This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::EC2::TrafficMirrorFilterRule Creates a Traffic Mirror filter rule. A Traffic Mirror rule defines the Traffic Mirror source traffic to mirror. You need the Traffic Mirror filter ID when you create the rule. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::EC2::TrafficMirrorFilterRule", "Properties" : { "[Description](#cfn-ec2-trafficmirrorfilterrule-description)" : String, "[DestinationCidrBlock](#cfn-ec2-trafficmirrorfilterrule-destinationcidrblock)" : String, "[DestinationPortRange](#cfn-ec2-trafficmirrorfilterrule-destinationportrange)" : TrafficMirrorPortRange, "[Protocol](#cfn-ec2-trafficmirrorfilterrule-protocol)" : Integer, "[RuleAction](#cfn-ec2-trafficmirrorfilterrule-ruleaction)" : String, "[RuleNumber](#cfn-ec2-trafficmirrorfilterrule-rulenumber)" : Integer, "[SourceCidrBlock](#cfn-ec2-trafficmirrorfilterrule-sourcecidrblock)" : String, "[SourcePortRange](#cfn-ec2-trafficmirrorfilterrule-sourceportrange)" : TrafficMirrorPortRange, "[Tags](#cfn-ec2-trafficmirrorfilterrule-tags)" : [ Tag, ... ], "[TrafficDirection](#cfn-ec2-trafficmirrorfilterrule-trafficdirection)" : String, "[TrafficMirrorFilterId](#cfn-ec2-trafficmirrorfilterrule-trafficmirrorfilterid)" : String } } ``` ### YAML ``` Type: AWS::EC2::TrafficMirrorFilterRule Properties: [Description](#cfn-ec2-trafficmirrorfilterrule-description): String [DestinationCidrBlock](#cfn-ec2-trafficmirrorfilterrule-destinationcidrblock): String [DestinationPortRange](#cfn-ec2-trafficmirrorfilterrule-destinationportrange): TrafficMirrorPortRange [Protocol](#cfn-ec2-trafficmirrorfilterrule-protocol): Integer [RuleAction](#cfn-ec2-trafficmirrorfilterrule-ruleaction): String [RuleNumber](#cfn-ec2-trafficmirrorfilterrule-rulenumber): Integer [SourceCidrBlock](#cfn-ec2-trafficmirrorfilterrule-sourcecidrblock): String [SourcePortRange](#cfn-ec2-trafficmirrorfilterrule-sourceportrange): TrafficMirrorPortRange [Tags](#cfn-ec2-trafficmirrorfilterrule-tags): - Tag [TrafficDirection](#cfn-ec2-trafficmirrorfilterrule-trafficdirection): String [TrafficMirrorFilterId](#cfn-ec2-trafficmirrorfilterrule-trafficmirrorfilterid): String ``` ## Properties `Description` The description of the Traffic Mirror rule. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DestinationCidrBlock` The destination CIDR block to assign to the Traffic Mirror rule. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `DestinationPortRange` The destination port range. *Required*: No *Type*: [TrafficMirrorPortRange](aws-properties-ec2-trafficmirrorfilterrule-trafficmirrorportrange.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Protocol` The protocol, for example UDP, to assign to the Traffic Mirror rule. For information about the protocol value, see [Protocol Numbers](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) on the Internet Assigned Numbers Authority (IANA) website. *Required*: No *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RuleAction` The action to take on the filtered traffic. *Required*: Yes *Type*: String *Allowed values*: `accept | reject` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `RuleNumber` The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number. *Required*: Yes *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SourceCidrBlock` The source CIDR block to assign to the Traffic Mirror rule. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SourcePortRange` The source port range. *Required*: No *Type*: [TrafficMirrorPortRange](aws-properties-ec2-trafficmirrorfilterrule-trafficmirrorportrange.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` Tags on Traffic Mirroring filter rules. *Required*: No *Type*: Array of [Tag](aws-properties-ec2-trafficmirrorfilterrule-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TrafficDirection` The type of traffic. *Required*: Yes *Type*: String *Allowed values*: `ingress | egress` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `TrafficMirrorFilterId` The ID of the filter that this rule is associated with. *Required*: Yes *Type*: String *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the ID of the Traffic Mirror filter rule. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt #### `TrafficMirrorFilterRuleId` The ID of the Traffic Mirror rule. ## Examples ### Create a traffic mirror filter rule for inbound UDP traffic This is a filter rule for UDP traffic. #### JSON ``` { "SampleTrafficMirrorFilterRule": { "Type": "AWS::EC2::TrafficMirrorFilterRule", "Properties": { "Description": "Example traffic mirror filter rule", "TrafficMirrorFilterId": "tmf-04812ff784EXAMPLE", "TrafficDirection": "ingress", "RuleNumber": 10, "DestinationCidrBlock": "10.0.0.0/16", "SourceCidrBlock": "10.0.0.0/16", "RuleAction": "accept", "Protocol": 17, "SourcePortRange": { "FromPort": 10, "ToPort": 50 }, "DestinationPortRange": { "FromPort": 50, "ToPort": 100 } } } } ``` #### YAML ``` SampleTrafficMirrorFilterRule: Type: "AWS::EC2::TrafficMirrorFilterRule" Properties: Description: "Example traffic mirror filter rule" TrafficMirrorFilterId: "tmf-04812ff784EXAMPLE" TrafficDirection: "ingress" RuleNumber: 10 DestinationCidrBlock: "10.0.0.0/16" SourceCidrBlock: "10.0.0.0/16" RuleAction: "accept" Protocol: 17 SourcePortRange: FromPort: 10 ToPort: 50 DestinationPortRange: FromPort: 50 ToPort: 100 ``` ## See also + [Traffic mirror filters and filter rules](https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-filters.html) in *Traffic Mirroring* + [CreateTrafficMirrorFilterRule](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilterRule.html) in the *Amazon EC2 API Reference* # AWS::EC2::TrafficMirrorFilterRule Tag Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-ec2-trafficmirrorfilterrule-tag-key)" : String, "[Value](#cfn-ec2-trafficmirrorfilterrule-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-ec2-trafficmirrorfilterrule-tag-key): String [Value](#cfn-ec2-trafficmirrorfilterrule-tag-value): String ``` ## Properties `Key` The tag key. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag value. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Examples ### This example specifies two tags for the Traffic Mirror filter rule. #### JSON ``` "Tags" : [ { "Key" : "key1", "Value" : "value1" }, { "Key" : "key2", "Value" : "value2" } ] ``` #### YAML ``` Tags: - Key: "key1" Value: "value1" - Key: "key2" Value: "value2" ``` # AWS::EC2::TrafficMirrorFilterRule TrafficMirrorPortRange Describes the Traffic Mirror port range. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[FromPort](#cfn-ec2-trafficmirrorfilterrule-trafficmirrorportrange-fromport)" : Integer, "[ToPort](#cfn-ec2-trafficmirrorfilterrule-trafficmirrorportrange-toport)" : Integer } ``` ### YAML ``` [FromPort](#cfn-ec2-trafficmirrorfilterrule-trafficmirrorportrange-fromport): Integer [ToPort](#cfn-ec2-trafficmirrorfilterrule-trafficmirrorportrange-toport): Integer ``` ## Properties `FromPort` The start of the Traffic Mirror port range. This applies to the TCP and UDP protocols. *Required*: Yes *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `ToPort` The end of the Traffic Mirror port range. This applies to the TCP and UDP protocols. *Required*: Yes *Type*: Integer *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)