aws-cdk-lib.aws_networkfirewall.CfnRuleGroupProps

interface CfnRuleGroupProps

LanguageType name
.NETAmazon.CDK.AWS.NetworkFirewall.CfnRuleGroupProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsnetworkfirewall#CfnRuleGroupProps
Javasoftware.amazon.awscdk.services.networkfirewall.CfnRuleGroupProps
Pythonaws_cdk.aws_networkfirewall.CfnRuleGroupProps
TypeScript aws-cdk-lib » aws_networkfirewall » CfnRuleGroupProps

Properties for defining a CfnRuleGroup.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_networkfirewall as networkfirewall } from 'aws-cdk-lib';
const cfnRuleGroupProps: networkfirewall.CfnRuleGroupProps = {
  capacity: 123,
  ruleGroupName: 'ruleGroupName',
  type: 'type',

  // the properties below are optional
  description: 'description',
  ruleGroup: {
    rulesSource: {
      rulesSourceList: {
        generatedRulesType: 'generatedRulesType',
        targets: ['targets'],
        targetTypes: ['targetTypes'],
      },
      rulesString: 'rulesString',
      statefulRules: [{
        action: 'action',
        header: {
          destination: 'destination',
          destinationPort: 'destinationPort',
          direction: 'direction',
          protocol: 'protocol',
          source: 'source',
          sourcePort: 'sourcePort',
        },
        ruleOptions: [{
          keyword: 'keyword',

          // the properties below are optional
          settings: ['settings'],
        }],
      }],
      statelessRulesAndCustomActions: {
        statelessRules: [{
          priority: 123,
          ruleDefinition: {
            actions: ['actions'],
            matchAttributes: {
              destinationPorts: [{
                fromPort: 123,
                toPort: 123,
              }],
              destinations: [{
                addressDefinition: 'addressDefinition',
              }],
              protocols: [123],
              sourcePorts: [{
                fromPort: 123,
                toPort: 123,
              }],
              sources: [{
                addressDefinition: 'addressDefinition',
              }],
              tcpFlags: [{
                flags: ['flags'],

                // the properties below are optional
                masks: ['masks'],
              }],
            },
          },
        }],

        // the properties below are optional
        customActions: [{
          actionDefinition: {
            publishMetricAction: {
              dimensions: [{
                value: 'value',
              }],
            },
          },
          actionName: 'actionName',
        }],
      },
    },

    // the properties below are optional
    referenceSets: {
      ipSetReferences: {
        ipSetReferencesKey: {
          referenceArn: 'referenceArn',
        },
      },
    },
    ruleVariables: {
      ipSets: {
        ipSetsKey: {
          definition: ['definition'],
        },
      },
      portSets: {
        portSetsKey: {
          definition: ['definition'],
        },
      },
    },
    statefulRuleOptions: {
      ruleOrder: 'ruleOrder',
    },
  },
  tags: [{
    key: 'key',
    value: 'value',
  }],
};

Properties

NameTypeDescription
capacitynumberThe maximum operating resources that this rule group can use.
ruleGroupNamestringThe descriptive name of the rule group.
typestringIndicates whether the rule group is stateless or stateful.
description?stringA description of the rule group.
ruleGroup?IResolvable | RuleGroupPropertyAn object that defines the rule group rules.
tags?CfnTag[]An array of key-value pairs to apply to this resource.

capacity

Type: number

The maximum operating resources that this rule group can use.

You can't change a rule group's capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.


ruleGroupName

Type: string

The descriptive name of the rule group.

You can't change the name of a rule group after you create it.


type

Type: string

Indicates whether the rule group is stateless or stateful.

If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.


description?

Type: string (optional)

A description of the rule group.


ruleGroup?

Type: IResolvable | RuleGroupProperty (optional)

An object that defines the rule group rules.


tags?

Type: CfnTag[] (optional)

An array of key-value pairs to apply to this resource.

For more information, see Tag .