Retrieves violations for a resource based on the specified AWS Firewall Manager policy and AWS account.
fms_get_violation_details(PolicyId, MemberAccount, ResourceId,
ResourceType)[required] The ID of the AWS Firewall Manager policy that you want the details for. This currently only supports security group content audit policies.
[required] The AWS account ID that you want the details for.
[required] The ID of the resource that has violations.
[required] The resource type. This is in the format shown in the AWS Resource Types Reference.
Supported resource types are: AWS::EC2::Instance,
AWS::EC2::NetworkInterface, AWS::EC2::SecurityGroup,
AWS::NetworkFirewall::FirewallPolicy, and AWS::EC2::Subnet.
A list with the following syntax:
list(
ViolationDetail = list(
PolicyId = "string",
MemberAccount = "string",
ResourceId = "string",
ResourceType = "string",
ResourceViolations = list(
list(
AwsVPCSecurityGroupViolation = list(
ViolationTarget = "string",
ViolationTargetDescription = "string",
PartialMatches = list(
list(
Reference = "string",
TargetViolationReasons = list(
"string"
)
)
),
PossibleSecurityGroupRemediationActions = list(
list(
RemediationActionType = "REMOVE"|"MODIFY",
Description = "string",
RemediationResult = list(
IPV4Range = "string",
IPV6Range = "string",
PrefixListId = "string",
Protocol = "string",
FromPort = 123,
ToPort = 123
),
IsDefaultAction = TRUE|FALSE
)
)
),
AwsEc2NetworkInterfaceViolation = list(
ViolationTarget = "string",
ViolatingSecurityGroups = list(
"string"
)
),
AwsEc2InstanceViolation = list(
ViolationTarget = "string",
AwsEc2NetworkInterfaceViolations = list(
list(
ViolationTarget = "string",
ViolatingSecurityGroups = list(
"string"
)
)
)
),
NetworkFirewallMissingFirewallViolation = list(
ViolationTarget = "string",
VPC = "string",
AvailabilityZone = "string",
TargetViolationReason = "string"
),
NetworkFirewallMissingSubnetViolation = list(
ViolationTarget = "string",
VPC = "string",
AvailabilityZone = "string",
TargetViolationReason = "string"
),
NetworkFirewallMissingExpectedRTViolation = list(
ViolationTarget = "string",
VPC = "string",
AvailabilityZone = "string",
CurrentRouteTable = "string",
ExpectedRouteTable = "string"
),
NetworkFirewallPolicyModifiedViolation = list(
ViolationTarget = "string",
CurrentPolicyDescription = list(
StatelessRuleGroups = list(
list(
RuleGroupName = "string",
ResourceId = "string",
Priority = 123
)
),
StatelessDefaultActions = list(
"string"
),
StatelessFragmentDefaultActions = list(
"string"
),
StatelessCustomActions = list(
"string"
),
StatefulRuleGroups = list(
list(
RuleGroupName = "string",
ResourceId = "string"
)
)
),
ExpectedPolicyDescription = list(
StatelessRuleGroups = list(
list(
RuleGroupName = "string",
ResourceId = "string",
Priority = 123
)
),
StatelessDefaultActions = list(
"string"
),
StatelessFragmentDefaultActions = list(
"string"
),
StatelessCustomActions = list(
"string"
),
StatefulRuleGroups = list(
list(
RuleGroupName = "string",
ResourceId = "string"
)
)
)
)
)
),
ResourceTags = list(
list(
Key = "string",
Value = "string"
)
),
ResourceDescription = "string"
)
)
svc$get_violation_details( PolicyId = "string", MemberAccount = "string", ResourceId = "string", ResourceType = "string" )