCleanUp | Indicates whether AWS Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. |
ResourceSetIds | The unique identifiers of the resource sets used by the policy. |
ResourceTags | An array of |
ResourceType | The type of resource protected by or in scope of the policy. |
ResourceTypeList | An array of |
SecurityServicePolicyData | Details about the security service that is being used to protect the resources. |
Tags | A collection of key:value pairs associated with an AWS resource. |
Methods
Inspect(TreeInspector) | Examines the CloudFormation resource and discloses attributes. |
RenderProperties(IDictionary<String, Object>) |
Constructors
CfnPolicy(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected CfnPolicy(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
CfnPolicy(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected CfnPolicy(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
CfnPolicy(Construct, String, ICfnPolicyProps)
public CfnPolicy(Construct scope, string id, ICfnPolicyProps props)
Parameters
- scope Constructs.Construct
Scope in which this resource is defined.
- id System.String
Construct identifier for this resource (unique in its scope).
- props ICfnPolicyProps
Resource properties.
Properties
AttrArn
The Amazon Resource Name (ARN) of the policy.
public virtual string AttrArn { get; }
Property Value
System.String
Remarks
CloudformationAttribute: Arn
AttrId
The ID of the policy.
public virtual string AttrId { get; }
Property Value
System.String
Remarks
CloudformationAttribute: Id
CdkTagManager
Tag Manager which manages the tags for this resource.
public virtual TagManager CdkTagManager { get; }
Property Value
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
public static string CFN_RESOURCE_TYPE_NAME { get; }
Property Value
System.String
CfnProperties
protected override IDictionary<string, object> CfnProperties { get; }
Property Value
System.Collections.Generic.IDictionary<System.String, System.Object>
Overrides
DeleteAllPolicyResources
Used when deleting a policy.
public virtual object DeleteAllPolicyResources { get; set; }
Property Value
System.Object
Remarks
If true
, Firewall Manager performs cleanup according to the policy type.
ExcludeMap
Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy.
public virtual object ExcludeMap { get; set; }
Property Value
System.Object
ExcludeResourceTags
Used only when tags are specified in the ResourceTags
property.
public virtual object ExcludeResourceTags { get; set; }
Property Value
System.Object
IncludeMap
Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy.
public virtual object IncludeMap { get; set; }
Property Value
System.Object
PolicyDescription
Your description of the AWS Firewall Manager policy.
public virtual string PolicyDescription { get; set; }
Property Value
System.String
PolicyName
The name of the AWS Firewall Manager policy.
public virtual string PolicyName { get; set; }
Property Value
System.String
RemediationEnabled
Indicates if the policy should be automatically applied to new resources.
public virtual object RemediationEnabled { get; set; }
Property Value
System.Object
ResourcesCleanUp
Indicates whether AWS Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope.
public virtual object ResourcesCleanUp { get; set; }
Property Value
System.Object
ResourceSetIds
The unique identifiers of the resource sets used by the policy.
public virtual string[] ResourceSetIds { get; set; }
Property Value
System.String[]
ResourceTags
An array of ResourceTag
objects, used to explicitly include resources in the policy scope or explicitly exclude them.
public virtual object ResourceTags { get; set; }
Property Value
System.Object
ResourceType
The type of resource protected by or in scope of the policy.
public virtual string ResourceType { get; set; }
Property Value
System.String
ResourceTypeList
An array of ResourceType
objects.
public virtual string[] ResourceTypeList { get; set; }
Property Value
System.String[]
SecurityServicePolicyData
Details about the security service that is being used to protect the resources.
public virtual object SecurityServicePolicyData { get; set; }
Property Value
System.Object
Tags
A collection of key:value pairs associated with an AWS resource.
public virtual CfnPolicy.IPolicyTagProperty[] Tags { get; set; }
Property Value
CfnPolicy.IPolicyTagProperty[]
Methods
Inspect(TreeInspector)
Examines the CloudFormation resource and discloses attributes.
public virtual void Inspect(TreeInspector inspector)
Parameters
- inspector TreeInspector
tree inspector to collect and process attributes.
RenderProperties(IDictionary<String, Object>)
protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)
Parameters
- props System.Collections.Generic.IDictionary<System.String, System.Object>
Returns
System.Collections.Generic.IDictionary<System.String, System.Object>