ResourceViolation - Amazon Firewall Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

ResourceViolation

Violation detail based on resource type.

Contents

AwsEc2InstanceViolation

Violation detail for an EC2 instance.

Type: AwsEc2InstanceViolation object

Required: No

AwsEc2NetworkInterfaceViolation

Violation detail for a network interface.

Type: AwsEc2NetworkInterfaceViolation object

Required: No

AwsVPCSecurityGroupViolation

Violation detail for security groups.

Type: AwsVPCSecurityGroupViolation object

Required: No

DnsDuplicateRuleGroupViolation

Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.

Type: DnsDuplicateRuleGroupViolation object

Required: No

DnsRuleGroupLimitExceededViolation

Violation detail for a DNS Firewall policy that indicates that the VPC reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed.

Type: DnsRuleGroupLimitExceededViolation object

Required: No

DnsRuleGroupPriorityConflictViolation

Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.

Type: DnsRuleGroupPriorityConflictViolation object

Required: No

FirewallSubnetIsOutOfScopeViolation

Contains details about the firewall subnet that violates the policy scope.

Type: FirewallSubnetIsOutOfScopeViolation object

Required: No

FirewallSubnetMissingVPCEndpointViolation

The violation details for a third-party firewall's VPC endpoint subnet that was deleted.

Type: FirewallSubnetMissingVPCEndpointViolation object

Required: No

InvalidNetworkAclEntriesViolation

Violation detail for the entries in a network ACL resource.

Type: InvalidNetworkAclEntriesViolation object

Required: No

NetworkFirewallBlackHoleRouteDetectedViolation

Violation detail for an internet gateway route with an inactive state in the customer subnet route table or Network Firewall subnet route table.

Type: NetworkFirewallBlackHoleRouteDetectedViolation object

Required: No

NetworkFirewallInternetTrafficNotInspectedViolation

Violation detail for the subnet for which internet traffic hasn't been inspected.

Type: NetworkFirewallInternetTrafficNotInspectedViolation object

Required: No

NetworkFirewallInvalidRouteConfigurationViolation

The route configuration is invalid.

Type: NetworkFirewallInvalidRouteConfigurationViolation object

Required: No

NetworkFirewallMissingExpectedRoutesViolation

Expected routes are missing from Amazon Network Firewall.

Type: NetworkFirewallMissingExpectedRoutesViolation object

Required: No

NetworkFirewallMissingExpectedRTViolation

Violation detail for an Network Firewall policy that indicates that a subnet is not associated with the expected Firewall Manager managed route table.

Type: NetworkFirewallMissingExpectedRTViolation object

Required: No

NetworkFirewallMissingFirewallViolation

Violation detail for an Network Firewall policy that indicates that a subnet has no Firewall Manager managed firewall in its VPC.

Type: NetworkFirewallMissingFirewallViolation object

Required: No

NetworkFirewallMissingSubnetViolation

Violation detail for an Network Firewall policy that indicates that an Availability Zone is missing the expected Firewall Manager managed subnet.

Type: NetworkFirewallMissingSubnetViolation object

Required: No

NetworkFirewallPolicyModifiedViolation

Violation detail for an Network Firewall policy that indicates that a firewall policy in an individual account has been modified in a way that makes it noncompliant. For example, the individual account owner might have deleted a rule group, changed the priority of a stateless rule group, or changed a policy default action.

Type: NetworkFirewallPolicyModifiedViolation object

Required: No

NetworkFirewallUnexpectedFirewallRoutesViolation

There's an unexpected firewall route.

Type: NetworkFirewallUnexpectedFirewallRoutesViolation object

Required: No

NetworkFirewallUnexpectedGatewayRoutesViolation

There's an unexpected gateway route.

Type: NetworkFirewallUnexpectedGatewayRoutesViolation object

Required: No

PossibleRemediationActions

A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.

Type: PossibleRemediationActions object

Required: No

RouteHasOutOfScopeEndpointViolation

Contains details about the route endpoint that violates the policy scope.

Type: RouteHasOutOfScopeEndpointViolation object

Required: No

ThirdPartyFirewallMissingExpectedRouteTableViolation

The violation details for a third-party firewall that has the Firewall Manager managed route table that was associated with the third-party firewall has been deleted.

Type: ThirdPartyFirewallMissingExpectedRouteTableViolation object

Required: No

ThirdPartyFirewallMissingFirewallViolation

The violation details for a third-party firewall that's been deleted.

Type: ThirdPartyFirewallMissingFirewallViolation object

Required: No

ThirdPartyFirewallMissingSubnetViolation

The violation details for a third-party firewall's subnet that's been deleted.

Type: ThirdPartyFirewallMissingSubnetViolation object

Required: No

WebACLHasIncompatibleConfigurationViolation

The violation details for a web ACL whose configuration is incompatible with the Firewall Manager policy.

Type: WebACLHasIncompatibleConfigurationViolation object

Required: No

WebACLHasOutOfScopeResourcesViolation

The violation details for a web ACL that's associated with at least one resource that's out of scope of the Firewall Manager policy.

Type: WebACLHasOutOfScopeResourcesViolation object

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: