Class CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder
java.lang.Object
software.amazon.awscdk.cfnpropertymixins.services.route53resolver.CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder
- All Implemented Interfaces:
software.amazon.jsii.Builder<CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty>
- Enclosing interface:
CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty
@Stability(Stable)
public static final class CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder
extends Object
implements software.amazon.jsii.Builder<CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty>
A builder for
CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionSets the value ofCfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.getAction()blockOverrideDnsType(String blockOverrideDnsType) blockOverrideDomain(String blockOverrideDomain) blockOverrideTtl(Number blockOverrideTtl) blockResponse(String blockResponse) Sets the value ofCfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.getBlockResponse()build()Builds the configured instance.confidenceThreshold(String confidenceThreshold) dnsThreatProtection(String dnsThreatProtection) firewallDomainListId(String firewallDomainListId) firewallDomainListId(IFirewallDomainListRef firewallDomainListId) firewallDomainRedirectionAction(String firewallDomainRedirectionAction) firewallThreatProtectionId(String firewallThreatProtectionId) Sets the value ofCfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.getPriority()Sets the value ofCfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.getQtype()
-
Constructor Details
-
Builder
public Builder()
-
-
Method Details
-
action
@Stability(Stable) public CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder action(String action) Sets the value ofCfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.getAction()- Parameters:
action- The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advvanced rule: -ALLOW- Permit the request to go through. Not available for DNS Firewall Advanced rules.ALERT- Permit the request to go through but send an alert to the logs.BLOCK- Disallow the request. If this is specified,thenBlockResponsemust also be specified.
if
BlockResponseisOVERRIDE, then all of the followingOVERRIDEattributes must be specified:BlockOverrideDnsTypeBlockOverrideDomainBlockOverrideTtl
- Returns:
this
-
blockOverrideDnsType
@Stability(Stable) public CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder blockOverrideDnsType(String blockOverrideDnsType) - Parameters:
blockOverrideDnsType- The DNS record's type. This determines the format of the record value that you provided inBlockOverrideDomain. Used for the rule actionBLOCKwith aBlockResponsesetting ofOVERRIDE.- Returns:
this
-
blockOverrideDomain
@Stability(Stable) public CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder blockOverrideDomain(String blockOverrideDomain) - Parameters:
blockOverrideDomain- The custom DNS record to send back in response to the query. Used for the rule actionBLOCKwith aBlockResponsesetting ofOVERRIDE.- Returns:
this
-
blockOverrideTtl
@Stability(Stable) public CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder blockOverrideTtl(Number blockOverrideTtl) - Parameters:
blockOverrideTtl- The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule actionBLOCKwith aBlockResponsesetting ofOVERRIDE.- Returns:
this
-
blockResponse
@Stability(Stable) public CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder blockResponse(String blockResponse) Sets the value ofCfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.getBlockResponse()- Parameters:
blockResponse- The way that you want DNS Firewall to block the request. Used for the rule action settingBLOCK.NODATA- Respond indicating that the query was successful, but no response is available for it.NXDOMAIN- Respond indicating that the domain name that's in the query doesn't exist.OVERRIDE- Provide a custom override in the response. This option requires custom handling details in the rule'sBlockOverride*settings.
- Returns:
this
-
confidenceThreshold
@Stability(Stable) public CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder confidenceThreshold(String confidenceThreshold) - Parameters:
confidenceThreshold- The confidence threshold for DNS Firewall Advanced. You must provide this value when you create a DNS Firewall Advanced rule. The confidence level values mean:LOW: Provides the highest detection rate for threats, but also increases false positives.MEDIUM: Provides a balance between detecting threats and false positives.HIGH: Detects only the most well corroborated threats with a low rate of false positives.
- Returns:
this
-
dnsThreatProtection
@Stability(Stable) public CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder dnsThreatProtection(String dnsThreatProtection) - Parameters:
dnsThreatProtection- The type of the DNS Firewall Advanced rule. Valid values are:.DGA: Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains to to launch malware attacks.DNS_TUNNELING: DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without making a network connection to the client.
- Returns:
this
-
firewallDomainListId
@Stability(Stable) public CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder firewallDomainListId(String firewallDomainListId) - Parameters:
firewallDomainListId- The ID of the domain list that's used in the rule.- Returns:
this
-
firewallDomainListId
@Stability(Stable) public CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder firewallDomainListId(IFirewallDomainListRef firewallDomainListId) - Parameters:
firewallDomainListId- The ID of the domain list that's used in the rule.- Returns:
this
-
firewallDomainRedirectionAction
@Stability(Stable) public CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder firewallDomainRedirectionAction(String firewallDomainRedirectionAction) Sets the value ofCfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.getFirewallDomainRedirectionAction()- Parameters:
firewallDomainRedirectionAction- How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, or DNAME.Inspect_Redirection_Domain(Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be added to the domain list.Trust_Redirection_Domaininspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to the domain list.- Returns:
this
-
firewallThreatProtectionId
@Stability(Stable) public CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder firewallThreatProtectionId(String firewallThreatProtectionId) Sets the value ofCfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.getFirewallThreatProtectionId()- Parameters:
firewallThreatProtectionId- ID of the DNS Firewall Advanced rule.- Returns:
this
-
priority
@Stability(Stable) public CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder priority(Number priority) Sets the value ofCfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.getPriority()- Parameters:
priority- The priority of the rule in the rule group. This value must be unique within the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.- Returns:
this
-
qtype
@Stability(Stable) public CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.Builder qtype(String qtype) Sets the value ofCfnFirewallRuleGroupPropsMixin.FirewallRuleProperty.getQtype()- Parameters:
qtype- The DNS query type you want the rule to evaluate. Allowed values are;.- A: Returns an IPv4 address.
- AAAA: Returns an Ipv6 address.
- CAA: Restricts CAs that can create SSL/TLS certifications for the domain.
- CNAME: Returns another domain name.
- DS: Record that identifies the DNSSEC signing key of a delegated zone.
- MX: Specifies mail servers.
- NAPTR: Regular-expression-based rewriting of domain names.
- NS: Authoritative name servers.
- PTR: Maps an IP address to a domain name.
- SOA: Start of authority record for the zone.
- SPF: Lists the servers authorized to send emails from a domain.
- SRV: Application specific values that identify servers.
- TXT: Verifies email senders and application-specific values.
- A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPE NUMBER , where the NUMBER can be 1-65334, for example, TYPE28. For more information, see List of DNS record types .
- Returns:
this
-
build
Builds the configured instance.- Specified by:
buildin interfacesoftware.amazon.jsii.Builder<CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty>- Returns:
- a new instance of
CfnFirewallRuleGroupPropsMixin.FirewallRuleProperty - Throws:
NullPointerException- if any required attribute was not provided
-