CfnRuleGroupProps

class aws_cdk.aws_networkfirewall.CfnRuleGroupProps(*, capacity, rule_group_name, type, description=None, rule_group=None, tags=None)

Bases: object

Properties for defining a CfnRuleGroup.

Parameters
  • capacity (Union[int, float]) – The maximum operating resources that this rule group can use. You can’t change a rule group’s capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.

  • rule_group_name (str) – The descriptive name of the rule group. You can’t change the name of a rule group after you create it.

  • type (str) – Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.

  • description (Optional[str]) – A description of the rule group.

  • rule_group (Union[IResolvable, RuleGroupProperty, Dict[str, Any], None]) – An object that defines the rule group rules.

  • tags (Optional[Sequence[Union[CfnTag, Dict[str, Any]]]]) – An array of key-value pairs to apply to this resource. For more information, see Tag .

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html

ExampleMetadata

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_networkfirewall as networkfirewall

cfn_rule_group_props = networkfirewall.CfnRuleGroupProps(
    capacity=123,
    rule_group_name="ruleGroupName",
    type="type",

    # the properties below are optional
    description="description",
    rule_group=networkfirewall.CfnRuleGroup.RuleGroupProperty(
        rules_source=networkfirewall.CfnRuleGroup.RulesSourceProperty(
            rules_source_list=networkfirewall.CfnRuleGroup.RulesSourceListProperty(
                generated_rules_type="generatedRulesType",
                targets=["targets"],
                target_types=["targetTypes"]
            ),
            rules_string="rulesString",
            stateful_rules=[networkfirewall.CfnRuleGroup.StatefulRuleProperty(
                action="action",
                header=networkfirewall.CfnRuleGroup.HeaderProperty(
                    destination="destination",
                    destination_port="destinationPort",
                    direction="direction",
                    protocol="protocol",
                    source="source",
                    source_port="sourcePort"
                ),
                rule_options=[networkfirewall.CfnRuleGroup.RuleOptionProperty(
                    keyword="keyword",

                    # the properties below are optional
                    settings=["settings"]
                )]
            )],
            stateless_rules_and_custom_actions=networkfirewall.CfnRuleGroup.StatelessRulesAndCustomActionsProperty(
                stateless_rules=[networkfirewall.CfnRuleGroup.StatelessRuleProperty(
                    priority=123,
                    rule_definition=networkfirewall.CfnRuleGroup.RuleDefinitionProperty(
                        actions=["actions"],
                        match_attributes=networkfirewall.CfnRuleGroup.MatchAttributesProperty(
                            destination_ports=[networkfirewall.CfnRuleGroup.PortRangeProperty(
                                from_port=123,
                                to_port=123
                            )],
                            destinations=[networkfirewall.CfnRuleGroup.AddressProperty(
                                address_definition="addressDefinition"
                            )],
                            protocols=[123],
                            source_ports=[networkfirewall.CfnRuleGroup.PortRangeProperty(
                                from_port=123,
                                to_port=123
                            )],
                            sources=[networkfirewall.CfnRuleGroup.AddressProperty(
                                address_definition="addressDefinition"
                            )],
                            tcp_flags=[networkfirewall.CfnRuleGroup.TCPFlagFieldProperty(
                                flags=["flags"],

                                # the properties below are optional
                                masks=["masks"]
                            )]
                        )
                    )
                )],

                # the properties below are optional
                custom_actions=[networkfirewall.CfnRuleGroup.CustomActionProperty(
                    action_definition=networkfirewall.CfnRuleGroup.ActionDefinitionProperty(
                        publish_metric_action=networkfirewall.CfnRuleGroup.PublishMetricActionProperty(
                            dimensions=[networkfirewall.CfnRuleGroup.DimensionProperty(
                                value="value"
                            )]
                        )
                    ),
                    action_name="actionName"
                )]
            )
        ),

        # the properties below are optional
        rule_variables=networkfirewall.CfnRuleGroup.RuleVariablesProperty(
            ip_sets={
                "ip_sets_key": {
                    "definition": ["definition"]
                }
            },
            port_sets={
                "port_sets_key": networkfirewall.CfnRuleGroup.PortSetProperty(
                    definition=["definition"]
                )
            }
        ),
        stateful_rule_options=networkfirewall.CfnRuleGroup.StatefulRuleOptionsProperty(
            rule_order="ruleOrder"
        )
    ),
    tags=[CfnTag(
        key="key",
        value="value"
    )]
)

Attributes

capacity

The maximum operating resources that this rule group can use.

You can’t change a rule group’s capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html#cfn-networkfirewall-rulegroup-capacity

Return type

Union[int, float]

description

A description of the rule group.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html#cfn-networkfirewall-rulegroup-description

Return type

Optional[str]

rule_group

An object that defines the rule group rules.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html#cfn-networkfirewall-rulegroup-rulegroup

Return type

Union[IResolvable, RuleGroupProperty, None]

rule_group_name

The descriptive name of the rule group.

You can’t change the name of a rule group after you create it.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html#cfn-networkfirewall-rulegroup-rulegroupname

Return type

str

tags

An array of key-value pairs to apply to this resource.

For more information, see Tag .

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html#cfn-networkfirewall-rulegroup-tags

Return type

Optional[List[CfnTag]]

type

Indicates whether the rule group is stateless or stateful.

If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html#cfn-networkfirewall-rulegroup-type

Return type

str