Class: Aws::NetworkFirewall::Types::RuleGroup

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb

Overview

Note:

When making an API call, you may pass RuleGroup data as a hash:

{
  rule_variables: {
    ip_sets: {
      "RuleVariableName" => {
        definition: ["VariableDefinition"], # required
      },
    },
    port_sets: {
      "RuleVariableName" => {
        definition: ["VariableDefinition"],
      },
    },
  },
  reference_sets: {
    ip_set_references: {
      "IPSetReferenceName" => {
        reference_arn: "ResourceArn",
      },
    },
  },
  rules_source: { # required
    rules_string: "RulesString",
    rules_source_list: {
      targets: ["CollectionMember_String"], # required
      target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
      generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
    },
    stateful_rules: [
      {
        action: "PASS", # required, accepts PASS, DROP, ALERT
        header: { # required
          protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
          source: "Source", # required
          source_port: "Port", # required
          direction: "FORWARD", # required, accepts FORWARD, ANY
          destination: "Destination", # required
          destination_port: "Port", # required
        },
        rule_options: [ # required
          {
            keyword: "Keyword", # required
            settings: ["Setting"],
          },
        ],
      },
    ],
    stateless_rules_and_custom_actions: {
      stateless_rules: [ # required
        {
          rule_definition: { # required
            match_attributes: { # required
              sources: [
                {
                  address_definition: "AddressDefinition", # required
                },
              ],
              destinations: [
                {
                  address_definition: "AddressDefinition", # required
                },
              ],
              source_ports: [
                {
                  from_port: 1, # required
                  to_port: 1, # required
                },
              ],
              destination_ports: [
                {
                  from_port: 1, # required
                  to_port: 1, # required
                },
              ],
              protocols: [1],
              tcp_flags: [
                {
                  flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
                  masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
                },
              ],
            },
            actions: ["CollectionMember_String"], # required
          },
          priority: 1, # required
        },
      ],
      custom_actions: [
        {
          action_name: "ActionName", # required
          action_definition: { # required
            publish_metric_action: {
              dimensions: [ # required
                {
                  value: "DimensionValue", # required
                },
              ],
            },
          },
        },
      ],
    },
  },
  stateful_rule_options: {
    rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
  },
}

The object that defines the rules in a rule group. This, along with RuleGroupResponse, define the rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.

Network Firewall uses a rule group to inspect and control network traffic. You define stateless rule groups to inspect individual packets and you define stateful rule groups to inspect packets in the context of their traffic flow.

To use a rule group, you include it by reference in an Network Firewall firewall policy, then you use the policy in a firewall. You can reference a rule group from more than one firewall policy, and you can use a firewall policy in more than one firewall.

See Also:

Constant Summary collapse

SENSITIVE = 
[]

Instance Attribute Summary collapse

Instance Attribute Details

#reference_setsTypes::ReferenceSets

The list of a rule group's reference sets.

Returns:



3396
3397
3398
3399
3400
3401
3402
3403
 
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 3396

class RuleGroup < Struct.new(
  :rule_variables,
  :reference_sets,
  :rules_source,
  :stateful_rule_options)
  SENSITIVE = []
  include Aws::Structure
end

#rule_variablesTypes::RuleVariables

Settings that are available for use in the rules in the rule group. You can only use these for stateful rule groups.

Returns:



3396
3397
3398
3399
3400
3401
3402
3403
 
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 3396

class RuleGroup < Struct.new(
  :rule_variables,
  :reference_sets,
  :rules_source,
  :stateful_rule_options)
  SENSITIVE = []
  include Aws::Structure
end

#rules_sourceTypes::RulesSource

The stateful rules or stateless rules for the rule group.

Returns:



3396
3397
3398
3399
3400
3401
3402
3403
 
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 3396

class RuleGroup < Struct.new(
  :rule_variables,
  :reference_sets,
  :rules_source,
  :stateful_rule_options)
  SENSITIVE = []
  include Aws::Structure
end

#stateful_rule_optionsTypes::StatefulRuleOptions

Additional options governing how Network Firewall handles stateful rules. The policies where you use your stateful rule group must have stateful rule options settings that are compatible with these settings.

Returns:



3396
3397
3398
3399
3400
3401
3402
3403
 
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 3396

class RuleGroup < Struct.new(
  :rule_variables,
  :reference_sets,
  :rules_source,
  :stateful_rule_options)
  SENSITIVE = []
  include Aws::Structure
end