Using tag-based resource groups in Network Firewall - Amazon Network Firewall
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using tag-based resource groups in Network Firewall

Use tag-based resource groups to ensure that your rules stay in sync as your Amazon resources change. A tag-based resource group is a collection of Amazon resources, grouped by tags, that you can reference in a stateful rule group. A tag is a label that you assign to an Amazon resource. As you add, delete, and modify your resources belonging to the resource group, Network Firewall automatically updates your rules with the IPs of the resources in the resource group. For information about referencing resource groups in rule groups, see Using IP set references in Suricata compatible rule groups.