AWS::NetworkFirewall::RuleGroup IPSetReference - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::NetworkFirewall::RuleGroup IPSetReference

Configures one or more IPSetReferences for a Suricata-compatible rule group. An IP set reference is a rule variable that references a resource that you create and manage in another Amazon service, such as an Amazon VPC prefix list. Network Firewall IP set references enable you to dynamically update the contents of your rules. When you create, update, or delete the IP set you are referencing in your rule, Network Firewall automatically updates the rule's content with the changes. For more information about IP set references in Network Firewall, see Using IP set references in the Network Firewall Developer Guide.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "ReferenceArn" : String }


ReferenceArn: String



The Amazon Resource Name (ARN) of the resource to include in the AWS::NetworkFirewall::RuleGroup IPSetReference.

Required: No

Type: String

Pattern: ^(arn:aws.*)$

Minimum: 1

Maximum: 256

Update requires: No interruption