Interface CfnRuleGroup.IRuleGroupProperty
The object that defines the rules in a rule group.
Namespace: Amazon.CDK.AWS.NetworkFirewall
Assembly: Amazon.CDK.AWS.NetworkFirewall.dll
Syntax (csharp)
public interface IRuleGroupProperty
Syntax (vb)
Public Interface IRuleGroupProperty
Remarks
AWS Network Firewall uses a rule group to inspect and control network traffic. You define stateless rule groups to inspect individual packets and you define stateful rule groups to inspect packets in the context of their traffic flow.
To use a rule group, you include it by reference in an Network Firewall firewall policy, then you use the policy in a firewall. You can reference a rule group from more than one firewall policy, and you can use a firewall policy in more than one firewall.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.NetworkFirewall;
var ruleGroupProperty = new RuleGroupProperty {
RulesSource = new RulesSourceProperty {
RulesSourceList = new RulesSourceListProperty {
GeneratedRulesType = "generatedRulesType",
Targets = new [] { "targets" },
TargetTypes = new [] { "targetTypes" }
},
RulesString = "rulesString",
StatefulRules = new [] { new StatefulRuleProperty {
Action = "action",
Header = new HeaderProperty {
Destination = "destination",
DestinationPort = "destinationPort",
Direction = "direction",
Protocol = "protocol",
Source = "source",
SourcePort = "sourcePort"
},
RuleOptions = new [] { new RuleOptionProperty {
Keyword = "keyword",
// the properties below are optional
Settings = new [] { "settings" }
} }
} },
StatelessRulesAndCustomActions = new StatelessRulesAndCustomActionsProperty {
StatelessRules = new [] { new StatelessRuleProperty {
Priority = 123,
RuleDefinition = new RuleDefinitionProperty {
Actions = new [] { "actions" },
MatchAttributes = new MatchAttributesProperty {
DestinationPorts = new [] { new PortRangeProperty {
FromPort = 123,
ToPort = 123
} },
Destinations = new [] { new AddressProperty {
AddressDefinition = "addressDefinition"
} },
Protocols = new [] { 123 },
SourcePorts = new [] { new PortRangeProperty {
FromPort = 123,
ToPort = 123
} },
Sources = new [] { new AddressProperty {
AddressDefinition = "addressDefinition"
} },
TcpFlags = new [] { new TCPFlagFieldProperty {
Flags = new [] { "flags" },
// the properties below are optional
Masks = new [] { "masks" }
} }
}
}
} },
// the properties below are optional
CustomActions = new [] { new CustomActionProperty {
ActionDefinition = new ActionDefinitionProperty {
PublishMetricAction = new PublishMetricActionProperty {
Dimensions = new [] { new DimensionProperty {
Value = "value"
} }
}
},
ActionName = "actionName"
} }
}
},
// the properties below are optional
ReferenceSets = new ReferenceSetsProperty {
IpSetReferences = new Dictionary<string, object> {
{ "ipSetReferencesKey", new Dictionary<string, string?> {
{ "referenceArn", "referenceArn" }
} }
}
},
RuleVariables = new RuleVariablesProperty {
IpSets = new Dictionary<string, object> {
{ "ipSetsKey", new Dictionary<string, string[]?> {
{ "definition", new [] { "definition" } }
} }
},
PortSets = new Dictionary<string, object> {
{ "portSetsKey", new PortSetProperty {
Definition = new [] { "definition" }
} }
}
},
StatefulRuleOptions = new StatefulRuleOptionsProperty {
RuleOrder = "ruleOrder"
}
};
Synopsis
Properties
ReferenceSets | The reference sets for the stateful rule group. |
RulesSource | The stateful rules or stateless rules for the rule group. |
RuleVariables | Settings that are available for use in the rules in the rule group. |
StatefulRuleOptions | Additional options governing how Network Firewall handles stateful rules. |
Properties
ReferenceSets
The reference sets for the stateful rule group.
virtual object ReferenceSets { get; }
Property Value
System.Object
Remarks
RulesSource
The stateful rules or stateless rules for the rule group.
object RulesSource { get; }
Property Value
System.Object
Remarks
RuleVariables
Settings that are available for use in the rules in the rule group.
virtual object RuleVariables { get; }
Property Value
System.Object
Remarks
You can only use these for stateful rule groups.
StatefulRuleOptions
Additional options governing how Network Firewall handles stateful rules.
virtual object StatefulRuleOptions { get; }
Property Value
System.Object
Remarks
The policies where you use your stateful rule group must have stateful rule options settings that are compatible with these settings.