software.amazon.awssdk.services.networkfirewall.model

Interface FirewallPolicy.Builder

All Superinterfaces:

Buildable, CopyableBuilder<FirewallPolicy.Builder,FirewallPolicy>, SdkBuilder<FirewallPolicy.Builder,FirewallPolicy>, SdkPojo

Enclosing class:

FirewallPolicy

public static interface FirewallPolicy.Builder
extends SdkPojo, CopyableBuilder<FirewallPolicy.Builder,FirewallPolicy>

Method Summary

Modifier and Type	Method and Description
default FirewallPolicy.Builder	policyVariables(Consumer<PolicyVariables.Builder> policyVariables) Contains variables that you can use to override default Suricata settings in your firewall policy.
FirewallPolicy.Builder	policyVariables(PolicyVariables policyVariables) Contains variables that you can use to override default Suricata settings in your firewall policy.
FirewallPolicy.Builder	statefulDefaultActions(Collection<String> statefulDefaultActions) The default actions to take on a packet that doesn't match any stateful rules.
FirewallPolicy.Builder	statefulDefaultActions(String... statefulDefaultActions) The default actions to take on a packet that doesn't match any stateful rules.
default FirewallPolicy.Builder	statefulEngineOptions(Consumer<StatefulEngineOptions.Builder> statefulEngineOptions) Additional options governing how Network Firewall handles stateful rules.
FirewallPolicy.Builder	statefulEngineOptions(StatefulEngineOptions statefulEngineOptions) Additional options governing how Network Firewall handles stateful rules.
FirewallPolicy.Builder	statefulRuleGroupReferences(Collection<StatefulRuleGroupReference> statefulRuleGroupReferences) References to the stateful rule groups that are used in the policy.
FirewallPolicy.Builder	statefulRuleGroupReferences(Consumer<StatefulRuleGroupReference.Builder>... statefulRuleGroupReferences) References to the stateful rule groups that are used in the policy.
FirewallPolicy.Builder	statefulRuleGroupReferences(StatefulRuleGroupReference... statefulRuleGroupReferences) References to the stateful rule groups that are used in the policy.
FirewallPolicy.Builder	statelessCustomActions(Collection<CustomAction> statelessCustomActions) The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting.
FirewallPolicy.Builder	statelessCustomActions(Consumer<CustomAction.Builder>... statelessCustomActions) The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting.
FirewallPolicy.Builder	statelessCustomActions(CustomAction... statelessCustomActions) The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting.
FirewallPolicy.Builder	statelessDefaultActions(Collection<String> statelessDefaultActions) The actions to take on a packet if it doesn't match any of the stateless rules in the policy.
FirewallPolicy.Builder	statelessDefaultActions(String... statelessDefaultActions) The actions to take on a packet if it doesn't match any of the stateless rules in the policy.
FirewallPolicy.Builder	statelessFragmentDefaultActions(Collection<String> statelessFragmentDefaultActions) The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy.
FirewallPolicy.Builder	statelessFragmentDefaultActions(String... statelessFragmentDefaultActions) The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy.
FirewallPolicy.Builder	statelessRuleGroupReferences(Collection<StatelessRuleGroupReference> statelessRuleGroupReferences) References to the stateless rule groups that are used in the policy.
FirewallPolicy.Builder	statelessRuleGroupReferences(Consumer<StatelessRuleGroupReference.Builder>... statelessRuleGroupReferences) References to the stateless rule groups that are used in the policy.
FirewallPolicy.Builder	statelessRuleGroupReferences(StatelessRuleGroupReference... statelessRuleGroupReferences) References to the stateless rule groups that are used in the policy.
FirewallPolicy.Builder	tlsInspectionConfigurationArn(String tlsInspectionConfigurationArn) The Amazon Resource Name (ARN) of the TLS inspection configuration.

Methods inherited from interface software.amazon.awssdk.core.SdkPojo

equalsBySdkFields, sdkFields

Methods inherited from interface software.amazon.awssdk.utils.builder.CopyableBuilder

copy

Methods inherited from interface software.amazon.awssdk.utils.builder.SdkBuilder

applyMutation, build

Method Detail

statelessRuleGroupReferences

FirewallPolicy.Builder statelessRuleGroupReferences(Collection<StatelessRuleGroupReference> statelessRuleGroupReferences)

References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

Parameters:

statelessRuleGroupReferences - References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

Returns:

Returns a reference to this object so that method calls can be chained together.

statelessRuleGroupReferences

FirewallPolicy.Builder statelessRuleGroupReferences(StatelessRuleGroupReference... statelessRuleGroupReferences)

References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

Parameters:

statelessRuleGroupReferences - References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

Returns:

Returns a reference to this object so that method calls can be chained together.

statelessRuleGroupReferences

FirewallPolicy.Builder statelessRuleGroupReferences(Consumer<StatelessRuleGroupReference.Builder>... statelessRuleGroupReferences)

References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

This is a convenience method that creates an instance of the StatelessRuleGroupReference.Builder avoiding the need to create one manually via StatelessRuleGroupReference.builder().

When the Consumer completes, SdkBuilder.build() is called immediately and its result is passed to #statelessRuleGroupReferences(List).

Parameters:

statelessRuleGroupReferences - a consumer that will call methods on StatelessRuleGroupReference.Builder

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

#statelessRuleGroupReferences(java.util.Collection)

statelessDefaultActions

FirewallPolicy.Builder statelessDefaultActions(Collection<String> statelessDefaultActions)

The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Parameters:

statelessDefaultActions - The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Returns:

Returns a reference to this object so that method calls can be chained together.

statelessDefaultActions

FirewallPolicy.Builder statelessDefaultActions(String... statelessDefaultActions)

The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Parameters:

statelessDefaultActions - The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Returns:

Returns a reference to this object so that method calls can be chained together.

statelessFragmentDefaultActions

FirewallPolicy.Builder statelessFragmentDefaultActions(Collection<String> statelessFragmentDefaultActions)

The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Parameters:

statelessFragmentDefaultActions - The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Returns:

Returns a reference to this object so that method calls can be chained together.

statelessFragmentDefaultActions

FirewallPolicy.Builder statelessFragmentDefaultActions(String... statelessFragmentDefaultActions)

The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Parameters:

statelessFragmentDefaultActions - The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Returns:

Returns a reference to this object so that method calls can be chained together.

statelessCustomActions

FirewallPolicy.Builder statelessCustomActions(Collection<CustomAction> statelessCustomActions)

The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

Parameters:

statelessCustomActions - The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

Returns:

Returns a reference to this object so that method calls can be chained together.

statelessCustomActions

FirewallPolicy.Builder statelessCustomActions(CustomAction... statelessCustomActions)

The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

Parameters:

statelessCustomActions - The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

Returns:

Returns a reference to this object so that method calls can be chained together.

statelessCustomActions

FirewallPolicy.Builder statelessCustomActions(Consumer<CustomAction.Builder>... statelessCustomActions)

The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

This is a convenience method that creates an instance of the CustomAction.Builder avoiding the need to create one manually via CustomAction.builder().

When the Consumer completes, SdkBuilder.build() is called immediately and its result is passed to #statelessCustomActions(List).

Parameters:

statelessCustomActions - a consumer that will call methods on CustomAction.Builder

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

#statelessCustomActions(java.util.Collection)

statefulRuleGroupReferences

FirewallPolicy.Builder statefulRuleGroupReferences(Collection<StatefulRuleGroupReference> statefulRuleGroupReferences)

References to the stateful rule groups that are used in the policy. These define the inspection criteria in stateful rules.

Parameters:

statefulRuleGroupReferences - References to the stateful rule groups that are used in the policy. These define the inspection criteria in stateful rules.

Returns:

Returns a reference to this object so that method calls can be chained together.

statefulRuleGroupReferences

FirewallPolicy.Builder statefulRuleGroupReferences(StatefulRuleGroupReference... statefulRuleGroupReferences)

References to the stateful rule groups that are used in the policy. These define the inspection criteria in stateful rules.

Parameters:

statefulRuleGroupReferences - References to the stateful rule groups that are used in the policy. These define the inspection criteria in stateful rules.

Returns:

Returns a reference to this object so that method calls can be chained together.

statefulRuleGroupReferences

FirewallPolicy.Builder statefulRuleGroupReferences(Consumer<StatefulRuleGroupReference.Builder>... statefulRuleGroupReferences)

References to the stateful rule groups that are used in the policy. These define the inspection criteria in stateful rules.

This is a convenience method that creates an instance of the StatefulRuleGroupReference.Builder avoiding the need to create one manually via StatefulRuleGroupReference.builder().

When the Consumer completes, SdkBuilder.build() is called immediately and its result is passed to #statefulRuleGroupReferences(List).

Parameters:

statefulRuleGroupReferences - a consumer that will call methods on StatefulRuleGroupReference.Builder

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

#statefulRuleGroupReferences(java.util.Collection)

statefulDefaultActions

FirewallPolicy.Builder statefulDefaultActions(Collection<String> statefulDefaultActions)

The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is optional, and is only valid when using the strict rule order.

Valid values of the stateful default action:

• aws:drop_strict

• aws:drop_established

• aws:alert_strict

• aws:alert_established

For more information, see Strict evaluation order in the Network Firewall Developer Guide.

Parameters:

statefulDefaultActions - The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is optional, and is only valid when using the strict rule order.

Valid values of the stateful default action:

• aws:drop_strict

• aws:drop_established

• aws:alert_strict

• aws:alert_established

For more information, see Strict evaluation order in the Network Firewall Developer Guide.

Returns:

Returns a reference to this object so that method calls can be chained together.

statefulDefaultActions

FirewallPolicy.Builder statefulDefaultActions(String... statefulDefaultActions)

The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is optional, and is only valid when using the strict rule order.

Valid values of the stateful default action:

• aws:drop_strict

• aws:drop_established

• aws:alert_strict

• aws:alert_established

For more information, see Strict evaluation order in the Network Firewall Developer Guide.

Parameters:

statefulDefaultActions - The default actions to take on a packet that doesn't match any stateful rules. The stateful default action is optional, and is only valid when using the strict rule order.

Valid values of the stateful default action:

• aws:drop_strict

• aws:drop_established

• aws:alert_strict

• aws:alert_established

For more information, see Strict evaluation order in the Network Firewall Developer Guide.

Returns:

Returns a reference to this object so that method calls can be chained together.

statefulEngineOptions

FirewallPolicy.Builder statefulEngineOptions(StatefulEngineOptions statefulEngineOptions)

Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that you use in your policy must have stateful rule options settings that are compatible with these settings.

Parameters:

statefulEngineOptions - Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that you use in your policy must have stateful rule options settings that are compatible with these settings.

Returns:

Returns a reference to this object so that method calls can be chained together.

statefulEngineOptions

default FirewallPolicy.Builder statefulEngineOptions(Consumer<StatefulEngineOptions.Builder> statefulEngineOptions)

Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that you use in your policy must have stateful rule options settings that are compatible with these settings.

This is a convenience method that creates an instance of the StatefulEngineOptions.Builder avoiding the need to create one manually via StatefulEngineOptions.builder().

When the Consumer completes, SdkBuilder.build() is called immediately and its result is passed to statefulEngineOptions(StatefulEngineOptions).

Parameters:

statefulEngineOptions - a consumer that will call methods on StatefulEngineOptions.Builder

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

statefulEngineOptions(StatefulEngineOptions)

tlsInspectionConfigurationArn

FirewallPolicy.Builder tlsInspectionConfigurationArn(String tlsInspectionConfigurationArn)

The Amazon Resource Name (ARN) of the TLS inspection configuration.

Parameters:

tlsInspectionConfigurationArn - The Amazon Resource Name (ARN) of the TLS inspection configuration.

Returns:

Returns a reference to this object so that method calls can be chained together.

policyVariables

FirewallPolicy.Builder policyVariables(PolicyVariables policyVariables)

Contains variables that you can use to override default Suricata settings in your firewall policy.

Parameters:

policyVariables - Contains variables that you can use to override default Suricata settings in your firewall policy.

Returns:

Returns a reference to this object so that method calls can be chained together.

policyVariables

default FirewallPolicy.Builder policyVariables(Consumer<PolicyVariables.Builder> policyVariables)

Contains variables that you can use to override default Suricata settings in your firewall policy.

This is a convenience method that creates an instance of the PolicyVariables.Builder avoiding the need to create one manually via PolicyVariables.builder().

When the Consumer completes, SdkBuilder.build() is called immediately and its result is passed to policyVariables(PolicyVariables).

Parameters:

policyVariables - a consumer that will call methods on PolicyVariables.Builder

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

policyVariables(PolicyVariables)