@Generated(value="jsii-pacmak/1.71.0 (build f1f58ae)", date="2022-12-07T17:24:37.356Z") @Stability(value=Stable) public class CfnRuleGroup extends CfnResource implements IInspectable
Use the RuleGroup to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.networkfirewall.*;
CfnRuleGroup cfnRuleGroup = CfnRuleGroup.Builder.create(this, "MyCfnRuleGroup")
.capacity(123)
.ruleGroupName("ruleGroupName")
.type("type")
// the properties below are optional
.description("description")
.ruleGroup(RuleGroupProperty.builder()
.rulesSource(RulesSourceProperty.builder()
.rulesSourceList(RulesSourceListProperty.builder()
.generatedRulesType("generatedRulesType")
.targets(List.of("targets"))
.targetTypes(List.of("targetTypes"))
.build())
.rulesString("rulesString")
.statefulRules(List.of(StatefulRuleProperty.builder()
.action("action")
.header(HeaderProperty.builder()
.destination("destination")
.destinationPort("destinationPort")
.direction("direction")
.protocol("protocol")
.source("source")
.sourcePort("sourcePort")
.build())
.ruleOptions(List.of(RuleOptionProperty.builder()
.keyword("keyword")
// the properties below are optional
.settings(List.of("settings"))
.build()))
.build()))
.statelessRulesAndCustomActions(StatelessRulesAndCustomActionsProperty.builder()
.statelessRules(List.of(StatelessRuleProperty.builder()
.priority(123)
.ruleDefinition(RuleDefinitionProperty.builder()
.actions(List.of("actions"))
.matchAttributes(MatchAttributesProperty.builder()
.destinationPorts(List.of(PortRangeProperty.builder()
.fromPort(123)
.toPort(123)
.build()))
.destinations(List.of(AddressProperty.builder()
.addressDefinition("addressDefinition")
.build()))
.protocols(List.of(123))
.sourcePorts(List.of(PortRangeProperty.builder()
.fromPort(123)
.toPort(123)
.build()))
.sources(List.of(AddressProperty.builder()
.addressDefinition("addressDefinition")
.build()))
.tcpFlags(List.of(TCPFlagFieldProperty.builder()
.flags(List.of("flags"))
// the properties below are optional
.masks(List.of("masks"))
.build()))
.build())
.build())
.build()))
// the properties below are optional
.customActions(List.of(CustomActionProperty.builder()
.actionDefinition(ActionDefinitionProperty.builder()
.publishMetricAction(PublishMetricActionProperty.builder()
.dimensions(List.of(DimensionProperty.builder()
.value("value")
.build()))
.build())
.build())
.actionName("actionName")
.build()))
.build())
.build())
// the properties below are optional
.ruleVariables(RuleVariablesProperty.builder()
.ipSets(Map.of(
"ipSetsKey", Map.of(
"definition", List.of("definition"))))
.portSets(Map.of(
"portSetsKey", PortSetProperty.builder()
.definition(List.of("definition"))
.build()))
.build())
.statefulRuleOptions(StatefulRuleOptionsProperty.builder()
.ruleOrder("ruleOrder")
.build())
.build())
.tags(List.of(CfnTag.builder()
.key("key")
.value("value")
.build()))
.build();
| Modifier and Type | Class and Description |
|---|---|
static interface |
CfnRuleGroup.ActionDefinitionProperty
A custom action to use in stateless rule actions settings.
|
static interface |
CfnRuleGroup.AddressProperty
A single IP address specification.
|
static class |
CfnRuleGroup.Builder
A fluent builder for
CfnRuleGroup. |
static interface |
CfnRuleGroup.CustomActionProperty
An optional, non-standard action to use for stateless packet handling.
|
static interface |
CfnRuleGroup.DimensionProperty
The value to use in an Amazon CloudWatch custom metric dimension.
|
static interface |
CfnRuleGroup.HeaderProperty
The 5-tuple criteria for AWS Network Firewall to use to inspect packet headers in stateful traffic flow inspection.
|
static interface |
CfnRuleGroup.IPSetProperty
A list of IP addresses and address ranges, in CIDR notation.
|
static interface |
CfnRuleGroup.MatchAttributesProperty
Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection.
|
static interface |
CfnRuleGroup.PortRangeProperty
A single port range specification.
|
static interface |
CfnRuleGroup.PortSetProperty
A set of port ranges for use in the rules in a rule group.
|
static interface |
CfnRuleGroup.PublishMetricActionProperty
Stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet.
|
static interface |
CfnRuleGroup.RuleDefinitionProperty
The inspection criteria and action for a single stateless rule.
|
static interface |
CfnRuleGroup.RuleGroupProperty
The object that defines the rules in a rule group.
|
static interface |
CfnRuleGroup.RuleOptionProperty
Additional settings for a stateful rule.
|
static interface |
CfnRuleGroup.RulesSourceListProperty
Stateful inspection criteria for a domain list rule group.
|
static interface |
CfnRuleGroup.RulesSourceProperty
The stateless or stateful rules definitions for use in a single rule group.
|
static interface |
CfnRuleGroup.RuleVariablesProperty
Settings that are available for use in the rules in the `RuleGroup` where this is defined.
|
static interface |
CfnRuleGroup.StatefulRuleOptionsProperty
Additional options governing how Network Firewall handles the rule group.
|
static interface |
CfnRuleGroup.StatefulRuleProperty
A single Suricata rules specification, for use in a stateful rule group.
|
static interface |
CfnRuleGroup.StatelessRuleProperty
A single stateless rule.
|
static interface |
CfnRuleGroup.StatelessRulesAndCustomActionsProperty
Stateless inspection criteria.
|
static interface |
CfnRuleGroup.TCPFlagFieldProperty
TCP flags and masks to inspect packets for.
|
software.amazon.jsii.JsiiObject.InitializationModeIInspectable.Jsii$Default, IInspectable.Jsii$ProxyIConstruct.Jsii$Default| Modifier and Type | Field and Description |
|---|---|
static String |
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
|
| Modifier | Constructor and Description |
|---|---|
|
CfnRuleGroup(Construct scope,
String id,
CfnRuleGroupProps props)
Create a new `AWS::NetworkFirewall::RuleGroup`.
|
protected |
CfnRuleGroup(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) |
protected |
CfnRuleGroup(software.amazon.jsii.JsiiObjectRef objRef) |
| Modifier and Type | Method and Description |
|---|---|
String |
getAttrRuleGroupArn()
The Amazon Resource Name (ARN) of the `RuleGroup` .
|
String |
getAttrRuleGroupId()
The unique ID of the `RuleGroup` resource.
|
Number |
getCapacity()
The maximum operating resources that this rule group can use.
|
protected Map<String,Object> |
getCfnProperties() |
String |
getDescription()
A description of the rule group.
|
Object |
getRuleGroup()
An object that defines the rule group rules.
|
String |
getRuleGroupName()
The descriptive name of the rule group.
|
TagManager |
getTags()
An array of key-value pairs to apply to this resource.
|
String |
getType()
Indicates whether the rule group is stateless or stateful.
|
void |
inspect(TreeInspector inspector)
Examines the CloudFormation resource and discloses attributes.
|
protected Map<String,Object> |
renderProperties(Map<String,Object> props) |
void |
setCapacity(Number value)
The maximum operating resources that this rule group can use.
|
void |
setDescription(String value)
A description of the rule group.
|
void |
setRuleGroup(CfnRuleGroup.RuleGroupProperty value)
An object that defines the rule group rules.
|
void |
setRuleGroup(IResolvable value)
An object that defines the rule group rules.
|
void |
setRuleGroupName(String value)
The descriptive name of the rule group.
|
void |
setType(String value)
Indicates whether the rule group is stateless or stateful.
|
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validatePropertiesgetRefgetCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalIdgetNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validatejsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet@Stability(value=Stable) public static final String CFN_RESOURCE_TYPE_NAME
protected CfnRuleGroup(software.amazon.jsii.JsiiObjectRef objRef)
protected CfnRuleGroup(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
@Stability(value=Stable)
public CfnRuleGroup(@NotNull
Construct scope,
@NotNull
String id,
@NotNull
CfnRuleGroupProps props)
scope - - scope in which this resource is defined. This parameter is required.id - - scoped id of the resource. This parameter is required.props - - resource properties. This parameter is required.@Stability(value=Stable)
public void inspect(@NotNull
TreeInspector inspector)
inspect in interface IInspectableinspector - - tree inspector to collect and process attributes. This parameter is required.@Stability(value=Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
renderProperties in class CfnResourceprops - This parameter is required.@Stability(value=Stable) @NotNull public String getAttrRuleGroupArn()
@Stability(value=Stable) @NotNull public String getAttrRuleGroupId()
@Stability(value=Stable) @NotNull protected Map<String,Object> getCfnProperties()
getCfnProperties in class CfnResource@Stability(value=Stable) @NotNull public TagManager getTags()
For more information, see Tag .
@Stability(value=Stable) @NotNull public Number getCapacity()
You can't change a rule group's capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.
@Stability(value=Stable)
public void setCapacity(@NotNull
Number value)
You can't change a rule group's capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.
@Stability(value=Stable) @NotNull public String getRuleGroupName()
You can't change the name of a rule group after you create it.
@Stability(value=Stable)
public void setRuleGroupName(@NotNull
String value)
You can't change the name of a rule group after you create it.
@Stability(value=Stable) @NotNull public String getType()
If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
@Stability(value=Stable)
public void setType(@NotNull
String value)
If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
@Stability(value=Stable) @Nullable public String getDescription()
@Stability(value=Stable)
public void setDescription(@Nullable
String value)
@Stability(value=Stable) @Nullable public Object getRuleGroup()
@Stability(value=Stable)
public void setRuleGroup(@Nullable
IResolvable value)
@Stability(value=Stable)
public void setRuleGroup(@Nullable
CfnRuleGroup.RuleGroupProperty value)
Copyright © 2022. All rights reserved.