{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--aws-networkfirewall-rulegroup.json", "title": "AWSNetworkFirewallRuleGroupProperties", "description": "Resource type definition for AWS::NetworkFirewall::RuleGroup. Source:- ", "x-lintel": { "source": "https://raw.githubusercontent.com/lalcebo/json-schema/master/serverless/resources/cloudformation-modified/aws-networkfirewall-rulegroup.json", "sourceSha256": "5b308c1634b10b970ac4ed41135bb4cd013e81b1fd13ebd350795480b57c47a8" }, "type": "object", "properties": { "RuleGroupName": { "oneOf": [ { "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^[a-zA-Z0-9-]+$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] }, "RuleGroup": { "$ref": "#/$defs/RuleGroup" }, "Type": { "oneOf": [ { "type": "string", "enum": [ "STATELESS", "STATEFUL" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] }, "Capacity": { "type": "integer" }, "Description": { "oneOf": [ { "type": "string", "minLength": 1, "maxLength": 512, "pattern": "^.*$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] }, "Tags": { "type": "array", "insertionOrder": false, "uniqueItems": true, "items": { "$ref": "#/$defs/Tag" } } }, "typeName": "AWS::NetworkFirewall::RuleGroup", "primaryIdentifier": [ "/properties/RuleGroupArn" ], "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkfirewall.git", "$defs": { "ResourceArn": { "oneOf": [ { "type": "string", "pattern": "^(arn:aws.*)$", "minLength": 1, "maxLength": 256 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "description": "A resource ARN.", "title": "AWSNetworkFirewallRuleGroupResourceArnDefinition" }, "Tag": { "type": "object", "properties": { "Key": { "oneOf": [ { "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^.*$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] }, "Value": { "oneOf": [ { "type": "string", "minLength": 0, "maxLength": 255, "pattern": "^.*$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] } }, "required": [ "Key", "Value" ], "title": "AWSNetworkFirewallRuleGroupTagDefinition", "additionalProperties": false }, "RulesString": { "oneOf": [ { "type": "string", "minLength": 0, "maxLength": 1000000 }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "title": "AWSNetworkFirewallRuleGroupRulesStringDefinition" }, "RuleGroup": { "type": "object", "properties": { "RuleVariables": { "$ref": "#/$defs/RuleVariables" }, "ReferenceSets": { "$ref": "#/$defs/ReferenceSets" }, "RulesSource": { "$ref": "#/$defs/RulesSource" }, "StatefulRuleOptions": { "$ref": "#/$defs/StatefulRuleOptions" } }, "required": [ "RulesSource" ], "title": "AWSNetworkFirewallRuleGroupRuleGroupDefinition", "additionalProperties": false }, "RuleVariables": { "type": "object", "properties": { "IPSets": { "type": "object", "additionalProperties": false, "patternProperties": { "^[A-Za-z0-9_]{1,32}$": { "$ref": "#/$defs/IPSet" } } }, "PortSets": { "type": "object", "additionalProperties": false, "patternProperties": { "^[A-Za-z0-9_]{1,32}$": { "$ref": "#/$defs/PortSet" } } } }, "title": "AWSNetworkFirewallRuleGroupRuleVariablesDefinition", "additionalProperties": false }, "IPSet": { "type": "object", "properties": { "Definition": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/VariableDefinition" } } }, "title": "AWSNetworkFirewallRuleGroupIPSetDefinition", "additionalProperties": false }, "PortSet": { "type": "object", "properties": { "Definition": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/VariableDefinition" } } }, "title": "AWSNetworkFirewallRuleGroupPortSetDefinition", "additionalProperties": false }, "VariableDefinition": { "oneOf": [ { "type": "string", "minLength": 1, "pattern": "^.*$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "title": "AWSNetworkFirewallRuleGroupVariableDefinition" }, "ReferenceSets": { "type": "object", "properties": { "IPSetReferences": { "type": "object", "additionalProperties": false, "patternProperties": { "^[A-Za-z0-9_]{1,32}$": { "$ref": "#/$defs/IPSetReference" } } } }, "title": "AWSNetworkFirewallRuleGroupReferenceSetsDefinition", "additionalProperties": false }, "IPSetReference": { "type": "object", "properties": { "ReferenceArn": { "$ref": "#/$defs/ResourceArn" } }, "title": "AWSNetworkFirewallRuleGroupIPSetReferenceDefinition", "additionalProperties": false }, "RulesSource": { "type": "object", "properties": { "RulesString": { "$ref": "#/$defs/RulesString" }, "RulesSourceList": { "$ref": "#/$defs/RulesSourceList" }, "StatefulRules": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/StatefulRule" } }, "StatelessRulesAndCustomActions": { "$ref": "#/$defs/StatelessRulesAndCustomActions" } }, "title": "AWSNetworkFirewallRuleGroupRulesSourceDefinition", "additionalProperties": false }, "RulesSourceList": { "type": "object", "properties": { "Targets": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "type": "string" } }, "TargetTypes": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/TargetType" } }, "GeneratedRulesType": { "$ref": "#/$defs/GeneratedRulesType" } }, "required": [ "Targets", "TargetTypes", "GeneratedRulesType" ], "title": "AWSNetworkFirewallRuleGroupRulesSourceListDefinition", "additionalProperties": false }, "TargetType": { "oneOf": [ { "type": "string", "enum": [ "TLS_SNI", "HTTP_HOST" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "title": "AWSNetworkFirewallRuleGroupTargetTypeDefinition" }, "GeneratedRulesType": { "oneOf": [ { "type": "string", "enum": [ "ALLOWLIST", "DENYLIST" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "title": "AWSNetworkFirewallRuleGroupGeneratedRulesTypeDefinition" }, "StatefulRule": { "type": "object", "properties": { "Action": { "oneOf": [ { "type": "string", "enum": [ "PASS", "DROP", "ALERT", "REJECT" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] }, "Header": { "$ref": "#/$defs/Header" }, "RuleOptions": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/RuleOption" } } }, "required": [ "Action", "Header", "RuleOptions" ], "title": "AWSNetworkFirewallRuleGroupStatefulRuleDefinition", "additionalProperties": false }, "Header": { "type": "object", "properties": { "Protocol": { "oneOf": [ { "type": "string", "enum": [ "IP", "TCP", "UDP", "ICMP", "HTTP", "FTP", "TLS", "SMB", "DNS", "DCERPC", "SSH", "SMTP", "IMAP", "MSN", "KRB5", "IKEV2", "TFTP", "NTP", "DHCP" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] }, "Source": { "oneOf": [ { "type": "string", "minLength": 1, "maxLength": 1024, "pattern": "^.*$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] }, "SourcePort": { "$ref": "#/$defs/Port" }, "Direction": { "oneOf": [ { "type": "string", "enum": [ "FORWARD", "ANY" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] }, "Destination": { "oneOf": [ { "type": "string", "minLength": 1, "maxLength": 1024, "pattern": "^.*$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] }, "DestinationPort": { "$ref": "#/$defs/Port" } }, "required": [ "Protocol", "Source", "SourcePort", "Direction", "Destination", "DestinationPort" ], "title": "AWSNetworkFirewallRuleGroupHeaderDefinition", "additionalProperties": false }, "RuleOption": { "type": "object", "properties": { "Keyword": { "oneOf": [ { "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^.*$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] }, "Settings": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/Setting" } } }, "required": [ "Keyword" ], "title": "AWSNetworkFirewallRuleGroupRuleOptionDefinition", "additionalProperties": false }, "Setting": { "oneOf": [ { "type": "string", "minLength": 1, "maxLength": 8192, "pattern": "^.*$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "title": "AWSNetworkFirewallRuleGroupSettingDefinition" }, "Port": { "oneOf": [ { "type": "string", "minLength": 1, "maxLength": 1024, "pattern": "^.*$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "title": "AWSNetworkFirewallRuleGroupPortDefinition" }, "StatelessRulesAndCustomActions": { "type": "object", "properties": { "StatelessRules": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/StatelessRule" } }, "CustomActions": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/CustomAction" } } }, "required": [ "StatelessRules" ], "title": "AWSNetworkFirewallRuleGroupStatelessRulesAndCustomActionsDefinition", "additionalProperties": false }, "StatelessRule": { "type": "object", "properties": { "RuleDefinition": { "$ref": "#/$defs/RuleDefinition" }, "Priority": { "type": "integer", "minimum": 1, "maximum": 65535 } }, "required": [ "RuleDefinition", "Priority" ], "title": "AWSNetworkFirewallRuleGroupStatelessRuleDefinition", "additionalProperties": false }, "RuleDefinition": { "type": "object", "properties": { "MatchAttributes": { "$ref": "#/$defs/MatchAttributes" }, "Actions": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "type": "string" } } }, "required": [ "MatchAttributes", "Actions" ], "title": "AWSNetworkFirewallRuleGroupRuleDefinition", "additionalProperties": false }, "MatchAttributes": { "type": "object", "properties": { "Sources": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/Address" } }, "Destinations": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/Address" } }, "SourcePorts": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/PortRange" } }, "DestinationPorts": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/PortRange" } }, "Protocols": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/ProtocolNumber" } }, "TCPFlags": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/TCPFlagField" } } }, "title": "AWSNetworkFirewallRuleGroupMatchAttributesDefinition", "additionalProperties": false }, "Address": { "type": "object", "properties": { "AddressDefinition": { "oneOf": [ { "type": "string", "minLength": 1, "maxLength": 255, "pattern": "^([a-fA-F0-9:\\.]+/\\d{1,3})$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] } }, "required": [ "AddressDefinition" ], "title": "AWSNetworkFirewallRuleGroupAddressDefinition", "additionalProperties": false }, "PortRange": { "type": "object", "properties": { "FromPort": { "$ref": "#/$defs/PortRangeBound" }, "ToPort": { "$ref": "#/$defs/PortRangeBound" } }, "required": [ "FromPort", "ToPort" ], "title": "AWSNetworkFirewallRuleGroupPortRangeDefinition", "additionalProperties": false }, "PortRangeBound": { "type": "integer", "minimum": 0, "maximum": 65535, "title": "AWSNetworkFirewallRuleGroupPortRangeBoundDefinition" }, "ProtocolNumber": { "type": "integer", "minimum": 0, "maximum": 255, "title": "AWSNetworkFirewallRuleGroupProtocolNumberDefinition" }, "TCPFlagField": { "type": "object", "properties": { "Flags": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/TCPFlag" } }, "Masks": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/TCPFlag" } } }, "required": [ "Flags" ], "title": "AWSNetworkFirewallRuleGroupTCPFlagFieldDefinition", "additionalProperties": false }, "TCPFlag": { "oneOf": [ { "type": "string", "enum": [ "FIN", "SYN", "RST", "PSH", "ACK", "URG", "ECE", "CWR" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "title": "AWSNetworkFirewallRuleGroupTCPFlagDefinition" }, "CustomAction": { "type": "object", "properties": { "ActionName": { "oneOf": [ { "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^[a-zA-Z0-9]+$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] }, "ActionDefinition": { "$ref": "#/$defs/ActionDefinition" } }, "required": [ "ActionName", "ActionDefinition" ], "title": "AWSNetworkFirewallRuleGroupCustomActionDefinition", "additionalProperties": false }, "ActionDefinition": { "type": "object", "properties": { "PublishMetricAction": { "$ref": "#/$defs/PublishMetricAction" } }, "title": "AWSNetworkFirewallRuleGroupActionDefinition", "additionalProperties": false }, "PublishMetricAction": { "type": "object", "properties": { "Dimensions": { "type": "array", "insertionOrder": true, "uniqueItems": false, "items": { "$ref": "#/$defs/Dimension" } } }, "required": [ "Dimensions" ], "title": "AWSNetworkFirewallRuleGroupPublishMetricActionDefinition", "additionalProperties": false }, "Dimension": { "type": "object", "properties": { "Value": { "oneOf": [ { "type": "string", "minLength": 1, "maxLength": 128, "pattern": "^[a-zA-Z0-9-_ ]+$" }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ] } }, "required": [ "Value" ], "title": "AWSNetworkFirewallRuleGroupDimensionDefinition", "additionalProperties": false }, "StatefulRuleOptions": { "type": "object", "properties": { "RuleOrder": { "$ref": "#/$defs/RuleOrder" } }, "title": "AWSNetworkFirewallRuleGroupStatefulRuleOptionsDefinition", "additionalProperties": false }, "RuleOrder": { "oneOf": [ { "type": "string", "enum": [ "DEFAULT_ACTION_ORDER", "STRICT_ORDER" ] }, { "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString" } ], "title": "AWSNetworkFirewallRuleGroupRuleOrderDefinition" } }, "additionalProperties": false, "createOnlyProperties": [ "/properties/RuleGroupName", "/properties/Capacity", "/properties/Type" ], "required": [ "Type", "Capacity", "RuleGroupName" ], "readOnlyProperties": [ "/properties/RuleGroupArn", "/properties/RuleGroupId" ] }