Categorygithub.com/aws/aws-cdk-go/awscdk/v2awsnetworkfirewall
package
2.166.0
Repository: https://github.com/aws/aws-cdk-go.git
Documentation: pkg.go.dev
Overview
Versions
2
Dependencies
7
Dependents
1
Files
6.2k SLOC

# README

AWS::NetworkFirewall Construct Library

This module is part of the AWS Cloud Development Kit project.

import networkfirewall "github.com/aws/aws-cdk-go/awscdk"

There are no official hand-written (L2) constructs for this service yet. Here are some suggestions on how to proceed:

There are no hand-written (L2) constructs for this service yet. However, you can still use the automatically generated L1 constructs, and use this service exactly as you would using CloudFormation directly.

For more information on the resources and properties available for this service, see the CloudFormation documentation for AWS::NetworkFirewall.

(Read the CDK Contributing Guide and submit an RFC if you are interested in contributing to this construct library.)

# Functions

No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given object is a CfnResource.
Checks if `x` is a construct.
No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given object is a CfnResource.
Checks if `x` is a construct.
No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given object is a CfnResource.
Checks if `x` is a construct.
No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given object is a CfnResource.
Checks if `x` is a construct.
No description provided by the author
Returns `true` if a construct is a stack element (i.e.
Check whether the given object is a CfnResource.
Checks if `x` is a construct.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author

# Structs

The ID for a subnet that you want to associate with the firewall.
A custom action to use in stateless rule actions settings.
An optional, non-standard action to use for stateless packet handling.
The value to use in an Amazon CloudWatch custom metric dimension.
The traffic filtering behavior of a firewall policy, defined in a collection of stateless and stateful rule groups and other settings.
Describes the amount of time that can pass without any traffic sent through the firewall before the firewall determines that the connection is idle and Network Firewall removes the flow entry from its flow table.
A list of IP addresses and address ranges, in CIDR notation.
Contains variables that you can use to override default Suricata settings in your firewall policy.
Stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet.
Configuration settings for the handling of the stateful rule groups in a firewall policy.
The setting that allows the policy owner to change the behavior of the rule group within a policy.
Identifier for a single stateful rule group, used in a firewall policy to refer to a rule group.
Identifier for a single stateless rule group, used in a firewall policy to refer to the rule group.
Properties for defining a `CfnFirewallPolicy`.
Properties for defining a `CfnFirewall`.
Defines where AWS Network Firewall sends logs for the firewall for one log type.
Defines how AWS Network Firewall performs logging for a `Firewall` .
Properties for defining a `CfnLoggingConfiguration`.
A custom action to use in stateless rule actions settings.
A single IP address specification.
An optional, non-standard action to use for stateless packet handling.
The value to use in an Amazon CloudWatch custom metric dimension.
The 5-tuple criteria for AWS Network Firewall to use to inspect packet headers in stateful traffic flow inspection.
A list of IP addresses and address ranges, in CIDR notation.
Configures one or more `IPSetReferences` for a Suricata-compatible rule group.
Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection.
A single port range specification.
A set of port ranges for use in the rules in a rule group.
Stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet.
Configures the `ReferenceSets` for a stateful rule group.
The inspection criteria and action for a single stateless rule.
The object that defines the rules in a rule group.
Additional settings for a stateful rule.
Stateful inspection criteria for a domain list rule group.
The stateless or stateful rules definitions for use in a single rule group.
Settings that are available for use in the rules in the `RuleGroup` where this is defined.
Additional options governing how Network Firewall handles the rule group.
A single Suricata rules specification, for use in a stateful rule group.
A single stateless rule.
Stateless inspection criteria.
TCP flags and masks to inspect packets for.
Properties for defining a `CfnRuleGroup`.
A single IP address specification.
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status.
A single port range specification.
Configures the AWS Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a [TLSInspectionConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-tlsinspectionconfiguration.html) .
Any AWS Certificate Manager (ACM) Secure Sockets Layer/Transport Layer Security (SSL/TLS) server certificate that's associated with a [ServerCertificateConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-tlsinspectionconfiguration-servercertificateconfiguration.html) .
Settings that define the Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic that Network Firewall should decrypt for inspection by the stateful rule engine.
The object that defines a TLS inspection configuration.
Properties for defining a `CfnTLSInspectionConfiguration`.

# Interfaces

Use the `Firewall` to provide stateful, managed, network firewall and intrusion detection and prevention filtering for your VPCs in Amazon VPC .
Use the `FirewallPolicy` to define the stateless and stateful network traffic filtering behavior for your `Firewall` .
Use the `LoggingConfiguration` to define the destinations and logging options for an `Firewall` .
Use the `RuleGroup` to define a reusable collection of stateless or stateful network traffic filtering rules.
The object that defines a TLS inspection configuration.