Package com.pulumi.aws.networkfirewall.outputs

Class FirewallPolicyFirewallPolicy

  • public final class FirewallPolicyFirewallPolicy
extends java.lang.Object

    • Method Detail

      • policyVariables

        public java.util.Optional<FirewallPolicyFirewallPolicyPolicyVariables> policyVariables()
        Returns:
        . Contains variables that you can use to override default Suricata settings in your firewall policy. See Rule Variables for details.

      • statefulDefaultActions

        public java.util.List<java.lang.String> statefulDefaultActions()
        Returns:
        Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a `stateful_engine_options` block with a `rule_order` value of `STRICT_ORDER`. You can specify one of either or neither values of `aws:drop_strict` or `aws:drop_established`, as well as any combination of `aws:alert_strict` and `aws:alert_established`.

      • statefulEngineOptions

        public java.util.Optional<FirewallPolicyFirewallPolicyStatefulEngineOptions> statefulEngineOptions()
        Returns:
        A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details.

      • statefulRuleGroupReferences

        public java.util.List<FirewallPolicyFirewallPolicyStatefulRuleGroupReference> statefulRuleGroupReferences()
        Returns:
        Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.

      • statelessCustomActions

        public java.util.List<FirewallPolicyFirewallPolicyStatelessCustomAction> statelessCustomActions()
        Returns:
        Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's `stateless_default_actions`. See Stateless Custom Action below for details.

      • statelessDefaultActions

        public java.util.List<java.lang.String> statelessDefaultActions()
        Returns:
        Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe`. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify `aws:forward_to_sfe`.

      • statelessFragmentDefaultActions

        public java.util.List<java.lang.String> statelessFragmentDefaultActions()
        Returns:
        Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe`. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify `aws:forward_to_sfe`.

      • statelessRuleGroupReferences

        public java.util.List<FirewallPolicyFirewallPolicyStatelessRuleGroupReference> statelessRuleGroupReferences()
        Returns:
        Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.

      • tlsInspectionConfigurationArn

        public java.util.Optional<java.lang.String> tlsInspectionConfigurationArn()
        Returns:
        The (ARN) of the TLS Inspection policy to attach to the FW Policy. This must be added at creation of the resource per AWS documentation. "You can only add a TLS inspection configuration to a new policy, not to an existing policy." This cannot be removed from a FW Policy.