Describes a remediation action target.

An individual Firewall Manager application.

An Firewall Manager applications list.

Details of the Firewall Manager applications list.

Violation detail for an EC2 instance resource.

Violation detail for network interfaces associated with an EC2 instance.

Violation detail for the rule violation in a security group when compared to the primary security group of the Firewall Manager policy.

Details of the resource that is not protected by the policy.

A resource in the organization that's available to be associated with a Firewall Manager resource set.

A DNS Firewall rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.

The VPC that Firewall Manager was applying a DNS Fireall policy to reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed due to the limit.

A rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.

The action of associating an EC2 resource, such as a subnet or internet gateway, with a route table.

An action that copies the EC2 route table for use in remediation.

Information about the CreateRoute action in Amazon EC2.

Information about the CreateRouteTable action in Amazon EC2.

Information about the DeleteRoute action in Amazon EC2.

Information about the ReplaceRoute action in Amazon EC2.

Information about the ReplaceRouteTableAssociation action in Amazon EC2.

Describes the compliance status for the account. An account is considered noncompliant if it includes resources that are not protected by the specified policy or that don't comply with the policy.

Information about the expected route in the route table.

Details of a resource that failed when trying to update it's association to a resource set.

Contains details about the firewall subnet that violates the policy scope.

The violation details for a firewall subnet's VPC endpoint that's deleted or missing.

Contains information about the actions that you can take to remediate scope violations caused by your policy's FirewallCreationConfig. FirewallCreationConfig is an optional configuration that you can use to choose which Availability Zones Firewall Manager creates Network Firewall endpoints in.

Violation detail for an internet gateway route with an inactive state in the customer subnet route table or Network Firewall subnet route table.

Violation detail for the subnet for which internet traffic that hasn't been inspected.

Violation detail for the improperly configured subnet route. It's possible there is a missing route table route, or a configuration that causes traffic to cross an Availability Zone boundary.

Violation detail for an expected route missing in Network Firewall.

Violation detail for Network Firewall for a subnet that's not associated to the expected Firewall Manager managed route table.

Violation detail for Network Firewall for a subnet that doesn't have a Firewall Manager managed firewall in its VPC.

Violation detail for Network Firewall for an Availability Zone that's missing the expected Firewall Manager managed subnet.

Configures the firewall policy deployment model of Network Firewall. For information about Network Firewall deployment models, see Network Firewall example architectures with routing in the Network Firewall Developer Guide.

The definition of the Network Firewall firewall policy.

Violation detail for Network Firewall for a firewall policy that has a different "NetworkFirewallPolicyDescription" than is required by the Firewall Manager policy.

The setting that allows the policy owner to change the behavior of the rule group within a policy.

Violation detail for an unexpected route that's present in a route table.

Violation detail for an unexpected gateway route that’s present in a route table.

The reference rule that partially matches the ViolationTarget rule and violation reason.

An Firewall Manager policy.

Describes the noncompliant resources in a member account for a specific Firewall Manager policy. A maximum of 100 entries are displayed. If more than 100 resources are noncompliant, EvaluationLimitExceeded is set to True.

Indicates whether the account is compliant with the specified policy. An account is considered noncompliant if it includes resources that are not protected by the policy, for WAF and Shield Advanced policies, or that are noncompliant with the policy, for security group policies.

Contains the Network Firewall firewall policy options to configure the policy's deployment model and third-party firewall policy settings.

Details of the Firewall Manager policy.

A list of remediation actions.

A list of possible remediation action lists. Each individual possible remediation action is a list of individual remediation actions.

An Firewall Manager protocols list.

Details of the Firewall Manager protocols list.

Information about an individual action you can take to remediate a violation.

An ordered list of actions you can take to remediate a violation.

Details of a resource that is associated to an Firewall Manager resource set.

A set of resources to include in a policy.

Summarizes the resource sets used in a policy.

The resource tags that Firewall Manager uses to determine if a particular resource should be included or excluded from the Firewall Manager policy. Tags enable you to categorize your Amazon Web Services resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value. Firewall Manager combines the tags with "AND" so that, if you add more than one tag to a policy scope, a resource must have all the specified tags to be included or excluded. For more information, see Working with Tag Editor.

Violation detail based on resource type.

Describes a route in a route table.

Contains details about the route endpoint that violates the policy scope.

Remediation option for the rule specified in the ViolationTarget.

Describes a set of permissions for a security group rule.

Details about the security service that is being used to protect the resources.

Configuration settings for the handling of the stateful rule groups in a Network Firewall firewall policy.

Network Firewall stateful rule group, used in a "NetworkFirewallPolicyDescription".

Network Firewall stateless rule group, used in a "NetworkFirewallPolicyDescription".

A collection of key:value pairs associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each Amazon Web Services resource.

Configures the third-party firewall's firewall policy.

The violation details for a third-party firewall that's not associated with an Firewall Manager managed route table.

The violation details about a third-party firewall's subnet that doesn't have a Firewall Manager managed firewall in its VPC.

The violation details for a third-party firewall for an Availability Zone that's missing the Firewall Manager managed subnet.

Configures the deployment model for the third-party firewall.

Violations for a resource based on the specified Firewall Manager policy and Amazon Web Services account.