AWS CloudFormation
User Guide (Version )

AWS::EC2::TrafficMirrorFilterRule

Creates a Traffic Mirror filter rule.

A Traffic Mirror rule defines the Traffic Mirror source traffic to mirror.

You need the Traffic Mirror filter ID when you create the rule.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::EC2::TrafficMirrorFilterRule", "Properties" : { "Description" : String, "DestinationCidrBlock" : String, "DestinationPortRange" : TrafficMirrorPortRange, "Protocol" : Integer, "RuleAction" : String, "RuleNumber" : Integer, "SourceCidrBlock" : String, "SourcePortRange" : TrafficMirrorPortRange, "TrafficDirection" : String, "TrafficMirrorFilterId" : String } }

YAML

Type: AWS::EC2::TrafficMirrorFilterRule Properties: Description: String DestinationCidrBlock: String DestinationPortRange: TrafficMirrorPortRange Protocol: Integer RuleAction: String RuleNumber: Integer SourceCidrBlock: String SourcePortRange: TrafficMirrorPortRange TrafficDirection: String TrafficMirrorFilterId: String

Properties

Description

The description of the Traffic Mirror rule.

Required: No

Type: String

Update requires: No interruption

DestinationCidrBlock

The destination CIDR block to assign to the Traffic Mirror rule.

Required: Yes

Type: String

Update requires: No interruption

DestinationPortRange

The destination port range.

Required: No

Type: TrafficMirrorPortRange

Update requires: No interruption

Protocol

The protocol, for example UDP, to assign to the Traffic Mirror rule.

For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.

Required: No

Type: Integer

Update requires: No interruption

RuleAction

The action to take (accept | reject) on the filtered traffic.

Required: Yes

Type: String

Allowed Values: accept | reject

Update requires: No interruption

RuleNumber

The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.

Required: Yes

Type: Integer

Update requires: No interruption

SourceCidrBlock

The source CIDR block to assign to the Traffic Mirror rule.

Required: Yes

Type: String

Update requires: No interruption

SourcePortRange

The source port range.

Required: No

Type: TrafficMirrorPortRange

Update requires: No interruption

TrafficDirection

The type of traffic (ingress | egress).

Required: Yes

Type: String

Allowed Values: egress | ingress

Update requires: No interruption

TrafficMirrorFilterId

The ID of the filter that this rule is associated with.

Required: Yes

Type: String

Update requires: Replacement

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the Traffic Mirror filter rule.

For more information about using the Ref function, see Ref.

Examples

Create a Traffic Mirror Filter Rule for inbound UDP Traffic

This is a filter rule for UDP traffic.

JSON

{ "SampleTrafficMirrorFilterRule": { "Type": "AWS::EC2::TrafficMirrorFilterRule", "Properties": { "Description": "Example traffic mirror filter rule", "TrafficMirrorFilterId": "tmf-04812ff784EXAMPLE", "TrafficDirection": "ingress", "RuleNumber": 10, "DestinationCidrBlock": "10.0.0.0/16", "SourceCidrBlock": "10.0.0.0/16", "RuleAction": "accept", "Protocol": 17, "SourcePortRange": { "FromPort": 10, "ToPort": 50 }, "DestinationPortRange": { "FromPort": 50, "ToPort": 100 } } } }

YAML

SampleTrafficMirrorFilterRule: Type: "AWS::EC2::TrafficMirrorFilterRule" Properties: Description: "Example traffic mirror filter rule" TrafficMirrorFilterId: "tmf-04812ff784EXAMPLE" TrafficDirection: "ingress" RuleNumber: 10 DestinationCidrBlock: "10.0.0.0/16" SourceCidrBlock: "10.0.0.0/16" RuleAction: "accept" Protocol: 17 SourcePortRange: FromPort: 10 ToPort: 50 DestinationPortRange: FromPort: 50 ToPort: 100

See Also