class Aws::NetworkFirewall::Types::RuleGroup

The object that defines the rules in a rule group. This, along with RuleGroupResponse, define the rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.

AWS Network Firewall uses a rule group to inspect and control network traffic. You define stateless rule groups to inspect individual packets and you define stateful rule groups to inspect packets in the context of their traffic flow.

To use a rule group, you include it by reference in an Network Firewall firewall policy, then you use the policy in a firewall. You can reference a rule group from more than one firewall policy, and you can use a firewall policy in more than one firewall.

@note When making an API call, you may pass RuleGroup

data as a hash:

    {
      rule_variables: {
        ip_sets: {
          "RuleVariableName" => {
            definition: ["VariableDefinition"], # required
          },
        },
        port_sets: {
          "RuleVariableName" => {
            definition: ["VariableDefinition"],
          },
        },
      },
      rules_source: { # required
        rules_string: "RulesString",
        rules_source_list: {
          targets: ["CollectionMember_String"], # required
          target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
          generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
        },
        stateful_rules: [
          {
            action: "PASS", # required, accepts PASS, DROP, ALERT
            header: { # required
              protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
              source: "Source", # required
              source_port: "Port", # required
              direction: "FORWARD", # required, accepts FORWARD, ANY
              destination: "Destination", # required
              destination_port: "Port", # required
            },
            rule_options: [ # required
              {
                keyword: "Keyword", # required
                settings: ["Setting"],
              },
            ],
          },
        ],
        stateless_rules_and_custom_actions: {
          stateless_rules: [ # required
            {
              rule_definition: { # required
                match_attributes: { # required
                  sources: [
                    {
                      address_definition: "AddressDefinition", # required
                    },
                  ],
                  destinations: [
                    {
                      address_definition: "AddressDefinition", # required
                    },
                  ],
                  source_ports: [
                    {
                      from_port: 1, # required
                      to_port: 1, # required
                    },
                  ],
                  destination_ports: [
                    {
                      from_port: 1, # required
                      to_port: 1, # required
                    },
                  ],
                  protocols: [1],
                  tcp_flags: [
                    {
                      flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
                      masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
                    },
                  ],
                },
                actions: ["CollectionMember_String"], # required
              },
              priority: 1, # required
            },
          ],
          custom_actions: [
            {
              action_name: "ActionName", # required
              action_definition: { # required
                publish_metric_action: {
                  dimensions: [ # required
                    {
                      value: "DimensionValue", # required
                    },
                  ],
                },
              },
            },
          ],
        },
      },
    }

@!attribute [rw] rule_variables

Settings that are available for use in the rules in the rule group.
You can only use these for stateful rule groups.
@return [Types::RuleVariables]

@!attribute [rw] rules_source

The stateful rules or stateless rules for the rule group.
@return [Types::RulesSource]

@see docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RuleGroup AWS API Documentation

Constants

SENSITIVE