Configuration templates to create AWS Network Firewall related settings including Firewall endpoints, Firewall Rule Policies, and Firewall Rule Groups (Stateful and Stateless) used to deploy network protections for VPC resources by enforcing traffic flows, filtering URLs, and inspecting traffic for vulnerabilities using IPS signatures.

A Config rule that checks if an AWS Network Firewall policy is configured with a user defined stateless default action for fragmented packets. The rule is NON_COMPLIANT if stateless default action for fragmented packets does not match with user defined default action.

A Config rule that checks if an AWS Network Firewall policy is configured with a user defined default stateless action for full packets. This rule is NON_COMPLIANT if default stateless action for full packets does not match with user defined default stateless action.

A Config rule to check AWS Network Firewall policy is associated with stateful OR stateless rule groups. This rule is NON_COMPLIANT if no stateful or stateless rule groups are associated with the Network Firewall policy else COMPLIANT if any one of the rule group exists.

A Config rule that checks if a Stateless Network Firewall Rule Group contains rules. The rule is NON_COMPLIANT if there are no rules in a Stateless Network Firewall Rule Group.