Class CfnFirewallPolicy
java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.networkfirewall.CfnFirewallPolicy
- All Implemented Interfaces:
IInspectable,ITaggable,software.amazon.jsii.JsiiSerializable,software.constructs.IConstruct,software.constructs.IDependable
@Generated(value="jsii-pacmak/1.113.0 (build fc68b25)",
date="2025-09-02T11:25:36.379Z")
@Stability(Stable)
public class CfnFirewallPolicy
extends CfnResource
implements IInspectable, ITaggable
Use the firewall policy to define the stateless and stateful network traffic filtering behavior for your firewall.
You can use one firewall policy for multiple firewalls.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.networkfirewall.*;
CfnFirewallPolicy cfnFirewallPolicy = CfnFirewallPolicy.Builder.create(this, "MyCfnFirewallPolicy")
.firewallPolicy(FirewallPolicyProperty.builder()
.statelessDefaultActions(List.of("statelessDefaultActions"))
.statelessFragmentDefaultActions(List.of("statelessFragmentDefaultActions"))
// the properties below are optional
.policyVariables(PolicyVariablesProperty.builder()
.ruleVariables(Map.of(
"ruleVariablesKey", Map.of(
"definition", List.of("definition"))))
.build())
.statefulDefaultActions(List.of("statefulDefaultActions"))
.statefulEngineOptions(StatefulEngineOptionsProperty.builder()
.flowTimeouts(FlowTimeoutsProperty.builder()
.tcpIdleTimeoutSeconds(123)
.build())
.ruleOrder("ruleOrder")
.streamExceptionPolicy("streamExceptionPolicy")
.build())
.statefulRuleGroupReferences(List.of(StatefulRuleGroupReferenceProperty.builder()
.resourceArn("resourceArn")
// the properties below are optional
.deepThreatInspection(false)
.override(StatefulRuleGroupOverrideProperty.builder()
.action("action")
.build())
.priority(123)
.build()))
.statelessCustomActions(List.of(CustomActionProperty.builder()
.actionDefinition(ActionDefinitionProperty.builder()
.publishMetricAction(PublishMetricActionProperty.builder()
.dimensions(List.of(DimensionProperty.builder()
.value("value")
.build()))
.build())
.build())
.actionName("actionName")
.build()))
.statelessRuleGroupReferences(List.of(StatelessRuleGroupReferenceProperty.builder()
.priority(123)
.resourceArn("resourceArn")
.build()))
.tlsInspectionConfigurationArn("tlsInspectionConfigurationArn")
.build())
.firewallPolicyName("firewallPolicyName")
// the properties below are optional
.description("description")
.tags(List.of(CfnTag.builder()
.key("key")
.value("value")
.build()))
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceA custom action to use in stateless rule actions settings.static final classA fluent builder forCfnFirewallPolicy.static interfaceAn optional, non-standard action to use for stateless packet handling.static interfaceThe value to use in an Amazon CloudWatch custom metric dimension.static interfaceThe traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings.static interfaceDescribes the amount of time that can pass without any traffic sent through the firewall before the firewall determines that the connection is idle and Network Firewall removes the flow entry from its flow table.static interfaceA list of IP addresses and address ranges, in CIDR notation.static interfaceContains variables that you can use to override default Suricata settings in your firewall policy.static interfaceStateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet.static interfaceConfiguration settings for the handling of the stateful rule groups in a firewall policy.static interfaceThe setting that allows the policy owner to change the behavior of the rule group within a policy.static interfaceIdentifier for a single stateful rule group, used in a firewall policy to refer to a rule group.static interfaceIdentifier for a single stateless rule group, used in a firewall policy to refer to the rule group.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationModeNested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$DefaultNested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$ProxyNested classes/interfaces inherited from interface software.amazon.awscdk.ITaggable
ITaggable.Jsii$Default, ITaggable.Jsii$Proxy -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe CloudFormation resource type name for this resource class. -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedCfnFirewallPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protectedCfnFirewallPolicy(software.amazon.jsii.JsiiObjectRef objRef) CfnFirewallPolicy(software.constructs.Construct scope, String id, CfnFirewallPolicyProps props) -
Method Summary
Modifier and TypeMethodDescriptionThe Amazon Resource Name (ARN) of the firewall policy.The unique ID of the firewall policy resource.A description of the firewall policy.The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings.The descriptive name of the firewall policy.getTags()Tag Manager which manages the tags for this resource.An array of key-value pairs to apply to this resource.voidinspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties(Map<String, Object> props) voidsetDescription(String value) A description of the firewall policy.voidsetFirewallPolicy(IResolvable value) The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings.voidThe traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings.voidsetFirewallPolicyName(String value) The descriptive name of the firewall policy.voidsetTagsRaw(List<CfnTag> value) An array of key-value pairs to apply to this resource.Methods inherited from class software.amazon.awscdk.CfnResource
addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validatePropertiesMethods inherited from class software.amazon.awscdk.CfnRefElement
getRefMethods inherited from class software.amazon.awscdk.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalIdMethods inherited from class software.constructs.Construct
getNode, isConstructMethods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSetMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnFirewallPolicy
protected CfnFirewallPolicy(software.amazon.jsii.JsiiObjectRef objRef) -
CfnFirewallPolicy
protected CfnFirewallPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnFirewallPolicy
@Stability(Stable) public CfnFirewallPolicy(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnFirewallPolicyProps props) - Parameters:
scope- Scope in which this resource is defined. This parameter is required.id- Construct identifier for this resource (unique in its scope). This parameter is required.props- Resource properties. This parameter is required.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspectin interfaceIInspectable- Parameters:
inspector- tree inspector to collect and process attributes. This parameter is required.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderPropertiesin classCfnResource- Parameters:
props- This parameter is required.
-
getAttrFirewallPolicyArn
The Amazon Resource Name (ARN) of the firewall policy. -
getAttrFirewallPolicyId
The unique ID of the firewall policy resource. -
getCfnProperties
- Overrides:
getCfnPropertiesin classCfnResource
-
getTags
Tag Manager which manages the tags for this resource. -
getFirewallPolicy
The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings. -
setFirewallPolicy
The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings. -
setFirewallPolicy
@Stability(Stable) public void setFirewallPolicy(@NotNull CfnFirewallPolicy.FirewallPolicyProperty value) The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings. -
getFirewallPolicyName
The descriptive name of the firewall policy. -
setFirewallPolicyName
The descriptive name of the firewall policy. -
getDescription
A description of the firewall policy. -
setDescription
A description of the firewall policy. -
getTagsRaw
An array of key-value pairs to apply to this resource. -
setTagsRaw
An array of key-value pairs to apply to this resource.
-