Proper Use of Qualified Name of File in s3 Bucket as Rules String for Network Firewall Rule Group Rules Source

The documentation for the rules_source block of an aws_networkfirewall_rule_group says of the rules_string argument:

The fully qualified name of a file in an S3 bucket that contains Suricata compatible intrusion preventions system (IPS) rules or the Suricata rules as a string.

I see no reference in the API documentation from AWS regarding the use of a file in an S3 bucket for the value for RulesString. However, the CLI documentation does mention it, as follows:

You can provide the rules from a file that you’ve stored in an Amazon S3 bucket, or by providing the rules in a Suricata rules string. To import from Amazon S3, provide the fully qualified name of the file that contains the rules definitions.

I have tried using an S3 URI, and an ARN to an S3 object, but back an error message stating that the “stateful rule is invalid” for “reason: Illegal rule syntax.”

Is it really possible to use the “fully qualified name of a file in an S3 bucket” as the value for rules_string and, if so, can someone provide an example?

Hello, i’m actually asking the same questions.

After trying with terraform, i think its doesn’t work right now.

I have created a github issue in the aws provider repo : [Docs]: AWS networkfirewall_rule_group rules_string can't take S3 URL containing suricata rules · Issue #41632 · hashicorp/terraform-provider-aws · GitHub