rule_groups
Creates, updates, deletes or gets a rule_group resource or lists rule_groups in a region
Overview
| Name | rule_groups |
| Type | Resource |
| Description | Resource type definition for AWS::NetworkFirewall::RuleGroup |
| Id | awscc.networkfirewall.rule_groups |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
rule_group_name | string | |
rule_group_arn | string | A resource ARN. |
rule_group_id | string | |
rule_group | object | Resource type definition for AWS::NetworkFirewall::RuleGroup |
type | string | |
capacity | integer | |
summary_configuration | object | |
description | string | |
tags | array | |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
rule_group_arn | string | A resource ARN. |
rule_group | object | Resource type definition for AWS::NetworkFirewall::RuleGroup |
region | string | AWS region. |
For more information, see AWS::NetworkFirewall::RuleGroup.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | rule_groups | INSERT | Type, Capacity, RuleGroupName, region |
delete_resource | rule_groups | DELETE | Identifier, region |
update_resource | rule_groups | UPDATE | Identifier, PatchDocument, region |
list_resources | rule_groups_list_only | SELECT | region |
get_resource | rule_groups | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual rule_group.
SELECT
region,
rule_group_name,
rule_group_arn,
rule_group_id,
rule_group,
type,
capacity,
summary_configuration,
description,
tags
FROM awscc.networkfirewall.rule_groups
WHERE
region = 'us-east-1' AND
Identifier = '{{ rule_group_arn }}';
Lists all rule_groups in a region.
SELECT
region,
rule_group_arn
FROM awscc.networkfirewall.rule_groups_list_only
WHERE
region = 'us-east-1';
INSERT example
Use the following StackQL query and manifest file to create a new rule_group resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.networkfirewall.rule_groups (
RuleGroupName,
Type,
Capacity,
region
)
SELECT
'{{ rule_group_name }}',
'{{ type }}',
'{{ capacity }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.networkfirewall.rule_groups (
RuleGroupName,
RuleGroup,
Type,
Capacity,
SummaryConfiguration,
Description,
Tags,
region
)
SELECT
'{{ rule_group_name }}',
'{{ rule_group }}',
'{{ type }}',
'{{ capacity }}',
'{{ summary_configuration }}',
'{{ description }}',
'{{ tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: rule_group
props:
- name: rule_group_name
value: '{{ rule_group_name }}'
- name: rule_group
value:
rule_group_name: '{{ rule_group_name }}'
rule_group: null
type: '{{ type }}'
capacity: '{{ capacity }}'
summary_configuration:
rule_options:
- '{{ rule_options[0] }}'
description: '{{ description }}'
tags:
- key: '{{ key }}'
value: '{{ value }}'
- name: type
value: '{{ type }}'
- name: capacity
value: '{{ capacity }}'
- name: summary_configuration
value:
rule_options:
- null
- name: description
value: '{{ description }}'
- name: tags
value:
- null
UPDATE example
Use the following StackQL query and manifest file to update a rule_group resource, using stack-deploy.
/*+ update */
UPDATE awscc.networkfirewall.rule_groups
SET PatchDocument = string('{{ {
"RuleGroup": rule_group,
"SummaryConfiguration": summary_configuration,
"Description": description,
"Tags": tags
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ rule_group_arn }}';
DELETE example
/*+ delete */
DELETE FROM awscc.networkfirewall.rule_groups
WHERE
Identifier = '{{ rule_group_arn }}' AND
region = 'us-east-1';
Permissions
To operate on the rule_groups resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
network-firewall:CreateRuleGroup,
network-firewall:DescribeRuleGroup,
network-firewall:TagResource,
network-firewall:ListRuleGroups,
iam:CreateServiceLinkedRole,
ec2:GetManagedPrefixListEntries,
ec2:DescribeManagedPrefixLists
network-firewall:DescribeRuleGroup,
network-firewall:ListTagsForResources
network-firewall:UpdateRuleGroup,
network-firewall:DescribeRuleGroup,
network-firewall:TagResource,
network-firewall:UntagResource,
iam:CreateServiceLinkedRole,
ec2:GetManagedPrefixListEntries,
ec2:DescribeManagedPrefixLists
network-firewall:DeleteRuleGroup,
network-firewall:DescribeRuleGroup,
network-firewall:UntagResource
network-firewall:ListRuleGroups