Docs Home
AWS v6.80.0 published on Tuesday, May 6, 2025 by Pulumi
aws.networkfirewall.FirewallPolicy
Explore with Pulumi AI
Provides an AWS Network Firewall Firewall Policy Resource
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.networkfirewall.FirewallPolicy("example", {
name: "example",
firewallPolicy: {
statelessDefaultActions: ["aws:pass"],
statelessFragmentDefaultActions: ["aws:drop"],
statelessRuleGroupReferences: [{
priority: 1,
resourceArn: exampleAwsNetworkfirewallRuleGroup.arn,
}],
tlsInspectionConfigurationArn: "arn:aws:network-firewall:REGION:ACCT:tls-configuration/example",
},
tags: {
Tag1: "Value1",
Tag2: "Value2",
},
});
import pulumi
import pulumi_aws as aws
example = aws.networkfirewall.FirewallPolicy("example",
name="example",
firewall_policy={
"stateless_default_actions": ["aws:pass"],
"stateless_fragment_default_actions": ["aws:drop"],
"stateless_rule_group_references": [{
"priority": 1,
"resource_arn": example_aws_networkfirewall_rule_group["arn"],
}],
"tls_inspection_configuration_arn": "arn:aws:network-firewall:REGION:ACCT:tls-configuration/example",
},
tags={
"Tag1": "Value1",
"Tag2": "Value2",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networkfirewall.NewFirewallPolicy(ctx, "example", &networkfirewall.FirewallPolicyArgs{
Name: pulumi.String("example"),
FirewallPolicy: &networkfirewall.FirewallPolicyFirewallPolicyArgs{
StatelessDefaultActions: pulumi.StringArray{
pulumi.String("aws:pass"),
},
StatelessFragmentDefaultActions: pulumi.StringArray{
pulumi.String("aws:drop"),
},
StatelessRuleGroupReferences: networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArray{
&networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs{
Priority: pulumi.Int(1),
ResourceArn: pulumi.Any(exampleAwsNetworkfirewallRuleGroup.Arn),
},
},
TlsInspectionConfigurationArn: pulumi.String("arn:aws:network-firewall:REGION:ACCT:tls-configuration/example"),
},
Tags: pulumi.StringMap{
"Tag1": pulumi.String("Value1"),
"Tag2": pulumi.String("Value2"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.NetworkFirewall.FirewallPolicy("example", new()
{
Name = "example",
FirewallPolicyConfiguration = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyArgs
{
StatelessDefaultActions = new[]
{
"aws:pass",
},
StatelessFragmentDefaultActions = new[]
{
"aws:drop",
},
StatelessRuleGroupReferences = new[]
{
new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs
{
Priority = 1,
ResourceArn = exampleAwsNetworkfirewallRuleGroup.Arn,
},
},
TlsInspectionConfigurationArn = "arn:aws:network-firewall:REGION:ACCT:tls-configuration/example",
},
Tags =
{
{ "Tag1", "Value1" },
{ "Tag2", "Value2" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.FirewallPolicy;
import com.pulumi.aws.networkfirewall.FirewallPolicyArgs;
import com.pulumi.aws.networkfirewall.inputs.FirewallPolicyFirewallPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new FirewallPolicy("example", FirewallPolicyArgs.builder()
.name("example")
.firewallPolicy(FirewallPolicyFirewallPolicyArgs.builder()
.statelessDefaultActions("aws:pass")
.statelessFragmentDefaultActions("aws:drop")
.statelessRuleGroupReferences(FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs.builder()
.priority(1)
.resourceArn(exampleAwsNetworkfirewallRuleGroup.arn())
.build())
.tlsInspectionConfigurationArn("arn:aws:network-firewall:REGION:ACCT:tls-configuration/example")
.build())
.tags(Map.ofEntries(
Map.entry("Tag1", "Value1"),
Map.entry("Tag2", "Value2")
))
.build());
}
}
resources:
example:
type: aws:networkfirewall:FirewallPolicy
properties:
name: example
firewallPolicy:
statelessDefaultActions:
- aws:pass
statelessFragmentDefaultActions:
- aws:drop
statelessRuleGroupReferences:
- priority: 1
resourceArn: ${exampleAwsNetworkfirewallRuleGroup.arn}
tlsInspectionConfigurationArn: arn:aws:network-firewall:REGION:ACCT:tls-configuration/example
tags:
Tag1: Value1
Tag2: Value2
Policy with a HOME_NET Override
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.networkfirewall.FirewallPolicy("example", {
name: "example",
firewallPolicy: {
policyVariables: {
ruleVariables: [{
key: "HOME_NET",
ipSet: {
definitions: [
"10.0.0.0/16",
"10.1.0.0/24",
],
},
}],
},
statelessDefaultActions: ["aws:pass"],
statelessFragmentDefaultActions: ["aws:drop"],
statelessRuleGroupReferences: [{
priority: 1,
resourceArn: exampleAwsNetworkfirewallRuleGroup.arn,
}],
},
tags: {
Tag1: "Value1",
Tag2: "Value2",
},
});
import pulumi
import pulumi_aws as aws
example = aws.networkfirewall.FirewallPolicy("example",
name="example",
firewall_policy={
"policy_variables": {
"rule_variables": [{
"key": "HOME_NET",
"ip_set": {
"definitions": [
"10.0.0.0/16",
"10.1.0.0/24",
],
},
}],
},
"stateless_default_actions": ["aws:pass"],
"stateless_fragment_default_actions": ["aws:drop"],
"stateless_rule_group_references": [{
"priority": 1,
"resource_arn": example_aws_networkfirewall_rule_group["arn"],
}],
},
tags={
"Tag1": "Value1",
"Tag2": "Value2",
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networkfirewall.NewFirewallPolicy(ctx, "example", &networkfirewall.FirewallPolicyArgs{
Name: pulumi.String("example"),
FirewallPolicy: &networkfirewall.FirewallPolicyFirewallPolicyArgs{
PolicyVariables: &networkfirewall.FirewallPolicyFirewallPolicyPolicyVariablesArgs{
RuleVariables: networkfirewall.FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableArray{
&networkfirewall.FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableArgs{
Key: pulumi.String("HOME_NET"),
IpSet: &networkfirewall.FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableIpSetArgs{
Definitions: pulumi.StringArray{
pulumi.String("10.0.0.0/16"),
pulumi.String("10.1.0.0/24"),
},
},
},
},
},
StatelessDefaultActions: pulumi.StringArray{
pulumi.String("aws:pass"),
},
StatelessFragmentDefaultActions: pulumi.StringArray{
pulumi.String("aws:drop"),
},
StatelessRuleGroupReferences: networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArray{
&networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs{
Priority: pulumi.Int(1),
ResourceArn: pulumi.Any(exampleAwsNetworkfirewallRuleGroup.Arn),
},
},
},
Tags: pulumi.StringMap{
"Tag1": pulumi.String("Value1"),
"Tag2": pulumi.String("Value2"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.NetworkFirewall.FirewallPolicy("example", new()
{
Name = "example",
FirewallPolicyConfiguration = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyArgs
{
PolicyVariables = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyPolicyVariablesArgs
{
RuleVariables = new[]
{
new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableArgs
{
Key = "HOME_NET",
IpSet = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableIpSetArgs
{
Definitions = new[]
{
"10.0.0.0/16",
"10.1.0.0/24",
},
},
},
},
},
StatelessDefaultActions = new[]
{
"aws:pass",
},
StatelessFragmentDefaultActions = new[]
{
"aws:drop",
},
StatelessRuleGroupReferences = new[]
{
new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs
{
Priority = 1,
ResourceArn = exampleAwsNetworkfirewallRuleGroup.Arn,
},
},
},
Tags =
{
{ "Tag1", "Value1" },
{ "Tag2", "Value2" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.FirewallPolicy;
import com.pulumi.aws.networkfirewall.FirewallPolicyArgs;
import com.pulumi.aws.networkfirewall.inputs.FirewallPolicyFirewallPolicyArgs;
import com.pulumi.aws.networkfirewall.inputs.FirewallPolicyFirewallPolicyPolicyVariablesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new FirewallPolicy("example", FirewallPolicyArgs.builder()
.name("example")
.firewallPolicy(FirewallPolicyFirewallPolicyArgs.builder()
.policyVariables(FirewallPolicyFirewallPolicyPolicyVariablesArgs.builder()
.ruleVariables(FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableArgs.builder()
.key("HOME_NET")
.ipSet(FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableIpSetArgs.builder()
.definitions(
"10.0.0.0/16",
"10.1.0.0/24")
.build())
.build())
.build())
.statelessDefaultActions("aws:pass")
.statelessFragmentDefaultActions("aws:drop")
.statelessRuleGroupReferences(FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs.builder()
.priority(1)
.resourceArn(exampleAwsNetworkfirewallRuleGroup.arn())
.build())
.build())
.tags(Map.ofEntries(
Map.entry("Tag1", "Value1"),
Map.entry("Tag2", "Value2")
))
.build());
}
}
resources:
example:
type: aws:networkfirewall:FirewallPolicy
properties:
name: example
firewallPolicy:
policyVariables:
ruleVariables:
- key: HOME_NET
ipSet:
definitions:
- 10.0.0.0/16
- 10.1.0.0/24
statelessDefaultActions:
- aws:pass
statelessFragmentDefaultActions:
- aws:drop
statelessRuleGroupReferences:
- priority: 1
resourceArn: ${exampleAwsNetworkfirewallRuleGroup.arn}
tags:
Tag1: Value1
Tag2: Value2
Policy with a Custom Action for Stateless Inspection
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const test = new aws.networkfirewall.FirewallPolicy("test", {
name: "example",
firewallPolicy: {
statelessDefaultActions: [
"aws:pass",
"ExampleCustomAction",
],
statelessFragmentDefaultActions: ["aws:drop"],
statelessCustomActions: [{
actionDefinition: {
publishMetricAction: {
dimensions: [{
value: "1",
}],
},
},
actionName: "ExampleCustomAction",
}],
},
});
import pulumi
import pulumi_aws as aws
test = aws.networkfirewall.FirewallPolicy("test",
name="example",
firewall_policy={
"stateless_default_actions": [
"aws:pass",
"ExampleCustomAction",
],
"stateless_fragment_default_actions": ["aws:drop"],
"stateless_custom_actions": [{
"action_definition": {
"publish_metric_action": {
"dimensions": [{
"value": "1",
}],
},
},
"action_name": "ExampleCustomAction",
}],
})
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networkfirewall.NewFirewallPolicy(ctx, "test", &networkfirewall.FirewallPolicyArgs{
Name: pulumi.String("example"),
FirewallPolicy: &networkfirewall.FirewallPolicyFirewallPolicyArgs{
StatelessDefaultActions: pulumi.StringArray{
pulumi.String("aws:pass"),
pulumi.String("ExampleCustomAction"),
},
StatelessFragmentDefaultActions: pulumi.StringArray{
pulumi.String("aws:drop"),
},
StatelessCustomActions: networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionArray{
&networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionArgs{
ActionDefinition: &networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs{
PublishMetricAction: &networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs{
Dimensions: networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimensionArray{
&networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimensionArgs{
Value: pulumi.String("1"),
},
},
},
},
ActionName: pulumi.String("ExampleCustomAction"),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var test = new Aws.NetworkFirewall.FirewallPolicy("test", new()
{
Name = "example",
FirewallPolicyConfiguration = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyArgs
{
StatelessDefaultActions = new[]
{
"aws:pass",
"ExampleCustomAction",
},
StatelessFragmentDefaultActions = new[]
{
"aws:drop",
},
StatelessCustomActions = new[]
{
new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionArgs
{
ActionDefinition = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs
{
PublishMetricAction = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs
{
Dimensions = new[]
{
new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimensionArgs
{
Value = "1",
},
},
},
},
ActionName = "ExampleCustomAction",
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.FirewallPolicy;
import com.pulumi.aws.networkfirewall.FirewallPolicyArgs;
import com.pulumi.aws.networkfirewall.inputs.FirewallPolicyFirewallPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new FirewallPolicy("test", FirewallPolicyArgs.builder()
.name("example")
.firewallPolicy(FirewallPolicyFirewallPolicyArgs.builder()
.statelessDefaultActions(
"aws:pass",
"ExampleCustomAction")
.statelessFragmentDefaultActions("aws:drop")
.statelessCustomActions(FirewallPolicyFirewallPolicyStatelessCustomActionArgs.builder()
.actionDefinition(FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs.builder()
.publishMetricAction(FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs.builder()
.dimensions(FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimensionArgs.builder()
.value("1")
.build())
.build())
.build())
.actionName("ExampleCustomAction")
.build())
.build())
.build());
}
}
resources:
test:
type: aws:networkfirewall:FirewallPolicy
properties:
name: example
firewallPolicy:
statelessDefaultActions:
- aws:pass
- ExampleCustomAction
statelessFragmentDefaultActions:
- aws:drop
statelessCustomActions:
- actionDefinition:
publishMetricAction:
dimensions:
- value: '1'
actionName: ExampleCustomAction
Create FirewallPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);@overload
def FirewallPolicy(resource_name: str,
args: FirewallPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FirewallPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
firewall_policy: Optional[FirewallPolicyFirewallPolicyArgs] = None,
description: Optional[str] = None,
encryption_configuration: Optional[FirewallPolicyEncryptionConfigurationArgs] = None,
name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)
public FirewallPolicy(String name, FirewallPolicyArgs args)
public FirewallPolicy(String name, FirewallPolicyArgs args, CustomResourceOptions options)
type: aws:networkfirewall:FirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var firewallPolicyResource = new Aws.NetworkFirewall.FirewallPolicy("firewallPolicyResource", new()
{
FirewallPolicyConfiguration = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyArgs
{
StatelessDefaultActions = new[]
{
"string",
},
StatelessFragmentDefaultActions = new[]
{
"string",
},
PolicyVariables = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyPolicyVariablesArgs
{
RuleVariables = new[]
{
new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableArgs
{
IpSet = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableIpSetArgs
{
Definitions = new[]
{
"string",
},
},
Key = "string",
},
},
},
StatefulDefaultActions = new[]
{
"string",
},
StatefulEngineOptions = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatefulEngineOptionsArgs
{
FlowTimeouts = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatefulEngineOptionsFlowTimeoutsArgs
{
TcpIdleTimeoutSeconds = 0,
},
RuleOrder = "string",
StreamExceptionPolicy = "string",
},
StatefulRuleGroupReferences = new[]
{
new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceArgs
{
ResourceArn = "string",
Override = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceOverrideArgs
{
Action = "string",
},
Priority = 0,
},
},
StatelessCustomActions = new[]
{
new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionArgs
{
ActionDefinition = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs
{
PublishMetricAction = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs
{
Dimensions = new[]
{
new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimensionArgs
{
Value = "string",
},
},
},
},
ActionName = "string",
},
},
StatelessRuleGroupReferences = new[]
{
new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs
{
Priority = 0,
ResourceArn = "string",
},
},
TlsInspectionConfigurationArn = "string",
},
Description = "string",
EncryptionConfiguration = new Aws.NetworkFirewall.Inputs.FirewallPolicyEncryptionConfigurationArgs
{
Type = "string",
KeyId = "string",
},
Name = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := networkfirewall.NewFirewallPolicy(ctx, "firewallPolicyResource", &networkfirewall.FirewallPolicyArgs{
FirewallPolicy: &networkfirewall.FirewallPolicyFirewallPolicyArgs{
StatelessDefaultActions: pulumi.StringArray{
pulumi.String("string"),
},
StatelessFragmentDefaultActions: pulumi.StringArray{
pulumi.String("string"),
},
PolicyVariables: &networkfirewall.FirewallPolicyFirewallPolicyPolicyVariablesArgs{
RuleVariables: networkfirewall.FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableArray{
&networkfirewall.FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableArgs{
IpSet: &networkfirewall.FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableIpSetArgs{
Definitions: pulumi.StringArray{
pulumi.String("string"),
},
},
Key: pulumi.String("string"),
},
},
},
StatefulDefaultActions: pulumi.StringArray{
pulumi.String("string"),
},
StatefulEngineOptions: &networkfirewall.FirewallPolicyFirewallPolicyStatefulEngineOptionsArgs{
FlowTimeouts: &networkfirewall.FirewallPolicyFirewallPolicyStatefulEngineOptionsFlowTimeoutsArgs{
TcpIdleTimeoutSeconds: pulumi.Int(0),
},
RuleOrder: pulumi.String("string"),
StreamExceptionPolicy: pulumi.String("string"),
},
StatefulRuleGroupReferences: networkfirewall.FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceArray{
&networkfirewall.FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceArgs{
ResourceArn: pulumi.String("string"),
Override: &networkfirewall.FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceOverrideArgs{
Action: pulumi.String("string"),
},
Priority: pulumi.Int(0),
},
},
StatelessCustomActions: networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionArray{
&networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionArgs{
ActionDefinition: &networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs{
PublishMetricAction: &networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs{
Dimensions: networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimensionArray{
&networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimensionArgs{
Value: pulumi.String("string"),
},
},
},
},
ActionName: pulumi.String("string"),
},
},
StatelessRuleGroupReferences: networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArray{
&networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs{
Priority: pulumi.Int(0),
ResourceArn: pulumi.String("string"),
},
},
TlsInspectionConfigurationArn: pulumi.String("string"),
},
Description: pulumi.String("string"),
EncryptionConfiguration: &networkfirewall.FirewallPolicyEncryptionConfigurationArgs{
Type: pulumi.String("string"),
KeyId: pulumi.String("string"),
},
Name: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var firewallPolicyResource = new FirewallPolicy("firewallPolicyResource", FirewallPolicyArgs.builder()
.firewallPolicy(FirewallPolicyFirewallPolicyArgs.builder()
.statelessDefaultActions("string")
.statelessFragmentDefaultActions("string")
.policyVariables(FirewallPolicyFirewallPolicyPolicyVariablesArgs.builder()
.ruleVariables(FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableArgs.builder()
.ipSet(FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableIpSetArgs.builder()
.definitions("string")
.build())
.key("string")
.build())
.build())
.statefulDefaultActions("string")
.statefulEngineOptions(FirewallPolicyFirewallPolicyStatefulEngineOptionsArgs.builder()
.flowTimeouts(FirewallPolicyFirewallPolicyStatefulEngineOptionsFlowTimeoutsArgs.builder()
.tcpIdleTimeoutSeconds(0)
.build())
.ruleOrder("string")
.streamExceptionPolicy("string")
.build())
.statefulRuleGroupReferences(FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceArgs.builder()
.resourceArn("string")
.override(FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceOverrideArgs.builder()
.action("string")
.build())
.priority(0)
.build())
.statelessCustomActions(FirewallPolicyFirewallPolicyStatelessCustomActionArgs.builder()
.actionDefinition(FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs.builder()
.publishMetricAction(FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs.builder()
.dimensions(FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimensionArgs.builder()
.value("string")
.build())
.build())
.build())
.actionName("string")
.build())
.statelessRuleGroupReferences(FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs.builder()
.priority(0)
.resourceArn("string")
.build())
.tlsInspectionConfigurationArn("string")
.build())
.description("string")
.encryptionConfiguration(FirewallPolicyEncryptionConfigurationArgs.builder()
.type("string")
.keyId("string")
.build())
.name("string")
.tags(Map.of("string", "string"))
.build());
firewall_policy_resource = aws.networkfirewall.FirewallPolicy("firewallPolicyResource",
firewall_policy={
"stateless_default_actions": ["string"],
"stateless_fragment_default_actions": ["string"],
"policy_variables": {
"rule_variables": [{
"ip_set": {
"definitions": ["string"],
},
"key": "string",
}],
},
"stateful_default_actions": ["string"],
"stateful_engine_options": {
"flow_timeouts": {
"tcp_idle_timeout_seconds": 0,
},
"rule_order": "string",
"stream_exception_policy": "string",
},
"stateful_rule_group_references": [{
"resource_arn": "string",
"override": {
"action": "string",
},
"priority": 0,
}],
"stateless_custom_actions": [{
"action_definition": {
"publish_metric_action": {
"dimensions": [{
"value": "string",
}],
},
},
"action_name": "string",
}],
"stateless_rule_group_references": [{
"priority": 0,
"resource_arn": "string",
}],
"tls_inspection_configuration_arn": "string",
},
description="string",
encryption_configuration={
"type": "string",
"key_id": "string",
},
name="string",
tags={
"string": "string",
})
const firewallPolicyResource = new aws.networkfirewall.FirewallPolicy("firewallPolicyResource", {
firewallPolicy: {
statelessDefaultActions: ["string"],
statelessFragmentDefaultActions: ["string"],
policyVariables: {
ruleVariables: [{
ipSet: {
definitions: ["string"],
},
key: "string",
}],
},
statefulDefaultActions: ["string"],
statefulEngineOptions: {
flowTimeouts: {
tcpIdleTimeoutSeconds: 0,
},
ruleOrder: "string",
streamExceptionPolicy: "string",
},
statefulRuleGroupReferences: [{
resourceArn: "string",
override: {
action: "string",
},
priority: 0,
}],
statelessCustomActions: [{
actionDefinition: {
publishMetricAction: {
dimensions: [{
value: "string",
}],
},
},
actionName: "string",
}],
statelessRuleGroupReferences: [{
priority: 0,
resourceArn: "string",
}],
tlsInspectionConfigurationArn: "string",
},
description: "string",
encryptionConfiguration: {
type: "string",
keyId: "string",
},
name: "string",
tags: {
string: "string",
},
});
type: aws:networkfirewall:FirewallPolicy
properties:
description: string
encryptionConfiguration:
keyId: string
type: string
firewallPolicy:
policyVariables:
ruleVariables:
- ipSet:
definitions:
- string
key: string
statefulDefaultActions:
- string
statefulEngineOptions:
flowTimeouts:
tcpIdleTimeoutSeconds: 0
ruleOrder: string
streamExceptionPolicy: string
statefulRuleGroupReferences:
- override:
action: string
priority: 0
resourceArn: string
statelessCustomActions:
- actionDefinition:
publishMetricAction:
dimensions:
- value: string
actionName: string
statelessDefaultActions:
- string
statelessFragmentDefaultActions:
- string
statelessRuleGroupReferences:
- priority: 0
resourceArn: string
tlsInspectionConfigurationArn: string
name: string
tags:
string: string
FirewallPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FirewallPolicy resource accepts the following input properties:
- Firewall
Policy FirewallConfiguration Policy Firewall Policy - A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
- Description string
- A friendly description of the firewall policy.
- Encryption
Configuration FirewallPolicy Encryption Configuration - KMS encryption configuration settings. See Encryption Configuration below for details.
- Name string
- A friendly name of the firewall policy.
- Dictionary<string, string>
- Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- Firewall
Policy FirewallPolicy Firewall Policy Args - A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
- Description string
- A friendly description of the firewall policy.
- Encryption
Configuration FirewallPolicy Encryption Configuration Args - KMS encryption configuration settings. See Encryption Configuration below for details.
- Name string
- A friendly name of the firewall policy.
- map[string]string
- Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- firewall
Policy FirewallPolicy Firewall Policy - A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
- description String
- A friendly description of the firewall policy.
- encryption
Configuration FirewallPolicy Encryption Configuration - KMS encryption configuration settings. See Encryption Configuration below for details.
- name String
- A friendly name of the firewall policy.
- Map<String,String>
- Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- firewall
Policy FirewallPolicy Firewall Policy - A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
- description string
- A friendly description of the firewall policy.
- encryption
Configuration FirewallPolicy Encryption Configuration - KMS encryption configuration settings. See Encryption Configuration below for details.
- name string
- A friendly name of the firewall policy.
- {[key: string]: string}
- Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- firewall_
policy FirewallPolicy Firewall Policy Args - A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
- description str
- A friendly description of the firewall policy.
- encryption_
configuration FirewallPolicy Encryption Configuration Args - KMS encryption configuration settings. See Encryption Configuration below for details.
- name str
- A friendly name of the firewall policy.
- Mapping[str, str]
- Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- firewall
Policy Property Map - A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
- description String
- A friendly description of the firewall policy.
- encryption
Configuration Property Map - KMS encryption configuration settings. See Encryption Configuration below for details.
- name String
- A friendly name of the firewall policy.
- Map<String>
- Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
Outputs
All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:
- Arn string
- The Amazon Resource Name (ARN) that identifies the firewall policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Update
Token string - A string token used when updating a firewall policy.
- Arn string
- The Amazon Resource Name (ARN) that identifies the firewall policy.
- Id string
- The provider-assigned unique ID for this managed resource.
- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Update
Token string - A string token used when updating a firewall policy.
- arn String
- The Amazon Resource Name (ARN) that identifies the firewall policy.
- id String
- The provider-assigned unique ID for this managed resource.
- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - update
Token String - A string token used when updating a firewall policy.
- arn string
- The Amazon Resource Name (ARN) that identifies the firewall policy.
- id string
- The provider-assigned unique ID for this managed resource.
- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - update
Token string - A string token used when updating a firewall policy.
- arn str
- The Amazon Resource Name (ARN) that identifies the firewall policy.
- id str
- The provider-assigned unique ID for this managed resource.
- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - update_
token str - A string token used when updating a firewall policy.
- arn String
- The Amazon Resource Name (ARN) that identifies the firewall policy.
- id String
- The provider-assigned unique ID for this managed resource.
- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - update
Token String - A string token used when updating a firewall policy.
Look up Existing FirewallPolicy Resource
Get an existing FirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallPolicyState, opts?: CustomResourceOptions): FirewallPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
description: Optional[str] = None,
encryption_configuration: Optional[FirewallPolicyEncryptionConfigurationArgs] = None,
firewall_policy: Optional[FirewallPolicyFirewallPolicyArgs] = None,
name: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
update_token: Optional[str] = None) -> FirewallPolicyfunc GetFirewallPolicy(ctx *Context, name string, id IDInput, state *FirewallPolicyState, opts ...ResourceOption) (*FirewallPolicy, error)public static FirewallPolicy Get(string name, Input<string> id, FirewallPolicyState? state, CustomResourceOptions? opts = null)public static FirewallPolicy get(String name, Output<String> id, FirewallPolicyState state, CustomResourceOptions options)resources: _: type: aws:networkfirewall:FirewallPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- The Amazon Resource Name (ARN) that identifies the firewall policy.
- Description string
- A friendly description of the firewall policy.
- Encryption
Configuration FirewallPolicy Encryption Configuration - KMS encryption configuration settings. See Encryption Configuration below for details.
- Firewall
Policy FirewallConfiguration Policy Firewall Policy - A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
- Name string
- A friendly name of the firewall policy.
- Dictionary<string, string>
- Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Update
Token string - A string token used when updating a firewall policy.
- Arn string
- The Amazon Resource Name (ARN) that identifies the firewall policy.
- Description string
- A friendly description of the firewall policy.
- Encryption
Configuration FirewallPolicy Encryption Configuration Args - KMS encryption configuration settings. See Encryption Configuration below for details.
- Firewall
Policy FirewallPolicy Firewall Policy Args - A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
- Name string
- A friendly name of the firewall policy.
- map[string]string
- Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Update
Token string - A string token used when updating a firewall policy.
- arn String
- The Amazon Resource Name (ARN) that identifies the firewall policy.
- description String
- A friendly description of the firewall policy.
- encryption
Configuration FirewallPolicy Encryption Configuration - KMS encryption configuration settings. See Encryption Configuration below for details.
- firewall
Policy FirewallPolicy Firewall Policy - A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
- name String
- A friendly name of the firewall policy.
- Map<String,String>
- Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - update
Token String - A string token used when updating a firewall policy.
- arn string
- The Amazon Resource Name (ARN) that identifies the firewall policy.
- description string
- A friendly description of the firewall policy.
- encryption
Configuration FirewallPolicy Encryption Configuration - KMS encryption configuration settings. See Encryption Configuration below for details.
- firewall
Policy FirewallPolicy Firewall Policy - A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
- name string
- A friendly name of the firewall policy.
- {[key: string]: string}
- Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - update
Token string - A string token used when updating a firewall policy.
- arn str
- The Amazon Resource Name (ARN) that identifies the firewall policy.
- description str
- A friendly description of the firewall policy.
- encryption_
configuration FirewallPolicy Encryption Configuration Args - KMS encryption configuration settings. See Encryption Configuration below for details.
- firewall_
policy FirewallPolicy Firewall Policy Args - A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
- name str
- A friendly name of the firewall policy.
- Mapping[str, str]
- Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - update_
token str - A string token used when updating a firewall policy.
- arn String
- The Amazon Resource Name (ARN) that identifies the firewall policy.
- description String
- A friendly description of the firewall policy.
- encryption
Configuration Property Map - KMS encryption configuration settings. See Encryption Configuration below for details.
- firewall
Policy Property Map - A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.
- name String
- A friendly name of the firewall policy.
- Map<String>
- Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - update
Token String - A string token used when updating a firewall policy.
Supporting Types
FirewallPolicyEncryptionConfiguration, FirewallPolicyEncryptionConfigurationArgs
- Type string
- The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are
CUSTOMER_KMSandAWS_OWNED_KMS_KEY. - Key
Id string - The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
- Type string
- The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are
CUSTOMER_KMSandAWS_OWNED_KMS_KEY. - Key
Id string - The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
- type String
- The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are
CUSTOMER_KMSandAWS_OWNED_KMS_KEY. - key
Id String - The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
- type string
- The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are
CUSTOMER_KMSandAWS_OWNED_KMS_KEY. - key
Id string - The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
- type str
- The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are
CUSTOMER_KMSandAWS_OWNED_KMS_KEY. - key_
id str - The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
- type String
- The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are
CUSTOMER_KMSandAWS_OWNED_KMS_KEY. - key
Id String - The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
FirewallPolicyFirewallPolicy, FirewallPolicyFirewallPolicyArgs
- Stateless
Default List<string>Actions - Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including:
aws:drop,aws:pass, oraws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specifyaws:forward_to_sfe. - Stateless
Fragment List<string>Default Actions - Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including:
aws:drop,aws:pass, oraws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specifyaws:forward_to_sfe. - Policy
Variables FirewallPolicy Firewall Policy Policy Variables - . Contains variables that you can use to override default Suricata settings in your firewall policy. See Rule Variables for details.
- Stateful
Default List<string>Actions - Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a
stateful_engine_optionsblock with arule_ordervalue ofSTRICT_ORDER. You can specify one of either or neither values ofaws:drop_strictoraws:drop_established, as well as any combination ofaws:alert_strictandaws:alert_established. - Stateful
Engine FirewallOptions Policy Firewall Policy Stateful Engine Options - A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details.
- Stateful
Rule List<FirewallGroup References Policy Firewall Policy Stateful Rule Group Reference> - Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.
- Stateless
Custom List<FirewallActions Policy Firewall Policy Stateless Custom Action> - Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's
stateless_default_actions. See Stateless Custom Action below for details. - Stateless
Rule List<FirewallGroup References Policy Firewall Policy Stateless Rule Group Reference> - Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.
- Tls
Inspection stringConfiguration Arn - The (ARN) of the TLS Inspection policy to attach to the FW Policy. This must be added at creation of the resource per AWS documentation. "You can only add a TLS inspection configuration to a new policy, not to an existing policy." This cannot be removed from a FW Policy.
- Stateless
Default []stringActions - Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including:
aws:drop,aws:pass, oraws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specifyaws:forward_to_sfe. - Stateless
Fragment []stringDefault Actions - Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including:
aws:drop,aws:pass, oraws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specifyaws:forward_to_sfe. - Policy
Variables FirewallPolicy Firewall Policy Policy Variables - . Contains variables that you can use to override default Suricata settings in your firewall policy. See Rule Variables for details.
- Stateful
Default []stringActions - Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a
stateful_engine_optionsblock with arule_ordervalue ofSTRICT_ORDER. You can specify one of either or neither values ofaws:drop_strictoraws:drop_established, as well as any combination ofaws:alert_strictandaws:alert_established. - Stateful
Engine FirewallOptions Policy Firewall Policy Stateful Engine Options - A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details.
- Stateful
Rule []FirewallGroup References Policy Firewall Policy Stateful Rule Group Reference - Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.
- Stateless
Custom []FirewallActions Policy Firewall Policy Stateless Custom Action - Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's
stateless_default_actions. See Stateless Custom Action below for details. - Stateless
Rule []FirewallGroup References Policy Firewall Policy Stateless Rule Group Reference - Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.
- Tls
Inspection stringConfiguration Arn - The (ARN) of the TLS Inspection policy to attach to the FW Policy. This must be added at creation of the resource per AWS documentation. "You can only add a TLS inspection configuration to a new policy, not to an existing policy." This cannot be removed from a FW Policy.
- stateless
Default List<String>Actions - Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including:
aws:drop,aws:pass, oraws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specifyaws:forward_to_sfe. - stateless
Fragment List<String>Default Actions - Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including:
aws:drop,aws:pass, oraws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specifyaws:forward_to_sfe. - policy
Variables FirewallPolicy Firewall Policy Policy Variables - . Contains variables that you can use to override default Suricata settings in your firewall policy. See Rule Variables for details.
- stateful
Default List<String>Actions - Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a
stateful_engine_optionsblock with arule_ordervalue ofSTRICT_ORDER. You can specify one of either or neither values ofaws:drop_strictoraws:drop_established, as well as any combination ofaws:alert_strictandaws:alert_established. - stateful
Engine FirewallOptions Policy Firewall Policy Stateful Engine Options - A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details.
- stateful
Rule List<FirewallGroup References Policy Firewall Policy Stateful Rule Group Reference> - Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.
- stateless
Custom List<FirewallActions Policy Firewall Policy Stateless Custom Action> - Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's
stateless_default_actions. See Stateless Custom Action below for details. - stateless
Rule List<FirewallGroup References Policy Firewall Policy Stateless Rule Group Reference> - Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.
- tls
Inspection StringConfiguration Arn - The (ARN) of the TLS Inspection policy to attach to the FW Policy. This must be added at creation of the resource per AWS documentation. "You can only add a TLS inspection configuration to a new policy, not to an existing policy." This cannot be removed from a FW Policy.
- stateless
Default string[]Actions - Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including:
aws:drop,aws:pass, oraws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specifyaws:forward_to_sfe. - stateless
Fragment string[]Default Actions - Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including:
aws:drop,aws:pass, oraws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specifyaws:forward_to_sfe. - policy
Variables FirewallPolicy Firewall Policy Policy Variables - . Contains variables that you can use to override default Suricata settings in your firewall policy. See Rule Variables for details.
- stateful
Default string[]Actions - Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a
stateful_engine_optionsblock with arule_ordervalue ofSTRICT_ORDER. You can specify one of either or neither values ofaws:drop_strictoraws:drop_established, as well as any combination ofaws:alert_strictandaws:alert_established. - stateful
Engine FirewallOptions Policy Firewall Policy Stateful Engine Options - A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details.
- stateful
Rule FirewallGroup References Policy Firewall Policy Stateful Rule Group Reference[] - Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.
- stateless
Custom FirewallActions Policy Firewall Policy Stateless Custom Action[] - Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's
stateless_default_actions. See Stateless Custom Action below for details. - stateless
Rule FirewallGroup References Policy Firewall Policy Stateless Rule Group Reference[] - Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.
- tls
Inspection stringConfiguration Arn - The (ARN) of the TLS Inspection policy to attach to the FW Policy. This must be added at creation of the resource per AWS documentation. "You can only add a TLS inspection configuration to a new policy, not to an existing policy." This cannot be removed from a FW Policy.
- stateless_
default_ Sequence[str]actions - Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including:
aws:drop,aws:pass, oraws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specifyaws:forward_to_sfe. - stateless_
fragment_ Sequence[str]default_ actions - Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including:
aws:drop,aws:pass, oraws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specifyaws:forward_to_sfe. - policy_
variables FirewallPolicy Firewall Policy Policy Variables - . Contains variables that you can use to override default Suricata settings in your firewall policy. See Rule Variables for details.
- stateful_
default_ Sequence[str]actions - Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a
stateful_engine_optionsblock with arule_ordervalue ofSTRICT_ORDER. You can specify one of either or neither values ofaws:drop_strictoraws:drop_established, as well as any combination ofaws:alert_strictandaws:alert_established. - stateful_
engine_ Firewalloptions Policy Firewall Policy Stateful Engine Options - A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details.
- stateful_
rule_ Sequence[Firewallgroup_ references Policy Firewall Policy Stateful Rule Group Reference] - Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.
- stateless_
custom_ Sequence[Firewallactions Policy Firewall Policy Stateless Custom Action] - Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's
stateless_default_actions. See Stateless Custom Action below for details. - stateless_
rule_ Sequence[Firewallgroup_ references Policy Firewall Policy Stateless Rule Group Reference] - Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.
- tls_
inspection_ strconfiguration_ arn - The (ARN) of the TLS Inspection policy to attach to the FW Policy. This must be added at creation of the resource per AWS documentation. "You can only add a TLS inspection configuration to a new policy, not to an existing policy." This cannot be removed from a FW Policy.
- stateless
Default List<String>Actions - Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including:
aws:drop,aws:pass, oraws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specifyaws:forward_to_sfe. - stateless
Fragment List<String>Default Actions - Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including:
aws:drop,aws:pass, oraws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specifyaws:forward_to_sfe. - policy
Variables Property Map - . Contains variables that you can use to override default Suricata settings in your firewall policy. See Rule Variables for details.
- stateful
Default List<String>Actions - Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a
stateful_engine_optionsblock with arule_ordervalue ofSTRICT_ORDER. You can specify one of either or neither values ofaws:drop_strictoraws:drop_established, as well as any combination ofaws:alert_strictandaws:alert_established. - stateful
Engine Property MapOptions - A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details.
- stateful
Rule List<Property Map>Group References - Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.
- stateless
Custom List<Property Map>Actions - Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's
stateless_default_actions. See Stateless Custom Action below for details. - stateless
Rule List<Property Map>Group References - Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.
- tls
Inspection StringConfiguration Arn - The (ARN) of the TLS Inspection policy to attach to the FW Policy. This must be added at creation of the resource per AWS documentation. "You can only add a TLS inspection configuration to a new policy, not to an existing policy." This cannot be removed from a FW Policy.
FirewallPolicyFirewallPolicyPolicyVariables, FirewallPolicyFirewallPolicyPolicyVariablesArgs
FirewallPolicyFirewallPolicyPolicyVariablesRuleVariable, FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableArgs
- Ip
Set FirewallPolicy Firewall Policy Policy Variables Rule Variable Ip Set - A configuration block that defines a set of IP addresses. See IP Set below for details.
- Key string
- An alphanumeric string to identify the
ip_set. Valid values:HOME_NET
- Ip
Set FirewallPolicy Firewall Policy Policy Variables Rule Variable Ip Set - A configuration block that defines a set of IP addresses. See IP Set below for details.
- Key string
- An alphanumeric string to identify the
ip_set. Valid values:HOME_NET
- ip
Set FirewallPolicy Firewall Policy Policy Variables Rule Variable Ip Set - A configuration block that defines a set of IP addresses. See IP Set below for details.
- key String
- An alphanumeric string to identify the
ip_set. Valid values:HOME_NET
- ip
Set FirewallPolicy Firewall Policy Policy Variables Rule Variable Ip Set - A configuration block that defines a set of IP addresses. See IP Set below for details.
- key string
- An alphanumeric string to identify the
ip_set. Valid values:HOME_NET
- ip_
set FirewallPolicy Firewall Policy Policy Variables Rule Variable Ip Set - A configuration block that defines a set of IP addresses. See IP Set below for details.
- key str
- An alphanumeric string to identify the
ip_set. Valid values:HOME_NET
- ip
Set Property Map - A configuration block that defines a set of IP addresses. See IP Set below for details.
- key String
- An alphanumeric string to identify the
ip_set. Valid values:HOME_NET
FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableIpSet, FirewallPolicyFirewallPolicyPolicyVariablesRuleVariableIpSetArgs
- Definitions List<string>
- Set of IPv4 or IPv6 addresses in CIDR notation to use for the Suricata
HOME_NETvariable.
- Definitions []string
- Set of IPv4 or IPv6 addresses in CIDR notation to use for the Suricata
HOME_NETvariable.
- definitions List<String>
- Set of IPv4 or IPv6 addresses in CIDR notation to use for the Suricata
HOME_NETvariable.
- definitions string[]
- Set of IPv4 or IPv6 addresses in CIDR notation to use for the Suricata
HOME_NETvariable.
- definitions Sequence[str]
- Set of IPv4 or IPv6 addresses in CIDR notation to use for the Suricata
HOME_NETvariable.
- definitions List<String>
- Set of IPv4 or IPv6 addresses in CIDR notation to use for the Suricata
HOME_NETvariable.
FirewallPolicyFirewallPolicyStatefulEngineOptions, FirewallPolicyFirewallPolicyStatefulEngineOptionsArgs
- Flow
Timeouts FirewallPolicy Firewall Policy Stateful Engine Options Flow Timeouts - Amount of time that can pass without any traffic sent through the firewall before the firewall determines that the connection is idle.
- Rule
Order string - Indicates how to manage the order of stateful rule evaluation for the policy. Default value:
DEFAULT_ACTION_ORDER. Valid values:DEFAULT_ACTION_ORDER,STRICT_ORDER. - Stream
Exception stringPolicy - Describes how to treat traffic which has broken midstream. Default value:
DROP. Valid values:DROP,CONTINUE,REJECT.
- Flow
Timeouts FirewallPolicy Firewall Policy Stateful Engine Options Flow Timeouts - Amount of time that can pass without any traffic sent through the firewall before the firewall determines that the connection is idle.
- Rule
Order string - Indicates how to manage the order of stateful rule evaluation for the policy. Default value:
DEFAULT_ACTION_ORDER. Valid values:DEFAULT_ACTION_ORDER,STRICT_ORDER. - Stream
Exception stringPolicy - Describes how to treat traffic which has broken midstream. Default value:
DROP. Valid values:DROP,CONTINUE,REJECT.
- flow
Timeouts FirewallPolicy Firewall Policy Stateful Engine Options Flow Timeouts - Amount of time that can pass without any traffic sent through the firewall before the firewall determines that the connection is idle.
- rule
Order String - Indicates how to manage the order of stateful rule evaluation for the policy. Default value:
DEFAULT_ACTION_ORDER. Valid values:DEFAULT_ACTION_ORDER,STRICT_ORDER. - stream
Exception StringPolicy - Describes how to treat traffic which has broken midstream. Default value:
DROP. Valid values:DROP,CONTINUE,REJECT.
- flow
Timeouts FirewallPolicy Firewall Policy Stateful Engine Options Flow Timeouts - Amount of time that can pass without any traffic sent through the firewall before the firewall determines that the connection is idle.
- rule
Order string - Indicates how to manage the order of stateful rule evaluation for the policy. Default value:
DEFAULT_ACTION_ORDER. Valid values:DEFAULT_ACTION_ORDER,STRICT_ORDER. - stream
Exception stringPolicy - Describes how to treat traffic which has broken midstream. Default value:
DROP. Valid values:DROP,CONTINUE,REJECT.
- flow_
timeouts FirewallPolicy Firewall Policy Stateful Engine Options Flow Timeouts - Amount of time that can pass without any traffic sent through the firewall before the firewall determines that the connection is idle.
- rule_
order str - Indicates how to manage the order of stateful rule evaluation for the policy. Default value:
DEFAULT_ACTION_ORDER. Valid values:DEFAULT_ACTION_ORDER,STRICT_ORDER. - stream_
exception_ strpolicy - Describes how to treat traffic which has broken midstream. Default value:
DROP. Valid values:DROP,CONTINUE,REJECT.
- flow
Timeouts Property Map - Amount of time that can pass without any traffic sent through the firewall before the firewall determines that the connection is idle.
- rule
Order String - Indicates how to manage the order of stateful rule evaluation for the policy. Default value:
DEFAULT_ACTION_ORDER. Valid values:DEFAULT_ACTION_ORDER,STRICT_ORDER. - stream
Exception StringPolicy - Describes how to treat traffic which has broken midstream. Default value:
DROP. Valid values:DROP,CONTINUE,REJECT.
FirewallPolicyFirewallPolicyStatefulEngineOptionsFlowTimeouts, FirewallPolicyFirewallPolicyStatefulEngineOptionsFlowTimeoutsArgs
- Tcp
Idle intTimeout Seconds - Number of seconds that can pass without any TCP traffic sent through the firewall before the firewall determines that the connection is idle. After the idle timeout passes, data packets are dropped, however, the next TCP SYN packet is considered a new flow and is processed by the firewall. Clients or targets can use TCP keepalive packets to reset the idle timeout. Default value:
350.
- Tcp
Idle intTimeout Seconds - Number of seconds that can pass without any TCP traffic sent through the firewall before the firewall determines that the connection is idle. After the idle timeout passes, data packets are dropped, however, the next TCP SYN packet is considered a new flow and is processed by the firewall. Clients or targets can use TCP keepalive packets to reset the idle timeout. Default value:
350.
- tcp
Idle IntegerTimeout Seconds - Number of seconds that can pass without any TCP traffic sent through the firewall before the firewall determines that the connection is idle. After the idle timeout passes, data packets are dropped, however, the next TCP SYN packet is considered a new flow and is processed by the firewall. Clients or targets can use TCP keepalive packets to reset the idle timeout. Default value:
350.
- tcp
Idle numberTimeout Seconds - Number of seconds that can pass without any TCP traffic sent through the firewall before the firewall determines that the connection is idle. After the idle timeout passes, data packets are dropped, however, the next TCP SYN packet is considered a new flow and is processed by the firewall. Clients or targets can use TCP keepalive packets to reset the idle timeout. Default value:
350.
- tcp_
idle_ inttimeout_ seconds - Number of seconds that can pass without any TCP traffic sent through the firewall before the firewall determines that the connection is idle. After the idle timeout passes, data packets are dropped, however, the next TCP SYN packet is considered a new flow and is processed by the firewall. Clients or targets can use TCP keepalive packets to reset the idle timeout. Default value:
350.
- tcp
Idle NumberTimeout Seconds - Number of seconds that can pass without any TCP traffic sent through the firewall before the firewall determines that the connection is idle. After the idle timeout passes, data packets are dropped, however, the next TCP SYN packet is considered a new flow and is processed by the firewall. Clients or targets can use TCP keepalive packets to reset the idle timeout. Default value:
350.
FirewallPolicyFirewallPolicyStatefulRuleGroupReference, FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceArgs
- Resource
Arn string - The Amazon Resource Name (ARN) of the stateful rule group.
- Override
Firewall
Policy Firewall Policy Stateful Rule Group Reference Override - Configuration block for override values
- Priority int
- An integer setting that indicates the order in which to apply the stateful rule groups in a single policy. This argument must be specified if the policy has a
stateful_engine_optionsblock with arule_ordervalue ofSTRICT_ORDER. AWS Network Firewall applies each stateful rule group to a packet starting with the group that has the lowest priority setting.
- Resource
Arn string - The Amazon Resource Name (ARN) of the stateful rule group.
- Override
Firewall
Policy Firewall Policy Stateful Rule Group Reference Override - Configuration block for override values
- Priority int
- An integer setting that indicates the order in which to apply the stateful rule groups in a single policy. This argument must be specified if the policy has a
stateful_engine_optionsblock with arule_ordervalue ofSTRICT_ORDER. AWS Network Firewall applies each stateful rule group to a packet starting with the group that has the lowest priority setting.
- resource
Arn String - The Amazon Resource Name (ARN) of the stateful rule group.
- override
Firewall
Policy Firewall Policy Stateful Rule Group Reference Override - Configuration block for override values
- priority Integer
- An integer setting that indicates the order in which to apply the stateful rule groups in a single policy. This argument must be specified if the policy has a
stateful_engine_optionsblock with arule_ordervalue ofSTRICT_ORDER. AWS Network Firewall applies each stateful rule group to a packet starting with the group that has the lowest priority setting.
- resource
Arn string - The Amazon Resource Name (ARN) of the stateful rule group.
- override
Firewall
Policy Firewall Policy Stateful Rule Group Reference Override - Configuration block for override values
- priority number
- An integer setting that indicates the order in which to apply the stateful rule groups in a single policy. This argument must be specified if the policy has a
stateful_engine_optionsblock with arule_ordervalue ofSTRICT_ORDER. AWS Network Firewall applies each stateful rule group to a packet starting with the group that has the lowest priority setting.
- resource_
arn str - The Amazon Resource Name (ARN) of the stateful rule group.
- override
Firewall
Policy Firewall Policy Stateful Rule Group Reference Override - Configuration block for override values
- priority int
- An integer setting that indicates the order in which to apply the stateful rule groups in a single policy. This argument must be specified if the policy has a
stateful_engine_optionsblock with arule_ordervalue ofSTRICT_ORDER. AWS Network Firewall applies each stateful rule group to a packet starting with the group that has the lowest priority setting.
- resource
Arn String - The Amazon Resource Name (ARN) of the stateful rule group.
- override Property Map
- Configuration block for override values
- priority Number
- An integer setting that indicates the order in which to apply the stateful rule groups in a single policy. This argument must be specified if the policy has a
stateful_engine_optionsblock with arule_ordervalue ofSTRICT_ORDER. AWS Network Firewall applies each stateful rule group to a packet starting with the group that has the lowest priority setting.
FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceOverride, FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceOverrideArgs
- Action string
- The action that changes the rule group from DROP to ALERT . This only applies to managed rule groups.
- Action string
- The action that changes the rule group from DROP to ALERT . This only applies to managed rule groups.
- action String
- The action that changes the rule group from DROP to ALERT . This only applies to managed rule groups.
- action string
- The action that changes the rule group from DROP to ALERT . This only applies to managed rule groups.
- action str
- The action that changes the rule group from DROP to ALERT . This only applies to managed rule groups.
- action String
- The action that changes the rule group from DROP to ALERT . This only applies to managed rule groups.
FirewallPolicyFirewallPolicyStatelessCustomAction, FirewallPolicyFirewallPolicyStatelessCustomActionArgs
- Action
Definition FirewallPolicy Firewall Policy Stateless Custom Action Action Definition - A configuration block describing the custom action associated with the
action_name. See Action Definition below for details. - Action
Name string - A friendly name of the custom action.
- Action
Definition FirewallPolicy Firewall Policy Stateless Custom Action Action Definition - A configuration block describing the custom action associated with the
action_name. See Action Definition below for details. - Action
Name string - A friendly name of the custom action.
- action
Definition FirewallPolicy Firewall Policy Stateless Custom Action Action Definition - A configuration block describing the custom action associated with the
action_name. See Action Definition below for details. - action
Name String - A friendly name of the custom action.
- action
Definition FirewallPolicy Firewall Policy Stateless Custom Action Action Definition - A configuration block describing the custom action associated with the
action_name. See Action Definition below for details. - action
Name string - A friendly name of the custom action.
- action_
definition FirewallPolicy Firewall Policy Stateless Custom Action Action Definition - A configuration block describing the custom action associated with the
action_name. See Action Definition below for details. - action_
name str - A friendly name of the custom action.
- action
Definition Property Map - A configuration block describing the custom action associated with the
action_name. See Action Definition below for details. - action
Name String - A friendly name of the custom action.
FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinition, FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs
- Publish
Metric FirewallAction Policy Firewall Policy Stateless Custom Action Action Definition Publish Metric Action - A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.
- Publish
Metric FirewallAction Policy Firewall Policy Stateless Custom Action Action Definition Publish Metric Action - A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.
- publish
Metric FirewallAction Policy Firewall Policy Stateless Custom Action Action Definition Publish Metric Action - A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.
- publish
Metric FirewallAction Policy Firewall Policy Stateless Custom Action Action Definition Publish Metric Action - A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.
- publish_
metric_ Firewallaction Policy Firewall Policy Stateless Custom Action Action Definition Publish Metric Action - A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.
- publish
Metric Property MapAction - A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.
FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricAction, FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs
- Dimensions
List<Firewall
Policy Firewall Policy Stateless Custom Action Action Definition Publish Metric Action Dimension> - Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details.
- Dimensions
[]Firewall
Policy Firewall Policy Stateless Custom Action Action Definition Publish Metric Action Dimension - Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details.
- dimensions
List<Firewall
Policy Firewall Policy Stateless Custom Action Action Definition Publish Metric Action Dimension> - Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details.
- dimensions
Firewall
Policy Firewall Policy Stateless Custom Action Action Definition Publish Metric Action Dimension[] - Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details.
- dimensions
Sequence[Firewall
Policy Firewall Policy Stateless Custom Action Action Definition Publish Metric Action Dimension] - Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details.
- dimensions List<Property Map>
- Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details.
FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimension, FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimensionArgs
- Value string
- The string value to use in the custom metric dimension.
- Value string
- The string value to use in the custom metric dimension.
- value String
- The string value to use in the custom metric dimension.
- value string
- The string value to use in the custom metric dimension.
- value str
- The string value to use in the custom metric dimension.
- value String
- The string value to use in the custom metric dimension.
FirewallPolicyFirewallPolicyStatelessRuleGroupReference, FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs
- Priority int
- An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting.
- Resource
Arn string - The Amazon Resource Name (ARN) of the stateless rule group.
- Priority int
- An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting.
- Resource
Arn string - The Amazon Resource Name (ARN) of the stateless rule group.
- priority Integer
- An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting.
- resource
Arn String - The Amazon Resource Name (ARN) of the stateless rule group.
- priority number
- An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting.
- resource
Arn string - The Amazon Resource Name (ARN) of the stateless rule group.
- priority int
- An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting.
- resource_
arn str - The Amazon Resource Name (ARN) of the stateless rule group.
- priority Number
- An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting.
- resource
Arn String - The Amazon Resource Name (ARN) of the stateless rule group.
Import
Using pulumi import, import Network Firewall Policies using their arn. For example:
$ pulumi import aws:networkfirewall/firewallPolicy:FirewallPolicy example arn:aws:network-firewall:us-west-1:123456789012:firewall-policy/example
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.