diff --git a/cloudngfw/api/aws/associationrulestacks.mdx b/cloudngfw/api/aws/associationrulestacks.mdx
new file mode 100644
index 000000000..30b7e6546
--- /dev/null
+++ b/cloudngfw/api/aws/associationrulestacks.mdx
@@ -0,0 +1,12 @@
+---
+id: associationrulestacks
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/certificateobjects.mdx b/cloudngfw/api/aws/certificateobjects.mdx
new file mode 100644
index 000000000..4d0e5d739
--- /dev/null
+++ b/cloudngfw/api/aws/certificateobjects.mdx
@@ -0,0 +1,12 @@
+---
+id: certificateobjects
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/fileblockingaction.mdx b/cloudngfw/api/aws/fileblockingaction.mdx
new file mode 100644
index 000000000..feeff70df
--- /dev/null
+++ b/cloudngfw/api/aws/fileblockingaction.mdx
@@ -0,0 +1,12 @@
+---
+id: fileblockingaction
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/fqdnlist.mdx b/cloudngfw/api/aws/fqdnlist.mdx
new file mode 100644
index 000000000..95a76976b
--- /dev/null
+++ b/cloudngfw/api/aws/fqdnlist.mdx
@@ -0,0 +1,12 @@
+---
+id: fqdnlist
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/intelligentfeed.mdx b/cloudngfw/api/aws/intelligentfeed.mdx
new file mode 100644
index 000000000..3c93e64a2
--- /dev/null
+++ b/cloudngfw/api/aws/intelligentfeed.mdx
@@ -0,0 +1,12 @@
+---
+id: intelligentfeed
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/logprofile.mdx b/cloudngfw/api/aws/logprofile.mdx
new file mode 100644
index 000000000..98093ed25
--- /dev/null
+++ b/cloudngfw/api/aws/logprofile.mdx
@@ -0,0 +1,12 @@
+---
+id: logprofile
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/manageapitokens.mdx b/cloudngfw/api/aws/manageapitokens.mdx
new file mode 100644
index 000000000..102a44aea
--- /dev/null
+++ b/cloudngfw/api/aws/manageapitokens.mdx
@@ -0,0 +1,12 @@
+---
+id: manageapitokens
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/managecustomurlcategories.mdx b/cloudngfw/api/aws/managecustomurlcategories.mdx
new file mode 100644
index 000000000..1ad1551a8
--- /dev/null
+++ b/cloudngfw/api/aws/managecustomurlcategories.mdx
@@ -0,0 +1,12 @@
+---
+id: managecustomurlcategories
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/managengfw-v2.mdx b/cloudngfw/api/aws/managengfw-v2.mdx
new file mode 100644
index 000000000..5f8c3f8cb
--- /dev/null
+++ b/cloudngfw/api/aws/managengfw-v2.mdx
@@ -0,0 +1,12 @@
+---
+id: managengfw-v2
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/managengfw.mdx b/cloudngfw/api/aws/managengfw.mdx
new file mode 100644
index 000000000..bdb603431
--- /dev/null
+++ b/cloudngfw/api/aws/managengfw.mdx
@@ -0,0 +1,12 @@
+---
+id: managengfw
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/managengfwtags.mdx b/cloudngfw/api/aws/managengfwtags.mdx
new file mode 100644
index 000000000..220cc85f4
--- /dev/null
+++ b/cloudngfw/api/aws/managengfwtags.mdx
@@ -0,0 +1,12 @@
+---
+id: managengfwtags
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/managerulestacks.mdx b/cloudngfw/api/aws/managerulestacks.mdx
new file mode 100644
index 000000000..41f1d83b0
--- /dev/null
+++ b/cloudngfw/api/aws/managerulestacks.mdx
@@ -0,0 +1,12 @@
+---
+id: managerulestacks
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/managerulestacktags.mdx b/cloudngfw/api/aws/managerulestacktags.mdx
new file mode 100644
index 000000000..7a161b358
--- /dev/null
+++ b/cloudngfw/api/aws/managerulestacktags.mdx
@@ -0,0 +1,12 @@
+---
+id: managerulestacktags
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/managesubscription.mdx b/cloudngfw/api/aws/managesubscription.mdx
new file mode 100644
index 000000000..4021134e3
--- /dev/null
+++ b/cloudngfw/api/aws/managesubscription.mdx
@@ -0,0 +1,12 @@
+---
+id: managesubscription
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/predefinedurlcategories.mdx b/cloudngfw/api/aws/predefinedurlcategories.mdx
new file mode 100644
index 000000000..2ea3fc4e1
--- /dev/null
+++ b/cloudngfw/api/aws/predefinedurlcategories.mdx
@@ -0,0 +1,12 @@
+---
+id: predefinedurlcategories
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/prefixlist.mdx b/cloudngfw/api/aws/prefixlist.mdx
new file mode 100644
index 000000000..9a74ce4d8
--- /dev/null
+++ b/cloudngfw/api/aws/prefixlist.mdx
@@ -0,0 +1,12 @@
+---
+id: prefixlist
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/securityrules.mdx b/cloudngfw/api/aws/securityrules.mdx
new file mode 100644
index 000000000..1d1aadc3b
--- /dev/null
+++ b/cloudngfw/api/aws/securityrules.mdx
@@ -0,0 +1,12 @@
+---
+id: securityrules
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/useronboarding-linkaccount.mdx b/cloudngfw/api/aws/useronboarding-linkaccount.mdx
new file mode 100644
index 000000000..d386f1ae2
--- /dev/null
+++ b/cloudngfw/api/aws/useronboarding-linkaccount.mdx
@@ -0,0 +1,12 @@
+---
+id: useronboarding-linkaccount
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/cloudngfw/api/aws/useronboarding-xaccountroles.mdx b/cloudngfw/api/aws/useronboarding-xaccountroles.mdx
new file mode 100644
index 000000000..b14a45b0c
--- /dev/null
+++ b/cloudngfw/api/aws/useronboarding-xaccountroles.mdx
@@ -0,0 +1,12 @@
+---
+id: useronboarding-xaccountroles
+sidebar_label: Overview
+hide_table_of_contents: True
+hide_title: true
+hide_sidebar: true
+---
+
+import useBaseUrl from "@docusaurus/useBaseUrl";
+import Redocusaurus from "@theme/Redocusaurus";
+
+
diff --git a/openapi-specs/cloudngfw/aws/AssociationRulestacks.yaml b/openapi-specs/cloudngfw/aws/AssociationRulestacks.yaml
new file mode 100644
index 000000000..441d3e287
--- /dev/null
+++ b/openapi-specs/cloudngfw/aws/AssociationRulestacks.yaml
@@ -0,0 +1,200 @@
+components:
+ schemas:
+ AssociateGlobalRuleStackRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulestackname
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleStackName
+ - AccountId
+ title: AssociateGlobalRuleStackRequest
+ type: object
+ AssociateGlobalRuleStackResponse:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ FirewallName:
+ title: Firewallname
+ type: string
+ ResponseStatus:
+ $ref: '#/components/schemas/AssociateGlobalRuleStackResponse.Result'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: AssociateGlobalRuleStackResponse
+ type: object
+ AssociateGlobalRuleStackResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ AssociateRuleStackRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulestackname
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleStackName
+ - AccountId
+ title: AssociateRuleStackRequest
+ type: object
+ AssociateRuleStackResponse:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ FirewallName:
+ title: Firewallname
+ type: string
+ ResponseStatus:
+ $ref: '#/components/schemas/AssociateRuleStackResponse.Result'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: AssociateRuleStackResponse
+ type: object
+ AssociateRuleStackResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "There are two types of rulestacks:\n- **Local rulestack**-Consists\
+ \ of local rules and manages them. A local account administrator can associate\
+ \ local rulestacks to an NGFW in their AWS account.\n- **Global rulestack**-The\
+ \ AWS Firewall Manager administrator can author a Firewall Manager Service (FMS)\
+ \ policy and associate a global rulestack with it. AWS Firewall Manager manages\
+ \ the global rulestack across all these NGFWs in different AWS accounts of an\
+ \ AWS Organization. \n\nA global rulestack configures pre-rules and post-rules\
+ \ on each NGFW. The AWS Firewall Manager administrator can author a FMS policy\
+ \ and associate a global rulestack with it. AWS Firewall Manager manages the global\
+ \ rulestack across all these NGFWs in different AWS accounts in the AWS Organization.\
+ \ A global rulestack configures pre-rules and post-rules on each NGFW. \n\n>**Note:**\
+ \ For FMS policy, there is no Local Firewall administrator. The local rulestack\
+ \ administrator associates the local rulestacks to an NGFW. If the FMS service\
+ \ handshake is successful, any local firewall administrator call must be disabled,\
+ \ and the local rulestack administrator can associate the local rulestack to a\
+ \ NGFW.\n\n### Permission Policies\n\n| Action | Local\
+ \ Firewall Administrator | Local Rulestack Administrator | Global Rulestack Administrator\
+ \ |\n| ----------------------------- | :---------------------------: | :---------------------------:\
+ \ | :----------------------------: | \n| Associate a Global Rulestack | ☐\
+ \ | ☐ | **☑** \
+ \ | \n| Associate a Local Rulestack | **☑**\
+ \ | **☑** | ☐ \
+ \ | \n\n>**Note:** The maximum local and global rulestacks you can create\
+ \ per subscription is 10. \n"
+ title: Manage Association Rulestacks
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/ngfirewalls/{ngfirewallname}/globalrulestack:
+ put:
+ description: 'Associate a global rulestack to a NGFW.
+
+ '
+ operationId: put-v1-config-ngfirewalls-ngfirewallname-globalrulestack
+ parameters:
+ - description: 'The name of the NGFW to which you want to associate the global
+ rulestack.
+
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AssociateGlobalRuleStackRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AssociateGlobalRuleStackResponse'
+ description: OK
+ summary: Associate a GlobalRuleStack
+ tags:
+ - AssociationRulestacks
+ /v1/config/ngfirewalls/{ngfirewallname}/rulestack:
+ put:
+ description: 'Associate a local rulestack to a NGFW.
+
+ '
+ operationId: put-v1-config-ngfirewalls-ngfirewallname-rulestack
+ parameters:
+ - description: 'The name of the NGFW to which you want to associate the local
+ rulestack.
+
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AssociateRuleStackRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AssociateRuleStackResponse'
+ description: OK
+ summary: Associate a RuleStack
+ tags:
+ - AssociationRulestacks
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: AssociationRulestacks
diff --git a/openapi-specs/cloudngfw/aws/CertificateObjects.yaml b/openapi-specs/cloudngfw/aws/CertificateObjects.yaml
new file mode 100644
index 000000000..b176e998a
--- /dev/null
+++ b/openapi-specs/cloudngfw/aws/CertificateObjects.yaml
@@ -0,0 +1,602 @@
+components:
+ schemas:
+ CreateCertificateObjectRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ CertificateSelfSigned:
+ default: false
+ title: Certificateselfsigned
+ type: boolean
+ CertificateSignerArn:
+ title: Certificatesignerarn
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Name:
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ required:
+ - Name
+ title: CreateCertificateObjectRequest
+ type: object
+ CreateCertificateObjectResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/CreateCertificateObjectResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/CreateCertificateObjectResponse.Result'
+ title: CreateCertificateObjectResponse
+ type: object
+ CreateCertificateObjectResponse.CertificateDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ CertificateSelfSigned:
+ title: Certificateselfsigned
+ type: boolean
+ CertificateSignerArn:
+ title: Certificatesignerarn
+ type: string
+ Description:
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: CertificateDetails
+ type: object
+ CreateCertificateObjectResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CertificateObjectEntry:
+ $ref: '#/components/schemas/CreateCertificateObjectResponse.CertificateDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ CreateCertificateObjectResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DeleteCertificateObjectRequest:
+ additionalProperties: false
+ properties: {}
+ title: DeleteCertificateObjectRequest
+ type: object
+ DeleteCertificateObjectResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DeleteCertificateObjectResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DeleteCertificateObjectResponse.Result'
+ title: DeleteCertificateObjectResponse
+ type: object
+ DeleteCertificateObjectResponse.CertificateDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ CertificateSelfSigned:
+ title: Certificateselfsigned
+ type: boolean
+ CertificateSignerArn:
+ title: Certificatesignerarn
+ type: string
+ Description:
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: CertificateDetails
+ type: object
+ DeleteCertificateObjectResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CertificateObjectEntry:
+ $ref: '#/components/schemas/DeleteCertificateObjectResponse.CertificateDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DeleteCertificateObjectResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribeCertificateObjectRequest:
+ additionalProperties: false
+ properties:
+ Candidate:
+ default: true
+ title: Candidate
+ type: boolean
+ MaxResults:
+ default: 100
+ exclusiveMaximum: 101
+ exclusiveMinimum: 0
+ title: Maxresults
+ type: integer
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ Running:
+ default: false
+ title: Running
+ type: boolean
+ title: DescribeCertificateObjectRequest
+ type: object
+ DescribeCertificateObjectResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeCertificateObjectResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeCertificateObjectResponse.Result'
+ title: DescribeCertificateObjectResponse
+ type: object
+ DescribeCertificateObjectResponse.CertificateDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ CertificateSelfSigned:
+ title: Certificateselfsigned
+ type: boolean
+ CertificateSignerArn:
+ title: Certificatesignerarn
+ type: string
+ Description:
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: CertificateDetails
+ type: object
+ DescribeCertificateObjectResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CertificateObjectCandidate:
+ $ref: '#/components/schemas/DescribeCertificateObjectResponse.CertificateDetails'
+ CertificateObjectRunning:
+ $ref: '#/components/schemas/DescribeCertificateObjectResponse.CertificateDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DescribeCertificateObjectResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListCertificateObjectResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListCertificateObjectResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListCertificateObjectResponse.Result'
+ title: ListCertificateObjectResponse
+ type: object
+ ListCertificateObjectResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CertificateObjectCandidate:
+ items:
+ type: string
+ title: Certificateobjectcandidate
+ type: array
+ CertificateObjectRunning:
+ items:
+ type: string
+ title: Certificateobjectrunning
+ type: array
+ CertificateObjectUncommitted:
+ items:
+ $ref: '#/components/schemas/ListCertificateObjectResponse.UncommittedCertificateObjectDetails'
+ title: Certificateobjectuncommitted
+ type: array
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ ListCertificateObjectResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListCertificateObjectResponse.UncommittedCertificateObjectDetails:
+ additionalProperties: false
+ properties:
+ Name:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ Operation:
+ title: Operation
+ type: string
+ required:
+ - Name
+ - Operation
+ title: UncommittedCertificateObjectDetails
+ type: object
+ UpdateCertificateObjectRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ CertificateSelfSigned:
+ default: false
+ title: Certificateselfsigned
+ type: boolean
+ CertificateSignerArn:
+ title: Certificatesignerarn
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: UpdateCertificateObjectRequest
+ type: object
+ UpdateCertificateObjectResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateCertificateObjectResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateCertificateObjectResponse.Result'
+ title: UpdateCertificateObjectResponse
+ type: object
+ UpdateCertificateObjectResponse.CertificateDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ CertificateSelfSigned:
+ title: Certificateselfsigned
+ type: boolean
+ CertificateSignerArn:
+ title: Certificatesignerarn
+ type: string
+ Description:
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: CertificateDetails
+ type: object
+ UpdateCertificateObjectResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CertificateObjectEntry:
+ $ref: '#/components/schemas/UpdateCertificateObjectResponse.CertificateDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdateCertificateObjectResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Cloud NGFW uses certificates to access an intelligent feed and to\
+ \ enable outbound decryption. These certificates are stored in the [AWS Secrets\
+ \ Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html).\
+ \ \n\n### Permission Policies\n\n| Action | Local Firewall\
+ \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator|\n\
+ | ----------------------------- | :--------------------------: | :---------------------------:\
+ \ | :---------------------------: |\n| Create a Certificate Object | ☐\
+ \ | **☑** | **☑** \
+ \ |\n| Delete a Certificate Object | ☐ |\
+ \ **☑** | **☑** | \
+ \ \n| Update a Certificate Object | ☐ \
+ \ | **☑** | **☑** | \n| Describe\
+ \ a Certificate Object | **☑** | **☑** \
+ \ | **☑** |\n| List Certificate Objects |\
+ \ **☑** | **☑** | **☑** \
+ \ |\n"
+ title: Manage Certificate Objects
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/certificates:
+ get:
+ description: 'Returns the list of certificate objects associated with the specified
+ rulestack.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-certificates
+ parameters:
+ - description: ''
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: uncommitted
+ required: false
+ schema:
+ default: false
+ title: Uncommitted
+ type: boolean
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListCertificateObjectResponse'
+ description: OK
+ summary: List CertificateObjects
+ tags:
+ - CertificateObjects
+ post:
+ description: 'Create a server certificate object for the specified rulestack.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-certificates
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateCertificateObjectRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateCertificateObjectResponse'
+ description: OK
+ summary: Create a CertificateObject
+ tags:
+ - CertificateObjects
+ /v1/config/rulestacks/{rulestackname}/certificates/{name}:
+ delete:
+ description: 'Delete a certificate object associated with the specified rulestack.
+
+ '
+ operationId: delete-v1-config-rulestacks-rulestackname-certificates-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the certificate.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteCertificateObjectRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteCertificateObjectResponse'
+ description: OK
+ summary: Delete a CertificateObject
+ tags:
+ - CertificateObjects
+ get:
+ description: "Returns the certificate object metadata associated with the specified\
+ \ rulestack. \n"
+ operationId: get-v1-config-rulestacks-rulestackname-certificates-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the certificate.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeCertificateObjectRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeCertificateObjectResponse'
+ description: OK
+ summary: Describe a CertificateObject
+ tags:
+ - CertificateObjects
+ put:
+ description: 'Update the certificate object associated with the specified rulestack.
+
+ '
+ operationId: put-v1-config-rulestacks-rulestackname-certificates-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the certificate.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateCertificateObjectRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateCertificateObjectResponse'
+ description: OK
+ summary: Update a CertificateObject
+ tags:
+ - CertificateObjects
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: CertificateObjects
diff --git a/openapi-specs/cloudngfw/aws/FQDNList.yaml b/openapi-specs/cloudngfw/aws/FQDNList.yaml
new file mode 100644
index 000000000..96d5efdfe
--- /dev/null
+++ b/openapi-specs/cloudngfw/aws/FQDNList.yaml
@@ -0,0 +1,624 @@
+components:
+ schemas:
+ CreateFqdnListRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ Name:
+ maxLength: 58
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ required:
+ - Name
+ - FqdnList
+ title: CreateFqdnListRequest
+ type: object
+ CreateFqdnListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/CreateFqdnListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/CreateFqdnListResponse.Result'
+ title: CreateFqdnListResponse
+ type: object
+ CreateFqdnListResponse.FqdnListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - FqdnList
+ title: FqdnListDetails
+ type: object
+ CreateFqdnListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FqdnListEntry:
+ $ref: '#/components/schemas/CreateFqdnListResponse.FqdnListDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ CreateFqdnListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DeleteFqdnListRequest:
+ additionalProperties: false
+ properties: {}
+ title: DeleteFqdnListRequest
+ type: object
+ DeleteFqdnListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DeleteFqdnListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DeleteFqdnListResponse.Result'
+ title: DeleteFqdnListResponse
+ type: object
+ DeleteFqdnListResponse.FqdnListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - FqdnList
+ title: FqdnListDetails
+ type: object
+ DeleteFqdnListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FqdnListEntry:
+ $ref: '#/components/schemas/DeleteFqdnListResponse.FqdnListDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DeleteFqdnListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribeFqdnListRequest:
+ additionalProperties: false
+ properties:
+ Candidate:
+ default: true
+ title: Candidate
+ type: boolean
+ Running:
+ default: false
+ title: Running
+ type: boolean
+ title: DescribeFqdnListRequest
+ type: object
+ DescribeFqdnListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeFqdnListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeFqdnListResponse.Result'
+ title: DescribeFqdnListResponse
+ type: object
+ DescribeFqdnListResponse.FqdnListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ required:
+ - FqdnList
+ title: FqdnListDetails
+ type: object
+ DescribeFqdnListResponse.FqdnListInfo:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ required:
+ - FqdnList
+ title: FqdnListInfo
+ type: object
+ DescribeFqdnListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FqdnListCandidate:
+ $ref: '#/components/schemas/DescribeFqdnListResponse.FqdnListDetails'
+ FqdnListRunning:
+ $ref: '#/components/schemas/DescribeFqdnListResponse.FqdnListInfo'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DescribeFqdnListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListFqdnListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListFqdnListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListFqdnListResponse.Result'
+ title: ListFqdnListResponse
+ type: object
+ ListFqdnListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FqdnListCandidate:
+ items:
+ type: string
+ title: Fqdnlistcandidate
+ type: array
+ FqdnListRunning:
+ items:
+ type: string
+ title: Fqdnlistrunning
+ type: array
+ FqdnListUncommitted:
+ items:
+ $ref: '#/components/schemas/ListFqdnListResponse.UncommittedFqdnListDetails'
+ title: Fqdnlistuncommitted
+ type: array
+ NextToken:
+ title: Nexttoken
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ ListFqdnListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListFqdnListResponse.UncommittedFqdnListDetails:
+ additionalProperties: false
+ properties:
+ Name:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ operation:
+ title: Operation
+ type: string
+ required:
+ - Name
+ - operation
+ title: UncommittedFqdnListDetails
+ type: object
+ UpdateFqdnListRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ required:
+ - FqdnList
+ title: UpdateFqdnListRequest
+ type: object
+ UpdateFqdnListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateFqdnListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateFqdnListResponse.Result'
+ title: UpdateFqdnListResponse
+ type: object
+ UpdateFqdnListResponse.FqdnListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - FqdnList
+ title: FqdnListDetails
+ type: object
+ UpdateFqdnListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FqdnListEntry:
+ $ref: '#/components/schemas/UpdateFqdnListResponse.FqdnListDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdateFqdnListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Address objects with type Fully Qualified Domain Name (FQDN). An FQDN\
+ \ object provides further ease of use because DNS provides the FQDN resolution\
+ \ to the IP addresses instead of you needing to know the IP addresses and manually\
+ \ updating them every time the FQDN resolves to a new IP address.\n\nThese are\
+ \ the following formats for FQDN. \n\n- Host names are composed of a sequence\
+ \ of labels concatenated with dots\n- Each label must be from 1 to 63 characters\
+ \ long\n- The entire host name, including the delimiting dots, has a maximum of\
+ \ 253 ASCII characters\n- DNS names can contain only alphabetical characters (A-Z),\
+ \ numeric characters (0-9), minus sign (-), and period (.) \n\nFor more information,\
+ \ see [FQDN formats](https://en.wikipedia.org/wiki/Hostname).\n\n### Permission\
+ \ Policies\n\n| Action | Local Firewall Administrator |\
+ \ Local Rulestack Administrator | Global Rulestack Administrator |\n| ----------------------------\
+ \ | :---------------------------: | :---------------------------: | :----------------------------:\
+ \ |\n| Create FQDN List | ☐ | **☑**\
+ \ | **☑** | \n| Delete FQDN List \
+ \ | ☐ | **☑** |\
+ \ **☑** | \n| Update FQDN List\
+ \ | ☐ | **☑** \
+ \ | **☑** | \n| List FQDN Lists | **☑**\
+ \ | **☑** | **☑** \
+ \ |\n| Describe FQDN List | **☑** | **☑**\
+ \ | **☑** |\n"
+ title: Manage FQDN List
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/fqdnlists:
+ get:
+ description: "Retrieve the information about the FDQN lists for the specified\
+ \ rulestack. \n"
+ operationId: get-v1-config-rulestacks-rulestackname-fqdnlists
+ parameters:
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ title: Nexttoken
+ type: string
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: uncommitted
+ required: false
+ schema:
+ default: false
+ title: Uncommitted
+ type: boolean
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ - description: ''
+ in: query
+ name: describe
+ required: false
+ schema:
+ default: false
+ title: Describe
+ type: boolean
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListFqdnListResponse'
+ description: OK
+ summary: List FQDNLists
+ tags:
+ - FQDNList
+ post:
+ description: 'Create a FQDN list for a rulestack.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-fqdnlists
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateFqdnListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateFqdnListResponse'
+ description: OK
+ summary: Create a FQDNList
+ tags:
+ - FQDNList
+ /v1/config/rulestacks/{rulestackname}/fqdnlists/{name}:
+ delete:
+ description: "Delete the FDQN list associated with a rulestack. \n"
+ operationId: delete-v1-config-rulestacks-rulestackname-fqdnlists-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the FQDN list.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteFqdnListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteFqdnListResponse'
+ description: OK
+ summary: Delete a FQDNList
+ tags:
+ - FQDNList
+ get:
+ description: "Return the information the FDQN list associated with a rulestack.\
+ \ \n"
+ operationId: get-v1-config-rulestacks-rulestackname-fqdnlists-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the FQDN list.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeFqdnListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeFqdnListResponse'
+ description: OK
+ summary: Describe a FQDNList
+ tags:
+ - FQDNList
+ put:
+ description: 'Update the FDQN list associated with a rulestack.
+
+ '
+ operationId: put-v1-config-rulestacks-rulestackname-fqdnlists-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the FQDN list.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFqdnListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFqdnListResponse'
+ description: OK
+ summary: Update a FQDNList
+ tags:
+ - FQDNList
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: FQDNList
diff --git a/openapi-specs/cloudngfw/aws/FileBlockingAction.yaml b/openapi-specs/cloudngfw/aws/FileBlockingAction.yaml
new file mode 100644
index 000000000..d207627a9
--- /dev/null
+++ b/openapi-specs/cloudngfw/aws/FileBlockingAction.yaml
@@ -0,0 +1,412 @@
+components:
+ schemas:
+ DescribeFileBlockingActionResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeFileBlockingActionResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeFileBlockingActionResponse.Result'
+ title: DescribeFileBlockingActionResponse
+ type: object
+ DescribeFileBlockingActionResponse.FileBlockingEntry:
+ additionalProperties: false
+ properties:
+ Action:
+ default: alert
+ enum:
+ - alert
+ - block
+ - continue
+ title: Action
+ type: string
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 255
+ title: Description
+ type: string
+ Direction:
+ default: both
+ enum:
+ - upload
+ - download
+ - both
+ title: Direction
+ type: string
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ title: FileBlockingEntry
+ type: object
+ DescribeFileBlockingActionResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FileBlockingCandidate:
+ $ref: '#/components/schemas/DescribeFileBlockingActionResponse.FileBlockingEntry'
+ FileBlockingRunning:
+ $ref: '#/components/schemas/DescribeFileBlockingActionResponse.FileBlockingEntry'
+ FileType:
+ title: Filetype
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DescribeFileBlockingActionResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListFileBlockingActionResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListFileBlockingActionResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListFileBlockingActionResponse.Result'
+ title: ListFileBlockingActionResponse
+ type: object
+ ListFileBlockingActionResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FileBlockingCandidate:
+ items:
+ type: string
+ title: Fileblockingcandidate
+ type: array
+ FileBlockingRunning:
+ items:
+ type: string
+ title: Fileblockingrunning
+ type: array
+ FileBlockingUncommitted:
+ items:
+ $ref: '#/components/schemas/ListFileBlockingActionResponse.UncommittedFileBlocking'
+ title: Fileblockinguncommitted
+ type: array
+ NextToken:
+ title: Nexttoken
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ ListFileBlockingActionResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListFileBlockingActionResponse.UncommittedFileBlocking:
+ additionalProperties: false
+ properties:
+ Name:
+ title: Name
+ type: string
+ Operation:
+ title: Operation
+ type: string
+ required:
+ - Name
+ - Operation
+ title: UncommittedFileBlocking
+ type: object
+ UpdateFileBlockingActionRequest:
+ additionalProperties: false
+ properties:
+ Action:
+ enum:
+ - alert
+ - block
+ title: Action
+ type: string
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 255
+ title: Description
+ type: string
+ Direction:
+ enum:
+ - upload
+ - download
+ - both
+ title: Direction
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - Direction
+ - Action
+ title: UpdateFileBlockingActionRequest
+ type: object
+ UpdateFileBlockingActionResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateFileBlockingActionResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateFileBlockingActionResponse.Result'
+ title: UpdateFileBlockingActionResponse
+ type: object
+ UpdateFileBlockingActionResponse.FileBlockingEntry:
+ additionalProperties: false
+ properties:
+ Action:
+ default: alert
+ enum:
+ - alert
+ - block
+ - continue
+ title: Action
+ type: string
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 255
+ title: Description
+ type: string
+ Direction:
+ default: both
+ enum:
+ - upload
+ - download
+ - both
+ title: Direction
+ type: string
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ title: FileBlockingEntry
+ type: object
+ UpdateFileBlockingActionResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FileBlockingEntry:
+ $ref: '#/components/schemas/UpdateFileBlockingActionResponse.FileBlockingEntry'
+ FileType:
+ title: Filetype
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdateFileBlockingActionResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Allows you to identify specific file types that you want to block.\
+ \ \n\n### Permission Policies\n\n| Action | Local Firewall\
+ \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator|\n\
+ | ------------------------------- | :--------------------------: | :---------------------------:\
+ \ | :---------------------------: |\n| Create a File Blocking Action | ☐\
+ \ | **☑** | **☑** \
+ \ | \n| Update a File Blocking Action | ☐ \
+ \ | **☑** | **☑** | \
+ \ \n| Delete a File Blocking Action | ☐ \
+ \ | **☑** | **☑** | \n|\
+ \ Describe a File Blocking Action | **☑** | **☑**\
+ \ | **☑** |\n"
+ title: Manage File Blocking Action
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/fileblockingprofiles/custom/filetypes:
+ get:
+ description: 'Retrieves the metadata for the file blocking profile defined for
+ a specified rulestack.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-fileblockingprofiles-custom-filetypes
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ title: Nexttoken
+ type: string
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: uncommitted
+ required: false
+ schema:
+ default: false
+ title: Uncommitted
+ type: boolean
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ - description: ''
+ in: query
+ name: describe
+ required: false
+ schema:
+ default: false
+ title: Describe
+ type: boolean
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListFileBlockingActionResponse'
+ description: OK
+ summary: List File Blocking Actions
+ tags:
+ - FileBlockingAction
+ /v1/config/rulestacks/{rulestackname}/fileblockingprofiles/custom/filetypes/{type}:
+ get:
+ description: 'Use this command to return the data related to the file blocking
+ profile attached to a specified rulestack.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-fileblockingprofiles-custom-filetypes-type
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The type of file blocking action.
+
+ '
+ in: path
+ name: type
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeFileBlockingActionResponse'
+ description: OK
+ summary: Describe File Blocking Action
+ tags:
+ - FileBlockingAction
+ put:
+ description: 'Update the file blocking profile to a specified rulestack.
+
+ '
+ operationId: put-v1-config-rulestacks-rulestackname-fileblockingprofiles-custom-filetypes-type
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The type of file blocking action.
+
+ '
+ in: path
+ name: type
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFileBlockingActionRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFileBlockingActionResponse'
+ description: OK
+ summary: Update File Blocking Action
+ tags:
+ - FileBlockingAction
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: FileBlockingAction
diff --git a/openapi-specs/cloudngfw/aws/IntelligentFeed.yaml b/openapi-specs/cloudngfw/aws/IntelligentFeed.yaml
new file mode 100644
index 000000000..8674828af
--- /dev/null
+++ b/openapi-specs/cloudngfw/aws/IntelligentFeed.yaml
@@ -0,0 +1,579 @@
+components:
+ schemas:
+ CreateIntelligentFeedRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Certificate:
+ title: Certificate
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ FeedURL:
+ maxLength: 255
+ minLength: 1
+ pattern: ^(http|https)://.+$
+ title: Feedurl
+ type: string
+ Frequency:
+ enum:
+ - HOURLY
+ - DAILY
+ title: Frequency
+ type: string
+ Name:
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ Time:
+ default: 3
+ maximum: 23
+ minimum: 0
+ title: Time
+ type: integer
+ Type:
+ enum:
+ - IP_LIST
+ - URL_LIST
+ title: Type
+ type: string
+ required:
+ - Name
+ - FeedURL
+ - Type
+ - Frequency
+ title: CreateIntelligentFeedRequest
+ type: object
+ CreateIntelligentFeedResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/CreateIntelligentFeedResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/CreateIntelligentFeedResponse.Result'
+ title: CreateIntelligentFeedResponse
+ type: object
+ CreateIntelligentFeedResponse.FeedDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Certificate:
+ title: Certificate
+ type: string
+ Description:
+ title: Description
+ type: string
+ FeedURL:
+ title: Feedurl
+ type: string
+ Frequency:
+ enum:
+ - HOURLY
+ - DAILY
+ title: Frequency
+ type: string
+ Time:
+ maximum: 23
+ minimum: 0
+ title: Time
+ type: integer
+ Type:
+ enum:
+ - IP_LIST
+ - URL_LIST
+ title: Type
+ type: string
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ title: FeedDetails
+ type: object
+ CreateIntelligentFeedResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FeedEntry:
+ $ref: '#/components/schemas/CreateIntelligentFeedResponse.FeedDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ CreateIntelligentFeedResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DeleteIntelligentFeedRequest:
+ additionalProperties: false
+ properties: {}
+ title: DeleteIntelligentFeedRequest
+ type: object
+ DeleteIntelligentFeedResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DeleteIntelligentFeedResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DeleteIntelligentFeedResponse.Result'
+ title: DeleteIntelligentFeedResponse
+ type: object
+ DeleteIntelligentFeedResponse.FeedDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Certificate:
+ title: Certificate
+ type: string
+ Description:
+ title: Description
+ type: string
+ FeedURL:
+ title: Feedurl
+ type: string
+ Frequency:
+ enum:
+ - HOURLY
+ - DAILY
+ title: Frequency
+ type: string
+ Time:
+ maximum: 23
+ minimum: 0
+ title: Time
+ type: integer
+ Type:
+ enum:
+ - IP_LIST
+ - URL_LIST
+ title: Type
+ type: string
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ title: FeedDetails
+ type: object
+ DeleteIntelligentFeedResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FeedEntry:
+ $ref: '#/components/schemas/DeleteIntelligentFeedResponse.FeedDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DeleteIntelligentFeedResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribeIntelligentFeedRequest:
+ additionalProperties: false
+ properties:
+ Candidate:
+ default: true
+ title: Candidate
+ type: boolean
+ Running:
+ default: false
+ title: Running
+ type: boolean
+ title: DescribeIntelligentFeedRequest
+ type: object
+ DescribeIntelligentFeedResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeIntelligentFeedResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeIntelligentFeedResponse.Result'
+ title: DescribeIntelligentFeedResponse
+ type: object
+ DescribeIntelligentFeedResponse.FeedDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Certificate:
+ title: Certificate
+ type: string
+ Description:
+ title: Description
+ type: string
+ FeedURL:
+ title: Feedurl
+ type: string
+ Frequency:
+ enum:
+ - HOURLY
+ - DAILY
+ title: Frequency
+ type: string
+ Time:
+ maximum: 23
+ minimum: 0
+ title: Time
+ type: integer
+ Type:
+ enum:
+ - IP_LIST
+ - URL_LIST
+ title: Type
+ type: string
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ title: FeedDetails
+ type: object
+ DescribeIntelligentFeedResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FeedCandidate:
+ $ref: '#/components/schemas/DescribeIntelligentFeedResponse.FeedDetails'
+ FeedRunning:
+ $ref: '#/components/schemas/DescribeIntelligentFeedResponse.FeedDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DescribeIntelligentFeedResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ UpdateIntelligentFeedRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Certificate:
+ title: Certificate
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ FeedURL:
+ maxLength: 255
+ minLength: 1
+ pattern: ^(http|https)://.+$
+ title: Feedurl
+ type: string
+ Frequency:
+ enum:
+ - HOURLY
+ - DAILY
+ title: Frequency
+ type: string
+ Time:
+ default: 3
+ maximum: 23
+ minimum: 0
+ title: Time
+ type: integer
+ Type:
+ enum:
+ - IP_LIST
+ - URL_LIST
+ title: Type
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - FeedURL
+ - Type
+ - Frequency
+ title: UpdateIntelligentFeedRequest
+ type: object
+ UpdateIntelligentFeedResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateIntelligentFeedResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateIntelligentFeedResponse.Result'
+ title: UpdateIntelligentFeedResponse
+ type: object
+ UpdateIntelligentFeedResponse.FeedDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Certificate:
+ title: Certificate
+ type: string
+ Description:
+ title: Description
+ type: string
+ FeedURL:
+ title: Feedurl
+ type: string
+ Frequency:
+ enum:
+ - HOURLY
+ - DAILY
+ title: Frequency
+ type: string
+ Time:
+ maximum: 23
+ minimum: 0
+ title: Time
+ type: integer
+ Type:
+ enum:
+ - IP_LIST
+ - URL_LIST
+ title: Type
+ type: string
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ title: FeedDetails
+ type: object
+ UpdateIntelligentFeedResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FeedEntry:
+ $ref: '#/components/schemas/UpdateIntelligentFeedResponse.FeedDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdateIntelligentFeedResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "An intelligent feed, also called an external dynamic list, is a list\
+ \ that you or third-parties can host on an external web server. You can specify\
+ \ the Intelligence Feed as the source or destination of your security rule. The\
+ \ NGFW checks the hosted list at hourly or daily intervals, and enforces your\
+ \ security rules based on the latest entries on your list, without requiring you\
+ \ to make any configuration changes. \n\nFor more information about feeds, see\
+ \ [EDL hosting service](https://docs.paloaltonetworks.com/resources/edl-hosting-service.html).\n\
+ \n### Permission Policies\n\n| Action | Local Firewall Administrator\
+ \ | Local Rulestack Administrator | Global Rulestack Administrator|\n| ---------------------------\
+ \ | :--------------------------: | :---------------------------: | :---------------------------:\
+ \ |\n| Create Intelligent Feed | ☐ | **☑**\
+ \ | **☑** |\n| Delete Intelligent Feed\
+ \ | ☐ | **☑** | **☑**\
+ \ | \n| Update Intelligent Feed |\
+ \ ☐ | **☑** | **☑** \
+ \ | \n| Describe Intelligent Feed | **☑** \
+ \ | **☑** | **☑** |\n|\
+ \ List Intelligent Feeds | **☑** | **☑** \
+ \ | **☑** |\n"
+ title: Manage Intelligent Feed
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/feeds:
+ post:
+ description: 'Create intelligence feed to analyze threat data.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-feeds
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateIntelligentFeedRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateIntelligentFeedResponse'
+ description: OK
+ summary: Create an IntelligentFeed
+ tags:
+ - IntelligentFeed
+ /v1/config/rulestacks/{rulestackname}/feeds/{name}:
+ delete:
+ description: 'Delete the threat intelligence feeds received for a specified
+ rulestack.
+
+ '
+ operationId: delete-v1-config-rulestacks-rulestackname-feeds-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the feed.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteIntelligentFeedRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteIntelligentFeedResponse'
+ description: OK
+ summary: Delete an IntelligentFeed
+ tags:
+ - IntelligentFeed
+ get:
+ description: "Returns the intelligence feed data collected for the specified\
+ \ rulestack. \n"
+ operationId: get-v1-config-rulestacks-rulestackname-feeds-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the feed.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeIntelligentFeedRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeIntelligentFeedResponse'
+ description: OK
+ summary: Describe an IntelligentFeed
+ tags:
+ - IntelligentFeed
+ put:
+ description: 'Update the threat intelligence feeds for a rulestack.
+
+ '
+ operationId: put-v1-config-rulestacks-rulestackname-feeds-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the feed.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateIntelligentFeedRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateIntelligentFeedResponse'
+ description: OK
+ summary: Update an IntelligentFeed
+ tags:
+ - IntelligentFeed
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: IntelligentFeed
diff --git a/openapi-specs/cloudngfw/aws/LogProfile.yaml b/openapi-specs/cloudngfw/aws/LogProfile.yaml
new file mode 100644
index 000000000..12402855e
--- /dev/null
+++ b/openapi-specs/cloudngfw/aws/LogProfile.yaml
@@ -0,0 +1,232 @@
+components:
+ schemas:
+ ReadFWResourceLogProfileRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ required:
+ - AccountId
+ title: ReadFWResourceLogProfileRequest
+ type: object
+ ReadFWResourceLogProfileResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ReadFWResourceLogProfileResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ReadFWResourceLogProfileResponse.Result'
+ title: ReadFWResourceLogProfileResponse
+ type: object
+ ReadFWResourceLogProfileResponse.LogProfileConfig:
+ additionalProperties: false
+ properties:
+ LogDestination:
+ title: Logdestination
+ type: string
+ LogDestinationType:
+ title: Logdestinationtype
+ type: string
+ LogType:
+ title: Logtype
+ type: string
+ required:
+ - LogDestination
+ - LogDestinationType
+ - LogType
+ title: LogProfileConfig
+ type: object
+ ReadFWResourceLogProfileResponse.ResponseData:
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ CloudWatchMetricNamespace:
+ title: Cloudwatchmetricnamespace
+ type: string
+ FirewallName:
+ title: Firewallname
+ type: string
+ LogDestinationConfigs:
+ items:
+ $ref: '#/components/schemas/ReadFWResourceLogProfileResponse.LogProfileConfig'
+ title: Logdestinationconfigs
+ type: array
+ title: ResponseData
+ type: object
+ ReadFWResourceLogProfileResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ UpdateFWResourceLogProfileRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ LogDestinationConfigs:
+ items:
+ $ref: '#/components/schemas/UpdateFWResourceLogProfileRequest.LogProfileConfig'
+ title: Logdestinationconfigs
+ type: array
+ required:
+ - LogDestinationConfigs
+ title: UpdateFWResourceLogProfileRequest
+ type: object
+ UpdateFWResourceLogProfileRequest.LogProfileConfig:
+ additionalProperties: false
+ properties:
+ LogDestination:
+ title: Logdestination
+ type: string
+ LogDestinationType:
+ title: Logdestinationtype
+ type: string
+ LogType:
+ title: Logtype
+ type: string
+ required:
+ - LogDestination
+ - LogDestinationType
+ - LogType
+ title: LogProfileConfig
+ type: object
+ UpdateFWResourceLogProfileResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse.Result'
+ title: UpdateFWResourceLogProfileResponse
+ type: object
+ UpdateFWResourceLogProfileResponse.LogProfileConfig:
+ additionalProperties: false
+ properties:
+ LogDestination:
+ title: Logdestination
+ type: string
+ LogDestinationType:
+ title: Logdestinationtype
+ type: string
+ LogType:
+ title: Logtype
+ type: string
+ required:
+ - LogDestination
+ - LogDestinationType
+ - LogType
+ title: LogProfileConfig
+ type: object
+ UpdateFWResourceLogProfileResponse.ResponseData:
+ properties:
+ FirewallName:
+ title: Firewallname
+ type: string
+ LogDestinationConfigs:
+ items:
+ $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse.LogProfileConfig'
+ title: Logdestinationconfigs
+ type: array
+ title: ResponseData
+ type: object
+ UpdateFWResourceLogProfileResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Log entries contain properties, activities, or behaviors associated\
+ \ with the logged event, such as the application type or the IP address of an\
+ \ attacker. \n\nCloud NGFW can captures threat, traffic, and decryption profiles.\
+ \ For more information, see [Configure logging for Cloud NGFW on AWS](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/create-cloud-ngfw-instances-and-endpoints/configure-logging-for-the-cloud-ngfw-on-aws).\n\
+ \n### Permission Policies\n\n| Action | Local Firewall\
+ \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator\
+ \ |\n| ------------------------------ | :---------------------------: | :---------------------------:\
+ \ | :----------------------------: |\n| Update Log Profile | **☑**\
+ \ | ☐ | ☐ \
+ \ |\n| Read Log Profile | **☑** |\
+ \ **☑** | **☑** | \n"
+ title: Manage Log Profiles
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/ngfirewalls/{ngfirewallname}/logprofile:
+ get:
+ description: 'Return the log destination of a specific NGFW.
+
+ '
+ operationId: get-v1-config-ngfirewalls-ngfirewallname-logprofile
+ parameters:
+ - description: 'The name of the NGFW.
+
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ReadFWResourceLogProfileRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ReadFWResourceLogProfileResponse'
+ description: OK
+ summary: Read logprofile config of a firewall
+ tags:
+ - LogProfile
+ put:
+ description: "Update the log destination of a specific NGFW. \n\n>The destination\
+ \ is Fluentd, hence commit is not needed.\n"
+ operationId: put-v1-config-ngfirewalls-ngfirewallname-logprofile
+ parameters:
+ - description: 'The name of the NGFW.
+
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFWResourceLogProfileRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse'
+ description: OK
+ summary: Update logprofile config of a firewall
+ tags:
+ - LogProfile
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: LogProfile
diff --git a/openapi-specs/cloudngfw/aws/ManageAPITokens.yaml b/openapi-specs/cloudngfw/aws/ManageAPITokens.yaml
index 66642547d..11ff63582 100644
--- a/openapi-specs/cloudngfw/aws/ManageAPITokens.yaml
+++ b/openapi-specs/cloudngfw/aws/ManageAPITokens.yaml
@@ -1,55 +1,5 @@
components:
schemas:
- DeleteTokensRequest:
- additionalProperties: false
- properties: {}
- title: DeleteTokensRequest
- type: object
- DeleteTokensResponse:
- additionalProperties: false
- properties:
- Response:
- $ref: '#/components/schemas/DeleteTokensResponse.ResponseData'
- description: 'The API call response.
-
- '
- ResponseStatus:
- $ref: '#/components/schemas/DeleteTokensResponse.Result'
- description: 'The API call response status.
-
- '
- title: DeleteTokensResponse
- type: object
- DeleteTokensResponse.ResponseData:
- additionalProperties: false
- properties:
- TokenId:
- description: 'The unique ID of the token.
-
- '
- title: Tokenid
- type: string
- title: ResponseData
- type: object
- DeleteTokensResponse.Result:
- additionalProperties: false
- properties:
- ErrorCode:
- default: 0
- description: 'Default value of a successful response is 0. Any other number
- indicates an error code.
-
- '
- title: Errorcode
- type: integer
- Reason:
- description: 'The error description.
-
- '
- title: Reason
- type: string
- title: Result
- type: object
DescribeProgrammaticAccessRequest:
additionalProperties: false
properties: {}
@@ -60,30 +10,17 @@ components:
properties:
Response:
$ref: '#/components/schemas/DescribeProgrammaticAccessResponse.ResponseData'
- description: 'The API call response.
-
- '
ResponseStatus:
$ref: '#/components/schemas/DescribeProgrammaticAccessResponse.Result'
- description: 'The API call response status.
-
- '
title: DescribeProgrammaticAccessResponse
type: object
DescribeProgrammaticAccessResponse.ResponseData:
additionalProperties: false
properties:
Enabled:
- description: 'Describes whether programmatic access is enabled for your
- account.
-
- '
title: Enabled
type: boolean
MaxExpiryTime:
- description: 'The maximum expiry time of the token.
-
- '
maximum: 1440
minimum: 480
title: Maxexpirytime
@@ -95,16 +32,9 @@ components:
properties:
ErrorCode:
default: 0
- description: 'Default value of a successful response is 0. Any other number
- indicates an error code.
-
- '
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
@@ -114,9 +44,6 @@ components:
properties:
ExpiryTime:
default: 30
- description: 'The expiry time of the token.
-
- '
maximum: 1440
minimum: 5
title: Expirytime
@@ -128,44 +55,25 @@ components:
properties:
Response:
$ref: '#/components/schemas/GetCloudFirewallAdminTokensResponse.ResponseData'
- description: 'The API call response.
-
- '
ResponseStatus:
$ref: '#/components/schemas/GetCloudFirewallAdminTokensResponse.Result'
- description: 'The API call response status.
-
- '
title: GetCloudFirewallAdminTokensResponse
type: object
GetCloudFirewallAdminTokensResponse.ResponseData:
additionalProperties: false
properties:
Enabled:
- description: 'Describes whether programmatic access is enabled for your
- account.
-
- '
title: Enabled
type: boolean
ExpiryTime:
- description: 'The expiry time of the token.
-
- '
maximum: 1440
minimum: 5
title: Expirytime
type: integer
SubscriptionKey:
- description: 'Your subscription key.
-
- '
title: Subscriptionkey
type: string
TokenId:
- description: 'The unique ID of the token.
-
- '
title: Tokenid
type: string
title: ResponseData
@@ -175,16 +83,9 @@ components:
properties:
ErrorCode:
default: 0
- description: 'Default value of a successful response is 0. Any other number
- indicates an error code.
-
- '
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
@@ -194,9 +95,6 @@ components:
properties:
ExpiryTime:
default: 30
- description: 'The expiry time of the token.
-
- '
maximum: 1440
minimum: 5
title: Expirytime
@@ -208,44 +106,25 @@ components:
properties:
Response:
$ref: '#/components/schemas/GetCloudGlobalRulestackAdminTokensResponse.ResponseData'
- description: 'The API call response.
-
- '
ResponseStatus:
$ref: '#/components/schemas/GetCloudGlobalRulestackAdminTokensResponse.Result'
- description: 'The API call response status.
-
- '
title: GetCloudGlobalRulestackAdminTokensResponse
type: object
GetCloudGlobalRulestackAdminTokensResponse.ResponseData:
additionalProperties: false
properties:
Enabled:
- description: 'Describes whether programmatic access is enabled for your
- account.
-
- '
title: Enabled
type: boolean
ExpiryTime:
- description: 'The expiry time of the token.
-
- '
maximum: 1440
minimum: 5
title: Expirytime
type: integer
SubscriptionKey:
- description: 'Your subscription key.
-
- '
title: Subscriptionkey
type: string
TokenId:
- description: 'The unique ID of the token.
-
- '
title: Tokenid
type: string
title: ResponseData
@@ -255,16 +134,9 @@ components:
properties:
ErrorCode:
default: 0
- description: 'Default value of a successful response is 0. Any other number
- indicates an error code.
-
- '
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
@@ -274,9 +146,6 @@ components:
properties:
ExpiryTime:
default: 30
- description: 'The expiry time of the token.
-
- '
maximum: 1440
minimum: 5
title: Expirytime
@@ -288,44 +157,25 @@ components:
properties:
Response:
$ref: '#/components/schemas/GetCloudRulestackAdminTokensResponse.ResponseData'
- description: 'The API call response.
-
- '
ResponseStatus:
$ref: '#/components/schemas/GetCloudRulestackAdminTokensResponse.Result'
- description: 'The API call response status.
-
- '
title: GetCloudRulestackAdminTokensResponse
type: object
GetCloudRulestackAdminTokensResponse.ResponseData:
additionalProperties: false
properties:
Enabled:
- description: 'Describes whether programmatic access is enabled for your
- account.
-
- '
title: Enabled
type: boolean
ExpiryTime:
- description: 'The expiry time of the token.
-
- '
maximum: 1440
minimum: 5
title: Expirytime
type: integer
SubscriptionKey:
- description: 'Your subscription key.
-
- '
title: Subscriptionkey
type: string
TokenId:
- description: 'The unique ID of the token.
-
- '
title: Tokenid
type: string
title: ResponseData
@@ -335,34 +185,26 @@ components:
properties:
ErrorCode:
default: 0
- description: 'Default value of a successful response is 0. Any other number
- indicates an error code.
-
- '
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
type: object
info:
contact: {}
- description: "Generate JSON Web Token (JWT) to get programmatic access to authenticate\
- \ API calls. For more information, see [Enable Programmatic Access for Cloud NGFW](/cloudngfw/aws/api).\
- \ For information about roles and permissions, see [Cloud NGFW roles and permissions](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/getting-started-with-cloud-ngfw-for-aws/invite-users).\
- \ \n>**Note:** Cloud NGFW Programmatic access is disabled by default. \n"
+ description: 'Generate JSON Web Token (JWT) to get programmatic access and authenticate
+ API calls.
+
+ '
title: Manage API Tokens
version: 1.0.0
openapi: 3.0.3
paths:
/v1/mgmt/tokens:
get:
- description: "Retrieve the programmatic access information of your account.\
- \ \n\n>This service is available for Tenant Admins only."
+ description: ''
operationId: get-v1-mgmt-tokens
parameters: []
requestBody:
@@ -382,8 +224,7 @@ paths:
- ManageAPITokens
/v1/mgmt/tokens/cloudfirewalladmin:
get:
- description: "Fetch the JSON Web Token (JWT) to enable programmatic access for\
- \ a cloud firewall admin role. \n"
+ description: ''
operationId: get-v1-mgmt-tokens-cloudfirewalladmin
parameters: []
requestBody:
@@ -403,10 +244,7 @@ paths:
- ManageAPITokens
/v1/mgmt/tokens/cloudglobalrulestackadmin:
get:
- description: 'Fetch the JSON Web Token (JWT) to enable programmatic access for
- a cloud global rulestack admin role.
-
- '
+ description: ''
operationId: get-v1-mgmt-tokens-cloudglobalrulestackadmin
parameters: []
requestBody:
@@ -426,10 +264,7 @@ paths:
- ManageAPITokens
/v1/mgmt/tokens/cloudrulestackadmin:
get:
- description: 'Fetch the JSON Web Token (JWT) to enable programmatic access for
- a cloud local rulestack admin role.
-
- '
+ description: ''
operationId: get-v1-mgmt-tokens-cloudrulestackadmin
parameters: []
requestBody:
@@ -447,35 +282,6 @@ paths:
summary: Get programmatic access token for CloudRulestackAdmin
tags:
- ManageAPITokens
- /v1/mgmt/tokens/{TokenId}:
- delete:
- description: "Revoke the JSON Web Token (JWT) used for programmatic access.\
- \ This is considered as logout. \n"
- operationId: delete-v1-mgmt-tokens-TokenId
- parameters:
- - description: 'The unique ID of the token.
-
- '
- in: path
- name: TokenId
- required: true
- schema:
- type: string
- requestBody:
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/DeleteTokensRequest'
- responses:
- '200':
- content:
- application/json:
- schema:
- $ref: '#/components/schemas/DeleteTokensResponse'
- description: OK
- summary: Delete programmatic access token
- tags:
- - ManageAPITokens
servers:
- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
tags:
diff --git a/openapi-specs/cloudngfw/aws/ManageCustomURLCategories.yaml b/openapi-specs/cloudngfw/aws/ManageCustomURLCategories.yaml
index 56b415db7..c63fba374 100644
--- a/openapi-specs/cloudngfw/aws/ManageCustomURLCategories.yaml
+++ b/openapi-specs/cloudngfw/aws/ManageCustomURLCategories.yaml
@@ -5,7 +5,6 @@ components:
properties:
Action:
default: none
- description: "URL actions. \n"
enum:
- none
- allow
@@ -14,30 +13,18 @@ components:
title: Action
type: string
AuditComment:
- description: 'The URL category audit remarks.
-
- '
title: Auditcomment
type: string
Description:
- description: 'A description of the rulestack.
-
- '
maxLength: 255
title: Description
type: string
Name:
- description: 'Name of the rulestack.
-
- '
maxLength: 29
pattern: ^[a-zA-Z][0-9a-zA-Z-]*$
title: Name
type: string
UrlTargets:
- description: 'Specify where the URL opens.
-
- '
items:
maxLength: 255
type: string
@@ -53,42 +40,27 @@ components:
properties:
Response:
$ref: '#/components/schemas/CreateCustomURLCategoryResponse.ResponseData'
- description: 'The API call response.
-
- '
ResponseStatus:
$ref: '#/components/schemas/CreateCustomURLCategoryResponse.Result'
- description: 'The API call response status.
-
- '
title: CreateCustomURLCategoryResponse
type: object
CreateCustomURLCategoryResponse.CustomURLCategory:
additionalProperties: false
properties:
Action:
- description: 'The custom URL action.
-
- '
title: Action
type: string
AuditComment:
- description: "Audit remarks. \n"
title: Auditcomment
type: string
Description:
- description: "The custom URL description. \n"
maxLength: 255
title: Description
type: string
UpdateToken:
- description: 'Refresh token.
-
- '
title: Updatetoken
type: string
UrlTargets:
- description: "Custom URL destination. \n"
items:
maxLength: 255
type: string
@@ -103,15 +75,10 @@ components:
properties:
CustomURLEntry:
$ref: '#/components/schemas/CreateCustomURLCategoryResponse.CustomURLCategory'
- description: 'The custom URL entry.
-
- '
Name:
- description: "Name of the custom URL entry. \n"
title: Name
type: string
RuleStackName:
- description: "Name of the rulestack. \n"
title: Rulestackname
type: string
title: ResponseData
@@ -121,21 +88,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\
- Operation failed due to invalid request. For example, unsupported parameter\
- \ name or value in the request.\n* LimitExceededException\u2014Operation\
- \ failed due to violation in limit settings.\n* ResourceNotFoundException\u2014\
- Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations.\n* AccessDeniedException\u2014\
- You do not have sufficient access to perform this action.\n\n500\u2014\
- Bad request \n* InternalServerError\u2014Your request is valid but Cloud\
- \ NGFW could not perform the operation due to a system issue.\n* InsufficientCapacityException\u2014\
- AWS currently does not have enough capacity to fulfill your request.\n"
title: Errorcode
type: integer
Reason:
- description: "The error description. \n"
title: Reason
type: string
title: Result
@@ -158,28 +113,19 @@ components:
additionalProperties: false
properties:
Action:
- description: 'The custom URL action.
-
- '
title: Action
type: string
AuditComment:
- description: "Audit remarks. \n"
title: Auditcomment
type: string
Description:
- description: "The custom URL description. \n"
maxLength: 255
title: Description
type: string
UpdateToken:
- description: 'Refresh token.
-
- '
title: Updatetoken
type: string
UrlTargets:
- description: "Custom URL destination. \n"
items:
maxLength: 255
type: string
@@ -194,15 +140,10 @@ components:
properties:
CustomURLEntry:
$ref: '#/components/schemas/DeleteCustomURLCategoryResponse.CustomURLCategory'
- description: 'The custom URL entry.
-
- '
Name:
- description: "Name of the custom URL entry. \n"
title: Name
type: string
RuleStackName:
- description: "Name of the rulestack. \n"
title: Rulestackname
type: string
title: ResponseData
@@ -212,23 +153,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\
- Operation failed due to invalid request. For example, unsupported parameter\
- \ name or value in the request.\n* LimitExceededException\u2014Operation\
- \ failed due to violation in limit settings.\n* ResourceNotFoundException\u2014\
- Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations.\n* AccessDeniedException\u2014\
- You do not have sufficient access to perform this action.\n\n500\u2014\
- Bad request \n* InternalServerError\u2014Your request is valid but Cloud\
- \ NGFW could not perform the operation due to a system issue.\n* InsufficientCapacityException\u2014\
- AWS currently does not have enough capacity to fulfill your request.\n"
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
@@ -238,44 +165,27 @@ components:
properties:
Response:
$ref: '#/components/schemas/DescribeCustomURLCategoryResponse.ResponseData'
- description: 'The API call response.
-
- '
ResponseStatus:
$ref: '#/components/schemas/DescribeCustomURLCategoryResponse.Result'
- description: 'The API call response status.
-
- '
title: DescribeCustomURLCategoryResponse
type: object
DescribeCustomURLCategoryResponse.CustomURLCategory:
additionalProperties: false
properties:
Action:
- description: 'The custom URL action.
-
- '
title: Action
type: string
AuditComment:
- description: "Audit remarks. \n"
title: Auditcomment
type: string
Description:
- description: "The custom URL description. \n"
maxLength: 255
title: Description
type: string
UpdateToken:
- description: 'Refresh token.
-
- '
title: Updatetoken
type: string
UrlTargets:
- description: 'Custom URL destination.
-
- '
items:
maxLength: 255
type: string
@@ -290,13 +200,7 @@ components:
properties:
URLCategoryEntry:
$ref: '#/components/schemas/DescribeCustomURLCategoryResponse.CustomURLCategory'
- description: 'The custom URL category entry.
-
- '
operation:
- description: 'Custom URL operation.
-
- '
enum:
- add
- update
@@ -320,23 +224,15 @@ components:
additionalProperties: false
properties:
Name:
- description: "Name of the custom URL entry. \n"
title: Name
type: string
RuleStackName:
- description: "Name of the rulestack. \n"
title: Rulestackname
type: string
URLCategoryCandidate:
$ref: '#/components/schemas/DescribeCustomURLCategoryResponse.CustomURLCategoryDB'
- description: 'The custom URL candidate.
-
- '
URLCategoryRunning:
$ref: '#/components/schemas/DescribeCustomURLCategoryResponse.CustomURLCategoryDB'
- description: 'The custom URLs on run state.
-
- '
title: ResponseData
type: object
DescribeCustomURLCategoryResponse.Result:
@@ -344,21 +240,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\
- Operation failed due to invalid request. For example, unsupported parameter\
- \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\
- \ to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations.\n* AccessDeniedException\u2014\
- You do not have sufficient access to perform this action.\n\n500\u2014\
- Bad request \n* InternalServerError\u2014Your request is valid but Cloud\
- \ NGFW could not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
@@ -368,64 +252,37 @@ components:
properties:
Response:
$ref: '#/components/schemas/ListCustomURLCategoriesResponse.ResponseData'
- description: 'The API call response.
-
- '
ResponseStatus:
$ref: '#/components/schemas/ListCustomURLCategoriesResponse.Result'
- description: 'The API call response status.
-
- '
title: ListCustomURLCategoriesResponse
type: object
ListCustomURLCategoriesResponse.ResponseData:
additionalProperties: false
properties:
CategoriesCandidate:
- description: 'Custom URL category candidate.
-
- '
items:
type: string
title: Categoriescandidate
type: array
CategoriesPreDefined:
- description: 'Predefined URL category candidate
-
- '
items:
type: string
title: Categoriespredefined
type: array
CategoriesRunning:
- description: 'Custom URLs on run state.
-
- '
items:
type: string
title: Categoriesrunning
type: array
CategoriesUncommitted:
- description: 'Uncommitted custom URLs.
-
- '
items:
$ref: '#/components/schemas/ListCustomURLCategoriesResponse.UncommittedCategory'
title: Categoriesuncommitted
type: array
NextToken:
- description: 'If the number of custom URL categories available for retrieval
- exceeds the maximum you requested, Cloud NGFW returns a NextToken value
- in response. To retrieve the next batch of URLs, use this token in your
- next request.
-
- '
title: Nexttoken
type: string
RuleStackName:
- description: 'Name of the rulestack.
-
- '
title: Rulestackname
type: string
title: ResponseData
@@ -435,18 +292,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\
- Operation failed due to invalid request. For example, unsupported parameter\
- \ name or value in the request.\n* LimitExceededException\u2014Operation\
- \ failed due to violation in limit settings.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: "The error description. \n"
title: Reason
type: string
title: Result
@@ -455,9 +303,6 @@ components:
additionalProperties: false
properties:
Name:
- description: 'Name of the custom URL category.
-
- '
title: Name
type: string
Operation:
@@ -473,7 +318,6 @@ components:
properties:
Action:
default: none
- description: "URL actions. \n"
enum:
- none
- allow
@@ -482,28 +326,16 @@ components:
title: Action
type: string
AuditComment:
- description: 'The URL category audit remarks.
-
- '
title: Auditcomment
type: string
Description:
- description: 'A description of the rulestack.
-
- '
maxLength: 255
title: Description
type: string
UpdateToken:
- description: 'Refresh the token.
-
- '
title: Updatetoken
type: string
UrlTargets:
- description: 'Specify where the URL opens.
-
- '
items:
maxLength: 255
type: string
@@ -526,28 +358,19 @@ components:
additionalProperties: false
properties:
Action:
- description: 'The custom URL action.
-
- '
title: Action
type: string
AuditComment:
- description: "Audit remarks. \n"
title: Auditcomment
type: string
Description:
- description: "The custom URL description. \n"
maxLength: 255
title: Description
type: string
UpdateToken:
- description: 'Refresh token.
-
- '
title: Updatetoken
type: string
UrlTargets:
- description: "Custom URL destination. \n"
items:
maxLength: 255
type: string
@@ -562,15 +385,10 @@ components:
properties:
CustomURLEntry:
$ref: '#/components/schemas/UpdateCustomURLCategoryResponse.CustomURLCategory'
- description: 'The custom URL entry.
-
- '
Name:
- description: "Name of the custom URL entry. \n"
title: Name
type: string
RuleStackName:
- description: "Name of the rulestack. \n"
title: Rulestackname
type: string
title: ResponseData
@@ -580,45 +398,45 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\
- Operation failed due to invalid request. For example, unsupported parameter\
- \ name or value in the request.\n* LimitExceededException\u2014Operation\
- \ failed due to violation in limit settings.\n* ResourceNotFoundException\u2014\
- Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations.\n* AccessDeniedException\u2014\
- You do not have sufficient access to perform this action.\n\n500\u2014\
- Bad request \n* InternalServerError\u2014Your request is valid but Cloud\
- \ NGFW could not perform the operation due to a system issue.\n* InsufficientCapacityException\u2014\
- AWS currently does not have enough capacity to fulfill your request.\n"
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
type: object
info:
contact: {}
- description: "You can use the custom URL categories as a security policy match criteria.\
- \ You can specify your own URL filtering categories using a customer URL category\
- \ object. For example, create a custom list of URLs that you want to use as match\
- \ criteria in a Security policy rule.\n\nPalo Alto Networks provides a set of\
- \ predefined URL filtering categories. Refer the following links for more information.\n\
- - [Complete List of PAN-DB URL Filtering Categories?](https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5hCAC)\n\
+ description: "Palo Alto Networks provides a set of predefined URL filtering categories.\
+ \ \nYou can also specify your own URL filtering categories using a customer URL\
+ \ category object. For example, create a custom list of URLs that you want to\
+ \ use as match criteria in a Security policy rule. \nYou can use the custom URL\
+ \ categories as a security policy match criteria. \n\nFor more information, refer\
+ \ to the following links.\n- [Where Can I Find a Complete List of PAN-DB URL Filtering\
+ \ Categories?](https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5hCAC)\n\
- [Palo Alto Networks URL filtering](https://urlfiltering.paloaltonetworks.com/)\n\
- [Create a custom URL category for Cloud NGFW on AWS](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/rules-and-rulestacks/cloud-ngfw-security-rule-objects/create-a-custom-url-category-for-cloud-ngfw-on-aws)\n\
- \ \n"
+ \n### Permission Policies\n\n| Action | Local\
+ \ Firewall Administrator | Local Rulestack Administrator | Global Rulestack Administrator\
+ \ |\n| -------------------------------------- | :---------------------------:\
+ \ | :---------------------------: | :----------------------------: |\n| Create\
+ \ Custom URL Category | ☐ | **☑**\
+ \ | **☑** | \n| Delete Custom URL Category\
+ \ | ☐ | **☑** \
+ \ | **☑** | \n| Update Custom\
+ \ URL Category | ☐ | **☑** \
+ \ | **☑** | \n| Describe Custom URL Category\
+ \ | **☑** | **☑** |\
+ \ **☑** |\n| List Custom URL Categories |\
+ \ **☑** | **☑** | **☑**\
+ \ |\n"
title: Manage Custom URL Categories
version: 1.0.0
openapi: 3.0.3
paths:
/v1/config/rulestacks/{rulestackname}/urlcustomcategories:
get:
- description: 'Retrieve the data of the custom URL categories for a specified
+ description: 'Retrieve the data of the custom URL categories of a specified
rulestack.
'
@@ -632,21 +450,14 @@ paths:
required: true
schema:
type: string
- - description: 'If the number of custom URL categories available for retrieval
- exceeds the maximum you requested, Cloud NGFW returns a NextToken value
- in response. To retrieve the next batch of URLs, use this token in your
- next request.
-
- '
+ - description: ''
in: query
name: nexttoken
required: false
schema:
title: Nexttoken
type: string
- - description: 'Rulestack candidate.
-
- '
+ - description: ''
in: query
name: candidate
required: false
@@ -654,9 +465,7 @@ paths:
default: true
title: Candidate
type: boolean
- - description: 'Rulestacks in run state.
-
- '
+ - description: ''
in: query
name: running
required: false
@@ -664,9 +473,7 @@ paths:
default: false
title: Running
type: boolean
- - description: 'Uncommitted rulestacks.
-
- '
+ - description: ''
in: query
name: uncommitted
required: false
@@ -674,10 +481,7 @@ paths:
default: false
title: Uncommitted
type: boolean
- - description: 'The maximum number of custom URL categories you want Cloud NGFW
- to return for this request.
-
- '
+ - description: ''
in: query
name: maxresults
required: false
@@ -787,9 +591,7 @@ paths:
required: true
schema:
type: string
- - description: 'Rulestacks in run state.
-
- '
+ - description: ''
in: query
name: running
required: false
@@ -797,9 +599,7 @@ paths:
default: true
title: Running
type: boolean
- - description: 'Rulestack candidate.
-
- '
+ - description: ''
in: query
name: candidate
required: false
diff --git a/openapi-specs/cloudngfw/aws/ManageNGFW-V2.yaml b/openapi-specs/cloudngfw/aws/ManageNGFW-V2.yaml
new file mode 100644
index 000000000..f0513e30c
--- /dev/null
+++ b/openapi-specs/cloudngfw/aws/ManageNGFW-V2.yaml
@@ -0,0 +1,3312 @@
+components:
+ schemas:
+ model.CloudwatchMetrics:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ CloudWatchMetricNamespace:
+ type: string
+ CloudWatchMetricsFields:
+ items:
+ type: string
+ type: array
+ required:
+ - AccountId
+ - CloudWatchMetricNamespace
+ type: object
+ model.EgressNATConfig:
+ properties:
+ Enabled:
+ type: boolean
+ Settings:
+ $ref: '#/components/schemas/model.EgressNATSettings'
+ type: object
+ model.EgressNATSettings:
+ properties:
+ IPAMPoolId:
+ type: string
+ IPPoolType:
+ enum:
+ - AWSService
+ - BYOIP
+ type: string
+ type: object
+ model.EndpointConfig:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ EgressNATEnabled:
+ type: boolean
+ EndpointId:
+ type: string
+ Mode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ type: string
+ Prefixes:
+ $ref: '#/components/schemas/model.PrefixInfo'
+ RejectedReason:
+ type: string
+ Status:
+ enum:
+ - Pending
+ - Accepted
+ - Rejected
+ - Created
+ - Creating
+ - Deleting
+ type: string
+ SubnetId:
+ type: string
+ VpcId:
+ type: string
+ ZoneId:
+ type: string
+ required:
+ - Mode
+ type: object
+ model.FirewallRoles:
+ properties:
+ EndpointRole:
+ type: string
+ LoggingRole:
+ type: string
+ type: object
+ model.GWLBConfig:
+ properties:
+ DeregistrationDelay:
+ default: 300
+ type: integer
+ RejectedFlowCountAlertThreshold:
+ default: 10
+ type: integer
+ RejectedFlowCountTCPAlertThreshold:
+ default: 10
+ type: integer
+ SessionRebalanceEnabled:
+ default: false
+ description: Omitempty skips creation of the field when false
+ type: boolean
+ TCPIdleTimeout:
+ default: 350
+ type: integer
+ type: object
+ model.Ipv6Config:
+ properties:
+ Enabled:
+ type: boolean
+ type: object
+ model.LogConfig:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ LogDestination:
+ type: string
+ LogDestinationType:
+ enum:
+ - S3
+ - CloudWatchLogs
+ - KinesisDataFirehose
+ type: string
+ LogType:
+ items:
+ enum:
+ - TRAFFIC
+ - DECRYPTION
+ - THREAT
+ - USER_ID
+ type: string
+ type: array
+ RoleType:
+ enum:
+ - ResourceBased
+ - IamBased
+ type: string
+ required:
+ - LogDestination
+ - LogDestinationType
+ - LogType
+ - RoleType
+ type: object
+ model.Notification:
+ properties:
+ ExpiryTime:
+ type: integer
+ Id:
+ type: string
+ Link:
+ $ref: '#/components/schemas/model.NotificationLink'
+ Msg:
+ type: string
+ type: object
+ model.NotificationLink:
+ properties:
+ Target:
+ type: string
+ Text:
+ type: string
+ type: object
+ model.PrefixConfig:
+ properties:
+ Cidrs:
+ items:
+ type: string
+ type: array
+ type: object
+ model.PrefixInfo:
+ properties:
+ PrivatePrefix:
+ $ref: '#/components/schemas/model.PrefixConfig'
+ PublicPrefix:
+ $ref: '#/components/schemas/model.PrefixConfig'
+ type: object
+ model.PrivateAccessConfig:
+ properties:
+ ResourceID:
+ type: string
+ Type:
+ enum:
+ - NetworkLoadBalancer
+ type: string
+ type: object
+ model.PublicIP:
+ properties:
+ IPAddress:
+ type: string
+ IPSource:
+ type: string
+ IPStatus:
+ type: string
+ type: object
+ model.ResourceStatus:
+ properties:
+ DeviceRuleStackCommitInfo:
+ $ref: '#/components/schemas/model.RuleStackCommitData'
+ DeviceRuleStackCommitState:
+ enum:
+ - Submitted
+ - None
+ type: string
+ DeviceRuleStackCommitStatus:
+ enum:
+ - Running
+ - Uncommitted
+ - Precommit
+ - PrecommitDone
+ - PrevalidateDone
+ - Committing
+ - Failed
+ - Success
+ type: string
+ FailureReason:
+ type: string
+ FirewallStatus:
+ enum:
+ - CREATING
+ - UPDATING
+ - DELETING
+ - CREATE_COMPLETE
+ - UPDATE_COMPLETE
+ - CREATE_FAIL
+ - UPDATE_FAIL
+ - DELETE_FAIL
+ - DELETE_COMPLETE
+ type: string
+ GlobalRuleStackCommitInfo:
+ $ref: '#/components/schemas/model.RuleStackCommitData'
+ GlobalRuleStackStatus:
+ enum:
+ - Running
+ - Uncommitted
+ - Precommit
+ - PrecommitDone
+ - PrevalidateDone
+ - Committing
+ - Failed
+ - Success
+ type: string
+ PublicIPs:
+ items:
+ $ref: '#/components/schemas/model.PublicIP'
+ type: array
+ RuleStackCommitInfo:
+ $ref: '#/components/schemas/model.RuleStackCommitData'
+ RuleStackStatus:
+ enum:
+ - Running
+ - Uncommitted
+ - Precommit
+ - PrecommitDone
+ - PrevalidateDone
+ - Committing
+ - Failed
+ - Success
+ type: string
+ SCMAssocStatus:
+ type: boolean
+ type: object
+ model.RuleStackCommitData:
+ properties:
+ CommitMessages:
+ items:
+ type: string
+ type: array
+ CommitTS:
+ type: string
+ type: object
+ model.RuleStackRoles:
+ properties:
+ DecryptionRole:
+ type: string
+ NetworkMonitoringRole:
+ type: string
+ type: object
+ model.SubnetMapping:
+ properties:
+ AvailabilityZone:
+ type: string
+ AvailabilityZoneId:
+ type: string
+ SubnetId:
+ type: string
+ type: object
+ model.TagEntry:
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Value:
+ maxLength: 256
+ minLength: 1
+ type: string
+ type: object
+ model.UserIDConfig:
+ properties:
+ AgentName:
+ type: string
+ CFTURLLink:
+ type: string
+ CollectorName:
+ type: string
+ CustomIncludeExcludeNetwork:
+ items:
+ $ref: '#/components/schemas/model.UserIDCustomSubnetFilter'
+ type: array
+ Enabled:
+ type: boolean
+ EndpointDNS:
+ type: string
+ Port:
+ type: integer
+ SecretKeyARN:
+ type: string
+ UserIDStatus:
+ enum:
+ - EndpointPending
+ - EndpointFail
+ - CommitFail
+ - Enabled
+ - Disabled
+ - DisablePending
+ - UpdatePending
+ - UpdateFail
+ type: string
+ type: object
+ model.UserIDCustomSubnetFilter:
+ properties:
+ DiscoveryInclude:
+ type: boolean
+ Enabled:
+ type: boolean
+ Name:
+ type: string
+ NetworkAddress:
+ type: string
+ type: object
+ response.ResponseStatus:
+ properties:
+ ErrorCode:
+ type: integer
+ Reason:
+ type: string
+ type: object
+ v1.AssociateRuleStackAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallName
+ - RuleStackName
+ type: object
+ v1.AssociateRuleStackAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.AssociateRuleStackResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.AssociateRuleStackResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallName
+ - RuleStackName
+ type: object
+ v1.CreateFirewallAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ Description:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ EndpointMode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ type: string
+ FirewallName:
+ type: string
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ LinkId:
+ type: string
+ MultiVpcEnable:
+ type: boolean
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ SubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ VpcId:
+ type: string
+ required:
+ - AccountId
+ - EndpointMode
+ - FirewallName
+ - SubnetMappings
+ - VpcId
+ type: object
+ v1.CreateFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.CreateFirewallAPIResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.CreateFirewallAPIResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ Description:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ EndpointMode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ type: string
+ FirewallName:
+ type: string
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ LinkId:
+ type: string
+ LinkStatus:
+ type: string
+ MultiVpcEnable:
+ type: boolean
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ SecurityZones:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ SubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ UserID:
+ $ref: '#/components/schemas/model.UserIDConfig'
+ VpcId:
+ type: string
+ required:
+ - AccountId
+ - EndpointMode
+ - FirewallName
+ - SubnetMappings
+ - VpcId
+ type: object
+ v1.DeleteFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.FirewallResource'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.DeleteTagsAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ TagKeys:
+ items:
+ maxLength: 128
+ type: string
+ maxItems: 128
+ type: array
+ required:
+ - FirewallName
+ - TagKeys
+ type: object
+ v1.DeleteTagsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.DeleteTagsResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.DeleteTagsResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ TagKeys:
+ items:
+ maxLength: 128
+ type: string
+ maxItems: 128
+ type: array
+ required:
+ - FirewallName
+ - TagKeys
+ type: object
+ v1.Features:
+ properties:
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ SecurityZones:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ UserID:
+ $ref: '#/components/schemas/v2.UserIDRequest'
+ type: object
+ v1.FirewallInfo:
+ properties:
+ AccountId:
+ type: string
+ FirewallName:
+ type: string
+ type: object
+ v1.FirewallResource:
+ properties:
+ AccountId:
+ type: string
+ AppIdVersion:
+ type: string
+ AutomaticUpgradeAppIdVersion:
+ type: boolean
+ Description:
+ type: string
+ DeviceRuleStackCommitStatus:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ EndpointMode:
+ type: string
+ FirewallName:
+ type: string
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ LinkId:
+ type: string
+ LinkStatus:
+ type: string
+ MultiVpcEnable:
+ type: boolean
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ SecurityZones:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ SubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ UserID:
+ $ref: '#/components/schemas/model.UserIDConfig'
+ VpcId:
+ type: string
+ type: object
+ v1.ListFirewallsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.ListFirewallsResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.ListFirewallsResponse:
+ properties:
+ Firewalls:
+ items:
+ $ref: '#/components/schemas/v1.FirewallInfo'
+ type: array
+ FirewallsDescribe:
+ items:
+ $ref: '#/components/schemas/v1.ReadFirewallResponse'
+ type: array
+ NextToken:
+ type: string
+ type: object
+ v1.ListTagsAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.ListTagsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.ListTagsResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.ListTagsResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ required:
+ - FirewallName
+ type: object
+ v1.LogDestinationConfig:
+ properties:
+ LogDestination:
+ type: string
+ LogDestinationType:
+ enum:
+ - S3
+ - CloudWatchLogs
+ - KinesisDataFirehose
+ type: string
+ LogType:
+ enum:
+ - TRAFFIC
+ - DECRYPTION
+ - THREAT
+ - USER_ID
+ type: string
+ required:
+ - LogDestination
+ - LogDestinationType
+ - LogType
+ type: object
+ v1.ReadFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.ReadFirewallResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.ReadFirewallResource:
+ properties:
+ AccountId:
+ type: string
+ AppIdVersion:
+ type: string
+ AutomaticUpgradeAppIdVersion:
+ type: boolean
+ Description:
+ type: string
+ DeviceRuleStackCommitStatus:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ EndpointMode:
+ type: string
+ EndpointServiceName:
+ type: string
+ FirewallId:
+ type: string
+ FirewallName:
+ type: string
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ LinkId:
+ type: string
+ LinkStatus:
+ type: string
+ MultiVpcEnable:
+ type: boolean
+ Notifications:
+ items:
+ $ref: '#/components/schemas/model.Notification'
+ type: array
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ SecurityZones:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ SubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ UserID:
+ $ref: '#/components/schemas/model.UserIDConfig'
+ VpcId:
+ type: string
+ type: object
+ v1.ReadFirewallResponse:
+ properties:
+ Firewall:
+ $ref: '#/components/schemas/v1.ReadFirewallResource'
+ Status:
+ $ref: '#/components/schemas/model.ResourceStatus'
+ type: object
+ v1.ReadLogProfileAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.ReadLogProfileAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.ReadLogProfileResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.ReadLogProfileResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AdvancedThreatLog:
+ type: boolean
+ CloudWatchMetricNamespace:
+ type: string
+ CloudWatchMetricsFields:
+ items:
+ type: string
+ type: array
+ FirewallId:
+ type: string
+ FirewallName:
+ type: string
+ LogDestinationConfigs:
+ items:
+ $ref: '#/components/schemas/v1.LogDestinationConfig'
+ type: array
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateContentVersionAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AppIdVersion:
+ type: string
+ AutomaticUpgradeAppIdVersion:
+ type: boolean
+ FirewallName:
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateContentVersionAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.UpdateContentVersionResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.UpdateContentVersionResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AppIdVersion:
+ type: string
+ AutomaticUpgradeAppIdVersion:
+ type: boolean
+ FirewallName:
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateDescriptionAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ Description:
+ type: string
+ FirewallName:
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - Description
+ - FirewallName
+ type: object
+ v1.UpdateDescriptionAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.UpdateDescriptionResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.UpdateDescriptionResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ Description:
+ type: string
+ FirewallName:
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - Description
+ - FirewallName
+ type: object
+ v1.UpdateFeaturesAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ Features:
+ $ref: '#/components/schemas/v1.Features'
+ FirewallName:
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateFeaturesAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.UpdateFeaturesAPIResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.UpdateFeaturesAPIResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ Features:
+ $ref: '#/components/schemas/v1.Features'
+ FirewallName:
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateLogProfileAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AdvancedThreatLog:
+ type: boolean
+ CloudWatchMetricNamespace:
+ type: string
+ CloudWatchMetricsFields:
+ items:
+ type: string
+ type: array
+ FirewallName:
+ type: string
+ LogDestinationConfigs:
+ items:
+ $ref: '#/components/schemas/v1.LogDestinationConfig'
+ type: array
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateLogProfileAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.UpdateLogProfileResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.UpdateLogProfileResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AdvancedThreatLog:
+ type: boolean
+ CloudWatchMetricNamespace:
+ type: string
+ CloudWatchMetricsFields:
+ items:
+ type: string
+ type: array
+ FirewallId:
+ type: string
+ FirewallName:
+ type: string
+ LogDestinationConfigs:
+ items:
+ $ref: '#/components/schemas/v1.LogDestinationConfig'
+ type: array
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateSubnetMappingsAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AssociateSubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ DisassociateSubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ FirewallName:
+ type: string
+ MultiVpcEnable:
+ type: boolean
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateSubnetMappingsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.UpdateSubnetMappingsAPIResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ MultiVpcEnable:
+ type: boolean
+ SubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateTagsAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ required:
+ - FirewallName
+ - Tags
+ type: object
+ v1.UpdateTagsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.UpdateTagsResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.UpdateTagsResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ required:
+ - FirewallName
+ type: object
+ v2.AccountDetails:
+ properties:
+ AccountId:
+ type: string
+ CloudFormationTemplateURL:
+ type: string
+ ExternalId:
+ type: string
+ OnboardingStatus:
+ type: string
+ PrimaryAccount:
+ type: boolean
+ ServiceAccountId:
+ type: string
+ SnsTopicArn:
+ type: string
+ UpdateToken:
+ type: string
+ type: object
+ v2.AssociateLinkInput:
+ properties:
+ LinkId:
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - LinkId
+ - UpdateToken
+ type: object
+ v2.AssociateLinkOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.AssociateLinkResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.AssociateLinkResponse:
+ properties:
+ FirewallId:
+ type: string
+ LinkId:
+ type: string
+ LinkStatus:
+ enum:
+ - Active
+ - Updating
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ type: string
+ required:
+ - FirewallId
+ - LinkId
+ - UpdateToken
+ type: object
+ v2.AssociateRuleStackInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - RuleStackName
+ - UpdateToken
+ type: object
+ v2.AssociateRuleStackOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.AssociateRuleStackResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.AssociateRuleStackResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallId:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallId
+ - RuleStackName
+ - UpdateToken
+ type: object
+ v2.CreateFirewallAPIInput:
+ properties:
+ AllowListAccounts:
+ items:
+ type: string
+ maxItems: 300
+ type: array
+ ChangeProtection:
+ items:
+ type: string
+ type: array
+ CustomerZoneIdList:
+ items:
+ type: string
+ type: array
+ Description:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ LinkId:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ required:
+ - CustomerZoneIdList
+ type: object
+ v2.CreateFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.CreateFirewallAPIResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.CreateFirewallAPIResponse:
+ properties:
+ AllowListAccounts:
+ items:
+ type: string
+ maxItems: 300
+ type: array
+ ChangeProtection:
+ items:
+ type: string
+ type: array
+ CustomerZoneIdList:
+ items:
+ type: string
+ type: array
+ Description:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ FirewallId:
+ type: string
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ LinkId:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ required:
+ - CustomerZoneIdList
+ type: object
+ v2.CreateLinkAccountAPIInput:
+ properties:
+ AWSMarketplaceToken:
+ type: string
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AgreementId:
+ type: string
+ EnableCFTRoleURLCreation:
+ type: boolean
+ EndpointMode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ type: string
+ Existing:
+ type: boolean
+ OnboardingRegion:
+ type: string
+ Origin:
+ default: CloudNGFWConsole
+ enum:
+ - AWSMarketplace
+ - CloudNGFWConsole
+ - ProgrammaticAccess
+ type: string
+ ProductId:
+ type: string
+ type: object
+ v2.CreateLinkAccountAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.CreateLinkAccountAPIResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.CreateLinkAccountAPIResponse:
+ properties:
+ AccountId:
+ type: string
+ CFTRoleURL:
+ type: string
+ EndpointMode:
+ type: string
+ Existing:
+ type: boolean
+ ExternalId:
+ type: string
+ Origin:
+ type: string
+ SNSTopicArn:
+ type: string
+ SecretsToken:
+ type: string
+ ServiceAccountId:
+ type: string
+ type: object
+ v2.DeleteFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.DeleteFirewallAPIResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.DeleteFirewallAPIResponse:
+ properties:
+ AllowListAccounts:
+ items:
+ type: string
+ type: array
+ ChangeProtection:
+ items:
+ type: string
+ type: array
+ CustomerZoneIdList:
+ items:
+ type: string
+ type: array
+ Description:
+ type: string
+ DeviceRuleStackCommitStatus:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ Endpoints:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ FirewallId:
+ type: string
+ FirewallStatus:
+ type: string
+ GWLB:
+ $ref: '#/components/schemas/model.GWLBConfig'
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Ipv6:
+ $ref: '#/components/schemas/model.Ipv6Config'
+ LinkId:
+ type: string
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ UserID:
+ $ref: '#/components/schemas/model.UserIDConfig'
+ required:
+ - CustomerZoneIdList
+ type: object
+ v2.DeleteLinkAccountAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ required:
+ - AccountId
+ type: object
+ v2.DeleteLinkAccountAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.DeleteLinkAccountResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.DeleteLinkAccountResponse:
+ properties:
+ AccountId:
+ type: string
+ ExternalId:
+ type: string
+ Organization:
+ type: string
+ type: object
+ v2.DisassociateLinkInput:
+ properties:
+ LinkId:
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - LinkId
+ - UpdateToken
+ type: object
+ v2.DisassociateLinkOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.DisassociateLinkResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.DisassociateLinkResponse:
+ properties:
+ FirewallId:
+ type: string
+ LinkStatus:
+ enum:
+ - Active
+ - Updating
+ type: string
+ UpdateToken:
+ type: string
+ required:
+ - FirewallId
+ - UpdateToken
+ type: object
+ v2.DisassociateRuleStackInput:
+ properties:
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - UpdateToken
+ type: object
+ v2.DisassociateRuleStackOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.DisassociateRuleStackResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.DisassociateRuleStackResponse:
+ properties:
+ FirewallId:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallId
+ - UpdateToken
+ type: object
+ v2.EndpointRequest:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ EgressNATEnabled:
+ type: boolean
+ EndpointId:
+ type: string
+ Mode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ type: string
+ Prefixes:
+ $ref: '#/components/schemas/model.PrefixInfo'
+ SubnetId:
+ type: string
+ VpcId:
+ type: string
+ ZoneId:
+ type: string
+ required:
+ - Mode
+ type: object
+ v2.FirewallInfo:
+ properties:
+ FirewallId:
+ type: string
+ Region:
+ type: string
+ type: object
+ v2.FirewallInfoDescribe:
+ properties:
+ Firewall:
+ $ref: '#/components/schemas/v2.ReadFirewallResource'
+ Status:
+ $ref: '#/components/schemas/model.ResourceStatus'
+ type: object
+ v2.ListFirewallsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.ListFirewallsResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.ListFirewallsResponse:
+ properties:
+ Firewalls:
+ items:
+ $ref: '#/components/schemas/v2.FirewallInfo'
+ type: array
+ FirewallsDescribe:
+ items:
+ $ref: '#/components/schemas/v2.FirewallInfoDescribe'
+ type: array
+ NextToken:
+ type: string
+ type: object
+ v2.ListLinkAccountXaccountDetails:
+ properties:
+ AccountId:
+ type: string
+ AllowedMode:
+ type: string
+ CloudTrailRole:
+ type: string
+ DefaultRole:
+ type: string
+ Firewall:
+ $ref: '#/components/schemas/model.FirewallRoles'
+ RuleStack:
+ $ref: '#/components/schemas/model.RuleStackRoles'
+ type: object
+ v2.ListLinkAccountsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.ListLinkAccountsResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.ListLinkAccountsResponse:
+ properties:
+ AccountDetails:
+ items:
+ $ref: '#/components/schemas/v2.AccountDetails'
+ type: array
+ AccountIds:
+ items:
+ type: string
+ type: array
+ MpRegion:
+ type: string
+ NextToken:
+ type: string
+ XAccountDetails:
+ items:
+ $ref: '#/components/schemas/v2.ListLinkAccountXaccountDetails'
+ type: array
+ type: object
+ v2.ReadFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.FirewallInfoDescribe'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.ReadFirewallResource:
+ properties:
+ AdvancedThreatLog:
+ type: boolean
+ AllowListAccounts:
+ items:
+ type: string
+ type: array
+ ChangeProtection:
+ items:
+ type: string
+ type: array
+ CloudwatchMetrics:
+ $ref: '#/components/schemas/model.CloudwatchMetrics'
+ CustomerZoneIdList:
+ items:
+ type: string
+ type: array
+ DeploymentUpdateToken:
+ type: string
+ Description:
+ type: string
+ DeviceRuleStackCommitStatus:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ EndpointServiceName:
+ type: string
+ Endpoints:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ FirewallId:
+ type: string
+ GWLB:
+ $ref: '#/components/schemas/model.GWLBConfig'
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Ipv6:
+ $ref: '#/components/schemas/model.Ipv6Config'
+ LinkId:
+ type: string
+ LinkStatus:
+ type: string
+ LogConfig:
+ $ref: '#/components/schemas/v2.ReadLogConfig'
+ Notifications:
+ items:
+ $ref: '#/components/schemas/model.Notification'
+ type: array
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ Region:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ UserID:
+ $ref: '#/components/schemas/model.UserIDConfig'
+ required:
+ - CustomerZoneIdList
+ type: object
+ v2.ReadLogConfig:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ LogDestination:
+ type: string
+ LogDestinationRegion:
+ type: string
+ LogDestinationType:
+ enum:
+ - S3
+ - CloudWatchLogs
+ - KinesisDataFirehose
+ type: string
+ LogType:
+ items:
+ enum:
+ - TRAFFIC
+ - DECRYPTION
+ - THREAT
+ - USER_ID
+ type: string
+ type: array
+ RoleType:
+ enum:
+ - ResourceBased
+ - IamBased
+ type: string
+ required:
+ - LogDestination
+ - LogDestinationType
+ - LogType
+ - RoleType
+ type: object
+ v2.ReadLogProfileInput:
+ type: object
+ v2.ReadLogProfileOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.ReadLogProfileResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.ReadLogProfileResponse:
+ properties:
+ AdvancedThreatLog:
+ type: boolean
+ CloudwatchMetrics:
+ $ref: '#/components/schemas/model.CloudwatchMetrics'
+ FirewallId:
+ type: string
+ LogConfig:
+ $ref: '#/components/schemas/model.LogConfig'
+ Region:
+ type: string
+ UpdateToken:
+ type: string
+ type: object
+ v2.UpdateFirewallAPIInput:
+ properties:
+ AllowListAccounts:
+ items:
+ type: string
+ maxItems: 300
+ type: array
+ ChangeProtection:
+ items:
+ type: string
+ type: array
+ CustomerZoneIdList:
+ items:
+ type: string
+ type: array
+ DeploymentUpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ Description:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ Endpoints:
+ items:
+ $ref: '#/components/schemas/v2.EndpointRequest'
+ type: array
+ GwlbTcpIdleTimeout:
+ maximum: 3600
+ minimum: 0
+ type: integer
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ UserID:
+ $ref: '#/components/schemas/v2.UserIDRequest'
+ required:
+ - DeploymentUpdateToken
+ - UpdateToken
+ type: object
+ v2.UpdateFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.UpdateResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.UpdateLogProfileInput:
+ properties:
+ AdvancedThreatLog:
+ type: boolean
+ CloudwatchMetrics:
+ $ref: '#/components/schemas/model.CloudwatchMetrics'
+ LogConfig:
+ $ref: '#/components/schemas/model.LogConfig'
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ type: object
+ v2.UpdateLogProfileOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.UpdateLogProfileResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.UpdateLogProfileResponse:
+ properties:
+ AdvancedThreatLog:
+ type: boolean
+ CloudwatchMetrics:
+ $ref: '#/components/schemas/model.CloudwatchMetrics'
+ FirewallId:
+ type: string
+ LogConfig:
+ $ref: '#/components/schemas/model.LogConfig'
+ Region:
+ type: string
+ UpdateToken:
+ type: string
+ type: object
+ v2.UpdateResponse:
+ properties:
+ AllowListAccounts:
+ items:
+ type: string
+ type: array
+ ChangeProtection:
+ items:
+ type: string
+ type: array
+ CustomerZoneIdList:
+ items:
+ type: string
+ type: array
+ DeploymentUpdateToken:
+ type: string
+ Description:
+ type: string
+ DeviceRuleStackCommitStatus:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ Endpoints:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ FirewallId:
+ type: string
+ GWLB:
+ $ref: '#/components/schemas/model.GWLBConfig'
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ GwlbTcpIdleTimeout:
+ maximum: 3600
+ minimum: 0
+ type: integer
+ Ipv6:
+ $ref: '#/components/schemas/model.Ipv6Config'
+ LinkId:
+ type: string
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ Region:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ UserID:
+ $ref: '#/components/schemas/model.UserIDConfig'
+ required:
+ - CustomerZoneIdList
+ type: object
+ v2.UserIDRequest:
+ properties:
+ AgentName:
+ type: string
+ CollectorName:
+ type: string
+ CustomIncludeExcludeNetwork:
+ items:
+ $ref: '#/components/schemas/model.UserIDCustomSubnetFilter'
+ type: array
+ Enabled:
+ type: boolean
+ Port:
+ type: integer
+ SecretKeyARN:
+ type: string
+ type: object
+info:
+ contact: {}
+ description: "The V2 API provides enhanced operations for managing Cloud NGFW resources.\
+ \ This version introduces new features and improvements for firewall management,\
+ \ including support for managing firewalls by ID and name, content version updates,\
+ \ and feature management.\n\n### Key Features\n\n- Manage firewalls by firewall\
+ \ ID or firewall name\n- Update firewall content versions\n- Configure firewall\
+ \ features \n- Link firewalls across accounts\n- Enhanced log profile and rulestack\
+ \ management\n\n### Permission Policies\n\n| Action \
+ \ | Local Firewall Administrator | Local Rulestack Administrator | Global\
+ \ Rulestack Administrator |\n| -------------------------------------- | :---------------------------:\
+ \ | :---------------------------: | :----------------------------: |\n| Create/Delete\
+ \ Firewall | **☑** | ☐ \
+ \ | ☐ |\n| Update Firewall \
+ \ | **☑** | ☐ \
+ \ | ☐ |\n| Manage Firewall Features \
+ \ | **☑** | ☐ | ☐\
+ \ |\n| Link Accounts | **☑**\
+ \ | ☐ | ☐ \
+ \ |\n"
+ title: Manage Cloud NGFW (V2)
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v2/linkaccounts:
+ delete:
+ description: 'Delete a link account from V2 API configuration.
+
+ '
+ operationId: delete-v2-linkaccounts
+ parameters:
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DeleteLinkAccountAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DeleteLinkAccountAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DeleteLinkAccountAPIOutput'
+ description: Bad Request
+ summary: delete linkaccounts
+ tags:
+ - ManageNGFW-V2
+ get:
+ description: 'List all link accounts configured for V2 API.
+
+ '
+ operationId: get-v2-linkaccounts
+ parameters:
+ - description: Max results
+ in: query
+ name: maxresults
+ schema:
+ type: string
+ - description: describe the Accounts
+ in: query
+ name: describe
+ schema:
+ type: string
+ - description: Next token
+ in: query
+ name: nexttoken
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ListLinkAccountsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ListLinkAccountsAPIOutput'
+ description: Bad Request
+ summary: list linkaccounts
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: 'Create a new link account for V2 API access.
+
+ '
+ operationId: post-v2-linkaccounts
+ parameters:
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.CreateLinkAccountAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.CreateLinkAccountAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.CreateLinkAccountAPIOutput'
+ description: Bad Request
+ summary: create linkaccounts
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls:
+ get:
+ description: 'List all Cloud NGFW resources in your account using V2 API.
+
+ '
+ operationId: get-v2-ngfirewalls
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Max results
+ in: query
+ name: maxresults
+ schema:
+ type: string
+ - description: describe the FW
+ in: query
+ name: describe
+ schema:
+ type: string
+ - description: Next token
+ in: query
+ name: nexttoken
+ schema:
+ type: string
+ - description: rulestack name
+ in: query
+ name: rulestackname
+ schema:
+ type: string
+ - description: global rulestack name
+ in: query
+ name: globalrulestackname
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ListFirewallsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ListFirewallsAPIOutput'
+ description: Bad Request
+ summary: list ngfirewalls
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: 'Create a new Cloud NGFW resource using V2 API.
+
+ '
+ operationId: post-v2-ngfirewalls
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.CreateFirewallAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.CreateFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.CreateFirewallAPIOutput'
+ description: Bad Request
+ summary: create ngfirewall
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/:
+ get:
+ description: 'Alternative endpoint to list all Cloud NGFW resources.
+
+ '
+ operationId: get-v2-ngfirewalls-
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ListFirewallsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ListFirewallsAPIOutput'
+ description: Bad Request
+ summary: v1 list firewalls
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: 'Alternative endpoint to create a new Cloud NGFW resource.
+
+ '
+ operationId: post-v2-ngfirewalls-
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.CreateFirewallAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.CreateFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.CreateFirewallAPIOutput'
+ description: Bad Request
+ summary: v1 create ngfirewall
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_id}:
+ delete:
+ description: 'Delete a specific firewall by firewall ID.
+
+ '
+ operationId: delete-v2-ngfirewalls-firewallid
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: 'The unique identifier of the firewall.
+
+ '
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DeleteFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DeleteFirewallAPIOutput'
+ description: Bad Request
+ summary: delete ngfirewall
+ tags:
+ - ManageNGFW-V2
+ get:
+ description: 'Retrieve details of a specific firewall by firewall ID.
+
+ '
+ operationId: get-v2-ngfirewalls-firewallid
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: 'The unique identifier of the firewall.
+
+ '
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ReadFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ReadFirewallAPIOutput'
+ description: Bad Request
+ summary: read ngfirewall
+ tags:
+ - ManageNGFW-V2
+ patch:
+ description: update ngfirewall
+ operationId: patch-v2-ngfirewalls-firewallid
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.UpdateFirewallAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.UpdateFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.UpdateFirewallAPIOutput'
+ description: Bad Request
+ summary: update ngfirewall
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_id}/link:
+ delete:
+ description: disassociate fw link
+ operationId: delete-v2-ngfirewalls-firewallid-link
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DisassociateLinkInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DisassociateLinkOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DisassociateLinkOutput'
+ description: Bad Request
+ summary: disassociate fw link
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: associate fw link
+ operationId: post-v2-ngfirewalls-firewallid-link
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.AssociateLinkInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.AssociateLinkOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.AssociateLinkOutput'
+ description: Bad Request
+ summary: associate fw link
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_id}/logprofile:
+ get:
+ description: read logprofile
+ operationId: get-v2-ngfirewalls-firewallid-logprofile
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ReadLogProfileInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ReadLogProfileOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ReadLogProfileOutput'
+ description: Bad Request
+ summary: read logprofile
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: update logprofile
+ operationId: post-v2-ngfirewalls-firewallid-logprofile
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.UpdateLogProfileInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.UpdateLogProfileOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.UpdateLogProfileOutput'
+ description: Bad Request
+ summary: update logprofile
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_id}/rulestack:
+ delete:
+ description: disassociate rulestack
+ operationId: delete-v2-ngfirewalls-firewallid-rulestack
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DisassociateRuleStackInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DisassociateRuleStackOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DisassociateRuleStackOutput'
+ description: Bad Request
+ summary: disassociate rulestack
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: associate rulestack
+ operationId: post-v2-ngfirewalls-firewallid-rulestack
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.AssociateRuleStackInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.AssociateRuleStackOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.AssociateRuleStackOutput'
+ description: Bad Request
+ summary: associate rulestack
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}:
+ delete:
+ description: v1 delete firewall
+ operationId: delete-v2-ngfirewalls-firewallname
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.DeleteFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.DeleteFirewallAPIOutput'
+ description: Bad Request
+ summary: v1 delete firewall
+ tags:
+ - ManageNGFW-V2
+ get:
+ description: 'Retrieve details of a specific firewall by firewall name.
+
+ '
+ operationId: get-v2-ngfirewalls-firewallname
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ReadFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ReadFirewallAPIOutput'
+ description: Bad Request
+ summary: v1 read firewall
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/contentversion:
+ put:
+ description: 'Update the content version for a firewall by firewall name.
+
+ '
+ operationId: put-v2-ngfirewalls-firewallname-contentversion
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateContentVersionAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateContentVersionAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateContentVersionAPIOutput'
+ description: Bad Request
+ summary: v1 update content version
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/description:
+ put:
+ description: 'Update the description of a firewall by firewall name.
+
+ '
+ operationId: put-v2-ngfirewalls-firewallname-description
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateDescriptionAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateDescriptionAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateDescriptionAPIOutput'
+ description: Bad Request
+ summary: v1 update description
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/features:
+ put:
+ description: 'Configure firewall features by firewall name.
+
+ '
+ operationId: put-v2-ngfirewalls-firewallname-features
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateFeaturesAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateFeaturesAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateFeaturesAPIOutput'
+ description: Bad Request
+ summary: v1 update features
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/logprofile:
+ get:
+ description: v1 read logprofile
+ operationId: get-v2-ngfirewalls-firewallname-logprofile
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: account id
+ in: query
+ name: accountid
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ReadLogProfileAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ReadLogProfileAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ReadLogProfileAPIOutput'
+ description: Bad Request
+ summary: v1 read logprofile
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: v1 update logprofile
+ operationId: post-v2-ngfirewalls-firewallname-logprofile
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateLogProfileAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateLogProfileAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateLogProfileAPIOutput'
+ description: Bad Request
+ summary: v1 update logprofile
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/rulestack:
+ post:
+ description: v1 associate rulestack
+ operationId: post-v2-ngfirewalls-firewallname-rulestack
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.AssociateRuleStackAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.AssociateRuleStackAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.AssociateRuleStackAPIOutput'
+ description: Bad Request
+ summary: v1 associate rulestack
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/subnets:
+ post:
+ description: v1 update subnet mappings
+ operationId: post-v2-ngfirewalls-firewallname-subnets
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIOutput'
+ description: Bad Request
+ summary: v1 update subnet mappings
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/tags:
+ delete:
+ description: 'Remove tags from a firewall by firewall name.
+
+ '
+ operationId: delete-v2-ngfirewalls-firewallname-tags
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.DeleteTagsAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.DeleteTagsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.DeleteTagsAPIOutput'
+ description: Bad Request
+ summary: v1 delete tags
+ tags:
+ - ManageNGFW-V2
+ get:
+ description: 'List tags for a firewall by firewall name.
+
+ '
+ operationId: get-v2-ngfirewalls-firewallname-tags
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ListTagsAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ListTagsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ListTagsAPIOutput'
+ description: Bad Request
+ summary: v1 list tags
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: 'Add tags to a firewall by firewall name.
+
+ '
+ operationId: post-v2-ngfirewalls-firewallname-tags
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateTagsAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateTagsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateTagsAPIOutput'
+ description: Bad Request
+ summary: v1 update tags
+ tags:
+ - ManageNGFW-V2
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: ManageNGFW-V2
diff --git a/openapi-specs/cloudngfw/aws/ManageNGFW.yaml b/openapi-specs/cloudngfw/aws/ManageNGFW.yaml
index 9a0db2f75..b3c713bd2 100644
--- a/openapi-specs/cloudngfw/aws/ManageNGFW.yaml
+++ b/openapi-specs/cloudngfw/aws/ManageNGFW.yaml
@@ -4,102 +4,59 @@ components:
additionalProperties: false
properties:
AccountId:
- description: "The unique ID of the account.
-
- "
title: Accountid
type: string
Description:
- description: "Description of the NGFW.
-
- "
maxLength: 512
pattern: ^.*$
title: Description
type: string
- LinkId:
- description: "A unique identifier for establishing and managing the link between the Cloud NGFW and other AWS resources"
- title: LinkId
- type: string
EndpointMode:
- description:
- "The management mode used to create endpoints automatically
- or manually.
-
- "
enum:
- - ServiceManaged
- - CustomerManaged
+ - ServiceManaged
+ - CustomerManaged
title: Endpointmode
type: string
FirewallName:
- description: "Name of the NGFW, unique in a region for each customer.
-
- "
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
title: Firewallname
type: string
GlobalRuleStackName:
- description: "Name of the global rulestack.
-
- "
title: Globalrulestackname
type: string
RuleStackName:
- description: "Name of the local rulestack.
-
- "
title: Rulestackname
type: string
SubnetMappings:
- description:
- "The public subnets for your NGFW. Each subnet must belong
- to a different Availability Zone in the VPC. NGFW creates an NGFW endpoint
- in each subnet.
-
- "
items:
- $ref: "#/components/schemas/CreateFWResourceRequest.SubnetMappingsType"
+ $ref: '#/components/schemas/CreateFWResourceRequest.SubnetMappingsType'
title: Subnetmappings
type: array
Tags:
- description: "The key:value pairs to associate with a resource.
-
- "
items:
- $ref: "#/components/schemas/CreateFWResourceRequest.TagEntry"
+ $ref: '#/components/schemas/CreateFWResourceRequest.TagEntry'
maxItems: 50
title: Tags
type: array
VpcId:
- description:
- "The unique identifier of the VPCs that you want NGFW to retrieve.\
- \ Leave this blank to retrieve all VPCs. \n"
title: Vpcid
type: string
required:
- - EndpointMode
- - FirewallName
- - SubnetMappings
- - VpcId
+ - EndpointMode
+ - FirewallName
+ - SubnetMappings
+ - VpcId
title: CreateFWResourceRequest
type: object
CreateFWResourceRequest.SubnetMappingsType:
additionalProperties: false
properties:
AvailabilityZone:
- description:
- "The data center in a region available for use by the AWS customer.
-
- "
title: Availabilityzone
type: string
SubnetId:
- description: "The unique ID of the subnet in your VPC.
-
- "
title: Subnetid
type: string
title: SubnetMappingsType
@@ -108,52 +65,30 @@ components:
additionalProperties: false
properties:
Key:
- description:
- "A unique identifier in the key-value pair. The constant that
- defines the data set.
-
- .
-
- "
title: Key
type: string
Value:
- description: "The variable that belongs to the data set.
-
- "
title: Value
type: string
required:
- - Key
- - Value
+ - Key
+ - Value
title: TagEntry
type: object
CreateFWResourceResponse:
properties:
Response:
- $ref: "#/components/schemas/CreateFWResourceResponse.FirewallResource"
- description: "The API call response.
-
- "
+ $ref: '#/components/schemas/CreateFWResourceResponse.FirewallResource'
ResponseStatus:
- $ref: "#/components/schemas/CreateFWResourceResponse.Result"
- description: "The API call response status.
-
- "
+ $ref: '#/components/schemas/CreateFWResourceResponse.Result'
title: CreateFWResourceResponse
type: object
CreateFWResourceResponse.FirewallResource:
properties:
AccountId:
- description: "The unique ID of the account.
-
- "
title: Accountid
type: string
AppIdVersion:
- description: "The App-ID version of the specified application.
-
- "
maxLength: 64
minLength: 1
pattern: ^[0-9]+-[0-9]+$
@@ -161,89 +96,51 @@ components:
type: string
AutomaticUpgradeAppIdVersion:
default: true
- description:
- "Specify whether to automatically upgrade to the latest App-ID
- version.
-
- "
title: Automaticupgradeappidversion
type: boolean
- LinkId:
- title: LinkId
- type: string
Description:
- description: "Description of the NGFW.
-
- "
title: Description
type: string
EndpointMode:
- description:
- "The management mode used to create endpoints automatically
- or manually.
-
- "
enum:
- - ServiceManaged
- - CustomerManaged
+ - ServiceManaged
+ - CustomerManaged
title: Endpointmode
type: string
FirewallName:
- description: "Name of the NGFW, unique in a region for each customer. \n"
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
title: Firewallname
type: string
GlobalRuleStackName:
- description: "Name of the global rulestack.
-
- "
title: Globalrulestackname
type: string
RuleStackName:
- description: "Name of the local rulestack.
-
- "
title: Rulestackname
type: string
SubnetMappings:
- description:
- "The public subnets for your NGFW. Each subnet must belong
- to a different Availability Zone (AZ) in the VPC. NGFW creates an NGFW
- endpoint in each subnet.
-
- "
items:
type: object
title: Subnetmappings
type: array
Tags:
- description: "The key:value pairs to associate with a resource.
-
- "
items:
type: object
title: Tags
type: array
UpdateToken:
- default: "1"
- description: "Refresh token.
-
- "
+ default: '1'
title: Updatetoken
type: string
VpcId:
- description:
- "The unique identifier of the VPCs that you want NGFW to retrieve.\
- \ Leave this blank to retrieve all VPCs. \n"
title: Vpcid
type: string
required:
- - EndpointMode
- - FirewallName
- - SubnetMappings
- - VpcId
+ - EndpointMode
+ - FirewallName
+ - SubnetMappings
+ - VpcId
title: FirewallResource
type: object
CreateFWResourceResponse.Result:
@@ -251,24 +148,9 @@ components:
properties:
ErrorCode:
default: 0
- description:
- "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\
- Operation failed because it is not valid. For example, when you delete\
- \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\
- \ failed due to invalid request. For example, unsupported parameter name\
- \ or value in the request.\n* LimitExceededException\u2014Operation failed\
- \ due to violation in limit settings.\n* ThrottlingException\u2014Operation\
- \ failed due to throttling limitations. \n\n500\u2014Bad request\n* InsufficientCapacityException\u2014\
- AWS currently does not have enough capacity to fulfill your request.\n\
- * InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: "The error description.
-
- "
title: Reason
type: string
title: Result
@@ -277,9 +159,6 @@ components:
additionalProperties: false
properties:
AccountId:
- description: "The unique ID of the account.
-
- "
title: Accountid
type: string
title: DeleteFWResourceRequest
@@ -287,29 +166,17 @@ components:
DeleteFWResourceResponse:
properties:
Response:
- $ref: "#/components/schemas/DeleteFWResourceResponse.FirewallResource"
- description: "The API call response.
-
- "
+ $ref: '#/components/schemas/DeleteFWResourceResponse.FirewallResource'
ResponseStatus:
- $ref: "#/components/schemas/DeleteFWResourceResponse.Result"
- description: "The API call response status.
-
- "
+ $ref: '#/components/schemas/DeleteFWResourceResponse.Result'
title: DeleteFWResourceResponse
type: object
DeleteFWResourceResponse.FirewallResource:
properties:
AccountId:
- description: "The unique ID of the account.
-
- "
title: Accountid
type: string
AppIdVersion:
- description: "The App-ID version of the specified application.
-
- "
maxLength: 64
minLength: 1
pattern: ^[0-9]+-[0-9]+$
@@ -317,86 +184,51 @@ components:
type: string
AutomaticUpgradeAppIdVersion:
default: true
- description:
- "Specify whether to automatically upgrade to the latest App-ID
- version.
-
- "
title: Automaticupgradeappidversion
type: boolean
Description:
- description: "Description of the NGFW.
-
- "
title: Description
type: string
EndpointMode:
- description:
- "The management mode used to create endpoints automatically
- or manually.
-
- "
enum:
- - ServiceManaged
- - CustomerManaged
+ - ServiceManaged
+ - CustomerManaged
title: Endpointmode
type: string
FirewallName:
- description: "Name of the NGFW, unique in a region for each customer. \n"
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
title: Firewallname
type: string
GlobalRuleStackName:
- description: "Name of the global rulestack.
-
- "
title: Globalrulestackname
type: string
RuleStackName:
- description: "Name of the local rulestack.
-
- "
title: Rulestackname
type: string
SubnetMappings:
- description:
- "The public subnets for your NGFW. Each subnet must belong
- to a different Availability Zone in the VPC. NGFW creates an NGFW endpoint
- in each subnet.
-
- "
items:
type: object
title: Subnetmappings
type: array
Tags:
- description: "The key:value pairs to associate with a resource.
-
- "
items:
type: object
title: Tags
type: array
UpdateToken:
- default: "1"
- description: "Refresh token.
-
- "
+ default: '1'
title: Updatetoken
type: string
VpcId:
- description:
- "The unique identifier of the VPCs that you want NGFW to retrieve.\
- \ Leave this blank to retrieve all VPCs. \n"
title: Vpcid
type: string
required:
- - EndpointMode
- - FirewallName
- - SubnetMappings
- - VpcId
+ - EndpointMode
+ - FirewallName
+ - SubnetMappings
+ - VpcId
title: FirewallResource
type: object
DeleteFWResourceResponse.Result:
@@ -404,24 +236,9 @@ components:
properties:
ErrorCode:
default: 0
- description:
- "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\
- Operation failed because it is not valid. For example, when you delete\
- \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\
- \ failed due to invalid request. For example, unsupported parameter name\
- \ or value in the request.\n* ResourceNotFoundException\u2014Unable to\
- \ locate a resource using the parameters you provided.\n* UnsupportedOperationException\u2014\
- The operation you requested is not supported by Cloud NGFW.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: "The error description.
-
- "
title: Reason
type: string
title: Result
@@ -431,19 +248,11 @@ components:
properties:
MaxResults:
default: 1024
- description:
- "The maximum number of firewalls that you want NGFW to return\
- \ for this request. \n"
maximum: 1024
minimum: 1
title: Maxresults
type: integer
NextToken:
- description:
- "If the number of NGFWs available for retrieval exceeds the\
- \ maximum you requested, Cloud NGFW returns a NextToken value in response.\
- \ To retrieve the next batch of NGFWs, use this token in your next request.\
- \ \n"
maxLength: 2048
minLength: 1
pattern: ^[-0-9A-Za-z:\/+=]+$
@@ -453,11 +262,6 @@ components:
title: Rulestackname
type: string
VpcIds:
- description:
- "The unique identifier of the VPCs that you want NGFW to retrieve.
- Leave this blank to retrieve all VPCs.
-
- "
items:
type: string
title: Vpcids
@@ -467,49 +271,31 @@ components:
ListFWResourceResponse:
properties:
Response:
- $ref: "#/components/schemas/ListFWResourceResponse.ResponseData"
- description: "The API call response.
-
- "
+ $ref: '#/components/schemas/ListFWResourceResponse.ResponseData'
ResponseStatus:
- $ref: "#/components/schemas/ListFWResourceResponse.Result"
- description: "The API call response status.
-
- "
+ $ref: '#/components/schemas/ListFWResourceResponse.Result'
title: ListFWResourceResponse
type: object
ListFWResourceResponse.FirewallInfo:
properties:
AccountId:
- description: "The unique ID of the account.
-
- "
title: Accountid
type: string
FirewallName:
- description: "Name of the NGFW, unique in a region for each customer. \n"
title: Firewallname
type: string
required:
- - FirewallName
+ - FirewallName
title: FirewallInfo
type: object
ListFWResourceResponse.ResponseData:
properties:
Firewalls:
- description: "The list of NGFWs.
-
- "
items:
- $ref: "#/components/schemas/ListFWResourceResponse.FirewallInfo"
+ $ref: '#/components/schemas/ListFWResourceResponse.FirewallInfo'
title: Firewalls
type: array
NextToken:
- description:
- "If the number of NGFWs available for retrieval exceeds the\
- \ maximum you requested, Cloud NGFW returns a NextToken value in response.\
- \ To retrieve the next batch of NGFWs, use this token in your next request.\
- \ \n"
title: Nexttoken
type: string
title: ResponseData
@@ -519,21 +305,9 @@ components:
properties:
ErrorCode:
default: 0
- description:
- "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\
- Operation failed due to invalid request. For example, unsupported parameter\
- \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\
- \ to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: "The error description.
-
- "
title: Reason
type: string
title: Result
@@ -542,9 +316,6 @@ components:
additionalProperties: false
properties:
AccountId:
- description: "The unique ID of the account.
-
- "
title: Accountid
type: string
title: ReadFWResourceRequest
@@ -552,29 +323,17 @@ components:
ReadFWResourceResponse:
properties:
Response:
- $ref: "#/components/schemas/ReadFWResourceResponse.ResponseData"
- description: "The API call response.
-
- "
+ $ref: '#/components/schemas/ReadFWResourceResponse.ResponseData'
ResponseStatus:
- $ref: "#/components/schemas/ReadFWResourceResponse.Result"
- description: "The API call response status.
-
- "
+ $ref: '#/components/schemas/ReadFWResourceResponse.Result'
title: ReadFWResourceResponse
type: object
ReadFWResourceResponse.ReadFirewallResource:
properties:
AccountId:
- description: "The unique ID of the account.
-
- "
title: Accountid
type: string
AppIdVersion:
- description: "The App-ID version of the specified application.
-
- "
maxLength: 64
minLength: 1
pattern: ^[0-9]+-[0-9]+$
@@ -582,28 +341,15 @@ components:
type: string
AutomaticUpgradeAppIdVersion:
default: true
- description:
- "Specify whether to automatically upgrade to the latest App-ID
- version.
-
- "
title: Automaticupgradeappidversion
type: boolean
Description:
- description: "Description of the NGFW.
-
- "
title: Description
type: string
EndpointMode:
- description:
- "The management mode used to create endpoints automatically
- or manually.
-
- "
enum:
- - ServiceManaged
- - CustomerManaged
+ - ServiceManaged
+ - CustomerManaged
title: Endpointmode
type: string
EndpointServiceName:
@@ -611,143 +357,100 @@ components:
title: Endpointservicename
type: string
FirewallName:
- description: "Name of the NGFW, unique in a region for each customer. \n"
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
title: Firewallname
type: string
GlobalRuleStackName:
- description: "Name of the global rulestack.
-
- "
title: Globalrulestackname
type: string
RuleStackName:
- description: "Name of the local rulestack.
-
- "
title: Rulestackname
type: string
SubnetMappings:
- description:
- "The public subnets for your NGFW. Each subnet must belong
- to a different Availability Zone in the VPC. NGFW creates an NGFW endpoint
- in each subnet.
-
- "
items:
type: object
title: Subnetmappings
type: array
Tags:
- description: "The key:value pairs to associate with a resource.
-
- "
items:
type: object
title: Tags
type: array
UpdateToken:
- default: "1"
- description: "Refresh token.
-
- "
+ default: '1'
title: Updatetoken
type: string
VpcId:
- description:
- "The unique identifier of the VPCs that you want NGFW to retrieve.\
- \ Leave this blank to retrieve all VPCs. \n"
title: Vpcid
type: string
required:
- - EndpointMode
- - FirewallName
- - SubnetMappings
- - VpcId
+ - EndpointMode
+ - FirewallName
+ - SubnetMappings
+ - VpcId
title: ReadFirewallResource
type: object
ReadFWResourceResponse.ResourceAttachment:
properties:
EndpointId:
- description: "The unique ID of the endpoint.
-
- "
title: Endpointid
type: string
RejectedReason:
- description: "Reason of rejection.
-
- "
title: Rejectedreason
type: string
Status:
enum:
- - ACCEPTED
- - PENDING
- - REJECTED
+ - ACCEPTED
+ - PENDING
+ - REJECTED
title: Status
type: string
SubnetId:
- description: "The unique ID of the subnet in your VPC.
-
- "
title: Subnetid
type: string
required:
- - EndpointId
- - Status
+ - EndpointId
+ - Status
title: ResourceAttachment
type: object
ReadFWResourceResponse.ResourceStatus:
properties:
Attachments:
- description: "The endpoint attachment.
-
- "
items:
- $ref: "#/components/schemas/ReadFWResourceResponse.ResourceAttachment"
+ $ref: '#/components/schemas/ReadFWResourceResponse.ResourceAttachment'
title: Attachments
type: array
FailureReason:
- description: "The reason for failure.
-
- "
title: Failurereason
type: string
FirewallStatus:
enum:
- - CREATING
- - UPDATING
- - DELETING
- - CREATE_COMPLETE
- - UPDATE_COMPLETE
- - CREATE_FAIL
- - UPDATE_FAIL
- - DELETE_FAIL
+ - CREATING
+ - UPDATING
+ - DELETING
+ - CREATE_COMPLETE
+ - UPDATE_COMPLETE
+ - CREATE_FAIL
+ - UPDATE_FAIL
+ - DELETE_FAIL
title: Firewallstatus
type: string
RuleStackStatus:
- description: "Status of rulestack.
-
- "
title: Rulestackstatus
type: string
required:
- - Attachments
- - FirewallStatus
+ - Attachments
+ - FirewallStatus
title: ResourceStatus
type: object
ReadFWResourceResponse.ResponseData:
properties:
Firewall:
- $ref: "#/components/schemas/ReadFWResourceResponse.ReadFirewallResource"
+ $ref: '#/components/schemas/ReadFWResourceResponse.ReadFirewallResource'
Status:
- $ref: "#/components/schemas/ReadFWResourceResponse.ResourceStatus"
- description: "Status of NGFW.
-
- "
+ $ref: '#/components/schemas/ReadFWResourceResponse.ResourceStatus'
title: ResponseData
type: object
ReadFWResourceResponse.Result:
@@ -755,21 +458,9 @@ components:
properties:
ErrorCode:
default: 0
- description:
- "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\
- Operation failed due to invalid request. For example, unsupported parameter\
- \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\
- \ to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: "The error description
-
- "
title: Reason
type: string
title: Result
@@ -778,68 +469,41 @@ components:
additionalProperties: false
properties:
AccountId:
- description: "The unique ID of the account.
-
- "
title: Accountid
type: string
Description:
- description: "Description of the firewall.
-
- "
maxLength: 512
pattern: ^.*$
title: Description
type: string
UpdateToken:
- description: "Refresh token.
-
- "
title: Updatetoken
type: string
required:
- - Description
+ - Description
title: UpdateFWResourceDescriptionRequest
type: object
UpdateFWResourceDescriptionResponse:
properties:
Response:
- $ref: "#/components/schemas/UpdateFWResourceDescriptionResponse.ResponseData"
- description: "The API call response.
-
- "
+ $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse.ResponseData'
ResponseStatus:
- $ref: "#/components/schemas/UpdateFWResourceDescriptionResponse.Result"
- description: "The API call response status.
-
- "
+ $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse.Result'
title: UpdateFWResourceDescriptionResponse
type: object
UpdateFWResourceDescriptionResponse.ResponseData:
additionalProperties: false
properties:
AccountId:
- description: "The unique ID of the account.
-
- "
title: Accountid
type: string
Description:
- description: "Description of the firewall.
-
- "
title: Description
type: string
FirewallName:
- description: "Name of the NGFW, unique in a region for each customer.
-
- "
title: Firewallname
type: string
UpdateToken:
- description: "Refresh token.
-
- "
title: Updatetoken
type: string
title: ResponseData
@@ -849,21 +513,9 @@ components:
properties:
ErrorCode:
default: 0
- description:
- "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\
- Operation failed due to invalid request. For example, unsupported parameter\
- \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\
- \ to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: "The error description.
-
- "
title: Reason
type: string
title: Result
@@ -872,31 +524,19 @@ components:
additionalProperties: false
properties:
AccountId:
- description: "The unique ID of the account.
-
- "
title: Accountid
type: string
AssociateSubnetMappings:
- description: "Associate the subnets to NGFW.
-
- "
items:
- $ref: "#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType"
+ $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType'
title: Associatesubnetmappings
type: array
DisassociateSubnetMappings:
- description: "Disassociate the subnet from NGFW.
-
- "
items:
- $ref: "#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType"
+ $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType'
title: Disassociatesubnetmappings
type: array
UpdateToken:
- description: "Refresh token.
-
- "
title: Updatetoken
type: string
title: UpdateFWResourceSubnetsRequest
@@ -905,16 +545,9 @@ components:
additionalProperties: false
properties:
AvailabilityZone:
- description:
- "The data center in a region available for use by the AWS customer.
-
- "
title: Availabilityzone
type: string
SubnetId:
- description: "The unique ID of the subnet in your VPC.
-
- "
title: Subnetid
type: string
title: SubnetMappingsType
@@ -922,46 +555,25 @@ components:
UpdateFWResourceSubnetsResponse:
properties:
Response:
- $ref: "#/components/schemas/UpdateFWResourceSubnetsResponse.ResponseData"
- description: "The API call response.
-
- "
+ $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse.ResponseData'
ResponseStatus:
- $ref: "#/components/schemas/UpdateFWResourceSubnetsResponse.Result"
- description: "The API call response status.
-
- "
+ $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse.Result'
title: UpdateFWResourceSubnetsResponse
type: object
UpdateFWResourceSubnetsResponse.ResponseData:
properties:
AccountId:
- description: "The unique ID of the account.
-
- "
title: Accountid
type: string
FirewallName:
- description: "Name of the NGFW, unique in a region for each customer.
-
- "
title: Firewallname
type: string
SubnetMappings:
- description:
- "The public subnets for your NGFW. Each subnet must belong
- to a different Availability Zone in the VPC. NGFW creates a firewall endpoint
- in each subnet.
-
- "
items:
type: object
title: Subnetmappings
type: array
UpdateToken:
- description: "Refresh token.
-
- "
title: Updatetoken
type: string
title: ResponseData
@@ -971,86 +583,90 @@ components:
properties:
ErrorCode:
default: 0
- description:
- "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\
- Operation failed due to invalid request. For example, unsupported parameter\
- \ name or value in the request.\n* ResourceNotFoundException\u2014Unable\
- \ to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: "The error description.
-
- "
title: Reason
type: string
title: Result
type: object
info:
contact: {}
- description:
- "Manage the IAM rules and permission required for user access. \
- \ \n"
- title: Manage Cloud NGFW Resources
+ description: "Add and modify the user IAM rules and permission policies required\
+ \ to expand or reduce their access and permissions. You can also delete a user.\
+ \ And individual users can view their roles and change their name or password\
+ \ as necessary.\n\n### Permission Policies\n\n| Action \
+ \ | Local Firewall Administrator | Local Rulestack Administrator\
+ \ | Global Rulestack Administrator |\n| :----------------------------------------:\
+ \ | :---------------------------: | :--------------------------: | :----------------------------:\
+ \ |\n| Create a Firewall Resource | **☑** \
+ \ | ☐ | ☐ |\n| Delete\
+ \ a Firewall Resource | **☑** | ☐\
+ \ | ☐ | \
+ \ \n| Describe a Firewall Resource | **☑** \
+ \ | **☑** | **☑** | \n\
+ | List Firewall Resources | **☑** |\
+ \ **☑** | **☑** | \n| Update\
+ \ a Firewall Resource Description | **☑** | ☐\
+ \ | ☐ | \
+ \ \n| Update a Firewall Content Version | **☑**\
+ \ | ☐ | ☐ \
+ \ | \n| Update a Firewall Resource\
+ \ Subnet Mappings | **☑** | ☐ \
+ \ | ☐ | \n"
+ title: Manage Cloud NGFW
version: 1.0.0
openapi: 3.0.3
paths:
/v1/config/ngfirewalls:
get:
- description:
- "List all NGFWs in the Global Firewall Admin (FMS) account and
- retrieve the metadata for the NGFW policies that you have defined.
+ description: 'List all firewalls in the Global Firewall Admin (FMS) account
+ and retrieve the metadata for the firewall policies that you have defined.
- "
+ '
operationId: get-v1-config-ngfirewalls
parameters: []
requestBody:
content:
application/json:
schema:
- $ref: "#/components/schemas/ListFWResourceRequest"
+ $ref: '#/components/schemas/ListFWResourceRequest'
responses:
- "200":
+ '200':
content:
application/json:
schema:
- $ref: "#/components/schemas/ListFWResourceResponse"
+ $ref: '#/components/schemas/ListFWResourceResponse'
description: OK
summary: List Firewall Resources
tags:
- - ManageNGFW
+ - ManageNGFW
post:
- description:
- "Create an NGFW and define configuration settings. The settings
- that you define at creation include NGFW policy, subnets in your VPC, and
- tags associated with the NGFW resource.
+ description: 'Create an AWS Network Firewall and define configuration settings.
+ The settings that you define at creation include firewall policy, subnets
+ in your VPC, and tags associated with the AWS firewall resource.
- "
+ '
operationId: post-v1-config-ngfirewalls
parameters: []
requestBody:
content:
application/json:
schema:
- $ref: "#/components/schemas/CreateFWResourceRequest"
+ $ref: '#/components/schemas/CreateFWResourceRequest'
responses:
- "200":
+ '200':
content:
application/json:
schema:
- $ref: "#/components/schemas/CreateFWResourceResponse"
+ $ref: '#/components/schemas/CreateFWResourceResponse'
description: OK
summary: Create A Firewall Resource
tags:
- - ManageNGFW
+ - ManageNGFW
/v1/config/ngfirewalls/{ngfirewallname}:
delete:
- description:
- "Delete the specified NGFW. You can check whether a NGFW is in\
+ description: "Delete the specified NGFW. You can check whether a NGFW is in\
\ use by reviewing the route tables for the Availability Zones (AZs) where\
\ you have the NGFW subnet mappings. \n\nRetrieve the subnet mappings by\
\ calling `DescribeFirewall`. You can define and update the route tables through\
@@ -1059,119 +675,118 @@ paths:
\ you can remove the NGFW safely.\n"
operationId: delete-v1-config-ngfirewalls-ngfirewallname
parameters:
- - description: "The name of the NGFW.
+ - description: 'The name of the NGFW.
- "
- in: path
- name: ngfirewallname
- required: true
- schema:
- type: string
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
requestBody:
content:
application/json:
schema:
- $ref: "#/components/schemas/DeleteFWResourceRequest"
+ $ref: '#/components/schemas/DeleteFWResourceRequest'
responses:
- "200":
+ '200':
content:
application/json:
schema:
- $ref: "#/components/schemas/DeleteFWResourceResponse"
+ $ref: '#/components/schemas/DeleteFWResourceResponse'
description: OK
summary: Delete A Firewall Resource
tags:
- - ManageNGFW
+ - ManageNGFW
get:
- description: "Returns the data of a specific NGFW resource.
+ description: 'Returns the data of a specific NGFW resource.
- "
+ '
operationId: get-v1-config-ngfirewalls-ngfirewallname
parameters:
- - description: "The name of the NGFW.
+ - description: 'The name of the NGFW.
- "
- in: path
- name: ngfirewallname
- required: true
- schema:
- type: string
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
requestBody:
content:
application/json:
schema:
- $ref: "#/components/schemas/ReadFWResourceRequest"
+ $ref: '#/components/schemas/ReadFWResourceRequest'
responses:
- "200":
+ '200':
content:
application/json:
schema:
- $ref: "#/components/schemas/ReadFWResourceResponse"
+ $ref: '#/components/schemas/ReadFWResourceResponse'
description: OK
summary: Describe A Firewall Resource
tags:
- - ManageNGFW
+ - ManageNGFW
/v1/config/ngfirewalls/{ngfirewallname}/description:
put:
- description:
- "Modifies the description of a specific NGFW. Use the description
+ description: 'Modifies the description of a specific NGFW. Use the description
to help identify the NGFW when you are working with it.
- "
+ '
operationId: put-v1-config-ngfirewalls-ngfirewallname-description
parameters:
- - description: "The name of the NGFW.
+ - description: 'The name of the NGFW.
- "
- in: path
- name: ngfirewallname
- required: true
- schema:
- type: string
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
requestBody:
content:
application/json:
schema:
- $ref: "#/components/schemas/UpdateFWResourceDescriptionRequest"
+ $ref: '#/components/schemas/UpdateFWResourceDescriptionRequest'
responses:
- "200":
+ '200':
content:
application/json:
schema:
- $ref: "#/components/schemas/UpdateFWResourceDescriptionResponse"
+ $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse'
description: OK
summary: Update A Firewall Resource Description
tags:
- - ManageNGFW
+ - ManageNGFW
/v1/config/ngfirewalls/{ngfirewallname}/subnets:
put:
description: "Update the subnet ID associated with a NGFW. \n"
operationId: put-v1-config-ngfirewalls-ngfirewallname-subnets
parameters:
- - description: "The name of the NGFW.
+ - description: 'The name of the NGFW.
- "
- in: path
- name: ngfirewallname
- required: true
- schema:
- type: string
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
requestBody:
content:
application/json:
schema:
- $ref: "#/components/schemas/UpdateFWResourceSubnetsRequest"
+ $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest'
responses:
- "200":
+ '200':
content:
application/json:
schema:
- $ref: "#/components/schemas/UpdateFWResourceSubnetsResponse"
+ $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse'
description: OK
summary: Update A Firewall Resource Subnet Mappings
tags:
- - ManageNGFW
+ - ManageNGFW
servers:
- - url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
tags:
- - name: ManageNGFW
+- name: ManageNGFW
diff --git a/openapi-specs/cloudngfw/aws/ManageNGFWTags.yaml b/openapi-specs/cloudngfw/aws/ManageNGFWTags.yaml
index 07b42b3d2..540850462 100644
--- a/openapi-specs/cloudngfw/aws/ManageNGFWTags.yaml
+++ b/openapi-specs/cloudngfw/aws/ManageNGFWTags.yaml
@@ -4,25 +4,15 @@ components:
additionalProperties: false
properties:
AccountId:
- description: 'The unique ID of the account.
-
- '
title: Accountid
type: string
MaxResults:
default: 1024
- description: "The maximum number of tags that you want NGFW to return for\
- \ this request. \n"
maximum: 1024
minimum: 1
title: Maxresults
type: integer
NextToken:
- description: 'If the number of tags available for retrieval exceeds the
- maximum you requested, NGFW returns a NextToken value in response. To
- retrieve the next batch of tags, use this token in your next request.
-
- '
title: Nexttoken
type: string
required:
@@ -42,29 +32,15 @@ components:
additionalProperties: false
properties:
AccountId:
- description: 'The unique ID of the account.
-
- '
title: Accountid
type: string
FirewallName:
- description: 'Name of the NGFW, unique in a region for each customer.
-
- '
title: Firewallname
type: string
NextToken:
- description: 'If the number of tags available for retrieval exceeds the
- maximum you requested, NGFW returns a NextToken value in response. To
- retrieve the next batch of tags, use this token in your next request.
-
- '
title: Nexttoken
type: string
Tags:
- description: 'The tags associated with the firewall.
-
- '
items:
$ref: '#/components/schemas/FirewallListTagsForResourceResponse.TagEntry'
title: Tags
@@ -76,20 +52,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "400\u2014HTTP bad request\n* InvalidOperationException\u2014\
- Operation failed because it is not valid. For example, when you delete\
- \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\
- \ failed due to invalid request. For example, unsupported parameter name\
- \ or value in the request.\n* LimitExceededException\u2014Operation failed\
- \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\
- Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: "The error description.\n \n"
title: Reason
type: string
title: Result
@@ -98,16 +63,9 @@ components:
additionalProperties: false
properties:
Key:
- description: 'A unique identifier in the key-value pair. The constant that
- defines the data set.
-
- '
title: Key
type: string
Value:
- description: 'The variable that belongs to the data set.
-
- '
title: Value
type: string
required:
@@ -119,15 +77,9 @@ components:
additionalProperties: false
properties:
AccountId:
- description: 'The unique ID of the account.
-
- '
title: Accountid
type: string
Tags:
- description: 'The tags associated with the firewall.
-
- '
items:
$ref: '#/components/schemas/FirewallTagResourceRequest.TagEntry'
maxItems: 50
@@ -142,18 +94,9 @@ components:
additionalProperties: false
properties:
Key:
- description: 'A unique identifier in the key-value pair. The constant that
- defines the data set.
-
- .
-
- '
title: Key
type: string
Value:
- description: 'The variable that belongs to the data set.
-
- '
title: Value
type: string
required:
@@ -166,29 +109,17 @@ components:
properties:
Response:
$ref: '#/components/schemas/FirewallTagResourceResponse.ResponseData'
- description: 'The API call response.
-
- '
ResponseStatus:
$ref: '#/components/schemas/FirewallTagResourceResponse.Result'
- description: 'The API call response status.
-
- '
title: FirewallTagResourceResponse
type: object
FirewallTagResourceResponse.ResponseData:
additionalProperties: false
properties:
FirewallName:
- description: 'Name of the NGFW, unique in a region for each customer.
-
- '
title: Firewallname
type: string
Tags:
- description: 'The tags associated with the firewall.
-
- '
items:
$ref: '#/components/schemas/FirewallTagResourceResponse.TagEntry'
title: Tags
@@ -200,21 +131,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\
- Operation failed because it is not valid. For example, when you delete\
- \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\
- \ failed due to invalid request. For example, unsupported parameter name\
- \ or value in the request.\n* LimitExceededException\u2014Operation failed\
- \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\
- Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: "The error description. \n \n"
title: Reason
type: string
title: Result
@@ -223,16 +142,9 @@ components:
additionalProperties: false
properties:
Key:
- description: 'A unique identifier in the key-value pair. The constant that
- defines the data set.
-
- '
title: Key
type: string
Value:
- description: 'The variable that belongs to the data set.
-
- '
title: Value
type: string
required:
@@ -244,15 +156,9 @@ components:
additionalProperties: false
properties:
AccountId:
- description: 'The unique ID of the account.
-
- '
title: Accountid
type: string
TagKeys:
- description: 'A unique identifier in the key-value pair.
-
- '
items:
maxLength: 128
minLength: 1
@@ -271,33 +177,20 @@ components:
properties:
Response:
$ref: '#/components/schemas/FirewallUntagResourceResponse.ResponseData'
- description: 'The API call response.
-
- '
ResponseStatus:
$ref: '#/components/schemas/FirewallUntagResourceResponse.Result'
- description: 'The API call response status.
-
- '
title: FirewallUntagResourceResponse
type: object
FirewallUntagResourceResponse.ResponseData:
additionalProperties: false
properties:
AccountId:
- description: "The unique ID of the account. \n"
title: Accountid
type: string
FirewallName:
- description: 'Name of the NGFW, unique in a region for each customer.
-
- '
title: Firewallname
type: string
TagKeys:
- description: 'A unique identifier in the key-value pair.
-
- '
items:
type: string
title: Tagkeys
@@ -309,46 +202,37 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\
- Operation failed because it is not valid. For example, when you delete\
- \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\
- \ failed due to invalid request. For example, unsupported parameter name\
- \ or value in the request.\n* LimitExceededException\u2014Operation failed\
- \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\
- Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
type: object
info:
contact: {}
- description: 'Search and filter NGFWs using tags.
-
- '
+ description: "Apply tags to help search and filter your Cloud NGFW resources.\n\n\
+ ### Permission Policies\n\n| Action | Local Firewall Administrator\
+ \ | Local Rulestack Administrator | Global Rulestack Administrator |\n| ------------------------------\
+ \ | :---------------------------: | :---------------------------: | :----------------------------:\
+ \ |\n| Tag Resource | **☑** | ☐\
+ \ | ☐ | \n| Untag Resource\
+ \ | **☑** | ☐ \
+ \ | ☐ | \n| List Firewall\
+ \ Tags | **☑** | **☑** \
+ \ | ☐ |\n"
title: Manage Cloud NGFW Tags
version: 1.0.0
openapi: 3.0.3
paths:
/v1/config/ngfirewalls/{ngfirewallname}/tags:
delete:
- description: 'Remove the tags associated with an NGFW resource.
+ description: 'Remove the tags associated with a resource.
'
operationId: delete-v1-config-ngfirewalls-ngfirewallname-tags
parameters:
- - description: 'The name of the NGFW.
-
- '
+ - description: ''
in: path
name: ngfirewallname
required: true
@@ -370,14 +254,12 @@ paths:
tags:
- ManageNGFWTags
get:
- description: 'Retrieve the tags associated with an NGFW resource.
+ description: 'Retrieve the tags associated with a resource.
'
operationId: get-v1-config-ngfirewalls-ngfirewallname-tags
parameters:
- - description: 'The name of the NGFW.
-
- '
+ - description: ''
in: path
name: ngfirewallname
required: true
@@ -399,8 +281,8 @@ paths:
tags:
- ManageNGFWTags
post:
- description: 'Add tags to an NGFW resource. You can tag the resources that you
- manage through NGFW policies.
+ description: 'Add tags to a resource. You can tag the resources that you manage
+ through NGFW firewalls and policies.
'
operationId: post-v1-config-ngfirewalls-ngfirewallname-tags
diff --git a/openapi-specs/cloudngfw/aws/ManageRulestackTags.yaml b/openapi-specs/cloudngfw/aws/ManageRulestackTags.yaml
index a0f8683e5..64116f2b4 100644
--- a/openapi-specs/cloudngfw/aws/ManageRulestackTags.yaml
+++ b/openapi-specs/cloudngfw/aws/ManageRulestackTags.yaml
@@ -13,23 +13,12 @@ components:
additionalProperties: false
properties:
NextToken:
- description: 'If the number of tags available for retrieval exceeds the
- maximum you requested, Cloud NGFW returns a NextToken value in response.
- To retrieve the next batch of tags, use this token in your next request.
-
- '
title: Nexttoken
type: string
RuleStackName:
- description: 'Name of the rulestack.
-
- '
title: Rulestackname
type: string
Tags:
- description: 'The tags associated with the rulestack.
-
- '
items:
$ref: '#/components/schemas/RulestackListTagsForResourceResponse.TagEntry'
title: Tags
@@ -41,23 +30,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\
- Operation failed because it is not valid. For example, when you delete\
- \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\
- \ failed due to invalid request. For example, unsupported parameter name\
- \ or value in the request.\n* LimitExceededException\u2014Operation failed\
- \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\
- Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
@@ -66,16 +41,9 @@ components:
additionalProperties: false
properties:
Key:
- description: 'A unique identifier in the key-value pair. The constant that
- defines the data set.
-
- '
title: Key
type: string
Value:
- description: 'The variable that belongs to the data set.
-
- '
title: Value
type: string
required:
@@ -87,9 +55,6 @@ components:
additionalProperties: false
properties:
Tags:
- description: 'The tags associated with the rulestack.
-
- '
items:
$ref: '#/components/schemas/RulestackTagResourceRequest.TagEntry'
maxItems: 50
@@ -103,18 +68,9 @@ components:
additionalProperties: false
properties:
Key:
- description: 'A unique identifier in the key-value pair. The constant that
- defines the data set.
-
- .
-
- '
title: Key
type: string
Value:
- description: 'The variable that belongs to the data set.
-
- '
title: Value
type: string
required:
@@ -127,14 +83,8 @@ components:
properties:
Response:
$ref: '#/components/schemas/RulestackTagResourceResponse.ResponseData'
- description: 'The API call response.
-
- '
ResponseStatus:
$ref: '#/components/schemas/RulestackTagResourceResponse.Result'
- description: 'The API call response status.
-
- '
title: RulestackTagResourceResponse
type: object
RulestackTagResourceResponse.ResponseData:
@@ -144,9 +94,6 @@ components:
title: Rulestackname
type: string
Tags:
- description: 'The tags associated with the rulestack.
-
- '
items:
$ref: '#/components/schemas/RulestackTagResourceResponse.TagEntry'
title: Tags
@@ -158,21 +105,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\
- Operation failed because it is not valid. For example, when you delete\
- \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\
- \ failed due to invalid request. For example, unsupported parameter name\
- \ or value in the request.\n* LimitExceededException\u2014Operation failed\
- \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\
- Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: "The error description. \n"
title: Reason
type: string
title: Result
@@ -181,16 +116,9 @@ components:
additionalProperties: false
properties:
Key:
- description: 'A unique identifier in the key-value pair. The constant that
- defines the data set.
-
- '
title: Key
type: string
Value:
- description: 'The variable that belongs to the data set.
-
- '
title: Value
type: string
required:
@@ -202,9 +130,6 @@ components:
additionalProperties: false
properties:
TagKeys:
- description: 'Keys and values of the tags.
-
- '
items:
maxLength: 128
minLength: 1
@@ -222,27 +147,17 @@ components:
properties:
Response:
$ref: '#/components/schemas/RulestackUntagResourceResponse.ResponseData'
- description: 'The API call response.
-
- '
ResponseStatus:
$ref: '#/components/schemas/RulestackUntagResourceResponse.Result'
- description: 'The API call response status.
-
- '
title: RulestackUntagResourceResponse
type: object
RulestackUntagResourceResponse.ResponseData:
additionalProperties: false
properties:
RuleStackName:
- description: 'Name of the rulestack.
-
- '
title: Rulestackname
type: string
TagKeys:
- description: "A unique identifier in the key-value pair. \n"
items:
type: string
title: Tagkeys
@@ -254,37 +169,32 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\
- Operation failed because it is not valid. For example, when you delete\
- \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\
- \ failed due to invalid request. For example, unsupported parameter name\
- \ or value in the request.\n* LimitExceededException\u2014Operation failed\
- \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\
- Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: "The error description. \n"
title: Reason
type: string
title: Result
type: object
info:
contact: {}
- description: 'Search and filter rulestacks using tags.
-
- '
+ description: "Apply tags to help search and filter your rulestack resources.\n\n\
+ ### Permission Policies\n\n| Action | Local Firewall Administrator\
+ \ | Local Rulestack Administrator | Global Rulestack Administrator |\n| ------------------------------\
+ \ | :---------------------------: | :---------------------------: | :----------------------------:\
+ \ |\n| Tag Resource | **☑** | **☑**\
+ \ | **☑** | \n| Untag Resource \
+ \ | **☑** | **☑** \
+ \ | **☑** | \n| List Firewall Tags\
+ \ | ☐ | **☑** \
+ \ | **☑** |\n"
title: Manage Rulestack Tags
version: 1.0.0
openapi: 3.0.3
paths:
/v1/config/rulestacks/{rulestackname}/tags:
delete:
- description: 'Remove tags with specified keys from a specified rulestack resource.
+ description: 'Remove tags with specified keys from a specified resource.
'
operationId: delete-v1-config-rulestacks-rulestackname-tags
@@ -313,7 +223,7 @@ paths:
tags:
- ManageRulestackTags
get:
- description: 'Retrieve the tags associated with a specified rulestack resource.
+ description: 'Retrieve the tags associated with a specified resource.
'
operationId: get-v1-config-rulestacks-rulestackname-tags
@@ -326,8 +236,7 @@ paths:
required: true
schema:
type: string
- - description: "The maximum number of tags that you want NGFW to return for\
- \ this request. \n"
+ - description: ''
in: query
name: maxresults
required: false
@@ -337,11 +246,7 @@ paths:
minimum: 1
title: Maxresults
type: integer
- - description: 'If the number of tags available for retrieval exceeds the maximum
- you requested, Cloud NGFW returns a NextToken value in response. To retrieve
- the next batch of tags, use this token in your next request.
-
- '
+ - description: ''
in: query
name: nexttoken
required: false
@@ -359,8 +264,8 @@ paths:
tags:
- ManageRulestackTags
post:
- description: 'Add tags to a specific rulestack resource. You can tag the AWS
- resources that you manage through rulestacks.
+ description: 'Add tags to a specific resource. You can tag the AWS resources
+ that you manage through rulestacks.
'
operationId: post-v1-config-rulestacks-rulestackname-tags
diff --git a/openapi-specs/cloudngfw/aws/ManageRulestacks.yaml b/openapi-specs/cloudngfw/aws/ManageRulestacks.yaml
index 96ac61c56..48f15b55e 100644
--- a/openapi-specs/cloudngfw/aws/ManageRulestacks.yaml
+++ b/openapi-specs/cloudngfw/aws/ManageRulestacks.yaml
@@ -1,17 +1,38 @@
components:
schemas:
+ CommitRequest:
+ additionalProperties: false
+ properties: {}
+ title: CommitRequest
+ type: object
+ CommitResponse:
+ additionalProperties: false
+ properties:
+ ResponseStatus:
+ $ref: '#/components/schemas/CommitResponse.Result'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: CommitResponse
+ type: object
+ CommitResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
CreateRuleStackRequest:
additionalProperties: false
properties:
RuleStackEntry:
$ref: '#/components/schemas/CreateRuleStackRequest.RuleStackCreateType'
- description: 'Describe whether the rulestack is local or global.
-
- '
RuleStackName:
- description: 'Name of the rulestack.
-
- '
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9-]+$
@@ -25,29 +46,17 @@ components:
additionalProperties: false
properties:
AccountId:
- description: 'The unique ID of the account.
-
- '
maxLength: 12
pattern: ^$|^[0-9]+$
title: Accountid
type: string
Description:
- description: 'Description of the rulestack.
-
- '
maxLength: 512
title: Description
type: string
Profiles:
$ref: '#/components/schemas/CreateRuleStackRequest.RuleStackProfiles'
- description: 'Rulestack profile.
-
- '
Scope:
- description: 'The scope of the rulestack.
-
- '
enum:
- Global
- Local
@@ -60,9 +69,6 @@ components:
properties:
AntiSpywareProfile:
default: BestPractice
- description: 'Anti-spyware security profile.
-
- '
enum:
- custom
- BestPractice
@@ -70,9 +76,6 @@ components:
type: string
AntiVirusProfile:
default: BestPractice
- description: 'Anti-virus security profile.
-
- '
enum:
- custom
- BestPractice
@@ -80,31 +83,19 @@ components:
type: string
FileBlockingProfile:
default: BestPractice
- description: 'File blocking security profile.
-
- '
enum:
- custom
- BestPractice
title: Fileblockingprofile
type: string
OutboundTrustCertificate:
- description: 'Outbound trust certificate profile.
-
- '
title: Outboundtrustcertificate
type: string
OutboundUnTrustCertificate:
- description: 'Outbound untrust certificate profile.
-
- '
title: Outbounduntrustcertificate
type: string
URLFilteringProfile:
default: None
- description: 'URL filtering security profile.
-
- '
enum:
- custom
- BestPractice
@@ -113,9 +104,6 @@ components:
type: string
VulnerabilityProfile:
default: BestPractice
- description: 'Vulnerability security profile.
-
- '
enum:
- custom
- BestPractice
@@ -137,13 +125,7 @@ components:
properties:
RuleStackEntry:
$ref: '#/components/schemas/CreateRuleStackResponse.RuleStack'
- description: 'Describe whether the rulestack is local or global.
-
- '
RuleStackName:
- description: 'Name of the rulestack.
-
- '
title: Rulestackname
type: string
title: ResponseData
@@ -153,23 +135,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\
- Operation failed because it is not valid. For example, when you delete\
- \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\
- \ failed due to invalid request. For example, unsupported parameter name\
- \ or value in the request.\n* LimitExceededException\u2014Operation failed\
- \ due to violation in limit settings.\n* ThrottlingException\u2014Operation\
- \ failed due to throttling limitations. \n\n500\u2014Bad request \n\
- * InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n* InsufficientCapacityException\u2014\
- AWS currently does not have enough capacity to fulfill your request.\n"
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
@@ -178,29 +146,17 @@ components:
additionalProperties: false
properties:
AccountId:
- description: 'The unique ID of the account.
-
- '
maxLength: 12
pattern: ^$|^[0-9]+$
title: Accountid
type: string
Description:
- description: 'Description of the rulestack.
-
- '
maxLength: 512
title: Description
type: string
Profiles:
$ref: '#/components/schemas/CreateRuleStackResponse.RuleStackProfiles'
- description: 'Rulestack profile.
-
- '
Scope:
- description: 'The scope of the rulestack.
-
- '
enum:
- Global
- Local
@@ -216,9 +172,6 @@ components:
properties:
AntiSpywareProfile:
default: BestPractice
- description: 'Anti-spyware security profile.
-
- '
enum:
- custom
- BestPractice
@@ -226,9 +179,6 @@ components:
type: string
AntiVirusProfile:
default: BestPractice
- description: 'Anti-virus security profile.
-
- '
enum:
- custom
- BestPractice
@@ -236,31 +186,19 @@ components:
type: string
FileBlockingProfile:
default: BestPractice
- description: 'File blocking security profile.
-
- '
enum:
- custom
- BestPractice
title: Fileblockingprofile
type: string
OutboundTrustCertificate:
- description: 'Outbound trust certificate profile.
-
- '
title: Outboundtrustcertificate
type: string
OutboundUnTrustCertificate:
- description: 'Outbound untrust certificate profile.
-
- '
title: Outbounduntrustcertificate
type: string
URLFilteringProfile:
default: None
- description: 'URL filtering security profile.
-
- '
enum:
- custom
- BestPractice
@@ -269,9 +207,6 @@ components:
type: string
VulnerabilityProfile:
default: BestPractice
- description: 'Vulnerability security profile.
-
- '
enum:
- custom
- BestPractice
@@ -298,13 +233,7 @@ components:
properties:
RuleStackEntry:
$ref: '#/components/schemas/DeleteRuleStackResponse.RuleStackCreateType'
- description: 'Describe whether the rulestack is local or global.
-
- '
RuleStackName:
- description: 'Name of the rulestack.
-
- '
title: Rulestackname
type: string
title: ResponseData
@@ -314,23 +243,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\
- Operation failed because it is not valid. For example, when you delete\
- \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\
- \ failed due to invalid request. For example, unsupported parameter name\
- \ or value in the request.\n* LimitExceededException\u2014Operation failed\
- \ due to violation in limit settings.\n* ThrottlingException\u2014Operation\
- \ failed due to throttling limitations. \n\n500\u2014Bad request \n\
- * InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n* InsufficientCapacityException\u2014\
- AWS currently does not have enough capacity to fulfill your request.\n"
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
@@ -339,29 +254,17 @@ components:
additionalProperties: false
properties:
AccountId:
- description: 'The unique ID of the account.
-
- '
maxLength: 12
pattern: ^$|^[0-9]+$
title: Accountid
type: string
Description:
- description: 'Description of the rulestack.
-
- '
maxLength: 512
title: Description
type: string
Profiles:
$ref: '#/components/schemas/DeleteRuleStackResponse.RuleStackProfiles'
- description: 'Rulestack profile.
-
- '
Scope:
- description: 'The scope of the rulestack.
-
- '
enum:
- Global
- Local
@@ -374,9 +277,6 @@ components:
properties:
AntiSpywareProfile:
default: BestPractice
- description: 'Anti-spyware security profile.
-
- '
enum:
- custom
- BestPractice
@@ -384,9 +284,6 @@ components:
type: string
AntiVirusProfile:
default: BestPractice
- description: 'Anti-virus security profile.
-
- '
enum:
- custom
- BestPractice
@@ -394,31 +291,19 @@ components:
type: string
FileBlockingProfile:
default: BestPractice
- description: 'File blocking security profile.
-
- '
enum:
- custom
- BestPractice
title: Fileblockingprofile
type: string
OutboundTrustCertificate:
- description: 'Outbound trust certificate profile.
-
- '
title: Outboundtrustcertificate
type: string
OutboundUnTrustCertificate:
- description: 'Outbound untrust certificate profile.
-
- '
title: Outbounduntrustcertificate
type: string
URLFilteringProfile:
default: None
- description: 'URL filtering security profile.
-
- '
enum:
- custom
- BestPractice
@@ -427,9 +312,6 @@ components:
type: string
VulnerabilityProfile:
default: BestPractice
- description: 'Vulnerability security profile.
-
- '
enum:
- custom
- BestPractice
@@ -437,30 +319,70 @@ components:
type: string
title: RuleStackProfiles
type: object
+ DescribeCommitRequest:
+ additionalProperties: false
+ properties: {}
+ title: DescribeCommitRequest
+ type: object
+ DescribeCommitResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeCommitResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeCommitResponse.Result'
+ title: DescribeCommitResponse
+ type: object
+ DescribeCommitResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CommitMessages:
+ items:
+ type: string
+ title: Commitmessages
+ type: array
+ CommitStatus:
+ title: Commitstatus
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ ValidateMessages:
+ items:
+ type: string
+ title: Validatemessages
+ type: array
+ ValidateStatus:
+ title: Validatestatus
+ type: string
+ title: ResponseData
+ type: object
+ DescribeCommitResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
DescribeRuleStackRequest:
additionalProperties: false
properties:
Candidate:
default: true
- description: 'Rulestack candidate.
-
- '
title: Candidate
type: boolean
MaxResults:
- description: 'The maximum number of rulestacks that you want NGFW to return
- for this request.
-
- '
exclusiveMaximum: 101
exclusiveMinimum: 0
title: Maxresults
type: integer
Running:
default: false
- description: 'Rulestacks in run state.
-
- '
title: Running
type: boolean
title: DescribeRuleStackRequest
@@ -479,30 +401,15 @@ components:
properties:
RuleStackCandidate:
$ref: '#/components/schemas/DescribeRuleStackResponse.RuleStack'
- description: 'Rulestack candidate.
-
- '
RuleStackName:
- description: 'Name of the rulestack.
-
- '
title: Rulestackname
type: string
RuleStackRunning:
$ref: '#/components/schemas/DescribeRuleStackResponse.RuleStack'
- description: 'Rulestacks in run state.
-
- '
RuleStackState:
- description: 'State of rulestack.
-
- '
title: Rulestackstate
type: string
Tags:
- description: 'The tags associated with the rulestack.
-
- '
items:
$ref: '#/components/schemas/DescribeRuleStackResponse.TagEntry'
title: Tags
@@ -514,20 +421,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\
- Operation failed due to invalid request. For example, unsupported parameter\
- \ name or value in the request.\n* LimitExceededException\u2014Operation\
- \ failed due to violation in limit settings.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
@@ -536,38 +432,23 @@ components:
additionalProperties: false
properties:
AccountId:
- description: 'The unique ID of the account.
-
- '
maxLength: 12
pattern: ^$|^[0-9]+$
title: Accountid
type: string
Description:
- description: 'Description of the rulestack.
-
- '
maxLength: 512
title: Description
type: string
Profiles:
$ref: '#/components/schemas/DescribeRuleStackResponse.RuleStackProfiles'
- description: 'Rulestack profile.
-
- '
Scope:
- description: 'The scope of the rulestack.
-
- '
enum:
- Global
- Local
title: Scope
type: string
UpdateToken:
- description: 'Refresh token
-
- '
title: Updatetoken
type: string
title: RuleStack
@@ -577,9 +458,6 @@ components:
properties:
AntiSpywareProfile:
default: BestPractice
- description: 'Anti-spyware security profile.
-
- '
enum:
- custom
- BestPractice
@@ -587,9 +465,6 @@ components:
type: string
AntiVirusProfile:
default: BestPractice
- description: 'Anti-virus security profile.
-
- '
enum:
- custom
- BestPractice
@@ -597,31 +472,19 @@ components:
type: string
FileBlockingProfile:
default: BestPractice
- description: 'File blocking security profile.
-
- '
enum:
- custom
- BestPractice
title: Fileblockingprofile
type: string
OutboundTrustCertificate:
- description: 'Outbound trust certificate profile.
-
- '
title: Outboundtrustcertificate
type: string
OutboundUnTrustCertificate:
- description: 'Outbound untrust certificate profile.
-
- '
title: Outbounduntrustcertificate
type: string
URLFilteringProfile:
default: None
- description: 'URL filtering security profile.
-
- '
enum:
- custom
- BestPractice
@@ -630,9 +493,6 @@ components:
type: string
VulnerabilityProfile:
default: BestPractice
- description: 'Vulnerability security profile.
-
- '
enum:
- custom
- BestPractice
@@ -644,21 +504,12 @@ components:
additionalProperties: false
properties:
Key:
- description: 'A unique identifier in the key-value pair. The constant that
- defines the data set.
-
- .
-
- '
maxLength: 128
minLength: 1
pattern: ^.*$
title: Key
type: string
Value:
- description: 'The variable that belongs to the data set.
-
- '
maxLength: 256
minLength: 1
pattern: ^.*$
@@ -674,42 +525,23 @@ components:
properties:
Candidate:
default: true
- description: 'Rulestack candidate.
-
- '
title: Candidate
type: boolean
MaxResults:
default: 1024
- description: 'The maximum number of rulestacks that you want NGFW to return
- for this request.
-
- '
maximum: 1024
minimum: 1
title: Maxresults
type: integer
NextToken:
- description: 'If the number of rulestacks available for retrieval exceeds
- the maximum you requested, NGFW returns a NextToken value in response.
- To retrieve the next batch of rulestacks, use this token in your next
- request.
-
- '
title: Nexttoken
type: string
Running:
default: false
- description: 'Rulestacks in run state.
-
- '
title: Running
type: boolean
Scope:
default: All
- description: 'The scope of the rulestack.
-
- '
enum:
- Global
- Local
@@ -717,23 +549,13 @@ components:
title: Scope
type: string
TagKey:
- description: 'A unique identifier in the key-value pair. The constant that
- defines the data set.
-
- '
title: Tagkey
type: string
TagValue:
- description: 'The variable that belongs to the data set.
-
- '
title: Tagvalue
type: string
Uncommitted:
default: false
- description: 'Uncommitted rulestacks.
-
- '
title: Uncommitted
type: boolean
title: ListRuleStacksRequest
@@ -751,34 +573,19 @@ components:
additionalProperties: false
properties:
NextToken:
- description: 'If the number of rulestacks available for retrieval exceeds
- the maximum you requested, NGFW returns a NextToken value in response.
- To retrieve the next batch of rulestacks, use this token in your next
- request.
-
- '
title: Nexttoken
type: string
RuleStackCandidate:
- description: 'Rulestack candidate.
-
- '
items:
type: string
title: Rulestackcandidate
type: array
RuleStackRunning:
- description: 'Rulestacks in run state.
-
- '
items:
type: string
title: Rulestackrunning
type: array
RuleStackUncommitted:
- description: 'Uncommitted rulestacks.
-
- '
items:
$ref: '#/components/schemas/ListRuleStacksResponse.RuleStackOperation'
title: Rulestackuncommitted
@@ -790,23 +597,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\
- Operation failed because it is not valid. For example, when you delete\
- \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\
- \ failed due to invalid request. For example, unsupported parameter name\
- \ or value in the request.\n* LimitExceededException\u2014Operation failed\
- \ due to violation in limit settings.\n* ThrottlingException\u2014Operation\
- \ failed due to throttling limitations. \n\n500\u2014Bad request \n\
- * InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n* InsufficientCapacityException\u2014\
- AWS currently does not have enough capacity to fulfill your request.\n"
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
@@ -815,9 +608,6 @@ components:
additionalProperties: false
properties:
Operation:
- description: 'Rulestacks operation.
-
- '
enum:
- add
- delete
@@ -825,61 +615,67 @@ components:
title: Operation
type: string
RuleStackName:
- description: 'Name of the rulestack.
-
- '
title: Rulestackname
type: string
required:
- RuleStackName
title: RuleStackOperation
type: object
+ RevertRequest:
+ additionalProperties: false
+ properties: {}
+ title: RevertRequest
+ type: object
+ RevertResponse:
+ additionalProperties: false
+ properties:
+ ResponseStatus:
+ $ref: '#/components/schemas/RevertResponse.Result'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: RevertResponse
+ type: object
+ RevertResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
UpdateRuleStackRequest:
additionalProperties: false
properties:
RuleStackEntry:
$ref: '#/components/schemas/UpdateRuleStackRequest.RuleStack'
- description: 'Scope of the rulestack.
-
- '
title: UpdateRuleStackRequest
type: object
UpdateRuleStackRequest.RuleStack:
additionalProperties: false
properties:
AccountId:
- description: 'The unique ID of the account.
-
- '
maxLength: 12
pattern: ^$|^[0-9]+$
title: Accountid
type: string
Description:
- description: 'Description of the rulestack.
-
- '
maxLength: 512
title: Description
type: string
Profiles:
$ref: '#/components/schemas/UpdateRuleStackRequest.RuleStackProfiles'
- description: 'Rulestack profile.
-
- '
Scope:
- description: 'The scope of the rulestack.
-
- '
enum:
- Global
- Local
title: Scope
type: string
UpdateToken:
- description: 'Refresh token
-
- '
title: Updatetoken
type: string
title: RuleStack
@@ -889,9 +685,6 @@ components:
properties:
AntiSpywareProfile:
default: BestPractice
- description: 'Anti-spyware security profile.
-
- '
enum:
- custom
- BestPractice
@@ -899,9 +692,6 @@ components:
type: string
AntiVirusProfile:
default: BestPractice
- description: 'Anti-virus security profile.
-
- '
enum:
- custom
- BestPractice
@@ -909,31 +699,19 @@ components:
type: string
FileBlockingProfile:
default: BestPractice
- description: 'File blocking security profile.
-
- '
enum:
- custom
- BestPractice
title: Fileblockingprofile
type: string
OutboundTrustCertificate:
- description: 'Outbound trust certificate profile.
-
- '
title: Outboundtrustcertificate
type: string
OutboundUnTrustCertificate:
- description: 'Outbound untrust certificate profile.
-
- '
title: Outbounduntrustcertificate
type: string
URLFilteringProfile:
default: None
- description: 'URL filtering security profile.
-
- '
enum:
- custom
- BestPractice
@@ -942,9 +720,6 @@ components:
type: string
VulnerabilityProfile:
default: BestPractice
- description: 'Vulnerability security profile.
-
- '
enum:
- custom
- BestPractice
@@ -966,13 +741,7 @@ components:
properties:
RuleStackEntry:
$ref: '#/components/schemas/UpdateRuleStackResponse.RuleStack'
- description: 'Describe whether the rulestack is local or global.
-
- '
RuleStackName:
- description: 'Name of the rulestack.
-
- '
title: Rulestackname
type: string
title: ResponseData
@@ -982,20 +751,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidRequestException\u2014\
- Operation failed due to invalid request. For example, unsupported parameter\
- \ name or value in the request.\n* LimitExceededException\u2014Operation\
- \ failed due to violation in limit settings.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
@@ -1004,38 +762,23 @@ components:
additionalProperties: false
properties:
AccountId:
- description: 'The unique ID of the account.
-
- '
maxLength: 12
pattern: ^$|^[0-9]+$
title: Accountid
type: string
Description:
- description: 'Description of the rulestack.
-
- '
maxLength: 512
title: Description
type: string
Profiles:
$ref: '#/components/schemas/UpdateRuleStackResponse.RuleStackProfiles'
- description: 'Rulestack profile.
-
- '
Scope:
- description: 'The scope of the rulestack.
-
- '
enum:
- Global
- Local
title: Scope
type: string
UpdateToken:
- description: 'Refresh token.
-
- '
title: Updatetoken
type: string
title: RuleStack
@@ -1045,9 +788,6 @@ components:
properties:
AntiSpywareProfile:
default: BestPractice
- description: 'Anti-spyware security profile.
-
- '
enum:
- custom
- BestPractice
@@ -1055,9 +795,6 @@ components:
type: string
AntiVirusProfile:
default: BestPractice
- description: 'Anti-virus security profile.
-
- '
enum:
- custom
- BestPractice
@@ -1065,31 +802,19 @@ components:
type: string
FileBlockingProfile:
default: BestPractice
- description: 'File blocking security profile.
-
- '
enum:
- custom
- BestPractice
title: Fileblockingprofile
type: string
OutboundTrustCertificate:
- description: 'Outbound trust certificate profile.
-
- '
title: Outboundtrustcertificate
type: string
OutboundUnTrustCertificate:
- description: 'Outbound untrust certificate profile.
-
- '
title: Outbounduntrustcertificate
type: string
URLFilteringProfile:
default: None
- description: 'URL filtering security profile.
-
- '
enum:
- custom
- BestPractice
@@ -1098,9 +823,6 @@ components:
type: string
VulnerabilityProfile:
default: BestPractice
- description: 'Vulnerability security profile.
-
- '
enum:
- custom
- BestPractice
@@ -1108,14 +830,56 @@ components:
type: string
title: RuleStackProfiles
type: object
+ ValidateRequest:
+ additionalProperties: false
+ properties: {}
+ title: ValidateRequest
+ type: object
+ ValidateResponse:
+ additionalProperties: false
+ properties:
+ ResponseStatus:
+ $ref: '#/components/schemas/ValidateResponse.Result'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ValidateResponse
+ type: object
+ ValidateResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
info:
contact: {}
- description: "Rulestacks define access control (App-ID, URL Filtering) and threat\
- \ prevention behavior for the Cloud NGFW resources using security rules, associated\
- \ objects, and profiles. The Cloud NGFW resources use the rulestack definitions\
- \ to protect the traffic uisng a two-step process. First, it enforces rules to\
- \ allow or deny your traffic. Then, it inspects content on the allowed traffic\
- \ based on the Security Profiles you create. \n"
+ description: "Rulestacks defines access control (App-ID, URL Filtering) and threat\
+ \ prevention behavior of Cloud NGFW resources. \n\nA Cloud NGFW resource uses\
+ \ your rulestack definitions to protect the traffic by a two-step process. First,\
+ \ it enforces your rules on the to allow or deny your traffic. Second, it performs\
+ \ content inspection on the allowed traffic based on what you specify on the Security\
+ \ Profiles. \n\nA rulestack includes a set of security rules, associated objects,\
+ \ and profiles. \n\n### Permission Policies\n\n| Action \
+ \ | Local Firewall Administrator | Local Rulestack Administrator | Global Rulestack\
+ \ Administrator |\n| ------------------------------ | :---------------------------:\
+ \ | :---------------------------: | :----------------------------: |\n| Create\
+ \ a Rulestack | ☐ | **☑** \
+ \ | **☑** | \n| Delete a Rulestack \
+ \ | ☐ | **☑** | **☑**\
+ \ | \n| Describe a Rulestack \
+ \ | **☑** | **☑** | **☑**\
+ \ | \n| List Rulestacks | **☑** \
+ \ | **☑** | **☑** \
+ \ |\n| Update a Rulestack | ☐ | **☑**\
+ \ | **☑** |\n| List Security Rule Lists\
+ \ | **☑** | **☑** | **☑**\
+ \ |\n"
title: Manage Rulestacks
version: 1.0.0
openapi: 3.0.3
@@ -1123,7 +887,7 @@ paths:
/v1/config/rulestacks:
get:
description: "Retrieve the metadata of the specified rulestack. \n\nYou can\
- \ also query rulestacks based on the tags using this command, `/v1/config/rulestacks?tags=`.\
+ \ also query rulestacks based on the tags using this command, */v1/config/rulestacks?tags=*.\
\ \nThis command lists the rulestacks where the tag name starts with the\
\ string. \n\n>DynamoDB supports this command, and should be implemented\
\ as a library.\n"
@@ -1253,6 +1017,117 @@ paths:
summary: Update a RuleStack
tags:
- ManageRulestacks
+ /v1/config/rulestacks/{rulestackname}/commit:
+ get:
+ description: 'View the commit status of the specified rulestack.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-commit
+ parameters:
+ - description: ''
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeCommitRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeCommitResponse'
+ description: OK
+ summary: Describe commit status for a RuleStack
+ tags:
+ - ManageRulestacks
+ post:
+ description: 'Commit the specified rulestack.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-commit
+ parameters:
+ - description: ''
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CommitRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CommitResponse'
+ description: OK
+ summary: Commit a RuleStack
+ tags:
+ - ManageRulestacks
+ /v1/config/rulestacks/{rulestackname}/revert:
+ post:
+ description: 'Revert all uncommitted changes for the specified rulestack.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-revert
+ parameters:
+ - description: ''
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RevertRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RevertResponse'
+ description: OK
+ summary: Revert a RuleStack
+ tags:
+ - ManageRulestacks
+ /v1/config/rulestacks/{rulestackname}/validate:
+ post:
+ description: 'Validate the selected rulestack after commit.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-validate
+ parameters:
+ - description: ''
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ValidateRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ValidateResponse'
+ description: OK
+ summary: Validate a RuleStack
+ tags:
+ - ManageRulestacks
servers:
- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
tags:
diff --git a/openapi-specs/cloudngfw/aws/ManageSubscription.yaml b/openapi-specs/cloudngfw/aws/ManageSubscription.yaml
index 65fd07464..34822c6c8 100644
--- a/openapi-specs/cloudngfw/aws/ManageSubscription.yaml
+++ b/openapi-specs/cloudngfw/aws/ManageSubscription.yaml
@@ -10,23 +10,14 @@ components:
properties:
Response:
$ref: '#/components/schemas/ListSubscriptionResponse.ResponseData'
- description: 'The API call response.
-
- '
ResponseStatus:
$ref: '#/components/schemas/ListSubscriptionResponse.Result'
- description: 'The API call response status.
-
- '
title: ListSubscriptionResponse
type: object
ListSubscriptionResponse.ResponseData:
additionalProperties: false
properties:
Subscriptions:
- description: 'Subscription information of your account.
-
- '
items:
$ref: '#/components/schemas/ListSubscriptionResponse.SubscriptionDetails'
title: Subscriptions
@@ -38,23 +29,9 @@ components:
properties:
ErrorCode:
default: 0
- description: "Default value of a successful response is 0. Any other number\
- \ indicates an error code. \n\n400\u2014HTTP bad request\n* InvalidOperationException\u2014\
- Operation failed because it is not valid. For example, when you delete\
- \ an NGFW or rulestack in use.\n* InvalidRequestException\u2014Operation\
- \ failed due to invalid request. For example, unsupported parameter name\
- \ or value in the request.\n* LimitExceededException\u2014Operation failed\
- \ due to violation in limit settings.\n* ResourceNotFoundException\u2014\
- Unable to locate a resource using the parameters you provided.\n* ThrottlingException\u2014\
- Operation failed due to throttling limitations. \n\n500\u2014Bad request\
- \ \n* InternalServerError\u2014Your request is valid but Cloud NGFW could\
- \ not perform the operation due to a system issue.\n"
title: Errorcode
type: integer
Reason:
- description: 'The error description.
-
- '
title: Reason
type: string
title: Result
@@ -63,9 +40,6 @@ components:
additionalProperties: false
properties:
SubscriptionKey:
- description: 'Your subscription key.
-
- '
title: Subscriptionkey
type: string
required:
@@ -74,21 +48,25 @@ components:
type: object
info:
contact: {}
- description: "[Subscribe to Cloud NGFW for AWS Service](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/getting-started-with-cloud-ngfw-for-aws/subscribe-to-the-cloud-ngfw-service.html)\
- \ to create your first user; a Tenant Administrator. A Tenant Administrator is\
- \ the highest user level in the Cloud NGFW service. The Tenant Administrator has\
- \ the ability to add AWS accounts to the Cloud NGFW service and also onboard additional\
- \ users. \n"
+ description: "Subscribe to Cloud NGFW to start creating your first user; a tenant\
+ \ administrator. \nA tenant administrator is the highest level of user in the\
+ \ Cloud NGFW service. It provides the ability to add AWS accounts to the Cloud\
+ \ NGFW service and onboard additional users. \n\nFor more information, see [Subscribe\
+ \ to Cloud NGFW for AWS Service](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/getting-started-with-cloud-ngfw-for-aws/subscribe-to-the-cloud-ngfw-service.html).\n\
+ \n### Permission Policies\n\n| Action | Local Firewall Administrator\
+ \ | Local Rulestack Administrator | Global Rulestack Administrator |\n| ------------------------\
+ \ | :---------------------------: | :---------------------------: | :----------------------------:\
+ \ |\n| Create NGFW Subscription | ☐ | ☐ \
+ \ | ☐ | \n| List Permission Policies\
+ \ | **☑** | **☑** | **☑**\
+ \ | \n"
title: Manage Subscription
version: 1.0.0
openapi: 3.0.3
paths:
/v1/mgmt/subscribe:
get:
- description: 'Retrieve the subscription information of your account. The subscribed
- user is Tenant Admin.
-
- '
+ description: ''
operationId: get-v1-mgmt-subscribe
parameters: []
requestBody:
diff --git a/openapi-specs/cloudngfw/aws/PredefinedURLCategories.yaml b/openapi-specs/cloudngfw/aws/PredefinedURLCategories.yaml
new file mode 100644
index 000000000..50c50417d
--- /dev/null
+++ b/openapi-specs/cloudngfw/aws/PredefinedURLCategories.yaml
@@ -0,0 +1,98 @@
+components:
+ schemas:
+ ListURLPredefinedCategoriesResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse.Result'
+ title: ListURLPredefinedCategoriesResponse
+ type: object
+ ListURLPredefinedCategoriesResponse.PredefinedURLCategory:
+ additionalProperties: false
+ properties:
+ Action:
+ title: Action
+ type: string
+ Name:
+ title: Name
+ type: string
+ required:
+ - Action
+ - Name
+ title: PredefinedURLCategory
+ type: object
+ ListURLPredefinedCategoriesResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CategoriesRunning:
+ items:
+ $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse.PredefinedURLCategory'
+ title: Categoriesrunning
+ type: array
+ NextToken:
+ title: Nexttoken
+ type: string
+ title: ResponseData
+ type: object
+ ListURLPredefinedCategoriesResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: 'Use predefined URL categories in security rules to block or allow
+ access to websites.
+
+ '
+ title: Manage Predefined URL Categories
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/urlcategories:
+ get:
+ description: 'View the predefined URL categories.
+
+ '
+ operationId: get-v1-config-urlcategories
+ parameters:
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ title: Nexttoken
+ type: string
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse'
+ description: OK
+ summary: List Pre-defined URL Categories
+ tags:
+ - PredefinedURLCategories
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: PredefinedURLCategories
diff --git a/openapi-specs/cloudngfw/aws/PrefixList.yaml b/openapi-specs/cloudngfw/aws/PrefixList.yaml
new file mode 100644
index 000000000..e1dad0c18
--- /dev/null
+++ b/openapi-specs/cloudngfw/aws/PrefixList.yaml
@@ -0,0 +1,609 @@
+components:
+ schemas:
+ CreatePrefixListRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Name:
+ maxLength: 58
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ PrefixList:
+ items:
+ type: string
+ title: Prefixlist
+ type: array
+ required:
+ - Name
+ - PrefixList
+ title: CreatePrefixListRequest
+ type: object
+ CreatePrefixListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/CreatePrefixListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/CreatePrefixListResponse.Result'
+ title: CreatePrefixListResponse
+ type: object
+ CreatePrefixListResponse.PrefixListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ PrefixList:
+ items:
+ type: string
+ title: Prefixlist
+ type: array
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ required:
+ - PrefixList
+ title: PrefixListDetails
+ type: object
+ CreatePrefixListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Name:
+ title: Name
+ type: string
+ PrefixListEntry:
+ $ref: '#/components/schemas/CreatePrefixListResponse.PrefixListDetails'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ CreatePrefixListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DeletePrefixListRequest:
+ additionalProperties: false
+ properties: {}
+ title: DeletePrefixListRequest
+ type: object
+ DeletePrefixListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DeletePrefixListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DeletePrefixListResponse.Result'
+ title: DeletePrefixListResponse
+ type: object
+ DeletePrefixListResponse.PrefixListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ PrefixList:
+ items:
+ type: string
+ title: Prefixlist
+ type: array
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ required:
+ - PrefixList
+ title: PrefixListDetails
+ type: object
+ DeletePrefixListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Name:
+ title: Name
+ type: string
+ PrefixListEntry:
+ $ref: '#/components/schemas/DeletePrefixListResponse.PrefixListDetails'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DeletePrefixListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribePrefixListRequest:
+ additionalProperties: false
+ properties:
+ Candidate:
+ default: true
+ title: Candidate
+ type: boolean
+ MaxResults:
+ default: 100
+ title: Maxresults
+ type: integer
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ Running:
+ default: false
+ title: Running
+ type: boolean
+ title: DescribePrefixListRequest
+ type: object
+ DescribePrefixListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribePrefixListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribePrefixListResponse.Result'
+ title: DescribePrefixListResponse
+ type: object
+ DescribePrefixListResponse.PrefixListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ PrefixList:
+ items:
+ type: string
+ title: Prefixlist
+ type: array
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ required:
+ - PrefixList
+ title: PrefixListDetails
+ type: object
+ DescribePrefixListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Name:
+ title: Name
+ type: string
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ PrefixListCandidate:
+ $ref: '#/components/schemas/DescribePrefixListResponse.PrefixListDetails'
+ PrefixListRunning:
+ $ref: '#/components/schemas/DescribePrefixListResponse.PrefixListDetails'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DescribePrefixListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListPrefixListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListPrefixListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListPrefixListResponse.Result'
+ title: ListPrefixListResponse
+ type: object
+ ListPrefixListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ PrefixListCandidate:
+ items:
+ type: string
+ title: Prefixlistcandidate
+ type: array
+ PrefixListRunning:
+ items:
+ type: string
+ title: Prefixlistrunning
+ type: array
+ PrefixListUncommitted:
+ items:
+ $ref: '#/components/schemas/ListPrefixListResponse.UncommittedPrefixListDetails'
+ title: Prefixlistuncommitted
+ type: array
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ ListPrefixListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListPrefixListResponse.UncommittedPrefixListDetails:
+ additionalProperties: false
+ properties:
+ Name:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ Operation:
+ title: Operation
+ type: string
+ required:
+ - Name
+ - Operation
+ title: UncommittedPrefixListDetails
+ type: object
+ UpdatePrefixListRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ PrefixList:
+ items:
+ type: string
+ title: Prefixlist
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - PrefixList
+ title: UpdatePrefixListRequest
+ type: object
+ UpdatePrefixListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdatePrefixListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdatePrefixListResponse.Result'
+ title: UpdatePrefixListResponse
+ type: object
+ UpdatePrefixListResponse.PrefixListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ PrefixList:
+ items:
+ type: string
+ title: Prefixlist
+ type: array
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ required:
+ - PrefixList
+ title: PrefixListDetails
+ type: object
+ UpdatePrefixListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Name:
+ title: Name
+ type: string
+ PrefixListEntry:
+ $ref: '#/components/schemas/UpdatePrefixListResponse.PrefixListDetails'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdatePrefixListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "A prefix list allows you to group specific IP addresses that require\
+ \ the same policy enforcement. A prefix list can contain one or more IP addresses\
+ \ or IP netmask in CIDR notation.\n\n### Permission Policies\n\n| Action \
+ \ | Local Firewall Administrator | Local Rulestack Administrator\
+ \ | Global Rulestack Administrator |\n| ---------------------------- | :---------------------------:\
+ \ | :---------------------------: | :----------------------------: |\n| Create\
+ \ Prefix List | ☐ | **☑** \
+ \ | **☑** | \n| Delete Prefix List \
+ \ | ☐ | **☑** | **☑**\
+ \ | \n| Update Prefix List \
+ \ | ☐ | **☑** | **☑**\
+ \ | \n| Describe Prefix List | **☑** \
+ \ | **☑** | **☑** \
+ \ |\n| List Prefix Lists | **☑** | **☑**\
+ \ | **☑** |\n"
+ title: Manage Prefix List
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/prefixlists:
+ get:
+ description: "Retrieve the information about the prefix lists for the specified\
+ \ rulestack. \n"
+ operationId: get-v1-config-rulestacks-rulestackname-prefixlists
+ parameters:
+ - description: ''
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: uncommitted
+ required: false
+ schema:
+ default: false
+ title: Uncommitted
+ type: boolean
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListPrefixListResponse'
+ description: OK
+ summary: List PrefixLists
+ tags:
+ - PrefixList
+ post:
+ description: 'Create a prefix list to configure and maintain security groups
+ and route tables.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-prefixlists
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreatePrefixListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreatePrefixListResponse'
+ description: OK
+ summary: Create a PrefixList
+ tags:
+ - PrefixList
+ /v1/config/rulestacks/{rulestackname}/prefixlists/{name}:
+ delete:
+ description: "Delete the prefix list associated with the specified rulestack.\
+ \ \n"
+ operationId: delete-v1-config-rulestacks-rulestackname-prefixlists-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the prefix list.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeletePrefixListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeletePrefixListResponse'
+ description: OK
+ summary: Delete a PrefixList
+ tags:
+ - PrefixList
+ get:
+ description: "Return the prefix list associated with a rulestack. \n"
+ operationId: get-v1-config-rulestacks-rulestackname-prefixlists-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the prefix list.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribePrefixListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribePrefixListResponse'
+ description: OK
+ summary: Describe a PrefixList
+ tags:
+ - PrefixList
+ put:
+ description: 'Update the prefix list associated with a rulestack.
+
+ '
+ operationId: put-v1-config-rulestacks-rulestackname-prefixlists-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the prefix list.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdatePrefixListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdatePrefixListResponse'
+ description: OK
+ summary: Update a PrefixList
+ tags:
+ - PrefixList
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: PrefixList
diff --git a/openapi-specs/cloudngfw/aws/SecurityRules.yaml b/openapi-specs/cloudngfw/aws/SecurityRules.yaml
new file mode 100644
index 000000000..d5ebcdee3
--- /dev/null
+++ b/openapi-specs/cloudngfw/aws/SecurityRules.yaml
@@ -0,0 +1,1565 @@
+components:
+ schemas:
+ CreateSecurityRuleRequest:
+ additionalProperties: false
+ properties:
+ Priority:
+ exclusiveMaximum: 1000001
+ exclusiveMinimum: 0
+ title: Priority
+ type: integer
+ RuleEntry:
+ $ref: '#/components/schemas/CreateSecurityRuleRequest.RuleCreate'
+ required:
+ - Priority
+ - RuleEntry
+ title: CreateSecurityRuleRequest
+ type: object
+ CreateSecurityRuleRequest.RuleCreate:
+ additionalProperties: false
+ properties:
+ Action:
+ default: Allow
+ enum:
+ - Allow
+ - DenySilent
+ - DenyResetServer
+ - DenyResetBoth
+ title: Action
+ type: string
+ Applications:
+ default:
+ - Any
+ items:
+ type: string
+ title: Applications
+ type: array
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Category:
+ $ref: '#/components/schemas/CreateSecurityRuleRequest.UrlCategory'
+ DecryptionRuleType:
+ enum:
+ - SSLOutboundInspection
+ title: Decryptionruletype
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Destination:
+ $ref: '#/components/schemas/CreateSecurityRuleRequest.RuleDestination'
+ Enabled:
+ default: true
+ title: Enabled
+ type: boolean
+ Logging:
+ default: false
+ title: Logging
+ type: boolean
+ NegateDestination:
+ default: false
+ title: Negatedestination
+ type: boolean
+ NegateSource:
+ default: false
+ title: Negatesource
+ type: boolean
+ Protocol:
+ default: application-default
+ title: Protocol
+ type: string
+ RuleName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulename
+ type: string
+ Source:
+ $ref: '#/components/schemas/CreateSecurityRuleRequest.RuleSource'
+ Tags:
+ items:
+ $ref: '#/components/schemas/CreateSecurityRuleRequest.Tag'
+ maxItems: 200
+ title: Tags
+ type: array
+ required:
+ - RuleName
+ title: RuleCreate
+ type: object
+ CreateSecurityRuleRequest.RuleDestination:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ FqdnLists:
+ items:
+ type: string
+ title: Fqdnlists
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleDestination
+ type: object
+ CreateSecurityRuleRequest.RuleSource:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleSource
+ type: object
+ CreateSecurityRuleRequest.Tag:
+ additionalProperties: false
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ title: Key
+ type: string
+ Value:
+ maxLength: 128
+ minLength: 1
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: Tag
+ type: object
+ CreateSecurityRuleRequest.UrlCategory:
+ additionalProperties: false
+ properties:
+ IntelligentFeeds:
+ items:
+ type: string
+ title: Intelligentfeeds
+ type: array
+ URLCategoryNames:
+ items:
+ type: string
+ title: Urlcategorynames
+ type: array
+ title: UrlCategory
+ type: object
+ CreateSecurityRuleResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.Result'
+ title: CreateSecurityRuleResponse
+ type: object
+ CreateSecurityRuleResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Priority:
+ title: Priority
+ type: integer
+ RuleEntry:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.Rule'
+ RuleListName:
+ title: Rulelistname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ CreateSecurityRuleResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ CreateSecurityRuleResponse.Rule:
+ additionalProperties: false
+ properties:
+ Action:
+ default: Allow
+ enum:
+ - Allow
+ - DenySilent
+ - DenyResetServer
+ - DenyResetBoth
+ title: Action
+ type: string
+ Applications:
+ default:
+ - Any
+ items:
+ type: string
+ title: Applications
+ type: array
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Category:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.UrlCategory'
+ DecryptionRuleType:
+ enum:
+ - SSLOutboundInspection
+ title: Decryptionruletype
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Destination:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.RuleDestination'
+ Enabled:
+ default: true
+ title: Enabled
+ type: boolean
+ Logging:
+ default: false
+ title: Logging
+ type: boolean
+ NegateDestination:
+ default: false
+ title: Negatedestination
+ type: boolean
+ NegateSource:
+ default: false
+ title: Negatesource
+ type: boolean
+ Protocol:
+ default: application-default
+ title: Protocol
+ type: string
+ RuleName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulename
+ type: string
+ Source:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.RuleSource'
+ Tags:
+ items:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.Tag'
+ maxItems: 200
+ title: Tags
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleName
+ title: Rule
+ type: object
+ CreateSecurityRuleResponse.RuleDestination:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ FqdnLists:
+ items:
+ type: string
+ title: Fqdnlists
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleDestination
+ type: object
+ CreateSecurityRuleResponse.RuleSource:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleSource
+ type: object
+ CreateSecurityRuleResponse.Tag:
+ additionalProperties: false
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ title: Key
+ type: string
+ Value:
+ maxLength: 128
+ minLength: 1
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: Tag
+ type: object
+ CreateSecurityRuleResponse.UrlCategory:
+ additionalProperties: false
+ properties:
+ IntelligentFeeds:
+ items:
+ type: string
+ title: Intelligentfeeds
+ type: array
+ URLCategoryNames:
+ items:
+ type: string
+ title: Urlcategorynames
+ type: array
+ title: UrlCategory
+ type: object
+ DeleteSecurityRuleRequest:
+ additionalProperties: false
+ properties: {}
+ title: DeleteSecurityRuleRequest
+ type: object
+ DeleteSecurityRuleResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.Result'
+ title: DeleteSecurityRuleResponse
+ type: object
+ DeleteSecurityRuleResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Priority:
+ title: Priority
+ type: integer
+ RuleEntry:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.Rule'
+ RuleListName:
+ title: Rulelistname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DeleteSecurityRuleResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DeleteSecurityRuleResponse.Rule:
+ additionalProperties: false
+ properties:
+ Action:
+ default: Allow
+ enum:
+ - Allow
+ - DenySilent
+ - DenyResetServer
+ - DenyResetBoth
+ title: Action
+ type: string
+ Applications:
+ default:
+ - Any
+ items:
+ type: string
+ title: Applications
+ type: array
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Category:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.UrlCategory'
+ DecryptionRuleType:
+ enum:
+ - SSLOutboundInspection
+ title: Decryptionruletype
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Destination:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.RuleDestination'
+ Enabled:
+ default: true
+ title: Enabled
+ type: boolean
+ Logging:
+ default: false
+ title: Logging
+ type: boolean
+ NegateDestination:
+ default: false
+ title: Negatedestination
+ type: boolean
+ NegateSource:
+ default: false
+ title: Negatesource
+ type: boolean
+ Protocol:
+ default: application-default
+ title: Protocol
+ type: string
+ RuleName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulename
+ type: string
+ Source:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.RuleSource'
+ Tags:
+ items:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.Tag'
+ maxItems: 200
+ title: Tags
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleName
+ title: Rule
+ type: object
+ DeleteSecurityRuleResponse.RuleDestination:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ FqdnLists:
+ items:
+ type: string
+ title: Fqdnlists
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleDestination
+ type: object
+ DeleteSecurityRuleResponse.RuleSource:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleSource
+ type: object
+ DeleteSecurityRuleResponse.Tag:
+ additionalProperties: false
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ title: Key
+ type: string
+ Value:
+ maxLength: 128
+ minLength: 1
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: Tag
+ type: object
+ DeleteSecurityRuleResponse.UrlCategory:
+ additionalProperties: false
+ properties:
+ IntelligentFeeds:
+ items:
+ type: string
+ title: Intelligentfeeds
+ type: array
+ URLCategoryNames:
+ items:
+ type: string
+ title: Urlcategorynames
+ type: array
+ title: UrlCategory
+ type: object
+ DescribeSecurityRuleResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.Result'
+ title: DescribeSecurityRuleResponse
+ type: object
+ DescribeSecurityRuleResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Priority:
+ title: Priority
+ type: integer
+ RuleEntryCandidate:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.Rule'
+ RuleEntryRunning:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.Rule'
+ RuleListName:
+ title: Rulelistname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DescribeSecurityRuleResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribeSecurityRuleResponse.Rule:
+ additionalProperties: false
+ properties:
+ Action:
+ default: Allow
+ enum:
+ - Allow
+ - DenySilent
+ - DenyResetServer
+ - DenyResetBoth
+ title: Action
+ type: string
+ Applications:
+ default:
+ - Any
+ items:
+ type: string
+ title: Applications
+ type: array
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Category:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.UrlCategory'
+ DecryptionRuleType:
+ enum:
+ - SSLOutboundInspection
+ title: Decryptionruletype
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Destination:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.RuleDestination'
+ Enabled:
+ default: true
+ title: Enabled
+ type: boolean
+ Logging:
+ default: false
+ title: Logging
+ type: boolean
+ NegateDestination:
+ default: false
+ title: Negatedestination
+ type: boolean
+ NegateSource:
+ default: false
+ title: Negatesource
+ type: boolean
+ Protocol:
+ default: application-default
+ title: Protocol
+ type: string
+ RuleName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulename
+ type: string
+ Source:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.RuleSource'
+ Tags:
+ items:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.Tag'
+ maxItems: 200
+ title: Tags
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleName
+ title: Rule
+ type: object
+ DescribeSecurityRuleResponse.RuleDestination:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ FqdnLists:
+ items:
+ type: string
+ title: Fqdnlists
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleDestination
+ type: object
+ DescribeSecurityRuleResponse.RuleSource:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleSource
+ type: object
+ DescribeSecurityRuleResponse.Tag:
+ additionalProperties: false
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ title: Key
+ type: string
+ Value:
+ maxLength: 128
+ minLength: 1
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: Tag
+ type: object
+ DescribeSecurityRuleResponse.UrlCategory:
+ additionalProperties: false
+ properties:
+ IntelligentFeeds:
+ items:
+ type: string
+ title: Intelligentfeeds
+ type: array
+ URLCategoryNames:
+ items:
+ type: string
+ title: Urlcategorynames
+ type: array
+ title: UrlCategory
+ type: object
+ ListSecurityRulesResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListSecurityRulesResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListSecurityRulesResponse.Result'
+ title: ListSecurityRulesResponse
+ type: object
+ ListSecurityRulesResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ NextToken:
+ title: Nexttoken
+ type: string
+ RuleEntryCandidate:
+ items:
+ $ref: '#/components/schemas/ListSecurityRulesResponse.RuleEntryIdentifier'
+ title: Ruleentrycandidate
+ type: array
+ RuleEntryRunning:
+ items:
+ $ref: '#/components/schemas/ListSecurityRulesResponse.RuleEntryIdentifier'
+ title: Ruleentryrunning
+ type: array
+ RuleEntryUncommitted:
+ items:
+ $ref: '#/components/schemas/ListSecurityRulesResponse.RuleEntryUncommittedIdentifier'
+ title: Ruleentryuncommitted
+ type: array
+ RuleListName:
+ title: Rulelistname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ ListSecurityRulesResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListSecurityRulesResponse.RuleEntryIdentifier:
+ additionalProperties: false
+ properties:
+ Priority:
+ exclusiveMaximum: 1000001
+ exclusiveMinimum: 0
+ title: Priority
+ type: integer
+ RuleName:
+ title: Rulename
+ type: string
+ required:
+ - Priority
+ title: RuleEntryIdentifier
+ type: object
+ ListSecurityRulesResponse.RuleEntryUncommittedIdentifier:
+ additionalProperties: false
+ properties:
+ Operation:
+ title: Operation
+ type: string
+ Priority:
+ title: Priority
+ type: integer
+ RuleName:
+ title: Rulename
+ type: string
+ required:
+ - Priority
+ - RuleName
+ - Operation
+ title: RuleEntryUncommittedIdentifier
+ type: object
+ UpdateSecurityRuleRequest:
+ additionalProperties: false
+ properties:
+ RuleEntry:
+ $ref: '#/components/schemas/UpdateSecurityRuleRequest.Rule'
+ required:
+ - RuleEntry
+ title: UpdateSecurityRuleRequest
+ type: object
+ UpdateSecurityRuleRequest.Rule:
+ additionalProperties: false
+ properties:
+ Action:
+ default: Allow
+ enum:
+ - Allow
+ - DenySilent
+ - DenyResetServer
+ - DenyResetBoth
+ title: Action
+ type: string
+ Applications:
+ default:
+ - Any
+ items:
+ type: string
+ title: Applications
+ type: array
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Category:
+ $ref: '#/components/schemas/UpdateSecurityRuleRequest.UrlCategory'
+ DecryptionRuleType:
+ enum:
+ - SSLOutboundInspection
+ title: Decryptionruletype
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Destination:
+ $ref: '#/components/schemas/UpdateSecurityRuleRequest.RuleDestination'
+ Enabled:
+ default: true
+ title: Enabled
+ type: boolean
+ Logging:
+ default: false
+ title: Logging
+ type: boolean
+ NegateDestination:
+ default: false
+ title: Negatedestination
+ type: boolean
+ NegateSource:
+ default: false
+ title: Negatesource
+ type: boolean
+ Protocol:
+ default: application-default
+ title: Protocol
+ type: string
+ RuleName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulename
+ type: string
+ Source:
+ $ref: '#/components/schemas/UpdateSecurityRuleRequest.RuleSource'
+ Tags:
+ items:
+ $ref: '#/components/schemas/UpdateSecurityRuleRequest.Tag'
+ maxItems: 200
+ title: Tags
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleName
+ title: Rule
+ type: object
+ UpdateSecurityRuleRequest.RuleDestination:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ FqdnLists:
+ items:
+ type: string
+ title: Fqdnlists
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleDestination
+ type: object
+ UpdateSecurityRuleRequest.RuleSource:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleSource
+ type: object
+ UpdateSecurityRuleRequest.Tag:
+ additionalProperties: false
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ title: Key
+ type: string
+ Value:
+ maxLength: 128
+ minLength: 1
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: Tag
+ type: object
+ UpdateSecurityRuleRequest.UrlCategory:
+ additionalProperties: false
+ properties:
+ IntelligentFeeds:
+ items:
+ type: string
+ title: Intelligentfeeds
+ type: array
+ URLCategoryNames:
+ items:
+ type: string
+ title: Urlcategorynames
+ type: array
+ title: UrlCategory
+ type: object
+ UpdateSecurityRuleResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.Result'
+ title: UpdateSecurityRuleResponse
+ type: object
+ UpdateSecurityRuleResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Priority:
+ title: Priority
+ type: integer
+ RuleEntry:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.Rule'
+ RuleListName:
+ title: Rulelistname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdateSecurityRuleResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ UpdateSecurityRuleResponse.Rule:
+ additionalProperties: false
+ properties:
+ Action:
+ default: Allow
+ enum:
+ - Allow
+ - DenySilent
+ - DenyResetServer
+ - DenyResetBoth
+ title: Action
+ type: string
+ Applications:
+ default:
+ - Any
+ items:
+ type: string
+ title: Applications
+ type: array
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Category:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.UrlCategory'
+ DecryptionRuleType:
+ enum:
+ - SSLOutboundInspection
+ title: Decryptionruletype
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Destination:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.RuleDestination'
+ Enabled:
+ default: true
+ title: Enabled
+ type: boolean
+ Logging:
+ default: false
+ title: Logging
+ type: boolean
+ NegateDestination:
+ default: false
+ title: Negatedestination
+ type: boolean
+ NegateSource:
+ default: false
+ title: Negatesource
+ type: boolean
+ Protocol:
+ default: application-default
+ title: Protocol
+ type: string
+ RuleName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulename
+ type: string
+ Source:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.RuleSource'
+ Tags:
+ items:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.Tag'
+ maxItems: 200
+ title: Tags
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleName
+ title: Rule
+ type: object
+ UpdateSecurityRuleResponse.RuleDestination:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ FqdnLists:
+ items:
+ type: string
+ title: Fqdnlists
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleDestination
+ type: object
+ UpdateSecurityRuleResponse.RuleSource:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleSource
+ type: object
+ UpdateSecurityRuleResponse.Tag:
+ additionalProperties: false
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ title: Key
+ type: string
+ Value:
+ maxLength: 128
+ minLength: 1
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: Tag
+ type: object
+ UpdateSecurityRuleResponse.UrlCategory:
+ additionalProperties: false
+ properties:
+ IntelligentFeeds:
+ items:
+ type: string
+ title: Intelligentfeeds
+ type: array
+ URLCategoryNames:
+ items:
+ type: string
+ title: Urlcategorynames
+ type: array
+ title: UrlCategory
+ type: object
+info:
+ contact: {}
+ description: "Security rules determine whether to block or allow a session based\
+ \ on traffic attributes such as the source and destination IP address, source\
+ \ and destination FQDNs, or the application. \n\nAll traffic passing through\
+ \ the firewall is matched against a session and each session is matched against\
+ \ a rule. When a session match occurs, the NGFW applies the matching rule to bidirectional\
+ \ traffic in that session (client to server and server to client). For traffic\
+ \ that doesn\u2019t match any defined rules, the default rules apply. \n\nFor\
+ \ more information, see [Create security roles on Cloud NGFW for AWS](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/rules-and-rulestacks/create-a-rule).\n\
+ \n### Permission Policies\n\n| Action | Local Firewall\
+ \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator\
+ \ |\n| ------------------------------ | :---------------------------: | :---------------------------:\
+ \ | :----------------------------: |\n| Create a Security Rule | ☐\
+ \ | **☑** | **☑** \
+ \ | \n| Delete a Security Rule | ☐ \
+ \ | **☑** | **☑** | \
+ \ \n| Describe a Security Rule | **☑** \
+ \ | **☑** | **☑** |\
+ \ \n| ResetSecurityRuleCounters | **☑** | **☑**\
+ \ | **☑** |\n| RefreshSecurityRuleCounters\
+ \ | **☑** | **☑** | **☑**\
+ \ |\n| DescribeSecurityRuleCounters | **☑** \
+ \ | **☑** | **☑** \
+ \ |\n| List Security Rules | **☑** | **☑**\
+ \ | **☑** | \
+ \ \n| Update a Security Rule | ☐ |\
+ \ **☑** | **☑** | \
+ \ \n"
+ title: Manage Security Rules
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/rulelists/{rulelistname}:
+ get:
+ description: 'List all security rules associate with a rulestack in the order
+ of priority.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-rulelists-rulelistname
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the rulelist.
+
+ '
+ in: path
+ name: rulelistname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ title: Nexttoken
+ type: string
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: uncommitted
+ required: false
+ schema:
+ default: false
+ title: Uncommitted
+ type: boolean
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListSecurityRulesResponse'
+ description: OK
+ summary: List Security Rules
+ tags:
+ - SecurityRules
+ post:
+ description: 'Create a security rule for a rulestack.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-rulelists-rulelistname
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the rulelist.
+
+ '
+ in: path
+ name: rulelistname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateSecurityRuleRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse'
+ description: OK
+ summary: Create a Security Rule
+ tags:
+ - SecurityRules
+ /v1/config/rulestacks/{rulestackname}/rulelists/{rulelistname}/priorities/{priority}:
+ delete:
+ description: 'Disassociate a security rule associated with a rulestack.
+
+ '
+ operationId: delete-v1-config-rulestacks-rulestackname-rulelists-rulelistname-priorities-priority
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the rulelist.
+
+ '
+ in: path
+ name: rulelistname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: path
+ name: priority
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteSecurityRuleRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse'
+ description: OK
+ summary: Delete a Security Rule
+ tags:
+ - SecurityRules
+ get:
+ description: 'Retrieve the security rules associated with a rulestack.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-rulelists-rulelistname-priorities-priority
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the rulelist.
+
+ '
+ in: path
+ name: rulelistname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: path
+ name: priority
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: Candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ - description: ''
+ in: query
+ name: Running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse'
+ description: OK
+ summary: Describe a Security Rule
+ tags:
+ - SecurityRules
+ put:
+ description: 'Update a security rule associated a rulestack.
+
+ '
+ operationId: put-v1-config-rulestacks-rulestackname-rulelists-rulelistname-priorities-priority
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the rulelist.
+
+ '
+ in: path
+ name: rulelistname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: path
+ name: priority
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateSecurityRuleRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse'
+ description: OK
+ summary: Update a Security Rule
+ tags:
+ - SecurityRules
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: SecurityRules
diff --git a/openapi-specs/cloudngfw/aws/UserOnboarding-LinkAccount.yaml b/openapi-specs/cloudngfw/aws/UserOnboarding-LinkAccount.yaml
new file mode 100644
index 000000000..a7cc0da82
--- /dev/null
+++ b/openapi-specs/cloudngfw/aws/UserOnboarding-LinkAccount.yaml
@@ -0,0 +1,184 @@
+components:
+ schemas:
+ DescribeLinkAccountRequest:
+ additionalProperties: false
+ properties: {}
+ title: DescribeLinkAccountRequest
+ type: object
+ DescribeLinkAccountResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeLinkAccountResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeLinkAccountResponse.Result'
+ title: DescribeLinkAccountResponse
+ type: object
+ DescribeLinkAccountResponse.AccountTableEntryStatus:
+ description: An enumeration.
+ enum:
+ - Success
+ - Pending
+ - Deleting
+ - OffBoarding
+ - DeleteFailed
+ title: AccountTableEntryStatus
+ type: string
+ DescribeLinkAccountResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ AccountId:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ title: Accountid
+ type: string
+ CloudFormationTemplateURL:
+ title: Cloudformationtemplateurl
+ type: string
+ ExternalId:
+ title: Externalid
+ type: string
+ OnboardingStatus:
+ allOf:
+ $ref: '#/components/schemas/DescribeLinkAccountResponse.AccountTableEntryStatus'
+ default: Pending
+ ServiceAccountId:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ title: Serviceaccountid
+ type: string
+ SnsTopicArn:
+ title: Snstopicarn
+ type: string
+ title: ResponseData
+ type: object
+ DescribeLinkAccountResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListLinkAccountsRequest:
+ additionalProperties: false
+ properties: {}
+ title: ListLinkAccountsRequest
+ type: object
+ ListLinkAccountsResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListLinkAccountsResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListLinkAccountsResponse.Result'
+ title: ListLinkAccountsResponse
+ type: object
+ ListLinkAccountsResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ AccountIds:
+ items:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ type: string
+ title: Accountids
+ type: array
+ title: ResponseData
+ type: object
+ ListLinkAccountsResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Cloud NGFW requires you to onboard an AWS account to create and manage\
+ \ the resources required by Cloud NGFW. The Cloud NGFW service uses a CloudFormation\
+ \ template (CFT) stack to create these roles needed for Cloud NGFW to access resources\
+ \ in your AWS environment. \n\nA link account is an unverified account used to\
+ \ onboard an AWS account to a cloud NGFW service based on your input. A link account\
+ \ is required to run the CFT. \n\n>**Note:** You can add only one link account\
+ \ per subscription.\n\n### Permission Policies\n\n| Action |\
+ \ Local Firewall Administrator | Local Rulestack Administrator | Global Rulestack\
+ \ Administrator |\n| ------------------------ | :---------------------------:\
+ \ | :---------------------------: | :----------------------------: | \n| Create\
+ \ Link Account | ☐ | ☐ \
+ \ | ☐ | \n| Delete Link Account | ☐\
+ \ | ☐ | ☐ \
+ \ | \n| Describe Link Account | **☑**\
+ \ | **☑** | **☑** \
+ \ | \n| List Link Account | **☑** | **☑**\
+ \ | **☑** |\n"
+ title: User Onboarding using Link Account
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/mgmt/linkaccounts:
+ get:
+ description: 'List all accounts linked with the an admin account.
+
+ '
+ operationId: get-v1-mgmt-linkaccounts
+ parameters: []
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListLinkAccountsRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListLinkAccountsResponse'
+ description: OK
+ summary: List Link Accounts
+ tags:
+ - UserOnboarding-LinkAccount
+ /v1/mgmt/linkaccounts/{accountid}:
+ get:
+ description: 'View the details of the account IDs associated with the admin
+ account.
+
+ '
+ operationId: get-v1-mgmt-linkaccounts-accountid
+ parameters:
+ - description: 'The unique ID of the account.
+
+ '
+ in: path
+ name: accountid
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeLinkAccountRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeLinkAccountResponse'
+ description: OK
+ summary: Describe Link Account
+ tags:
+ - UserOnboarding-LinkAccount
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: UserOnboarding-LinkAccount
diff --git a/openapi-specs/cloudngfw/aws/UserOnboarding-XAccountRoles.yaml b/openapi-specs/cloudngfw/aws/UserOnboarding-XAccountRoles.yaml
new file mode 100644
index 000000000..e58489f17
--- /dev/null
+++ b/openapi-specs/cloudngfw/aws/UserOnboarding-XAccountRoles.yaml
@@ -0,0 +1,266 @@
+components:
+ schemas:
+ DescribeXAccountRoleArnResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.Result'
+ title: DescribeXAccountRoleArnResponse
+ type: object
+ DescribeXAccountRoleArnResponse.AccountTableEntryStatus:
+ description: An enumeration.
+ enum:
+ - Success
+ - Pending
+ - Deleting
+ - OffBoarding
+ - DeleteFailed
+ title: AccountTableEntryStatus
+ type: string
+ DescribeXAccountRoleArnResponse.FirewallRoles:
+ additionalProperties: false
+ properties:
+ EndpointRole:
+ title: Endpointrole
+ type: string
+ LoggingRole:
+ title: Loggingrole
+ type: string
+ title: FirewallRoles
+ type: object
+ DescribeXAccountRoleArnResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ AccountGroups:
+ items:
+ type: string
+ title: Accountgroups
+ type: array
+ AccountId:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ title: Accountid
+ type: string
+ AllowedMode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ title: Allowedmode
+ type: string
+ AvailabilityZones:
+ items:
+ type: string
+ title: Availabilityzones
+ type: array
+ CloudTrailRole:
+ title: Cloudtrailrole
+ type: string
+ DefaultRole:
+ title: Defaultrole
+ type: string
+ Firewall:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.FirewallRoles'
+ OnboardingStatus:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.AccountTableEntryStatus'
+ RuleStack:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.RuleStackRoles'
+ VpcInformations:
+ items:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.VpcDetails'
+ title: Vpcinformations
+ type: array
+ title: ResponseData
+ type: object
+ DescribeXAccountRoleArnResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribeXAccountRoleArnResponse.RuleStackRoles:
+ additionalProperties: false
+ properties:
+ DecryptionRole:
+ title: Decryptionrole
+ type: string
+ title: RuleStackRoles
+ type: object
+ DescribeXAccountRoleArnResponse.SubnetDetails:
+ additionalProperties: false
+ properties:
+ SubnetId:
+ title: Subnetid
+ type: string
+ SubnetName:
+ title: Subnetname
+ type: string
+ required:
+ - SubnetId
+ title: SubnetDetails
+ type: object
+ DescribeXAccountRoleArnResponse.VpcDetails:
+ additionalProperties: false
+ properties:
+ SubnetInformations:
+ items:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.SubnetDetails'
+ title: Subnetinformations
+ type: array
+ VpcId:
+ title: Vpcid
+ type: string
+ VpcName:
+ title: Vpcname
+ type: string
+ required:
+ - VpcId
+ title: VpcDetails
+ type: object
+ ListXAccountRolesRequest:
+ additionalProperties: false
+ properties:
+ MaxResults:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ title: ListXAccountRolesRequest
+ type: object
+ ListXAccountRolesResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListXAccountRolesResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListXAccountRolesResponse.Result'
+ title: ListXAccountRolesResponse
+ type: object
+ ListXAccountRolesResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ AccountIds:
+ items:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ type: string
+ title: Accountids
+ type: array
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ title: ResponseData
+ type: object
+ ListXAccountRolesResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Cloud NGFW requires you to onboard an AWS account to create and manage\
+ \ the resources required by Cloud NGFW. The Cloud NGFW service uses a CloudFormation\
+ \ Template (CFT) stack to create these roles needed for Cloud NGFW to access resources\
+ \ in your AWS environment.\n\n### Permission Policies\n\n| Action \
+ \ | Local Firewall Administrator | Local Rulestack Administrator | Global\
+ \ Rulestack Administrator |\n| ------------------------ | :---------------------------:\
+ \ | :---------------------------: | :----------------------------: | \n| Put XAccount\
+ \ Roles | ☐ | ☐ \
+ \ | ☐ |\n| Describe XAccount Roles | **☑**\
+ \ | **☑** | **☑** \
+ \ | \n| List Member Accounts | **☑** \
+ \ | **☑** | **☑** \
+ \ | \n| Delete XAccount Roles | ☐ | ☐\
+ \ | ☐ |\n"
+ title: User Onboarding using Endpoint Role
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/mgmt/xaccountroles:
+ get:
+ description: "Lists all accounts on-boarded using endpoint role. \n"
+ operationId: get-v1-mgmt-xaccountroles
+ parameters: []
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListXAccountRolesRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListXAccountRolesResponse'
+ description: OK
+ summary: List Member accounts and cross account roles
+ tags:
+ - UserOnboarding-XAccountRoles
+ /v1/mgmt/xaccountroles/{accountid}:
+ get:
+ description: 'Retrieve the information of a specific account.
+
+ '
+ operationId: get-v1-mgmt-xaccountroles-accountid
+ parameters:
+ - description: 'The unique ID of the account.
+
+ '
+ in: path
+ name: accountid
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: describeaccount
+ required: false
+ schema:
+ default: false
+ title: Describeaccount
+ type: boolean
+ - description: ''
+ in: query
+ name: vpcid
+ required: false
+ schema:
+ title: Vpcid
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse'
+ description: OK
+ summary: Describe Member accounts and cross account Roles
+ tags:
+ - UserOnboarding-XAccountRoles
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: UserOnboarding-XAccountRoles
diff --git a/static/cloudngfw/aws/spec/api/AssociationRulestacks.yaml b/static/cloudngfw/aws/spec/api/AssociationRulestacks.yaml
new file mode 100644
index 000000000..441d3e287
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/AssociationRulestacks.yaml
@@ -0,0 +1,200 @@
+components:
+ schemas:
+ AssociateGlobalRuleStackRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulestackname
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleStackName
+ - AccountId
+ title: AssociateGlobalRuleStackRequest
+ type: object
+ AssociateGlobalRuleStackResponse:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ FirewallName:
+ title: Firewallname
+ type: string
+ ResponseStatus:
+ $ref: '#/components/schemas/AssociateGlobalRuleStackResponse.Result'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: AssociateGlobalRuleStackResponse
+ type: object
+ AssociateGlobalRuleStackResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ AssociateRuleStackRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulestackname
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleStackName
+ - AccountId
+ title: AssociateRuleStackRequest
+ type: object
+ AssociateRuleStackResponse:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ FirewallName:
+ title: Firewallname
+ type: string
+ ResponseStatus:
+ $ref: '#/components/schemas/AssociateRuleStackResponse.Result'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: AssociateRuleStackResponse
+ type: object
+ AssociateRuleStackResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "There are two types of rulestacks:\n- **Local rulestack**-Consists\
+ \ of local rules and manages them. A local account administrator can associate\
+ \ local rulestacks to an NGFW in their AWS account.\n- **Global rulestack**-The\
+ \ AWS Firewall Manager administrator can author a Firewall Manager Service (FMS)\
+ \ policy and associate a global rulestack with it. AWS Firewall Manager manages\
+ \ the global rulestack across all these NGFWs in different AWS accounts of an\
+ \ AWS Organization. \n\nA global rulestack configures pre-rules and post-rules\
+ \ on each NGFW. The AWS Firewall Manager administrator can author a FMS policy\
+ \ and associate a global rulestack with it. AWS Firewall Manager manages the global\
+ \ rulestack across all these NGFWs in different AWS accounts in the AWS Organization.\
+ \ A global rulestack configures pre-rules and post-rules on each NGFW. \n\n>**Note:**\
+ \ For FMS policy, there is no Local Firewall administrator. The local rulestack\
+ \ administrator associates the local rulestacks to an NGFW. If the FMS service\
+ \ handshake is successful, any local firewall administrator call must be disabled,\
+ \ and the local rulestack administrator can associate the local rulestack to a\
+ \ NGFW.\n\n### Permission Policies\n\n| Action | Local\
+ \ Firewall Administrator | Local Rulestack Administrator | Global Rulestack Administrator\
+ \ |\n| ----------------------------- | :---------------------------: | :---------------------------:\
+ \ | :----------------------------: | \n| Associate a Global Rulestack | ☐\
+ \ | ☐ | **☑** \
+ \ | \n| Associate a Local Rulestack | **☑**\
+ \ | **☑** | ☐ \
+ \ | \n\n>**Note:** The maximum local and global rulestacks you can create\
+ \ per subscription is 10. \n"
+ title: Manage Association Rulestacks
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/ngfirewalls/{ngfirewallname}/globalrulestack:
+ put:
+ description: 'Associate a global rulestack to a NGFW.
+
+ '
+ operationId: put-v1-config-ngfirewalls-ngfirewallname-globalrulestack
+ parameters:
+ - description: 'The name of the NGFW to which you want to associate the global
+ rulestack.
+
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AssociateGlobalRuleStackRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AssociateGlobalRuleStackResponse'
+ description: OK
+ summary: Associate a GlobalRuleStack
+ tags:
+ - AssociationRulestacks
+ /v1/config/ngfirewalls/{ngfirewallname}/rulestack:
+ put:
+ description: 'Associate a local rulestack to a NGFW.
+
+ '
+ operationId: put-v1-config-ngfirewalls-ngfirewallname-rulestack
+ parameters:
+ - description: 'The name of the NGFW to which you want to associate the local
+ rulestack.
+
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AssociateRuleStackRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/AssociateRuleStackResponse'
+ description: OK
+ summary: Associate a RuleStack
+ tags:
+ - AssociationRulestacks
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: AssociationRulestacks
diff --git a/static/cloudngfw/aws/spec/api/CertificateObjects.yaml b/static/cloudngfw/aws/spec/api/CertificateObjects.yaml
new file mode 100644
index 000000000..b176e998a
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/CertificateObjects.yaml
@@ -0,0 +1,602 @@
+components:
+ schemas:
+ CreateCertificateObjectRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ CertificateSelfSigned:
+ default: false
+ title: Certificateselfsigned
+ type: boolean
+ CertificateSignerArn:
+ title: Certificatesignerarn
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Name:
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ required:
+ - Name
+ title: CreateCertificateObjectRequest
+ type: object
+ CreateCertificateObjectResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/CreateCertificateObjectResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/CreateCertificateObjectResponse.Result'
+ title: CreateCertificateObjectResponse
+ type: object
+ CreateCertificateObjectResponse.CertificateDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ CertificateSelfSigned:
+ title: Certificateselfsigned
+ type: boolean
+ CertificateSignerArn:
+ title: Certificatesignerarn
+ type: string
+ Description:
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: CertificateDetails
+ type: object
+ CreateCertificateObjectResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CertificateObjectEntry:
+ $ref: '#/components/schemas/CreateCertificateObjectResponse.CertificateDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ CreateCertificateObjectResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DeleteCertificateObjectRequest:
+ additionalProperties: false
+ properties: {}
+ title: DeleteCertificateObjectRequest
+ type: object
+ DeleteCertificateObjectResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DeleteCertificateObjectResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DeleteCertificateObjectResponse.Result'
+ title: DeleteCertificateObjectResponse
+ type: object
+ DeleteCertificateObjectResponse.CertificateDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ CertificateSelfSigned:
+ title: Certificateselfsigned
+ type: boolean
+ CertificateSignerArn:
+ title: Certificatesignerarn
+ type: string
+ Description:
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: CertificateDetails
+ type: object
+ DeleteCertificateObjectResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CertificateObjectEntry:
+ $ref: '#/components/schemas/DeleteCertificateObjectResponse.CertificateDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DeleteCertificateObjectResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribeCertificateObjectRequest:
+ additionalProperties: false
+ properties:
+ Candidate:
+ default: true
+ title: Candidate
+ type: boolean
+ MaxResults:
+ default: 100
+ exclusiveMaximum: 101
+ exclusiveMinimum: 0
+ title: Maxresults
+ type: integer
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ Running:
+ default: false
+ title: Running
+ type: boolean
+ title: DescribeCertificateObjectRequest
+ type: object
+ DescribeCertificateObjectResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeCertificateObjectResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeCertificateObjectResponse.Result'
+ title: DescribeCertificateObjectResponse
+ type: object
+ DescribeCertificateObjectResponse.CertificateDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ CertificateSelfSigned:
+ title: Certificateselfsigned
+ type: boolean
+ CertificateSignerArn:
+ title: Certificatesignerarn
+ type: string
+ Description:
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: CertificateDetails
+ type: object
+ DescribeCertificateObjectResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CertificateObjectCandidate:
+ $ref: '#/components/schemas/DescribeCertificateObjectResponse.CertificateDetails'
+ CertificateObjectRunning:
+ $ref: '#/components/schemas/DescribeCertificateObjectResponse.CertificateDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DescribeCertificateObjectResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListCertificateObjectResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListCertificateObjectResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListCertificateObjectResponse.Result'
+ title: ListCertificateObjectResponse
+ type: object
+ ListCertificateObjectResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CertificateObjectCandidate:
+ items:
+ type: string
+ title: Certificateobjectcandidate
+ type: array
+ CertificateObjectRunning:
+ items:
+ type: string
+ title: Certificateobjectrunning
+ type: array
+ CertificateObjectUncommitted:
+ items:
+ $ref: '#/components/schemas/ListCertificateObjectResponse.UncommittedCertificateObjectDetails'
+ title: Certificateobjectuncommitted
+ type: array
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ ListCertificateObjectResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListCertificateObjectResponse.UncommittedCertificateObjectDetails:
+ additionalProperties: false
+ properties:
+ Name:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ Operation:
+ title: Operation
+ type: string
+ required:
+ - Name
+ - Operation
+ title: UncommittedCertificateObjectDetails
+ type: object
+ UpdateCertificateObjectRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ CertificateSelfSigned:
+ default: false
+ title: Certificateselfsigned
+ type: boolean
+ CertificateSignerArn:
+ title: Certificatesignerarn
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: UpdateCertificateObjectRequest
+ type: object
+ UpdateCertificateObjectResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateCertificateObjectResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateCertificateObjectResponse.Result'
+ title: UpdateCertificateObjectResponse
+ type: object
+ UpdateCertificateObjectResponse.CertificateDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ CertificateSelfSigned:
+ title: Certificateselfsigned
+ type: boolean
+ CertificateSignerArn:
+ title: Certificatesignerarn
+ type: string
+ Description:
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: CertificateDetails
+ type: object
+ UpdateCertificateObjectResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CertificateObjectEntry:
+ $ref: '#/components/schemas/UpdateCertificateObjectResponse.CertificateDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdateCertificateObjectResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Cloud NGFW uses certificates to access an intelligent feed and to\
+ \ enable outbound decryption. These certificates are stored in the [AWS Secrets\
+ \ Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html).\
+ \ \n\n### Permission Policies\n\n| Action | Local Firewall\
+ \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator|\n\
+ | ----------------------------- | :--------------------------: | :---------------------------:\
+ \ | :---------------------------: |\n| Create a Certificate Object | ☐\
+ \ | **☑** | **☑** \
+ \ |\n| Delete a Certificate Object | ☐ |\
+ \ **☑** | **☑** | \
+ \ \n| Update a Certificate Object | ☐ \
+ \ | **☑** | **☑** | \n| Describe\
+ \ a Certificate Object | **☑** | **☑** \
+ \ | **☑** |\n| List Certificate Objects |\
+ \ **☑** | **☑** | **☑** \
+ \ |\n"
+ title: Manage Certificate Objects
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/certificates:
+ get:
+ description: 'Returns the list of certificate objects associated with the specified
+ rulestack.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-certificates
+ parameters:
+ - description: ''
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: uncommitted
+ required: false
+ schema:
+ default: false
+ title: Uncommitted
+ type: boolean
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListCertificateObjectResponse'
+ description: OK
+ summary: List CertificateObjects
+ tags:
+ - CertificateObjects
+ post:
+ description: 'Create a server certificate object for the specified rulestack.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-certificates
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateCertificateObjectRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateCertificateObjectResponse'
+ description: OK
+ summary: Create a CertificateObject
+ tags:
+ - CertificateObjects
+ /v1/config/rulestacks/{rulestackname}/certificates/{name}:
+ delete:
+ description: 'Delete a certificate object associated with the specified rulestack.
+
+ '
+ operationId: delete-v1-config-rulestacks-rulestackname-certificates-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the certificate.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteCertificateObjectRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteCertificateObjectResponse'
+ description: OK
+ summary: Delete a CertificateObject
+ tags:
+ - CertificateObjects
+ get:
+ description: "Returns the certificate object metadata associated with the specified\
+ \ rulestack. \n"
+ operationId: get-v1-config-rulestacks-rulestackname-certificates-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the certificate.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeCertificateObjectRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeCertificateObjectResponse'
+ description: OK
+ summary: Describe a CertificateObject
+ tags:
+ - CertificateObjects
+ put:
+ description: 'Update the certificate object associated with the specified rulestack.
+
+ '
+ operationId: put-v1-config-rulestacks-rulestackname-certificates-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the certificate.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateCertificateObjectRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateCertificateObjectResponse'
+ description: OK
+ summary: Update a CertificateObject
+ tags:
+ - CertificateObjects
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: CertificateObjects
diff --git a/static/cloudngfw/aws/spec/api/FQDNList.yaml b/static/cloudngfw/aws/spec/api/FQDNList.yaml
new file mode 100644
index 000000000..96d5efdfe
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/FQDNList.yaml
@@ -0,0 +1,624 @@
+components:
+ schemas:
+ CreateFqdnListRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ Name:
+ maxLength: 58
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ required:
+ - Name
+ - FqdnList
+ title: CreateFqdnListRequest
+ type: object
+ CreateFqdnListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/CreateFqdnListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/CreateFqdnListResponse.Result'
+ title: CreateFqdnListResponse
+ type: object
+ CreateFqdnListResponse.FqdnListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - FqdnList
+ title: FqdnListDetails
+ type: object
+ CreateFqdnListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FqdnListEntry:
+ $ref: '#/components/schemas/CreateFqdnListResponse.FqdnListDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ CreateFqdnListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DeleteFqdnListRequest:
+ additionalProperties: false
+ properties: {}
+ title: DeleteFqdnListRequest
+ type: object
+ DeleteFqdnListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DeleteFqdnListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DeleteFqdnListResponse.Result'
+ title: DeleteFqdnListResponse
+ type: object
+ DeleteFqdnListResponse.FqdnListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - FqdnList
+ title: FqdnListDetails
+ type: object
+ DeleteFqdnListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FqdnListEntry:
+ $ref: '#/components/schemas/DeleteFqdnListResponse.FqdnListDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DeleteFqdnListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribeFqdnListRequest:
+ additionalProperties: false
+ properties:
+ Candidate:
+ default: true
+ title: Candidate
+ type: boolean
+ Running:
+ default: false
+ title: Running
+ type: boolean
+ title: DescribeFqdnListRequest
+ type: object
+ DescribeFqdnListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeFqdnListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeFqdnListResponse.Result'
+ title: DescribeFqdnListResponse
+ type: object
+ DescribeFqdnListResponse.FqdnListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ required:
+ - FqdnList
+ title: FqdnListDetails
+ type: object
+ DescribeFqdnListResponse.FqdnListInfo:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ required:
+ - FqdnList
+ title: FqdnListInfo
+ type: object
+ DescribeFqdnListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FqdnListCandidate:
+ $ref: '#/components/schemas/DescribeFqdnListResponse.FqdnListDetails'
+ FqdnListRunning:
+ $ref: '#/components/schemas/DescribeFqdnListResponse.FqdnListInfo'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DescribeFqdnListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListFqdnListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListFqdnListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListFqdnListResponse.Result'
+ title: ListFqdnListResponse
+ type: object
+ ListFqdnListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FqdnListCandidate:
+ items:
+ type: string
+ title: Fqdnlistcandidate
+ type: array
+ FqdnListRunning:
+ items:
+ type: string
+ title: Fqdnlistrunning
+ type: array
+ FqdnListUncommitted:
+ items:
+ $ref: '#/components/schemas/ListFqdnListResponse.UncommittedFqdnListDetails'
+ title: Fqdnlistuncommitted
+ type: array
+ NextToken:
+ title: Nexttoken
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ ListFqdnListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListFqdnListResponse.UncommittedFqdnListDetails:
+ additionalProperties: false
+ properties:
+ Name:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ operation:
+ title: Operation
+ type: string
+ required:
+ - Name
+ - operation
+ title: UncommittedFqdnListDetails
+ type: object
+ UpdateFqdnListRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ required:
+ - FqdnList
+ title: UpdateFqdnListRequest
+ type: object
+ UpdateFqdnListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateFqdnListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateFqdnListResponse.Result'
+ title: UpdateFqdnListResponse
+ type: object
+ UpdateFqdnListResponse.FqdnListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ FqdnList:
+ items:
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9._-]+$
+ type: string
+ title: Fqdnlist
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - FqdnList
+ title: FqdnListDetails
+ type: object
+ UpdateFqdnListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FqdnListEntry:
+ $ref: '#/components/schemas/UpdateFqdnListResponse.FqdnListDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdateFqdnListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Address objects with type Fully Qualified Domain Name (FQDN). An FQDN\
+ \ object provides further ease of use because DNS provides the FQDN resolution\
+ \ to the IP addresses instead of you needing to know the IP addresses and manually\
+ \ updating them every time the FQDN resolves to a new IP address.\n\nThese are\
+ \ the following formats for FQDN. \n\n- Host names are composed of a sequence\
+ \ of labels concatenated with dots\n- Each label must be from 1 to 63 characters\
+ \ long\n- The entire host name, including the delimiting dots, has a maximum of\
+ \ 253 ASCII characters\n- DNS names can contain only alphabetical characters (A-Z),\
+ \ numeric characters (0-9), minus sign (-), and period (.) \n\nFor more information,\
+ \ see [FQDN formats](https://en.wikipedia.org/wiki/Hostname).\n\n### Permission\
+ \ Policies\n\n| Action | Local Firewall Administrator |\
+ \ Local Rulestack Administrator | Global Rulestack Administrator |\n| ----------------------------\
+ \ | :---------------------------: | :---------------------------: | :----------------------------:\
+ \ |\n| Create FQDN List | ☐ | **☑**\
+ \ | **☑** | \n| Delete FQDN List \
+ \ | ☐ | **☑** |\
+ \ **☑** | \n| Update FQDN List\
+ \ | ☐ | **☑** \
+ \ | **☑** | \n| List FQDN Lists | **☑**\
+ \ | **☑** | **☑** \
+ \ |\n| Describe FQDN List | **☑** | **☑**\
+ \ | **☑** |\n"
+ title: Manage FQDN List
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/fqdnlists:
+ get:
+ description: "Retrieve the information about the FDQN lists for the specified\
+ \ rulestack. \n"
+ operationId: get-v1-config-rulestacks-rulestackname-fqdnlists
+ parameters:
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ title: Nexttoken
+ type: string
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: uncommitted
+ required: false
+ schema:
+ default: false
+ title: Uncommitted
+ type: boolean
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ - description: ''
+ in: query
+ name: describe
+ required: false
+ schema:
+ default: false
+ title: Describe
+ type: boolean
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListFqdnListResponse'
+ description: OK
+ summary: List FQDNLists
+ tags:
+ - FQDNList
+ post:
+ description: 'Create a FQDN list for a rulestack.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-fqdnlists
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateFqdnListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateFqdnListResponse'
+ description: OK
+ summary: Create a FQDNList
+ tags:
+ - FQDNList
+ /v1/config/rulestacks/{rulestackname}/fqdnlists/{name}:
+ delete:
+ description: "Delete the FDQN list associated with a rulestack. \n"
+ operationId: delete-v1-config-rulestacks-rulestackname-fqdnlists-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the FQDN list.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteFqdnListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteFqdnListResponse'
+ description: OK
+ summary: Delete a FQDNList
+ tags:
+ - FQDNList
+ get:
+ description: "Return the information the FDQN list associated with a rulestack.\
+ \ \n"
+ operationId: get-v1-config-rulestacks-rulestackname-fqdnlists-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the FQDN list.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeFqdnListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeFqdnListResponse'
+ description: OK
+ summary: Describe a FQDNList
+ tags:
+ - FQDNList
+ put:
+ description: 'Update the FDQN list associated with a rulestack.
+
+ '
+ operationId: put-v1-config-rulestacks-rulestackname-fqdnlists-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the FQDN list.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFqdnListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFqdnListResponse'
+ description: OK
+ summary: Update a FQDNList
+ tags:
+ - FQDNList
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: FQDNList
diff --git a/static/cloudngfw/aws/spec/api/FileBlockingAction.yaml b/static/cloudngfw/aws/spec/api/FileBlockingAction.yaml
new file mode 100644
index 000000000..d207627a9
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/FileBlockingAction.yaml
@@ -0,0 +1,412 @@
+components:
+ schemas:
+ DescribeFileBlockingActionResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeFileBlockingActionResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeFileBlockingActionResponse.Result'
+ title: DescribeFileBlockingActionResponse
+ type: object
+ DescribeFileBlockingActionResponse.FileBlockingEntry:
+ additionalProperties: false
+ properties:
+ Action:
+ default: alert
+ enum:
+ - alert
+ - block
+ - continue
+ title: Action
+ type: string
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 255
+ title: Description
+ type: string
+ Direction:
+ default: both
+ enum:
+ - upload
+ - download
+ - both
+ title: Direction
+ type: string
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ title: FileBlockingEntry
+ type: object
+ DescribeFileBlockingActionResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FileBlockingCandidate:
+ $ref: '#/components/schemas/DescribeFileBlockingActionResponse.FileBlockingEntry'
+ FileBlockingRunning:
+ $ref: '#/components/schemas/DescribeFileBlockingActionResponse.FileBlockingEntry'
+ FileType:
+ title: Filetype
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DescribeFileBlockingActionResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListFileBlockingActionResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListFileBlockingActionResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListFileBlockingActionResponse.Result'
+ title: ListFileBlockingActionResponse
+ type: object
+ ListFileBlockingActionResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FileBlockingCandidate:
+ items:
+ type: string
+ title: Fileblockingcandidate
+ type: array
+ FileBlockingRunning:
+ items:
+ type: string
+ title: Fileblockingrunning
+ type: array
+ FileBlockingUncommitted:
+ items:
+ $ref: '#/components/schemas/ListFileBlockingActionResponse.UncommittedFileBlocking'
+ title: Fileblockinguncommitted
+ type: array
+ NextToken:
+ title: Nexttoken
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ ListFileBlockingActionResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListFileBlockingActionResponse.UncommittedFileBlocking:
+ additionalProperties: false
+ properties:
+ Name:
+ title: Name
+ type: string
+ Operation:
+ title: Operation
+ type: string
+ required:
+ - Name
+ - Operation
+ title: UncommittedFileBlocking
+ type: object
+ UpdateFileBlockingActionRequest:
+ additionalProperties: false
+ properties:
+ Action:
+ enum:
+ - alert
+ - block
+ title: Action
+ type: string
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 255
+ title: Description
+ type: string
+ Direction:
+ enum:
+ - upload
+ - download
+ - both
+ title: Direction
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - Direction
+ - Action
+ title: UpdateFileBlockingActionRequest
+ type: object
+ UpdateFileBlockingActionResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateFileBlockingActionResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateFileBlockingActionResponse.Result'
+ title: UpdateFileBlockingActionResponse
+ type: object
+ UpdateFileBlockingActionResponse.FileBlockingEntry:
+ additionalProperties: false
+ properties:
+ Action:
+ default: alert
+ enum:
+ - alert
+ - block
+ - continue
+ title: Action
+ type: string
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 255
+ title: Description
+ type: string
+ Direction:
+ default: both
+ enum:
+ - upload
+ - download
+ - both
+ title: Direction
+ type: string
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ title: FileBlockingEntry
+ type: object
+ UpdateFileBlockingActionResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FileBlockingEntry:
+ $ref: '#/components/schemas/UpdateFileBlockingActionResponse.FileBlockingEntry'
+ FileType:
+ title: Filetype
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdateFileBlockingActionResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Allows you to identify specific file types that you want to block.\
+ \ \n\n### Permission Policies\n\n| Action | Local Firewall\
+ \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator|\n\
+ | ------------------------------- | :--------------------------: | :---------------------------:\
+ \ | :---------------------------: |\n| Create a File Blocking Action | ☐\
+ \ | **☑** | **☑** \
+ \ | \n| Update a File Blocking Action | ☐ \
+ \ | **☑** | **☑** | \
+ \ \n| Delete a File Blocking Action | ☐ \
+ \ | **☑** | **☑** | \n|\
+ \ Describe a File Blocking Action | **☑** | **☑**\
+ \ | **☑** |\n"
+ title: Manage File Blocking Action
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/fileblockingprofiles/custom/filetypes:
+ get:
+ description: 'Retrieves the metadata for the file blocking profile defined for
+ a specified rulestack.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-fileblockingprofiles-custom-filetypes
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ title: Nexttoken
+ type: string
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: uncommitted
+ required: false
+ schema:
+ default: false
+ title: Uncommitted
+ type: boolean
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ - description: ''
+ in: query
+ name: describe
+ required: false
+ schema:
+ default: false
+ title: Describe
+ type: boolean
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListFileBlockingActionResponse'
+ description: OK
+ summary: List File Blocking Actions
+ tags:
+ - FileBlockingAction
+ /v1/config/rulestacks/{rulestackname}/fileblockingprofiles/custom/filetypes/{type}:
+ get:
+ description: 'Use this command to return the data related to the file blocking
+ profile attached to a specified rulestack.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-fileblockingprofiles-custom-filetypes-type
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The type of file blocking action.
+
+ '
+ in: path
+ name: type
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeFileBlockingActionResponse'
+ description: OK
+ summary: Describe File Blocking Action
+ tags:
+ - FileBlockingAction
+ put:
+ description: 'Update the file blocking profile to a specified rulestack.
+
+ '
+ operationId: put-v1-config-rulestacks-rulestackname-fileblockingprofiles-custom-filetypes-type
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The type of file blocking action.
+
+ '
+ in: path
+ name: type
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFileBlockingActionRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFileBlockingActionResponse'
+ description: OK
+ summary: Update File Blocking Action
+ tags:
+ - FileBlockingAction
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: FileBlockingAction
diff --git a/static/cloudngfw/aws/spec/api/IntelligentFeed.yaml b/static/cloudngfw/aws/spec/api/IntelligentFeed.yaml
new file mode 100644
index 000000000..8674828af
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/IntelligentFeed.yaml
@@ -0,0 +1,579 @@
+components:
+ schemas:
+ CreateIntelligentFeedRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Certificate:
+ title: Certificate
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ FeedURL:
+ maxLength: 255
+ minLength: 1
+ pattern: ^(http|https)://.+$
+ title: Feedurl
+ type: string
+ Frequency:
+ enum:
+ - HOURLY
+ - DAILY
+ title: Frequency
+ type: string
+ Name:
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ Time:
+ default: 3
+ maximum: 23
+ minimum: 0
+ title: Time
+ type: integer
+ Type:
+ enum:
+ - IP_LIST
+ - URL_LIST
+ title: Type
+ type: string
+ required:
+ - Name
+ - FeedURL
+ - Type
+ - Frequency
+ title: CreateIntelligentFeedRequest
+ type: object
+ CreateIntelligentFeedResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/CreateIntelligentFeedResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/CreateIntelligentFeedResponse.Result'
+ title: CreateIntelligentFeedResponse
+ type: object
+ CreateIntelligentFeedResponse.FeedDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Certificate:
+ title: Certificate
+ type: string
+ Description:
+ title: Description
+ type: string
+ FeedURL:
+ title: Feedurl
+ type: string
+ Frequency:
+ enum:
+ - HOURLY
+ - DAILY
+ title: Frequency
+ type: string
+ Time:
+ maximum: 23
+ minimum: 0
+ title: Time
+ type: integer
+ Type:
+ enum:
+ - IP_LIST
+ - URL_LIST
+ title: Type
+ type: string
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ title: FeedDetails
+ type: object
+ CreateIntelligentFeedResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FeedEntry:
+ $ref: '#/components/schemas/CreateIntelligentFeedResponse.FeedDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ CreateIntelligentFeedResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DeleteIntelligentFeedRequest:
+ additionalProperties: false
+ properties: {}
+ title: DeleteIntelligentFeedRequest
+ type: object
+ DeleteIntelligentFeedResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DeleteIntelligentFeedResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DeleteIntelligentFeedResponse.Result'
+ title: DeleteIntelligentFeedResponse
+ type: object
+ DeleteIntelligentFeedResponse.FeedDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Certificate:
+ title: Certificate
+ type: string
+ Description:
+ title: Description
+ type: string
+ FeedURL:
+ title: Feedurl
+ type: string
+ Frequency:
+ enum:
+ - HOURLY
+ - DAILY
+ title: Frequency
+ type: string
+ Time:
+ maximum: 23
+ minimum: 0
+ title: Time
+ type: integer
+ Type:
+ enum:
+ - IP_LIST
+ - URL_LIST
+ title: Type
+ type: string
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ title: FeedDetails
+ type: object
+ DeleteIntelligentFeedResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FeedEntry:
+ $ref: '#/components/schemas/DeleteIntelligentFeedResponse.FeedDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DeleteIntelligentFeedResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribeIntelligentFeedRequest:
+ additionalProperties: false
+ properties:
+ Candidate:
+ default: true
+ title: Candidate
+ type: boolean
+ Running:
+ default: false
+ title: Running
+ type: boolean
+ title: DescribeIntelligentFeedRequest
+ type: object
+ DescribeIntelligentFeedResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeIntelligentFeedResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeIntelligentFeedResponse.Result'
+ title: DescribeIntelligentFeedResponse
+ type: object
+ DescribeIntelligentFeedResponse.FeedDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Certificate:
+ title: Certificate
+ type: string
+ Description:
+ title: Description
+ type: string
+ FeedURL:
+ title: Feedurl
+ type: string
+ Frequency:
+ enum:
+ - HOURLY
+ - DAILY
+ title: Frequency
+ type: string
+ Time:
+ maximum: 23
+ minimum: 0
+ title: Time
+ type: integer
+ Type:
+ enum:
+ - IP_LIST
+ - URL_LIST
+ title: Type
+ type: string
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ title: FeedDetails
+ type: object
+ DescribeIntelligentFeedResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FeedCandidate:
+ $ref: '#/components/schemas/DescribeIntelligentFeedResponse.FeedDetails'
+ FeedRunning:
+ $ref: '#/components/schemas/DescribeIntelligentFeedResponse.FeedDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DescribeIntelligentFeedResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ UpdateIntelligentFeedRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Certificate:
+ title: Certificate
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ FeedURL:
+ maxLength: 255
+ minLength: 1
+ pattern: ^(http|https)://.+$
+ title: Feedurl
+ type: string
+ Frequency:
+ enum:
+ - HOURLY
+ - DAILY
+ title: Frequency
+ type: string
+ Time:
+ default: 3
+ maximum: 23
+ minimum: 0
+ title: Time
+ type: integer
+ Type:
+ enum:
+ - IP_LIST
+ - URL_LIST
+ title: Type
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - FeedURL
+ - Type
+ - Frequency
+ title: UpdateIntelligentFeedRequest
+ type: object
+ UpdateIntelligentFeedResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateIntelligentFeedResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateIntelligentFeedResponse.Result'
+ title: UpdateIntelligentFeedResponse
+ type: object
+ UpdateIntelligentFeedResponse.FeedDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Certificate:
+ title: Certificate
+ type: string
+ Description:
+ title: Description
+ type: string
+ FeedURL:
+ title: Feedurl
+ type: string
+ Frequency:
+ enum:
+ - HOURLY
+ - DAILY
+ title: Frequency
+ type: string
+ Time:
+ maximum: 23
+ minimum: 0
+ title: Time
+ type: integer
+ Type:
+ enum:
+ - IP_LIST
+ - URL_LIST
+ title: Type
+ type: string
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ title: FeedDetails
+ type: object
+ UpdateIntelligentFeedResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FeedEntry:
+ $ref: '#/components/schemas/UpdateIntelligentFeedResponse.FeedDetails'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdateIntelligentFeedResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "An intelligent feed, also called an external dynamic list, is a list\
+ \ that you or third-parties can host on an external web server. You can specify\
+ \ the Intelligence Feed as the source or destination of your security rule. The\
+ \ NGFW checks the hosted list at hourly or daily intervals, and enforces your\
+ \ security rules based on the latest entries on your list, without requiring you\
+ \ to make any configuration changes. \n\nFor more information about feeds, see\
+ \ [EDL hosting service](https://docs.paloaltonetworks.com/resources/edl-hosting-service.html).\n\
+ \n### Permission Policies\n\n| Action | Local Firewall Administrator\
+ \ | Local Rulestack Administrator | Global Rulestack Administrator|\n| ---------------------------\
+ \ | :--------------------------: | :---------------------------: | :---------------------------:\
+ \ |\n| Create Intelligent Feed | ☐ | **☑**\
+ \ | **☑** |\n| Delete Intelligent Feed\
+ \ | ☐ | **☑** | **☑**\
+ \ | \n| Update Intelligent Feed |\
+ \ ☐ | **☑** | **☑** \
+ \ | \n| Describe Intelligent Feed | **☑** \
+ \ | **☑** | **☑** |\n|\
+ \ List Intelligent Feeds | **☑** | **☑** \
+ \ | **☑** |\n"
+ title: Manage Intelligent Feed
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/feeds:
+ post:
+ description: 'Create intelligence feed to analyze threat data.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-feeds
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateIntelligentFeedRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateIntelligentFeedResponse'
+ description: OK
+ summary: Create an IntelligentFeed
+ tags:
+ - IntelligentFeed
+ /v1/config/rulestacks/{rulestackname}/feeds/{name}:
+ delete:
+ description: 'Delete the threat intelligence feeds received for a specified
+ rulestack.
+
+ '
+ operationId: delete-v1-config-rulestacks-rulestackname-feeds-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the feed.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteIntelligentFeedRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteIntelligentFeedResponse'
+ description: OK
+ summary: Delete an IntelligentFeed
+ tags:
+ - IntelligentFeed
+ get:
+ description: "Returns the intelligence feed data collected for the specified\
+ \ rulestack. \n"
+ operationId: get-v1-config-rulestacks-rulestackname-feeds-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the feed.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeIntelligentFeedRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeIntelligentFeedResponse'
+ description: OK
+ summary: Describe an IntelligentFeed
+ tags:
+ - IntelligentFeed
+ put:
+ description: 'Update the threat intelligence feeds for a rulestack.
+
+ '
+ operationId: put-v1-config-rulestacks-rulestackname-feeds-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the feed.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateIntelligentFeedRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateIntelligentFeedResponse'
+ description: OK
+ summary: Update an IntelligentFeed
+ tags:
+ - IntelligentFeed
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: IntelligentFeed
diff --git a/static/cloudngfw/aws/spec/api/LogProfile.yaml b/static/cloudngfw/aws/spec/api/LogProfile.yaml
new file mode 100644
index 000000000..12402855e
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/LogProfile.yaml
@@ -0,0 +1,232 @@
+components:
+ schemas:
+ ReadFWResourceLogProfileRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ required:
+ - AccountId
+ title: ReadFWResourceLogProfileRequest
+ type: object
+ ReadFWResourceLogProfileResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ReadFWResourceLogProfileResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ReadFWResourceLogProfileResponse.Result'
+ title: ReadFWResourceLogProfileResponse
+ type: object
+ ReadFWResourceLogProfileResponse.LogProfileConfig:
+ additionalProperties: false
+ properties:
+ LogDestination:
+ title: Logdestination
+ type: string
+ LogDestinationType:
+ title: Logdestinationtype
+ type: string
+ LogType:
+ title: Logtype
+ type: string
+ required:
+ - LogDestination
+ - LogDestinationType
+ - LogType
+ title: LogProfileConfig
+ type: object
+ ReadFWResourceLogProfileResponse.ResponseData:
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ CloudWatchMetricNamespace:
+ title: Cloudwatchmetricnamespace
+ type: string
+ FirewallName:
+ title: Firewallname
+ type: string
+ LogDestinationConfigs:
+ items:
+ $ref: '#/components/schemas/ReadFWResourceLogProfileResponse.LogProfileConfig'
+ title: Logdestinationconfigs
+ type: array
+ title: ResponseData
+ type: object
+ ReadFWResourceLogProfileResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ UpdateFWResourceLogProfileRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ LogDestinationConfigs:
+ items:
+ $ref: '#/components/schemas/UpdateFWResourceLogProfileRequest.LogProfileConfig'
+ title: Logdestinationconfigs
+ type: array
+ required:
+ - LogDestinationConfigs
+ title: UpdateFWResourceLogProfileRequest
+ type: object
+ UpdateFWResourceLogProfileRequest.LogProfileConfig:
+ additionalProperties: false
+ properties:
+ LogDestination:
+ title: Logdestination
+ type: string
+ LogDestinationType:
+ title: Logdestinationtype
+ type: string
+ LogType:
+ title: Logtype
+ type: string
+ required:
+ - LogDestination
+ - LogDestinationType
+ - LogType
+ title: LogProfileConfig
+ type: object
+ UpdateFWResourceLogProfileResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse.Result'
+ title: UpdateFWResourceLogProfileResponse
+ type: object
+ UpdateFWResourceLogProfileResponse.LogProfileConfig:
+ additionalProperties: false
+ properties:
+ LogDestination:
+ title: Logdestination
+ type: string
+ LogDestinationType:
+ title: Logdestinationtype
+ type: string
+ LogType:
+ title: Logtype
+ type: string
+ required:
+ - LogDestination
+ - LogDestinationType
+ - LogType
+ title: LogProfileConfig
+ type: object
+ UpdateFWResourceLogProfileResponse.ResponseData:
+ properties:
+ FirewallName:
+ title: Firewallname
+ type: string
+ LogDestinationConfigs:
+ items:
+ $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse.LogProfileConfig'
+ title: Logdestinationconfigs
+ type: array
+ title: ResponseData
+ type: object
+ UpdateFWResourceLogProfileResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Log entries contain properties, activities, or behaviors associated\
+ \ with the logged event, such as the application type or the IP address of an\
+ \ attacker. \n\nCloud NGFW can captures threat, traffic, and decryption profiles.\
+ \ For more information, see [Configure logging for Cloud NGFW on AWS](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/create-cloud-ngfw-instances-and-endpoints/configure-logging-for-the-cloud-ngfw-on-aws).\n\
+ \n### Permission Policies\n\n| Action | Local Firewall\
+ \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator\
+ \ |\n| ------------------------------ | :---------------------------: | :---------------------------:\
+ \ | :----------------------------: |\n| Update Log Profile | **☑**\
+ \ | ☐ | ☐ \
+ \ |\n| Read Log Profile | **☑** |\
+ \ **☑** | **☑** | \n"
+ title: Manage Log Profiles
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/ngfirewalls/{ngfirewallname}/logprofile:
+ get:
+ description: 'Return the log destination of a specific NGFW.
+
+ '
+ operationId: get-v1-config-ngfirewalls-ngfirewallname-logprofile
+ parameters:
+ - description: 'The name of the NGFW.
+
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ReadFWResourceLogProfileRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ReadFWResourceLogProfileResponse'
+ description: OK
+ summary: Read logprofile config of a firewall
+ tags:
+ - LogProfile
+ put:
+ description: "Update the log destination of a specific NGFW. \n\n>The destination\
+ \ is Fluentd, hence commit is not needed.\n"
+ operationId: put-v1-config-ngfirewalls-ngfirewallname-logprofile
+ parameters:
+ - description: 'The name of the NGFW.
+
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFWResourceLogProfileRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFWResourceLogProfileResponse'
+ description: OK
+ summary: Update logprofile config of a firewall
+ tags:
+ - LogProfile
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: LogProfile
diff --git a/static/cloudngfw/aws/spec/api/ManageAPITokens.yaml b/static/cloudngfw/aws/spec/api/ManageAPITokens.yaml
new file mode 100644
index 000000000..11ff63582
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/ManageAPITokens.yaml
@@ -0,0 +1,288 @@
+components:
+ schemas:
+ DescribeProgrammaticAccessRequest:
+ additionalProperties: false
+ properties: {}
+ title: DescribeProgrammaticAccessRequest
+ type: object
+ DescribeProgrammaticAccessResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeProgrammaticAccessResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeProgrammaticAccessResponse.Result'
+ title: DescribeProgrammaticAccessResponse
+ type: object
+ DescribeProgrammaticAccessResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Enabled:
+ title: Enabled
+ type: boolean
+ MaxExpiryTime:
+ maximum: 1440
+ minimum: 480
+ title: Maxexpirytime
+ type: integer
+ title: ResponseData
+ type: object
+ DescribeProgrammaticAccessResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ GetCloudFirewallAdminTokensRequest:
+ additionalProperties: false
+ properties:
+ ExpiryTime:
+ default: 30
+ maximum: 1440
+ minimum: 5
+ title: Expirytime
+ type: integer
+ title: GetCloudFirewallAdminTokensRequest
+ type: object
+ GetCloudFirewallAdminTokensResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/GetCloudFirewallAdminTokensResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/GetCloudFirewallAdminTokensResponse.Result'
+ title: GetCloudFirewallAdminTokensResponse
+ type: object
+ GetCloudFirewallAdminTokensResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Enabled:
+ title: Enabled
+ type: boolean
+ ExpiryTime:
+ maximum: 1440
+ minimum: 5
+ title: Expirytime
+ type: integer
+ SubscriptionKey:
+ title: Subscriptionkey
+ type: string
+ TokenId:
+ title: Tokenid
+ type: string
+ title: ResponseData
+ type: object
+ GetCloudFirewallAdminTokensResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ GetCloudGlobalRulestackAdminTokensRequest:
+ additionalProperties: false
+ properties:
+ ExpiryTime:
+ default: 30
+ maximum: 1440
+ minimum: 5
+ title: Expirytime
+ type: integer
+ title: GetCloudGlobalRulestackAdminTokensRequest
+ type: object
+ GetCloudGlobalRulestackAdminTokensResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/GetCloudGlobalRulestackAdminTokensResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/GetCloudGlobalRulestackAdminTokensResponse.Result'
+ title: GetCloudGlobalRulestackAdminTokensResponse
+ type: object
+ GetCloudGlobalRulestackAdminTokensResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Enabled:
+ title: Enabled
+ type: boolean
+ ExpiryTime:
+ maximum: 1440
+ minimum: 5
+ title: Expirytime
+ type: integer
+ SubscriptionKey:
+ title: Subscriptionkey
+ type: string
+ TokenId:
+ title: Tokenid
+ type: string
+ title: ResponseData
+ type: object
+ GetCloudGlobalRulestackAdminTokensResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ GetCloudRulestackAdminTokensRequest:
+ additionalProperties: false
+ properties:
+ ExpiryTime:
+ default: 30
+ maximum: 1440
+ minimum: 5
+ title: Expirytime
+ type: integer
+ title: GetCloudRulestackAdminTokensRequest
+ type: object
+ GetCloudRulestackAdminTokensResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/GetCloudRulestackAdminTokensResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/GetCloudRulestackAdminTokensResponse.Result'
+ title: GetCloudRulestackAdminTokensResponse
+ type: object
+ GetCloudRulestackAdminTokensResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Enabled:
+ title: Enabled
+ type: boolean
+ ExpiryTime:
+ maximum: 1440
+ minimum: 5
+ title: Expirytime
+ type: integer
+ SubscriptionKey:
+ title: Subscriptionkey
+ type: string
+ TokenId:
+ title: Tokenid
+ type: string
+ title: ResponseData
+ type: object
+ GetCloudRulestackAdminTokensResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: 'Generate JSON Web Token (JWT) to get programmatic access and authenticate
+ API calls.
+
+ '
+ title: Manage API Tokens
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/mgmt/tokens:
+ get:
+ description: ''
+ operationId: get-v1-mgmt-tokens
+ parameters: []
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeProgrammaticAccessRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeProgrammaticAccessResponse'
+ description: OK
+ summary: Describe programmatic access
+ tags:
+ - ManageAPITokens
+ /v1/mgmt/tokens/cloudfirewalladmin:
+ get:
+ description: ''
+ operationId: get-v1-mgmt-tokens-cloudfirewalladmin
+ parameters: []
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/GetCloudFirewallAdminTokensRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/GetCloudFirewallAdminTokensResponse'
+ description: OK
+ summary: Get programmatic access token for CloudFirewallAdmin
+ tags:
+ - ManageAPITokens
+ /v1/mgmt/tokens/cloudglobalrulestackadmin:
+ get:
+ description: ''
+ operationId: get-v1-mgmt-tokens-cloudglobalrulestackadmin
+ parameters: []
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/GetCloudGlobalRulestackAdminTokensRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/GetCloudGlobalRulestackAdminTokensResponse'
+ description: OK
+ summary: Get programmatic access token for CloudGlobalRulestackAdmin
+ tags:
+ - ManageAPITokens
+ /v1/mgmt/tokens/cloudrulestackadmin:
+ get:
+ description: ''
+ operationId: get-v1-mgmt-tokens-cloudrulestackadmin
+ parameters: []
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/GetCloudRulestackAdminTokensRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/GetCloudRulestackAdminTokensResponse'
+ description: OK
+ summary: Get programmatic access token for CloudRulestackAdmin
+ tags:
+ - ManageAPITokens
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: ManageAPITokens
diff --git a/static/cloudngfw/aws/spec/api/ManageCustomURLCategories.yaml b/static/cloudngfw/aws/spec/api/ManageCustomURLCategories.yaml
new file mode 100644
index 000000000..c63fba374
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/ManageCustomURLCategories.yaml
@@ -0,0 +1,660 @@
+components:
+ schemas:
+ CreateCustomURLCategoryRequest:
+ additionalProperties: false
+ properties:
+ Action:
+ default: none
+ enum:
+ - none
+ - allow
+ - alert
+ - block
+ title: Action
+ type: string
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 255
+ title: Description
+ type: string
+ Name:
+ maxLength: 29
+ pattern: ^[a-zA-Z][0-9a-zA-Z-]*$
+ title: Name
+ type: string
+ UrlTargets:
+ items:
+ maxLength: 255
+ type: string
+ title: Urltargets
+ type: array
+ required:
+ - Name
+ - UrlTargets
+ title: CreateCustomURLCategoryRequest
+ type: object
+ CreateCustomURLCategoryResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/CreateCustomURLCategoryResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/CreateCustomURLCategoryResponse.Result'
+ title: CreateCustomURLCategoryResponse
+ type: object
+ CreateCustomURLCategoryResponse.CustomURLCategory:
+ additionalProperties: false
+ properties:
+ Action:
+ title: Action
+ type: string
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 255
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ UrlTargets:
+ items:
+ maxLength: 255
+ type: string
+ title: Urltargets
+ type: array
+ required:
+ - UrlTargets
+ title: CustomURLCategory
+ type: object
+ CreateCustomURLCategoryResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CustomURLEntry:
+ $ref: '#/components/schemas/CreateCustomURLCategoryResponse.CustomURLCategory'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ CreateCustomURLCategoryResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DeleteCustomURLCategoryRequest:
+ additionalProperties: false
+ properties: {}
+ title: DeleteCustomURLCategoryRequest
+ type: object
+ DeleteCustomURLCategoryResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DeleteCustomURLCategoryResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DeleteCustomURLCategoryResponse.Result'
+ title: DeleteCustomURLCategoryResponse
+ type: object
+ DeleteCustomURLCategoryResponse.CustomURLCategory:
+ additionalProperties: false
+ properties:
+ Action:
+ title: Action
+ type: string
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 255
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ UrlTargets:
+ items:
+ maxLength: 255
+ type: string
+ title: Urltargets
+ type: array
+ required:
+ - UrlTargets
+ title: CustomURLCategory
+ type: object
+ DeleteCustomURLCategoryResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CustomURLEntry:
+ $ref: '#/components/schemas/DeleteCustomURLCategoryResponse.CustomURLCategory'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DeleteCustomURLCategoryResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribeCustomURLCategoryResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.Result'
+ title: DescribeCustomURLCategoryResponse
+ type: object
+ DescribeCustomURLCategoryResponse.CustomURLCategory:
+ additionalProperties: false
+ properties:
+ Action:
+ title: Action
+ type: string
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 255
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ UrlTargets:
+ items:
+ maxLength: 255
+ type: string
+ title: Urltargets
+ type: array
+ required:
+ - UrlTargets
+ title: CustomURLCategory
+ type: object
+ DescribeCustomURLCategoryResponse.CustomURLCategoryDB:
+ additionalProperties: false
+ properties:
+ URLCategoryEntry:
+ $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.CustomURLCategory'
+ operation:
+ enum:
+ - add
+ - update
+ - delete
+ title: Operation
+ type: string
+ pk:
+ title: Pk
+ type: string
+ sk:
+ maxLength: 29
+ pattern: ^[a-zA-Z][0-9a-zA-Z-]*$
+ title: Sk
+ type: string
+ required:
+ - pk
+ - sk
+ title: CustomURLCategoryDB
+ type: object
+ DescribeCustomURLCategoryResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ URLCategoryCandidate:
+ $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.CustomURLCategoryDB'
+ URLCategoryRunning:
+ $ref: '#/components/schemas/DescribeCustomURLCategoryResponse.CustomURLCategoryDB'
+ title: ResponseData
+ type: object
+ DescribeCustomURLCategoryResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListCustomURLCategoriesResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListCustomURLCategoriesResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListCustomURLCategoriesResponse.Result'
+ title: ListCustomURLCategoriesResponse
+ type: object
+ ListCustomURLCategoriesResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CategoriesCandidate:
+ items:
+ type: string
+ title: Categoriescandidate
+ type: array
+ CategoriesPreDefined:
+ items:
+ type: string
+ title: Categoriespredefined
+ type: array
+ CategoriesRunning:
+ items:
+ type: string
+ title: Categoriesrunning
+ type: array
+ CategoriesUncommitted:
+ items:
+ $ref: '#/components/schemas/ListCustomURLCategoriesResponse.UncommittedCategory'
+ title: Categoriesuncommitted
+ type: array
+ NextToken:
+ title: Nexttoken
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ ListCustomURLCategoriesResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListCustomURLCategoriesResponse.UncommittedCategory:
+ additionalProperties: false
+ properties:
+ Name:
+ title: Name
+ type: string
+ Operation:
+ title: Operation
+ type: string
+ required:
+ - Name
+ - Operation
+ title: UncommittedCategory
+ type: object
+ UpdateCustomURLCategoryRequest:
+ additionalProperties: false
+ properties:
+ Action:
+ default: none
+ enum:
+ - none
+ - allow
+ - alert
+ - block
+ title: Action
+ type: string
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 255
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ UrlTargets:
+ items:
+ maxLength: 255
+ type: string
+ title: Urltargets
+ type: array
+ required:
+ - UrlTargets
+ title: UpdateCustomURLCategoryRequest
+ type: object
+ UpdateCustomURLCategoryResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateCustomURLCategoryResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateCustomURLCategoryResponse.Result'
+ title: UpdateCustomURLCategoryResponse
+ type: object
+ UpdateCustomURLCategoryResponse.CustomURLCategory:
+ additionalProperties: false
+ properties:
+ Action:
+ title: Action
+ type: string
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 255
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ UrlTargets:
+ items:
+ maxLength: 255
+ type: string
+ title: Urltargets
+ type: array
+ required:
+ - UrlTargets
+ title: CustomURLCategory
+ type: object
+ UpdateCustomURLCategoryResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CustomURLEntry:
+ $ref: '#/components/schemas/UpdateCustomURLCategoryResponse.CustomURLCategory'
+ Name:
+ title: Name
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdateCustomURLCategoryResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Palo Alto Networks provides a set of predefined URL filtering categories.\
+ \ \nYou can also specify your own URL filtering categories using a customer URL\
+ \ category object. For example, create a custom list of URLs that you want to\
+ \ use as match criteria in a Security policy rule. \nYou can use the custom URL\
+ \ categories as a security policy match criteria. \n\nFor more information, refer\
+ \ to the following links.\n- [Where Can I Find a Complete List of PAN-DB URL Filtering\
+ \ Categories?](https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5hCAC)\n\
+ - [Palo Alto Networks URL filtering](https://urlfiltering.paloaltonetworks.com/)\n\
+ - [Create a custom URL category for Cloud NGFW on AWS](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/rules-and-rulestacks/cloud-ngfw-security-rule-objects/create-a-custom-url-category-for-cloud-ngfw-on-aws)\n\
+ \n### Permission Policies\n\n| Action | Local\
+ \ Firewall Administrator | Local Rulestack Administrator | Global Rulestack Administrator\
+ \ |\n| -------------------------------------- | :---------------------------:\
+ \ | :---------------------------: | :----------------------------: |\n| Create\
+ \ Custom URL Category | ☐ | **☑**\
+ \ | **☑** | \n| Delete Custom URL Category\
+ \ | ☐ | **☑** \
+ \ | **☑** | \n| Update Custom\
+ \ URL Category | ☐ | **☑** \
+ \ | **☑** | \n| Describe Custom URL Category\
+ \ | **☑** | **☑** |\
+ \ **☑** |\n| List Custom URL Categories |\
+ \ **☑** | **☑** | **☑**\
+ \ |\n"
+ title: Manage Custom URL Categories
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/urlcustomcategories:
+ get:
+ description: 'Retrieve the data of the custom URL categories of a specified
+ rulestack.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-urlcustomcategories
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ title: Nexttoken
+ type: string
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: uncommitted
+ required: false
+ schema:
+ default: false
+ title: Uncommitted
+ type: boolean
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListCustomURLCategoriesResponse'
+ description: OK
+ summary: List Custom URL Categories
+ tags:
+ - ManageCustomURLCategories
+ post:
+ description: 'Create a custom URL filtering object to specify exceptions to
+ URL category enforcement, and to create a custom URL category based on multiple
+ URL categories.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-urlcustomcategories
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateCustomURLCategoryRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateCustomURLCategoryResponse'
+ description: OK
+ summary: Create Custom URL Category
+ tags:
+ - ManageCustomURLCategories
+ /v1/config/rulestacks/{rulestackname}/urlcustomcategories/{name}:
+ delete:
+ description: "Delete a custom URL category for a specified rulestack. \n"
+ operationId: delete-v1-config-rulestacks-rulestackname-urlcustomcategories-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'URL Category.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteCustomURLCategoryRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteCustomURLCategoryResponse'
+ description: OK
+ summary: Delete Custom URL Category
+ tags:
+ - ManageCustomURLCategories
+ get:
+ description: 'Return the custom URL category of a specified rule group. This
+ command describes custom categories and the default predefined ones.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-urlcustomcategories-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'URL Category.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: true
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: false
+ title: Candidate
+ type: boolean
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeCustomURLCategoryResponse'
+ description: OK
+ summary: Describe Custom URL Category
+ tags:
+ - ManageCustomURLCategories
+ put:
+ description: 'Modify the custom URL category of a specified rulestack.
+
+ '
+ operationId: put-v1-config-rulestacks-rulestackname-urlcustomcategories-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'URL Category.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateCustomURLCategoryRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateCustomURLCategoryResponse'
+ description: OK
+ summary: Update Custom URL Category
+ tags:
+ - ManageCustomURLCategories
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: ManageCustomURLCategories
diff --git a/static/cloudngfw/aws/spec/api/ManageNGFW-V2.yaml b/static/cloudngfw/aws/spec/api/ManageNGFW-V2.yaml
new file mode 100644
index 000000000..f0513e30c
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/ManageNGFW-V2.yaml
@@ -0,0 +1,3312 @@
+components:
+ schemas:
+ model.CloudwatchMetrics:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ CloudWatchMetricNamespace:
+ type: string
+ CloudWatchMetricsFields:
+ items:
+ type: string
+ type: array
+ required:
+ - AccountId
+ - CloudWatchMetricNamespace
+ type: object
+ model.EgressNATConfig:
+ properties:
+ Enabled:
+ type: boolean
+ Settings:
+ $ref: '#/components/schemas/model.EgressNATSettings'
+ type: object
+ model.EgressNATSettings:
+ properties:
+ IPAMPoolId:
+ type: string
+ IPPoolType:
+ enum:
+ - AWSService
+ - BYOIP
+ type: string
+ type: object
+ model.EndpointConfig:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ EgressNATEnabled:
+ type: boolean
+ EndpointId:
+ type: string
+ Mode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ type: string
+ Prefixes:
+ $ref: '#/components/schemas/model.PrefixInfo'
+ RejectedReason:
+ type: string
+ Status:
+ enum:
+ - Pending
+ - Accepted
+ - Rejected
+ - Created
+ - Creating
+ - Deleting
+ type: string
+ SubnetId:
+ type: string
+ VpcId:
+ type: string
+ ZoneId:
+ type: string
+ required:
+ - Mode
+ type: object
+ model.FirewallRoles:
+ properties:
+ EndpointRole:
+ type: string
+ LoggingRole:
+ type: string
+ type: object
+ model.GWLBConfig:
+ properties:
+ DeregistrationDelay:
+ default: 300
+ type: integer
+ RejectedFlowCountAlertThreshold:
+ default: 10
+ type: integer
+ RejectedFlowCountTCPAlertThreshold:
+ default: 10
+ type: integer
+ SessionRebalanceEnabled:
+ default: false
+ description: Omitempty skips creation of the field when false
+ type: boolean
+ TCPIdleTimeout:
+ default: 350
+ type: integer
+ type: object
+ model.Ipv6Config:
+ properties:
+ Enabled:
+ type: boolean
+ type: object
+ model.LogConfig:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ LogDestination:
+ type: string
+ LogDestinationType:
+ enum:
+ - S3
+ - CloudWatchLogs
+ - KinesisDataFirehose
+ type: string
+ LogType:
+ items:
+ enum:
+ - TRAFFIC
+ - DECRYPTION
+ - THREAT
+ - USER_ID
+ type: string
+ type: array
+ RoleType:
+ enum:
+ - ResourceBased
+ - IamBased
+ type: string
+ required:
+ - LogDestination
+ - LogDestinationType
+ - LogType
+ - RoleType
+ type: object
+ model.Notification:
+ properties:
+ ExpiryTime:
+ type: integer
+ Id:
+ type: string
+ Link:
+ $ref: '#/components/schemas/model.NotificationLink'
+ Msg:
+ type: string
+ type: object
+ model.NotificationLink:
+ properties:
+ Target:
+ type: string
+ Text:
+ type: string
+ type: object
+ model.PrefixConfig:
+ properties:
+ Cidrs:
+ items:
+ type: string
+ type: array
+ type: object
+ model.PrefixInfo:
+ properties:
+ PrivatePrefix:
+ $ref: '#/components/schemas/model.PrefixConfig'
+ PublicPrefix:
+ $ref: '#/components/schemas/model.PrefixConfig'
+ type: object
+ model.PrivateAccessConfig:
+ properties:
+ ResourceID:
+ type: string
+ Type:
+ enum:
+ - NetworkLoadBalancer
+ type: string
+ type: object
+ model.PublicIP:
+ properties:
+ IPAddress:
+ type: string
+ IPSource:
+ type: string
+ IPStatus:
+ type: string
+ type: object
+ model.ResourceStatus:
+ properties:
+ DeviceRuleStackCommitInfo:
+ $ref: '#/components/schemas/model.RuleStackCommitData'
+ DeviceRuleStackCommitState:
+ enum:
+ - Submitted
+ - None
+ type: string
+ DeviceRuleStackCommitStatus:
+ enum:
+ - Running
+ - Uncommitted
+ - Precommit
+ - PrecommitDone
+ - PrevalidateDone
+ - Committing
+ - Failed
+ - Success
+ type: string
+ FailureReason:
+ type: string
+ FirewallStatus:
+ enum:
+ - CREATING
+ - UPDATING
+ - DELETING
+ - CREATE_COMPLETE
+ - UPDATE_COMPLETE
+ - CREATE_FAIL
+ - UPDATE_FAIL
+ - DELETE_FAIL
+ - DELETE_COMPLETE
+ type: string
+ GlobalRuleStackCommitInfo:
+ $ref: '#/components/schemas/model.RuleStackCommitData'
+ GlobalRuleStackStatus:
+ enum:
+ - Running
+ - Uncommitted
+ - Precommit
+ - PrecommitDone
+ - PrevalidateDone
+ - Committing
+ - Failed
+ - Success
+ type: string
+ PublicIPs:
+ items:
+ $ref: '#/components/schemas/model.PublicIP'
+ type: array
+ RuleStackCommitInfo:
+ $ref: '#/components/schemas/model.RuleStackCommitData'
+ RuleStackStatus:
+ enum:
+ - Running
+ - Uncommitted
+ - Precommit
+ - PrecommitDone
+ - PrevalidateDone
+ - Committing
+ - Failed
+ - Success
+ type: string
+ SCMAssocStatus:
+ type: boolean
+ type: object
+ model.RuleStackCommitData:
+ properties:
+ CommitMessages:
+ items:
+ type: string
+ type: array
+ CommitTS:
+ type: string
+ type: object
+ model.RuleStackRoles:
+ properties:
+ DecryptionRole:
+ type: string
+ NetworkMonitoringRole:
+ type: string
+ type: object
+ model.SubnetMapping:
+ properties:
+ AvailabilityZone:
+ type: string
+ AvailabilityZoneId:
+ type: string
+ SubnetId:
+ type: string
+ type: object
+ model.TagEntry:
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Value:
+ maxLength: 256
+ minLength: 1
+ type: string
+ type: object
+ model.UserIDConfig:
+ properties:
+ AgentName:
+ type: string
+ CFTURLLink:
+ type: string
+ CollectorName:
+ type: string
+ CustomIncludeExcludeNetwork:
+ items:
+ $ref: '#/components/schemas/model.UserIDCustomSubnetFilter'
+ type: array
+ Enabled:
+ type: boolean
+ EndpointDNS:
+ type: string
+ Port:
+ type: integer
+ SecretKeyARN:
+ type: string
+ UserIDStatus:
+ enum:
+ - EndpointPending
+ - EndpointFail
+ - CommitFail
+ - Enabled
+ - Disabled
+ - DisablePending
+ - UpdatePending
+ - UpdateFail
+ type: string
+ type: object
+ model.UserIDCustomSubnetFilter:
+ properties:
+ DiscoveryInclude:
+ type: boolean
+ Enabled:
+ type: boolean
+ Name:
+ type: string
+ NetworkAddress:
+ type: string
+ type: object
+ response.ResponseStatus:
+ properties:
+ ErrorCode:
+ type: integer
+ Reason:
+ type: string
+ type: object
+ v1.AssociateRuleStackAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallName
+ - RuleStackName
+ type: object
+ v1.AssociateRuleStackAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.AssociateRuleStackResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.AssociateRuleStackResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallName
+ - RuleStackName
+ type: object
+ v1.CreateFirewallAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ Description:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ EndpointMode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ type: string
+ FirewallName:
+ type: string
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ LinkId:
+ type: string
+ MultiVpcEnable:
+ type: boolean
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ SubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ VpcId:
+ type: string
+ required:
+ - AccountId
+ - EndpointMode
+ - FirewallName
+ - SubnetMappings
+ - VpcId
+ type: object
+ v1.CreateFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.CreateFirewallAPIResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.CreateFirewallAPIResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ Description:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ EndpointMode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ type: string
+ FirewallName:
+ type: string
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ LinkId:
+ type: string
+ LinkStatus:
+ type: string
+ MultiVpcEnable:
+ type: boolean
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ SecurityZones:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ SubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ UserID:
+ $ref: '#/components/schemas/model.UserIDConfig'
+ VpcId:
+ type: string
+ required:
+ - AccountId
+ - EndpointMode
+ - FirewallName
+ - SubnetMappings
+ - VpcId
+ type: object
+ v1.DeleteFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.FirewallResource'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.DeleteTagsAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ TagKeys:
+ items:
+ maxLength: 128
+ type: string
+ maxItems: 128
+ type: array
+ required:
+ - FirewallName
+ - TagKeys
+ type: object
+ v1.DeleteTagsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.DeleteTagsResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.DeleteTagsResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ TagKeys:
+ items:
+ maxLength: 128
+ type: string
+ maxItems: 128
+ type: array
+ required:
+ - FirewallName
+ - TagKeys
+ type: object
+ v1.Features:
+ properties:
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ SecurityZones:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ UserID:
+ $ref: '#/components/schemas/v2.UserIDRequest'
+ type: object
+ v1.FirewallInfo:
+ properties:
+ AccountId:
+ type: string
+ FirewallName:
+ type: string
+ type: object
+ v1.FirewallResource:
+ properties:
+ AccountId:
+ type: string
+ AppIdVersion:
+ type: string
+ AutomaticUpgradeAppIdVersion:
+ type: boolean
+ Description:
+ type: string
+ DeviceRuleStackCommitStatus:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ EndpointMode:
+ type: string
+ FirewallName:
+ type: string
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ LinkId:
+ type: string
+ LinkStatus:
+ type: string
+ MultiVpcEnable:
+ type: boolean
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ SecurityZones:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ SubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ UserID:
+ $ref: '#/components/schemas/model.UserIDConfig'
+ VpcId:
+ type: string
+ type: object
+ v1.ListFirewallsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.ListFirewallsResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.ListFirewallsResponse:
+ properties:
+ Firewalls:
+ items:
+ $ref: '#/components/schemas/v1.FirewallInfo'
+ type: array
+ FirewallsDescribe:
+ items:
+ $ref: '#/components/schemas/v1.ReadFirewallResponse'
+ type: array
+ NextToken:
+ type: string
+ type: object
+ v1.ListTagsAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.ListTagsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.ListTagsResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.ListTagsResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ required:
+ - FirewallName
+ type: object
+ v1.LogDestinationConfig:
+ properties:
+ LogDestination:
+ type: string
+ LogDestinationType:
+ enum:
+ - S3
+ - CloudWatchLogs
+ - KinesisDataFirehose
+ type: string
+ LogType:
+ enum:
+ - TRAFFIC
+ - DECRYPTION
+ - THREAT
+ - USER_ID
+ type: string
+ required:
+ - LogDestination
+ - LogDestinationType
+ - LogType
+ type: object
+ v1.ReadFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.ReadFirewallResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.ReadFirewallResource:
+ properties:
+ AccountId:
+ type: string
+ AppIdVersion:
+ type: string
+ AutomaticUpgradeAppIdVersion:
+ type: boolean
+ Description:
+ type: string
+ DeviceRuleStackCommitStatus:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ EndpointMode:
+ type: string
+ EndpointServiceName:
+ type: string
+ FirewallId:
+ type: string
+ FirewallName:
+ type: string
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ LinkId:
+ type: string
+ LinkStatus:
+ type: string
+ MultiVpcEnable:
+ type: boolean
+ Notifications:
+ items:
+ $ref: '#/components/schemas/model.Notification'
+ type: array
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ SecurityZones:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ SubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ UserID:
+ $ref: '#/components/schemas/model.UserIDConfig'
+ VpcId:
+ type: string
+ type: object
+ v1.ReadFirewallResponse:
+ properties:
+ Firewall:
+ $ref: '#/components/schemas/v1.ReadFirewallResource'
+ Status:
+ $ref: '#/components/schemas/model.ResourceStatus'
+ type: object
+ v1.ReadLogProfileAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.ReadLogProfileAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.ReadLogProfileResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.ReadLogProfileResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AdvancedThreatLog:
+ type: boolean
+ CloudWatchMetricNamespace:
+ type: string
+ CloudWatchMetricsFields:
+ items:
+ type: string
+ type: array
+ FirewallId:
+ type: string
+ FirewallName:
+ type: string
+ LogDestinationConfigs:
+ items:
+ $ref: '#/components/schemas/v1.LogDestinationConfig'
+ type: array
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateContentVersionAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AppIdVersion:
+ type: string
+ AutomaticUpgradeAppIdVersion:
+ type: boolean
+ FirewallName:
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateContentVersionAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.UpdateContentVersionResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.UpdateContentVersionResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AppIdVersion:
+ type: string
+ AutomaticUpgradeAppIdVersion:
+ type: boolean
+ FirewallName:
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateDescriptionAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ Description:
+ type: string
+ FirewallName:
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - Description
+ - FirewallName
+ type: object
+ v1.UpdateDescriptionAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.UpdateDescriptionResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.UpdateDescriptionResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ Description:
+ type: string
+ FirewallName:
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - Description
+ - FirewallName
+ type: object
+ v1.UpdateFeaturesAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ Features:
+ $ref: '#/components/schemas/v1.Features'
+ FirewallName:
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateFeaturesAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.UpdateFeaturesAPIResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.UpdateFeaturesAPIResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ Features:
+ $ref: '#/components/schemas/v1.Features'
+ FirewallName:
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateLogProfileAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AdvancedThreatLog:
+ type: boolean
+ CloudWatchMetricNamespace:
+ type: string
+ CloudWatchMetricsFields:
+ items:
+ type: string
+ type: array
+ FirewallName:
+ type: string
+ LogDestinationConfigs:
+ items:
+ $ref: '#/components/schemas/v1.LogDestinationConfig'
+ type: array
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateLogProfileAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.UpdateLogProfileResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.UpdateLogProfileResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AdvancedThreatLog:
+ type: boolean
+ CloudWatchMetricNamespace:
+ type: string
+ CloudWatchMetricsFields:
+ items:
+ type: string
+ type: array
+ FirewallId:
+ type: string
+ FirewallName:
+ type: string
+ LogDestinationConfigs:
+ items:
+ $ref: '#/components/schemas/v1.LogDestinationConfig'
+ type: array
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateSubnetMappingsAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AssociateSubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ DisassociateSubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ FirewallName:
+ type: string
+ MultiVpcEnable:
+ type: boolean
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateSubnetMappingsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.UpdateSubnetMappingsAPIResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ MultiVpcEnable:
+ type: boolean
+ SubnetMappings:
+ items:
+ $ref: '#/components/schemas/model.SubnetMapping'
+ type: array
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallName
+ type: object
+ v1.UpdateTagsAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ required:
+ - FirewallName
+ - Tags
+ type: object
+ v1.UpdateTagsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v1.UpdateTagsResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v1.UpdateTagsResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallName:
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ required:
+ - FirewallName
+ type: object
+ v2.AccountDetails:
+ properties:
+ AccountId:
+ type: string
+ CloudFormationTemplateURL:
+ type: string
+ ExternalId:
+ type: string
+ OnboardingStatus:
+ type: string
+ PrimaryAccount:
+ type: boolean
+ ServiceAccountId:
+ type: string
+ SnsTopicArn:
+ type: string
+ UpdateToken:
+ type: string
+ type: object
+ v2.AssociateLinkInput:
+ properties:
+ LinkId:
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - LinkId
+ - UpdateToken
+ type: object
+ v2.AssociateLinkOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.AssociateLinkResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.AssociateLinkResponse:
+ properties:
+ FirewallId:
+ type: string
+ LinkId:
+ type: string
+ LinkStatus:
+ enum:
+ - Active
+ - Updating
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ type: string
+ required:
+ - FirewallId
+ - LinkId
+ - UpdateToken
+ type: object
+ v2.AssociateRuleStackInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - RuleStackName
+ - UpdateToken
+ type: object
+ v2.AssociateRuleStackOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.AssociateRuleStackResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.AssociateRuleStackResponse:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ FirewallId:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallId
+ - RuleStackName
+ - UpdateToken
+ type: object
+ v2.CreateFirewallAPIInput:
+ properties:
+ AllowListAccounts:
+ items:
+ type: string
+ maxItems: 300
+ type: array
+ ChangeProtection:
+ items:
+ type: string
+ type: array
+ CustomerZoneIdList:
+ items:
+ type: string
+ type: array
+ Description:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ LinkId:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ required:
+ - CustomerZoneIdList
+ type: object
+ v2.CreateFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.CreateFirewallAPIResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.CreateFirewallAPIResponse:
+ properties:
+ AllowListAccounts:
+ items:
+ type: string
+ maxItems: 300
+ type: array
+ ChangeProtection:
+ items:
+ type: string
+ type: array
+ CustomerZoneIdList:
+ items:
+ type: string
+ type: array
+ Description:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ FirewallId:
+ type: string
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ LinkId:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ required:
+ - CustomerZoneIdList
+ type: object
+ v2.CreateLinkAccountAPIInput:
+ properties:
+ AWSMarketplaceToken:
+ type: string
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ AgreementId:
+ type: string
+ EnableCFTRoleURLCreation:
+ type: boolean
+ EndpointMode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ type: string
+ Existing:
+ type: boolean
+ OnboardingRegion:
+ type: string
+ Origin:
+ default: CloudNGFWConsole
+ enum:
+ - AWSMarketplace
+ - CloudNGFWConsole
+ - ProgrammaticAccess
+ type: string
+ ProductId:
+ type: string
+ type: object
+ v2.CreateLinkAccountAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.CreateLinkAccountAPIResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.CreateLinkAccountAPIResponse:
+ properties:
+ AccountId:
+ type: string
+ CFTRoleURL:
+ type: string
+ EndpointMode:
+ type: string
+ Existing:
+ type: boolean
+ ExternalId:
+ type: string
+ Origin:
+ type: string
+ SNSTopicArn:
+ type: string
+ SecretsToken:
+ type: string
+ ServiceAccountId:
+ type: string
+ type: object
+ v2.DeleteFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.DeleteFirewallAPIResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.DeleteFirewallAPIResponse:
+ properties:
+ AllowListAccounts:
+ items:
+ type: string
+ type: array
+ ChangeProtection:
+ items:
+ type: string
+ type: array
+ CustomerZoneIdList:
+ items:
+ type: string
+ type: array
+ Description:
+ type: string
+ DeviceRuleStackCommitStatus:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ Endpoints:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ FirewallId:
+ type: string
+ FirewallStatus:
+ type: string
+ GWLB:
+ $ref: '#/components/schemas/model.GWLBConfig'
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Ipv6:
+ $ref: '#/components/schemas/model.Ipv6Config'
+ LinkId:
+ type: string
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ UserID:
+ $ref: '#/components/schemas/model.UserIDConfig'
+ required:
+ - CustomerZoneIdList
+ type: object
+ v2.DeleteLinkAccountAPIInput:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ required:
+ - AccountId
+ type: object
+ v2.DeleteLinkAccountAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.DeleteLinkAccountResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.DeleteLinkAccountResponse:
+ properties:
+ AccountId:
+ type: string
+ ExternalId:
+ type: string
+ Organization:
+ type: string
+ type: object
+ v2.DisassociateLinkInput:
+ properties:
+ LinkId:
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - LinkId
+ - UpdateToken
+ type: object
+ v2.DisassociateLinkOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.DisassociateLinkResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.DisassociateLinkResponse:
+ properties:
+ FirewallId:
+ type: string
+ LinkStatus:
+ enum:
+ - Active
+ - Updating
+ type: string
+ UpdateToken:
+ type: string
+ required:
+ - FirewallId
+ - UpdateToken
+ type: object
+ v2.DisassociateRuleStackInput:
+ properties:
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - UpdateToken
+ type: object
+ v2.DisassociateRuleStackOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.DisassociateRuleStackResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.DisassociateRuleStackResponse:
+ properties:
+ FirewallId:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ type: string
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ required:
+ - FirewallId
+ - UpdateToken
+ type: object
+ v2.EndpointRequest:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ EgressNATEnabled:
+ type: boolean
+ EndpointId:
+ type: string
+ Mode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ type: string
+ Prefixes:
+ $ref: '#/components/schemas/model.PrefixInfo'
+ SubnetId:
+ type: string
+ VpcId:
+ type: string
+ ZoneId:
+ type: string
+ required:
+ - Mode
+ type: object
+ v2.FirewallInfo:
+ properties:
+ FirewallId:
+ type: string
+ Region:
+ type: string
+ type: object
+ v2.FirewallInfoDescribe:
+ properties:
+ Firewall:
+ $ref: '#/components/schemas/v2.ReadFirewallResource'
+ Status:
+ $ref: '#/components/schemas/model.ResourceStatus'
+ type: object
+ v2.ListFirewallsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.ListFirewallsResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.ListFirewallsResponse:
+ properties:
+ Firewalls:
+ items:
+ $ref: '#/components/schemas/v2.FirewallInfo'
+ type: array
+ FirewallsDescribe:
+ items:
+ $ref: '#/components/schemas/v2.FirewallInfoDescribe'
+ type: array
+ NextToken:
+ type: string
+ type: object
+ v2.ListLinkAccountXaccountDetails:
+ properties:
+ AccountId:
+ type: string
+ AllowedMode:
+ type: string
+ CloudTrailRole:
+ type: string
+ DefaultRole:
+ type: string
+ Firewall:
+ $ref: '#/components/schemas/model.FirewallRoles'
+ RuleStack:
+ $ref: '#/components/schemas/model.RuleStackRoles'
+ type: object
+ v2.ListLinkAccountsAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.ListLinkAccountsResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.ListLinkAccountsResponse:
+ properties:
+ AccountDetails:
+ items:
+ $ref: '#/components/schemas/v2.AccountDetails'
+ type: array
+ AccountIds:
+ items:
+ type: string
+ type: array
+ MpRegion:
+ type: string
+ NextToken:
+ type: string
+ XAccountDetails:
+ items:
+ $ref: '#/components/schemas/v2.ListLinkAccountXaccountDetails'
+ type: array
+ type: object
+ v2.ReadFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.FirewallInfoDescribe'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.ReadFirewallResource:
+ properties:
+ AdvancedThreatLog:
+ type: boolean
+ AllowListAccounts:
+ items:
+ type: string
+ type: array
+ ChangeProtection:
+ items:
+ type: string
+ type: array
+ CloudwatchMetrics:
+ $ref: '#/components/schemas/model.CloudwatchMetrics'
+ CustomerZoneIdList:
+ items:
+ type: string
+ type: array
+ DeploymentUpdateToken:
+ type: string
+ Description:
+ type: string
+ DeviceRuleStackCommitStatus:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ EndpointServiceName:
+ type: string
+ Endpoints:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ FirewallId:
+ type: string
+ GWLB:
+ $ref: '#/components/schemas/model.GWLBConfig'
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Ipv6:
+ $ref: '#/components/schemas/model.Ipv6Config'
+ LinkId:
+ type: string
+ LinkStatus:
+ type: string
+ LogConfig:
+ $ref: '#/components/schemas/v2.ReadLogConfig'
+ Notifications:
+ items:
+ $ref: '#/components/schemas/model.Notification'
+ type: array
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ Region:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ UserID:
+ $ref: '#/components/schemas/model.UserIDConfig'
+ required:
+ - CustomerZoneIdList
+ type: object
+ v2.ReadLogConfig:
+ properties:
+ AccountId:
+ maxLength: 12
+ minLength: 12
+ type: string
+ LogDestination:
+ type: string
+ LogDestinationRegion:
+ type: string
+ LogDestinationType:
+ enum:
+ - S3
+ - CloudWatchLogs
+ - KinesisDataFirehose
+ type: string
+ LogType:
+ items:
+ enum:
+ - TRAFFIC
+ - DECRYPTION
+ - THREAT
+ - USER_ID
+ type: string
+ type: array
+ RoleType:
+ enum:
+ - ResourceBased
+ - IamBased
+ type: string
+ required:
+ - LogDestination
+ - LogDestinationType
+ - LogType
+ - RoleType
+ type: object
+ v2.ReadLogProfileInput:
+ type: object
+ v2.ReadLogProfileOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.ReadLogProfileResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.ReadLogProfileResponse:
+ properties:
+ AdvancedThreatLog:
+ type: boolean
+ CloudwatchMetrics:
+ $ref: '#/components/schemas/model.CloudwatchMetrics'
+ FirewallId:
+ type: string
+ LogConfig:
+ $ref: '#/components/schemas/model.LogConfig'
+ Region:
+ type: string
+ UpdateToken:
+ type: string
+ type: object
+ v2.UpdateFirewallAPIInput:
+ properties:
+ AllowListAccounts:
+ items:
+ type: string
+ maxItems: 300
+ type: array
+ ChangeProtection:
+ items:
+ type: string
+ type: array
+ CustomerZoneIdList:
+ items:
+ type: string
+ type: array
+ DeploymentUpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ Description:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ Endpoints:
+ items:
+ $ref: '#/components/schemas/v2.EndpointRequest'
+ type: array
+ GwlbTcpIdleTimeout:
+ maximum: 3600
+ minimum: 0
+ type: integer
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ UserID:
+ $ref: '#/components/schemas/v2.UserIDRequest'
+ required:
+ - DeploymentUpdateToken
+ - UpdateToken
+ type: object
+ v2.UpdateFirewallAPIOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.UpdateResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.UpdateLogProfileInput:
+ properties:
+ AdvancedThreatLog:
+ type: boolean
+ CloudwatchMetrics:
+ $ref: '#/components/schemas/model.CloudwatchMetrics'
+ LogConfig:
+ $ref: '#/components/schemas/model.LogConfig'
+ UpdateToken:
+ maxLength: 1024
+ minLength: 1
+ type: string
+ type: object
+ v2.UpdateLogProfileOutput:
+ properties:
+ Response:
+ $ref: '#/components/schemas/v2.UpdateLogProfileResponse'
+ ResponseStatus:
+ $ref: '#/components/schemas/response.ResponseStatus'
+ type: object
+ v2.UpdateLogProfileResponse:
+ properties:
+ AdvancedThreatLog:
+ type: boolean
+ CloudwatchMetrics:
+ $ref: '#/components/schemas/model.CloudwatchMetrics'
+ FirewallId:
+ type: string
+ LogConfig:
+ $ref: '#/components/schemas/model.LogConfig'
+ Region:
+ type: string
+ UpdateToken:
+ type: string
+ type: object
+ v2.UpdateResponse:
+ properties:
+ AllowListAccounts:
+ items:
+ type: string
+ type: array
+ ChangeProtection:
+ items:
+ type: string
+ type: array
+ CustomerZoneIdList:
+ items:
+ type: string
+ type: array
+ DeploymentUpdateToken:
+ type: string
+ Description:
+ type: string
+ DeviceRuleStackCommitStatus:
+ type: string
+ EgressNAT:
+ $ref: '#/components/schemas/model.EgressNATConfig'
+ Endpoints:
+ items:
+ $ref: '#/components/schemas/model.EndpointConfig'
+ type: array
+ FirewallId:
+ type: string
+ GWLB:
+ $ref: '#/components/schemas/model.GWLBConfig'
+ GlobalRuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ GwlbTcpIdleTimeout:
+ maximum: 3600
+ minimum: 0
+ type: integer
+ Ipv6:
+ $ref: '#/components/schemas/model.Ipv6Config'
+ LinkId:
+ type: string
+ PrivateAccess:
+ $ref: '#/components/schemas/model.PrivateAccessConfig'
+ Region:
+ type: string
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/model.TagEntry'
+ maxItems: 50
+ type: array
+ UpdateToken:
+ type: string
+ UserID:
+ $ref: '#/components/schemas/model.UserIDConfig'
+ required:
+ - CustomerZoneIdList
+ type: object
+ v2.UserIDRequest:
+ properties:
+ AgentName:
+ type: string
+ CollectorName:
+ type: string
+ CustomIncludeExcludeNetwork:
+ items:
+ $ref: '#/components/schemas/model.UserIDCustomSubnetFilter'
+ type: array
+ Enabled:
+ type: boolean
+ Port:
+ type: integer
+ SecretKeyARN:
+ type: string
+ type: object
+info:
+ contact: {}
+ description: "The V2 API provides enhanced operations for managing Cloud NGFW resources.\
+ \ This version introduces new features and improvements for firewall management,\
+ \ including support for managing firewalls by ID and name, content version updates,\
+ \ and feature management.\n\n### Key Features\n\n- Manage firewalls by firewall\
+ \ ID or firewall name\n- Update firewall content versions\n- Configure firewall\
+ \ features \n- Link firewalls across accounts\n- Enhanced log profile and rulestack\
+ \ management\n\n### Permission Policies\n\n| Action \
+ \ | Local Firewall Administrator | Local Rulestack Administrator | Global\
+ \ Rulestack Administrator |\n| -------------------------------------- | :---------------------------:\
+ \ | :---------------------------: | :----------------------------: |\n| Create/Delete\
+ \ Firewall | **☑** | ☐ \
+ \ | ☐ |\n| Update Firewall \
+ \ | **☑** | ☐ \
+ \ | ☐ |\n| Manage Firewall Features \
+ \ | **☑** | ☐ | ☐\
+ \ |\n| Link Accounts | **☑**\
+ \ | ☐ | ☐ \
+ \ |\n"
+ title: Manage Cloud NGFW (V2)
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v2/linkaccounts:
+ delete:
+ description: 'Delete a link account from V2 API configuration.
+
+ '
+ operationId: delete-v2-linkaccounts
+ parameters:
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DeleteLinkAccountAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DeleteLinkAccountAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DeleteLinkAccountAPIOutput'
+ description: Bad Request
+ summary: delete linkaccounts
+ tags:
+ - ManageNGFW-V2
+ get:
+ description: 'List all link accounts configured for V2 API.
+
+ '
+ operationId: get-v2-linkaccounts
+ parameters:
+ - description: Max results
+ in: query
+ name: maxresults
+ schema:
+ type: string
+ - description: describe the Accounts
+ in: query
+ name: describe
+ schema:
+ type: string
+ - description: Next token
+ in: query
+ name: nexttoken
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ListLinkAccountsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ListLinkAccountsAPIOutput'
+ description: Bad Request
+ summary: list linkaccounts
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: 'Create a new link account for V2 API access.
+
+ '
+ operationId: post-v2-linkaccounts
+ parameters:
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.CreateLinkAccountAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.CreateLinkAccountAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.CreateLinkAccountAPIOutput'
+ description: Bad Request
+ summary: create linkaccounts
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls:
+ get:
+ description: 'List all Cloud NGFW resources in your account using V2 API.
+
+ '
+ operationId: get-v2-ngfirewalls
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Max results
+ in: query
+ name: maxresults
+ schema:
+ type: string
+ - description: describe the FW
+ in: query
+ name: describe
+ schema:
+ type: string
+ - description: Next token
+ in: query
+ name: nexttoken
+ schema:
+ type: string
+ - description: rulestack name
+ in: query
+ name: rulestackname
+ schema:
+ type: string
+ - description: global rulestack name
+ in: query
+ name: globalrulestackname
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ListFirewallsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ListFirewallsAPIOutput'
+ description: Bad Request
+ summary: list ngfirewalls
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: 'Create a new Cloud NGFW resource using V2 API.
+
+ '
+ operationId: post-v2-ngfirewalls
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.CreateFirewallAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.CreateFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.CreateFirewallAPIOutput'
+ description: Bad Request
+ summary: create ngfirewall
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/:
+ get:
+ description: 'Alternative endpoint to list all Cloud NGFW resources.
+
+ '
+ operationId: get-v2-ngfirewalls-
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ListFirewallsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ListFirewallsAPIOutput'
+ description: Bad Request
+ summary: v1 list firewalls
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: 'Alternative endpoint to create a new Cloud NGFW resource.
+
+ '
+ operationId: post-v2-ngfirewalls-
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.CreateFirewallAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.CreateFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.CreateFirewallAPIOutput'
+ description: Bad Request
+ summary: v1 create ngfirewall
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_id}:
+ delete:
+ description: 'Delete a specific firewall by firewall ID.
+
+ '
+ operationId: delete-v2-ngfirewalls-firewallid
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: 'The unique identifier of the firewall.
+
+ '
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DeleteFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DeleteFirewallAPIOutput'
+ description: Bad Request
+ summary: delete ngfirewall
+ tags:
+ - ManageNGFW-V2
+ get:
+ description: 'Retrieve details of a specific firewall by firewall ID.
+
+ '
+ operationId: get-v2-ngfirewalls-firewallid
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: 'The unique identifier of the firewall.
+
+ '
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ReadFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ReadFirewallAPIOutput'
+ description: Bad Request
+ summary: read ngfirewall
+ tags:
+ - ManageNGFW-V2
+ patch:
+ description: update ngfirewall
+ operationId: patch-v2-ngfirewalls-firewallid
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.UpdateFirewallAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.UpdateFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.UpdateFirewallAPIOutput'
+ description: Bad Request
+ summary: update ngfirewall
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_id}/link:
+ delete:
+ description: disassociate fw link
+ operationId: delete-v2-ngfirewalls-firewallid-link
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DisassociateLinkInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DisassociateLinkOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DisassociateLinkOutput'
+ description: Bad Request
+ summary: disassociate fw link
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: associate fw link
+ operationId: post-v2-ngfirewalls-firewallid-link
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.AssociateLinkInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.AssociateLinkOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.AssociateLinkOutput'
+ description: Bad Request
+ summary: associate fw link
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_id}/logprofile:
+ get:
+ description: read logprofile
+ operationId: get-v2-ngfirewalls-firewallid-logprofile
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ReadLogProfileInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ReadLogProfileOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.ReadLogProfileOutput'
+ description: Bad Request
+ summary: read logprofile
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: update logprofile
+ operationId: post-v2-ngfirewalls-firewallid-logprofile
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.UpdateLogProfileInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.UpdateLogProfileOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.UpdateLogProfileOutput'
+ description: Bad Request
+ summary: update logprofile
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_id}/rulestack:
+ delete:
+ description: disassociate rulestack
+ operationId: delete-v2-ngfirewalls-firewallid-rulestack
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DisassociateRuleStackInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DisassociateRuleStackOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.DisassociateRuleStackOutput'
+ description: Bad Request
+ summary: disassociate rulestack
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: associate rulestack
+ operationId: post-v2-ngfirewalls-firewallid-rulestack
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: Firewall ID
+ in: path
+ name: firewall_id
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.AssociateRuleStackInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.AssociateRuleStackOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v2.AssociateRuleStackOutput'
+ description: Bad Request
+ summary: associate rulestack
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}:
+ delete:
+ description: v1 delete firewall
+ operationId: delete-v2-ngfirewalls-firewallname
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.DeleteFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.DeleteFirewallAPIOutput'
+ description: Bad Request
+ summary: v1 delete firewall
+ tags:
+ - ManageNGFW-V2
+ get:
+ description: 'Retrieve details of a specific firewall by firewall name.
+
+ '
+ operationId: get-v2-ngfirewalls-firewallname
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ReadFirewallAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ReadFirewallAPIOutput'
+ description: Bad Request
+ summary: v1 read firewall
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/contentversion:
+ put:
+ description: 'Update the content version for a firewall by firewall name.
+
+ '
+ operationId: put-v2-ngfirewalls-firewallname-contentversion
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateContentVersionAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateContentVersionAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateContentVersionAPIOutput'
+ description: Bad Request
+ summary: v1 update content version
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/description:
+ put:
+ description: 'Update the description of a firewall by firewall name.
+
+ '
+ operationId: put-v2-ngfirewalls-firewallname-description
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateDescriptionAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateDescriptionAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateDescriptionAPIOutput'
+ description: Bad Request
+ summary: v1 update description
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/features:
+ put:
+ description: 'Configure firewall features by firewall name.
+
+ '
+ operationId: put-v2-ngfirewalls-firewallname-features
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateFeaturesAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateFeaturesAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateFeaturesAPIOutput'
+ description: Bad Request
+ summary: v1 update features
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/logprofile:
+ get:
+ description: v1 read logprofile
+ operationId: get-v2-ngfirewalls-firewallname-logprofile
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: account id
+ in: query
+ name: accountid
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ReadLogProfileAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ReadLogProfileAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ReadLogProfileAPIOutput'
+ description: Bad Request
+ summary: v1 read logprofile
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: v1 update logprofile
+ operationId: post-v2-ngfirewalls-firewallname-logprofile
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateLogProfileAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateLogProfileAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateLogProfileAPIOutput'
+ description: Bad Request
+ summary: v1 update logprofile
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/rulestack:
+ post:
+ description: v1 associate rulestack
+ operationId: post-v2-ngfirewalls-firewallname-rulestack
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: string
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.AssociateRuleStackAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.AssociateRuleStackAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.AssociateRuleStackAPIOutput'
+ description: Bad Request
+ summary: v1 associate rulestack
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/subnets:
+ post:
+ description: v1 update subnet mappings
+ operationId: post-v2-ngfirewalls-firewallname-subnets
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateSubnetMappingsAPIOutput'
+ description: Bad Request
+ summary: v1 update subnet mappings
+ tags:
+ - ManageNGFW-V2
+ /v2/ngfirewalls/{firewall_name}/tags:
+ delete:
+ description: 'Remove tags from a firewall by firewall name.
+
+ '
+ operationId: delete-v2-ngfirewalls-firewallname-tags
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.DeleteTagsAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.DeleteTagsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.DeleteTagsAPIOutput'
+ description: Bad Request
+ summary: v1 delete tags
+ tags:
+ - ManageNGFW-V2
+ get:
+ description: 'List tags for a firewall by firewall name.
+
+ '
+ operationId: get-v2-ngfirewalls-firewallname-tags
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ListTagsAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ListTagsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.ListTagsAPIOutput'
+ description: Bad Request
+ summary: v1 list tags
+ tags:
+ - ManageNGFW-V2
+ post:
+ description: 'Add tags to a firewall by firewall name.
+
+ '
+ operationId: post-v2-ngfirewalls-firewallname-tags
+ parameters:
+ - description: FW region
+ in: query
+ name: region
+ required: true
+ schema:
+ type: string
+ - description: v1 route
+ in: query
+ name: v1route
+ required: true
+ schema:
+ type: boolean
+ - description: Authorization
+ in: header
+ name: Authorization
+ required: true
+ schema:
+ type: string
+ - description: x-api-key
+ in: header
+ name: x-api-key
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateTagsAPIInput'
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateTagsAPIOutput'
+ description: OK
+ '400':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/v1.UpdateTagsAPIOutput'
+ description: Bad Request
+ summary: v1 update tags
+ tags:
+ - ManageNGFW-V2
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: ManageNGFW-V2
diff --git a/static/cloudngfw/aws/spec/api/ManageNGFW.yaml b/static/cloudngfw/aws/spec/api/ManageNGFW.yaml
new file mode 100644
index 000000000..b3c713bd2
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/ManageNGFW.yaml
@@ -0,0 +1,792 @@
+components:
+ schemas:
+ CreateFWResourceRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ Description:
+ maxLength: 512
+ pattern: ^.*$
+ title: Description
+ type: string
+ EndpointMode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ title: Endpointmode
+ type: string
+ FirewallName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Firewallname
+ type: string
+ GlobalRuleStackName:
+ title: Globalrulestackname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ SubnetMappings:
+ items:
+ $ref: '#/components/schemas/CreateFWResourceRequest.SubnetMappingsType'
+ title: Subnetmappings
+ type: array
+ Tags:
+ items:
+ $ref: '#/components/schemas/CreateFWResourceRequest.TagEntry'
+ maxItems: 50
+ title: Tags
+ type: array
+ VpcId:
+ title: Vpcid
+ type: string
+ required:
+ - EndpointMode
+ - FirewallName
+ - SubnetMappings
+ - VpcId
+ title: CreateFWResourceRequest
+ type: object
+ CreateFWResourceRequest.SubnetMappingsType:
+ additionalProperties: false
+ properties:
+ AvailabilityZone:
+ title: Availabilityzone
+ type: string
+ SubnetId:
+ title: Subnetid
+ type: string
+ title: SubnetMappingsType
+ type: object
+ CreateFWResourceRequest.TagEntry:
+ additionalProperties: false
+ properties:
+ Key:
+ title: Key
+ type: string
+ Value:
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: TagEntry
+ type: object
+ CreateFWResourceResponse:
+ properties:
+ Response:
+ $ref: '#/components/schemas/CreateFWResourceResponse.FirewallResource'
+ ResponseStatus:
+ $ref: '#/components/schemas/CreateFWResourceResponse.Result'
+ title: CreateFWResourceResponse
+ type: object
+ CreateFWResourceResponse.FirewallResource:
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ AppIdVersion:
+ maxLength: 64
+ minLength: 1
+ pattern: ^[0-9]+-[0-9]+$
+ title: Appidversion
+ type: string
+ AutomaticUpgradeAppIdVersion:
+ default: true
+ title: Automaticupgradeappidversion
+ type: boolean
+ Description:
+ title: Description
+ type: string
+ EndpointMode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ title: Endpointmode
+ type: string
+ FirewallName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Firewallname
+ type: string
+ GlobalRuleStackName:
+ title: Globalrulestackname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ SubnetMappings:
+ items:
+ type: object
+ title: Subnetmappings
+ type: array
+ Tags:
+ items:
+ type: object
+ title: Tags
+ type: array
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ VpcId:
+ title: Vpcid
+ type: string
+ required:
+ - EndpointMode
+ - FirewallName
+ - SubnetMappings
+ - VpcId
+ title: FirewallResource
+ type: object
+ CreateFWResourceResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DeleteFWResourceRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ title: DeleteFWResourceRequest
+ type: object
+ DeleteFWResourceResponse:
+ properties:
+ Response:
+ $ref: '#/components/schemas/DeleteFWResourceResponse.FirewallResource'
+ ResponseStatus:
+ $ref: '#/components/schemas/DeleteFWResourceResponse.Result'
+ title: DeleteFWResourceResponse
+ type: object
+ DeleteFWResourceResponse.FirewallResource:
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ AppIdVersion:
+ maxLength: 64
+ minLength: 1
+ pattern: ^[0-9]+-[0-9]+$
+ title: Appidversion
+ type: string
+ AutomaticUpgradeAppIdVersion:
+ default: true
+ title: Automaticupgradeappidversion
+ type: boolean
+ Description:
+ title: Description
+ type: string
+ EndpointMode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ title: Endpointmode
+ type: string
+ FirewallName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Firewallname
+ type: string
+ GlobalRuleStackName:
+ title: Globalrulestackname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ SubnetMappings:
+ items:
+ type: object
+ title: Subnetmappings
+ type: array
+ Tags:
+ items:
+ type: object
+ title: Tags
+ type: array
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ VpcId:
+ title: Vpcid
+ type: string
+ required:
+ - EndpointMode
+ - FirewallName
+ - SubnetMappings
+ - VpcId
+ title: FirewallResource
+ type: object
+ DeleteFWResourceResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListFWResourceRequest:
+ additionalProperties: false
+ properties:
+ MaxResults:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ VpcIds:
+ items:
+ type: string
+ title: Vpcids
+ type: array
+ title: ListFWResourceRequest
+ type: object
+ ListFWResourceResponse:
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListFWResourceResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListFWResourceResponse.Result'
+ title: ListFWResourceResponse
+ type: object
+ ListFWResourceResponse.FirewallInfo:
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ FirewallName:
+ title: Firewallname
+ type: string
+ required:
+ - FirewallName
+ title: FirewallInfo
+ type: object
+ ListFWResourceResponse.ResponseData:
+ properties:
+ Firewalls:
+ items:
+ $ref: '#/components/schemas/ListFWResourceResponse.FirewallInfo'
+ title: Firewalls
+ type: array
+ NextToken:
+ title: Nexttoken
+ type: string
+ title: ResponseData
+ type: object
+ ListFWResourceResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ReadFWResourceRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ title: ReadFWResourceRequest
+ type: object
+ ReadFWResourceResponse:
+ properties:
+ Response:
+ $ref: '#/components/schemas/ReadFWResourceResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ReadFWResourceResponse.Result'
+ title: ReadFWResourceResponse
+ type: object
+ ReadFWResourceResponse.ReadFirewallResource:
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ AppIdVersion:
+ maxLength: 64
+ minLength: 1
+ pattern: ^[0-9]+-[0-9]+$
+ title: Appidversion
+ type: string
+ AutomaticUpgradeAppIdVersion:
+ default: true
+ title: Automaticupgradeappidversion
+ type: boolean
+ Description:
+ title: Description
+ type: string
+ EndpointMode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ title: Endpointmode
+ type: string
+ EndpointServiceName:
+ default: Creating
+ title: Endpointservicename
+ type: string
+ FirewallName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Firewallname
+ type: string
+ GlobalRuleStackName:
+ title: Globalrulestackname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ SubnetMappings:
+ items:
+ type: object
+ title: Subnetmappings
+ type: array
+ Tags:
+ items:
+ type: object
+ title: Tags
+ type: array
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ VpcId:
+ title: Vpcid
+ type: string
+ required:
+ - EndpointMode
+ - FirewallName
+ - SubnetMappings
+ - VpcId
+ title: ReadFirewallResource
+ type: object
+ ReadFWResourceResponse.ResourceAttachment:
+ properties:
+ EndpointId:
+ title: Endpointid
+ type: string
+ RejectedReason:
+ title: Rejectedreason
+ type: string
+ Status:
+ enum:
+ - ACCEPTED
+ - PENDING
+ - REJECTED
+ title: Status
+ type: string
+ SubnetId:
+ title: Subnetid
+ type: string
+ required:
+ - EndpointId
+ - Status
+ title: ResourceAttachment
+ type: object
+ ReadFWResourceResponse.ResourceStatus:
+ properties:
+ Attachments:
+ items:
+ $ref: '#/components/schemas/ReadFWResourceResponse.ResourceAttachment'
+ title: Attachments
+ type: array
+ FailureReason:
+ title: Failurereason
+ type: string
+ FirewallStatus:
+ enum:
+ - CREATING
+ - UPDATING
+ - DELETING
+ - CREATE_COMPLETE
+ - UPDATE_COMPLETE
+ - CREATE_FAIL
+ - UPDATE_FAIL
+ - DELETE_FAIL
+ title: Firewallstatus
+ type: string
+ RuleStackStatus:
+ title: Rulestackstatus
+ type: string
+ required:
+ - Attachments
+ - FirewallStatus
+ title: ResourceStatus
+ type: object
+ ReadFWResourceResponse.ResponseData:
+ properties:
+ Firewall:
+ $ref: '#/components/schemas/ReadFWResourceResponse.ReadFirewallResource'
+ Status:
+ $ref: '#/components/schemas/ReadFWResourceResponse.ResourceStatus'
+ title: ResponseData
+ type: object
+ ReadFWResourceResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ UpdateFWResourceDescriptionRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ Description:
+ maxLength: 512
+ pattern: ^.*$
+ title: Description
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - Description
+ title: UpdateFWResourceDescriptionRequest
+ type: object
+ UpdateFWResourceDescriptionResponse:
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse.Result'
+ title: UpdateFWResourceDescriptionResponse
+ type: object
+ UpdateFWResourceDescriptionResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ Description:
+ title: Description
+ type: string
+ FirewallName:
+ title: Firewallname
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: ResponseData
+ type: object
+ UpdateFWResourceDescriptionResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ UpdateFWResourceSubnetsRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ AssociateSubnetMappings:
+ items:
+ $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType'
+ title: Associatesubnetmappings
+ type: array
+ DisassociateSubnetMappings:
+ items:
+ $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest.SubnetMappingsType'
+ title: Disassociatesubnetmappings
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: UpdateFWResourceSubnetsRequest
+ type: object
+ UpdateFWResourceSubnetsRequest.SubnetMappingsType:
+ additionalProperties: false
+ properties:
+ AvailabilityZone:
+ title: Availabilityzone
+ type: string
+ SubnetId:
+ title: Subnetid
+ type: string
+ title: SubnetMappingsType
+ type: object
+ UpdateFWResourceSubnetsResponse:
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse.Result'
+ title: UpdateFWResourceSubnetsResponse
+ type: object
+ UpdateFWResourceSubnetsResponse.ResponseData:
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ FirewallName:
+ title: Firewallname
+ type: string
+ SubnetMappings:
+ items:
+ type: object
+ title: Subnetmappings
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: ResponseData
+ type: object
+ UpdateFWResourceSubnetsResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Add and modify the user IAM rules and permission policies required\
+ \ to expand or reduce their access and permissions. You can also delete a user.\
+ \ And individual users can view their roles and change their name or password\
+ \ as necessary.\n\n### Permission Policies\n\n| Action \
+ \ | Local Firewall Administrator | Local Rulestack Administrator\
+ \ | Global Rulestack Administrator |\n| :----------------------------------------:\
+ \ | :---------------------------: | :--------------------------: | :----------------------------:\
+ \ |\n| Create a Firewall Resource | **☑** \
+ \ | ☐ | ☐ |\n| Delete\
+ \ a Firewall Resource | **☑** | ☐\
+ \ | ☐ | \
+ \ \n| Describe a Firewall Resource | **☑** \
+ \ | **☑** | **☑** | \n\
+ | List Firewall Resources | **☑** |\
+ \ **☑** | **☑** | \n| Update\
+ \ a Firewall Resource Description | **☑** | ☐\
+ \ | ☐ | \
+ \ \n| Update a Firewall Content Version | **☑**\
+ \ | ☐ | ☐ \
+ \ | \n| Update a Firewall Resource\
+ \ Subnet Mappings | **☑** | ☐ \
+ \ | ☐ | \n"
+ title: Manage Cloud NGFW
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/ngfirewalls:
+ get:
+ description: 'List all firewalls in the Global Firewall Admin (FMS) account
+ and retrieve the metadata for the firewall policies that you have defined.
+
+ '
+ operationId: get-v1-config-ngfirewalls
+ parameters: []
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListFWResourceRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListFWResourceResponse'
+ description: OK
+ summary: List Firewall Resources
+ tags:
+ - ManageNGFW
+ post:
+ description: 'Create an AWS Network Firewall and define configuration settings.
+ The settings that you define at creation include firewall policy, subnets
+ in your VPC, and tags associated with the AWS firewall resource.
+
+ '
+ operationId: post-v1-config-ngfirewalls
+ parameters: []
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateFWResourceRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateFWResourceResponse'
+ description: OK
+ summary: Create A Firewall Resource
+ tags:
+ - ManageNGFW
+ /v1/config/ngfirewalls/{ngfirewallname}:
+ delete:
+ description: "Delete the specified NGFW. You can check whether a NGFW is in\
+ \ use by reviewing the route tables for the Availability Zones (AZs) where\
+ \ you have the NGFW subnet mappings. \n\nRetrieve the subnet mappings by\
+ \ calling `DescribeFirewall`. You can define and update the route tables through\
+ \ Amazon VPC as needed. Update the route tables for the AZs to remove the\
+ \ NGFW endpoints. When the route tables no longer use the NGFW endpoints,\
+ \ you can remove the NGFW safely.\n"
+ operationId: delete-v1-config-ngfirewalls-ngfirewallname
+ parameters:
+ - description: 'The name of the NGFW.
+
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteFWResourceRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteFWResourceResponse'
+ description: OK
+ summary: Delete A Firewall Resource
+ tags:
+ - ManageNGFW
+ get:
+ description: 'Returns the data of a specific NGFW resource.
+
+ '
+ operationId: get-v1-config-ngfirewalls-ngfirewallname
+ parameters:
+ - description: 'The name of the NGFW.
+
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ReadFWResourceRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ReadFWResourceResponse'
+ description: OK
+ summary: Describe A Firewall Resource
+ tags:
+ - ManageNGFW
+ /v1/config/ngfirewalls/{ngfirewallname}/description:
+ put:
+ description: 'Modifies the description of a specific NGFW. Use the description
+ to help identify the NGFW when you are working with it.
+
+ '
+ operationId: put-v1-config-ngfirewalls-ngfirewallname-description
+ parameters:
+ - description: 'The name of the NGFW.
+
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFWResourceDescriptionRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFWResourceDescriptionResponse'
+ description: OK
+ summary: Update A Firewall Resource Description
+ tags:
+ - ManageNGFW
+ /v1/config/ngfirewalls/{ngfirewallname}/subnets:
+ put:
+ description: "Update the subnet ID associated with a NGFW. \n"
+ operationId: put-v1-config-ngfirewalls-ngfirewallname-subnets
+ parameters:
+ - description: 'The name of the NGFW.
+
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFWResourceSubnetsRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateFWResourceSubnetsResponse'
+ description: OK
+ summary: Update A Firewall Resource Subnet Mappings
+ tags:
+ - ManageNGFW
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: ManageNGFW
diff --git a/static/cloudngfw/aws/spec/api/ManageNGFWTags.yaml b/static/cloudngfw/aws/spec/api/ManageNGFWTags.yaml
new file mode 100644
index 000000000..540850462
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/ManageNGFWTags.yaml
@@ -0,0 +1,316 @@
+components:
+ schemas:
+ FirewallListTagsForResourceRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ MaxResults:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ NextToken:
+ title: Nexttoken
+ type: string
+ required:
+ - AccountId
+ title: FirewallListTagsForResourceRequest
+ type: object
+ FirewallListTagsForResourceResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/FirewallListTagsForResourceResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/FirewallListTagsForResourceResponse.Result'
+ title: FirewallListTagsForResourceResponse
+ type: object
+ FirewallListTagsForResourceResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ FirewallName:
+ title: Firewallname
+ type: string
+ NextToken:
+ title: Nexttoken
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/FirewallListTagsForResourceResponse.TagEntry'
+ title: Tags
+ type: array
+ title: ResponseData
+ type: object
+ FirewallListTagsForResourceResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ FirewallListTagsForResourceResponse.TagEntry:
+ additionalProperties: false
+ properties:
+ Key:
+ title: Key
+ type: string
+ Value:
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: TagEntry
+ type: object
+ FirewallTagResourceRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/FirewallTagResourceRequest.TagEntry'
+ maxItems: 50
+ title: Tags
+ type: array
+ required:
+ - AccountId
+ - Tags
+ title: FirewallTagResourceRequest
+ type: object
+ FirewallTagResourceRequest.TagEntry:
+ additionalProperties: false
+ properties:
+ Key:
+ title: Key
+ type: string
+ Value:
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: TagEntry
+ type: object
+ FirewallTagResourceResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/FirewallTagResourceResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/FirewallTagResourceResponse.Result'
+ title: FirewallTagResourceResponse
+ type: object
+ FirewallTagResourceResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ FirewallName:
+ title: Firewallname
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/FirewallTagResourceResponse.TagEntry'
+ title: Tags
+ type: array
+ title: ResponseData
+ type: object
+ FirewallTagResourceResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ FirewallTagResourceResponse.TagEntry:
+ additionalProperties: false
+ properties:
+ Key:
+ title: Key
+ type: string
+ Value:
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: TagEntry
+ type: object
+ FirewallUntagResourceRequest:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ TagKeys:
+ items:
+ maxLength: 128
+ minLength: 1
+ pattern: ^.*$
+ type: string
+ maxItems: 50
+ title: Tagkeys
+ type: array
+ required:
+ - AccountId
+ - TagKeys
+ title: FirewallUntagResourceRequest
+ type: object
+ FirewallUntagResourceResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/FirewallUntagResourceResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/FirewallUntagResourceResponse.Result'
+ title: FirewallUntagResourceResponse
+ type: object
+ FirewallUntagResourceResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ AccountId:
+ title: Accountid
+ type: string
+ FirewallName:
+ title: Firewallname
+ type: string
+ TagKeys:
+ items:
+ type: string
+ title: Tagkeys
+ type: array
+ title: ResponseData
+ type: object
+ FirewallUntagResourceResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Apply tags to help search and filter your Cloud NGFW resources.\n\n\
+ ### Permission Policies\n\n| Action | Local Firewall Administrator\
+ \ | Local Rulestack Administrator | Global Rulestack Administrator |\n| ------------------------------\
+ \ | :---------------------------: | :---------------------------: | :----------------------------:\
+ \ |\n| Tag Resource | **☑** | ☐\
+ \ | ☐ | \n| Untag Resource\
+ \ | **☑** | ☐ \
+ \ | ☐ | \n| List Firewall\
+ \ Tags | **☑** | **☑** \
+ \ | ☐ |\n"
+ title: Manage Cloud NGFW Tags
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/ngfirewalls/{ngfirewallname}/tags:
+ delete:
+ description: 'Remove the tags associated with a resource.
+
+ '
+ operationId: delete-v1-config-ngfirewalls-ngfirewallname-tags
+ parameters:
+ - description: ''
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/FirewallUntagResourceRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/FirewallUntagResourceResponse'
+ description: OK
+ summary: Firewall Untag Resource
+ tags:
+ - ManageNGFWTags
+ get:
+ description: 'Retrieve the tags associated with a resource.
+
+ '
+ operationId: get-v1-config-ngfirewalls-ngfirewallname-tags
+ parameters:
+ - description: ''
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/FirewallListTagsForResourceRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/FirewallListTagsForResourceResponse'
+ description: OK
+ summary: List Firewall Tags
+ tags:
+ - ManageNGFWTags
+ post:
+ description: 'Add tags to a resource. You can tag the resources that you manage
+ through NGFW firewalls and policies.
+
+ '
+ operationId: post-v1-config-ngfirewalls-ngfirewallname-tags
+ parameters:
+ - description: 'The name of the NGFW.
+
+ '
+ in: path
+ name: ngfirewallname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/FirewallTagResourceRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/FirewallTagResourceResponse'
+ description: OK
+ summary: Firewall Tag Resource
+ tags:
+ - ManageNGFWTags
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: ManageNGFWTags
diff --git a/static/cloudngfw/aws/spec/api/ManageRulestackTags.yaml b/static/cloudngfw/aws/spec/api/ManageRulestackTags.yaml
new file mode 100644
index 000000000..64116f2b4
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/ManageRulestackTags.yaml
@@ -0,0 +1,299 @@
+components:
+ schemas:
+ RulestackListTagsForResourceResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/RulestackListTagsForResourceResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/RulestackListTagsForResourceResponse.Result'
+ title: RulestackListTagsForResourceResponse
+ type: object
+ RulestackListTagsForResourceResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ NextToken:
+ title: Nexttoken
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/RulestackListTagsForResourceResponse.TagEntry'
+ title: Tags
+ type: array
+ title: ResponseData
+ type: object
+ RulestackListTagsForResourceResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ RulestackListTagsForResourceResponse.TagEntry:
+ additionalProperties: false
+ properties:
+ Key:
+ title: Key
+ type: string
+ Value:
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: TagEntry
+ type: object
+ RulestackTagResourceRequest:
+ additionalProperties: false
+ properties:
+ Tags:
+ items:
+ $ref: '#/components/schemas/RulestackTagResourceRequest.TagEntry'
+ maxItems: 50
+ title: Tags
+ type: array
+ required:
+ - Tags
+ title: RulestackTagResourceRequest
+ type: object
+ RulestackTagResourceRequest.TagEntry:
+ additionalProperties: false
+ properties:
+ Key:
+ title: Key
+ type: string
+ Value:
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: TagEntry
+ type: object
+ RulestackTagResourceResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/RulestackTagResourceResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/RulestackTagResourceResponse.Result'
+ title: RulestackTagResourceResponse
+ type: object
+ RulestackTagResourceResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/RulestackTagResourceResponse.TagEntry'
+ title: Tags
+ type: array
+ title: ResponseData
+ type: object
+ RulestackTagResourceResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ RulestackTagResourceResponse.TagEntry:
+ additionalProperties: false
+ properties:
+ Key:
+ title: Key
+ type: string
+ Value:
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: TagEntry
+ type: object
+ RulestackUntagResourceRequest:
+ additionalProperties: false
+ properties:
+ TagKeys:
+ items:
+ maxLength: 128
+ minLength: 1
+ pattern: ^.*$
+ type: string
+ maxItems: 50
+ title: Tagkeys
+ type: array
+ required:
+ - TagKeys
+ title: RulestackUntagResourceRequest
+ type: object
+ RulestackUntagResourceResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/RulestackUntagResourceResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/RulestackUntagResourceResponse.Result'
+ title: RulestackUntagResourceResponse
+ type: object
+ RulestackUntagResourceResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ TagKeys:
+ items:
+ type: string
+ title: Tagkeys
+ type: array
+ title: ResponseData
+ type: object
+ RulestackUntagResourceResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Apply tags to help search and filter your rulestack resources.\n\n\
+ ### Permission Policies\n\n| Action | Local Firewall Administrator\
+ \ | Local Rulestack Administrator | Global Rulestack Administrator |\n| ------------------------------\
+ \ | :---------------------------: | :---------------------------: | :----------------------------:\
+ \ |\n| Tag Resource | **☑** | **☑**\
+ \ | **☑** | \n| Untag Resource \
+ \ | **☑** | **☑** \
+ \ | **☑** | \n| List Firewall Tags\
+ \ | ☐ | **☑** \
+ \ | **☑** |\n"
+ title: Manage Rulestack Tags
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/tags:
+ delete:
+ description: 'Remove tags with specified keys from a specified resource.
+
+ '
+ operationId: delete-v1-config-rulestacks-rulestackname-tags
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RulestackUntagResourceRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RulestackUntagResourceResponse'
+ description: OK
+ summary: Rulestack Untag Resource
+ tags:
+ - ManageRulestackTags
+ get:
+ description: 'Retrieve the tags associated with a specified resource.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-tags
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ title: Nexttoken
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RulestackListTagsForResourceResponse'
+ description: OK
+ summary: List Rulestack Tags
+ tags:
+ - ManageRulestackTags
+ post:
+ description: 'Add tags to a specific resource. You can tag the AWS resources
+ that you manage through rulestacks.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-tags
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RulestackTagResourceRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RulestackTagResourceResponse'
+ description: OK
+ summary: Rulestack Tag Resource
+ tags:
+ - ManageRulestackTags
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: ManageRulestackTags
diff --git a/static/cloudngfw/aws/spec/api/ManageRulestacks.yaml b/static/cloudngfw/aws/spec/api/ManageRulestacks.yaml
new file mode 100644
index 000000000..48f15b55e
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/ManageRulestacks.yaml
@@ -0,0 +1,1134 @@
+components:
+ schemas:
+ CommitRequest:
+ additionalProperties: false
+ properties: {}
+ title: CommitRequest
+ type: object
+ CommitResponse:
+ additionalProperties: false
+ properties:
+ ResponseStatus:
+ $ref: '#/components/schemas/CommitResponse.Result'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: CommitResponse
+ type: object
+ CommitResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ CreateRuleStackRequest:
+ additionalProperties: false
+ properties:
+ RuleStackEntry:
+ $ref: '#/components/schemas/CreateRuleStackRequest.RuleStackCreateType'
+ RuleStackName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulestackname
+ type: string
+ required:
+ - RuleStackName
+ title: CreateRuleStackRequest
+ type: object
+ CreateRuleStackRequest.RuleStackCreateType:
+ additionalProperties: false
+ properties:
+ AccountId:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ title: Accountid
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Profiles:
+ $ref: '#/components/schemas/CreateRuleStackRequest.RuleStackProfiles'
+ Scope:
+ enum:
+ - Global
+ - Local
+ title: Scope
+ type: string
+ title: RuleStackCreateType
+ type: object
+ CreateRuleStackRequest.RuleStackProfiles:
+ additionalProperties: false
+ properties:
+ AntiSpywareProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Antispywareprofile
+ type: string
+ AntiVirusProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Antivirusprofile
+ type: string
+ FileBlockingProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Fileblockingprofile
+ type: string
+ OutboundTrustCertificate:
+ title: Outboundtrustcertificate
+ type: string
+ OutboundUnTrustCertificate:
+ title: Outbounduntrustcertificate
+ type: string
+ URLFilteringProfile:
+ default: None
+ enum:
+ - custom
+ - BestPractice
+ - None
+ title: Urlfilteringprofile
+ type: string
+ VulnerabilityProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Vulnerabilityprofile
+ type: string
+ title: RuleStackProfiles
+ type: object
+ CreateRuleStackResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/CreateRuleStackResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/CreateRuleStackResponse.Result'
+ title: CreateRuleStackResponse
+ type: object
+ CreateRuleStackResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ RuleStackEntry:
+ $ref: '#/components/schemas/CreateRuleStackResponse.RuleStack'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ CreateRuleStackResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ CreateRuleStackResponse.RuleStack:
+ additionalProperties: false
+ properties:
+ AccountId:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ title: Accountid
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Profiles:
+ $ref: '#/components/schemas/CreateRuleStackResponse.RuleStackProfiles'
+ Scope:
+ enum:
+ - Global
+ - Local
+ title: Scope
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: RuleStack
+ type: object
+ CreateRuleStackResponse.RuleStackProfiles:
+ additionalProperties: false
+ properties:
+ AntiSpywareProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Antispywareprofile
+ type: string
+ AntiVirusProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Antivirusprofile
+ type: string
+ FileBlockingProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Fileblockingprofile
+ type: string
+ OutboundTrustCertificate:
+ title: Outboundtrustcertificate
+ type: string
+ OutboundUnTrustCertificate:
+ title: Outbounduntrustcertificate
+ type: string
+ URLFilteringProfile:
+ default: None
+ enum:
+ - custom
+ - BestPractice
+ - None
+ title: Urlfilteringprofile
+ type: string
+ VulnerabilityProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Vulnerabilityprofile
+ type: string
+ title: RuleStackProfiles
+ type: object
+ DeleteRuleStackRequest:
+ additionalProperties: false
+ properties: {}
+ title: DeleteRuleStackRequest
+ type: object
+ DeleteRuleStackResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DeleteRuleStackResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DeleteRuleStackResponse.Result'
+ title: DeleteRuleStackResponse
+ type: object
+ DeleteRuleStackResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ RuleStackEntry:
+ $ref: '#/components/schemas/DeleteRuleStackResponse.RuleStackCreateType'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DeleteRuleStackResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DeleteRuleStackResponse.RuleStackCreateType:
+ additionalProperties: false
+ properties:
+ AccountId:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ title: Accountid
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Profiles:
+ $ref: '#/components/schemas/DeleteRuleStackResponse.RuleStackProfiles'
+ Scope:
+ enum:
+ - Global
+ - Local
+ title: Scope
+ type: string
+ title: RuleStackCreateType
+ type: object
+ DeleteRuleStackResponse.RuleStackProfiles:
+ additionalProperties: false
+ properties:
+ AntiSpywareProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Antispywareprofile
+ type: string
+ AntiVirusProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Antivirusprofile
+ type: string
+ FileBlockingProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Fileblockingprofile
+ type: string
+ OutboundTrustCertificate:
+ title: Outboundtrustcertificate
+ type: string
+ OutboundUnTrustCertificate:
+ title: Outbounduntrustcertificate
+ type: string
+ URLFilteringProfile:
+ default: None
+ enum:
+ - custom
+ - BestPractice
+ - None
+ title: Urlfilteringprofile
+ type: string
+ VulnerabilityProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Vulnerabilityprofile
+ type: string
+ title: RuleStackProfiles
+ type: object
+ DescribeCommitRequest:
+ additionalProperties: false
+ properties: {}
+ title: DescribeCommitRequest
+ type: object
+ DescribeCommitResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeCommitResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeCommitResponse.Result'
+ title: DescribeCommitResponse
+ type: object
+ DescribeCommitResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CommitMessages:
+ items:
+ type: string
+ title: Commitmessages
+ type: array
+ CommitStatus:
+ title: Commitstatus
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ ValidateMessages:
+ items:
+ type: string
+ title: Validatemessages
+ type: array
+ ValidateStatus:
+ title: Validatestatus
+ type: string
+ title: ResponseData
+ type: object
+ DescribeCommitResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribeRuleStackRequest:
+ additionalProperties: false
+ properties:
+ Candidate:
+ default: true
+ title: Candidate
+ type: boolean
+ MaxResults:
+ exclusiveMaximum: 101
+ exclusiveMinimum: 0
+ title: Maxresults
+ type: integer
+ Running:
+ default: false
+ title: Running
+ type: boolean
+ title: DescribeRuleStackRequest
+ type: object
+ DescribeRuleStackResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeRuleStackResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeRuleStackResponse.Result'
+ title: DescribeRuleStackResponse
+ type: object
+ DescribeRuleStackResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ RuleStackCandidate:
+ $ref: '#/components/schemas/DescribeRuleStackResponse.RuleStack'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ RuleStackRunning:
+ $ref: '#/components/schemas/DescribeRuleStackResponse.RuleStack'
+ RuleStackState:
+ title: Rulestackstate
+ type: string
+ Tags:
+ items:
+ $ref: '#/components/schemas/DescribeRuleStackResponse.TagEntry'
+ title: Tags
+ type: array
+ title: ResponseData
+ type: object
+ DescribeRuleStackResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribeRuleStackResponse.RuleStack:
+ additionalProperties: false
+ properties:
+ AccountId:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ title: Accountid
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Profiles:
+ $ref: '#/components/schemas/DescribeRuleStackResponse.RuleStackProfiles'
+ Scope:
+ enum:
+ - Global
+ - Local
+ title: Scope
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: RuleStack
+ type: object
+ DescribeRuleStackResponse.RuleStackProfiles:
+ additionalProperties: false
+ properties:
+ AntiSpywareProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Antispywareprofile
+ type: string
+ AntiVirusProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Antivirusprofile
+ type: string
+ FileBlockingProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Fileblockingprofile
+ type: string
+ OutboundTrustCertificate:
+ title: Outboundtrustcertificate
+ type: string
+ OutboundUnTrustCertificate:
+ title: Outbounduntrustcertificate
+ type: string
+ URLFilteringProfile:
+ default: None
+ enum:
+ - custom
+ - BestPractice
+ - None
+ title: Urlfilteringprofile
+ type: string
+ VulnerabilityProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Vulnerabilityprofile
+ type: string
+ title: RuleStackProfiles
+ type: object
+ DescribeRuleStackResponse.TagEntry:
+ additionalProperties: false
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ pattern: ^.*$
+ title: Key
+ type: string
+ Value:
+ maxLength: 256
+ minLength: 1
+ pattern: ^.*$
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: TagEntry
+ type: object
+ ListRuleStacksRequest:
+ additionalProperties: false
+ properties:
+ Candidate:
+ default: true
+ title: Candidate
+ type: boolean
+ MaxResults:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ NextToken:
+ title: Nexttoken
+ type: string
+ Running:
+ default: false
+ title: Running
+ type: boolean
+ Scope:
+ default: All
+ enum:
+ - Global
+ - Local
+ - All
+ title: Scope
+ type: string
+ TagKey:
+ title: Tagkey
+ type: string
+ TagValue:
+ title: Tagvalue
+ type: string
+ Uncommitted:
+ default: false
+ title: Uncommitted
+ type: boolean
+ title: ListRuleStacksRequest
+ type: object
+ ListRuleStacksResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListRuleStacksResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListRuleStacksResponse.Result'
+ title: ListRuleStacksResponse
+ type: object
+ ListRuleStacksResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ NextToken:
+ title: Nexttoken
+ type: string
+ RuleStackCandidate:
+ items:
+ type: string
+ title: Rulestackcandidate
+ type: array
+ RuleStackRunning:
+ items:
+ type: string
+ title: Rulestackrunning
+ type: array
+ RuleStackUncommitted:
+ items:
+ $ref: '#/components/schemas/ListRuleStacksResponse.RuleStackOperation'
+ title: Rulestackuncommitted
+ type: array
+ title: ResponseData
+ type: object
+ ListRuleStacksResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListRuleStacksResponse.RuleStackOperation:
+ additionalProperties: false
+ properties:
+ Operation:
+ enum:
+ - add
+ - delete
+ - update
+ title: Operation
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ required:
+ - RuleStackName
+ title: RuleStackOperation
+ type: object
+ RevertRequest:
+ additionalProperties: false
+ properties: {}
+ title: RevertRequest
+ type: object
+ RevertResponse:
+ additionalProperties: false
+ properties:
+ ResponseStatus:
+ $ref: '#/components/schemas/RevertResponse.Result'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: RevertResponse
+ type: object
+ RevertResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ UpdateRuleStackRequest:
+ additionalProperties: false
+ properties:
+ RuleStackEntry:
+ $ref: '#/components/schemas/UpdateRuleStackRequest.RuleStack'
+ title: UpdateRuleStackRequest
+ type: object
+ UpdateRuleStackRequest.RuleStack:
+ additionalProperties: false
+ properties:
+ AccountId:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ title: Accountid
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Profiles:
+ $ref: '#/components/schemas/UpdateRuleStackRequest.RuleStackProfiles'
+ Scope:
+ enum:
+ - Global
+ - Local
+ title: Scope
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: RuleStack
+ type: object
+ UpdateRuleStackRequest.RuleStackProfiles:
+ additionalProperties: false
+ properties:
+ AntiSpywareProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Antispywareprofile
+ type: string
+ AntiVirusProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Antivirusprofile
+ type: string
+ FileBlockingProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Fileblockingprofile
+ type: string
+ OutboundTrustCertificate:
+ title: Outboundtrustcertificate
+ type: string
+ OutboundUnTrustCertificate:
+ title: Outbounduntrustcertificate
+ type: string
+ URLFilteringProfile:
+ default: None
+ enum:
+ - custom
+ - BestPractice
+ - None
+ title: Urlfilteringprofile
+ type: string
+ VulnerabilityProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Vulnerabilityprofile
+ type: string
+ title: RuleStackProfiles
+ type: object
+ UpdateRuleStackResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateRuleStackResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateRuleStackResponse.Result'
+ title: UpdateRuleStackResponse
+ type: object
+ UpdateRuleStackResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ RuleStackEntry:
+ $ref: '#/components/schemas/UpdateRuleStackResponse.RuleStack'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdateRuleStackResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ UpdateRuleStackResponse.RuleStack:
+ additionalProperties: false
+ properties:
+ AccountId:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ title: Accountid
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Profiles:
+ $ref: '#/components/schemas/UpdateRuleStackResponse.RuleStackProfiles'
+ Scope:
+ enum:
+ - Global
+ - Local
+ title: Scope
+ type: string
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ title: RuleStack
+ type: object
+ UpdateRuleStackResponse.RuleStackProfiles:
+ additionalProperties: false
+ properties:
+ AntiSpywareProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Antispywareprofile
+ type: string
+ AntiVirusProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Antivirusprofile
+ type: string
+ FileBlockingProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Fileblockingprofile
+ type: string
+ OutboundTrustCertificate:
+ title: Outboundtrustcertificate
+ type: string
+ OutboundUnTrustCertificate:
+ title: Outbounduntrustcertificate
+ type: string
+ URLFilteringProfile:
+ default: None
+ enum:
+ - custom
+ - BestPractice
+ - None
+ title: Urlfilteringprofile
+ type: string
+ VulnerabilityProfile:
+ default: BestPractice
+ enum:
+ - custom
+ - BestPractice
+ title: Vulnerabilityprofile
+ type: string
+ title: RuleStackProfiles
+ type: object
+ ValidateRequest:
+ additionalProperties: false
+ properties: {}
+ title: ValidateRequest
+ type: object
+ ValidateResponse:
+ additionalProperties: false
+ properties:
+ ResponseStatus:
+ $ref: '#/components/schemas/ValidateResponse.Result'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ValidateResponse
+ type: object
+ ValidateResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Rulestacks defines access control (App-ID, URL Filtering) and threat\
+ \ prevention behavior of Cloud NGFW resources. \n\nA Cloud NGFW resource uses\
+ \ your rulestack definitions to protect the traffic by a two-step process. First,\
+ \ it enforces your rules on the to allow or deny your traffic. Second, it performs\
+ \ content inspection on the allowed traffic based on what you specify on the Security\
+ \ Profiles. \n\nA rulestack includes a set of security rules, associated objects,\
+ \ and profiles. \n\n### Permission Policies\n\n| Action \
+ \ | Local Firewall Administrator | Local Rulestack Administrator | Global Rulestack\
+ \ Administrator |\n| ------------------------------ | :---------------------------:\
+ \ | :---------------------------: | :----------------------------: |\n| Create\
+ \ a Rulestack | ☐ | **☑** \
+ \ | **☑** | \n| Delete a Rulestack \
+ \ | ☐ | **☑** | **☑**\
+ \ | \n| Describe a Rulestack \
+ \ | **☑** | **☑** | **☑**\
+ \ | \n| List Rulestacks | **☑** \
+ \ | **☑** | **☑** \
+ \ |\n| Update a Rulestack | ☐ | **☑**\
+ \ | **☑** |\n| List Security Rule Lists\
+ \ | **☑** | **☑** | **☑**\
+ \ |\n"
+ title: Manage Rulestacks
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks:
+ get:
+ description: "Retrieve the metadata of the specified rulestack. \n\nYou can\
+ \ also query rulestacks based on the tags using this command, */v1/config/rulestacks?tags=*.\
+ \ \nThis command lists the rulestacks where the tag name starts with the\
+ \ string. \n\n>DynamoDB supports this command, and should be implemented\
+ \ as a library.\n"
+ operationId: get-v1-config-rulestacks
+ parameters: []
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListRuleStacksRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListRuleStacksResponse'
+ description: OK
+ summary: List RuleStack
+ tags:
+ - ManageRulestacks
+ post:
+ description: 'Create a global or local rulestack. Global role affects only Global
+ rulestacks and Local role affects only local rulestacks.
+
+ '
+ operationId: post-v1-config-rulestacks
+ parameters: []
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateRuleStackRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateRuleStackResponse'
+ description: OK
+ summary: Create a RuleStack
+ tags:
+ - ManageRulestacks
+ /v1/config/rulestacks/{rulestackname}:
+ delete:
+ description: 'Delete a specific rulestack.
+
+ '
+ operationId: delete-v1-config-rulestacks-rulestackname
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteRuleStackRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteRuleStackResponse'
+ description: OK
+ summary: Delete a RuleStack
+ tags:
+ - ManageRulestacks
+ get:
+ description: 'Returns the data of the specific rulestack.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeRuleStackRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeRuleStackResponse'
+ description: OK
+ summary: Describe a RuleStack
+ tags:
+ - ManageRulestacks
+ put:
+ description: "Modify the rulestack. \n\n>**Note:** You cannot update the scope\
+ \ of the rulestack.\n"
+ operationId: put-v1-config-rulestacks-rulestackname
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateRuleStackRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateRuleStackResponse'
+ description: OK
+ summary: Update a RuleStack
+ tags:
+ - ManageRulestacks
+ /v1/config/rulestacks/{rulestackname}/commit:
+ get:
+ description: 'View the commit status of the specified rulestack.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-commit
+ parameters:
+ - description: ''
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeCommitRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeCommitResponse'
+ description: OK
+ summary: Describe commit status for a RuleStack
+ tags:
+ - ManageRulestacks
+ post:
+ description: 'Commit the specified rulestack.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-commit
+ parameters:
+ - description: ''
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CommitRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CommitResponse'
+ description: OK
+ summary: Commit a RuleStack
+ tags:
+ - ManageRulestacks
+ /v1/config/rulestacks/{rulestackname}/revert:
+ post:
+ description: 'Revert all uncommitted changes for the specified rulestack.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-revert
+ parameters:
+ - description: ''
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RevertRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/RevertResponse'
+ description: OK
+ summary: Revert a RuleStack
+ tags:
+ - ManageRulestacks
+ /v1/config/rulestacks/{rulestackname}/validate:
+ post:
+ description: 'Validate the selected rulestack after commit.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-validate
+ parameters:
+ - description: ''
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ValidateRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ValidateResponse'
+ description: OK
+ summary: Validate a RuleStack
+ tags:
+ - ManageRulestacks
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: ManageRulestacks
diff --git a/static/cloudngfw/aws/spec/api/ManageSubscription.yaml b/static/cloudngfw/aws/spec/api/ManageSubscription.yaml
new file mode 100644
index 000000000..34822c6c8
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/ManageSubscription.yaml
@@ -0,0 +1,90 @@
+components:
+ schemas:
+ ListSubscriptionRequest:
+ additionalProperties: false
+ properties: {}
+ title: ListSubscriptionRequest
+ type: object
+ ListSubscriptionResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListSubscriptionResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListSubscriptionResponse.Result'
+ title: ListSubscriptionResponse
+ type: object
+ ListSubscriptionResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Subscriptions:
+ items:
+ $ref: '#/components/schemas/ListSubscriptionResponse.SubscriptionDetails'
+ title: Subscriptions
+ type: array
+ title: ResponseData
+ type: object
+ ListSubscriptionResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListSubscriptionResponse.SubscriptionDetails:
+ additionalProperties: false
+ properties:
+ SubscriptionKey:
+ title: Subscriptionkey
+ type: string
+ required:
+ - SubscriptionKey
+ title: SubscriptionDetails
+ type: object
+info:
+ contact: {}
+ description: "Subscribe to Cloud NGFW to start creating your first user; a tenant\
+ \ administrator. \nA tenant administrator is the highest level of user in the\
+ \ Cloud NGFW service. It provides the ability to add AWS accounts to the Cloud\
+ \ NGFW service and onboard additional users. \n\nFor more information, see [Subscribe\
+ \ to Cloud NGFW for AWS Service](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/getting-started-with-cloud-ngfw-for-aws/subscribe-to-the-cloud-ngfw-service.html).\n\
+ \n### Permission Policies\n\n| Action | Local Firewall Administrator\
+ \ | Local Rulestack Administrator | Global Rulestack Administrator |\n| ------------------------\
+ \ | :---------------------------: | :---------------------------: | :----------------------------:\
+ \ |\n| Create NGFW Subscription | ☐ | ☐ \
+ \ | ☐ | \n| List Permission Policies\
+ \ | **☑** | **☑** | **☑**\
+ \ | \n"
+ title: Manage Subscription
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/mgmt/subscribe:
+ get:
+ description: ''
+ operationId: get-v1-mgmt-subscribe
+ parameters: []
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListSubscriptionRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListSubscriptionResponse'
+ description: OK
+ summary: List CloudNGFW Subscriptions
+ tags:
+ - ManageSubscription
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: ManageSubscription
diff --git a/static/cloudngfw/aws/spec/api/PredefinedURLCategories.yaml b/static/cloudngfw/aws/spec/api/PredefinedURLCategories.yaml
new file mode 100644
index 000000000..50c50417d
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/PredefinedURLCategories.yaml
@@ -0,0 +1,98 @@
+components:
+ schemas:
+ ListURLPredefinedCategoriesResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse.Result'
+ title: ListURLPredefinedCategoriesResponse
+ type: object
+ ListURLPredefinedCategoriesResponse.PredefinedURLCategory:
+ additionalProperties: false
+ properties:
+ Action:
+ title: Action
+ type: string
+ Name:
+ title: Name
+ type: string
+ required:
+ - Action
+ - Name
+ title: PredefinedURLCategory
+ type: object
+ ListURLPredefinedCategoriesResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ CategoriesRunning:
+ items:
+ $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse.PredefinedURLCategory'
+ title: Categoriesrunning
+ type: array
+ NextToken:
+ title: Nexttoken
+ type: string
+ title: ResponseData
+ type: object
+ ListURLPredefinedCategoriesResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: 'Use predefined URL categories in security rules to block or allow
+ access to websites.
+
+ '
+ title: Manage Predefined URL Categories
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/urlcategories:
+ get:
+ description: 'View the predefined URL categories.
+
+ '
+ operationId: get-v1-config-urlcategories
+ parameters:
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ title: Nexttoken
+ type: string
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListURLPredefinedCategoriesResponse'
+ description: OK
+ summary: List Pre-defined URL Categories
+ tags:
+ - PredefinedURLCategories
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: PredefinedURLCategories
diff --git a/static/cloudngfw/aws/spec/api/PrefixList.yaml b/static/cloudngfw/aws/spec/api/PrefixList.yaml
new file mode 100644
index 000000000..e1dad0c18
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/PrefixList.yaml
@@ -0,0 +1,609 @@
+components:
+ schemas:
+ CreatePrefixListRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Name:
+ maxLength: 58
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ PrefixList:
+ items:
+ type: string
+ title: Prefixlist
+ type: array
+ required:
+ - Name
+ - PrefixList
+ title: CreatePrefixListRequest
+ type: object
+ CreatePrefixListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/CreatePrefixListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/CreatePrefixListResponse.Result'
+ title: CreatePrefixListResponse
+ type: object
+ CreatePrefixListResponse.PrefixListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ PrefixList:
+ items:
+ type: string
+ title: Prefixlist
+ type: array
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ required:
+ - PrefixList
+ title: PrefixListDetails
+ type: object
+ CreatePrefixListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Name:
+ title: Name
+ type: string
+ PrefixListEntry:
+ $ref: '#/components/schemas/CreatePrefixListResponse.PrefixListDetails'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ CreatePrefixListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DeletePrefixListRequest:
+ additionalProperties: false
+ properties: {}
+ title: DeletePrefixListRequest
+ type: object
+ DeletePrefixListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DeletePrefixListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DeletePrefixListResponse.Result'
+ title: DeletePrefixListResponse
+ type: object
+ DeletePrefixListResponse.PrefixListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ PrefixList:
+ items:
+ type: string
+ title: Prefixlist
+ type: array
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ required:
+ - PrefixList
+ title: PrefixListDetails
+ type: object
+ DeletePrefixListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Name:
+ title: Name
+ type: string
+ PrefixListEntry:
+ $ref: '#/components/schemas/DeletePrefixListResponse.PrefixListDetails'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DeletePrefixListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribePrefixListRequest:
+ additionalProperties: false
+ properties:
+ Candidate:
+ default: true
+ title: Candidate
+ type: boolean
+ MaxResults:
+ default: 100
+ title: Maxresults
+ type: integer
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ Running:
+ default: false
+ title: Running
+ type: boolean
+ title: DescribePrefixListRequest
+ type: object
+ DescribePrefixListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribePrefixListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribePrefixListResponse.Result'
+ title: DescribePrefixListResponse
+ type: object
+ DescribePrefixListResponse.PrefixListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ PrefixList:
+ items:
+ type: string
+ title: Prefixlist
+ type: array
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ required:
+ - PrefixList
+ title: PrefixListDetails
+ type: object
+ DescribePrefixListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Name:
+ title: Name
+ type: string
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ PrefixListCandidate:
+ $ref: '#/components/schemas/DescribePrefixListResponse.PrefixListDetails'
+ PrefixListRunning:
+ $ref: '#/components/schemas/DescribePrefixListResponse.PrefixListDetails'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DescribePrefixListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListPrefixListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListPrefixListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListPrefixListResponse.Result'
+ title: ListPrefixListResponse
+ type: object
+ ListPrefixListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ PrefixListCandidate:
+ items:
+ type: string
+ title: Prefixlistcandidate
+ type: array
+ PrefixListRunning:
+ items:
+ type: string
+ title: Prefixlistrunning
+ type: array
+ PrefixListUncommitted:
+ items:
+ $ref: '#/components/schemas/ListPrefixListResponse.UncommittedPrefixListDetails'
+ title: Prefixlistuncommitted
+ type: array
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ ListPrefixListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListPrefixListResponse.UncommittedPrefixListDetails:
+ additionalProperties: false
+ properties:
+ Name:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Name
+ type: string
+ Operation:
+ title: Operation
+ type: string
+ required:
+ - Name
+ - Operation
+ title: UncommittedPrefixListDetails
+ type: object
+ UpdatePrefixListRequest:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ PrefixList:
+ items:
+ type: string
+ title: Prefixlist
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - PrefixList
+ title: UpdatePrefixListRequest
+ type: object
+ UpdatePrefixListResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdatePrefixListResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdatePrefixListResponse.Result'
+ title: UpdatePrefixListResponse
+ type: object
+ UpdatePrefixListResponse.PrefixListDetails:
+ additionalProperties: false
+ properties:
+ AuditComment:
+ title: Auditcomment
+ type: string
+ Description:
+ title: Description
+ type: string
+ PrefixList:
+ items:
+ type: string
+ title: Prefixlist
+ type: array
+ UpdateToken:
+ default: '1'
+ title: Updatetoken
+ type: string
+ required:
+ - PrefixList
+ title: PrefixListDetails
+ type: object
+ UpdatePrefixListResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Name:
+ title: Name
+ type: string
+ PrefixListEntry:
+ $ref: '#/components/schemas/UpdatePrefixListResponse.PrefixListDetails'
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdatePrefixListResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "A prefix list allows you to group specific IP addresses that require\
+ \ the same policy enforcement. A prefix list can contain one or more IP addresses\
+ \ or IP netmask in CIDR notation.\n\n### Permission Policies\n\n| Action \
+ \ | Local Firewall Administrator | Local Rulestack Administrator\
+ \ | Global Rulestack Administrator |\n| ---------------------------- | :---------------------------:\
+ \ | :---------------------------: | :----------------------------: |\n| Create\
+ \ Prefix List | ☐ | **☑** \
+ \ | **☑** | \n| Delete Prefix List \
+ \ | ☐ | **☑** | **☑**\
+ \ | \n| Update Prefix List \
+ \ | ☐ | **☑** | **☑**\
+ \ | \n| Describe Prefix List | **☑** \
+ \ | **☑** | **☑** \
+ \ |\n| List Prefix Lists | **☑** | **☑**\
+ \ | **☑** |\n"
+ title: Manage Prefix List
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/prefixlists:
+ get:
+ description: "Retrieve the information about the prefix lists for the specified\
+ \ rulestack. \n"
+ operationId: get-v1-config-rulestacks-rulestackname-prefixlists
+ parameters:
+ - description: ''
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: uncommitted
+ required: false
+ schema:
+ default: false
+ title: Uncommitted
+ type: boolean
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListPrefixListResponse'
+ description: OK
+ summary: List PrefixLists
+ tags:
+ - PrefixList
+ post:
+ description: 'Create a prefix list to configure and maintain security groups
+ and route tables.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-prefixlists
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreatePrefixListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreatePrefixListResponse'
+ description: OK
+ summary: Create a PrefixList
+ tags:
+ - PrefixList
+ /v1/config/rulestacks/{rulestackname}/prefixlists/{name}:
+ delete:
+ description: "Delete the prefix list associated with the specified rulestack.\
+ \ \n"
+ operationId: delete-v1-config-rulestacks-rulestackname-prefixlists-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the prefix list.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeletePrefixListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeletePrefixListResponse'
+ description: OK
+ summary: Delete a PrefixList
+ tags:
+ - PrefixList
+ get:
+ description: "Return the prefix list associated with a rulestack. \n"
+ operationId: get-v1-config-rulestacks-rulestackname-prefixlists-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the prefix list.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribePrefixListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribePrefixListResponse'
+ description: OK
+ summary: Describe a PrefixList
+ tags:
+ - PrefixList
+ put:
+ description: 'Update the prefix list associated with a rulestack.
+
+ '
+ operationId: put-v1-config-rulestacks-rulestackname-prefixlists-name
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the prefix list.
+
+ '
+ in: path
+ name: name
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdatePrefixListRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdatePrefixListResponse'
+ description: OK
+ summary: Update a PrefixList
+ tags:
+ - PrefixList
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: PrefixList
diff --git a/static/cloudngfw/aws/spec/api/SecurityRules.yaml b/static/cloudngfw/aws/spec/api/SecurityRules.yaml
new file mode 100644
index 000000000..d5ebcdee3
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/SecurityRules.yaml
@@ -0,0 +1,1565 @@
+components:
+ schemas:
+ CreateSecurityRuleRequest:
+ additionalProperties: false
+ properties:
+ Priority:
+ exclusiveMaximum: 1000001
+ exclusiveMinimum: 0
+ title: Priority
+ type: integer
+ RuleEntry:
+ $ref: '#/components/schemas/CreateSecurityRuleRequest.RuleCreate'
+ required:
+ - Priority
+ - RuleEntry
+ title: CreateSecurityRuleRequest
+ type: object
+ CreateSecurityRuleRequest.RuleCreate:
+ additionalProperties: false
+ properties:
+ Action:
+ default: Allow
+ enum:
+ - Allow
+ - DenySilent
+ - DenyResetServer
+ - DenyResetBoth
+ title: Action
+ type: string
+ Applications:
+ default:
+ - Any
+ items:
+ type: string
+ title: Applications
+ type: array
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Category:
+ $ref: '#/components/schemas/CreateSecurityRuleRequest.UrlCategory'
+ DecryptionRuleType:
+ enum:
+ - SSLOutboundInspection
+ title: Decryptionruletype
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Destination:
+ $ref: '#/components/schemas/CreateSecurityRuleRequest.RuleDestination'
+ Enabled:
+ default: true
+ title: Enabled
+ type: boolean
+ Logging:
+ default: false
+ title: Logging
+ type: boolean
+ NegateDestination:
+ default: false
+ title: Negatedestination
+ type: boolean
+ NegateSource:
+ default: false
+ title: Negatesource
+ type: boolean
+ Protocol:
+ default: application-default
+ title: Protocol
+ type: string
+ RuleName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulename
+ type: string
+ Source:
+ $ref: '#/components/schemas/CreateSecurityRuleRequest.RuleSource'
+ Tags:
+ items:
+ $ref: '#/components/schemas/CreateSecurityRuleRequest.Tag'
+ maxItems: 200
+ title: Tags
+ type: array
+ required:
+ - RuleName
+ title: RuleCreate
+ type: object
+ CreateSecurityRuleRequest.RuleDestination:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ FqdnLists:
+ items:
+ type: string
+ title: Fqdnlists
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleDestination
+ type: object
+ CreateSecurityRuleRequest.RuleSource:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleSource
+ type: object
+ CreateSecurityRuleRequest.Tag:
+ additionalProperties: false
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ title: Key
+ type: string
+ Value:
+ maxLength: 128
+ minLength: 1
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: Tag
+ type: object
+ CreateSecurityRuleRequest.UrlCategory:
+ additionalProperties: false
+ properties:
+ IntelligentFeeds:
+ items:
+ type: string
+ title: Intelligentfeeds
+ type: array
+ URLCategoryNames:
+ items:
+ type: string
+ title: Urlcategorynames
+ type: array
+ title: UrlCategory
+ type: object
+ CreateSecurityRuleResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.Result'
+ title: CreateSecurityRuleResponse
+ type: object
+ CreateSecurityRuleResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Priority:
+ title: Priority
+ type: integer
+ RuleEntry:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.Rule'
+ RuleListName:
+ title: Rulelistname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ CreateSecurityRuleResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ CreateSecurityRuleResponse.Rule:
+ additionalProperties: false
+ properties:
+ Action:
+ default: Allow
+ enum:
+ - Allow
+ - DenySilent
+ - DenyResetServer
+ - DenyResetBoth
+ title: Action
+ type: string
+ Applications:
+ default:
+ - Any
+ items:
+ type: string
+ title: Applications
+ type: array
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Category:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.UrlCategory'
+ DecryptionRuleType:
+ enum:
+ - SSLOutboundInspection
+ title: Decryptionruletype
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Destination:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.RuleDestination'
+ Enabled:
+ default: true
+ title: Enabled
+ type: boolean
+ Logging:
+ default: false
+ title: Logging
+ type: boolean
+ NegateDestination:
+ default: false
+ title: Negatedestination
+ type: boolean
+ NegateSource:
+ default: false
+ title: Negatesource
+ type: boolean
+ Protocol:
+ default: application-default
+ title: Protocol
+ type: string
+ RuleName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulename
+ type: string
+ Source:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.RuleSource'
+ Tags:
+ items:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse.Tag'
+ maxItems: 200
+ title: Tags
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleName
+ title: Rule
+ type: object
+ CreateSecurityRuleResponse.RuleDestination:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ FqdnLists:
+ items:
+ type: string
+ title: Fqdnlists
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleDestination
+ type: object
+ CreateSecurityRuleResponse.RuleSource:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleSource
+ type: object
+ CreateSecurityRuleResponse.Tag:
+ additionalProperties: false
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ title: Key
+ type: string
+ Value:
+ maxLength: 128
+ minLength: 1
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: Tag
+ type: object
+ CreateSecurityRuleResponse.UrlCategory:
+ additionalProperties: false
+ properties:
+ IntelligentFeeds:
+ items:
+ type: string
+ title: Intelligentfeeds
+ type: array
+ URLCategoryNames:
+ items:
+ type: string
+ title: Urlcategorynames
+ type: array
+ title: UrlCategory
+ type: object
+ DeleteSecurityRuleRequest:
+ additionalProperties: false
+ properties: {}
+ title: DeleteSecurityRuleRequest
+ type: object
+ DeleteSecurityRuleResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.Result'
+ title: DeleteSecurityRuleResponse
+ type: object
+ DeleteSecurityRuleResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Priority:
+ title: Priority
+ type: integer
+ RuleEntry:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.Rule'
+ RuleListName:
+ title: Rulelistname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DeleteSecurityRuleResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DeleteSecurityRuleResponse.Rule:
+ additionalProperties: false
+ properties:
+ Action:
+ default: Allow
+ enum:
+ - Allow
+ - DenySilent
+ - DenyResetServer
+ - DenyResetBoth
+ title: Action
+ type: string
+ Applications:
+ default:
+ - Any
+ items:
+ type: string
+ title: Applications
+ type: array
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Category:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.UrlCategory'
+ DecryptionRuleType:
+ enum:
+ - SSLOutboundInspection
+ title: Decryptionruletype
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Destination:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.RuleDestination'
+ Enabled:
+ default: true
+ title: Enabled
+ type: boolean
+ Logging:
+ default: false
+ title: Logging
+ type: boolean
+ NegateDestination:
+ default: false
+ title: Negatedestination
+ type: boolean
+ NegateSource:
+ default: false
+ title: Negatesource
+ type: boolean
+ Protocol:
+ default: application-default
+ title: Protocol
+ type: string
+ RuleName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulename
+ type: string
+ Source:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.RuleSource'
+ Tags:
+ items:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse.Tag'
+ maxItems: 200
+ title: Tags
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleName
+ title: Rule
+ type: object
+ DeleteSecurityRuleResponse.RuleDestination:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ FqdnLists:
+ items:
+ type: string
+ title: Fqdnlists
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleDestination
+ type: object
+ DeleteSecurityRuleResponse.RuleSource:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleSource
+ type: object
+ DeleteSecurityRuleResponse.Tag:
+ additionalProperties: false
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ title: Key
+ type: string
+ Value:
+ maxLength: 128
+ minLength: 1
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: Tag
+ type: object
+ DeleteSecurityRuleResponse.UrlCategory:
+ additionalProperties: false
+ properties:
+ IntelligentFeeds:
+ items:
+ type: string
+ title: Intelligentfeeds
+ type: array
+ URLCategoryNames:
+ items:
+ type: string
+ title: Urlcategorynames
+ type: array
+ title: UrlCategory
+ type: object
+ DescribeSecurityRuleResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.Result'
+ title: DescribeSecurityRuleResponse
+ type: object
+ DescribeSecurityRuleResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Priority:
+ title: Priority
+ type: integer
+ RuleEntryCandidate:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.Rule'
+ RuleEntryRunning:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.Rule'
+ RuleListName:
+ title: Rulelistname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ DescribeSecurityRuleResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribeSecurityRuleResponse.Rule:
+ additionalProperties: false
+ properties:
+ Action:
+ default: Allow
+ enum:
+ - Allow
+ - DenySilent
+ - DenyResetServer
+ - DenyResetBoth
+ title: Action
+ type: string
+ Applications:
+ default:
+ - Any
+ items:
+ type: string
+ title: Applications
+ type: array
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Category:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.UrlCategory'
+ DecryptionRuleType:
+ enum:
+ - SSLOutboundInspection
+ title: Decryptionruletype
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Destination:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.RuleDestination'
+ Enabled:
+ default: true
+ title: Enabled
+ type: boolean
+ Logging:
+ default: false
+ title: Logging
+ type: boolean
+ NegateDestination:
+ default: false
+ title: Negatedestination
+ type: boolean
+ NegateSource:
+ default: false
+ title: Negatesource
+ type: boolean
+ Protocol:
+ default: application-default
+ title: Protocol
+ type: string
+ RuleName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulename
+ type: string
+ Source:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.RuleSource'
+ Tags:
+ items:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse.Tag'
+ maxItems: 200
+ title: Tags
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleName
+ title: Rule
+ type: object
+ DescribeSecurityRuleResponse.RuleDestination:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ FqdnLists:
+ items:
+ type: string
+ title: Fqdnlists
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleDestination
+ type: object
+ DescribeSecurityRuleResponse.RuleSource:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleSource
+ type: object
+ DescribeSecurityRuleResponse.Tag:
+ additionalProperties: false
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ title: Key
+ type: string
+ Value:
+ maxLength: 128
+ minLength: 1
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: Tag
+ type: object
+ DescribeSecurityRuleResponse.UrlCategory:
+ additionalProperties: false
+ properties:
+ IntelligentFeeds:
+ items:
+ type: string
+ title: Intelligentfeeds
+ type: array
+ URLCategoryNames:
+ items:
+ type: string
+ title: Urlcategorynames
+ type: array
+ title: UrlCategory
+ type: object
+ ListSecurityRulesResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListSecurityRulesResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListSecurityRulesResponse.Result'
+ title: ListSecurityRulesResponse
+ type: object
+ ListSecurityRulesResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ NextToken:
+ title: Nexttoken
+ type: string
+ RuleEntryCandidate:
+ items:
+ $ref: '#/components/schemas/ListSecurityRulesResponse.RuleEntryIdentifier'
+ title: Ruleentrycandidate
+ type: array
+ RuleEntryRunning:
+ items:
+ $ref: '#/components/schemas/ListSecurityRulesResponse.RuleEntryIdentifier'
+ title: Ruleentryrunning
+ type: array
+ RuleEntryUncommitted:
+ items:
+ $ref: '#/components/schemas/ListSecurityRulesResponse.RuleEntryUncommittedIdentifier'
+ title: Ruleentryuncommitted
+ type: array
+ RuleListName:
+ title: Rulelistname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ ListSecurityRulesResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListSecurityRulesResponse.RuleEntryIdentifier:
+ additionalProperties: false
+ properties:
+ Priority:
+ exclusiveMaximum: 1000001
+ exclusiveMinimum: 0
+ title: Priority
+ type: integer
+ RuleName:
+ title: Rulename
+ type: string
+ required:
+ - Priority
+ title: RuleEntryIdentifier
+ type: object
+ ListSecurityRulesResponse.RuleEntryUncommittedIdentifier:
+ additionalProperties: false
+ properties:
+ Operation:
+ title: Operation
+ type: string
+ Priority:
+ title: Priority
+ type: integer
+ RuleName:
+ title: Rulename
+ type: string
+ required:
+ - Priority
+ - RuleName
+ - Operation
+ title: RuleEntryUncommittedIdentifier
+ type: object
+ UpdateSecurityRuleRequest:
+ additionalProperties: false
+ properties:
+ RuleEntry:
+ $ref: '#/components/schemas/UpdateSecurityRuleRequest.Rule'
+ required:
+ - RuleEntry
+ title: UpdateSecurityRuleRequest
+ type: object
+ UpdateSecurityRuleRequest.Rule:
+ additionalProperties: false
+ properties:
+ Action:
+ default: Allow
+ enum:
+ - Allow
+ - DenySilent
+ - DenyResetServer
+ - DenyResetBoth
+ title: Action
+ type: string
+ Applications:
+ default:
+ - Any
+ items:
+ type: string
+ title: Applications
+ type: array
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Category:
+ $ref: '#/components/schemas/UpdateSecurityRuleRequest.UrlCategory'
+ DecryptionRuleType:
+ enum:
+ - SSLOutboundInspection
+ title: Decryptionruletype
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Destination:
+ $ref: '#/components/schemas/UpdateSecurityRuleRequest.RuleDestination'
+ Enabled:
+ default: true
+ title: Enabled
+ type: boolean
+ Logging:
+ default: false
+ title: Logging
+ type: boolean
+ NegateDestination:
+ default: false
+ title: Negatedestination
+ type: boolean
+ NegateSource:
+ default: false
+ title: Negatesource
+ type: boolean
+ Protocol:
+ default: application-default
+ title: Protocol
+ type: string
+ RuleName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulename
+ type: string
+ Source:
+ $ref: '#/components/schemas/UpdateSecurityRuleRequest.RuleSource'
+ Tags:
+ items:
+ $ref: '#/components/schemas/UpdateSecurityRuleRequest.Tag'
+ maxItems: 200
+ title: Tags
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleName
+ title: Rule
+ type: object
+ UpdateSecurityRuleRequest.RuleDestination:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ FqdnLists:
+ items:
+ type: string
+ title: Fqdnlists
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleDestination
+ type: object
+ UpdateSecurityRuleRequest.RuleSource:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleSource
+ type: object
+ UpdateSecurityRuleRequest.Tag:
+ additionalProperties: false
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ title: Key
+ type: string
+ Value:
+ maxLength: 128
+ minLength: 1
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: Tag
+ type: object
+ UpdateSecurityRuleRequest.UrlCategory:
+ additionalProperties: false
+ properties:
+ IntelligentFeeds:
+ items:
+ type: string
+ title: Intelligentfeeds
+ type: array
+ URLCategoryNames:
+ items:
+ type: string
+ title: Urlcategorynames
+ type: array
+ title: UrlCategory
+ type: object
+ UpdateSecurityRuleResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.Result'
+ title: UpdateSecurityRuleResponse
+ type: object
+ UpdateSecurityRuleResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ Priority:
+ title: Priority
+ type: integer
+ RuleEntry:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.Rule'
+ RuleListName:
+ title: Rulelistname
+ type: string
+ RuleStackName:
+ title: Rulestackname
+ type: string
+ title: ResponseData
+ type: object
+ UpdateSecurityRuleResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ UpdateSecurityRuleResponse.Rule:
+ additionalProperties: false
+ properties:
+ Action:
+ default: Allow
+ enum:
+ - Allow
+ - DenySilent
+ - DenyResetServer
+ - DenyResetBoth
+ title: Action
+ type: string
+ Applications:
+ default:
+ - Any
+ items:
+ type: string
+ title: Applications
+ type: array
+ AuditComment:
+ maxLength: 512
+ title: Auditcomment
+ type: string
+ Category:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.UrlCategory'
+ DecryptionRuleType:
+ enum:
+ - SSLOutboundInspection
+ title: Decryptionruletype
+ type: string
+ Description:
+ maxLength: 512
+ title: Description
+ type: string
+ Destination:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.RuleDestination'
+ Enabled:
+ default: true
+ title: Enabled
+ type: boolean
+ Logging:
+ default: false
+ title: Logging
+ type: boolean
+ NegateDestination:
+ default: false
+ title: Negatedestination
+ type: boolean
+ NegateSource:
+ default: false
+ title: Negatesource
+ type: boolean
+ Protocol:
+ default: application-default
+ title: Protocol
+ type: string
+ RuleName:
+ maxLength: 128
+ minLength: 1
+ pattern: ^[a-zA-Z0-9-]+$
+ title: Rulename
+ type: string
+ Source:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.RuleSource'
+ Tags:
+ items:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse.Tag'
+ maxItems: 200
+ title: Tags
+ type: array
+ UpdateToken:
+ title: Updatetoken
+ type: string
+ required:
+ - RuleName
+ title: Rule
+ type: object
+ UpdateSecurityRuleResponse.RuleDestination:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ FqdnLists:
+ items:
+ type: string
+ title: Fqdnlists
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleDestination
+ type: object
+ UpdateSecurityRuleResponse.RuleSource:
+ additionalProperties: false
+ properties:
+ Cidrs:
+ default:
+ - Any
+ items:
+ type: string
+ title: Cidrs
+ type: array
+ Countries:
+ items:
+ type: string
+ title: Countries
+ type: array
+ Feeds:
+ items:
+ type: string
+ title: Feeds
+ type: array
+ PrefixLists:
+ items:
+ type: string
+ title: Prefixlists
+ type: array
+ title: RuleSource
+ type: object
+ UpdateSecurityRuleResponse.Tag:
+ additionalProperties: false
+ properties:
+ Key:
+ maxLength: 128
+ minLength: 1
+ title: Key
+ type: string
+ Value:
+ maxLength: 128
+ minLength: 1
+ title: Value
+ type: string
+ required:
+ - Key
+ - Value
+ title: Tag
+ type: object
+ UpdateSecurityRuleResponse.UrlCategory:
+ additionalProperties: false
+ properties:
+ IntelligentFeeds:
+ items:
+ type: string
+ title: Intelligentfeeds
+ type: array
+ URLCategoryNames:
+ items:
+ type: string
+ title: Urlcategorynames
+ type: array
+ title: UrlCategory
+ type: object
+info:
+ contact: {}
+ description: "Security rules determine whether to block or allow a session based\
+ \ on traffic attributes such as the source and destination IP address, source\
+ \ and destination FQDNs, or the application. \n\nAll traffic passing through\
+ \ the firewall is matched against a session and each session is matched against\
+ \ a rule. When a session match occurs, the NGFW applies the matching rule to bidirectional\
+ \ traffic in that session (client to server and server to client). For traffic\
+ \ that doesn\u2019t match any defined rules, the default rules apply. \n\nFor\
+ \ more information, see [Create security roles on Cloud NGFW for AWS](https://docs.paloaltonetworks.com/cloud-ngfw/aws/cloud-ngfw-on-aws/rules-and-rulestacks/create-a-rule).\n\
+ \n### Permission Policies\n\n| Action | Local Firewall\
+ \ Administrator | Local Rulestack Administrator | Global Rulestack Administrator\
+ \ |\n| ------------------------------ | :---------------------------: | :---------------------------:\
+ \ | :----------------------------: |\n| Create a Security Rule | ☐\
+ \ | **☑** | **☑** \
+ \ | \n| Delete a Security Rule | ☐ \
+ \ | **☑** | **☑** | \
+ \ \n| Describe a Security Rule | **☑** \
+ \ | **☑** | **☑** |\
+ \ \n| ResetSecurityRuleCounters | **☑** | **☑**\
+ \ | **☑** |\n| RefreshSecurityRuleCounters\
+ \ | **☑** | **☑** | **☑**\
+ \ |\n| DescribeSecurityRuleCounters | **☑** \
+ \ | **☑** | **☑** \
+ \ |\n| List Security Rules | **☑** | **☑**\
+ \ | **☑** | \
+ \ \n| Update a Security Rule | ☐ |\
+ \ **☑** | **☑** | \
+ \ \n"
+ title: Manage Security Rules
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/config/rulestacks/{rulestackname}/rulelists/{rulelistname}:
+ get:
+ description: 'List all security rules associate with a rulestack in the order
+ of priority.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-rulelists-rulelistname
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the rulelist.
+
+ '
+ in: path
+ name: rulelistname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: nexttoken
+ required: false
+ schema:
+ title: Nexttoken
+ type: string
+ - description: ''
+ in: query
+ name: candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ - description: ''
+ in: query
+ name: running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ - description: ''
+ in: query
+ name: uncommitted
+ required: false
+ schema:
+ default: false
+ title: Uncommitted
+ type: boolean
+ - description: ''
+ in: query
+ name: maxresults
+ required: false
+ schema:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListSecurityRulesResponse'
+ description: OK
+ summary: List Security Rules
+ tags:
+ - SecurityRules
+ post:
+ description: 'Create a security rule for a rulestack.
+
+ '
+ operationId: post-v1-config-rulestacks-rulestackname-rulelists-rulelistname
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the rulelist.
+
+ '
+ in: path
+ name: rulelistname
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateSecurityRuleRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/CreateSecurityRuleResponse'
+ description: OK
+ summary: Create a Security Rule
+ tags:
+ - SecurityRules
+ /v1/config/rulestacks/{rulestackname}/rulelists/{rulelistname}/priorities/{priority}:
+ delete:
+ description: 'Disassociate a security rule associated with a rulestack.
+
+ '
+ operationId: delete-v1-config-rulestacks-rulestackname-rulelists-rulelistname-priorities-priority
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the rulelist.
+
+ '
+ in: path
+ name: rulelistname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: path
+ name: priority
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteSecurityRuleRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DeleteSecurityRuleResponse'
+ description: OK
+ summary: Delete a Security Rule
+ tags:
+ - SecurityRules
+ get:
+ description: 'Retrieve the security rules associated with a rulestack.
+
+ '
+ operationId: get-v1-config-rulestacks-rulestackname-rulelists-rulelistname-priorities-priority
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the rulelist.
+
+ '
+ in: path
+ name: rulelistname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: path
+ name: priority
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: Candidate
+ required: false
+ schema:
+ default: true
+ title: Candidate
+ type: boolean
+ - description: ''
+ in: query
+ name: Running
+ required: false
+ schema:
+ default: false
+ title: Running
+ type: boolean
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeSecurityRuleResponse'
+ description: OK
+ summary: Describe a Security Rule
+ tags:
+ - SecurityRules
+ put:
+ description: 'Update a security rule associated a rulestack.
+
+ '
+ operationId: put-v1-config-rulestacks-rulestackname-rulelists-rulelistname-priorities-priority
+ parameters:
+ - description: 'The name of the rulestack.
+
+ '
+ in: path
+ name: rulestackname
+ required: true
+ schema:
+ type: string
+ - description: 'The name of the rulelist.
+
+ '
+ in: path
+ name: rulelistname
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: path
+ name: priority
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateSecurityRuleRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/UpdateSecurityRuleResponse'
+ description: OK
+ summary: Update a Security Rule
+ tags:
+ - SecurityRules
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: SecurityRules
diff --git a/static/cloudngfw/aws/spec/api/UserOnboarding-LinkAccount.yaml b/static/cloudngfw/aws/spec/api/UserOnboarding-LinkAccount.yaml
new file mode 100644
index 000000000..a7cc0da82
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/UserOnboarding-LinkAccount.yaml
@@ -0,0 +1,184 @@
+components:
+ schemas:
+ DescribeLinkAccountRequest:
+ additionalProperties: false
+ properties: {}
+ title: DescribeLinkAccountRequest
+ type: object
+ DescribeLinkAccountResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeLinkAccountResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeLinkAccountResponse.Result'
+ title: DescribeLinkAccountResponse
+ type: object
+ DescribeLinkAccountResponse.AccountTableEntryStatus:
+ description: An enumeration.
+ enum:
+ - Success
+ - Pending
+ - Deleting
+ - OffBoarding
+ - DeleteFailed
+ title: AccountTableEntryStatus
+ type: string
+ DescribeLinkAccountResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ AccountId:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ title: Accountid
+ type: string
+ CloudFormationTemplateURL:
+ title: Cloudformationtemplateurl
+ type: string
+ ExternalId:
+ title: Externalid
+ type: string
+ OnboardingStatus:
+ allOf:
+ $ref: '#/components/schemas/DescribeLinkAccountResponse.AccountTableEntryStatus'
+ default: Pending
+ ServiceAccountId:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ title: Serviceaccountid
+ type: string
+ SnsTopicArn:
+ title: Snstopicarn
+ type: string
+ title: ResponseData
+ type: object
+ DescribeLinkAccountResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ ListLinkAccountsRequest:
+ additionalProperties: false
+ properties: {}
+ title: ListLinkAccountsRequest
+ type: object
+ ListLinkAccountsResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListLinkAccountsResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListLinkAccountsResponse.Result'
+ title: ListLinkAccountsResponse
+ type: object
+ ListLinkAccountsResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ AccountIds:
+ items:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ type: string
+ title: Accountids
+ type: array
+ title: ResponseData
+ type: object
+ ListLinkAccountsResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Cloud NGFW requires you to onboard an AWS account to create and manage\
+ \ the resources required by Cloud NGFW. The Cloud NGFW service uses a CloudFormation\
+ \ template (CFT) stack to create these roles needed for Cloud NGFW to access resources\
+ \ in your AWS environment. \n\nA link account is an unverified account used to\
+ \ onboard an AWS account to a cloud NGFW service based on your input. A link account\
+ \ is required to run the CFT. \n\n>**Note:** You can add only one link account\
+ \ per subscription.\n\n### Permission Policies\n\n| Action |\
+ \ Local Firewall Administrator | Local Rulestack Administrator | Global Rulestack\
+ \ Administrator |\n| ------------------------ | :---------------------------:\
+ \ | :---------------------------: | :----------------------------: | \n| Create\
+ \ Link Account | ☐ | ☐ \
+ \ | ☐ | \n| Delete Link Account | ☐\
+ \ | ☐ | ☐ \
+ \ | \n| Describe Link Account | **☑**\
+ \ | **☑** | **☑** \
+ \ | \n| List Link Account | **☑** | **☑**\
+ \ | **☑** |\n"
+ title: User Onboarding using Link Account
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/mgmt/linkaccounts:
+ get:
+ description: 'List all accounts linked with the an admin account.
+
+ '
+ operationId: get-v1-mgmt-linkaccounts
+ parameters: []
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListLinkAccountsRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListLinkAccountsResponse'
+ description: OK
+ summary: List Link Accounts
+ tags:
+ - UserOnboarding-LinkAccount
+ /v1/mgmt/linkaccounts/{accountid}:
+ get:
+ description: 'View the details of the account IDs associated with the admin
+ account.
+
+ '
+ operationId: get-v1-mgmt-linkaccounts-accountid
+ parameters:
+ - description: 'The unique ID of the account.
+
+ '
+ in: path
+ name: accountid
+ required: true
+ schema:
+ type: string
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeLinkAccountRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeLinkAccountResponse'
+ description: OK
+ summary: Describe Link Account
+ tags:
+ - UserOnboarding-LinkAccount
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: UserOnboarding-LinkAccount
diff --git a/static/cloudngfw/aws/spec/api/UserOnboarding-XAccountRoles.yaml b/static/cloudngfw/aws/spec/api/UserOnboarding-XAccountRoles.yaml
new file mode 100644
index 000000000..e58489f17
--- /dev/null
+++ b/static/cloudngfw/aws/spec/api/UserOnboarding-XAccountRoles.yaml
@@ -0,0 +1,266 @@
+components:
+ schemas:
+ DescribeXAccountRoleArnResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.Result'
+ title: DescribeXAccountRoleArnResponse
+ type: object
+ DescribeXAccountRoleArnResponse.AccountTableEntryStatus:
+ description: An enumeration.
+ enum:
+ - Success
+ - Pending
+ - Deleting
+ - OffBoarding
+ - DeleteFailed
+ title: AccountTableEntryStatus
+ type: string
+ DescribeXAccountRoleArnResponse.FirewallRoles:
+ additionalProperties: false
+ properties:
+ EndpointRole:
+ title: Endpointrole
+ type: string
+ LoggingRole:
+ title: Loggingrole
+ type: string
+ title: FirewallRoles
+ type: object
+ DescribeXAccountRoleArnResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ AccountGroups:
+ items:
+ type: string
+ title: Accountgroups
+ type: array
+ AccountId:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ title: Accountid
+ type: string
+ AllowedMode:
+ enum:
+ - ServiceManaged
+ - CustomerManaged
+ title: Allowedmode
+ type: string
+ AvailabilityZones:
+ items:
+ type: string
+ title: Availabilityzones
+ type: array
+ CloudTrailRole:
+ title: Cloudtrailrole
+ type: string
+ DefaultRole:
+ title: Defaultrole
+ type: string
+ Firewall:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.FirewallRoles'
+ OnboardingStatus:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.AccountTableEntryStatus'
+ RuleStack:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.RuleStackRoles'
+ VpcInformations:
+ items:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.VpcDetails'
+ title: Vpcinformations
+ type: array
+ title: ResponseData
+ type: object
+ DescribeXAccountRoleArnResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+ DescribeXAccountRoleArnResponse.RuleStackRoles:
+ additionalProperties: false
+ properties:
+ DecryptionRole:
+ title: Decryptionrole
+ type: string
+ title: RuleStackRoles
+ type: object
+ DescribeXAccountRoleArnResponse.SubnetDetails:
+ additionalProperties: false
+ properties:
+ SubnetId:
+ title: Subnetid
+ type: string
+ SubnetName:
+ title: Subnetname
+ type: string
+ required:
+ - SubnetId
+ title: SubnetDetails
+ type: object
+ DescribeXAccountRoleArnResponse.VpcDetails:
+ additionalProperties: false
+ properties:
+ SubnetInformations:
+ items:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse.SubnetDetails'
+ title: Subnetinformations
+ type: array
+ VpcId:
+ title: Vpcid
+ type: string
+ VpcName:
+ title: Vpcname
+ type: string
+ required:
+ - VpcId
+ title: VpcDetails
+ type: object
+ ListXAccountRolesRequest:
+ additionalProperties: false
+ properties:
+ MaxResults:
+ default: 1024
+ maximum: 1024
+ minimum: 1
+ title: Maxresults
+ type: integer
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ title: ListXAccountRolesRequest
+ type: object
+ ListXAccountRolesResponse:
+ additionalProperties: false
+ properties:
+ Response:
+ $ref: '#/components/schemas/ListXAccountRolesResponse.ResponseData'
+ ResponseStatus:
+ $ref: '#/components/schemas/ListXAccountRolesResponse.Result'
+ title: ListXAccountRolesResponse
+ type: object
+ ListXAccountRolesResponse.ResponseData:
+ additionalProperties: false
+ properties:
+ AccountIds:
+ items:
+ maxLength: 12
+ pattern: ^$|^[0-9]+$
+ type: string
+ title: Accountids
+ type: array
+ NextToken:
+ maxLength: 2048
+ minLength: 1
+ pattern: ^[-0-9A-Za-z:\/+=]+$
+ title: Nexttoken
+ type: string
+ title: ResponseData
+ type: object
+ ListXAccountRolesResponse.Result:
+ additionalProperties: false
+ properties:
+ ErrorCode:
+ default: 0
+ title: Errorcode
+ type: integer
+ Reason:
+ title: Reason
+ type: string
+ title: Result
+ type: object
+info:
+ contact: {}
+ description: "Cloud NGFW requires you to onboard an AWS account to create and manage\
+ \ the resources required by Cloud NGFW. The Cloud NGFW service uses a CloudFormation\
+ \ Template (CFT) stack to create these roles needed for Cloud NGFW to access resources\
+ \ in your AWS environment.\n\n### Permission Policies\n\n| Action \
+ \ | Local Firewall Administrator | Local Rulestack Administrator | Global\
+ \ Rulestack Administrator |\n| ------------------------ | :---------------------------:\
+ \ | :---------------------------: | :----------------------------: | \n| Put XAccount\
+ \ Roles | ☐ | ☐ \
+ \ | ☐ |\n| Describe XAccount Roles | **☑**\
+ \ | **☑** | **☑** \
+ \ | \n| List Member Accounts | **☑** \
+ \ | **☑** | **☑** \
+ \ | \n| Delete XAccount Roles | ☐ | ☐\
+ \ | ☐ |\n"
+ title: User Onboarding using Endpoint Role
+ version: 1.0.0
+openapi: 3.0.3
+paths:
+ /v1/mgmt/xaccountroles:
+ get:
+ description: "Lists all accounts on-boarded using endpoint role. \n"
+ operationId: get-v1-mgmt-xaccountroles
+ parameters: []
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListXAccountRolesRequest'
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/ListXAccountRolesResponse'
+ description: OK
+ summary: List Member accounts and cross account roles
+ tags:
+ - UserOnboarding-XAccountRoles
+ /v1/mgmt/xaccountroles/{accountid}:
+ get:
+ description: 'Retrieve the information of a specific account.
+
+ '
+ operationId: get-v1-mgmt-xaccountroles-accountid
+ parameters:
+ - description: 'The unique ID of the account.
+
+ '
+ in: path
+ name: accountid
+ required: true
+ schema:
+ type: string
+ - description: ''
+ in: query
+ name: describeaccount
+ required: false
+ schema:
+ default: false
+ title: Describeaccount
+ type: boolean
+ - description: ''
+ in: query
+ name: vpcid
+ required: false
+ schema:
+ title: Vpcid
+ type: string
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/DescribeXAccountRoleArnResponse'
+ description: OK
+ summary: Describe Member accounts and cross account Roles
+ tags:
+ - UserOnboarding-XAccountRoles
+servers:
+- url: https://api.us-east-1.aws.cloudngfw.paloaltonetworks.com
+tags:
+- name: UserOnboarding-XAccountRoles