awscc.networkfirewall_rulegroup¶
Filters¶
event
reduce
value
Actions¶
delete¶
Parent base class for filters and actions.
properties:
type:
enum:
- delete
required:
- type
Permissions - network-firewall:DeleteRuleGroup, network-firewall:DescribeRuleGroup, network-firewall:UntagResource
update¶
Parent base class for filters and actions.
definitions:
ActionDefinition:
additionalProperties: false
properties:
PublishMetricAction:
additionalProperties: false
properties:
Dimensions:
insertionOrder: false
items:
additionalProperties: false
properties:
Value:
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9-_ ]+$
type: string
required:
- Value
type: object
type: array
uniqueItems: true
required:
- Dimensions
type: object
type: object
Address:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
CustomAction:
additionalProperties: false
properties:
ActionDefinition:
additionalProperties: false
properties:
PublishMetricAction:
additionalProperties: false
properties:
Dimensions:
insertionOrder: false
items:
additionalProperties: false
properties:
Value:
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9-_ ]+$
type: string
required:
- Value
type: object
type: array
uniqueItems: true
required:
- Dimensions
type: object
type: object
ActionName:
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9]+$
type: string
required:
- ActionName
- ActionDefinition
type: object
Dimension:
additionalProperties: false
properties:
Value:
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9-_ ]+$
type: string
required:
- Value
type: object
GeneratedRulesType:
enum:
- ALLOWLIST
- DENYLIST
type: string
Header:
additionalProperties: false
properties:
Destination:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
DestinationPort:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
Direction:
enum:
- FORWARD
- ANY
type: string
Protocol:
enum:
- IP
- TCP
- UDP
- ICMP
- HTTP
- FTP
- TLS
- SMB
- DNS
- DCERPC
- SSH
- SMTP
- IMAP
- MSN
- KRB5
- IKEV2
- TFTP
- NTP
- DHCP
type: string
Source:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
SourcePort:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
required:
- Protocol
- Source
- SourcePort
- Direction
- Destination
- DestinationPort
type: object
IPSet:
additionalProperties: false
properties:
Definition:
insertionOrder: false
items:
minLength: 1
pattern: ^.*$
type: string
type: array
uniqueItems: true
type: object
MatchAttributes:
additionalProperties: false
properties:
DestinationPorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Destinations:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
Protocols:
insertionOrder: false
items:
maximum: 255
minimum: 0
type: integer
type: array
uniqueItems: true
SourcePorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Sources:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
TCPFlags:
insertionOrder: false
items:
additionalProperties: false
properties:
Flags:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
Masks:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
required:
- Flags
type: object
type: array
uniqueItems: true
type: object
Port:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
PortRange:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
PortRangeBound:
maximum: 65535
minimum: 0
type: integer
PortSet:
additionalProperties: false
properties:
Definition:
insertionOrder: false
items:
minLength: 1
pattern: ^.*$
type: string
type: array
uniqueItems: true
type: object
ProtocolNumber:
maximum: 255
minimum: 0
type: integer
PublishMetricAction:
additionalProperties: false
properties:
Dimensions:
insertionOrder: false
items:
additionalProperties: false
properties:
Value:
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9-_ ]+$
type: string
required:
- Value
type: object
type: array
uniqueItems: true
required:
- Dimensions
type: object
ResourceArn:
description: A resource ARN.
maxLength: 256
minLength: 1
pattern: ^(arn:aws.*)$
type: string
RuleDefinition:
additionalProperties: false
properties:
Actions:
insertionOrder: false
items:
type: string
type: array
uniqueItems: true
MatchAttributes:
additionalProperties: false
properties:
DestinationPorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Destinations:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
Protocols:
insertionOrder: false
items:
maximum: 255
minimum: 0
type: integer
type: array
uniqueItems: true
SourcePorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Sources:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
TCPFlags:
insertionOrder: false
items:
additionalProperties: false
properties:
Flags:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
Masks:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
required:
- Flags
type: object
type: array
uniqueItems: true
type: object
required:
- MatchAttributes
- Actions
type: object
RuleGroup:
additionalProperties: false
properties:
RuleVariables:
additionalProperties: false
properties:
IPSets:
additionalProperties: false
patternProperties:
^[A-Za-z0-9_]{1,32}$:
additionalProperties: false
properties:
Definition:
insertionOrder: false
items:
minLength: 1
pattern: ^.*$
type: string
type: array
uniqueItems: true
type: object
type: object
PortSets:
additionalProperties: false
patternProperties:
^[A-Za-z0-9_]{1,32}$:
additionalProperties: false
properties:
Definition:
insertionOrder: false
items:
minLength: 1
pattern: ^.*$
type: string
type: array
uniqueItems: true
type: object
type: object
type: object
RulesSource:
additionalProperties: false
properties:
RulesSourceList:
additionalProperties: false
properties:
GeneratedRulesType:
enum:
- ALLOWLIST
- DENYLIST
type: string
TargetTypes:
insertionOrder: false
items:
enum:
- TLS_SNI
- HTTP_HOST
type: string
type: array
uniqueItems: true
Targets:
insertionOrder: false
items:
type: string
type: array
uniqueItems: true
required:
- Targets
- TargetTypes
- GeneratedRulesType
type: object
RulesString:
maxLength: 1000000
minLength: 0
type: string
StatefulRules:
insertionOrder: true
items:
additionalProperties: false
properties:
Action:
enum:
- PASS
- DROP
- ALERT
type: string
Header:
additionalProperties: false
properties:
Destination:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
DestinationPort:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
Direction:
enum:
- FORWARD
- ANY
type: string
Protocol:
enum:
- IP
- TCP
- UDP
- ICMP
- HTTP
- FTP
- TLS
- SMB
- DNS
- DCERPC
- SSH
- SMTP
- IMAP
- MSN
- KRB5
- IKEV2
- TFTP
- NTP
- DHCP
type: string
Source:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
SourcePort:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
required:
- Protocol
- Source
- SourcePort
- Direction
- Destination
- DestinationPort
type: object
RuleOptions:
insertionOrder: false
items:
additionalProperties: false
properties:
Keyword:
maxLength: 128
minLength: 1
pattern: ^.*$
type: string
Settings:
insertionOrder: false
items:
maxLength: 8192
minLength: 1
pattern: ^.*$
type: string
type: array
uniqueItems: true
required:
- Keyword
type: object
type: array
uniqueItems: true
required:
- Action
- Header
- RuleOptions
type: object
type: array
uniqueItems: true
StatelessRulesAndCustomActions:
additionalProperties: false
properties:
CustomActions:
insertionOrder: false
items:
additionalProperties: false
properties:
ActionDefinition:
additionalProperties: false
properties:
PublishMetricAction:
additionalProperties: false
properties:
Dimensions:
insertionOrder: false
items:
additionalProperties: false
properties:
Value:
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9-_ ]+$
type: string
required:
- Value
type: object
type: array
uniqueItems: true
required:
- Dimensions
type: object
type: object
ActionName:
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9]+$
type: string
required:
- ActionName
- ActionDefinition
type: object
type: array
uniqueItems: true
StatelessRules:
insertionOrder: false
items:
additionalProperties: false
properties:
Priority:
maximum: 65535
minimum: 1
type: integer
RuleDefinition:
additionalProperties: false
properties:
Actions:
insertionOrder: false
items:
type: string
type: array
uniqueItems: true
MatchAttributes:
additionalProperties: false
properties:
DestinationPorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Destinations:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
Protocols:
insertionOrder: false
items:
maximum: 255
minimum: 0
type: integer
type: array
uniqueItems: true
SourcePorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Sources:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
TCPFlags:
insertionOrder: false
items:
additionalProperties: false
properties:
Flags:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
Masks:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
required:
- Flags
type: object
type: array
uniqueItems: true
type: object
required:
- MatchAttributes
- Actions
type: object
required:
- RuleDefinition
- Priority
type: object
type: array
uniqueItems: true
required:
- StatelessRules
type: object
type: object
StatefulRuleOptions:
additionalProperties: false
properties:
RuleOrder:
enum:
- DEFAULT_ACTION_ORDER
- STRICT_ORDER
type: string
type: object
required:
- RulesSource
type: object
RuleOption:
additionalProperties: false
properties:
Keyword:
maxLength: 128
minLength: 1
pattern: ^.*$
type: string
Settings:
insertionOrder: false
items:
maxLength: 8192
minLength: 1
pattern: ^.*$
type: string
type: array
uniqueItems: true
required:
- Keyword
type: object
RuleOrder:
enum:
- DEFAULT_ACTION_ORDER
- STRICT_ORDER
type: string
RuleVariables:
additionalProperties: false
properties:
IPSets:
additionalProperties: false
patternProperties:
^[A-Za-z0-9_]{1,32}$:
additionalProperties: false
properties:
Definition:
insertionOrder: false
items:
minLength: 1
pattern: ^.*$
type: string
type: array
uniqueItems: true
type: object
type: object
PortSets:
additionalProperties: false
patternProperties:
^[A-Za-z0-9_]{1,32}$:
additionalProperties: false
properties:
Definition:
insertionOrder: false
items:
minLength: 1
pattern: ^.*$
type: string
type: array
uniqueItems: true
type: object
type: object
type: object
RulesSource:
additionalProperties: false
properties:
RulesSourceList:
additionalProperties: false
properties:
GeneratedRulesType:
enum:
- ALLOWLIST
- DENYLIST
type: string
TargetTypes:
insertionOrder: false
items:
enum:
- TLS_SNI
- HTTP_HOST
type: string
type: array
uniqueItems: true
Targets:
insertionOrder: false
items:
type: string
type: array
uniqueItems: true
required:
- Targets
- TargetTypes
- GeneratedRulesType
type: object
RulesString:
maxLength: 1000000
minLength: 0
type: string
StatefulRules:
insertionOrder: true
items:
additionalProperties: false
properties:
Action:
enum:
- PASS
- DROP
- ALERT
type: string
Header:
additionalProperties: false
properties:
Destination:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
DestinationPort:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
Direction:
enum:
- FORWARD
- ANY
type: string
Protocol:
enum:
- IP
- TCP
- UDP
- ICMP
- HTTP
- FTP
- TLS
- SMB
- DNS
- DCERPC
- SSH
- SMTP
- IMAP
- MSN
- KRB5
- IKEV2
- TFTP
- NTP
- DHCP
type: string
Source:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
SourcePort:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
required:
- Protocol
- Source
- SourcePort
- Direction
- Destination
- DestinationPort
type: object
RuleOptions:
insertionOrder: false
items:
additionalProperties: false
properties:
Keyword:
maxLength: 128
minLength: 1
pattern: ^.*$
type: string
Settings:
insertionOrder: false
items:
maxLength: 8192
minLength: 1
pattern: ^.*$
type: string
type: array
uniqueItems: true
required:
- Keyword
type: object
type: array
uniqueItems: true
required:
- Action
- Header
- RuleOptions
type: object
type: array
uniqueItems: true
StatelessRulesAndCustomActions:
additionalProperties: false
properties:
CustomActions:
insertionOrder: false
items:
additionalProperties: false
properties:
ActionDefinition:
additionalProperties: false
properties:
PublishMetricAction:
additionalProperties: false
properties:
Dimensions:
insertionOrder: false
items:
additionalProperties: false
properties:
Value:
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9-_ ]+$
type: string
required:
- Value
type: object
type: array
uniqueItems: true
required:
- Dimensions
type: object
type: object
ActionName:
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9]+$
type: string
required:
- ActionName
- ActionDefinition
type: object
type: array
uniqueItems: true
StatelessRules:
insertionOrder: false
items:
additionalProperties: false
properties:
Priority:
maximum: 65535
minimum: 1
type: integer
RuleDefinition:
additionalProperties: false
properties:
Actions:
insertionOrder: false
items:
type: string
type: array
uniqueItems: true
MatchAttributes:
additionalProperties: false
properties:
DestinationPorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Destinations:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
Protocols:
insertionOrder: false
items:
maximum: 255
minimum: 0
type: integer
type: array
uniqueItems: true
SourcePorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Sources:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
TCPFlags:
insertionOrder: false
items:
additionalProperties: false
properties:
Flags:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
Masks:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
required:
- Flags
type: object
type: array
uniqueItems: true
type: object
required:
- MatchAttributes
- Actions
type: object
required:
- RuleDefinition
- Priority
type: object
type: array
uniqueItems: true
required:
- StatelessRules
type: object
type: object
RulesSourceList:
additionalProperties: false
properties:
GeneratedRulesType:
enum:
- ALLOWLIST
- DENYLIST
type: string
TargetTypes:
insertionOrder: false
items:
enum:
- TLS_SNI
- HTTP_HOST
type: string
type: array
uniqueItems: true
Targets:
insertionOrder: false
items:
type: string
type: array
uniqueItems: true
required:
- Targets
- TargetTypes
- GeneratedRulesType
type: object
RulesString:
maxLength: 1000000
minLength: 0
type: string
Setting:
maxLength: 8192
minLength: 1
pattern: ^.*$
type: string
StatefulRule:
additionalProperties: false
properties:
Action:
enum:
- PASS
- DROP
- ALERT
type: string
Header:
additionalProperties: false
properties:
Destination:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
DestinationPort:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
Direction:
enum:
- FORWARD
- ANY
type: string
Protocol:
enum:
- IP
- TCP
- UDP
- ICMP
- HTTP
- FTP
- TLS
- SMB
- DNS
- DCERPC
- SSH
- SMTP
- IMAP
- MSN
- KRB5
- IKEV2
- TFTP
- NTP
- DHCP
type: string
Source:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
SourcePort:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
required:
- Protocol
- Source
- SourcePort
- Direction
- Destination
- DestinationPort
type: object
RuleOptions:
insertionOrder: false
items:
additionalProperties: false
properties:
Keyword:
maxLength: 128
minLength: 1
pattern: ^.*$
type: string
Settings:
insertionOrder: false
items:
maxLength: 8192
minLength: 1
pattern: ^.*$
type: string
type: array
uniqueItems: true
required:
- Keyword
type: object
type: array
uniqueItems: true
required:
- Action
- Header
- RuleOptions
type: object
StatefulRuleOptions:
additionalProperties: false
properties:
RuleOrder:
enum:
- DEFAULT_ACTION_ORDER
- STRICT_ORDER
type: string
type: object
StatelessRule:
additionalProperties: false
properties:
Priority:
maximum: 65535
minimum: 1
type: integer
RuleDefinition:
additionalProperties: false
properties:
Actions:
insertionOrder: false
items:
type: string
type: array
uniqueItems: true
MatchAttributes:
additionalProperties: false
properties:
DestinationPorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Destinations:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
Protocols:
insertionOrder: false
items:
maximum: 255
minimum: 0
type: integer
type: array
uniqueItems: true
SourcePorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Sources:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
TCPFlags:
insertionOrder: false
items:
additionalProperties: false
properties:
Flags:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
Masks:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
required:
- Flags
type: object
type: array
uniqueItems: true
type: object
required:
- MatchAttributes
- Actions
type: object
required:
- RuleDefinition
- Priority
type: object
StatelessRulesAndCustomActions:
additionalProperties: false
properties:
CustomActions:
insertionOrder: false
items:
additionalProperties: false
properties:
ActionDefinition:
additionalProperties: false
properties:
PublishMetricAction:
additionalProperties: false
properties:
Dimensions:
insertionOrder: false
items:
additionalProperties: false
properties:
Value:
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9-_ ]+$
type: string
required:
- Value
type: object
type: array
uniqueItems: true
required:
- Dimensions
type: object
type: object
ActionName:
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9]+$
type: string
required:
- ActionName
- ActionDefinition
type: object
type: array
uniqueItems: true
StatelessRules:
insertionOrder: false
items:
additionalProperties: false
properties:
Priority:
maximum: 65535
minimum: 1
type: integer
RuleDefinition:
additionalProperties: false
properties:
Actions:
insertionOrder: false
items:
type: string
type: array
uniqueItems: true
MatchAttributes:
additionalProperties: false
properties:
DestinationPorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Destinations:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
Protocols:
insertionOrder: false
items:
maximum: 255
minimum: 0
type: integer
type: array
uniqueItems: true
SourcePorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Sources:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
TCPFlags:
insertionOrder: false
items:
additionalProperties: false
properties:
Flags:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
Masks:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
required:
- Flags
type: object
type: array
uniqueItems: true
type: object
required:
- MatchAttributes
- Actions
type: object
required:
- RuleDefinition
- Priority
type: object
type: array
uniqueItems: true
required:
- StatelessRules
type: object
TCPFlag:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
TCPFlagField:
additionalProperties: false
properties:
Flags:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
Masks:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
required:
- Flags
type: object
Tag:
additionalProperties: false
properties:
Key:
maxLength: 128
minLength: 1
pattern: ^.*$
type: string
Value:
maxLength: 255
minLength: 0
pattern: ^.*$
type: string
required:
- Key
- Value
type: object
TargetType:
enum:
- TLS_SNI
- HTTP_HOST
type: string
VariableDefinition:
minLength: 1
pattern: ^.*$
type: string
properties:
Description:
maxLength: 512
minLength: 1
pattern: ^.*$
type: string
RuleGroup:
additionalProperties: false
properties:
RuleVariables:
additionalProperties: false
properties:
IPSets:
additionalProperties: false
patternProperties:
^[A-Za-z0-9_]{1,32}$:
additionalProperties: false
properties:
Definition:
insertionOrder: false
items:
minLength: 1
pattern: ^.*$
type: string
type: array
uniqueItems: true
type: object
type: object
PortSets:
additionalProperties: false
patternProperties:
^[A-Za-z0-9_]{1,32}$:
additionalProperties: false
properties:
Definition:
insertionOrder: false
items:
minLength: 1
pattern: ^.*$
type: string
type: array
uniqueItems: true
type: object
type: object
type: object
RulesSource:
additionalProperties: false
properties:
RulesSourceList:
additionalProperties: false
properties:
GeneratedRulesType:
enum:
- ALLOWLIST
- DENYLIST
type: string
TargetTypes:
insertionOrder: false
items:
enum:
- TLS_SNI
- HTTP_HOST
type: string
type: array
uniqueItems: true
Targets:
insertionOrder: false
items:
type: string
type: array
uniqueItems: true
required:
- Targets
- TargetTypes
- GeneratedRulesType
type: object
RulesString:
maxLength: 1000000
minLength: 0
type: string
StatefulRules:
insertionOrder: true
items:
additionalProperties: false
properties:
Action:
enum:
- PASS
- DROP
- ALERT
type: string
Header:
additionalProperties: false
properties:
Destination:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
DestinationPort:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
Direction:
enum:
- FORWARD
- ANY
type: string
Protocol:
enum:
- IP
- TCP
- UDP
- ICMP
- HTTP
- FTP
- TLS
- SMB
- DNS
- DCERPC
- SSH
- SMTP
- IMAP
- MSN
- KRB5
- IKEV2
- TFTP
- NTP
- DHCP
type: string
Source:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
SourcePort:
maxLength: 1024
minLength: 1
pattern: ^.*$
type: string
required:
- Protocol
- Source
- SourcePort
- Direction
- Destination
- DestinationPort
type: object
RuleOptions:
insertionOrder: false
items:
additionalProperties: false
properties:
Keyword:
maxLength: 128
minLength: 1
pattern: ^.*$
type: string
Settings:
insertionOrder: false
items:
maxLength: 8192
minLength: 1
pattern: ^.*$
type: string
type: array
uniqueItems: true
required:
- Keyword
type: object
type: array
uniqueItems: true
required:
- Action
- Header
- RuleOptions
type: object
type: array
uniqueItems: true
StatelessRulesAndCustomActions:
additionalProperties: false
properties:
CustomActions:
insertionOrder: false
items:
additionalProperties: false
properties:
ActionDefinition:
additionalProperties: false
properties:
PublishMetricAction:
additionalProperties: false
properties:
Dimensions:
insertionOrder: false
items:
additionalProperties: false
properties:
Value:
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9-_ ]+$
type: string
required:
- Value
type: object
type: array
uniqueItems: true
required:
- Dimensions
type: object
type: object
ActionName:
maxLength: 128
minLength: 1
pattern: ^[a-zA-Z0-9]+$
type: string
required:
- ActionName
- ActionDefinition
type: object
type: array
uniqueItems: true
StatelessRules:
insertionOrder: false
items:
additionalProperties: false
properties:
Priority:
maximum: 65535
minimum: 1
type: integer
RuleDefinition:
additionalProperties: false
properties:
Actions:
insertionOrder: false
items:
type: string
type: array
uniqueItems: true
MatchAttributes:
additionalProperties: false
properties:
DestinationPorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Destinations:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
Protocols:
insertionOrder: false
items:
maximum: 255
minimum: 0
type: integer
type: array
uniqueItems: true
SourcePorts:
insertionOrder: false
items:
additionalProperties: false
properties:
FromPort:
maximum: 65535
minimum: 0
type: integer
ToPort:
maximum: 65535
minimum: 0
type: integer
required:
- FromPort
- ToPort
type: object
type: array
uniqueItems: true
Sources:
insertionOrder: false
items:
additionalProperties: false
properties:
AddressDefinition:
maxLength: 255
minLength: 1
pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
type: string
required:
- AddressDefinition
type: object
type: array
uniqueItems: true
TCPFlags:
insertionOrder: false
items:
additionalProperties: false
properties:
Flags:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
Masks:
insertionOrder: false
items:
enum:
- FIN
- SYN
- RST
- PSH
- ACK
- URG
- ECE
- CWR
type: string
type: array
uniqueItems: true
required:
- Flags
type: object
type: array
uniqueItems: true
type: object
required:
- MatchAttributes
- Actions
type: object
required:
- RuleDefinition
- Priority
type: object
type: array
uniqueItems: true
required:
- StatelessRules
type: object
type: object
StatefulRuleOptions:
additionalProperties: false
properties:
RuleOrder:
enum:
- DEFAULT_ACTION_ORDER
- STRICT_ORDER
type: string
type: object
required:
- RulesSource
type: object
Tags:
insertionOrder: false
items:
additionalProperties: false
properties:
Key:
maxLength: 128
minLength: 1
pattern: ^.*$
type: string
Value:
maxLength: 255
minLength: 0
pattern: ^.*$
type: string
required:
- Key
- Value
type: object
type: array
uniqueItems: true
type:
enum:
- update
Permissions - network-firewall:UpdateRuleGroup, network-firewall:DescribeRuleGroup, network-firewall:TagResource, network-firewall:UntagResource