Package com.pulumi.aws.networkfirewall
Class RuleGroup
- java.lang.Object
-
- com.pulumi.resources.Resource
-
- com.pulumi.resources.CustomResource
-
- com.pulumi.aws.networkfirewall.RuleGroup
-
public class RuleGroup extends com.pulumi.resources.CustomResourceProvides an AWS Network Firewall Rule Group Resource ## Example Usage ### Stateful Inspection for denying access to a domain <!--Start PulumiCodeChooser -->
<!--End PulumiCodeChooser --> ### Stateful Inspection for permitting packets from a source IP address <!--Start PulumiCodeChooser --> <!--End PulumiCodeChooser --> ### Stateful Inspection for blocking packets from going to an intended destination <!--Start PulumiCodeChooser -->package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.networkfirewall.RuleGroup; import com.pulumi.aws.networkfirewall.RuleGroupArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupRulesSourceArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupRulesSourceRulesSourceListArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new RuleGroup("example", RuleGroupArgs.builder() .capacity(100) .name("example") .type("STATEFUL") .ruleGroup(RuleGroupRuleGroupArgs.builder() .rulesSource(RuleGroupRuleGroupRulesSourceArgs.builder() .rulesSourceList(RuleGroupRuleGroupRulesSourceRulesSourceListArgs.builder() .generatedRulesType("DENYLIST") .targetTypes("HTTP_HOST") .targets("test.example.com") .build()) .build()) .build()) .tags(Map.ofEntries( Map.entry("Tag1", "Value1"), Map.entry("Tag2", "Value2") )) .build()); } }
<!--End PulumiCodeChooser --> ### Stateful Inspection from rules specifications defined in Suricata flat format <!--Start PulumiCodeChooser -->package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.networkfirewall.RuleGroup; import com.pulumi.aws.networkfirewall.RuleGroupArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupRulesSourceArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new RuleGroup("example", RuleGroupArgs.builder() .capacity(100) .name("example") .type("STATEFUL") .ruleGroup(RuleGroupRuleGroupArgs.builder() .rulesSource(RuleGroupRuleGroupRulesSourceArgs.builder() .statefulRules(RuleGroupRuleGroupRulesSourceStatefulRuleArgs.builder() .action("DROP") .header(RuleGroupRuleGroupRulesSourceStatefulRuleHeaderArgs.builder() .destination("124.1.1.24/32") .destinationPort(53) .direction("ANY") .protocol("TCP") .source("1.2.3.4/32") .sourcePort(53) .build()) .ruleOptions(RuleGroupRuleGroupRulesSourceStatefulRuleRuleOptionArgs.builder() .keyword("sid") .settings("1") .build()) .build()) .build()) .build()) .tags(Map.ofEntries( Map.entry("Tag1", "Value1"), Map.entry("Tag2", "Value2") )) .build()); } }
<!--End PulumiCodeChooser --> ### Stateful Inspection from rule group specifications using rule variables and Suricata format rules <!--Start PulumiCodeChooser -->package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.networkfirewall.RuleGroup; import com.pulumi.aws.networkfirewall.RuleGroupArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new RuleGroup("example", RuleGroupArgs.builder() .capacity(100) .name("example") .type("STATEFUL") .rules(StdFunctions.file(FileArgs.builder() .input("example.rules") .build()).result()) .tags(Map.ofEntries( Map.entry("Tag1", "Value1"), Map.entry("Tag2", "Value2") )) .build()); } }
<!--End PulumiCodeChooser --> ### Stateless Inspection with a Custom Action <!--Start PulumiCodeChooser -->package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.networkfirewall.RuleGroup; import com.pulumi.aws.networkfirewall.RuleGroupArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupRuleVariablesArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupRulesSourceArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new RuleGroup("example", RuleGroupArgs.builder() .capacity(100) .name("example") .type("STATEFUL") .ruleGroup(RuleGroupRuleGroupArgs.builder() .ruleVariables(RuleGroupRuleGroupRuleVariablesArgs.builder() .ipSets( RuleGroupRuleGroupRuleVariablesIpSetArgs.builder() .key("WEBSERVERS_HOSTS") .ipSet(RuleGroupRuleGroupRuleVariablesIpSetIpSetArgs.builder() .definitions( "10.0.0.0/16", "10.0.1.0/24", "192.168.0.0/16") .build()) .build(), RuleGroupRuleGroupRuleVariablesIpSetArgs.builder() .key("EXTERNAL_HOST") .ipSet(RuleGroupRuleGroupRuleVariablesIpSetIpSetArgs.builder() .definitions("1.2.3.4/32") .build()) .build()) .portSets(RuleGroupRuleGroupRuleVariablesPortSetArgs.builder() .key("HTTP_PORTS") .portSet(RuleGroupRuleGroupRuleVariablesPortSetPortSetArgs.builder() .definitions( "443", "80") .build()) .build()) .build()) .rulesSource(RuleGroupRuleGroupRulesSourceArgs.builder() .rulesString(StdFunctions.file(FileArgs.builder() .input("suricata_rules_file") .build()).result()) .build()) .build()) .tags(Map.ofEntries( Map.entry("Tag1", "Value1"), Map.entry("Tag2", "Value2") )) .build()); } }
<!--End PulumiCodeChooser --> ### IP Set References to the Rule Group <!--Start PulumiCodeChooser -->package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.networkfirewall.RuleGroup; import com.pulumi.aws.networkfirewall.RuleGroupArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupRulesSourceArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new RuleGroup("example", RuleGroupArgs.builder() .description("Stateless Rate Limiting Rule") .capacity(100) .name("example") .type("STATELESS") .ruleGroup(RuleGroupRuleGroupArgs.builder() .rulesSource(RuleGroupRuleGroupRulesSourceArgs.builder() .statelessRulesAndCustomActions(RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsArgs.builder() .customActions(RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionArgs.builder() .actionDefinition(RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionArgs.builder() .publishMetricAction(RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricActionArgs.builder() .dimensions(RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricActionDimensionArgs.builder() .value("2") .build()) .build()) .build()) .actionName("ExampleMetricsAction") .build()) .statelessRules(RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleArgs.builder() .priority(1) .ruleDefinition(RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionArgs.builder() .actions( "aws:pass", "ExampleMetricsAction") .matchAttributes(RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesArgs.builder() .sources(RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSourceArgs.builder() .addressDefinition("1.2.3.4/32") .build()) .sourcePorts(RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSourcePortArgs.builder() .fromPort(443) .toPort(443) .build()) .destinations(RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestinationArgs.builder() .addressDefinition("124.1.1.5/32") .build()) .destinationPorts(RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestinationPortArgs.builder() .fromPort(443) .toPort(443) .build()) .protocols(6) .tcpFlags(RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesTcpFlagArgs.builder() .flags("SYN") .masks( "SYN", "ACK") .build()) .build()) .build()) .build()) .build()) .build()) .build()) .tags(Map.ofEntries( Map.entry("Tag1", "Value1"), Map.entry("Tag2", "Value2") )) .build()); } }
<!--End PulumiCodeChooser --> ## Import Using `pulumi import`, import Network Firewall Rule Groups using their `arn`. For example: ```sh $ pulumi import aws:networkfirewall/ruleGroup:RuleGroup example arn:aws:network-firewall:us-west-1:123456789012:stateful-rulegroup/example ```package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.networkfirewall.RuleGroup; import com.pulumi.aws.networkfirewall.RuleGroupArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupRulesSourceArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupRulesSourceRulesSourceListArgs; import com.pulumi.aws.networkfirewall.inputs.RuleGroupRuleGroupReferenceSetsArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var example = new RuleGroup("example", RuleGroupArgs.builder() .capacity(100) .name("example") .type("STATEFUL") .ruleGroup(RuleGroupRuleGroupArgs.builder() .rulesSource(RuleGroupRuleGroupRulesSourceArgs.builder() .rulesSourceList(RuleGroupRuleGroupRulesSourceRulesSourceListArgs.builder() .generatedRulesType("DENYLIST") .targetTypes("HTTP_HOST") .targets("test.example.com") .build()) .build()) .referenceSets(RuleGroupRuleGroupReferenceSetsArgs.builder() .ipSetReferences(RuleGroupRuleGroupReferenceSetsIpSetReferenceArgs.builder() .key("example") .ipSetReferences(RuleGroupRuleGroupReferenceSetsIpSetReferenceIpSetReferenceArgs.builder() .referenceArn(this_.arn()) .build()) .build()) .build()) .build()) .tags(Map.ofEntries( Map.entry("Tag1", "Value1"), Map.entry("Tag2", "Value2") )) .build()); } }
-
-
Constructor Summary
Constructors Constructor Description RuleGroup(java.lang.String name)RuleGroup(java.lang.String name, RuleGroupArgs args)RuleGroup(java.lang.String name, RuleGroupArgs args, com.pulumi.resources.CustomResourceOptions options)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description com.pulumi.core.Output<java.lang.String>arn()com.pulumi.core.Output<java.lang.Integer>capacity()com.pulumi.core.Output<java.util.Optional<java.lang.String>>description()com.pulumi.core.Output<java.util.Optional<RuleGroupEncryptionConfiguration>>encryptionConfiguration()static RuleGroupget(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, RuleGroupState state, com.pulumi.resources.CustomResourceOptions options)Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.com.pulumi.core.Output<java.lang.String>name()com.pulumi.core.Output<RuleGroupRuleGroup>ruleGroup()com.pulumi.core.Output<java.util.Optional<java.lang.String>>rules()com.pulumi.core.Output<java.util.Optional<java.util.Map<java.lang.String,java.lang.String>>>tags()com.pulumi.core.Output<java.util.Map<java.lang.String,java.lang.String>>tagsAll()com.pulumi.core.Output<java.lang.String>type()com.pulumi.core.Output<java.lang.String>updateToken()
-
-
-
Constructor Detail
-
RuleGroup
public RuleGroup(java.lang.String name)
- Parameters:
name- The _unique_ name of the resulting resource.
-
RuleGroup
public RuleGroup(java.lang.String name, RuleGroupArgs args)- Parameters:
name- The _unique_ name of the resulting resource.args- The arguments to use to populate this resource's properties.
-
RuleGroup
public RuleGroup(java.lang.String name, RuleGroupArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options)- Parameters:
name- The _unique_ name of the resulting resource.args- The arguments to use to populate this resource's properties.options- A bag of options that control this resource's behavior.
-
-
Method Detail
-
arn
public com.pulumi.core.Output<java.lang.String> arn()
- Returns:
- The Amazon Resource Name (ARN) that identifies the rule group.
-
capacity
public com.pulumi.core.Output<java.lang.Integer> capacity()
- Returns:
- The maximum number of operating resources that this rule group can use. For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules. For a stateful rule group, the minimum capacity required is the number of individual rules.
-
description
public com.pulumi.core.Output<java.util.Optional<java.lang.String>> description()
- Returns:
- A friendly description of the rule group.
-
encryptionConfiguration
public com.pulumi.core.Output<java.util.Optional<RuleGroupEncryptionConfiguration>> encryptionConfiguration()
- Returns:
- KMS encryption configuration settings. See Encryption Configuration below for details.
-
name
public com.pulumi.core.Output<java.lang.String> name()
- Returns:
- A friendly name of the rule group.
-
ruleGroup
public com.pulumi.core.Output<RuleGroupRuleGroup> ruleGroup()
- Returns:
- A configuration block that defines the rule group rules. Required unless `rules` is specified. See Rule Group below for details.
-
rules
public com.pulumi.core.Output<java.util.Optional<java.lang.String>> rules()
- Returns:
- The stateful rule group rules specifications in Suricata file format, with one rule per line. Use this to import your existing Suricata compatible rule groups. Required unless `rule_group` is specified.
-
tags
public com.pulumi.core.Output<java.util.Optional<java.util.Map<java.lang.String,java.lang.String>>> tags()
- Returns:
- A map of key:value pairs to associate with the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
-
tagsAll
public com.pulumi.core.Output<java.util.Map<java.lang.String,java.lang.String>> tagsAll()
- Returns:
- A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.
-
type
public com.pulumi.core.Output<java.lang.String> type()
- Returns:
- Whether the rule group is stateless (containing stateless rules) or stateful (containing stateful rules). Valid values include: `STATEFUL` or `STATELESS`.
-
updateToken
public com.pulumi.core.Output<java.lang.String> updateToken()
- Returns:
- A string token used when updating the rule group.
-
get
public static RuleGroup get(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, @Nullable RuleGroupState state, @Nullable com.pulumi.resources.CustomResourceOptions options)
Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.- Parameters:
name- The _unique_ name of the resulting resource.id- The _unique_ provider ID of the resource to lookup.state-options- Optional settings to control the behavior of the CustomResource.
-
-