AWS::NetworkFirewall::RuleGroup RulesSource
The stateless or stateful rules definitions for use in a single rule group. Each rule
group requires a single RulesSource. You can use an instance of this for
either stateless rules or stateful rules.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "RulesSourceList" :RulesSourceList, "RulesString" :String, "StatefulRules" :[ StatefulRule, ... ], "StatelessRulesAndCustomActions" :StatelessRulesAndCustomActions}
YAML
RulesSourceList:RulesSourceListRulesString:StringStatefulRules:- StatefulRuleStatelessRulesAndCustomActions:StatelessRulesAndCustomActions
Properties
RulesSourceList-
Stateful inspection criteria for a domain list rule group.
Required: No
Type: RulesSourceList
Update requires: No interruption
RulesString-
Stateful inspection criteria, provided in Suricata compatible rules. Suricata is an open-source threat detection framework that includes a standard rule-based language for network traffic inspection.
These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn't have a separate action setting.
Note
You can't use the
prioritykeyword if theRuleOrderoption in StatefulRuleOptions is set toSTRICT_ORDER.Required: No
Type: String
Minimum:
0Maximum:
1000000Update requires: No interruption
StatefulRules-
An array of individual stateful rules inspection criteria to be used together in a stateful rule group. Use this option to specify simple Suricata rules with protocol, source and destination, ports, direction, and rule options. For information about the Suricata
Rulesformat, see Rules Format. Required: No
Type: Array of StatefulRule
Update requires: No interruption
StatelessRulesAndCustomActions-
Stateless inspection criteria to be used in a stateless rule group.
Required: No
Type: StatelessRulesAndCustomActions
Update requires: No interruption
