Package software.amazon.awscdk.services.networkfirewall

Class CfnRuleGroup

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.CfnElement

software.amazon.awscdk.core.CfnRefElement

software.amazon.awscdk.core.CfnResource

software.amazon.awscdk.services.networkfirewall.CfnRuleGroup

All Implemented Interfaces:

IConstruct, IDependable, IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct

@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)",
           date="2023-06-19T16:30:00.414Z")
@Stability(Stable)
public class CfnRuleGroup
extends CfnResource
implements IInspectable

A CloudFormation AWS::NetworkFirewall::RuleGroup.

Use the RuleGroup to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.networkfirewall.*;
 CfnRuleGroup cfnRuleGroup = CfnRuleGroup.Builder.create(this, "MyCfnRuleGroup")
         .capacity(123)
         .ruleGroupName("ruleGroupName")
         .type("type")
         // the properties below are optional
         .description("description")
         .ruleGroup(RuleGroupProperty.builder()
                 .rulesSource(RulesSourceProperty.builder()
                         .rulesSourceList(RulesSourceListProperty.builder()
                                 .generatedRulesType("generatedRulesType")
                                 .targets(List.of("targets"))
                                 .targetTypes(List.of("targetTypes"))
                                 .build())
                         .rulesString("rulesString")
                         .statefulRules(List.of(StatefulRuleProperty.builder()
                                 .action("action")
                                 .header(HeaderProperty.builder()
                                         .destination("destination")
                                         .destinationPort("destinationPort")
                                         .direction("direction")
                                         .protocol("protocol")
                                         .source("source")
                                         .sourcePort("sourcePort")
                                         .build())
                                 .ruleOptions(List.of(RuleOptionProperty.builder()
                                         .keyword("keyword")
                                         // the properties below are optional
                                         .settings(List.of("settings"))
                                         .build()))
                                 .build()))
                         .statelessRulesAndCustomActions(StatelessRulesAndCustomActionsProperty.builder()
                                 .statelessRules(List.of(StatelessRuleProperty.builder()
                                         .priority(123)
                                         .ruleDefinition(RuleDefinitionProperty.builder()
                                                 .actions(List.of("actions"))
                                                 .matchAttributes(MatchAttributesProperty.builder()
                                                         .destinationPorts(List.of(PortRangeProperty.builder()
                                                                 .fromPort(123)
                                                                 .toPort(123)
                                                                 .build()))
                                                         .destinations(List.of(AddressProperty.builder()
                                                                 .addressDefinition("addressDefinition")
                                                                 .build()))
                                                         .protocols(List.of(123))
                                                         .sourcePorts(List.of(PortRangeProperty.builder()
                                                                 .fromPort(123)
                                                                 .toPort(123)
                                                                 .build()))
                                                         .sources(List.of(AddressProperty.builder()
                                                                 .addressDefinition("addressDefinition")
                                                                 .build()))
                                                         .tcpFlags(List.of(TCPFlagFieldProperty.builder()
                                                                 .flags(List.of("flags"))
                                                                 // the properties below are optional
                                                                 .masks(List.of("masks"))
                                                                 .build()))
                                                         .build())
                                                 .build())
                                         .build()))
                                 // the properties below are optional
                                 .customActions(List.of(CustomActionProperty.builder()
                                         .actionDefinition(ActionDefinitionProperty.builder()
                                                 .publishMetricAction(PublishMetricActionProperty.builder()
                                                         .dimensions(List.of(DimensionProperty.builder()
                                                                 .value("value")
                                                                 .build()))
                                                         .build())
                                                 .build())
                                         .actionName("actionName")
                                         .build()))
                                 .build())
                         .build())
                 // the properties below are optional
                 .referenceSets(ReferenceSetsProperty.builder()
                         .ipSetReferences(Map.of(
                                 "ipSetReferencesKey", Map.of(
                                         "referenceArn", "referenceArn")))
                         .build())
                 .ruleVariables(RuleVariablesProperty.builder()
                         .ipSets(Map.of(
                                 "ipSetsKey", Map.of(
                                         "definition", List.of("definition"))))
                         .portSets(Map.of(
                                 "portSetsKey", PortSetProperty.builder()
                                         .definition(List.of("definition"))
                                         .build()))
                         .build())
                 .statefulRuleOptions(StatefulRuleOptionsProperty.builder()
                         .ruleOrder("ruleOrder")
                         .build())
                 .build())
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	CfnRuleGroup.ActionDefinitionProperty	A custom action to use in stateless rule actions settings.
static interface	CfnRuleGroup.AddressProperty	A single IP address specification.
static final class	CfnRuleGroup.Builder	A fluent builder for CfnRuleGroup.
static interface	CfnRuleGroup.CustomActionProperty	An optional, non-standard action to use for stateless packet handling.
static interface	CfnRuleGroup.DimensionProperty	The value to use in an Amazon CloudWatch custom metric dimension.
static interface	CfnRuleGroup.HeaderProperty	The 5-tuple criteria for AWS Network Firewall to use to inspect packet headers in stateful traffic flow inspection.
static interface	CfnRuleGroup.IPSetProperty	A list of IP addresses and address ranges, in CIDR notation.
static interface	CfnRuleGroup.IPSetReferenceProperty	Configures one or more IPSetReferences for a Suricata-compatible rule group.
static interface	CfnRuleGroup.MatchAttributesProperty	Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection.
static interface	CfnRuleGroup.PortRangeProperty	A single port range specification.
static interface	CfnRuleGroup.PortSetProperty	A set of port ranges for use in the rules in a rule group.
static interface	CfnRuleGroup.PublishMetricActionProperty	Stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet.
static interface	CfnRuleGroup.ReferenceSetsProperty	Configures the ReferenceSets for a stateful rule group.
static interface	CfnRuleGroup.RuleDefinitionProperty	The inspection criteria and action for a single stateless rule.
static interface	CfnRuleGroup.RuleGroupProperty	The object that defines the rules in a rule group.
static interface	CfnRuleGroup.RuleOptionProperty	Additional settings for a stateful rule.
static interface	CfnRuleGroup.RulesSourceListProperty	Stateful inspection criteria for a domain list rule group.
static interface	CfnRuleGroup.RulesSourceProperty	The stateless or stateful rules definitions for use in a single rule group.
static interface	CfnRuleGroup.RuleVariablesProperty	Settings that are available for use in the rules in the RuleGroup where this is defined.
static interface	CfnRuleGroup.StatefulRuleOptionsProperty	Additional options governing how Network Firewall handles the rule group.
static interface	CfnRuleGroup.StatefulRuleProperty	A single Suricata rules specification, for use in a stateful rule group.
static interface	CfnRuleGroup.StatelessRuleProperty	A single stateless rule.
static interface	CfnRuleGroup.StatelessRulesAndCustomActionsProperty	Stateless inspection criteria.
static interface	CfnRuleGroup.TCPFlagFieldProperty	TCP flags and masks to inspect packets for.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct

IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CFN_RESOURCE_TYPE_NAME	The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor	Description
	CfnRuleGroup(Construct scope, String id, CfnRuleGroupProps props)	Create a new AWS::NetworkFirewall::RuleGroup.
protected	CfnRuleGroup(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnRuleGroup(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method	Description
String	getAttrRuleGroupArn()	The Amazon Resource Name (ARN) of the RuleGroup .
String	getAttrRuleGroupId()	The unique ID of the RuleGroup resource.
Number	getCapacity()	The maximum operating resources that this rule group can use.
protected Map<String,Object>	getCfnProperties()
String	getDescription()	A description of the rule group.
Object	getRuleGroup()	An object that defines the rule group rules.
String	getRuleGroupName()	The descriptive name of the rule group.
TagManager	getTags()	An array of key-value pairs to apply to this resource.
String	getType()	Indicates whether the rule group is stateless or stateful.
void	inspect(TreeInspector inspector)	Examines the CloudFormation resource and discloses attributes.
protected Map<String,Object>	renderProperties(Map<String,Object> props)
void	setCapacity(Number value)	The maximum operating resources that this rule group can use.
void	setDescription(String value)	A description of the rule group.
void	setRuleGroup(IResolvable value)	An object that defines the rule group rules.
void	setRuleGroup(CfnRuleGroup.RuleGroupProperty value)	An object that defines the rule group rules.
void	setRuleGroupName(String value)	The descriptive name of the rule group.
void	setType(String value)	Indicates whether the rule group is stateless or stateful.

Methods inherited from class software.amazon.awscdk.core.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.core.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.core.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Details

CFN_RESOURCE_TYPE_NAME

@Stability(Stable)
public static final String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Details

CfnRuleGroup

protected CfnRuleGroup(software.amazon.jsii.JsiiObjectRef objRef)

CfnRuleGroup

protected CfnRuleGroup(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnRuleGroup

@Stability(Stable)
public CfnRuleGroup(@NotNull
 Construct scope,
 @NotNull
 String id,
 @NotNull
 CfnRuleGroupProps props)

Create a new AWS::NetworkFirewall::RuleGroup.

Parameters:

scope -

• scope in which this resource is defined.

This parameter is required.

id -

• scoped id of the resource.

This parameter is required.

props -

• resource properties.

This parameter is required.

Method Details

inspect

@Stability(Stable)
public void inspect(@NotNull
 TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector -

• tree inspector to collect and process attributes.

This parameter is required.

renderProperties

@Stability(Stable)
@NotNull
protected Map<String,Object> renderProperties(@NotNull
 Map<String,Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrRuleGroupArn

@Stability(Stable)
@NotNull
public String getAttrRuleGroupArn()

The Amazon Resource Name (ARN) of the RuleGroup .

getAttrRuleGroupId

@Stability(Stable)
@NotNull
public String getAttrRuleGroupId()

The unique ID of the RuleGroup resource.

getCfnProperties

@Stability(Stable)
@NotNull
protected Map<String,Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getTags

@Stability(Stable)
@NotNull
public TagManager getTags()

An array of key-value pairs to apply to this resource.

For more information, see Tag .

getCapacity

@Stability(Stable)
@NotNull
public Number getCapacity()

The maximum operating resources that this rule group can use.

You can't change a rule group's capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.

setCapacity

@Stability(Stable)
public void setCapacity(@NotNull
 Number value)

The maximum operating resources that this rule group can use.

You can't change a rule group's capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.

getRuleGroupName

@Stability(Stable)
@NotNull
public String getRuleGroupName()

The descriptive name of the rule group.

You can't change the name of a rule group after you create it.

setRuleGroupName

@Stability(Stable)
public void setRuleGroupName(@NotNull
 String value)

The descriptive name of the rule group.

You can't change the name of a rule group after you create it.

getType

@Stability(Stable)
@NotNull
public String getType()

Indicates whether the rule group is stateless or stateful.

If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.

setType

@Stability(Stable)
public void setType(@NotNull
 String value)

Indicates whether the rule group is stateless or stateful.

If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.

getDescription

@Stability(Stable)
@Nullable
public String getDescription()

A description of the rule group.

setDescription

@Stability(Stable)
public void setDescription(@Nullable
 String value)

A description of the rule group.

getRuleGroup

@Stability(Stable)
@Nullable
public Object getRuleGroup()

An object that defines the rule group rules.

setRuleGroup

@Stability(Stable)
public void setRuleGroup(@Nullable
 IResolvable value)

An object that defines the rule group rules.

setRuleGroup

@Stability(Stable)
public void setRuleGroup(@Nullable
 CfnRuleGroup.RuleGroupProperty value)

An object that defines the rule group rules.