/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include #include #include #include namespace Aws { namespace NetworkFirewall { namespace Model { /** */ class CreateRuleGroupRequest : public NetworkFirewallRequest { public: AWS_NETWORKFIREWALL_API CreateRuleGroupRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "CreateRuleGroup"; } AWS_NETWORKFIREWALL_API Aws::String SerializePayload() const override; AWS_NETWORKFIREWALL_API Aws::Http::HeaderValueCollection GetRequestSpecificHeaders() const override; /** *

The descriptive name of the rule group. You can't change the name of a rule * group after you create it.

*/ inline const Aws::String& GetRuleGroupName() const{ return m_ruleGroupName; } /** *

The descriptive name of the rule group. You can't change the name of a rule * group after you create it.

*/ inline bool RuleGroupNameHasBeenSet() const { return m_ruleGroupNameHasBeenSet; } /** *

The descriptive name of the rule group. You can't change the name of a rule * group after you create it.

*/ inline void SetRuleGroupName(const Aws::String& value) { m_ruleGroupNameHasBeenSet = true; m_ruleGroupName = value; } /** *

The descriptive name of the rule group. You can't change the name of a rule * group after you create it.

*/ inline void SetRuleGroupName(Aws::String&& value) { m_ruleGroupNameHasBeenSet = true; m_ruleGroupName = std::move(value); } /** *

The descriptive name of the rule group. You can't change the name of a rule * group after you create it.

*/ inline void SetRuleGroupName(const char* value) { m_ruleGroupNameHasBeenSet = true; m_ruleGroupName.assign(value); } /** *

The descriptive name of the rule group. You can't change the name of a rule * group after you create it.

*/ inline CreateRuleGroupRequest& WithRuleGroupName(const Aws::String& value) { SetRuleGroupName(value); return *this;} /** *

The descriptive name of the rule group. You can't change the name of a rule * group after you create it.

*/ inline CreateRuleGroupRequest& WithRuleGroupName(Aws::String&& value) { SetRuleGroupName(std::move(value)); return *this;} /** *

The descriptive name of the rule group. You can't change the name of a rule * group after you create it.

*/ inline CreateRuleGroupRequest& WithRuleGroupName(const char* value) { SetRuleGroupName(value); return *this;} /** *

An object that defines the rule group rules.

You must provide * either this rule group setting or a Rules setting, but not both. *

*/ inline const RuleGroup& GetRuleGroup() const{ return m_ruleGroup; } /** *

An object that defines the rule group rules.

You must provide * either this rule group setting or a Rules setting, but not both. *

*/ inline bool RuleGroupHasBeenSet() const { return m_ruleGroupHasBeenSet; } /** *

An object that defines the rule group rules.

You must provide * either this rule group setting or a Rules setting, but not both. *

*/ inline void SetRuleGroup(const RuleGroup& value) { m_ruleGroupHasBeenSet = true; m_ruleGroup = value; } /** *

An object that defines the rule group rules.

You must provide * either this rule group setting or a Rules setting, but not both. *

*/ inline void SetRuleGroup(RuleGroup&& value) { m_ruleGroupHasBeenSet = true; m_ruleGroup = std::move(value); } /** *

An object that defines the rule group rules.

You must provide * either this rule group setting or a Rules setting, but not both. *

*/ inline CreateRuleGroupRequest& WithRuleGroup(const RuleGroup& value) { SetRuleGroup(value); return *this;} /** *

An object that defines the rule group rules.

You must provide * either this rule group setting or a Rules setting, but not both. *

*/ inline CreateRuleGroupRequest& WithRuleGroup(RuleGroup&& value) { SetRuleGroup(std::move(value)); return *this;} /** *

A string containing stateful rule group rules specifications in Suricata flat * format, with one rule per line. Use this to import your existing Suricata * compatible rule groups.

You must provide either this rules * setting or a populated RuleGroup setting, but not both.

*

You can provide your rule group specification in Suricata flat format * through this setting when you create or update your rule group. The call * response returns a RuleGroup object that Network Firewall has populated * from your string.

*/ inline const Aws::String& GetRules() const{ return m_rules; } /** *

A string containing stateful rule group rules specifications in Suricata flat * format, with one rule per line. Use this to import your existing Suricata * compatible rule groups.

You must provide either this rules * setting or a populated RuleGroup setting, but not both.

*

You can provide your rule group specification in Suricata flat format * through this setting when you create or update your rule group. The call * response returns a RuleGroup object that Network Firewall has populated * from your string.

*/ inline bool RulesHasBeenSet() const { return m_rulesHasBeenSet; } /** *

A string containing stateful rule group rules specifications in Suricata flat * format, with one rule per line. Use this to import your existing Suricata * compatible rule groups.

You must provide either this rules * setting or a populated RuleGroup setting, but not both.

*

You can provide your rule group specification in Suricata flat format * through this setting when you create or update your rule group. The call * response returns a RuleGroup object that Network Firewall has populated * from your string.

*/ inline void SetRules(const Aws::String& value) { m_rulesHasBeenSet = true; m_rules = value; } /** *

A string containing stateful rule group rules specifications in Suricata flat * format, with one rule per line. Use this to import your existing Suricata * compatible rule groups.

You must provide either this rules * setting or a populated RuleGroup setting, but not both.

*

You can provide your rule group specification in Suricata flat format * through this setting when you create or update your rule group. The call * response returns a RuleGroup object that Network Firewall has populated * from your string.

*/ inline void SetRules(Aws::String&& value) { m_rulesHasBeenSet = true; m_rules = std::move(value); } /** *

A string containing stateful rule group rules specifications in Suricata flat * format, with one rule per line. Use this to import your existing Suricata * compatible rule groups.

You must provide either this rules * setting or a populated RuleGroup setting, but not both.

*

You can provide your rule group specification in Suricata flat format * through this setting when you create or update your rule group. The call * response returns a RuleGroup object that Network Firewall has populated * from your string.

*/ inline void SetRules(const char* value) { m_rulesHasBeenSet = true; m_rules.assign(value); } /** *

A string containing stateful rule group rules specifications in Suricata flat * format, with one rule per line. Use this to import your existing Suricata * compatible rule groups.

You must provide either this rules * setting or a populated RuleGroup setting, but not both.

*

You can provide your rule group specification in Suricata flat format * through this setting when you create or update your rule group. The call * response returns a RuleGroup object that Network Firewall has populated * from your string.

*/ inline CreateRuleGroupRequest& WithRules(const Aws::String& value) { SetRules(value); return *this;} /** *

A string containing stateful rule group rules specifications in Suricata flat * format, with one rule per line. Use this to import your existing Suricata * compatible rule groups.

You must provide either this rules * setting or a populated RuleGroup setting, but not both.

*

You can provide your rule group specification in Suricata flat format * through this setting when you create or update your rule group. The call * response returns a RuleGroup object that Network Firewall has populated * from your string.

*/ inline CreateRuleGroupRequest& WithRules(Aws::String&& value) { SetRules(std::move(value)); return *this;} /** *

A string containing stateful rule group rules specifications in Suricata flat * format, with one rule per line. Use this to import your existing Suricata * compatible rule groups.

You must provide either this rules * setting or a populated RuleGroup setting, but not both.

*

You can provide your rule group specification in Suricata flat format * through this setting when you create or update your rule group. The call * response returns a RuleGroup object that Network Firewall has populated * from your string.

*/ inline CreateRuleGroupRequest& WithRules(const char* value) { SetRules(value); return *this;} /** *

Indicates whether the rule group is stateless or stateful. If the rule group * is stateless, it contains stateless rules. If it is stateful, it contains * stateful rules.

*/ inline const RuleGroupType& GetType() const{ return m_type; } /** *

Indicates whether the rule group is stateless or stateful. If the rule group * is stateless, it contains stateless rules. If it is stateful, it contains * stateful rules.

*/ inline bool TypeHasBeenSet() const { return m_typeHasBeenSet; } /** *

Indicates whether the rule group is stateless or stateful. If the rule group * is stateless, it contains stateless rules. If it is stateful, it contains * stateful rules.

*/ inline void SetType(const RuleGroupType& value) { m_typeHasBeenSet = true; m_type = value; } /** *

Indicates whether the rule group is stateless or stateful. If the rule group * is stateless, it contains stateless rules. If it is stateful, it contains * stateful rules.

*/ inline void SetType(RuleGroupType&& value) { m_typeHasBeenSet = true; m_type = std::move(value); } /** *

Indicates whether the rule group is stateless or stateful. If the rule group * is stateless, it contains stateless rules. If it is stateful, it contains * stateful rules.

*/ inline CreateRuleGroupRequest& WithType(const RuleGroupType& value) { SetType(value); return *this;} /** *

Indicates whether the rule group is stateless or stateful. If the rule group * is stateless, it contains stateless rules. If it is stateful, it contains * stateful rules.

*/ inline CreateRuleGroupRequest& WithType(RuleGroupType&& value) { SetType(std::move(value)); return *this;} /** *

A description of the rule group.

*/ inline const Aws::String& GetDescription() const{ return m_description; } /** *

A description of the rule group.

*/ inline bool DescriptionHasBeenSet() const { return m_descriptionHasBeenSet; } /** *

A description of the rule group.

*/ inline void SetDescription(const Aws::String& value) { m_descriptionHasBeenSet = true; m_description = value; } /** *

A description of the rule group.

*/ inline void SetDescription(Aws::String&& value) { m_descriptionHasBeenSet = true; m_description = std::move(value); } /** *

A description of the rule group.

*/ inline void SetDescription(const char* value) { m_descriptionHasBeenSet = true; m_description.assign(value); } /** *

A description of the rule group.

*/ inline CreateRuleGroupRequest& WithDescription(const Aws::String& value) { SetDescription(value); return *this;} /** *

A description of the rule group.

*/ inline CreateRuleGroupRequest& WithDescription(Aws::String&& value) { SetDescription(std::move(value)); return *this;} /** *

A description of the rule group.

*/ inline CreateRuleGroupRequest& WithDescription(const char* value) { SetDescription(value); return *this;} /** *

The maximum operating resources that this rule group can use. Rule group * capacity is fixed at creation. When you update a rule group, you are limited to * this capacity. When you reference a rule group from a firewall policy, Network * Firewall reserves this capacity for the rule group.

You can retrieve the * capacity that would be required for a rule group before you create the rule * group by calling CreateRuleGroup with DryRun set to * TRUE.

You can't change or exceed this capacity when * you update the rule group, so leave room for your rule group to grow.

*

Capacity for a stateless rule group

For a stateless * rule group, the capacity required is the sum of the capacity requirements of the * individual rules that you expect to have in the rule group.

To calculate * the capacity requirement of a single rule, multiply the capacity requirement * values of each of the rule's match settings:

  • A match setting * with no criteria specified has a value of 1.

  • A match setting * with Any specified has a value of 1.

  • All other * match settings have a value equal to the number of elements provided in the * setting. For example, a protocol setting ["UDP"] and a source setting * ["10.0.0.0/24"] each have a value of 1. A protocol setting ["UDP","TCP"] has a * value of 2. A source setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"] has a * value of 3.

A rule with no criteria specified in any of its * match settings has a capacity requirement of 1. A rule with protocol setting * ["UDP","TCP"], source setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"], and a * single specification or no specification for each of the other match settings * has a capacity requirement of 6.

Capacity for a stateful rule * group

For a stateful rule group, the minimum capacity required is * the number of individual rules that you expect to have in the rule group.

*/ inline int GetCapacity() const{ return m_capacity; } /** *

The maximum operating resources that this rule group can use. Rule group * capacity is fixed at creation. When you update a rule group, you are limited to * this capacity. When you reference a rule group from a firewall policy, Network * Firewall reserves this capacity for the rule group.

You can retrieve the * capacity that would be required for a rule group before you create the rule * group by calling CreateRuleGroup with DryRun set to * TRUE.

You can't change or exceed this capacity when * you update the rule group, so leave room for your rule group to grow.

*

Capacity for a stateless rule group

For a stateless * rule group, the capacity required is the sum of the capacity requirements of the * individual rules that you expect to have in the rule group.

To calculate * the capacity requirement of a single rule, multiply the capacity requirement * values of each of the rule's match settings:

  • A match setting * with no criteria specified has a value of 1.

  • A match setting * with Any specified has a value of 1.

  • All other * match settings have a value equal to the number of elements provided in the * setting. For example, a protocol setting ["UDP"] and a source setting * ["10.0.0.0/24"] each have a value of 1. A protocol setting ["UDP","TCP"] has a * value of 2. A source setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"] has a * value of 3.

A rule with no criteria specified in any of its * match settings has a capacity requirement of 1. A rule with protocol setting * ["UDP","TCP"], source setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"], and a * single specification or no specification for each of the other match settings * has a capacity requirement of 6.

Capacity for a stateful rule * group

For a stateful rule group, the minimum capacity required is * the number of individual rules that you expect to have in the rule group.

*/ inline bool CapacityHasBeenSet() const { return m_capacityHasBeenSet; } /** *

The maximum operating resources that this rule group can use. Rule group * capacity is fixed at creation. When you update a rule group, you are limited to * this capacity. When you reference a rule group from a firewall policy, Network * Firewall reserves this capacity for the rule group.

You can retrieve the * capacity that would be required for a rule group before you create the rule * group by calling CreateRuleGroup with DryRun set to * TRUE.

You can't change or exceed this capacity when * you update the rule group, so leave room for your rule group to grow.

*

Capacity for a stateless rule group

For a stateless * rule group, the capacity required is the sum of the capacity requirements of the * individual rules that you expect to have in the rule group.

To calculate * the capacity requirement of a single rule, multiply the capacity requirement * values of each of the rule's match settings:

  • A match setting * with no criteria specified has a value of 1.

  • A match setting * with Any specified has a value of 1.

  • All other * match settings have a value equal to the number of elements provided in the * setting. For example, a protocol setting ["UDP"] and a source setting * ["10.0.0.0/24"] each have a value of 1. A protocol setting ["UDP","TCP"] has a * value of 2. A source setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"] has a * value of 3.

A rule with no criteria specified in any of its * match settings has a capacity requirement of 1. A rule with protocol setting * ["UDP","TCP"], source setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"], and a * single specification or no specification for each of the other match settings * has a capacity requirement of 6.

Capacity for a stateful rule * group

For a stateful rule group, the minimum capacity required is * the number of individual rules that you expect to have in the rule group.

*/ inline void SetCapacity(int value) { m_capacityHasBeenSet = true; m_capacity = value; } /** *

The maximum operating resources that this rule group can use. Rule group * capacity is fixed at creation. When you update a rule group, you are limited to * this capacity. When you reference a rule group from a firewall policy, Network * Firewall reserves this capacity for the rule group.

You can retrieve the * capacity that would be required for a rule group before you create the rule * group by calling CreateRuleGroup with DryRun set to * TRUE.

You can't change or exceed this capacity when * you update the rule group, so leave room for your rule group to grow.

*

Capacity for a stateless rule group

For a stateless * rule group, the capacity required is the sum of the capacity requirements of the * individual rules that you expect to have in the rule group.

To calculate * the capacity requirement of a single rule, multiply the capacity requirement * values of each of the rule's match settings:

  • A match setting * with no criteria specified has a value of 1.

  • A match setting * with Any specified has a value of 1.

  • All other * match settings have a value equal to the number of elements provided in the * setting. For example, a protocol setting ["UDP"] and a source setting * ["10.0.0.0/24"] each have a value of 1. A protocol setting ["UDP","TCP"] has a * value of 2. A source setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"] has a * value of 3.

A rule with no criteria specified in any of its * match settings has a capacity requirement of 1. A rule with protocol setting * ["UDP","TCP"], source setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"], and a * single specification or no specification for each of the other match settings * has a capacity requirement of 6.

Capacity for a stateful rule * group

For a stateful rule group, the minimum capacity required is * the number of individual rules that you expect to have in the rule group.

*/ inline CreateRuleGroupRequest& WithCapacity(int value) { SetCapacity(value); return *this;} /** *

The key:value pairs to associate with the resource.

*/ inline const Aws::Vector& GetTags() const{ return m_tags; } /** *

The key:value pairs to associate with the resource.

*/ inline bool TagsHasBeenSet() const { return m_tagsHasBeenSet; } /** *

The key:value pairs to associate with the resource.

*/ inline void SetTags(const Aws::Vector& value) { m_tagsHasBeenSet = true; m_tags = value; } /** *

The key:value pairs to associate with the resource.

*/ inline void SetTags(Aws::Vector&& value) { m_tagsHasBeenSet = true; m_tags = std::move(value); } /** *

The key:value pairs to associate with the resource.

*/ inline CreateRuleGroupRequest& WithTags(const Aws::Vector& value) { SetTags(value); return *this;} /** *

The key:value pairs to associate with the resource.

*/ inline CreateRuleGroupRequest& WithTags(Aws::Vector&& value) { SetTags(std::move(value)); return *this;} /** *

The key:value pairs to associate with the resource.

*/ inline CreateRuleGroupRequest& AddTags(const Tag& value) { m_tagsHasBeenSet = true; m_tags.push_back(value); return *this; } /** *

The key:value pairs to associate with the resource.

*/ inline CreateRuleGroupRequest& AddTags(Tag&& value) { m_tagsHasBeenSet = true; m_tags.push_back(std::move(value)); return *this; } /** *

Indicates whether you want Network Firewall to just check the validity of the * request, rather than run the request.

If set to TRUE, * Network Firewall checks whether the request can run successfully, but doesn't * actually make the requested changes. The call returns the value that the request * would return if you ran it with dry run set to FALSE, but doesn't * make additions or changes to your resources. This option allows you to make sure * that you have the required permissions to run the request and that your request * parameters are valid.

If set to FALSE, Network Firewall * makes the requested changes to your resources.

*/ inline bool GetDryRun() const{ return m_dryRun; } /** *

Indicates whether you want Network Firewall to just check the validity of the * request, rather than run the request.

If set to TRUE, * Network Firewall checks whether the request can run successfully, but doesn't * actually make the requested changes. The call returns the value that the request * would return if you ran it with dry run set to FALSE, but doesn't * make additions or changes to your resources. This option allows you to make sure * that you have the required permissions to run the request and that your request * parameters are valid.

If set to FALSE, Network Firewall * makes the requested changes to your resources.

*/ inline bool DryRunHasBeenSet() const { return m_dryRunHasBeenSet; } /** *

Indicates whether you want Network Firewall to just check the validity of the * request, rather than run the request.

If set to TRUE, * Network Firewall checks whether the request can run successfully, but doesn't * actually make the requested changes. The call returns the value that the request * would return if you ran it with dry run set to FALSE, but doesn't * make additions or changes to your resources. This option allows you to make sure * that you have the required permissions to run the request and that your request * parameters are valid.

If set to FALSE, Network Firewall * makes the requested changes to your resources.

*/ inline void SetDryRun(bool value) { m_dryRunHasBeenSet = true; m_dryRun = value; } /** *

Indicates whether you want Network Firewall to just check the validity of the * request, rather than run the request.

If set to TRUE, * Network Firewall checks whether the request can run successfully, but doesn't * actually make the requested changes. The call returns the value that the request * would return if you ran it with dry run set to FALSE, but doesn't * make additions or changes to your resources. This option allows you to make sure * that you have the required permissions to run the request and that your request * parameters are valid.

If set to FALSE, Network Firewall * makes the requested changes to your resources.

*/ inline CreateRuleGroupRequest& WithDryRun(bool value) { SetDryRun(value); return *this;} /** *

A complex type that contains settings for encryption of your rule group * resources.

*/ inline const EncryptionConfiguration& GetEncryptionConfiguration() const{ return m_encryptionConfiguration; } /** *

A complex type that contains settings for encryption of your rule group * resources.

*/ inline bool EncryptionConfigurationHasBeenSet() const { return m_encryptionConfigurationHasBeenSet; } /** *

A complex type that contains settings for encryption of your rule group * resources.

*/ inline void SetEncryptionConfiguration(const EncryptionConfiguration& value) { m_encryptionConfigurationHasBeenSet = true; m_encryptionConfiguration = value; } /** *

A complex type that contains settings for encryption of your rule group * resources.

*/ inline void SetEncryptionConfiguration(EncryptionConfiguration&& value) { m_encryptionConfigurationHasBeenSet = true; m_encryptionConfiguration = std::move(value); } /** *

A complex type that contains settings for encryption of your rule group * resources.

*/ inline CreateRuleGroupRequest& WithEncryptionConfiguration(const EncryptionConfiguration& value) { SetEncryptionConfiguration(value); return *this;} /** *

A complex type that contains settings for encryption of your rule group * resources.

*/ inline CreateRuleGroupRequest& WithEncryptionConfiguration(EncryptionConfiguration&& value) { SetEncryptionConfiguration(std::move(value)); return *this;} /** *

A complex type that contains metadata about the rule group that your own rule * group is copied from. You can use the metadata to keep track of updates made to * the originating rule group.

*/ inline const SourceMetadata& GetSourceMetadata() const{ return m_sourceMetadata; } /** *

A complex type that contains metadata about the rule group that your own rule * group is copied from. You can use the metadata to keep track of updates made to * the originating rule group.

*/ inline bool SourceMetadataHasBeenSet() const { return m_sourceMetadataHasBeenSet; } /** *

A complex type that contains metadata about the rule group that your own rule * group is copied from. You can use the metadata to keep track of updates made to * the originating rule group.

*/ inline void SetSourceMetadata(const SourceMetadata& value) { m_sourceMetadataHasBeenSet = true; m_sourceMetadata = value; } /** *

A complex type that contains metadata about the rule group that your own rule * group is copied from. You can use the metadata to keep track of updates made to * the originating rule group.

*/ inline void SetSourceMetadata(SourceMetadata&& value) { m_sourceMetadataHasBeenSet = true; m_sourceMetadata = std::move(value); } /** *

A complex type that contains metadata about the rule group that your own rule * group is copied from. You can use the metadata to keep track of updates made to * the originating rule group.

*/ inline CreateRuleGroupRequest& WithSourceMetadata(const SourceMetadata& value) { SetSourceMetadata(value); return *this;} /** *

A complex type that contains metadata about the rule group that your own rule * group is copied from. You can use the metadata to keep track of updates made to * the originating rule group.

*/ inline CreateRuleGroupRequest& WithSourceMetadata(SourceMetadata&& value) { SetSourceMetadata(std::move(value)); return *this;} private: Aws::String m_ruleGroupName; bool m_ruleGroupNameHasBeenSet = false; RuleGroup m_ruleGroup; bool m_ruleGroupHasBeenSet = false; Aws::String m_rules; bool m_rulesHasBeenSet = false; RuleGroupType m_type; bool m_typeHasBeenSet = false; Aws::String m_description; bool m_descriptionHasBeenSet = false; int m_capacity; bool m_capacityHasBeenSet = false; Aws::Vector m_tags; bool m_tagsHasBeenSet = false; bool m_dryRun; bool m_dryRunHasBeenSet = false; EncryptionConfiguration m_encryptionConfiguration; bool m_encryptionConfigurationHasBeenSet = false; SourceMetadata m_sourceMetadata; bool m_sourceMetadataHasBeenSet = false; }; } // namespace Model } // namespace NetworkFirewall } // namespace Aws