AWS Network Firewall Resource Policy
This page shows how to write Terraform and CloudFormation for Network Firewall Resource Policy and write them securely.
aws_networkfirewall_resource_policy (Terraform)
The Resource Policy in Network Firewall can be configured in Terraform with the resource name aws_networkfirewall_resource_policy
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
id
optional computed - string -
policy
required - string -
resource_arn
required - string
Explanation in Terraform Registry
Provides an AWS Network Firewall Resource Policy Resource for a rule group or firewall policy.
AWS::NetworkFirewall::RuleGroup RulesSource (CloudFormation)
The RuleGroup RulesSource in NetworkFirewall can be configured in CloudFormation with the resource name AWS::NetworkFirewall::RuleGroup RulesSource
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
RulesSourceList
Stateful inspection criteria for a domain list rule group.
Required: No
Type: RulesSourceList
Update requires: No interruption
RulesString
Stateful inspection criteria, provided in Suricata compatible intrusion prevention system (IPS) rules. Suricata is an open-source network IPS that includes a standard rule-based language for network traffic inspection.
These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn't have a separate action setting.
Required: No
Type: String
Minimum: 0
Maximum: 2000000
Update requires: No interruption
StatefulRules
An array of individual stateful rules inspection criteria to be used together in a stateful rule group. Use this option to specify simple Suricata rules with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules
format, see Rules Format.
Required: No
Type: List of StatefulRule
Update requires: No interruption
StatelessRulesAndCustomActions
Stateless inspection criteria to be used in a stateless rule group.
Required: No
Type: StatelessRulesAndCustomActions
Update requires: No interruption
Explanation in CloudFormation Registry
The stateless or stateful rules definitions for use in a single rule group. Each rule group requires a single
RulesSource
. You can use an instance of this for either stateless rules or stateful rules.