Common rule group settings in Amazon Network Firewall - Amazon Network Firewall
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Common rule group settings in Amazon Network Firewall

Every rule group has the following top-level settings:

  • Type – Whether the rule group is stateless or stateful.

  • Name – Identifier for the rule group. You assign a unique name to every rule group. You can't change the name of a rule group after you create it.

  • Description – Optional additional information about the rule group. Fill in any information that might help you remember the purpose of the rule group and how you want to use it. The description is included in rule group lists in the console and through the APIs.

  • Capacity – Limit on the processing requirements for the rule group. You can't change this setting after you create the rule group. For more information, including how to estimate your required capacity for a rule group, see Setting rule group capacity in Amazon Network Firewall.

  • Rules – Set of packet inspection criteria used in the rule group. Rules in a rule group are either stateless or stateful, depending on the rule group type.

  • Encryption options (Optional) – Network Firewall encrypts and decrypts Network Firewall resources, to protect against unauthorized access. By default, Network Firewall uses Amazon owned keys for this. If you want to use your own keys, you can configure customer managed keys from Amazon Key Management Service and provide them to Network Firewall. For information about this option, see Encryption at rest with Amazon Key Management Service.

  • Tags – Zero or more key-value tag pairs. A tag is a label that you assign to an Amazon resource. You can use tags to search and filter your resources and to track your Amazon costs. For more information, see Tagging Amazon Network Firewall resources.