ResourceViolation
Violation detail based on resource type.
Contents
- AwsEc2InstanceViolation
-
Violation detail for an EC2 instance.
Type: AwsEc2InstanceViolation object
Required: No
- AwsEc2NetworkInterfaceViolation
-
Violation detail for a network interface.
Type: AwsEc2NetworkInterfaceViolation object
Required: No
- AwsVPCSecurityGroupViolation
-
Violation detail for security groups.
Type: AwsVPCSecurityGroupViolation object
Required: No
- DnsDuplicateRuleGroupViolation
-
Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.
Type: DnsDuplicateRuleGroupViolation object
Required: No
- DnsRuleGroupLimitExceededViolation
-
Violation detail for a DNS Firewall policy that indicates that the VPC reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed.
Type: DnsRuleGroupLimitExceededViolation object
Required: No
- DnsRuleGroupPriorityConflictViolation
-
Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.
Type: DnsRuleGroupPriorityConflictViolation object
Required: No
- FirewallSubnetIsOutOfScopeViolation
-
Contains details about the firewall subnet that violates the policy scope.
Type: FirewallSubnetIsOutOfScopeViolation object
Required: No
- FirewallSubnetMissingVPCEndpointViolation
-
The violation details for a third-party firewall's VPC endpoint subnet that was deleted.
Type: FirewallSubnetMissingVPCEndpointViolation object
Required: No
- InvalidNetworkAclEntriesViolation
-
Violation detail for the entries in a network ACL resource.
Type: InvalidNetworkAclEntriesViolation object
Required: No
- NetworkFirewallBlackHoleRouteDetectedViolation
-
Violation detail for an internet gateway route with an inactive state in the customer subnet route table or Network Firewall subnet route table.
Type: NetworkFirewallBlackHoleRouteDetectedViolation object
Required: No
- NetworkFirewallInternetTrafficNotInspectedViolation
-
Violation detail for the subnet for which internet traffic hasn't been inspected.
Type: NetworkFirewallInternetTrafficNotInspectedViolation object
Required: No
- NetworkFirewallInvalidRouteConfigurationViolation
-
The route configuration is invalid.
Type: NetworkFirewallInvalidRouteConfigurationViolation object
Required: No
- NetworkFirewallMissingExpectedRoutesViolation
-
Expected routes are missing from Amazon Network Firewall.
Type: NetworkFirewallMissingExpectedRoutesViolation object
Required: No
- NetworkFirewallMissingExpectedRTViolation
-
Violation detail for an Network Firewall policy that indicates that a subnet is not associated with the expected Firewall Manager managed route table.
Type: NetworkFirewallMissingExpectedRTViolation object
Required: No
- NetworkFirewallMissingFirewallViolation
-
Violation detail for an Network Firewall policy that indicates that a subnet has no Firewall Manager managed firewall in its VPC.
Type: NetworkFirewallMissingFirewallViolation object
Required: No
- NetworkFirewallMissingSubnetViolation
-
Violation detail for an Network Firewall policy that indicates that an Availability Zone is missing the expected Firewall Manager managed subnet.
Type: NetworkFirewallMissingSubnetViolation object
Required: No
- NetworkFirewallPolicyModifiedViolation
-
Violation detail for an Network Firewall policy that indicates that a firewall policy in an individual account has been modified in a way that makes it noncompliant. For example, the individual account owner might have deleted a rule group, changed the priority of a stateless rule group, or changed a policy default action.
Type: NetworkFirewallPolicyModifiedViolation object
Required: No
- NetworkFirewallUnexpectedFirewallRoutesViolation
-
There's an unexpected firewall route.
Type: NetworkFirewallUnexpectedFirewallRoutesViolation object
Required: No
- NetworkFirewallUnexpectedGatewayRoutesViolation
-
There's an unexpected gateway route.
Type: NetworkFirewallUnexpectedGatewayRoutesViolation object
Required: No
- PossibleRemediationActions
-
A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.
Type: PossibleRemediationActions object
Required: No
- RouteHasOutOfScopeEndpointViolation
-
Contains details about the route endpoint that violates the policy scope.
Type: RouteHasOutOfScopeEndpointViolation object
Required: No
- ThirdPartyFirewallMissingExpectedRouteTableViolation
-
The violation details for a third-party firewall that has the Firewall Manager managed route table that was associated with the third-party firewall has been deleted.
Type: ThirdPartyFirewallMissingExpectedRouteTableViolation object
Required: No
- ThirdPartyFirewallMissingFirewallViolation
-
The violation details for a third-party firewall that's been deleted.
Type: ThirdPartyFirewallMissingFirewallViolation object
Required: No
- ThirdPartyFirewallMissingSubnetViolation
-
The violation details for a third-party firewall's subnet that's been deleted.
Type: ThirdPartyFirewallMissingSubnetViolation object
Required: No
- WebACLHasIncompatibleConfigurationViolation
-
The violation details for a web ACL whose configuration is incompatible with the Firewall Manager policy.
Type: WebACLHasIncompatibleConfigurationViolation object
Required: No
- WebACLHasOutOfScopeResourcesViolation
-
The violation details for a web ACL that's associated with at least one resource that's out of scope of the Firewall Manager policy.
Type: WebACLHasOutOfScopeResourcesViolation object
Required: No
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: