pulumi-aws-kotlin/com.pulumi.aws.networkfirewall.kotlin.inputs/FirewallPolicyFirewallPolicyArgs

FirewallPolicyFirewallPolicyArgs

data class FirewallPolicyFirewallPolicyArgs(val policyVariables: Output<FirewallPolicyFirewallPolicyPolicyVariablesArgs>? = null, val statefulDefaultActions: Output<List<String>>? = null, val statefulEngineOptions: Output<FirewallPolicyFirewallPolicyStatefulEngineOptionsArgs>? = null, val statefulRuleGroupReferences: Output<List<FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceArgs>>? = null, val statelessCustomActions: Output<List<FirewallPolicyFirewallPolicyStatelessCustomActionArgs>>? = null, val statelessDefaultActions: Output<List<String>>, val statelessFragmentDefaultActions: Output<List<String>>, val statelessRuleGroupReferences: Output<List<FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs>>? = null, val tlsInspectionConfigurationArn: Output<String>? = null) : ConvertibleToJava<FirewallPolicyFirewallPolicyArgs>

Constructors

Link copied to clipboard
constructor(policyVariables: Output<FirewallPolicyFirewallPolicyPolicyVariablesArgs>? = null, statefulDefaultActions: Output<List<String>>? = null, statefulEngineOptions: Output<FirewallPolicyFirewallPolicyStatefulEngineOptionsArgs>? = null, statefulRuleGroupReferences: Output<List<FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceArgs>>? = null, statelessCustomActions: Output<List<FirewallPolicyFirewallPolicyStatelessCustomActionArgs>>? = null, statelessDefaultActions: Output<List<String>>, statelessFragmentDefaultActions: Output<List<String>>, statelessRuleGroupReferences: Output<List<FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs>>? = null, tlsInspectionConfigurationArn: Output<String>? = null)

Properties

Link copied to clipboard
val policyVariables: Output<FirewallPolicyFirewallPolicyPolicyVariablesArgs>? = null

. Contains variables that you can use to override default Suricata settings in your firewall policy. See Rule Variables for details.

Link copied to clipboard
val statefulDefaultActions: Output<List<String>>? = null

Set of actions to take on a packet if it does not match any stateful rules in the policy. This can only be specified if the policy has a stateful_engine_options block with a rule_order value of STRICT_ORDER. You can specify one of either or neither values of aws:drop_strict or aws:drop_established, as well as any combination of aws:alert_strict and aws:alert_established.

Link copied to clipboard
val statefulEngineOptions: Output<FirewallPolicyFirewallPolicyStatefulEngineOptionsArgs>? = null

A configuration block that defines options on how the policy handles stateful rules. See Stateful Engine Options below for details.

Link copied to clipboard
val statefulRuleGroupReferences: Output<List<FirewallPolicyFirewallPolicyStatefulRuleGroupReferenceArgs>>? = null

Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.

Link copied to clipboard
val statelessCustomActions: Output<List<FirewallPolicyFirewallPolicyStatelessCustomActionArgs>>? = null

Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's stateless_default_actions. See Stateless Custom Action below for details.

Link copied to clipboard
val statelessDefaultActions: Output<List<String>>

Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: aws:drop, aws:pass, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

Link copied to clipboard
val statelessFragmentDefaultActions: Output<List<String>>

Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: aws:drop, aws:pass, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

Link copied to clipboard
val statelessRuleGroupReferences: Output<List<FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs>>? = null

Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.

Link copied to clipboard
val tlsInspectionConfigurationArn: Output<String>? = null

The (ARN) of the TLS Inspection policy to attach to the FW Policy. This must be added at creation of the resource per AWS documentation. "You can only add a TLS inspection configuration to a new policy, not to an existing policy." This cannot be removed from a FW Policy.

Functions

Link copied to clipboard
open override fun toJava(): FirewallPolicyFirewallPolicyArgs