AWS Native is in preview. AWS Classic is fully supported.
aws-native.networkfirewall.RuleGroup
Explore with Pulumi AI
AWS Native is in preview. AWS Classic is fully supported.
Resource type definition for AWS::NetworkFirewall::RuleGroup
Create RuleGroup Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RuleGroup(name: string, args: RuleGroupArgs, opts?: CustomResourceOptions);
@overload
def RuleGroup(resource_name: str,
args: RuleGroupInitArgs,
opts: Optional[ResourceOptions] = None)
@overload
def RuleGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
capacity: Optional[int] = None,
type: Optional[RuleGroupTypeEnum] = None,
description: Optional[str] = None,
rule_group: Optional[RuleGroupArgs] = None,
rule_group_name: Optional[str] = None,
tags: Optional[Sequence[_root_inputs.TagArgs]] = None)
func NewRuleGroup(ctx *Context, name string, args RuleGroupArgs, opts ...ResourceOption) (*RuleGroup, error)
public RuleGroup(string name, RuleGroupArgs args, CustomResourceOptions? opts = null)
public RuleGroup(String name, RuleGroupArgs args)
public RuleGroup(String name, RuleGroupArgs args, CustomResourceOptions options)
type: aws-native:networkfirewall:RuleGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RuleGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RuleGroupInitArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RuleGroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RuleGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RuleGroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
Coming soon!
Coming soon!
Coming soon!
Coming soon!
const ruleGroupResource = new aws_native.networkfirewall.RuleGroup("ruleGroupResource", {
capacity: 0,
type: aws_native.networkfirewall.RuleGroupTypeEnum.Stateless,
description: "string",
ruleGroup: {
rulesSource: {
rulesSourceList: {
generatedRulesType: aws_native.networkfirewall.RuleGroupGeneratedRulesType.Allowlist,
targetTypes: [aws_native.networkfirewall.RuleGroupTargetType.TlsSni],
targets: ["string"],
},
rulesString: "string",
statefulRules: [{
action: aws_native.networkfirewall.RuleGroupStatefulRuleAction.Pass,
header: {
destination: "string",
destinationPort: "string",
direction: aws_native.networkfirewall.RuleGroupHeaderDirection.Forward,
protocol: aws_native.networkfirewall.RuleGroupHeaderProtocol.Ip,
source: "string",
sourcePort: "string",
},
ruleOptions: [{
keyword: "string",
settings: ["string"],
}],
}],
statelessRulesAndCustomActions: {
statelessRules: [{
priority: 0,
ruleDefinition: {
actions: ["string"],
matchAttributes: {
destinationPorts: [{
fromPort: 0,
toPort: 0,
}],
destinations: [{
addressDefinition: "string",
}],
protocols: [0],
sourcePorts: [{
fromPort: 0,
toPort: 0,
}],
sources: [{
addressDefinition: "string",
}],
tcpFlags: [{
flags: [aws_native.networkfirewall.RuleGroupTcpFlag.Fin],
masks: [aws_native.networkfirewall.RuleGroupTcpFlag.Fin],
}],
},
},
}],
customActions: [{
actionDefinition: {
publishMetricAction: {
dimensions: [{
value: "string",
}],
},
},
actionName: "string",
}],
},
},
referenceSets: {
ipSetReferences: {
string: {
referenceArn: "string",
},
},
},
ruleVariables: {
ipSets: {
string: {
definition: ["string"],
},
},
portSets: {
string: {
definition: ["string"],
},
},
},
statefulRuleOptions: {
ruleOrder: aws_native.networkfirewall.RuleGroupRuleOrder.DefaultActionOrder,
},
},
ruleGroupName: "string",
tags: [{
key: "string",
value: "string",
}],
});
Coming soon!
RuleGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The RuleGroup resource accepts the following input properties:
- capacity Integer
- type
Rule
Group Type Enum - description String
- rule
Group RuleGroup - rule
Group StringName - List<Tag>
- capacity number
- type
Rule
Group Type Enum - description string
- rule
Group RuleGroup - rule
Group stringName - Tag[]
Outputs
All input properties are implicitly available as output properties. Additionally, the RuleGroup resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Rule
Group stringArn - Rule
Group stringId
- Id string
- The provider-assigned unique ID for this managed resource.
- Rule
Group stringArn - Rule
Group stringId
- id String
- The provider-assigned unique ID for this managed resource.
- rule
Group StringArn - rule
Group StringId
- id string
- The provider-assigned unique ID for this managed resource.
- rule
Group stringArn - rule
Group stringId
- id str
- The provider-assigned unique ID for this managed resource.
- rule_
group_ strarn - rule_
group_ strid
- id String
- The provider-assigned unique ID for this managed resource.
- rule
Group StringArn - rule
Group StringId
Supporting Types
RuleGroup, RuleGroupArgs
- Rules
Source Pulumi.Aws Native. Network Firewall. Inputs. Rule Group Rules Source - Reference
Sets Pulumi.Aws Native. Network Firewall. Inputs. Rule Group Reference Sets - Rule
Variables Pulumi.Aws Native. Network Firewall. Inputs. Rule Group Rule Variables - Stateful
Rule Pulumi.Options Aws Native. Network Firewall. Inputs. Rule Group Stateful Rule Options
RuleGroupActionDefinition, RuleGroupActionDefinitionArgs
RuleGroupAddress, RuleGroupAddressArgs
- Address
Definition string
- Address
Definition string
- address
Definition String
- address
Definition string
- address
Definition String
RuleGroupCustomAction, RuleGroupCustomActionArgs
RuleGroupDimension, RuleGroupDimensionArgs
- Value string
- Value string
- value String
- value string
- value str
- value String
RuleGroupGeneratedRulesType, RuleGroupGeneratedRulesTypeArgs
- Allowlist
- ALLOWLIST
- Denylist
- DENYLIST
- Rule
Group Generated Rules Type Allowlist - ALLOWLIST
- Rule
Group Generated Rules Type Denylist - DENYLIST
- Allowlist
- ALLOWLIST
- Denylist
- DENYLIST
- Allowlist
- ALLOWLIST
- Denylist
- DENYLIST
- ALLOWLIST
- ALLOWLIST
- DENYLIST
- DENYLIST
- "ALLOWLIST"
- ALLOWLIST
- "DENYLIST"
- DENYLIST
RuleGroupHeader, RuleGroupHeaderArgs
- Destination string
- Destination
Port string - Direction
Rule
Group Header Direction - Protocol
Rule
Group Header Protocol - Source string
- Source
Port string
- destination String
- destination
Port String - direction
Rule
Group Header Direction - protocol
Rule
Group Header Protocol - source String
- source
Port String
- destination string
- destination
Port string - direction
Rule
Group Header Direction - protocol
Rule
Group Header Protocol - source string
- source
Port string
RuleGroupHeaderDirection, RuleGroupHeaderDirectionArgs
- Forward
- FORWARD
- Any
- ANY
- Rule
Group Header Direction Forward - FORWARD
- Rule
Group Header Direction Any - ANY
- Forward
- FORWARD
- Any
- ANY
- Forward
- FORWARD
- Any
- ANY
- FORWARD
- FORWARD
- ANY
- ANY
- "FORWARD"
- FORWARD
- "ANY"
- ANY
RuleGroupHeaderProtocol, RuleGroupHeaderProtocolArgs
- Ip
- IP
- Tcp
- TCP
- Udp
- UDP
- Icmp
- ICMP
- Http
- HTTP
- Ftp
- FTP
- Tls
- TLS
- Smb
- SMB
- Dns
- DNS
- Dcerpc
- DCERPC
- Ssh
- SSH
- Smtp
- SMTP
- Imap
- IMAP
- Msn
- MSN
- Krb5
- KRB5
- Ikev2
- IKEV2
- Tftp
- TFTP
- Ntp
- NTP
- Dhcp
- DHCP
- Rule
Group Header Protocol Ip - IP
- Rule
Group Header Protocol Tcp - TCP
- Rule
Group Header Protocol Udp - UDP
- Rule
Group Header Protocol Icmp - ICMP
- Rule
Group Header Protocol Http - HTTP
- Rule
Group Header Protocol Ftp - FTP
- Rule
Group Header Protocol Tls - TLS
- Rule
Group Header Protocol Smb - SMB
- Rule
Group Header Protocol Dns - DNS
- Rule
Group Header Protocol Dcerpc - DCERPC
- Rule
Group Header Protocol Ssh - SSH
- Rule
Group Header Protocol Smtp - SMTP
- Rule
Group Header Protocol Imap - IMAP
- Rule
Group Header Protocol Msn - MSN
- Rule
Group Header Protocol Krb5 - KRB5
- Rule
Group Header Protocol Ikev2 - IKEV2
- Rule
Group Header Protocol Tftp - TFTP
- Rule
Group Header Protocol Ntp - NTP
- Rule
Group Header Protocol Dhcp - DHCP
- Ip
- IP
- Tcp
- TCP
- Udp
- UDP
- Icmp
- ICMP
- Http
- HTTP
- Ftp
- FTP
- Tls
- TLS
- Smb
- SMB
- Dns
- DNS
- Dcerpc
- DCERPC
- Ssh
- SSH
- Smtp
- SMTP
- Imap
- IMAP
- Msn
- MSN
- Krb5
- KRB5
- Ikev2
- IKEV2
- Tftp
- TFTP
- Ntp
- NTP
- Dhcp
- DHCP
- Ip
- IP
- Tcp
- TCP
- Udp
- UDP
- Icmp
- ICMP
- Http
- HTTP
- Ftp
- FTP
- Tls
- TLS
- Smb
- SMB
- Dns
- DNS
- Dcerpc
- DCERPC
- Ssh
- SSH
- Smtp
- SMTP
- Imap
- IMAP
- Msn
- MSN
- Krb5
- KRB5
- Ikev2
- IKEV2
- Tftp
- TFTP
- Ntp
- NTP
- Dhcp
- DHCP
- IP
- IP
- TCP
- TCP
- UDP
- UDP
- ICMP
- ICMP
- HTTP
- HTTP
- FTP
- FTP
- TLS
- TLS
- SMB
- SMB
- DNS
- DNS
- DCERPC
- DCERPC
- SSH
- SSH
- SMTP
- SMTP
- IMAP
- IMAP
- MSN
- MSN
- KRB5
- KRB5
- IKEV2
- IKEV2
- TFTP
- TFTP
- NTP
- NTP
- DHCP
- DHCP
- "IP"
- IP
- "TCP"
- TCP
- "UDP"
- UDP
- "ICMP"
- ICMP
- "HTTP"
- HTTP
- "FTP"
- FTP
- "TLS"
- TLS
- "SMB"
- SMB
- "DNS"
- DNS
- "DCERPC"
- DCERPC
- "SSH"
- SSH
- "SMTP"
- SMTP
- "IMAP"
- IMAP
- "MSN"
- MSN
- "KRB5"
- KRB5
- "IKEV2"
- IKEV2
- "TFTP"
- TFTP
- "NTP"
- NTP
- "DHCP"
- DHCP
RuleGroupIpSet, RuleGroupIpSetArgs
- Definition List<string>
- Definition []string
- definition List<String>
- definition string[]
- definition Sequence[str]
- definition List<String>
RuleGroupIpSetReference, RuleGroupIpSetReferenceArgs
- Reference
Arn string
- Reference
Arn string
- reference
Arn String
- reference
Arn string
- reference_
arn str
- reference
Arn String
RuleGroupMatchAttributes, RuleGroupMatchAttributesArgs
- Destination
Ports List<Pulumi.Aws Native. Network Firewall. Inputs. Rule Group Port Range> - Destinations
List<Pulumi.
Aws Native. Network Firewall. Inputs. Rule Group Address> - Protocols List<int>
- Source
Ports List<Pulumi.Aws Native. Network Firewall. Inputs. Rule Group Port Range> - Sources
List<Pulumi.
Aws Native. Network Firewall. Inputs. Rule Group Address> - Tcp
Flags List<Pulumi.Aws Native. Network Firewall. Inputs. Rule Group Tcp Flag Field>
RuleGroupPortRange, RuleGroupPortRangeArgs
RuleGroupPortSet, RuleGroupPortSetArgs
- Definition List<string>
- Definition []string
- definition List<String>
- definition string[]
- definition Sequence[str]
- definition List<String>
RuleGroupPublishMetricAction, RuleGroupPublishMetricActionArgs
RuleGroupReferenceSets, RuleGroupReferenceSetsArgs
- Ip
Set Dictionary<string, Pulumi.References Aws Native. Network Firewall. Inputs. Rule Group Ip Set Reference>
- Ip
Set map[string]RuleReferences Group Ip Set Reference
- ip
Set Map<String,RuleReferences Group Ip Set Reference>
- ip
Set {[key: string]: RuleReferences Group Ip Set Reference}
- ip_
set_ Mapping[str, Rulereferences Group Ip Set Reference]
- ip
Set Map<Property Map>References
RuleGroupRuleDefinition, RuleGroupRuleDefinitionArgs
- actions List<String>
- match
Attributes RuleGroup Match Attributes
- actions Sequence[str]
- match_
attributes RuleGroup Match Attributes
- actions List<String>
- match
Attributes Property Map
RuleGroupRuleOption, RuleGroupRuleOptionArgs
RuleGroupRuleOrder, RuleGroupRuleOrderArgs
- Default
Action Order - DEFAULT_ACTION_ORDER
- Strict
Order - STRICT_ORDER
- Rule
Group Rule Order Default Action Order - DEFAULT_ACTION_ORDER
- Rule
Group Rule Order Strict Order - STRICT_ORDER
- Default
Action Order - DEFAULT_ACTION_ORDER
- Strict
Order - STRICT_ORDER
- Default
Action Order - DEFAULT_ACTION_ORDER
- Strict
Order - STRICT_ORDER
- DEFAULT_ACTION_ORDER
- DEFAULT_ACTION_ORDER
- STRICT_ORDER
- STRICT_ORDER
- "DEFAULT_ACTION_ORDER"
- DEFAULT_ACTION_ORDER
- "STRICT_ORDER"
- STRICT_ORDER
RuleGroupRuleVariables, RuleGroupRuleVariablesArgs
RuleGroupRulesSource, RuleGroupRulesSourceArgs
RuleGroupRulesSourceList, RuleGroupRulesSourceListArgs
RuleGroupStatefulRule, RuleGroupStatefulRuleArgs
RuleGroupStatefulRuleAction, RuleGroupStatefulRuleActionArgs
- Pass
- PASS
- Drop
- DROP
- Alert
- ALERT
- Reject
- REJECT
- Rule
Group Stateful Rule Action Pass - PASS
- Rule
Group Stateful Rule Action Drop - DROP
- Rule
Group Stateful Rule Action Alert - ALERT
- Rule
Group Stateful Rule Action Reject - REJECT
- Pass
- PASS
- Drop
- DROP
- Alert
- ALERT
- Reject
- REJECT
- Pass
- PASS
- Drop
- DROP
- Alert
- ALERT
- Reject
- REJECT
- PASS_
- PASS
- DROP
- DROP
- ALERT
- ALERT
- REJECT
- REJECT
- "PASS"
- PASS
- "DROP"
- DROP
- "ALERT"
- ALERT
- "REJECT"
- REJECT
RuleGroupStatefulRuleOptions, RuleGroupStatefulRuleOptionsArgs
RuleGroupStatelessRule, RuleGroupStatelessRuleArgs
RuleGroupStatelessRulesAndCustomActions, RuleGroupStatelessRulesAndCustomActionsArgs
RuleGroupTargetType, RuleGroupTargetTypeArgs
- Tls
Sni - TLS_SNI
- Http
Host - HTTP_HOST
- Rule
Group Target Type Tls Sni - TLS_SNI
- Rule
Group Target Type Http Host - HTTP_HOST
- Tls
Sni - TLS_SNI
- Http
Host - HTTP_HOST
- Tls
Sni - TLS_SNI
- Http
Host - HTTP_HOST
- TLS_SNI
- TLS_SNI
- HTTP_HOST
- HTTP_HOST
- "TLS_SNI"
- TLS_SNI
- "HTTP_HOST"
- HTTP_HOST
RuleGroupTcpFlag, RuleGroupTcpFlagArgs
- Fin
- FIN
- Syn
- SYN
- Rst
- RST
- Psh
- PSH
- Ack
- ACK
- Urg
- URG
- Ece
- ECE
- Cwr
- CWR
- Rule
Group Tcp Flag Fin - FIN
- Rule
Group Tcp Flag Syn - SYN
- Rule
Group Tcp Flag Rst - RST
- Rule
Group Tcp Flag Psh - PSH
- Rule
Group Tcp Flag Ack - ACK
- Rule
Group Tcp Flag Urg - URG
- Rule
Group Tcp Flag Ece - ECE
- Rule
Group Tcp Flag Cwr - CWR
- Fin
- FIN
- Syn
- SYN
- Rst
- RST
- Psh
- PSH
- Ack
- ACK
- Urg
- URG
- Ece
- ECE
- Cwr
- CWR
- Fin
- FIN
- Syn
- SYN
- Rst
- RST
- Psh
- PSH
- Ack
- ACK
- Urg
- URG
- Ece
- ECE
- Cwr
- CWR
- FIN
- FIN
- SYN
- SYN
- RST
- RST
- PSH
- PSH
- ACK
- ACK
- URG
- URG
- ECE
- ECE
- CWR
- CWR
- "FIN"
- FIN
- "SYN"
- SYN
- "RST"
- RST
- "PSH"
- PSH
- "ACK"
- ACK
- "URG"
- URG
- "ECE"
- ECE
- "CWR"
- CWR
RuleGroupTcpFlagField, RuleGroupTcpFlagFieldArgs
RuleGroupTypeEnum, RuleGroupTypeEnumArgs
- Stateless
- STATELESS
- Stateful
- STATEFUL
- Rule
Group Type Enum Stateless - STATELESS
- Rule
Group Type Enum Stateful - STATEFUL
- Stateless
- STATELESS
- Stateful
- STATEFUL
- Stateless
- STATELESS
- Stateful
- STATEFUL
- STATELESS
- STATELESS
- STATEFUL
- STATEFUL
- "STATELESS"
- STATELESS
- "STATEFUL"
- STATEFUL
Tag, TagArgs
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
AWS Native is in preview. AWS Classic is fully supported.