| Copyright | (c) 2013-2021 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
Amazonka.NetworkFirewall
Contents
- Service Configuration
- Errors
- LogDestinationPermissionException
- InvalidRequestException
- UnsupportedOperationException
- ResourceOwnerCheckException
- InvalidResourcePolicyException
- ThrottlingException
- InternalServerError
- InvalidTokenException
- InvalidOperationException
- InsufficientCapacityException
- ResourceNotFoundException
- LimitExceededException
- Waiters
- Operations
- AssociateSubnets
- UpdateSubnetChangeProtection
- UpdateFirewallPolicy
- DeleteFirewallPolicy
- CreateFirewallPolicy
- UpdateLoggingConfiguration
- DisassociateSubnets
- ListTagsForResource (Paginated)
- ListFirewallPolicies (Paginated)
- UpdateFirewallDeleteProtection
- CreateRuleGroup
- DescribeFirewallPolicy
- UpdateFirewallDescription
- DescribeRuleGroup
- DeleteFirewall
- ListFirewalls (Paginated)
- DescribeResourcePolicy
- AssociateFirewallPolicy
- UpdateFirewallPolicyChangeProtection
- CreateFirewall
- ListRuleGroups (Paginated)
- TagResource
- DeleteRuleGroup
- UpdateRuleGroup
- PutResourcePolicy
- DescribeFirewall
- DeleteResourcePolicy
- UntagResource
- DescribeLoggingConfiguration
- Types
- AttachmentStatus
- ConfigurationSyncState
- FirewallStatusValue
- GeneratedRulesType
- LogDestinationType
- LogType
- PerObjectSyncStatus
- ResourceStatus
- RuleGroupType
- RuleOrder
- StatefulAction
- StatefulRuleDirection
- StatefulRuleProtocol
- TCPFlag
- TargetType
- ActionDefinition
- Address
- Attachment
- CustomAction
- Dimension
- Firewall
- FirewallMetadata
- FirewallPolicy
- FirewallPolicyMetadata
- FirewallPolicyResponse
- FirewallStatus
- Header
- IPSet
- LogDestinationConfig
- LoggingConfiguration
- MatchAttributes
- PerObjectStatus
- PortRange
- PortSet
- PublishMetricAction
- RuleDefinition
- RuleGroup
- RuleGroupMetadata
- RuleGroupResponse
- RuleOption
- RuleVariables
- RulesSource
- RulesSourceList
- StatefulEngineOptions
- StatefulRule
- StatefulRuleGroupReference
- StatefulRuleOptions
- StatelessRule
- StatelessRuleGroupReference
- StatelessRulesAndCustomActions
- SubnetMapping
- SyncState
- TCPFlagField
- Tag
Description
Derived from API version 2020-11-12 of the AWS service descriptions, licensed under Apache 2.0.
This is the API Reference for AWS Network Firewall. This guide is for developers who need detailed information about the Network Firewall API actions, data types, and errors.
The REST API requires you to handle connection details, such as calculating signatures, handling request retries, and error handling. For general information about using the AWS REST APIs, see AWS APIs.
To access Network Firewall using the REST API endpoint:
https://network-firewall.<region>.amazonaws.com- Alternatively, you can use one of the AWS SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see AWS SDKs.
- For descriptions of Network Firewall features, including and step-by-step instructions on how to use them through the Network Firewall console, see the Network Firewall Developer Guide.
Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the perimeter of your VPC. This includes filtering traffic going to and coming from an internet gateway, NAT gateway, or over VPN or AWS Direct Connect. Network Firewall uses rules that are compatible with Suricata, a free, open source intrusion detection system (IDS) engine. AWS Network Firewall supports Suricata version 5.0.2. For information about Suricata, see the Suricata website.
You can use Network Firewall to monitor and protect your VPC traffic in a number of ways. The following are just a few examples:
- Allow domains or IP addresses for known AWS service endpoints, such as Amazon S3, and block all other forms of traffic.
- Use custom lists of known bad domains to limit the types of domain names that your applications can access.
- Perform deep packet inspection on traffic entering or leaving your VPC.
- Use stateful protocol detection to filter protocols like HTTPS, regardless of the port used.
To enable Network Firewall for your VPCs, you perform steps in both Amazon VPC and in Network Firewall. For information about using Amazon VPC, see Amazon VPC User Guide.
To start using Network Firewall, do the following:
- (Optional) If you don't already have a VPC that you want to protect, create it in Amazon VPC.
- In Amazon VPC, in each Availability Zone where you want to have a firewall endpoint, create a subnet for the sole use of Network Firewall.
- In Network Firewall, create stateless and stateful rule groups, to define the components of the network traffic filtering behavior that you want your firewall to have.
- In Network Firewall, create a firewall policy that uses your rule groups and specifies additional default traffic filtering behavior.
- In Network Firewall, create a firewall and specify your new firewall policy and VPC subnets. Network Firewall creates a firewall endpoint in each subnet that you specify, with the behavior that's defined in the firewall policy.
- In Amazon VPC, use ingress routing enhancements to route traffic through the new firewall endpoints.
Synopsis
- defaultService :: Service
- _LogDestinationPermissionException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidRequestException :: AsError a => Getting (First ServiceError) a ServiceError
- _UnsupportedOperationException :: AsError a => Getting (First ServiceError) a ServiceError
- _ResourceOwnerCheckException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidResourcePolicyException :: AsError a => Getting (First ServiceError) a ServiceError
- _ThrottlingException :: AsError a => Getting (First ServiceError) a ServiceError
- _InternalServerError :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidOperationException :: AsError a => Getting (First ServiceError) a ServiceError
- _InsufficientCapacityException :: AsError a => Getting (First ServiceError) a ServiceError
- _ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- data AssociateSubnets = AssociateSubnets' (Maybe Text) (Maybe Text) (Maybe Text) [SubnetMapping]
- newAssociateSubnets :: AssociateSubnets
- data AssociateSubnetsResponse = AssociateSubnetsResponse' (Maybe [SubnetMapping]) (Maybe Text) (Maybe Text) (Maybe Text) Int
- newAssociateSubnetsResponse :: Int -> AssociateSubnetsResponse
- data UpdateSubnetChangeProtection = UpdateSubnetChangeProtection' (Maybe Text) (Maybe Text) (Maybe Text) Bool
- newUpdateSubnetChangeProtection :: Bool -> UpdateSubnetChangeProtection
- data UpdateSubnetChangeProtectionResponse = UpdateSubnetChangeProtectionResponse' (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) Int
- newUpdateSubnetChangeProtectionResponse :: Int -> UpdateSubnetChangeProtectionResponse
- data UpdateFirewallPolicy = UpdateFirewallPolicy' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Bool) Text FirewallPolicy
- newUpdateFirewallPolicy :: Text -> FirewallPolicy -> UpdateFirewallPolicy
- data UpdateFirewallPolicyResponse = UpdateFirewallPolicyResponse' Int Text FirewallPolicyResponse
- newUpdateFirewallPolicyResponse :: Int -> Text -> FirewallPolicyResponse -> UpdateFirewallPolicyResponse
- data DeleteFirewallPolicy = DeleteFirewallPolicy' (Maybe Text) (Maybe Text)
- newDeleteFirewallPolicy :: DeleteFirewallPolicy
- data DeleteFirewallPolicyResponse = DeleteFirewallPolicyResponse' Int FirewallPolicyResponse
- newDeleteFirewallPolicyResponse :: Int -> FirewallPolicyResponse -> DeleteFirewallPolicyResponse
- data CreateFirewallPolicy = CreateFirewallPolicy' (Maybe Text) (Maybe Bool) (Maybe (NonEmpty Tag)) Text FirewallPolicy
- newCreateFirewallPolicy :: Text -> FirewallPolicy -> CreateFirewallPolicy
- data CreateFirewallPolicyResponse = CreateFirewallPolicyResponse' Int Text FirewallPolicyResponse
- newCreateFirewallPolicyResponse :: Int -> Text -> FirewallPolicyResponse -> CreateFirewallPolicyResponse
- data UpdateLoggingConfiguration = UpdateLoggingConfiguration' (Maybe Text) (Maybe LoggingConfiguration) (Maybe Text)
- newUpdateLoggingConfiguration :: UpdateLoggingConfiguration
- data UpdateLoggingConfigurationResponse = UpdateLoggingConfigurationResponse' (Maybe Text) (Maybe LoggingConfiguration) (Maybe Text) Int
- newUpdateLoggingConfigurationResponse :: Int -> UpdateLoggingConfigurationResponse
- data DisassociateSubnets = DisassociateSubnets' (Maybe Text) (Maybe Text) (Maybe Text) [Text]
- newDisassociateSubnets :: DisassociateSubnets
- data DisassociateSubnetsResponse = DisassociateSubnetsResponse' (Maybe [SubnetMapping]) (Maybe Text) (Maybe Text) (Maybe Text) Int
- newDisassociateSubnetsResponse :: Int -> DisassociateSubnetsResponse
- data ListTagsForResource = ListTagsForResource' (Maybe Text) (Maybe Natural) Text
- newListTagsForResource :: Text -> ListTagsForResource
- data ListTagsForResourceResponse = ListTagsForResourceResponse' (Maybe Text) (Maybe (NonEmpty Tag)) Int
- newListTagsForResourceResponse :: Int -> ListTagsForResourceResponse
- data ListFirewallPolicies = ListFirewallPolicies' (Maybe Text) (Maybe Natural)
- newListFirewallPolicies :: ListFirewallPolicies
- data ListFirewallPoliciesResponse = ListFirewallPoliciesResponse' (Maybe [FirewallPolicyMetadata]) (Maybe Text) Int
- newListFirewallPoliciesResponse :: Int -> ListFirewallPoliciesResponse
- data UpdateFirewallDeleteProtection = UpdateFirewallDeleteProtection' (Maybe Text) (Maybe Text) (Maybe Text) Bool
- newUpdateFirewallDeleteProtection :: Bool -> UpdateFirewallDeleteProtection
- data UpdateFirewallDeleteProtectionResponse = UpdateFirewallDeleteProtectionResponse' (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) Int
- newUpdateFirewallDeleteProtectionResponse :: Int -> UpdateFirewallDeleteProtectionResponse
- data CreateRuleGroup = CreateRuleGroup' (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe (NonEmpty Tag)) (Maybe RuleGroup) Text RuleGroupType Int
- newCreateRuleGroup :: Text -> RuleGroupType -> Int -> CreateRuleGroup
- data CreateRuleGroupResponse = CreateRuleGroupResponse' Int Text RuleGroupResponse
- newCreateRuleGroupResponse :: Int -> Text -> RuleGroupResponse -> CreateRuleGroupResponse
- data DescribeFirewallPolicy = DescribeFirewallPolicy' (Maybe Text) (Maybe Text)
- newDescribeFirewallPolicy :: DescribeFirewallPolicy
- data DescribeFirewallPolicyResponse = DescribeFirewallPolicyResponse' (Maybe FirewallPolicy) Int Text FirewallPolicyResponse
- newDescribeFirewallPolicyResponse :: Int -> Text -> FirewallPolicyResponse -> DescribeFirewallPolicyResponse
- data UpdateFirewallDescription = UpdateFirewallDescription' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text)
- newUpdateFirewallDescription :: UpdateFirewallDescription
- data UpdateFirewallDescriptionResponse = UpdateFirewallDescriptionResponse' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) Int
- newUpdateFirewallDescriptionResponse :: Int -> UpdateFirewallDescriptionResponse
- data DescribeRuleGroup = DescribeRuleGroup' (Maybe Text) (Maybe RuleGroupType) (Maybe Text)
- newDescribeRuleGroup :: DescribeRuleGroup
- data DescribeRuleGroupResponse = DescribeRuleGroupResponse' (Maybe RuleGroup) Int Text RuleGroupResponse
- newDescribeRuleGroupResponse :: Int -> Text -> RuleGroupResponse -> DescribeRuleGroupResponse
- data DeleteFirewall = DeleteFirewall' (Maybe Text) (Maybe Text)
- newDeleteFirewall :: DeleteFirewall
- data DeleteFirewallResponse = DeleteFirewallResponse' (Maybe FirewallStatus) (Maybe Firewall) Int
- newDeleteFirewallResponse :: Int -> DeleteFirewallResponse
- data ListFirewalls = ListFirewalls' (Maybe Text) (Maybe [Text]) (Maybe Natural)
- newListFirewalls :: ListFirewalls
- data ListFirewallsResponse = ListFirewallsResponse' (Maybe Text) (Maybe [FirewallMetadata]) Int
- newListFirewallsResponse :: Int -> ListFirewallsResponse
- data DescribeResourcePolicy = DescribeResourcePolicy' Text
- newDescribeResourcePolicy :: Text -> DescribeResourcePolicy
- data DescribeResourcePolicyResponse = DescribeResourcePolicyResponse' (Maybe Text) Int
- newDescribeResourcePolicyResponse :: Int -> DescribeResourcePolicyResponse
- data AssociateFirewallPolicy = AssociateFirewallPolicy' (Maybe Text) (Maybe Text) (Maybe Text) Text
- newAssociateFirewallPolicy :: Text -> AssociateFirewallPolicy
- data AssociateFirewallPolicyResponse = AssociateFirewallPolicyResponse' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) Int
- newAssociateFirewallPolicyResponse :: Int -> AssociateFirewallPolicyResponse
- data UpdateFirewallPolicyChangeProtection = UpdateFirewallPolicyChangeProtection' (Maybe Text) (Maybe Text) (Maybe Text) Bool
- newUpdateFirewallPolicyChangeProtection :: Bool -> UpdateFirewallPolicyChangeProtection
- data UpdateFirewallPolicyChangeProtectionResponse = UpdateFirewallPolicyChangeProtectionResponse' (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) Int
- newUpdateFirewallPolicyChangeProtectionResponse :: Int -> UpdateFirewallPolicyChangeProtectionResponse
- data CreateFirewall = CreateFirewall' (Maybe Bool) (Maybe Bool) (Maybe Bool) (Maybe Text) (Maybe (NonEmpty Tag)) Text Text Text [SubnetMapping]
- newCreateFirewall :: Text -> Text -> Text -> CreateFirewall
- data CreateFirewallResponse = CreateFirewallResponse' (Maybe FirewallStatus) (Maybe Firewall) Int
- newCreateFirewallResponse :: Int -> CreateFirewallResponse
- data ListRuleGroups = ListRuleGroups' (Maybe Text) (Maybe Natural)
- newListRuleGroups :: ListRuleGroups
- data ListRuleGroupsResponse = ListRuleGroupsResponse' (Maybe Text) (Maybe [RuleGroupMetadata]) Int
- newListRuleGroupsResponse :: Int -> ListRuleGroupsResponse
- data TagResource = TagResource' Text (NonEmpty Tag)
- newTagResource :: Text -> NonEmpty Tag -> TagResource
- data TagResourceResponse = TagResourceResponse' Int
- newTagResourceResponse :: Int -> TagResourceResponse
- data DeleteRuleGroup = DeleteRuleGroup' (Maybe Text) (Maybe RuleGroupType) (Maybe Text)
- newDeleteRuleGroup :: DeleteRuleGroup
- data DeleteRuleGroupResponse = DeleteRuleGroupResponse' Int RuleGroupResponse
- newDeleteRuleGroupResponse :: Int -> RuleGroupResponse -> DeleteRuleGroupResponse
- data UpdateRuleGroup = UpdateRuleGroup' (Maybe Text) (Maybe Text) (Maybe RuleGroupType) (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe RuleGroup) Text
- newUpdateRuleGroup :: Text -> UpdateRuleGroup
- data UpdateRuleGroupResponse = UpdateRuleGroupResponse' Int Text RuleGroupResponse
- newUpdateRuleGroupResponse :: Int -> Text -> RuleGroupResponse -> UpdateRuleGroupResponse
- data PutResourcePolicy = PutResourcePolicy' Text Text
- newPutResourcePolicy :: Text -> Text -> PutResourcePolicy
- data PutResourcePolicyResponse = PutResourcePolicyResponse' Int
- newPutResourcePolicyResponse :: Int -> PutResourcePolicyResponse
- data DescribeFirewall = DescribeFirewall' (Maybe Text) (Maybe Text)
- newDescribeFirewall :: DescribeFirewall
- data DescribeFirewallResponse = DescribeFirewallResponse' (Maybe FirewallStatus) (Maybe Text) (Maybe Firewall) Int
- newDescribeFirewallResponse :: Int -> DescribeFirewallResponse
- data DeleteResourcePolicy = DeleteResourcePolicy' Text
- newDeleteResourcePolicy :: Text -> DeleteResourcePolicy
- data DeleteResourcePolicyResponse = DeleteResourcePolicyResponse' Int
- newDeleteResourcePolicyResponse :: Int -> DeleteResourcePolicyResponse
- data UntagResource = UntagResource' Text (NonEmpty Text)
- newUntagResource :: Text -> NonEmpty Text -> UntagResource
- data UntagResourceResponse = UntagResourceResponse' Int
- newUntagResourceResponse :: Int -> UntagResourceResponse
- data DescribeLoggingConfiguration = DescribeLoggingConfiguration' (Maybe Text) (Maybe Text)
- newDescribeLoggingConfiguration :: DescribeLoggingConfiguration
- data DescribeLoggingConfigurationResponse = DescribeLoggingConfigurationResponse' (Maybe Text) (Maybe LoggingConfiguration) Int
- newDescribeLoggingConfigurationResponse :: Int -> DescribeLoggingConfigurationResponse
- newtype AttachmentStatus where
- AttachmentStatus' { }
- pattern AttachmentStatus_CREATING :: AttachmentStatus
- pattern AttachmentStatus_DELETING :: AttachmentStatus
- pattern AttachmentStatus_READY :: AttachmentStatus
- pattern AttachmentStatus_SCALING :: AttachmentStatus
- newtype ConfigurationSyncState where
- newtype FirewallStatusValue where
- newtype GeneratedRulesType where
- newtype LogDestinationType where
- newtype LogType where
- LogType' {
- fromLogType :: Text
- pattern LogType_ALERT :: LogType
- pattern LogType_FLOW :: LogType
- LogType' {
- newtype PerObjectSyncStatus where
- newtype ResourceStatus where
- ResourceStatus' { }
- pattern ResourceStatus_ACTIVE :: ResourceStatus
- pattern ResourceStatus_DELETING :: ResourceStatus
- newtype RuleGroupType where
- RuleGroupType' { }
- pattern RuleGroupType_STATEFUL :: RuleGroupType
- pattern RuleGroupType_STATELESS :: RuleGroupType
- newtype RuleOrder where
- RuleOrder' { }
- pattern RuleOrder_DEFAULT_ACTION_ORDER :: RuleOrder
- pattern RuleOrder_STRICT_ORDER :: RuleOrder
- newtype StatefulAction where
- StatefulAction' { }
- pattern StatefulAction_ALERT :: StatefulAction
- pattern StatefulAction_DROP :: StatefulAction
- pattern StatefulAction_PASS :: StatefulAction
- newtype StatefulRuleDirection where
- newtype StatefulRuleProtocol where
- StatefulRuleProtocol' { }
- pattern StatefulRuleProtocol_DCERPC :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_DHCP :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_DNS :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_FTP :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_HTTP :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_ICMP :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_IKEV2 :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_IMAP :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_IP :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_KRB5 :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_MSN :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_NTP :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_SMB :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_SMTP :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_SSH :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_TCP :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_TFTP :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_TLS :: StatefulRuleProtocol
- pattern StatefulRuleProtocol_UDP :: StatefulRuleProtocol
- newtype TCPFlag where
- TCPFlag' {
- fromTCPFlag :: Text
- pattern TCPFlag_ACK :: TCPFlag
- pattern TCPFlag_CWR :: TCPFlag
- pattern TCPFlag_ECE :: TCPFlag
- pattern TCPFlag_FIN :: TCPFlag
- pattern TCPFlag_PSH :: TCPFlag
- pattern TCPFlag_RST :: TCPFlag
- pattern TCPFlag_SYN :: TCPFlag
- pattern TCPFlag_URG :: TCPFlag
- TCPFlag' {
- newtype TargetType where
- TargetType' { }
- pattern TargetType_HTTP_HOST :: TargetType
- pattern TargetType_TLS_SNI :: TargetType
- data ActionDefinition = ActionDefinition' (Maybe PublishMetricAction)
- newActionDefinition :: ActionDefinition
- data Address = Address' Text
- newAddress :: Text -> Address
- data Attachment = Attachment' (Maybe AttachmentStatus) (Maybe Text) (Maybe Text)
- newAttachment :: Attachment
- data CustomAction = CustomAction' Text ActionDefinition
- newCustomAction :: Text -> ActionDefinition -> CustomAction
- data Dimension = Dimension' Text
- newDimension :: Text -> Dimension
- data Firewall = Firewall' (Maybe Text) (Maybe Bool) (Maybe Bool) (Maybe Bool) (Maybe Text) (Maybe (NonEmpty Tag)) (Maybe Text) Text Text [SubnetMapping] Text
- newFirewall :: Text -> Text -> Text -> Firewall
- data FirewallMetadata = FirewallMetadata' (Maybe Text) (Maybe Text)
- newFirewallMetadata :: FirewallMetadata
- data FirewallPolicy = FirewallPolicy' (Maybe StatefulEngineOptions) (Maybe [StatefulRuleGroupReference]) (Maybe [StatelessRuleGroupReference]) (Maybe [CustomAction]) (Maybe [Text]) [Text] [Text]
- newFirewallPolicy :: FirewallPolicy
- data FirewallPolicyMetadata = FirewallPolicyMetadata' (Maybe Text) (Maybe Text)
- newFirewallPolicyMetadata :: FirewallPolicyMetadata
- data FirewallPolicyResponse = FirewallPolicyResponse' (Maybe Int) (Maybe Int) (Maybe ResourceStatus) (Maybe Int) (Maybe Text) (Maybe (NonEmpty Tag)) Text Text Text
- newFirewallPolicyResponse :: Text -> Text -> Text -> FirewallPolicyResponse
- data FirewallStatus = FirewallStatus' (Maybe (HashMap Text SyncState)) FirewallStatusValue ConfigurationSyncState
- newFirewallStatus :: FirewallStatusValue -> ConfigurationSyncState -> FirewallStatus
- data Header = Header' StatefulRuleProtocol Text Text StatefulRuleDirection Text Text
- newHeader :: StatefulRuleProtocol -> Text -> Text -> StatefulRuleDirection -> Text -> Text -> Header
- data IPSet = IPSet' [Text]
- newIPSet :: IPSet
- data LogDestinationConfig = LogDestinationConfig' LogType LogDestinationType (HashMap Text Text)
- newLogDestinationConfig :: LogType -> LogDestinationType -> LogDestinationConfig
- data LoggingConfiguration = LoggingConfiguration' [LogDestinationConfig]
- newLoggingConfiguration :: LoggingConfiguration
- data MatchAttributes = MatchAttributes' (Maybe [Natural]) (Maybe [TCPFlagField]) (Maybe [PortRange]) (Maybe [Address]) (Maybe [PortRange]) (Maybe [Address])
- newMatchAttributes :: MatchAttributes
- data PerObjectStatus = PerObjectStatus' (Maybe Text) (Maybe PerObjectSyncStatus)
- newPerObjectStatus :: PerObjectStatus
- data PortRange = PortRange' Natural Natural
- newPortRange :: Natural -> Natural -> PortRange
- data PortSet = PortSet' (Maybe [Text])
- newPortSet :: PortSet
- data PublishMetricAction = PublishMetricAction' (NonEmpty Dimension)
- newPublishMetricAction :: NonEmpty Dimension -> PublishMetricAction
- data RuleDefinition = RuleDefinition' MatchAttributes [Text]
- newRuleDefinition :: MatchAttributes -> RuleDefinition
- data RuleGroup = RuleGroup' (Maybe StatefulRuleOptions) (Maybe RuleVariables) RulesSource
- newRuleGroup :: RulesSource -> RuleGroup
- data RuleGroupMetadata = RuleGroupMetadata' (Maybe Text) (Maybe Text)
- newRuleGroupMetadata :: RuleGroupMetadata
- data RuleGroupResponse = RuleGroupResponse' (Maybe Int) (Maybe Int) (Maybe Int) (Maybe ResourceStatus) (Maybe RuleGroupType) (Maybe Text) (Maybe (NonEmpty Tag)) Text Text Text
- newRuleGroupResponse :: Text -> Text -> Text -> RuleGroupResponse
- data RuleOption = RuleOption' (Maybe [Text]) Text
- newRuleOption :: Text -> RuleOption
- data RuleVariables = RuleVariables' (Maybe (HashMap Text PortSet)) (Maybe (HashMap Text IPSet))
- newRuleVariables :: RuleVariables
- data RulesSource = RulesSource' (Maybe Text) (Maybe RulesSourceList) (Maybe [StatefulRule]) (Maybe StatelessRulesAndCustomActions)
- newRulesSource :: RulesSource
- data RulesSourceList = RulesSourceList' [Text] [TargetType] GeneratedRulesType
- newRulesSourceList :: GeneratedRulesType -> RulesSourceList
- data StatefulEngineOptions = StatefulEngineOptions' (Maybe RuleOrder)
- newStatefulEngineOptions :: StatefulEngineOptions
- data StatefulRule = StatefulRule' StatefulAction Header [RuleOption]
- newStatefulRule :: StatefulAction -> Header -> StatefulRule
- data StatefulRuleGroupReference = StatefulRuleGroupReference' (Maybe Natural) Text
- newStatefulRuleGroupReference :: Text -> StatefulRuleGroupReference
- data StatefulRuleOptions = StatefulRuleOptions' (Maybe RuleOrder)
- newStatefulRuleOptions :: StatefulRuleOptions
- data StatelessRule = StatelessRule' RuleDefinition Natural
- newStatelessRule :: RuleDefinition -> Natural -> StatelessRule
- data StatelessRuleGroupReference = StatelessRuleGroupReference' Text Natural
- newStatelessRuleGroupReference :: Text -> Natural -> StatelessRuleGroupReference
- data StatelessRulesAndCustomActions = StatelessRulesAndCustomActions' (Maybe [CustomAction]) [StatelessRule]
- newStatelessRulesAndCustomActions :: StatelessRulesAndCustomActions
- data SubnetMapping = SubnetMapping' Text
- newSubnetMapping :: Text -> SubnetMapping
- data SyncState = SyncState' (Maybe (HashMap Text PerObjectStatus)) (Maybe Attachment)
- newSyncState :: SyncState
- data TCPFlagField = TCPFlagField' (Maybe [TCPFlag]) [TCPFlag]
- newTCPFlagField :: TCPFlagField
- data Tag = Tag' Text Text
- newTag :: Text -> Text -> Tag
Service Configuration
defaultService :: Service Source #
API version 2020-11-12 of the Amazon Network Firewall SDK configuration.
Errors
Error matchers are designed for use with the functions provided by
Control.Exception.Lens.
This allows catching (and rethrowing) service specific errors returned
by NetworkFirewall.
LogDestinationPermissionException
_LogDestinationPermissionException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Unable to send logs to a configured logging destination.
InvalidRequestException
_InvalidRequestException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because of a problem with your request. Examples include:
- You specified an unsupported parameter name or value.
- You tried to update a property with a value that isn't among the available types.
- Your request references an ARN that is malformed, or corresponds to a resource that isn't valid in the context of the request.
UnsupportedOperationException
_UnsupportedOperationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation you requested isn't supported by Network Firewall.
ResourceOwnerCheckException
_ResourceOwnerCheckException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Unable to change the resource because your account doesn't own it.
InvalidResourcePolicyException
_InvalidResourcePolicyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The policy statement failed validation.
ThrottlingException
_ThrottlingException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Unable to process the request due to throttling limitations.
InternalServerError
_InternalServerError :: AsError a => Getting (First ServiceError) a ServiceError Source #
Your request is valid, but Network Firewall couldn’t perform the operation because of a system problem. Retry your request.
InvalidTokenException
_InvalidTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The token you provided is stale or isn't valid for the operation.
InvalidOperationException
_InvalidOperationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because it's not valid. For example, you might have tried to delete a rule group or firewall policy that's in use.
InsufficientCapacityException
_InsufficientCapacityException :: AsError a => Getting (First ServiceError) a ServiceError Source #
AWS doesn't currently have enough available capacity to fulfill your request. Try your request later.
ResourceNotFoundException
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Unable to locate a resource using the parameters that you provided.
LimitExceededException
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
Unable to perform the operation because doing so would violate a limit setting.
Waiters
Waiters poll by repeatedly sending a request until some remote success condition
configured by the Wait specification is fulfilled. The Wait specification
determines how many attempts should be made, in addition to delay and retry strategies.
Operations
Some AWS operations return results that are incomplete and require subsequent
requests in order to obtain the entire result set. The process of sending
subsequent requests to continue where a previous request left off is called
pagination. For example, the ListObjects operation of Amazon S3 returns up to
1000 objects at a time, and you must send subsequent requests with the
appropriate Marker in order to retrieve the next page of results.
Operations that have an AWSPager instance can transparently perform subsequent
requests, correctly setting Markers and other request facets to iterate through
the entire result set of a truncated API operation. Operations which support
this have an additional note in the documentation.
Many operations have the ability to filter results on the server side. See the individual operation parameters for details.
AssociateSubnets
data AssociateSubnets Source #
See: newAssociateSubnets smart constructor.
Constructors
| AssociateSubnets' (Maybe Text) (Maybe Text) (Maybe Text) [SubnetMapping] |
Instances
newAssociateSubnets :: AssociateSubnets Source #
Create a value of AssociateSubnets with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:updateToken:AssociateSubnets', associateSubnets_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:AssociateSubnets', associateSubnets_firewallArn - The Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
$sel:firewallName:AssociateSubnets', associateSubnets_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
You must specify the ARN or the name, and you can specify both.
$sel:subnetMappings:AssociateSubnets', associateSubnets_subnetMappings - The IDs of the subnets that you want to associate with the firewall.
data AssociateSubnetsResponse Source #
See: newAssociateSubnetsResponse smart constructor.
Constructors
| AssociateSubnetsResponse' (Maybe [SubnetMapping]) (Maybe Text) (Maybe Text) (Maybe Text) Int |
Instances
newAssociateSubnetsResponse Source #
Create a value of AssociateSubnetsResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:subnetMappings:AssociateSubnets', associateSubnetsResponse_subnetMappings - The IDs of the subnets that are associated with the firewall.
$sel:updateToken:AssociateSubnets', associateSubnetsResponse_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:AssociateSubnets', associateSubnetsResponse_firewallArn - The Amazon Resource Name (ARN) of the firewall.
$sel:firewallName:AssociateSubnets', associateSubnetsResponse_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
$sel:httpStatus:AssociateSubnetsResponse', associateSubnetsResponse_httpStatus - The response's http status code.
UpdateSubnetChangeProtection
data UpdateSubnetChangeProtection Source #
See: newUpdateSubnetChangeProtection smart constructor.
Instances
newUpdateSubnetChangeProtection Source #
Arguments
| :: Bool | |
| -> UpdateSubnetChangeProtection |
Create a value of UpdateSubnetChangeProtection with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:updateToken:UpdateSubnetChangeProtection', updateSubnetChangeProtection_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:UpdateSubnetChangeProtection', updateSubnetChangeProtection_firewallArn - The Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
$sel:firewallName:UpdateSubnetChangeProtection', updateSubnetChangeProtection_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
You must specify the ARN or the name, and you can specify both.
$sel:subnetChangeProtection:UpdateSubnetChangeProtection', updateSubnetChangeProtection_subnetChangeProtection - A setting indicating whether the firewall is protected against changes
to the subnet associations. Use this setting to protect against
accidentally modifying the subnet associations for a firewall that is in
use. When you create a firewall, the operation initializes this setting
to TRUE.
data UpdateSubnetChangeProtectionResponse Source #
See: newUpdateSubnetChangeProtectionResponse smart constructor.
Constructors
| UpdateSubnetChangeProtectionResponse' (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) Int |
Instances
newUpdateSubnetChangeProtectionResponse Source #
Arguments
| :: Int | |
| -> UpdateSubnetChangeProtectionResponse |
Create a value of UpdateSubnetChangeProtectionResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:updateToken:UpdateSubnetChangeProtection', updateSubnetChangeProtectionResponse_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:UpdateSubnetChangeProtection', updateSubnetChangeProtectionResponse_firewallArn - The Amazon Resource Name (ARN) of the firewall.
$sel:subnetChangeProtection:UpdateSubnetChangeProtection', updateSubnetChangeProtectionResponse_subnetChangeProtection - A setting indicating whether the firewall is protected against changes
to the subnet associations. Use this setting to protect against
accidentally modifying the subnet associations for a firewall that is in
use. When you create a firewall, the operation initializes this setting
to TRUE.
$sel:firewallName:UpdateSubnetChangeProtection', updateSubnetChangeProtectionResponse_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
$sel:httpStatus:UpdateSubnetChangeProtectionResponse', updateSubnetChangeProtectionResponse_httpStatus - The response's http status code.
UpdateFirewallPolicy
data UpdateFirewallPolicy Source #
See: newUpdateFirewallPolicy smart constructor.
Constructors
| UpdateFirewallPolicy' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Bool) Text FirewallPolicy |
Instances
newUpdateFirewallPolicy Source #
Arguments
| :: Text | |
| -> FirewallPolicy | |
| -> UpdateFirewallPolicy |
Create a value of UpdateFirewallPolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallPolicyName:UpdateFirewallPolicy', updateFirewallPolicy_firewallPolicyName - The descriptive name of the firewall policy. You can't change the name
of a firewall policy after you create it.
You must specify the ARN or the name, and you can specify both.
$sel:firewallPolicyArn:UpdateFirewallPolicy', updateFirewallPolicy_firewallPolicyArn - The Amazon Resource Name (ARN) of the firewall policy.
You must specify the ARN or the name, and you can specify both.
$sel:description:UpdateFirewallPolicy', updateFirewallPolicy_description - A description of the firewall policy.
$sel:dryRun:UpdateFirewallPolicy', updateFirewallPolicy_dryRun - Indicates whether you want Network Firewall to just check the validity
of the request, rather than run the request.
If set to TRUE, Network Firewall checks whether the request can run
successfully, but doesn't actually make the requested changes. The call
returns the value that the request would return if you ran it with dry
run set to FALSE, but doesn't make additions or changes to your
resources. This option allows you to make sure that you have the
required permissions to run the request and that your request parameters
are valid.
If set to FALSE, Network Firewall makes the requested changes to your
resources.
$sel:updateToken:UpdateFirewallPolicy', updateFirewallPolicy_updateToken - A token used for optimistic locking. Network Firewall returns a token to
your requests that access the firewall policy. The token marks the state
of the policy resource at the time of the request.
To make changes to the policy, you provide the token in your request.
Network Firewall uses the token to ensure that the policy hasn't
changed since you last retrieved it. If it has changed, the operation
fails with an InvalidTokenException. If this happens, retrieve the
firewall policy again to get a current copy of it with current token.
Reapply your changes as needed, then try the operation again using the
new token.
$sel:firewallPolicy:UpdateFirewallPolicy', updateFirewallPolicy_firewallPolicy - The updated firewall policy to use for the firewall.
data UpdateFirewallPolicyResponse Source #
See: newUpdateFirewallPolicyResponse smart constructor.
Constructors
| UpdateFirewallPolicyResponse' Int Text FirewallPolicyResponse |
Instances
newUpdateFirewallPolicyResponse Source #
Arguments
| :: Int | |
| -> Text | |
| -> FirewallPolicyResponse | |
| -> UpdateFirewallPolicyResponse |
Create a value of UpdateFirewallPolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:UpdateFirewallPolicyResponse', updateFirewallPolicyResponse_httpStatus - The response's http status code.
$sel:updateToken:UpdateFirewallPolicy', updateFirewallPolicyResponse_updateToken - A token used for optimistic locking. Network Firewall returns a token to
your requests that access the firewall policy. The token marks the state
of the policy resource at the time of the request.
To make changes to the policy, you provide the token in your request.
Network Firewall uses the token to ensure that the policy hasn't
changed since you last retrieved it. If it has changed, the operation
fails with an InvalidTokenException. If this happens, retrieve the
firewall policy again to get a current copy of it with current token.
Reapply your changes as needed, then try the operation again using the
new token.
$sel:firewallPolicyResponse:UpdateFirewallPolicyResponse', updateFirewallPolicyResponse_firewallPolicyResponse - The high-level properties of a firewall policy. This, along with the
FirewallPolicy, define the policy. You can retrieve all objects for a
firewall policy by calling DescribeFirewallPolicy.
DeleteFirewallPolicy
data DeleteFirewallPolicy Source #
See: newDeleteFirewallPolicy smart constructor.
Constructors
| DeleteFirewallPolicy' (Maybe Text) (Maybe Text) |
Instances
newDeleteFirewallPolicy :: DeleteFirewallPolicy Source #
Create a value of DeleteFirewallPolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallPolicyName:DeleteFirewallPolicy', deleteFirewallPolicy_firewallPolicyName - The descriptive name of the firewall policy. You can't change the name
of a firewall policy after you create it.
You must specify the ARN or the name, and you can specify both.
$sel:firewallPolicyArn:DeleteFirewallPolicy', deleteFirewallPolicy_firewallPolicyArn - The Amazon Resource Name (ARN) of the firewall policy.
You must specify the ARN or the name, and you can specify both.
data DeleteFirewallPolicyResponse Source #
See: newDeleteFirewallPolicyResponse smart constructor.
Constructors
| DeleteFirewallPolicyResponse' Int FirewallPolicyResponse |
Instances
newDeleteFirewallPolicyResponse Source #
Arguments
| :: Int | |
| -> FirewallPolicyResponse | |
| -> DeleteFirewallPolicyResponse |
Create a value of DeleteFirewallPolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:DeleteFirewallPolicyResponse', deleteFirewallPolicyResponse_httpStatus - The response's http status code.
$sel:firewallPolicyResponse:DeleteFirewallPolicyResponse', deleteFirewallPolicyResponse_firewallPolicyResponse - The object containing the definition of the FirewallPolicyResponse that
you asked to delete.
CreateFirewallPolicy
data CreateFirewallPolicy Source #
See: newCreateFirewallPolicy smart constructor.
Constructors
| CreateFirewallPolicy' (Maybe Text) (Maybe Bool) (Maybe (NonEmpty Tag)) Text FirewallPolicy |
Instances
newCreateFirewallPolicy Source #
Arguments
| :: Text | |
| -> FirewallPolicy | |
| -> CreateFirewallPolicy |
Create a value of CreateFirewallPolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:description:CreateFirewallPolicy', createFirewallPolicy_description - A description of the firewall policy.
$sel:dryRun:CreateFirewallPolicy', createFirewallPolicy_dryRun - Indicates whether you want Network Firewall to just check the validity
of the request, rather than run the request.
If set to TRUE, Network Firewall checks whether the request can run
successfully, but doesn't actually make the requested changes. The call
returns the value that the request would return if you ran it with dry
run set to FALSE, but doesn't make additions or changes to your
resources. This option allows you to make sure that you have the
required permissions to run the request and that your request parameters
are valid.
If set to FALSE, Network Firewall makes the requested changes to your
resources.
$sel:tags:CreateFirewallPolicy', createFirewallPolicy_tags - The key:value pairs to associate with the resource.
$sel:firewallPolicyName:CreateFirewallPolicy', createFirewallPolicy_firewallPolicyName - The descriptive name of the firewall policy. You can't change the name
of a firewall policy after you create it.
$sel:firewallPolicy:CreateFirewallPolicy', createFirewallPolicy_firewallPolicy - The rule groups and policy actions to use in the firewall policy.
data CreateFirewallPolicyResponse Source #
See: newCreateFirewallPolicyResponse smart constructor.
Constructors
| CreateFirewallPolicyResponse' Int Text FirewallPolicyResponse |
Instances
newCreateFirewallPolicyResponse Source #
Arguments
| :: Int | |
| -> Text | |
| -> FirewallPolicyResponse | |
| -> CreateFirewallPolicyResponse |
Create a value of CreateFirewallPolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:CreateFirewallPolicyResponse', createFirewallPolicyResponse_httpStatus - The response's http status code.
$sel:updateToken:CreateFirewallPolicyResponse', createFirewallPolicyResponse_updateToken - A token used for optimistic locking. Network Firewall returns a token to
your requests that access the firewall policy. The token marks the state
of the policy resource at the time of the request.
To make changes to the policy, you provide the token in your request.
Network Firewall uses the token to ensure that the policy hasn't
changed since you last retrieved it. If it has changed, the operation
fails with an InvalidTokenException. If this happens, retrieve the
firewall policy again to get a current copy of it with current token.
Reapply your changes as needed, then try the operation again using the
new token.
$sel:firewallPolicyResponse:CreateFirewallPolicyResponse', createFirewallPolicyResponse_firewallPolicyResponse - The high-level properties of a firewall policy. This, along with the
FirewallPolicy, define the policy. You can retrieve all objects for a
firewall policy by calling DescribeFirewallPolicy.
UpdateLoggingConfiguration
data UpdateLoggingConfiguration Source #
See: newUpdateLoggingConfiguration smart constructor.
Constructors
| UpdateLoggingConfiguration' (Maybe Text) (Maybe LoggingConfiguration) (Maybe Text) |
Instances
newUpdateLoggingConfiguration :: UpdateLoggingConfiguration Source #
Create a value of UpdateLoggingConfiguration with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallArn:UpdateLoggingConfiguration', updateLoggingConfiguration_firewallArn - The Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
$sel:loggingConfiguration:UpdateLoggingConfiguration', updateLoggingConfiguration_loggingConfiguration - Defines how Network Firewall performs logging for a firewall. If you
omit this setting, Network Firewall disables logging for the firewall.
$sel:firewallName:UpdateLoggingConfiguration', updateLoggingConfiguration_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
You must specify the ARN or the name, and you can specify both.
data UpdateLoggingConfigurationResponse Source #
See: newUpdateLoggingConfigurationResponse smart constructor.
Constructors
| UpdateLoggingConfigurationResponse' (Maybe Text) (Maybe LoggingConfiguration) (Maybe Text) Int |
Instances
newUpdateLoggingConfigurationResponse Source #
Arguments
| :: Int | |
| -> UpdateLoggingConfigurationResponse |
Create a value of UpdateLoggingConfigurationResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallArn:UpdateLoggingConfiguration', updateLoggingConfigurationResponse_firewallArn - The Amazon Resource Name (ARN) of the firewall.
$sel:loggingConfiguration:UpdateLoggingConfiguration', updateLoggingConfigurationResponse_loggingConfiguration - Undocumented member.
$sel:firewallName:UpdateLoggingConfiguration', updateLoggingConfigurationResponse_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
$sel:httpStatus:UpdateLoggingConfigurationResponse', updateLoggingConfigurationResponse_httpStatus - The response's http status code.
DisassociateSubnets
data DisassociateSubnets Source #
See: newDisassociateSubnets smart constructor.
Instances
newDisassociateSubnets :: DisassociateSubnets Source #
Create a value of DisassociateSubnets with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:updateToken:DisassociateSubnets', disassociateSubnets_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:DisassociateSubnets', disassociateSubnets_firewallArn - The Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
$sel:firewallName:DisassociateSubnets', disassociateSubnets_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
You must specify the ARN or the name, and you can specify both.
$sel:subnetIds:DisassociateSubnets', disassociateSubnets_subnetIds - The unique identifiers for the subnets that you want to disassociate.
data DisassociateSubnetsResponse Source #
See: newDisassociateSubnetsResponse smart constructor.
Constructors
| DisassociateSubnetsResponse' (Maybe [SubnetMapping]) (Maybe Text) (Maybe Text) (Maybe Text) Int |
Instances
newDisassociateSubnetsResponse Source #
Create a value of DisassociateSubnetsResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:subnetMappings:DisassociateSubnetsResponse', disassociateSubnetsResponse_subnetMappings - The IDs of the subnets that are associated with the firewall.
$sel:updateToken:DisassociateSubnets', disassociateSubnetsResponse_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:DisassociateSubnets', disassociateSubnetsResponse_firewallArn - The Amazon Resource Name (ARN) of the firewall.
$sel:firewallName:DisassociateSubnets', disassociateSubnetsResponse_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
$sel:httpStatus:DisassociateSubnetsResponse', disassociateSubnetsResponse_httpStatus - The response's http status code.
ListTagsForResource (Paginated)
data ListTagsForResource Source #
See: newListTagsForResource smart constructor.
Instances
newListTagsForResource Source #
Arguments
| :: Text | |
| -> ListTagsForResource |
Create a value of ListTagsForResource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:nextToken:ListTagsForResource', listTagsForResource_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Network Firewall returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:maxResults:ListTagsForResource', listTagsForResource_maxResults - The maximum number of objects that you want Network Firewall to return
for this request. If more objects are available, in the response,
Network Firewall provides a NextToken value that you can use in a
subsequent call to get the next batch of objects.
$sel:resourceArn:ListTagsForResource', listTagsForResource_resourceArn - The Amazon Resource Name (ARN) of the resource.
data ListTagsForResourceResponse Source #
See: newListTagsForResourceResponse smart constructor.
Instances
newListTagsForResourceResponse Source #
Create a value of ListTagsForResourceResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:nextToken:ListTagsForResource', listTagsForResourceResponse_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Network Firewall returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:tags:ListTagsForResourceResponse', listTagsForResourceResponse_tags - The tags that are associated with the resource.
$sel:httpStatus:ListTagsForResourceResponse', listTagsForResourceResponse_httpStatus - The response's http status code.
ListFirewallPolicies (Paginated)
data ListFirewallPolicies Source #
See: newListFirewallPolicies smart constructor.
Constructors
| ListFirewallPolicies' (Maybe Text) (Maybe Natural) |
Instances
newListFirewallPolicies :: ListFirewallPolicies Source #
Create a value of ListFirewallPolicies with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:nextToken:ListFirewallPolicies', listFirewallPolicies_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Network Firewall returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:maxResults:ListFirewallPolicies', listFirewallPolicies_maxResults - The maximum number of objects that you want Network Firewall to return
for this request. If more objects are available, in the response,
Network Firewall provides a NextToken value that you can use in a
subsequent call to get the next batch of objects.
data ListFirewallPoliciesResponse Source #
See: newListFirewallPoliciesResponse smart constructor.
Constructors
| ListFirewallPoliciesResponse' (Maybe [FirewallPolicyMetadata]) (Maybe Text) Int |
Instances
newListFirewallPoliciesResponse Source #
Create a value of ListFirewallPoliciesResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallPolicies:ListFirewallPoliciesResponse', listFirewallPoliciesResponse_firewallPolicies - The metadata for the firewall policies. Depending on your setting for
max results and the number of firewall policies that you have, this
might not be the full list.
$sel:nextToken:ListFirewallPolicies', listFirewallPoliciesResponse_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Network Firewall returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:httpStatus:ListFirewallPoliciesResponse', listFirewallPoliciesResponse_httpStatus - The response's http status code.
UpdateFirewallDeleteProtection
data UpdateFirewallDeleteProtection Source #
See: newUpdateFirewallDeleteProtection smart constructor.
Instances
newUpdateFirewallDeleteProtection Source #
Arguments
| :: Bool | |
| -> UpdateFirewallDeleteProtection |
Create a value of UpdateFirewallDeleteProtection with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:updateToken:UpdateFirewallDeleteProtection', updateFirewallDeleteProtection_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:UpdateFirewallDeleteProtection', updateFirewallDeleteProtection_firewallArn - The Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
$sel:firewallName:UpdateFirewallDeleteProtection', updateFirewallDeleteProtection_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
You must specify the ARN or the name, and you can specify both.
$sel:deleteProtection:UpdateFirewallDeleteProtection', updateFirewallDeleteProtection_deleteProtection - A flag indicating whether it is possible to delete the firewall. A
setting of TRUE indicates that the firewall is protected against
deletion. Use this setting to protect against accidentally deleting a
firewall that is in use. When you create a firewall, the operation
initializes this flag to TRUE.
data UpdateFirewallDeleteProtectionResponse Source #
See: newUpdateFirewallDeleteProtectionResponse smart constructor.
Constructors
| UpdateFirewallDeleteProtectionResponse' (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) Int |
Instances
newUpdateFirewallDeleteProtectionResponse Source #
Arguments
| :: Int | |
| -> UpdateFirewallDeleteProtectionResponse |
Create a value of UpdateFirewallDeleteProtectionResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:updateToken:UpdateFirewallDeleteProtection', updateFirewallDeleteProtectionResponse_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:UpdateFirewallDeleteProtection', updateFirewallDeleteProtectionResponse_firewallArn - The Amazon Resource Name (ARN) of the firewall.
$sel:deleteProtection:UpdateFirewallDeleteProtection', updateFirewallDeleteProtectionResponse_deleteProtection -
$sel:firewallName:UpdateFirewallDeleteProtection', updateFirewallDeleteProtectionResponse_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
$sel:httpStatus:UpdateFirewallDeleteProtectionResponse', updateFirewallDeleteProtectionResponse_httpStatus - The response's http status code.
CreateRuleGroup
data CreateRuleGroup Source #
See: newCreateRuleGroup smart constructor.
Constructors
| CreateRuleGroup' (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe (NonEmpty Tag)) (Maybe RuleGroup) Text RuleGroupType Int |
Instances
Arguments
| :: Text | |
| -> RuleGroupType | |
| -> Int | |
| -> CreateRuleGroup |
Create a value of CreateRuleGroup with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:rules:CreateRuleGroup', createRuleGroup_rules - A string containing stateful rule group rules specifications in Suricata
flat format, with one rule per line. Use this to import your existing
Suricata compatible rule groups.
You must provide either this rules setting or a populated RuleGroup
setting, but not both.
You can provide your rule group specification in Suricata flat format through this setting when you create or update your rule group. The call response returns a RuleGroup object that Network Firewall has populated from your string.
$sel:description:CreateRuleGroup', createRuleGroup_description - A description of the rule group.
$sel:dryRun:CreateRuleGroup', createRuleGroup_dryRun - Indicates whether you want Network Firewall to just check the validity
of the request, rather than run the request.
If set to TRUE, Network Firewall checks whether the request can run
successfully, but doesn't actually make the requested changes. The call
returns the value that the request would return if you ran it with dry
run set to FALSE, but doesn't make additions or changes to your
resources. This option allows you to make sure that you have the
required permissions to run the request and that your request parameters
are valid.
If set to FALSE, Network Firewall makes the requested changes to your
resources.
$sel:tags:CreateRuleGroup', createRuleGroup_tags - The key:value pairs to associate with the resource.
$sel:ruleGroup:CreateRuleGroup', createRuleGroup_ruleGroup - An object that defines the rule group rules.
You must provide either this rule group setting or a Rules setting,
but not both.
$sel:ruleGroupName:CreateRuleGroup', createRuleGroup_ruleGroupName - The descriptive name of the rule group. You can't change the name of a
rule group after you create it.
$sel:type':CreateRuleGroup', createRuleGroup_type - Indicates whether the rule group is stateless or stateful. If the rule
group is stateless, it contains stateless rules. If it is stateful, it
contains stateful rules.
$sel:capacity:CreateRuleGroup', createRuleGroup_capacity - The maximum operating resources that this rule group can use. Rule group
capacity is fixed at creation. When you update a rule group, you are
limited to this capacity. When you reference a rule group from a
firewall policy, Network Firewall reserves this capacity for the rule
group.
You can retrieve the capacity that would be required for a rule group
before you create the rule group by calling CreateRuleGroup with
DryRun set to TRUE.
You can't change or exceed this capacity when you update the rule group, so leave room for your rule group to grow.
Capacity for a stateless rule group
For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules that you expect to have in the rule group.
To calculate the capacity requirement of a single rule, multiply the capacity requirement values of each of the rule's match settings:
- A match setting with no criteria specified has a value of 1.
- A match setting with
Anyspecified has a value of 1. - All other match settings have a value equal to the number of elements provided in the setting. For example, a protocol setting ["UDP"] and a source setting ["10.0.0.0/24"] each have a value of 1. A protocol setting ["UDP","TCP"] has a value of 2. A source setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"] has a value of 3.
A rule with no criteria specified in any of its match settings has a capacity requirement of 1. A rule with protocol setting ["UDP","TCP"], source setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"], and a single specification or no specification for each of the other match settings has a capacity requirement of 6.
Capacity for a stateful rule group
For a stateful rule group, the minimum capacity required is the number of individual rules that you expect to have in the rule group.
data CreateRuleGroupResponse Source #
See: newCreateRuleGroupResponse smart constructor.
Constructors
| CreateRuleGroupResponse' Int Text RuleGroupResponse |
Instances
newCreateRuleGroupResponse Source #
Arguments
| :: Int | |
| -> Text | |
| -> RuleGroupResponse | |
| -> CreateRuleGroupResponse |
Create a value of CreateRuleGroupResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:CreateRuleGroupResponse', createRuleGroupResponse_httpStatus - The response's http status code.
$sel:updateToken:CreateRuleGroupResponse', createRuleGroupResponse_updateToken - A token used for optimistic locking. Network Firewall returns a token to
your requests that access the rule group. The token marks the state of
the rule group resource at the time of the request.
To make changes to the rule group, you provide the token in your
request. Network Firewall uses the token to ensure that the rule group
hasn't changed since you last retrieved it. If it has changed, the
operation fails with an InvalidTokenException. If this happens,
retrieve the rule group again to get a current copy of it with a current
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:ruleGroupResponse:CreateRuleGroupResponse', createRuleGroupResponse_ruleGroupResponse - The high-level properties of a rule group. This, along with the
RuleGroup, define the rule group. You can retrieve all objects for a
rule group by calling DescribeRuleGroup.
DescribeFirewallPolicy
data DescribeFirewallPolicy Source #
See: newDescribeFirewallPolicy smart constructor.
Constructors
| DescribeFirewallPolicy' (Maybe Text) (Maybe Text) |
Instances
newDescribeFirewallPolicy :: DescribeFirewallPolicy Source #
Create a value of DescribeFirewallPolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallPolicyName:DescribeFirewallPolicy', describeFirewallPolicy_firewallPolicyName - The descriptive name of the firewall policy. You can't change the name
of a firewall policy after you create it.
You must specify the ARN or the name, and you can specify both.
$sel:firewallPolicyArn:DescribeFirewallPolicy', describeFirewallPolicy_firewallPolicyArn - The Amazon Resource Name (ARN) of the firewall policy.
You must specify the ARN or the name, and you can specify both.
data DescribeFirewallPolicyResponse Source #
See: newDescribeFirewallPolicyResponse smart constructor.
Instances
newDescribeFirewallPolicyResponse Source #
Arguments
| :: Int | |
| -> Text | |
| -> FirewallPolicyResponse | |
| -> DescribeFirewallPolicyResponse |
Create a value of DescribeFirewallPolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallPolicy:DescribeFirewallPolicyResponse', describeFirewallPolicyResponse_firewallPolicy - The policy for the specified firewall policy.
$sel:httpStatus:DescribeFirewallPolicyResponse', describeFirewallPolicyResponse_httpStatus - The response's http status code.
$sel:updateToken:DescribeFirewallPolicyResponse', describeFirewallPolicyResponse_updateToken - A token used for optimistic locking. Network Firewall returns a token to
your requests that access the firewall policy. The token marks the state
of the policy resource at the time of the request.
To make changes to the policy, you provide the token in your request.
Network Firewall uses the token to ensure that the policy hasn't
changed since you last retrieved it. If it has changed, the operation
fails with an InvalidTokenException. If this happens, retrieve the
firewall policy again to get a current copy of it with current token.
Reapply your changes as needed, then try the operation again using the
new token.
$sel:firewallPolicyResponse:DescribeFirewallPolicyResponse', describeFirewallPolicyResponse_firewallPolicyResponse - The high-level properties of a firewall policy. This, along with the
FirewallPolicy, define the policy. You can retrieve all objects for a
firewall policy by calling DescribeFirewallPolicy.
UpdateFirewallDescription
data UpdateFirewallDescription Source #
See: newUpdateFirewallDescription smart constructor.
Instances
newUpdateFirewallDescription :: UpdateFirewallDescription Source #
Create a value of UpdateFirewallDescription with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:updateToken:UpdateFirewallDescription', updateFirewallDescription_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:UpdateFirewallDescription', updateFirewallDescription_firewallArn - The Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
$sel:description:UpdateFirewallDescription', updateFirewallDescription_description - The new description for the firewall. If you omit this setting, Network
Firewall removes the description for the firewall.
$sel:firewallName:UpdateFirewallDescription', updateFirewallDescription_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
You must specify the ARN or the name, and you can specify both.
data UpdateFirewallDescriptionResponse Source #
See: newUpdateFirewallDescriptionResponse smart constructor.
Constructors
| UpdateFirewallDescriptionResponse' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) Int |
Instances
newUpdateFirewallDescriptionResponse Source #
Arguments
| :: Int | |
| -> UpdateFirewallDescriptionResponse |
Create a value of UpdateFirewallDescriptionResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:updateToken:UpdateFirewallDescription', updateFirewallDescriptionResponse_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:UpdateFirewallDescription', updateFirewallDescriptionResponse_firewallArn - The Amazon Resource Name (ARN) of the firewall.
$sel:description:UpdateFirewallDescription', updateFirewallDescriptionResponse_description - A description of the firewall.
$sel:firewallName:UpdateFirewallDescription', updateFirewallDescriptionResponse_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
$sel:httpStatus:UpdateFirewallDescriptionResponse', updateFirewallDescriptionResponse_httpStatus - The response's http status code.
DescribeRuleGroup
data DescribeRuleGroup Source #
See: newDescribeRuleGroup smart constructor.
Constructors
| DescribeRuleGroup' (Maybe Text) (Maybe RuleGroupType) (Maybe Text) |
Instances
newDescribeRuleGroup :: DescribeRuleGroup Source #
Create a value of DescribeRuleGroup with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:ruleGroupArn:DescribeRuleGroup', describeRuleGroup_ruleGroupArn - The Amazon Resource Name (ARN) of the rule group.
You must specify the ARN or the name, and you can specify both.
$sel:type':DescribeRuleGroup', describeRuleGroup_type - Indicates whether the rule group is stateless or stateful. If the rule
group is stateless, it contains stateless rules. If it is stateful, it
contains stateful rules.
This setting is required for requests that do not include the
RuleGroupARN.
$sel:ruleGroupName:DescribeRuleGroup', describeRuleGroup_ruleGroupName - The descriptive name of the rule group. You can't change the name of a
rule group after you create it.
You must specify the ARN or the name, and you can specify both.
data DescribeRuleGroupResponse Source #
See: newDescribeRuleGroupResponse smart constructor.
Constructors
| DescribeRuleGroupResponse' (Maybe RuleGroup) Int Text RuleGroupResponse |
Instances
newDescribeRuleGroupResponse Source #
Arguments
| :: Int | |
| -> Text | |
| -> RuleGroupResponse | |
| -> DescribeRuleGroupResponse |
Create a value of DescribeRuleGroupResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:ruleGroup:DescribeRuleGroupResponse', describeRuleGroupResponse_ruleGroup - The object that defines the rules in a rule group. This, along with
RuleGroupResponse, define the rule group. You can retrieve all objects
for a rule group by calling DescribeRuleGroup.
AWS Network Firewall uses a rule group to inspect and control network traffic. You define stateless rule groups to inspect individual packets and you define stateful rule groups to inspect packets in the context of their traffic flow.
To use a rule group, you include it by reference in an Network Firewall firewall policy, then you use the policy in a firewall. You can reference a rule group from more than one firewall policy, and you can use a firewall policy in more than one firewall.
$sel:httpStatus:DescribeRuleGroupResponse', describeRuleGroupResponse_httpStatus - The response's http status code.
$sel:updateToken:DescribeRuleGroupResponse', describeRuleGroupResponse_updateToken - A token used for optimistic locking. Network Firewall returns a token to
your requests that access the rule group. The token marks the state of
the rule group resource at the time of the request.
To make changes to the rule group, you provide the token in your
request. Network Firewall uses the token to ensure that the rule group
hasn't changed since you last retrieved it. If it has changed, the
operation fails with an InvalidTokenException. If this happens,
retrieve the rule group again to get a current copy of it with a current
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:ruleGroupResponse:DescribeRuleGroupResponse', describeRuleGroupResponse_ruleGroupResponse - The high-level properties of a rule group. This, along with the
RuleGroup, define the rule group. You can retrieve all objects for a
rule group by calling DescribeRuleGroup.
DeleteFirewall
data DeleteFirewall Source #
See: newDeleteFirewall smart constructor.
Constructors
| DeleteFirewall' (Maybe Text) (Maybe Text) |
Instances
newDeleteFirewall :: DeleteFirewall Source #
Create a value of DeleteFirewall with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallArn:DeleteFirewall', deleteFirewall_firewallArn - The Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
$sel:firewallName:DeleteFirewall', deleteFirewall_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
You must specify the ARN or the name, and you can specify both.
data DeleteFirewallResponse Source #
See: newDeleteFirewallResponse smart constructor.
Constructors
| DeleteFirewallResponse' (Maybe FirewallStatus) (Maybe Firewall) Int |
Instances
newDeleteFirewallResponse Source #
Create a value of DeleteFirewallResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallStatus:DeleteFirewallResponse', deleteFirewallResponse_firewallStatus - Undocumented member.
$sel:firewall:DeleteFirewallResponse', deleteFirewallResponse_firewall - Undocumented member.
$sel:httpStatus:DeleteFirewallResponse', deleteFirewallResponse_httpStatus - The response's http status code.
ListFirewalls (Paginated)
data ListFirewalls Source #
See: newListFirewalls smart constructor.
Instances
newListFirewalls :: ListFirewalls Source #
Create a value of ListFirewalls with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:nextToken:ListFirewalls', listFirewalls_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Network Firewall returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:vpcIds:ListFirewalls', listFirewalls_vpcIds - The unique identifiers of the VPCs that you want Network Firewall to
retrieve the firewalls for. Leave this blank to retrieve all firewalls
that you have defined.
$sel:maxResults:ListFirewalls', listFirewalls_maxResults - The maximum number of objects that you want Network Firewall to return
for this request. If more objects are available, in the response,
Network Firewall provides a NextToken value that you can use in a
subsequent call to get the next batch of objects.
data ListFirewallsResponse Source #
See: newListFirewallsResponse smart constructor.
Constructors
| ListFirewallsResponse' (Maybe Text) (Maybe [FirewallMetadata]) Int |
Instances
newListFirewallsResponse Source #
Create a value of ListFirewallsResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:nextToken:ListFirewalls', listFirewallsResponse_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Network Firewall returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:firewalls:ListFirewallsResponse', listFirewallsResponse_firewalls - The firewall metadata objects for the VPCs that you specified. Depending
on your setting for max results and the number of firewalls you have, a
single call might not be the full list.
$sel:httpStatus:ListFirewallsResponse', listFirewallsResponse_httpStatus - The response's http status code.
DescribeResourcePolicy
data DescribeResourcePolicy Source #
See: newDescribeResourcePolicy smart constructor.
Constructors
| DescribeResourcePolicy' Text |
Instances
newDescribeResourcePolicy Source #
Create a value of DescribeResourcePolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:DescribeResourcePolicy', describeResourcePolicy_resourceArn - The Amazon Resource Name (ARN) of the rule group or firewall policy
whose resource policy you want to retrieve.
data DescribeResourcePolicyResponse Source #
See: newDescribeResourcePolicyResponse smart constructor.
Constructors
| DescribeResourcePolicyResponse' (Maybe Text) Int |
Instances
newDescribeResourcePolicyResponse Source #
Create a value of DescribeResourcePolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:policy:DescribeResourcePolicyResponse', describeResourcePolicyResponse_policy - The AWS Identity and Access Management policy for the resource.
$sel:httpStatus:DescribeResourcePolicyResponse', describeResourcePolicyResponse_httpStatus - The response's http status code.
AssociateFirewallPolicy
data AssociateFirewallPolicy Source #
See: newAssociateFirewallPolicy smart constructor.
Instances
newAssociateFirewallPolicy Source #
Create a value of AssociateFirewallPolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:updateToken:AssociateFirewallPolicy', associateFirewallPolicy_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:AssociateFirewallPolicy', associateFirewallPolicy_firewallArn - The Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
$sel:firewallName:AssociateFirewallPolicy', associateFirewallPolicy_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
You must specify the ARN or the name, and you can specify both.
$sel:firewallPolicyArn:AssociateFirewallPolicy', associateFirewallPolicy_firewallPolicyArn - The Amazon Resource Name (ARN) of the firewall policy.
data AssociateFirewallPolicyResponse Source #
See: newAssociateFirewallPolicyResponse smart constructor.
Constructors
| AssociateFirewallPolicyResponse' (Maybe Text) (Maybe Text) (Maybe Text) (Maybe Text) Int |
Instances
newAssociateFirewallPolicyResponse Source #
Create a value of AssociateFirewallPolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:updateToken:AssociateFirewallPolicy', associateFirewallPolicyResponse_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:AssociateFirewallPolicy', associateFirewallPolicyResponse_firewallArn - The Amazon Resource Name (ARN) of the firewall.
$sel:firewallPolicyArn:AssociateFirewallPolicy', associateFirewallPolicyResponse_firewallPolicyArn - The Amazon Resource Name (ARN) of the firewall policy.
$sel:firewallName:AssociateFirewallPolicy', associateFirewallPolicyResponse_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
$sel:httpStatus:AssociateFirewallPolicyResponse', associateFirewallPolicyResponse_httpStatus - The response's http status code.
UpdateFirewallPolicyChangeProtection
data UpdateFirewallPolicyChangeProtection Source #
See: newUpdateFirewallPolicyChangeProtection smart constructor.
Instances
newUpdateFirewallPolicyChangeProtection Source #
Arguments
| :: Bool |
|
| -> UpdateFirewallPolicyChangeProtection |
Create a value of UpdateFirewallPolicyChangeProtection with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:updateToken:UpdateFirewallPolicyChangeProtection', updateFirewallPolicyChangeProtection_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:UpdateFirewallPolicyChangeProtection', updateFirewallPolicyChangeProtection_firewallArn - The Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
$sel:firewallName:UpdateFirewallPolicyChangeProtection', updateFirewallPolicyChangeProtection_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
You must specify the ARN or the name, and you can specify both.
$sel:firewallPolicyChangeProtection:UpdateFirewallPolicyChangeProtection', updateFirewallPolicyChangeProtection_firewallPolicyChangeProtection - A setting indicating whether the firewall is protected against a change
to the firewall policy association. Use this setting to protect against
accidentally modifying the firewall policy for a firewall that is in
use. When you create a firewall, the operation initializes this setting
to TRUE.
data UpdateFirewallPolicyChangeProtectionResponse Source #
See: newUpdateFirewallPolicyChangeProtectionResponse smart constructor.
Constructors
| UpdateFirewallPolicyChangeProtectionResponse' (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe Text) Int |
Instances
newUpdateFirewallPolicyChangeProtectionResponse Source #
Arguments
| :: Int |
|
| -> UpdateFirewallPolicyChangeProtectionResponse |
Create a value of UpdateFirewallPolicyChangeProtectionResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:updateToken:UpdateFirewallPolicyChangeProtection', updateFirewallPolicyChangeProtectionResponse_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewallArn:UpdateFirewallPolicyChangeProtection', updateFirewallPolicyChangeProtectionResponse_firewallArn - The Amazon Resource Name (ARN) of the firewall.
$sel:firewallPolicyChangeProtection:UpdateFirewallPolicyChangeProtection', updateFirewallPolicyChangeProtectionResponse_firewallPolicyChangeProtection - A setting indicating whether the firewall is protected against a change
to the firewall policy association. Use this setting to protect against
accidentally modifying the firewall policy for a firewall that is in
use. When you create a firewall, the operation initializes this setting
to TRUE.
$sel:firewallName:UpdateFirewallPolicyChangeProtection', updateFirewallPolicyChangeProtectionResponse_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
$sel:httpStatus:UpdateFirewallPolicyChangeProtectionResponse', updateFirewallPolicyChangeProtectionResponse_httpStatus - The response's http status code.
CreateFirewall
data CreateFirewall Source #
See: newCreateFirewall smart constructor.
Constructors
| CreateFirewall' (Maybe Bool) (Maybe Bool) (Maybe Bool) (Maybe Text) (Maybe (NonEmpty Tag)) Text Text Text [SubnetMapping] |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> Text | |
| -> CreateFirewall |
Create a value of CreateFirewall with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallPolicyChangeProtection:CreateFirewall', createFirewall_firewallPolicyChangeProtection - A setting indicating whether the firewall is protected against a change
to the firewall policy association. Use this setting to protect against
accidentally modifying the firewall policy for a firewall that is in
use. When you create a firewall, the operation initializes this setting
to TRUE.
$sel:subnetChangeProtection:CreateFirewall', createFirewall_subnetChangeProtection - A setting indicating whether the firewall is protected against changes
to the subnet associations. Use this setting to protect against
accidentally modifying the subnet associations for a firewall that is in
use. When you create a firewall, the operation initializes this setting
to TRUE.
$sel:deleteProtection:CreateFirewall', createFirewall_deleteProtection - A flag indicating whether it is possible to delete the firewall. A
setting of TRUE indicates that the firewall is protected against
deletion. Use this setting to protect against accidentally deleting a
firewall that is in use. When you create a firewall, the operation
initializes this flag to TRUE.
$sel:description:CreateFirewall', createFirewall_description - A description of the firewall.
$sel:tags:CreateFirewall', createFirewall_tags - The key:value pairs to associate with the resource.
$sel:firewallName:CreateFirewall', createFirewall_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
$sel:firewallPolicyArn:CreateFirewall', createFirewall_firewallPolicyArn - The Amazon Resource Name (ARN) of the FirewallPolicy that you want to
use for the firewall.
$sel:vpcId:CreateFirewall', createFirewall_vpcId - The unique identifier of the VPC where Network Firewall should create
the firewall.
You can't change this setting after you create the firewall.
$sel:subnetMappings:CreateFirewall', createFirewall_subnetMappings - The public subnets to use for your Network Firewall firewalls. Each
subnet must belong to a different Availability Zone in the VPC. Network
Firewall creates a firewall endpoint in each subnet.
data CreateFirewallResponse Source #
See: newCreateFirewallResponse smart constructor.
Constructors
| CreateFirewallResponse' (Maybe FirewallStatus) (Maybe Firewall) Int |
Instances
newCreateFirewallResponse Source #
Create a value of CreateFirewallResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallStatus:CreateFirewallResponse', createFirewallResponse_firewallStatus - Detailed information about the current status of a Firewall. You can
retrieve this for a firewall by calling DescribeFirewall and providing
the firewall name and ARN.
$sel:firewall:CreateFirewallResponse', createFirewallResponse_firewall - The configuration settings for the firewall. These settings include the
firewall policy and the subnets in your VPC to use for the firewall
endpoints.
$sel:httpStatus:CreateFirewallResponse', createFirewallResponse_httpStatus - The response's http status code.
ListRuleGroups (Paginated)
data ListRuleGroups Source #
See: newListRuleGroups smart constructor.
Constructors
| ListRuleGroups' (Maybe Text) (Maybe Natural) |
Instances
newListRuleGroups :: ListRuleGroups Source #
Create a value of ListRuleGroups with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:nextToken:ListRuleGroups', listRuleGroups_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Network Firewall returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:maxResults:ListRuleGroups', listRuleGroups_maxResults - The maximum number of objects that you want Network Firewall to return
for this request. If more objects are available, in the response,
Network Firewall provides a NextToken value that you can use in a
subsequent call to get the next batch of objects.
data ListRuleGroupsResponse Source #
See: newListRuleGroupsResponse smart constructor.
Constructors
| ListRuleGroupsResponse' (Maybe Text) (Maybe [RuleGroupMetadata]) Int |
Instances
newListRuleGroupsResponse Source #
Create a value of ListRuleGroupsResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:nextToken:ListRuleGroups', listRuleGroupsResponse_nextToken - When you request a list of objects with a MaxResults setting, if the
number of objects that are still available for retrieval exceeds the
maximum you requested, Network Firewall returns a NextToken value in
the response. To retrieve the next batch of objects, use the token
returned from the prior request in your next request.
$sel:ruleGroups:ListRuleGroupsResponse', listRuleGroupsResponse_ruleGroups - The rule group metadata objects that you've defined. Depending on your
setting for max results and the number of rule groups, this might not be
the full list.
$sel:httpStatus:ListRuleGroupsResponse', listRuleGroupsResponse_httpStatus - The response's http status code.
TagResource
data TagResource Source #
See: newTagResource smart constructor.
Constructors
| TagResource' Text (NonEmpty Tag) |
Instances
Create a value of TagResource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:TagResource', tagResource_resourceArn - The Amazon Resource Name (ARN) of the resource.
data TagResourceResponse Source #
See: newTagResourceResponse smart constructor.
Constructors
| TagResourceResponse' Int |
Instances
newTagResourceResponse Source #
Arguments
| :: Int | |
| -> TagResourceResponse |
Create a value of TagResourceResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:TagResourceResponse', tagResourceResponse_httpStatus - The response's http status code.
DeleteRuleGroup
data DeleteRuleGroup Source #
See: newDeleteRuleGroup smart constructor.
Constructors
| DeleteRuleGroup' (Maybe Text) (Maybe RuleGroupType) (Maybe Text) |
Instances
newDeleteRuleGroup :: DeleteRuleGroup Source #
Create a value of DeleteRuleGroup with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:ruleGroupArn:DeleteRuleGroup', deleteRuleGroup_ruleGroupArn - The Amazon Resource Name (ARN) of the rule group.
You must specify the ARN or the name, and you can specify both.
$sel:type':DeleteRuleGroup', deleteRuleGroup_type - Indicates whether the rule group is stateless or stateful. If the rule
group is stateless, it contains stateless rules. If it is stateful, it
contains stateful rules.
This setting is required for requests that do not include the
RuleGroupARN.
$sel:ruleGroupName:DeleteRuleGroup', deleteRuleGroup_ruleGroupName - The descriptive name of the rule group. You can't change the name of a
rule group after you create it.
You must specify the ARN or the name, and you can specify both.
data DeleteRuleGroupResponse Source #
See: newDeleteRuleGroupResponse smart constructor.
Constructors
| DeleteRuleGroupResponse' Int RuleGroupResponse |
Instances
newDeleteRuleGroupResponse Source #
Arguments
| :: Int | |
| -> RuleGroupResponse | |
| -> DeleteRuleGroupResponse |
Create a value of DeleteRuleGroupResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:DeleteRuleGroupResponse', deleteRuleGroupResponse_httpStatus - The response's http status code.
$sel:ruleGroupResponse:DeleteRuleGroupResponse', deleteRuleGroupResponse_ruleGroupResponse - The high-level properties of a rule group. This, along with the
RuleGroup, define the rule group. You can retrieve all objects for a
rule group by calling DescribeRuleGroup.
UpdateRuleGroup
data UpdateRuleGroup Source #
See: newUpdateRuleGroup smart constructor.
Constructors
| UpdateRuleGroup' (Maybe Text) (Maybe Text) (Maybe RuleGroupType) (Maybe Text) (Maybe Text) (Maybe Bool) (Maybe RuleGroup) Text |
Instances
Arguments
| :: Text | |
| -> UpdateRuleGroup |
Create a value of UpdateRuleGroup with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:ruleGroupArn:UpdateRuleGroup', updateRuleGroup_ruleGroupArn - The Amazon Resource Name (ARN) of the rule group.
You must specify the ARN or the name, and you can specify both.
$sel:rules:UpdateRuleGroup', updateRuleGroup_rules - A string containing stateful rule group rules specifications in Suricata
flat format, with one rule per line. Use this to import your existing
Suricata compatible rule groups.
You must provide either this rules setting or a populated RuleGroup
setting, but not both.
You can provide your rule group specification in Suricata flat format through this setting when you create or update your rule group. The call response returns a RuleGroup object that Network Firewall has populated from your string.
$sel:type':UpdateRuleGroup', updateRuleGroup_type - Indicates whether the rule group is stateless or stateful. If the rule
group is stateless, it contains stateless rules. If it is stateful, it
contains stateful rules.
This setting is required for requests that do not include the
RuleGroupARN.
$sel:description:UpdateRuleGroup', updateRuleGroup_description - A description of the rule group.
$sel:ruleGroupName:UpdateRuleGroup', updateRuleGroup_ruleGroupName - The descriptive name of the rule group. You can't change the name of a
rule group after you create it.
You must specify the ARN or the name, and you can specify both.
$sel:dryRun:UpdateRuleGroup', updateRuleGroup_dryRun - Indicates whether you want Network Firewall to just check the validity
of the request, rather than run the request.
If set to TRUE, Network Firewall checks whether the request can run
successfully, but doesn't actually make the requested changes. The call
returns the value that the request would return if you ran it with dry
run set to FALSE, but doesn't make additions or changes to your
resources. This option allows you to make sure that you have the
required permissions to run the request and that your request parameters
are valid.
If set to FALSE, Network Firewall makes the requested changes to your
resources.
$sel:ruleGroup:UpdateRuleGroup', updateRuleGroup_ruleGroup - An object that defines the rule group rules.
You must provide either this rule group setting or a Rules setting,
but not both.
$sel:updateToken:UpdateRuleGroup', updateRuleGroup_updateToken - A token used for optimistic locking. Network Firewall returns a token to
your requests that access the rule group. The token marks the state of
the rule group resource at the time of the request.
To make changes to the rule group, you provide the token in your
request. Network Firewall uses the token to ensure that the rule group
hasn't changed since you last retrieved it. If it has changed, the
operation fails with an InvalidTokenException. If this happens,
retrieve the rule group again to get a current copy of it with a current
token. Reapply your changes as needed, then try the operation again
using the new token.
data UpdateRuleGroupResponse Source #
See: newUpdateRuleGroupResponse smart constructor.
Constructors
| UpdateRuleGroupResponse' Int Text RuleGroupResponse |
Instances
newUpdateRuleGroupResponse Source #
Arguments
| :: Int | |
| -> Text | |
| -> RuleGroupResponse | |
| -> UpdateRuleGroupResponse |
Create a value of UpdateRuleGroupResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:UpdateRuleGroupResponse', updateRuleGroupResponse_httpStatus - The response's http status code.
$sel:updateToken:UpdateRuleGroup', updateRuleGroupResponse_updateToken - A token used for optimistic locking. Network Firewall returns a token to
your requests that access the rule group. The token marks the state of
the rule group resource at the time of the request.
To make changes to the rule group, you provide the token in your
request. Network Firewall uses the token to ensure that the rule group
hasn't changed since you last retrieved it. If it has changed, the
operation fails with an InvalidTokenException. If this happens,
retrieve the rule group again to get a current copy of it with a current
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:ruleGroupResponse:UpdateRuleGroupResponse', updateRuleGroupResponse_ruleGroupResponse - The high-level properties of a rule group. This, along with the
RuleGroup, define the rule group. You can retrieve all objects for a
rule group by calling DescribeRuleGroup.
PutResourcePolicy
data PutResourcePolicy Source #
See: newPutResourcePolicy smart constructor.
Constructors
| PutResourcePolicy' Text Text |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> PutResourcePolicy |
Create a value of PutResourcePolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:PutResourcePolicy', putResourcePolicy_resourceArn - The Amazon Resource Name (ARN) of the account that you want to share
rule groups and firewall policies with.
$sel:policy:PutResourcePolicy', putResourcePolicy_policy - The AWS Identity and Access Management policy statement that lists the
accounts that you want to share your rule group or firewall policy with
and the operations that you want the accounts to be able to perform.
For a rule group resource, you can specify the following operations in the Actions section of the statement:
- network-firewall:CreateFirewallPolicy
- network-firewall:UpdateFirewallPolicy
- network-firewall:ListRuleGroups
For a firewall policy resource, you can specify the following operations in the Actions section of the statement:
- network-firewall:CreateFirewall
- network-firewall:UpdateFirewall
- network-firewall:AssociateFirewallPolicy
- network-firewall:ListFirewallPolicies
In the Resource section of the statement, you specify the ARNs for the
rule groups and firewall policies that you want to share with the
account that you specified in Arn.
data PutResourcePolicyResponse Source #
See: newPutResourcePolicyResponse smart constructor.
Constructors
| PutResourcePolicyResponse' Int |
Instances
newPutResourcePolicyResponse Source #
Create a value of PutResourcePolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:PutResourcePolicyResponse', putResourcePolicyResponse_httpStatus - The response's http status code.
DescribeFirewall
data DescribeFirewall Source #
See: newDescribeFirewall smart constructor.
Constructors
| DescribeFirewall' (Maybe Text) (Maybe Text) |
Instances
newDescribeFirewall :: DescribeFirewall Source #
Create a value of DescribeFirewall with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallArn:DescribeFirewall', describeFirewall_firewallArn - The Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
$sel:firewallName:DescribeFirewall', describeFirewall_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
You must specify the ARN or the name, and you can specify both.
data DescribeFirewallResponse Source #
See: newDescribeFirewallResponse smart constructor.
Constructors
| DescribeFirewallResponse' (Maybe FirewallStatus) (Maybe Text) (Maybe Firewall) Int |
Instances
newDescribeFirewallResponse Source #
Create a value of DescribeFirewallResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallStatus:DescribeFirewallResponse', describeFirewallResponse_firewallStatus - Detailed information about the current status of a Firewall. You can
retrieve this for a firewall by calling DescribeFirewall and providing
the firewall name and ARN.
$sel:updateToken:DescribeFirewallResponse', describeFirewallResponse_updateToken - An optional token that you can use for optimistic locking. Network
Firewall returns a token to your requests that access the firewall. The
token marks the state of the firewall resource at the time of the
request.
To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.
To make a conditional change to the firewall, provide the token in your
update request. Network Firewall uses the token to ensure that the
firewall hasn't changed since you last retrieved it. If it has changed,
the operation fails with an InvalidTokenException. If this happens,
retrieve the firewall again to get a current copy of it with a new
token. Reapply your changes as needed, then try the operation again
using the new token.
$sel:firewall:DescribeFirewallResponse', describeFirewallResponse_firewall - The configuration settings for the firewall. These settings include the
firewall policy and the subnets in your VPC to use for the firewall
endpoints.
$sel:httpStatus:DescribeFirewallResponse', describeFirewallResponse_httpStatus - The response's http status code.
DeleteResourcePolicy
data DeleteResourcePolicy Source #
See: newDeleteResourcePolicy smart constructor.
Constructors
| DeleteResourcePolicy' Text |
Instances
newDeleteResourcePolicy Source #
Create a value of DeleteResourcePolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:DeleteResourcePolicy', deleteResourcePolicy_resourceArn - The Amazon Resource Name (ARN) of the rule group or firewall policy
whose resource policy you want to delete.
data DeleteResourcePolicyResponse Source #
See: newDeleteResourcePolicyResponse smart constructor.
Constructors
| DeleteResourcePolicyResponse' Int |
Instances
newDeleteResourcePolicyResponse Source #
Create a value of DeleteResourcePolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:DeleteResourcePolicyResponse', deleteResourcePolicyResponse_httpStatus - The response's http status code.
UntagResource
data UntagResource Source #
See: newUntagResource smart constructor.
Constructors
| UntagResource' Text (NonEmpty Text) |
Instances
Arguments
| :: Text | |
| -> NonEmpty Text | |
| -> UntagResource |
Create a value of UntagResource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:UntagResource', untagResource_resourceArn - The Amazon Resource Name (ARN) of the resource.
data UntagResourceResponse Source #
See: newUntagResourceResponse smart constructor.
Constructors
| UntagResourceResponse' Int |
Instances
newUntagResourceResponse Source #
Create a value of UntagResourceResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:httpStatus:UntagResourceResponse', untagResourceResponse_httpStatus - The response's http status code.
DescribeLoggingConfiguration
data DescribeLoggingConfiguration Source #
See: newDescribeLoggingConfiguration smart constructor.
Constructors
| DescribeLoggingConfiguration' (Maybe Text) (Maybe Text) |
Instances
newDescribeLoggingConfiguration :: DescribeLoggingConfiguration Source #
Create a value of DescribeLoggingConfiguration with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallArn:DescribeLoggingConfiguration', describeLoggingConfiguration_firewallArn - The Amazon Resource Name (ARN) of the firewall.
You must specify the ARN or the name, and you can specify both.
$sel:firewallName:DescribeLoggingConfiguration', describeLoggingConfiguration_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
You must specify the ARN or the name, and you can specify both.
data DescribeLoggingConfigurationResponse Source #
See: newDescribeLoggingConfigurationResponse smart constructor.
Constructors
| DescribeLoggingConfigurationResponse' (Maybe Text) (Maybe LoggingConfiguration) Int |
Instances
newDescribeLoggingConfigurationResponse Source #
Arguments
| :: Int | |
| -> DescribeLoggingConfigurationResponse |
Create a value of DescribeLoggingConfigurationResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallArn:DescribeLoggingConfiguration', describeLoggingConfigurationResponse_firewallArn - The Amazon Resource Name (ARN) of the firewall.
$sel:loggingConfiguration:DescribeLoggingConfigurationResponse', describeLoggingConfigurationResponse_loggingConfiguration - Undocumented member.
$sel:httpStatus:DescribeLoggingConfigurationResponse', describeLoggingConfigurationResponse_httpStatus - The response's http status code.
Types
AttachmentStatus
newtype AttachmentStatus Source #
Constructors
| AttachmentStatus' | |
Fields | |
Bundled Patterns
| pattern AttachmentStatus_CREATING :: AttachmentStatus | |
| pattern AttachmentStatus_DELETING :: AttachmentStatus | |
| pattern AttachmentStatus_READY :: AttachmentStatus | |
| pattern AttachmentStatus_SCALING :: AttachmentStatus |
Instances
ConfigurationSyncState
newtype ConfigurationSyncState Source #
Constructors
| ConfigurationSyncState' | |
Fields | |
Bundled Patterns
| pattern ConfigurationSyncState_IN_SYNC :: ConfigurationSyncState | |
| pattern ConfigurationSyncState_PENDING :: ConfigurationSyncState |
Instances
FirewallStatusValue
newtype FirewallStatusValue Source #
Constructors
| FirewallStatusValue' | |
Fields | |
Bundled Patterns
| pattern FirewallStatusValue_DELETING :: FirewallStatusValue | |
| pattern FirewallStatusValue_PROVISIONING :: FirewallStatusValue | |
| pattern FirewallStatusValue_READY :: FirewallStatusValue |
Instances
GeneratedRulesType
newtype GeneratedRulesType Source #
Constructors
| GeneratedRulesType' | |
Fields | |
Bundled Patterns
| pattern GeneratedRulesType_ALLOWLIST :: GeneratedRulesType | |
| pattern GeneratedRulesType_DENYLIST :: GeneratedRulesType |
Instances
LogDestinationType
newtype LogDestinationType Source #
Constructors
| LogDestinationType' | |
Fields | |
Bundled Patterns
| pattern LogDestinationType_CloudWatchLogs :: LogDestinationType | |
| pattern LogDestinationType_KinesisDataFirehose :: LogDestinationType | |
| pattern LogDestinationType_S3 :: LogDestinationType |
Instances
LogType
Constructors
| LogType' | |
Fields
| |
Bundled Patterns
| pattern LogType_ALERT :: LogType | |
| pattern LogType_FLOW :: LogType |
Instances
PerObjectSyncStatus
newtype PerObjectSyncStatus Source #
Constructors
| PerObjectSyncStatus' | |
Fields | |
Bundled Patterns
| pattern PerObjectSyncStatus_IN_SYNC :: PerObjectSyncStatus | |
| pattern PerObjectSyncStatus_PENDING :: PerObjectSyncStatus |
Instances
ResourceStatus
newtype ResourceStatus Source #
Constructors
| ResourceStatus' | |
Fields | |
Bundled Patterns
| pattern ResourceStatus_ACTIVE :: ResourceStatus | |
| pattern ResourceStatus_DELETING :: ResourceStatus |
Instances
RuleGroupType
newtype RuleGroupType Source #
Constructors
| RuleGroupType' | |
Fields | |
Bundled Patterns
| pattern RuleGroupType_STATEFUL :: RuleGroupType | |
| pattern RuleGroupType_STATELESS :: RuleGroupType |
Instances
RuleOrder
Constructors
| RuleOrder' | |
Fields | |
Bundled Patterns
| pattern RuleOrder_DEFAULT_ACTION_ORDER :: RuleOrder | |
| pattern RuleOrder_STRICT_ORDER :: RuleOrder |
Instances
StatefulAction
newtype StatefulAction Source #
Constructors
| StatefulAction' | |
Fields | |
Bundled Patterns
| pattern StatefulAction_ALERT :: StatefulAction | |
| pattern StatefulAction_DROP :: StatefulAction | |
| pattern StatefulAction_PASS :: StatefulAction |
Instances
StatefulRuleDirection
newtype StatefulRuleDirection Source #
Constructors
| StatefulRuleDirection' | |
Fields | |
Bundled Patterns
| pattern StatefulRuleDirection_ANY :: StatefulRuleDirection | |
| pattern StatefulRuleDirection_FORWARD :: StatefulRuleDirection |
Instances
StatefulRuleProtocol
newtype StatefulRuleProtocol Source #
Constructors
| StatefulRuleProtocol' | |
Fields | |
Bundled Patterns
Instances
TCPFlag
Constructors
| TCPFlag' | |
Fields
| |
Bundled Patterns
| pattern TCPFlag_ACK :: TCPFlag | |
| pattern TCPFlag_CWR :: TCPFlag | |
| pattern TCPFlag_ECE :: TCPFlag | |
| pattern TCPFlag_FIN :: TCPFlag | |
| pattern TCPFlag_PSH :: TCPFlag | |
| pattern TCPFlag_RST :: TCPFlag | |
| pattern TCPFlag_SYN :: TCPFlag | |
| pattern TCPFlag_URG :: TCPFlag |
Instances
TargetType
newtype TargetType Source #
Constructors
| TargetType' | |
Fields | |
Bundled Patterns
| pattern TargetType_HTTP_HOST :: TargetType | |
| pattern TargetType_TLS_SNI :: TargetType |
Instances
ActionDefinition
data ActionDefinition Source #
A custom action to use in stateless rule actions settings. This is used in CustomAction.
See: newActionDefinition smart constructor.
Constructors
| ActionDefinition' (Maybe PublishMetricAction) |
Instances
newActionDefinition :: ActionDefinition Source #
Create a value of ActionDefinition with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:publishMetricAction:ActionDefinition', actionDefinition_publishMetricAction - Stateless inspection criteria that publishes the specified metrics to
Amazon CloudWatch for the matching packet. This setting defines a
CloudWatch dimension value to be published.
You can pair this custom action with any of the standard stateless rule actions. For example, you could pair this in a rule action with the standard action that forwards the packet for stateful inspection. Then, when a packet matches the rule, Network Firewall publishes metrics for the packet and forwards it.
Address
A single IP address specification. This is used in the MatchAttributes source and destination specifications.
See: newAddress smart constructor.
Instances
| Eq Address Source # | |
| Read Address Source # | |
| Show Address Source # | |
| Generic Address Source # | |
| NFData Address Source # | |
Defined in Amazonka.NetworkFirewall.Types.Address | |
| Hashable Address Source # | |
Defined in Amazonka.NetworkFirewall.Types.Address | |
| ToJSON Address Source # | |
Defined in Amazonka.NetworkFirewall.Types.Address | |
| FromJSON Address Source # | |
| type Rep Address Source # | |
Defined in Amazonka.NetworkFirewall.Types.Address type Rep Address = D1 ('MetaData "Address" "Amazonka.NetworkFirewall.Types.Address" "libZSservicesZSamazonka-network-firewallZSamazonka-network-firewall" 'False) (C1 ('MetaCons "Address'" 'PrefixI 'True) (S1 ('MetaSel ('Just "addressDefinition") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) | |
Create a value of Address with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:addressDefinition:Address', address_addressDefinition - Specify an IP address or a block of IP addresses in Classless
Inter-Domain Routing (CIDR) notation. Network Firewall supports all
address ranges for IPv4.
Examples:
- To configure Network Firewall to inspect for the IP address
192.0.2.44, specify
192.0.2.44/32. - To configure Network Firewall to inspect for IP addresses from
192.0.2.0 to 192.0.2.255, specify
192.0.2.0/24.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.
Attachment
data Attachment Source #
The configuration and status for a single subnet that you've specified for use by the AWS Network Firewall firewall. This is part of the FirewallStatus.
See: newAttachment smart constructor.
Constructors
| Attachment' (Maybe AttachmentStatus) (Maybe Text) (Maybe Text) |
Instances
newAttachment :: Attachment Source #
Create a value of Attachment with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:status:Attachment', attachment_status - The current status of the firewall endpoint in the subnet. This value
reflects both the instantiation of the endpoint in the VPC subnet and
the sync states that are reported in the Config settings. When this
value is READY, the endpoint is available and configured properly to
handle network traffic. When the endpoint isn't available for traffic,
this value will reflect its state, for example CREATING, DELETING,
or FAILED.
$sel:subnetId:Attachment', attachment_subnetId - The unique identifier of the subnet that you've specified to be used
for a firewall endpoint.
$sel:endpointId:Attachment', attachment_endpointId - The identifier of the firewall endpoint that Network Firewall has
instantiated in the subnet. You use this to identify the firewall
endpoint in the VPC route tables, when you redirect the VPC traffic
through the endpoint.
CustomAction
data CustomAction Source #
An optional, non-standard action to use for stateless packet handling. You can define this in addition to the standard action that you must specify.
You define and name the custom actions that you want to be able to use, and then you reference them by name in your actions settings.
You can use custom actions in the following places:
- In a rule group's StatelessRulesAndCustomActions specification. The
custom actions are available for use by name inside the
StatelessRulesAndCustomActionswhere you define them. You can use them for your stateless rule actions to specify what to do with a packet that matches the rule's match attributes. - In a FirewallPolicy specification, in
StatelessCustomActions. The custom actions are available for use inside the policy where you define them. You can use them for the policy's default stateless actions settings to specify what to do with packets that don't match any of the policy's stateless rules.
See: newCustomAction smart constructor.
Constructors
| CustomAction' Text ActionDefinition |
Instances
Arguments
| :: Text | |
| -> ActionDefinition | |
| -> CustomAction |
Create a value of CustomAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:actionName:CustomAction', customAction_actionName - The descriptive name of the custom action. You can't change the name of
a custom action after you create it.
$sel:actionDefinition:CustomAction', customAction_actionDefinition - The custom action associated with the action name.
Dimension
The value to use in an Amazon CloudWatch custom metric dimension. This
is used in the PublishMetrics CustomAction. A CloudWatch custom metric
dimension is a name/value pair that's part of the identity of a
metric.
AWS Network Firewall sets the dimension name to CustomAction and you
provide the dimension value.
For more information about CloudWatch custom metric dimensions, see Publishing Custom Metrics in the Amazon CloudWatch User Guide.
See: newDimension smart constructor.
Constructors
| Dimension' Text |
Instances
| Eq Dimension Source # | |
| Read Dimension Source # | |
| Show Dimension Source # | |
| Generic Dimension Source # | |
| NFData Dimension Source # | |
Defined in Amazonka.NetworkFirewall.Types.Dimension | |
| Hashable Dimension Source # | |
Defined in Amazonka.NetworkFirewall.Types.Dimension | |
| ToJSON Dimension Source # | |
Defined in Amazonka.NetworkFirewall.Types.Dimension | |
| FromJSON Dimension Source # | |
| type Rep Dimension Source # | |
Defined in Amazonka.NetworkFirewall.Types.Dimension type Rep Dimension = D1 ('MetaData "Dimension" "Amazonka.NetworkFirewall.Types.Dimension" "libZSservicesZSamazonka-network-firewallZSamazonka-network-firewall" 'False) (C1 ('MetaCons "Dimension'" 'PrefixI 'True) (S1 ('MetaSel ('Just "value") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) | |
Create a value of Dimension with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:value:Dimension', dimension_value - The value to use in the custom metric dimension.
Firewall
The firewall defines the configuration settings for an AWS Network Firewall firewall. These settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource.
The status of the firewall, for example whether it's ready to filter network traffic, is provided in the corresponding FirewallStatus. You can retrieve both objects by calling DescribeFirewall.
See: newFirewall smart constructor.
Constructors
| Firewall' (Maybe Text) (Maybe Bool) (Maybe Bool) (Maybe Bool) (Maybe Text) (Maybe (NonEmpty Tag)) (Maybe Text) Text Text [SubnetMapping] Text |
Instances
Create a value of Firewall with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallArn:Firewall', firewall_firewallArn - The Amazon Resource Name (ARN) of the firewall.
$sel:firewallPolicyChangeProtection:Firewall', firewall_firewallPolicyChangeProtection - A setting indicating whether the firewall is protected against a change
to the firewall policy association. Use this setting to protect against
accidentally modifying the firewall policy for a firewall that is in
use. When you create a firewall, the operation initializes this setting
to TRUE.
$sel:subnetChangeProtection:Firewall', firewall_subnetChangeProtection - A setting indicating whether the firewall is protected against changes
to the subnet associations. Use this setting to protect against
accidentally modifying the subnet associations for a firewall that is in
use. When you create a firewall, the operation initializes this setting
to TRUE.
$sel:deleteProtection:Firewall', firewall_deleteProtection - A flag indicating whether it is possible to delete the firewall. A
setting of TRUE indicates that the firewall is protected against
deletion. Use this setting to protect against accidentally deleting a
firewall that is in use. When you create a firewall, the operation
initializes this flag to TRUE.
$sel:description:Firewall', firewall_description - A description of the firewall.
$sel:tags:Firewall', firewall_tags -
$sel:firewallName:Firewall', firewall_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
$sel:firewallPolicyArn:Firewall', firewall_firewallPolicyArn - The Amazon Resource Name (ARN) of the firewall policy.
The relationship of firewall to firewall policy is many to one. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls.
$sel:vpcId:Firewall', firewall_vpcId - The unique identifier of the VPC where the firewall is in use.
$sel:subnetMappings:Firewall', firewall_subnetMappings - The public subnets that Network Firewall is using for the firewall. Each
subnet must belong to a different Availability Zone.
$sel:firewallId:Firewall', firewall_firewallId - The unique identifier for the firewall.
FirewallMetadata
data FirewallMetadata Source #
High-level information about a firewall, returned by operations like create and describe. You can use the information provided in the metadata to retrieve and manage a firewall.
See: newFirewallMetadata smart constructor.
Constructors
| FirewallMetadata' (Maybe Text) (Maybe Text) |
Instances
newFirewallMetadata :: FirewallMetadata Source #
Create a value of FirewallMetadata with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:firewallArn:FirewallMetadata', firewallMetadata_firewallArn - The Amazon Resource Name (ARN) of the firewall.
$sel:firewallName:FirewallMetadata', firewallMetadata_firewallName - The descriptive name of the firewall. You can't change the name of a
firewall after you create it.
FirewallPolicy
data FirewallPolicy Source #
The firewall policy defines the behavior of a firewall using a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls.
This, along with FirewallPolicyResponse, define the policy. You can retrieve all objects for a firewall policy by calling DescribeFirewallPolicy.
See: newFirewallPolicy smart constructor.
Constructors
| FirewallPolicy' (Maybe StatefulEngineOptions) (Maybe [StatefulRuleGroupReference]) (Maybe [StatelessRuleGroupReference]) (Maybe [CustomAction]) (Maybe [Text]) [Text] [Text] |
Instances
newFirewallPolicy :: FirewallPolicy Source #
Create a value of FirewallPolicy with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:statefulEngineOptions:FirewallPolicy', firewallPolicy_statefulEngineOptions - Additional options governing how Network Firewall handles stateful
rules. The stateful rule groups that you use in your policy must have
stateful rule options settings that are compatible with these settings.
$sel:statefulRuleGroupReferences:FirewallPolicy', firewallPolicy_statefulRuleGroupReferences - References to the stateful rule groups that are used in the policy.
These define the inspection criteria in stateful rules.
$sel:statelessRuleGroupReferences:FirewallPolicy', firewallPolicy_statelessRuleGroupReferences - References to the stateless rule groups that are used in the policy.
These define the matching criteria in stateless rules.
$sel:statelessCustomActions:FirewallPolicy', firewallPolicy_statelessCustomActions - The custom action definitions that are available for use in the firewall
policy's StatelessDefaultActions setting. You name each custom action
that you define, and then you can use it by name in your default actions
specifications.
$sel:statefulDefaultActions:FirewallPolicy', firewallPolicy_statefulDefaultActions - The default actions to take on a packet that doesn't match any stateful
rules.
$sel:statelessDefaultActions:FirewallPolicy', firewallPolicy_statelessDefaultActions - The actions to take on a packet if it doesn't match any of the
stateless rules in the policy. If you want non-matching packets to be
forwarded for stateful inspection, specify aws:forward_to_sfe.
You must specify one of the standard actions: aws:pass, aws:drop, or
aws:forward_to_sfe. In addition, you can specify custom actions that
are compatible with your standard section choice.
For example, you could specify ["aws:pass"] or you could specify
["aws:pass", “customActionName”]. For information about
compatibility, see the custom action descriptions under CustomAction.
$sel:statelessFragmentDefaultActions:FirewallPolicy', firewallPolicy_statelessFragmentDefaultActions - The actions to take on a fragmented UDP packet if it doesn't match any
of the stateless rules in the policy. Network Firewall only manages UDP
packet fragments and silently drops packet fragments for other
protocols. If you want non-matching fragmented UDP packets to be
forwarded for stateful inspection, specify aws:forward_to_sfe.
You must specify one of the standard actions: aws:pass, aws:drop, or
aws:forward_to_sfe. In addition, you can specify custom actions that
are compatible with your standard section choice.
For example, you could specify ["aws:pass"] or you could specify
["aws:pass", “customActionName”]. For information about
compatibility, see the custom action descriptions under CustomAction.
FirewallPolicyMetadata
data FirewallPolicyMetadata Source #
High-level information about a firewall policy, returned by operations like create and describe. You can use the information provided in the metadata to retrieve and manage a firewall policy. You can retrieve all objects for a firewall policy by calling DescribeFirewallPolicy.
See: newFirewallPolicyMetadata smart constructor.
Constructors
| FirewallPolicyMetadata' (Maybe Text) (Maybe Text) |
Instances
newFirewallPolicyMetadata :: FirewallPolicyMetadata Source #
Create a value of FirewallPolicyMetadata with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:FirewallPolicyMetadata', firewallPolicyMetadata_arn - The Amazon Resource Name (ARN) of the firewall policy.
$sel:name:FirewallPolicyMetadata', firewallPolicyMetadata_name - The descriptive name of the firewall policy. You can't change the name
of a firewall policy after you create it.
FirewallPolicyResponse
data FirewallPolicyResponse Source #
The high-level properties of a firewall policy. This, along with the FirewallPolicy, define the policy. You can retrieve all objects for a firewall policy by calling DescribeFirewallPolicy.
See: newFirewallPolicyResponse smart constructor.
Constructors
| FirewallPolicyResponse' (Maybe Int) (Maybe Int) (Maybe ResourceStatus) (Maybe Int) (Maybe Text) (Maybe (NonEmpty Tag)) Text Text Text |
Instances
newFirewallPolicyResponse Source #
Arguments
| :: Text | |
| -> Text | |
| -> Text | |
| -> FirewallPolicyResponse |
Create a value of FirewallPolicyResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:consumedStatelessRuleCapacity:FirewallPolicyResponse', firewallPolicyResponse_consumedStatelessRuleCapacity - The number of capacity units currently consumed by the policy's
stateless rules.
$sel:numberOfAssociations:FirewallPolicyResponse', firewallPolicyResponse_numberOfAssociations - The number of firewalls that are associated with this firewall policy.
$sel:firewallPolicyStatus:FirewallPolicyResponse', firewallPolicyResponse_firewallPolicyStatus - The current status of the firewall policy. You can retrieve this for a
firewall policy by calling DescribeFirewallPolicy and providing the
firewall policy's name or ARN.
$sel:consumedStatefulRuleCapacity:FirewallPolicyResponse', firewallPolicyResponse_consumedStatefulRuleCapacity - The number of capacity units currently consumed by the policy's
stateful rules.
$sel:description:FirewallPolicyResponse', firewallPolicyResponse_description - A description of the firewall policy.
$sel:tags:FirewallPolicyResponse', firewallPolicyResponse_tags - The key:value pairs to associate with the resource.
$sel:firewallPolicyName:FirewallPolicyResponse', firewallPolicyResponse_firewallPolicyName - The descriptive name of the firewall policy. You can't change the name
of a firewall policy after you create it.
$sel:firewallPolicyArn:FirewallPolicyResponse', firewallPolicyResponse_firewallPolicyArn - The Amazon Resource Name (ARN) of the firewall policy.
If this response is for a create request that had DryRun set to
TRUE, then this ARN is a placeholder that isn't attached to a valid
resource.
$sel:firewallPolicyId:FirewallPolicyResponse', firewallPolicyResponse_firewallPolicyId - The unique identifier for the firewall policy.
FirewallStatus
data FirewallStatus Source #
Detailed information about the current status of a Firewall. You can retrieve this for a firewall by calling DescribeFirewall and providing the firewall name and ARN.
See: newFirewallStatus smart constructor.
Constructors
| FirewallStatus' (Maybe (HashMap Text SyncState)) FirewallStatusValue ConfigurationSyncState |
Instances
Arguments
| :: FirewallStatusValue | |
| -> ConfigurationSyncState | |
| -> FirewallStatus |
Create a value of FirewallStatus with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:syncStates:FirewallStatus', firewallStatus_syncStates - The subnets that you've configured for use by the Network Firewall
firewall. This contains one array element per Availability Zone where
you've configured a subnet. These objects provide details of the
information that is summarized in the ConfigurationSyncStateSummary
and Status, broken down by zone and configuration object.
$sel:status:FirewallStatus', firewallStatus_status - The readiness of the configured firewall to handle network traffic
across all of the Availability Zones where you've configured it. This
setting is READY only when the ConfigurationSyncStateSummary value
is IN_SYNC and the Attachment Status values for all of the
configured subnets are READY.
$sel:configurationSyncStateSummary:FirewallStatus', firewallStatus_configurationSyncStateSummary - The configuration sync state for the firewall. This summarizes the sync
states reported in the Config settings for all of the Availability
Zones where you have configured the firewall.
When you create a firewall or update its configuration, for example by adding a rule group to its firewall policy, Network Firewall distributes the configuration changes to all zones where the firewall is in use. This summary indicates whether the configuration changes have been applied everywhere.
This status must be IN_SYNC for the firewall to be ready for use, but
it doesn't indicate that the firewall is ready. The Status setting
indicates firewall readiness.
Header
The basic rule criteria for AWS Network Firewall to use to inspect packet headers in stateful traffic flow inspection. Traffic flows that match the criteria are a match for the corresponding StatefulRule.
See: newHeader smart constructor.
Constructors
| Header' StatefulRuleProtocol Text Text StatefulRuleDirection Text Text |
Instances
Arguments
| :: StatefulRuleProtocol | |
| -> Text | |
| -> Text | |
| -> StatefulRuleDirection | |
| -> Text | |
| -> Text | |
| -> Header |
Create a value of Header with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:protocol:Header', header_protocol - The protocol to inspect for. To specify all, you can use IP, because
all traffic on AWS and on the internet is IP.
$sel:source:Header', header_source - The source IP address or address range to inspect for, in CIDR notation.
To match with any address, specify ANY.
Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4.
Examples:
- To configure Network Firewall to inspect for the IP address
192.0.2.44, specify
192.0.2.44/32. - To configure Network Firewall to inspect for IP addresses from
192.0.2.0 to 192.0.2.255, specify
192.0.2.0/24.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.
$sel:sourcePort:Header', header_sourcePort - The source port to inspect for. You can specify an individual port, for
example 1994 and you can specify a port range, for example
1990:1994. To match with any port, specify ANY.
$sel:direction:Header', header_direction - The direction of traffic flow to inspect. If set to ANY, the
inspection matches bidirectional traffic, both from the source to the
destination and from the destination to the source. If set to FORWARD,
the inspection only matches traffic going from the source to the
destination.
$sel:destination:Header', header_destination - The destination IP address or address range to inspect for, in CIDR
notation. To match with any address, specify ANY.
Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4.
Examples:
- To configure Network Firewall to inspect for the IP address
192.0.2.44, specify
192.0.2.44/32. - To configure Network Firewall to inspect for IP addresses from
192.0.2.0 to 192.0.2.255, specify
192.0.2.0/24.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.
$sel:destinationPort:Header', header_destinationPort - The destination port to inspect for. You can specify an individual port,
for example 1994 and you can specify a port range, for example
1990:1994. To match with any port, specify ANY.
IPSet
A list of IP addresses and address ranges, in CIDR notation. This is part of a RuleVariables.
See: newIPSet smart constructor.
Instances
| Eq IPSet Source # | |
| Read IPSet Source # | |
| Show IPSet Source # | |
| Generic IPSet Source # | |
| NFData IPSet Source # | |
Defined in Amazonka.NetworkFirewall.Types.IPSet | |
| Hashable IPSet Source # | |
Defined in Amazonka.NetworkFirewall.Types.IPSet | |
| ToJSON IPSet Source # | |
Defined in Amazonka.NetworkFirewall.Types.IPSet | |
| FromJSON IPSet Source # | |
| type Rep IPSet Source # | |
Defined in Amazonka.NetworkFirewall.Types.IPSet type Rep IPSet = D1 ('MetaData "IPSet" "Amazonka.NetworkFirewall.Types.IPSet" "libZSservicesZSamazonka-network-firewallZSamazonka-network-firewall" 'False) (C1 ('MetaCons "IPSet'" 'PrefixI 'True) (S1 ('MetaSel ('Just "definition") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 [Text]))) | |
Create a value of IPSet with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:definition:IPSet', iPSet_definition - The list of IP addresses and address ranges, in CIDR notation.
LogDestinationConfig
data LogDestinationConfig Source #
Defines where AWS Network Firewall sends logs for the firewall for one log type. This is used in LoggingConfiguration. You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.
Network Firewall generates logs for stateful rule groups. You can save
alert and flow log types. The stateful rules engine records flow logs
for all network traffic that it receives. It records alert logs for
traffic that matches stateful rules that have the rule action set to
DROP or ALERT.
See: newLogDestinationConfig smart constructor.
Constructors
| LogDestinationConfig' LogType LogDestinationType (HashMap Text Text) |
Instances
newLogDestinationConfig Source #
Arguments
| :: LogType | |
| -> LogDestinationType | |
| -> LogDestinationConfig |
Create a value of LogDestinationConfig with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:logType:LogDestinationConfig', logDestinationConfig_logType - The type of log to send. Alert logs report traffic that matches a
StatefulRule with an action setting that sends an alert log message.
Flow logs are standard network traffic flow logs.
$sel:logDestinationType:LogDestinationConfig', logDestinationConfig_logDestinationType - The type of storage destination to send these logs to. You can send logs
to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data
Firehose delivery stream.
$sel:logDestination:LogDestinationConfig', logDestinationConfig_logDestination - The named location for the logs, provided in a key:value mapping that is
specific to the chosen destination type.
For an Amazon S3 bucket, provide the name of the bucket, with key
bucketName, and optionally provide a prefix, with keyprefix. The following example specifies an Amazon S3 bucket namedDOC-EXAMPLE-BUCKETand the prefixalerts:"LogDestination": { "bucketName": "DOC-EXAMPLE-BUCKET", "prefix": "alerts" }For a CloudWatch log group, provide the name of the CloudWatch log group, with key
logGroup. The following example specifies a log group namedalert-log-group:"LogDestination": { "logGroup": "alert-log-group" }For a Kinesis Data Firehose delivery stream, provide the name of the delivery stream, with key
deliveryStream. The following example specifies a delivery stream namedalert-delivery-stream:"LogDestination": { "deliveryStream": "alert-delivery-stream" }
LoggingConfiguration
data LoggingConfiguration Source #
Defines how AWS Network Firewall performs logging for a Firewall.
See: newLoggingConfiguration smart constructor.
Constructors
| LoggingConfiguration' [LogDestinationConfig] |
Instances
newLoggingConfiguration :: LoggingConfiguration Source #
Create a value of LoggingConfiguration with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:logDestinationConfigs:LoggingConfiguration', loggingConfiguration_logDestinationConfigs - Defines the logging destinations for the logs for a firewall. Network
Firewall generates logs for stateful rule groups.
MatchAttributes
data MatchAttributes Source #
Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each match attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP flags.
See: newMatchAttributes smart constructor.
Constructors
| MatchAttributes' (Maybe [Natural]) (Maybe [TCPFlagField]) (Maybe [PortRange]) (Maybe [Address]) (Maybe [PortRange]) (Maybe [Address]) |
Instances
newMatchAttributes :: MatchAttributes Source #
Create a value of MatchAttributes with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:protocols:MatchAttributes', matchAttributes_protocols - The protocols to inspect for, specified using each protocol's assigned
internet protocol number (IANA). If not specified, this matches with any
protocol.
$sel:tCPFlags:MatchAttributes', matchAttributes_tCPFlags - The TCP flags and masks to inspect for. If not specified, this matches
with any settings. This setting is only used for protocol 6 (TCP).
$sel:destinationPorts:MatchAttributes', matchAttributes_destinationPorts - The destination ports to inspect for. If not specified, this matches
with any destination port. This setting is only used for protocols 6
(TCP) and 17 (UDP).
You can specify individual ports, for example 1994 and you can specify
port ranges, for example 1990:1994.
$sel:sources:MatchAttributes', matchAttributes_sources - The source IP addresses and address ranges to inspect for, in CIDR
notation. If not specified, this matches with any source address.
$sel:sourcePorts:MatchAttributes', matchAttributes_sourcePorts - The source ports to inspect for. If not specified, this matches with any
source port. This setting is only used for protocols 6 (TCP) and 17
(UDP).
You can specify individual ports, for example 1994 and you can specify
port ranges, for example 1990:1994.
$sel:destinations:MatchAttributes', matchAttributes_destinations - The destination IP addresses and address ranges to inspect for, in CIDR
notation. If not specified, this matches with any destination address.
PerObjectStatus
data PerObjectStatus Source #
Provides configuration status for a single policy or rule group that is used for a firewall endpoint. Network Firewall provides each endpoint with the rules that are configured in the firewall policy. Each time you add a subnet or modify the associated firewall policy, Network Firewall synchronizes the rules in the endpoint, so it can properly filter network traffic. This is part of a SyncState for a firewall.
See: newPerObjectStatus smart constructor.
Constructors
| PerObjectStatus' (Maybe Text) (Maybe PerObjectSyncStatus) |
Instances
newPerObjectStatus :: PerObjectStatus Source #
Create a value of PerObjectStatus with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:updateToken:PerObjectStatus', perObjectStatus_updateToken - The current version of the object that is either in sync or pending
synchronization.
$sel:syncStatus:PerObjectStatus', perObjectStatus_syncStatus - Indicates whether this object is in sync with the version indicated in
the update token.
PortRange
A single port range specification. This is used for source and
destination port ranges in the stateless rule MatchAttributes,
SourcePorts, and DestinationPorts settings.
See: newPortRange smart constructor.
Constructors
| PortRange' Natural Natural |
Instances
| Eq PortRange Source # | |
| Read PortRange Source # | |
| Show PortRange Source # | |
| Generic PortRange Source # | |
| NFData PortRange Source # | |
Defined in Amazonka.NetworkFirewall.Types.PortRange | |
| Hashable PortRange Source # | |
Defined in Amazonka.NetworkFirewall.Types.PortRange | |
| ToJSON PortRange Source # | |
Defined in Amazonka.NetworkFirewall.Types.PortRange | |
| FromJSON PortRange Source # | |
| type Rep PortRange Source # | |
Defined in Amazonka.NetworkFirewall.Types.PortRange type Rep PortRange = D1 ('MetaData "PortRange" "Amazonka.NetworkFirewall.Types.PortRange" "libZSservicesZSamazonka-network-firewallZSamazonka-network-firewall" 'False) (C1 ('MetaCons "PortRange'" 'PrefixI 'True) (S1 ('MetaSel ('Just "fromPort") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Natural) :*: S1 ('MetaSel ('Just "toPort") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Natural))) | |
Create a value of PortRange with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:fromPort:PortRange', portRange_fromPort - The lower limit of the port range. This must be less than or equal to
the ToPort specification.
$sel:toPort:PortRange', portRange_toPort - The upper limit of the port range. This must be greater than or equal to
the FromPort specification.
PortSet
A set of port ranges for use in the rules in a rule group.
See: newPortSet smart constructor.
Instances
| Eq PortSet Source # | |
| Read PortSet Source # | |
| Show PortSet Source # | |
| Generic PortSet Source # | |
| NFData PortSet Source # | |
Defined in Amazonka.NetworkFirewall.Types.PortSet | |
| Hashable PortSet Source # | |
Defined in Amazonka.NetworkFirewall.Types.PortSet | |
| ToJSON PortSet Source # | |
Defined in Amazonka.NetworkFirewall.Types.PortSet | |
| FromJSON PortSet Source # | |
| type Rep PortSet Source # | |
Defined in Amazonka.NetworkFirewall.Types.PortSet type Rep PortSet = D1 ('MetaData "PortSet" "Amazonka.NetworkFirewall.Types.PortSet" "libZSservicesZSamazonka-network-firewallZSamazonka-network-firewall" 'False) (C1 ('MetaCons "PortSet'" 'PrefixI 'True) (S1 ('MetaSel ('Just "definition") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [Text])))) | |
newPortSet :: PortSet Source #
Create a value of PortSet with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:definition:PortSet', portSet_definition - The set of port ranges.
PublishMetricAction
data PublishMetricAction Source #
Stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. This setting defines a CloudWatch dimension value to be published.
See: newPublishMetricAction smart constructor.
Constructors
| PublishMetricAction' (NonEmpty Dimension) |
Instances
newPublishMetricAction Source #
Create a value of PublishMetricAction with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:dimensions:PublishMetricAction', publishMetricAction_dimensions -
RuleDefinition
data RuleDefinition Source #
The inspection criteria and action for a single stateless rule. AWS Network Firewall inspects each packet for the specified matching criteria. When a packet matches the criteria, Network Firewall performs the rule's actions on the packet.
See: newRuleDefinition smart constructor.
Constructors
| RuleDefinition' MatchAttributes [Text] |
Instances
Create a value of RuleDefinition with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:matchAttributes:RuleDefinition', ruleDefinition_matchAttributes - Criteria for Network Firewall to use to inspect an individual packet in
stateless rule inspection. Each match attributes set can include one or
more items such as IP address, CIDR range, port number, protocol, and
TCP flags.
$sel:actions:RuleDefinition', ruleDefinition_actions - The actions to take on a packet that matches one of the stateless rule
definition's match attributes. You must specify a standard action and
you can add custom actions.
Network Firewall only forwards a packet for stateful rule inspection if
you specify aws:forward_to_sfe for a rule that the packet matches, or
if the packet doesn't match any stateless rule and you specify
aws:forward_to_sfe for the StatelessDefaultActions setting for the
FirewallPolicy.
For every rule, you must specify exactly one of the following standard actions.
- aws:pass - Discontinues all inspection of the packet and permits it to go to its intended destination.
- aws:drop - Discontinues all inspection of the packet and blocks it from going to its intended destination.
- aws:forward_to_sfe - Discontinues stateless inspection of the packet and forwards it to the stateful rule engine for inspection.
Additionally, you can specify a custom action. To do this, you define a
custom action by name and type, then provide the name you've assigned
to the action in this Actions setting. For information about the
options, see CustomAction.
To provide more than one action in this setting, separate the settings
with a comma. For example, if you have a custom PublishMetrics action
that you've named MyMetricsAction, then you could specify the
standard action aws:pass and the custom action with
[“aws:pass”, “MyMetricsAction”].
RuleGroup
The object that defines the rules in a rule group. This, along with RuleGroupResponse, define the rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.
AWS Network Firewall uses a rule group to inspect and control network traffic. You define stateless rule groups to inspect individual packets and you define stateful rule groups to inspect packets in the context of their traffic flow.
To use a rule group, you include it by reference in an Network Firewall firewall policy, then you use the policy in a firewall. You can reference a rule group from more than one firewall policy, and you can use a firewall policy in more than one firewall.
See: newRuleGroup smart constructor.
Constructors
| RuleGroup' (Maybe StatefulRuleOptions) (Maybe RuleVariables) RulesSource |
Instances
Arguments
| :: RulesSource | |
| -> RuleGroup |
Create a value of RuleGroup with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:statefulRuleOptions:RuleGroup', ruleGroup_statefulRuleOptions - Additional options governing how Network Firewall handles stateful
rules. The policies where you use your stateful rule group must have
stateful rule options settings that are compatible with these settings.
$sel:ruleVariables:RuleGroup', ruleGroup_ruleVariables - Settings that are available for use in the rules in the rule group. You
can only use these for stateful rule groups.
$sel:rulesSource:RuleGroup', ruleGroup_rulesSource - The stateful rules or stateless rules for the rule group.
RuleGroupMetadata
data RuleGroupMetadata Source #
High-level information about a rule group, returned by ListRuleGroups. You can use the information provided in the metadata to retrieve and manage a rule group.
See: newRuleGroupMetadata smart constructor.
Constructors
| RuleGroupMetadata' (Maybe Text) (Maybe Text) |
Instances
newRuleGroupMetadata :: RuleGroupMetadata Source #
Create a value of RuleGroupMetadata with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:arn:RuleGroupMetadata', ruleGroupMetadata_arn - The Amazon Resource Name (ARN) of the rule group.
$sel:name:RuleGroupMetadata', ruleGroupMetadata_name - The descriptive name of the rule group. You can't change the name of a
rule group after you create it.
RuleGroupResponse
data RuleGroupResponse Source #
The high-level properties of a rule group. This, along with the RuleGroup, define the rule group. You can retrieve all objects for a rule group by calling DescribeRuleGroup.
See: newRuleGroupResponse smart constructor.
Constructors
| RuleGroupResponse' (Maybe Int) (Maybe Int) (Maybe Int) (Maybe ResourceStatus) (Maybe RuleGroupType) (Maybe Text) (Maybe (NonEmpty Tag)) Text Text Text |
Instances
Arguments
| :: Text | |
| -> Text | |
| -> Text | |
| -> RuleGroupResponse |
Create a value of RuleGroupResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:numberOfAssociations:RuleGroupResponse', ruleGroupResponse_numberOfAssociations - The number of firewall policies that use this rule group.
$sel:capacity:RuleGroupResponse', ruleGroupResponse_capacity - The maximum operating resources that this rule group can use. Rule group
capacity is fixed at creation. When you update a rule group, you are
limited to this capacity. When you reference a rule group from a
firewall policy, Network Firewall reserves this capacity for the rule
group.
You can retrieve the capacity that would be required for a rule group
before you create the rule group by calling CreateRuleGroup with
DryRun set to TRUE.
$sel:consumedCapacity:RuleGroupResponse', ruleGroupResponse_consumedCapacity - The number of capacity units currently consumed by the rule group rules.
$sel:ruleGroupStatus:RuleGroupResponse', ruleGroupResponse_ruleGroupStatus - Detailed information about the current status of a rule group.
$sel:type':RuleGroupResponse', ruleGroupResponse_type - Indicates whether the rule group is stateless or stateful. If the rule
group is stateless, it contains stateless rules. If it is stateful, it
contains stateful rules.
$sel:description:RuleGroupResponse', ruleGroupResponse_description - A description of the rule group.
$sel:tags:RuleGroupResponse', ruleGroupResponse_tags - The key:value pairs to associate with the resource.
$sel:ruleGroupArn:RuleGroupResponse', ruleGroupResponse_ruleGroupArn - The Amazon Resource Name (ARN) of the rule group.
If this response is for a create request that had DryRun set to
TRUE, then this ARN is a placeholder that isn't attached to a valid
resource.
$sel:ruleGroupName:RuleGroupResponse', ruleGroupResponse_ruleGroupName - The descriptive name of the rule group. You can't change the name of a
rule group after you create it.
$sel:ruleGroupId:RuleGroupResponse', ruleGroupResponse_ruleGroupId - The unique identifier for the rule group.
RuleOption
data RuleOption Source #
Additional settings for a stateful rule. This is part of the StatefulRule configuration.
See: newRuleOption smart constructor.
Constructors
| RuleOption' (Maybe [Text]) Text |
Instances
Arguments
| :: Text | |
| -> RuleOption |
Create a value of RuleOption with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
RuleVariables
data RuleVariables Source #
Settings that are available for use in the rules in the RuleGroup where this is defined.
See: newRuleVariables smart constructor.
Instances
newRuleVariables :: RuleVariables Source #
Create a value of RuleVariables with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:portSets:RuleVariables', ruleVariables_portSets - A list of port ranges.
$sel:iPSets:RuleVariables', ruleVariables_iPSets - A list of IP addresses and address ranges, in CIDR notation.
RulesSource
data RulesSource Source #
The stateless or stateful rules definitions for use in a single rule
group. Each rule group requires a single RulesSource. You can use an
instance of this for either stateless rules or stateful rules.
See: newRulesSource smart constructor.
Constructors
| RulesSource' (Maybe Text) (Maybe RulesSourceList) (Maybe [StatefulRule]) (Maybe StatelessRulesAndCustomActions) |
Instances
newRulesSource :: RulesSource Source #
Create a value of RulesSource with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:rulesString:RulesSource', rulesSource_rulesString - Stateful inspection criteria, provided in Suricata compatible intrusion
prevention system (IPS) rules. Suricata is an open-source network IPS
that includes a standard rule-based language for network traffic
inspection.
These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn't have a separate action setting.
$sel:rulesSourceList:RulesSource', rulesSource_rulesSourceList - Stateful inspection criteria for a domain list rule group.
$sel:statefulRules:RulesSource', rulesSource_statefulRules - An array of individual stateful rules inspection criteria to be used
together in a stateful rule group. Use this option to specify simple
Suricata rules with protocol, source and destination, ports, direction,
and rule options. For information about the Suricata Rules format, see
Rules Format.
$sel:statelessRulesAndCustomActions:RulesSource', rulesSource_statelessRulesAndCustomActions - Stateless inspection criteria to be used in a stateless rule group.
RulesSourceList
data RulesSourceList Source #
Stateful inspection criteria for a domain list rule group.
For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.
By default, Network Firewall domain list inspection only includes
traffic coming from the VPC where you deploy the firewall. To inspect
traffic from IP addresses outside of the deployment VPC, you set the
HOME_NET rule variable to include the CIDR range of the deployment VPC
plus the other CIDR ranges. For more information, see RuleVariables in
this guide and
Stateful domain list rule groups in AWS Network Firewall
in the Network Firewall Developer Guide.
See: newRulesSourceList smart constructor.
Constructors
| RulesSourceList' [Text] [TargetType] GeneratedRulesType |
Instances
Create a value of RulesSourceList with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:targets:RulesSourceList', rulesSourceList_targets - The domains that you want to inspect for in your traffic flows. To
provide multiple domains, separate them with commas. Valid domain
specifications are the following:
- Explicit names. For example,
abc.example.commatches only the domainabc.example.com. - Names that use a domain wildcard, which you indicate with an initial
'
.'. For example,.example.commatchesexample.comand matches all subdomains ofexample.com, such asabc.example.comandwww.example.com.
$sel:targetTypes:RulesSourceList', rulesSourceList_targetTypes - The protocols you want to inspect. Specify TLS_SNI for HTTPS.
Specify HTTP_HOST for HTTP. You can specify either or both.
$sel:generatedRulesType:RulesSourceList', rulesSourceList_generatedRulesType - Whether you want to allow or deny access to the domains in your target
list.
StatefulEngineOptions
data StatefulEngineOptions Source #
Configuration settings for the handling of the stateful rule groups in a firewall policy.
See: newStatefulEngineOptions smart constructor.
Constructors
| StatefulEngineOptions' (Maybe RuleOrder) |
Instances
newStatefulEngineOptions :: StatefulEngineOptions Source #
Create a value of StatefulEngineOptions with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:ruleOrder:StatefulEngineOptions', statefulEngineOptions_ruleOrder - Indicates how to manage the order of stateful rule evaluation for the
policy. By default, Network Firewall leaves the rule evaluation order up
to the Suricata rule processing engine. If you set this to
STRICT_ORDER, your rules are evaluated in the exact order that you
provide them in the policy. With strict ordering, the rule groups are
evaluated by order of priority, starting from the lowest number, and the
rules in each rule group are processed in the order that they're
defined.
StatefulRule
data StatefulRule Source #
A single Suricata rules specification, for use in a stateful rule group.
Use this option to specify a simple Suricata rule with protocol, source
and destination, ports, direction, and rule options. For information
about the Suricata Rules format, see
Rules Format.
See: newStatefulRule smart constructor.
Constructors
| StatefulRule' StatefulAction Header [RuleOption] |
Instances
Arguments
| :: StatefulAction | |
| -> Header | |
| -> StatefulRule |
Create a value of StatefulRule with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:action:StatefulRule', statefulRule_action - Defines what Network Firewall should do with the packets in a traffic
flow when the flow matches the stateful rule criteria. For all actions,
Network Firewall performs the specified action and discontinues stateful
inspection of the traffic flow.
The actions for a stateful rule are defined as follows:
- PASS - Permits the packets to go to the intended destination.
- DROP - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
ALERT - Permits the packets to go to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with
ALERTaction, verify in the logs that the rule is filtering as you want, then change the action toDROP.
$sel:header:StatefulRule', statefulRule_header - The stateful inspection criteria for this rule, used to inspect traffic
flows.
$sel:ruleOptions:StatefulRule', statefulRule_ruleOptions - Additional options for the rule. These are the Suricata RuleOptions
settings.
StatefulRuleGroupReference
data StatefulRuleGroupReference Source #
Identifier for a single stateful rule group, used in a firewall policy to refer to a rule group.
See: newStatefulRuleGroupReference smart constructor.
Constructors
| StatefulRuleGroupReference' (Maybe Natural) Text |
Instances
newStatefulRuleGroupReference Source #
Create a value of StatefulRuleGroupReference with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:priority:StatefulRuleGroupReference', statefulRuleGroupReference_priority - An integer setting that indicates the order in which to run the stateful
rule groups in a single FirewallPolicy. This setting only applies to
firewall policies that specify the STRICT_ORDER rule order in the
stateful engine options settings.
Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.
You can change the priority settings of your rule groups at any time. To make it easier to insert rule groups later, number them so there's a wide range in between, for example use 100, 200, and so on.
$sel:resourceArn:StatefulRuleGroupReference', statefulRuleGroupReference_resourceArn - The Amazon Resource Name (ARN) of the stateful rule group.
StatefulRuleOptions
data StatefulRuleOptions Source #
Additional options governing how Network Firewall handles the rule group. You can only use these for stateful rule groups.
See: newStatefulRuleOptions smart constructor.
Constructors
| StatefulRuleOptions' (Maybe RuleOrder) |
Instances
newStatefulRuleOptions :: StatefulRuleOptions Source #
Create a value of StatefulRuleOptions with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:ruleOrder:StatefulRuleOptions', statefulRuleOptions_ruleOrder - Indicates how to manage the order of the rule evaluation for the rule
group. By default, Network Firewall leaves the rule evaluation order up
to the Suricata rule processing engine. If you set this to
STRICT_ORDER, your rules are evaluated in the exact order that
they're listed in your Suricata rules string.
StatelessRule
data StatelessRule Source #
A single stateless rule. This is used in StatelessRulesAndCustomActions.
See: newStatelessRule smart constructor.
Constructors
| StatelessRule' RuleDefinition Natural |
Instances
Arguments
| :: RuleDefinition | |
| -> Natural | |
| -> StatelessRule |
Create a value of StatelessRule with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:ruleDefinition:StatelessRule', statelessRule_ruleDefinition - Defines the stateless 5-tuple packet inspection criteria and the action
to take on a packet that matches the criteria.
$sel:priority:StatelessRule', statelessRule_priority - Indicates the order in which to run this rule relative to all of the
rules that are defined for a stateless rule group. Network Firewall
evaluates the rules in a rule group starting with the lowest priority
setting. You must ensure that the priority settings are unique for the
rule group.
Each stateless rule group uses exactly one
StatelessRulesAndCustomActions object, and each
StatelessRulesAndCustomActions contains exactly one StatelessRules
object. To ensure unique priority settings for your rule groups, set
unique priorities for the stateless rules that you define inside any
single StatelessRules object.
You can change the priority settings of your rules at any time. To make it easier to insert rules later, number them so there's a wide range in between, for example use 100, 200, and so on.
StatelessRuleGroupReference
data StatelessRuleGroupReference Source #
Identifier for a single stateless rule group, used in a firewall policy to refer to the rule group.
See: newStatelessRuleGroupReference smart constructor.
Constructors
| StatelessRuleGroupReference' Text Natural |
Instances
newStatelessRuleGroupReference Source #
Arguments
| :: Text | |
| -> Natural | |
| -> StatelessRuleGroupReference |
Create a value of StatelessRuleGroupReference with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:resourceArn:StatelessRuleGroupReference', statelessRuleGroupReference_resourceArn - The Amazon Resource Name (ARN) of the stateless rule group.
$sel:priority:StatelessRuleGroupReference', statelessRuleGroupReference_priority - An integer setting that indicates the order in which to run the
stateless rule groups in a single FirewallPolicy. Network Firewall
applies each stateless rule group to a packet starting with the group
that has the lowest priority setting. You must ensure that the priority
settings are unique within each policy.
StatelessRulesAndCustomActions
data StatelessRulesAndCustomActions Source #
Stateless inspection criteria. Each stateless rule group uses exactly one of these data types to define its stateless rules.
See: newStatelessRulesAndCustomActions smart constructor.
Constructors
| StatelessRulesAndCustomActions' (Maybe [CustomAction]) [StatelessRule] |
Instances
newStatelessRulesAndCustomActions :: StatelessRulesAndCustomActions Source #
Create a value of StatelessRulesAndCustomActions with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:customActions:StatelessRulesAndCustomActions', statelessRulesAndCustomActions_customActions - Defines an array of individual custom action definitions that are
available for use by the stateless rules in this
StatelessRulesAndCustomActions specification. You name each custom
action that you define, and then you can use it by name in your
StatelessRule RuleDefinition Actions specification.
$sel:statelessRules:StatelessRulesAndCustomActions', statelessRulesAndCustomActions_statelessRules - Defines the set of stateless rules for use in a stateless rule group.
SubnetMapping
data SubnetMapping Source #
The ID for a subnet that you want to associate with the firewall. This is used with CreateFirewall and AssociateSubnets. AWS Network Firewall creates an instance of the associated firewall in each subnet that you specify, to filter traffic in the subnet's Availability Zone.
See: newSubnetMapping smart constructor.
Constructors
| SubnetMapping' Text |
Instances
Arguments
| :: Text | |
| -> SubnetMapping |
Create a value of SubnetMapping with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:subnetId:SubnetMapping', subnetMapping_subnetId - The unique identifier for the subnet.
SyncState
The status of the firewall endpoint and firewall policy configuration for a single VPC subnet.
For each VPC subnet that you associate with a firewall, AWS Network Firewall does the following:
- Instantiates a firewall endpoint in the subnet, ready to take traffic.
- Configures the endpoint with the current firewall policy settings, to provide the filtering behavior for the endpoint.
When you update a firewall, for example to add a subnet association or change a rule group in the firewall policy, the affected sync states reflect out-of-sync or not ready status until the changes are complete.
See: newSyncState smart constructor.
Constructors
| SyncState' (Maybe (HashMap Text PerObjectStatus)) (Maybe Attachment) |
Instances
| Eq SyncState Source # | |
| Read SyncState Source # | |
| Show SyncState Source # | |
| Generic SyncState Source # | |
| NFData SyncState Source # | |
Defined in Amazonka.NetworkFirewall.Types.SyncState | |
| Hashable SyncState Source # | |
Defined in Amazonka.NetworkFirewall.Types.SyncState | |
| FromJSON SyncState Source # | |
| type Rep SyncState Source # | |
Defined in Amazonka.NetworkFirewall.Types.SyncState type Rep SyncState = D1 ('MetaData "SyncState" "Amazonka.NetworkFirewall.Types.SyncState" "libZSservicesZSamazonka-network-firewallZSamazonka-network-firewall" 'False) (C1 ('MetaCons "SyncState'" 'PrefixI 'True) (S1 ('MetaSel ('Just "config") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (HashMap Text PerObjectStatus))) :*: S1 ('MetaSel ('Just "attachment") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Attachment)))) | |
newSyncState :: SyncState Source #
Create a value of SyncState with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:config:SyncState', syncState_config - The configuration status of the firewall endpoint in a single VPC
subnet. Network Firewall provides each endpoint with the rules that are
configured in the firewall policy. Each time you add a subnet or modify
the associated firewall policy, Network Firewall synchronizes the rules
in the endpoint, so it can properly filter network traffic. This is part
of the FirewallStatus.
$sel:attachment:SyncState', syncState_attachment - The attachment status of the firewall's association with a single VPC
subnet. For each configured subnet, Network Firewall creates the
attachment by instantiating the firewall endpoint in the subnet so that
it's ready to take traffic. This is part of the FirewallStatus.
TCPFlagField
data TCPFlagField Source #
TCP flags and masks to inspect packets for, used in stateless rules MatchAttributes settings.
See: newTCPFlagField smart constructor.
Constructors
| TCPFlagField' (Maybe [TCPFlag]) [TCPFlag] |
Instances
newTCPFlagField :: TCPFlagField Source #
Create a value of TCPFlagField with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:masks:TCPFlagField', tCPFlagField_masks - The set of flags to consider in the inspection. To inspect all flags in
the valid values list, leave this with no setting.
$sel:flags:TCPFlagField', tCPFlagField_flags - Used in conjunction with the Masks setting to define the flags that
must be set and flags that must not be set in order for the packet to
match. This setting can only specify values that are also specified in
the Masks setting.
For the flags that are specified in the masks setting, the following must be true for the packet to match:
- The ones that are set in this flags setting must be set in the packet.
- The ones that are not set in this flags setting must also not be set in the packet.
Tag
A key:value pair associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource.
See: newTag smart constructor.
Instances
| Eq Tag Source # | |
| Read Tag Source # | |
| Show Tag Source # | |
| Generic Tag Source # | |
| NFData Tag Source # | |
Defined in Amazonka.NetworkFirewall.Types.Tag | |
| Hashable Tag Source # | |
Defined in Amazonka.NetworkFirewall.Types.Tag | |
| ToJSON Tag Source # | |
Defined in Amazonka.NetworkFirewall.Types.Tag | |
| FromJSON Tag Source # | |
| type Rep Tag Source # | |
Defined in Amazonka.NetworkFirewall.Types.Tag type Rep Tag = D1 ('MetaData "Tag" "Amazonka.NetworkFirewall.Types.Tag" "libZSservicesZSamazonka-network-firewallZSamazonka-network-firewall" 'False) (C1 ('MetaCons "Tag'" 'PrefixI 'True) (S1 ('MetaSel ('Just "key") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "value") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) | |
Create a value of Tag with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:key:Tag', tag_key - The part of the key:value pair that defines a tag. You can use a tag key
to describe a category of information, such as "customer." Tag keys
are case-sensitive.
$sel:value:Tag', tag_value - The part of the key:value pair that defines a tag. You can use a tag
value to describe a specific value within a category, such as
"companyA" or "companyB." Tag values are case-sensitive.