# Actions
The following actions are supported:
+ [AssociateAdminAccount](API_AssociateAdminAccount.md)
+ [AssociateThirdPartyFirewall](API_AssociateThirdPartyFirewall.md)
+ [BatchAssociateResource](API_BatchAssociateResource.md)
+ [BatchDisassociateResource](API_BatchDisassociateResource.md)
+ [DeleteAppsList](API_DeleteAppsList.md)
+ [DeleteNotificationChannel](API_DeleteNotificationChannel.md)
+ [DeletePolicy](API_DeletePolicy.md)
+ [DeleteProtocolsList](API_DeleteProtocolsList.md)
+ [DeleteResourceSet](API_DeleteResourceSet.md)
+ [DisassociateAdminAccount](API_DisassociateAdminAccount.md)
+ [DisassociateThirdPartyFirewall](API_DisassociateThirdPartyFirewall.md)
+ [GetAdminAccount](API_GetAdminAccount.md)
+ [GetAdminScope](API_GetAdminScope.md)
+ [GetAppsList](API_GetAppsList.md)
+ [GetComplianceDetail](API_GetComplianceDetail.md)
+ [GetNotificationChannel](API_GetNotificationChannel.md)
+ [GetPolicy](API_GetPolicy.md)
+ [GetProtectionStatus](API_GetProtectionStatus.md)
+ [GetProtocolsList](API_GetProtocolsList.md)
+ [GetResourceSet](API_GetResourceSet.md)
+ [GetThirdPartyFirewallAssociationStatus](API_GetThirdPartyFirewallAssociationStatus.md)
+ [GetViolationDetails](API_GetViolationDetails.md)
+ [ListAdminAccountsForOrganization](API_ListAdminAccountsForOrganization.md)
+ [ListAdminsManagingAccount](API_ListAdminsManagingAccount.md)
+ [ListAppsLists](API_ListAppsLists.md)
+ [ListComplianceStatus](API_ListComplianceStatus.md)
+ [ListDiscoveredResources](API_ListDiscoveredResources.md)
+ [ListMemberAccounts](API_ListMemberAccounts.md)
+ [ListPolicies](API_ListPolicies.md)
+ [ListProtocolsLists](API_ListProtocolsLists.md)
+ [ListResourceSetResources](API_ListResourceSetResources.md)
+ [ListResourceSets](API_ListResourceSets.md)
+ [ListTagsForResource](API_ListTagsForResource.md)
+ [ListThirdPartyFirewallFirewallPolicies](API_ListThirdPartyFirewallFirewallPolicies.md)
+ [PutAdminAccount](API_PutAdminAccount.md)
+ [PutAppsList](API_PutAppsList.md)
+ [PutNotificationChannel](API_PutNotificationChannel.md)
+ [PutPolicy](API_PutPolicy.md)
+ [PutProtocolsList](API_PutProtocolsList.md)
+ [PutResourceSet](API_PutResourceSet.md)
+ [TagResource](API_TagResource.md)
+ [UntagResource](API_UntagResource.md)
# AssociateAdminAccount
Sets a AWS Firewall Manager default administrator account. The Firewall Manager default administrator account can manage third-party firewalls and has full administrative scope that allows administration of all policy types, accounts, organizational units, and Regions. This account must be a member account of the organization in AWS Organizations whose resources you want to protect.
For information about working with Firewall Manager administrator accounts, see [Managing Firewall Manager administrators](https://docs.aws.amazon.com/organizations/latest/userguide/fms-administrators.html) in the *Firewall Manager Developer Guide*.
## Request Syntax
```
{
"AdminAccount": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [AdminAccount](#API_AssociateAdminAccount_RequestSyntax) **
The AWS account ID to associate with AWS Firewall Manager as the AWS Firewall Manager default administrator account. This account must be a member account of the organization in AWS Organizations whose resources you want to protect. For more information about AWS Organizations, see [Managing the AWS Accounts in Your Organization](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts.html).
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^[0-9]+$`
Required: Yes
## Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** LimitExceededException **
The operation exceeds a resource limit, for example, the maximum number of `policy` objects that you can create for an AWS account. For more information, see [Firewall Manager Limits](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/AssociateAdminAccount)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/AssociateAdminAccount)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/AssociateAdminAccount)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/AssociateAdminAccount)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/AssociateAdminAccount)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/AssociateAdminAccount)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/AssociateAdminAccount)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/AssociateAdminAccount)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/AssociateAdminAccount)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/AssociateAdminAccount)
# AssociateThirdPartyFirewall
Sets the Firewall Manager policy administrator as a tenant administrator of a third-party firewall service. A tenant is an instance of the third-party firewall service that's associated with your AWS customer account.
## Request Syntax
```
{
"ThirdPartyFirewall": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [ThirdPartyFirewall](#API_AssociateThirdPartyFirewall_RequestSyntax) **
The name of the third-party firewall vendor.
Type: String
Valid Values: `PALO_ALTO_NETWORKS_CLOUD_NGFW | FORTIGATE_CLOUD_NATIVE_FIREWALL`
Required: Yes
## Response Syntax
```
{
"ThirdPartyFirewallStatus": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [ThirdPartyFirewallStatus](#API_AssociateThirdPartyFirewall_ResponseSyntax) **
The current status for setting a Firewall Manager policy administrator's account as an administrator of the third-party firewall tenant.
+ `ONBOARDING` - The Firewall Manager policy administrator is being designated as a tenant administrator.
+ `ONBOARD_COMPLETE` - The Firewall Manager policy administrator is designated as a tenant administrator.
+ `OFFBOARDING` - The Firewall Manager policy administrator is being removed as a tenant administrator.
+ `OFFBOARD_COMPLETE` - The Firewall Manager policy administrator has been removed as a tenant administrator.
+ `NOT_EXIST` - The Firewall Manager policy administrator doesn't exist as a tenant administrator.
Type: String
Valid Values: `ONBOARDING | ONBOARD_COMPLETE | OFFBOARDING | OFFBOARD_COMPLETE | NOT_EXIST`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/AssociateThirdPartyFirewall)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/AssociateThirdPartyFirewall)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/AssociateThirdPartyFirewall)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/AssociateThirdPartyFirewall)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/AssociateThirdPartyFirewall)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/AssociateThirdPartyFirewall)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/AssociateThirdPartyFirewall)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/AssociateThirdPartyFirewall)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/AssociateThirdPartyFirewall)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/AssociateThirdPartyFirewall)
# BatchAssociateResource
Associate resources to a Firewall Manager resource set.
## Request Syntax
```
{
"Items": [ "string" ],
"ResourceSetIdentifier": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [Items](#API_BatchAssociateResource_RequestSyntax) **
The uniform resource identifiers (URIs) of resources that should be associated to the resource set. The URIs must be Amazon Resource Names (ARNs).
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
** [ResourceSetIdentifier](#API_BatchAssociateResource_RequestSyntax) **
A unique identifier for the resource set, used in a request to refer to the resource set.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
## Response Syntax
```
{
"FailedItems": [
{
"Reason": "string",
"URI": "string"
}
],
"ResourceSetIdentifier": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [FailedItems](#API_BatchAssociateResource_ResponseSyntax) **
The resources that failed to associate to the resource set.
Type: Array of [FailedItem](API_FailedItem.md) objects
** [ResourceSetIdentifier](#API_BatchAssociateResource_ResponseSyntax) **
A unique identifier for the resource set, used in a request to refer to the resource set.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** LimitExceededException **
The operation exceeds a resource limit, for example, the maximum number of `policy` objects that you can create for an AWS account. For more information, see [Firewall Manager Limits](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/BatchAssociateResource)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/BatchAssociateResource)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/BatchAssociateResource)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/BatchAssociateResource)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/BatchAssociateResource)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/BatchAssociateResource)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/BatchAssociateResource)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/BatchAssociateResource)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/BatchAssociateResource)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/BatchAssociateResource)
# BatchDisassociateResource
Disassociates resources from a Firewall Manager resource set.
## Request Syntax
```
{
"Items": [ "string" ],
"ResourceSetIdentifier": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [Items](#API_BatchDisassociateResource_RequestSyntax) **
The uniform resource identifiers (URI) of resources that should be disassociated from the resource set. The URIs must be Amazon Resource Names (ARNs).
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
** [ResourceSetIdentifier](#API_BatchDisassociateResource_RequestSyntax) **
A unique identifier for the resource set, used in a request to refer to the resource set.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
## Response Syntax
```
{
"FailedItems": [
{
"Reason": "string",
"URI": "string"
}
],
"ResourceSetIdentifier": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [FailedItems](#API_BatchDisassociateResource_ResponseSyntax) **
The resources that failed to disassociate from the resource set.
Type: Array of [FailedItem](API_FailedItem.md) objects
** [ResourceSetIdentifier](#API_BatchDisassociateResource_ResponseSyntax) **
A unique identifier for the resource set, used in a request to refer to the resource set.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/BatchDisassociateResource)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/BatchDisassociateResource)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/BatchDisassociateResource)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/BatchDisassociateResource)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/BatchDisassociateResource)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/BatchDisassociateResource)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/BatchDisassociateResource)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/BatchDisassociateResource)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/BatchDisassociateResource)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/BatchDisassociateResource)
# DeleteAppsList
Permanently deletes an AWS Firewall Manager applications list.
## Request Syntax
```
{
"ListId": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [ListId](#API_DeleteAppsList_RequestSyntax) **
The ID of the applications list that you want to delete. You can retrieve this ID from `PutAppsList`, `ListAppsLists`, and `GetAppsList`.
Type: String
Length Constraints: Fixed length of 36.
Pattern: `^[a-z0-9A-Z-]{36}$`
Required: Yes
## Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/DeleteAppsList)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/DeleteAppsList)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/DeleteAppsList)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/DeleteAppsList)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/DeleteAppsList)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/DeleteAppsList)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/DeleteAppsList)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/DeleteAppsList)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/DeleteAppsList)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/DeleteAppsList)
# DeleteNotificationChannel
Deletes an AWS Firewall Manager association with the IAM role and the Amazon Simple Notification Service (SNS) topic that is used to record AWS Firewall Manager SNS logs.
## Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/DeleteNotificationChannel)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/DeleteNotificationChannel)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/DeleteNotificationChannel)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/DeleteNotificationChannel)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/DeleteNotificationChannel)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/DeleteNotificationChannel)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/DeleteNotificationChannel)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/DeleteNotificationChannel)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/DeleteNotificationChannel)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/DeleteNotificationChannel)
# DeletePolicy
Permanently deletes an AWS Firewall Manager policy.
## Request Syntax
```
{
"DeleteAllPolicyResources": boolean,
"PolicyId": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [DeleteAllPolicyResources](#API_DeletePolicy_RequestSyntax) **
When set to `True`, the request performs cleanup according to the policy type.
For AWS WAF and Shield Advanced policies, the cleanup performs these actions:
+ Removes rule groups created by AWS Firewall Manager
+ Removes web ACLs from in-scope resources
+ Removes web ACLs that contain no rules or rule groups
For AWS WAF and Shield Advanced policies, Firewall Manager removes Firewall Manager generated web ACLs that are not associated with any resources, even if `DeleteAllPolicyResources` is set to `False`.
For security group policies, the cleanup performs these actions for each security group in the policy:
+ Disassociates the security group from in-scope resources
+ Removes the security group if it was created through Firewall Manager and if it's no longer associated with any resources through another policy
For security group common policies, Firewall Manager removes all Firewall Manager generated security groups that aren't associated with any other resources through another policy, even if `DeleteAllPolicyResources` is set to `False`.
After the cleanup, in-scope resources are no longer protected by web ACLs in this policy. Protection of out-of-scope resources remains unchanged. Scope is determined by tags that you create and accounts that you associate with the policy. When creating the policy, if you specify that only resources in specific accounts or with specific tags are in scope of the policy, those accounts and resources are handled by the policy. All others are out of scope. If you don't specify tags or accounts, all resources are in scope.
Type: Boolean
Required: No
** [PolicyId](#API_DeletePolicy_RequestSyntax) **
The ID of the policy that you want to delete. You can retrieve this ID from `PutPolicy` and `ListPolicies`.
Type: String
Length Constraints: Fixed length of 36.
Pattern: `^[a-z0-9A-Z-]{36}$`
Required: Yes
## Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** LimitExceededException **
The operation exceeds a resource limit, for example, the maximum number of `policy` objects that you can create for an AWS account. For more information, see [Firewall Manager Limits](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/DeletePolicy)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/DeletePolicy)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/DeletePolicy)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/DeletePolicy)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/DeletePolicy)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/DeletePolicy)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/DeletePolicy)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/DeletePolicy)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/DeletePolicy)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/DeletePolicy)
# DeleteProtocolsList
Permanently deletes an AWS Firewall Manager protocols list.
## Request Syntax
```
{
"ListId": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [ListId](#API_DeleteProtocolsList_RequestSyntax) **
The ID of the protocols list that you want to delete. You can retrieve this ID from `PutProtocolsList`, `ListProtocolsLists`, and `GetProtocolsLost`.
Type: String
Length Constraints: Fixed length of 36.
Pattern: `^[a-z0-9A-Z-]{36}$`
Required: Yes
## Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/DeleteProtocolsList)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/DeleteProtocolsList)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/DeleteProtocolsList)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/DeleteProtocolsList)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/DeleteProtocolsList)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/DeleteProtocolsList)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/DeleteProtocolsList)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/DeleteProtocolsList)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/DeleteProtocolsList)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/DeleteProtocolsList)
# DeleteResourceSet
Deletes the specified [ResourceSet](API_ResourceSet.md).
## Request Syntax
```
{
"Identifier": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [Identifier](#API_DeleteResourceSet_RequestSyntax) **
A unique identifier for the resource set, used in a request to refer to the resource set.
Type: String
Length Constraints: Fixed length of 22.
Pattern: `^[a-z0-9A-Z]{22}$`
Required: Yes
## Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/DeleteResourceSet)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/DeleteResourceSet)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/DeleteResourceSet)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/DeleteResourceSet)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/DeleteResourceSet)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/DeleteResourceSet)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/DeleteResourceSet)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/DeleteResourceSet)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/DeleteResourceSet)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/DeleteResourceSet)
# DisassociateAdminAccount
Disassociates an AWS Firewall Manager administrator account. To set a different account as an Firewall Manager administrator, submit a [PutAdminAccount](API_PutAdminAccount.md) request. To set an account as a default administrator account, you must submit an [AssociateAdminAccount](API_AssociateAdminAccount.md) request.
Disassociation of the default administrator account follows the first in, last out principle. If you are the default administrator, all Firewall Manager administrators within the organization must first disassociate their accounts before you can disassociate your account.
## Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/DisassociateAdminAccount)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/DisassociateAdminAccount)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/DisassociateAdminAccount)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/DisassociateAdminAccount)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/DisassociateAdminAccount)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/DisassociateAdminAccount)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/DisassociateAdminAccount)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/DisassociateAdminAccount)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/DisassociateAdminAccount)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/DisassociateAdminAccount)
# DisassociateThirdPartyFirewall
Disassociates a Firewall Manager policy administrator from a third-party firewall tenant. When you call `DisassociateThirdPartyFirewall`, the third-party firewall vendor deletes all of the firewalls that are associated with the account.
## Request Syntax
```
{
"ThirdPartyFirewall": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [ThirdPartyFirewall](#API_DisassociateThirdPartyFirewall_RequestSyntax) **
The name of the third-party firewall vendor.
Type: String
Valid Values: `PALO_ALTO_NETWORKS_CLOUD_NGFW | FORTIGATE_CLOUD_NATIVE_FIREWALL`
Required: Yes
## Response Syntax
```
{
"ThirdPartyFirewallStatus": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [ThirdPartyFirewallStatus](#API_DisassociateThirdPartyFirewall_ResponseSyntax) **
The current status for the disassociation of a Firewall Manager administrators account with a third-party firewall.
Type: String
Valid Values: `ONBOARDING | ONBOARD_COMPLETE | OFFBOARDING | OFFBOARD_COMPLETE | NOT_EXIST`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/DisassociateThirdPartyFirewall)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/DisassociateThirdPartyFirewall)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/DisassociateThirdPartyFirewall)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/DisassociateThirdPartyFirewall)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/DisassociateThirdPartyFirewall)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/DisassociateThirdPartyFirewall)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/DisassociateThirdPartyFirewall)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/DisassociateThirdPartyFirewall)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/DisassociateThirdPartyFirewall)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/DisassociateThirdPartyFirewall)
# GetAdminAccount
Returns the AWS Organizations account that is associated with AWS Firewall Manager as the AWS Firewall Manager default administrator.
## Response Syntax
```
{
"AdminAccount": "string",
"RoleStatus": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [AdminAccount](#API_GetAdminAccount_ResponseSyntax) **
The account that is set as the AWS Firewall Manager default administrator.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^[0-9]+$`
** [RoleStatus](#API_GetAdminAccount_ResponseSyntax) **
The status of the account that you set as the AWS Firewall Manager default administrator.
Type: String
Valid Values: `READY | CREATING | PENDING_DELETION | DELETING | DELETED`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/GetAdminAccount)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/GetAdminAccount)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/GetAdminAccount)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/GetAdminAccount)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/GetAdminAccount)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/GetAdminAccount)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/GetAdminAccount)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/GetAdminAccount)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/GetAdminAccount)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/GetAdminAccount)
# GetAdminScope
Returns information about the specified account's administrative scope. The administrative scope defines the resources that an Firewall Manager administrator can manage.
## Request Syntax
```
{
"AdminAccount": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [AdminAccount](#API_GetAdminScope_RequestSyntax) **
The administrator account that you want to get the details for.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^[0-9]+$`
Required: Yes
## Response Syntax
```
{
"AdminScope": {
"AccountScope": {
"Accounts": [ "string" ],
"AllAccountsEnabled": boolean,
"ExcludeSpecifiedAccounts": boolean
},
"OrganizationalUnitScope": {
"AllOrganizationalUnitsEnabled": boolean,
"ExcludeSpecifiedOrganizationalUnits": boolean,
"OrganizationalUnits": [ "string" ]
},
"PolicyTypeScope": {
"AllPolicyTypesEnabled": boolean,
"PolicyTypes": [ "string" ]
},
"RegionScope": {
"AllRegionsEnabled": boolean,
"Regions": [ "string" ]
}
},
"Status": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [AdminScope](#API_GetAdminScope_ResponseSyntax) **
Contains details about the administrative scope of the requested account.
Type: [AdminScope](API_AdminScope.md) object
** [Status](#API_GetAdminScope_ResponseSyntax) **
The current status of the request to onboard a member account as an Firewall Manager administrator.
+ `ONBOARDING` - The account is onboarding to Firewall Manager as an administrator.
+ `ONBOARDING_COMPLETE` - Firewall Manager The account is onboarded to Firewall Manager as an administrator, and can perform actions on the resources defined in their [AdminScope](API_AdminScope.md).
+ `OFFBOARDING` - The account is being removed as an Firewall Manager administrator.
+ `OFFBOARDING_COMPLETE` - The account has been removed as an Firewall Manager administrator.
Type: String
Valid Values: `ONBOARDING | ONBOARDING_COMPLETE | OFFBOARDING | OFFBOARDING_COMPLETE`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** LimitExceededException **
The operation exceeds a resource limit, for example, the maximum number of `policy` objects that you can create for an AWS account. For more information, see [Firewall Manager Limits](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/GetAdminScope)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/GetAdminScope)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/GetAdminScope)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/GetAdminScope)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/GetAdminScope)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/GetAdminScope)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/GetAdminScope)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/GetAdminScope)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/GetAdminScope)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/GetAdminScope)
# GetAppsList
Returns information about the specified AWS Firewall Manager applications list.
## Request Syntax
```
{
"DefaultList": boolean,
"ListId": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [DefaultList](#API_GetAppsList_RequestSyntax) **
Specifies whether the list to retrieve is a default list owned by AWS Firewall Manager.
Type: Boolean
Required: No
** [ListId](#API_GetAppsList_RequestSyntax) **
The ID of the AWS Firewall Manager applications list that you want the details for.
Type: String
Length Constraints: Fixed length of 36.
Pattern: `^[a-z0-9A-Z-]{36}$`
Required: Yes
## Response Syntax
```
{
"AppsList": {
"AppsList": [
{
"AppName": "string",
"Port": number,
"Protocol": "string"
}
],
"CreateTime": number,
"LastUpdateTime": number,
"ListId": "string",
"ListName": "string",
"ListUpdateToken": "string",
"PreviousAppsList": {
"string" : [
{
"AppName": "string",
"Port": number,
"Protocol": "string"
}
]
}
},
"AppsListArn": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [AppsList](#API_GetAppsList_ResponseSyntax) **
Information about the specified AWS Firewall Manager applications list.
Type: [AppsListData](API_AppsListData.md) object
** [AppsListArn](#API_GetAppsList_ResponseSyntax) **
The Amazon Resource Name (ARN) of the applications list.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/GetAppsList)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/GetAppsList)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/GetAppsList)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/GetAppsList)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/GetAppsList)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/GetAppsList)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/GetAppsList)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/GetAppsList)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/GetAppsList)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/GetAppsList)
# GetComplianceDetail
Returns detailed compliance information about the specified member account. Details include resources that are in and out of compliance with the specified policy.
The reasons for resources being considered compliant depend on the Firewall Manager policy type.
## Request Syntax
```
{
"MemberAccount": "string",
"PolicyId": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [MemberAccount](#API_GetComplianceDetail_RequestSyntax) **
The AWS account that owns the resources that you want to get the details for.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^[0-9]+$`
Required: Yes
** [PolicyId](#API_GetComplianceDetail_RequestSyntax) **
The ID of the policy that you want to get the details for. `PolicyId` is returned by `PutPolicy` and by `ListPolicies`.
Type: String
Length Constraints: Fixed length of 36.
Pattern: `^[a-z0-9A-Z-]{36}$`
Required: Yes
## Response Syntax
```
{
"PolicyComplianceDetail": {
"EvaluationLimitExceeded": boolean,
"ExpiredAt": number,
"IssueInfoMap": {
"string" : "string"
},
"MemberAccount": "string",
"PolicyId": "string",
"PolicyOwner": "string",
"Violators": [
{
"Metadata": {
"string" : "string"
},
"ResourceId": "string",
"ResourceType": "string",
"ViolationReason": "string"
}
]
}
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [PolicyComplianceDetail](#API_GetComplianceDetail_ResponseSyntax) **
Information about the resources and the policy that you specified in the `GetComplianceDetail` request.
Type: [PolicyComplianceDetail](API_PolicyComplianceDetail.md) object
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/GetComplianceDetail)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/GetComplianceDetail)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/GetComplianceDetail)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/GetComplianceDetail)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/GetComplianceDetail)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/GetComplianceDetail)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/GetComplianceDetail)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/GetComplianceDetail)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/GetComplianceDetail)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/GetComplianceDetail)
# GetNotificationChannel
Information about the Amazon Simple Notification Service (SNS) topic that is used to record AWS Firewall Manager SNS logs.
## Response Syntax
```
{
"SnsRoleName": "string",
"SnsTopicArn": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [SnsRoleName](#API_GetNotificationChannel_ResponseSyntax) **
The IAM role that is used by AWS Firewall Manager to record activity to SNS.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
** [SnsTopicArn](#API_GetNotificationChannel_ResponseSyntax) **
The SNS topic that records AWS Firewall Manager activity.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/GetNotificationChannel)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/GetNotificationChannel)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/GetNotificationChannel)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/GetNotificationChannel)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/GetNotificationChannel)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/GetNotificationChannel)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/GetNotificationChannel)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/GetNotificationChannel)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/GetNotificationChannel)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/GetNotificationChannel)
# GetPolicy
Returns information about the specified AWS Firewall Manager policy.
## Request Syntax
```
{
"PolicyId": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [PolicyId](#API_GetPolicy_RequestSyntax) **
The ID of the AWS Firewall Manager policy that you want the details for.
Type: String
Length Constraints: Fixed length of 36.
Pattern: `^[a-z0-9A-Z-]{36}$`
Required: Yes
## Response Syntax
```
{
"Policy": {
"DeleteUnusedFMManagedResources": boolean,
"ExcludeMap": {
"string" : [ "string" ]
},
"ExcludeResourceTags": boolean,
"IncludeMap": {
"string" : [ "string" ]
},
"PolicyDescription": "string",
"PolicyId": "string",
"PolicyName": "string",
"PolicyStatus": "string",
"PolicyUpdateToken": "string",
"RemediationEnabled": boolean,
"ResourceSetIds": [ "string" ],
"ResourceTagLogicalOperator": "string",
"ResourceTags": [
{
"Key": "string",
"Value": "string"
}
],
"ResourceType": "string",
"ResourceTypeList": [ "string" ],
"SecurityServicePolicyData": {
"ManagedServiceData": "string",
"PolicyOption": {
"NetworkAclCommonPolicy": {
"NetworkAclEntrySet": {
"FirstEntries": [
{
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string"
}
],
"ForceRemediateForFirstEntries": boolean,
"ForceRemediateForLastEntries": boolean,
"LastEntries": [
{
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string"
}
]
}
},
"NetworkFirewallPolicy": {
"FirewallDeploymentModel": "string"
},
"ThirdPartyFirewallPolicy": {
"FirewallDeploymentModel": "string"
}
},
"Type": "string"
}
},
"PolicyArn": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [Policy](#API_GetPolicy_ResponseSyntax) **
Information about the specified AWS Firewall Manager policy.
Type: [Policy](API_Policy.md) object
** [PolicyArn](#API_GetPolicy_ResponseSyntax) **
The Amazon Resource Name (ARN) of the specified policy.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** InvalidTypeException **
The value of the `Type` parameter is invalid.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/GetPolicy)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/GetPolicy)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/GetPolicy)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/GetPolicy)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/GetPolicy)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/GetPolicy)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/GetPolicy)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/GetPolicy)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/GetPolicy)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/GetPolicy)
# GetProtectionStatus
If you created a Shield Advanced policy, returns policy-level attack summary information in the event of a potential DDoS attack. Other policy types are currently unsupported.
## Request Syntax
```
{
"EndTime": number,
"MaxResults": number,
"MemberAccountId": "string",
"NextToken": "string",
"PolicyId": "string",
"StartTime": number
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [EndTime](#API_GetProtectionStatus_RequestSyntax) **
The end of the time period to query for the attacks. This is a `timestamp` type. The request syntax listing indicates a `number` type because the default used by AWS Firewall Manager is Unix time in seconds. However, any valid `timestamp` format is allowed.
Type: Timestamp
Required: No
** [MaxResults](#API_GetProtectionStatus_RequestSyntax) **
Specifies the number of objects that you want AWS Firewall Manager to return for this request. If you have more objects than the number that you specify for `MaxResults`, the response includes a `NextToken` value that you can use to get another batch of objects.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: No
** [MemberAccountId](#API_GetProtectionStatus_RequestSyntax) **
The AWS account that is in scope of the policy that you want to get the details for.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^[0-9]+$`
Required: No
** [NextToken](#API_GetProtectionStatus_RequestSyntax) **
If you specify a value for `MaxResults` and you have more objects than the number that you specify for `MaxResults`, AWS Firewall Manager returns a `NextToken` value in the response, which you can use to retrieve another group of objects. For the second and subsequent `GetProtectionStatus` requests, specify the value of `NextToken` from the previous response to get information about another batch of objects.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: No
** [PolicyId](#API_GetProtectionStatus_RequestSyntax) **
The ID of the policy for which you want to get the attack information.
Type: String
Length Constraints: Fixed length of 36.
Pattern: `^[a-z0-9A-Z-]{36}$`
Required: Yes
** [StartTime](#API_GetProtectionStatus_RequestSyntax) **
The start of the time period to query for the attacks. This is a `timestamp` type. The request syntax listing indicates a `number` type because the default used by AWS Firewall Manager is Unix time in seconds. However, any valid `timestamp` format is allowed.
Type: Timestamp
Required: No
## Response Syntax
```
{
"AdminAccountId": "string",
"Data": "string",
"NextToken": "string",
"ServiceType": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [AdminAccountId](#API_GetProtectionStatus_ResponseSyntax) **
The ID of the AWS Firewall Manager administrator account for this policy.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^[0-9]+$`
** [Data](#API_GetProtectionStatus_ResponseSyntax) **
Details about the attack, including the following:
+ Attack type
+ Account ID
+ ARN of the resource attacked
+ Start time of the attack
+ End time of the attack (ongoing attacks will not have an end time)
The details are in JSON format.
Type: String
** [NextToken](#API_GetProtectionStatus_ResponseSyntax) **
If you have more objects than the number that you specified for `MaxResults` in the request, the response includes a `NextToken` value. To list more objects, submit another `GetProtectionStatus` request, and specify the `NextToken` value from the response in the `NextToken` value in the next request.
AWS SDKs provide auto-pagination that identify `NextToken` in a response and make subsequent request calls automatically on your behalf. However, this feature is not supported by `GetProtectionStatus`. You must submit subsequent requests with `NextToken` using your own processes.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
** [ServiceType](#API_GetProtectionStatus_ResponseSyntax) **
The service type that is protected by the policy. Currently, this is always `SHIELD_ADVANCED`.
Type: String
Valid Values: `WAF | WAFV2 | SHIELD_ADVANCED | SECURITY_GROUPS_COMMON | SECURITY_GROUPS_CONTENT_AUDIT | SECURITY_GROUPS_USAGE_AUDIT | NETWORK_FIREWALL | DNS_FIREWALL | THIRD_PARTY_FIREWALL | IMPORT_NETWORK_FIREWALL | NETWORK_ACL_COMMON`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## Examples
### Example response
This example illustrates one usage of GetProtectionStatus.
```
[
{
accountId: account1
attackSummaries:[
{
attackId: attackId1
resourceARN: resource1
attackVector: [SYC_FLOOD, UDP_REFLECTION]
startTime: 1234567890123
endTime: 1234567890123
},
{
attackId: attackId2
resourceARN: resource2
attackVector: [SYC_FLOOD]
startTime: 1234567890123
endTime: 1234567890123
}
]
},
{
accountId: account2
attackSummaries:[
{
attackId: attackId3
resourceARN: resource3
attackVector: [SYC_FLOOD, UDP_REFLECTION]
startTime: 1234567890123
endTime: 1234567890123
},
{
attackId: attackId4
resourceARN: resource4
attackVector: [SYC_FLOOD]
startTime: 1234567890123
endTime: 1234567890123
}
]
},
]
```
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/GetProtectionStatus)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/GetProtectionStatus)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/GetProtectionStatus)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/GetProtectionStatus)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/GetProtectionStatus)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/GetProtectionStatus)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/GetProtectionStatus)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/GetProtectionStatus)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/GetProtectionStatus)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/GetProtectionStatus)
# GetProtocolsList
Returns information about the specified AWS Firewall Manager protocols list.
## Request Syntax
```
{
"DefaultList": boolean,
"ListId": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [DefaultList](#API_GetProtocolsList_RequestSyntax) **
Specifies whether the list to retrieve is a default list owned by AWS Firewall Manager.
Type: Boolean
Required: No
** [ListId](#API_GetProtocolsList_RequestSyntax) **
The ID of the AWS Firewall Manager protocols list that you want the details for.
Type: String
Length Constraints: Fixed length of 36.
Pattern: `^[a-z0-9A-Z-]{36}$`
Required: Yes
## Response Syntax
```
{
"ProtocolsList": {
"CreateTime": number,
"LastUpdateTime": number,
"ListId": "string",
"ListName": "string",
"ListUpdateToken": "string",
"PreviousProtocolsList": {
"string" : [ "string" ]
},
"ProtocolsList": [ "string" ]
},
"ProtocolsListArn": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [ProtocolsList](#API_GetProtocolsList_ResponseSyntax) **
Information about the specified AWS Firewall Manager protocols list.
Type: [ProtocolsListData](API_ProtocolsListData.md) object
** [ProtocolsListArn](#API_GetProtocolsList_ResponseSyntax) **
The Amazon Resource Name (ARN) of the specified protocols list.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/GetProtocolsList)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/GetProtocolsList)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/GetProtocolsList)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/GetProtocolsList)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/GetProtocolsList)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/GetProtocolsList)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/GetProtocolsList)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/GetProtocolsList)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/GetProtocolsList)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/GetProtocolsList)
# GetResourceSet
Gets information about a specific resource set.
## Request Syntax
```
{
"Identifier": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [Identifier](#API_GetResourceSet_RequestSyntax) **
A unique identifier for the resource set, used in a request to refer to the resource set.
Type: String
Length Constraints: Fixed length of 22.
Pattern: `^[a-z0-9A-Z]{22}$`
Required: Yes
## Response Syntax
```
{
"ResourceSet": {
"Description": "string",
"Id": "string",
"LastUpdateTime": number,
"Name": "string",
"ResourceSetStatus": "string",
"ResourceTypeList": [ "string" ],
"UpdateToken": "string"
},
"ResourceSetArn": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [ResourceSet](#API_GetResourceSet_ResponseSyntax) **
Information about the specified resource set.
Type: [ResourceSet](API_ResourceSet.md) object
** [ResourceSetArn](#API_GetResourceSet_ResponseSyntax) **
The Amazon Resource Name (ARN) of the resource set.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/GetResourceSet)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/GetResourceSet)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/GetResourceSet)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/GetResourceSet)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/GetResourceSet)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/GetResourceSet)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/GetResourceSet)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/GetResourceSet)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/GetResourceSet)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/GetResourceSet)
# GetThirdPartyFirewallAssociationStatus
The onboarding status of a Firewall Manager admin account to third-party firewall vendor tenant.
## Request Syntax
```
{
"ThirdPartyFirewall": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [ThirdPartyFirewall](#API_GetThirdPartyFirewallAssociationStatus_RequestSyntax) **
The name of the third-party firewall vendor.
Type: String
Valid Values: `PALO_ALTO_NETWORKS_CLOUD_NGFW | FORTIGATE_CLOUD_NATIVE_FIREWALL`
Required: Yes
## Response Syntax
```
{
"MarketplaceOnboardingStatus": "string",
"ThirdPartyFirewallStatus": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [MarketplaceOnboardingStatus](#API_GetThirdPartyFirewallAssociationStatus_ResponseSyntax) **
The status for subscribing to the third-party firewall vendor in the AWS Marketplace.
+ `NO_SUBSCRIPTION` - The Firewall Manager policy administrator isn't subscribed to the third-party firewall service in the AWS Marketplace.
+ `NOT_COMPLETE` - The Firewall Manager policy administrator is in the process of subscribing to the third-party firewall service in the AWS Marketplace, but doesn't yet have an active subscription.
+ `COMPLETE` - The Firewall Manager policy administrator has an active subscription to the third-party firewall service in the AWS Marketplace.
Type: String
Valid Values: `NO_SUBSCRIPTION | NOT_COMPLETE | COMPLETE`
** [ThirdPartyFirewallStatus](#API_GetThirdPartyFirewallAssociationStatus_ResponseSyntax) **
The current status for setting a Firewall Manager policy administrators account as an administrator of the third-party firewall tenant.
+ `ONBOARDING` - The Firewall Manager policy administrator is being designated as a tenant administrator.
+ `ONBOARD_COMPLETE` - The Firewall Manager policy administrator is designated as a tenant administrator.
+ `OFFBOARDING` - The Firewall Manager policy administrator is being removed as a tenant administrator.
+ `OFFBOARD_COMPLETE` - The Firewall Manager policy administrator has been removed as a tenant administrator.
+ `NOT_EXIST` - The Firewall Manager policy administrator doesn't exist as a tenant administrator.
Type: String
Valid Values: `ONBOARDING | ONBOARD_COMPLETE | OFFBOARDING | OFFBOARD_COMPLETE | NOT_EXIST`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus)
# GetViolationDetails
Retrieves violations for a resource based on the specified AWS Firewall Manager policy and AWS account.
## Request Syntax
```
{
"MemberAccount": "string",
"PolicyId": "string",
"ResourceId": "string",
"ResourceType": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [MemberAccount](#API_GetViolationDetails_RequestSyntax) **
The AWS account ID that you want the details for.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^[0-9]+$`
Required: Yes
** [PolicyId](#API_GetViolationDetails_RequestSyntax) **
The ID of the AWS Firewall Manager policy that you want the details for. You can get violation details for the following policy types:
+ AWS WAF
+ DNS Firewall
+ Imported Network Firewall
+ Network Firewall
+ Security group content audit
+ Network ACL
+ Third-party firewall
Type: String
Length Constraints: Fixed length of 36.
Pattern: `^[a-z0-9A-Z-]{36}$`
Required: Yes
** [ResourceId](#API_GetViolationDetails_RequestSyntax) **
The ID of the resource that has violations.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
** [ResourceType](#API_GetViolationDetails_RequestSyntax) **
The resource type. This is in the format shown in the [AWS Resource Types Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html). Supported resource types are: `AWS::WAFv2::WebACL`, `AWS::EC2::Instance`, `AWS::EC2::NetworkInterface`, `AWS::EC2::SecurityGroup`, `AWS::NetworkFirewall::FirewallPolicy`, and `AWS::EC2::Subnet`.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
## Response Syntax
```
{
"ViolationDetail": {
"MemberAccount": "string",
"PolicyId": "string",
"ResourceDescription": "string",
"ResourceId": "string",
"ResourceTags": [
{
"Key": "string",
"Value": "string"
}
],
"ResourceType": "string",
"ResourceViolations": [
{
"AwsEc2InstanceViolation": {
"AwsEc2NetworkInterfaceViolations": [
{
"ViolatingSecurityGroups": [ "string" ],
"ViolationTarget": "string"
}
],
"ViolationTarget": "string"
},
"AwsEc2NetworkInterfaceViolation": {
"ViolatingSecurityGroups": [ "string" ],
"ViolationTarget": "string"
},
"AwsVPCSecurityGroupViolation": {
"PartialMatches": [
{
"Reference": "string",
"TargetViolationReasons": [ "string" ]
}
],
"PossibleSecurityGroupRemediationActions": [
{
"Description": "string",
"IsDefaultAction": boolean,
"RemediationActionType": "string",
"RemediationResult": {
"FromPort": number,
"IPV4Range": "string",
"IPV6Range": "string",
"PrefixListId": "string",
"Protocol": "string",
"ToPort": number
}
}
],
"ViolationTarget": "string",
"ViolationTargetDescription": "string"
},
"DnsDuplicateRuleGroupViolation": {
"ViolationTarget": "string",
"ViolationTargetDescription": "string"
},
"DnsRuleGroupLimitExceededViolation": {
"NumberOfRuleGroupsAlreadyAssociated": number,
"ViolationTarget": "string",
"ViolationTargetDescription": "string"
},
"DnsRuleGroupPriorityConflictViolation": {
"ConflictingPolicyId": "string",
"ConflictingPriority": number,
"UnavailablePriorities": [ number ],
"ViolationTarget": "string",
"ViolationTargetDescription": "string"
},
"FirewallSubnetIsOutOfScopeViolation": {
"FirewallSubnetId": "string",
"SubnetAvailabilityZone": "string",
"SubnetAvailabilityZoneId": "string",
"VpcEndpointId": "string",
"VpcId": "string"
},
"FirewallSubnetMissingVPCEndpointViolation": {
"FirewallSubnetId": "string",
"SubnetAvailabilityZone": "string",
"SubnetAvailabilityZoneId": "string",
"VpcId": "string"
},
"InvalidNetworkAclEntriesViolation": {
"CurrentAssociatedNetworkAcl": "string",
"EntryViolations": [
{
"ActualEvaluationOrder": "string",
"EntriesWithConflicts": [
{
"EntryDetail": {
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string"
},
"EntryRuleNumber": number,
"EntryType": "string"
}
],
"EntryAtExpectedEvaluationOrder": {
"EntryDetail": {
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string"
},
"EntryRuleNumber": number,
"EntryType": "string"
},
"EntryViolationReasons": [ "string" ],
"ExpectedEntry": {
"EntryDetail": {
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string"
},
"EntryRuleNumber": number,
"EntryType": "string"
},
"ExpectedEvaluationOrder": "string"
}
],
"Subnet": "string",
"SubnetAvailabilityZone": "string",
"Vpc": "string"
},
"NetworkFirewallBlackHoleRouteDetectedViolation": {
"RouteTableId": "string",
"ViolatingRoutes": [
{
"Destination": "string",
"DestinationType": "string",
"Target": "string",
"TargetType": "string"
}
],
"ViolationTarget": "string",
"VpcId": "string"
},
"NetworkFirewallInternetTrafficNotInspectedViolation": {
"ActualFirewallSubnetRoutes": [
{
"Destination": "string",
"DestinationType": "string",
"Target": "string",
"TargetType": "string"
}
],
"ActualInternetGatewayRoutes": [
{
"Destination": "string",
"DestinationType": "string",
"Target": "string",
"TargetType": "string"
}
],
"CurrentFirewallSubnetRouteTable": "string",
"CurrentInternetGatewayRouteTable": "string",
"ExpectedFirewallEndpoint": "string",
"ExpectedFirewallSubnetRoutes": [
{
"AllowedTargets": [ "string" ],
"ContributingSubnets": [ "string" ],
"IpV4Cidr": "string",
"IpV6Cidr": "string",
"PrefixListId": "string",
"RouteTableId": "string"
}
],
"ExpectedInternetGatewayRoutes": [
{
"AllowedTargets": [ "string" ],
"ContributingSubnets": [ "string" ],
"IpV4Cidr": "string",
"IpV6Cidr": "string",
"PrefixListId": "string",
"RouteTableId": "string"
}
],
"FirewallSubnetId": "string",
"InternetGatewayId": "string",
"IsRouteTableUsedInDifferentAZ": boolean,
"RouteTableId": "string",
"SubnetAvailabilityZone": "string",
"SubnetId": "string",
"ViolatingRoutes": [
{
"Destination": "string",
"DestinationType": "string",
"Target": "string",
"TargetType": "string"
}
],
"VpcId": "string"
},
"NetworkFirewallInvalidRouteConfigurationViolation": {
"ActualFirewallEndpoint": "string",
"ActualFirewallSubnetId": "string",
"ActualFirewallSubnetRoutes": [
{
"Destination": "string",
"DestinationType": "string",
"Target": "string",
"TargetType": "string"
}
],
"ActualInternetGatewayRoutes": [
{
"Destination": "string",
"DestinationType": "string",
"Target": "string",
"TargetType": "string"
}
],
"AffectedSubnets": [ "string" ],
"CurrentFirewallSubnetRouteTable": "string",
"CurrentInternetGatewayRouteTable": "string",
"ExpectedFirewallEndpoint": "string",
"ExpectedFirewallSubnetId": "string",
"ExpectedFirewallSubnetRoutes": [
{
"AllowedTargets": [ "string" ],
"ContributingSubnets": [ "string" ],
"IpV4Cidr": "string",
"IpV6Cidr": "string",
"PrefixListId": "string",
"RouteTableId": "string"
}
],
"ExpectedInternetGatewayRoutes": [
{
"AllowedTargets": [ "string" ],
"ContributingSubnets": [ "string" ],
"IpV4Cidr": "string",
"IpV6Cidr": "string",
"PrefixListId": "string",
"RouteTableId": "string"
}
],
"InternetGatewayId": "string",
"IsRouteTableUsedInDifferentAZ": boolean,
"RouteTableId": "string",
"ViolatingRoute": {
"Destination": "string",
"DestinationType": "string",
"Target": "string",
"TargetType": "string"
},
"VpcId": "string"
},
"NetworkFirewallMissingExpectedRoutesViolation": {
"ExpectedRoutes": [
{
"AllowedTargets": [ "string" ],
"ContributingSubnets": [ "string" ],
"IpV4Cidr": "string",
"IpV6Cidr": "string",
"PrefixListId": "string",
"RouteTableId": "string"
}
],
"ViolationTarget": "string",
"VpcId": "string"
},
"NetworkFirewallMissingExpectedRTViolation": {
"AvailabilityZone": "string",
"CurrentRouteTable": "string",
"ExpectedRouteTable": "string",
"ViolationTarget": "string",
"VPC": "string"
},
"NetworkFirewallMissingFirewallViolation": {
"AvailabilityZone": "string",
"TargetViolationReason": "string",
"ViolationTarget": "string",
"VPC": "string"
},
"NetworkFirewallMissingSubnetViolation": {
"AvailabilityZone": "string",
"TargetViolationReason": "string",
"ViolationTarget": "string",
"VPC": "string"
},
"NetworkFirewallPolicyModifiedViolation": {
"CurrentPolicyDescription": {
"StatefulDefaultActions": [ "string" ],
"StatefulEngineOptions": {
"RuleOrder": "string",
"StreamExceptionPolicy": "string"
},
"StatefulRuleGroups": [
{
"Override": {
"Action": "string"
},
"Priority": number,
"ResourceId": "string",
"RuleGroupName": "string"
}
],
"StatelessCustomActions": [ "string" ],
"StatelessDefaultActions": [ "string" ],
"StatelessFragmentDefaultActions": [ "string" ],
"StatelessRuleGroups": [
{
"Priority": number,
"ResourceId": "string",
"RuleGroupName": "string"
}
]
},
"ExpectedPolicyDescription": {
"StatefulDefaultActions": [ "string" ],
"StatefulEngineOptions": {
"RuleOrder": "string",
"StreamExceptionPolicy": "string"
},
"StatefulRuleGroups": [
{
"Override": {
"Action": "string"
},
"Priority": number,
"ResourceId": "string",
"RuleGroupName": "string"
}
],
"StatelessCustomActions": [ "string" ],
"StatelessDefaultActions": [ "string" ],
"StatelessFragmentDefaultActions": [ "string" ],
"StatelessRuleGroups": [
{
"Priority": number,
"ResourceId": "string",
"RuleGroupName": "string"
}
]
},
"ViolationTarget": "string"
},
"NetworkFirewallUnexpectedFirewallRoutesViolation": {
"FirewallEndpoint": "string",
"FirewallSubnetId": "string",
"RouteTableId": "string",
"ViolatingRoutes": [
{
"Destination": "string",
"DestinationType": "string",
"Target": "string",
"TargetType": "string"
}
],
"VpcId": "string"
},
"NetworkFirewallUnexpectedGatewayRoutesViolation": {
"GatewayId": "string",
"RouteTableId": "string",
"ViolatingRoutes": [
{
"Destination": "string",
"DestinationType": "string",
"Target": "string",
"TargetType": "string"
}
],
"VpcId": "string"
},
"PossibleRemediationActions": {
"Actions": [
{
"Description": "string",
"IsDefaultAction": boolean,
"OrderedRemediationActions": [
{
"Order": number,
"RemediationAction": {
"CreateNetworkAclAction": {
"Description": "string",
"FMSCanRemediate": boolean,
"Vpc": {
"Description": "string",
"ResourceId": "string"
}
},
"CreateNetworkAclEntriesAction": {
"Description": "string",
"FMSCanRemediate": boolean,
"NetworkAclEntriesToBeCreated": [
{
"EntryDetail": {
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string"
},
"EntryRuleNumber": number,
"EntryType": "string"
}
],
"NetworkAclId": {
"Description": "string",
"ResourceId": "string"
}
},
"DeleteNetworkAclEntriesAction": {
"Description": "string",
"FMSCanRemediate": boolean,
"NetworkAclEntriesToBeDeleted": [
{
"EntryDetail": {
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string"
},
"EntryRuleNumber": number,
"EntryType": "string"
}
],
"NetworkAclId": {
"Description": "string",
"ResourceId": "string"
}
},
"Description": "string",
"EC2AssociateRouteTableAction": {
"Description": "string",
"GatewayId": {
"Description": "string",
"ResourceId": "string"
},
"RouteTableId": {
"Description": "string",
"ResourceId": "string"
},
"SubnetId": {
"Description": "string",
"ResourceId": "string"
}
},
"EC2CopyRouteTableAction": {
"Description": "string",
"RouteTableId": {
"Description": "string",
"ResourceId": "string"
},
"VpcId": {
"Description": "string",
"ResourceId": "string"
}
},
"EC2CreateRouteAction": {
"Description": "string",
"DestinationCidrBlock": "string",
"DestinationIpv6CidrBlock": "string",
"DestinationPrefixListId": "string",
"GatewayId": {
"Description": "string",
"ResourceId": "string"
},
"RouteTableId": {
"Description": "string",
"ResourceId": "string"
},
"VpcEndpointId": {
"Description": "string",
"ResourceId": "string"
}
},
"EC2CreateRouteTableAction": {
"Description": "string",
"VpcId": {
"Description": "string",
"ResourceId": "string"
}
},
"EC2DeleteRouteAction": {
"Description": "string",
"DestinationCidrBlock": "string",
"DestinationIpv6CidrBlock": "string",
"DestinationPrefixListId": "string",
"RouteTableId": {
"Description": "string",
"ResourceId": "string"
}
},
"EC2ReplaceRouteAction": {
"Description": "string",
"DestinationCidrBlock": "string",
"DestinationIpv6CidrBlock": "string",
"DestinationPrefixListId": "string",
"GatewayId": {
"Description": "string",
"ResourceId": "string"
},
"RouteTableId": {
"Description": "string",
"ResourceId": "string"
}
},
"EC2ReplaceRouteTableAssociationAction": {
"AssociationId": {
"Description": "string",
"ResourceId": "string"
},
"Description": "string",
"RouteTableId": {
"Description": "string",
"ResourceId": "string"
}
},
"FMSPolicyUpdateFirewallCreationConfigAction": {
"Description": "string",
"FirewallCreationConfig": "string"
},
"ReplaceNetworkAclAssociationAction": {
"AssociationId": {
"Description": "string",
"ResourceId": "string"
},
"Description": "string",
"FMSCanRemediate": boolean,
"NetworkAclId": {
"Description": "string",
"ResourceId": "string"
}
}
}
}
]
}
],
"Description": "string"
},
"RouteHasOutOfScopeEndpointViolation": {
"CurrentFirewallSubnetRouteTable": "string",
"CurrentInternetGatewayRouteTable": "string",
"FirewallSubnetId": "string",
"FirewallSubnetRoutes": [
{
"Destination": "string",
"DestinationType": "string",
"Target": "string",
"TargetType": "string"
}
],
"InternetGatewayId": "string",
"InternetGatewayRoutes": [
{
"Destination": "string",
"DestinationType": "string",
"Target": "string",
"TargetType": "string"
}
],
"RouteTableId": "string",
"SubnetAvailabilityZone": "string",
"SubnetAvailabilityZoneId": "string",
"SubnetId": "string",
"ViolatingRoutes": [
{
"Destination": "string",
"DestinationType": "string",
"Target": "string",
"TargetType": "string"
}
],
"VpcId": "string"
},
"ThirdPartyFirewallMissingExpectedRouteTableViolation": {
"AvailabilityZone": "string",
"CurrentRouteTable": "string",
"ExpectedRouteTable": "string",
"ViolationTarget": "string",
"VPC": "string"
},
"ThirdPartyFirewallMissingFirewallViolation": {
"AvailabilityZone": "string",
"TargetViolationReason": "string",
"ViolationTarget": "string",
"VPC": "string"
},
"ThirdPartyFirewallMissingSubnetViolation": {
"AvailabilityZone": "string",
"TargetViolationReason": "string",
"ViolationTarget": "string",
"VPC": "string"
},
"WebACLHasIncompatibleConfigurationViolation": {
"Description": "string",
"WebACLArn": "string"
},
"WebACLHasOutOfScopeResourcesViolation": {
"OutOfScopeResourceList": [ "string" ],
"WebACLArn": "string"
}
}
]
}
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [ViolationDetail](#API_GetViolationDetails_ResponseSyntax) **
Violation detail for a resource.
Type: [ViolationDetail](API_ViolationDetail.md) object
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/GetViolationDetails)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/GetViolationDetails)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/GetViolationDetails)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/GetViolationDetails)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/GetViolationDetails)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/GetViolationDetails)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/GetViolationDetails)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/GetViolationDetails)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/GetViolationDetails)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/GetViolationDetails)
# ListAdminAccountsForOrganization
Returns a `AdminAccounts` object that lists the Firewall Manager administrators within the organization that are onboarded to Firewall Manager by [AssociateAdminAccount](API_AssociateAdminAccount.md).
This operation can be called only from the organization's management account.
## Request Syntax
```
{
"MaxResults": number,
"NextToken": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [MaxResults](#API_ListAdminAccountsForOrganization_RequestSyntax) **
The maximum number of objects that you want Firewall Manager to return for this request. If more objects are available, in the response, Firewall Manager provides a `NextToken` value that you can use in a subsequent call to get the next batch of objects.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: No
** [NextToken](#API_ListAdminAccountsForOrganization_RequestSyntax) **
When you request a list of objects with a `MaxResults` setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Firewall Manager returns a `NextToken` value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: No
## Response Syntax
```
{
"AdminAccounts": [
{
"AdminAccount": "string",
"DefaultAdmin": boolean,
"Status": "string"
}
],
"NextToken": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [AdminAccounts](#API_ListAdminAccountsForOrganization_ResponseSyntax) **
A list of Firewall Manager administrator accounts within the organization that were onboarded as administrators by [AssociateAdminAccount](API_AssociateAdminAccount.md) or [PutAdminAccount](API_PutAdminAccount.md).
Type: Array of [AdminAccountSummary](API_AdminAccountSummary.md) objects
** [NextToken](#API_ListAdminAccountsForOrganization_ResponseSyntax) **
When you request a list of objects with a `MaxResults` setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Firewall Manager returns a `NextToken` value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** LimitExceededException **
The operation exceeds a resource limit, for example, the maximum number of `policy` objects that you can create for an AWS account. For more information, see [Firewall Manager Limits](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/ListAdminAccountsForOrganization)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/ListAdminAccountsForOrganization)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/ListAdminAccountsForOrganization)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/ListAdminAccountsForOrganization)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/ListAdminAccountsForOrganization)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/ListAdminAccountsForOrganization)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/ListAdminAccountsForOrganization)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/ListAdminAccountsForOrganization)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/ListAdminAccountsForOrganization)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/ListAdminAccountsForOrganization)
# ListAdminsManagingAccount
Lists the accounts that are managing the specified AWS Organizations member account. This is useful for any member account so that they can view the accounts who are managing their account. This operation only returns the managing administrators that have the requested account within their [AdminScope](API_AdminScope.md).
## Request Syntax
```
{
"MaxResults": number,
"NextToken": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [MaxResults](#API_ListAdminsManagingAccount_RequestSyntax) **
The maximum number of objects that you want Firewall Manager to return for this request. If more objects are available, in the response, Firewall Manager provides a `NextToken` value that you can use in a subsequent call to get the next batch of objects.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: No
** [NextToken](#API_ListAdminsManagingAccount_RequestSyntax) **
When you request a list of objects with a `MaxResults` setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Firewall Manager returns a `NextToken` value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: No
## Response Syntax
```
{
"AdminAccounts": [ "string" ],
"NextToken": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [AdminAccounts](#API_ListAdminsManagingAccount_ResponseSyntax) **
The list of accounts who manage member accounts within their [AdminScope](API_AdminScope.md).
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^[0-9]+$`
** [NextToken](#API_ListAdminsManagingAccount_ResponseSyntax) **
When you request a list of objects with a `MaxResults` setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Firewall Manager returns a `NextToken` value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/ListAdminsManagingAccount)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/ListAdminsManagingAccount)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/ListAdminsManagingAccount)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/ListAdminsManagingAccount)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/ListAdminsManagingAccount)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/ListAdminsManagingAccount)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/ListAdminsManagingAccount)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/ListAdminsManagingAccount)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/ListAdminsManagingAccount)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/ListAdminsManagingAccount)
# ListAppsLists
Returns an array of `AppsListDataSummary` objects.
## Request Syntax
```
{
"DefaultLists": boolean,
"MaxResults": number,
"NextToken": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [DefaultLists](#API_ListAppsLists_RequestSyntax) **
Specifies whether the lists to retrieve are default lists owned by AWS Firewall Manager.
Type: Boolean
Required: No
** [MaxResults](#API_ListAppsLists_RequestSyntax) **
The maximum number of objects that you want AWS Firewall Manager to return for this request. If more objects are available, in the response, AWS Firewall Manager provides a `NextToken` value that you can use in a subsequent call to get the next batch of objects.
If you don't specify this, AWS Firewall Manager returns all available objects.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: Yes
** [NextToken](#API_ListAppsLists_RequestSyntax) **
If you specify a value for `MaxResults` in your list request, and you have more objects than the maximum, AWS Firewall Manager returns this token in the response. For all but the first request, you provide the token returned by the prior request in the request parameters, to retrieve the next batch of objects.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: No
## Response Syntax
```
{
"AppsLists": [
{
"AppsList": [
{
"AppName": "string",
"Port": number,
"Protocol": "string"
}
],
"ListArn": "string",
"ListId": "string",
"ListName": "string"
}
],
"NextToken": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [AppsLists](#API_ListAppsLists_ResponseSyntax) **
An array of `AppsListDataSummary` objects.
Type: Array of [AppsListDataSummary](API_AppsListDataSummary.md) objects
** [NextToken](#API_ListAppsLists_ResponseSyntax) **
If you specify a value for `MaxResults` in your list request, and you have more objects than the maximum, AWS Firewall Manager returns this token in the response. You can use this token in subsequent requests to retrieve the next batch of objects.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** LimitExceededException **
The operation exceeds a resource limit, for example, the maximum number of `policy` objects that you can create for an AWS account. For more information, see [Firewall Manager Limits](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/ListAppsLists)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/ListAppsLists)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/ListAppsLists)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/ListAppsLists)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/ListAppsLists)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/ListAppsLists)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/ListAppsLists)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/ListAppsLists)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/ListAppsLists)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/ListAppsLists)
# ListComplianceStatus
Returns an array of `PolicyComplianceStatus` objects. Use `PolicyComplianceStatus` to get a summary of which member accounts are protected by the specified policy.
## Request Syntax
```
{
"MaxResults": number,
"NextToken": "string",
"PolicyId": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [MaxResults](#API_ListComplianceStatus_RequestSyntax) **
Specifies the number of `PolicyComplianceStatus` objects that you want Firewall Manager to return for this request. If you have more `PolicyComplianceStatus` objects than the number that you specify for `MaxResults`, the response includes a `NextToken` value that you can use to get another batch of `PolicyComplianceStatus` objects.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: No
** [NextToken](#API_ListComplianceStatus_RequestSyntax) **
If you specify a value for `MaxResults` and you have more `PolicyComplianceStatus` objects than the number that you specify for `MaxResults`, AWS Firewall Manager returns a `NextToken` value in the response that allows you to list another group of `PolicyComplianceStatus` objects. For the second and subsequent `ListComplianceStatus` requests, specify the value of `NextToken` from the previous response to get information about another batch of `PolicyComplianceStatus` objects.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: No
** [PolicyId](#API_ListComplianceStatus_RequestSyntax) **
The ID of the AWS Firewall Manager policy that you want the details for.
Type: String
Length Constraints: Fixed length of 36.
Pattern: `^[a-z0-9A-Z-]{36}$`
Required: Yes
## Response Syntax
```
{
"NextToken": "string",
"PolicyComplianceStatusList": [
{
"EvaluationResults": [
{
"ComplianceStatus": "string",
"EvaluationLimitExceeded": boolean,
"ViolatorCount": number
}
],
"IssueInfoMap": {
"string" : "string"
},
"LastUpdated": number,
"MemberAccount": "string",
"PolicyId": "string",
"PolicyName": "string",
"PolicyOwner": "string"
}
]
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [NextToken](#API_ListComplianceStatus_ResponseSyntax) **
If you have more `PolicyComplianceStatus` objects than the number that you specified for `MaxResults` in the request, the response includes a `NextToken` value. To list more `PolicyComplianceStatus` objects, submit another `ListComplianceStatus` request, and specify the `NextToken` value from the response in the `NextToken` value in the next request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
** [PolicyComplianceStatusList](#API_ListComplianceStatus_ResponseSyntax) **
An array of `PolicyComplianceStatus` objects.
Type: Array of [PolicyComplianceStatus](API_PolicyComplianceStatus.md) objects
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/ListComplianceStatus)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/ListComplianceStatus)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/ListComplianceStatus)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/ListComplianceStatus)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/ListComplianceStatus)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/ListComplianceStatus)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/ListComplianceStatus)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/ListComplianceStatus)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/ListComplianceStatus)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/ListComplianceStatus)
# ListDiscoveredResources
Returns an array of resources in the organization's accounts that are available to be associated with a resource set.
## Request Syntax
```
{
"MaxResults": number,
"MemberAccountIds": [ "string" ],
"NextToken": "string",
"ResourceType": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [MaxResults](#API_ListDiscoveredResources_RequestSyntax) **
The maximum number of objects that you want Firewall Manager to return for this request. If more objects are available, in the response, Firewall Manager provides a `NextToken` value that you can use in a subsequent call to get the next batch of objects.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: No
** [MemberAccountIds](#API_ListDiscoveredResources_RequestSyntax) **
The AWS account IDs to discover resources in. Only one account is supported per request. The account must be a member of your organization.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^[0-9]+$`
Required: Yes
** [NextToken](#API_ListDiscoveredResources_RequestSyntax) **
When you request a list of objects with a `MaxResults` setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Firewall Manager returns a `NextToken` value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: No
** [ResourceType](#API_ListDiscoveredResources_RequestSyntax) **
The type of resources to discover.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
## Response Syntax
```
{
"Items": [
{
"AccountId": "string",
"Name": "string",
"Type": "string",
"URI": "string"
}
],
"NextToken": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [Items](#API_ListDiscoveredResources_ResponseSyntax) **
Details of the resources that were discovered.
Type: Array of [DiscoveredResource](API_DiscoveredResource.md) objects
** [NextToken](#API_ListDiscoveredResources_ResponseSyntax) **
When you request a list of objects with a `MaxResults` setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Firewall Manager returns a `NextToken` value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/ListDiscoveredResources)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/ListDiscoveredResources)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/ListDiscoveredResources)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/ListDiscoveredResources)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/ListDiscoveredResources)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/ListDiscoveredResources)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/ListDiscoveredResources)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/ListDiscoveredResources)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/ListDiscoveredResources)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/ListDiscoveredResources)
# ListMemberAccounts
Returns a `MemberAccounts` object that lists the member accounts in the administrator's AWS organization.
Either an Firewall Manager administrator or the organization's management account can make this request.
## Request Syntax
```
{
"MaxResults": number,
"NextToken": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [MaxResults](#API_ListMemberAccounts_RequestSyntax) **
Specifies the number of member account IDs that you want AWS Firewall Manager to return for this request. If you have more IDs than the number that you specify for `MaxResults`, the response includes a `NextToken` value that you can use to get another batch of member account IDs.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: No
** [NextToken](#API_ListMemberAccounts_RequestSyntax) **
If you specify a value for `MaxResults` and you have more account IDs than the number that you specify for `MaxResults`, AWS Firewall Manager returns a `NextToken` value in the response that allows you to list another group of IDs. For the second and subsequent `ListMemberAccountsRequest` requests, specify the value of `NextToken` from the previous response to get information about another batch of member account IDs.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: No
## Response Syntax
```
{
"MemberAccounts": [ "string" ],
"NextToken": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [MemberAccounts](#API_ListMemberAccounts_ResponseSyntax) **
An array of account IDs.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^[0-9]+$`
** [NextToken](#API_ListMemberAccounts_ResponseSyntax) **
If you have more member account IDs than the number that you specified for `MaxResults` in the request, the response includes a `NextToken` value. To list more IDs, submit another `ListMemberAccounts` request, and specify the `NextToken` value from the response in the `NextToken` value in the next request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/ListMemberAccounts)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/ListMemberAccounts)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/ListMemberAccounts)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/ListMemberAccounts)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/ListMemberAccounts)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/ListMemberAccounts)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/ListMemberAccounts)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/ListMemberAccounts)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/ListMemberAccounts)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/ListMemberAccounts)
# ListPolicies
Returns an array of `PolicySummary` objects.
## Request Syntax
```
{
"MaxResults": number,
"NextToken": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [MaxResults](#API_ListPolicies_RequestSyntax) **
Specifies the number of `PolicySummary` objects that you want AWS Firewall Manager to return for this request. If you have more `PolicySummary` objects than the number that you specify for `MaxResults`, the response includes a `NextToken` value that you can use to get another batch of `PolicySummary` objects.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: No
** [NextToken](#API_ListPolicies_RequestSyntax) **
If you specify a value for `MaxResults` and you have more `PolicySummary` objects than the number that you specify for `MaxResults`, AWS Firewall Manager returns a `NextToken` value in the response that allows you to list another group of `PolicySummary` objects. For the second and subsequent `ListPolicies` requests, specify the value of `NextToken` from the previous response to get information about another batch of `PolicySummary` objects.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: No
## Response Syntax
```
{
"NextToken": "string",
"PolicyList": [
{
"DeleteUnusedFMManagedResources": boolean,
"PolicyArn": "string",
"PolicyId": "string",
"PolicyName": "string",
"PolicyStatus": "string",
"RemediationEnabled": boolean,
"ResourceType": "string",
"SecurityServiceType": "string"
}
]
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [NextToken](#API_ListPolicies_ResponseSyntax) **
If you have more `PolicySummary` objects than the number that you specified for `MaxResults` in the request, the response includes a `NextToken` value. To list more `PolicySummary` objects, submit another `ListPolicies` request, and specify the `NextToken` value from the response in the `NextToken` value in the next request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
** [PolicyList](#API_ListPolicies_ResponseSyntax) **
An array of `PolicySummary` objects.
Type: Array of [PolicySummary](API_PolicySummary.md) objects
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** LimitExceededException **
The operation exceeds a resource limit, for example, the maximum number of `policy` objects that you can create for an AWS account. For more information, see [Firewall Manager Limits](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/ListPolicies)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/ListPolicies)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/ListPolicies)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/ListPolicies)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/ListPolicies)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/ListPolicies)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/ListPolicies)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/ListPolicies)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/ListPolicies)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/ListPolicies)
# ListProtocolsLists
Returns an array of `ProtocolsListDataSummary` objects.
## Request Syntax
```
{
"DefaultLists": boolean,
"MaxResults": number,
"NextToken": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [DefaultLists](#API_ListProtocolsLists_RequestSyntax) **
Specifies whether the lists to retrieve are default lists owned by AWS Firewall Manager.
Type: Boolean
Required: No
** [MaxResults](#API_ListProtocolsLists_RequestSyntax) **
The maximum number of objects that you want AWS Firewall Manager to return for this request. If more objects are available, in the response, AWS Firewall Manager provides a `NextToken` value that you can use in a subsequent call to get the next batch of objects.
If you don't specify this, AWS Firewall Manager returns all available objects.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: Yes
** [NextToken](#API_ListProtocolsLists_RequestSyntax) **
If you specify a value for `MaxResults` in your list request, and you have more objects than the maximum, AWS Firewall Manager returns this token in the response. For all but the first request, you provide the token returned by the prior request in the request parameters, to retrieve the next batch of objects.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: No
## Response Syntax
```
{
"NextToken": "string",
"ProtocolsLists": [
{
"ListArn": "string",
"ListId": "string",
"ListName": "string",
"ProtocolsList": [ "string" ]
}
]
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [NextToken](#API_ListProtocolsLists_ResponseSyntax) **
If you specify a value for `MaxResults` in your list request, and you have more objects than the maximum, AWS Firewall Manager returns this token in the response. You can use this token in subsequent requests to retrieve the next batch of objects.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
** [ProtocolsLists](#API_ListProtocolsLists_ResponseSyntax) **
An array of `ProtocolsListDataSummary` objects.
Type: Array of [ProtocolsListDataSummary](API_ProtocolsListDataSummary.md) objects
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/ListProtocolsLists)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/ListProtocolsLists)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/ListProtocolsLists)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/ListProtocolsLists)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/ListProtocolsLists)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/ListProtocolsLists)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/ListProtocolsLists)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/ListProtocolsLists)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/ListProtocolsLists)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/ListProtocolsLists)
# ListResourceSetResources
Returns an array of resources that are currently associated to a resource set.
## Request Syntax
```
{
"Identifier": "string",
"MaxResults": number,
"NextToken": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [Identifier](#API_ListResourceSetResources_RequestSyntax) **
A unique identifier for the resource set, used in a request to refer to the resource set.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
** [MaxResults](#API_ListResourceSetResources_RequestSyntax) **
The maximum number of objects that you want Firewall Manager to return for this request. If more objects are available, in the response, Firewall Manager provides a `NextToken` value that you can use in a subsequent call to get the next batch of objects.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: No
** [NextToken](#API_ListResourceSetResources_RequestSyntax) **
When you request a list of objects with a `MaxResults` setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Firewall Manager returns a `NextToken` value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: No
## Response Syntax
```
{
"Items": [
{
"AccountId": "string",
"URI": "string"
}
],
"NextToken": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [Items](#API_ListResourceSetResources_ResponseSyntax) **
An array of the associated resources' uniform resource identifiers (URI).
Type: Array of [Resource](API_Resource.md) objects
** [NextToken](#API_ListResourceSetResources_ResponseSyntax) **
When you request a list of objects with a `MaxResults` setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Firewall Manager returns a `NextToken` value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/ListResourceSetResources)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/ListResourceSetResources)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/ListResourceSetResources)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/ListResourceSetResources)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/ListResourceSetResources)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/ListResourceSetResources)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/ListResourceSetResources)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/ListResourceSetResources)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/ListResourceSetResources)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/ListResourceSetResources)
# ListResourceSets
Returns an array of `ResourceSetSummary` objects.
## Request Syntax
```
{
"MaxResults": number,
"NextToken": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [MaxResults](#API_ListResourceSets_RequestSyntax) **
The maximum number of objects that you want Firewall Manager to return for this request. If more objects are available, in the response, Firewall Manager provides a `NextToken` value that you can use in a subsequent call to get the next batch of objects.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: No
** [NextToken](#API_ListResourceSets_RequestSyntax) **
When you request a list of objects with a `MaxResults` setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Firewall Manager returns a `NextToken` value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: No
## Response Syntax
```
{
"NextToken": "string",
"ResourceSets": [
{
"Description": "string",
"Id": "string",
"LastUpdateTime": number,
"Name": "string",
"ResourceSetStatus": "string"
}
]
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [NextToken](#API_ListResourceSets_ResponseSyntax) **
When you request a list of objects with a `MaxResults` setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Firewall Manager returns a `NextToken` value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
** [ResourceSets](#API_ListResourceSets_ResponseSyntax) **
An array of `ResourceSetSummary` objects.
Type: Array of [ResourceSetSummary](API_ResourceSetSummary.md) objects
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/ListResourceSets)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/ListResourceSets)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/ListResourceSets)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/ListResourceSets)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/ListResourceSets)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/ListResourceSets)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/ListResourceSets)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/ListResourceSets)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/ListResourceSets)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/ListResourceSets)
# ListTagsForResource
Retrieves the list of tags for the specified AWS resource.
## Request Syntax
```
{
"ResourceArn": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [ResourceArn](#API_ListTagsForResource_RequestSyntax) **
The Amazon Resource Name (ARN) of the resource to return tags for. The AWS Firewall Manager resources that support tagging are policies, applications lists, and protocols lists.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
## Response Syntax
```
{
"TagList": [
{
"Key": "string",
"Value": "string"
}
]
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [TagList](#API_ListTagsForResource_ResponseSyntax) **
The tags associated with the resource.
Type: Array of [Tag](API_Tag.md) objects
Array Members: Minimum number of 0 items. Maximum number of 200 items.
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/ListTagsForResource)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/ListTagsForResource)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/ListTagsForResource)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/ListTagsForResource)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/ListTagsForResource)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/ListTagsForResource)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/ListTagsForResource)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/ListTagsForResource)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/ListTagsForResource)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/ListTagsForResource)
# ListThirdPartyFirewallFirewallPolicies
Retrieves a list of all of the third-party firewall policies that are associated with the third-party firewall administrator's account.
## Request Syntax
```
{
"MaxResults": number,
"NextToken": "string",
"ThirdPartyFirewall": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [MaxResults](#API_ListThirdPartyFirewallFirewallPolicies_RequestSyntax) **
The maximum number of third-party firewall policies that you want Firewall Manager to return. If the specified third-party firewall vendor is associated with more than `MaxResults` firewall policies, the response includes a `NextToken` element. `NextToken` contains an encrypted token that identifies the first third-party firewall policies that Firewall Manager will return if you submit another request.
Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: Yes
** [NextToken](#API_ListThirdPartyFirewallFirewallPolicies_RequestSyntax) **
If the previous response included a `NextToken` element, the specified third-party firewall vendor is associated with more third-party firewall policies. To get more third-party firewall policies, submit another `ListThirdPartyFirewallFirewallPoliciesRequest` request.
For the value of `NextToken`, specify the value of `NextToken` from the previous response. If the previous response didn't include a `NextToken` element, there are no more third-party firewall policies to get.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: No
** [ThirdPartyFirewall](#API_ListThirdPartyFirewallFirewallPolicies_RequestSyntax) **
The name of the third-party firewall vendor.
Type: String
Valid Values: `PALO_ALTO_NETWORKS_CLOUD_NGFW | FORTIGATE_CLOUD_NATIVE_FIREWALL`
Required: Yes
## Response Syntax
```
{
"NextToken": "string",
"ThirdPartyFirewallFirewallPolicies": [
{
"FirewallPolicyId": "string",
"FirewallPolicyName": "string"
}
]
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [NextToken](#API_ListThirdPartyFirewallFirewallPolicies_ResponseSyntax) **
The value that you will use for `NextToken` in the next `ListThirdPartyFirewallFirewallPolicies` request.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
** [ThirdPartyFirewallFirewallPolicies](#API_ListThirdPartyFirewallFirewallPolicies_ResponseSyntax) **
A list that contains one `ThirdPartyFirewallFirewallPolicies` element for each third-party firewall policies that the specified third-party firewall vendor is associated with. Each `ThirdPartyFirewallFirewallPolicies` element contains the firewall policy name and ID.
Type: Array of [ThirdPartyFirewallFirewallPolicy](API_ThirdPartyFirewallFirewallPolicy.md) objects
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies)
# PutAdminAccount
Creates or updates an Firewall Manager administrator account. The account must be a member of the organization that was onboarded to Firewall Manager by [AssociateAdminAccount](API_AssociateAdminAccount.md). Only the organization's management account can create an Firewall Manager administrator account. When you create an Firewall Manager administrator account, the service checks to see if the account is already a delegated administrator within AWS Organizations. If the account isn't a delegated administrator, Firewall Manager calls Organizations to delegate the account within Organizations. For more information about administrator accounts within Organizations, see [Managing the AWS Accounts in Your Organization](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts.html).
## Request Syntax
```
{
"AdminAccount": "string",
"AdminScope": {
"AccountScope": {
"Accounts": [ "string" ],
"AllAccountsEnabled": boolean,
"ExcludeSpecifiedAccounts": boolean
},
"OrganizationalUnitScope": {
"AllOrganizationalUnitsEnabled": boolean,
"ExcludeSpecifiedOrganizationalUnits": boolean,
"OrganizationalUnits": [ "string" ]
},
"PolicyTypeScope": {
"AllPolicyTypesEnabled": boolean,
"PolicyTypes": [ "string" ]
},
"RegionScope": {
"AllRegionsEnabled": boolean,
"Regions": [ "string" ]
}
}
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [AdminAccount](#API_PutAdminAccount_RequestSyntax) **
The AWS account ID to add as an Firewall Manager administrator account. The account must be a member of the organization that was onboarded to Firewall Manager by [AssociateAdminAccount](API_AssociateAdminAccount.md). For more information about AWS Organizations, see [Managing the AWS Accounts in Your Organization](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts.html).
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^[0-9]+$`
Required: Yes
** [AdminScope](#API_PutAdminAccount_RequestSyntax) **
Configures the resources that the specified Firewall Manager administrator can manage. As a best practice, set the administrative scope according to the principles of least privilege. Only grant the administrator the specific resources or permissions that they need to perform the duties of their role.
Type: [AdminScope](API_AdminScope.md) object
Required: No
## Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** LimitExceededException **
The operation exceeds a resource limit, for example, the maximum number of `policy` objects that you can create for an AWS account. For more information, see [Firewall Manager Limits](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/PutAdminAccount)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/PutAdminAccount)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/PutAdminAccount)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/PutAdminAccount)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/PutAdminAccount)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/PutAdminAccount)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/PutAdminAccount)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/PutAdminAccount)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/PutAdminAccount)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/PutAdminAccount)
# PutAppsList
Creates an AWS Firewall Manager applications list.
## Request Syntax
```
{
"AppsList": {
"AppsList": [
{
"AppName": "string",
"Port": number,
"Protocol": "string"
}
],
"CreateTime": number,
"LastUpdateTime": number,
"ListId": "string",
"ListName": "string",
"ListUpdateToken": "string",
"PreviousAppsList": {
"string" : [
{
"AppName": "string",
"Port": number,
"Protocol": "string"
}
]
}
},
"TagList": [
{
"Key": "string",
"Value": "string"
}
]
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [AppsList](#API_PutAppsList_RequestSyntax) **
The details of the AWS Firewall Manager applications list to be created.
Type: [AppsListData](API_AppsListData.md) object
Required: Yes
** [TagList](#API_PutAppsList_RequestSyntax) **
The tags associated with the resource.
Type: Array of [Tag](API_Tag.md) objects
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Required: No
## Response Syntax
```
{
"AppsList": {
"AppsList": [
{
"AppName": "string",
"Port": number,
"Protocol": "string"
}
],
"CreateTime": number,
"LastUpdateTime": number,
"ListId": "string",
"ListName": "string",
"ListUpdateToken": "string",
"PreviousAppsList": {
"string" : [
{
"AppName": "string",
"Port": number,
"Protocol": "string"
}
]
}
},
"AppsListArn": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [AppsList](#API_PutAppsList_ResponseSyntax) **
The details of the AWS Firewall Manager applications list.
Type: [AppsListData](API_AppsListData.md) object
** [AppsListArn](#API_PutAppsList_ResponseSyntax) **
The Amazon Resource Name (ARN) of the applications list.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** LimitExceededException **
The operation exceeds a resource limit, for example, the maximum number of `policy` objects that you can create for an AWS account. For more information, see [Firewall Manager Limits](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/PutAppsList)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/PutAppsList)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/PutAppsList)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/PutAppsList)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/PutAppsList)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/PutAppsList)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/PutAppsList)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/PutAppsList)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/PutAppsList)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/PutAppsList)
# PutNotificationChannel
Designates the IAM role and Amazon Simple Notification Service (SNS) topic that Firewall Manager uses to record SNS logs.
To perform this action outside of the console, you must first configure the SNS topic's access policy to allow the `SnsRoleName` to publish SNS logs. If the `SnsRoleName` provided is a role other than the `AWSServiceRoleForFMS` service-linked role, this role must have a trust relationship configured to allow the Firewall Manager service principal `fms.amazonaws.com` to assume this role. For information about configuring an SNS access policy, see [Service roles for Firewall Manager](https://docs.aws.amazon.com/waf/latest/developerguide/fms-security_iam_service-with-iam.html#fms-security_iam_service-with-iam-roles-service) in the * AWS Firewall Manager Developer Guide*.
## Request Syntax
```
{
"SnsRoleName": "string",
"SnsTopicArn": "string"
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [SnsRoleName](#API_PutNotificationChannel_RequestSyntax) **
The Amazon Resource Name (ARN) of the IAM role that allows Amazon SNS to record AWS Firewall Manager activity.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
** [SnsTopicArn](#API_PutNotificationChannel_RequestSyntax) **
The Amazon Resource Name (ARN) of the SNS topic that collects notifications from AWS Firewall Manager.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
## Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/PutNotificationChannel)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/PutNotificationChannel)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/PutNotificationChannel)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/PutNotificationChannel)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/PutNotificationChannel)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/PutNotificationChannel)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/PutNotificationChannel)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/PutNotificationChannel)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/PutNotificationChannel)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/PutNotificationChannel)
# PutPolicy
Creates an AWS Firewall Manager policy.
A Firewall Manager policy is specific to the individual policy type. If you want to enforce multiple policy types across accounts, you can create multiple policies. You can create more than one policy for each type.
If you add a new account to an organization that you created with AWS Organizations, Firewall Manager automatically applies the policy to the resources in that account that are within scope of the policy.
Firewall Manager provides the following types of policies:
+ ** AWS WAF policy** - This policy applies AWS WAF web ACL protections to specified accounts and resources.
+ **Shield Advanced policy** - This policy applies Shield Advanced protection to specified accounts and resources.
+ **Security Groups policy** - This type of policy gives you control over security groups that are in use throughout your organization in AWS Organizations and lets you enforce a baseline set of rules across your organization.
+ **Network ACL policy** - This type of policy gives you control over the network ACLs that are in use throughout your organization in AWS Organizations and lets you enforce a baseline set of first and last network ACL rules across your organization.
+ **Network Firewall policy** - This policy applies Network Firewall protection to your organization's VPCs.
+ **DNS Firewall policy** - This policy applies Amazon Route 53 Resolver DNS Firewall protections to your organization's VPCs.
+ **Third-party firewall policy** - This policy applies third-party firewall protections. Third-party firewalls are available by subscription through the AWS Marketplace console at [AWS Marketplace](http://aws.amazon.com/marketplace).
+ **Palo Alto Networks Cloud NGFW policy** - This policy applies Palo Alto Networks Cloud Next Generation Firewall (NGFW) protections and Palo Alto Networks Cloud NGFW rulestacks to your organization's VPCs.
+ **Fortigate CNF policy** - This policy applies Fortigate Cloud Native Firewall (CNF) protections. Fortigate CNF is a cloud-centered solution that blocks Zero-Day threats and secures cloud infrastructures with industry-leading advanced threat prevention, smart web application firewalls (WAF), and API protection.
## Request Syntax
```
{
"Policy": {
"DeleteUnusedFMManagedResources": boolean,
"ExcludeMap": {
"string" : [ "string" ]
},
"ExcludeResourceTags": boolean,
"IncludeMap": {
"string" : [ "string" ]
},
"PolicyDescription": "string",
"PolicyId": "string",
"PolicyName": "string",
"PolicyStatus": "string",
"PolicyUpdateToken": "string",
"RemediationEnabled": boolean,
"ResourceSetIds": [ "string" ],
"ResourceTagLogicalOperator": "string",
"ResourceTags": [
{
"Key": "string",
"Value": "string"
}
],
"ResourceType": "string",
"ResourceTypeList": [ "string" ],
"SecurityServicePolicyData": {
"ManagedServiceData": "string",
"PolicyOption": {
"NetworkAclCommonPolicy": {
"NetworkAclEntrySet": {
"FirstEntries": [
{
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string"
}
],
"ForceRemediateForFirstEntries": boolean,
"ForceRemediateForLastEntries": boolean,
"LastEntries": [
{
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string"
}
]
}
},
"NetworkFirewallPolicy": {
"FirewallDeploymentModel": "string"
},
"ThirdPartyFirewallPolicy": {
"FirewallDeploymentModel": "string"
}
},
"Type": "string"
}
},
"TagList": [
{
"Key": "string",
"Value": "string"
}
]
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [Policy](#API_PutPolicy_RequestSyntax) **
The details of the AWS Firewall Manager policy to be created.
Type: [Policy](API_Policy.md) object
Required: Yes
** [TagList](#API_PutPolicy_RequestSyntax) **
The tags to add to the AWS resource.
Type: Array of [Tag](API_Tag.md) objects
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Required: No
## Response Syntax
```
{
"Policy": {
"DeleteUnusedFMManagedResources": boolean,
"ExcludeMap": {
"string" : [ "string" ]
},
"ExcludeResourceTags": boolean,
"IncludeMap": {
"string" : [ "string" ]
},
"PolicyDescription": "string",
"PolicyId": "string",
"PolicyName": "string",
"PolicyStatus": "string",
"PolicyUpdateToken": "string",
"RemediationEnabled": boolean,
"ResourceSetIds": [ "string" ],
"ResourceTagLogicalOperator": "string",
"ResourceTags": [
{
"Key": "string",
"Value": "string"
}
],
"ResourceType": "string",
"ResourceTypeList": [ "string" ],
"SecurityServicePolicyData": {
"ManagedServiceData": "string",
"PolicyOption": {
"NetworkAclCommonPolicy": {
"NetworkAclEntrySet": {
"FirstEntries": [
{
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string"
}
],
"ForceRemediateForFirstEntries": boolean,
"ForceRemediateForLastEntries": boolean,
"LastEntries": [
{
"CidrBlock": "string",
"Egress": boolean,
"IcmpTypeCode": {
"Code": number,
"Type": number
},
"Ipv6CidrBlock": "string",
"PortRange": {
"From": number,
"To": number
},
"Protocol": "string",
"RuleAction": "string"
}
]
}
},
"NetworkFirewallPolicy": {
"FirewallDeploymentModel": "string"
},
"ThirdPartyFirewallPolicy": {
"FirewallDeploymentModel": "string"
}
},
"Type": "string"
}
},
"PolicyArn": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [Policy](#API_PutPolicy_ResponseSyntax) **
The details of the AWS Firewall Manager policy.
Type: [Policy](API_Policy.md) object
** [PolicyArn](#API_PutPolicy_ResponseSyntax) **
The Amazon Resource Name (ARN) of the policy.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** InvalidTypeException **
The value of the `Type` parameter is invalid.
HTTP Status Code: 400
** LimitExceededException **
The operation exceeds a resource limit, for example, the maximum number of `policy` objects that you can create for an AWS account. For more information, see [Firewall Manager Limits](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/PutPolicy)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/PutPolicy)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/PutPolicy)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/PutPolicy)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/PutPolicy)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/PutPolicy)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/PutPolicy)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/PutPolicy)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/PutPolicy)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/PutPolicy)
# PutProtocolsList
Creates an AWS Firewall Manager protocols list.
## Request Syntax
```
{
"ProtocolsList": {
"CreateTime": number,
"LastUpdateTime": number,
"ListId": "string",
"ListName": "string",
"ListUpdateToken": "string",
"PreviousProtocolsList": {
"string" : [ "string" ]
},
"ProtocolsList": [ "string" ]
},
"TagList": [
{
"Key": "string",
"Value": "string"
}
]
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [ProtocolsList](#API_PutProtocolsList_RequestSyntax) **
The details of the AWS Firewall Manager protocols list to be created.
Type: [ProtocolsListData](API_ProtocolsListData.md) object
Required: Yes
** [TagList](#API_PutProtocolsList_RequestSyntax) **
The tags associated with the resource.
Type: Array of [Tag](API_Tag.md) objects
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Required: No
## Response Syntax
```
{
"ProtocolsList": {
"CreateTime": number,
"LastUpdateTime": number,
"ListId": "string",
"ListName": "string",
"ListUpdateToken": "string",
"PreviousProtocolsList": {
"string" : [ "string" ]
},
"ProtocolsList": [ "string" ]
},
"ProtocolsListArn": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [ProtocolsList](#API_PutProtocolsList_ResponseSyntax) **
The details of the AWS Firewall Manager protocols list.
Type: [ProtocolsListData](API_ProtocolsListData.md) object
** [ProtocolsListArn](#API_PutProtocolsList_ResponseSyntax) **
The Amazon Resource Name (ARN) of the protocols list.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** LimitExceededException **
The operation exceeds a resource limit, for example, the maximum number of `policy` objects that you can create for an AWS account. For more information, see [Firewall Manager Limits](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/PutProtocolsList)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/PutProtocolsList)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/PutProtocolsList)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/PutProtocolsList)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/PutProtocolsList)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/PutProtocolsList)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/PutProtocolsList)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/PutProtocolsList)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/PutProtocolsList)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/PutProtocolsList)
# PutResourceSet
Creates the resource set.
An AWS Firewall Manager resource set defines the resources to import into an Firewall Manager policy from another AWS service.
## Request Syntax
```
{
"ResourceSet": {
"Description": "string",
"Id": "string",
"LastUpdateTime": number,
"Name": "string",
"ResourceSetStatus": "string",
"ResourceTypeList": [ "string" ],
"UpdateToken": "string"
},
"TagList": [
{
"Key": "string",
"Value": "string"
}
]
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [ResourceSet](#API_PutResourceSet_RequestSyntax) **
Details about the resource set to be created or updated.>
Type: [ResourceSet](API_ResourceSet.md) object
Required: Yes
** [TagList](#API_PutResourceSet_RequestSyntax) **
Retrieves the tags associated with the specified resource set. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each AWS resource, up to 50 tags for a resource.
Type: Array of [Tag](API_Tag.md) objects
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Required: No
## Response Syntax
```
{
"ResourceSet": {
"Description": "string",
"Id": "string",
"LastUpdateTime": number,
"Name": "string",
"ResourceSetStatus": "string",
"ResourceTypeList": [ "string" ],
"UpdateToken": "string"
},
"ResourceSetArn": "string"
}
```
## Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
** [ResourceSet](#API_PutResourceSet_ResponseSyntax) **
Details about the resource set.
Type: [ResourceSet](API_ResourceSet.md) object
** [ResourceSetArn](#API_PutResourceSet_ResponseSyntax) **
The Amazon Resource Name (ARN) of the resource set.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** LimitExceededException **
The operation exceeds a resource limit, for example, the maximum number of `policy` objects that you can create for an AWS account. For more information, see [Firewall Manager Limits](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/PutResourceSet)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/PutResourceSet)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/PutResourceSet)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/PutResourceSet)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/PutResourceSet)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/PutResourceSet)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/PutResourceSet)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/PutResourceSet)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/PutResourceSet)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/PutResourceSet)
# TagResource
Adds one or more tags to an AWS resource.
## Request Syntax
```
{
"ResourceArn": "string",
"TagList": [
{
"Key": "string",
"Value": "string"
}
]
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [ResourceArn](#API_TagResource_RequestSyntax) **
The Amazon Resource Name (ARN) of the resource to return tags for. The AWS Firewall Manager resources that support tagging are policies, applications lists, and protocols lists.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
** [TagList](#API_TagResource_RequestSyntax) **
The tags to add to the resource.
Type: Array of [Tag](API_Tag.md) objects
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Required: Yes
## Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** LimitExceededException **
The operation exceeds a resource limit, for example, the maximum number of `policy` objects that you can create for an AWS account. For more information, see [Firewall Manager Limits](https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) in the * AWS WAF Developer Guide*.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/TagResource)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/TagResource)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/TagResource)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/TagResource)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/TagResource)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/TagResource)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/TagResource)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/TagResource)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/TagResource)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/TagResource)
# UntagResource
Removes one or more tags from an AWS resource.
## Request Syntax
```
{
"ResourceArn": "string",
"TagKeys": [ "string" ]
}
```
## Request Parameters
For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md).
The request accepts the following data in JSON format.
** [ResourceArn](#API_UntagResource_RequestSyntax) **
The Amazon Resource Name (ARN) of the resource to return tags for. The AWS Firewall Manager resources that support tagging are policies, applications lists, and protocols lists.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
** [TagKeys](#API_UntagResource_RequestSyntax) **
The keys of the tags to remove from the resource.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 200 items.
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: `^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$`
Required: Yes
## Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
## Errors
For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).
** InternalErrorException **
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
** InvalidInputException **
The parameters of the request were invalid.
HTTP Status Code: 400
** InvalidOperationException **
The operation failed because there was nothing to do or the operation wasn't possible. For example, you might have submitted an `AssociateAdminAccount` request for an account ID that was already set as the AWS Firewall Manager administrator. Or you might have tried to access a Region that's disabled by default, and that you need to enable for the Firewall Manager administrator account and for AWS Organizations before you can access it.
HTTP Status Code: 400
** ResourceNotFoundException **
The specified resource was not found.
HTTP Status Code: 400
## See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
+ [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/fms-2018-01-01/UntagResource)
+ [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/fms-2018-01-01/UntagResource)
+ [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/fms-2018-01-01/UntagResource)
+ [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/fms-2018-01-01/UntagResource)
+ [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/fms-2018-01-01/UntagResource)
+ [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/fms-2018-01-01/UntagResource)
+ [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/fms-2018-01-01/UntagResource)
+ [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/fms-2018-01-01/UntagResource)
+ [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/fms-2018-01-01/UntagResource)
+ [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/fms-2018-01-01/UntagResource)