{ "typeName" : "AWS::NetworkFirewall::RuleGroup", "description" : "Resource type definition for AWS::NetworkFirewall::RuleGroup", "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkfirewall.git", "additionalProperties" : false, "definitions" : { "ResourceArn" : { "description" : "A resource ARN.", "type" : "string", "pattern" : "^(arn:aws.*)$", "minLength" : 1, "maxLength" : 256 }, "Tag" : { "type" : "object", "properties" : { "Key" : { "type" : "string", "minLength" : 1, "maxLength" : 128, "pattern" : "^.*$" }, "Value" : { "type" : "string", "minLength" : 0, "maxLength" : 255, "pattern" : "^.*$" } }, "required" : [ "Key", "Value" ], "additionalProperties" : false }, "RulesString" : { "type" : "string", "minLength" : 0, "maxLength" : 1000000 }, "RuleGroup" : { "type" : "object", "properties" : { "RuleVariables" : { "$ref" : "#/definitions/RuleVariables" }, "ReferenceSets" : { "$ref" : "#/definitions/ReferenceSets" }, "RulesSource" : { "$ref" : "#/definitions/RulesSource" }, "StatefulRuleOptions" : { "$ref" : "#/definitions/StatefulRuleOptions" } }, "required" : [ "RulesSource" ], "additionalProperties" : false }, "RuleVariables" : { "type" : "object", "properties" : { "IPSets" : { "type" : "object", "patternProperties" : { "^[A-Za-z0-9_]{1,32}$" : { "$ref" : "#/definitions/IPSet" } }, "additionalProperties" : false }, "PortSets" : { "type" : "object", "patternProperties" : { "^[A-Za-z0-9_]{1,32}$" : { "$ref" : "#/definitions/PortSet" } }, "additionalProperties" : false } }, "additionalProperties" : false }, "IPSet" : { "type" : "object", "properties" : { "Definition" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/VariableDefinition" } } }, "additionalProperties" : false }, "PortSet" : { "type" : "object", "properties" : { "Definition" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/VariableDefinition" } } }, "additionalProperties" : false }, "VariableDefinition" : { "type" : "string", "minLength" : 1, "pattern" : "^.*$" }, "ReferenceSets" : { "type" : "object", "properties" : { "IPSetReferences" : { "type" : "object", "patternProperties" : { "^[A-Za-z0-9_]{1,32}$" : { "$ref" : "#/definitions/IPSetReference" } }, "additionalProperties" : false } }, "additionalProperties" : false }, "IPSetReference" : { "type" : "object", "properties" : { "ReferenceArn" : { "$ref" : "#/definitions/ResourceArn" } }, "additionalProperties" : false }, "RulesSource" : { "type" : "object", "properties" : { "RulesString" : { "$ref" : "#/definitions/RulesString" }, "RulesSourceList" : { "$ref" : "#/definitions/RulesSourceList" }, "StatefulRules" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/StatefulRule" } }, "StatelessRulesAndCustomActions" : { "$ref" : "#/definitions/StatelessRulesAndCustomActions" } }, "additionalProperties" : false }, "RulesSourceList" : { "type" : "object", "properties" : { "Targets" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "type" : "string" } }, "TargetTypes" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/TargetType" } }, "GeneratedRulesType" : { "$ref" : "#/definitions/GeneratedRulesType" } }, "required" : [ "Targets", "TargetTypes", "GeneratedRulesType" ], "additionalProperties" : false }, "TargetType" : { "type" : "string", "enum" : [ "TLS_SNI", "HTTP_HOST" ] }, "GeneratedRulesType" : { "type" : "string", "enum" : [ "ALLOWLIST", "DENYLIST" ] }, "StatefulRule" : { "type" : "object", "properties" : { "Action" : { "type" : "string", "enum" : [ "PASS", "DROP", "ALERT", "REJECT" ] }, "Header" : { "$ref" : "#/definitions/Header" }, "RuleOptions" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/RuleOption" } } }, "required" : [ "Action", "Header", "RuleOptions" ], "additionalProperties" : false }, "Header" : { "type" : "object", "properties" : { "Protocol" : { "type" : "string", "enum" : [ "IP", "TCP", "UDP", "ICMP", "HTTP", "FTP", "TLS", "SMB", "DNS", "DCERPC", "SSH", "SMTP", "IMAP", "MSN", "KRB5", "IKEV2", "TFTP", "NTP", "DHCP" ] }, "Source" : { "type" : "string", "minLength" : 1, "maxLength" : 1024, "pattern" : "^.*$" }, "SourcePort" : { "$ref" : "#/definitions/Port" }, "Direction" : { "type" : "string", "enum" : [ "FORWARD", "ANY" ] }, "Destination" : { "type" : "string", "minLength" : 1, "maxLength" : 1024, "pattern" : "^.*$" }, "DestinationPort" : { "$ref" : "#/definitions/Port" } }, "required" : [ "Protocol", "Source", "SourcePort", "Direction", "Destination", "DestinationPort" ], "additionalProperties" : false }, "RuleOption" : { "type" : "object", "properties" : { "Keyword" : { "type" : "string", "minLength" : 1, "maxLength" : 128, "pattern" : "^.*$" }, "Settings" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/Setting" } } }, "required" : [ "Keyword" ], "additionalProperties" : false }, "Setting" : { "type" : "string", "minLength" : 1, "maxLength" : 8192, "pattern" : "^.*$" }, "Port" : { "type" : "string", "minLength" : 1, "maxLength" : 1024, "pattern" : "^.*$" }, "StatelessRulesAndCustomActions" : { "type" : "object", "properties" : { "StatelessRules" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/StatelessRule" } }, "CustomActions" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/CustomAction" } } }, "required" : [ "StatelessRules" ], "additionalProperties" : false }, "StatelessRule" : { "type" : "object", "properties" : { "RuleDefinition" : { "$ref" : "#/definitions/RuleDefinition" }, "Priority" : { "type" : "integer", "minimum" : 1, "maximum" : 65535 } }, "required" : [ "RuleDefinition", "Priority" ], "additionalProperties" : false }, "RuleDefinition" : { "type" : "object", "properties" : { "MatchAttributes" : { "$ref" : "#/definitions/MatchAttributes" }, "Actions" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "type" : "string" } } }, "required" : [ "MatchAttributes", "Actions" ], "additionalProperties" : false }, "MatchAttributes" : { "type" : "object", "properties" : { "Sources" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/Address" } }, "Destinations" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/Address" } }, "SourcePorts" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/PortRange" } }, "DestinationPorts" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/PortRange" } }, "Protocols" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/ProtocolNumber" } }, "TCPFlags" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/TCPFlagField" } } }, "additionalProperties" : false }, "Address" : { "type" : "object", "properties" : { "AddressDefinition" : { "type" : "string", "minLength" : 1, "maxLength" : 255, "pattern" : "^([a-fA-F\\d:\\.]+/\\d{1,3})$" } }, "required" : [ "AddressDefinition" ], "additionalProperties" : false }, "PortRange" : { "type" : "object", "properties" : { "FromPort" : { "$ref" : "#/definitions/PortRangeBound" }, "ToPort" : { "$ref" : "#/definitions/PortRangeBound" } }, "required" : [ "FromPort", "ToPort" ], "additionalProperties" : false }, "PortRangeBound" : { "type" : "integer", "minimum" : 0, "maximum" : 65535 }, "ProtocolNumber" : { "type" : "integer", "minimum" : 0, "maximum" : 255 }, "TCPFlagField" : { "type" : "object", "properties" : { "Flags" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/TCPFlag" } }, "Masks" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/TCPFlag" } } }, "required" : [ "Flags" ], "additionalProperties" : false }, "TCPFlag" : { "type" : "string", "enum" : [ "FIN", "SYN", "RST", "PSH", "ACK", "URG", "ECE", "CWR" ] }, "CustomAction" : { "type" : "object", "properties" : { "ActionName" : { "type" : "string", "minLength" : 1, "maxLength" : 128, "pattern" : "^[a-zA-Z0-9]+$" }, "ActionDefinition" : { "$ref" : "#/definitions/ActionDefinition" } }, "required" : [ "ActionName", "ActionDefinition" ], "additionalProperties" : false }, "ActionDefinition" : { "type" : "object", "properties" : { "PublishMetricAction" : { "$ref" : "#/definitions/PublishMetricAction" } }, "additionalProperties" : false }, "PublishMetricAction" : { "type" : "object", "properties" : { "Dimensions" : { "type" : "array", "insertionOrder" : true, "uniqueItems" : false, "items" : { "$ref" : "#/definitions/Dimension" } } }, "required" : [ "Dimensions" ], "additionalProperties" : false }, "Dimension" : { "type" : "object", "properties" : { "Value" : { "type" : "string", "minLength" : 1, "maxLength" : 128, "pattern" : "^[a-zA-Z0-9-_ ]+$" } }, "required" : [ "Value" ], "additionalProperties" : false }, "StatefulRuleOptions" : { "type" : "object", "properties" : { "RuleOrder" : { "$ref" : "#/definitions/RuleOrder" } }, "additionalProperties" : false }, "RuleOrder" : { "type" : "string", "enum" : [ "DEFAULT_ACTION_ORDER", "STRICT_ORDER" ] } }, "properties" : { "RuleGroupName" : { "type" : "string", "minLength" : 1, "maxLength" : 128, "pattern" : "^[a-zA-Z0-9-]+$" }, "RuleGroupArn" : { "$ref" : "#/definitions/ResourceArn" }, "RuleGroupId" : { "type" : "string", "minLength" : 36, "maxLength" : 36, "pattern" : "^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$" }, "RuleGroup" : { "$ref" : "#/definitions/RuleGroup" }, "Type" : { "type" : "string", "enum" : [ "STATELESS", "STATEFUL" ] }, "Capacity" : { "type" : "integer" }, "Description" : { "type" : "string", "minLength" : 1, "maxLength" : 512, "pattern" : "^.*$" }, "Tags" : { "type" : "array", "insertionOrder" : false, "uniqueItems" : true, "items" : { "$ref" : "#/definitions/Tag" } } }, "required" : [ "Type", "Capacity", "RuleGroupName" ], "readOnlyProperties" : [ "/properties/RuleGroupArn", "/properties/RuleGroupId" ], "createOnlyProperties" : [ "/properties/RuleGroupName", "/properties/Capacity", "/properties/Type" ], "primaryIdentifier" : [ "/properties/RuleGroupArn" ], "handlers" : { "create" : { "permissions" : [ "network-firewall:CreateRuleGroup", "network-firewall:DescribeRuleGroup", "network-firewall:TagResource" ] }, "read" : { "permissions" : [ "network-firewall:DescribeRuleGroup", "network-firewall:ListTagsForResources" ] }, "update" : { "permissions" : [ "network-firewall:UpdateRuleGroup", "network-firewall:DescribeRuleGroup", "network-firewall:TagResource", "network-firewall:UntagResource" ] }, "delete" : { "permissions" : [ "network-firewall:DeleteRuleGroup", "network-firewall:DescribeRuleGroup", "network-firewall:UntagResource" ] }, "list" : { "permissions" : [ "network-firewall:ListRuleGroups" ] } } }