Class NfwRuleSourceListConfig

NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwRuleGroupConfig / NfwRuleGroupRuleConfig / NfwRuleSourceConfig / NfwRuleSourceListConfig

Network Firewall stateful rule source list configuration. Use this configuration to define DNS domain allow and deny lists for Network Firewall. Domain lists allow you to configure domain name filtering for your Network Firewall.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessourcelist.html for more details.

The following example creates a deny list for all subdomains of example.com. It checks packets for both TLS_SNI as well as HTTP_HOST headers with this value.

Example

generatedRulesType: DENYLIST
targets:
  - .example.com
targetTypes: ['TLS_SNI', 'HTTP_HOST']

Hierarchy

  • NfwRuleSourceListConfig

Implements

Constructors

constructor

Properties

generatedRulesType targetTypes targets

Constructors

constructor

Properties

Readonly generatedRulesType

generatedRulesType: "ALLOWLIST" | "DENYLIST" = 'DENYLIST'

The type of rules to generate from the source list.

Readonly targetTypes

targetTypes: ("TLS_SNI" | "HTTP_HOST")[] = ...

An array of protocol types to inspect.

See

nfwTargetType

Readonly targets

targets: string[] = []

An array of target domain names.

Remarks

Supported values are as fallows: Explicit domain names such as www.example.com. Wildcard domain names should be prefaced with a .. For example: .example.com

Settings

Member Visibility

Theme

Generated using TypeDoc