NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwFirewallPolicyConfig / NfwFirewallPolicyPolicyConfig

Network Firewall policy policy configuration. Use this configuration to define how the Network Firewall policy will behave. An AWS Network Firewall firewall policy defines the monitoring and protection behavior for a firewall. The details of the behavior are defined in the rule groups that you add to your policy, and in some policy default settings.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-firewallpolicy.html

@example:

statelessDefaultActions: ['aws:forward_to_sfe']
statelessFragmentDefaultActions: ['aws:forward_to_sfe']
statefulRuleGroups:
- name: accelerator-stateful-group
statelessRuleGroups:
- name: accelerator-stateless-group
priority: 100

Hierarchy

  • NfwFirewallPolicyPolicyConfig

Implements

Constructors

Properties

statefulDefaultActions: undefined | ("aws:drop_strict" | "aws:drop_established" | "aws:alert_strict" | "aws:alert_established")[] = undefined

(OPTIONAL) An array of default actions to take on packets evaluated by the stateful engine.

statefulEngineOptions: undefined | "STRICT_ORDER" | "DEFAULT_ACTION_ORDER" = undefined

(OPTIONAL) Define how the stateful engine will evaluate packets.

Remarks

Default is DEFAULT_ACTION_ORDER. This property must be specified if creating a STRICT_ORDER policy.

statefulRuleGroups: undefined | NfwStatefulRuleGroupReferenceConfig[] = undefined

{OPTIONAL) An array of Network Firewall stateful rule group reference configurations.

See

NfwStatefulRuleGroupReferenceConfig

statelessCustomActions: undefined | NfwRuleSourceCustomActionConfig[] = undefined

(OPTIONAL) An array of Network Firewall custom action configurations.

See

NfwRuleSourceCustomActionConfig

statelessDefaultActions: string[] | ("aws:pass" | "aws:drop" | "aws:forward_to_sfe")[] = []

An array of default actions to take on packets evaluated by the stateless engine.

Remarks

If using a custom action, the action must be defined in the statelessCustomActions property.

statelessFragmentDefaultActions: string[] | ("aws:pass" | "aws:drop" | "aws:forward_to_sfe")[] = []

An array of default actions to take on fragmented packets.

Remarks

If using a custom action, the action must be defined in the statelessCustomActions property.

statelessRuleGroups: undefined | NfwStatelessRuleGroupReferenceConfig[] = undefined

(OPTIONAL) An array of Network Firewall stateless rule group reference configurations.

See

NfwStatelessRuleGroupReferenceConfig

Generated using TypeDoc