diff --git a/troposphere/networkfirewall.py b/troposphere/networkfirewall.py index 91cdd2f5d..bc8469e9b 100644 --- a/troposphere/networkfirewall.py +++ b/troposphere/networkfirewall.py @@ -13,6 +13,22 @@ from .validators import boolean, integer +VALID_RULE_GROUP_TYPES = ( + "STATEFUL", + "STATELESS" +) + + +def validate_rule_group_type(rule_group_type): + """Validate Type for RuleGroup""" + if rule_group_type not in VALID_RULE_GROUP_TYPES: + raise ValueError( + "RuleGroup Type must be one of %s" + % ", ".join(VALID_RULE_GROUP_TYPES) + ) + return rule_group_type + + class SubnetMapping(AWSProperty): props = { "SubnetId": (str, True), @@ -73,7 +89,7 @@ class StatelessRuleGroupReference(AWSProperty): } -class FirewallPolicy(AWSProperty): +class FirewallPolicyProperty(AWSProperty): props = { "StatefulRuleGroupReferences": ([StatefulRuleGroupReference], False), "StatelessCustomActions": ([CustomAction], False), @@ -83,6 +99,17 @@ class FirewallPolicy(AWSProperty): } +class FirewallPolicy(AWSObject): + resource_type = "AWS::NetworkFirewall::FirewallPolicy" + + props = { + "Description": (str, False), + "FirewallPolicyName": (str, True), + "Tags": (Tags, False), + "FirewallPolicy": (FirewallPolicyProperty, True), + } + + class LogDestinationConfig(AWSProperty): props = { "LogDestination": (dict, True), @@ -199,8 +226,21 @@ class RulesSource(AWSProperty): } -class RuleGroup(AWSProperty): +class RuleGroupProperty(AWSProperty): props = { "RuleVariables": (RuleVariables, False), "RulesSource": (RulesSource, True), } + + +class RuleGroup(AWSObject): + resource_type = "AWS::NetworkFirewall::RuleGroup" + + props = { + "Capacity": (integer, True), + "Description": (str, False), + "RuleGroup": (RuleGroupProperty, False), + "RuleGroupName": (str, True), + "Tags": (Tags, False), + "Type": (validate_rule_group_type, True) + }