Class: AWSCDK::NetworkFirewall::CfnRuleGroup::RulesSourceListProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::NetworkFirewall::CfnRuleGroup::RulesSourceListProperty
- Defined in:
- network_firewall/cfn_rule_group.rb
Overview
Stateful inspection criteria for a domain list rule group.
For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.
By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the HOME_NET rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see RuleVariables in this guide and Stateful domain list rule groups in AWS Network Firewall in the Network Firewall Developer Guide
Instance Attribute Summary collapse
-
#generated_rules_type ⇒ String
readonly
Whether you want to apply allow, reject, alert, or drop behavior to the domains in your target list.
-
#target_types ⇒ Array<String>
readonly
The types of targets to inspect for.
-
#targets ⇒ Array<String>
readonly
The domains that you want to inspect for in your traffic flows.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(generated_rules_type:, targets:, target_types:) ⇒ RulesSourceListProperty
constructor
A new instance of RulesSourceListProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(generated_rules_type:, targets:, target_types:) ⇒ RulesSourceListProperty
Returns a new instance of RulesSourceListProperty.
1451 1452 1453 1454 1455 1456 1457 1458 |
# File 'network_firewall/cfn_rule_group.rb', line 1451 def initialize(generated_rules_type:, targets:, target_types:) @generated_rules_type = generated_rules_type Jsii::Type.check_type(@generated_rules_type, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "generatedRulesType") @targets = targets Jsii::Type.check_type(@targets, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "targets") @target_types = target_types Jsii::Type.check_type(@target_types, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "targetTypes") end |
Instance Attribute Details
#generated_rules_type ⇒ String (readonly)
Whether you want to apply allow, reject, alert, or drop behavior to the domains in your target list.
When logging is enabled and you choose Alert, traffic that matches the domain specifications generates an alert in the firewall's logs. Then, traffic either passes, is rejected, or drops based on other rules in the firewall policy.
1466 1467 1468 |
# File 'network_firewall/cfn_rule_group.rb', line 1466 def generated_rules_type @generated_rules_type end |
#target_types ⇒ Array<String> (readonly)
The types of targets to inspect for.
Valid values are TLS_SNI and HTTP_HOST .
1481 1482 1483 |
# File 'network_firewall/cfn_rule_group.rb', line 1481 def target_types @target_types end |
#targets ⇒ Array<String> (readonly)
The domains that you want to inspect for in your traffic flows. Valid domain specifications are the following:.
- Explicit names. For example,
abc.example.commatches only the domainabc.example.com. - Names that use a domain wildcard, which you indicate with an initial '
.'. For example,.example.commatchesexample.comand matches all subdomains ofexample.com, such asabc.example.comandwww.example.com.
1474 1475 1476 |
# File 'network_firewall/cfn_rule_group.rb', line 1474 def targets @targets end |
Class Method Details
.jsii_properties ⇒ Object
1483 1484 1485 1486 1487 1488 1489 |
# File 'network_firewall/cfn_rule_group.rb', line 1483 def self.jsii_properties { :generated_rules_type => "generatedRulesType", :targets => "targets", :target_types => "targetTypes", } end |
Instance Method Details
#to_jsii ⇒ Object
1491 1492 1493 1494 1495 1496 1497 1498 1499 |
# File 'network_firewall/cfn_rule_group.rb', line 1491 def to_jsii result = {} result.merge!({ "generatedRulesType" => @generated_rules_type, "targets" => @targets, "targetTypes" => @target_types, }) result.compact end |