github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/networkfirewall/ruleGroup.go

// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***

package networkfirewall

import (
	"context"
	"reflect"

	"errors"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

// Provides an AWS Network Firewall Rule Group Resource
//
// ## Example Usage
//
// ### Stateful Inspection for denying access to a domain
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := networkfirewall.NewRuleGroup(ctx, "example", &networkfirewall.RuleGroupArgs{
//				Capacity: pulumi.Int(100),
//				Name:     pulumi.String("example"),
//				Type:     pulumi.String("STATEFUL"),
//				RuleGroup: &networkfirewall.RuleGroupRuleGroupArgs{
//					RulesSource: &networkfirewall.RuleGroupRuleGroupRulesSourceArgs{
//						RulesSourceList: &networkfirewall.RuleGroupRuleGroupRulesSourceRulesSourceListArgs{
//							GeneratedRulesType: pulumi.String("DENYLIST"),
//							TargetTypes: pulumi.StringArray{
//								pulumi.String("HTTP_HOST"),
//							},
//							Targets: pulumi.StringArray{
//								pulumi.String("test.example.com"),
//							},
//						},
//					},
//				},
//				Tags: pulumi.StringMap{
//					"Tag1": pulumi.String("Value1"),
//					"Tag2": pulumi.String("Value2"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### Stateful Inspection for blocking packets from going to an intended destination
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := networkfirewall.NewRuleGroup(ctx, "example", &networkfirewall.RuleGroupArgs{
//				Capacity: pulumi.Int(100),
//				Name:     pulumi.String("example"),
//				Type:     pulumi.String("STATEFUL"),
//				RuleGroup: &networkfirewall.RuleGroupRuleGroupArgs{
//					RulesSource: &networkfirewall.RuleGroupRuleGroupRulesSourceArgs{
//						StatefulRules: networkfirewall.RuleGroupRuleGroupRulesSourceStatefulRuleArray{
//							&networkfirewall.RuleGroupRuleGroupRulesSourceStatefulRuleArgs{
//								Action: pulumi.String("DROP"),
//								Header: &networkfirewall.RuleGroupRuleGroupRulesSourceStatefulRuleHeaderArgs{
//									Destination:     pulumi.String("124.1.1.24/32"),
//									DestinationPort: pulumi.String("53"),
//									Direction:       pulumi.String("ANY"),
//									Protocol:        pulumi.String("TCP"),
//									Source:          pulumi.String("1.2.3.4/32"),
//									SourcePort:      pulumi.String("53"),
//								},
//								RuleOptions: networkfirewall.RuleGroupRuleGroupRulesSourceStatefulRuleRuleOptionArray{
//									&networkfirewall.RuleGroupRuleGroupRulesSourceStatefulRuleRuleOptionArgs{
//										Keyword: pulumi.String("sid"),
//										Settings: pulumi.StringArray{
//											pulumi.String("1"),
//										},
//									},
//								},
//							},
//						},
//					},
//				},
//				Tags: pulumi.StringMap{
//					"Tag1": pulumi.String("Value1"),
//					"Tag2": pulumi.String("Value2"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### Stateful Inspection from rules specifications defined in Suricata flat format
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
//	"github.com/pulumi/pulumi-std/sdk/go/std"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			invokeFile, err := std.File(ctx, &std.FileArgs{
//				Input: "example.rules",
//			}, nil)
//			if err != nil {
//				return err
//			}
//			_, err = networkfirewall.NewRuleGroup(ctx, "example", &networkfirewall.RuleGroupArgs{
//				Capacity: pulumi.Int(100),
//				Name:     pulumi.String("example"),
//				Type:     pulumi.String("STATEFUL"),
//				Rules:    invokeFile.Result,
//				Tags: pulumi.StringMap{
//					"Tag1": pulumi.String("Value1"),
//					"Tag2": pulumi.String("Value2"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### Stateful Inspection from rule group specifications using rule variables and Suricata format rules
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
//	"github.com/pulumi/pulumi-std/sdk/go/std"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			invokeFile, err := std.File(ctx, &std.FileArgs{
//				Input: "suricata_rules_file",
//			}, nil)
//			if err != nil {
//				return err
//			}
//			_, err = networkfirewall.NewRuleGroup(ctx, "example", &networkfirewall.RuleGroupArgs{
//				Capacity: pulumi.Int(100),
//				Name:     pulumi.String("example"),
//				Type:     pulumi.String("STATEFUL"),
//				RuleGroup: &networkfirewall.RuleGroupRuleGroupArgs{
//					RuleVariables: &networkfirewall.RuleGroupRuleGroupRuleVariablesArgs{
//						IpSets: networkfirewall.RuleGroupRuleGroupRuleVariablesIpSetArray{
//							&networkfirewall.RuleGroupRuleGroupRuleVariablesIpSetArgs{
//								Key: pulumi.String("WEBSERVERS_HOSTS"),
//								IpSet: &networkfirewall.RuleGroupRuleGroupRuleVariablesIpSetIpSetArgs{
//									Definitions: pulumi.StringArray{
//										pulumi.String("10.0.0.0/16"),
//										pulumi.String("10.0.1.0/24"),
//										pulumi.String("192.168.0.0/16"),
//									},
//								},
//							},
//							&networkfirewall.RuleGroupRuleGroupRuleVariablesIpSetArgs{
//								Key: pulumi.String("EXTERNAL_HOST"),
//								IpSet: &networkfirewall.RuleGroupRuleGroupRuleVariablesIpSetIpSetArgs{
//									Definitions: pulumi.StringArray{
//										pulumi.String("1.2.3.4/32"),
//									},
//								},
//							},
//						},
//						PortSets: networkfirewall.RuleGroupRuleGroupRuleVariablesPortSetArray{
//							&networkfirewall.RuleGroupRuleGroupRuleVariablesPortSetArgs{
//								Key: pulumi.String("HTTP_PORTS"),
//								PortSet: &networkfirewall.RuleGroupRuleGroupRuleVariablesPortSetPortSetArgs{
//									Definitions: pulumi.StringArray{
//										pulumi.String("443"),
//										pulumi.String("80"),
//									},
//								},
//							},
//						},
//					},
//					RulesSource: &networkfirewall.RuleGroupRuleGroupRulesSourceArgs{
//						RulesString: invokeFile.Result,
//					},
//				},
//				Tags: pulumi.StringMap{
//					"Tag1": pulumi.String("Value1"),
//					"Tag2": pulumi.String("Value2"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### Stateless Inspection with a Custom Action
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := networkfirewall.NewRuleGroup(ctx, "example", &networkfirewall.RuleGroupArgs{
//				Description: pulumi.String("Stateless Rate Limiting Rule"),
//				Capacity:    pulumi.Int(100),
//				Name:        pulumi.String("example"),
//				Type:        pulumi.String("STATELESS"),
//				RuleGroup: &networkfirewall.RuleGroupRuleGroupArgs{
//					RulesSource: &networkfirewall.RuleGroupRuleGroupRulesSourceArgs{
//						StatelessRulesAndCustomActions: &networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsArgs{
//							CustomActions: networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionArray{
//								&networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionArgs{
//									ActionDefinition: &networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionArgs{
//										PublishMetricAction: &networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricActionArgs{
//											Dimensions: networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricActionDimensionArray{
//												&networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricActionDimensionArgs{
//													Value: pulumi.String("2"),
//												},
//											},
//										},
//									},
//									ActionName: pulumi.String("ExampleMetricsAction"),
//								},
//							},
//							StatelessRules: networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleArray{
//								&networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleArgs{
//									Priority: pulumi.Int(1),
//									RuleDefinition: &networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionArgs{
//										Actions: pulumi.StringArray{
//											pulumi.String("aws:pass"),
//											pulumi.String("ExampleMetricsAction"),
//										},
//										MatchAttributes: &networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesArgs{
//											Sources: networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSourceArray{
//												&networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSourceArgs{
//													AddressDefinition: pulumi.String("1.2.3.4/32"),
//												},
//											},
//											SourcePorts: networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSourcePortArray{
//												&networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSourcePortArgs{
//													FromPort: pulumi.Int(443),
//													ToPort:   pulumi.Int(443),
//												},
//											},
//											Destinations: networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestinationArray{
//												&networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestinationArgs{
//													AddressDefinition: pulumi.String("124.1.1.5/32"),
//												},
//											},
//											DestinationPorts: networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestinationPortArray{
//												&networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestinationPortArgs{
//													FromPort: pulumi.Int(443),
//													ToPort:   pulumi.Int(443),
//												},
//											},
//											Protocols: pulumi.IntArray{
//												pulumi.Int(6),
//											},
//											TcpFlags: networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesTcpFlagArray{
//												&networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesTcpFlagArgs{
//													Flags: pulumi.StringArray{
//														pulumi.String("SYN"),
//													},
//													Masks: pulumi.StringArray{
//														pulumi.String("SYN"),
//														pulumi.String("ACK"),
//													},
//												},
//											},
//										},
//									},
//								},
//							},
//						},
//					},
//				},
//				Tags: pulumi.StringMap{
//					"Tag1": pulumi.String("Value1"),
//					"Tag2": pulumi.String("Value2"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### IP Set References to the Rule Group
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			_, err := networkfirewall.NewRuleGroup(ctx, "example", &networkfirewall.RuleGroupArgs{
//				Capacity: pulumi.Int(100),
//				Name:     pulumi.String("example"),
//				Type:     pulumi.String("STATEFUL"),
//				RuleGroup: &networkfirewall.RuleGroupRuleGroupArgs{
//					RulesSource: &networkfirewall.RuleGroupRuleGroupRulesSourceArgs{
//						RulesSourceList: &networkfirewall.RuleGroupRuleGroupRulesSourceRulesSourceListArgs{
//							GeneratedRulesType: pulumi.String("DENYLIST"),
//							TargetTypes: pulumi.StringArray{
//								pulumi.String("HTTP_HOST"),
//							},
//							Targets: pulumi.StringArray{
//								pulumi.String("test.example.com"),
//							},
//						},
//					},
//					ReferenceSets: &networkfirewall.RuleGroupRuleGroupReferenceSetsArgs{
//						IpSetReferences: networkfirewall.RuleGroupRuleGroupReferenceSetsIpSetReferenceArray{
//							&networkfirewall.RuleGroupRuleGroupReferenceSetsIpSetReferenceArgs{
//								Key: pulumi.String("example"),
//								IpSetReferences: networkfirewall.RuleGroupRuleGroupReferenceSetsIpSetReferenceIpSetReferenceArray{
//									&networkfirewall.RuleGroupRuleGroupReferenceSetsIpSetReferenceIpSetReferenceArgs{
//										ReferenceArn: pulumi.Any(this.Arn),
//									},
//								},
//							},
//						},
//					},
//				},
//				Tags: pulumi.StringMap{
//					"Tag1": pulumi.String("Value1"),
//					"Tag2": pulumi.String("Value2"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ## Import
//
// Using `pulumi import`, import Network Firewall Rule Groups using their `arn`. For example:
//
// ```sh
// $ pulumi import aws:networkfirewall/ruleGroup:RuleGroup example arn:aws:network-firewall:us-west-1:123456789012:stateful-rulegroup/example
// ```
type RuleGroup struct {
	pulumi.CustomResourceState

	// The Amazon Resource Name (ARN) that identifies the rule group.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The maximum number of operating resources that this rule group can use. For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules. For a stateful rule group, the minimum capacity required is the number of individual rules.
	Capacity pulumi.IntOutput `pulumi:"capacity"`
	// A friendly description of the rule group.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// KMS encryption configuration settings. See Encryption Configuration below for details.
	EncryptionConfiguration RuleGroupEncryptionConfigurationPtrOutput `pulumi:"encryptionConfiguration"`
	// A friendly name of the rule group.
	Name pulumi.StringOutput `pulumi:"name"`
	// A configuration block that defines the rule group rules. Required unless `rules` is specified. See Rule Group below for details.
	RuleGroup RuleGroupRuleGroupOutput `pulumi:"ruleGroup"`
	// The stateful rule group rules specifications in Suricata file format, with one rule per line. Use this to import your existing Suricata compatible rule groups. Required unless `ruleGroup` is specified.
	Rules pulumi.StringPtrOutput `pulumi:"rules"`
	// A map of key:value pairs to associate with the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
	// A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
	// Whether the rule group is stateless (containing stateless rules) or stateful (containing stateful rules). Valid values include: `STATEFUL` or `STATELESS`.
	Type pulumi.StringOutput `pulumi:"type"`
	// A string token used when updating the rule group.
	UpdateToken pulumi.StringOutput `pulumi:"updateToken"`
}

// NewRuleGroup registers a new resource with the given unique name, arguments, and options.
func NewRuleGroup(ctx *pulumi.Context,
	name string, args *RuleGroupArgs, opts ...pulumi.ResourceOption) (*RuleGroup, error) {
	if args == nil {
		return nil, errors.New("missing one or more required arguments")
	}

	if args.Capacity == nil {
		return nil, errors.New("invalid value for required argument 'Capacity'")
	}
	if args.Type == nil {
		return nil, errors.New("invalid value for required argument 'Type'")
	}
	opts = internal.PkgResourceDefaultOpts(opts)
	var resource RuleGroup
	err := ctx.RegisterResource("aws:networkfirewall/ruleGroup:RuleGroup", name, args, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// GetRuleGroup gets an existing RuleGroup resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetRuleGroup(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *RuleGroupState, opts ...pulumi.ResourceOption) (*RuleGroup, error) {
	var resource RuleGroup
	err := ctx.ReadResource("aws:networkfirewall/ruleGroup:RuleGroup", name, id, state, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// Input properties used for looking up and filtering RuleGroup resources.
type ruleGroupState struct {
	// The Amazon Resource Name (ARN) that identifies the rule group.
	Arn *string `pulumi:"arn"`
	// The maximum number of operating resources that this rule group can use. For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules. For a stateful rule group, the minimum capacity required is the number of individual rules.
	Capacity *int `pulumi:"capacity"`
	// A friendly description of the rule group.
	Description *string `pulumi:"description"`
	// KMS encryption configuration settings. See Encryption Configuration below for details.
	EncryptionConfiguration *RuleGroupEncryptionConfiguration `pulumi:"encryptionConfiguration"`
	// A friendly name of the rule group.
	Name *string `pulumi:"name"`
	// A configuration block that defines the rule group rules. Required unless `rules` is specified. See Rule Group below for details.
	RuleGroup *RuleGroupRuleGroup `pulumi:"ruleGroup"`
	// The stateful rule group rules specifications in Suricata file format, with one rule per line. Use this to import your existing Suricata compatible rule groups. Required unless `ruleGroup` is specified.
	Rules *string `pulumi:"rules"`
	// A map of key:value pairs to associate with the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags map[string]string `pulumi:"tags"`
	// A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll map[string]string `pulumi:"tagsAll"`
	// Whether the rule group is stateless (containing stateless rules) or stateful (containing stateful rules). Valid values include: `STATEFUL` or `STATELESS`.
	Type *string `pulumi:"type"`
	// A string token used when updating the rule group.
	UpdateToken *string `pulumi:"updateToken"`
}

type RuleGroupState struct {
	// The Amazon Resource Name (ARN) that identifies the rule group.
	Arn pulumi.StringPtrInput
	// The maximum number of operating resources that this rule group can use. For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules. For a stateful rule group, the minimum capacity required is the number of individual rules.
	Capacity pulumi.IntPtrInput
	// A friendly description of the rule group.
	Description pulumi.StringPtrInput
	// KMS encryption configuration settings. See Encryption Configuration below for details.
	EncryptionConfiguration RuleGroupEncryptionConfigurationPtrInput
	// A friendly name of the rule group.
	Name pulumi.StringPtrInput
	// A configuration block that defines the rule group rules. Required unless `rules` is specified. See Rule Group below for details.
	RuleGroup RuleGroupRuleGroupPtrInput
	// The stateful rule group rules specifications in Suricata file format, with one rule per line. Use this to import your existing Suricata compatible rule groups. Required unless `ruleGroup` is specified.
	Rules pulumi.StringPtrInput
	// A map of key:value pairs to associate with the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll pulumi.StringMapInput
	// Whether the rule group is stateless (containing stateless rules) or stateful (containing stateful rules). Valid values include: `STATEFUL` or `STATELESS`.
	Type pulumi.StringPtrInput
	// A string token used when updating the rule group.
	UpdateToken pulumi.StringPtrInput
}

func (RuleGroupState) ElementType() reflect.Type {
	return reflect.TypeOf((*ruleGroupState)(nil)).Elem()
}

type ruleGroupArgs struct {
	// The maximum number of operating resources that this rule group can use. For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules. For a stateful rule group, the minimum capacity required is the number of individual rules.
	Capacity int `pulumi:"capacity"`
	// A friendly description of the rule group.
	Description *string `pulumi:"description"`
	// KMS encryption configuration settings. See Encryption Configuration below for details.
	EncryptionConfiguration *RuleGroupEncryptionConfiguration `pulumi:"encryptionConfiguration"`
	// A friendly name of the rule group.
	Name *string `pulumi:"name"`
	// A configuration block that defines the rule group rules. Required unless `rules` is specified. See Rule Group below for details.
	RuleGroup *RuleGroupRuleGroup `pulumi:"ruleGroup"`
	// The stateful rule group rules specifications in Suricata file format, with one rule per line. Use this to import your existing Suricata compatible rule groups. Required unless `ruleGroup` is specified.
	Rules *string `pulumi:"rules"`
	// A map of key:value pairs to associate with the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags map[string]string `pulumi:"tags"`
	// Whether the rule group is stateless (containing stateless rules) or stateful (containing stateful rules). Valid values include: `STATEFUL` or `STATELESS`.
	Type string `pulumi:"type"`
}

// The set of arguments for constructing a RuleGroup resource.
type RuleGroupArgs struct {
	// The maximum number of operating resources that this rule group can use. For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules. For a stateful rule group, the minimum capacity required is the number of individual rules.
	Capacity pulumi.IntInput
	// A friendly description of the rule group.
	Description pulumi.StringPtrInput
	// KMS encryption configuration settings. See Encryption Configuration below for details.
	EncryptionConfiguration RuleGroupEncryptionConfigurationPtrInput
	// A friendly name of the rule group.
	Name pulumi.StringPtrInput
	// A configuration block that defines the rule group rules. Required unless `rules` is specified. See Rule Group below for details.
	RuleGroup RuleGroupRuleGroupPtrInput
	// The stateful rule group rules specifications in Suricata file format, with one rule per line. Use this to import your existing Suricata compatible rule groups. Required unless `ruleGroup` is specified.
	Rules pulumi.StringPtrInput
	// A map of key:value pairs to associate with the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// Whether the rule group is stateless (containing stateless rules) or stateful (containing stateful rules). Valid values include: `STATEFUL` or `STATELESS`.
	Type pulumi.StringInput
}

func (RuleGroupArgs) ElementType() reflect.Type {
	return reflect.TypeOf((*ruleGroupArgs)(nil)).Elem()
}

type RuleGroupInput interface {
	pulumi.Input

	ToRuleGroupOutput() RuleGroupOutput
	ToRuleGroupOutputWithContext(ctx context.Context) RuleGroupOutput
}

func (*RuleGroup) ElementType() reflect.Type {
	return reflect.TypeOf((**RuleGroup)(nil)).Elem()
}

func (i *RuleGroup) ToRuleGroupOutput() RuleGroupOutput {
	return i.ToRuleGroupOutputWithContext(context.Background())
}

func (i *RuleGroup) ToRuleGroupOutputWithContext(ctx context.Context) RuleGroupOutput {
	return pulumi.ToOutputWithContext(ctx, i).(RuleGroupOutput)
}

// RuleGroupArrayInput is an input type that accepts RuleGroupArray and RuleGroupArrayOutput values.
// You can construct a concrete instance of `RuleGroupArrayInput` via:
//
//	RuleGroupArray{ RuleGroupArgs{...} }
type RuleGroupArrayInput interface {
	pulumi.Input

	ToRuleGroupArrayOutput() RuleGroupArrayOutput
	ToRuleGroupArrayOutputWithContext(context.Context) RuleGroupArrayOutput
}

type RuleGroupArray []RuleGroupInput

func (RuleGroupArray) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*RuleGroup)(nil)).Elem()
}

func (i RuleGroupArray) ToRuleGroupArrayOutput() RuleGroupArrayOutput {
	return i.ToRuleGroupArrayOutputWithContext(context.Background())
}

func (i RuleGroupArray) ToRuleGroupArrayOutputWithContext(ctx context.Context) RuleGroupArrayOutput {
	return pulumi.ToOutputWithContext(ctx, i).(RuleGroupArrayOutput)
}

// RuleGroupMapInput is an input type that accepts RuleGroupMap and RuleGroupMapOutput values.
// You can construct a concrete instance of `RuleGroupMapInput` via:
//
//	RuleGroupMap{ "key": RuleGroupArgs{...} }
type RuleGroupMapInput interface {
	pulumi.Input

	ToRuleGroupMapOutput() RuleGroupMapOutput
	ToRuleGroupMapOutputWithContext(context.Context) RuleGroupMapOutput
}

type RuleGroupMap map[string]RuleGroupInput

func (RuleGroupMap) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*RuleGroup)(nil)).Elem()
}

func (i RuleGroupMap) ToRuleGroupMapOutput() RuleGroupMapOutput {
	return i.ToRuleGroupMapOutputWithContext(context.Background())
}

func (i RuleGroupMap) ToRuleGroupMapOutputWithContext(ctx context.Context) RuleGroupMapOutput {
	return pulumi.ToOutputWithContext(ctx, i).(RuleGroupMapOutput)
}

type RuleGroupOutput struct{ *pulumi.OutputState }

func (RuleGroupOutput) ElementType() reflect.Type {
	return reflect.TypeOf((**RuleGroup)(nil)).Elem()
}

func (o RuleGroupOutput) ToRuleGroupOutput() RuleGroupOutput {
	return o
}

func (o RuleGroupOutput) ToRuleGroupOutputWithContext(ctx context.Context) RuleGroupOutput {
	return o
}

// The Amazon Resource Name (ARN) that identifies the rule group.
func (o RuleGroupOutput) Arn() pulumi.StringOutput {
	return o.ApplyT(func(v *RuleGroup) pulumi.StringOutput { return v.Arn }).(pulumi.StringOutput)
}

// The maximum number of operating resources that this rule group can use. For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules. For a stateful rule group, the minimum capacity required is the number of individual rules.
func (o RuleGroupOutput) Capacity() pulumi.IntOutput {
	return o.ApplyT(func(v *RuleGroup) pulumi.IntOutput { return v.Capacity }).(pulumi.IntOutput)
}

// A friendly description of the rule group.
func (o RuleGroupOutput) Description() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *RuleGroup) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput)
}

// KMS encryption configuration settings. See Encryption Configuration below for details.
func (o RuleGroupOutput) EncryptionConfiguration() RuleGroupEncryptionConfigurationPtrOutput {
	return o.ApplyT(func(v *RuleGroup) RuleGroupEncryptionConfigurationPtrOutput { return v.EncryptionConfiguration }).(RuleGroupEncryptionConfigurationPtrOutput)
}

// A friendly name of the rule group.
func (o RuleGroupOutput) Name() pulumi.StringOutput {
	return o.ApplyT(func(v *RuleGroup) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput)
}

// A configuration block that defines the rule group rules. Required unless `rules` is specified. See Rule Group below for details.
func (o RuleGroupOutput) RuleGroup() RuleGroupRuleGroupOutput {
	return o.ApplyT(func(v *RuleGroup) RuleGroupRuleGroupOutput { return v.RuleGroup }).(RuleGroupRuleGroupOutput)
}

// The stateful rule group rules specifications in Suricata file format, with one rule per line. Use this to import your existing Suricata compatible rule groups. Required unless `ruleGroup` is specified.
func (o RuleGroupOutput) Rules() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *RuleGroup) pulumi.StringPtrOutput { return v.Rules }).(pulumi.StringPtrOutput)
}

// A map of key:value pairs to associate with the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
func (o RuleGroupOutput) Tags() pulumi.StringMapOutput {
	return o.ApplyT(func(v *RuleGroup) pulumi.StringMapOutput { return v.Tags }).(pulumi.StringMapOutput)
}

// A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
//
// Deprecated: Please use `tags` instead.
func (o RuleGroupOutput) TagsAll() pulumi.StringMapOutput {
	return o.ApplyT(func(v *RuleGroup) pulumi.StringMapOutput { return v.TagsAll }).(pulumi.StringMapOutput)
}

// Whether the rule group is stateless (containing stateless rules) or stateful (containing stateful rules). Valid values include: `STATEFUL` or `STATELESS`.
func (o RuleGroupOutput) Type() pulumi.StringOutput {
	return o.ApplyT(func(v *RuleGroup) pulumi.StringOutput { return v.Type }).(pulumi.StringOutput)
}

// A string token used when updating the rule group.
func (o RuleGroupOutput) UpdateToken() pulumi.StringOutput {
	return o.ApplyT(func(v *RuleGroup) pulumi.StringOutput { return v.UpdateToken }).(pulumi.StringOutput)
}

type RuleGroupArrayOutput struct{ *pulumi.OutputState }

func (RuleGroupArrayOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*RuleGroup)(nil)).Elem()
}

func (o RuleGroupArrayOutput) ToRuleGroupArrayOutput() RuleGroupArrayOutput {
	return o
}

func (o RuleGroupArrayOutput) ToRuleGroupArrayOutputWithContext(ctx context.Context) RuleGroupArrayOutput {
	return o
}

func (o RuleGroupArrayOutput) Index(i pulumi.IntInput) RuleGroupOutput {
	return pulumi.All(o, i).ApplyT(func(vs []interface{}) *RuleGroup {
		return vs[0].([]*RuleGroup)[vs[1].(int)]
	}).(RuleGroupOutput)
}

type RuleGroupMapOutput struct{ *pulumi.OutputState }

func (RuleGroupMapOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*RuleGroup)(nil)).Elem()
}

func (o RuleGroupMapOutput) ToRuleGroupMapOutput() RuleGroupMapOutput {
	return o
}

func (o RuleGroupMapOutput) ToRuleGroupMapOutputWithContext(ctx context.Context) RuleGroupMapOutput {
	return o
}

func (o RuleGroupMapOutput) MapIndex(k pulumi.StringInput) RuleGroupOutput {
	return pulumi.All(o, k).ApplyT(func(vs []interface{}) *RuleGroup {
		return vs[0].(map[string]*RuleGroup)[vs[1].(string)]
	}).(RuleGroupOutput)
}

func init() {
	pulumi.RegisterInputType(reflect.TypeOf((*RuleGroupInput)(nil)).Elem(), &RuleGroup{})
	pulumi.RegisterInputType(reflect.TypeOf((*RuleGroupArrayInput)(nil)).Elem(), RuleGroupArray{})
	pulumi.RegisterInputType(reflect.TypeOf((*RuleGroupMapInput)(nil)).Elem(), RuleGroupMap{})
	pulumi.RegisterOutputType(RuleGroupOutput{})
	pulumi.RegisterOutputType(RuleGroupArrayOutput{})
	pulumi.RegisterOutputType(RuleGroupMapOutput{})
}