@Generated(value="jsii-pacmak/1.74.0 (build 6d08790)", date="2023-03-14T16:25:24.532Z") public class CfnRuleGroup extends CfnResource implements IInspectable
Use the RuleGroup
to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an FirewallPolicy
to specify the filtering behavior of an Firewall
.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.networkfirewall.*; CfnRuleGroup cfnRuleGroup = CfnRuleGroup.Builder.create(this, "MyCfnRuleGroup") .capacity(123) .ruleGroupName("ruleGroupName") .type("type") // the properties below are optional .description("description") .ruleGroup(RuleGroupProperty.builder() .rulesSource(RulesSourceProperty.builder() .rulesSourceList(RulesSourceListProperty.builder() .generatedRulesType("generatedRulesType") .targets(List.of("targets")) .targetTypes(List.of("targetTypes")) .build()) .rulesString("rulesString") .statefulRules(List.of(StatefulRuleProperty.builder() .action("action") .header(HeaderProperty.builder() .destination("destination") .destinationPort("destinationPort") .direction("direction") .protocol("protocol") .source("source") .sourcePort("sourcePort") .build()) .ruleOptions(List.of(RuleOptionProperty.builder() .keyword("keyword") // the properties below are optional .settings(List.of("settings")) .build())) .build())) .statelessRulesAndCustomActions(StatelessRulesAndCustomActionsProperty.builder() .statelessRules(List.of(StatelessRuleProperty.builder() .priority(123) .ruleDefinition(RuleDefinitionProperty.builder() .actions(List.of("actions")) .matchAttributes(MatchAttributesProperty.builder() .destinationPorts(List.of(PortRangeProperty.builder() .fromPort(123) .toPort(123) .build())) .destinations(List.of(AddressProperty.builder() .addressDefinition("addressDefinition") .build())) .protocols(List.of(123)) .sourcePorts(List.of(PortRangeProperty.builder() .fromPort(123) .toPort(123) .build())) .sources(List.of(AddressProperty.builder() .addressDefinition("addressDefinition") .build())) .tcpFlags(List.of(TCPFlagFieldProperty.builder() .flags(List.of("flags")) // the properties below are optional .masks(List.of("masks")) .build())) .build()) .build()) .build())) // the properties below are optional .customActions(List.of(CustomActionProperty.builder() .actionDefinition(ActionDefinitionProperty.builder() .publishMetricAction(PublishMetricActionProperty.builder() .dimensions(List.of(DimensionProperty.builder() .value("value") .build())) .build()) .build()) .actionName("actionName") .build())) .build()) .build()) // the properties below are optional .referenceSets(ReferenceSetsProperty.builder() .ipSetReferences(Map.of( "ipSetReferencesKey", Map.of( "referenceArn", "referenceArn"))) .build()) .ruleVariables(RuleVariablesProperty.builder() .ipSets(Map.of( "ipSetsKey", Map.of( "definition", List.of("definition")))) .portSets(Map.of( "portSetsKey", PortSetProperty.builder() .definition(List.of("definition")) .build())) .build()) .statefulRuleOptions(StatefulRuleOptionsProperty.builder() .ruleOrder("ruleOrder") .build()) .build()) .tags(List.of(CfnTag.builder() .key("key") .value("value") .build())) .build();
Modifier and Type | Class and Description |
---|---|
static interface |
CfnRuleGroup.ActionDefinitionProperty
A custom action to use in stateless rule actions settings.
|
static interface |
CfnRuleGroup.AddressProperty
A single IP address specification.
|
static class |
CfnRuleGroup.Builder
A fluent builder for
CfnRuleGroup . |
static interface |
CfnRuleGroup.CustomActionProperty
An optional, non-standard action to use for stateless packet handling.
|
static interface |
CfnRuleGroup.DimensionProperty
The value to use in an Amazon CloudWatch custom metric dimension.
|
static interface |
CfnRuleGroup.HeaderProperty
The 5-tuple criteria for AWS Network Firewall to use to inspect packet headers in stateful traffic flow inspection.
|
static interface |
CfnRuleGroup.IPSetProperty
A list of IP addresses and address ranges, in CIDR notation.
|
static interface |
CfnRuleGroup.IPSetReferenceProperty
Configures one or more `IPSetReferences` for a Suricata-compatible rule group.
|
static interface |
CfnRuleGroup.MatchAttributesProperty
Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection.
|
static interface |
CfnRuleGroup.PortRangeProperty
A single port range specification.
|
static interface |
CfnRuleGroup.PortSetProperty
A set of port ranges for use in the rules in a rule group.
|
static interface |
CfnRuleGroup.PublishMetricActionProperty
Stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet.
|
static interface |
CfnRuleGroup.ReferenceSetsProperty
Configures the `ReferenceSets` for a stateful rule group.
|
static interface |
CfnRuleGroup.RuleDefinitionProperty
The inspection criteria and action for a single stateless rule.
|
static interface |
CfnRuleGroup.RuleGroupProperty
The object that defines the rules in a rule group.
|
static interface |
CfnRuleGroup.RuleOptionProperty
Additional settings for a stateful rule.
|
static interface |
CfnRuleGroup.RulesSourceListProperty
Stateful inspection criteria for a domain list rule group.
|
static interface |
CfnRuleGroup.RulesSourceProperty
The stateless or stateful rules definitions for use in a single rule group.
|
static interface |
CfnRuleGroup.RuleVariablesProperty
Settings that are available for use in the rules in the `RuleGroup` where this is defined.
|
static interface |
CfnRuleGroup.StatefulRuleOptionsProperty
Additional options governing how Network Firewall handles the rule group.
|
static interface |
CfnRuleGroup.StatefulRuleProperty
A single Suricata rules specification, for use in a stateful rule group.
|
static interface |
CfnRuleGroup.StatelessRuleProperty
A single stateless rule.
|
static interface |
CfnRuleGroup.StatelessRulesAndCustomActionsProperty
Stateless inspection criteria.
|
static interface |
CfnRuleGroup.TCPFlagFieldProperty
TCP flags and masks to inspect packets for.
|
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
IConstruct.Jsii$Default
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
|
Modifier | Constructor and Description |
---|---|
|
CfnRuleGroup(Construct scope,
java.lang.String id,
CfnRuleGroupProps props)
Create a new `AWS::NetworkFirewall::RuleGroup`.
|
protected |
CfnRuleGroup(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) |
protected |
CfnRuleGroup(software.amazon.jsii.JsiiObjectRef objRef) |
Modifier and Type | Method and Description |
---|---|
java.lang.String |
getAttrRuleGroupArn()
The Amazon Resource Name (ARN) of the `RuleGroup` .
|
java.lang.String |
getAttrRuleGroupId()
The unique ID of the `RuleGroup` resource.
|
java.lang.Number |
getCapacity()
The maximum operating resources that this rule group can use.
|
protected java.util.Map<java.lang.String,java.lang.Object> |
getCfnProperties() |
java.lang.String |
getDescription()
A description of the rule group.
|
java.lang.Object |
getRuleGroup()
An object that defines the rule group rules.
|
java.lang.String |
getRuleGroupName()
The descriptive name of the rule group.
|
TagManager |
getTags()
An array of key-value pairs to apply to this resource.
|
java.lang.String |
getType()
Indicates whether the rule group is stateless or stateful.
|
void |
inspect(TreeInspector inspector)
Examines the CloudFormation resource and discloses attributes.
|
protected java.util.Map<java.lang.String,java.lang.Object> |
renderProperties(java.util.Map<java.lang.String,java.lang.Object> props) |
void |
setCapacity(java.lang.Number value)
The maximum operating resources that this rule group can use.
|
void |
setDescription(java.lang.String value)
A description of the rule group.
|
void |
setRuleGroup(CfnRuleGroup.RuleGroupProperty value)
An object that defines the rule group rules.
|
void |
setRuleGroup(IResolvable value)
An object that defines the rule group rules.
|
void |
setRuleGroupName(java.lang.String value)
The descriptive name of the rule group.
|
void |
setType(java.lang.String value)
Indicates whether the rule group is stateless or stateful.
|
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties
getRef
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate
public static final java.lang.String CFN_RESOURCE_TYPE_NAME
protected CfnRuleGroup(software.amazon.jsii.JsiiObjectRef objRef)
protected CfnRuleGroup(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
public CfnRuleGroup(Construct scope, java.lang.String id, CfnRuleGroupProps props)
scope
- - scope in which this resource is defined. This parameter is required.id
- - scoped id of the resource. This parameter is required.props
- - resource properties. This parameter is required.public void inspect(TreeInspector inspector)
inspect
in interface IInspectable
inspector
- - tree inspector to collect and process attributes. This parameter is required.protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
renderProperties
in class CfnResource
props
- This parameter is required.public java.lang.String getAttrRuleGroupArn()
public java.lang.String getAttrRuleGroupId()
protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()
getCfnProperties
in class CfnResource
public TagManager getTags()
For more information, see Tag .
public java.lang.Number getCapacity()
You can't change a rule group's capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.
public void setCapacity(java.lang.Number value)
You can't change a rule group's capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.
public java.lang.String getRuleGroupName()
You can't change the name of a rule group after you create it.
public void setRuleGroupName(java.lang.String value)
You can't change the name of a rule group after you create it.
public java.lang.String getType()
If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
public void setType(java.lang.String value)
If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
public java.lang.String getDescription()
public void setDescription(java.lang.String value)
public java.lang.Object getRuleGroup()
public void setRuleGroup(IResolvable value)
public void setRuleGroup(CfnRuleGroup.RuleGroupProperty value)