Skip to content
GitHubXDiscord

RuleGroup

The RuleGroup resource allows you to manage AWS NetworkFirewall RuleGroups for creating and applying firewall rules to your network traffic.

Create a basic RuleGroup with required properties and one optional description.

import AWS from "alchemy/aws/control";
const basicRuleGroup = await AWS.NetworkFirewall.RuleGroup("basicRuleGroup", {
Type: "STATEFUL",
Capacity: 100,
RuleGroupName: "BasicRuleGroup",
Description: "A simple stateful rule group for basic traffic filtering."
});

Configure a RuleGroup with detailed rules and tags for better management.

const advancedRuleGroup = await AWS.NetworkFirewall.RuleGroup("advancedRuleGroup", {
Type: "STATEFUL",
Capacity: 200,
RuleGroupName: "AdvancedRuleGroup",
RuleGroup: {
RulesSource: {
RulesString: `
rule1: {
action: "PASS",
protocol: "TCP",
destination: {
addresses: ["192.168.1.0/24"],
ports: ["80", "443"]
}
}
`
}
},
Tags: [
{ Key: "Environment", Value: "Production" },
{ Key: "Department", Value: "IT" }
]
});

Demonstrate how to create a RuleGroup with custom firewall rules that include complex conditions.

const customRulesGroup = await AWS.NetworkFirewall.RuleGroup("customRulesGroup", {
Type: "STATEFUL",
Capacity: 150,
RuleGroupName: "CustomRulesGroup",
RuleGroup: {
RulesSource: {
RulesString: `
rule2: {
action: "DROP",
protocol: "UDP",
source: {
addresses: ["10.0.0.0/16"],
ports: ["53"]
},
destination: {
addresses: ["0.0.0.0/0"],
ports: ["53"]
}
}
`
}
}
});

Create a new RuleGroup and adopt an existing one if it already exists.

const adoptRuleGroup = await AWS.NetworkFirewall.RuleGroup("adoptRuleGroup", {
Type: "STATELESS",
Capacity: 100,
RuleGroupName: "AdoptedRuleGroup",
adopt: true
});