All Superinterfaces:: software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:: CfnRuleGroup.RuleGroupProperty.Jsii$Proxy

Enclosing class:: CfnRuleGroup

@Stability(Stable) public static interface CfnRuleGroup.RuleGroupProperty extends software.amazon.jsii.JsiiSerializable

The object that defines the rules in a rule group.

AWS Network Firewall uses a rule group to inspect and control network traffic. You define stateless rule groups to inspect individual packets and you define stateful rule groups to inspect packets in the context of their traffic flow.

To use a rule group, you include it by reference in an Network Firewall firewall policy, then you use the policy in a firewall. You can reference a rule group from more than one firewall policy, and you can use a firewall policy in more than one firewall.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.networkfirewall.*;
 RuleGroupProperty ruleGroupProperty = RuleGroupProperty.builder()
         .rulesSource(RulesSourceProperty.builder()
                 .rulesSourceList(RulesSourceListProperty.builder()
                         .generatedRulesType("generatedRulesType")
                         .targets(List.of("targets"))
                         .targetTypes(List.of("targetTypes"))
                         .build())
                 .rulesString("rulesString")
                 .statefulRules(List.of(StatefulRuleProperty.builder()
                         .action("action")
                         .header(HeaderProperty.builder()
                                 .destination("destination")
                                 .destinationPort("destinationPort")
                                 .direction("direction")
                                 .protocol("protocol")
                                 .source("source")
                                 .sourcePort("sourcePort")
                                 .build())
                         .ruleOptions(List.of(RuleOptionProperty.builder()
                                 .keyword("keyword")
                                 // the properties below are optional
                                 .settings(List.of("settings"))
                                 .build()))
                         .build()))
                 .statelessRulesAndCustomActions(StatelessRulesAndCustomActionsProperty.builder()
                         .statelessRules(List.of(StatelessRuleProperty.builder()
                                 .priority(123)
                                 .ruleDefinition(RuleDefinitionProperty.builder()
                                         .actions(List.of("actions"))
                                         .matchAttributes(MatchAttributesProperty.builder()
                                                 .destinationPorts(List.of(PortRangeProperty.builder()
                                                         .fromPort(123)
                                                         .toPort(123)
                                                         .build()))
                                                 .destinations(List.of(AddressProperty.builder()
                                                         .addressDefinition("addressDefinition")
                                                         .build()))
                                                 .protocols(List.of(123))
                                                 .sourcePorts(List.of(PortRangeProperty.builder()
                                                         .fromPort(123)
                                                         .toPort(123)
                                                         .build()))
                                                 .sources(List.of(AddressProperty.builder()
                                                         .addressDefinition("addressDefinition")
                                                         .build()))
                                                 .tcpFlags(List.of(TCPFlagFieldProperty.builder()
                                                         .flags(List.of("flags"))
                                                         // the properties below are optional
                                                         .masks(List.of("masks"))
                                                         .build()))
                                                 .build())
                                         .build())
                                 .build()))
                         // the properties below are optional
                         .customActions(List.of(CustomActionProperty.builder()
                                 .actionDefinition(ActionDefinitionProperty.builder()
                                         .publishMetricAction(PublishMetricActionProperty.builder()
                                                 .dimensions(List.of(DimensionProperty.builder()
                                                         .value("value")
                                                         .build()))
                                                 .build())
                                         .build())
                                 .actionName("actionName")
                                 .build()))
                         .build())
                 .build())
         // the properties below are optional
         .referenceSets(ReferenceSetsProperty.builder()
                 .ipSetReferences(Map.of(
                         "ipSetReferencesKey", Map.of(
                                 "referenceArn", "referenceArn")))
                 .build())
         .ruleVariables(RuleVariablesProperty.builder()
                 .ipSets(Map.of(
                         "ipSetsKey", Map.of(
                                 "definition", List.of("definition"))))
                 .portSets(Map.of(
                         "portSetsKey", PortSetProperty.builder()
                                 .definition(List.of("definition"))
                                 .build()))
                 .build())
         .statefulRuleOptions(StatefulRuleOptionsProperty.builder()
                 .ruleOrder("ruleOrder")
                 .build())
         .build();

See Also:

Nested Class Summary

Nested Classes

Modifier and Type

Interface

Description

static final class

CfnRuleGroup.RuleGroupProperty.Builder

A builder for CfnRuleGroup.RuleGroupProperty

static final class

CfnRuleGroup.RuleGroupProperty.Jsii$Proxy

An implementation for CfnRuleGroup.RuleGroupProperty
Method Summary

Modifier and Type

Method

Description

static CfnRuleGroup.RuleGroupProperty.Builder

builder()

default Object

getReferenceSets()

The reference sets for the stateful rule group.

Object

getRulesSource()

The stateful rules or stateless rules for the rule group.

default Object

getRuleVariables()

Settings that are available for use in the rules in the rule group.

default Object

getStatefulRuleOptions()

Additional options governing how Network Firewall handles stateful rules.

Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson

Method Details
- getRulesSource
  
  @Stability(Stable) @NotNull Object getRulesSource()
  
  The stateful rules or stateless rules for the rule group.
  Returns union: either IResolvable or CfnRuleGroup.RulesSourceProperty
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulegroup.html#cfn-networkfirewall-rulegroup-rulegroup-rulessource
- getReferenceSets
  
  @Stability(Stable) @Nullable default Object getReferenceSets()
  
  The reference sets for the stateful rule group.
  Returns union: either IResolvable or CfnRuleGroup.ReferenceSetsProperty
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulegroup.html#cfn-networkfirewall-rulegroup-rulegroup-referencesets
- getRuleVariables
  
  @Stability(Stable) @Nullable default Object getRuleVariables()
  
  Settings that are available for use in the rules in the rule group.
  You can only use these for stateful rule groups.
  Returns union: either IResolvable or CfnRuleGroup.RuleVariablesProperty
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulegroup.html#cfn-networkfirewall-rulegroup-rulegroup-rulevariables
- getStatefulRuleOptions
  
  @Stability(Stable) @Nullable default Object getStatefulRuleOptions()
  
  Additional options governing how Network Firewall handles stateful rules.
  The policies where you use your stateful rule group must have stateful rule options settings that are compatible with these settings. Some limitations apply; for more information, see Strict evaluation order in the AWS Network Firewall Developer Guide .
  Returns union: either IResolvable or CfnRuleGroup.StatefulRuleOptionsProperty
  See Also:
  
  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulegroup.html#cfn-networkfirewall-rulegroup-rulegroup-statefulruleoptions
- builder
  
  @Stability(Stable) static CfnRuleGroup.RuleGroupProperty.Builder builder()
  
  Returns:
  
  a CfnRuleGroup.RuleGroupProperty.Builder of CfnRuleGroup.RuleGroupProperty

Interface CfnRuleGroup.RuleGroupProperty

Nested Class Summary

Method Summary

Methods inherited from interface software.amazon.jsii.JsiiSerializable

Method Details

getRulesSource

getReferenceSets

getRuleVariables

getStatefulRuleOptions

builder