How to add managed stateful rule groups to network firewall with CloudFormation ?
Via the console, we can add managed stateful rule groups : how to achieve the same thing using a cloud formation template ?
For example :
| Priority | Name |
|---|---|
| 1 | AbusedLegitMalwareDomainsStrictOrder |
| 2 | BotNetCommandAndControlDomainsStrictOrder |
| 3 | AbusedLegitBotNetCommandAndControlDomainsStrictOrder |
| 4 | ThreatSignaturesBotnetStrictOrder |
| 5 | ThreatSignaturesBotnetWebStrictOrder |
The objective is also to have a strict order of priorities as indicated, as an example, in the table above.
Thank you in advance for your answers.
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
Hello,
You can use AWS::NetworkFirewall::FirewallPolicy to add managed rule groups to your Network Firewall policies. Sub-Property StatefulRuleGroupReference can be used to set Priority for each managed rule group specified in property ResourceArn. To get the ARN of the AWS managed rule group, use list-rule-groups AWS CLI. See example for reference.
Hello,
Please follow the below link to add managed stateful rule groups to network firewall with CloudFormation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-rulegroup.html#aws-resource-networkfirewall-rulegroup--examples
ResourceArns for Managed Rulegroups follow the pattern: "arn:aws:network-firewall:<region>:aws-managed:stateful-rulegroup/<rulegroup-name"
For example: "arn:aws:network-firewall:ap-southeast-2:aws-managed:stateful-rulegroup/ThreatSignaturesMalwareMobileActionOrder"
Relevanter Inhalt
AWS OFFICIALAktualisiert vor 2 Jahren- AWS OFFICIALAktualisiert vor einem Jahr
- AWS OFFICIALAktualisiert vor 3 Jahren
Thank you for your answer, but it does not answer my question. The question is about the stateful rule groups managed by AWS, not the rules you create yourself.