Interface CfnRuleGroup.RuleGroupProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnRuleGroup.RuleGroupProperty.Jsii$Proxy
- Enclosing class:
CfnRuleGroup
AWS Network Firewall uses a rule group to inspect and control network traffic. You define stateless rule groups to inspect individual packets and you define stateful rule groups to inspect packets in the context of their traffic flow.
To use a rule group, you include it by reference in an Network Firewall firewall policy, then you use the policy in a firewall. You can reference a rule group from more than one firewall policy, and you can use a firewall policy in more than one firewall.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.networkfirewall.*; RuleGroupProperty ruleGroupProperty = RuleGroupProperty.builder() .rulesSource(RulesSourceProperty.builder() .rulesSourceList(RulesSourceListProperty.builder() .generatedRulesType("generatedRulesType") .targets(List.of("targets")) .targetTypes(List.of("targetTypes")) .build()) .rulesString("rulesString") .statefulRules(List.of(StatefulRuleProperty.builder() .action("action") .header(HeaderProperty.builder() .destination("destination") .destinationPort("destinationPort") .direction("direction") .protocol("protocol") .source("source") .sourcePort("sourcePort") .build()) .ruleOptions(List.of(RuleOptionProperty.builder() .keyword("keyword") // the properties below are optional .settings(List.of("settings")) .build())) .build())) .statelessRulesAndCustomActions(StatelessRulesAndCustomActionsProperty.builder() .statelessRules(List.of(StatelessRuleProperty.builder() .priority(123) .ruleDefinition(RuleDefinitionProperty.builder() .actions(List.of("actions")) .matchAttributes(MatchAttributesProperty.builder() .destinationPorts(List.of(PortRangeProperty.builder() .fromPort(123) .toPort(123) .build())) .destinations(List.of(AddressProperty.builder() .addressDefinition("addressDefinition") .build())) .protocols(List.of(123)) .sourcePorts(List.of(PortRangeProperty.builder() .fromPort(123) .toPort(123) .build())) .sources(List.of(AddressProperty.builder() .addressDefinition("addressDefinition") .build())) .tcpFlags(List.of(TCPFlagFieldProperty.builder() .flags(List.of("flags")) // the properties below are optional .masks(List.of("masks")) .build())) .build()) .build()) .build())) // the properties below are optional .customActions(List.of(CustomActionProperty.builder() .actionDefinition(ActionDefinitionProperty.builder() .publishMetricAction(PublishMetricActionProperty.builder() .dimensions(List.of(DimensionProperty.builder() .value("value") .build())) .build()) .build()) .actionName("actionName") .build())) .build()) .build()) // the properties below are optional .referenceSets(ReferenceSetsProperty.builder() .ipSetReferences(Map.of( "ipSetReferencesKey", Map.of( "referenceArn", "referenceArn"))) .build()) .ruleVariables(RuleVariablesProperty.builder() .ipSets(Map.of( "ipSetsKey", Map.of( "definition", List.of("definition")))) .portSets(Map.of( "portSetsKey", PortSetProperty.builder() .definition(List.of("definition")) .build())) .build()) .statefulRuleOptions(StatefulRuleOptionsProperty.builder() .ruleOrder("ruleOrder") .build()) .build();
- See Also:
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
A builder forCfnRuleGroup.RuleGroupProperty
static final class
An implementation forCfnRuleGroup.RuleGroupProperty
-
Method Summary
Modifier and TypeMethodDescriptionbuilder()
default Object
The reference sets for the stateful rule group.The stateful rules or stateless rules for the rule group.default Object
Settings that are available for use in the rules in the rule group.default Object
Additional options governing how Network Firewall handles stateful rules.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getRulesSource
The stateful rules or stateless rules for the rule group.- See Also:
-
getReferenceSets
The reference sets for the stateful rule group.- See Also:
-
getRuleVariables
Settings that are available for use in the rules in the rule group.You can only use these for stateful rule groups.
- See Also:
-
getStatefulRuleOptions
Additional options governing how Network Firewall handles stateful rules.The policies where you use your stateful rule group must have stateful rule options settings that are compatible with these settings. Some limitations apply; for more information, see Strict evaluation order in the AWS Network Firewall Developer Guide .
- See Also:
-
builder
-