CfnRuleGroupProps
- class aws_cdk.aws_networkfirewall.CfnRuleGroupProps(*, capacity, rule_group_name, type, description=None, rule_group=None, tags=None)
Bases:
object
Properties for defining a
CfnRuleGroup
.- Parameters:
capacity (
Union
[int
,float
]) – The maximum operating resources that this rule group can use. You can’t change a rule group’s capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.rule_group_name (
str
) – The descriptive name of the rule group. You can’t change the name of a rule group after you create it.type (
str
) – Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.description (
Optional
[str
]) – A description of the rule group.rule_group (
Union
[IResolvable
,RuleGroupProperty
,Dict
[str
,Any
],None
]) – An object that defines the rule group rules.tags (
Optional
[Sequence
[Union
[CfnTag
,Dict
[str
,Any
]]]]) – An array of key-value pairs to apply to this resource. For more information, see Tag .
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_networkfirewall as networkfirewall cfn_rule_group_props = networkfirewall.CfnRuleGroupProps( capacity=123, rule_group_name="ruleGroupName", type="type", # the properties below are optional description="description", rule_group=networkfirewall.CfnRuleGroup.RuleGroupProperty( rules_source=networkfirewall.CfnRuleGroup.RulesSourceProperty( rules_source_list=networkfirewall.CfnRuleGroup.RulesSourceListProperty( generated_rules_type="generatedRulesType", targets=["targets"], target_types=["targetTypes"] ), rules_string="rulesString", stateful_rules=[networkfirewall.CfnRuleGroup.StatefulRuleProperty( action="action", header=networkfirewall.CfnRuleGroup.HeaderProperty( destination="destination", destination_port="destinationPort", direction="direction", protocol="protocol", source="source", source_port="sourcePort" ), rule_options=[networkfirewall.CfnRuleGroup.RuleOptionProperty( keyword="keyword", # the properties below are optional settings=["settings"] )] )], stateless_rules_and_custom_actions=networkfirewall.CfnRuleGroup.StatelessRulesAndCustomActionsProperty( stateless_rules=[networkfirewall.CfnRuleGroup.StatelessRuleProperty( priority=123, rule_definition=networkfirewall.CfnRuleGroup.RuleDefinitionProperty( actions=["actions"], match_attributes=networkfirewall.CfnRuleGroup.MatchAttributesProperty( destination_ports=[networkfirewall.CfnRuleGroup.PortRangeProperty( from_port=123, to_port=123 )], destinations=[networkfirewall.CfnRuleGroup.AddressProperty( address_definition="addressDefinition" )], protocols=[123], source_ports=[networkfirewall.CfnRuleGroup.PortRangeProperty( from_port=123, to_port=123 )], sources=[networkfirewall.CfnRuleGroup.AddressProperty( address_definition="addressDefinition" )], tcp_flags=[networkfirewall.CfnRuleGroup.TCPFlagFieldProperty( flags=["flags"], # the properties below are optional masks=["masks"] )] ) ) )], # the properties below are optional custom_actions=[networkfirewall.CfnRuleGroup.CustomActionProperty( action_definition=networkfirewall.CfnRuleGroup.ActionDefinitionProperty( publish_metric_action=networkfirewall.CfnRuleGroup.PublishMetricActionProperty( dimensions=[networkfirewall.CfnRuleGroup.DimensionProperty( value="value" )] ) ), action_name="actionName" )] ) ), # the properties below are optional reference_sets=networkfirewall.CfnRuleGroup.ReferenceSetsProperty( ip_set_references={ "ip_set_references_key": { "reference_arn": "referenceArn" } } ), rule_variables=networkfirewall.CfnRuleGroup.RuleVariablesProperty( ip_sets={ "ip_sets_key": { "definition": ["definition"] } }, port_sets={ "port_sets_key": networkfirewall.CfnRuleGroup.PortSetProperty( definition=["definition"] ) } ), stateful_rule_options=networkfirewall.CfnRuleGroup.StatefulRuleOptionsProperty( rule_order="ruleOrder" ) ), tags=[CfnTag( key="key", value="value" )] )
Attributes
- capacity
The maximum operating resources that this rule group can use.
You can’t change a rule group’s capacity setting after you create the rule group. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.
- description
A description of the rule group.
- rule_group
An object that defines the rule group rules.
- rule_group_name
The descriptive name of the rule group.
You can’t change the name of a rule group after you create it.
- type
Indicates whether the rule group is stateless or stateful.
If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.