AWS::EC2::TrafficMirrorFilterRule
Creates a Traffic Mirror filter rule.
A Traffic Mirror rule defines the Traffic Mirror source traffic to mirror.
You need the Traffic Mirror filter ID when you create the rule.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::EC2::TrafficMirrorFilterRule", "Properties" : { "Description" :String, "DestinationCidrBlock" :String, "DestinationPortRange" :TrafficMirrorPortRange, "Protocol" :Integer, "RuleAction" :String, "RuleNumber" :Integer, "SourceCidrBlock" :String, "SourcePortRange" :TrafficMirrorPortRange, "Tags" :[ Tag, ... ], "TrafficDirection" :String, "TrafficMirrorFilterId" :String} }
YAML
Type: AWS::EC2::TrafficMirrorFilterRule Properties: Description:StringDestinationCidrBlock:StringDestinationPortRange:TrafficMirrorPortRangeProtocol:IntegerRuleAction:StringRuleNumber:IntegerSourceCidrBlock:StringSourcePortRange:TrafficMirrorPortRangeTags:- TagTrafficDirection:StringTrafficMirrorFilterId:String
Properties
Description-
The description of the Traffic Mirror rule.
Required: No
Type: String
Update requires: No interruption
DestinationCidrBlock-
The destination CIDR block to assign to the Traffic Mirror rule.
Required: Yes
Type: String
Update requires: No interruption
DestinationPortRange-
The destination port range.
Required: No
Type: TrafficMirrorPortRange
Update requires: No interruption
Protocol-
The protocol, for example UDP, to assign to the Traffic Mirror rule.
For information about the protocol value, see Protocol Numbers
on the Internet Assigned Numbers Authority (IANA) website. Required: No
Type: Integer
Update requires: No interruption
RuleAction-
The action to take on the filtered traffic.
Required: Yes
Type: String
Allowed values:
accept | rejectUpdate requires: No interruption
RuleNumber-
The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
Required: Yes
Type: Integer
Update requires: No interruption
SourceCidrBlock-
The source CIDR block to assign to the Traffic Mirror rule.
Required: Yes
Type: String
Update requires: No interruption
SourcePortRange-
The source port range.
Required: No
Type: TrafficMirrorPortRange
Update requires: No interruption
-
Tags on Traffic Mirroring filter rules.
Required: No
Type: Array of Tag
Update requires: No interruption
TrafficDirection-
The type of traffic.
Required: Yes
Type: String
Allowed values:
ingress | egressUpdate requires: No interruption
TrafficMirrorFilterId-
The ID of the filter that this rule is associated with.
Required: Yes
Type: String
Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the Traffic Mirror filter rule.
For more information about using the Ref function, see Ref.
Examples
Create a traffic mirror filter rule for inbound UDP traffic
This is a filter rule for UDP traffic.
JSON
{ "SampleTrafficMirrorFilterRule": { "Type": "AWS::EC2::TrafficMirrorFilterRule", "Properties": { "Description": "Example traffic mirror filter rule", "TrafficMirrorFilterId": "tmf-04812ff784EXAMPLE", "TrafficDirection": "ingress", "RuleNumber": 10, "DestinationCidrBlock": "10.0.0.0/16", "SourceCidrBlock": "10.0.0.0/16", "RuleAction": "accept", "Protocol": 17, "SourcePortRange": { "FromPort": 10, "ToPort": 50 }, "DestinationPortRange": { "FromPort": 50, "ToPort": 100 } } } }
YAML
SampleTrafficMirrorFilterRule: Type: "AWS::EC2::TrafficMirrorFilterRule" Properties: Description: "Example traffic mirror filter rule" TrafficMirrorFilterId: "tmf-04812ff784EXAMPLE" TrafficDirection: "ingress" RuleNumber: 10 DestinationCidrBlock: "10.0.0.0/16" SourceCidrBlock: "10.0.0.0/16" RuleAction: "accept" Protocol: 17 SourcePortRange: FromPort: 10 ToPort: 50 DestinationPortRange: FromPort: 50 ToPort: 100
See also
-
Traffic mirror filters and filter rules in Traffic Mirroring
-
CreateTrafficMirrorFilterRule in the Amazon EC2 API Reference
