Copyright	(c) 2013-2021 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	None

Amazonka.NetworkFirewall.Types.RulesSourceList

Description

Documentation

data RulesSourceList Source #

Stateful inspection criteria for a domain list rule group.

For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.

By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the HOME_NET rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see RuleVariables in this guide and Stateful domain list rule groups in AWS Network Firewall in the Network Firewall Developer Guide.

See: newRulesSourceList smart constructor.

Constructors

RulesSourceList'

Fields

targets :: [Text]
The domains that you want to inspect for in your traffic flows. To provide multiple domains, separate them with commas. Valid domain specifications are the following:
- Explicit names. For example, abc.example.com matches only the domain abc.example.com.
- Names that use a domain wildcard, which you indicate with an initial '.'. For example,.example.com matches example.com and matches all subdomains of example.com, such as abc.example.com and www.example.com.
targetTypes :: [TargetType]
The protocols you want to inspect. Specify TLS_SNI for HTTPS. Specify HTTP_HOST for HTTP. You can specify either or both.
generatedRulesType :: GeneratedRulesType
Whether you want to allow or deny access to the domains in your target list.

Instances

Instances details

Eq RulesSourceList Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.RulesSourceList Methods (==) :: RulesSourceList -> RulesSourceList -> Bool # (/=) :: RulesSourceList -> RulesSourceList -> Bool #
Read RulesSourceList Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.RulesSourceList Methods readsPrec :: Int -> ReadS RulesSourceList # readList :: ReadS [RulesSourceList] # readPrec :: ReadPrec RulesSourceList # readListPrec :: ReadPrec [RulesSourceList] #
Show RulesSourceList Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.RulesSourceList Methods showsPrec :: Int -> RulesSourceList -> ShowS # show :: RulesSourceList -> String # showList :: [RulesSourceList] -> ShowS #
Generic RulesSourceList Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.RulesSourceList Associated Types type Rep RulesSourceList :: Type -> Type # Methods from :: RulesSourceList -> Rep RulesSourceList x # to :: Rep RulesSourceList x -> RulesSourceList #
NFData RulesSourceList Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.RulesSourceList Methods rnf :: RulesSourceList -> () #
Hashable RulesSourceList Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.RulesSourceList Methods hashWithSalt :: Int -> RulesSourceList -> Int # hash :: RulesSourceList -> Int #
ToJSON RulesSourceList Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.RulesSourceList Methods toJSON :: RulesSourceList -> Value # toEncoding :: RulesSourceList -> Encoding # toJSONList :: [RulesSourceList] -> Value # toEncodingList :: [RulesSourceList] -> Encoding #
FromJSON RulesSourceList Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.RulesSourceList Methods parseJSON :: Value -> Parser RulesSourceList # parseJSONList :: Value -> Parser [RulesSourceList] #
type Rep RulesSourceList Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.RulesSourceList type Rep RulesSourceList = D1 ('MetaData "RulesSourceList" "Amazonka.NetworkFirewall.Types.RulesSourceList" "libZSservicesZSamazonka-network-firewallZSamazonka-network-firewall" 'False) (C1 ('MetaCons "RulesSourceList'" 'PrefixI 'True) (S1 ('MetaSel ('Just "targets") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 [Text]) :: (S1 ('MetaSel ('Just "targetTypes") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 [TargetType]) :: S1 ('MetaSel ('Just "generatedRulesType") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 GeneratedRulesType))))

newRulesSourceList Source #

Arguments

:: GeneratedRulesType	`$sel:generatedRulesType:RulesSourceList'`
-> RulesSourceList

Create a value of RulesSourceList with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:targets:RulesSourceList', rulesSourceList_targets - The domains that you want to inspect for in your traffic flows. To provide multiple domains, separate them with commas. Valid domain specifications are the following:

Explicit names. For example, abc.example.com matches only the domain abc.example.com.
Names that use a domain wildcard, which you indicate with an initial '.'. For example,.example.com matches example.com and matches all subdomains of example.com, such as abc.example.com and www.example.com.

$sel:targetTypes:RulesSourceList', rulesSourceList_targetTypes - The protocols you want to inspect. Specify TLS_SNI for HTTPS. Specify HTTP_HOST for HTTP. You can specify either or both.

$sel:generatedRulesType:RulesSourceList', rulesSourceList_generatedRulesType - Whether you want to allow or deny access to the domains in your target list.

rulesSourceList_targets :: Lens' RulesSourceList [Text] Source #

The domains that you want to inspect for in your traffic flows. To provide multiple domains, separate them with commas. Valid domain specifications are the following:

Explicit names. For example, abc.example.com matches only the domain abc.example.com.
Names that use a domain wildcard, which you indicate with an initial '.'. For example,.example.com matches example.com and matches all subdomains of example.com, such as abc.example.com and www.example.com.

rulesSourceList_targetTypes :: Lens' RulesSourceList [TargetType] Source #

The protocols you want to inspect. Specify TLS_SNI for HTTPS. Specify HTTP_HOST for HTTP. You can specify either or both.

rulesSourceList_generatedRulesType :: Lens' RulesSourceList GeneratedRulesType Source #

Whether you want to allow or deny access to the domains in your target list.