rule_groups
Creates, updates, deletes or gets a rule_group resource or lists rule_groups in a region
Overview
| Name | rule_groups |
| Type | Resource |
| Description | Resource type definition for AWS::NetworkFirewall::RuleGroup |
| Id | aws.networkfirewall.rule_groups |
Fields
| Name | Datatype | Description |
|---|---|---|
rule_group_name | string | |
rule_group_arn | string | A resource ARN. |
rule_group_id | string | |
rule_group | object | Resource type definition for AWS::NetworkFirewall::RuleGroup |
type | string | |
capacity | integer | |
description | string | |
tags | array | |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | Type, Capacity, RuleGroupName, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all rule_groups in a region.
SELECT
region,
rule_group_name,
rule_group_arn,
rule_group_id,
rule_group,
type,
capacity,
description,
tags
FROM aws.networkfirewall.rule_groups
WHERE region = 'us-east-1';
Gets all properties from an individual rule_group.
SELECT
region,
rule_group_name,
rule_group_arn,
rule_group_id,
rule_group,
type,
capacity,
description,
tags
FROM aws.networkfirewall.rule_groups
WHERE region = 'us-east-1' AND data__Identifier = '<RuleGroupArn>';
INSERT example
Use the following StackQL query and manifest file to create a new rule_group resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.networkfirewall.rule_groups (
RuleGroupName,
Type,
Capacity,
region
)
SELECT
'{{ RuleGroupName }}',
'{{ Type }}',
'{{ Capacity }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.networkfirewall.rule_groups (
RuleGroupName,
RuleGroup,
Type,
Capacity,
Description,
Tags,
region
)
SELECT
'{{ RuleGroupName }}',
'{{ RuleGroup }}',
'{{ Type }}',
'{{ Capacity }}',
'{{ Description }}',
'{{ Tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: rule_group
props:
- name: RuleGroupName
value: '{{ RuleGroupName }}'
- name: RuleGroup
value:
RuleGroupName: '{{ RuleGroupName }}'
RuleGroup: null
Type: '{{ Type }}'
Capacity: '{{ Capacity }}'
Description: '{{ Description }}'
Tags:
- Key: '{{ Key }}'
Value: '{{ Value }}'
- name: Type
value: '{{ Type }}'
- name: Capacity
value: '{{ Capacity }}'
- name: Description
value: '{{ Description }}'
- name: Tags
value:
- null
DELETE example
/*+ delete */
DELETE FROM aws.networkfirewall.rule_groups
WHERE data__Identifier = '<RuleGroupArn>'
AND region = 'us-east-1';
Permissions
To operate on the rule_groups resource, the following permissions are required:
Create
network-firewall:CreateRuleGroup,
network-firewall:DescribeRuleGroup,
network-firewall:TagResource,
network-firewall:ListRuleGroups,
iam:CreateServiceLinkedRole,
ec2:GetManagedPrefixListEntries
Read
network-firewall:DescribeRuleGroup,
network-firewall:ListTagsForResources
Update
network-firewall:UpdateRuleGroup,
network-firewall:DescribeRuleGroup,
network-firewall:TagResource,
network-firewall:UntagResource,
iam:CreateServiceLinkedRole,
ec2:GetManagedPrefixListEntries
Delete
network-firewall:DeleteRuleGroup,
network-firewall:DescribeRuleGroup,
network-firewall:UntagResource
List
network-firewall:ListRuleGroups