AWS::NetworkFirewall::FirewallPolicy StatefulRuleGroupReference

Identifier for a single stateful rule group, used in a firewall policy to refer to a rule group.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Override" : StatefulRuleGroupOverride,
  "Priority" : Integer,
  "ResourceArn" : String
}

YAML


  Override: 
    StatefulRuleGroupOverride
  Priority: Integer
  ResourceArn: String

Properties

Override

The action that allows the policy owner to override the behavior of the rule group within a policy.

Required: No

Type: StatefulRuleGroupOverride

Update requires: No interruption

Priority

An integer setting that indicates the order in which to run the stateful rule groups in a single AWS::NetworkFirewall::FirewallPolicy. This setting only applies to firewall policies that specify the STRICT_ORDER rule order in the stateful engine options settings.

Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.

You can change the priority settings of your rule groups at any time. To make it easier to insert rule groups later, number them so there's a wide range in between, for example use 100, 200, and so on.

Required: No

Type: Integer

Minimum: 1

Maximum: 65535

Update requires: No interruption

ResourceArn

The Amazon Resource Name (ARN) of the stateful rule group.

Required: Yes

Type: String

Pattern: ^(arn:aws.*)$

Minimum: 1

Maximum: 256

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

StatefulRuleGroupOverride

StatelessRuleGroupReference