AWS Network Firewall允许您创建域名列表规则组来指定允许或阻止流量的域名。您可以使用以下代码示例来创建一个区域，定义一个域名列表规则组，并将其应用于网络防火墙策略，以适用于入站流量。

import boto3

# Create clients for EC2 and Network Firewall
ec2 = boto3.client('ec2')
network_firewall = boto3.client('network-firewall')

# Define the domain list
domain_list = ["example.com", "example.net"]

# Create the domain list rule group
response = network_firewall.create_rule_group(
    RuleGroupName='example-domain-list',
    Type='DOMAIN_LIST',
    Capacity=10000,
    DomainList={
        'Domains': domain_list,
        'GenerateWarning': False
    }
)

# Create a firewall policy
response = network_firewall.create_firewall_policy(
    FirewallPolicyName='example-policy',
    FirewallPolicy={'StatefulRuleGroupReferences': []}
)

# Add the domain list rule group to the firewall policy
response = network_firewall.associate_firewall_policy(
    FirewallPolicyArn=response['FirewallPolicyResponse']['FirewallPolicyArn'],
    FirewallPolicyName='example-policy',
    UpdateToken=response['UpdateToken'],
    FirewallPolicyChangeProtection='NO_CHANGE',
    RuleGroupReferences=[{
        "Priority": 100,
        "ResourceArn": response['RuleGroupResponse']['RuleGroupArn']
    }]
)

# Attach the firewall policy to a VPC
response = network_firewall.associate_subnet(
    FirewallArn=response['FirewallArn'],
    SubnetId='subnet-123abcd',
    FirewallName='example-firewall'
)