AWS Network Firewall Rule Group
This page shows how to write Terraform and CloudFormation for Network Firewall Rule Group and write them securely.
aws_networkfirewall_rule_group (Terraform)
The Rule Group in Network Firewall can be configured in Terraform with the resource name aws_networkfirewall_rule_group. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_networkfirewall_rule_group" "useless_rule" {
capacity = 100
name = "uselessRule"
type = "STATELESS"
rule_group {
rules_source {
resource "aws_networkfirewall_rule_group" "allow-local" {
capacity = 1000
name = "allow-local-ranges"
type = "STATELESS"
rule_group {
rules_source {
resource "aws_networkfirewall_rule_group" "block_2222" {
capacity = 100
name = "block-2222"
type = "STATEFUL"
rule_group {
resource "aws_networkfirewall_rule_group" "drop_icmp_traffic_fw_rule_group" {
name = "drop-icmp-traffic-fw-rule-group"
capacity = 100
type = "STATELESS"
rule_group {
Parameters
-
arnoptional computed - string -
capacityrequired - number -
descriptionoptional - string -
idoptional computed - string -
namerequired - string -
rulesoptional - string -
tagsoptional - map from string to string -
typerequired - string -
update_tokenoptional computed - string -
rule_grouplist block-
rule_variableslist block-
ip_setsset block-
keyrequired - string -
ip_setlist block-
definitionrequired - set of string
-
-
-
port_setsset block-
keyrequired - string -
port_setlist block-
definitionrequired - set of string
-
-
-
-
rules_sourcelist block-
rules_stringoptional - string -
rules_source_listlist block-
generated_rules_typerequired - string -
target_typesrequired - set of string -
targetsrequired - set of string
-
-
stateful_ruleset block-
actionrequired - string -
headerlist block-
destinationrequired - string -
destination_portrequired - string -
directionrequired - string -
protocolrequired - string -
sourcerequired - string -
source_portrequired - string
-
-
rule_optionset block
-
-
stateless_rules_and_custom_actionslist block-
custom_actionset block-
action_namerequired - string -
action_definitionlist block-
publish_metric_actionlist block
-
-
-
stateless_ruleset block-
priorityrequired - number -
rule_definitionlist block-
actionsrequired - set of string -
match_attributeslist block-
protocolsoptional - set of number -
destinationset block-
address_definitionrequired - string
-
-
destination_portset block -
sourceset block-
address_definitionrequired - string
-
-
source_portset block -
tcp_flagset block
-
-
-
-
-
-
Explanation in Terraform Registry
Provides an AWS Network Firewall Rule Group Resource
AWS::NetworkFirewall::RuleGroup (CloudFormation)
The RuleGroup in NetworkFirewall can be configured in CloudFormation with the resource name AWS::NetworkFirewall::RuleGroup. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
-
RuleGroupNamerequired - String -
RuleGroupoptional - RuleGroup -
Typerequired - String -
Capacityrequired - Integer -
Descriptionoptional - String -
Tagsoptional - List of Tag
Explanation in CloudFormation Registry
Use the AWS::NetworkFirewall::RuleGroup to define a reusable collection of stateless or stateful network traffic filtering rules. You use rule groups in an AWS::NetworkFirewall::FirewallPolicy to specify the filtering behavior of an AWS::NetworkFirewall::Firewall.
Frequently asked questions
What is AWS Network Firewall Rule Group?
AWS Network Firewall Rule Group is a resource for Network Firewall of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Network Firewall Rule Group?
For Terraform, the keithrozario/firewall_egress, toddlers/aws-network-firewall-workflow and ericdahl/tf-vpc-sandbox source code examples are useful. See the Terraform Example section for further details.
