Marketplace
BrowsePublish
Marketplace
You are viewing an outdated version of provider-aws.Go to Latest
upbound/provider-aws@v1.3.1
RuleGroup
networkfirewall.aws.upbound.io
RuleGroup
upbound/provider-aws@v1.3.1networkfirewall.aws.upbound.io

RuleGroup is the Schema for the RuleGroups API. Provides an AWS Network Firewall Rule Group resource.

Type

CRD

Group

networkfirewall.aws.upbound.io

Version

v1beta1

apiVersion: networkfirewall.aws.upbound.io/v1beta1

kind: RuleGroup

API Documentation
apiVersion
string
kind
string
metadata
object
spec
object
object

RuleGroupSpec defines the desired state of RuleGroup

forProvider
requiredobject
requiredobject

No description provided.

capacity
number
array

KMS encryption configuration settings. See Encryption Configuration below for details.

keyId
string
type
string
name
string
region
requiredstring
array

A configuration block that defines the rule group rules. Required unless rules is specified. See Rule Group below for details.

array

A configuration block that defines the IP Set References for the rule group. See Reference Sets below for details. Please notes that there can only be a maximum of 5 reference_sets in a rule_group. See the AWS documentation for details.

array

No description provided.

array

Set of configuration blocks that define the IP Reference information. See IP Set Reference below for details.

object

Reference to a ManagedPrefixList in ec2 to populate referenceArn.

name
requiredstring
policy
object
object

Policies for referencing.

resolve
string
object

Selector for a ManagedPrefixList in ec2 to populate referenceArn.

policy
object
object

Policies for selection.

resolve
string
key
string
array

A configuration block that defines additional settings available to use in the rules defined in the rule group. Can only be specified for stateful rule groups. See Rule Variables below for details.

ipSets
array
array

Set of configuration blocks that define IP address information. See IP Sets below for details.

ipSet
array
array

A configuration block that defines a set of IP addresses. See IP Set below for details.

array

Set of port ranges.

key
string
array

Set of configuration blocks that define port range information. See Port Sets below for details.

key
string
portSet
array
array

A configuration block that defines a set of port ranges. See Port Set below for details.

array

Set of port ranges.

array

A configuration block that defines the stateful or stateless rules for the rule group. See Rules Source below for details.

array

A configuration block containing stateful inspection criteria for a domain list rule group. See Rules Source List below for details.

array

Set of types of domain specifications that are provided in the targets argument. Valid values: HTTP_HOST, TLS_SNI.

targets
array
array

Set of domains that you want to inspect for in your traffic flows.

array

Set of configuration blocks containing stateful inspection criteria for 5-tuple rules to be used together in a rule group. See Stateful Rule below for details.

action
string
header
array
array

A configuration block containing the stateful 5-tuple inspection criteria for the rule, used to inspect traffic flows. See Header below for details.

array

Set of configuration blocks containing additional settings for a stateful rule. See Rule Option below for details.

keyword
string
array

Set of strings for additional settings to use in stateful rule inspection.

array

A configuration block containing stateless inspection criteria for a stateless rule group. See Stateless Rules and Custom Actions below for details.

array

Set of configuration blocks containing custom action definitions that are available for use by the set of stateless rule. See Custom Action below for details.

array

A configuration block describing the custom action associated with the action_name. See Action Definition below for details.

array

A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.

array

Set of configuration blocks containing the dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for details.

value
string
array

Set of configuration blocks containing the stateless rules for use in the stateless rule group. See Stateless Rule below for details.

priority
number
array

A configuration block defining the stateless 5-tuple packet inspection criteria and the action to take on a packet that matches the criteria. See Rule Definition below for details.

actions
array
array

Set of actions to take on a packet that matches one of the stateless rule definition's match_attributes. For every rule you must specify 1 standard action, and you can add custom actions. Standard actions include: aws:pass, aws:drop, aws:forward_to_sfe.

array

A configuration block containing criteria for AWS Network Firewall to use to inspect an individual packet in stateless rule inspection. See Match Attributes below for details.

array

Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.

array

Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Port below for details.

fromPort
number
toPort
number
array

Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). If not specified, this matches with any protocol.

source
array
array

Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.

array

Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Port below for details.

fromPort
number
toPort
number
tcpFlag
array
array

Set of configuration blocks containing the TCP flags and masks to inspect for. If not specified, this matches with any settings.

flags
array
array

Set of flags to look for in a packet. This setting can only specify values that are also specified in masks. Valid values: FIN, SYN, RST, PSH, ACK, URG, ECE, CWR.

masks
array
array

Set of flags to consider in the inspection. To inspect all flags, leave this empty. Valid values: FIN, SYN, RST, PSH, ACK, URG, ECE, CWR.

array

A configuration block that defines stateful rule options for the rule group. See Stateful Rule Options below for details.

ruleOrder
string
rules
string
tags
object
type
string
object

THIS IS A BETA FIELD. It will be honored unless the Management Policies feature flag is disabled. InitProvider holds the same fields as ForProvider, with the exception of Identifier and other resource reference fields. The fields that are in InitProvider are merged into ForProvider when the resource is created. The same fields are also added to the terraform ignore_changes hook, to avoid updating them after creation. This is useful for fields that are required on creation, but we do not desire to update them after creation, for example because of an external controller is managing them, like an autoscaler.

capacity
number
array

KMS encryption configuration settings. See Encryption Configuration below for details.

keyId
string
type
string
name
string
array

A configuration block that defines the rule group rules. Required unless rules is specified. See Rule Group below for details.

array

A configuration block that defines the IP Set References for the rule group. See Reference Sets below for details. Please notes that there can only be a maximum of 5 reference_sets in a rule_group. See the AWS documentation for details.

array

No description provided.

array

Set of configuration blocks that define the IP Reference information. See IP Set Reference below for details.

object

Reference to a ManagedPrefixList in ec2 to populate referenceArn.

name
requiredstring
policy
object
object

Policies for referencing.

resolve
string
object

Selector for a ManagedPrefixList in ec2 to populate referenceArn.

policy
object
object

Policies for selection.

resolve
string
key
string
array

A configuration block that defines additional settings available to use in the rules defined in the rule group. Can only be specified for stateful rule groups. See Rule Variables below for details.

ipSets
array
array

Set of configuration blocks that define IP address information. See IP Sets below for details.

ipSet
array
array

A configuration block that defines a set of IP addresses. See IP Set below for details.

array

Set of port ranges.

key
string
array

Set of configuration blocks that define port range information. See Port Sets below for details.

key
string
portSet
array
array

A configuration block that defines a set of port ranges. See Port Set below for details.

array

Set of port ranges.

array

A configuration block that defines the stateful or stateless rules for the rule group. See Rules Source below for details.

array

A configuration block containing stateful inspection criteria for a domain list rule group. See Rules Source List below for details.

array

Set of types of domain specifications that are provided in the targets argument. Valid values: HTTP_HOST, TLS_SNI.

targets
array
array

Set of domains that you want to inspect for in your traffic flows.

array

Set of configuration blocks containing stateful inspection criteria for 5-tuple rules to be used together in a rule group. See Stateful Rule below for details.

action
string
header
array
array

A configuration block containing the stateful 5-tuple inspection criteria for the rule, used to inspect traffic flows. See Header below for details.

array

Set of configuration blocks containing additional settings for a stateful rule. See Rule Option below for details.

keyword
string
array

Set of strings for additional settings to use in stateful rule inspection.

array

A configuration block containing stateless inspection criteria for a stateless rule group. See Stateless Rules and Custom Actions below for details.

array

Set of configuration blocks containing custom action definitions that are available for use by the set of stateless rule. See Custom Action below for details.

array

A configuration block describing the custom action associated with the action_name. See Action Definition below for details.

array

A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.

array

Set of configuration blocks containing the dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for details.

value
string
array

Set of configuration blocks containing the stateless rules for use in the stateless rule group. See Stateless Rule below for details.

priority
number
array

A configuration block defining the stateless 5-tuple packet inspection criteria and the action to take on a packet that matches the criteria. See Rule Definition below for details.

actions
array
array

Set of actions to take on a packet that matches one of the stateless rule definition's match_attributes. For every rule you must specify 1 standard action, and you can add custom actions. Standard actions include: aws:pass, aws:drop, aws:forward_to_sfe.

array

A configuration block containing criteria for AWS Network Firewall to use to inspect an individual packet in stateless rule inspection. See Match Attributes below for details.

array

Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.

array

Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Port below for details.

fromPort
number
toPort
number
array

Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). If not specified, this matches with any protocol.

source
array
array

Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.

array

Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Port below for details.

fromPort
number
toPort
number
tcpFlag
array
array

Set of configuration blocks containing the TCP flags and masks to inspect for. If not specified, this matches with any settings.

flags
array
array

Set of flags to look for in a packet. This setting can only specify values that are also specified in masks. Valid values: FIN, SYN, RST, PSH, ACK, URG, ECE, CWR.

masks
array
array

Set of flags to consider in the inspection. To inspect all flags, leave this empty. Valid values: FIN, SYN, RST, PSH, ACK, URG, ECE, CWR.

array

A configuration block that defines stateful rule options for the rule group. See Stateful Rule Options below for details.

ruleOrder
string
rules
string
tags
object
type
string
array

THIS IS A BETA FIELD. It is on by default but can be opted out through a Crossplane feature flag. ManagementPolicies specify the array of actions Crossplane is allowed to take on the managed and external resources. This field is planned to replace the DeletionPolicy field in a future release. Currently, both could be set independently and non-default values would be honored if the feature flag is enabled. If both are custom, the DeletionPolicy field will be ignored. See the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223 and this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md

object

ProviderConfigReference specifies how the provider that will be used to create, observe, update, and delete this managed resource should be configured.

name
requiredstring
policy
object
object

Policies for referencing.

resolve
string
object

PublishConnectionDetailsTo specifies the connection secret config which contains a name, metadata and a reference to secret store config to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource.

configRef
object
object

SecretStoreConfigRef specifies which secret store config should be used for this ConnectionSecret.

name
requiredstring
policy
object
object

Policies for referencing.

resolve
string
metadata
object
object

Metadata is the metadata for connection secret.

labels
object
type
string
name
requiredstring
object

WriteConnectionSecretToReference specifies the namespace and name of a Secret to which any connection details for this managed resource should be written. Connection details frequently include the endpoint, username, and password required to connect to the managed resource. This field is planned to be replaced in a future release in favor of PublishConnectionDetailsTo. Currently, both could be set independently and connection details would be published to both without affecting each other.

name
requiredstring
namespace
requiredstring
status
object
object

RuleGroupStatus defines the observed state of RuleGroup.

object

No description provided.

arn
string
capacity
number
array

KMS encryption configuration settings. See Encryption Configuration below for details.

keyId
string
type
string
id
string
name
string
array

A configuration block that defines the rule group rules. Required unless rules is specified. See Rule Group below for details.

array

A configuration block that defines the IP Set References for the rule group. See Reference Sets below for details. Please notes that there can only be a maximum of 5 reference_sets in a rule_group. See the AWS documentation for details.

array

No description provided.

array

Set of configuration blocks that define the IP Reference information. See IP Set Reference below for details.

key
string
array

A configuration block that defines additional settings available to use in the rules defined in the rule group. Can only be specified for stateful rule groups. See Rule Variables below for details.

ipSets
array
array

Set of configuration blocks that define IP address information. See IP Sets below for details.

ipSet
array
array

A configuration block that defines a set of IP addresses. See IP Set below for details.

array

Set of port ranges.

key
string
array

Set of configuration blocks that define port range information. See Port Sets below for details.

key
string
portSet
array
array

A configuration block that defines a set of port ranges. See Port Set below for details.

array

Set of port ranges.

array

A configuration block that defines the stateful or stateless rules for the rule group. See Rules Source below for details.

array

A configuration block containing stateful inspection criteria for a domain list rule group. See Rules Source List below for details.

array

Set of types of domain specifications that are provided in the targets argument. Valid values: HTTP_HOST, TLS_SNI.

targets
array
array

Set of domains that you want to inspect for in your traffic flows.

array

Set of configuration blocks containing stateful inspection criteria for 5-tuple rules to be used together in a rule group. See Stateful Rule below for details.

action
string
header
array
array

A configuration block containing the stateful 5-tuple inspection criteria for the rule, used to inspect traffic flows. See Header below for details.

array

Set of configuration blocks containing additional settings for a stateful rule. See Rule Option below for details.

keyword
string
array

Set of strings for additional settings to use in stateful rule inspection.

array

A configuration block containing stateless inspection criteria for a stateless rule group. See Stateless Rules and Custom Actions below for details.

array

Set of configuration blocks containing custom action definitions that are available for use by the set of stateless rule. See Custom Action below for details.

array

A configuration block describing the custom action associated with the action_name. See Action Definition below for details.

array

A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.

array

Set of configuration blocks containing the dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for details.

value
string
array

Set of configuration blocks containing the stateless rules for use in the stateless rule group. See Stateless Rule below for details.

priority
number
array

A configuration block defining the stateless 5-tuple packet inspection criteria and the action to take on a packet that matches the criteria. See Rule Definition below for details.

actions
array
array

Set of actions to take on a packet that matches one of the stateless rule definition's match_attributes. For every rule you must specify 1 standard action, and you can add custom actions. Standard actions include: aws:pass, aws:drop, aws:forward_to_sfe.

array

A configuration block containing criteria for AWS Network Firewall to use to inspect an individual packet in stateless rule inspection. See Match Attributes below for details.

array

Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.

array

Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Port below for details.

fromPort
number
toPort
number
array

Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). If not specified, this matches with any protocol.

source
array
array

Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.

array

Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Port below for details.

fromPort
number
toPort
number
tcpFlag
array
array

Set of configuration blocks containing the TCP flags and masks to inspect for. If not specified, this matches with any settings.

flags
array
array

Set of flags to look for in a packet. This setting can only specify values that are also specified in masks. Valid values: FIN, SYN, RST, PSH, ACK, URG, ECE, CWR.

masks
array
array

Set of flags to consider in the inspection. To inspect all flags, leave this empty. Valid values: FIN, SYN, RST, PSH, ACK, URG, ECE, CWR.

array

A configuration block that defines stateful rule options for the rule group. See Stateful Rule Options below for details.

ruleOrder
string
rules
string
tags
object
tagsAll
object
type
string
array

Conditions of the resource.

lastTransitionTime
requiredstring
message
string
reason
requiredstring
status
requiredstring
type
requiredstring
Marketplace

Discover the building blocks for your internal cloud platform.

© 2022 Upbound, Inc.

SolutionsProvidersConfigurations
LearnDocumentationTry for Free
MorePrivacy PolicyTerms & Conditions
Marketplace

© 2022 Upbound, Inc.

Marketplace

Discover the building blocksfor your internal cloud platform.