Class CfnRuleGroup
Use the RuleGroup to define a reusable collection of stateless or stateful network traffic filtering rules.
Inherited Members
Namespace: Amazon.CDK.AWS.NetworkFirewall
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnRuleGroup : CfnResource, IInspectable, ITaggableSyntax (vb)
Public Class CfnRuleGroup Inherits CfnResource Implements IInspectable, ITaggableRemarks
You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.NetworkFirewall;
var cfnRuleGroup = new CfnRuleGroup(this, "MyCfnRuleGroup", new CfnRuleGroupProps {
Capacity = 123,
RuleGroupName = "ruleGroupName",
Type = "type",
// the properties below are optional
Description = "description",
RuleGroup = new RuleGroupProperty {
RulesSource = new RulesSourceProperty {
RulesSourceList = new RulesSourceListProperty {
GeneratedRulesType = "generatedRulesType",
Targets = new [] { "targets" },
TargetTypes = new [] { "targetTypes" }
},
RulesString = "rulesString",
StatefulRules = new [] { new StatefulRuleProperty {
Action = "action",
Header = new HeaderProperty {
Destination = "destination",
DestinationPort = "destinationPort",
Direction = "direction",
Protocol = "protocol",
Source = "source",
SourcePort = "sourcePort"
},
RuleOptions = new [] { new RuleOptionProperty {
Keyword = "keyword",
// the properties below are optional
Settings = new [] { "settings" }
} }
} },
StatelessRulesAndCustomActions = new StatelessRulesAndCustomActionsProperty {
StatelessRules = new [] { new StatelessRuleProperty {
Priority = 123,
RuleDefinition = new RuleDefinitionProperty {
Actions = new [] { "actions" },
MatchAttributes = new MatchAttributesProperty {
DestinationPorts = new [] { new PortRangeProperty {
FromPort = 123,
ToPort = 123
} },
Destinations = new [] { new AddressProperty {
AddressDefinition = "addressDefinition"
} },
Protocols = new [] { 123 },
SourcePorts = new [] { new PortRangeProperty {
FromPort = 123,
ToPort = 123
} },
Sources = new [] { new AddressProperty {
AddressDefinition = "addressDefinition"
} },
TcpFlags = new [] { new TCPFlagFieldProperty {
Flags = new [] { "flags" },
// the properties below are optional
Masks = new [] { "masks" }
} }
}
}
} },
// the properties below are optional
CustomActions = new [] { new CustomActionProperty {
ActionDefinition = new ActionDefinitionProperty {
PublishMetricAction = new PublishMetricActionProperty {
Dimensions = new [] { new DimensionProperty {
Value = "value"
} }
}
},
ActionName = "actionName"
} }
}
},
// the properties below are optional
ReferenceSets = new ReferenceSetsProperty {
IpSetReferences = new Dictionary<string, object> {
{ "ipSetReferencesKey", new Dictionary<string, string?> {
{ "referenceArn", "referenceArn" }
} }
}
},
RuleVariables = new RuleVariablesProperty {
IpSets = new Dictionary<string, object> {
{ "ipSetsKey", new Dictionary<string, string[]?> {
{ "definition", new [] { "definition" } }
} }
},
PortSets = new Dictionary<string, object> {
{ "portSetsKey", new PortSetProperty {
Definition = new [] { "definition" }
} }
}
},
StatefulRuleOptions = new StatefulRuleOptionsProperty {
RuleOrder = "ruleOrder"
}
},
Tags = new [] { new CfnTag {
Key = "key",
Value = "value"
} }
});Synopsis
Constructors
| CfnRuleGroup(Construct, string, ICfnRuleGroupProps) | Use the |
Properties
| AttrRuleGroupArn | The Amazon Resource Name (ARN) of the |
| AttrRuleGroupId | The unique ID of the |
| CFN_RESOURCE_TYPE_NAME | The CloudFormation resource type name for this resource class. |
| Capacity | The maximum operating resources that this rule group can use. |
| CfnProperties | Use the |
| Description | A description of the rule group. |
| RuleGroup | An object that defines the rule group rules. |
| RuleGroupName | The descriptive name of the rule group. |
| Tags | Tag Manager which manages the tags for this resource. |
| TagsRaw | An array of key-value pairs to apply to this resource. |
| Type | Indicates whether the rule group is stateless or stateful. |
Methods
| Inspect(TreeInspector) | Examines the CloudFormation resource and discloses attributes. |
| RenderProperties(IDictionary<string, object>) | Use the |
Constructors
CfnRuleGroup(Construct, string, ICfnRuleGroupProps)
Use the RuleGroup to define a reusable collection of stateless or stateful network traffic filtering rules.
public CfnRuleGroup(Construct scope, string id, ICfnRuleGroupProps props)Parameters
- scope Construct
Scope in which this resource is defined.
- id string
Construct identifier for this resource (unique in its scope).
- props ICfnRuleGroupProps
Resource properties.
Remarks
You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated
Properties
AttrRuleGroupArn
The Amazon Resource Name (ARN) of the RuleGroup .
public virtual string AttrRuleGroupArn { get; }Property Value
Remarks
CloudformationAttribute: RuleGroupArn
AttrRuleGroupId
The unique ID of the RuleGroup resource.
public virtual string AttrRuleGroupId { get; }Property Value
Remarks
CloudformationAttribute: RuleGroupId
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
public static string CFN_RESOURCE_TYPE_NAME { get; }Property Value
Remarks
You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated
Capacity
The maximum operating resources that this rule group can use.
public virtual double Capacity { get; set; }Property Value
Remarks
You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated
CfnProperties
Use the RuleGroup to define a reusable collection of stateless or stateful network traffic filtering rules.
protected override IDictionary<string, object> CfnProperties { get; }Property Value
Overrides
Remarks
You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated
Description
A description of the rule group.
public virtual string? Description { get; set; }Property Value
Remarks
You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated
RuleGroup
An object that defines the rule group rules.
public virtual object? RuleGroup { get; set; }Property Value
Remarks
You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated
RuleGroupName
The descriptive name of the rule group.
public virtual string RuleGroupName { get; set; }Property Value
Remarks
You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated
Tags
Tag Manager which manages the tags for this resource.
public virtual TagManager Tags { get; }Property Value
Remarks
You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated
TagsRaw
An array of key-value pairs to apply to this resource.
public virtual ICfnTag[]? TagsRaw { get; set; }Property Value
ICfnTag[]
Remarks
You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated
Type
Indicates whether the rule group is stateless or stateful.
public virtual string Type { get; set; }Property Value
Remarks
You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated
Methods
Inspect(TreeInspector)
Examines the CloudFormation resource and discloses attributes.
public virtual void Inspect(TreeInspector inspector)Parameters
- inspector TreeInspector
tree inspector to collect and process attributes.
Remarks
You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated
RenderProperties(IDictionary<string, object>)
Use the RuleGroup to define a reusable collection of stateless or stateful network traffic filtering rules.
protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)Parameters
- props IDictionary<string, object>
Returns
Overrides
Remarks
You use rule groups in an FirewallPolicy to specify the filtering behavior of an Firewall .
CloudformationResource: AWS::NetworkFirewall::RuleGroup
ExampleMetadata: fixture=_generated