I kept getting syntax error when i want to build a rule group.
My goal is to ALLOW only aws service, and DENY all other TCP Traffic.
Following is the example, I can build and deploy the CDK. but cloudformation cannot build with syntax error about the RuleGroup
.
so my question is:
- can I use CDK to build a "Suricata compatible rule string" type of Rule Group?
- if not, my goal was only allow some domain and deny all explicitly, what else can i try?
Thank you very much
reject_all_rule_group = firewall.CfnRuleGroup(
self,
"RejectAllRuleGroup",
capacity=100,
rule_group_name="RejectAllRuleGroup",
type="STATEFUL",
description="Reject all other traffic",
rule_group=firewall.CfnRuleGroup.RuleGroupProperty(
rules_source=firewall.CfnRuleGroup.RulesSourceProperty(
rules_string='pass http any any -> any any (http.host; dotprefix; content:".amazonaws.com"; endswith; msg:"Permit HTTP access to the web server"; sid:1000001; rev:1;)\npass tls any any -> any any (tls.sni; content:"aws.amazon.com"; startswith; nocase; endswith; msg:"Permit HTTPS access to aws.amazon.com"; sid:1000002; rev:1;)\n"'
)
),
)
firewall_policy = firewall.CfnFirewallPolicy(
self,
"AaronTestFirewallPolicy",
firewall_policy=firewall.CfnFirewallPolicy.FirewallPolicyProperty(
stateless_default_actions=["aws:pass"],
stateless_fragment_default_actions=["aws:pass"],
stateful_rule_group_references=[
firewall.CfnFirewallPolicy.StatefulRuleGroupReferenceProperty(
resource_arn=reject_all_rule_group.attr_rule_group_arn
),
],
),
firewall_policy_name="AaronTestFirewallPolicy",
)