Get Violation Details
| fms_get_violation_details | R Documentation |
Retrieves violations for a resource based on the specified Firewall Manager policy and Amazon Web Services account¶
Description¶
Retrieves violations for a resource based on the specified Firewall Manager policy and Amazon Web Services account.
Usage¶
Arguments¶
PolicyId[required] The ID of the Firewall Manager policy that you want the details for. You can get violation details for the following policy types:
DNS Firewall
Imported Network Firewall
Network Firewall
Security group content audit
Network ACL
Third-party firewall
MemberAccount[required] The Amazon Web Services account ID that you want the details for.
ResourceId[required] The ID of the resource that has violations.
ResourceType[required] The resource type. This is in the format shown in the Amazon Web Services Resource Types Reference. Supported resource types are:
AWS::EC2::Instance,AWS::EC2::NetworkInterface,AWS::EC2::SecurityGroup,AWS::NetworkFirewall::FirewallPolicy, andAWS::EC2::Subnet.
Value¶
A list with the following syntax:
list(
ViolationDetail = list(
PolicyId = "string",
MemberAccount = "string",
ResourceId = "string",
ResourceType = "string",
ResourceViolations = list(
list(
AwsVPCSecurityGroupViolation = list(
ViolationTarget = "string",
ViolationTargetDescription = "string",
PartialMatches = list(
list(
Reference = "string",
TargetViolationReasons = list(
"string"
)
)
),
PossibleSecurityGroupRemediationActions = list(
list(
RemediationActionType = "REMOVE"|"MODIFY",
Description = "string",
RemediationResult = list(
IPV4Range = "string",
IPV6Range = "string",
PrefixListId = "string",
Protocol = "string",
FromPort = 123,
ToPort = 123
),
IsDefaultAction = TRUE|FALSE
)
)
),
AwsEc2NetworkInterfaceViolation = list(
ViolationTarget = "string",
ViolatingSecurityGroups = list(
"string"
)
),
AwsEc2InstanceViolation = list(
ViolationTarget = "string",
AwsEc2NetworkInterfaceViolations = list(
list(
ViolationTarget = "string",
ViolatingSecurityGroups = list(
"string"
)
)
)
),
NetworkFirewallMissingFirewallViolation = list(
ViolationTarget = "string",
VPC = "string",
AvailabilityZone = "string",
TargetViolationReason = "string"
),
NetworkFirewallMissingSubnetViolation = list(
ViolationTarget = "string",
VPC = "string",
AvailabilityZone = "string",
TargetViolationReason = "string"
),
NetworkFirewallMissingExpectedRTViolation = list(
ViolationTarget = "string",
VPC = "string",
AvailabilityZone = "string",
CurrentRouteTable = "string",
ExpectedRouteTable = "string"
),
NetworkFirewallPolicyModifiedViolation = list(
ViolationTarget = "string",
CurrentPolicyDescription = list(
StatelessRuleGroups = list(
list(
RuleGroupName = "string",
ResourceId = "string",
Priority = 123
)
),
StatelessDefaultActions = list(
"string"
),
StatelessFragmentDefaultActions = list(
"string"
),
StatelessCustomActions = list(
"string"
),
StatefulRuleGroups = list(
list(
RuleGroupName = "string",
ResourceId = "string",
Priority = 123,
Override = list(
Action = "DROP_TO_ALERT"
)
)
),
StatefulDefaultActions = list(
"string"
),
StatefulEngineOptions = list(
RuleOrder = "STRICT_ORDER"|"DEFAULT_ACTION_ORDER",
StreamExceptionPolicy = "DROP"|"CONTINUE"|"REJECT"|"FMS_IGNORE"
)
),
ExpectedPolicyDescription = list(
StatelessRuleGroups = list(
list(
RuleGroupName = "string",
ResourceId = "string",
Priority = 123
)
),
StatelessDefaultActions = list(
"string"
),
StatelessFragmentDefaultActions = list(
"string"
),
StatelessCustomActions = list(
"string"
),
StatefulRuleGroups = list(
list(
RuleGroupName = "string",
ResourceId = "string",
Priority = 123,
Override = list(
Action = "DROP_TO_ALERT"
)
)
),
StatefulDefaultActions = list(
"string"
),
StatefulEngineOptions = list(
RuleOrder = "STRICT_ORDER"|"DEFAULT_ACTION_ORDER",
StreamExceptionPolicy = "DROP"|"CONTINUE"|"REJECT"|"FMS_IGNORE"
)
)
),
NetworkFirewallInternetTrafficNotInspectedViolation = list(
SubnetId = "string",
SubnetAvailabilityZone = "string",
RouteTableId = "string",
ViolatingRoutes = list(
list(
DestinationType = "IPV4"|"IPV6"|"PREFIX_LIST",
TargetType = "GATEWAY"|"CARRIER_GATEWAY"|"INSTANCE"|"LOCAL_GATEWAY"|"NAT_GATEWAY"|"NETWORK_INTERFACE"|"VPC_ENDPOINT"|"VPC_PEERING_CONNECTION"|"EGRESS_ONLY_INTERNET_GATEWAY"|"TRANSIT_GATEWAY",
Destination = "string",
Target = "string"
)
),
IsRouteTableUsedInDifferentAZ = TRUE|FALSE,
CurrentFirewallSubnetRouteTable = "string",
ExpectedFirewallEndpoint = "string",
FirewallSubnetId = "string",
ExpectedFirewallSubnetRoutes = list(
list(
IpV4Cidr = "string",
PrefixListId = "string",
IpV6Cidr = "string",
ContributingSubnets = list(
"string"
),
AllowedTargets = list(
"string"
),
RouteTableId = "string"
)
),
ActualFirewallSubnetRoutes = list(
list(
DestinationType = "IPV4"|"IPV6"|"PREFIX_LIST",
TargetType = "GATEWAY"|"CARRIER_GATEWAY"|"INSTANCE"|"LOCAL_GATEWAY"|"NAT_GATEWAY"|"NETWORK_INTERFACE"|"VPC_ENDPOINT"|"VPC_PEERING_CONNECTION"|"EGRESS_ONLY_INTERNET_GATEWAY"|"TRANSIT_GATEWAY",
Destination = "string",
Target = "string"
)
),
InternetGatewayId = "string",
CurrentInternetGatewayRouteTable = "string",
ExpectedInternetGatewayRoutes = list(
list(
IpV4Cidr = "string",
PrefixListId = "string",
IpV6Cidr = "string",
ContributingSubnets = list(
"string"
),
AllowedTargets = list(
"string"
),
RouteTableId = "string"
)
),
ActualInternetGatewayRoutes = list(
list(
DestinationType = "IPV4"|"IPV6"|"PREFIX_LIST",
TargetType = "GATEWAY"|"CARRIER_GATEWAY"|"INSTANCE"|"LOCAL_GATEWAY"|"NAT_GATEWAY"|"NETWORK_INTERFACE"|"VPC_ENDPOINT"|"VPC_PEERING_CONNECTION"|"EGRESS_ONLY_INTERNET_GATEWAY"|"TRANSIT_GATEWAY",
Destination = "string",
Target = "string"
)
),
VpcId = "string"
),
NetworkFirewallInvalidRouteConfigurationViolation = list(
AffectedSubnets = list(
"string"
),
RouteTableId = "string",
IsRouteTableUsedInDifferentAZ = TRUE|FALSE,
ViolatingRoute = list(
DestinationType = "IPV4"|"IPV6"|"PREFIX_LIST",
TargetType = "GATEWAY"|"CARRIER_GATEWAY"|"INSTANCE"|"LOCAL_GATEWAY"|"NAT_GATEWAY"|"NETWORK_INTERFACE"|"VPC_ENDPOINT"|"VPC_PEERING_CONNECTION"|"EGRESS_ONLY_INTERNET_GATEWAY"|"TRANSIT_GATEWAY",
Destination = "string",
Target = "string"
),
CurrentFirewallSubnetRouteTable = "string",
ExpectedFirewallEndpoint = "string",
ActualFirewallEndpoint = "string",
ExpectedFirewallSubnetId = "string",
ActualFirewallSubnetId = "string",
ExpectedFirewallSubnetRoutes = list(
list(
IpV4Cidr = "string",
PrefixListId = "string",
IpV6Cidr = "string",
ContributingSubnets = list(
"string"
),
AllowedTargets = list(
"string"
),
RouteTableId = "string"
)
),
ActualFirewallSubnetRoutes = list(
list(
DestinationType = "IPV4"|"IPV6"|"PREFIX_LIST",
TargetType = "GATEWAY"|"CARRIER_GATEWAY"|"INSTANCE"|"LOCAL_GATEWAY"|"NAT_GATEWAY"|"NETWORK_INTERFACE"|"VPC_ENDPOINT"|"VPC_PEERING_CONNECTION"|"EGRESS_ONLY_INTERNET_GATEWAY"|"TRANSIT_GATEWAY",
Destination = "string",
Target = "string"
)
),
InternetGatewayId = "string",
CurrentInternetGatewayRouteTable = "string",
ExpectedInternetGatewayRoutes = list(
list(
IpV4Cidr = "string",
PrefixListId = "string",
IpV6Cidr = "string",
ContributingSubnets = list(
"string"
),
AllowedTargets = list(
"string"
),
RouteTableId = "string"
)
),
ActualInternetGatewayRoutes = list(
list(
DestinationType = "IPV4"|"IPV6"|"PREFIX_LIST",
TargetType = "GATEWAY"|"CARRIER_GATEWAY"|"INSTANCE"|"LOCAL_GATEWAY"|"NAT_GATEWAY"|"NETWORK_INTERFACE"|"VPC_ENDPOINT"|"VPC_PEERING_CONNECTION"|"EGRESS_ONLY_INTERNET_GATEWAY"|"TRANSIT_GATEWAY",
Destination = "string",
Target = "string"
)
),
VpcId = "string"
),
NetworkFirewallBlackHoleRouteDetectedViolation = list(
ViolationTarget = "string",
RouteTableId = "string",
VpcId = "string",
ViolatingRoutes = list(
list(
DestinationType = "IPV4"|"IPV6"|"PREFIX_LIST",
TargetType = "GATEWAY"|"CARRIER_GATEWAY"|"INSTANCE"|"LOCAL_GATEWAY"|"NAT_GATEWAY"|"NETWORK_INTERFACE"|"VPC_ENDPOINT"|"VPC_PEERING_CONNECTION"|"EGRESS_ONLY_INTERNET_GATEWAY"|"TRANSIT_GATEWAY",
Destination = "string",
Target = "string"
)
)
),
NetworkFirewallUnexpectedFirewallRoutesViolation = list(
FirewallSubnetId = "string",
ViolatingRoutes = list(
list(
DestinationType = "IPV4"|"IPV6"|"PREFIX_LIST",
TargetType = "GATEWAY"|"CARRIER_GATEWAY"|"INSTANCE"|"LOCAL_GATEWAY"|"NAT_GATEWAY"|"NETWORK_INTERFACE"|"VPC_ENDPOINT"|"VPC_PEERING_CONNECTION"|"EGRESS_ONLY_INTERNET_GATEWAY"|"TRANSIT_GATEWAY",
Destination = "string",
Target = "string"
)
),
RouteTableId = "string",
FirewallEndpoint = "string",
VpcId = "string"
),
NetworkFirewallUnexpectedGatewayRoutesViolation = list(
GatewayId = "string",
ViolatingRoutes = list(
list(
DestinationType = "IPV4"|"IPV6"|"PREFIX_LIST",
TargetType = "GATEWAY"|"CARRIER_GATEWAY"|"INSTANCE"|"LOCAL_GATEWAY"|"NAT_GATEWAY"|"NETWORK_INTERFACE"|"VPC_ENDPOINT"|"VPC_PEERING_CONNECTION"|"EGRESS_ONLY_INTERNET_GATEWAY"|"TRANSIT_GATEWAY",
Destination = "string",
Target = "string"
)
),
RouteTableId = "string",
VpcId = "string"
),
NetworkFirewallMissingExpectedRoutesViolation = list(
ViolationTarget = "string",
ExpectedRoutes = list(
list(
IpV4Cidr = "string",
PrefixListId = "string",
IpV6Cidr = "string",
ContributingSubnets = list(
"string"
),
AllowedTargets = list(
"string"
),
RouteTableId = "string"
)
),
VpcId = "string"
),
DnsRuleGroupPriorityConflictViolation = list(
ViolationTarget = "string",
ViolationTargetDescription = "string",
ConflictingPriority = 123,
ConflictingPolicyId = "string",
UnavailablePriorities = list(
123
)
),
DnsDuplicateRuleGroupViolation = list(
ViolationTarget = "string",
ViolationTargetDescription = "string"
),
DnsRuleGroupLimitExceededViolation = list(
ViolationTarget = "string",
ViolationTargetDescription = "string",
NumberOfRuleGroupsAlreadyAssociated = 123
),
FirewallSubnetIsOutOfScopeViolation = list(
FirewallSubnetId = "string",
VpcId = "string",
SubnetAvailabilityZone = "string",
SubnetAvailabilityZoneId = "string",
VpcEndpointId = "string"
),
RouteHasOutOfScopeEndpointViolation = list(
SubnetId = "string",
VpcId = "string",
RouteTableId = "string",
ViolatingRoutes = list(
list(
DestinationType = "IPV4"|"IPV6"|"PREFIX_LIST",
TargetType = "GATEWAY"|"CARRIER_GATEWAY"|"INSTANCE"|"LOCAL_GATEWAY"|"NAT_GATEWAY"|"NETWORK_INTERFACE"|"VPC_ENDPOINT"|"VPC_PEERING_CONNECTION"|"EGRESS_ONLY_INTERNET_GATEWAY"|"TRANSIT_GATEWAY",
Destination = "string",
Target = "string"
)
),
SubnetAvailabilityZone = "string",
SubnetAvailabilityZoneId = "string",
CurrentFirewallSubnetRouteTable = "string",
FirewallSubnetId = "string",
FirewallSubnetRoutes = list(
list(
DestinationType = "IPV4"|"IPV6"|"PREFIX_LIST",
TargetType = "GATEWAY"|"CARRIER_GATEWAY"|"INSTANCE"|"LOCAL_GATEWAY"|"NAT_GATEWAY"|"NETWORK_INTERFACE"|"VPC_ENDPOINT"|"VPC_PEERING_CONNECTION"|"EGRESS_ONLY_INTERNET_GATEWAY"|"TRANSIT_GATEWAY",
Destination = "string",
Target = "string"
)
),
InternetGatewayId = "string",
CurrentInternetGatewayRouteTable = "string",
InternetGatewayRoutes = list(
list(
DestinationType = "IPV4"|"IPV6"|"PREFIX_LIST",
TargetType = "GATEWAY"|"CARRIER_GATEWAY"|"INSTANCE"|"LOCAL_GATEWAY"|"NAT_GATEWAY"|"NETWORK_INTERFACE"|"VPC_ENDPOINT"|"VPC_PEERING_CONNECTION"|"EGRESS_ONLY_INTERNET_GATEWAY"|"TRANSIT_GATEWAY",
Destination = "string",
Target = "string"
)
)
),
ThirdPartyFirewallMissingFirewallViolation = list(
ViolationTarget = "string",
VPC = "string",
AvailabilityZone = "string",
TargetViolationReason = "string"
),
ThirdPartyFirewallMissingSubnetViolation = list(
ViolationTarget = "string",
VPC = "string",
AvailabilityZone = "string",
TargetViolationReason = "string"
),
ThirdPartyFirewallMissingExpectedRouteTableViolation = list(
ViolationTarget = "string",
VPC = "string",
AvailabilityZone = "string",
CurrentRouteTable = "string",
ExpectedRouteTable = "string"
),
FirewallSubnetMissingVPCEndpointViolation = list(
FirewallSubnetId = "string",
VpcId = "string",
SubnetAvailabilityZone = "string",
SubnetAvailabilityZoneId = "string"
),
InvalidNetworkAclEntriesViolation = list(
Vpc = "string",
Subnet = "string",
SubnetAvailabilityZone = "string",
CurrentAssociatedNetworkAcl = "string",
EntryViolations = list(
list(
ExpectedEntry = list(
EntryDetail = list(
IcmpTypeCode = list(
Code = 123,
Type = 123
),
Protocol = "string",
PortRange = list(
From = 123,
To = 123
),
CidrBlock = "string",
Ipv6CidrBlock = "string",
RuleAction = "allow"|"deny",
Egress = TRUE|FALSE
),
EntryRuleNumber = 123,
EntryType = "FMS_MANAGED_FIRST_ENTRY"|"FMS_MANAGED_LAST_ENTRY"|"CUSTOM_ENTRY"
),
ExpectedEvaluationOrder = "string",
ActualEvaluationOrder = "string",
EntryAtExpectedEvaluationOrder = list(
EntryDetail = list(
IcmpTypeCode = list(
Code = 123,
Type = 123
),
Protocol = "string",
PortRange = list(
From = 123,
To = 123
),
CidrBlock = "string",
Ipv6CidrBlock = "string",
RuleAction = "allow"|"deny",
Egress = TRUE|FALSE
),
EntryRuleNumber = 123,
EntryType = "FMS_MANAGED_FIRST_ENTRY"|"FMS_MANAGED_LAST_ENTRY"|"CUSTOM_ENTRY"
),
EntriesWithConflicts = list(
list(
EntryDetail = list(
IcmpTypeCode = list(
Code = 123,
Type = 123
),
Protocol = "string",
PortRange = list(
From = 123,
To = 123
),
CidrBlock = "string",
Ipv6CidrBlock = "string",
RuleAction = "allow"|"deny",
Egress = TRUE|FALSE
),
EntryRuleNumber = 123,
EntryType = "FMS_MANAGED_FIRST_ENTRY"|"FMS_MANAGED_LAST_ENTRY"|"CUSTOM_ENTRY"
)
),
EntryViolationReasons = list(
"MISSING_EXPECTED_ENTRY"|"INCORRECT_ENTRY_ORDER"|"ENTRY_CONFLICT"
)
)
)
),
PossibleRemediationActions = list(
Description = "string",
Actions = list(
list(
Description = "string",
OrderedRemediationActions = list(
list(
RemediationAction = list(
Description = "string",
EC2CreateRouteAction = list(
Description = "string",
DestinationCidrBlock = "string",
DestinationPrefixListId = "string",
DestinationIpv6CidrBlock = "string",
VpcEndpointId = list(
ResourceId = "string",
Description = "string"
),
GatewayId = list(
ResourceId = "string",
Description = "string"
),
RouteTableId = list(
ResourceId = "string",
Description = "string"
)
),
EC2ReplaceRouteAction = list(
Description = "string",
DestinationCidrBlock = "string",
DestinationPrefixListId = "string",
DestinationIpv6CidrBlock = "string",
GatewayId = list(
ResourceId = "string",
Description = "string"
),
RouteTableId = list(
ResourceId = "string",
Description = "string"
)
),
EC2DeleteRouteAction = list(
Description = "string",
DestinationCidrBlock = "string",
DestinationPrefixListId = "string",
DestinationIpv6CidrBlock = "string",
RouteTableId = list(
ResourceId = "string",
Description = "string"
)
),
EC2CopyRouteTableAction = list(
Description = "string",
VpcId = list(
ResourceId = "string",
Description = "string"
),
RouteTableId = list(
ResourceId = "string",
Description = "string"
)
),
EC2ReplaceRouteTableAssociationAction = list(
Description = "string",
AssociationId = list(
ResourceId = "string",
Description = "string"
),
RouteTableId = list(
ResourceId = "string",
Description = "string"
)
),
EC2AssociateRouteTableAction = list(
Description = "string",
RouteTableId = list(
ResourceId = "string",
Description = "string"
),
SubnetId = list(
ResourceId = "string",
Description = "string"
),
GatewayId = list(
ResourceId = "string",
Description = "string"
)
),
EC2CreateRouteTableAction = list(
Description = "string",
VpcId = list(
ResourceId = "string",
Description = "string"
)
),
FMSPolicyUpdateFirewallCreationConfigAction = list(
Description = "string",
FirewallCreationConfig = "string"
),
CreateNetworkAclAction = list(
Description = "string",
Vpc = list(
ResourceId = "string",
Description = "string"
),
FMSCanRemediate = TRUE|FALSE
),
ReplaceNetworkAclAssociationAction = list(
Description = "string",
AssociationId = list(
ResourceId = "string",
Description = "string"
),
NetworkAclId = list(
ResourceId = "string",
Description = "string"
),
FMSCanRemediate = TRUE|FALSE
),
CreateNetworkAclEntriesAction = list(
Description = "string",
NetworkAclId = list(
ResourceId = "string",
Description = "string"
),
NetworkAclEntriesToBeCreated = list(
list(
EntryDetail = list(
IcmpTypeCode = list(
Code = 123,
Type = 123
),
Protocol = "string",
PortRange = list(
From = 123,
To = 123
),
CidrBlock = "string",
Ipv6CidrBlock = "string",
RuleAction = "allow"|"deny",
Egress = TRUE|FALSE
),
EntryRuleNumber = 123,
EntryType = "FMS_MANAGED_FIRST_ENTRY"|"FMS_MANAGED_LAST_ENTRY"|"CUSTOM_ENTRY"
)
),
FMSCanRemediate = TRUE|FALSE
),
DeleteNetworkAclEntriesAction = list(
Description = "string",
NetworkAclId = list(
ResourceId = "string",
Description = "string"
),
NetworkAclEntriesToBeDeleted = list(
list(
EntryDetail = list(
IcmpTypeCode = list(
Code = 123,
Type = 123
),
Protocol = "string",
PortRange = list(
From = 123,
To = 123
),
CidrBlock = "string",
Ipv6CidrBlock = "string",
RuleAction = "allow"|"deny",
Egress = TRUE|FALSE
),
EntryRuleNumber = 123,
EntryType = "FMS_MANAGED_FIRST_ENTRY"|"FMS_MANAGED_LAST_ENTRY"|"CUSTOM_ENTRY"
)
),
FMSCanRemediate = TRUE|FALSE
)
),
Order = 123
)
),
IsDefaultAction = TRUE|FALSE
)
)
)
)
),
ResourceTags = list(
list(
Key = "string",
Value = "string"
)
),
ResourceDescription = "string"
)
)