public static interface Policy.Builder extends SdkPojo, CopyableBuilder<Policy.Builder,Policy>
Modifier and Type | Method and Description |
---|---|
Policy.Builder |
excludeMap(Map<CustomerPolicyScopeIdType,? extends Collection<String>> excludeMap)
Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy.
|
Policy.Builder |
excludeMapWithStrings(Map<String,? extends Collection<String>> excludeMap)
Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy.
|
Policy.Builder |
excludeResourceTags(Boolean excludeResourceTags)
If set to
True , resources with the tags that are specified in the ResourceTag array
are not in scope of the policy. |
Policy.Builder |
includeMap(Map<CustomerPolicyScopeIdType,? extends Collection<String>> includeMap)
Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy.
|
Policy.Builder |
includeMapWithStrings(Map<String,? extends Collection<String>> includeMap)
Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy.
|
Policy.Builder |
policyId(String policyId)
The ID of the AWS Firewall Manager policy.
|
Policy.Builder |
policyName(String policyName)
The name of the AWS Firewall Manager policy.
|
Policy.Builder |
policyUpdateToken(String policyUpdateToken)
A unique identifier for each update to the policy.
|
Policy.Builder |
remediationEnabled(Boolean remediationEnabled)
Indicates if the policy should be automatically applied to new resources.
|
Policy.Builder |
resourceTags(Collection<ResourceTag> resourceTags)
An array of
ResourceTag objects. |
Policy.Builder |
resourceTags(Consumer<ResourceTag.Builder>... resourceTags)
An array of
ResourceTag objects. |
Policy.Builder |
resourceTags(ResourceTag... resourceTags)
An array of
ResourceTag objects. |
Policy.Builder |
resourceType(String resourceType)
The type of resource protected by or in scope of the policy.
|
Policy.Builder |
resourceTypeList(Collection<String> resourceTypeList)
An array of
ResourceType . |
Policy.Builder |
resourceTypeList(String... resourceTypeList)
An array of
ResourceType . |
default Policy.Builder |
securityServicePolicyData(Consumer<SecurityServicePolicyData.Builder> securityServicePolicyData)
Details about the security service that is being used to protect the resources.
|
Policy.Builder |
securityServicePolicyData(SecurityServicePolicyData securityServicePolicyData)
Details about the security service that is being used to protect the resources.
|
equalsBySdkFields, sdkFields
copy
applyMutation, build
Policy.Builder policyId(String policyId)
The ID of the AWS Firewall Manager policy.
policyId
- The ID of the AWS Firewall Manager policy.Policy.Builder policyName(String policyName)
The name of the AWS Firewall Manager policy.
policyName
- The name of the AWS Firewall Manager policy.Policy.Builder policyUpdateToken(String policyUpdateToken)
A unique identifier for each update to the policy. When issuing a PutPolicy
request, the
PolicyUpdateToken
in the request must match the PolicyUpdateToken
of the current
policy version. To get the PolicyUpdateToken
of the current policy version, use a
GetPolicy
request.
policyUpdateToken
- A unique identifier for each update to the policy. When issuing a PutPolicy
request, the
PolicyUpdateToken
in the request must match the PolicyUpdateToken
of the
current policy version. To get the PolicyUpdateToken
of the current policy version, use a
GetPolicy
request.Policy.Builder securityServicePolicyData(SecurityServicePolicyData securityServicePolicyData)
Details about the security service that is being used to protect the resources.
securityServicePolicyData
- Details about the security service that is being used to protect the resources.default Policy.Builder securityServicePolicyData(Consumer<SecurityServicePolicyData.Builder> securityServicePolicyData)
Details about the security service that is being used to protect the resources.
This is a convenience that creates an instance of theSecurityServicePolicyData.Builder
avoiding the
need to create one manually via SecurityServicePolicyData.builder()
.
When the Consumer
completes, SdkBuilder.build()
is called immediately
and its result is passed to securityServicePolicyData(SecurityServicePolicyData)
.securityServicePolicyData
- a consumer that will call methods on SecurityServicePolicyData.Builder
securityServicePolicyData(SecurityServicePolicyData)
Policy.Builder resourceType(String resourceType)
The type of resource protected by or in scope of the policy. This is in the format shown in the AWS
Resource Types Reference. For AWS WAF and Shield Advanced, examples include
AWS::ElasticLoadBalancingV2::LoadBalancer
and AWS::CloudFront::Distribution
. For a
security group common policy, valid values are AWS::EC2::NetworkInterface
and
AWS::EC2::Instance
. For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup
, AWS::EC2::NetworkInterface
, and
AWS::EC2::Instance
. For a security group usage audit policy, the value is
AWS::EC2::SecurityGroup
. For an AWS Network Firewall policy, the value is
AWS::EC2::VPC
.
resourceType
- The type of resource protected by or in scope of the policy. This is in the format shown in the AWS Resource Types Reference. For AWS WAF and Shield Advanced, examples include
AWS::ElasticLoadBalancingV2::LoadBalancer
and AWS::CloudFront::Distribution
.
For a security group common policy, valid values are AWS::EC2::NetworkInterface
and
AWS::EC2::Instance
. For a security group content audit policy, valid values are
AWS::EC2::SecurityGroup
, AWS::EC2::NetworkInterface
, and
AWS::EC2::Instance
. For a security group usage audit policy, the value is
AWS::EC2::SecurityGroup
. For an AWS Network Firewall policy, the value is
AWS::EC2::VPC
.Policy.Builder resourceTypeList(Collection<String> resourceTypeList)
An array of ResourceType
.
resourceTypeList
- An array of ResourceType
.Policy.Builder resourceTypeList(String... resourceTypeList)
An array of ResourceType
.
resourceTypeList
- An array of ResourceType
.Policy.Builder resourceTags(Collection<ResourceTag> resourceTags)
An array of ResourceTag
objects.
resourceTags
- An array of ResourceTag
objects.Policy.Builder resourceTags(ResourceTag... resourceTags)
An array of ResourceTag
objects.
resourceTags
- An array of ResourceTag
objects.Policy.Builder resourceTags(Consumer<ResourceTag.Builder>... resourceTags)
An array of ResourceTag
objects.
List.Builder
avoiding the need to
create one manually via List#builder()
.
When the Consumer
completes, List.Builder#build()
is called immediately and its
result is passed to #resourceTags(List)
.resourceTags
- a consumer that will call methods on List.Builder
#resourceTags(List)
Policy.Builder excludeResourceTags(Boolean excludeResourceTags)
If set to True
, resources with the tags that are specified in the ResourceTag
array
are not in scope of the policy. If set to False
, and the ResourceTag
array is not
null, only resources with the specified tags are in scope of the policy.
excludeResourceTags
- If set to True
, resources with the tags that are specified in the
ResourceTag
array are not in scope of the policy. If set to False
, and the
ResourceTag
array is not null, only resources with the specified tags are in scope of the
policy.Policy.Builder remediationEnabled(Boolean remediationEnabled)
Indicates if the policy should be automatically applied to new resources.
remediationEnabled
- Indicates if the policy should be automatically applied to new resources.Policy.Builder includeMapWithStrings(Map<String,? extends Collection<String>> includeMap)
Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, AWS
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does not
evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then
Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a
valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
includeMap
- Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the
policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, AWS
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does
not evaluate any ExcludeMap
specifications. If you do not specify an
IncludeMap
, then Firewall Manager applies the policy to all accounts except for those
specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid
map: {“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following
is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Policy.Builder includeMap(Map<CustomerPolicyScopeIdType,? extends Collection<String>> includeMap)
Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, AWS
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does not
evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then
Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a
valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
includeMap
- Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to include in the
policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, AWS
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does
not evaluate any ExcludeMap
specifications. If you do not specify an
IncludeMap
, then Firewall Manager applies the policy to all accounts except for those
specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid
map: {“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following
is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Policy.Builder excludeMapWithStrings(Map<String,? extends Collection<String>> excludeMap)
Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, AWS
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does not
evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then
Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a
valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
excludeMap
- Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the
policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, AWS
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does
not evaluate any ExcludeMap
specifications. If you do not specify an
IncludeMap
, then Firewall Manager applies the policy to all accounts except for those
specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid
map: {“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following
is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Policy.Builder excludeMap(Map<CustomerPolicyScopeIdType,? extends Collection<String>> excludeMap)
Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, AWS
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does not
evaluate any ExcludeMap
specifications. If you do not specify an IncludeMap
, then
Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a
valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.
excludeMap
- Specifies the AWS account IDs and AWS Organizations organizational units (OUs) to exclude from the
policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its
child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap
, AWS
Firewall Manager applies the policy to all accounts specified by the IncludeMap
, and does
not evaluate any ExcludeMap
specifications. If you do not specify an
IncludeMap
, then Firewall Manager applies the policy to all accounts except for those
specified by the ExcludeMap
.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT
. For example, the following is a valid
map: {“ACCOUNT” : [“accountID1”, “accountID2”]}
.
Specify OUs by setting the key to ORG_UNIT
. For example, the following is a valid map:
{“ORG_UNIT” : [“ouid111”, “ouid112”]}
.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following
is a valid map:
{“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}
.