Interface CfnFirewallPolicy.FirewallPolicyProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnFirewallPolicy.FirewallPolicyProperty.Jsii$Proxy
- Enclosing class:
CfnFirewallPolicy
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.networkfirewall.*; FirewallPolicyProperty firewallPolicyProperty = FirewallPolicyProperty.builder() .statelessDefaultActions(List.of("statelessDefaultActions")) .statelessFragmentDefaultActions(List.of("statelessFragmentDefaultActions")) // the properties below are optional .policyVariables(PolicyVariablesProperty.builder() .ruleVariables(Map.of( "ruleVariablesKey", Map.of( "definition", List.of("definition")))) .build()) .statefulDefaultActions(List.of("statefulDefaultActions")) .statefulEngineOptions(StatefulEngineOptionsProperty.builder() .ruleOrder("ruleOrder") .streamExceptionPolicy("streamExceptionPolicy") .build()) .statefulRuleGroupReferences(List.of(StatefulRuleGroupReferenceProperty.builder() .resourceArn("resourceArn") // the properties below are optional .override(StatefulRuleGroupOverrideProperty.builder() .action("action") .build()) .priority(123) .build())) .statelessCustomActions(List.of(CustomActionProperty.builder() .actionDefinition(ActionDefinitionProperty.builder() .publishMetricAction(PublishMetricActionProperty.builder() .dimensions(List.of(DimensionProperty.builder() .value("value") .build())) .build()) .build()) .actionName("actionName") .build())) .statelessRuleGroupReferences(List.of(StatelessRuleGroupReferenceProperty.builder() .priority(123) .resourceArn("resourceArn") .build())) .tlsInspectionConfigurationArn("tlsInspectionConfigurationArn") .build();
- See Also:
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
A builder forCfnFirewallPolicy.FirewallPolicyProperty
static final class
An implementation forCfnFirewallPolicy.FirewallPolicyProperty
-
Method Summary
Modifier and TypeMethodDescriptionbuilder()
default Object
Contains variables that you can use to override default Suricata settings in your firewall policy.The default actions to take on a packet that doesn't match any stateful rules.default Object
Additional options governing how Network Firewall handles stateful rules.default Object
References to the stateful rule groups that are used in the policy.default Object
The custom action definitions that are available for use in the firewall policy'sStatelessDefaultActions
setting.The actions to take on a packet if it doesn't match any of the stateless rules in the policy.The actions to take on a fragmented packet if it doesn't match any of the stateless rules in the policy.default Object
References to the stateless rule groups that are used in the policy.default String
The Amazon Resource Name (ARN) of the TLS inspection configuration.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getStatelessDefaultActions
The actions to take on a packet if it doesn't match any of the stateless rules in the policy.If you want non-matching packets to be forwarded for stateful inspection, specify
aws:forward_to_sfe
.You must specify one of the standard actions:
aws:pass
,aws:drop
, oraws:forward_to_sfe
. In addition, you can specify custom actions that are compatible with your standard section choice.For example, you could specify
["aws:pass"]
or you could specify["aws:pass", “customActionName”]
. For information about compatibility, see the custom action descriptions.- See Also:
-
getStatelessFragmentDefaultActions
The actions to take on a fragmented packet if it doesn't match any of the stateless rules in the policy.If you want non-matching fragmented packets to be forwarded for stateful inspection, specify
aws:forward_to_sfe
.You must specify one of the standard actions:
aws:pass
,aws:drop
, oraws:forward_to_sfe
. In addition, you can specify custom actions that are compatible with your standard section choice.For example, you could specify
["aws:pass"]
or you could specify["aws:pass", “customActionName”]
. For information about compatibility, see the custom action descriptions.- See Also:
-
getPolicyVariables
Contains variables that you can use to override default Suricata settings in your firewall policy.- See Also:
-
getStatefulDefaultActions
The default actions to take on a packet that doesn't match any stateful rules.The stateful default action is optional, and is only valid when using the strict rule order.
Valid values of the stateful default action:
- aws:drop_strict
- aws:drop_established
- aws:alert_strict
- aws:alert_established
For more information, see Strict evaluation order in the AWS Network Firewall Developer Guide .
- See Also:
-
getStatefulEngineOptions
Additional options governing how Network Firewall handles stateful rules.The stateful rule groups that you use in your policy must have stateful rule options settings that are compatible with these settings.
- See Also:
-
getStatefulRuleGroupReferences
References to the stateful rule groups that are used in the policy.These define the inspection criteria in stateful rules.
- See Also:
-
getStatelessCustomActions
The custom action definitions that are available for use in the firewall policy'sStatelessDefaultActions
setting.You name each custom action that you define, and then you can use it by name in your default actions specifications.
- See Also:
-
getStatelessRuleGroupReferences
References to the stateless rule groups that are used in the policy.These define the matching criteria in stateless rules.
- See Also:
-
getTlsInspectionConfigurationArn
The Amazon Resource Name (ARN) of the TLS inspection configuration.- See Also:
-
builder
-