Class NfwRuleGroupConfig

NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwRuleGroupConfig

Network Firewall rule group configuration. Use this configuration to define stateful and stateless rule groups for Network Firewall. An AWS Network Firewall rule group is a reusable set of criteria for inspecting and handling network traffic. You add one or more rule groups to a firewall policy as part of policy configuration.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html

Example

Stateful rule group:

- name: accelerator-stateful-group
  regions:
    - us-east-1
  capacity: 100
  type: STATEFUL
  ruleGroup:
    rulesSource:
      rulesFile: path/to/rules.txt
  shareTargets:
    organizationalUnits:
      - Root
  tags: []

Stateless rule group:

- name: accelerator-stateless-group
  regions:
    - us-east-1
  capacity: 100
  type: STATELESS
  ruleGroup:
    rulesSource:
      statelessRulesAndCustomActions:
        statelessRules:
          - priority: 100
            ruleDefinition:
              actions: ['aws:pass']
              matchAttributes:
                sources:
                  - 10.1.0.0/16
                sourcePorts:
                  - fromPort: 1024
                    toPort: 65535
                destinations:
                  - 10.0.0.0/16
                destinationPorts:
                  - fromPort: 22
                    toPort: 22
  shareTargets:
    organizationalUnits:
      - Root
  tags: []

Hierarchy

  • NfwRuleGroupConfig

Implements

Constructors

constructor

Properties

capacity description name regions ruleGroup shareTargets tags type

Constructors

constructor

Properties

Readonly capacity

capacity: number = 123

The capacity of the rule group.

Readonly description

description: undefined | string = undefined

(OPTIONAL) A description for the rule group.

Readonly name

name: string = ''

A friendly name for the rule group.

Remarks

CAUTION: Changing this property value after initial deployment causes the rule group to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Readonly regions

regions: string[] = []

The regions to deploy the rule group to.

See

Region

Readonly ruleGroup

ruleGroup: undefined | NfwRuleGroupRuleConfig = undefined

(OPTIONAL) A Network Firewall rule configuration.

See

NfwRuleGroupRuleConfig

Readonly shareTargets

shareTargets: undefined | ShareTargets = undefined

(OPTIONAL) Resource Access Manager (RAM) share targets.

Remarks

Targets can be account names and/or organizational units. Targets must be configured for account(s)/OU(s) that require access to the rule group. A target is not required for the delegated admin account.

See

ShareTargets

Readonly tags

tags: undefined | Tag[] = undefined

(OPTIONAL) An array of tags for the rule group.

Readonly type

type: "STATELESS" | "STATEFUL" = 'STATEFUL'

The type of rules in the rule group.

Settings

Member Visibility

Theme

Generated using TypeDoc