1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package networkfirewall 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/aws-sdk-go-v2/service/networkfirewall/types" 10 "github.com/aws/smithy-go/middleware" 11 smithyhttp "github.com/aws/smithy-go/transport/http" 12) 13 14// Creates the specified stateless or stateful rule group, which includes the rules 15// for network traffic inspection, a capacity setting, and tags. You provide your 16// rule group specification in your request using either RuleGroup or Rules. 17func (c *Client) CreateRuleGroup(ctx context.Context, params *CreateRuleGroupInput, optFns ...func(*Options)) (*CreateRuleGroupOutput, error) { 18 if params == nil { 19 params = &CreateRuleGroupInput{} 20 } 21 22 result, metadata, err := c.invokeOperation(ctx, "CreateRuleGroup", params, optFns, addOperationCreateRuleGroupMiddlewares) 23 if err != nil { 24 return nil, err 25 } 26 27 out := result.(*CreateRuleGroupOutput) 28 out.ResultMetadata = metadata 29 return out, nil 30} 31 32type CreateRuleGroupInput struct { 33 34 // The maximum operating resources that this rule group can use. Rule group 35 // capacity is fixed at creation. When you update a rule group, you are limited to 36 // this capacity. When you reference a rule group from a firewall policy, Network 37 // Firewall reserves this capacity for the rule group. You can retrieve the 38 // capacity that would be required for a rule group before you create the rule 39 // group by calling CreateRuleGroup with DryRun set to TRUE. You can't change or 40 // exceed this capacity when you update the rule group, so leave room for your rule 41 // group to grow. Capacity for a stateless rule group For a stateless rule group, 42 // the capacity required is the sum of the capacity requirements of the individual 43 // rules that you expect to have in the rule group. To calculate the capacity 44 // requirement of a single rule, multiply the capacity requirement values of each 45 // of the rule's match settings: 46 // 47 // * A match setting with no criteria specified has 48 // a value of 1. 49 // 50 // * A match setting with Any specified has a value of 1. 51 // 52 // * All 53 // other match settings have a value equal to the number of elements provided in 54 // the setting. For example, a protocol setting ["UDP"] and a source setting 55 // ["10.0.0.0/24"] each have a value of 1. A protocol setting ["UDP","TCP"] has a 56 // value of 2. A source setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"] has a 57 // value of 3. 58 // 59 // A rule with no criteria specified in any of its match settings has 60 // a capacity requirement of 1. A rule with protocol setting ["UDP","TCP"], source 61 // setting ["10.0.0.0/24","10.0.0.1/24","10.0.0.2/24"], and a single specification 62 // or no specification for each of the other match settings has a capacity 63 // requirement of 6. Capacity for a stateful rule group For a stateful rule group, 64 // the minimum capacity required is the number of individual rules that you expect 65 // to have in the rule group. 66 // 67 // This member is required. 68 Capacity *int32 69 70 // The descriptive name of the rule group. You can't change the name of a rule 71 // group after you create it. 72 // 73 // This member is required. 74 RuleGroupName *string 75 76 // Indicates whether the rule group is stateless or stateful. If the rule group is 77 // stateless, it contains stateless rules. If it is stateful, it contains stateful 78 // rules. 79 // 80 // This member is required. 81 Type types.RuleGroupType 82 83 // A description of the rule group. 84 Description *string 85 86 // Indicates whether you want Network Firewall to just check the validity of the 87 // request, rather than run the request. If set to TRUE, Network Firewall checks 88 // whether the request can run successfully, but doesn't actually make the 89 // requested changes. The call returns the value that the request would return if 90 // you ran it with dry run set to FALSE, but doesn't make additions or changes to 91 // your resources. This option allows you to make sure that you have the required 92 // permissions to run the request and that your request parameters are valid. If 93 // set to FALSE, Network Firewall makes the requested changes to your resources. 94 DryRun bool 95 96 // An object that defines the rule group rules. You must provide either this rule 97 // group setting or a Rules setting, but not both. 98 RuleGroup *types.RuleGroup 99 100 // A string containing stateful rule group rules specifications in Suricata flat 101 // format, with one rule per line. Use this to import your existing Suricata 102 // compatible rule groups. You must provide either this rules setting or a 103 // populated RuleGroup setting, but not both. You can provide your rule group 104 // specification in Suricata flat format through this setting when you create or 105 // update your rule group. The call response returns a RuleGroup object that 106 // Network Firewall has populated from your string. 107 Rules *string 108 109 // The key:value pairs to associate with the resource. 110 Tags []types.Tag 111} 112 113type CreateRuleGroupOutput struct { 114 115 // The high-level properties of a rule group. This, along with the RuleGroup, 116 // define the rule group. You can retrieve all objects for a rule group by calling 117 // DescribeRuleGroup. 118 // 119 // This member is required. 120 RuleGroupResponse *types.RuleGroupResponse 121 122 // A token used for optimistic locking. Network Firewall returns a token to your 123 // requests that access the rule group. The token marks the state of the rule group 124 // resource at the time of the request. To make changes to the rule group, you 125 // provide the token in your request. Network Firewall uses the token to ensure 126 // that the rule group hasn't changed since you last retrieved it. If it has 127 // changed, the operation fails with an InvalidTokenException. If this happens, 128 // retrieve the rule group again to get a current copy of it with a current token. 129 // Reapply your changes as needed, then try the operation again using the new 130 // token. 131 // 132 // This member is required. 133 UpdateToken *string 134 135 // Metadata pertaining to the operation's result. 136 ResultMetadata middleware.Metadata 137} 138 139func addOperationCreateRuleGroupMiddlewares(stack *middleware.Stack, options Options) (err error) { 140 err = stack.Serialize.Add(&awsAwsjson10_serializeOpCreateRuleGroup{}, middleware.After) 141 if err != nil { 142 return err 143 } 144 err = stack.Deserialize.Add(&awsAwsjson10_deserializeOpCreateRuleGroup{}, middleware.After) 145 if err != nil { 146 return err 147 } 148 if err = addSetLoggerMiddleware(stack, options); err != nil { 149 return err 150 } 151 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 152 return err 153 } 154 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 155 return err 156 } 157 if err = addResolveEndpointMiddleware(stack, options); err != nil { 158 return err 159 } 160 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 161 return err 162 } 163 if err = addRetryMiddlewares(stack, options); err != nil { 164 return err 165 } 166 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 167 return err 168 } 169 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 170 return err 171 } 172 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 173 return err 174 } 175 if err = addClientUserAgent(stack); err != nil { 176 return err 177 } 178 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 179 return err 180 } 181 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 182 return err 183 } 184 if err = addOpCreateRuleGroupValidationMiddleware(stack); err != nil { 185 return err 186 } 187 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateRuleGroup(options.Region), middleware.Before); err != nil { 188 return err 189 } 190 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 191 return err 192 } 193 if err = addResponseErrorMiddleware(stack); err != nil { 194 return err 195 } 196 if err = addRequestResponseLogging(stack, options); err != nil { 197 return err 198 } 199 return nil 200} 201 202func newServiceMetadataMiddleware_opCreateRuleGroup(region string) *awsmiddleware.RegisterServiceMetadata { 203 return &awsmiddleware.RegisterServiceMetadata{ 204 Region: region, 205 ServiceID: ServiceID, 206 SigningName: "network-firewall", 207 OperationName: "CreateRuleGroup", 208 } 209} 210