Skip to content

/AWS1/CL_NWFRULEGROUPRESPONSE

The high-level properties of a rule group. This, along with the RuleGroup, define the rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.

CONSTRUCTOR

IMPORTING

Required arguments:

iv_rulegrouparn TYPE /AWS1/NWFRESOURCEARN /AWS1/NWFRESOURCEARN

The Amazon Resource Name (ARN) of the rule group.

If this response is for a create request that had DryRun set to TRUE, then this ARN is a placeholder that isn't attached to a valid resource.

iv_rulegroupname TYPE /AWS1/NWFRESOURCENAME /AWS1/NWFRESOURCENAME

The descriptive name of the rule group. You can't change the name of a rule group after you create it.

iv_rulegroupid TYPE /AWS1/NWFRESOURCEID /AWS1/NWFRESOURCEID

The unique identifier for the rule group.

Optional arguments:

iv_description TYPE /AWS1/NWFDESCRIPTION /AWS1/NWFDESCRIPTION

A description of the rule group.

iv_type TYPE /AWS1/NWFRULEGROUPTYPE /AWS1/NWFRULEGROUPTYPE

Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.

iv_capacity TYPE /AWS1/NWFRULECAPACITY /AWS1/NWFRULECAPACITY

The maximum operating resources that this rule group can use. Rule group capacity is fixed at creation. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.

You can retrieve the capacity that would be required for a rule group before you create the rule group by calling CreateRuleGroup with DryRun set to TRUE.

iv_rulegroupstatus TYPE /AWS1/NWFRESOURCESTATUS /AWS1/NWFRESOURCESTATUS

Detailed information about the current status of a rule group.

it_tags TYPE /AWS1/CL_NWFTAG=>TT_TAGLIST TT_TAGLIST

The key:value pairs to associate with the resource.

iv_consumedcapacity TYPE /AWS1/NWFRULECAPACITY /AWS1/NWFRULECAPACITY

The number of capacity units currently consumed by the rule group rules.

iv_numberofassociations TYPE /AWS1/NWFNUMBEROFASSOCIATIONS /AWS1/NWFNUMBEROFASSOCIATIONS

The number of firewall policies that use this rule group.

io_encryptionconfiguration TYPE REF TO /AWS1/CL_NWFENCRYPTIONCONF /AWS1/CL_NWFENCRYPTIONCONF

A complex type that contains the Amazon Web Services KMS encryption configuration settings for your rule group.

io_sourcemetadata TYPE REF TO /AWS1/CL_NWFSOURCEMETADATA /AWS1/CL_NWFSOURCEMETADATA

A complex type that contains metadata about the rule group that your own rule group is copied from. You can use the metadata to track the version updates made to the originating rule group.

iv_snstopic TYPE /AWS1/NWFRESOURCEARN /AWS1/NWFRESOURCEARN

The Amazon Resource Name (ARN) of the Amazon Simple Notification Service SNS topic that's used to record changes to the managed rule group. You can subscribe to the SNS topic to receive notifications when the managed rule group is modified, such as for new versions and for version expiration. For more information, see the Amazon Simple Notification Service Developer Guide..

iv_lastmodifiedtime TYPE /AWS1/NWFLASTUPDATETIME /AWS1/NWFLASTUPDATETIME

The last time that the rule group was changed.

it_analysisresults TYPE /AWS1/CL_NWFANALYSISRESULT=>TT_ANALYSISRESULTLIST TT_ANALYSISRESULTLIST

The list of analysis results for AnalyzeRuleGroup. If you set AnalyzeRuleGroup to TRUE in CreateRuleGroup, UpdateRuleGroup, or DescribeRuleGroup, Network Firewall analyzes the rule group and identifies the rules that might adversely effect your firewall's functionality. For example, if Network Firewall detects a rule that's routing traffic asymmetrically, which impacts the service's ability to properly process traffic, the service includes the rule in the list of analysis results.

io_summaryconfiguration TYPE REF TO /AWS1/CL_NWFSUMMARYCONF /AWS1/CL_NWFSUMMARYCONF

A complex type containing the currently selected rule option fields that will be displayed for rule summarization returned by DescribeRuleGroupSummary.

Queryable Attributes

RuleGroupArn

The Amazon Resource Name (ARN) of the rule group.

If this response is for a create request that had DryRun set to TRUE, then this ARN is a placeholder that isn't attached to a valid resource.

Accessible with the following methods

Method Description
GET_RULEGROUPARN() Getter for RULEGROUPARN, with configurable default
ASK_RULEGROUPARN() Getter for RULEGROUPARN w/ exceptions if field has no value
HAS_RULEGROUPARN() Determine if RULEGROUPARN has a value

RuleGroupName

The descriptive name of the rule group. You can't change the name of a rule group after you create it.

Accessible with the following methods

Method Description
GET_RULEGROUPNAME() Getter for RULEGROUPNAME, with configurable default
ASK_RULEGROUPNAME() Getter for RULEGROUPNAME w/ exceptions if field has no value
HAS_RULEGROUPNAME() Determine if RULEGROUPNAME has a value

RuleGroupId

The unique identifier for the rule group.

Accessible with the following methods

Method Description
GET_RULEGROUPID() Getter for RULEGROUPID, with configurable default
ASK_RULEGROUPID() Getter for RULEGROUPID w/ exceptions if field has no value
HAS_RULEGROUPID() Determine if RULEGROUPID has a value

Description

A description of the rule group.

Accessible with the following methods

Method Description
GET_DESCRIPTION() Getter for DESCRIPTION, with configurable default
ASK_DESCRIPTION() Getter for DESCRIPTION w/ exceptions if field has no value
HAS_DESCRIPTION() Determine if DESCRIPTION has a value

Type

Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.

Accessible with the following methods

Method Description
GET_TYPE() Getter for TYPE, with configurable default
ASK_TYPE() Getter for TYPE w/ exceptions if field has no value
HAS_TYPE() Determine if TYPE has a value

Capacity

The maximum operating resources that this rule group can use. Rule group capacity is fixed at creation. When you update a rule group, you are limited to this capacity. When you reference a rule group from a firewall policy, Network Firewall reserves this capacity for the rule group.

You can retrieve the capacity that would be required for a rule group before you create the rule group by calling CreateRuleGroup with DryRun set to TRUE.

Accessible with the following methods

Method Description
GET_CAPACITY() Getter for CAPACITY, with configurable default
ASK_CAPACITY() Getter for CAPACITY w/ exceptions if field has no value
HAS_CAPACITY() Determine if CAPACITY has a value

RuleGroupStatus

Detailed information about the current status of a rule group.

Accessible with the following methods

Method Description
GET_RULEGROUPSTATUS() Getter for RULEGROUPSTATUS, with configurable default
ASK_RULEGROUPSTATUS() Getter for RULEGROUPSTATUS w/ exceptions if field has no val
HAS_RULEGROUPSTATUS() Determine if RULEGROUPSTATUS has a value

Tags

The key:value pairs to associate with the resource.

Accessible with the following methods

Method Description
GET_TAGS() Getter for TAGS, with configurable default
ASK_TAGS() Getter for TAGS w/ exceptions if field has no value
HAS_TAGS() Determine if TAGS has a value

ConsumedCapacity

The number of capacity units currently consumed by the rule group rules.

Accessible with the following methods

Method Description
GET_CONSUMEDCAPACITY() Getter for CONSUMEDCAPACITY, with configurable default
ASK_CONSUMEDCAPACITY() Getter for CONSUMEDCAPACITY w/ exceptions if field has no va
HAS_CONSUMEDCAPACITY() Determine if CONSUMEDCAPACITY has a value

NumberOfAssociations

The number of firewall policies that use this rule group.

Accessible with the following methods

Method Description
GET_NUMBEROFASSOCIATIONS() Getter for NUMBEROFASSOCIATIONS, with configurable default
ASK_NUMBEROFASSOCIATIONS() Getter for NUMBEROFASSOCIATIONS w/ exceptions if field has n
HAS_NUMBEROFASSOCIATIONS() Determine if NUMBEROFASSOCIATIONS has a value

EncryptionConfiguration

A complex type that contains the Amazon Web Services KMS encryption configuration settings for your rule group.

Accessible with the following methods

Method Description
GET_ENCRYPTIONCONFIGURATION() Getter for ENCRYPTIONCONFIGURATION

SourceMetadata

A complex type that contains metadata about the rule group that your own rule group is copied from. You can use the metadata to track the version updates made to the originating rule group.

Accessible with the following methods

Method Description
GET_SOURCEMETADATA() Getter for SOURCEMETADATA

SnsTopic

The Amazon Resource Name (ARN) of the Amazon Simple Notification Service SNS topic that's used to record changes to the managed rule group. You can subscribe to the SNS topic to receive notifications when the managed rule group is modified, such as for new versions and for version expiration. For more information, see the Amazon Simple Notification Service Developer Guide..

Accessible with the following methods

Method Description
GET_SNSTOPIC() Getter for SNSTOPIC, with configurable default
ASK_SNSTOPIC() Getter for SNSTOPIC w/ exceptions if field has no value
HAS_SNSTOPIC() Determine if SNSTOPIC has a value

LastModifiedTime

The last time that the rule group was changed.

Accessible with the following methods

Method Description
GET_LASTMODIFIEDTIME() Getter for LASTMODIFIEDTIME, with configurable default
ASK_LASTMODIFIEDTIME() Getter for LASTMODIFIEDTIME w/ exceptions if field has no va
HAS_LASTMODIFIEDTIME() Determine if LASTMODIFIEDTIME has a value

AnalysisResults

The list of analysis results for AnalyzeRuleGroup. If you set AnalyzeRuleGroup to TRUE in CreateRuleGroup, UpdateRuleGroup, or DescribeRuleGroup, Network Firewall analyzes the rule group and identifies the rules that might adversely effect your firewall's functionality. For example, if Network Firewall detects a rule that's routing traffic asymmetrically, which impacts the service's ability to properly process traffic, the service includes the rule in the list of analysis results.

Accessible with the following methods

Method Description
GET_ANALYSISRESULTS() Getter for ANALYSISRESULTS, with configurable default
ASK_ANALYSISRESULTS() Getter for ANALYSISRESULTS w/ exceptions if field has no val
HAS_ANALYSISRESULTS() Determine if ANALYSISRESULTS has a value

SummaryConfiguration

A complex type containing the currently selected rule option fields that will be displayed for rule summarization returned by DescribeRuleGroupSummary.

Accessible with the following methods

Method Description
GET_SUMMARYCONFIGURATION() Getter for SUMMARYCONFIGURATION