AWS Native v0.102.0, Apr 16 24

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.102.0 published on Tuesday, Apr 16, 2024 by Pulumi

pulumi/pulumi-aws-native

aws-native.networkfirewall.RuleGroup

Explore with Pulumi AI

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.102.0 published on Tuesday, Apr 16, 2024 by Pulumi

pulumi/pulumi-aws-native

Create RuleGroup Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new RuleGroup(name: string, args: RuleGroupArgs, opts?: CustomResourceOptions);

@overload
def RuleGroup(resource_name: str,
              args: RuleGroupInitArgs,
              opts: Optional[ResourceOptions] = None)

@overload
def RuleGroup(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              capacity: Optional[int] = None,
              type: Optional[RuleGroupTypeEnum] = None,
              description: Optional[str] = None,
              rule_group: Optional[RuleGroupArgs] = None,
              rule_group_name: Optional[str] = None,
              tags: Optional[Sequence[_root_inputs.TagArgs]] = None)

func NewRuleGroup(ctx *Context, name string, args RuleGroupArgs, opts ...ResourceOption) (*RuleGroup, error)

public RuleGroup(string name, RuleGroupArgs args, CustomResourceOptions? opts = null)

public RuleGroup(String name, RuleGroupArgs args)
public RuleGroup(String name, RuleGroupArgs args, CustomResourceOptions options)

type: aws-native:networkfirewall:RuleGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args RuleGroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args RuleGroupInitArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args RuleGroupArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args RuleGroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args RuleGroupArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Example

The following reference example uses placeholder values for all input properties.

Coming soon!

Coming soon!

Coming soon!

Coming soon!

const ruleGroupResource = new aws_native.networkfirewall.RuleGroup("ruleGroupResource", {
    capacity: 0,
    type: aws_native.networkfirewall.RuleGroupTypeEnum.Stateless,
    description: "string",
    ruleGroup: {
        rulesSource: {
            rulesSourceList: {
                generatedRulesType: aws_native.networkfirewall.RuleGroupGeneratedRulesType.Allowlist,
                targetTypes: [aws_native.networkfirewall.RuleGroupTargetType.TlsSni],
                targets: ["string"],
            },
            rulesString: "string",
            statefulRules: [{
                action: aws_native.networkfirewall.RuleGroupStatefulRuleAction.Pass,
                header: {
                    destination: "string",
                    destinationPort: "string",
                    direction: aws_native.networkfirewall.RuleGroupHeaderDirection.Forward,
                    protocol: aws_native.networkfirewall.RuleGroupHeaderProtocol.Ip,
                    source: "string",
                    sourcePort: "string",
                },
                ruleOptions: [{
                    keyword: "string",
                    settings: ["string"],
                }],
            }],
            statelessRulesAndCustomActions: {
                statelessRules: [{
                    priority: 0,
                    ruleDefinition: {
                        actions: ["string"],
                        matchAttributes: {
                            destinationPorts: [{
                                fromPort: 0,
                                toPort: 0,
                            }],
                            destinations: [{
                                addressDefinition: "string",
                            }],
                            protocols: [0],
                            sourcePorts: [{
                                fromPort: 0,
                                toPort: 0,
                            }],
                            sources: [{
                                addressDefinition: "string",
                            }],
                            tcpFlags: [{
                                flags: [aws_native.networkfirewall.RuleGroupTcpFlag.Fin],
                                masks: [aws_native.networkfirewall.RuleGroupTcpFlag.Fin],
                            }],
                        },
                    },
                }],
                customActions: [{
                    actionDefinition: {
                        publishMetricAction: {
                            dimensions: [{
                                value: "string",
                            }],
                        },
                    },
                    actionName: "string",
                }],
            },
        },
        referenceSets: {
            ipSetReferences: {
                string: {
                    referenceArn: "string",
                },
            },
        },
        ruleVariables: {
            ipSets: {
                string: {
                    definition: ["string"],
                },
            },
            portSets: {
                string: {
                    definition: ["string"],
                },
            },
        },
        statefulRuleOptions: {
            ruleOrder: aws_native.networkfirewall.RuleGroupRuleOrder.DefaultActionOrder,
        },
    },
    ruleGroupName: "string",
    tags: [{
        key: "string",
        value: "string",
    }],
});

Coming soon!

RuleGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The RuleGroup resource accepts the following input properties:

Capacity int
Type Pulumi.AwsNative.NetworkFirewall.RuleGroupTypeEnum
Description string
RuleGroupName string
RuleGroupValue Pulumi.AwsNative.NetworkFirewall.Inputs.RuleGroup
Tags List<Pulumi.AwsNative.Inputs.Tag>

Capacity int
Type RuleGroupTypeEnum
Description string
RuleGroup RuleGroupTypeArgs
RuleGroupName string
Tags TagArgs

capacity Integer
type RuleGroupTypeEnum
description String
ruleGroup RuleGroup
ruleGroupName String
tags List<Tag>

capacity number
type RuleGroupTypeEnum
description string
ruleGroup RuleGroup
ruleGroupName string
tags Tag[]

capacity int
type RuleGroupTypeEnum
description str
rule_group RuleGroupArgs
rule_group_name str
tags Sequence[TagArgs]

capacity Number
type "STATELESS" | "STATEFUL"
description String
ruleGroup Property Map
ruleGroupName String
tags List<Property Map>

Outputs

All input properties are implicitly available as output properties. Additionally, the RuleGroup resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
RuleGroupArn string
RuleGroupId string

Id string: The provider-assigned unique ID for this managed resource.
RuleGroupArn string
RuleGroupId string

id String: The provider-assigned unique ID for this managed resource.
ruleGroupArn String
ruleGroupId String

id string: The provider-assigned unique ID for this managed resource.
ruleGroupArn string
ruleGroupId string

id str: The provider-assigned unique ID for this managed resource.
rule_group_arn str
rule_group_id str

id String: The provider-assigned unique ID for this managed resource.
ruleGroupArn String
ruleGroupId String

Supporting Types

RuleGroupDimension, RuleGroupDimensionArgs

Value string

Value string

value String

value string

value str

value String

RuleGroupGeneratedRulesType, RuleGroupGeneratedRulesTypeArgs

Allowlist: ALLOWLIST
Denylist: DENYLIST

RuleGroupGeneratedRulesTypeAllowlist: ALLOWLIST
RuleGroupGeneratedRulesTypeDenylist: DENYLIST

Allowlist: ALLOWLIST
Denylist: DENYLIST

Allowlist: ALLOWLIST
Denylist: DENYLIST

ALLOWLIST: ALLOWLIST
DENYLIST: DENYLIST

"ALLOWLIST": ALLOWLIST
"DENYLIST": DENYLIST

RuleGroupHeader, RuleGroupHeaderArgs

Destination string
DestinationPort string
Direction Pulumi.AwsNative.NetworkFirewall.RuleGroupHeaderDirection
Protocol Pulumi.AwsNative.NetworkFirewall.RuleGroupHeaderProtocol
Source string
SourcePort string

Destination string
DestinationPort string
Direction RuleGroupHeaderDirection
Protocol RuleGroupHeaderProtocol
Source string
SourcePort string

destination String
destinationPort String
direction RuleGroupHeaderDirection
protocol RuleGroupHeaderProtocol
source String
sourcePort String

destination string
destinationPort string
direction RuleGroupHeaderDirection
protocol RuleGroupHeaderProtocol
source string
sourcePort string

destination str
destination_port str
direction RuleGroupHeaderDirection
protocol RuleGroupHeaderProtocol
source str
source_port str

destination String
destinationPort String
direction "FORWARD" | "ANY"
protocol "IP" | "TCP" | "UDP" | "ICMP" | "HTTP" | "FTP" | "TLS" | "SMB" | "DNS" | "DCERPC" | "SSH" | "SMTP" | "IMAP" | "MSN" | "KRB5" | "IKEV2" | "TFTP" | "NTP" | "DHCP"
source String
sourcePort String

RuleGroupHeaderDirection, RuleGroupHeaderDirectionArgs

Forward: FORWARD
Any: ANY

RuleGroupHeaderDirectionForward: FORWARD
RuleGroupHeaderDirectionAny: ANY

Forward: FORWARD
Any: ANY

Forward: FORWARD
Any: ANY

FORWARD: FORWARD
ANY: ANY

"FORWARD": FORWARD
"ANY": ANY

RuleGroupHeaderProtocol, RuleGroupHeaderProtocolArgs

Ip: IP
Tcp: TCP
Udp: UDP
Icmp: ICMP
Http: HTTP
Ftp: FTP
Tls: TLS
Smb: SMB
Dns: DNS
Dcerpc: DCERPC
Ssh: SSH
Smtp: SMTP
Imap: IMAP
Msn: MSN
Krb5: KRB5
Ikev2: IKEV2
Tftp: TFTP
Ntp: NTP
Dhcp: DHCP

RuleGroupHeaderProtocolIp: IP
RuleGroupHeaderProtocolTcp: TCP
RuleGroupHeaderProtocolUdp: UDP
RuleGroupHeaderProtocolIcmp: ICMP
RuleGroupHeaderProtocolHttp: HTTP
RuleGroupHeaderProtocolFtp: FTP
RuleGroupHeaderProtocolTls: TLS
RuleGroupHeaderProtocolSmb: SMB
RuleGroupHeaderProtocolDns: DNS
RuleGroupHeaderProtocolDcerpc: DCERPC
RuleGroupHeaderProtocolSsh: SSH
RuleGroupHeaderProtocolSmtp: SMTP
RuleGroupHeaderProtocolImap: IMAP
RuleGroupHeaderProtocolMsn: MSN
RuleGroupHeaderProtocolKrb5: KRB5
RuleGroupHeaderProtocolIkev2: IKEV2
RuleGroupHeaderProtocolTftp: TFTP
RuleGroupHeaderProtocolNtp: NTP
RuleGroupHeaderProtocolDhcp: DHCP

Ip: IP
Tcp: TCP
Udp: UDP
Icmp: ICMP
Http: HTTP
Ftp: FTP
Tls: TLS
Smb: SMB
Dns: DNS
Dcerpc: DCERPC
Ssh: SSH
Smtp: SMTP
Imap: IMAP
Msn: MSN
Krb5: KRB5
Ikev2: IKEV2
Tftp: TFTP
Ntp: NTP
Dhcp: DHCP

Ip: IP
Tcp: TCP
Udp: UDP
Icmp: ICMP
Http: HTTP
Ftp: FTP
Tls: TLS
Smb: SMB
Dns: DNS
Dcerpc: DCERPC
Ssh: SSH
Smtp: SMTP
Imap: IMAP
Msn: MSN
Krb5: KRB5
Ikev2: IKEV2
Tftp: TFTP
Ntp: NTP
Dhcp: DHCP

IP: IP
TCP: TCP
UDP: UDP
ICMP: ICMP
HTTP: HTTP
FTP: FTP
TLS: TLS
SMB: SMB
DNS: DNS
DCERPC: DCERPC
SSH: SSH
SMTP: SMTP
IMAP: IMAP
MSN: MSN
KRB5: KRB5
IKEV2: IKEV2
TFTP: TFTP
NTP: NTP
DHCP: DHCP

"IP": IP
"TCP": TCP
"UDP": UDP
"ICMP": ICMP
"HTTP": HTTP
"FTP": FTP
"TLS": TLS
"SMB": SMB
"DNS": DNS
"DCERPC": DCERPC
"SSH": SSH
"SMTP": SMTP
"IMAP": IMAP
"MSN": MSN
"KRB5": KRB5
"IKEV2": IKEV2
"TFTP": TFTP
"NTP": NTP
"DHCP": DHCP

RuleGroupIpSet, RuleGroupIpSetArgs

Definition List<string>

Definition []string

definition List<String>

definition string[]

definition Sequence[str]

definition List<String>

RuleGroupIpSetReference, RuleGroupIpSetReferenceArgs

ReferenceArn string

ReferenceArn string

referenceArn String

referenceArn string

reference_arn str

referenceArn String

RuleGroupMatchAttributes, RuleGroupMatchAttributesArgs

DestinationPorts List<Pulumi.AwsNative.NetworkFirewall.Inputs.RuleGroupPortRange>
Destinations List<Pulumi.AwsNative.NetworkFirewall.Inputs.RuleGroupAddress>
Protocols List<int>
SourcePorts List<Pulumi.AwsNative.NetworkFirewall.Inputs.RuleGroupPortRange>
Sources List<Pulumi.AwsNative.NetworkFirewall.Inputs.RuleGroupAddress>
TcpFlags List<Pulumi.AwsNative.NetworkFirewall.Inputs.RuleGroupTcpFlagField>

DestinationPorts []RuleGroupPortRange
Destinations []RuleGroupAddress
Protocols []int
SourcePorts []RuleGroupPortRange
Sources []RuleGroupAddress
TcpFlags []RuleGroupTcpFlagField

destinationPorts List<RuleGroupPortRange>
destinations List<RuleGroupAddress>
protocols List<Integer>
sourcePorts List<RuleGroupPortRange>
sources List<RuleGroupAddress>
tcpFlags List<RuleGroupTcpFlagField>

destinationPorts RuleGroupPortRange[]
destinations RuleGroupAddress[]
protocols number[]
sourcePorts RuleGroupPortRange[]
sources RuleGroupAddress[]
tcpFlags RuleGroupTcpFlagField[]

destination_ports Sequence[RuleGroupPortRange]
destinations Sequence[RuleGroupAddress]
protocols Sequence[int]
source_ports Sequence[RuleGroupPortRange]
sources Sequence[RuleGroupAddress]
tcp_flags Sequence[RuleGroupTcpFlagField]

destinationPorts List<Property Map>
destinations List<Property Map>
protocols List<Number>
sourcePorts List<Property Map>
sources List<Property Map>
tcpFlags List<Property Map>

RuleGroupPortRange, RuleGroupPortRangeArgs

FromPort int
ToPort int

FromPort int
ToPort int

fromPort Integer
toPort Integer

fromPort number
toPort number

from_port int
to_port int

fromPort Number
toPort Number

RuleGroupPortSet, RuleGroupPortSetArgs

Definition List<string>

Definition []string

definition List<String>

definition string[]

definition Sequence[str]

definition List<String>

RuleGroupPublishMetricAction, RuleGroupPublishMetricActionArgs

Dimensions List<Pulumi.AwsNative.NetworkFirewall.Inputs.RuleGroupDimension>

Dimensions []RuleGroupDimension

dimensions List<RuleGroupDimension>

dimensions RuleGroupDimension[]

dimensions Sequence[RuleGroupDimension]

dimensions List<Property Map>

RuleGroupReferenceSets, RuleGroupReferenceSetsArgs

IpSetReferences Dictionary<string, Pulumi.AwsNative.NetworkFirewall.Inputs.RuleGroupIpSetReference>

IpSetReferences map[string]RuleGroupIpSetReference

ipSetReferences Map<String,RuleGroupIpSetReference>

ipSetReferences {[key: string]: RuleGroupIpSetReference}

ip_set_references Mapping[str, RuleGroupIpSetReference]

ipSetReferences Map<Property Map>

RuleGroupRuleDefinition, RuleGroupRuleDefinitionArgs

Actions List<string>
MatchAttributes Pulumi.AwsNative.NetworkFirewall.Inputs.RuleGroupMatchAttributes

Actions []string
MatchAttributes RuleGroupMatchAttributes

actions List<String>
matchAttributes RuleGroupMatchAttributes

actions string[]
matchAttributes RuleGroupMatchAttributes

actions Sequence[str]
match_attributes RuleGroupMatchAttributes

actions List<String>
matchAttributes Property Map

RuleGroupRuleOption, RuleGroupRuleOptionArgs

Keyword string
Settings List<string>

Keyword string
Settings []string

keyword String
settings List<String>

keyword string
settings string[]

keyword str
settings Sequence[str]

keyword String
settings List<String>

RuleGroupRuleOrder, RuleGroupRuleOrderArgs

DefaultActionOrder: DEFAULT_ACTION_ORDER
StrictOrder: STRICT_ORDER

RuleGroupRuleOrderDefaultActionOrder: DEFAULT_ACTION_ORDER
RuleGroupRuleOrderStrictOrder: STRICT_ORDER

DefaultActionOrder: DEFAULT_ACTION_ORDER
StrictOrder: STRICT_ORDER

DefaultActionOrder: DEFAULT_ACTION_ORDER
StrictOrder: STRICT_ORDER

DEFAULT_ACTION_ORDER: DEFAULT_ACTION_ORDER
STRICT_ORDER: STRICT_ORDER

"DEFAULT_ACTION_ORDER": DEFAULT_ACTION_ORDER
"STRICT_ORDER": STRICT_ORDER

RuleGroupRuleVariables, RuleGroupRuleVariablesArgs

IpSets Dictionary<string, Pulumi.AwsNative.NetworkFirewall.Inputs.RuleGroupIpSet>
PortSets Dictionary<string, Pulumi.AwsNative.NetworkFirewall.Inputs.RuleGroupPortSet>