Amazon Network Firewall · Schema
StatefulRuleGroupReference
Identifier for a single stateful rule group, used in a firewall policy to refer to a rule group.
FirewallIntrusion DetectionNetwork SecurityVPC
Properties
| Name | Type | Description |
|---|---|---|
| ResourceArn | object | |
| Priority | object | |
| Override | object |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/api-evangelist/amazon-network-firewall/refs/heads/main/json-schema/openapi-stateful-rule-group-reference-schema.json",
"title": "StatefulRuleGroupReference",
"description": "Identifier for a single stateful rule group, used in a firewall policy to refer to a rule group. ",
"type": "object",
"properties": {
"ResourceArn": {
"allOf": [
{
"$ref": "#/components/schemas/ResourceArn"
},
{
"description": "The Amazon Resource Name (ARN) of the stateful rule group."
}
]
},
"Priority": {
"allOf": [
{
"$ref": "#/components/schemas/Priority"
},
{
"description": "<p>An integer setting that indicates the order in which to run the stateful rule groups in a single <a>FirewallPolicy</a>. This setting only applies to firewall policies that specify the <code>STRICT_ORDER</code> rule order in the stateful engine options settings.</p> <p>Network Firewall evalutes each stateful rule group against a packet starting with the group that has the lowest priority setting. You must ensure that the priority settings are unique within each policy.</p> <p>You can change the priority settings of your rule groups at any time. To make it easier to insert rule groups later, number them so there's a wide range in between, for example use 100, 200, and so on. </p>"
}
]
},
"Override": {
"allOf": [
{
"$ref": "#/components/schemas/StatefulRuleGroupOverride"
},
{
"description": "The action that allows the policy owner to override the behavior of the rule group within a policy."
}
]
}
},
"required": [
"ResourceArn"
]
}