TrafficMirrorFilterRule

Provides an Traffic mirror filter rule.
Read limits and considerations for traffic mirroring

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var filter = new Aws.Ec2.TrafficMirrorFilter("filter", new Aws.Ec2.TrafficMirrorFilterArgs
        {
            Description = "traffic mirror filter - example",
            NetworkServices = 
            {
                "amazon-dns",
            },
        });
        var ruleout = new Aws.Ec2.TrafficMirrorFilterRule("ruleout", new Aws.Ec2.TrafficMirrorFilterRuleArgs
        {
            Description = "test rule",
            TrafficMirrorFilterId = filter.Id,
            DestinationCidrBlock = "10.0.0.0/8",
            SourceCidrBlock = "10.0.0.0/8",
            RuleNumber = 1,
            RuleAction = "accept",
            TrafficDirection = "egress",
        });
        var rulein = new Aws.Ec2.TrafficMirrorFilterRule("rulein", new Aws.Ec2.TrafficMirrorFilterRuleArgs
        {
            Description = "test rule",
            TrafficMirrorFilterId = filter.Id,
            DestinationCidrBlock = "10.0.0.0/8",
            SourceCidrBlock = "10.0.0.0/8",
            RuleNumber = 1,
            RuleAction = "accept",
            TrafficDirection = "ingress",
            Protocol = 6,
            DestinationPortRange = new Aws.Ec2.Inputs.TrafficMirrorFilterRuleDestinationPortRangeArgs
            {
                FromPort = 22,
                ToPort = 53,
            },
            SourcePortRange = new Aws.Ec2.Inputs.TrafficMirrorFilterRuleSourcePortRangeArgs
            {
                FromPort = 0,
                ToPort = 10,
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		filter, err := ec2.NewTrafficMirrorFilter(ctx, "filter", &ec2.TrafficMirrorFilterArgs{
			Description: pulumi.String("traffic mirror filter - example"),
			NetworkServices: pulumi.StringArray{
				pulumi.String("amazon-dns"),
			},
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewTrafficMirrorFilterRule(ctx, "ruleout", &ec2.TrafficMirrorFilterRuleArgs{
			Description:           pulumi.String("test rule"),
			TrafficMirrorFilterId: filter.ID(),
			DestinationCidrBlock:  pulumi.String("10.0.0.0/8"),
			SourceCidrBlock:       pulumi.String("10.0.0.0/8"),
			RuleNumber:            pulumi.Int(1),
			RuleAction:            pulumi.String("accept"),
			TrafficDirection:      pulumi.String("egress"),
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewTrafficMirrorFilterRule(ctx, "rulein", &ec2.TrafficMirrorFilterRuleArgs{
			Description:           pulumi.String("test rule"),
			TrafficMirrorFilterId: filter.ID(),
			DestinationCidrBlock:  pulumi.String("10.0.0.0/8"),
			SourceCidrBlock:       pulumi.String("10.0.0.0/8"),
			RuleNumber:            pulumi.Int(1),
			RuleAction:            pulumi.String("accept"),
			TrafficDirection:      pulumi.String("ingress"),
			Protocol:              pulumi.Int(6),
			DestinationPortRange: &ec2.TrafficMirrorFilterRuleDestinationPortRangeArgs{
				FromPort: pulumi.Int(22),
				ToPort:   pulumi.Int(53),
			},
			SourcePortRange: &ec2.TrafficMirrorFilterRuleSourcePortRangeArgs{
				FromPort: pulumi.Int(0),
				ToPort:   pulumi.Int(10),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

filter = aws.ec2.TrafficMirrorFilter("filter",
    description="traffic mirror filter - example",
    network_services=["amazon-dns"])
ruleout = aws.ec2.TrafficMirrorFilterRule("ruleout",
    description="test rule",
    traffic_mirror_filter_id=filter.id,
    destination_cidr_block="10.0.0.0/8",
    source_cidr_block="10.0.0.0/8",
    rule_number=1,
    rule_action="accept",
    traffic_direction="egress")
rulein = aws.ec2.TrafficMirrorFilterRule("rulein",
    description="test rule",
    traffic_mirror_filter_id=filter.id,
    destination_cidr_block="10.0.0.0/8",
    source_cidr_block="10.0.0.0/8",
    rule_number=1,
    rule_action="accept",
    traffic_direction="ingress",
    protocol=6,
    destination_port_range=aws.ec2.TrafficMirrorFilterRuleDestinationPortRangeArgs(
        from_port=22,
        to_port=53,
    ),
    source_port_range=aws.ec2.TrafficMirrorFilterRuleSourcePortRangeArgs(
        from_port=0,
        to_port=10,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const filter = new aws.ec2.TrafficMirrorFilter("filter", {
    description: "traffic mirror filter - example",
    networkServices: ["amazon-dns"],
});
const ruleout = new aws.ec2.TrafficMirrorFilterRule("ruleout", {
    description: "test rule",
    trafficMirrorFilterId: filter.id,
    destinationCidrBlock: "10.0.0.0/8",
    sourceCidrBlock: "10.0.0.0/8",
    ruleNumber: 1,
    ruleAction: "accept",
    trafficDirection: "egress",
});
const rulein = new aws.ec2.TrafficMirrorFilterRule("rulein", {
    description: "test rule",
    trafficMirrorFilterId: filter.id,
    destinationCidrBlock: "10.0.0.0/8",
    sourceCidrBlock: "10.0.0.0/8",
    ruleNumber: 1,
    ruleAction: "accept",
    trafficDirection: "ingress",
    protocol: 6,
    destinationPortRange: {
        fromPort: 22,
        toPort: 53,
    },
    sourcePortRange: {
        fromPort: 0,
        toPort: 10,
    },
});

Create a TrafficMirrorFilterRule Resource

new TrafficMirrorFilterRule(name: string, args: TrafficMirrorFilterRuleArgs, opts?: CustomResourceOptions);
@overload
def TrafficMirrorFilterRule(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            description: Optional[str] = None,
                            destination_cidr_block: Optional[str] = None,
                            destination_port_range: Optional[TrafficMirrorFilterRuleDestinationPortRangeArgs] = None,
                            protocol: Optional[int] = None,
                            rule_action: Optional[str] = None,
                            rule_number: Optional[int] = None,
                            source_cidr_block: Optional[str] = None,
                            source_port_range: Optional[TrafficMirrorFilterRuleSourcePortRangeArgs] = None,
                            traffic_direction: Optional[str] = None,
                            traffic_mirror_filter_id: Optional[str] = None)
@overload
def TrafficMirrorFilterRule(resource_name: str,
                            args: TrafficMirrorFilterRuleArgs,
                            opts: Optional[ResourceOptions] = None)
func NewTrafficMirrorFilterRule(ctx *Context, name string, args TrafficMirrorFilterRuleArgs, opts ...ResourceOption) (*TrafficMirrorFilterRule, error)
public TrafficMirrorFilterRule(string name, TrafficMirrorFilterRuleArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args TrafficMirrorFilterRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args TrafficMirrorFilterRuleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args TrafficMirrorFilterRuleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args TrafficMirrorFilterRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

TrafficMirrorFilterRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The TrafficMirrorFilterRule resource accepts the following input properties:

DestinationCidrBlock string
Destination CIDR block to assign to the Traffic Mirror rule.
RuleAction string
Action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
RuleNumber int
Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
SourceCidrBlock string
Source CIDR block to assign to the Traffic Mirror rule.
TrafficDirection string
Direction of traffic to be captured. Valid values are ingress and egress
TrafficMirrorFilterId string
ID of the traffic mirror filter to which this rule should be added
Description string
Description of the traffic mirror filter rule.
DestinationPortRange TrafficMirrorFilterRuleDestinationPortRangeArgs
Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
Protocol int
Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
SourcePortRange TrafficMirrorFilterRuleSourcePortRangeArgs
Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
DestinationCidrBlock string
Destination CIDR block to assign to the Traffic Mirror rule.
RuleAction string
Action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
RuleNumber int
Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
SourceCidrBlock string
Source CIDR block to assign to the Traffic Mirror rule.
TrafficDirection string
Direction of traffic to be captured. Valid values are ingress and egress
TrafficMirrorFilterId string
ID of the traffic mirror filter to which this rule should be added
Description string
Description of the traffic mirror filter rule.
DestinationPortRange TrafficMirrorFilterRuleDestinationPortRange
Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
Protocol int
Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
SourcePortRange TrafficMirrorFilterRuleSourcePortRange
Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
destinationCidrBlock string
Destination CIDR block to assign to the Traffic Mirror rule.
ruleAction string
Action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
ruleNumber number
Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
sourceCidrBlock string
Source CIDR block to assign to the Traffic Mirror rule.
trafficDirection string
Direction of traffic to be captured. Valid values are ingress and egress
trafficMirrorFilterId string
ID of the traffic mirror filter to which this rule should be added
description string
Description of the traffic mirror filter rule.
destinationPortRange TrafficMirrorFilterRuleDestinationPortRangeArgs
Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
protocol number
Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
sourcePortRange TrafficMirrorFilterRuleSourcePortRangeArgs
Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
destination_cidr_block str
Destination CIDR block to assign to the Traffic Mirror rule.
rule_action str
Action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
rule_number int
Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
source_cidr_block str
Source CIDR block to assign to the Traffic Mirror rule.
traffic_direction str
Direction of traffic to be captured. Valid values are ingress and egress
traffic_mirror_filter_id str
ID of the traffic mirror filter to which this rule should be added
description str
Description of the traffic mirror filter rule.
destination_port_range TrafficMirrorFilterRuleDestinationPortRangeArgs
Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
protocol int
Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
source_port_range TrafficMirrorFilterRuleSourcePortRangeArgs
Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below

Outputs

All input properties are implicitly available as output properties. Additionally, the TrafficMirrorFilterRule resource produces the following output properties:

Arn string
ARN of the traffic mirror filter rule.
Id string
The provider-assigned unique ID for this managed resource.
Arn string
ARN of the traffic mirror filter rule.
Id string
The provider-assigned unique ID for this managed resource.
arn string
ARN of the traffic mirror filter rule.
id string
The provider-assigned unique ID for this managed resource.
arn str
ARN of the traffic mirror filter rule.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing TrafficMirrorFilterRule Resource

Get an existing TrafficMirrorFilterRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: TrafficMirrorFilterRuleState, opts?: CustomResourceOptions): TrafficMirrorFilterRule
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        description: Optional[str] = None,
        destination_cidr_block: Optional[str] = None,
        destination_port_range: Optional[TrafficMirrorFilterRuleDestinationPortRangeArgs] = None,
        protocol: Optional[int] = None,
        rule_action: Optional[str] = None,
        rule_number: Optional[int] = None,
        source_cidr_block: Optional[str] = None,
        source_port_range: Optional[TrafficMirrorFilterRuleSourcePortRangeArgs] = None,
        traffic_direction: Optional[str] = None,
        traffic_mirror_filter_id: Optional[str] = None) -> TrafficMirrorFilterRule
func GetTrafficMirrorFilterRule(ctx *Context, name string, id IDInput, state *TrafficMirrorFilterRuleState, opts ...ResourceOption) (*TrafficMirrorFilterRule, error)
public static TrafficMirrorFilterRule Get(string name, Input<string> id, TrafficMirrorFilterRuleState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string
ARN of the traffic mirror filter rule.
Description string
Description of the traffic mirror filter rule.
DestinationCidrBlock string
Destination CIDR block to assign to the Traffic Mirror rule.
DestinationPortRange TrafficMirrorFilterRuleDestinationPortRangeArgs
Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
Protocol int
Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
RuleAction string
Action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
RuleNumber int
Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
SourceCidrBlock string
Source CIDR block to assign to the Traffic Mirror rule.
SourcePortRange TrafficMirrorFilterRuleSourcePortRangeArgs
Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
TrafficDirection string
Direction of traffic to be captured. Valid values are ingress and egress
TrafficMirrorFilterId string
ID of the traffic mirror filter to which this rule should be added
Arn string
ARN of the traffic mirror filter rule.
Description string
Description of the traffic mirror filter rule.
DestinationCidrBlock string
Destination CIDR block to assign to the Traffic Mirror rule.
DestinationPortRange TrafficMirrorFilterRuleDestinationPortRange
Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
Protocol int
Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
RuleAction string
Action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
RuleNumber int
Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
SourceCidrBlock string
Source CIDR block to assign to the Traffic Mirror rule.
SourcePortRange TrafficMirrorFilterRuleSourcePortRange
Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
TrafficDirection string
Direction of traffic to be captured. Valid values are ingress and egress
TrafficMirrorFilterId string
ID of the traffic mirror filter to which this rule should be added
arn string
ARN of the traffic mirror filter rule.
description string
Description of the traffic mirror filter rule.
destinationCidrBlock string
Destination CIDR block to assign to the Traffic Mirror rule.
destinationPortRange TrafficMirrorFilterRuleDestinationPortRangeArgs
Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
protocol number
Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
ruleAction string
Action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
ruleNumber number
Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
sourceCidrBlock string
Source CIDR block to assign to the Traffic Mirror rule.
sourcePortRange TrafficMirrorFilterRuleSourcePortRangeArgs
Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
trafficDirection string
Direction of traffic to be captured. Valid values are ingress and egress
trafficMirrorFilterId string
ID of the traffic mirror filter to which this rule should be added
arn str
ARN of the traffic mirror filter rule.
description str
Description of the traffic mirror filter rule.
destination_cidr_block str
Destination CIDR block to assign to the Traffic Mirror rule.
destination_port_range TrafficMirrorFilterRuleDestinationPortRangeArgs
Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
protocol int
Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
rule_action str
Action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
rule_number int
Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
source_cidr_block str
Source CIDR block to assign to the Traffic Mirror rule.
source_port_range TrafficMirrorFilterRuleSourcePortRangeArgs
Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
traffic_direction str
Direction of traffic to be captured. Valid values are ingress and egress
traffic_mirror_filter_id str
ID of the traffic mirror filter to which this rule should be added

Supporting Types

TrafficMirrorFilterRuleDestinationPortRange

FromPort int
Starting port of the range
ToPort int
Ending port of the range
FromPort int
Starting port of the range
ToPort int
Ending port of the range
fromPort number
Starting port of the range
toPort number
Ending port of the range
from_port int
Starting port of the range
to_port int
Ending port of the range

TrafficMirrorFilterRuleSourcePortRange

FromPort int
Starting port of the range
ToPort int
Ending port of the range
FromPort int
Starting port of the range
ToPort int
Ending port of the range
fromPort number
Starting port of the range
toPort number
Ending port of the range
from_port int
Starting port of the range
to_port int
Ending port of the range

Import

Traffic mirror rules can be imported using the traffic_mirror_filter_id and id separated by : e.g.

 $ pulumi import aws:ec2/trafficMirrorFilterRule:TrafficMirrorFilterRule rule tmf-0fbb93ddf38198f64:tmfr-05a458f06445d0aee

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.