FMS / Client / list_compliance_status
list_compliance_status#
- FMS.Client.list_compliance_status(**kwargs)#
Returns an array of
PolicyComplianceStatusobjects. UsePolicyComplianceStatusto get a summary of which member accounts are protected by the specified policy.See also: AWS API Documentation
Request Syntax
response = client.list_compliance_status( PolicyId='string', NextToken='string', MaxResults=123 )
- Parameters:
PolicyId (string) –
[REQUIRED]
The ID of the Firewall Manager policy that you want the details for.
NextToken (string) – If you specify a value for
MaxResultsand you have morePolicyComplianceStatusobjects than the number that you specify forMaxResults, Firewall Manager returns aNextTokenvalue in the response that allows you to list another group ofPolicyComplianceStatusobjects. For the second and subsequentListComplianceStatusrequests, specify the value ofNextTokenfrom the previous response to get information about another batch ofPolicyComplianceStatusobjects.MaxResults (integer) – Specifies the number of
PolicyComplianceStatusobjects that you want Firewall Manager to return for this request. If you have morePolicyComplianceStatusobjects than the number that you specify forMaxResults, the response includes aNextTokenvalue that you can use to get another batch ofPolicyComplianceStatusobjects.
- Return type:
dict
- Returns:
Response Syntax
{ 'PolicyComplianceStatusList': [ { 'PolicyOwner': 'string', 'PolicyId': 'string', 'PolicyName': 'string', 'MemberAccount': 'string', 'EvaluationResults': [ { 'ComplianceStatus': 'COMPLIANT'|'NON_COMPLIANT', 'ViolatorCount': 123, 'EvaluationLimitExceeded': True|False }, ], 'LastUpdated': datetime(2015, 1, 1), 'IssueInfoMap': { 'string': 'string' } }, ], 'NextToken': 'string' }
Response Structure
(dict) –
PolicyComplianceStatusList (list) –
An array of
PolicyComplianceStatusobjects.(dict) –
Indicates whether the account is compliant with the specified policy. An account is considered noncompliant if it includes resources that are not protected by the policy, for WAF and Shield Advanced policies, or that are noncompliant with the policy, for security group policies.
PolicyOwner (string) –
The Amazon Web Services account that created the Firewall Manager policy.
PolicyId (string) –
The ID of the Firewall Manager policy.
PolicyName (string) –
The name of the Firewall Manager policy.
MemberAccount (string) –
The member account ID.
EvaluationResults (list) –
An array of
EvaluationResultobjects.(dict) –
Describes the compliance status for the account. An account is considered noncompliant if it includes resources that are not protected by the specified policy or that don’t comply with the policy.
ComplianceStatus (string) –
Describes an Amazon Web Services account’s compliance with the Firewall Manager policy.
ViolatorCount (integer) –
The number of resources that are noncompliant with the specified policy. For WAF and Shield Advanced policies, a resource is considered noncompliant if it is not associated with the policy. For security group policies, a resource is considered noncompliant if it doesn’t comply with the rules of the policy and remediation is disabled or not possible.
EvaluationLimitExceeded (boolean) –
Indicates that over 100 resources are noncompliant with the Firewall Manager policy.
LastUpdated (datetime) –
Timestamp of the last update to the
EvaluationResultobjects.IssueInfoMap (dict) –
Details about problems with dependent services, such as WAF or Config, and the error message received that indicates the problem with the service.
(string) –
(string) –
NextToken (string) –
If you have more
PolicyComplianceStatusobjects than the number that you specified forMaxResultsin the request, the response includes aNextTokenvalue. To list morePolicyComplianceStatusobjects, submit anotherListComplianceStatusrequest, and specify theNextTokenvalue from the response in theNextTokenvalue in the next request.
Exceptions
FMS.Client.exceptions.ResourceNotFoundExceptionFMS.Client.exceptions.InternalErrorException