openapi: 3.1.0 info: title: AWS Firewall Manager API description: AWS Firewall Manager is a security management service that enables you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations. version: '2018-01-01' contact: name: AWS Support url: https://aws.amazon.com/premiumsupport/ license: name: Apache 2.0 url: https://www.apache.org/licenses/LICENSE-2.0 servers: - url: https://fms.{region}.amazonaws.com variables: region: default: us-east-1 security: - awsSigV4: [] tags: - name: Policies description: Firewall Manager security policies - name: Admin Accounts description: Firewall Manager administrator account management - name: Member Accounts description: Member account association - name: Compliance description: Compliance status and violations - name: Resources description: Resource sets and tags - name: Protocols description: Protocol and resource tag lists paths: /fms/2018-01-01/policies: get: operationId: listPolicies summary: List Policies description: Returns an array of PolicySummary objects. tags: - Policies parameters: - name: maxResults in: query schema: type: integer description: Maximum number of policies to return. - name: nextToken in: query schema: type: string description: Pagination token. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/ListPoliciesResponse' examples: default: x-microcks-default: true value: PolicyList: - &id001 PolicyId: p-abc12345 PolicyName: WAF-Policy-Production PolicyUpdateToken: 1:abc123 SecurityServicePolicyData: Type: WAF ResourceType: AWS::ElasticLoadBalancingV2::LoadBalancer ExcludeResourceTags: false RemediationEnabled: true PolicyArn: arn:aws:fms:us-east-1:123456789012:policy/p-abc12345 NextToken: '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: putPolicy summary: Put Policy description: Creates or updates an AWS Firewall Manager policy. tags: - Policies requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PutPolicyRequest' responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/PutPolicyResponse' examples: default: x-microcks-default: true value: Policy: *id001 PolicyArn: arn:aws:fms:us-east-1:123456789012:policy/p-abc12345 '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /fms/2018-01-01/policies/{policyId}: get: operationId: getPolicy summary: Get Policy description: Returns information about the specified AWS Firewall Manager policy. tags: - Policies parameters: - name: policyId in: path required: true schema: type: string description: The ID of the policy. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/GetPolicyResponse' examples: default: x-microcks-default: true value: Policy: *id001 PolicyArn: arn:aws:fms:us-east-1:123456789012:policy/p-abc12345 '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Not Found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deletePolicy summary: Delete Policy description: Permanently deletes an AWS Firewall Manager policy. tags: - Policies parameters: - name: policyId in: path required: true schema: type: string description: The ID of the policy. - name: deleteAllPolicyResources in: query schema: type: boolean description: If True, the request deletes all AWS Firewall Manager-managed internet gateway associations. responses: '200': description: Success '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Not Found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /fms/2018-01-01/compliance/{policyId}/detail/{memberAccountId}: get: operationId: getComplianceDetail summary: Get Compliance Detail description: Returns detailed compliance information about the specified member account. tags: - Compliance parameters: - name: policyId in: path required: true schema: type: string description: The ID of the policy. - name: memberAccountId in: path required: true schema: type: string description: The AWS account ID. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/GetComplianceDetailResponse' examples: default: x-microcks-default: true value: PolicyComplianceDetail: PolicyId: p-abc12345 MemberAccount: '123456789012' Violators: [] EvaluationLimitExceeded: false ExpiredAt: '2026-04-19T00:00:00Z' '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '404': description: Not Found content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /fms/2018-01-01/admin-account: get: operationId: getAdminAccount summary: Get Admin Account description: Returns the AWS Organizations master account that is associated with AWS Firewall Manager as the AWS Firewall Manager default administrator. tags: - Admin Accounts responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/GetAdminAccountResponse' examples: default: x-microcks-default: true value: AdminAccount: '123456789012' RoleStatus: READY '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: associateAdminAccount summary: Associate Admin Account description: Sets the AWS Firewall Manager administrator account. tags: - Admin Accounts requestBody: required: true content: application/json: schema: type: object properties: AdminAccount: type: string required: - AdminAccount responses: '200': description: Success '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: disassociateAdminAccount summary: Disassociate Admin Account description: Disassociates the account that has been set as the AWS Firewall Manager administrator account. tags: - Admin Accounts responses: '200': description: Success '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /fms/2018-01-01/member-account: get: operationId: listMemberAccounts summary: List Member Accounts description: Returns a MemberAccounts object that lists the member accounts in the administrator account's AWS organization. tags: - Member Accounts parameters: - name: nextToken in: query schema: type: string description: Pagination token. - name: maxResults in: query schema: type: integer description: Maximum number of accounts to return. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/ListMemberAccountsResponse' examples: default: x-microcks-default: true value: MemberAccounts: - '123456789012' - '234567890123' NextToken: '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /fms/2018-01-01/resource-set: put: operationId: putResourceSet summary: Put Resource Set description: Creates or updates a resource set. tags: - Resources requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PutResourceSetRequest' responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/PutResourceSetResponse' examples: default: x-microcks-default: true value: ResourceSet: Id: rs-abc123 Name: MyResourceSet ResourceTypeList: - AWS::ElasticLoadBalancingV2::LoadBalancer ResourceSetArn: arn:aws:fms:us-east-1:123456789012:resource-set/rs-abc123 '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /fms/2018-01-01/resource-set/list: post: operationId: listResourceSets summary: List Resource Sets description: Returns an array of ResourceSetSummary objects. tags: - Resources requestBody: required: false content: application/json: schema: type: object properties: NextToken: type: string MaxResults: type: integer responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/ListResourceSetsResponse' examples: default: x-microcks-default: true value: ResourceSets: - Id: rs-abc123 Name: MyResourceSet NextToken: '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK /fms/2018-01-01/tags/{resourceArn}: get: operationId: listTagsForResource summary: List Tags For Resource description: Retrieves the list of tags for the specified AWS resource. tags: - Resources parameters: - name: resourceArn in: path required: true schema: type: string description: The Amazon Resource Name (ARN) of the resource. responses: '200': description: Success content: application/json: schema: $ref: '#/components/schemas/ListTagsForResourceResponse' examples: default: x-microcks-default: true value: TagList: - Key: Environment Value: Production '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: tagResource summary: Tag Resource description: Adds one or more tags to an AWS resource. tags: - Resources parameters: - name: resourceArn in: path required: true schema: type: string description: The ARN of the resource. requestBody: required: true content: application/json: schema: type: object properties: TagList: type: array items: $ref: '#/components/schemas/Tag' required: - TagList responses: '200': description: Success '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: awsSigV4: type: apiKey in: header name: Authorization description: AWS Signature Version 4 authentication schemas: Policy: type: object description: An AWS Firewall Manager policy that defines security rules and which resources are in scope. properties: PolicyId: type: string PolicyName: type: string PolicyUpdateToken: type: string SecurityServicePolicyData: $ref: '#/components/schemas/SecurityServicePolicyData' ResourceType: type: string ResourceTypeList: type: array items: type: string ResourceTags: type: array items: $ref: '#/components/schemas/ResourceTag' ExcludeResourceTags: type: boolean RemediationEnabled: type: boolean PolicyArn: type: string IncludeMap: type: object additionalProperties: type: array items: type: string ExcludeMap: type: object additionalProperties: type: array items: type: string required: - PolicyName - SecurityServicePolicyData - ResourceType - ExcludeResourceTags - RemediationEnabled SecurityServicePolicyData: type: object description: Details about the security service used to protect the resources. properties: Type: type: string enum: - WAF - WAFV2 - SHIELD_ADVANCED - SECURITY_GROUPS_COMMON - SECURITY_GROUPS_CONTENT_AUDIT - SECURITY_GROUPS_USAGE_AUDIT - NETWORK_FIREWALL - DNS_FIREWALL - THIRD_PARTY_FIREWALL - IMPORT_NETWORK_FIREWALL ManagedServiceData: type: string PolicyOption: type: object required: - Type ResourceTag: type: object description: A tag used to target resources in scope of a Firewall Manager policy. properties: Key: type: string Value: type: string required: - Key ComplianceViolator: type: object description: A resource that is not in compliance with the specified AWS Firewall Manager policy. properties: ResourceId: type: string ViolationReason: type: string ResourceType: type: string Metadata: type: object additionalProperties: type: string ResourceSet: type: object description: A set of resources to include in a Firewall Manager policy. properties: Id: type: string Name: type: string Description: type: string UpdateToken: type: string ResourceTypeList: type: array items: type: string LastUpdateTime: type: string format: date-time ResourceSetStatus: type: string enum: - ACTIVE - OUT_OF_ADMIN_SCOPE required: - Name - ResourceTypeList Tag: type: object description: A collection of key-value pairs. properties: Key: type: string Value: type: string required: - Key - Value ErrorResponse: type: object description: Standard error response from the Firewall Manager API. properties: Message: type: string Code: type: string ListPoliciesResponse: type: object properties: PolicyList: type: array items: $ref: '#/components/schemas/Policy' NextToken: type: string PutPolicyRequest: type: object required: - Policy properties: Policy: $ref: '#/components/schemas/Policy' TagList: type: array items: $ref: '#/components/schemas/Tag' PutPolicyResponse: type: object properties: Policy: $ref: '#/components/schemas/Policy' PolicyArn: type: string GetPolicyResponse: type: object properties: Policy: $ref: '#/components/schemas/Policy' PolicyArn: type: string GetComplianceDetailResponse: type: object properties: PolicyComplianceDetail: type: object GetAdminAccountResponse: type: object properties: AdminAccount: type: string RoleStatus: type: string ListMemberAccountsResponse: type: object properties: MemberAccounts: type: array items: type: string NextToken: type: string PutResourceSetRequest: type: object required: - ResourceSet properties: ResourceSet: $ref: '#/components/schemas/ResourceSet' TagList: type: array items: $ref: '#/components/schemas/Tag' PutResourceSetResponse: type: object properties: ResourceSet: $ref: '#/components/schemas/ResourceSet' ResourceSetArn: type: string ListResourceSetsResponse: type: object properties: ResourceSets: type: array items: $ref: '#/components/schemas/ResourceSet' NextToken: type: string ListTagsForResourceResponse: type: object properties: TagList: type: array items: $ref: '#/components/schemas/Tag'