Package software.amazon.awscdk.services.networkfirewall

Interface CfnRuleGroup.RulesSourceListProperty

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CfnRuleGroup.RulesSourceListProperty.Jsii$Proxy

Enclosing class:

CfnRuleGroup

@Stability(Stable)
public static interface CfnRuleGroup.RulesSourceListProperty
extends software.amazon.jsii.JsiiSerializable

Stateful inspection criteria for a domain list rule group.

For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.

By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the HOME_NET rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see RuleGroup.RuleVariables in this guide and Stateful domain list rule groups in AWS Network Firewall in the Network Firewall Developer Guide

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.networkfirewall.*;
 RulesSourceListProperty rulesSourceListProperty = RulesSourceListProperty.builder()
         .generatedRulesType("generatedRulesType")
         .targets(List.of("targets"))
         .targetTypes(List.of("targetTypes"))
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessourcelist.html

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CfnRuleGroup.RulesSourceListProperty.Builder	A builder for CfnRuleGroup.RulesSourceListProperty
static final class	CfnRuleGroup.RulesSourceListProperty.Jsii$Proxy	An implementation for CfnRuleGroup.RulesSourceListProperty

Method Summary

Modifier and Type	Method	Description
static CfnRuleGroup.RulesSourceListProperty.Builder	builder()
String	getGeneratedRulesType()	Whether you want to allow or deny access to the domains in your target list.
List<String>	getTargets()	The domains that you want to inspect for in your traffic flows.
List<String>	getTargetTypes()	The types of targets to inspect for.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getGeneratedRulesType

@Stability(Stable)
@NotNull
String getGeneratedRulesType()

Whether you want to allow or deny access to the domains in your target list.

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessourcelist.html#cfn-networkfirewall-rulegroup-rulessourcelist-generatedrulestype

getTargets

@Stability(Stable)
@NotNull
List<String> getTargets()

The domains that you want to inspect for in your traffic flows. Valid domain specifications are the following:.

• Explicit names. For example, abc.example.com matches only the domain abc.example.com .
• Names that use a domain wildcard, which you indicate with an initial ' . '. For example, .example.com matches example.com and matches all subdomains of example.com , such as abc.example.com and www.example.com .

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessourcelist.html#cfn-networkfirewall-rulegroup-rulessourcelist-targets

getTargetTypes

@Stability(Stable)
@NotNull
List<String> getTargetTypes()

The types of targets to inspect for.

Valid values are TLS_SNI and HTTP_HOST .

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessourcelist.html#cfn-networkfirewall-rulegroup-rulessourcelist-targettypes

builder

@Stability(Stable)
static CfnRuleGroup.RulesSourceListProperty.Builder builder()

Returns:

a CfnRuleGroup.RulesSourceListProperty.Builder of CfnRuleGroup.RulesSourceListProperty