Interface INfwFirewallPolicyPolicyConfig

NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwFirewallPolicyConfig / NfwFirewallPolicyPolicyConfig

Network Firewall policy policy configuration.

Description

Use this configuration to define how the Network Firewall policy will behave. An AWS Network Firewall firewall policy defines the monitoring and protection behavior for a firewall. The details of the behavior are defined in the rule groups that you add to your policy, and in some policy default settings.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-firewallpolicy.html

@example:

statelessDefaultActions: ['aws:forward_to_sfe']
statelessFragmentDefaultActions: ['aws:forward_to_sfe']
statefulRuleGroups:
  - name: accelerator-stateful-group
statelessRuleGroups:
  - name: accelerator-stateless-group
    priority: 100
interface INfwFirewallPolicyPolicyConfig {
    statefulDefaultActions?: NfwStatefulDefaultActionType[];
    statefulEngineOptions?: NfwStatefulRuleOptionsType;
    statefulRuleGroups?: INfwStatefulRuleGroupReferenceConfig[];
    statelessCustomActions?: INfwRuleSourceCustomActionConfig[];
    statelessDefaultActions: string[];
    statelessFragmentDefaultActions: string[];
    statelessRuleGroups?: INfwStatelessRuleGroupReferenceConfig[];
}

Properties

statefulDefaultActions? statefulEngineOptions? statefulRuleGroups? statelessCustomActions? statelessDefaultActions statelessFragmentDefaultActions statelessRuleGroups?

Properties

Optional ReadonlystatefulDefaultActions

statefulDefaultActions?: NfwStatefulDefaultActionType[]

(OPTIONAL) An array of default actions to take on packets evaluated by the stateful engine.

Optional ReadonlystatefulEngineOptions

statefulEngineOptions?: NfwStatefulRuleOptionsType

(OPTIONAL) Define how the stateful engine will evaluate packets.

Remarks

Default is DEFAULT_ACTION_ORDER. This property must be specified if creating a STRICT_ORDER policy.

Optional ReadonlystatefulRuleGroups

statefulRuleGroups?: INfwStatefulRuleGroupReferenceConfig[]

{OPTIONAL) An array of Network Firewall stateful rule group reference configurations.

See

NfwStatefulRuleGroupReferenceConfig

Optional ReadonlystatelessCustomActions

statelessCustomActions?: INfwRuleSourceCustomActionConfig[]

(OPTIONAL) An array of Network Firewall custom action configurations.

See

NfwRuleSourceCustomActionConfig

ReadonlystatelessDefaultActions

statelessDefaultActions: string[]

An array of default actions to take on packets evaluated by the stateless engine.

Remarks

If using a custom action, the action must be defined in the statelessCustomActions property.

ReadonlystatelessFragmentDefaultActions

statelessFragmentDefaultActions: string[]

An array of default actions to take on fragmented packets.

Remarks

If using a custom action, the action must be defined in the statelessCustomActions property.

Optional ReadonlystatelessRuleGroups

statelessRuleGroups?: INfwStatelessRuleGroupReferenceConfig[]

(OPTIONAL) An array of Network Firewall stateless rule group reference configurations.

See

NfwStatelessRuleGroupReferenceConfig

Settings

Member Visibility

On This Page

Properties