com.amazonaws.services.fms.model

Class Policy

java.lang.Object

com.amazonaws.services.fms.model.Policy

All Implemented Interfaces:

StructuredPojo, Serializable, Cloneable

@Generated(value="com.amazonaws:aws-java-sdk-code-generator")
public class Policy
extends Object
implements Serializable, Cloneable, StructuredPojo

An AWS Firewall Manager policy.

See Also:

AWS API Documentation, Serialized Form

Constructor Summary

Constructors

Constructor and Description
Policy()

Method Summary

Modifier and Type	Method and Description
Policy	addExcludeMapEntry(String key, List<String> value) Add a single ExcludeMap entry
Policy	addIncludeMapEntry(String key, List<String> value) Add a single IncludeMap entry
Policy	clearExcludeMapEntries() Removes all the entries added into ExcludeMap.
Policy	clearIncludeMapEntries() Removes all the entries added into IncludeMap.
Policy	clone()
boolean	equals(Object obj)
Map<String,List<String>>	getExcludeMap() Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy.
Boolean	getExcludeResourceTags() If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy.
Map<String,List<String>>	getIncludeMap() Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy.
String	getPolicyId() The ID of the AWS Firewall Manager policy.
String	getPolicyName() The friendly name of the AWS Firewall Manager policy.
String	getPolicyUpdateToken() A unique identifier for each update to the policy.
Boolean	getRemediationEnabled() Indicates if the policy should be automatically applied to new resources.
List<ResourceTag>	getResourceTags() An array of ResourceTag objects.
String	getResourceType() The type of resource protected by or in scope of the policy.
List<String>	getResourceTypeList() An array of ResourceType.
SecurityServicePolicyData	getSecurityServicePolicyData() Details about the security service that is being used to protect the resources.
int	hashCode()
Boolean	isExcludeResourceTags() If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy.
Boolean	isRemediationEnabled() Indicates if the policy should be automatically applied to new resources.
void	marshall(ProtocolMarshaller protocolMarshaller) Marshalls this structured data using the given ProtocolMarshaller.
void	setExcludeMap(Map<String,List<String>> excludeMap) Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy.
void	setExcludeResourceTags(Boolean excludeResourceTags) If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy.
void	setIncludeMap(Map<String,List<String>> includeMap) Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy.
void	setPolicyId(String policyId) The ID of the AWS Firewall Manager policy.
void	setPolicyName(String policyName) The friendly name of the AWS Firewall Manager policy.
void	setPolicyUpdateToken(String policyUpdateToken) A unique identifier for each update to the policy.
void	setRemediationEnabled(Boolean remediationEnabled) Indicates if the policy should be automatically applied to new resources.
void	setResourceTags(Collection<ResourceTag> resourceTags) An array of ResourceTag objects.
void	setResourceType(String resourceType) The type of resource protected by or in scope of the policy.
void	setResourceTypeList(Collection<String> resourceTypeList) An array of ResourceType.
void	setSecurityServicePolicyData(SecurityServicePolicyData securityServicePolicyData) Details about the security service that is being used to protect the resources.
String	toString() Returns a string representation of this object.
Policy	withExcludeMap(Map<String,List<String>> excludeMap) Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy.
Policy	withExcludeResourceTags(Boolean excludeResourceTags) If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy.
Policy	withIncludeMap(Map<String,List<String>> includeMap) Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy.
Policy	withPolicyId(String policyId) The ID of the AWS Firewall Manager policy.
Policy	withPolicyName(String policyName) The friendly name of the AWS Firewall Manager policy.
Policy	withPolicyUpdateToken(String policyUpdateToken) A unique identifier for each update to the policy.
Policy	withRemediationEnabled(Boolean remediationEnabled) Indicates if the policy should be automatically applied to new resources.
Policy	withResourceTags(Collection<ResourceTag> resourceTags) An array of ResourceTag objects.
Policy	withResourceTags(ResourceTag... resourceTags) An array of ResourceTag objects.
Policy	withResourceType(String resourceType) The type of resource protected by or in scope of the policy.
Policy	withResourceTypeList(Collection<String> resourceTypeList) An array of ResourceType.
Policy	withResourceTypeList(String... resourceTypeList) An array of ResourceType.
Policy	withSecurityServicePolicyData(SecurityServicePolicyData securityServicePolicyData) Details about the security service that is being used to protect the resources.

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

Policy

public Policy()

Method Detail

setPolicyId

public void setPolicyId(String policyId)

The ID of the AWS Firewall Manager policy.

Parameters:

policyId - The ID of the AWS Firewall Manager policy.

getPolicyId

public String getPolicyId()

The ID of the AWS Firewall Manager policy.

Returns:

The ID of the AWS Firewall Manager policy.

withPolicyId

public Policy withPolicyId(String policyId)

The ID of the AWS Firewall Manager policy.

Parameters:

policyId - The ID of the AWS Firewall Manager policy.

Returns:

Returns a reference to this object so that method calls can be chained together.

setPolicyName

public void setPolicyName(String policyName)

The friendly name of the AWS Firewall Manager policy.

Parameters:

policyName - The friendly name of the AWS Firewall Manager policy.

getPolicyName

public String getPolicyName()

The friendly name of the AWS Firewall Manager policy.

Returns:

The friendly name of the AWS Firewall Manager policy.

withPolicyName

public Policy withPolicyName(String policyName)

The friendly name of the AWS Firewall Manager policy.

Parameters:

policyName - The friendly name of the AWS Firewall Manager policy.

Returns:

Returns a reference to this object so that method calls can be chained together.

setPolicyUpdateToken

public void setPolicyUpdateToken(String policyUpdateToken)

A unique identifier for each update to the policy. When issuing a PutPolicy request, the PolicyUpdateToken in the request must match the PolicyUpdateToken of the current policy version. To get the PolicyUpdateToken of the current policy version, use a GetPolicy request.

Parameters:

policyUpdateToken - A unique identifier for each update to the policy. When issuing a PutPolicy request, the PolicyUpdateToken in the request must match the PolicyUpdateToken of the current policy version. To get the PolicyUpdateToken of the current policy version, use a GetPolicy request.

getPolicyUpdateToken

public String getPolicyUpdateToken()

A unique identifier for each update to the policy. When issuing a PutPolicy request, the PolicyUpdateToken in the request must match the PolicyUpdateToken of the current policy version. To get the PolicyUpdateToken of the current policy version, use a GetPolicy request.

Returns:

A unique identifier for each update to the policy. When issuing a PutPolicy request, the PolicyUpdateToken in the request must match the PolicyUpdateToken of the current policy version. To get the PolicyUpdateToken of the current policy version, use a GetPolicy request.

withPolicyUpdateToken

public Policy withPolicyUpdateToken(String policyUpdateToken)

A unique identifier for each update to the policy. When issuing a PutPolicy request, the PolicyUpdateToken in the request must match the PolicyUpdateToken of the current policy version. To get the PolicyUpdateToken of the current policy version, use a GetPolicy request.

Parameters:

policyUpdateToken - A unique identifier for each update to the policy. When issuing a PutPolicy request, the PolicyUpdateToken in the request must match the PolicyUpdateToken of the current policy version. To get the PolicyUpdateToken of the current policy version, use a GetPolicy request.

Returns:

Returns a reference to this object so that method calls can be chained together.

setSecurityServicePolicyData

public void setSecurityServicePolicyData(SecurityServicePolicyData securityServicePolicyData)

Details about the security service that is being used to protect the resources.

Parameters:

securityServicePolicyData - Details about the security service that is being used to protect the resources.

getSecurityServicePolicyData

public SecurityServicePolicyData getSecurityServicePolicyData()

Details about the security service that is being used to protect the resources.

Returns:

Details about the security service that is being used to protect the resources.

withSecurityServicePolicyData

public Policy withSecurityServicePolicyData(SecurityServicePolicyData securityServicePolicyData)

Details about the security service that is being used to protect the resources.

Parameters:

securityServicePolicyData - Details about the security service that is being used to protect the resources.

Returns:

Returns a reference to this object so that method calls can be chained together.

setResourceType

public void setResourceType(String resourceType)

The type of resource protected by or in scope of the policy. This is in the format shown in the AWS Resource Types Reference. For AWS WAF and Shield Advanced, examples include AWS::ElasticLoadBalancingV2::LoadBalancer and AWS::CloudFront::Distribution. For a security group common policy, valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a security group content audit policy, valid values are AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and AWS::EC2::Instance. For a security group usage audit policy, the value is AWS::EC2::SecurityGroup.

Parameters:

resourceType - The type of resource protected by or in scope of the policy. This is in the format shown in the AWS Resource Types Reference. For AWS WAF and Shield Advanced, examples include AWS::ElasticLoadBalancingV2::LoadBalancer and AWS::CloudFront::Distribution. For a security group common policy, valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a security group content audit policy, valid values are AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and AWS::EC2::Instance. For a security group usage audit policy, the value is AWS::EC2::SecurityGroup.

getResourceType

public String getResourceType()

The type of resource protected by or in scope of the policy. This is in the format shown in the AWS Resource Types Reference. For AWS WAF and Shield Advanced, examples include AWS::ElasticLoadBalancingV2::LoadBalancer and AWS::CloudFront::Distribution. For a security group common policy, valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a security group content audit policy, valid values are AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and AWS::EC2::Instance. For a security group usage audit policy, the value is AWS::EC2::SecurityGroup.

Returns:

The type of resource protected by or in scope of the policy. This is in the format shown in the AWS Resource Types Reference. For AWS WAF and Shield Advanced, examples include AWS::ElasticLoadBalancingV2::LoadBalancer and AWS::CloudFront::Distribution. For a security group common policy, valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a security group content audit policy, valid values are AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and AWS::EC2::Instance. For a security group usage audit policy, the value is AWS::EC2::SecurityGroup.

withResourceType

public Policy withResourceType(String resourceType)

The type of resource protected by or in scope of the policy. This is in the format shown in the AWS Resource Types Reference. For AWS WAF and Shield Advanced, examples include AWS::ElasticLoadBalancingV2::LoadBalancer and AWS::CloudFront::Distribution. For a security group common policy, valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a security group content audit policy, valid values are AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and AWS::EC2::Instance. For a security group usage audit policy, the value is AWS::EC2::SecurityGroup.

Parameters:

resourceType - The type of resource protected by or in scope of the policy. This is in the format shown in the AWS Resource Types Reference. For AWS WAF and Shield Advanced, examples include AWS::ElasticLoadBalancingV2::LoadBalancer and AWS::CloudFront::Distribution. For a security group common policy, valid values are AWS::EC2::NetworkInterface and AWS::EC2::Instance. For a security group content audit policy, valid values are AWS::EC2::SecurityGroup, AWS::EC2::NetworkInterface, and AWS::EC2::Instance. For a security group usage audit policy, the value is AWS::EC2::SecurityGroup.

Returns:

Returns a reference to this object so that method calls can be chained together.

getResourceTypeList

public List<String> getResourceTypeList()

An array of ResourceType.

Returns:

An array of ResourceType.

setResourceTypeList

public void setResourceTypeList(Collection<String> resourceTypeList)

An array of ResourceType.

Parameters:

resourceTypeList - An array of ResourceType.

withResourceTypeList

public Policy withResourceTypeList(String... resourceTypeList)

An array of ResourceType.

NOTE: This method appends the values to the existing list (if any). Use setResourceTypeList(java.util.Collection) or withResourceTypeList(java.util.Collection) if you want to override the existing values.

Parameters:

resourceTypeList - An array of ResourceType.

Returns:

Returns a reference to this object so that method calls can be chained together.

withResourceTypeList

public Policy withResourceTypeList(Collection<String> resourceTypeList)

An array of ResourceType.

Parameters:

resourceTypeList - An array of ResourceType.

Returns:

Returns a reference to this object so that method calls can be chained together.

getResourceTags

public List<ResourceTag> getResourceTags()

An array of ResourceTag objects.

Returns:

An array of ResourceTag objects.

setResourceTags

public void setResourceTags(Collection<ResourceTag> resourceTags)

An array of ResourceTag objects.

Parameters:

resourceTags - An array of ResourceTag objects.

withResourceTags

public Policy withResourceTags(ResourceTag... resourceTags)

An array of ResourceTag objects.

NOTE: This method appends the values to the existing list (if any). Use setResourceTags(java.util.Collection) or withResourceTags(java.util.Collection) if you want to override the existing values.

Parameters:

resourceTags - An array of ResourceTag objects.

Returns:

Returns a reference to this object so that method calls can be chained together.

withResourceTags

public Policy withResourceTags(Collection<ResourceTag> resourceTags)

An array of ResourceTag objects.

Parameters:

resourceTags - An array of ResourceTag objects.

Returns:

Returns a reference to this object so that method calls can be chained together.

setExcludeResourceTags

public void setExcludeResourceTags(Boolean excludeResourceTags)

If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.

Parameters:

excludeResourceTags - If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.

getExcludeResourceTags

public Boolean getExcludeResourceTags()

If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.

Returns:

If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.

withExcludeResourceTags

public Policy withExcludeResourceTags(Boolean excludeResourceTags)

If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.

Parameters:

excludeResourceTags - If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.

Returns:

Returns a reference to this object so that method calls can be chained together.

isExcludeResourceTags

public Boolean isExcludeResourceTags()

If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.

Returns:

If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.

setRemediationEnabled

public void setRemediationEnabled(Boolean remediationEnabled)

Indicates if the policy should be automatically applied to new resources.

Parameters:

remediationEnabled - Indicates if the policy should be automatically applied to new resources.

getRemediationEnabled

public Boolean getRemediationEnabled()

Indicates if the policy should be automatically applied to new resources.

Returns:

Indicates if the policy should be automatically applied to new resources.

withRemediationEnabled

public Policy withRemediationEnabled(Boolean remediationEnabled)

Indicates if the policy should be automatically applied to new resources.

Parameters:

remediationEnabled - Indicates if the policy should be automatically applied to new resources.

Returns:

Returns a reference to this object so that method calls can be chained together.

isRemediationEnabled

public Boolean isRemediationEnabled()

Indicates if the policy should be automatically applied to new resources.

Returns:

Indicates if the policy should be automatically applied to new resources.

getIncludeMap

public Map<String,List<String>> getIncludeMap()

Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, AWS Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

• Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.

• Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.

• Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.

Returns:

Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, AWS Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap , then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

• Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.

• Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.

• Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]} .

setIncludeMap

public void setIncludeMap(Map<String,List<String>> includeMap)

Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, AWS Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

• Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.

• Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.

• Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.

Parameters:

includeMap - Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, AWS Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

• Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.

• Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.

• Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.

withIncludeMap

public Policy withIncludeMap(Map<String,List<String>> includeMap)

Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, AWS Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

• Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.

• Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.

• Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.

Parameters:

includeMap - Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, AWS Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

• Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.

• Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.

• Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.

Returns:

Returns a reference to this object so that method calls can be chained together.

addIncludeMapEntry

public Policy addIncludeMapEntry(String key,
                                 List<String> value)

Add a single IncludeMap entry

See Also:

withIncludeMap(java.util.Map<java.lang.String, java.util.List<java.lang.String>>)

clearIncludeMapEntries

public Policy clearIncludeMapEntries()

Removes all the entries added into IncludeMap.

Returns:

Returns a reference to this object so that method calls can be chained together.

getExcludeMap

public Map<String,List<String>> getExcludeMap()

Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, AWS Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

• Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.

• Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.

• Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.

Returns:

Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, AWS Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap , then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

• Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.

• Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.

• Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]} .

setExcludeMap

public void setExcludeMap(Map<String,List<String>> excludeMap)

Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, AWS Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

• Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.

• Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.

• Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.

Parameters:

excludeMap - Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, AWS Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

• Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.

• Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.

• Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.

withExcludeMap

public Policy withExcludeMap(Map<String,List<String>> excludeMap)

Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, AWS Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

• Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.

• Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.

• Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.

Parameters:

excludeMap - Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, AWS Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

• Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.

• Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.

• Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.

Returns:

Returns a reference to this object so that method calls can be chained together.

addExcludeMapEntry

public Policy addExcludeMapEntry(String key,
                                 List<String> value)

Add a single ExcludeMap entry

See Also:

withExcludeMap(java.util.Map<java.lang.String, java.util.List<java.lang.String>>)

clearExcludeMapEntries

public Policy clearExcludeMapEntries()

Removes all the entries added into ExcludeMap.

Returns:

Returns a reference to this object so that method calls can be chained together.

toString

public String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

Returns:

A string representation of this object.

See Also:

Object.toString()

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

clone

public Policy clone()

Overrides:

clone in class Object

marshall

public void marshall(ProtocolMarshaller protocolMarshaller)

Description copied from interface: StructuredPojo

Marshalls this structured data using the given ProtocolMarshaller.

Specified by:

marshall in interface StructuredPojo

Parameters:

protocolMarshaller - Implementation of ProtocolMarshaller used to marshall this object's data.