This use case is specific to AWS, highlighting actuator specifiers and security group modifiers.
AWS security groups, their virtual stateful firewall implementation that controls traffic for AWS instances and services, support only allow rules. A 'deny' action would unallow an existing rule.
Account/region/security_group_id specification must be supplied for the actuator.
{
"action": "deny",
"actuator": {
"slpf": {
"asset_id": "arn:aws:ec2:us-east-1:123456789012:network-acl/acl-01234567"
}
},
"args": {
"response_requested": "complete",
"slpf": {
"insert_rule": 101,
"direction": "ingress"
}
},
"target": {
"ipv4_connection": {
"src_addr": "1.2.3.4",
"dst_port": 443,
"protocol": "tcp"
}
}
}{
"status": 200,
"results": {
"slpf": {
"rule_number": 101
}
}
}