By using AWS re:Post, you agree to the Terms of Use
/AWS Network Firewall/

Questions tagged with AWS Network Firewall

Sort by most recent
  • 1
  • 90 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

AWS CLI Updating Network Firewall Rules

I've been trying to determine a method to streamline/automate the updating of AWS Network firewall rules. The AWS CLI looked promising but I've consistently seen failure when trying to push a new ruleset. For example, running the command: aws network-firewall describe-rule-group --rule-group-arn <arn> Returns the JSON as expected with the content as a flat string: "RuleGroup": { "RulesSource": { "RulesString": "pass http $HOME_NET any -> $EXTERNAL_NET 80 (http.host; dotprefix; content:\".example.com\"; endswith; msg:\"Allowed HTTP domain\"; sid:1; rev:1;)\npass tls $HOME_NET any -> $EXTERNAL_NET 443 (tls.sni; content:\"example.com\"; startswith; nocase; endswith; msg:\"matching TLS allowlisted FQDNs\"; sid:2; rev:1;)\npass http $HOME_NET any -> $EXTERNAL_NET 80 (http.host; dotprefix; content:\".google.com\"; endswith; msg:\"Allowed HTTP domain\"; sid:3; rev:1;)\npass tls $HOME_NET any -> $EXTERNAL_NET 443 (tls.sni; content:\"www.google.com\"; startswith; nocase; endswith; msg:\"matching TLS allowlisted FQDNs\"; sid:4; rev:1;)\npass http $HOME_NET any -> $EXTERNAL_NET 80 (http.host; dotprefix; content:\".ubuntu.com\"; endswith; msg:\"Allowed HTTP domain\"; sid:5; rev:1;)\npass tls $HOME_NET any -> $EXTERNAL_NET 443 (tls.sni; content:\"ipinfo.io\"; startswith; nocase; endswith; msg:\"matching TLS allowlisted FQDNs\"; sid:6; rev:1;)\npass tcp $HOME_NET any <> $EXTERNAL_NET 80 (flow:not_established; sid:899998; rev:1;)\npass tcp $HOME_NET any <> $EXTERNAL_NET 443 (flow:not_established; sid:899999; rev:1;)" When trying to update the flat string with a new string including more entries though, I receive an error: aws network-firewall update-rule-group --cli-input-yaml file://example.yaml Error received: An error occurred (InvalidRequestException) when calling the UpdateRuleGroup operation: parameter is invalid I've tried the JSON/YAML/CLI methods and I encounter the issue using any of those methods. I've also tried using the --rule-group vs --rules options to update. I suspected there was an issue with string formatting but I've failed to find a resolution. Updating the rules via the console works without issue. Could anyone provide a pointer where I'm going wrong or even a working method they are using? Not too bothered if it is via CLI, SDK etc. as I may revert to python as it is the language I know best.
0
answers
0
votes
3
views
Dave
asked a month ago
2
answers
0
votes
3
views
AWSuser
asked 2 months ago
  • 1
  • 90 / page