interface CfnRuleGroupProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.NetworkFirewall.CfnRuleGroupProps |
 Java | software.amazon.awscdk.services.networkfirewall.CfnRuleGroupProps |
 Python | aws_cdk.aws_networkfirewall.CfnRuleGroupProps |
 TypeScript | @aws-cdk/aws-networkfirewall » CfnRuleGroupProps |
Properties for defining a CfnRuleGroup.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import * as networkfirewall from '@aws-cdk/aws-networkfirewall';
const cfnRuleGroupProps: networkfirewall.CfnRuleGroupProps = {
capacity: 123,
ruleGroupName: 'ruleGroupName',
type: 'type',
// the properties below are optional
description: 'description',
ruleGroup: {
rulesSource: {
rulesSourceList: {
generatedRulesType: 'generatedRulesType',
targets: ['targets'],
targetTypes: ['targetTypes'],
},
rulesString: 'rulesString',
statefulRules: [{
action: 'action',
header: {
destination: 'destination',
destinationPort: 'destinationPort',
direction: 'direction',
protocol: 'protocol',
source: 'source',
sourcePort: 'sourcePort',
},
ruleOptions: [{
keyword: 'keyword',
// the properties below are optional
settings: ['settings'],
}],
}],
statelessRulesAndCustomActions: {
statelessRules: [{
priority: 123,
ruleDefinition: {
actions: ['actions'],
matchAttributes: {
destinationPorts: [{
fromPort: 123,
toPort: 123,
}],
destinations: [{
addressDefinition: 'addressDefinition',
}],
protocols: [123],
sourcePorts: [{
fromPort: 123,
toPort: 123,
}],
sources: [{
addressDefinition: 'addressDefinition',
}],
tcpFlags: [{
flags: ['flags'],
// the properties below are optional
masks: ['masks'],
}],
},
},
}],
// the properties below are optional
customActions: [{
actionDefinition: {
publishMetricAction: {
dimensions: [{
value: 'value',
}],
},
},
actionName: 'actionName',
}],
},
},
// the properties below are optional
referenceSets: {
ipSetReferences: {
ipSetReferencesKey: {
referenceArn: 'referenceArn',
},
},
},
ruleVariables: {
ipSets: {
ipSetsKey: {
definition: ['definition'],
},
},
portSets: {
portSetsKey: {
definition: ['definition'],
},
},
},
statefulRuleOptions: {
ruleOrder: 'ruleOrder',
},
},
tags: [{
key: 'key',
value: 'value',
}],
};
Properties
| Name | Type | Description |
|---|---|---|
| capacity | number | The maximum operating resources that this rule group can use. |
| rule | string | The descriptive name of the rule group. |
| type | string | Indicates whether the rule group is stateless or stateful. |
| description? | string | A description of the rule group. |
| rule | IResolvable | Rule | An object that defines the rule group rules. |
| tags? | Cfn[] | An array of key-value pairs to apply to this resource. |
capacity
Type:
number
The maximum operating resources that this rule group can use.
You can't change a rule group's capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.
ruleGroupName
Type:
string
The descriptive name of the rule group.
You can't change the name of a rule group after you create it.
type
Type:
string
Indicates whether the rule group is stateless or stateful.
If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
description?
Type:
string
(optional)
A description of the rule group.
ruleGroup?
Type:
IResolvable | Rule
(optional)
An object that defines the rule group rules.
tags?
Type:
Cfn[]
(optional)
An array of key-value pairs to apply to this resource.
For more information, see Tag .