Try Spotterdescribe AWS Network Firewall rule groups
| "added in version" 4.0.0 of community.aws"
Authors: Mark Chappell (@tremble)
Install with ansible-galaxy collection install community.aws:==4.3.0
collections:
- name: community.aws
version: 4.3.0A module for describing AWS Network Firewall rule groups.
# Describe all Rule Groups in an account (excludes managed groups)
- community.aws.networkfirewall_rule_group_info: {}
# List the available Managed Rule groups (AWS doesn't support describing the
# groups)
- community.aws.networkfirewall_rule_group_info:
scope: managed
# Describe a Rule Group by ARN
- community.aws.networkfirewall_rule_group_info:
arn: arn:aws:network-firewall:us-east-1:123456789012:stateful-rulegroup/ExampleRuleGroup
# Describe a Rule Group by name
- community.aws.networkfirewall_rule_group_info:
name: ExampleRuleGroup
type: stateful
arn:
description:
- The ARN of the Network Firewall rule group.
- At time of writing AWS does not support describing Managed Rules.
required: false
type: str
name:
description:
- The name of the Network Firewall rule group.
required: false
type: str
scope:
choices:
- managed
- account
description:
- The scope of the request.
- When I(scope='account') returns a description of all rule groups in the account.
- When I(scope='managed') returns a list of available managed rule group arns.
- By default searches only at the account scope.
- I(scope='managed') requires botocore>=1.23.23.
required: false
type: str
region:
aliases:
- aws_region
- ec2_region
description:
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION
environment variable, if any, is used. See U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region)
type: str
ec2_url:
aliases:
- aws_endpoint_url
- endpoint_url
description:
- Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will
use EC2 endpoints). Ignored for modules where region is required. Must be specified
for all other modules if region is not used. If not set then the value of the EC2_URL
environment variable, if any, is used.
type: str
profile:
aliases:
- aws_profile
description:
- Uses a boto profile. Only works with boto >= 2.24.0.
- Using I(profile) will override I(aws_access_key), I(aws_secret_key) and I(security_token)
and support for passing them at the same time as I(profile) has been deprecated.
- I(aws_access_key), I(aws_secret_key) and I(security_token) will be made mutually
exclusive with I(profile) after 2022-06-01.
type: str
rule_type:
aliases:
- type
choices:
- stateful
- stateless
description:
- Indicates whether the rule group is stateless or stateful.
- Required if I(name) is provided.
required: false
type: str
aws_config:
description:
- A dictionary to modify the botocore configuration.
- Parameters can be found at U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
- Only the 'user_agent' key is used for boto modules. See U(http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto)
for more boto configuration.
type: dict
aws_ca_bundle:
description:
- The location of a CA Bundle to use when validating SSL certificates.
- Only used for boto3 based modules.
- 'Note: The CA Bundle is read ''module'' side and may need to be explicitly copied
from the controller if not run locally.'
type: path
aws_access_key:
aliases:
- ec2_access_key
- access_key
description:
- AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY
or EC2_ACCESS_KEY environment variable is used.
- If I(profile) is set this parameter is ignored.
- Passing the I(aws_access_key) and I(profile) options at the same time has been deprecated
and the options will be made mutually exclusive after 2022-06-01.
type: str
aws_secret_key:
aliases:
- ec2_secret_key
- secret_key
description:
- AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY,
or EC2_SECRET_KEY environment variable is used.
- If I(profile) is set this parameter is ignored.
- Passing the I(aws_secret_key) and I(profile) options at the same time has been deprecated
and the options will be made mutually exclusive after 2022-06-01.
type: str
security_token:
aliases:
- aws_security_token
- access_token
description:
- AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN
environment variable is used.
- If I(profile) is set this parameter is ignored.
- Passing the I(security_token) and I(profile) options at the same time has been deprecated
and the options will be made mutually exclusive after 2022-06-01.
type: str
validate_certs:
default: true
description:
- When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.
type: bool
debug_botocore_endpoint_logs:
default: 'no'
description:
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action"
API calls made during a task, outputing the set to the resource_actions key in the
task results. Use the aws_resource_action callback to output to total list made
during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also
be used.
type: bool
rule_groups:
contains:
rule_group:
contains:
rule_variables:
contains:
ip_sets:
description: A dictionary mapping variable names to IP addresses in
CIDR format.
example:
- 192.0.2.0/24
returned: success
type: dict
port_sets:
description: A dictionary mapping variable names to ports
example:
- '42'
returned: success
type: dict
description: Settings that are available for use in the rules in the rule
group.
returned: When rule variables are attached to the rule group.
type: complex
rules_source:
contains:
rules_source_list:
contains:
generated_rules_type:
description: Whether the rule group allows or denies access to the
domains in the list.
example: ALLOWLIST
returned: success
type: str
target_types:
description: The protocols to be inspected by the rule group.
elements: str
example:
- TLS_SNI
- HTTP_HOST
returned: success
type: list
targets:
description: A list of domain names to be inspected for.
elements: str
example:
- abc.example.com
- .example.net
returned: success
type: list
description: A description of the criteria for a domain list rule group.
returned: When the rule group is "domain list" based.
type: dict
rules_string:
description: A string describing the rules that the rule group is comprised
of.
returned: When the rule group is "rules string" based.
type: str
stateful_rules:
contains:
action:
description: What action to perform when a flow matches the rule
criteria.
example: PASS
returned: success
type: str
header:
contains:
destination:
description: The destination address or range of addresses to
inspect for.
example: 198.51.100.0/24
returned: success
type: str
destination_port:
description: The destination port to inspect for.
example: 6666:6667
returned: success
type: str
direction:
description: The direction of traffic flow to inspect.
example: FORWARD
returned: success
type: str
protocol:
description: The protocol to inspect for.
example: IP
returned: success
type: str
source:
description: The source address or range of addresses to inspect
for.
example: 203.0.113.98
returned: success
type: str
source_port:
description: The source port to inspect for.
example: '42'
returned: success
type: str
description: A description of the criteria used for the rule.
returned: success
type: dict
rule_options:
contains:
keyword:
description: The keyword for the setting.
example: sid:1
returned: success
type: str
settings:
description: A list of values passed to the setting.
elements: str
returned: When values are available
type: list
description: Additional Suricata RuleOptions settings for the rule.
elements: dict
returned: success
type: list
description: A list of dictionaries describing the rules that the rule
group is comprised of.
elements: dict
returned: When the rule group is "rules list" based.
type: list
stateless_rules_and_custom_actions:
contains:
custom_actions:
contains:
action_definition:
contains:
publish_metric_action:
contains:
dimensions:
contains:
value:
description: The value to use in the custom metric
dimension.
returned: success
type: str
description: The value to use in an Amazon CloudWatch
custom metric dimension.
elements: dict
returned: success
type: list
description: The description of an action which publishes
to CloudWatch.
returned: When the action publishes to CloudWatch.
type: dict
description: The custom action associated with the action name.
returned: success
type: dict
action_name:
description: The name for the custom action.
returned: success
type: str
description: A list of individual custom action definitions that
are available for use in stateless rules.
elements: dict
type: list
stateless_rules:
contains:
priority:
description: Indicates the order in which to run this rule relative
to all of the rules that are defined for a stateless rule
group.
returned: success
type: int
rule_definition:
contains:
actions:
description: The actions to take when a flow matches the
rule.
elements: str
example:
- aws:pass
- CustomActionName
returned: success
type: list
match_attributes:
contains:
destination_ports:
contains:
from_port:
description: The lower limit of the port range.
returned: success
type: int
to_port:
description: The upper limit of the port range.
returned: success
type: int
description: The destination port ranges to inspect
for.
elements: dict
returned: success
type: list
destinations:
contains:
address_definition:
description: An IP address or a block of IP addresses
in CIDR notation.
example: 192.0.2.3
returned: success
type: str
description: The destination IP addresses and address
ranges to inspect for.
elements: dict
returned: success
type: list
protocols:
description: The IANA protocol numbers of the protocols
to inspect for.
elements: int
example:
- 6
returned: success
type: list
source_ports:
contains:
from_port:
description: The lower limit of the port range.
returned: success
type: int
to_port:
description: The upper limit of the port range.
returned: success
type: int
description: The source port ranges to inspect for.
elements: dict
returned: success
type: list
sources:
contains:
address_definition:
description: An IP address or a block of IP addresses
in CIDR notation.
example: 192.0.2.3
returned: success
type: str
description: The source IP addresses and address ranges
to inspect for.
elements: dict
returned: success
type: list
tcp_flags:
contains:
flags:
description: Used with masks to define the TCP flags
that flows are inspected for.
elements: str
returned: success
type: list
masks:
description: The set of flags considered during
inspection.
elements: str
returned: success
type: list
description: The TCP flags and masks to inspect for.
elements: dict
returned: success
type: list
description: Describes the stateless 5-tuple inspection
criteria for the rule.
returned: success
type: dict
description: Describes the stateless 5-tuple inspection criteria
and actions for the rule.
returned: success
type: dict
description: A list of stateless rules for use in a stateless rule
group.
elements: dict
type: list
description: A description of the criteria for a stateless rule group.
returned: When the rule group is a stateless rule group.
type: dict
description: DEFAULT_ACTION_ORDER
returned: success
type: dict
stateful_rule_options:
contains:
rule_order:
description: The order in which rules will be evaluated.
example: DEFAULT_ACTION_ORDER
returned: success
type: str
description: Additional options governing how Network Firewall handles stateful
rules.
returned: When the rule group is either "rules string" or "rules list" based.
type: dict
description: Details of the rules in the rule group
returned: success
type: dict
rule_group_metadata:
contains:
capacity:
description: The maximum operating resources that this rule group can use.
returned: success
type: int
consumed_capacity:
description: The number of capacity units currently consumed by the rule
group rules.
returned: success
type: int
description:
description: A description of the rule group.
returned: success
type: str
number_of_associations:
description: The number of firewall policies that use this rule group.
returned: success
type: int
rule_group_arn:
description: The ARN for the rule group
example: arn:aws:network-firewall:us-east-1:123456789012:stateful-rulegroup/ExampleGroup
returned: success
type: int
rule_group_id:
description: A unique identifier for the rule group.
example: 12345678-abcd-1234-abcd-123456789abc
returned: success
type: int
rule_group_name:
description: The name of the rule group.
returned: success
type: str
rule_group_status:
description: The current status of a rule group.
example: DELETING
returned: success
type: str
tags:
description: A dictionary representing the tags associated with the rule
group.
returned: success
type: dict
type:
description: Whether the rule group is stateless or stateful.
example: STATEFUL
returned: success
type: str
description: Details of the rules in the rule group
returned: success
type: dict
description: The details of the rule groups
elements: dict
returned: success
type: list
rule_list:
description: A list of ARNs of the matching rule groups.
elements: str
returned: When a rule name isn't specified
type: list