Skip to main content

NetworkFirewallRuleGroup


Resource Icon

Resource Overview

A reusable set of criteria for inspecting and handling network traffic.

Associated Resources

Parent Resources

Connected Resources

Resource Configuration

Basic Settings

  • description : Rule group description (maximum 256 characters)
  • rule_group_type : Rule group type - STATEFUL, STATELESS
  • generated_rules_type : Rule format - StandardStatefulRules, DomainList, SuricataRuleStrings
  • rule_evaluation_order : Rule evaluation order - STRICT_ORDER, DEFAULT_ACTION_ORDER
  • capacity : Rule group capacity (WCU) - 1 ~ 30000

IP Sets (ip_set)

  • ip_set.cidrs : List of CIDRs used for IP set variables

Port Sets (port_set)

  • port_set.ports : List of port values

Domain List Rules (domain_list_rule)

  • domain_list_rule.domain_names : List of domain names to allow or deny
  • domain_list_rule.protocols : Protocols to inspect - HTTP, HTTPS
  • domain_list_rule.action : Domain rule action - ALLOWLIST, DENYLIST
  • domain_list_rule.cidr_ranges : Source CIDR ranges to inspect

Suricata Rules (suricata_compatible_rule_string)

  • suricata_compatible_rule_string : Suricata-compatible rule string

Stateful Rules (stateful_rule)

  • stateful_rule.protocol : Transport protocol
  • stateful_rule.source_ip_or_cidr : Source IP or CIDR
  • stateful_rule.source_port : Source port or port range
  • stateful_rule.target_ip_or_cidr : Target IP or CIDR
  • stateful_rule.target_port : Target port or port range
  • stateful_rule.traffic_direction : Traffic direction - ANY, FORWARD
  • stateful_rule.action : Action on match - ALERT, DROP, PASS, REJECT

Stateless Rules (stateless_rule)

  • stateless_rule.priority : Rule priority
  • stateless_rule.protocols : List of protocols to inspect
  • stateless_rule.source_ip_or_cidr : Source IP or CIDR
  • stateless_rule.source_port : Source port or port range
  • stateless_rule.target_ip_or_cidr : Target IP or CIDR
  • stateless_rule.target_port : Target port or port range
  • stateless_rule.action : Packet handling action - aws:pass, aws:drop, aws:forward_to_sfe

Encryption Configuration (encryption_configuration)

  • encryption_configuration.enabled_custom_configuration : Whether AWS managed key encryption is enabled - true, false
  • encryption_configuration.kms_key_name : Name of the KMS key used

Tags

  • tag : Tags used to categorize the resource

References