Interface INfwRuleSourceListConfig

NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwRuleGroupConfig / NfwRuleGroupRuleConfig / NfwRuleSourceConfig / NfwRuleSourceListConfig

Network Firewall stateful rule source list configuration.

Description

Use this configuration to define DNS domain allow and deny lists for Network Firewall. Domain lists allow you to configure domain name filtering for your Network Firewall.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessourcelist.html for more details.

The following example creates a deny list for all subdomains of example.com. It checks packets for both TLS_SNI as well as HTTP_HOST headers with this value.

Example

generatedRulesType: DENYLIST
targets:
  - .example.com
targetTypes: ['TLS_SNI', 'HTTP_HOST']
interface INfwRuleSourceListConfig {
    generatedRulesType: NfwGeneratedRulesType;
    targets: string[];
    targetTypes: NfwTargetType[];
}

Properties

generatedRulesType targets targetTypes

Properties

ReadonlygeneratedRulesType

generatedRulesType: NfwGeneratedRulesType

The type of rules to generate from the source list.

Readonlytargets

targets: string[]

An array of target domain names.

Remarks

Supported values are as fallows: Explicit domain names such as www.example.com. Wildcard domain names should be prefaced with a .. For example: .example.com

ReadonlytargetTypes

targetTypes: NfwTargetType[]

An array of protocol types to inspect.

See

NetworkConfigTypes.nfwTargetType

Settings

Member Visibility

On This Page

Properties