Class: AWSCDK::NetworkFirewall::CfnFirewallPolicy::StatefulRuleGroupReferenceProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::NetworkFirewall::CfnFirewallPolicy::StatefulRuleGroupReferenceProperty
- Defined in:
- network_firewall/cfn_firewall_policy.rb
Overview
Identifier for a single stateful rule group, used in a firewall policy to refer to a rule group.
Instance Attribute Summary collapse
-
#deep_threat_inspection ⇒ Boolean, ...
readonly
AWS Network Firewall plans to augment the active threat defense managed rule group with an additional deep threat inspection capability.
-
#override ⇒ AWSCDK::IResolvable, ...
readonly
The action that allows the policy owner to override the behavior of the rule group within a policy.
-
#priority ⇒ Numeric?
readonly
An integer setting that indicates the order in which to run the stateful rule groups in a single firewall policy.
-
#resource_arn ⇒ String
readonly
The Amazon Resource Name (ARN) of the stateful rule group.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(resource_arn:, deep_threat_inspection: nil, override: nil, priority: nil) ⇒ StatefulRuleGroupReferenceProperty
constructor
A new instance of StatefulRuleGroupReferenceProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(resource_arn:, deep_threat_inspection: nil, override: nil, priority: nil) ⇒ StatefulRuleGroupReferenceProperty
Returns a new instance of StatefulRuleGroupReferenceProperty.
1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 |
# File 'network_firewall/cfn_firewall_policy.rb', line 1094 def initialize(resource_arn:, deep_threat_inspection: nil, override: nil, priority: nil) @resource_arn = resource_arn Jsii::Type.check_type(@resource_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "resourceArn") @deep_threat_inspection = deep_threat_inspection Jsii::Type.check_type(@deep_threat_inspection, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "deepThreatInspection") unless @deep_threat_inspection.nil? @override = override.is_a?(Hash) ? ::AWSCDK::NetworkFirewall::CfnFirewallPolicy::StatefulRuleGroupOverrideProperty.new(**override.transform_keys(&:to_sym)) : override Jsii::Type.check_type(@override, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19uZXR3b3JrZmlyZXdhbGwuQ2ZuRmlyZXdhbGxQb2xpY3kuU3RhdGVmdWxSdWxlR3JvdXBPdmVycmlkZVByb3BlcnR5In1dfX0=")), "override") unless @override.nil? @priority = priority Jsii::Type.check_type(@priority, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "priority") unless @priority.nil? end |
Instance Attribute Details
#deep_threat_inspection ⇒ Boolean, ... (readonly)
AWS Network Firewall plans to augment the active threat defense managed rule group with an additional deep threat inspection capability.
When this capability is released, AWS will analyze service logs of network traffic processed by these rule groups to identify threat indicators across customers. AWS will use these threat indicators to improve the active threat defense managed rule groups and protect the security of AWS customers and services.
Customers can opt-out of deep threat inspection at any time through the AWS Network Firewall console or API. When customers opt out, AWS Network Firewall will not use the network traffic processed by those customers' active threat defense rule groups for rule group improvement.
1118 1119 1120 |
# File 'network_firewall/cfn_firewall_policy.rb', line 1118 def deep_threat_inspection @deep_threat_inspection end |
#override ⇒ AWSCDK::IResolvable, ... (readonly)
The action that allows the policy owner to override the behavior of the rule group within a policy.
1123 1124 1125 |
# File 'network_firewall/cfn_firewall_policy.rb', line 1123 def override @override end |
#priority ⇒ Numeric? (readonly)
An integer setting that indicates the order in which to run the stateful rule groups in a single firewall policy.
This setting only applies to firewall policies that specify the STRICT_ORDER rule order in the stateful engine options settings.
Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.
You can change the priority settings of your rule groups at any time. To make it easier to insert rule groups later, number them so there's a wide range in between, for example use 100, 200, and so on.
1134 1135 1136 |
# File 'network_firewall/cfn_firewall_policy.rb', line 1134 def priority @priority end |
#resource_arn ⇒ String (readonly)
The Amazon Resource Name (ARN) of the stateful rule group.
1109 1110 1111 |
# File 'network_firewall/cfn_firewall_policy.rb', line 1109 def resource_arn @resource_arn end |
Class Method Details
.jsii_properties ⇒ Object
1136 1137 1138 1139 1140 1141 1142 1143 |
# File 'network_firewall/cfn_firewall_policy.rb', line 1136 def self.jsii_properties { :resource_arn => "resourceArn", :deep_threat_inspection => "deepThreatInspection", :override => "override", :priority => "priority", } end |
Instance Method Details
#to_jsii ⇒ Object
1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 |
# File 'network_firewall/cfn_firewall_policy.rb', line 1145 def to_jsii result = {} result.merge!({ "resourceArn" => @resource_arn, "deepThreatInspection" => @deep_threat_inspection, "override" => @override, "priority" => @priority, }) result.compact end |