Resource: awsEc2TrafficMirrorFilterRule
Provides an Traffic mirror filter rule.\ Read limits and considerations for traffic mirroring
Example Usage
To create a basic traffic mirror session
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsEc2TrafficMirrorFilterFilter =
new aws.ec2TrafficMirrorFilter.Ec2TrafficMirrorFilter(this, "filter", {
description: "traffic mirror filter - terraform example",
networkServices: ["amazon-dns"],
});
new aws.ec2TrafficMirrorFilterRule.Ec2TrafficMirrorFilterRule(this, "rulein", {
description: "test rule",
destinationCidrBlock: "10.0.0.0/8",
destinationPortRange: {
fromPort: 22,
toPort: 53,
},
protocol: 6,
ruleAction: "accept",
ruleNumber: 1,
sourceCidrBlock: "10.0.0.0/8",
sourcePortRange: {
fromPort: 0,
toPort: 10,
},
trafficDirection: "ingress",
trafficMirrorFilterId: awsEc2TrafficMirrorFilterFilter.id,
});
new aws.ec2TrafficMirrorFilterRule.Ec2TrafficMirrorFilterRule(this, "ruleout", {
description: "test rule",
destinationCidrBlock: "10.0.0.0/8",
ruleAction: "accept",
ruleNumber: 1,
sourceCidrBlock: "10.0.0.0/8",
trafficDirection: "egress",
trafficMirrorFilterId: awsEc2TrafficMirrorFilterFilter.id,
});
Argument Reference
The following arguments are supported:
description
- (Optional) Description of the traffic mirror filter rule.trafficMirrorFilterId
- (Required) ID of the traffic mirror filter to which this rule should be addeddestinationCidrBlock
- (Required) Destination CIDR block to assign to the Traffic Mirror rule.destinationPortRange
- (Optional) Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented belowprotocol
- (Optional) Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.ruleAction
- (Required) Action to take (accept | reject) on the filtered traffic. Valid values areaccept
andreject
ruleNumber
- (Required) Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.sourceCidrBlock
- (Required) Source CIDR block to assign to the Traffic Mirror rule.sourcePortRange
- (Optional) Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented belowtrafficDirection
- (Required) Direction of traffic to be captured. Valid values areingress
andegress
Traffic mirror port range support following attributes:
fromPort
- (Optional) Starting port of the rangetoPort
- (Optional) Ending port of the range
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn
- ARN of the traffic mirror filter rule.id
- Name of the traffic mirror filter rule.
Import
Traffic mirror rules can be imported using the trafficMirrorFilterId
and id
separated by :
e.g.,