com.amazonaws.services.fms

Class AWSFMSClient

java.lang.Object

com.amazonaws.AmazonWebServiceClient

com.amazonaws.services.fms.AWSFMSClient

All Implemented Interfaces:

AWSFMS

Direct Known Subclasses:

AWSFMSAsyncClient

@ThreadSafe
 @Generated(value="com.amazonaws:aws-java-sdk-code-generator")
public class AWSFMSClient
extends AmazonWebServiceClient
implements AWSFMS

Client for accessing FMS. All service calls made using this client are blocking, and will not return until the service call completes.

AWS Firewall Manager

This is the AWS Firewall Manager API Reference. This guide is for developers who need detailed information about the AWS Firewall Manager API actions, data types, and errors. For detailed information about AWS Firewall Manager features, see the AWS Firewall Manager Developer Guide.

Field Summary

Fields inherited from class com.amazonaws.AmazonWebServiceClient

LOGGING_AWS_REQUEST_METRIC

Fields inherited from interface com.amazonaws.services.fms.AWSFMS

ENDPOINT_PREFIX

Method Summary

Modifier and Type	Method and Description
AssociateAdminAccountResult	associateAdminAccount(AssociateAdminAccountRequest request) Sets the AWS Firewall Manager administrator account.
static AWSFMSClientBuilder	builder()
DeleteNotificationChannelResult	deleteNotificationChannel(DeleteNotificationChannelRequest request) Deletes an AWS Firewall Manager association with the IAM role and the Amazon Simple Notification Service (SNS) topic that is used to record AWS Firewall Manager SNS logs.
DeletePolicyResult	deletePolicy(DeletePolicyRequest request) Permanently deletes an AWS Firewall Manager policy.
DisassociateAdminAccountResult	disassociateAdminAccount(DisassociateAdminAccountRequest request) Disassociates the account that has been set as the AWS Firewall Manager administrator account.
GetAdminAccountResult	getAdminAccount(GetAdminAccountRequest request) Returns the AWS Organizations master account that is associated with AWS Firewall Manager as the AWS Firewall Manager administrator.
ResponseMetadata	getCachedResponseMetadata(AmazonWebServiceRequest request) Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected.
GetComplianceDetailResult	getComplianceDetail(GetComplianceDetailRequest request) Returns detailed compliance information about the specified member account.
GetNotificationChannelResult	getNotificationChannel(GetNotificationChannelRequest request) Information about the Amazon Simple Notification Service (SNS) topic that is used to record AWS Firewall Manager SNS logs.
GetPolicyResult	getPolicy(GetPolicyRequest request) Returns information about the specified AWS Firewall Manager policy.
GetProtectionStatusResult	getProtectionStatus(GetProtectionStatusRequest request) If you created a Shield Advanced policy, returns policy-level attack summary information in the event of a potential DDoS attack.
ListComplianceStatusResult	listComplianceStatus(ListComplianceStatusRequest request) Returns an array of PolicyComplianceStatus objects in the response.
ListMemberAccountsResult	listMemberAccounts(ListMemberAccountsRequest request) Returns a MemberAccounts object that lists the member accounts in the administrator's AWS organization.
ListPoliciesResult	listPolicies(ListPoliciesRequest request) Returns an array of PolicySummary objects in the response.
PutNotificationChannelResult	putNotificationChannel(PutNotificationChannelRequest request) Designates the IAM role and Amazon Simple Notification Service (SNS) topic that AWS Firewall Manager uses to record SNS logs.
PutPolicyResult	putPolicy(PutPolicyRequest request) Creates an AWS Firewall Manager policy.

Methods inherited from class com.amazonaws.AmazonWebServiceClient

addRequestHandler, addRequestHandler, configureRegion, getClientConfiguration, getEndpointPrefix, getMonitoringListeners, getRequestMetricsCollector, getServiceName, getSignerByURI, getSignerOverride, getSignerRegionOverride, getTimeOffset, makeImmutable, removeRequestHandler, removeRequestHandler, setEndpoint, setEndpoint, setRegion, setServiceNameIntern, setSignerRegionOverride, setTimeOffset, shutdown, withEndpoint, withRegion, withRegion, withTimeOffset

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.amazonaws.services.fms.AWSFMS

shutdown

Method Detail

builder

public static AWSFMSClientBuilder builder()

associateAdminAccount

public AssociateAdminAccountResult associateAdminAccount(AssociateAdminAccountRequest request)

Sets the AWS Firewall Manager administrator account. AWS Firewall Manager must be associated with the master account of your AWS organization or associated with a member account that has the appropriate permissions. If the account ID that you submit is not an AWS Organizations master account, AWS Firewall Manager will set the appropriate permissions for the given member account.

The account that you associate with AWS Firewall Manager is called the AWS Firewall Manager administrator account.

Specified by:

associateAdminAccount in interface AWSFMS

Parameters:

associateAdminAccountRequest -

Returns:

Result of the AssociateAdminAccount operation returned by the service.

Throws:

InvalidOperationException - The operation failed because there was nothing to do. For example, you might have submitted an AssociateAdminAccount request, but the account ID that you submitted was already set as the AWS Firewall Manager administrator.

InvalidInputException - The parameters of the request were invalid.

ResourceNotFoundException - The specified resource was not found.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

See Also:

AWS API Documentation

deleteNotificationChannel

public DeleteNotificationChannelResult deleteNotificationChannel(DeleteNotificationChannelRequest request)

Deletes an AWS Firewall Manager association with the IAM role and the Amazon Simple Notification Service (SNS) topic that is used to record AWS Firewall Manager SNS logs.

Specified by:

deleteNotificationChannel in interface AWSFMS

Parameters:

deleteNotificationChannelRequest -

Returns:

Result of the DeleteNotificationChannel operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource was not found.

InvalidOperationException - The operation failed because there was nothing to do. For example, you might have submitted an AssociateAdminAccount request, but the account ID that you submitted was already set as the AWS Firewall Manager administrator.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

See Also:

AWS API Documentation

deletePolicy

public DeletePolicyResult deletePolicy(DeletePolicyRequest request)

Permanently deletes an AWS Firewall Manager policy.

Specified by:

deletePolicy in interface AWSFMS

Parameters:

deletePolicyRequest -

Returns:

Result of the DeletePolicy operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource was not found.

InvalidOperationException - The operation failed because there was nothing to do. For example, you might have submitted an AssociateAdminAccount request, but the account ID that you submitted was already set as the AWS Firewall Manager administrator.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

See Also:

AWS API Documentation

disassociateAdminAccount

public DisassociateAdminAccountResult disassociateAdminAccount(DisassociateAdminAccountRequest request)

Disassociates the account that has been set as the AWS Firewall Manager administrator account. To set a different account as the administrator account, you must submit an AssociateAdminAccount request.

Specified by:

disassociateAdminAccount in interface AWSFMS

Parameters:

disassociateAdminAccountRequest -

Returns:

Result of the DisassociateAdminAccount operation returned by the service.

Throws:

InvalidOperationException - The operation failed because there was nothing to do. For example, you might have submitted an AssociateAdminAccount request, but the account ID that you submitted was already set as the AWS Firewall Manager administrator.

ResourceNotFoundException - The specified resource was not found.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

See Also:

AWS API Documentation

getAdminAccount

public GetAdminAccountResult getAdminAccount(GetAdminAccountRequest request)

Returns the AWS Organizations master account that is associated with AWS Firewall Manager as the AWS Firewall Manager administrator.

Specified by:

getAdminAccount in interface AWSFMS

Parameters:

getAdminAccountRequest -

Returns:

Result of the GetAdminAccount operation returned by the service.

Throws:

InvalidOperationException - The operation failed because there was nothing to do. For example, you might have submitted an AssociateAdminAccount request, but the account ID that you submitted was already set as the AWS Firewall Manager administrator.

ResourceNotFoundException - The specified resource was not found.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

See Also:

AWS API Documentation

getComplianceDetail

public GetComplianceDetailResult getComplianceDetail(GetComplianceDetailRequest request)

Returns detailed compliance information about the specified member account. Details include resources that are in and out of compliance with the specified policy. Resources are considered noncompliant for AWS WAF and Shield Advanced policies if the specified policy has not been applied to them. Resources are considered noncompliant for security group policies if they are in scope of the policy, they violate one or more of the policy rules, and remediation is disabled or not possible.

Specified by:

getComplianceDetail in interface AWSFMS

Parameters:

getComplianceDetailRequest -

Returns:

Result of the GetComplianceDetail operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource was not found.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

See Also:

AWS API Documentation

getNotificationChannel

public GetNotificationChannelResult getNotificationChannel(GetNotificationChannelRequest request)

Information about the Amazon Simple Notification Service (SNS) topic that is used to record AWS Firewall Manager SNS logs.

Specified by:

getNotificationChannel in interface AWSFMS

Parameters:

getNotificationChannelRequest -

Returns:

Result of the GetNotificationChannel operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource was not found.

InvalidOperationException - The operation failed because there was nothing to do. For example, you might have submitted an AssociateAdminAccount request, but the account ID that you submitted was already set as the AWS Firewall Manager administrator.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

See Also:

AWS API Documentation

getPolicy

public GetPolicyResult getPolicy(GetPolicyRequest request)

Returns information about the specified AWS Firewall Manager policy.

Specified by:

getPolicy in interface AWSFMS

Parameters:

getPolicyRequest -

Returns:

Result of the GetPolicy operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource was not found.

InvalidOperationException - The operation failed because there was nothing to do. For example, you might have submitted an AssociateAdminAccount request, but the account ID that you submitted was already set as the AWS Firewall Manager administrator.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

InvalidTypeException - The value of the Type parameter is invalid.

See Also:

AWS API Documentation

getProtectionStatus

public GetProtectionStatusResult getProtectionStatus(GetProtectionStatusRequest request)

If you created a Shield Advanced policy, returns policy-level attack summary information in the event of a potential DDoS attack. Other policy types are currently unsupported.

Specified by:

getProtectionStatus in interface AWSFMS

Parameters:

getProtectionStatusRequest -

Returns:

Result of the GetProtectionStatus operation returned by the service.

Throws:

InvalidInputException - The parameters of the request were invalid.

ResourceNotFoundException - The specified resource was not found.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

See Also:

AWS API Documentation

listComplianceStatus

public ListComplianceStatusResult listComplianceStatus(ListComplianceStatusRequest request)

Returns an array of PolicyComplianceStatus objects in the response. Use PolicyComplianceStatus to get a summary of which member accounts are protected by the specified policy.

Specified by:

listComplianceStatus in interface AWSFMS

Parameters:

listComplianceStatusRequest -

Returns:

Result of the ListComplianceStatus operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource was not found.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

See Also:

AWS API Documentation

listMemberAccounts

public ListMemberAccountsResult listMemberAccounts(ListMemberAccountsRequest request)

Returns a MemberAccounts object that lists the member accounts in the administrator's AWS organization.

The ListMemberAccounts must be submitted by the account that is set as the AWS Firewall Manager administrator.

Specified by:

listMemberAccounts in interface AWSFMS

Parameters:

listMemberAccountsRequest -

Returns:

Result of the ListMemberAccounts operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource was not found.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

See Also:

AWS API Documentation

listPolicies

public ListPoliciesResult listPolicies(ListPoliciesRequest request)

Returns an array of PolicySummary objects in the response.

Specified by:

listPolicies in interface AWSFMS

Parameters:

listPoliciesRequest -

Returns:

Result of the ListPolicies operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource was not found.

InvalidOperationException - The operation failed because there was nothing to do. For example, you might have submitted an AssociateAdminAccount request, but the account ID that you submitted was already set as the AWS Firewall Manager administrator.

LimitExceededException - The operation exceeds a resource limit, for example, the maximum number of policy objects that you can create for an AWS account. For more information, see Firewall Manager Limits in the AWS WAF Developer Guide.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

See Also:

AWS API Documentation

putNotificationChannel

public PutNotificationChannelResult putNotificationChannel(PutNotificationChannelRequest request)

Designates the IAM role and Amazon Simple Notification Service (SNS) topic that AWS Firewall Manager uses to record SNS logs.

Specified by:

putNotificationChannel in interface AWSFMS

Parameters:

putNotificationChannelRequest -

Returns:

Result of the PutNotificationChannel operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource was not found.

InvalidOperationException - The operation failed because there was nothing to do. For example, you might have submitted an AssociateAdminAccount request, but the account ID that you submitted was already set as the AWS Firewall Manager administrator.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

See Also:

AWS API Documentation

putPolicy

public PutPolicyResult putPolicy(PutPolicyRequest request)

Creates an AWS Firewall Manager policy.

Firewall Manager provides the following types of policies:

• A Shield Advanced policy, which applies Shield Advanced protection to specified accounts and resources

• An AWS WAF policy, which contains a rule group and defines which resources are to be protected by that rule group

• A security group policy, which manages VPC security groups across your AWS organization.

Each policy is specific to one of the three types. If you want to enforce more than one policy type across accounts, you can create multiple policies. You can create multiple policies for each type.

You must be subscribed to Shield Advanced to create a Shield Advanced policy. For more information about subscribing to Shield Advanced, see CreateSubscription.

Specified by:

putPolicy in interface AWSFMS

Parameters:

putPolicyRequest -

Returns:

Result of the PutPolicy operation returned by the service.

Throws:

ResourceNotFoundException - The specified resource was not found.

InvalidOperationException - The operation failed because there was nothing to do. For example, you might have submitted an AssociateAdminAccount request, but the account ID that you submitted was already set as the AWS Firewall Manager administrator.

InvalidInputException - The parameters of the request were invalid.

LimitExceededException - The operation exceeds a resource limit, for example, the maximum number of policy objects that you can create for an AWS account. For more information, see Firewall Manager Limits in the AWS WAF Developer Guide.

InternalErrorException - The operation failed because of a system problem, even though the request was valid. Retry your request.

InvalidTypeException - The value of the Type parameter is invalid.

See Also:

AWS API Documentation

getCachedResponseMetadata

public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)

Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.

Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing the request.

Specified by:

getCachedResponseMetadata in interface AWSFMS

Parameters:

request - The originally executed request

Returns:

The response metadata for the specified request, or null if none is available.