A custom action to use in stateless rule actions settings. This is used in "CustomAction".

A single IP address specification. This is used in the "MatchAttributes" source and destination specifications.

The configuration and status for a single subnet that you've specified for use by the AWS Network Firewall firewall. This is part of the "FirewallStatus".

An optional, non-standard action to use for stateless packet handling. You can define this in addition to the standard action that you must specify.

The value to use in an Amazon CloudWatch custom metric dimension. This is used in the PublishMetrics "CustomAction". A CloudWatch custom metric dimension is a name/value pair that's part of the identity of a metric.

The firewall defines the configuration settings for an AWS Network Firewall firewall. These settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource.

High-level information about a firewall, returned by operations like create and describe. You can use the information provided in the metadata to retrieve and manage a firewall.

The firewall policy defines the behavior of a firewall using a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls.

High-level information about a firewall policy, returned by operations like create and describe. You can use the information provided in the metadata to retrieve and manage a firewall policy. You can retrieve all objects for a firewall policy by calling "DescribeFirewallPolicy".

The high-level properties of a firewall policy. This, along with the "FirewallPolicy", define the policy. You can retrieve all objects for a firewall policy by calling "DescribeFirewallPolicy".

Detailed information about the current status of a "Firewall". You can retrieve this for a firewall by calling "DescribeFirewall" and providing the firewall name and ARN.

The 5-tuple criteria for AWS Network Firewall to use to inspect packet headers in stateful traffic flow inspection. Traffic flows that match the criteria are a match for the corresponding "StatefulRule".

A list of IP addresses and address ranges, in CIDR notation. This is part of a "RuleVariables".

Defines where AWS Network Firewall sends logs for the firewall for one log type. This is used in "LoggingConfiguration". You can send each type of log to an Amazon S3 bucket, a CloudWatch log group, or a Kinesis Data Firehose delivery stream.

Defines how AWS Network Firewall performs logging for a "Firewall".

Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each match attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP flags.

Provides configuration status for a single policy or rule group that is used for a firewall endpoint. Network Firewall provides each endpoint with the rules that are configured in the firewall policy. Each time you add a subnet or modify the associated firewall policy, Network Firewall synchronizes the rules in the endpoint, so it can properly filter network traffic. This is part of a "SyncState" for a firewall.

A single port range specification. This is used for source and destination port ranges in the stateless rule "MatchAttributes", SourcePorts, and DestinationPorts settings.

A set of port ranges for use in the rules in a rule group.

Stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. This setting defines a CloudWatch dimension value to be published.

The inspection criteria and action for a single stateless rule. AWS Network Firewall inspects each packet for the specified matching criteria. When a packet matches the criteria, Network Firewall performs the rule's actions on the packet.

The object that defines the rules in a rule group. This, along with "RuleGroupResponse", define the rule group. You can retrieve all objects for a rule group by calling "DescribeRuleGroup".

High-level information about a rule group, returned by "ListRuleGroups". You can use the information provided in the metadata to retrieve and manage a rule group.

The high-level properties of a rule group. This, along with the "RuleGroup", define the rule group. You can retrieve all objects for a rule group by calling "DescribeRuleGroup".

Additional settings for a stateful rule. This is part of the "StatefulRule" configuration.

The stateless or stateful rules definitions for use in a single rule group. Each rule group requires a single RulesSource. You can use an instance of this for either stateless rules or stateful rules.

Stateful inspection criteria for a domain list rule group.

Settings that are available for use in the rules in the "RuleGroup" where this is defined.

A single 5-tuple stateful rule, for use in a stateful rule group.

Identifier for a single stateful rule group, used in a firewall policy to refer to a rule group.

A single stateless rule. This is used in "StatelessRulesAndCustomActions".

Identifier for a single stateless rule group, used in a firewall policy to refer to the rule group.

Stateless inspection criteria. Each stateless rule group uses exactly one of these data types to define its stateless rules.

The ID for a subnet that you want to associate with the firewall. This is used with "CreateFirewall" and "AssociateSubnets". AWS Network Firewall creates an instance of the associated firewall in each subnet that you specify, to filter traffic in the subnet's Availability Zone.

The status of the firewall endpoint and firewall policy configuration for a single VPC subnet.

A key:value pair associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource.

TCP flags and masks to inspect packets for, used in stateless rules "MatchAttributes" settings.