Package software.amazon.awscdk.services.networkfirewall

Class CfnFirewallPolicy

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.CfnElement

software.amazon.awscdk.CfnRefElement

software.amazon.awscdk.CfnResource

software.amazon.awscdk.services.networkfirewall.CfnFirewallPolicy

All Implemented Interfaces:

IInspectable, IEnvironmentAware, IFirewallPolicyRef, ITaggable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.120.0 (build 192dc88)",
           date="2025-12-05T22:26:40.706Z")
@Stability(Stable)
public class CfnFirewallPolicy
extends CfnResource
implements IInspectable, IFirewallPolicyRef, ITaggable

Use the firewall policy to define the stateless and stateful network traffic filtering behavior for your firewall.

You can use one firewall policy for multiple firewalls.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.networkfirewall.*;
 CfnFirewallPolicy cfnFirewallPolicy = CfnFirewallPolicy.Builder.create(this, "MyCfnFirewallPolicy")
         .firewallPolicy(FirewallPolicyProperty.builder()
                 .statelessDefaultActions(List.of("statelessDefaultActions"))
                 .statelessFragmentDefaultActions(List.of("statelessFragmentDefaultActions"))
                 // the properties below are optional
                 .enableTlsSessionHolding(false)
                 .policyVariables(PolicyVariablesProperty.builder()
                         .ruleVariables(Map.of(
                                 "ruleVariablesKey", Map.of(
                                         "definition", List.of("definition"))))
                         .build())
                 .statefulDefaultActions(List.of("statefulDefaultActions"))
                 .statefulEngineOptions(StatefulEngineOptionsProperty.builder()
                         .flowTimeouts(FlowTimeoutsProperty.builder()
                                 .tcpIdleTimeoutSeconds(123)
                                 .build())
                         .ruleOrder("ruleOrder")
                         .streamExceptionPolicy("streamExceptionPolicy")
                         .build())
                 .statefulRuleGroupReferences(List.of(StatefulRuleGroupReferenceProperty.builder()
                         .resourceArn("resourceArn")
                         // the properties below are optional
                         .deepThreatInspection(false)
                         .override(StatefulRuleGroupOverrideProperty.builder()
                                 .action("action")
                                 .build())
                         .priority(123)
                         .build()))
                 .statelessCustomActions(List.of(CustomActionProperty.builder()
                         .actionDefinition(ActionDefinitionProperty.builder()
                                 .publishMetricAction(PublishMetricActionProperty.builder()
                                         .dimensions(List.of(DimensionProperty.builder()
                                                 .value("value")
                                                 .build()))
                                         .build())
                                 .build())
                         .actionName("actionName")
                         .build()))
                 .statelessRuleGroupReferences(List.of(StatelessRuleGroupReferenceProperty.builder()
                         .priority(123)
                         .resourceArn("resourceArn")
                         .build()))
                 .tlsInspectionConfigurationArn("tlsInspectionConfigurationArn")
                 .build())
         .firewallPolicyName("firewallPolicyName")
         // the properties below are optional
         .description("description")
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewallpolicy.html

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	CfnFirewallPolicy.ActionDefinitionProperty	A custom action to use in stateless rule actions settings.
static final class	CfnFirewallPolicy.Builder	A fluent builder for CfnFirewallPolicy.
static interface	CfnFirewallPolicy.CustomActionProperty	An optional, non-standard action to use for stateless packet handling.
static interface	CfnFirewallPolicy.DimensionProperty	The value to use in an Amazon CloudWatch custom metric dimension.
static interface	CfnFirewallPolicy.FirewallPolicyProperty	The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings.
static interface	CfnFirewallPolicy.FlowTimeoutsProperty	Describes the amount of time that can pass without any traffic sent through the firewall before the firewall determines that the connection is idle and Network Firewall removes the flow entry from its flow table.
static interface	CfnFirewallPolicy.IPSetProperty	A list of IP addresses and address ranges, in CIDR notation.
static interface	CfnFirewallPolicy.PolicyVariablesProperty	Contains variables that you can use to override default Suricata settings in your firewall policy.
static interface	CfnFirewallPolicy.PublishMetricActionProperty	Stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet.
static interface	CfnFirewallPolicy.StatefulEngineOptionsProperty	Configuration settings for the handling of the stateful rule groups in a firewall policy.
static interface	CfnFirewallPolicy.StatefulRuleGroupOverrideProperty	The setting that allows the policy owner to change the behavior of the rule group within a policy.
static interface	CfnFirewallPolicy.StatefulRuleGroupReferenceProperty	Identifier for a single stateful rule group, used in a firewall policy to refer to a rule group.
static interface	CfnFirewallPolicy.StatelessRuleGroupReferenceProperty	Identifier for a single stateless rule group, used in a firewall policy to refer to the rule group.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.interfaces.networkfirewall.IFirewallPolicyRef

IFirewallPolicyRef.Jsii$Default, IFirewallPolicyRef.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.ITaggable

ITaggable.Jsii$Default, ITaggable.Jsii$Proxy

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CFN_RESOURCE_TYPE_NAME	The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	CfnFirewallPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnFirewallPolicy(software.amazon.jsii.JsiiObjectRef objRef)
	CfnFirewallPolicy(software.constructs.Construct scope, String id, CfnFirewallPolicyProps props)	Create a new AWS::NetworkFirewall::FirewallPolicy.

Method Summary

Modifier and Type	Method	Description
static String	arnForFirewallPolicy(IFirewallPolicyRef resource)
String	getAttrFirewallPolicyArn()	The Amazon Resource Name (ARN) of the firewall policy.
String	getAttrFirewallPolicyId()	The unique ID of the firewall policy resource.
protected Map<String,Object>	getCfnProperties()
String	getDescription()	A description of the firewall policy.
Object	getFirewallPolicy()	The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings.
String	getFirewallPolicyName()	The descriptive name of the firewall policy.
FirewallPolicyReference	getFirewallPolicyRef()	A reference to a FirewallPolicy resource.
TagManager	getTags()	Tag Manager which manages the tags for this resource.
List<CfnTag>	getTagsRaw()	An array of key-value pairs to apply to this resource.
void	inspect(TreeInspector inspector)	Examines the CloudFormation resource and discloses attributes.
static Boolean	isCfnFirewallPolicy(Object x)	Checks whether the given object is a CfnFirewallPolicy.
protected Map<String,Object>	renderProperties(Map<String,Object> props)
void	setDescription(String value)	A description of the firewall policy.
void	setFirewallPolicy(IResolvable value)	The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings.
void	setFirewallPolicy(CfnFirewallPolicy.FirewallPolicyProperty value)	The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings.
void	setFirewallPolicyName(String value)	The descriptive name of the firewall policy.
void	setTagsRaw(List<CfnTag> value)	An array of key-value pairs to apply to this resource.

Methods inherited from class software.amazon.awscdk.CfnResource

addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getEnv, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.constructs.Construct

getNode, isConstruct

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.constructs.IConstruct

getNode

Methods inherited from interface software.amazon.awscdk.interfaces.IEnvironmentAware

getEnv

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Details

CFN_RESOURCE_TYPE_NAME

@Stability(Stable)
public static final String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Details

CfnFirewallPolicy

protected CfnFirewallPolicy(software.amazon.jsii.JsiiObjectRef objRef)

CfnFirewallPolicy

protected CfnFirewallPolicy(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnFirewallPolicy

@Stability(Stable)
public CfnFirewallPolicy(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 CfnFirewallPolicyProps props)

Create a new AWS::NetworkFirewall::FirewallPolicy.

Parameters:

scope - Scope in which this resource is defined. This parameter is required.

id - Construct identifier for this resource (unique in its scope). This parameter is required.

props - Resource properties. This parameter is required.

Method Details

arnForFirewallPolicy

@Stability(Stable)
@NotNull
public static String arnForFirewallPolicy(@NotNull
 IFirewallPolicyRef resource)

Parameters:

resource - This parameter is required.

isCfnFirewallPolicy

@Stability(Stable)
@NotNull
public static Boolean isCfnFirewallPolicy(@NotNull
 Object x)

Checks whether the given object is a CfnFirewallPolicy.

Parameters:

x - This parameter is required.

inspect

@Stability(Stable)
public void inspect(@NotNull
 TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - tree inspector to collect and process attributes. This parameter is required.

renderProperties

@Stability(Stable)
@NotNull
protected Map<String,Object> renderProperties(@NotNull
 Map<String,Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrFirewallPolicyArn

@Stability(Stable)
@NotNull
public String getAttrFirewallPolicyArn()

The Amazon Resource Name (ARN) of the firewall policy.

getAttrFirewallPolicyId

@Stability(Stable)
@NotNull
public String getAttrFirewallPolicyId()

The unique ID of the firewall policy resource.

getCfnProperties

@Stability(Stable)
@NotNull
protected Map<String,Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getFirewallPolicyRef

@Stability(Stable)
@NotNull
public FirewallPolicyReference getFirewallPolicyRef()

A reference to a FirewallPolicy resource.

Specified by:

getFirewallPolicyRef in interface IFirewallPolicyRef

getTags

@Stability(Stable)
@NotNull
public TagManager getTags()

Tag Manager which manages the tags for this resource.

Specified by:

getTags in interface ITaggable

getFirewallPolicy

@Stability(Stable)
@NotNull
public Object getFirewallPolicy()

The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings.

Returns union: either IResolvable or CfnFirewallPolicy.FirewallPolicyProperty

setFirewallPolicy

@Stability(Stable)
public void setFirewallPolicy(@NotNull
 IResolvable value)

The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings.

setFirewallPolicy

@Stability(Stable)
public void setFirewallPolicy(@NotNull
 CfnFirewallPolicy.FirewallPolicyProperty value)

The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings.

getFirewallPolicyName

@Stability(Stable)
@NotNull
public String getFirewallPolicyName()

The descriptive name of the firewall policy.

setFirewallPolicyName

@Stability(Stable)
public void setFirewallPolicyName(@NotNull
 String value)

The descriptive name of the firewall policy.

getDescription

@Stability(Stable)
@Nullable
public String getDescription()

A description of the firewall policy.

setDescription

@Stability(Stable)
public void setDescription(@Nullable
 String value)

A description of the firewall policy.

getTagsRaw

@Stability(Stable)
@Nullable
public List<CfnTag> getTagsRaw()

An array of key-value pairs to apply to this resource.

setTagsRaw

@Stability(Stable)
public void setTagsRaw(@Nullable
 List<CfnTag> value)

An array of key-value pairs to apply to this resource.