pulumi-aws-kotlin/com.pulumi.aws.ec2.kotlin/TrafficMirrorFilterRule

TrafficMirrorFilterRule

class TrafficMirrorFilterRule : KotlinCustomResource

Provides an Traffic mirror filter rule. Read limits and considerations for traffic mirroring

Example Usage

To create a basic traffic mirror session

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.TrafficMirrorFilter;
import com.pulumi.aws.ec2.TrafficMirrorFilterArgs;
import com.pulumi.aws.ec2.TrafficMirrorFilterRule;
import com.pulumi.aws.ec2.TrafficMirrorFilterRuleArgs;
import com.pulumi.aws.ec2.inputs.TrafficMirrorFilterRuleDestinationPortRangeArgs;
import com.pulumi.aws.ec2.inputs.TrafficMirrorFilterRuleSourcePortRangeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var filter = new TrafficMirrorFilter("filter", TrafficMirrorFilterArgs.builder()
            .description("traffic mirror filter - example")
            .networkServices("amazon-dns")
            .build());
        var ruleout = new TrafficMirrorFilterRule("ruleout", TrafficMirrorFilterRuleArgs.builder()
            .description("test rule")
            .trafficMirrorFilterId(filter.id())
            .destinationCidrBlock("10.0.0.0/8")
            .sourceCidrBlock("10.0.0.0/8")
            .ruleNumber(1)
            .ruleAction("accept")
            .trafficDirection("egress")
            .build());
        var rulein = new TrafficMirrorFilterRule("rulein", TrafficMirrorFilterRuleArgs.builder()
            .description("test rule")
            .trafficMirrorFilterId(filter.id())
            .destinationCidrBlock("10.0.0.0/8")
            .sourceCidrBlock("10.0.0.0/8")
            .ruleNumber(1)
            .ruleAction("accept")
            .trafficDirection("ingress")
            .protocol(6)
            .destinationPortRange(TrafficMirrorFilterRuleDestinationPortRangeArgs.builder()
                .fromPort(22)
                .toPort(53)
                .build())
            .sourcePortRange(TrafficMirrorFilterRuleSourcePortRangeArgs.builder()
                .fromPort(0)
                .toPort(10)
                .build())
            .build());
    }
}
Content copied to clipboard

Import

Traffic mirror rules can be imported using the traffic_mirror_filter_id and id separated by : e.g.,

$ pulumi import aws:ec2/trafficMirrorFilterRule:TrafficMirrorFilterRule rule tmf-0fbb93ddf38198f64:tmfr-05a458f06445d0aee
Content copied to clipboard

Properties

Link copied to clipboard
val arn: Output<String>

ARN of the traffic mirror filter rule.

Link copied to clipboard
val description: Output<String>?

Description of the traffic mirror filter rule.

Link copied to clipboard
val destinationCidrBlock: Output<String>

Destination CIDR block to assign to the Traffic Mirror rule.

Link copied to clipboard
val destinationPortRange: Output<TrafficMirrorFilterRuleDestinationPortRange>?

Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val protocol: Output<Int>?

Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val ruleAction: Output<String>

Action to take (accept | reject) on the filtered traffic. Valid values are accept and reject

Link copied to clipboard
val ruleNumber: Output<Int>

Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.

Link copied to clipboard
val sourceCidrBlock: Output<String>

Source CIDR block to assign to the Traffic Mirror rule.

Link copied to clipboard
val sourcePortRange: Output<TrafficMirrorFilterRuleSourcePortRange>?

Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below

Link copied to clipboard
val trafficDirection: Output<String>

Direction of traffic to be captured. Valid values are ingress and egress Traffic mirror port range support following attributes:

Link copied to clipboard
val trafficMirrorFilterId: Output<String>

ID of the traffic mirror filter to which this rule should be added

Link copied to clipboard
val urn: Output<String>