AWS::FMS::Policy

FMS Policy

Creates an AWS Firewall Manager policy.

Properties

15 configurable properties. 4 required. Click a row to see details.

Filter:

Property	Type	Flags
`ExcludeResourceTags`	`boolean`	Required
`PolicyName`	`string`	Required
`RemediationEnabled`	`boolean`	Required
`SecurityServicePolicyData`	`SecurityServicePolicyData`	Required
`DeleteAllPolicyResources`	`boolean`	Write-only
`ExcludeMap`	`IEMap`
`IncludeMap`	`IEMap`
`PolicyDescription`	`string`
`ResourcesCleanUp`	`boolean`
`ResourceSetIds`	`Array<string>`
`ResourceTagLogicalOperator`	`string`
`ResourceTags`	`Array<ResourceTag>`
`ResourceType`	`string`
`ResourceTypeList`	`Array<string>`
`Tags`	`Array<PolicyTag>`

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`Arn`	`string`	-
`Id`	`string`	-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::FMS::Policy

Resources:
  MyResource:
    Type: AWS::FMS::Policy
    Properties:
      ExcludeResourceTags: true
      PolicyName: "my-policyname"
      RemediationEnabled: true
      SecurityServicePolicyData: "value"
      Tags:
        - Key: Environment
          Value: Production

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

fms:PutPolicyfms:TagResourcewaf-regional:ListRuleGroupswafv2:CheckCapacitywafv2:ListRuleGroupswafv2:ListAvailableManagedRuleGroupswafv2:ListAvailableManagedRuleGroupVersionsnetwork-firewall:DescribeRuleGroup

update

fms:PutPolicyfms:GetPolicyfms:TagResourcefms:UntagResourcefms:ListTagsForResourcewaf-regional:ListRuleGroupswafv2:CheckCapacitywafv2:ListRuleGroups

read

fms:GetPolicyfms:ListTagsForResource

delete

fms:DeletePolicy

list

fms:ListPoliciesfms:ListTagsForResource

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceFMS

Properties17

Required4

TaggingSupported

Primary IDId

Supported Operations

CreateUpdateReadDeleteList

Related Resources

External Links

AWS Documentation