{-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DuplicateRecordFields #-} {-# LANGUAGE NamedFieldPuns #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE StrictData #-} {-# LANGUAGE NoImplicitPrelude #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} {-# OPTIONS_GHC -fno-warn-unused-matches #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Amazonka.NetworkFirewall.Types.RuleDefinition -- Copyright : (c) 2013-2023 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay -- Stability : auto-generated -- Portability : non-portable (GHC extensions) module Amazonka.NetworkFirewall.Types.RuleDefinition where import qualified Amazonka.Core as Core import qualified Amazonka.Core.Lens.Internal as Lens import qualified Amazonka.Data as Data import Amazonka.NetworkFirewall.Types.MatchAttributes import qualified Amazonka.Prelude as Prelude -- | The inspection criteria and action for a single stateless rule. Network -- Firewall inspects each packet for the specified matching criteria. When -- a packet matches the criteria, Network Firewall performs the rule\'s -- actions on the packet. -- -- /See:/ 'newRuleDefinition' smart constructor. data RuleDefinition = RuleDefinition' { -- | Criteria for Network Firewall to use to inspect an individual packet in -- stateless rule inspection. Each match attributes set can include one or -- more items such as IP address, CIDR range, port number, protocol, and -- TCP flags. RuleDefinition -> MatchAttributes matchAttributes :: MatchAttributes, -- | The actions to take on a packet that matches one of the stateless rule -- definition\'s match attributes. You must specify a standard action and -- you can add custom actions. -- -- Network Firewall only forwards a packet for stateful rule inspection if -- you specify @aws:forward_to_sfe@ for a rule that the packet matches, or -- if the packet doesn\'t match any stateless rule and you specify -- @aws:forward_to_sfe@ for the @StatelessDefaultActions@ setting for the -- FirewallPolicy. -- -- For every rule, you must specify exactly one of the following standard -- actions. -- -- - __aws:pass__ - Discontinues all inspection of the packet and permits -- it to go to its intended destination. -- -- - __aws:drop__ - Discontinues all inspection of the packet and blocks -- it from going to its intended destination. -- -- - __aws:forward_to_sfe__ - Discontinues stateless inspection of the -- packet and forwards it to the stateful rule engine for inspection. -- -- Additionally, you can specify a custom action. To do this, you define a -- custom action by name and type, then provide the name you\'ve assigned -- to the action in this @Actions@ setting. For information about the -- options, see CustomAction. -- -- To provide more than one action in this setting, separate the settings -- with a comma. For example, if you have a custom @PublishMetrics@ action -- that you\'ve named @MyMetricsAction@, then you could specify the -- standard action @aws:pass@ and the custom action with -- @[“aws:pass”, “MyMetricsAction”]@. RuleDefinition -> [Text] actions :: [Prelude.Text] } deriving (RuleDefinition -> RuleDefinition -> Bool forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a /= :: RuleDefinition -> RuleDefinition -> Bool $c/= :: RuleDefinition -> RuleDefinition -> Bool == :: RuleDefinition -> RuleDefinition -> Bool $c== :: RuleDefinition -> RuleDefinition -> Bool Prelude.Eq, ReadPrec [RuleDefinition] ReadPrec RuleDefinition Int -> ReadS RuleDefinition ReadS [RuleDefinition] forall a. (Int -> ReadS a) -> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a readListPrec :: ReadPrec [RuleDefinition] $creadListPrec :: ReadPrec [RuleDefinition] readPrec :: ReadPrec RuleDefinition $creadPrec :: ReadPrec RuleDefinition readList :: ReadS [RuleDefinition] $creadList :: ReadS [RuleDefinition] readsPrec :: Int -> ReadS RuleDefinition $creadsPrec :: Int -> ReadS RuleDefinition Prelude.Read, Int -> RuleDefinition -> ShowS [RuleDefinition] -> ShowS RuleDefinition -> String forall a. (Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a showList :: [RuleDefinition] -> ShowS $cshowList :: [RuleDefinition] -> ShowS show :: RuleDefinition -> String $cshow :: RuleDefinition -> String showsPrec :: Int -> RuleDefinition -> ShowS $cshowsPrec :: Int -> RuleDefinition -> ShowS Prelude.Show, forall x. Rep RuleDefinition x -> RuleDefinition forall x. RuleDefinition -> Rep RuleDefinition x forall a. (forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a $cto :: forall x. Rep RuleDefinition x -> RuleDefinition $cfrom :: forall x. RuleDefinition -> Rep RuleDefinition x Prelude.Generic) -- | -- Create a value of 'RuleDefinition' with all optional fields omitted. -- -- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields. -- -- The following record fields are available, with the corresponding lenses provided -- for backwards compatibility: -- -- 'matchAttributes', 'ruleDefinition_matchAttributes' - Criteria for Network Firewall to use to inspect an individual packet in -- stateless rule inspection. Each match attributes set can include one or -- more items such as IP address, CIDR range, port number, protocol, and -- TCP flags. -- -- 'actions', 'ruleDefinition_actions' - The actions to take on a packet that matches one of the stateless rule -- definition\'s match attributes. You must specify a standard action and -- you can add custom actions. -- -- Network Firewall only forwards a packet for stateful rule inspection if -- you specify @aws:forward_to_sfe@ for a rule that the packet matches, or -- if the packet doesn\'t match any stateless rule and you specify -- @aws:forward_to_sfe@ for the @StatelessDefaultActions@ setting for the -- FirewallPolicy. -- -- For every rule, you must specify exactly one of the following standard -- actions. -- -- - __aws:pass__ - Discontinues all inspection of the packet and permits -- it to go to its intended destination. -- -- - __aws:drop__ - Discontinues all inspection of the packet and blocks -- it from going to its intended destination. -- -- - __aws:forward_to_sfe__ - Discontinues stateless inspection of the -- packet and forwards it to the stateful rule engine for inspection. -- -- Additionally, you can specify a custom action. To do this, you define a -- custom action by name and type, then provide the name you\'ve assigned -- to the action in this @Actions@ setting. For information about the -- options, see CustomAction. -- -- To provide more than one action in this setting, separate the settings -- with a comma. For example, if you have a custom @PublishMetrics@ action -- that you\'ve named @MyMetricsAction@, then you could specify the -- standard action @aws:pass@ and the custom action with -- @[“aws:pass”, “MyMetricsAction”]@. newRuleDefinition :: -- | 'matchAttributes' MatchAttributes -> RuleDefinition newRuleDefinition :: MatchAttributes -> RuleDefinition newRuleDefinition MatchAttributes pMatchAttributes_ = RuleDefinition' { $sel:matchAttributes:RuleDefinition' :: MatchAttributes matchAttributes = MatchAttributes pMatchAttributes_, $sel:actions:RuleDefinition' :: [Text] actions = forall a. Monoid a => a Prelude.mempty } -- | Criteria for Network Firewall to use to inspect an individual packet in -- stateless rule inspection. Each match attributes set can include one or -- more items such as IP address, CIDR range, port number, protocol, and -- TCP flags. ruleDefinition_matchAttributes :: Lens.Lens' RuleDefinition MatchAttributes ruleDefinition_matchAttributes :: Lens' RuleDefinition MatchAttributes ruleDefinition_matchAttributes = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\RuleDefinition' {MatchAttributes matchAttributes :: MatchAttributes $sel:matchAttributes:RuleDefinition' :: RuleDefinition -> MatchAttributes matchAttributes} -> MatchAttributes matchAttributes) (\s :: RuleDefinition s@RuleDefinition' {} MatchAttributes a -> RuleDefinition s {$sel:matchAttributes:RuleDefinition' :: MatchAttributes matchAttributes = MatchAttributes a} :: RuleDefinition) -- | The actions to take on a packet that matches one of the stateless rule -- definition\'s match attributes. You must specify a standard action and -- you can add custom actions. -- -- Network Firewall only forwards a packet for stateful rule inspection if -- you specify @aws:forward_to_sfe@ for a rule that the packet matches, or -- if the packet doesn\'t match any stateless rule and you specify -- @aws:forward_to_sfe@ for the @StatelessDefaultActions@ setting for the -- FirewallPolicy. -- -- For every rule, you must specify exactly one of the following standard -- actions. -- -- - __aws:pass__ - Discontinues all inspection of the packet and permits -- it to go to its intended destination. -- -- - __aws:drop__ - Discontinues all inspection of the packet and blocks -- it from going to its intended destination. -- -- - __aws:forward_to_sfe__ - Discontinues stateless inspection of the -- packet and forwards it to the stateful rule engine for inspection. -- -- Additionally, you can specify a custom action. To do this, you define a -- custom action by name and type, then provide the name you\'ve assigned -- to the action in this @Actions@ setting. For information about the -- options, see CustomAction. -- -- To provide more than one action in this setting, separate the settings -- with a comma. For example, if you have a custom @PublishMetrics@ action -- that you\'ve named @MyMetricsAction@, then you could specify the -- standard action @aws:pass@ and the custom action with -- @[“aws:pass”, “MyMetricsAction”]@. ruleDefinition_actions :: Lens.Lens' RuleDefinition [Prelude.Text] ruleDefinition_actions :: Lens' RuleDefinition [Text] ruleDefinition_actions = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\RuleDefinition' {[Text] actions :: [Text] $sel:actions:RuleDefinition' :: RuleDefinition -> [Text] actions} -> [Text] actions) (\s :: RuleDefinition s@RuleDefinition' {} [Text] a -> RuleDefinition s {$sel:actions:RuleDefinition' :: [Text] actions = [Text] a} :: RuleDefinition) forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced instance Data.FromJSON RuleDefinition where parseJSON :: Value -> Parser RuleDefinition parseJSON = forall a. String -> (Object -> Parser a) -> Value -> Parser a Data.withObject String "RuleDefinition" ( \Object x -> MatchAttributes -> [Text] -> RuleDefinition RuleDefinition' forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> (Object x forall a. FromJSON a => Object -> Key -> Parser a Data..: Key "MatchAttributes") forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b Prelude.<*> (Object x forall a. FromJSON a => Object -> Key -> Parser (Maybe a) Data..:? Key "Actions" forall a. Parser (Maybe a) -> a -> Parser a Data..!= forall a. Monoid a => a Prelude.mempty) ) instance Prelude.Hashable RuleDefinition where hashWithSalt :: Int -> RuleDefinition -> Int hashWithSalt Int _salt RuleDefinition' {[Text] MatchAttributes actions :: [Text] matchAttributes :: MatchAttributes $sel:actions:RuleDefinition' :: RuleDefinition -> [Text] $sel:matchAttributes:RuleDefinition' :: RuleDefinition -> MatchAttributes ..} = Int _salt forall a. Hashable a => Int -> a -> Int `Prelude.hashWithSalt` MatchAttributes matchAttributes forall a. Hashable a => Int -> a -> Int `Prelude.hashWithSalt` [Text] actions instance Prelude.NFData RuleDefinition where rnf :: RuleDefinition -> () rnf RuleDefinition' {[Text] MatchAttributes actions :: [Text] matchAttributes :: MatchAttributes $sel:actions:RuleDefinition' :: RuleDefinition -> [Text] $sel:matchAttributes:RuleDefinition' :: RuleDefinition -> MatchAttributes ..} = forall a. NFData a => a -> () Prelude.rnf MatchAttributes matchAttributes seq :: forall a b. a -> b -> b `Prelude.seq` forall a. NFData a => a -> () Prelude.rnf [Text] actions instance Data.ToJSON RuleDefinition where toJSON :: RuleDefinition -> Value toJSON RuleDefinition' {[Text] MatchAttributes actions :: [Text] matchAttributes :: MatchAttributes $sel:actions:RuleDefinition' :: RuleDefinition -> [Text] $sel:matchAttributes:RuleDefinition' :: RuleDefinition -> MatchAttributes ..} = [Pair] -> Value Data.object ( forall a. [Maybe a] -> [a] Prelude.catMaybes [ forall a. a -> Maybe a Prelude.Just (Key "MatchAttributes" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv Data..= MatchAttributes matchAttributes), forall a. a -> Maybe a Prelude.Just (Key "Actions" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv Data..= [Text] actions) ] )