/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace FMS { namespace Model { /** *

Details about the security service that is being used to protect the * resources.

See Also:

AWS * API Reference

*/ class AWS_FMS_API SecurityServicePolicyData { public: SecurityServicePolicyData(); SecurityServicePolicyData(Aws::Utils::Json::JsonView jsonValue); SecurityServicePolicyData& operator=(Aws::Utils::Json::JsonView jsonValue); Aws::Utils::Json::JsonValue Jsonize() const; /** *

The service that the policy is using to protect the resources. This specifies * the type of policy that is created, either an AWS WAF policy, a Shield Advanced * policy, or a security group policy. For security group policies, Firewall * Manager supports one security group for each common policy and for each content * audit policy. This is an adjustable limit that you can increase by contacting * AWS Support.

*/ inline const SecurityServiceType& GetType() const{ return m_type; } /** *

The service that the policy is using to protect the resources. This specifies * the type of policy that is created, either an AWS WAF policy, a Shield Advanced * policy, or a security group policy. For security group policies, Firewall * Manager supports one security group for each common policy and for each content * audit policy. This is an adjustable limit that you can increase by contacting * AWS Support.

*/ inline bool TypeHasBeenSet() const { return m_typeHasBeenSet; } /** *

The service that the policy is using to protect the resources. This specifies * the type of policy that is created, either an AWS WAF policy, a Shield Advanced * policy, or a security group policy. For security group policies, Firewall * Manager supports one security group for each common policy and for each content * audit policy. This is an adjustable limit that you can increase by contacting * AWS Support.

*/ inline void SetType(const SecurityServiceType& value) { m_typeHasBeenSet = true; m_type = value; } /** *

The service that the policy is using to protect the resources. This specifies * the type of policy that is created, either an AWS WAF policy, a Shield Advanced * policy, or a security group policy. For security group policies, Firewall * Manager supports one security group for each common policy and for each content * audit policy. This is an adjustable limit that you can increase by contacting * AWS Support.

*/ inline void SetType(SecurityServiceType&& value) { m_typeHasBeenSet = true; m_type = std::move(value); } /** *

The service that the policy is using to protect the resources. This specifies * the type of policy that is created, either an AWS WAF policy, a Shield Advanced * policy, or a security group policy. For security group policies, Firewall * Manager supports one security group for each common policy and for each content * audit policy. This is an adjustable limit that you can increase by contacting * AWS Support.

*/ inline SecurityServicePolicyData& WithType(const SecurityServiceType& value) { SetType(value); return *this;} /** *

The service that the policy is using to protect the resources. This specifies * the type of policy that is created, either an AWS WAF policy, a Shield Advanced * policy, or a security group policy. For security group policies, Firewall * Manager supports one security group for each common policy and for each content * audit policy. This is an adjustable limit that you can increase by contacting * AWS Support.

*/ inline SecurityServicePolicyData& WithType(SecurityServiceType&& value) { SetType(std::move(value)); return *this;} /** *

Details about the service that are specific to the service type, in JSON * format. For service type SHIELD_ADVANCED, this is an empty * string.

Example: WAFV2

* "ManagedServiceData": * "{\"type\":\"WAFV2\",\"defaultAction\":{\"type\":\"ALLOW\"},\"preProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":null,\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"COUNT\"},\"excludeRules\":[{\"name\":\"EntityName\"}],\"ruleGroupType\":\"RuleGroup\"}],\"postProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":{\"managedRuleGroupName\":\"AWSManagedRulesAdminProtectionRuleSet\",\"vendorName\":\"AWS\"},\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"NONE\"},\"excludeRules\":[],\"ruleGroupType\":\"ManagedRuleGroup\"}],\"overrideCustomerWebACLAssociation\":false}" *
Example: WAF Classic

* "ManagedServiceData": "{\"type\": \"WAF\", \"ruleGroups\": [{\"id\": * \"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": * \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}
*
Example: SECURITY_GROUPS_COMMON

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, * \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd\"}]}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *
Example: SECURITY_GROUPS_CONTENT_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_CONTENT_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd * \"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *

The security group action for content audit can be ALLOW or * DENY. For ALLOW, all in-scope security group rules * must be within the allowed range of the policy's security group rules. For * DENY, all in-scope security group rules must not contain a value or * a range that matches a rule value or range in the policy security group.
*
Example: SECURITY_GROUPS_USAGE_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_USAGE_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"},"RemediationEnabled":false,"Resou * rceType":"AWS::EC2::SecurityGroup"}

*/ inline const Aws::String& GetManagedServiceData() const{ return m_managedServiceData; } /** *

Details about the service that are specific to the service type, in JSON * format. For service type SHIELD_ADVANCED, this is an empty * string.

Example: WAFV2

* "ManagedServiceData": * "{\"type\":\"WAFV2\",\"defaultAction\":{\"type\":\"ALLOW\"},\"preProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":null,\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"COUNT\"},\"excludeRules\":[{\"name\":\"EntityName\"}],\"ruleGroupType\":\"RuleGroup\"}],\"postProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":{\"managedRuleGroupName\":\"AWSManagedRulesAdminProtectionRuleSet\",\"vendorName\":\"AWS\"},\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"NONE\"},\"excludeRules\":[],\"ruleGroupType\":\"ManagedRuleGroup\"}],\"overrideCustomerWebACLAssociation\":false}" *
Example: WAF Classic

* "ManagedServiceData": "{\"type\": \"WAF\", \"ruleGroups\": [{\"id\": * \"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": * \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}
*
Example: SECURITY_GROUPS_COMMON

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, * \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd\"}]}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *
Example: SECURITY_GROUPS_CONTENT_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_CONTENT_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd * \"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *

The security group action for content audit can be ALLOW or * DENY. For ALLOW, all in-scope security group rules * must be within the allowed range of the policy's security group rules. For * DENY, all in-scope security group rules must not contain a value or * a range that matches a rule value or range in the policy security group.
*
Example: SECURITY_GROUPS_USAGE_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_USAGE_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"},"RemediationEnabled":false,"Resou * rceType":"AWS::EC2::SecurityGroup"}

*/ inline bool ManagedServiceDataHasBeenSet() const { return m_managedServiceDataHasBeenSet; } /** *

Details about the service that are specific to the service type, in JSON * format. For service type SHIELD_ADVANCED, this is an empty * string.

Example: WAFV2

* "ManagedServiceData": * "{\"type\":\"WAFV2\",\"defaultAction\":{\"type\":\"ALLOW\"},\"preProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":null,\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"COUNT\"},\"excludeRules\":[{\"name\":\"EntityName\"}],\"ruleGroupType\":\"RuleGroup\"}],\"postProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":{\"managedRuleGroupName\":\"AWSManagedRulesAdminProtectionRuleSet\",\"vendorName\":\"AWS\"},\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"NONE\"},\"excludeRules\":[],\"ruleGroupType\":\"ManagedRuleGroup\"}],\"overrideCustomerWebACLAssociation\":false}" *
Example: WAF Classic

* "ManagedServiceData": "{\"type\": \"WAF\", \"ruleGroups\": [{\"id\": * \"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": * \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}
*
Example: SECURITY_GROUPS_COMMON

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, * \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd\"}]}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *
Example: SECURITY_GROUPS_CONTENT_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_CONTENT_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd * \"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *

The security group action for content audit can be ALLOW or * DENY. For ALLOW, all in-scope security group rules * must be within the allowed range of the policy's security group rules. For * DENY, all in-scope security group rules must not contain a value or * a range that matches a rule value or range in the policy security group.
*
Example: SECURITY_GROUPS_USAGE_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_USAGE_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"},"RemediationEnabled":false,"Resou * rceType":"AWS::EC2::SecurityGroup"}

*/ inline void SetManagedServiceData(const Aws::String& value) { m_managedServiceDataHasBeenSet = true; m_managedServiceData = value; } /** *

Details about the service that are specific to the service type, in JSON * format. For service type SHIELD_ADVANCED, this is an empty * string.

Example: WAFV2

* "ManagedServiceData": * "{\"type\":\"WAFV2\",\"defaultAction\":{\"type\":\"ALLOW\"},\"preProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":null,\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"COUNT\"},\"excludeRules\":[{\"name\":\"EntityName\"}],\"ruleGroupType\":\"RuleGroup\"}],\"postProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":{\"managedRuleGroupName\":\"AWSManagedRulesAdminProtectionRuleSet\",\"vendorName\":\"AWS\"},\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"NONE\"},\"excludeRules\":[],\"ruleGroupType\":\"ManagedRuleGroup\"}],\"overrideCustomerWebACLAssociation\":false}" *
Example: WAF Classic

* "ManagedServiceData": "{\"type\": \"WAF\", \"ruleGroups\": [{\"id\": * \"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": * \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}
*
Example: SECURITY_GROUPS_COMMON

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, * \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd\"}]}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *
Example: SECURITY_GROUPS_CONTENT_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_CONTENT_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd * \"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *

The security group action for content audit can be ALLOW or * DENY. For ALLOW, all in-scope security group rules * must be within the allowed range of the policy's security group rules. For * DENY, all in-scope security group rules must not contain a value or * a range that matches a rule value or range in the policy security group.
*
Example: SECURITY_GROUPS_USAGE_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_USAGE_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"},"RemediationEnabled":false,"Resou * rceType":"AWS::EC2::SecurityGroup"}

*/ inline void SetManagedServiceData(Aws::String&& value) { m_managedServiceDataHasBeenSet = true; m_managedServiceData = std::move(value); } /** *

Details about the service that are specific to the service type, in JSON * format. For service type SHIELD_ADVANCED, this is an empty * string.

Example: WAFV2

* "ManagedServiceData": * "{\"type\":\"WAFV2\",\"defaultAction\":{\"type\":\"ALLOW\"},\"preProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":null,\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"COUNT\"},\"excludeRules\":[{\"name\":\"EntityName\"}],\"ruleGroupType\":\"RuleGroup\"}],\"postProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":{\"managedRuleGroupName\":\"AWSManagedRulesAdminProtectionRuleSet\",\"vendorName\":\"AWS\"},\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"NONE\"},\"excludeRules\":[],\"ruleGroupType\":\"ManagedRuleGroup\"}],\"overrideCustomerWebACLAssociation\":false}" *
Example: WAF Classic

* "ManagedServiceData": "{\"type\": \"WAF\", \"ruleGroups\": [{\"id\": * \"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": * \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}
*
Example: SECURITY_GROUPS_COMMON

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, * \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd\"}]}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *
Example: SECURITY_GROUPS_CONTENT_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_CONTENT_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd * \"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *

The security group action for content audit can be ALLOW or * DENY. For ALLOW, all in-scope security group rules * must be within the allowed range of the policy's security group rules. For * DENY, all in-scope security group rules must not contain a value or * a range that matches a rule value or range in the policy security group.
*
Example: SECURITY_GROUPS_USAGE_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_USAGE_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"},"RemediationEnabled":false,"Resou * rceType":"AWS::EC2::SecurityGroup"}

*/ inline void SetManagedServiceData(const char* value) { m_managedServiceDataHasBeenSet = true; m_managedServiceData.assign(value); } /** *

Details about the service that are specific to the service type, in JSON * format. For service type SHIELD_ADVANCED, this is an empty * string.

Example: WAFV2

* "ManagedServiceData": * "{\"type\":\"WAFV2\",\"defaultAction\":{\"type\":\"ALLOW\"},\"preProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":null,\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"COUNT\"},\"excludeRules\":[{\"name\":\"EntityName\"}],\"ruleGroupType\":\"RuleGroup\"}],\"postProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":{\"managedRuleGroupName\":\"AWSManagedRulesAdminProtectionRuleSet\",\"vendorName\":\"AWS\"},\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"NONE\"},\"excludeRules\":[],\"ruleGroupType\":\"ManagedRuleGroup\"}],\"overrideCustomerWebACLAssociation\":false}" *
Example: WAF Classic

* "ManagedServiceData": "{\"type\": \"WAF\", \"ruleGroups\": [{\"id\": * \"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": * \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}
*
Example: SECURITY_GROUPS_COMMON

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, * \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd\"}]}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *
Example: SECURITY_GROUPS_CONTENT_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_CONTENT_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd * \"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *

The security group action for content audit can be ALLOW or * DENY. For ALLOW, all in-scope security group rules * must be within the allowed range of the policy's security group rules. For * DENY, all in-scope security group rules must not contain a value or * a range that matches a rule value or range in the policy security group.
*
Example: SECURITY_GROUPS_USAGE_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_USAGE_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"},"RemediationEnabled":false,"Resou * rceType":"AWS::EC2::SecurityGroup"}

*/ inline SecurityServicePolicyData& WithManagedServiceData(const Aws::String& value) { SetManagedServiceData(value); return *this;} /** *

Details about the service that are specific to the service type, in JSON * format. For service type SHIELD_ADVANCED, this is an empty * string.

Example: WAFV2

* "ManagedServiceData": * "{\"type\":\"WAFV2\",\"defaultAction\":{\"type\":\"ALLOW\"},\"preProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":null,\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"COUNT\"},\"excludeRules\":[{\"name\":\"EntityName\"}],\"ruleGroupType\":\"RuleGroup\"}],\"postProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":{\"managedRuleGroupName\":\"AWSManagedRulesAdminProtectionRuleSet\",\"vendorName\":\"AWS\"},\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"NONE\"},\"excludeRules\":[],\"ruleGroupType\":\"ManagedRuleGroup\"}],\"overrideCustomerWebACLAssociation\":false}" *
Example: WAF Classic

* "ManagedServiceData": "{\"type\": \"WAF\", \"ruleGroups\": [{\"id\": * \"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": * \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}
*
Example: SECURITY_GROUPS_COMMON

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, * \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd\"}]}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *
Example: SECURITY_GROUPS_CONTENT_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_CONTENT_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd * \"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *

The security group action for content audit can be ALLOW or * DENY. For ALLOW, all in-scope security group rules * must be within the allowed range of the policy's security group rules. For * DENY, all in-scope security group rules must not contain a value or * a range that matches a rule value or range in the policy security group.
*
Example: SECURITY_GROUPS_USAGE_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_USAGE_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"},"RemediationEnabled":false,"Resou * rceType":"AWS::EC2::SecurityGroup"}

*/ inline SecurityServicePolicyData& WithManagedServiceData(Aws::String&& value) { SetManagedServiceData(std::move(value)); return *this;} /** *

Details about the service that are specific to the service type, in JSON * format. For service type SHIELD_ADVANCED, this is an empty * string.

Example: WAFV2

* "ManagedServiceData": * "{\"type\":\"WAFV2\",\"defaultAction\":{\"type\":\"ALLOW\"},\"preProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":null,\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"COUNT\"},\"excludeRules\":[{\"name\":\"EntityName\"}],\"ruleGroupType\":\"RuleGroup\"}],\"postProcessRuleGroups\":[{\"managedRuleGroupIdentifier\":{\"managedRuleGroupName\":\"AWSManagedRulesAdminProtectionRuleSet\",\"vendorName\":\"AWS\"},\"ruleGroupArn\":\"rulegrouparn\",\"overrideAction\":{\"type\":\"NONE\"},\"excludeRules\":[],\"ruleGroupType\":\"ManagedRuleGroup\"}],\"overrideCustomerWebACLAssociation\":false}" *
Example: WAF Classic

* "ManagedServiceData": "{\"type\": \"WAF\", \"ruleGroups\": [{\"id\": * \"12345678-1bcd-9012-efga-0987654321ab\", \"overrideAction\" : {\"type\": * \"COUNT\"}}], \"defaultAction\": {\"type\": \"BLOCK\"}}
*
Example: SECURITY_GROUPS_COMMON

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_COMMON","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, * \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd\"}]}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *
Example: SECURITY_GROUPS_CONTENT_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_CONTENT_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_CONTENT_AUDIT\",\"securityGroups\":[{\"id\":\" * sg-000e55995d61a06bd * \"}],\"securityGroupAction\":{\"type\":\"ALLOW\"}}"},"RemediationEnabled":false,"ResourceType":"AWS::EC2::NetworkInterface"} *

The security group action for content audit can be ALLOW or * DENY. For ALLOW, all in-scope security group rules * must be within the allowed range of the policy's security group rules. For * DENY, all in-scope security group rules must not contain a value or * a range that matches a rule value or range in the policy security group.
*
Example: SECURITY_GROUPS_USAGE_AUDIT

* "SecurityServicePolicyData":{"Type":"SECURITY_GROUPS_USAGE_AUDIT","ManagedServiceData":"{\"type\":\"SECURITY_GROUPS_USAGE_AUDIT\",\"deleteUnusedSecurityGroups\":true,\"coalesceRedundantSecurityGroups\":true}"},"RemediationEnabled":false,"Resou * rceType":"AWS::EC2::SecurityGroup"}

*/ inline SecurityServicePolicyData& WithManagedServiceData(const char* value) { SetManagedServiceData(value); return *this;} private: SecurityServiceType m_type; bool m_typeHasBeenSet; Aws::String m_managedServiceData; bool m_managedServiceDataHasBeenSet; }; } // namespace Model } // namespace FMS } // namespace Aws