CfnFirewallPolicy.FirewallPolicyProperty (software.amazon.awscdk:aws-cdk-lib 2.42.1 API)

All Superinterfaces:: software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:: CfnFirewallPolicy.FirewallPolicyProperty.Jsii$Proxy

Enclosing class:: CfnFirewallPolicy

@Stability(value=Stable)
public static interface CfnFirewallPolicy.FirewallPolicyProperty
extends software.amazon.jsii.JsiiSerializable

The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.networkfirewall.*;
 FirewallPolicyProperty firewallPolicyProperty = FirewallPolicyProperty.builder()
         .statelessDefaultActions(List.of("statelessDefaultActions"))
         .statelessFragmentDefaultActions(List.of("statelessFragmentDefaultActions"))
         // the properties below are optional
         .statefulDefaultActions(List.of("statefulDefaultActions"))
         .statefulEngineOptions(StatefulEngineOptionsProperty.builder()
                 .ruleOrder("ruleOrder")
                 .build())
         .statefulRuleGroupReferences(List.of(StatefulRuleGroupReferenceProperty.builder()
                 .resourceArn("resourceArn")
                 // the properties below are optional
                 .priority(123)
                 .build()))
         .statelessCustomActions(List.of(CustomActionProperty.builder()
                 .actionDefinition(ActionDefinitionProperty.builder()
                         .publishMetricAction(PublishMetricActionProperty.builder()
                                 .dimensions(List.of(DimensionProperty.builder()
                                         .value("value")
                                         .build()))
                                 .build())
                         .build())
                 .actionName("actionName")
                 .build()))
         .statelessRuleGroupReferences(List.of(StatelessRuleGroupReferenceProperty.builder()
                 .priority(123)
                 .resourceArn("resourceArn")
                 .build()))
         .build();

Nested Class Summary

Nested Classes
Modifier and Type	Interface and Description
`static class`	`CfnFirewallPolicy.FirewallPolicyProperty.Builder` A builder for `CfnFirewallPolicy.FirewallPolicyProperty`
`static class`	`CfnFirewallPolicy.FirewallPolicyProperty.Jsii$Proxy` An implementation for `CfnFirewallPolicy.FirewallPolicyProperty`

Method Summary

All Methods Static Methods Instance Methods Abstract Methods Default Methods
Modifier and Type	Method and Description
`static CfnFirewallPolicy.FirewallPolicyProperty.Builder`	`builder()`
`default List<String>`	`getStatefulDefaultActions()` The default actions to take on a packet that doesn't match any stateful rules.
`default Object`	`getStatefulEngineOptions()` Additional options governing how Network Firewall handles stateful rules.
`default Object`	`getStatefulRuleGroupReferences()` References to the stateful rule groups that are used in the policy.
`default Object`	`getStatelessCustomActions()` The custom action definitions that are available for use in the firewall policy's `StatelessDefaultActions` setting.
`List<String>`	`getStatelessDefaultActions()` The actions to take on a packet if it doesn't match any of the stateless rules in the policy.
`List<String>`	`getStatelessFragmentDefaultActions()` The actions to take on a fragmented packet if it doesn't match any of the stateless rules in the policy.
`default Object`	`getStatelessRuleGroupReferences()` References to the stateless rule groups that are used in the policy.

Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson

- Method Detail
  - getStatelessDefaultActions
```
@Stability(value=Stable)
 @NotNull
List<String> getStatelessDefaultActions()
```
    The actions to take on a packet if it doesn't match any of the stateless rules in the policy.
    If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe .
    You must specify one of the standard actions: aws:pass , aws:drop , or aws:forward_to_sfe . In addition, you can specify custom actions that are compatible with your standard section choice.
    For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”] . For information about compatibility, see the custom action descriptions.
  - getStatelessFragmentDefaultActions
```
@Stability(value=Stable)
 @NotNull
List<String> getStatelessFragmentDefaultActions()
```
    The actions to take on a fragmented packet if it doesn't match any of the stateless rules in the policy.
    If you want non-matching fragmented packets to be forwarded for stateful inspection, specify aws:forward_to_sfe .
    You must specify one of the standard actions: aws:pass , aws:drop , or aws:forward_to_sfe . In addition, you can specify custom actions that are compatible with your standard section choice.
    For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”] . For information about compatibility, see the custom action descriptions.
  - getStatefulDefaultActions
```
@Stability(value=Stable)
 @Nullable
default List<String> getStatefulDefaultActions()
```
    The default actions to take on a packet that doesn't match any stateful rules.
    The stateful default action is optional, and is only valid when using the strict rule order.
    Valid values of the stateful default action:
    - aws:drop_strict
    - aws:drop_established
    - aws:alert_strict
    - aws:alert_established
    For more information, see Strict evaluation order in the AWS Network Firewall Developer Guide .
  - getStatefulEngineOptions
```
@Stability(value=Stable)
 @Nullable
default Object getStatefulEngineOptions()
```
    Additional options governing how Network Firewall handles stateful rules.
    The stateful rule groups that you use in your policy must have stateful rule options settings that are compatible with these settings.
  - getStatefulRuleGroupReferences
```
@Stability(value=Stable)
 @Nullable
default Object getStatefulRuleGroupReferences()
```
    References to the stateful rule groups that are used in the policy.
    These define the inspection criteria in stateful rules.
  - getStatelessCustomActions
```
@Stability(value=Stable)
 @Nullable
default Object getStatelessCustomActions()
```
    The custom action definitions that are available for use in the firewall policy's `StatelessDefaultActions` setting.
    You name each custom action that you define, and then you can use it by name in your default actions specifications.
  - getStatelessRuleGroupReferences
```
@Stability(value=Stable)
 @Nullable
default Object getStatelessRuleGroupReferences()
```
    References to the stateless rule groups that are used in the policy.
    These define the matching criteria in stateless rules.
  - builder
```
@Stability(value=Stable)
static CfnFirewallPolicy.FirewallPolicyProperty.Builder builder()
```
    Returns:
    
    a CfnFirewallPolicy.FirewallPolicyProperty.Builder of CfnFirewallPolicy.FirewallPolicyProperty

Interface CfnFirewallPolicy.FirewallPolicyProperty

Nested Class Summary

Method Summary

Methods inherited from interface software.amazon.jsii.JsiiSerializable

Method Detail

getStatelessDefaultActions

getStatelessFragmentDefaultActions

getStatefulDefaultActions

getStatefulEngineOptions

getStatefulRuleGroupReferences

getStatelessCustomActions

getStatelessRuleGroupReferences

builder