AWS Network Firewall Rule Group
This page shows how to write Terraform and CloudFormation for Network Firewall Rule Group and write them securely.
aws_networkfirewall_rule_group (Terraform)
The Rule Group in Network Firewall can be configured in Terraform with the resource name aws_networkfirewall_rule_group
. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_networkfirewall_rule_group" "useless_rule" {
capacity = 100
name = "uselessRule"
type = "STATELESS"
rule_group {
rules_source {
resource "aws_networkfirewall_rule_group" "allow-local" {
capacity = 1000
name = "allow-local-ranges"
type = "STATELESS"
rule_group {
rules_source {
resource "aws_networkfirewall_rule_group" "block_2222" {
capacity = 100
name = "block-2222"
type = "STATEFUL"
rule_group {
resource "aws_networkfirewall_rule_group" "drop_icmp_traffic_fw_rule_group" {
name = "drop-icmp-traffic-fw-rule-group"
capacity = 100
type = "STATELESS"
rule_group {
Parameters
-
arn
optional computed - string -
capacity
required - number -
description
optional - string -
id
optional computed - string -
name
required - string -
rules
optional - string -
tags
optional - map from string to string -
type
required - string -
update_token
optional computed - string -
rule_group
list block-
rule_variables
list block-
ip_sets
set block-
key
required - string -
ip_set
list block-
definition
required - set of string
-
-
-
port_sets
set block-
key
required - string -
port_set
list block-
definition
required - set of string
-
-
-
-
rules_source
list block-
rules_string
optional - string -
rules_source_list
list block-
generated_rules_type
required - string -
target_types
required - set of string -
targets
required - set of string
-
-
stateful_rule
set block-
action
required - string -
header
list block-
destination
required - string -
destination_port
required - string -
direction
required - string -
protocol
required - string -
source
required - string -
source_port
required - string
-
-
rule_option
set block
-
-
stateless_rules_and_custom_actions
list block-
custom_action
set block-
action_name
required - string -
action_definition
list block-
publish_metric_action
list block
-
-
-
stateless_rule
set block-
priority
required - number -
rule_definition
list block-
actions
required - set of string -
match_attributes
list block-
protocols
optional - set of number -
destination
set block-
address_definition
required - string
-
-
destination_port
set block -
source
set block-
address_definition
required - string
-
-
source_port
set block -
tcp_flag
set block
-
-
-
-
-
-
Explanation in Terraform Registry
Provides an AWS Network Firewall Rule Group Resource
AWS::NetworkFirewall::RuleGroup (CloudFormation)
The RuleGroup in NetworkFirewall can be configured in CloudFormation with the resource name AWS::NetworkFirewall::RuleGroup
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
RuleGroupName
required - String -
RuleGroup
optional - RuleGroup -
Type
required - String -
Capacity
required - Integer -
Description
optional - String -
Tags
optional - List of Tag
Explanation in CloudFormation Registry
Use the AWS::NetworkFirewall::RuleGroup to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an AWS::NetworkFirewall::FirewallPolicy to specify the filtering behavior of an AWS::NetworkFirewall::Firewall.
Frequently asked questions
What is AWS Network Firewall Rule Group?
AWS Network Firewall Rule Group is a resource for Network Firewall of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Network Firewall Rule Group?
For Terraform, the keithrozario/firewall_egress, toddlers/aws-network-firewall-workflow and ericdahl/tf-vpc-sandbox source code examples are useful. See the Terraform Example section for further details.