NETWORK-FIREWALL
AssociateFirewallPolicy
valid {
input.Body.UpdateToken == STRING
input.Body.FirewallArn == STRING
input.Body.FirewallName == STRING
input.Body.FirewallPolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AssociateSubnets
enum_IPAddressType := [ "DUALSTACK", "IPV4", "IPV6" ]
valid {
input.Body.UpdateToken == STRING
input.Body.FirewallArn == STRING
input.Body.FirewallName == STRING
input.Body.SubnetMappings[_].SubnetId == STRING
input.Body.SubnetMappings[_].IPAddressType == enum_IPAddressType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateFirewall
enum_EncryptionType := [ "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY" ]
enum_IPAddressType := [ "DUALSTACK", "IPV4", "IPV6" ]
valid {
input.Body.FirewallName == STRING
input.Body.FirewallPolicyArn == STRING
input.Body.VpcId == STRING
input.Body.SubnetMappings[_].SubnetId == STRING
input.Body.SubnetMappings[_].IPAddressType == enum_IPAddressType[_]
input.Body.DeleteProtection == BOOLEAN
input.Body.SubnetChangeProtection == BOOLEAN
input.Body.FirewallPolicyChangeProtection == BOOLEAN
input.Body.Description == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.Body.EncryptionConfiguration.KeyId == STRING
input.Body.EncryptionConfiguration.Type == enum_EncryptionType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateFirewallPolicy
enum_EncryptionType := [ "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY" ]
enum_OverrideAction := [ "DROP_TO_ALERT" ]
enum_RuleOrder := [ "DEFAULT_ACTION_ORDER", "STRICT_ORDER" ]
enum_StreamExceptionPolicy := [ "DROP", "CONTINUE", "REJECT" ]
valid {
input.Body.FirewallPolicyName == STRING
input.Body.FirewallPolicy.StatelessRuleGroupReferences[_].ResourceArn == STRING
input.Body.FirewallPolicy.StatelessRuleGroupReferences[_].Priority == INTEGER
input.Body.FirewallPolicy.StatelessDefaultActions[_] == STRING
input.Body.FirewallPolicy.StatelessFragmentDefaultActions[_] == STRING
input.Body.FirewallPolicy.StatelessCustomActions[_].ActionName == STRING
input.Body.FirewallPolicy.StatelessCustomActions[_].ActionDefinition.PublishMetricAction.Dimensions[_].Value == STRING
input.Body.FirewallPolicy.StatefulRuleGroupReferences[_].ResourceArn == STRING
input.Body.FirewallPolicy.StatefulRuleGroupReferences[_].Priority == INTEGER
input.Body.FirewallPolicy.StatefulRuleGroupReferences[_].Override.Action == enum_OverrideAction[_]
input.Body.FirewallPolicy.StatefulDefaultActions[_] == STRING
input.Body.FirewallPolicy.StatefulEngineOptions.RuleOrder == enum_RuleOrder[_]
input.Body.FirewallPolicy.StatefulEngineOptions.StreamExceptionPolicy == enum_StreamExceptionPolicy[_]
input.Body.FirewallPolicy.StatefulEngineOptions.FlowTimeouts.TcpIdleTimeoutSeconds == INTEGER
input.Body.FirewallPolicy.TLSInspectionConfigurationArn == STRING
input.Body.FirewallPolicy.PolicyVariables.RuleVariables.STRING.Definition[_] == STRING
input.Body.Description == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.Body.DryRun == BOOLEAN
input.Body.EncryptionConfiguration.KeyId == STRING
input.Body.EncryptionConfiguration.Type == enum_EncryptionType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateRuleGroup
enum_EncryptionType := [ "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY" ]
enum_GeneratedRulesType := [ "ALLOWLIST", "DENYLIST" ]
enum_RuleGroupType := [ "STATELESS", "STATEFUL" ]
enum_RuleOrder := [ "DEFAULT_ACTION_ORDER", "STRICT_ORDER" ]
enum_StatefulAction := [ "PASS", "DROP", "ALERT", "REJECT" ]
enum_StatefulRuleDirection := [ "FORWARD", "ANY" ]
enum_StatefulRuleProtocol := [ "IP", "TCP", "UDP", "ICMP", "HTTP", "FTP", "TLS", "SMB", "DNS", "DCERPC", "SSH", "SMTP", "IMAP", "MSN", "KRB5", "IKEV2", "TFTP", "NTP", "DHCP" ]
enum_TCPFlag := [ "FIN", "SYN", "RST", "PSH", "ACK", "URG", "ECE", "CWR" ]
enum_TargetType := [ "TLS_SNI", "HTTP_HOST" ]
valid {
input.Body.RuleGroupName == STRING
input.Body.RuleGroup.RuleVariables.IPSets.STRING.Definition[_] == STRING
input.Body.RuleGroup.RuleVariables.PortSets.STRING.Definition[_] == STRING
input.Body.RuleGroup.ReferenceSets.IPSetReferences.STRING.ReferenceArn == STRING
input.Body.RuleGroup.RulesSource.RulesString == STRING
input.Body.RuleGroup.RulesSource.RulesSourceList.Targets[_] == STRING
input.Body.RuleGroup.RulesSource.RulesSourceList.TargetTypes[_] == enum_TargetType[_]
input.Body.RuleGroup.RulesSource.RulesSourceList.GeneratedRulesType == enum_GeneratedRulesType[_]
input.Body.RuleGroup.RulesSource.StatefulRules[_].Action == enum_StatefulAction[_]
input.Body.RuleGroup.RulesSource.StatefulRules[_].Header.Protocol == enum_StatefulRuleProtocol[_]
input.Body.RuleGroup.RulesSource.StatefulRules[_].Header.Source == STRING
input.Body.RuleGroup.RulesSource.StatefulRules[_].Header.SourcePort == STRING
input.Body.RuleGroup.RulesSource.StatefulRules[_].Header.Direction == enum_StatefulRuleDirection[_]
input.Body.RuleGroup.RulesSource.StatefulRules[_].Header.Destination == STRING
input.Body.RuleGroup.RulesSource.StatefulRules[_].Header.DestinationPort == STRING
input.Body.RuleGroup.RulesSource.StatefulRules[_].RuleOptions[_].Keyword == STRING
input.Body.RuleGroup.RulesSource.StatefulRules[_].RuleOptions[_].Settings[_] == STRING
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.Sources[_].AddressDefinition == STRING
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.Destinations[_].AddressDefinition == STRING
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.SourcePorts[_].FromPort == INTEGER
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.SourcePorts[_].ToPort == INTEGER
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.DestinationPorts[_].FromPort == INTEGER
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.DestinationPorts[_].ToPort == INTEGER
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.Protocols[_] == INTEGER
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.TCPFlags[_].Flags[_] == enum_TCPFlag[_]
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.TCPFlags[_].Masks[_] == enum_TCPFlag[_]
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.Actions[_] == STRING
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].Priority == INTEGER
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.CustomActions[_].ActionName == STRING
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.CustomActions[_].ActionDefinition.PublishMetricAction.Dimensions[_].Value == STRING
input.Body.RuleGroup.StatefulRuleOptions.RuleOrder == enum_RuleOrder[_]
input.Body.Rules == STRING
input.Body.Type == enum_RuleGroupType[_]
input.Body.Description == STRING
input.Body.Capacity == INTEGER
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.Body.DryRun == BOOLEAN
input.Body.EncryptionConfiguration.KeyId == STRING
input.Body.EncryptionConfiguration.Type == enum_EncryptionType[_]
input.Body.SourceMetadata.SourceArn == STRING
input.Body.SourceMetadata.SourceUpdateToken == STRING
input.Body.AnalyzeRuleGroup == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateTLSInspectionConfiguration
enum_EncryptionType := [ "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY" ]
enum_RevocationCheckAction := [ "PASS", "DROP", "REJECT" ]
valid {
input.Body.TLSInspectionConfigurationName == STRING
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].ServerCertificates[_].ResourceArn == STRING
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].Sources[_].AddressDefinition == STRING
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].Destinations[_].AddressDefinition == STRING
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].SourcePorts[_].FromPort == INTEGER
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].SourcePorts[_].ToPort == INTEGER
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].DestinationPorts[_].FromPort == INTEGER
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].DestinationPorts[_].ToPort == INTEGER
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].Protocols[_] == INTEGER
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].CertificateAuthorityArn == STRING
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].CheckCertificateRevocationStatus.RevokedStatusAction == enum_RevocationCheckAction[_]
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].CheckCertificateRevocationStatus.UnknownStatusAction == enum_RevocationCheckAction[_]
input.Body.Description == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.Body.EncryptionConfiguration.KeyId == STRING
input.Body.EncryptionConfiguration.Type == enum_EncryptionType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteFirewall
valid {
input.Body.FirewallName == STRING
input.Body.FirewallArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteFirewallPolicy
valid {
input.Body.FirewallPolicyName == STRING
input.Body.FirewallPolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteResourcePolicy
valid {
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteRuleGroup
enum_RuleGroupType := [ "STATELESS", "STATEFUL" ]
valid {
input.Body.RuleGroupName == STRING
input.Body.RuleGroupArn == STRING
input.Body.Type == enum_RuleGroupType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteTLSInspectionConfiguration
valid {
input.Body.TLSInspectionConfigurationArn == STRING
input.Body.TLSInspectionConfigurationName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeFirewall
valid {
input.Body.FirewallName == STRING
input.Body.FirewallArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeFirewallPolicy
valid {
input.Body.FirewallPolicyName == STRING
input.Body.FirewallPolicyArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeLoggingConfiguration
valid {
input.Body.FirewallArn == STRING
input.Body.FirewallName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeResourcePolicy
valid {
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeRuleGroup
enum_RuleGroupType := [ "STATELESS", "STATEFUL" ]
valid {
input.Body.RuleGroupName == STRING
input.Body.RuleGroupArn == STRING
input.Body.Type == enum_RuleGroupType[_]
input.Body.AnalyzeRuleGroup == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeRuleGroupMetadata
enum_RuleGroupType := [ "STATELESS", "STATEFUL" ]
valid {
input.Body.RuleGroupName == STRING
input.Body.RuleGroupArn == STRING
input.Body.Type == enum_RuleGroupType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeTLSInspectionConfiguration
valid {
input.Body.TLSInspectionConfigurationArn == STRING
input.Body.TLSInspectionConfigurationName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateSubnets
valid {
input.Body.UpdateToken == STRING
input.Body.FirewallArn == STRING
input.Body.FirewallName == STRING
input.Body.SubnetIds[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListFirewallPolicies
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListFirewalls
valid {
input.Body.NextToken == STRING
input.Body.VpcIds[_] == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListRuleGroups
enum_ResourceManagedStatus := [ "MANAGED", "ACCOUNT" ]
enum_ResourceManagedType := [ "AWS_MANAGED_THREAT_SIGNATURES", "AWS_MANAGED_DOMAIN_LISTS" ]
enum_RuleGroupType := [ "STATELESS", "STATEFUL" ]
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.Body.Scope == enum_ResourceManagedStatus[_]
input.Body.ManagedType == enum_ResourceManagedType[_]
input.Body.Type == enum_RuleGroupType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTLSInspectionConfigurations
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutResourcePolicy
valid {
input.Body.ResourceArn == STRING
input.Body.Policy == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.ResourceArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.Body.ResourceArn == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateFirewallDeleteProtection
valid {
input.Body.UpdateToken == STRING
input.Body.FirewallArn == STRING
input.Body.FirewallName == STRING
input.Body.DeleteProtection == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateFirewallDescription
valid {
input.Body.UpdateToken == STRING
input.Body.FirewallArn == STRING
input.Body.FirewallName == STRING
input.Body.Description == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateFirewallEncryptionConfiguration
enum_EncryptionType := [ "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY" ]
valid {
input.Body.UpdateToken == STRING
input.Body.FirewallArn == STRING
input.Body.FirewallName == STRING
input.Body.EncryptionConfiguration.KeyId == STRING
input.Body.EncryptionConfiguration.Type == enum_EncryptionType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateFirewallPolicy
enum_EncryptionType := [ "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY" ]
enum_OverrideAction := [ "DROP_TO_ALERT" ]
enum_RuleOrder := [ "DEFAULT_ACTION_ORDER", "STRICT_ORDER" ]
enum_StreamExceptionPolicy := [ "DROP", "CONTINUE", "REJECT" ]
valid {
input.Body.UpdateToken == STRING
input.Body.FirewallPolicyArn == STRING
input.Body.FirewallPolicyName == STRING
input.Body.FirewallPolicy.StatelessRuleGroupReferences[_].ResourceArn == STRING
input.Body.FirewallPolicy.StatelessRuleGroupReferences[_].Priority == INTEGER
input.Body.FirewallPolicy.StatelessDefaultActions[_] == STRING
input.Body.FirewallPolicy.StatelessFragmentDefaultActions[_] == STRING
input.Body.FirewallPolicy.StatelessCustomActions[_].ActionName == STRING
input.Body.FirewallPolicy.StatelessCustomActions[_].ActionDefinition.PublishMetricAction.Dimensions[_].Value == STRING
input.Body.FirewallPolicy.StatefulRuleGroupReferences[_].ResourceArn == STRING
input.Body.FirewallPolicy.StatefulRuleGroupReferences[_].Priority == INTEGER
input.Body.FirewallPolicy.StatefulRuleGroupReferences[_].Override.Action == enum_OverrideAction[_]
input.Body.FirewallPolicy.StatefulDefaultActions[_] == STRING
input.Body.FirewallPolicy.StatefulEngineOptions.RuleOrder == enum_RuleOrder[_]
input.Body.FirewallPolicy.StatefulEngineOptions.StreamExceptionPolicy == enum_StreamExceptionPolicy[_]
input.Body.FirewallPolicy.StatefulEngineOptions.FlowTimeouts.TcpIdleTimeoutSeconds == INTEGER
input.Body.FirewallPolicy.TLSInspectionConfigurationArn == STRING
input.Body.FirewallPolicy.PolicyVariables.RuleVariables.STRING.Definition[_] == STRING
input.Body.Description == STRING
input.Body.DryRun == BOOLEAN
input.Body.EncryptionConfiguration.KeyId == STRING
input.Body.EncryptionConfiguration.Type == enum_EncryptionType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateFirewallPolicyChangeProtection
valid {
input.Body.UpdateToken == STRING
input.Body.FirewallArn == STRING
input.Body.FirewallName == STRING
input.Body.FirewallPolicyChangeProtection == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateLoggingConfiguration
enum_LogDestinationType := [ "S3", "CloudWatchLogs", "KinesisDataFirehose" ]
enum_LogType := [ "ALERT", "FLOW", "TLS" ]
valid {
input.Body.FirewallArn == STRING
input.Body.FirewallName == STRING
input.Body.LoggingConfiguration.LogDestinationConfigs[_].LogType == enum_LogType[_]
input.Body.LoggingConfiguration.LogDestinationConfigs[_].LogDestinationType == enum_LogDestinationType[_]
input.Body.LoggingConfiguration.LogDestinationConfigs[_].LogDestination.STRING == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateRuleGroup
enum_EncryptionType := [ "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY" ]
enum_GeneratedRulesType := [ "ALLOWLIST", "DENYLIST" ]
enum_RuleGroupType := [ "STATELESS", "STATEFUL" ]
enum_RuleOrder := [ "DEFAULT_ACTION_ORDER", "STRICT_ORDER" ]
enum_StatefulAction := [ "PASS", "DROP", "ALERT", "REJECT" ]
enum_StatefulRuleDirection := [ "FORWARD", "ANY" ]
enum_StatefulRuleProtocol := [ "IP", "TCP", "UDP", "ICMP", "HTTP", "FTP", "TLS", "SMB", "DNS", "DCERPC", "SSH", "SMTP", "IMAP", "MSN", "KRB5", "IKEV2", "TFTP", "NTP", "DHCP" ]
enum_TCPFlag := [ "FIN", "SYN", "RST", "PSH", "ACK", "URG", "ECE", "CWR" ]
enum_TargetType := [ "TLS_SNI", "HTTP_HOST" ]
valid {
input.Body.UpdateToken == STRING
input.Body.RuleGroupArn == STRING
input.Body.RuleGroupName == STRING
input.Body.RuleGroup.RuleVariables.IPSets.STRING.Definition[_] == STRING
input.Body.RuleGroup.RuleVariables.PortSets.STRING.Definition[_] == STRING
input.Body.RuleGroup.ReferenceSets.IPSetReferences.STRING.ReferenceArn == STRING
input.Body.RuleGroup.RulesSource.RulesString == STRING
input.Body.RuleGroup.RulesSource.RulesSourceList.Targets[_] == STRING
input.Body.RuleGroup.RulesSource.RulesSourceList.TargetTypes[_] == enum_TargetType[_]
input.Body.RuleGroup.RulesSource.RulesSourceList.GeneratedRulesType == enum_GeneratedRulesType[_]
input.Body.RuleGroup.RulesSource.StatefulRules[_].Action == enum_StatefulAction[_]
input.Body.RuleGroup.RulesSource.StatefulRules[_].Header.Protocol == enum_StatefulRuleProtocol[_]
input.Body.RuleGroup.RulesSource.StatefulRules[_].Header.Source == STRING
input.Body.RuleGroup.RulesSource.StatefulRules[_].Header.SourcePort == STRING
input.Body.RuleGroup.RulesSource.StatefulRules[_].Header.Direction == enum_StatefulRuleDirection[_]
input.Body.RuleGroup.RulesSource.StatefulRules[_].Header.Destination == STRING
input.Body.RuleGroup.RulesSource.StatefulRules[_].Header.DestinationPort == STRING
input.Body.RuleGroup.RulesSource.StatefulRules[_].RuleOptions[_].Keyword == STRING
input.Body.RuleGroup.RulesSource.StatefulRules[_].RuleOptions[_].Settings[_] == STRING
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.Sources[_].AddressDefinition == STRING
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.Destinations[_].AddressDefinition == STRING
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.SourcePorts[_].FromPort == INTEGER
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.SourcePorts[_].ToPort == INTEGER
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.DestinationPorts[_].FromPort == INTEGER
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.DestinationPorts[_].ToPort == INTEGER
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.Protocols[_] == INTEGER
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.TCPFlags[_].Flags[_] == enum_TCPFlag[_]
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.MatchAttributes.TCPFlags[_].Masks[_] == enum_TCPFlag[_]
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].RuleDefinition.Actions[_] == STRING
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.StatelessRules[_].Priority == INTEGER
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.CustomActions[_].ActionName == STRING
input.Body.RuleGroup.RulesSource.StatelessRulesAndCustomActions.CustomActions[_].ActionDefinition.PublishMetricAction.Dimensions[_].Value == STRING
input.Body.RuleGroup.StatefulRuleOptions.RuleOrder == enum_RuleOrder[_]
input.Body.Rules == STRING
input.Body.Type == enum_RuleGroupType[_]
input.Body.Description == STRING
input.Body.DryRun == BOOLEAN
input.Body.EncryptionConfiguration.KeyId == STRING
input.Body.EncryptionConfiguration.Type == enum_EncryptionType[_]
input.Body.SourceMetadata.SourceArn == STRING
input.Body.SourceMetadata.SourceUpdateToken == STRING
input.Body.AnalyzeRuleGroup == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateSubnetChangeProtection
valid {
input.Body.UpdateToken == STRING
input.Body.FirewallArn == STRING
input.Body.FirewallName == STRING
input.Body.SubnetChangeProtection == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateTLSInspectionConfiguration
enum_EncryptionType := [ "CUSTOMER_KMS", "AWS_OWNED_KMS_KEY" ]
enum_RevocationCheckAction := [ "PASS", "DROP", "REJECT" ]
valid {
input.Body.TLSInspectionConfigurationArn == STRING
input.Body.TLSInspectionConfigurationName == STRING
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].ServerCertificates[_].ResourceArn == STRING
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].Sources[_].AddressDefinition == STRING
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].Destinations[_].AddressDefinition == STRING
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].SourcePorts[_].FromPort == INTEGER
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].SourcePorts[_].ToPort == INTEGER
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].DestinationPorts[_].FromPort == INTEGER
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].DestinationPorts[_].ToPort == INTEGER
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].Scopes[_].Protocols[_] == INTEGER
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].CertificateAuthorityArn == STRING
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].CheckCertificateRevocationStatus.RevokedStatusAction == enum_RevocationCheckAction[_]
input.Body.TLSInspectionConfiguration.ServerCertificateConfigurations[_].CheckCertificateRevocationStatus.UnknownStatusAction == enum_RevocationCheckAction[_]
input.Body.Description == STRING
input.Body.EncryptionConfiguration.KeyId == STRING
input.Body.EncryptionConfiguration.Type == enum_EncryptionType[_]
input.Body.UpdateToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 21 days ago