You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.
Class: Aws::NetworkFirewall::Types::UpdateRuleGroupRequest
- Inherits:
-
Struct
- Object
- Struct
- Aws::NetworkFirewall::Types::UpdateRuleGroupRequest
- Defined in:
- (unknown)
Overview
When passing UpdateRuleGroupRequest as input to an Aws::Client method, you can use a vanilla Hash:
{
update_token: "UpdateToken", # required
rule_group_arn: "ResourceArn",
rule_group_name: "ResourceName",
rule_group: {
rule_variables: {
ip_sets: {
"RuleVariableName" => {
definition: ["VariableDefinition"], # required
},
},
port_sets: {
"RuleVariableName" => {
definition: ["VariableDefinition"],
},
},
},
rules_source: { # required
rules_string: "RulesString",
rules_source_list: {
targets: ["CollectionMember_String"], # required
target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
},
stateful_rules: [
{
action: "PASS", # required, accepts PASS, DROP, ALERT
header: { # required
protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
source: "Source", # required
source_port: "Port", # required
direction: "FORWARD", # required, accepts FORWARD, ANY
destination: "Destination", # required
destination_port: "Port", # required
},
rule_options: [ # required
{
keyword: "Keyword", # required
settings: ["Setting"],
},
],
},
],
stateless_rules_and_custom_actions: {
stateless_rules: [ # required
{
rule_definition: { # required
match_attributes: { # required
sources: [
{
address_definition: "AddressDefinition", # required
},
],
destinations: [
{
address_definition: "AddressDefinition", # required
},
],
source_ports: [
{
from_port: 1, # required
to_port: 1, # required
},
],
destination_ports: [
{
from_port: 1, # required
to_port: 1, # required
},
],
protocols: [1],
tcp_flags: [
{
flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
},
],
},
actions: ["CollectionMember_String"], # required
},
priority: 1, # required
},
],
custom_actions: [
{
action_name: "ActionName", # required
action_definition: { # required
publish_metric_action: {
dimensions: [ # required
{
value: "DimensionValue", # required
},
],
},
},
},
],
},
},
},
rules: "RulesString",
type: "STATELESS", # accepts STATELESS, STATEFUL
description: "Description",
dry_run: false,
}
Instance Attribute Summary collapse
-
#description ⇒ String
A description of the rule group.
-
#dry_run ⇒ Boolean
Indicates whether you want Network Firewall to just check the validity of the request, rather than run the request.
-
#rule_group ⇒ Types::RuleGroup
An object that defines the rule group rules.
-
#rule_group_arn ⇒ String
The Amazon Resource Name (ARN) of the rule group.
-
#rule_group_name ⇒ String
The descriptive name of the rule group.
-
#rules ⇒ String
The name of a file containing stateful rule group rules specifications in Suricata flat format, with one rule per line.
-
#type ⇒ String
Indicates whether the rule group is stateless or stateful.
-
#update_token ⇒ String
A token used for optimistic locking.
Instance Attribute Details
#description ⇒ String
A description of the rule group.
#dry_run ⇒ Boolean
Indicates whether you want Network Firewall to just check the validity of the request, rather than run the request.
If set to TRUE
, Network Firewall checks whether the request can run
successfully, but doesn\'t actually make the requested changes. The call
returns the value that the request would return if you ran it with dry
run set to FALSE
, but doesn\'t make additions or changes to your
resources. This option allows you to make sure that you have the
required permissions to run the request and that your request parameters
are valid.
If set to FALSE
, Network Firewall makes the requested changes to your
resources.
#rule_group ⇒ Types::RuleGroup
An object that defines the rule group rules.
Rules
setting,
but not both.
#rule_group_arn ⇒ String
The Amazon Resource Name (ARN) of the rule group.
You must specify the ARN or the name, and you can specify both.
#rule_group_name ⇒ String
The descriptive name of the rule group. You can\'t change the name of a rule group after you create it.
You must specify the ARN or the name, and you can specify both.
#rules ⇒ String
The name of a file containing stateful rule group rules specifications in Suricata flat format, with one rule per line. Use this to import your existing Suricata compatible rule groups.
RuleGroup
setting, but not both.
You can provide your rule group specification in a file through this setting when you create or update your rule group. The call response returns a RuleGroup object that Network Firewall has populated from your file. Network Firewall uses the file contents to populate the rule group rules, but does not maintain a reference to the file or use the file in any way after performing the create or update. If you call DescribeRuleGroup to retrieve the rule group, Network Firewall returns rules settings inside a RuleGroup object.
#type ⇒ String
Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
RuleGroupARN
.
Possible values:
- STATELESS
- STATEFUL
#update_token ⇒ String
A token used for optimistic locking. Network Firewall returns a token to your requests that access the rule group. The token marks the state of the rule group resource at the time of the request.
To make changes to the rule group, you provide the token in your
request. Network Firewall uses the token to ensure that the rule group
hasn\'t changed since you last retrieved it. If it has changed, the
operation fails with an InvalidTokenException
. If this happens,
retrieve the rule group again to get a current copy of it with a current
token. Reapply your changes as needed, then try the operation again
using the new token.