awscc.networkfirewall_rulegroup

Filters

  • event

  • reduce

  • value

Actions

delete

Parent base class for filters and actions.

properties:
  type:
    enum:
    - delete
required:
- type

Permissions - network-firewall:DeleteRuleGroup, network-firewall:DescribeRuleGroup, network-firewall:UntagResource

update

Parent base class for filters and actions.

definitions:
  ActionDefinition:
    additionalProperties: false
    properties:
      PublishMetricAction:
        additionalProperties: false
        properties:
          Dimensions:
            insertionOrder: false
            items:
              additionalProperties: false
              properties:
                Value:
                  maxLength: 128
                  minLength: 1
                  pattern: ^[a-zA-Z0-9-_ ]+$
                  type: string
              required:
              - Value
              type: object
            type: array
            uniqueItems: true
        required:
        - Dimensions
        type: object
    type: object
  Address:
    additionalProperties: false
    properties:
      AddressDefinition:
        maxLength: 255
        minLength: 1
        pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
        type: string
    required:
    - AddressDefinition
    type: object
  CustomAction:
    additionalProperties: false
    properties:
      ActionDefinition:
        additionalProperties: false
        properties:
          PublishMetricAction:
            additionalProperties: false
            properties:
              Dimensions:
                insertionOrder: false
                items:
                  additionalProperties: false
                  properties:
                    Value:
                      maxLength: 128
                      minLength: 1
                      pattern: ^[a-zA-Z0-9-_ ]+$
                      type: string
                  required:
                  - Value
                  type: object
                type: array
                uniqueItems: true
            required:
            - Dimensions
            type: object
        type: object
      ActionName:
        maxLength: 128
        minLength: 1
        pattern: ^[a-zA-Z0-9]+$
        type: string
    required:
    - ActionName
    - ActionDefinition
    type: object
  Dimension:
    additionalProperties: false
    properties:
      Value:
        maxLength: 128
        minLength: 1
        pattern: ^[a-zA-Z0-9-_ ]+$
        type: string
    required:
    - Value
    type: object
  GeneratedRulesType:
    enum:
    - ALLOWLIST
    - DENYLIST
    type: string
  Header:
    additionalProperties: false
    properties:
      Destination:
        maxLength: 1024
        minLength: 1
        pattern: ^.*$
        type: string
      DestinationPort:
        maxLength: 1024
        minLength: 1
        pattern: ^.*$
        type: string
      Direction:
        enum:
        - FORWARD
        - ANY
        type: string
      Protocol:
        enum:
        - IP
        - TCP
        - UDP
        - ICMP
        - HTTP
        - FTP
        - TLS
        - SMB
        - DNS
        - DCERPC
        - SSH
        - SMTP
        - IMAP
        - MSN
        - KRB5
        - IKEV2
        - TFTP
        - NTP
        - DHCP
        type: string
      Source:
        maxLength: 1024
        minLength: 1
        pattern: ^.*$
        type: string
      SourcePort:
        maxLength: 1024
        minLength: 1
        pattern: ^.*$
        type: string
    required:
    - Protocol
    - Source
    - SourcePort
    - Direction
    - Destination
    - DestinationPort
    type: object
  IPSet:
    additionalProperties: false
    properties:
      Definition:
        insertionOrder: false
        items:
          minLength: 1
          pattern: ^.*$
          type: string
        type: array
        uniqueItems: true
    type: object
  MatchAttributes:
    additionalProperties: false
    properties:
      DestinationPorts:
        insertionOrder: false
        items:
          additionalProperties: false
          properties:
            FromPort:
              maximum: 65535
              minimum: 0
              type: integer
            ToPort:
              maximum: 65535
              minimum: 0
              type: integer
          required:
          - FromPort
          - ToPort
          type: object
        type: array
        uniqueItems: true
      Destinations:
        insertionOrder: false
        items:
          additionalProperties: false
          properties:
            AddressDefinition:
              maxLength: 255
              minLength: 1
              pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
              type: string
          required:
          - AddressDefinition
          type: object
        type: array
        uniqueItems: true
      Protocols:
        insertionOrder: false
        items:
          maximum: 255
          minimum: 0
          type: integer
        type: array
        uniqueItems: true
      SourcePorts:
        insertionOrder: false
        items:
          additionalProperties: false
          properties:
            FromPort:
              maximum: 65535
              minimum: 0
              type: integer
            ToPort:
              maximum: 65535
              minimum: 0
              type: integer
          required:
          - FromPort
          - ToPort
          type: object
        type: array
        uniqueItems: true
      Sources:
        insertionOrder: false
        items:
          additionalProperties: false
          properties:
            AddressDefinition:
              maxLength: 255
              minLength: 1
              pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
              type: string
          required:
          - AddressDefinition
          type: object
        type: array
        uniqueItems: true
      TCPFlags:
        insertionOrder: false
        items:
          additionalProperties: false
          properties:
            Flags:
              insertionOrder: false
              items:
                enum:
                - FIN
                - SYN
                - RST
                - PSH
                - ACK
                - URG
                - ECE
                - CWR
                type: string
              type: array
              uniqueItems: true
            Masks:
              insertionOrder: false
              items:
                enum:
                - FIN
                - SYN
                - RST
                - PSH
                - ACK
                - URG
                - ECE
                - CWR
                type: string
              type: array
              uniqueItems: true
          required:
          - Flags
          type: object
        type: array
        uniqueItems: true
    type: object
  Port:
    maxLength: 1024
    minLength: 1
    pattern: ^.*$
    type: string
  PortRange:
    additionalProperties: false
    properties:
      FromPort:
        maximum: 65535
        minimum: 0
        type: integer
      ToPort:
        maximum: 65535
        minimum: 0
        type: integer
    required:
    - FromPort
    - ToPort
    type: object
  PortRangeBound:
    maximum: 65535
    minimum: 0
    type: integer
  PortSet:
    additionalProperties: false
    properties:
      Definition:
        insertionOrder: false
        items:
          minLength: 1
          pattern: ^.*$
          type: string
        type: array
        uniqueItems: true
    type: object
  ProtocolNumber:
    maximum: 255
    minimum: 0
    type: integer
  PublishMetricAction:
    additionalProperties: false
    properties:
      Dimensions:
        insertionOrder: false
        items:
          additionalProperties: false
          properties:
            Value:
              maxLength: 128
              minLength: 1
              pattern: ^[a-zA-Z0-9-_ ]+$
              type: string
          required:
          - Value
          type: object
        type: array
        uniqueItems: true
    required:
    - Dimensions
    type: object
  ResourceArn:
    description: A resource ARN.
    maxLength: 256
    minLength: 1
    pattern: ^(arn:aws.*)$
    type: string
  RuleDefinition:
    additionalProperties: false
    properties:
      Actions:
        insertionOrder: false
        items:
          type: string
        type: array
        uniqueItems: true
      MatchAttributes:
        additionalProperties: false
        properties:
          DestinationPorts:
            insertionOrder: false
            items:
              additionalProperties: false
              properties:
                FromPort:
                  maximum: 65535
                  minimum: 0
                  type: integer
                ToPort:
                  maximum: 65535
                  minimum: 0
                  type: integer
              required:
              - FromPort
              - ToPort
              type: object
            type: array
            uniqueItems: true
          Destinations:
            insertionOrder: false
            items:
              additionalProperties: false
              properties:
                AddressDefinition:
                  maxLength: 255
                  minLength: 1
                  pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
                  type: string
              required:
              - AddressDefinition
              type: object
            type: array
            uniqueItems: true
          Protocols:
            insertionOrder: false
            items:
              maximum: 255
              minimum: 0
              type: integer
            type: array
            uniqueItems: true
          SourcePorts:
            insertionOrder: false
            items:
              additionalProperties: false
              properties:
                FromPort:
                  maximum: 65535
                  minimum: 0
                  type: integer
                ToPort:
                  maximum: 65535
                  minimum: 0
                  type: integer
              required:
              - FromPort
              - ToPort
              type: object
            type: array
            uniqueItems: true
          Sources:
            insertionOrder: false
            items:
              additionalProperties: false
              properties:
                AddressDefinition:
                  maxLength: 255
                  minLength: 1
                  pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
                  type: string
              required:
              - AddressDefinition
              type: object
            type: array
            uniqueItems: true
          TCPFlags:
            insertionOrder: false
            items:
              additionalProperties: false
              properties:
                Flags:
                  insertionOrder: false
                  items:
                    enum:
                    - FIN
                    - SYN
                    - RST
                    - PSH
                    - ACK
                    - URG
                    - ECE
                    - CWR
                    type: string
                  type: array
                  uniqueItems: true
                Masks:
                  insertionOrder: false
                  items:
                    enum:
                    - FIN
                    - SYN
                    - RST
                    - PSH
                    - ACK
                    - URG
                    - ECE
                    - CWR
                    type: string
                  type: array
                  uniqueItems: true
              required:
              - Flags
              type: object
            type: array
            uniqueItems: true
        type: object
    required:
    - MatchAttributes
    - Actions
    type: object
  RuleGroup:
    additionalProperties: false
    properties:
      RuleVariables:
        additionalProperties: false
        properties:
          IPSets:
            additionalProperties: false
            patternProperties:
              ^[A-Za-z0-9_]{1,32}$:
                additionalProperties: false
                properties:
                  Definition:
                    insertionOrder: false
                    items:
                      minLength: 1
                      pattern: ^.*$
                      type: string
                    type: array
                    uniqueItems: true
                type: object
            type: object
          PortSets:
            additionalProperties: false
            patternProperties:
              ^[A-Za-z0-9_]{1,32}$:
                additionalProperties: false
                properties:
                  Definition:
                    insertionOrder: false
                    items:
                      minLength: 1
                      pattern: ^.*$
                      type: string
                    type: array
                    uniqueItems: true
                type: object
            type: object
        type: object
      RulesSource:
        additionalProperties: false
        properties:
          RulesSourceList:
            additionalProperties: false
            properties:
              GeneratedRulesType:
                enum:
                - ALLOWLIST
                - DENYLIST
                type: string
              TargetTypes:
                insertionOrder: false
                items:
                  enum:
                  - TLS_SNI
                  - HTTP_HOST
                  type: string
                type: array
                uniqueItems: true
              Targets:
                insertionOrder: false
                items:
                  type: string
                type: array
                uniqueItems: true
            required:
            - Targets
            - TargetTypes
            - GeneratedRulesType
            type: object
          RulesString:
            maxLength: 1000000
            minLength: 0
            type: string
          StatefulRules:
            insertionOrder: true
            items:
              additionalProperties: false
              properties:
                Action:
                  enum:
                  - PASS
                  - DROP
                  - ALERT
                  type: string
                Header:
                  additionalProperties: false
                  properties:
                    Destination:
                      maxLength: 1024
                      minLength: 1
                      pattern: ^.*$
                      type: string
                    DestinationPort:
                      maxLength: 1024
                      minLength: 1
                      pattern: ^.*$
                      type: string
                    Direction:
                      enum:
                      - FORWARD
                      - ANY
                      type: string
                    Protocol:
                      enum:
                      - IP
                      - TCP
                      - UDP
                      - ICMP
                      - HTTP
                      - FTP
                      - TLS
                      - SMB
                      - DNS
                      - DCERPC
                      - SSH
                      - SMTP
                      - IMAP
                      - MSN
                      - KRB5
                      - IKEV2
                      - TFTP
                      - NTP
                      - DHCP
                      type: string
                    Source:
                      maxLength: 1024
                      minLength: 1
                      pattern: ^.*$
                      type: string
                    SourcePort:
                      maxLength: 1024
                      minLength: 1
                      pattern: ^.*$
                      type: string
                  required:
                  - Protocol
                  - Source
                  - SourcePort
                  - Direction
                  - Destination
                  - DestinationPort
                  type: object
                RuleOptions:
                  insertionOrder: false
                  items:
                    additionalProperties: false
                    properties:
                      Keyword:
                        maxLength: 128
                        minLength: 1
                        pattern: ^.*$
                        type: string
                      Settings:
                        insertionOrder: false
                        items:
                          maxLength: 8192
                          minLength: 1
                          pattern: ^.*$
                          type: string
                        type: array
                        uniqueItems: true
                    required:
                    - Keyword
                    type: object
                  type: array
                  uniqueItems: true
              required:
              - Action
              - Header
              - RuleOptions
              type: object
            type: array
            uniqueItems: true
          StatelessRulesAndCustomActions:
            additionalProperties: false
            properties:
              CustomActions:
                insertionOrder: false
                items:
                  additionalProperties: false
                  properties:
                    ActionDefinition:
                      additionalProperties: false
                      properties:
                        PublishMetricAction:
                          additionalProperties: false
                          properties:
                            Dimensions:
                              insertionOrder: false
                              items:
                                additionalProperties: false
                                properties:
                                  Value:
                                    maxLength: 128
                                    minLength: 1
                                    pattern: ^[a-zA-Z0-9-_ ]+$
                                    type: string
                                required:
                                - Value
                                type: object
                              type: array
                              uniqueItems: true
                          required:
                          - Dimensions
                          type: object
                      type: object
                    ActionName:
                      maxLength: 128
                      minLength: 1
                      pattern: ^[a-zA-Z0-9]+$
                      type: string
                  required:
                  - ActionName
                  - ActionDefinition
                  type: object
                type: array
                uniqueItems: true
              StatelessRules:
                insertionOrder: false
                items:
                  additionalProperties: false
                  properties:
                    Priority:
                      maximum: 65535
                      minimum: 1
                      type: integer
                    RuleDefinition:
                      additionalProperties: false
                      properties:
                        Actions:
                          insertionOrder: false
                          items:
                            type: string
                          type: array
                          uniqueItems: true
                        MatchAttributes:
                          additionalProperties: false
                          properties:
                            DestinationPorts:
                              insertionOrder: false
                              items:
                                additionalProperties: false
                                properties:
                                  FromPort:
                                    maximum: 65535
                                    minimum: 0
                                    type: integer
                                  ToPort:
                                    maximum: 65535
                                    minimum: 0
                                    type: integer
                                required:
                                - FromPort
                                - ToPort
                                type: object
                              type: array
                              uniqueItems: true
                            Destinations:
                              insertionOrder: false
                              items:
                                additionalProperties: false
                                properties:
                                  AddressDefinition:
                                    maxLength: 255
                                    minLength: 1
                                    pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
                                    type: string
                                required:
                                - AddressDefinition
                                type: object
                              type: array
                              uniqueItems: true
                            Protocols:
                              insertionOrder: false
                              items:
                                maximum: 255
                                minimum: 0
                                type: integer
                              type: array
                              uniqueItems: true
                            SourcePorts:
                              insertionOrder: false
                              items:
                                additionalProperties: false
                                properties:
                                  FromPort:
                                    maximum: 65535
                                    minimum: 0
                                    type: integer
                                  ToPort:
                                    maximum: 65535
                                    minimum: 0
                                    type: integer
                                required:
                                - FromPort
                                - ToPort
                                type: object
                              type: array
                              uniqueItems: true
                            Sources:
                              insertionOrder: false
                              items:
                                additionalProperties: false
                                properties:
                                  AddressDefinition:
                                    maxLength: 255
                                    minLength: 1
                                    pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
                                    type: string
                                required:
                                - AddressDefinition
                                type: object
                              type: array
                              uniqueItems: true
                            TCPFlags:
                              insertionOrder: false
                              items:
                                additionalProperties: false
                                properties:
                                  Flags:
                                    insertionOrder: false
                                    items:
                                      enum:
                                      - FIN
                                      - SYN
                                      - RST
                                      - PSH
                                      - ACK
                                      - URG
                                      - ECE
                                      - CWR
                                      type: string
                                    type: array
                                    uniqueItems: true
                                  Masks:
                                    insertionOrder: false
                                    items:
                                      enum:
                                      - FIN
                                      - SYN
                                      - RST
                                      - PSH
                                      - ACK
                                      - URG
                                      - ECE
                                      - CWR
                                      type: string
                                    type: array
                                    uniqueItems: true
                                required:
                                - Flags
                                type: object
                              type: array
                              uniqueItems: true
                          type: object
                      required:
                      - MatchAttributes
                      - Actions
                      type: object
                  required:
                  - RuleDefinition
                  - Priority
                  type: object
                type: array
                uniqueItems: true
            required:
            - StatelessRules
            type: object
        type: object
      StatefulRuleOptions:
        additionalProperties: false
        properties:
          RuleOrder:
            enum:
            - DEFAULT_ACTION_ORDER
            - STRICT_ORDER
            type: string
        type: object
    required:
    - RulesSource
    type: object
  RuleOption:
    additionalProperties: false
    properties:
      Keyword:
        maxLength: 128
        minLength: 1
        pattern: ^.*$
        type: string
      Settings:
        insertionOrder: false
        items:
          maxLength: 8192
          minLength: 1
          pattern: ^.*$
          type: string
        type: array
        uniqueItems: true
    required:
    - Keyword
    type: object
  RuleOrder:
    enum:
    - DEFAULT_ACTION_ORDER
    - STRICT_ORDER
    type: string
  RuleVariables:
    additionalProperties: false
    properties:
      IPSets:
        additionalProperties: false
        patternProperties:
          ^[A-Za-z0-9_]{1,32}$:
            additionalProperties: false
            properties:
              Definition:
                insertionOrder: false
                items:
                  minLength: 1
                  pattern: ^.*$
                  type: string
                type: array
                uniqueItems: true
            type: object
        type: object
      PortSets:
        additionalProperties: false
        patternProperties:
          ^[A-Za-z0-9_]{1,32}$:
            additionalProperties: false
            properties:
              Definition:
                insertionOrder: false
                items:
                  minLength: 1
                  pattern: ^.*$
                  type: string
                type: array
                uniqueItems: true
            type: object
        type: object
    type: object
  RulesSource:
    additionalProperties: false
    properties:
      RulesSourceList:
        additionalProperties: false
        properties:
          GeneratedRulesType:
            enum:
            - ALLOWLIST
            - DENYLIST
            type: string
          TargetTypes:
            insertionOrder: false
            items:
              enum:
              - TLS_SNI
              - HTTP_HOST
              type: string
            type: array
            uniqueItems: true
          Targets:
            insertionOrder: false
            items:
              type: string
            type: array
            uniqueItems: true
        required:
        - Targets
        - TargetTypes
        - GeneratedRulesType
        type: object
      RulesString:
        maxLength: 1000000
        minLength: 0
        type: string
      StatefulRules:
        insertionOrder: true
        items:
          additionalProperties: false
          properties:
            Action:
              enum:
              - PASS
              - DROP
              - ALERT
              type: string
            Header:
              additionalProperties: false
              properties:
                Destination:
                  maxLength: 1024
                  minLength: 1
                  pattern: ^.*$
                  type: string
                DestinationPort:
                  maxLength: 1024
                  minLength: 1
                  pattern: ^.*$
                  type: string
                Direction:
                  enum:
                  - FORWARD
                  - ANY
                  type: string
                Protocol:
                  enum:
                  - IP
                  - TCP
                  - UDP
                  - ICMP
                  - HTTP
                  - FTP
                  - TLS
                  - SMB
                  - DNS
                  - DCERPC
                  - SSH
                  - SMTP
                  - IMAP
                  - MSN
                  - KRB5
                  - IKEV2
                  - TFTP
                  - NTP
                  - DHCP
                  type: string
                Source:
                  maxLength: 1024
                  minLength: 1
                  pattern: ^.*$
                  type: string
                SourcePort:
                  maxLength: 1024
                  minLength: 1
                  pattern: ^.*$
                  type: string
              required:
              - Protocol
              - Source
              - SourcePort
              - Direction
              - Destination
              - DestinationPort
              type: object
            RuleOptions:
              insertionOrder: false
              items:
                additionalProperties: false
                properties:
                  Keyword:
                    maxLength: 128
                    minLength: 1
                    pattern: ^.*$
                    type: string
                  Settings:
                    insertionOrder: false
                    items:
                      maxLength: 8192
                      minLength: 1
                      pattern: ^.*$
                      type: string
                    type: array
                    uniqueItems: true
                required:
                - Keyword
                type: object
              type: array
              uniqueItems: true
          required:
          - Action
          - Header
          - RuleOptions
          type: object
        type: array
        uniqueItems: true
      StatelessRulesAndCustomActions:
        additionalProperties: false
        properties:
          CustomActions:
            insertionOrder: false
            items:
              additionalProperties: false
              properties:
                ActionDefinition:
                  additionalProperties: false
                  properties:
                    PublishMetricAction:
                      additionalProperties: false
                      properties:
                        Dimensions:
                          insertionOrder: false
                          items:
                            additionalProperties: false
                            properties:
                              Value:
                                maxLength: 128
                                minLength: 1
                                pattern: ^[a-zA-Z0-9-_ ]+$
                                type: string
                            required:
                            - Value
                            type: object
                          type: array
                          uniqueItems: true
                      required:
                      - Dimensions
                      type: object
                  type: object
                ActionName:
                  maxLength: 128
                  minLength: 1
                  pattern: ^[a-zA-Z0-9]+$
                  type: string
              required:
              - ActionName
              - ActionDefinition
              type: object
            type: array
            uniqueItems: true
          StatelessRules:
            insertionOrder: false
            items:
              additionalProperties: false
              properties:
                Priority:
                  maximum: 65535
                  minimum: 1
                  type: integer
                RuleDefinition:
                  additionalProperties: false
                  properties:
                    Actions:
                      insertionOrder: false
                      items:
                        type: string
                      type: array
                      uniqueItems: true
                    MatchAttributes:
                      additionalProperties: false
                      properties:
                        DestinationPorts:
                          insertionOrder: false
                          items:
                            additionalProperties: false
                            properties:
                              FromPort:
                                maximum: 65535
                                minimum: 0
                                type: integer
                              ToPort:
                                maximum: 65535
                                minimum: 0
                                type: integer
                            required:
                            - FromPort
                            - ToPort
                            type: object
                          type: array
                          uniqueItems: true
                        Destinations:
                          insertionOrder: false
                          items:
                            additionalProperties: false
                            properties:
                              AddressDefinition:
                                maxLength: 255
                                minLength: 1
                                pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
                                type: string
                            required:
                            - AddressDefinition
                            type: object
                          type: array
                          uniqueItems: true
                        Protocols:
                          insertionOrder: false
                          items:
                            maximum: 255
                            minimum: 0
                            type: integer
                          type: array
                          uniqueItems: true
                        SourcePorts:
                          insertionOrder: false
                          items:
                            additionalProperties: false
                            properties:
                              FromPort:
                                maximum: 65535
                                minimum: 0
                                type: integer
                              ToPort:
                                maximum: 65535
                                minimum: 0
                                type: integer
                            required:
                            - FromPort
                            - ToPort
                            type: object
                          type: array
                          uniqueItems: true
                        Sources:
                          insertionOrder: false
                          items:
                            additionalProperties: false
                            properties:
                              AddressDefinition:
                                maxLength: 255
                                minLength: 1
                                pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
                                type: string
                            required:
                            - AddressDefinition
                            type: object
                          type: array
                          uniqueItems: true
                        TCPFlags:
                          insertionOrder: false
                          items:
                            additionalProperties: false
                            properties:
                              Flags:
                                insertionOrder: false
                                items:
                                  enum:
                                  - FIN
                                  - SYN
                                  - RST
                                  - PSH
                                  - ACK
                                  - URG
                                  - ECE
                                  - CWR
                                  type: string
                                type: array
                                uniqueItems: true
                              Masks:
                                insertionOrder: false
                                items:
                                  enum:
                                  - FIN
                                  - SYN
                                  - RST
                                  - PSH
                                  - ACK
                                  - URG
                                  - ECE
                                  - CWR
                                  type: string
                                type: array
                                uniqueItems: true
                            required:
                            - Flags
                            type: object
                          type: array
                          uniqueItems: true
                      type: object
                  required:
                  - MatchAttributes
                  - Actions
                  type: object
              required:
              - RuleDefinition
              - Priority
              type: object
            type: array
            uniqueItems: true
        required:
        - StatelessRules
        type: object
    type: object
  RulesSourceList:
    additionalProperties: false
    properties:
      GeneratedRulesType:
        enum:
        - ALLOWLIST
        - DENYLIST
        type: string
      TargetTypes:
        insertionOrder: false
        items:
          enum:
          - TLS_SNI
          - HTTP_HOST
          type: string
        type: array
        uniqueItems: true
      Targets:
        insertionOrder: false
        items:
          type: string
        type: array
        uniqueItems: true
    required:
    - Targets
    - TargetTypes
    - GeneratedRulesType
    type: object
  RulesString:
    maxLength: 1000000
    minLength: 0
    type: string
  Setting:
    maxLength: 8192
    minLength: 1
    pattern: ^.*$
    type: string
  StatefulRule:
    additionalProperties: false
    properties:
      Action:
        enum:
        - PASS
        - DROP
        - ALERT
        type: string
      Header:
        additionalProperties: false
        properties:
          Destination:
            maxLength: 1024
            minLength: 1
            pattern: ^.*$
            type: string
          DestinationPort:
            maxLength: 1024
            minLength: 1
            pattern: ^.*$
            type: string
          Direction:
            enum:
            - FORWARD
            - ANY
            type: string
          Protocol:
            enum:
            - IP
            - TCP
            - UDP
            - ICMP
            - HTTP
            - FTP
            - TLS
            - SMB
            - DNS
            - DCERPC
            - SSH
            - SMTP
            - IMAP
            - MSN
            - KRB5
            - IKEV2
            - TFTP
            - NTP
            - DHCP
            type: string
          Source:
            maxLength: 1024
            minLength: 1
            pattern: ^.*$
            type: string
          SourcePort:
            maxLength: 1024
            minLength: 1
            pattern: ^.*$
            type: string
        required:
        - Protocol
        - Source
        - SourcePort
        - Direction
        - Destination
        - DestinationPort
        type: object
      RuleOptions:
        insertionOrder: false
        items:
          additionalProperties: false
          properties:
            Keyword:
              maxLength: 128
              minLength: 1
              pattern: ^.*$
              type: string
            Settings:
              insertionOrder: false
              items:
                maxLength: 8192
                minLength: 1
                pattern: ^.*$
                type: string
              type: array
              uniqueItems: true
          required:
          - Keyword
          type: object
        type: array
        uniqueItems: true
    required:
    - Action
    - Header
    - RuleOptions
    type: object
  StatefulRuleOptions:
    additionalProperties: false
    properties:
      RuleOrder:
        enum:
        - DEFAULT_ACTION_ORDER
        - STRICT_ORDER
        type: string
    type: object
  StatelessRule:
    additionalProperties: false
    properties:
      Priority:
        maximum: 65535
        minimum: 1
        type: integer
      RuleDefinition:
        additionalProperties: false
        properties:
          Actions:
            insertionOrder: false
            items:
              type: string
            type: array
            uniqueItems: true
          MatchAttributes:
            additionalProperties: false
            properties:
              DestinationPorts:
                insertionOrder: false
                items:
                  additionalProperties: false
                  properties:
                    FromPort:
                      maximum: 65535
                      minimum: 0
                      type: integer
                    ToPort:
                      maximum: 65535
                      minimum: 0
                      type: integer
                  required:
                  - FromPort
                  - ToPort
                  type: object
                type: array
                uniqueItems: true
              Destinations:
                insertionOrder: false
                items:
                  additionalProperties: false
                  properties:
                    AddressDefinition:
                      maxLength: 255
                      minLength: 1
                      pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
                      type: string
                  required:
                  - AddressDefinition
                  type: object
                type: array
                uniqueItems: true
              Protocols:
                insertionOrder: false
                items:
                  maximum: 255
                  minimum: 0
                  type: integer
                type: array
                uniqueItems: true
              SourcePorts:
                insertionOrder: false
                items:
                  additionalProperties: false
                  properties:
                    FromPort:
                      maximum: 65535
                      minimum: 0
                      type: integer
                    ToPort:
                      maximum: 65535
                      minimum: 0
                      type: integer
                  required:
                  - FromPort
                  - ToPort
                  type: object
                type: array
                uniqueItems: true
              Sources:
                insertionOrder: false
                items:
                  additionalProperties: false
                  properties:
                    AddressDefinition:
                      maxLength: 255
                      minLength: 1
                      pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
                      type: string
                  required:
                  - AddressDefinition
                  type: object
                type: array
                uniqueItems: true
              TCPFlags:
                insertionOrder: false
                items:
                  additionalProperties: false
                  properties:
                    Flags:
                      insertionOrder: false
                      items:
                        enum:
                        - FIN
                        - SYN
                        - RST
                        - PSH
                        - ACK
                        - URG
                        - ECE
                        - CWR
                        type: string
                      type: array
                      uniqueItems: true
                    Masks:
                      insertionOrder: false
                      items:
                        enum:
                        - FIN
                        - SYN
                        - RST
                        - PSH
                        - ACK
                        - URG
                        - ECE
                        - CWR
                        type: string
                      type: array
                      uniqueItems: true
                  required:
                  - Flags
                  type: object
                type: array
                uniqueItems: true
            type: object
        required:
        - MatchAttributes
        - Actions
        type: object
    required:
    - RuleDefinition
    - Priority
    type: object
  StatelessRulesAndCustomActions:
    additionalProperties: false
    properties:
      CustomActions:
        insertionOrder: false
        items:
          additionalProperties: false
          properties:
            ActionDefinition:
              additionalProperties: false
              properties:
                PublishMetricAction:
                  additionalProperties: false
                  properties:
                    Dimensions:
                      insertionOrder: false
                      items:
                        additionalProperties: false
                        properties:
                          Value:
                            maxLength: 128
                            minLength: 1
                            pattern: ^[a-zA-Z0-9-_ ]+$
                            type: string
                        required:
                        - Value
                        type: object
                      type: array
                      uniqueItems: true
                  required:
                  - Dimensions
                  type: object
              type: object
            ActionName:
              maxLength: 128
              minLength: 1
              pattern: ^[a-zA-Z0-9]+$
              type: string
          required:
          - ActionName
          - ActionDefinition
          type: object
        type: array
        uniqueItems: true
      StatelessRules:
        insertionOrder: false
        items:
          additionalProperties: false
          properties:
            Priority:
              maximum: 65535
              minimum: 1
              type: integer
            RuleDefinition:
              additionalProperties: false
              properties:
                Actions:
                  insertionOrder: false
                  items:
                    type: string
                  type: array
                  uniqueItems: true
                MatchAttributes:
                  additionalProperties: false
                  properties:
                    DestinationPorts:
                      insertionOrder: false
                      items:
                        additionalProperties: false
                        properties:
                          FromPort:
                            maximum: 65535
                            minimum: 0
                            type: integer
                          ToPort:
                            maximum: 65535
                            minimum: 0
                            type: integer
                        required:
                        - FromPort
                        - ToPort
                        type: object
                      type: array
                      uniqueItems: true
                    Destinations:
                      insertionOrder: false
                      items:
                        additionalProperties: false
                        properties:
                          AddressDefinition:
                            maxLength: 255
                            minLength: 1
                            pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
                            type: string
                        required:
                        - AddressDefinition
                        type: object
                      type: array
                      uniqueItems: true
                    Protocols:
                      insertionOrder: false
                      items:
                        maximum: 255
                        minimum: 0
                        type: integer
                      type: array
                      uniqueItems: true
                    SourcePorts:
                      insertionOrder: false
                      items:
                        additionalProperties: false
                        properties:
                          FromPort:
                            maximum: 65535
                            minimum: 0
                            type: integer
                          ToPort:
                            maximum: 65535
                            minimum: 0
                            type: integer
                        required:
                        - FromPort
                        - ToPort
                        type: object
                      type: array
                      uniqueItems: true
                    Sources:
                      insertionOrder: false
                      items:
                        additionalProperties: false
                        properties:
                          AddressDefinition:
                            maxLength: 255
                            minLength: 1
                            pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
                            type: string
                        required:
                        - AddressDefinition
                        type: object
                      type: array
                      uniqueItems: true
                    TCPFlags:
                      insertionOrder: false
                      items:
                        additionalProperties: false
                        properties:
                          Flags:
                            insertionOrder: false
                            items:
                              enum:
                              - FIN
                              - SYN
                              - RST
                              - PSH
                              - ACK
                              - URG
                              - ECE
                              - CWR
                              type: string
                            type: array
                            uniqueItems: true
                          Masks:
                            insertionOrder: false
                            items:
                              enum:
                              - FIN
                              - SYN
                              - RST
                              - PSH
                              - ACK
                              - URG
                              - ECE
                              - CWR
                              type: string
                            type: array
                            uniqueItems: true
                        required:
                        - Flags
                        type: object
                      type: array
                      uniqueItems: true
                  type: object
              required:
              - MatchAttributes
              - Actions
              type: object
          required:
          - RuleDefinition
          - Priority
          type: object
        type: array
        uniqueItems: true
    required:
    - StatelessRules
    type: object
  TCPFlag:
    enum:
    - FIN
    - SYN
    - RST
    - PSH
    - ACK
    - URG
    - ECE
    - CWR
    type: string
  TCPFlagField:
    additionalProperties: false
    properties:
      Flags:
        insertionOrder: false
        items:
          enum:
          - FIN
          - SYN
          - RST
          - PSH
          - ACK
          - URG
          - ECE
          - CWR
          type: string
        type: array
        uniqueItems: true
      Masks:
        insertionOrder: false
        items:
          enum:
          - FIN
          - SYN
          - RST
          - PSH
          - ACK
          - URG
          - ECE
          - CWR
          type: string
        type: array
        uniqueItems: true
    required:
    - Flags
    type: object
  Tag:
    additionalProperties: false
    properties:
      Key:
        maxLength: 128
        minLength: 1
        pattern: ^.*$
        type: string
      Value:
        maxLength: 255
        minLength: 0
        pattern: ^.*$
        type: string
    required:
    - Key
    - Value
    type: object
  TargetType:
    enum:
    - TLS_SNI
    - HTTP_HOST
    type: string
  VariableDefinition:
    minLength: 1
    pattern: ^.*$
    type: string
properties:
  Description:
    maxLength: 512
    minLength: 1
    pattern: ^.*$
    type: string
  RuleGroup:
    additionalProperties: false
    properties:
      RuleVariables:
        additionalProperties: false
        properties:
          IPSets:
            additionalProperties: false
            patternProperties:
              ^[A-Za-z0-9_]{1,32}$:
                additionalProperties: false
                properties:
                  Definition:
                    insertionOrder: false
                    items:
                      minLength: 1
                      pattern: ^.*$
                      type: string
                    type: array
                    uniqueItems: true
                type: object
            type: object
          PortSets:
            additionalProperties: false
            patternProperties:
              ^[A-Za-z0-9_]{1,32}$:
                additionalProperties: false
                properties:
                  Definition:
                    insertionOrder: false
                    items:
                      minLength: 1
                      pattern: ^.*$
                      type: string
                    type: array
                    uniqueItems: true
                type: object
            type: object
        type: object
      RulesSource:
        additionalProperties: false
        properties:
          RulesSourceList:
            additionalProperties: false
            properties:
              GeneratedRulesType:
                enum:
                - ALLOWLIST
                - DENYLIST
                type: string
              TargetTypes:
                insertionOrder: false
                items:
                  enum:
                  - TLS_SNI
                  - HTTP_HOST
                  type: string
                type: array
                uniqueItems: true
              Targets:
                insertionOrder: false
                items:
                  type: string
                type: array
                uniqueItems: true
            required:
            - Targets
            - TargetTypes
            - GeneratedRulesType
            type: object
          RulesString:
            maxLength: 1000000
            minLength: 0
            type: string
          StatefulRules:
            insertionOrder: true
            items:
              additionalProperties: false
              properties:
                Action:
                  enum:
                  - PASS
                  - DROP
                  - ALERT
                  type: string
                Header:
                  additionalProperties: false
                  properties:
                    Destination:
                      maxLength: 1024
                      minLength: 1
                      pattern: ^.*$
                      type: string
                    DestinationPort:
                      maxLength: 1024
                      minLength: 1
                      pattern: ^.*$
                      type: string
                    Direction:
                      enum:
                      - FORWARD
                      - ANY
                      type: string
                    Protocol:
                      enum:
                      - IP
                      - TCP
                      - UDP
                      - ICMP
                      - HTTP
                      - FTP
                      - TLS
                      - SMB
                      - DNS
                      - DCERPC
                      - SSH
                      - SMTP
                      - IMAP
                      - MSN
                      - KRB5
                      - IKEV2
                      - TFTP
                      - NTP
                      - DHCP
                      type: string
                    Source:
                      maxLength: 1024
                      minLength: 1
                      pattern: ^.*$
                      type: string
                    SourcePort:
                      maxLength: 1024
                      minLength: 1
                      pattern: ^.*$
                      type: string
                  required:
                  - Protocol
                  - Source
                  - SourcePort
                  - Direction
                  - Destination
                  - DestinationPort
                  type: object
                RuleOptions:
                  insertionOrder: false
                  items:
                    additionalProperties: false
                    properties:
                      Keyword:
                        maxLength: 128
                        minLength: 1
                        pattern: ^.*$
                        type: string
                      Settings:
                        insertionOrder: false
                        items:
                          maxLength: 8192
                          minLength: 1
                          pattern: ^.*$
                          type: string
                        type: array
                        uniqueItems: true
                    required:
                    - Keyword
                    type: object
                  type: array
                  uniqueItems: true
              required:
              - Action
              - Header
              - RuleOptions
              type: object
            type: array
            uniqueItems: true
          StatelessRulesAndCustomActions:
            additionalProperties: false
            properties:
              CustomActions:
                insertionOrder: false
                items:
                  additionalProperties: false
                  properties:
                    ActionDefinition:
                      additionalProperties: false
                      properties:
                        PublishMetricAction:
                          additionalProperties: false
                          properties:
                            Dimensions:
                              insertionOrder: false
                              items:
                                additionalProperties: false
                                properties:
                                  Value:
                                    maxLength: 128
                                    minLength: 1
                                    pattern: ^[a-zA-Z0-9-_ ]+$
                                    type: string
                                required:
                                - Value
                                type: object
                              type: array
                              uniqueItems: true
                          required:
                          - Dimensions
                          type: object
                      type: object
                    ActionName:
                      maxLength: 128
                      minLength: 1
                      pattern: ^[a-zA-Z0-9]+$
                      type: string
                  required:
                  - ActionName
                  - ActionDefinition
                  type: object
                type: array
                uniqueItems: true
              StatelessRules:
                insertionOrder: false
                items:
                  additionalProperties: false
                  properties:
                    Priority:
                      maximum: 65535
                      minimum: 1
                      type: integer
                    RuleDefinition:
                      additionalProperties: false
                      properties:
                        Actions:
                          insertionOrder: false
                          items:
                            type: string
                          type: array
                          uniqueItems: true
                        MatchAttributes:
                          additionalProperties: false
                          properties:
                            DestinationPorts:
                              insertionOrder: false
                              items:
                                additionalProperties: false
                                properties:
                                  FromPort:
                                    maximum: 65535
                                    minimum: 0
                                    type: integer
                                  ToPort:
                                    maximum: 65535
                                    minimum: 0
                                    type: integer
                                required:
                                - FromPort
                                - ToPort
                                type: object
                              type: array
                              uniqueItems: true
                            Destinations:
                              insertionOrder: false
                              items:
                                additionalProperties: false
                                properties:
                                  AddressDefinition:
                                    maxLength: 255
                                    minLength: 1
                                    pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
                                    type: string
                                required:
                                - AddressDefinition
                                type: object
                              type: array
                              uniqueItems: true
                            Protocols:
                              insertionOrder: false
                              items:
                                maximum: 255
                                minimum: 0
                                type: integer
                              type: array
                              uniqueItems: true
                            SourcePorts:
                              insertionOrder: false
                              items:
                                additionalProperties: false
                                properties:
                                  FromPort:
                                    maximum: 65535
                                    minimum: 0
                                    type: integer
                                  ToPort:
                                    maximum: 65535
                                    minimum: 0
                                    type: integer
                                required:
                                - FromPort
                                - ToPort
                                type: object
                              type: array
                              uniqueItems: true
                            Sources:
                              insertionOrder: false
                              items:
                                additionalProperties: false
                                properties:
                                  AddressDefinition:
                                    maxLength: 255
                                    minLength: 1
                                    pattern: ^([a-fA-F\d:\.]+/\d{1,3})$
                                    type: string
                                required:
                                - AddressDefinition
                                type: object
                              type: array
                              uniqueItems: true
                            TCPFlags:
                              insertionOrder: false
                              items:
                                additionalProperties: false
                                properties:
                                  Flags:
                                    insertionOrder: false
                                    items:
                                      enum:
                                      - FIN
                                      - SYN
                                      - RST
                                      - PSH
                                      - ACK
                                      - URG
                                      - ECE
                                      - CWR
                                      type: string
                                    type: array
                                    uniqueItems: true
                                  Masks:
                                    insertionOrder: false
                                    items:
                                      enum:
                                      - FIN
                                      - SYN
                                      - RST
                                      - PSH
                                      - ACK
                                      - URG
                                      - ECE
                                      - CWR
                                      type: string
                                    type: array
                                    uniqueItems: true
                                required:
                                - Flags
                                type: object
                              type: array
                              uniqueItems: true
                          type: object
                      required:
                      - MatchAttributes
                      - Actions
                      type: object
                  required:
                  - RuleDefinition
                  - Priority
                  type: object
                type: array
                uniqueItems: true
            required:
            - StatelessRules
            type: object
        type: object
      StatefulRuleOptions:
        additionalProperties: false
        properties:
          RuleOrder:
            enum:
            - DEFAULT_ACTION_ORDER
            - STRICT_ORDER
            type: string
        type: object
    required:
    - RulesSource
    type: object
  Tags:
    insertionOrder: false
    items:
      additionalProperties: false
      properties:
        Key:
          maxLength: 128
          minLength: 1
          pattern: ^.*$
          type: string
        Value:
          maxLength: 255
          minLength: 0
          pattern: ^.*$
          type: string
      required:
      - Key
      - Value
      type: object
    type: array
    uniqueItems: true
  type:
    enum:
    - update

Permissions - network-firewall:UpdateRuleGroup, network-firewall:DescribeRuleGroup, network-firewall:TagResource, network-firewall:UntagResource