NetworkFirewall / Client / create_proxy_rules
create_proxy_rules¶
- NetworkFirewall.Client.create_proxy_rules(**kwargs)¶
Creates Network Firewall ProxyRule resources.
Attaches new proxy rule(s) to an existing proxy rule group.
To retrieve information about individual proxy rules, use DescribeProxyRuleGroup and DescribeProxyRule.
See also: AWS API Documentation
Request Syntax
response = client.create_proxy_rules( ProxyRuleGroupArn='string', ProxyRuleGroupName='string', Rules={ 'PreDNS': [ { 'ProxyRuleName': 'string', 'Description': 'string', 'Action': 'ALLOW'|'DENY'|'ALERT', 'Conditions': [ { 'ConditionOperator': 'string', 'ConditionKey': 'string', 'ConditionValues': [ 'string', ] }, ], 'InsertPosition': 123 }, ], 'PreREQUEST': [ { 'ProxyRuleName': 'string', 'Description': 'string', 'Action': 'ALLOW'|'DENY'|'ALERT', 'Conditions': [ { 'ConditionOperator': 'string', 'ConditionKey': 'string', 'ConditionValues': [ 'string', ] }, ], 'InsertPosition': 123 }, ], 'PostRESPONSE': [ { 'ProxyRuleName': 'string', 'Description': 'string', 'Action': 'ALLOW'|'DENY'|'ALERT', 'Conditions': [ { 'ConditionOperator': 'string', 'ConditionKey': 'string', 'ConditionValues': [ 'string', ] }, ], 'InsertPosition': 123 }, ] } )
- Parameters:
ProxyRuleGroupArn (string) –
The Amazon Resource Name (ARN) of a proxy rule group.
You must specify the ARN or the name, and you can specify both.
ProxyRuleGroupName (string) –
The descriptive name of the proxy rule group. You can’t change the name of a proxy rule group after you create it.
You must specify the ARN or the name, and you can specify both.
Rules (dict) –
[REQUIRED]
Individual rules that define match conditions and actions for application-layer traffic. Rules specify what to inspect (domains, headers, methods) and what action to take (allow, deny, alert).
PreDNS (list) –
Before domain resolution.
(dict) –
Individual rules that define match conditions and actions for application-layer traffic. Rules specify what to inspect (domains, headers, methods) and what action to take (allow, deny, alert).
ProxyRuleName (string) –
The descriptive name of the proxy rule. You can’t change the name of a proxy rule after you create it.
Description (string) –
A description of the proxy rule.
Action (string) –
Action to take.
Conditions (list) –
Match criteria that specify what traffic attributes to examine. Conditions include operators (StringEquals, StringLike) and values to match against.
(dict) –
Match criteria that specify what traffic attributes to examine.
ConditionOperator (string) –
Defines how to perform a match.
ConditionKey (string) –
Defines what is to be matched.
ConditionValues (list) –
Specifes the exact value that needs to be matched against.
(string) –
InsertPosition (integer) –
Where to insert a proxy rule in a proxy rule group.
PreREQUEST (list) –
After DNS, before request.
(dict) –
Individual rules that define match conditions and actions for application-layer traffic. Rules specify what to inspect (domains, headers, methods) and what action to take (allow, deny, alert).
ProxyRuleName (string) –
The descriptive name of the proxy rule. You can’t change the name of a proxy rule after you create it.
Description (string) –
A description of the proxy rule.
Action (string) –
Action to take.
Conditions (list) –
Match criteria that specify what traffic attributes to examine. Conditions include operators (StringEquals, StringLike) and values to match against.
(dict) –
Match criteria that specify what traffic attributes to examine.
ConditionOperator (string) –
Defines how to perform a match.
ConditionKey (string) –
Defines what is to be matched.
ConditionValues (list) –
Specifes the exact value that needs to be matched against.
(string) –
InsertPosition (integer) –
Where to insert a proxy rule in a proxy rule group.
PostRESPONSE (list) –
After receiving response.
(dict) –
Individual rules that define match conditions and actions for application-layer traffic. Rules specify what to inspect (domains, headers, methods) and what action to take (allow, deny, alert).
ProxyRuleName (string) –
The descriptive name of the proxy rule. You can’t change the name of a proxy rule after you create it.
Description (string) –
A description of the proxy rule.
Action (string) –
Action to take.
Conditions (list) –
Match criteria that specify what traffic attributes to examine. Conditions include operators (StringEquals, StringLike) and values to match against.
(dict) –
Match criteria that specify what traffic attributes to examine.
ConditionOperator (string) –
Defines how to perform a match.
ConditionKey (string) –
Defines what is to be matched.
ConditionValues (list) –
Specifes the exact value that needs to be matched against.
(string) –
InsertPosition (integer) –
Where to insert a proxy rule in a proxy rule group.
- Return type:
dict
- Returns:
Response Syntax
{ 'ProxyRuleGroup': { 'ProxyRuleGroupName': 'string', 'ProxyRuleGroupArn': 'string', 'CreateTime': datetime(2015, 1, 1), 'DeleteTime': datetime(2015, 1, 1), 'Rules': { 'PreDNS': [ { 'ProxyRuleName': 'string', 'Description': 'string', 'Action': 'ALLOW'|'DENY'|'ALERT', 'Conditions': [ { 'ConditionOperator': 'string', 'ConditionKey': 'string', 'ConditionValues': [ 'string', ] }, ] }, ], 'PreREQUEST': [ { 'ProxyRuleName': 'string', 'Description': 'string', 'Action': 'ALLOW'|'DENY'|'ALERT', 'Conditions': [ { 'ConditionOperator': 'string', 'ConditionKey': 'string', 'ConditionValues': [ 'string', ] }, ] }, ], 'PostRESPONSE': [ { 'ProxyRuleName': 'string', 'Description': 'string', 'Action': 'ALLOW'|'DENY'|'ALERT', 'Conditions': [ { 'ConditionOperator': 'string', 'ConditionKey': 'string', 'ConditionValues': [ 'string', ] }, ] }, ] }, 'Description': 'string', 'Tags': [ { 'Key': 'string', 'Value': 'string' }, ] }, 'UpdateToken': 'string' }
Response Structure
(dict) –
ProxyRuleGroup (dict) –
The properties that define the proxy rule group with the newly created proxy rule(s).
ProxyRuleGroupName (string) –
The descriptive name of the proxy rule group. You can’t change the name of a proxy rule group after you create it.
ProxyRuleGroupArn (string) –
The Amazon Resource Name (ARN) of a proxy rule group.
CreateTime (datetime) –
Time the Proxy Rule Group was created.
DeleteTime (datetime) –
Time the Proxy Rule Group was deleted.
Rules (dict) –
Individual rules that define match conditions and actions for application-layer traffic. Rules specify what to inspect (domains, headers, methods) and what action to take (allow, deny, alert).
PreDNS (list) –
Before domain resolution.
(dict) –
Individual rules that define match conditions and actions for application-layer traffic. Rules specify what to inspect (domains, headers, methods) and what action to take (allow, deny, alert).
ProxyRuleName (string) –
The descriptive name of the proxy rule. You can’t change the name of a proxy rule after you create it.
Description (string) –
A description of the proxy rule.
Action (string) –
Action to take.
Conditions (list) –
Match criteria that specify what traffic attributes to examine. Conditions include operators (StringEquals, StringLike) and values to match against.
(dict) –
Match criteria that specify what traffic attributes to examine.
ConditionOperator (string) –
Defines how to perform a match.
ConditionKey (string) –
Defines what is to be matched.
ConditionValues (list) –
Specifes the exact value that needs to be matched against.
(string) –
PreREQUEST (list) –
After DNS, before request.
(dict) –
Individual rules that define match conditions and actions for application-layer traffic. Rules specify what to inspect (domains, headers, methods) and what action to take (allow, deny, alert).
ProxyRuleName (string) –
The descriptive name of the proxy rule. You can’t change the name of a proxy rule after you create it.
Description (string) –
A description of the proxy rule.
Action (string) –
Action to take.
Conditions (list) –
Match criteria that specify what traffic attributes to examine. Conditions include operators (StringEquals, StringLike) and values to match against.
(dict) –
Match criteria that specify what traffic attributes to examine.
ConditionOperator (string) –
Defines how to perform a match.
ConditionKey (string) –
Defines what is to be matched.
ConditionValues (list) –
Specifes the exact value that needs to be matched against.
(string) –
PostRESPONSE (list) –
After receiving response.
(dict) –
Individual rules that define match conditions and actions for application-layer traffic. Rules specify what to inspect (domains, headers, methods) and what action to take (allow, deny, alert).
ProxyRuleName (string) –
The descriptive name of the proxy rule. You can’t change the name of a proxy rule after you create it.
Description (string) –
A description of the proxy rule.
Action (string) –
Action to take.
Conditions (list) –
Match criteria that specify what traffic attributes to examine. Conditions include operators (StringEquals, StringLike) and values to match against.
(dict) –
Match criteria that specify what traffic attributes to examine.
ConditionOperator (string) –
Defines how to perform a match.
ConditionKey (string) –
Defines what is to be matched.
ConditionValues (list) –
Specifes the exact value that needs to be matched against.
(string) –
Description (string) –
A description of the proxy rule group.
Tags (list) –
The key:value pairs to associate with the resource.
(dict) –
A key:value pair associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as “environment”) and the tag value represents a specific value within that category (such as “test,” “development,” or “production”). You can add up to 50 tags to each Amazon Web Services resource.
Key (string) –
The part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as “customer.” Tag keys are case-sensitive.
Value (string) –
The part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as “companyA” or “companyB.” Tag values are case-sensitive.
UpdateToken (string) –
A token used for optimistic locking. Network Firewall returns a token to your requests that access the proxy rule. The token marks the state of the proxy rule resource at the time of the request.
To make changes to the proxy rule, you provide the token in your request. Network Firewall uses the token to ensure that the proxy rule hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException. If this happens, retrieve the proxy rule again to get a current copy of it with a current token. Reapply your changes as needed, then try the operation again using the new token.
Exceptions