AWS Classic v6.42.0, Jun 26 24

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi

pulumi/pulumi-aws

aws.fms.Policy

Explore with Pulumi AI

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.42.0 published on Wednesday, Jun 26, 2024 by Pulumi

pulumi/pulumi-aws

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleRuleGroup = new aws.wafregional.RuleGroup("example", {
    metricName: "WAFRuleGroupExample",
    name: "WAF-Rule-Group-Example",
});
const example = new aws.fms.Policy("example", {
    name: "FMS-Policy-Example",
    excludeResourceTags: false,
    remediationEnabled: false,
    resourceType: "AWS::ElasticLoadBalancingV2::LoadBalancer",
    securityServicePolicyData: {
        type: "WAF",
        managedServiceData: pulumi.jsonStringify({
            type: "WAF",
            ruleGroups: [{
                id: exampleRuleGroup.id,
                overrideAction: {
                    type: "COUNT",
                },
            }],
            defaultAction: {
                type: "BLOCK",
            },
            overrideCustomerWebACLAssociation: false,
        }),
    },
    tags: {
        Name: "example-fms-policy",
    },
});

import pulumi
import json
import pulumi_aws as aws

example_rule_group = aws.wafregional.RuleGroup("example",
    metric_name="WAFRuleGroupExample",
    name="WAF-Rule-Group-Example")
example = aws.fms.Policy("example",
    name="FMS-Policy-Example",
    exclude_resource_tags=False,
    remediation_enabled=False,
    resource_type="AWS::ElasticLoadBalancingV2::LoadBalancer",
    security_service_policy_data={
        "type": "WAF",
        "managedServiceData": pulumi.Output.json_dumps({
            "type": "WAF",
            "ruleGroups": [{
                "id": example_rule_group.id,
                "overrideAction": {
                    "type": "COUNT",
                },
            }],
            "defaultAction": {
                "type": "BLOCK",
            },
            "overrideCustomerWebACLAssociation": False,
        }),
    },
    tags={
        "Name": "example-fms-policy",
    })

package main

import (
	"encoding/json"

	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/fms"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/wafregional"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleRuleGroup, err := wafregional.NewRuleGroup(ctx, "example", &wafregional.RuleGroupArgs{
			MetricName: pulumi.String("WAFRuleGroupExample"),
			Name:       pulumi.String("WAF-Rule-Group-Example"),
		})
		if err != nil {
			return err
		}
		_, err = fms.NewPolicy(ctx, "example", &fms.PolicyArgs{
			Name:                pulumi.String("FMS-Policy-Example"),
			ExcludeResourceTags: pulumi.Bool(false),
			RemediationEnabled:  pulumi.Bool(false),
			ResourceType:        pulumi.String("AWS::ElasticLoadBalancingV2::LoadBalancer"),
			SecurityServicePolicyData: &fms.PolicySecurityServicePolicyDataArgs{
				Type: pulumi.String("WAF"),
				ManagedServiceData: exampleRuleGroup.ID().ApplyT(func(id string) (pulumi.String, error) {
					var _zero pulumi.String
					tmpJSON0, err := json.Marshal(map[string]interface{}{
						"type": "WAF",
						"ruleGroups": []map[string]interface{}{
							map[string]interface{}{
								"id": id,
								"overrideAction": map[string]interface{}{
									"type": "COUNT",
								},
							},
						},
						"defaultAction": map[string]interface{}{
							"type": "BLOCK",
						},
						"overrideCustomerWebACLAssociation": false,
					})
					if err != nil {
						return _zero, err
					}
					json0 := string(tmpJSON0)
					return pulumi.String(json0), nil
				}).(pulumi.StringOutput),
			},
			Tags: pulumi.StringMap{
				"Name": pulumi.String("example-fms-policy"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var exampleRuleGroup = new Aws.WafRegional.RuleGroup("example", new()
    {
        MetricName = "WAFRuleGroupExample",
        Name = "WAF-Rule-Group-Example",
    });

    var example = new Aws.Fms.Policy("example", new()
    {
        Name = "FMS-Policy-Example",
        ExcludeResourceTags = false,
        RemediationEnabled = false,
        ResourceType = "AWS::ElasticLoadBalancingV2::LoadBalancer",
        SecurityServicePolicyData = new Aws.Fms.Inputs.PolicySecurityServicePolicyDataArgs
        {
            Type = "WAF",
            ManagedServiceData = Output.JsonSerialize(Output.Create(new Dictionary<string, object?>
            {
                ["type"] = "WAF",
                ["ruleGroups"] = new[]
                {
                    new Dictionary<string, object?>
                    {
                        ["id"] = exampleRuleGroup.Id,
                        ["overrideAction"] = new Dictionary<string, object?>
                        {
                            ["type"] = "COUNT",
                        },
                    },
                },
                ["defaultAction"] = new Dictionary<string, object?>
                {
                    ["type"] = "BLOCK",
                },
                ["overrideCustomerWebACLAssociation"] = false,
            })),
        },
        Tags = 
        {
            { "Name", "example-fms-policy" },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.wafregional.RuleGroup;
import com.pulumi.aws.wafregional.RuleGroupArgs;
import com.pulumi.aws.fms.Policy;
import com.pulumi.aws.fms.PolicyArgs;
import com.pulumi.aws.fms.inputs.PolicySecurityServicePolicyDataArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleRuleGroup = new RuleGroup("exampleRuleGroup", RuleGroupArgs.builder()
            .metricName("WAFRuleGroupExample")
            .name("WAF-Rule-Group-Example")
            .build());

        var example = new Policy("example", PolicyArgs.builder()
            .name("FMS-Policy-Example")
            .excludeResourceTags(false)
            .remediationEnabled(false)
            .resourceType("AWS::ElasticLoadBalancingV2::LoadBalancer")
            .securityServicePolicyData(PolicySecurityServicePolicyDataArgs.builder()
                .type("WAF")
                .managedServiceData(exampleRuleGroup.id().applyValue(id -> serializeJson(
                    jsonObject(
                        jsonProperty("type", "WAF"),
                        jsonProperty("ruleGroups", jsonArray(jsonObject(
                            jsonProperty("id", id),
                            jsonProperty("overrideAction", jsonObject(
                                jsonProperty("type", "COUNT")
                            ))
                        ))),
                        jsonProperty("defaultAction", jsonObject(
                            jsonProperty("type", "BLOCK")
                        )),
                        jsonProperty("overrideCustomerWebACLAssociation", false)
                    ))))
                .build())
            .tags(Map.of("Name", "example-fms-policy"))
            .build());

    }
}

resources:
  example:
    type: aws:fms:Policy
    properties:
      name: FMS-Policy-Example
      excludeResourceTags: false
      remediationEnabled: false
      resourceType: AWS::ElasticLoadBalancingV2::LoadBalancer
      securityServicePolicyData:
        type: WAF
        managedServiceData:
          fn::toJSON:
            type: WAF
            ruleGroups:
              - id: ${exampleRuleGroup.id}
                overrideAction:
                  type: COUNT
            defaultAction:
              type: BLOCK
            overrideCustomerWebACLAssociation: false
      tags:
        Name: example-fms-policy
  exampleRuleGroup:
    type: aws:wafregional:RuleGroup
    name: example
    properties:
      metricName: WAFRuleGroupExample
      name: WAF-Rule-Group-Example

Create Policy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Policy(name: string, args: PolicyArgs, opts?: CustomResourceOptions);

@overload
def Policy(resource_name: str,
           args: PolicyArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def Policy(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           exclude_resource_tags: Optional[bool] = None,
           security_service_policy_data: Optional[PolicySecurityServicePolicyDataArgs] = None,
           name: Optional[str] = None,
           exclude_map: Optional[PolicyExcludeMapArgs] = None,
           description: Optional[str] = None,
           include_map: Optional[PolicyIncludeMapArgs] = None,
           delete_all_policy_resources: Optional[bool] = None,
           remediation_enabled: Optional[bool] = None,
           resource_tags: Optional[Mapping[str, str]] = None,
           resource_type: Optional[str] = None,
           resource_type_lists: Optional[Sequence[str]] = None,
           delete_unused_fm_managed_resources: Optional[bool] = None,
           tags: Optional[Mapping[str, str]] = None)

func NewPolicy(ctx *Context, name string, args PolicyArgs, opts ...ResourceOption) (*Policy, error)

public Policy(string name, PolicyArgs args, CustomResourceOptions? opts = null)

public Policy(String name, PolicyArgs args)
public Policy(String name, PolicyArgs args, CustomResourceOptions options)

type: aws:fms:Policy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var examplepolicyResourceResourceFromFmspolicy = new Aws.Fms.Policy("examplepolicyResourceResourceFromFmspolicy", new()
{
    ExcludeResourceTags = false,
    SecurityServicePolicyData = new Aws.Fms.Inputs.PolicySecurityServicePolicyDataArgs
    {
        Type = "string",
        ManagedServiceData = "string",
        PolicyOption = new Aws.Fms.Inputs.PolicySecurityServicePolicyDataPolicyOptionArgs
        {
            NetworkFirewallPolicy = new Aws.Fms.Inputs.PolicySecurityServicePolicyDataPolicyOptionNetworkFirewallPolicyArgs
            {
                FirewallDeploymentModel = "string",
            },
            ThirdPartyFirewallPolicy = new Aws.Fms.Inputs.PolicySecurityServicePolicyDataPolicyOptionThirdPartyFirewallPolicyArgs
            {
                FirewallDeploymentModel = "string",
            },
        },
    },
    Name = "string",
    ExcludeMap = new Aws.Fms.Inputs.PolicyExcludeMapArgs
    {
        Accounts = new[]
        {
            "string",
        },
        Orgunits = new[]
        {
            "string",
        },
    },
    Description = "string",
    IncludeMap = new Aws.Fms.Inputs.PolicyIncludeMapArgs
    {
        Accounts = new[]
        {
            "string",
        },
        Orgunits = new[]
        {
            "string",
        },
    },
    DeleteAllPolicyResources = false,
    RemediationEnabled = false,
    ResourceTags = 
    {
        { "string", "string" },
    },
    ResourceType = "string",
    ResourceTypeLists = new[]
    {
        "string",
    },
    DeleteUnusedFmManagedResources = false,
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := fms.NewPolicy(ctx, "examplepolicyResourceResourceFromFmspolicy", &fms.PolicyArgs{
	ExcludeResourceTags: pulumi.Bool(false),
	SecurityServicePolicyData: &fms.PolicySecurityServicePolicyDataArgs{
		Type:               pulumi.String("string"),
		ManagedServiceData: pulumi.String("string"),
		PolicyOption: &fms.PolicySecurityServicePolicyDataPolicyOptionArgs{
			NetworkFirewallPolicy: &fms.PolicySecurityServicePolicyDataPolicyOptionNetworkFirewallPolicyArgs{
				FirewallDeploymentModel: pulumi.String("string"),
			},
			ThirdPartyFirewallPolicy: &fms.PolicySecurityServicePolicyDataPolicyOptionThirdPartyFirewallPolicyArgs{
				FirewallDeploymentModel: pulumi.String("string"),
			},
		},
	},
	Name: pulumi.String("string"),
	ExcludeMap: &fms.PolicyExcludeMapArgs{
		Accounts: pulumi.StringArray{
			pulumi.String("string"),
		},
		Orgunits: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	Description: pulumi.String("string"),
	IncludeMap: &fms.PolicyIncludeMapArgs{
		Accounts: pulumi.StringArray{
			pulumi.String("string"),
		},
		Orgunits: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	DeleteAllPolicyResources: pulumi.Bool(false),
	RemediationEnabled:       pulumi.Bool(false),
	ResourceTags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	ResourceType: pulumi.String("string"),
	ResourceTypeLists: pulumi.StringArray{
		pulumi.String("string"),
	},
	DeleteUnusedFmManagedResources: pulumi.Bool(false),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var examplepolicyResourceResourceFromFmspolicy = new Policy("examplepolicyResourceResourceFromFmspolicy", PolicyArgs.builder()
    .excludeResourceTags(false)
    .securityServicePolicyData(PolicySecurityServicePolicyDataArgs.builder()
        .type("string")
        .managedServiceData("string")
        .policyOption(PolicySecurityServicePolicyDataPolicyOptionArgs.builder()
            .networkFirewallPolicy(PolicySecurityServicePolicyDataPolicyOptionNetworkFirewallPolicyArgs.builder()
                .firewallDeploymentModel("string")
                .build())
            .thirdPartyFirewallPolicy(PolicySecurityServicePolicyDataPolicyOptionThirdPartyFirewallPolicyArgs.builder()
                .firewallDeploymentModel("string")
                .build())
            .build())
        .build())
    .name("string")
    .excludeMap(PolicyExcludeMapArgs.builder()
        .accounts("string")
        .orgunits("string")
        .build())
    .description("string")
    .includeMap(PolicyIncludeMapArgs.builder()
        .accounts("string")
        .orgunits("string")
        .build())
    .deleteAllPolicyResources(false)
    .remediationEnabled(false)
    .resourceTags(Map.of("string", "string"))
    .resourceType("string")
    .resourceTypeLists("string")
    .deleteUnusedFmManagedResources(false)
    .tags(Map.of("string", "string"))
    .build());

examplepolicy_resource_resource_from_fmspolicy = aws.fms.Policy("examplepolicyResourceResourceFromFmspolicy",
    exclude_resource_tags=False,
    security_service_policy_data={
        "type": "string",
        "managedServiceData": "string",
        "policyOption": {
            "networkFirewallPolicy": {
                "firewallDeploymentModel": "string",
            },
            "thirdPartyFirewallPolicy": {
                "firewallDeploymentModel": "string",
            },
        },
    },
    name="string",
    exclude_map={
        "accounts": ["string"],
        "orgunits": ["string"],
    },
    description="string",
    include_map={
        "accounts": ["string"],
        "orgunits": ["string"],
    },
    delete_all_policy_resources=False,
    remediation_enabled=False,
    resource_tags={
        "string": "string",
    },
    resource_type="string",
    resource_type_lists=["string"],
    delete_unused_fm_managed_resources=False,
    tags={
        "string": "string",
    })

const examplepolicyResourceResourceFromFmspolicy = new aws.fms.Policy("examplepolicyResourceResourceFromFmspolicy", {
    excludeResourceTags: false,
    securityServicePolicyData: {
        type: "string",
        managedServiceData: "string",
        policyOption: {
            networkFirewallPolicy: {
                firewallDeploymentModel: "string",
            },
            thirdPartyFirewallPolicy: {
                firewallDeploymentModel: "string",
            },
        },
    },
    name: "string",
    excludeMap: {
        accounts: ["string"],
        orgunits: ["string"],
    },
    description: "string",
    includeMap: {
        accounts: ["string"],
        orgunits: ["string"],
    },
    deleteAllPolicyResources: false,
    remediationEnabled: false,
    resourceTags: {
        string: "string",
    },
    resourceType: "string",
    resourceTypeLists: ["string"],
    deleteUnusedFmManagedResources: false,
    tags: {
        string: "string",
    },
});

type: aws:fms:Policy
properties:
    deleteAllPolicyResources: false
    deleteUnusedFmManagedResources: false
    description: string
    excludeMap:
        accounts:
            - string
        orgunits:
            - string
    excludeResourceTags: false
    includeMap:
        accounts:
            - string
        orgunits:
            - string
    name: string
    remediationEnabled: false
    resourceTags:
        string: string
    resourceType: string
    resourceTypeLists:
        - string
    securityServicePolicyData:
        managedServiceData: string
        policyOption:
            networkFirewallPolicy:
                firewallDeploymentModel: string
            thirdPartyFirewallPolicy:
                firewallDeploymentModel: string
        type: string
    tags:
        string: string

Policy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Policy resource accepts the following input properties:

ExcludeResourceTags bool: A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.
SecurityServicePolicyData PolicySecurityServicePolicyData: The objects to include in Security Service Policy Data. Documented below.
DeleteAllPolicyResources bool: If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy
DeleteUnusedFmManagedResources bool: If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to false. More information can be found here AWS Firewall Manager policy contents
Description string: The description of the AWS Network Firewall firewall policy.
ExcludeMap PolicyExcludeMap: A map of lists of accounts and OU's to exclude from the policy.
IncludeMap PolicyIncludeMap: A map of lists of accounts and OU's to include in the policy.
Name string: The friendly name of the AWS Firewall Manager Policy.
RemediationEnabled bool: A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
ResourceTags Dictionary<string, string>: A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
ResourceType string: A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.
ResourceTypeLists List<string>: A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead use resource_type.
Tags Dictionary<string, string>: Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level

ExcludeResourceTags bool: A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.
SecurityServicePolicyData PolicySecurityServicePolicyDataArgs: The objects to include in Security Service Policy Data. Documented below.
DeleteAllPolicyResources bool: If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy
DeleteUnusedFmManagedResources bool: If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to false. More information can be found here AWS Firewall Manager policy contents
Description string: The description of the AWS Network Firewall firewall policy.
ExcludeMap PolicyExcludeMapArgs: A map of lists of accounts and OU's to exclude from the policy.
IncludeMap PolicyIncludeMapArgs: A map of lists of accounts and OU's to include in the policy.
Name string: The friendly name of the AWS Firewall Manager Policy.
RemediationEnabled bool: A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
ResourceTags map[string]string: A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
ResourceType string: A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.
ResourceTypeLists []string: A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead use resource_type.
Tags map[string]string: Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level

excludeResourceTags Boolean: A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.
securityServicePolicyData PolicySecurityServicePolicyData: The objects to include in Security Service Policy Data. Documented below.
deleteAllPolicyResources Boolean: If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy
deleteUnusedFmManagedResources Boolean: If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to false. More information can be found here AWS Firewall Manager policy contents
description String: The description of the AWS Network Firewall firewall policy.
excludeMap PolicyExcludeMap: A map of lists of accounts and OU's to exclude from the policy.
includeMap PolicyIncludeMap: A map of lists of accounts and OU's to include in the policy.
name String: The friendly name of the AWS Firewall Manager Policy.
remediationEnabled Boolean: A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
resourceTags Map<String,String>: A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
resourceType String: A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.
resourceTypeLists List<String>: A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead use resource_type.
tags Map<String,String>: Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level

excludeResourceTags boolean: A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.
securityServicePolicyData PolicySecurityServicePolicyData: The objects to include in Security Service Policy Data. Documented below.
deleteAllPolicyResources boolean: If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy
deleteUnusedFmManagedResources boolean: If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to false. More information can be found here AWS Firewall Manager policy contents
description string: The description of the AWS Network Firewall firewall policy.
excludeMap PolicyExcludeMap: A map of lists of accounts and OU's to exclude from the policy.
includeMap PolicyIncludeMap: A map of lists of accounts and OU's to include in the policy.
name string: The friendly name of the AWS Firewall Manager Policy.
remediationEnabled boolean: A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
resourceTags {[key: string]: string}: A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
resourceType string: A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.
resourceTypeLists string[]: A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead use resource_type.
tags {[key: string]: string}: Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level

exclude_resource_tags bool: A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.
security_service_policy_data PolicySecurityServicePolicyDataArgs: The objects to include in Security Service Policy Data. Documented below.
delete_all_policy_resources bool: If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy
delete_unused_fm_managed_resources bool: If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to false. More information can be found here AWS Firewall Manager policy contents
description str: The description of the AWS Network Firewall firewall policy.
exclude_map PolicyExcludeMapArgs: A map of lists of accounts and OU's to exclude from the policy.
include_map PolicyIncludeMapArgs: A map of lists of accounts and OU's to include in the policy.
name str: The friendly name of the AWS Firewall Manager Policy.
remediation_enabled bool: A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
resource_tags Mapping[str, str]: A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
resource_type str: A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.
resource_type_lists Sequence[str]: A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead use resource_type.
tags Mapping[str, str]: Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level

excludeResourceTags Boolean: A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.
securityServicePolicyData Property Map: The objects to include in Security Service Policy Data. Documented below.
deleteAllPolicyResources Boolean: If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy
deleteUnusedFmManagedResources Boolean: If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to false. More information can be found here AWS Firewall Manager policy contents
description String: The description of the AWS Network Firewall firewall policy.
excludeMap Property Map: A map of lists of accounts and OU's to exclude from the policy.
includeMap Property Map: A map of lists of accounts and OU's to include in the policy.
name String: The friendly name of the AWS Firewall Manager Policy.
remediationEnabled Boolean: A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
resourceTags Map<String>: A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
resourceType String: A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.
resourceTypeLists List<String>: A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead use resource_type.
tags Map<String>: Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level

Outputs

All input properties are implicitly available as output properties. Additionally, the Policy resource produces the following output properties:

Arn string
Id string: The provider-assigned unique ID for this managed resource.
PolicyUpdateToken string: A unique identifier for each update to the policy.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Arn string
Id string: The provider-assigned unique ID for this managed resource.
PolicyUpdateToken string: A unique identifier for each update to the policy.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String
id String: The provider-assigned unique ID for this managed resource.
policyUpdateToken String: A unique identifier for each update to the policy.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn string
id string: The provider-assigned unique ID for this managed resource.
policyUpdateToken string: A unique identifier for each update to the policy.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn str
id str: The provider-assigned unique ID for this managed resource.
policy_update_token str: A unique identifier for each update to the policy.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String
id String: The provider-assigned unique ID for this managed resource.
policyUpdateToken String: A unique identifier for each update to the policy.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Look up Existing Policy Resource

Get an existing Policy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PolicyState, opts?: CustomResourceOptions): Policy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        delete_all_policy_resources: Optional[bool] = None,
        delete_unused_fm_managed_resources: Optional[bool] = None,
        description: Optional[str] = None,
        exclude_map: Optional[PolicyExcludeMapArgs] = None,
        exclude_resource_tags: Optional[bool] = None,
        include_map: Optional[PolicyIncludeMapArgs] = None,
        name: Optional[str] = None,
        policy_update_token: Optional[str] = None,
        remediation_enabled: Optional[bool] = None,
        resource_tags: Optional[Mapping[str, str]] = None,
        resource_type: Optional[str] = None,
        resource_type_lists: Optional[Sequence[str]] = None,
        security_service_policy_data: Optional[PolicySecurityServicePolicyDataArgs] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None) -> Policy

func GetPolicy(ctx *Context, name string, id IDInput, state *PolicyState, opts ...ResourceOption) (*Policy, error)

public static Policy Get(string name, Input<string> id, PolicyState? state, CustomResourceOptions? opts = null)

public static Policy get(String name, Output<String> id, PolicyState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string
DeleteAllPolicyResources bool: If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy
DeleteUnusedFmManagedResources bool: If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to false. More information can be found here AWS Firewall Manager policy contents
Description string: The description of the AWS Network Firewall firewall policy.
ExcludeMap PolicyExcludeMap: A map of lists of accounts and OU's to exclude from the policy.
ExcludeResourceTags bool: A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.
IncludeMap PolicyIncludeMap: A map of lists of accounts and OU's to include in the policy.
Name string: The friendly name of the AWS Firewall Manager Policy.
PolicyUpdateToken string: A unique identifier for each update to the policy.
RemediationEnabled bool: A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
ResourceTags Dictionary<string, string>: A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
ResourceType string: A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.
ResourceTypeLists List<string>: A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead use resource_type.
SecurityServicePolicyData PolicySecurityServicePolicyData: The objects to include in Security Service Policy Data. Documented below.
Tags Dictionary<string, string>: Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Arn string
DeleteAllPolicyResources bool: If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy
DeleteUnusedFmManagedResources bool: If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to false. More information can be found here AWS Firewall Manager policy contents
Description string: The description of the AWS Network Firewall firewall policy.
ExcludeMap PolicyExcludeMapArgs: A map of lists of accounts and OU's to exclude from the policy.
ExcludeResourceTags bool: A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.
IncludeMap PolicyIncludeMapArgs: A map of lists of accounts and OU's to include in the policy.
Name string: The friendly name of the AWS Firewall Manager Policy.
PolicyUpdateToken string: A unique identifier for each update to the policy.
RemediationEnabled bool: A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
ResourceTags map[string]string: A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
ResourceType string: A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.
ResourceTypeLists []string: A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead use resource_type.
SecurityServicePolicyData PolicySecurityServicePolicyDataArgs: The objects to include in Security Service Policy Data. Documented below.
Tags map[string]string: Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String
deleteAllPolicyResources Boolean: If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy
deleteUnusedFmManagedResources Boolean: If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to false. More information can be found here AWS Firewall Manager policy contents
description String: The description of the AWS Network Firewall firewall policy.
excludeMap PolicyExcludeMap: A map of lists of accounts and OU's to exclude from the policy.
excludeResourceTags Boolean: A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.
includeMap PolicyIncludeMap: A map of lists of accounts and OU's to include in the policy.
name String: The friendly name of the AWS Firewall Manager Policy.
policyUpdateToken String: A unique identifier for each update to the policy.
remediationEnabled Boolean: A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
resourceTags Map<String,String>: A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
resourceType String: A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.
resourceTypeLists List<String>: A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead use resource_type.
securityServicePolicyData PolicySecurityServicePolicyData: The objects to include in Security Service Policy Data. Documented below.
tags Map<String,String>: Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn string
deleteAllPolicyResources boolean: If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy
deleteUnusedFmManagedResources boolean: If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to false. More information can be found here AWS Firewall Manager policy contents
description string: The description of the AWS Network Firewall firewall policy.
excludeMap PolicyExcludeMap: A map of lists of accounts and OU's to exclude from the policy.
excludeResourceTags boolean: A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.
includeMap PolicyIncludeMap: A map of lists of accounts and OU's to include in the policy.
name string: The friendly name of the AWS Firewall Manager Policy.
policyUpdateToken string: A unique identifier for each update to the policy.
remediationEnabled boolean: A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
resourceTags {[key: string]: string}: A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
resourceType string: A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.
resourceTypeLists string[]: A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead use resource_type.
securityServicePolicyData PolicySecurityServicePolicyData: The objects to include in Security Service Policy Data. Documented below.
tags {[key: string]: string}: Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn str
delete_all_policy_resources bool: If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy
delete_unused_fm_managed_resources bool: If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to false. More information can be found here AWS Firewall Manager policy contents
description str: The description of the AWS Network Firewall firewall policy.
exclude_map PolicyExcludeMapArgs: A map of lists of accounts and OU's to exclude from the policy.
exclude_resource_tags bool: A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.
include_map PolicyIncludeMapArgs: A map of lists of accounts and OU's to include in the policy.
name str: The friendly name of the AWS Firewall Manager Policy.
policy_update_token str: A unique identifier for each update to the policy.
remediation_enabled bool: A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
resource_tags Mapping[str, str]: A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
resource_type str: A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.
resource_type_lists Sequence[str]: A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead use resource_type.
security_service_policy_data PolicySecurityServicePolicyDataArgs: The objects to include in Security Service Policy Data. Documented below.
tags Mapping[str, str]: Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

arn String
deleteAllPolicyResources Boolean: If true, the request will also perform a clean-up process. Defaults to true. More information can be found here AWS Firewall Manager delete policy
deleteUnusedFmManagedResources Boolean: If true, Firewall Manager will automatically remove protections from resources that leave the policy scope. Defaults to false. More information can be found here AWS Firewall Manager policy contents
description String: The description of the AWS Network Firewall firewall policy.
excludeMap Property Map: A map of lists of accounts and OU's to exclude from the policy.
excludeResourceTags Boolean: A boolean value, if true the tags that are specified in the resource_tags are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.
includeMap Property Map: A map of lists of accounts and OU's to include in the policy.
name String: The friendly name of the AWS Firewall Manager Policy.
policyUpdateToken String: A unique identifier for each update to the policy.
remediationEnabled Boolean: A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.
resourceTags Map<String>: A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.
resourceType String: A resource type to protect. Conflicts with resource_type_list. See the FMS API Reference for more information about supported values.
resourceTypeLists List<String>: A list of resource types to protect. Conflicts with resource_type. See the FMS API Reference for more information about supported values. Lists with only one element are not supported, instead use resource_type.
securityServicePolicyData Property Map: The objects to include in Security Service Policy Data. Documented below.
tags Map<String>: Key-value mapping of resource tags. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.