aws-cdk-lib.aws_networkfirewall.CfnFirewallPolicy.PolicyVariablesProperty

interface PolicyVariablesProperty

LanguageType name
.NETAmazon.CDK.AWS.NetworkFirewall.CfnFirewallPolicy.PolicyVariablesProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsnetworkfirewall#CfnFirewallPolicy_PolicyVariablesProperty
Javasoftware.amazon.awscdk.services.networkfirewall.CfnFirewallPolicy.PolicyVariablesProperty
Pythonaws_cdk.aws_networkfirewall.CfnFirewallPolicy.PolicyVariablesProperty
TypeScript aws-cdk-lib » aws_networkfirewall » CfnFirewallPolicy » PolicyVariablesProperty

Contains variables that you can use to override default Suricata settings in your firewall policy.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_networkfirewall as networkfirewall } from 'aws-cdk-lib';
const policyVariablesProperty: networkfirewall.CfnFirewallPolicy.PolicyVariablesProperty = {
  ruleVariables: {
    ruleVariablesKey: {
      definition: ['definition'],
    },
  },
};

Properties

NameTypeDescription
ruleVariables?IResolvable | { [string]: IResolvable | IPSetProperty }The IPv4 or IPv6 addresses in CIDR notation to use for the Suricata HOME_NET variable.

ruleVariables?

Type: IResolvable | { [string]: IResolvable | IPSetProperty } (optional)

The IPv4 or IPv6 addresses in CIDR notation to use for the Suricata HOME_NET variable.

If your firewall uses an inspection VPC, you might want to override the HOME_NET variable with the CIDRs of your home networks. If you don't override HOME_NET with your own CIDRs, Network Firewall by default uses the CIDR of your inspection VPC.