Describes a remediation action target.

An individual Firewall Manager application.

An Firewall Manager applications list.

Details of the Firewall Manager applications list.

Violation detail for an EC2 instance resource.

Violation detail for network interfaces associated with an EC2 instance.

Violation detail for the rule violation in a security group when compared to the primary security group of the Firewall Manager policy.

Details of the resource that is not protected by the policy.

A DNS Firewall rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.

The VPC that Firewall Manager was applying a DNS Fireall policy to reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed due to the limit.

A rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.

The action of associating an EC2 resource, such as a subnet or internet gateway, with a route table.

An action that copies the EC2 route table for use in remediation.

Information about the CreateRoute action in Amazon EC2.

Information about the CreateRouteTable action in Amazon EC2.

Information about the DeleteRoute action in Amazon EC2.

Information about the ReplaceRoute action in Amazon EC2.

Information about the ReplaceRouteTableAssociation action in Amazon EC2.

Describes the compliance status for the account. An account is considered noncompliant if it includes resources that are not protected by the specified policy or that don't comply with the policy.

Information about the expected route in the route table.

Violation detail for an internet gateway route with an inactive state in the customer subnet route table or Network Firewall subnet route table.

Violation detail for the subnet for which internet traffic that hasn't been inspected.

Violation detail for the improperly configured subnet route. It's possible there is a missing route table route, or a configuration that causes traffic to cross an Availability Zone boundary.

Violation detail for an expected route missing in Network Firewall.

Violation detail for Network Firewall for a subnet that's not associated to the expected Firewall Manager managed route table.

Violation detail for Network Firewall for a subnet that doesn't have a Firewall Manager managed firewall in its VPC.

Violation detail for Network Firewall for an Availability Zone that's missing the expected Firewall Manager managed subnet.

The definition of the Network Firewall firewall policy.

Violation detail for Network Firewall for a firewall policy that has a different "NetworkFirewallPolicyDescription" than is required by the Firewall Manager policy.

Violation detail for an unexpected route that's present in a route table.

Violation detail for an unexpected gateway route that’s present in a route table.

The reference rule that partially matches the ViolationTarget rule and violation reason.

An Firewall Manager policy.

Describes the noncompliant resources in a member account for a specific Firewall Manager policy. A maximum of 100 entries are displayed. If more than 100 resources are noncompliant, EvaluationLimitExceeded is set to True.

Indicates whether the account is compliant with the specified policy. An account is considered noncompliant if it includes resources that are not protected by the policy, for WAF and Shield Advanced policies, or that are noncompliant with the policy, for security group policies.

Details of the Firewall Manager policy.

A list of remediation actions.

A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.

An Firewall Manager protocols list.

Details of the Firewall Manager protocols list.

Information about an individual action you can take to remediate a violation.

An ordered list of actions you can take to remediate a violation.

The resource tags that Firewall Manager uses to determine if a particular resource should be included or excluded from the Firewall Manager policy. Tags enable you to categorize your Amazon Web Services resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value. Firewall Manager combines the tags with "AND" so that, if you add more than one tag to a policy scope, a resource must have all the specified tags to be included or excluded. For more information, see Working with Tag Editor.

Violation detail based on resource type.

Describes a route in a route table.

Remediation option for the rule specified in the ViolationTarget.

Describes a set of permissions for a security group rule.

Details about the security service that is being used to protect the resources.

Network Firewall stateful rule group, used in a "NetworkFirewallPolicyDescription".

Network Firewall stateless rule group, used in a "NetworkFirewallPolicyDescription".

A collection of key:value pairs associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each Amazon Web Services resource.

Violations for a resource based on the specified Firewall Manager policy and Amazon Web Services account.