FMS
AssociateAdminAccount
valid {
input.Body.AdminAccount == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AssociateThirdPartyFirewall
enum_ThirdPartyFirewall := [ "PALO_ALTO_NETWORKS_CLOUD_NGFW", "FORTIGATE_CLOUD_NATIVE_FIREWALL" ]
valid {
input.Body.ThirdPartyFirewall == enum_ThirdPartyFirewall[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchAssociateResource
valid {
input.Body.ResourceSetIdentifier == STRING
input.Body.Items[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
BatchDisassociateResource
valid {
input.Body.ResourceSetIdentifier == STRING
input.Body.Items[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteAppsList
valid {
input.Body.ListId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteNotificationChannel
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeletePolicy
valid {
input.Body.PolicyId == STRING
input.Body.DeleteAllPolicyResources == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteProtocolsList
valid {
input.Body.ListId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteResourceSet
valid {
input.Body.Identifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateAdminAccount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateThirdPartyFirewall
enum_ThirdPartyFirewall := [ "PALO_ALTO_NETWORKS_CLOUD_NGFW", "FORTIGATE_CLOUD_NATIVE_FIREWALL" ]
valid {
input.Body.ThirdPartyFirewall == enum_ThirdPartyFirewall[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAdminAccount
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAdminScope
valid {
input.Body.AdminAccount == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetAppsList
valid {
input.Body.ListId == STRING
input.Body.DefaultList == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetComplianceDetail
valid {
input.Body.PolicyId == STRING
input.Body.MemberAccount == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetNotificationChannel
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetPolicy
valid {
input.Body.PolicyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetProtectionStatus
valid {
input.Body.PolicyId == STRING
input.Body.MemberAccountId == STRING
input.Body.StartTime == TIMESTAMP
input.Body.EndTime == TIMESTAMP
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetProtocolsList
valid {
input.Body.ListId == STRING
input.Body.DefaultList == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetResourceSet
valid {
input.Body.Identifier == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetThirdPartyFirewallAssociationStatus
enum_ThirdPartyFirewall := [ "PALO_ALTO_NETWORKS_CLOUD_NGFW", "FORTIGATE_CLOUD_NATIVE_FIREWALL" ]
valid {
input.Body.ThirdPartyFirewall == enum_ThirdPartyFirewall[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetViolationDetails
valid {
input.Body.PolicyId == STRING
input.Body.MemberAccount == STRING
input.Body.ResourceId == STRING
input.Body.ResourceType == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAdminAccountsForOrganization
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAdminsManagingAccount
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAppsLists
valid {
input.Body.DefaultLists == BOOLEAN
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListComplianceStatus
valid {
input.Body.PolicyId == STRING
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListDiscoveredResources
valid {
input.Body.MemberAccountIds[_] == STRING
input.Body.ResourceType == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListMemberAccounts
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPolicies
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListProtocolsLists
valid {
input.Body.DefaultLists == BOOLEAN
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListResourceSetResources
valid {
input.Body.Identifier == STRING
input.Body.MaxResults == INTEGER
input.Body.NextToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListResourceSets
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListThirdPartyFirewallFirewallPolicies
enum_ThirdPartyFirewall := [ "PALO_ALTO_NETWORKS_CLOUD_NGFW", "FORTIGATE_CLOUD_NATIVE_FIREWALL" ]
valid {
input.Body.ThirdPartyFirewall == enum_ThirdPartyFirewall[_]
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutAdminAccount
enum_SecurityServiceType := [ "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL", "NETWORK_ACL_COMMON" ]
valid {
input.Body.AdminAccount == STRING
input.Body.AdminScope.AccountScope.Accounts[_] == STRING
input.Body.AdminScope.AccountScope.AllAccountsEnabled == BOOLEAN
input.Body.AdminScope.AccountScope.ExcludeSpecifiedAccounts == BOOLEAN
input.Body.AdminScope.OrganizationalUnitScope.OrganizationalUnits[_] == STRING
input.Body.AdminScope.OrganizationalUnitScope.AllOrganizationalUnitsEnabled == BOOLEAN
input.Body.AdminScope.OrganizationalUnitScope.ExcludeSpecifiedOrganizationalUnits == BOOLEAN
input.Body.AdminScope.RegionScope.Regions[_] == STRING
input.Body.AdminScope.RegionScope.AllRegionsEnabled == BOOLEAN
input.Body.AdminScope.PolicyTypeScope.PolicyTypes[_] == enum_SecurityServiceType[_]
input.Body.AdminScope.PolicyTypeScope.AllPolicyTypesEnabled == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutAppsList
valid {
input.Body.AppsList.ListId == STRING
input.Body.AppsList.ListName == STRING
input.Body.AppsList.ListUpdateToken == STRING
input.Body.AppsList.CreateTime == TIMESTAMP
input.Body.AppsList.LastUpdateTime == TIMESTAMP
input.Body.AppsList.AppsList[_].AppName == STRING
input.Body.AppsList.AppsList[_].Protocol == STRING
input.Body.AppsList.AppsList[_].Port == LONG
input.Body.AppsList.PreviousAppsList.STRING[_].AppName == STRING
input.Body.AppsList.PreviousAppsList.STRING[_].Protocol == STRING
input.Body.AppsList.PreviousAppsList.STRING[_].Port == LONG
input.Body.TagList[_].Key == STRING
input.Body.TagList[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutNotificationChannel
valid {
input.Body.SnsTopicArn == STRING
input.Body.SnsRoleName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutPolicy
enum_CustomerPolicyStatus := [ "ACTIVE", "OUT_OF_ADMIN_SCOPE" ]
enum_FirewallDeploymentModel := [ "CENTRALIZED", "DISTRIBUTED" ]
enum_NetworkAclRuleAction := [ "allow", "deny" ]
enum_SecurityServiceType := [ "WAF", "WAFV2", "SHIELD_ADVANCED", "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", "DNS_FIREWALL", "THIRD_PARTY_FIREWALL", "IMPORT_NETWORK_FIREWALL", "NETWORK_ACL_COMMON" ]
valid {
input.Body.Policy.PolicyId == STRING
input.Body.Policy.PolicyName == STRING
input.Body.Policy.PolicyUpdateToken == STRING
input.Body.Policy.SecurityServicePolicyData.Type == enum_SecurityServiceType[_]
input.Body.Policy.SecurityServicePolicyData.ManagedServiceData == STRING
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkFirewallPolicy.FirewallDeploymentModel == enum_FirewallDeploymentModel[_]
input.Body.Policy.SecurityServicePolicyData.PolicyOption.ThirdPartyFirewallPolicy.FirewallDeploymentModel == enum_FirewallDeploymentModel[_]
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.FirstEntries[_].IcmpTypeCode.Code == INTEGER
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.FirstEntries[_].IcmpTypeCode.Type == INTEGER
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.FirstEntries[_].Protocol == STRING
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.FirstEntries[_].PortRange.From == INTEGER
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.FirstEntries[_].PortRange.To == INTEGER
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.FirstEntries[_].CidrBlock == STRING
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.FirstEntries[_].Ipv6CidrBlock == STRING
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.FirstEntries[_].RuleAction == enum_NetworkAclRuleAction[_]
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.FirstEntries[_].Egress == BOOLEAN
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.ForceRemediateForFirstEntries == BOOLEAN
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.LastEntries[_].IcmpTypeCode.Code == INTEGER
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.LastEntries[_].IcmpTypeCode.Type == INTEGER
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.LastEntries[_].Protocol == STRING
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.LastEntries[_].PortRange.From == INTEGER
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.LastEntries[_].PortRange.To == INTEGER
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.LastEntries[_].CidrBlock == STRING
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.LastEntries[_].Ipv6CidrBlock == STRING
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.LastEntries[_].RuleAction == enum_NetworkAclRuleAction[_]
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.LastEntries[_].Egress == BOOLEAN
input.Body.Policy.SecurityServicePolicyData.PolicyOption.NetworkAclCommonPolicy.NetworkAclEntrySet.ForceRemediateForLastEntries == BOOLEAN
input.Body.Policy.ResourceType == STRING
input.Body.Policy.ResourceTypeList[_] == STRING
input.Body.Policy.ResourceTags[_].Key == STRING
input.Body.Policy.ResourceTags[_].Value == STRING
input.Body.Policy.ExcludeResourceTags == BOOLEAN
input.Body.Policy.RemediationEnabled == BOOLEAN
input.Body.Policy.DeleteUnusedFMManagedResources == BOOLEAN
input.Body.Policy.IncludeMap.ACCOUNT[_] == STRING
input.Body.Policy.IncludeMap.ORG_UNIT[_] == STRING
input.Body.Policy.ExcludeMap.ACCOUNT[_] == STRING
input.Body.Policy.ExcludeMap.ORG_UNIT[_] == STRING
input.Body.Policy.ResourceSetIds[_] == STRING
input.Body.Policy.PolicyDescription == STRING
input.Body.Policy.PolicyStatus == enum_CustomerPolicyStatus[_]
input.Body.TagList[_].Key == STRING
input.Body.TagList[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutProtocolsList
valid {
input.Body.ProtocolsList.ListId == STRING
input.Body.ProtocolsList.ListName == STRING
input.Body.ProtocolsList.ListUpdateToken == STRING
input.Body.ProtocolsList.CreateTime == TIMESTAMP
input.Body.ProtocolsList.LastUpdateTime == TIMESTAMP
input.Body.ProtocolsList.ProtocolsList[_] == STRING
input.Body.ProtocolsList.PreviousProtocolsList.STRING[_] == STRING
input.Body.TagList[_].Key == STRING
input.Body.TagList[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutResourceSet
enum_ResourceSetStatus := [ "ACTIVE", "OUT_OF_ADMIN_SCOPE" ]
valid {
input.Body.ResourceSet.Id == STRING
input.Body.ResourceSet.Name == STRING
input.Body.ResourceSet.Description == STRING
input.Body.ResourceSet.UpdateToken == STRING
input.Body.ResourceSet.ResourceTypeList[_] == STRING
input.Body.ResourceSet.LastUpdateTime == TIMESTAMP
input.Body.ResourceSet.ResourceSetStatus == enum_ResourceSetStatus[_]
input.Body.TagList[_].Key == STRING
input.Body.TagList[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.ResourceArn == STRING
input.Body.TagList[_].Key == STRING
input.Body.TagList[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.Body.ResourceArn == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 5 days ago