AWS::NetworkFirewall::RuleGroup RulesSource - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::NetworkFirewall::RuleGroup RulesSource

The stateless or stateful rules definitions for use in a single rule group. Each rule group requires a single RulesSource. You can use an instance of this for either stateless rules or stateful rules.


To declare this entity in your Amazon CloudFormation template, use the following syntax:



Stateful inspection criteria for a domain list rule group.

Required: No

Type: RulesSourceList

Update requires: No interruption


Stateful inspection criteria, provided in Suricata compatible rules. Suricata is an open-source threat detection framework that includes a standard rule-based language for network traffic inspection.

These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn't have a separate action setting.


You can't use the priority keyword if the RuleOrder option in StatefulRuleOptions is set to STRICT_ORDER.

Required: No

Type: String

Minimum: 0

Maximum: 1000000

Update requires: No interruption


An array of individual stateful rules inspection criteria to be used together in a stateful rule group. Use this option to specify simple Suricata rules with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules format, see Rules Format.

Required: No

Type: Array of StatefulRule

Update requires: No interruption


Stateless inspection criteria to be used in a stateless rule group.

Required: No

Type: StatelessRulesAndCustomActions

Update requires: No interruption