RuleGroupResponse - AWS Network Firewall

RuleGroupResponse

The high-level properties of a rule group. This, along with the RuleGroup, define the rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.

Contents

RuleGroupArn

The Amazon Resource Name (ARN) of the rule group.

Note

If this response is for a create request that had DryRun set to TRUE, then this ARN is a placeholder that isn't attached to a valid resource.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: ^arn:aws.*

Required: Yes

RuleGroupId

The unique identifier for the rule group.

Type: String

Length Constraints: Fixed length of 36.

Pattern: ^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$

Required: Yes

RuleGroupName

The descriptive name of the rule group. You can't change the name of a rule group after you create it.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: ^[a-zA-Z0-9-]+$

Required: Yes

AnalysisResults

The list of analysis results for AnalyzeRuleGroup. If you set AnalyzeRuleGroup to TRUE in CreateRuleGroup, UpdateRuleGroup, or DescribeRuleGroup, Network Firewall analyzes the rule group and identifies the rules that might adversely effect your firewall's functionality. For example, if Network Firewall detects a rule that's routing traffic asymmetrically, which impacts the service's ability to properly process traffic, the service includes the rule in the list of analysis results.

Type: Array of AnalysisResult objects

Required: No

Capacity

The maximum operating resources that this rule group can use. Rule group capacity is fixed at creation. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.

You can retrieve the capacity that would be required for a rule group before you create the rule group by calling CreateRuleGroup with DryRun set to TRUE.

Type: Integer

Required: No

ConsumedCapacity

The number of capacity units currently consumed by the rule group rules.

Type: Integer

Required: No

Description

A description of the rule group.

Type: String

Length Constraints: Maximum length of 512.

Pattern: ^.*$

Required: No

EncryptionConfiguration

A complex type that contains the AWS KMS encryption configuration settings for your rule group.

Type: EncryptionConfiguration object

Required: No

LastModifiedTime

The last time that the rule group was changed.

Type: Timestamp

Required: No

NumberOfAssociations

The number of firewall policies that use this rule group.

Type: Integer

Required: No

RuleGroupStatus

Detailed information about the current status of a rule group.

Type: String

Valid Values: ACTIVE | DELETING | ERROR

Required: No

SnsTopic

The Amazon resource name (ARN) of the Amazon Simple Notification Service SNS topic that's used to record changes to the managed rule group. You can subscribe to the SNS topic to receive notifications when the managed rule group is modified, such as for new versions and for version expiration. For more information, see the Amazon Simple Notification Service Developer Guide..

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: ^arn:aws.*

Required: No

SourceMetadata

A complex type that contains metadata about the rule group that your own rule group is copied from. You can use the metadata to track the version updates made to the originating rule group.

Type: SourceMetadata object

Required: No

Tags

The key:value pairs to associate with the resource.

Type: Array of Tag objects

Array Members: Minimum number of 1 item. Maximum number of 200 items.

Required: No

Type

Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.

Type: String

Valid Values: STATELESS | STATEFUL

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: