TrafficMirrorFilterRule

Provides an Traffic mirror filter rule.
Read limits and considerations for traffic mirroring

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var filter = new Aws.Ec2.TrafficMirrorFilter("filter", new Aws.Ec2.TrafficMirrorFilterArgs
        {
            Description = "traffic mirror filter - example",
            NetworkServices = 
            {
                "amazon-dns",
            },
        });
        var ruleout = new Aws.Ec2.TrafficMirrorFilterRule("ruleout", new Aws.Ec2.TrafficMirrorFilterRuleArgs
        {
            Description = "test rule",
            DestinationCidrBlock = "10.0.0.0/8",
            RuleAction = "accept",
            RuleNumber = 1,
            SourceCidrBlock = "10.0.0.0/8",
            TrafficDirection = "egress",
            TrafficMirrorFilterId = filter.Id,
        });
        var rulein = new Aws.Ec2.TrafficMirrorFilterRule("rulein", new Aws.Ec2.TrafficMirrorFilterRuleArgs
        {
            Description = "test rule",
            DestinationCidrBlock = "10.0.0.0/8",
            DestinationPortRange = new Aws.Ec2.Inputs.TrafficMirrorFilterRuleDestinationPortRangeArgs
            {
                FromPort = 22,
                ToPort = 53,
            },
            Protocol = 6,
            RuleAction = "accept",
            RuleNumber = 1,
            SourceCidrBlock = "10.0.0.0/8",
            SourcePortRange = new Aws.Ec2.Inputs.TrafficMirrorFilterRuleSourcePortRangeArgs
            {
                FromPort = 0,
                ToPort = 10,
            },
            TrafficDirection = "ingress",
            TrafficMirrorFilterId = filter.Id,
        });
    }

}

package main

import (
    "github.com/pulumi/pulumi-aws/sdk/v2/go/aws/ec2"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        filter, err := ec2.NewTrafficMirrorFilter(ctx, "filter", &ec2.TrafficMirrorFilterArgs{
            Description: pulumi.String("traffic mirror filter - example"),
            NetworkServices: pulumi.StringArray{
                pulumi.String("amazon-dns"),
            },
        })
        if err != nil {
            return err
        }
        _, err = ec2.NewTrafficMirrorFilterRule(ctx, "ruleout", &ec2.TrafficMirrorFilterRuleArgs{
            Description:           pulumi.String("test rule"),
            DestinationCidrBlock:  pulumi.String("10.0.0.0/8"),
            RuleAction:            pulumi.String("accept"),
            RuleNumber:            pulumi.Int(1),
            SourceCidrBlock:       pulumi.String("10.0.0.0/8"),
            TrafficDirection:      pulumi.String("egress"),
            TrafficMirrorFilterId: filter.ID(),
        })
        if err != nil {
            return err
        }
        _, err = ec2.NewTrafficMirrorFilterRule(ctx, "rulein", &ec2.TrafficMirrorFilterRuleArgs{
            Description:          pulumi.String("test rule"),
            DestinationCidrBlock: pulumi.String("10.0.0.0/8"),
            DestinationPortRange: &ec2.TrafficMirrorFilterRuleDestinationPortRangeArgs{
                FromPort: pulumi.Int(22),
                ToPort:   pulumi.Int(53),
            },
            Protocol:        pulumi.Int(6),
            RuleAction:      pulumi.String("accept"),
            RuleNumber:      pulumi.Int(1),
            SourceCidrBlock: pulumi.String("10.0.0.0/8"),
            SourcePortRange: &ec2.TrafficMirrorFilterRuleSourcePortRangeArgs{
                FromPort: pulumi.Int(0),
                ToPort:   pulumi.Int(10),
            },
            TrafficDirection:      pulumi.String("ingress"),
            TrafficMirrorFilterId: filter.ID(),
        })
        if err != nil {
            return err
        }
        return nil
    })
}

import pulumi
import pulumi_aws as aws

filter = aws.ec2.TrafficMirrorFilter("filter",
    description="traffic mirror filter - example",
    network_services=["amazon-dns"])
ruleout = aws.ec2.TrafficMirrorFilterRule("ruleout",
    description="test rule",
    destination_cidr_block="10.0.0.0/8",
    rule_action="accept",
    rule_number=1,
    source_cidr_block="10.0.0.0/8",
    traffic_direction="egress",
    traffic_mirror_filter_id=filter.id)
rulein = aws.ec2.TrafficMirrorFilterRule("rulein",
    description="test rule",
    destination_cidr_block="10.0.0.0/8",
    destination_port_range={
        "from_port": 22,
        "to_port": 53,
    },
    protocol=6,
    rule_action="accept",
    rule_number=1,
    source_cidr_block="10.0.0.0/8",
    source_port_range={
        "from_port": 0,
        "to_port": 10,
    },
    traffic_direction="ingress",
    traffic_mirror_filter_id=filter.id)

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const filter = new aws.ec2.TrafficMirrorFilter("filter", {
    description: "traffic mirror filter - example",
    networkServices: ["amazon-dns"],
});
const ruleout = new aws.ec2.TrafficMirrorFilterRule("ruleout", {
    description: "test rule",
    destinationCidrBlock: "10.0.0.0/8",
    ruleAction: "accept",
    ruleNumber: 1,
    sourceCidrBlock: "10.0.0.0/8",
    trafficDirection: "egress",
    trafficMirrorFilterId: filter.id,
});
const rulein = new aws.ec2.TrafficMirrorFilterRule("rulein", {
    description: "test rule",
    destinationCidrBlock: "10.0.0.0/8",
    destinationPortRange: {
        fromPort: 22,
        toPort: 53,
    },
    protocol: 6,
    ruleAction: "accept",
    ruleNumber: 1,
    sourceCidrBlock: "10.0.0.0/8",
    sourcePortRange: {
        fromPort: 0,
        toPort: 10,
    },
    trafficDirection: "ingress",
    trafficMirrorFilterId: filter.id,
});

Create a TrafficMirrorFilterRule Resource

new TrafficMirrorFilterRule(name: string, args: TrafficMirrorFilterRuleArgs, opts?: CustomResourceOptions);

def TrafficMirrorFilterRule(resource_name, opts=None, description=None, destination_cidr_block=None, destination_port_range=None, protocol=None, rule_action=None, rule_number=None, source_cidr_block=None, source_port_range=None, traffic_direction=None, traffic_mirror_filter_id=None, __props__=None);

func NewTrafficMirrorFilterRule(ctx *Context, name string, args TrafficMirrorFilterRuleArgs, opts ...ResourceOption) (*TrafficMirrorFilterRule, error)

public TrafficMirrorFilterRule(string name, TrafficMirrorFilterRuleArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args TrafficMirrorFilterRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args TrafficMirrorFilterRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args TrafficMirrorFilterRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

TrafficMirrorFilterRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The TrafficMirrorFilterRule resource accepts the following input properties:

DestinationCidrBlock string: The destination CIDR block to assign to the Traffic Mirror rule.
RuleAction string: The action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
RuleNumber int: The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
SourceCidrBlock string: The source CIDR block to assign to the Traffic Mirror rule.
TrafficDirection string: The direction of traffic to be captured. Valid values are ingress and egress
TrafficMirrorFilterId string: ID of the traffic mirror filter to which this rule should be added
Description string: A description of the traffic mirror filter rule.
DestinationPortRange TrafficMirrorFilterRuleDestinationPortRangeArgs: The destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
Protocol int: The protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
SourcePortRange TrafficMirrorFilterRuleSourcePortRangeArgs: The source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below

DestinationCidrBlock string: The destination CIDR block to assign to the Traffic Mirror rule.
RuleAction string: The action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
RuleNumber int: The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
SourceCidrBlock string: The source CIDR block to assign to the Traffic Mirror rule.
TrafficDirection string: The direction of traffic to be captured. Valid values are ingress and egress
TrafficMirrorFilterId string: ID of the traffic mirror filter to which this rule should be added
Description string: A description of the traffic mirror filter rule.
DestinationPortRange TrafficMirrorFilterRuleDestinationPortRange: The destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
Protocol int: The protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
SourcePortRange TrafficMirrorFilterRuleSourcePortRange: The source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below

destinationCidrBlock string: The destination CIDR block to assign to the Traffic Mirror rule.
ruleAction string: The action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
ruleNumber number: The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
sourceCidrBlock string: The source CIDR block to assign to the Traffic Mirror rule.
trafficDirection string: The direction of traffic to be captured. Valid values are ingress and egress
trafficMirrorFilterId string: ID of the traffic mirror filter to which this rule should be added
description string: A description of the traffic mirror filter rule.
destinationPortRange TrafficMirrorFilterRuleDestinationPortRange: The destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
protocol number: The protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
sourcePortRange TrafficMirrorFilterRuleSourcePortRange: The source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below

destination_cidr_block str: The destination CIDR block to assign to the Traffic Mirror rule.
rule_action str: The action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
rule_number float: The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
source_cidr_block str: The source CIDR block to assign to the Traffic Mirror rule.
traffic_direction str: The direction of traffic to be captured. Valid values are ingress and egress
traffic_mirror_filter_id str: ID of the traffic mirror filter to which this rule should be added
description str: A description of the traffic mirror filter rule.
destination_port_range Dict[TrafficMirrorFilterRuleDestinationPortRange]: The destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
protocol float: The protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
source_port_range Dict[TrafficMirrorFilterRuleSourcePortRange]: The source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below

Outputs

All input properties are implicitly available as output properties. Additionally, the TrafficMirrorFilterRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

Look up an Existing TrafficMirrorFilterRule Resource

Get an existing TrafficMirrorFilterRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: TrafficMirrorFilterRuleState, opts?: CustomResourceOptions): TrafficMirrorFilterRule

static get(resource_name, id, opts=None, description=None, destination_cidr_block=None, destination_port_range=None, protocol=None, rule_action=None, rule_number=None, source_cidr_block=None, source_port_range=None, traffic_direction=None, traffic_mirror_filter_id=None, __props__=None);

func GetTrafficMirrorFilterRule(ctx *Context, name string, id IDInput, state *TrafficMirrorFilterRuleState, opts ...ResourceOption) (*TrafficMirrorFilterRule, error)

public static TrafficMirrorFilterRule Get(string name, Input<string> id, TrafficMirrorFilterRuleState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string: A description of the traffic mirror filter rule.
DestinationCidrBlock string: The destination CIDR block to assign to the Traffic Mirror rule.
DestinationPortRange TrafficMirrorFilterRuleDestinationPortRangeArgs: The destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
Protocol int: The protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
RuleAction string: The action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
RuleNumber int: The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
SourceCidrBlock string: The source CIDR block to assign to the Traffic Mirror rule.
SourcePortRange TrafficMirrorFilterRuleSourcePortRangeArgs: The source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
TrafficDirection string: The direction of traffic to be captured. Valid values are ingress and egress
TrafficMirrorFilterId string: ID of the traffic mirror filter to which this rule should be added

Description string: A description of the traffic mirror filter rule.
DestinationCidrBlock string: The destination CIDR block to assign to the Traffic Mirror rule.
DestinationPortRange TrafficMirrorFilterRuleDestinationPortRange: The destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
Protocol int: The protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
RuleAction string: The action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
RuleNumber int: The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
SourceCidrBlock string: The source CIDR block to assign to the Traffic Mirror rule.
SourcePortRange TrafficMirrorFilterRuleSourcePortRange: The source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
TrafficDirection string: The direction of traffic to be captured. Valid values are ingress and egress
TrafficMirrorFilterId string: ID of the traffic mirror filter to which this rule should be added

description string: A description of the traffic mirror filter rule.
destinationCidrBlock string: The destination CIDR block to assign to the Traffic Mirror rule.
destinationPortRange TrafficMirrorFilterRuleDestinationPortRange: The destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
protocol number: The protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
ruleAction string: The action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
ruleNumber number: The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
sourceCidrBlock string: The source CIDR block to assign to the Traffic Mirror rule.
sourcePortRange TrafficMirrorFilterRuleSourcePortRange: The source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
trafficDirection string: The direction of traffic to be captured. Valid values are ingress and egress
trafficMirrorFilterId string: ID of the traffic mirror filter to which this rule should be added

description str: A description of the traffic mirror filter rule.
destination_cidr_block str: The destination CIDR block to assign to the Traffic Mirror rule.
destination_port_range Dict[TrafficMirrorFilterRuleDestinationPortRange]: The destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
protocol float: The protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
rule_action str: The action to take (accept | reject) on the filtered traffic. Valid values are accept and reject
rule_number float: The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
source_cidr_block str: The source CIDR block to assign to the Traffic Mirror rule.
source_port_range Dict[TrafficMirrorFilterRuleSourcePortRange]: The source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below
traffic_direction str: The direction of traffic to be captured. Valid values are ingress and egress
traffic_mirror_filter_id str: ID of the traffic mirror filter to which this rule should be added

Supporting Types

TrafficMirrorFilterRuleDestinationPortRange

See the input and output API doc for this type.

FromPort int: Starting port of the range
ToPort int: Ending port of the range

FromPort int: Starting port of the range
ToPort int: Ending port of the range

fromPort number: Starting port of the range
toPort number: Ending port of the range

from_port float: Starting port of the range
to_port float: Ending port of the range

TrafficMirrorFilterRuleSourcePortRange

See the input and output API doc for this type.

FromPort int: Starting port of the range
ToPort int: Ending port of the range

FromPort int: Starting port of the range
ToPort int: Ending port of the range

fromPort number: Starting port of the range
toPort number: Ending port of the range

from_port float: Starting port of the range
to_port float: Ending port of the range

Package Details

Repository: https://github.com/pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud