Class: AWSCDK::NetworkFirewall::CfnFirewallPolicy::StatefulRuleGroupReferenceProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
network_firewall/cfn_firewall_policy.rb

Overview

Identifier for a single stateful rule group, used in a firewall policy to refer to a rule group.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(resource_arn:, deep_threat_inspection: nil, override: nil, priority: nil) ⇒ StatefulRuleGroupReferenceProperty

Returns a new instance of StatefulRuleGroupReferenceProperty.

Parameters:

  • resource_arn (String)

    The Amazon Resource Name (ARN) of the stateful rule group.

  • deep_threat_inspection (Boolean, AWSCDK::IResolvable, nil) (defaults to: nil)

    AWS Network Firewall plans to augment the active threat defense managed rule group with an additional deep threat inspection capability.

  • override (AWSCDK::IResolvable, AWSCDK::NetworkFirewall::CfnFirewallPolicy::StatefulRuleGroupOverrideProperty, nil) (defaults to: nil)

    The action that allows the policy owner to override the behavior of the rule group within a policy.

  • priority (Numeric, nil) (defaults to: nil)

    An integer setting that indicates the order in which to run the stateful rule groups in a single firewall policy.



1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
# File 'network_firewall/cfn_firewall_policy.rb', line 1094

def initialize(resource_arn:, deep_threat_inspection: nil, override: nil, priority: nil)
  @resource_arn = resource_arn
  Jsii::Type.check_type(@resource_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "resourceArn")
  @deep_threat_inspection = deep_threat_inspection
  Jsii::Type.check_type(@deep_threat_inspection, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "deepThreatInspection") unless @deep_threat_inspection.nil?
  @override = override.is_a?(Hash) ? ::AWSCDK::NetworkFirewall::CfnFirewallPolicy::StatefulRuleGroupOverrideProperty.new(**override.transform_keys(&:to_sym)) : override
  Jsii::Type.check_type(@override, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19uZXR3b3JrZmlyZXdhbGwuQ2ZuRmlyZXdhbGxQb2xpY3kuU3RhdGVmdWxSdWxlR3JvdXBPdmVycmlkZVByb3BlcnR5In1dfX0=")), "override") unless @override.nil?
  @priority = priority
  Jsii::Type.check_type(@priority, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "priority") unless @priority.nil?
end

Instance Attribute Details

#deep_threat_inspectionBoolean, ... (readonly)

AWS Network Firewall plans to augment the active threat defense managed rule group with an additional deep threat inspection capability.

When this capability is released, AWS will analyze service logs of network traffic processed by these rule groups to identify threat indicators across customers. AWS will use these threat indicators to improve the active threat defense managed rule groups and protect the security of AWS customers and services.

Customers can opt-out of deep threat inspection at any time through the AWS Network Firewall console or API. When customers opt out, AWS Network Firewall will not use the network traffic processed by those customers' active threat defense rule groups for rule group improvement.



1118
1119
1120
# File 'network_firewall/cfn_firewall_policy.rb', line 1118

def deep_threat_inspection
  @deep_threat_inspection
end

#overrideAWSCDK::IResolvable, ... (readonly)

The action that allows the policy owner to override the behavior of the rule group within a policy.



1123
1124
1125
# File 'network_firewall/cfn_firewall_policy.rb', line 1123

def override
  @override
end

#priorityNumeric? (readonly)

An integer setting that indicates the order in which to run the stateful rule groups in a single firewall policy.

This setting only applies to firewall policies that specify the STRICT_ORDER rule order in the stateful engine options settings.

Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.

You can change the priority settings of your rule groups at any time. To make it easier to insert rule groups later, number them so there's a wide range in between, for example use 100, 200, and so on.



1134
1135
1136
# File 'network_firewall/cfn_firewall_policy.rb', line 1134

def priority
  @priority
end

#resource_arnString (readonly)

The Amazon Resource Name (ARN) of the stateful rule group.



1109
1110
1111
# File 'network_firewall/cfn_firewall_policy.rb', line 1109

def resource_arn
  @resource_arn
end

Class Method Details

.jsii_propertiesObject



1136
1137
1138
1139
1140
1141
1142
1143
# File 'network_firewall/cfn_firewall_policy.rb', line 1136

def self.jsii_properties
  {
    :resource_arn => "resourceArn",
    :deep_threat_inspection => "deepThreatInspection",
    :override => "override",
    :priority => "priority",
  }
end

Instance Method Details

#to_jsiiObject



1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
# File 'network_firewall/cfn_firewall_policy.rb', line 1145

def to_jsii
  result = {}
  result.merge!({
    "resourceArn" => @resource_arn,
    "deepThreatInspection" => @deep_threat_inspection,
    "override" => @override,
    "priority" => @priority,
  })
  result.compact
end