pulumi-aws-native-kotlin/com.pulumi.awsnative.networkfirewall.kotlin.inputs/FirewallPolicyArgs

FirewallPolicyArgs

data class FirewallPolicyArgs(val policyVariables: Output<FirewallPolicyPolicyVariablesPropertiesArgs>? = null, val statefulDefaultActions: Output<List<String>>? = null, val statefulEngineOptions: Output<FirewallPolicyStatefulEngineOptionsArgs>? = null, val statefulRuleGroupReferences: Output<List<FirewallPolicyStatefulRuleGroupReferenceArgs>>? = null, val statelessCustomActions: Output<List<FirewallPolicyCustomActionArgs>>? = null, val statelessDefaultActions: Output<List<String>>, val statelessFragmentDefaultActions: Output<List<String>>, val statelessRuleGroupReferences: Output<List<FirewallPolicyStatelessRuleGroupReferenceArgs>>? = null, val tlsInspectionConfigurationArn: Output<String>? = null) : ConvertibleToJava<FirewallPolicyArgs>

Constructors

Link copied to clipboard
constructor(policyVariables: Output<FirewallPolicyPolicyVariablesPropertiesArgs>? = null, statefulDefaultActions: Output<List<String>>? = null, statefulEngineOptions: Output<FirewallPolicyStatefulEngineOptionsArgs>? = null, statefulRuleGroupReferences: Output<List<FirewallPolicyStatefulRuleGroupReferenceArgs>>? = null, statelessCustomActions: Output<List<FirewallPolicyCustomActionArgs>>? = null, statelessDefaultActions: Output<List<String>>, statelessFragmentDefaultActions: Output<List<String>>, statelessRuleGroupReferences: Output<List<FirewallPolicyStatelessRuleGroupReferenceArgs>>? = null, tlsInspectionConfigurationArn: Output<String>? = null)

Properties

Link copied to clipboard
val policyVariables: Output<FirewallPolicyPolicyVariablesPropertiesArgs>? = null

Contains variables that you can use to override default Suricata settings in your firewall policy.

Link copied to clipboard
val statefulDefaultActions: Output<List<String>>? = null

The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is optional, and is only valid when using the strict rule order. Valid values of the stateful default action:

Link copied to clipboard
val statefulEngineOptions: Output<FirewallPolicyStatefulEngineOptionsArgs>? = null

Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that you use in your policy must have stateful rule options settings that are compatible with these settings.

Link copied to clipboard
val statefulRuleGroupReferences: Output<List<FirewallPolicyStatefulRuleGroupReferenceArgs>>? = null

References to the stateful rule groups that are used in the policy. These define the inspection criteria in stateful rules.

Link copied to clipboard
val statelessCustomActions: Output<List<FirewallPolicyCustomActionArgs>>? = null

The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

Link copied to clipboard
val statelessDefaultActions: Output<List<String>>

The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe . You must specify one of the standard actions: aws:pass , aws:drop , or aws:forward_to_sfe . In addition, you can specify custom actions that are compatible with your standard section choice. For example, you could specify ["aws:pass"] or you could specify ["aws:pass", "customActionName"] . For information about compatibility, see the custom action descriptions.

Link copied to clipboard
val statelessFragmentDefaultActions: Output<List<String>>

The actions to take on a fragmented packet if it doesn't match any of the stateless rules in the policy. If you want non-matching fragmented packets to be forwarded for stateful inspection, specify aws:forward_to_sfe . You must specify one of the standard actions: aws:pass , aws:drop , or aws:forward_to_sfe . In addition, you can specify custom actions that are compatible with your standard section choice. For example, you could specify ["aws:pass"] or you could specify ["aws:pass", "customActionName"] . For information about compatibility, see the custom action descriptions.

Link copied to clipboard
val statelessRuleGroupReferences: Output<List<FirewallPolicyStatelessRuleGroupReferenceArgs>>? = null

References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

Link copied to clipboard
val tlsInspectionConfigurationArn: Output<String>? = null

The Amazon Resource Name (ARN) of the TLS inspection configuration.

Functions

Link copied to clipboard
open override fun toJava(): FirewallPolicyArgs