Package software.amazon.awscdk.services.networkfirewall

Class CfnFirewallPolicy.FirewallPolicyProperty.Jsii$Proxy

java.lang.Object

software.amazon.jsii.JsiiObject

software.amazon.awscdk.services.networkfirewall.CfnFirewallPolicy.FirewallPolicyProperty.Jsii$Proxy

All Implemented Interfaces:

CfnFirewallPolicy.FirewallPolicyProperty, software.amazon.jsii.JsiiSerializable

Enclosing interface:

CfnFirewallPolicy.FirewallPolicyProperty

@Stability(Stable)
@Internal
public static final class CfnFirewallPolicy.FirewallPolicyProperty.Jsii$Proxy
extends software.amazon.jsii.JsiiObject
implements CfnFirewallPolicy.FirewallPolicyProperty

An implementation for CfnFirewallPolicy.FirewallPolicyProperty

Nested Class Summary

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.networkfirewall.CfnFirewallPolicy.FirewallPolicyProperty

CfnFirewallPolicy.FirewallPolicyProperty.Builder, CfnFirewallPolicy.FirewallPolicyProperty.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	Jsii$Proxy(CfnFirewallPolicy.FirewallPolicyProperty.Builder builder)	Constructor that initializes the object based on literal property values passed by the CfnFirewallPolicy.FirewallPolicyProperty.Builder.
protected	Jsii$Proxy(software.amazon.jsii.JsiiObjectRef objRef)	Constructor that initializes the object based on values retrieved from the JsiiObject.

Method Summary

Modifier and Type	Method	Description
com.fasterxml.jackson.databind.JsonNode	$jsii$toJson()
final boolean	equals(Object o)
final Object	getEnableTlsSessionHolding()	When true, prevents TCP and TLS packets from reaching destination servers until TLS Inspection has evaluated Server Name Indication (SNI) rules.
final Object	getPolicyVariables()	Contains variables that you can use to override default Suricata settings in your firewall policy.
final List<String>	getStatefulDefaultActions()	The default actions to take on a packet that doesn't match any stateful rules.
final Object	getStatefulEngineOptions()	Additional options governing how Network Firewall handles stateful rules.
final Object	getStatefulRuleGroupReferences()	References to the stateful rule groups that are used in the policy.
final Object	getStatelessCustomActions()	The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting.
final List<String>	getStatelessDefaultActions()	The actions to take on a packet if it doesn't match any of the stateless rules in the policy.
final List<String>	getStatelessFragmentDefaultActions()	The actions to take on a fragmented packet if it doesn't match any of the stateless rules in the policy.
final Object	getStatelessRuleGroupReferences()	References to the stateless rule groups that are used in the policy.
final String	getTlsInspectionConfigurationArn()	The Amazon Resource Name (ARN) of the TLS inspection configuration.
final int	hashCode()

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Constructor Details

Jsii$Proxy

protected Jsii$Proxy(software.amazon.jsii.JsiiObjectRef objRef)

Constructor that initializes the object based on values retrieved from the JsiiObject.

Parameters:

objRef - Reference to the JSII managed object.

Jsii$Proxy

protected Jsii$Proxy(CfnFirewallPolicy.FirewallPolicyProperty.Builder builder)

Constructor that initializes the object based on literal property values passed by the CfnFirewallPolicy.FirewallPolicyProperty.Builder.

Method Details

getStatelessDefaultActions

public final List<String> getStatelessDefaultActions()

Description copied from interface: CfnFirewallPolicy.FirewallPolicyProperty

The actions to take on a packet if it doesn't match any of the stateless rules in the policy.

If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe .

You must specify one of the standard actions: aws:pass , aws:drop , or aws:forward_to_sfe . In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”] . For information about compatibility, see the custom action descriptions.

Specified by:

getStatelessDefaultActions in interface CfnFirewallPolicy.FirewallPolicyProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-firewallpolicy.html#cfn-networkfirewall-firewallpolicy-firewallpolicy-statelessdefaultactions

getStatelessFragmentDefaultActions

public final List<String> getStatelessFragmentDefaultActions()

Description copied from interface: CfnFirewallPolicy.FirewallPolicyProperty

The actions to take on a fragmented packet if it doesn't match any of the stateless rules in the policy.

If you want non-matching fragmented packets to be forwarded for stateful inspection, specify aws:forward_to_sfe .

You must specify one of the standard actions: aws:pass , aws:drop , or aws:forward_to_sfe . In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”] . For information about compatibility, see the custom action descriptions.

Specified by:

getStatelessFragmentDefaultActions in interface CfnFirewallPolicy.FirewallPolicyProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-firewallpolicy.html#cfn-networkfirewall-firewallpolicy-firewallpolicy-statelessfragmentdefaultactions

getEnableTlsSessionHolding

public final Object getEnableTlsSessionHolding()

Description copied from interface: CfnFirewallPolicy.FirewallPolicyProperty

When true, prevents TCP and TLS packets from reaching destination servers until TLS Inspection has evaluated Server Name Indication (SNI) rules.

Requires an associated TLS Inspection configuration.

Returns union: either Boolean or IResolvable

Specified by:

getEnableTlsSessionHolding in interface CfnFirewallPolicy.FirewallPolicyProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-firewallpolicy.html#cfn-networkfirewall-firewallpolicy-firewallpolicy-enabletlssessionholding

getPolicyVariables

public final Object getPolicyVariables()

Description copied from interface: CfnFirewallPolicy.FirewallPolicyProperty

Contains variables that you can use to override default Suricata settings in your firewall policy.

Returns union: either IResolvable or CfnFirewallPolicy.PolicyVariablesProperty

Specified by:

getPolicyVariables in interface CfnFirewallPolicy.FirewallPolicyProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-firewallpolicy.html#cfn-networkfirewall-firewallpolicy-firewallpolicy-policyvariables

getStatefulDefaultActions

public final List<String> getStatefulDefaultActions()

Description copied from interface: CfnFirewallPolicy.FirewallPolicyProperty

The default actions to take on a packet that doesn't match any stateful rules.

The stateful default action is optional, and is only valid when using the strict rule order.

Valid values of the stateful default action:

• aws:drop_strict
• aws:drop_established
• aws:alert_strict
• aws:alert_established

For more information, see Strict evaluation order in the AWS Network Firewall Developer Guide .

Specified by:

getStatefulDefaultActions in interface CfnFirewallPolicy.FirewallPolicyProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-firewallpolicy.html#cfn-networkfirewall-firewallpolicy-firewallpolicy-statefuldefaultactions

getStatefulEngineOptions

public final Object getStatefulEngineOptions()

Description copied from interface: CfnFirewallPolicy.FirewallPolicyProperty

Additional options governing how Network Firewall handles stateful rules.

The stateful rule groups that you use in your policy must have stateful rule options settings that are compatible with these settings.

Returns union: either IResolvable or CfnFirewallPolicy.StatefulEngineOptionsProperty

Specified by:

getStatefulEngineOptions in interface CfnFirewallPolicy.FirewallPolicyProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-firewallpolicy.html#cfn-networkfirewall-firewallpolicy-firewallpolicy-statefulengineoptions

getStatefulRuleGroupReferences

public final Object getStatefulRuleGroupReferences()

Description copied from interface: CfnFirewallPolicy.FirewallPolicyProperty

References to the stateful rule groups that are used in the policy.

These define the inspection criteria in stateful rules.

Returns union: either IResolvable or Listinvalid input: '<'either IResolvable or CfnFirewallPolicy.StatefulRuleGroupReferenceProperty>

Specified by:

getStatefulRuleGroupReferences in interface CfnFirewallPolicy.FirewallPolicyProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-firewallpolicy.html#cfn-networkfirewall-firewallpolicy-firewallpolicy-statefulrulegroupreferences

getStatelessCustomActions

public final Object getStatelessCustomActions()

Description copied from interface: CfnFirewallPolicy.FirewallPolicyProperty

The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting.

You name each custom action that you define, and then you can use it by name in your default actions specifications.

Returns union: either IResolvable or Listinvalid input: '<'either IResolvable or CfnFirewallPolicy.CustomActionProperty>

Specified by:

getStatelessCustomActions in interface CfnFirewallPolicy.FirewallPolicyProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-firewallpolicy.html#cfn-networkfirewall-firewallpolicy-firewallpolicy-statelesscustomactions

getStatelessRuleGroupReferences

public final Object getStatelessRuleGroupReferences()

Description copied from interface: CfnFirewallPolicy.FirewallPolicyProperty

References to the stateless rule groups that are used in the policy.

These define the matching criteria in stateless rules.

Returns union: either IResolvable or Listinvalid input: '<'either IResolvable or CfnFirewallPolicy.StatelessRuleGroupReferenceProperty>

Specified by:

getStatelessRuleGroupReferences in interface CfnFirewallPolicy.FirewallPolicyProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-firewallpolicy.html#cfn-networkfirewall-firewallpolicy-firewallpolicy-statelessrulegroupreferences

getTlsInspectionConfigurationArn

public final String getTlsInspectionConfigurationArn()

Description copied from interface: CfnFirewallPolicy.FirewallPolicyProperty

The Amazon Resource Name (ARN) of the TLS inspection configuration.

Specified by:

getTlsInspectionConfigurationArn in interface CfnFirewallPolicy.FirewallPolicyProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-firewallpolicy.html#cfn-networkfirewall-firewallpolicy-firewallpolicy-tlsinspectionconfigurationarn

$jsii$toJson

@Internal
public com.fasterxml.jackson.databind.JsonNode $jsii$toJson()

Specified by:

$jsii$toJson in interface software.amazon.jsii.JsiiSerializable

equals

public final boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public final int hashCode()

Overrides:

hashCode in class Object