NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwRuleGroupConfig / NfwRuleGroupRuleConfig / NfwRuleSourceConfig / NfwRuleSourceListConfig

Network Firewall stateful rule source list configuration. Use this configuration to define DNS domain allow and deny lists for Network Firewall. Domain lists allow you to configure domain name filtering for your Network Firewall.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessourcelist.html for more details.

The following example creates a deny list for all subdomains of example.com. It checks packets for both TLS_SNI as well as HTTP_HOST headers with this value.

Example

generatedRulesType: DENYLIST
targets:
- .example.com
targetTypes: ['TLS_SNI', 'HTTP_HOST']

Hierarchy

  • NfwRuleSourceListConfig

Implements

Constructors

Properties

generatedRulesType: "ALLOWLIST" | "DENYLIST" = 'DENYLIST'

The type of rules to generate from the source list.

targetTypes: ("TLS_SNI" | "HTTP_HOST")[] = ...

An array of protocol types to inspect.

See

nfwTargetType

targets: string[] = []

An array of target domain names.

Remarks

Supported values are as fallows: Explicit domain names such as www.example.com. Wildcard domain names should be prefaced with a .. For example: .example.com

Generated using TypeDoc