Class CfnRuleGroup
A CloudFormation AWS::NetworkFirewall::RuleGroup
.
Inherited Members
Namespace: Amazon.CDK.AWS.NetworkFirewall
Assembly: Amazon.CDK.AWS.NetworkFirewall.dll
Syntax (csharp)
public class CfnRuleGroup : CfnResource, IConstruct, IDependable, IInspectable
Syntax (vb)
Public Class CfnRuleGroup
Inherits CfnResource
Implements IConstruct, IDependable, IInspectable
Remarks
Use the RuleGroup
to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an FirewallPolicy
to specify the filtering behavior of an Firewall
.
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.NetworkFirewall;
var cfnRuleGroup = new CfnRuleGroup(this, "MyCfnRuleGroup", new CfnRuleGroupProps {
Capacity = 123,
RuleGroupName = "ruleGroupName",
Type = "type",
// the properties below are optional
Description = "description",
RuleGroup = new RuleGroupProperty {
RulesSource = new RulesSourceProperty {
RulesSourceList = new RulesSourceListProperty {
GeneratedRulesType = "generatedRulesType",
Targets = new [] { "targets" },
TargetTypes = new [] { "targetTypes" }
},
RulesString = "rulesString",
StatefulRules = new [] { new StatefulRuleProperty {
Action = "action",
Header = new HeaderProperty {
Destination = "destination",
DestinationPort = "destinationPort",
Direction = "direction",
Protocol = "protocol",
Source = "source",
SourcePort = "sourcePort"
},
RuleOptions = new [] { new RuleOptionProperty {
Keyword = "keyword",
// the properties below are optional
Settings = new [] { "settings" }
} }
} },
StatelessRulesAndCustomActions = new StatelessRulesAndCustomActionsProperty {
StatelessRules = new [] { new StatelessRuleProperty {
Priority = 123,
RuleDefinition = new RuleDefinitionProperty {
Actions = new [] { "actions" },
MatchAttributes = new MatchAttributesProperty {
DestinationPorts = new [] { new PortRangeProperty {
FromPort = 123,
ToPort = 123
} },
Destinations = new [] { new AddressProperty {
AddressDefinition = "addressDefinition"
} },
Protocols = new [] { 123 },
SourcePorts = new [] { new PortRangeProperty {
FromPort = 123,
ToPort = 123
} },
Sources = new [] { new AddressProperty {
AddressDefinition = "addressDefinition"
} },
TcpFlags = new [] { new TCPFlagFieldProperty {
Flags = new [] { "flags" },
// the properties below are optional
Masks = new [] { "masks" }
} }
}
}
} },
// the properties below are optional
CustomActions = new [] { new CustomActionProperty {
ActionDefinition = new ActionDefinitionProperty {
PublishMetricAction = new PublishMetricActionProperty {
Dimensions = new [] { new DimensionProperty {
Value = "value"
} }
}
},
ActionName = "actionName"
} }
}
},
// the properties below are optional
ReferenceSets = new ReferenceSetsProperty {
IpSetReferences = new Dictionary<string, object> {
{ "ipSetReferencesKey", new Dictionary<string, string?> {
{ "referenceArn", "referenceArn" }
} }
}
},
RuleVariables = new RuleVariablesProperty {
IpSets = new Dictionary<string, object> {
{ "ipSetsKey", new Dictionary<string, string[]?> {
{ "definition", new [] { "definition" } }
} }
},
PortSets = new Dictionary<string, object> {
{ "portSetsKey", new PortSetProperty {
Definition = new [] { "definition" }
} }
}
},
StatefulRuleOptions = new StatefulRuleOptionsProperty {
RuleOrder = "ruleOrder"
}
},
Tags = new [] { new CfnTag {
Key = "key",
Value = "value"
} }
});
Synopsis
Constructors
CfnRuleGroup(Construct, String, ICfnRuleGroupProps) | Create a new |
CfnRuleGroup(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
CfnRuleGroup(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
Properties
AttrRuleGroupArn | The Amazon Resource Name (ARN) of the |
AttrRuleGroupId | The unique ID of the |
Capacity | The maximum operating resources that this rule group can use. |
CFN_RESOURCE_TYPE_NAME | The CloudFormation resource type name for this resource class. |
CfnProperties | |
Description | A description of the rule group. |
RuleGroup | An object that defines the rule group rules. |
RuleGroupName | The descriptive name of the rule group. |
Tags | An array of key-value pairs to apply to this resource. |
Type | Indicates whether the rule group is stateless or stateful. |
Methods
Inspect(TreeInspector) | Examines the CloudFormation resource and discloses attributes. |
RenderProperties(IDictionary<String, Object>) |
Constructors
CfnRuleGroup(Construct, String, ICfnRuleGroupProps)
Create a new AWS::NetworkFirewall::RuleGroup
.
public CfnRuleGroup(Construct scope, string id, ICfnRuleGroupProps props)
Parameters
- scope Construct
- scope in which this resource is defined.
- id System.String
- scoped id of the resource.
- props ICfnRuleGroupProps
- resource properties.
CfnRuleGroup(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected CfnRuleGroup(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
CfnRuleGroup(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected CfnRuleGroup(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
Properties
AttrRuleGroupArn
The Amazon Resource Name (ARN) of the RuleGroup
.
public virtual string AttrRuleGroupArn { get; }
Property Value
System.String
Remarks
CloudformationAttribute: RuleGroupArn
AttrRuleGroupId
The unique ID of the RuleGroup
resource.
public virtual string AttrRuleGroupId { get; }
Property Value
System.String
Remarks
CloudformationAttribute: RuleGroupId
Capacity
The maximum operating resources that this rule group can use.
public virtual double Capacity { get; set; }
Property Value
System.Double
Remarks
You can't change a rule group's capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
public static string CFN_RESOURCE_TYPE_NAME { get; }
Property Value
System.String
CfnProperties
protected override IDictionary<string, object> CfnProperties { get; }
Property Value
System.Collections.Generic.IDictionary<System.String, System.Object>
Overrides
Description
A description of the rule group.
public virtual string Description { get; set; }
Property Value
System.String
Remarks
RuleGroup
An object that defines the rule group rules.
public virtual object RuleGroup { get; set; }
Property Value
System.Object
Remarks
RuleGroupName
The descriptive name of the rule group.
public virtual string RuleGroupName { get; set; }
Property Value
System.String
Remarks
You can't change the name of a rule group after you create it.
Tags
An array of key-value pairs to apply to this resource.
public virtual TagManager Tags { get; }
Property Value
Remarks
Type
Indicates whether the rule group is stateless or stateful.
public virtual string Type { get; set; }
Property Value
System.String
Remarks
If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
Methods
Inspect(TreeInspector)
Examines the CloudFormation resource and discloses attributes.
public virtual void Inspect(TreeInspector inspector)
Parameters
- inspector TreeInspector
- tree inspector to collect and process attributes.
RenderProperties(IDictionary<String, Object>)
protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)
Parameters
- props System.Collections.Generic.IDictionary<System.String, System.Object>
Returns
System.Collections.Generic.IDictionary<System.String, System.Object>