Class NfwFirewallPolicyPolicyConfig

NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwFirewallPolicyConfig / NfwFirewallPolicyPolicyConfig

Network Firewall policy policy configuration. Use this configuration to define how the Network Firewall policy will behave. An AWS Network Firewall firewall policy defines the monitoring and protection behavior for a firewall. The details of the behavior are defined in the rule groups that you add to your policy, and in some policy default settings.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-firewallpolicy-firewallpolicy.html

@example:

statelessDefaultActions: ['aws:forward_to_sfe']
statelessFragmentDefaultActions: ['aws:forward_to_sfe']
statefulRuleGroups:
  - name: accelerator-stateful-group
statelessRuleGroups:
  - name: accelerator-stateless-group
    priority: 100

Hierarchy

  • NfwFirewallPolicyPolicyConfig

Implements

Constructors

constructor

Properties

statefulDefaultActions statefulEngineOptions statefulRuleGroups statelessCustomActions statelessDefaultActions statelessFragmentDefaultActions statelessRuleGroups

Constructors

constructor

Properties

Readonly statefulDefaultActions

statefulDefaultActions: undefined | ("aws:drop_strict" | "aws:drop_established" | "aws:alert_strict" | "aws:alert_established")[] = undefined

(OPTIONAL) An array of default actions to take on packets evaluated by the stateful engine.

Readonly statefulEngineOptions

statefulEngineOptions: undefined | "STRICT_ORDER" | "DEFAULT_ACTION_ORDER" = undefined

(OPTIONAL) Define how the stateful engine will evaluate packets.

Remarks

Default is DEFAULT_ACTION_ORDER. This property must be specified if creating a STRICT_ORDER policy.

Readonly statefulRuleGroups

statefulRuleGroups: undefined | NfwStatefulRuleGroupReferenceConfig[] = undefined

{OPTIONAL) An array of Network Firewall stateful rule group reference configurations.

See

NfwStatefulRuleGroupReferenceConfig

Readonly statelessCustomActions

statelessCustomActions: undefined | NfwRuleSourceCustomActionConfig[] = undefined

(OPTIONAL) An array of Network Firewall custom action configurations.

See

NfwRuleSourceCustomActionConfig

Readonly statelessDefaultActions

statelessDefaultActions: string[] | ("aws:pass" | "aws:drop" | "aws:forward_to_sfe")[] = []

An array of default actions to take on packets evaluated by the stateless engine.

Remarks

If using a custom action, the action must be defined in the statelessCustomActions property.

Readonly statelessFragmentDefaultActions

statelessFragmentDefaultActions: string[] | ("aws:pass" | "aws:drop" | "aws:forward_to_sfe")[] = []

An array of default actions to take on fragmented packets.

Remarks

If using a custom action, the action must be defined in the statelessCustomActions property.

Readonly statelessRuleGroups

statelessRuleGroups: undefined | NfwStatelessRuleGroupReferenceConfig[] = undefined

(OPTIONAL) An array of Network Firewall stateless rule group reference configurations.

See

NfwStatelessRuleGroupReferenceConfig

Settings

Member Visibility

Theme

Generated using TypeDoc