FirewallPolicy

Provides an AWS Network Firewall Firewall Policy Resource

Policy with a Custom Action for Stateless Inspection

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const test = new aws.networkfirewall.FirewallPolicy("test", {
    firewallPolicy: {
        statelessCustomActions: [{
            actionDefinition: {
                publishMetricAction: {
                    dimensions: [{
                        value: "1",
                    }],
                },
            },
            actionName: "ExampleCustomAction",
        }],
        statelessDefaultActions: [
            "aws:pass",
            "ExampleCustomAction",
        ],
        statelessFragmentDefaultActions: ["aws:drop"],
    },
});
import pulumi
import pulumi_aws as aws

test = aws.networkfirewall.FirewallPolicy("test", firewall_policy=aws.networkfirewall.FirewallPolicyFirewallPolicyArgs(
    stateless_custom_actions=[aws.networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionArgs(
        action_definition=aws.networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs(
            publish_metric_action=aws.networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs(
                dimension=[{
                    "value": "1",
                }],
            ),
        ),
        action_name="ExampleCustomAction",
    )],
    stateless_default_actions=[
        "aws:pass",
        "ExampleCustomAction",
    ],
    stateless_fragment_default_actions=["aws:drop"],
))
using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var test = new Aws.NetworkFirewall.FirewallPolicy("test", new Aws.NetworkFirewall.FirewallPolicyArgs
        {
            FirewallPolicy = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyArgs
            {
                StatelessCustomActions = 
                {
                    new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionArgs
                    {
                        ActionDefinition = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs
                        {
                            PublishMetricAction = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs
                            {
                                Dimension = 
                                {
                                    
                                    {
                                        { "value", "1" },
                                    },
                                },
                            },
                        },
                        ActionName = "ExampleCustomAction",
                    },
                },
                StatelessDefaultActions = 
                {
                    "aws:pass",
                    "ExampleCustomAction",
                },
                StatelessFragmentDefaultActions = 
                {
                    "aws:drop",
                },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networkfirewall.NewFirewallPolicy(ctx, "test", &networkfirewall.FirewallPolicyArgs{
			FirewallPolicy: &networkfirewall.FirewallPolicyFirewallPolicyArgs{
				StatelessCustomActions: networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionArray{
					&networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionArgs{
						ActionDefinition: &networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs{
							PublishMetricAction: &networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs{
								Dimension: []map[string]interface{}{
									map[string]interface{}{
										"value": "1",
									},
								},
							},
						},
						ActionName: pulumi.String("ExampleCustomAction"),
					},
				},
				StatelessDefaultActions: pulumi.StringArray{
					pulumi.String("aws:pass"),
					pulumi.String("ExampleCustomAction"),
				},
				StatelessFragmentDefaultActions: pulumi.StringArray{
					pulumi.String("aws:drop"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Aws.NetworkFirewall.FirewallPolicy("example", new Aws.NetworkFirewall.FirewallPolicyArgs
        {
            FirewallPolicy = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyArgs
            {
                StatelessDefaultActions = 
                {
                    "aws:pass",
                },
                StatelessFragmentDefaultActions = 
                {
                    "aws:drop",
                },
                StatelessRuleGroupReferences = 
                {
                    new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs
                    {
                        Priority = 1,
                        ResourceArn = aws_networkfirewall_rule_group.Example.Arn,
                    },
                },
            },
            Tags = 
            {
                { "Tag1", "Value1" },
                { "Tag2", "Value2" },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networkfirewall.NewFirewallPolicy(ctx, "example", &networkfirewall.FirewallPolicyArgs{
			FirewallPolicy: &networkfirewall.FirewallPolicyFirewallPolicyArgs{
				StatelessDefaultActions: pulumi.StringArray{
					pulumi.String("aws:pass"),
				},
				StatelessFragmentDefaultActions: pulumi.StringArray{
					pulumi.String("aws:drop"),
				},
				StatelessRuleGroupReferences: networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArray{
					&networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs{
						Priority:    pulumi.Int(1),
						ResourceArn: pulumi.Any(aws_networkfirewall_rule_group.Example.Arn),
					},
				},
			},
			Tags: pulumi.StringMap{
				"Tag1": pulumi.String("Value1"),
				"Tag2": pulumi.String("Value2"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

example = aws.networkfirewall.FirewallPolicy("example",
    firewall_policy=aws.networkfirewall.FirewallPolicyFirewallPolicyArgs(
        stateless_default_actions=["aws:pass"],
        stateless_fragment_default_actions=["aws:drop"],
        stateless_rule_group_references=[aws.networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs(
            priority=1,
            resource_arn=aws_networkfirewall_rule_group["example"]["arn"],
        )],
    ),
    tags={
        "Tag1": "Value1",
        "Tag2": "Value2",
    })
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.networkfirewall.FirewallPolicy("example", {
    firewallPolicy: {
        statelessDefaultActions: ["aws:pass"],
        statelessFragmentDefaultActions: ["aws:drop"],
        statelessRuleGroupReferences: [{
            priority: 1,
            resourceArn: aws_networkfirewall_rule_group.example.arn,
        }],
    },
    tags: {
        Tag1: "Value1",
        Tag2: "Value2",
    },
});

Create a FirewallPolicy Resource

new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);
@overload
def FirewallPolicy(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   description: Optional[str] = None,
                   firewall_policy: Optional[FirewallPolicyFirewallPolicyArgs] = None,
                   name: Optional[str] = None,
                   tags: Optional[Mapping[str, str]] = None)
@overload
def FirewallPolicy(resource_name: str,
                   args: FirewallPolicyArgs,
                   opts: Optional[ResourceOptions] = None)
func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)
public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args FirewallPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FirewallPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FirewallPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FirewallPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

FirewallPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The FirewallPolicy resource accepts the following input properties:

FirewallPolicyConfiguration FirewallPolicyFirewallPolicyArgs
A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
Description string
A friendly description of the firewall policy.
Name string
A friendly name of the firewall policy.
Tags Dictionary<string, string>
Map of resource tags to associate with the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
FirewallPolicy FirewallPolicyFirewallPolicyArgs
A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
Description string
A friendly description of the firewall policy.
Name string
A friendly name of the firewall policy.
Tags map[string]string
Map of resource tags to associate with the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
firewallPolicy FirewallPolicyFirewallPolicyArgs
A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
description string
A friendly description of the firewall policy.
name string
A friendly name of the firewall policy.
tags {[key: string]: string}
Map of resource tags to associate with the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
firewall_policy FirewallPolicyFirewallPolicyArgs
A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
description str
A friendly description of the firewall policy.
name str
A friendly name of the firewall policy.
tags Mapping[str, str]
Map of resource tags to associate with the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:

Arn string
The Amazon Resource Name (ARN) that identifies the firewall policy.
Id string
The provider-assigned unique ID for this managed resource.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
UpdateToken string
A string token used when updating a firewall policy.
Arn string
The Amazon Resource Name (ARN) that identifies the firewall policy.
Id string
The provider-assigned unique ID for this managed resource.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
UpdateToken string
A string token used when updating a firewall policy.
arn string
The Amazon Resource Name (ARN) that identifies the firewall policy.
id string
The provider-assigned unique ID for this managed resource.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
updateToken string
A string token used when updating a firewall policy.
arn str
The Amazon Resource Name (ARN) that identifies the firewall policy.
id str
The provider-assigned unique ID for this managed resource.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .
update_token str
A string token used when updating a firewall policy.

Look up an Existing FirewallPolicy Resource

Get an existing FirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallPolicyState, opts?: CustomResourceOptions): FirewallPolicy
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        description: Optional[str] = None,
        firewall_policy: Optional[FirewallPolicyFirewallPolicyArgs] = None,
        name: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        update_token: Optional[str] = None) -> FirewallPolicy
func GetFirewallPolicy(ctx *Context, name string, id IDInput, state *FirewallPolicyState, opts ...ResourceOption) (*FirewallPolicy, error)
public static FirewallPolicy Get(string name, Input<string> id, FirewallPolicyState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string
The Amazon Resource Name (ARN) that identifies the firewall policy.
Description string
A friendly description of the firewall policy.
FirewallPolicyConfiguration FirewallPolicyFirewallPolicyArgs
A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
Name string
A friendly name of the firewall policy.
Tags Dictionary<string, string>
Map of resource tags to associate with the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
UpdateToken string
A string token used when updating a firewall policy.
Arn string
The Amazon Resource Name (ARN) that identifies the firewall policy.
Description string
A friendly description of the firewall policy.
FirewallPolicy FirewallPolicyFirewallPolicyArgs
A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
Name string
A friendly name of the firewall policy.
Tags map[string]string
Map of resource tags to associate with the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
UpdateToken string
A string token used when updating a firewall policy.
arn string
The Amazon Resource Name (ARN) that identifies the firewall policy.
description string
A friendly description of the firewall policy.
firewallPolicy FirewallPolicyFirewallPolicyArgs
A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
name string
A friendly name of the firewall policy.
tags {[key: string]: string}
Map of resource tags to associate with the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
updateToken string
A string token used when updating a firewall policy.
arn str
The Amazon Resource Name (ARN) that identifies the firewall policy.
description str
A friendly description of the firewall policy.
firewall_policy FirewallPolicyFirewallPolicyArgs
A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
name str
A friendly name of the firewall policy.
tags Mapping[str, str]
Map of resource tags to associate with the resource. .If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .
update_token str
A string token used when updating a firewall policy.

Supporting Types

FirewallPolicyFirewallPolicy

StatelessDefaultActions List<string>
Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: aws:drop, aws:pass, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
StatelessFragmentDefaultActions List<string>
Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: aws:drop, aws:pass, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
StatefulDefaultActions List<string>
Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a stateful_engine_options block with a rule_order value of STRICT_ORDER. You can specify one of either or neither values of aws:drop_strict or aws:drop_established, as well as any combination of aws:alert_strict and aws:alert_established.
StatefulEngineOptions FirewallPolicyFirewallPolicyStatefulEngineOptions
A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details.
StatefulRuleGroupReferences List<FirewallPolicyFirewallPolicyStatefulRuleGroupReference>
Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.
StatelessCustomActions List<FirewallPolicyFirewallPolicyStatelessCustomAction>
Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy’s stateless_default_actions. See Stateless Custom Action below for details.
StatelessRuleGroupReferences List<FirewallPolicyFirewallPolicyStatelessRuleGroupReference>
Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.
StatelessDefaultActions []string
Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: aws:drop, aws:pass, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
StatelessFragmentDefaultActions []string
Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: aws:drop, aws:pass, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
StatefulDefaultActions []string
Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a stateful_engine_options block with a rule_order value of STRICT_ORDER. You can specify one of either or neither values of aws:drop_strict or aws:drop_established, as well as any combination of aws:alert_strict and aws:alert_established.
StatefulEngineOptions FirewallPolicyFirewallPolicyStatefulEngineOptions
A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details.
StatefulRuleGroupReferences []FirewallPolicyFirewallPolicyStatefulRuleGroupReference
Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.
StatelessCustomActions []FirewallPolicyFirewallPolicyStatelessCustomAction
Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy’s stateless_default_actions. See Stateless Custom Action below for details.
StatelessRuleGroupReferences []FirewallPolicyFirewallPolicyStatelessRuleGroupReference
Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.
statelessDefaultActions string[]
Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: aws:drop, aws:pass, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
statelessFragmentDefaultActions string[]
Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: aws:drop, aws:pass, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
statefulDefaultActions string[]
Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a stateful_engine_options block with a rule_order value of STRICT_ORDER. You can specify one of either or neither values of aws:drop_strict or aws:drop_established, as well as any combination of aws:alert_strict and aws:alert_established.
statefulEngineOptions FirewallPolicyFirewallPolicyStatefulEngineOptions
A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details.
statefulRuleGroupReferences FirewallPolicyFirewallPolicyStatefulRuleGroupReference[]
Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.
statelessCustomActions FirewallPolicyFirewallPolicyStatelessCustomAction[]
Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy’s stateless_default_actions. See Stateless Custom Action below for details.
statelessRuleGroupReferences FirewallPolicyFirewallPolicyStatelessRuleGroupReference[]
Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.
stateless_default_actions Sequence[str]
Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: aws:drop, aws:pass, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
stateless_fragment_default_actions Sequence[str]
Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: aws:drop, aws:pass, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.
stateful_default_actions Sequence[str]
Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a stateful_engine_options block with a rule_order value of STRICT_ORDER. You can specify one of either or neither values of aws:drop_strict or aws:drop_established, as well as any combination of aws:alert_strict and aws:alert_established.
stateful_engine_options FirewallPolicyFirewallPolicyStatefulEngineOptions
A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details.
stateful_rule_group_references Sequence[FirewallPolicyFirewallPolicyStatefulRuleGroupReference]
Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.
stateless_custom_actions Sequence[FirewallPolicyFirewallPolicyStatelessCustomAction]
Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy’s stateless_default_actions. See Stateless Custom Action below for details.
stateless_rule_group_references Sequence[FirewallPolicyFirewallPolicyStatelessRuleGroupReference]
Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.

FirewallPolicyFirewallPolicyStatefulEngineOptions

RuleOrder string
Indicates how to manage the order of stateful rule evaluation for the policy. Default value: DEFAULT_ACTION_ORDER. Valid values: DEFAULT_ACTION_ORDER, STRICT_ORDER.
RuleOrder string
Indicates how to manage the order of stateful rule evaluation for the policy. Default value: DEFAULT_ACTION_ORDER. Valid values: DEFAULT_ACTION_ORDER, STRICT_ORDER.
ruleOrder string
Indicates how to manage the order of stateful rule evaluation for the policy. Default value: DEFAULT_ACTION_ORDER. Valid values: DEFAULT_ACTION_ORDER, STRICT_ORDER.
rule_order str
Indicates how to manage the order of stateful rule evaluation for the policy. Default value: DEFAULT_ACTION_ORDER. Valid values: DEFAULT_ACTION_ORDER, STRICT_ORDER.

FirewallPolicyFirewallPolicyStatefulRuleGroupReference

ResourceArn string
The Amazon Resource Name (ARN) of the stateful rule group.
Priority int
An integer setting that indicates the order in which to apply the stateful rule groups in a single policy. This argument must be specified if the policy has a stateful_engine_options block with a rule_order value of STRICT_ORDER. AWS Network Firewall applies each stateful rule group to a packet starting with the group that has the lowest priority setting.
ResourceArn string
The Amazon Resource Name (ARN) of the stateful rule group.
Priority int
An integer setting that indicates the order in which to apply the stateful rule groups in a single policy. This argument must be specified if the policy has a stateful_engine_options block with a rule_order value of STRICT_ORDER. AWS Network Firewall applies each stateful rule group to a packet starting with the group that has the lowest priority setting.
resourceArn string
The Amazon Resource Name (ARN) of the stateful rule group.
priority number
An integer setting that indicates the order in which to apply the stateful rule groups in a single policy. This argument must be specified if the policy has a stateful_engine_options block with a rule_order value of STRICT_ORDER. AWS Network Firewall applies each stateful rule group to a packet starting with the group that has the lowest priority setting.
resource_arn str
The Amazon Resource Name (ARN) of the stateful rule group.
priority int
An integer setting that indicates the order in which to apply the stateful rule groups in a single policy. This argument must be specified if the policy has a stateful_engine_options block with a rule_order value of STRICT_ORDER. AWS Network Firewall applies each stateful rule group to a packet starting with the group that has the lowest priority setting.

FirewallPolicyFirewallPolicyStatelessCustomAction

ActionDefinition FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinition
A configuration block describing the custom action associated with the action_name. See Action Definition below for details.
ActionName string
A friendly name of the custom action.
ActionDefinition FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinition
A configuration block describing the custom action associated with the action_name. See Action Definition below for details.
ActionName string
A friendly name of the custom action.
actionDefinition FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinition
A configuration block describing the custom action associated with the action_name. See Action Definition below for details.
actionName string
A friendly name of the custom action.
action_definition FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinition
A configuration block describing the custom action associated with the action_name. See Action Definition below for details.
action_name str
A friendly name of the custom action.

FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinition

PublishMetricAction FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricAction
A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.
PublishMetricAction FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricAction
A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.
publishMetricAction FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricAction
A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.
publish_metric_action FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricAction
A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.

FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricAction

Dimensions List<FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimension>
Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details.
Dimensions []FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimension
Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details.
dimensions FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimension[]
Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details.
dimensions Sequence[FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimension]
Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details.

FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimension

Value string
The string value to use in the custom metric dimension.
Value string
The string value to use in the custom metric dimension.
value string
The string value to use in the custom metric dimension.
value str
The string value to use in the custom metric dimension.

FirewallPolicyFirewallPolicyStatelessRuleGroupReference

Priority int
An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting.
ResourceArn string
The Amazon Resource Name (ARN) of the stateless rule group.
Priority int
An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting.
ResourceArn string
The Amazon Resource Name (ARN) of the stateless rule group.
priority number
An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting.
resourceArn string
The Amazon Resource Name (ARN) of the stateless rule group.
priority int
An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting.
resource_arn str
The Amazon Resource Name (ARN) of the stateless rule group.

Import

Network Firewall Policies can be imported using their ARN.

 $ pulumi import aws:networkfirewall/firewallPolicy:FirewallPolicy example arn:aws:network-firewall:us-west-1:123456789012:firewall-policy/example

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.