Pilih preferensi cookie Anda

Kami menggunakan cookie penting serta alat serupa yang diperlukan untuk menyediakan situs dan layanan. Kami menggunakan cookie performa untuk mengumpulkan statistik anonim sehingga kami dapat memahami cara pelanggan menggunakan situs dan melakukan perbaikan. Cookie penting tidak dapat dinonaktifkan, tetapi Anda dapat mengklik “Kustom” atau “Tolak” untuk menolak cookie performa.

Jika Anda setuju, AWS dan pihak ketiga yang disetujui juga akan menggunakan cookie untuk menyediakan fitur situs yang berguna, mengingat preferensi Anda, dan menampilkan konten yang relevan, termasuk iklan yang relevan. Untuk menerima atau menolak semua cookie yang tidak penting, klik “Terima” atau “Tolak”. Untuk membuat pilihan yang lebih detail, klik “Kustomisasi”.

AWS::NetworkFirewall::RuleGroup

Mode fokus

Di halaman ini

AWS::NetworkFirewall::RuleGroup - AWS CloudFormation
Halaman ini belum diterjemahkan ke dalam bahasa Anda. Minta terjemahan
Filter Tampilan

Use the AWS::NetworkFirewall::RuleGroup to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an AWS::NetworkFirewall::FirewallPolicy to specify the filtering behavior of an AWS::NetworkFirewall::Firewall.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::NetworkFirewall::RuleGroup", "Properties" : { "Capacity" : Integer, "Description" : String, "RuleGroup" : RuleGroup, "RuleGroupName" : String, "Tags" : [ Tag, ... ], "Type" : String } }

YAML

Type: AWS::NetworkFirewall::RuleGroup Properties: Capacity: Integer Description: String RuleGroup: RuleGroup RuleGroupName: String Tags: - Tag Type: String

Properties

Capacity

The maximum operating resources that this rule group can use. You can't change a rule group's capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.

Required: Yes

Type: Integer

Update requires: Replacement

Description

A description of the rule group.

Required: No

Type: String

Pattern: ^.*$

Minimum: 1

Maximum: 512

Update requires: No interruption

RuleGroup

An object that defines the rule group rules.

Required: No

Type: RuleGroup

Update requires: No interruption

RuleGroupName

The descriptive name of the rule group. You can't change the name of a rule group after you create it.

Required: Yes

Type: String

Pattern: ^[a-zA-Z0-9-]+$

Minimum: 1

Maximum: 128

Update requires: Replacement

Tags

An array of key-value pairs to apply to this resource.

For more information, see Tag.

Required: No

Type: Array of Tag

Minimum: 1

Maximum: 200

Update requires: No interruption

Type

Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.

Required: Yes

Type: String

Allowed values: STATELESS | STATEFUL

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Amazon Resource Name (ARN) of the rule group. For example:

{ "Ref": "arn:aws:network-firewall:us-east-1:012345678901:stateful-rulegroup/myStatefulRuleGroupName" }

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

RuleGroupArn

The Amazon Resource Name (ARN) of the AWS::NetworkFirewall::RuleGroup.

RuleGroupId

The unique ID of the AWS::NetworkFirewall::RuleGroup resource.

Examples

Create a stateful rule group

The following shows example stateful rule group specifications.

JSON

"SampleStatefulRulegroup": { "Type": "AWS::NetworkFirewall::RuleGroup", "Properties": { "RuleGroupName": "SampleStatefulRulegroupName", "Type": "STATEFUL", "RuleGroup": { "RulesSource": { "RulesString": "pass tcp 10.20.20.0/24 45400:45500 <> 10.10.10.0/24 5203 (msg:\"test\";sid:1;rev:1;)" } }, "Capacity": 100, "Description": "Rulegroup description goes here", "Tags": [ { "Key": "Foo", "Value": "Bar" } ] } }

YAML

SampleStatefulRulegroup: Type: 'AWS::NetworkFirewall::RuleGroup' Properties: RuleGroupName: SampleStatefulRulegroupName Type: STATEFUL RuleGroup: RulesSource: RulesString: >- pass tcp 10.20.20.0/24 45400:45500 <> 10.10.10.0/24 5203 (msg:"test";sid:1;rev:1;) Capacity: 100 Description: Rulegroup description goes here Tags: - Key: Foo Value: Bar

Create a stateless rule group

The following shows example stateless rule group specifications.

JSON

"SampleStatelessRulegroup": { "Type": "AWS::NetworkFirewall::RuleGroup", "Properties": { "RuleGroupName": "SampleStatelessRulegroupName", "Type": "STATELESS", "RuleGroup": { "RulesSource": { "StatelessRulesAndCustomActions": { "StatelessRules": [ { "RuleDefinition": { "MatchAttributes": { "Sources": [ { "AddressDefinition": "0.0.0.0/0" } ], "Destinations": [ { "AddressDefinition": "10.0.0.0/8" } ], "SourcePorts": [ { "FromPort": 15000 }, { "ToPort": 30000 } ], "DestinationPorts": [ { "FromPort": 443 }, { "ToPort": 443 } ], "Protocols": [ 6 ] }, "Actions": [ "aws:pass" ] }, "Priority": 1 } ] } } }, "Capacity": 100, "Description": "Rulegroup description goes here", "Tags": [ { "Key": "Foo", "Value": "Bar" } ] } }

YAML

SampleStatelessRulegroup: Type: 'AWS::NetworkFirewall::RuleGroup' Properties: RuleGroupName: SampleStatelessRulegroupName Type: STATELESS RuleGroup: RulesSource: StatelessRulesAndCustomActions: StatelessRules: - RuleDefinition: MatchAttributes: Sources: - AddressDefinition: 0.0.0.0/0 Destinations: - AddressDefinition: 10.0.0.0/8 SourcePorts: - FromPort: 15000 ToPort: 30000 DestinationPorts: - FromPort: 443 ToPort: 443 Protocols: - 6 Actions: - 'aws:pass' Priority: 1 Capacity: 100 Description: Rulegroup description goes here Tags: - Key: Foo Value: Bar
PrivasiSyarat situsPreferensi cookie
© 2025, Amazon Web Services, Inc. atau afiliasinya. Semua hak dilindungi undang-undang.