feat(network-firewall): support network firewall resources (#713)

* feat(network-firewall): network firewall resources to handle deleting with logging configurations

* chore(docs): updating cloud control docs

* chore: aws sdk v2 update, removing legacy tests and mocks, undoing cloud control changes

* chore: reverting cloud control docs

* chore: remove logging config from cloud control

* Update resources/network-firewall-logging-configuration.go

Co-authored-by: Erik Kristensen <[email protected]>

* fix: remove redundant checks in Properties method

* chore: rename to ARN and Name props on firewall resources

* chore: removing loggingConfig prop and returning name on String

---------

Co-authored-by: Erik Kristensen <[email protected]>

Author: wnoonan

go.mod

@@ -6,7 +6,7 @@ toolchain go1.24.5
 
 require (
 	github.com/aws/aws-sdk-go v1.55.7
-	github.com/aws/aws-sdk-go-v2 v1.37.1
+	github.com/aws/aws-sdk-go-v2 v1.37.2
 	github.com/aws/aws-sdk-go-v2/config v1.28.11
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.68
 	github.com/aws/aws-sdk-go-v2/service/apigateway v1.28.12
@@ -15,10 +15,12 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/docdb v1.41.4
 	github.com/aws/aws-sdk-go-v2/service/docdbelastic v1.15.2
 	github.com/aws/aws-sdk-go-v2/service/dsql v1.1.2
+	github.com/aws/aws-sdk-go-v2/service/ec2 v1.239.0
 	github.com/aws/aws-sdk-go-v2/service/ecs v1.54.6
 	github.com/aws/aws-sdk-go-v2/service/efs v1.35.4
 	github.com/aws/aws-sdk-go-v2/service/iam v1.38.10
 	github.com/aws/aws-sdk-go-v2/service/neptunegraph v1.17.3
+	github.com/aws/aws-sdk-go-v2/service/networkfirewall v1.53.0
 	github.com/aws/aws-sdk-go-v2/service/route53profiles v1.4.17
 	github.com/aws/aws-sdk-go-v2/service/s3 v1.72.3
 	github.com/aws/aws-sdk-go-v2/service/s3control v1.52.7
@@ -44,11 +46,10 @@ require (
 require (
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.1 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.1 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.2 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.2 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.27 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ec2 v1.239.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.8 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.1 // indirect

go.sum

@@ -1,9 +1,7 @@
 github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE=
 github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
-github.com/aws/aws-sdk-go-v2 v1.36.3 h1:mJoei2CxPutQVxaATCzDUjcZEjVRdpsiiXi2o38yqWM=
-github.com/aws/aws-sdk-go-v2 v1.36.3/go.mod h1:LLXuLpgzEbD766Z5ECcRmi8AzSwfZItDtmABVkRLGzg=
-github.com/aws/aws-sdk-go-v2 v1.37.1 h1:SMUxeNz3Z6nqGsXv0JuJXc8w5YMtrQMuIBmDx//bBDY=
-github.com/aws/aws-sdk-go-v2 v1.37.1/go.mod h1:9Q0OoGQoboYIAJyslFyF1f5K1Ryddop8gqMhWx/n4Wg=
+github.com/aws/aws-sdk-go-v2 v1.37.2 h1:xkW1iMYawzcmYFYEV0UCMxc8gSsjCGEhBXQkdQywVbo=
+github.com/aws/aws-sdk-go-v2 v1.37.2/go.mod h1:9Q0OoGQoboYIAJyslFyF1f5K1Ryddop8gqMhWx/n4Wg=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc=
 github.com/aws/aws-sdk-go-v2/config v1.28.11 h1:7Ekru0IkRHRnSRWGQLnLN6i0o1Jncd0rHo2T130+tEQ=
@@ -12,14 +10,10 @@ github.com/aws/aws-sdk-go-v2/credentials v1.17.68 h1:cFb9yjI02/sWHBSYXAtkamjzCuR
 github.com/aws/aws-sdk-go-v2/credentials v1.17.68/go.mod h1:H6E+jBzyqUu8u0vGaU6POkK3P0NylYEeRZ6ynBpMqIk=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30 h1:x793wxmUWVDhshP8WW2mlnXuFrO4cOd3HLBroh1paFw=
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.30/go.mod h1:Jpne2tDnYiFascUEs2AWHJL9Yp7A5ZVy3TNyxaAjD6M=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34 h1:ZK5jHhnrioRkUNOc+hOgQKlUL5JeC3S6JgLxtQ+Rm0Q=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.34/go.mod h1:p4VfIceZokChbA9FzMbRGz5OV+lekcVtHlPKEO0gSZY=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.1 h1:ksZXBYv80EFTcgc8OJO48aQ8XDWXIQL7gGasPeCoTzI=
-github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.1/go.mod h1:HSksQyyJETVZS7uM54cir0IgxttTD+8aEoJMPGepHBI=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34 h1:SZwFm17ZUNNg5Np0ioo/gq8Mn6u9w19Mri8DnJ15Jf0=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.34/go.mod h1:dFZsC0BLo346mvKQLWmoJxT+Sjp+qcVR1tRVHQGOH9Q=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.1 h1:+dn/xF/05utS7tUhjIcndbuaPjfll2LhbH1cCDGLYUQ=
-github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.1/go.mod h1:hyAGz30LHdm5KBZDI58MXx5lDVZ5CUfvfTZvMu4HCZo=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.2 h1:sPiRHLVUIIQcoVZTNwqQcdtjkqkPopyYmIX0M5ElRf4=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.2/go.mod h1:ik86P3sgV+Bk7c1tBFCwI3VxMoSEwl4YkRB9xn1s340=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.2 h1:ZdzDAg075H6stMZtbD2o+PyB933M/f20e9WmCBC17wA=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.2/go.mod h1:eE1IIzXG9sdZCB0pNNpMpsYTLl4YdOQD3njiVN1e/E4=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 h1:VaRN3TlFdd6KxX1x3ILT5ynH6HvKgqdiXoTxAF4HQcQ=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.27 h1:AmB5QxnD+fBFrg9LcqzkgF/CaYvMyU/BTlejG4t1S7Q=
@@ -44,20 +38,18 @@ github.com/aws/aws-sdk-go-v2/service/efs v1.35.4 h1:QJHwC9X5TxJJGdesIJP65gAsu0gX
 github.com/aws/aws-sdk-go-v2/service/efs v1.35.4/go.mod h1:XT6hcgC1HV33EBGPWdXnbgyeqND4k43qX3argLyEZM8=
 github.com/aws/aws-sdk-go-v2/service/iam v1.38.10 h1:u/MwkFwRkKRDvy7D76/khJTk8HMp4mC5sZKErU53jos=
 github.com/aws/aws-sdk-go-v2/service/iam v1.38.10/go.mod h1:Gid0WEVky3EWbkeXiS67kHhbiK+q3/wO/hvPh7plR0c=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b5IzM/lum78bZ590jy36+d/aFLgKF/4Vd1xPE=
-github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 h1:6+lZi2JeGKtCraAj1rpoZfKqnQ9SptseRZioejfUOLM=
 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0/go.mod h1:eb3gfbVIxIoGgJsi9pGne19dhCBpK6opTYpQqAmdy44=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.8 h1:iwYS40JnrBeA9e9aI5S6KKN4EB2zR4iUVYN0nwVivz4=
 github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.8/go.mod h1:Fm9Mi+ApqmFiknZtGpohVcBGvpTu542VC4XO9YudRi0=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM=
-github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.1 h1:ky79ysLMxhwk5rxJtS+ILd3Mc8kC5fhsLBrP27r6h4I=
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.1/go.mod h1:+2MmkvFvPYM1vsozBWduoLJUi5maxFk5B7KJFECujhY=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.10 h1:fXoWC2gi7tdJYNTPnnlSGzEVwewUchOi8xVq/dkg8Qs=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.10/go.mod h1:cvzBApD5dVazHU8C2rbBQzzzsKc8m5+wNJ9mCRZLKPc=
 github.com/aws/aws-sdk-go-v2/service/neptunegraph v1.17.3 h1:Rmf+YcRUYpa9w5oWhFgqEEUOebYBAjpZZB2wiUdOLgc=
 github.com/aws/aws-sdk-go-v2/service/neptunegraph v1.17.3/go.mod h1:y+/vnOi8XZPLM7+4s+70LnVB5I7PK+we8XvjcDvf82Q=
+github.com/aws/aws-sdk-go-v2/service/networkfirewall v1.53.0 h1:FHl1QPk+MTUjcbGtnNfcVnq5bPkP71Tbzt++qQ/dCnY=
+github.com/aws/aws-sdk-go-v2/service/networkfirewall v1.53.0/go.mod h1:EiHBjTVCeOUX045RTpHUuqrtexp4OtSbMLj+nXiaaHw=
 github.com/aws/aws-sdk-go-v2/service/route53profiles v1.4.17 h1:x19QmT0wHVz5v48OqvGY1B18Pdw3Z1XHsc/+eLWRUQ8=
 github.com/aws/aws-sdk-go-v2/service/route53profiles v1.4.17/go.mod h1:Fw3q+gxXdlWm/chYEtIbeILj3bqObPLm7fbn/bPUXaE=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.72.3 h1:WZOmJfCDV+4tYacLxpiojoAdT5sxTfB3nTqQNtZu+J4=
@@ -74,8 +66,6 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.33.20 h1:oIaQ1e17CSKaWmUTu62MtraRWVI
 github.com/aws/aws-sdk-go-v2/service/sts v1.33.20/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4=
 github.com/aws/aws-sdk-go-v2/service/transfer v1.55.5 h1:3CgAcyZciL7KG/8LCEWWoMJfZvgZV2xUzjtNGDlaBVQ=
 github.com/aws/aws-sdk-go-v2/service/transfer v1.55.5/go.mod h1:NJBUE6GjnjqSvexXpU0pj/2w+VEhRk5XPL5rRZpj7bI=
-github.com/aws/smithy-go v1.22.3 h1:Z//5NuZCSW6R4PhQ93hShNbyBbn8BWCmCVCt+Q8Io5k=
-github.com/aws/smithy-go v1.22.3/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
 github.com/aws/smithy-go v1.22.5 h1:P9ATCXPMb2mPjYBgueqJNCA5S9UfktsW0tTxi+a7eqw=
 github.com/aws/smithy-go v1.22.5/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI=
 github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A=

resources/network-firewall-logging-configuration.go

@@ -0,0 +1,105 @@
+package resources
+
+import (
+	"context"
+
+	"github.com/gotidy/ptr"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/networkfirewall"
+	networkfirewalltypes "github.com/aws/aws-sdk-go-v2/service/networkfirewall/types"
+
+	"github.com/ekristen/libnuke/pkg/registry"
+	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
+
+	"github.com/ekristen/aws-nuke/v3/pkg/nuke"
+)
+
+const NetworkFirewallLoggingConfigurationResource = "NetworkFirewallLoggingConfiguration"
+
+func init() {
+	registry.Register(&registry.Registration{
+		Name:                NetworkFirewallLoggingConfigurationResource,
+		Scope:               nuke.Account,
+		Resource:            &NetworkFirewallLoggingConfiguration{},
+		Lister:              &NetworkFirewallLoggingConfigurationLister{},
+		AlternativeResource: "AWS::NetworkFirewall::LoggingConfiguration",
+	})
+}
+
+type NetworkFirewallLoggingConfigurationLister struct{}
+
+func (l *NetworkFirewallLoggingConfigurationLister) List(ctx context.Context, o interface{}) ([]resource.Resource, error) {
+	opts := o.(*nuke.ListerOpts)
+	svc := networkfirewall.NewFromConfig(*opts.Config)
+	resources := make([]resource.Resource, 0)
+
+	params := &networkfirewall.ListFirewallsInput{
+		MaxResults: aws.Int32(100),
+	}
+
+	paginator := networkfirewall.NewListFirewallsPaginator(svc, params)
+	for paginator.HasMorePages() {
+		page, err := paginator.NextPage(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, firewall := range page.Firewalls {
+			loggingParams := &networkfirewall.DescribeLoggingConfigurationInput{
+				FirewallArn: firewall.FirewallArn,
+			}
+			loggingOutput, err := svc.DescribeLoggingConfiguration(ctx, loggingParams)
+			if err != nil {
+				if opts.Logger != nil {
+					opts.Logger.WithError(err).
+						WithField("firewall-arn", ptr.ToString(firewall.FirewallArn)).
+						Warn("failed to describe logging configuration, skipping")
+				}
+				continue
+			}
+
+			if loggingOutput.LoggingConfiguration != nil && len(loggingOutput.LoggingConfiguration.LogDestinationConfigs) > 0 {
+				resources = append(resources, &NetworkFirewallLoggingConfiguration{
+					svc:       svc,
+					accountID: opts.AccountID,
+					ARN:       firewall.FirewallArn,
+					Name:      firewall.FirewallName,
+				})
+			}
+		}
+	}
+
+	return resources, nil
+}
+
+type NetworkFirewallLoggingConfiguration struct {
+	svc       *networkfirewall.Client
+	accountID *string
+	ARN       *string `description:"The ARN of the firewall."`
+	Name      *string `description:"The name of the firewall."`
+}
+
+func (r *NetworkFirewallLoggingConfiguration) Filter() error {
+	return nil
+}
+
+func (r *NetworkFirewallLoggingConfiguration) Remove(ctx context.Context) error {
+	updateParams := &networkfirewall.UpdateLoggingConfigurationInput{
+		FirewallArn: r.ARN,
+		LoggingConfiguration: &networkfirewalltypes.LoggingConfiguration{
+			LogDestinationConfigs: []networkfirewalltypes.LogDestinationConfig{},
+		},
+	}
+	_, err := r.svc.UpdateLoggingConfiguration(ctx, updateParams)
+	return err
+}
+
+func (r *NetworkFirewallLoggingConfiguration) Properties() types.Properties {
+	return types.NewPropertiesFromStruct(r)
+}
+
+func (r *NetworkFirewallLoggingConfiguration) String() string {
+	return ptr.ToString(r.Name)
+}

resources/network-firewall-policy.go

@@ -0,0 +1,81 @@
+package resources
+
+import (
+	"context"
+
+	"github.com/gotidy/ptr"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/networkfirewall"
+
+	"github.com/ekristen/libnuke/pkg/registry"
+	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
+
+	"github.com/ekristen/aws-nuke/v3/pkg/nuke"
+)
+
+const NetworkFirewallPolicyResource = "NetworkFirewallPolicy"
+
+func init() {
+	registry.Register(&registry.Registration{
+		Name:                NetworkFirewallPolicyResource,
+		Scope:               nuke.Account,
+		Resource:            &NetworkFirewallPolicy{},
+		Lister:              &NetworkFirewallPolicyLister{},
+		AlternativeResource: "AWS::NetworkFirewall::FirewallPolicy",
+	})
+}
+
+type NetworkFirewallPolicyLister struct{}
+
+func (l *NetworkFirewallPolicyLister) List(ctx context.Context, o interface{}) ([]resource.Resource, error) {
+	opts := o.(*nuke.ListerOpts)
+	svc := networkfirewall.NewFromConfig(*opts.Config)
+	resources := make([]resource.Resource, 0)
+
+	params := &networkfirewall.ListFirewallPoliciesInput{
+		MaxResults: aws.Int32(100),
+	}
+
+	paginator := networkfirewall.NewListFirewallPoliciesPaginator(svc, params)
+	for paginator.HasMorePages() {
+		page, err := paginator.NextPage(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, policy := range page.FirewallPolicies {
+			resources = append(resources, &NetworkFirewallPolicy{
+				svc:       svc,
+				accountID: opts.AccountID,
+				ARN:       policy.Arn,
+				Name:      policy.Name,
+			})
+		}
+	}
+
+	return resources, nil
+}
+
+type NetworkFirewallPolicy struct {
+	svc       *networkfirewall.Client
+	accountID *string
+	ARN       *string `description:"The ARN of the firewall policy."`
+	Name      *string `description:"The name of the firewall policy."`
+}
+
+func (r *NetworkFirewallPolicy) Remove(ctx context.Context) error {
+	_, err := r.svc.DeleteFirewallPolicy(ctx, &networkfirewall.DeleteFirewallPolicyInput{
+		FirewallPolicyArn: r.ARN,
+	})
+	return err
+}
+
+func (r *NetworkFirewallPolicy) Properties() types.Properties {
+	return types.NewPropertiesFromStruct(r)
+}
+
+func (r *NetworkFirewallPolicy) String() string {
+	return ptr.ToString(r.Name)
+}

resources/network-firewall-rule-group.go

@@ -0,0 +1,81 @@
+package resources
+
+import (
+	"context"
+
+	"github.com/gotidy/ptr"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/networkfirewall"
+
+	"github.com/ekristen/libnuke/pkg/registry"
+	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
+
+	"github.com/ekristen/aws-nuke/v3/pkg/nuke"
+)
+
+const NetworkFirewallRuleGroupResource = "NetworkFirewallRuleGroup"
+
+func init() {
+	registry.Register(&registry.Registration{
+		Name:                NetworkFirewallRuleGroupResource,
+		Scope:               nuke.Account,
+		Resource:            &NetworkFirewallRuleGroup{},
+		Lister:              &NetworkFirewallRuleGroupLister{},
+		AlternativeResource: "AWS::NetworkFirewall::RuleGroup",
+	})
+}
+
+type NetworkFirewallRuleGroupLister struct{}
+
+func (l *NetworkFirewallRuleGroupLister) List(ctx context.Context, o interface{}) ([]resource.Resource, error) {
+	opts := o.(*nuke.ListerOpts)
+	svc := networkfirewall.NewFromConfig(*opts.Config)
+	resources := make([]resource.Resource, 0)
+
+	params := &networkfirewall.ListRuleGroupsInput{
+		MaxResults: aws.Int32(100),
+	}
+
+	paginator := networkfirewall.NewListRuleGroupsPaginator(svc, params)
+	for paginator.HasMorePages() {
+		page, err := paginator.NextPage(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, ruleGroup := range page.RuleGroups {
+			resources = append(resources, &NetworkFirewallRuleGroup{
+				svc:       svc,
+				accountID: opts.AccountID,
+				ARN:       ruleGroup.Arn,
+				Name:      ruleGroup.Name,
+			})
+		}
+	}
+
+	return resources, nil
+}
+
+type NetworkFirewallRuleGroup struct {
+	svc       *networkfirewall.Client
+	accountID *string
+	ARN       *string `description:"The ARN of the rule group."`
+	Name      *string `description:"The name of the rule group."`
+}
+
+func (r *NetworkFirewallRuleGroup) Remove(ctx context.Context) error {
+	_, err := r.svc.DeleteRuleGroup(ctx, &networkfirewall.DeleteRuleGroupInput{
+		RuleGroupArn: r.ARN,
+	})
+	return err
+}
+
+func (r *NetworkFirewallRuleGroup) Properties() types.Properties {
+	return types.NewPropertiesFromStruct(r)
+}
+
+func (r *NetworkFirewallRuleGroup) String() string {
+	return ptr.ToString(r.Name)
+}