community / community.aws / 4.3.0 / module / networkfirewall_rule_group_info describe AWS Network Firewall rule groups | "added in version" 4.0.0 of community.aws" Authors: Mark Chappell (@tremble)community.aws.networkfirewall_rule_group_info (4.3.0) — module
Install with ansible-galaxy collection install community.aws:==4.3.0
collections: - name: community.aws version: 4.3.0
A module for describing AWS Network Firewall rule groups.
# Describe all Rule Groups in an account (excludes managed groups) - community.aws.networkfirewall_rule_group_info: {}
# List the available Managed Rule groups (AWS doesn't support describing the # groups) - community.aws.networkfirewall_rule_group_info: scope: managed
# Describe a Rule Group by ARN - community.aws.networkfirewall_rule_group_info: arn: arn:aws:network-firewall:us-east-1:123456789012:stateful-rulegroup/ExampleRuleGroup
# Describe a Rule Group by name - community.aws.networkfirewall_rule_group_info: name: ExampleRuleGroup type: stateful
arn: description: - The ARN of the Network Firewall rule group. - At time of writing AWS does not support describing Managed Rules. required: false type: str name: description: - The name of the Network Firewall rule group. required: false type: str scope: choices: - managed - account description: - The scope of the request. - When I(scope='account') returns a description of all rule groups in the account. - When I(scope='managed') returns a list of available managed rule group arns. - By default searches only at the account scope. - I(scope='managed') requires botocore>=1.23.23. required: false type: str region: aliases: - aws_region - ec2_region description: - The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region) type: str ec2_url: aliases: - aws_endpoint_url - endpoint_url description: - Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used. type: str profile: aliases: - aws_profile description: - Uses a boto profile. Only works with boto >= 2.24.0. - Using I(profile) will override I(aws_access_key), I(aws_secret_key) and I(security_token) and support for passing them at the same time as I(profile) has been deprecated. - I(aws_access_key), I(aws_secret_key) and I(security_token) will be made mutually exclusive with I(profile) after 2022-06-01. type: str rule_type: aliases: - type choices: - stateful - stateless description: - Indicates whether the rule group is stateless or stateful. - Required if I(name) is provided. required: false type: str aws_config: description: - A dictionary to modify the botocore configuration. - Parameters can be found at U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config). - Only the 'user_agent' key is used for boto modules. See U(http://boto.cloudhackers.com/en/latest/boto_config_tut.html#boto) for more boto configuration. type: dict aws_ca_bundle: description: - The location of a CA Bundle to use when validating SSL certificates. - Only used for boto3 based modules. - 'Note: The CA Bundle is read ''module'' side and may need to be explicitly copied from the controller if not run locally.' type: path aws_access_key: aliases: - ec2_access_key - access_key description: - AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used. - If I(profile) is set this parameter is ignored. - Passing the I(aws_access_key) and I(profile) options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01. type: str aws_secret_key: aliases: - ec2_secret_key - secret_key description: - AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used. - If I(profile) is set this parameter is ignored. - Passing the I(aws_secret_key) and I(profile) options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01. type: str security_token: aliases: - aws_security_token - access_token description: - AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used. - If I(profile) is set this parameter is ignored. - Passing the I(security_token) and I(profile) options at the same time has been deprecated and the options will be made mutually exclusive after 2022-06-01. type: str validate_certs: default: true description: - When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0. type: bool debug_botocore_endpoint_logs: default: 'no' description: - Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used. type: bool
rule_groups: contains: rule_group: contains: rule_variables: contains: ip_sets: description: A dictionary mapping variable names to IP addresses in CIDR format. example: - 192.0.2.0/24 returned: success type: dict port_sets: description: A dictionary mapping variable names to ports example: - '42' returned: success type: dict description: Settings that are available for use in the rules in the rule group. returned: When rule variables are attached to the rule group. type: complex rules_source: contains: rules_source_list: contains: generated_rules_type: description: Whether the rule group allows or denies access to the domains in the list. example: ALLOWLIST returned: success type: str target_types: description: The protocols to be inspected by the rule group. elements: str example: - TLS_SNI - HTTP_HOST returned: success type: list targets: description: A list of domain names to be inspected for. elements: str example: - abc.example.com - .example.net returned: success type: list description: A description of the criteria for a domain list rule group. returned: When the rule group is "domain list" based. type: dict rules_string: description: A string describing the rules that the rule group is comprised of. returned: When the rule group is "rules string" based. type: str stateful_rules: contains: action: description: What action to perform when a flow matches the rule criteria. example: PASS returned: success type: str header: contains: destination: description: The destination address or range of addresses to inspect for. example: 198.51.100.0/24 returned: success type: str destination_port: description: The destination port to inspect for. example: 6666:6667 returned: success type: str direction: description: The direction of traffic flow to inspect. example: FORWARD returned: success type: str protocol: description: The protocol to inspect for. example: IP returned: success type: str source: description: The source address or range of addresses to inspect for. example: 203.0.113.98 returned: success type: str source_port: description: The source port to inspect for. example: '42' returned: success type: str description: A description of the criteria used for the rule. returned: success type: dict rule_options: contains: keyword: description: The keyword for the setting. example: sid:1 returned: success type: str settings: description: A list of values passed to the setting. elements: str returned: When values are available type: list description: Additional Suricata RuleOptions settings for the rule. elements: dict returned: success type: list description: A list of dictionaries describing the rules that the rule group is comprised of. elements: dict returned: When the rule group is "rules list" based. type: list stateless_rules_and_custom_actions: contains: custom_actions: contains: action_definition: contains: publish_metric_action: contains: dimensions: contains: value: description: The value to use in the custom metric dimension. returned: success type: str description: The value to use in an Amazon CloudWatch custom metric dimension. elements: dict returned: success type: list description: The description of an action which publishes to CloudWatch. returned: When the action publishes to CloudWatch. type: dict description: The custom action associated with the action name. returned: success type: dict action_name: description: The name for the custom action. returned: success type: str description: A list of individual custom action definitions that are available for use in stateless rules. elements: dict type: list stateless_rules: contains: priority: description: Indicates the order in which to run this rule relative to all of the rules that are defined for a stateless rule group. returned: success type: int rule_definition: contains: actions: description: The actions to take when a flow matches the rule. elements: str example: - aws:pass - CustomActionName returned: success type: list match_attributes: contains: destination_ports: contains: from_port: description: The lower limit of the port range. returned: success type: int to_port: description: The upper limit of the port range. returned: success type: int description: The destination port ranges to inspect for. elements: dict returned: success type: list destinations: contains: address_definition: description: An IP address or a block of IP addresses in CIDR notation. example: 192.0.2.3 returned: success type: str description: The destination IP addresses and address ranges to inspect for. elements: dict returned: success type: list protocols: description: The IANA protocol numbers of the protocols to inspect for. elements: int example: - 6 returned: success type: list source_ports: contains: from_port: description: The lower limit of the port range. returned: success type: int to_port: description: The upper limit of the port range. returned: success type: int description: The source port ranges to inspect for. elements: dict returned: success type: list sources: contains: address_definition: description: An IP address or a block of IP addresses in CIDR notation. example: 192.0.2.3 returned: success type: str description: The source IP addresses and address ranges to inspect for. elements: dict returned: success type: list tcp_flags: contains: flags: description: Used with masks to define the TCP flags that flows are inspected for. elements: str returned: success type: list masks: description: The set of flags considered during inspection. elements: str returned: success type: list description: The TCP flags and masks to inspect for. elements: dict returned: success type: list description: Describes the stateless 5-tuple inspection criteria for the rule. returned: success type: dict description: Describes the stateless 5-tuple inspection criteria and actions for the rule. returned: success type: dict description: A list of stateless rules for use in a stateless rule group. elements: dict type: list description: A description of the criteria for a stateless rule group. returned: When the rule group is a stateless rule group. type: dict description: DEFAULT_ACTION_ORDER returned: success type: dict stateful_rule_options: contains: rule_order: description: The order in which rules will be evaluated. example: DEFAULT_ACTION_ORDER returned: success type: str description: Additional options governing how Network Firewall handles stateful rules. returned: When the rule group is either "rules string" or "rules list" based. type: dict description: Details of the rules in the rule group returned: success type: dict rule_group_metadata: contains: capacity: description: The maximum operating resources that this rule group can use. returned: success type: int consumed_capacity: description: The number of capacity units currently consumed by the rule group rules. returned: success type: int description: description: A description of the rule group. returned: success type: str number_of_associations: description: The number of firewall policies that use this rule group. returned: success type: int rule_group_arn: description: The ARN for the rule group example: arn:aws:network-firewall:us-east-1:123456789012:stateful-rulegroup/ExampleGroup returned: success type: int rule_group_id: description: A unique identifier for the rule group. example: 12345678-abcd-1234-abcd-123456789abc returned: success type: int rule_group_name: description: The name of the rule group. returned: success type: str rule_group_status: description: The current status of a rule group. example: DELETING returned: success type: str tags: description: A dictionary representing the tags associated with the rule group. returned: success type: dict type: description: Whether the rule group is stateless or stateful. example: STATEFUL returned: success type: str description: Details of the rules in the rule group returned: success type: dict description: The details of the rule groups elements: dict returned: success type: list rule_list: description: A list of ARNs of the matching rule groups. elements: str returned: When a rule name isn't specified type: list