AWS Network Firewall Firewall
This page shows how to write Terraform and CloudFormation for Network Firewall Firewall and write them securely.
aws_networkfirewall_firewall (Terraform)
The Firewall in Network Firewall can be configured in Terraform with the resource name aws_networkfirewall_firewall. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_networkfirewall_firewall" "example" {
firewall_policy_arn = aws_networkfirewall_firewall_policy.test-firewall-policy.arn
name = var.firewall-name
vpc_id = aws_vpc.default.id
subnet_mapping {
subnet_id = aws_subnet.firewall.id
resource "aws_networkfirewall_firewall" "this" {
name = local.name
description = "allow domain list"
firewall_policy_arn = aws_networkfirewall_firewall_policy.this.arn
vpc_id = aws_vpc.this.id
resource "aws_networkfirewall_firewall" "default" {
vpc_id = aws_vpc.vpc_10_111_0_0.id
name = "transit-gateway-centralized-east-west-net-fw"
firewall_policy_arn = aws_networkfirewall_firewall_policy.default.arn
subnet_mapping {
resource "aws_networkfirewall_firewall" "this" {
name = "AWSNetworkFirewall"
firewall_policy_arn = aws_networkfirewall_firewall_policy.this.arn
vpc_id = module.inspection_vpc.vpc_id
subnet_mapping {
subnet_id = module.inspection_vpc.private_subnets[1]
Parameters
-
arnoptional computed - string -
delete_protectionoptional - bool -
descriptionoptional - string -
firewall_policy_arnrequired - string -
firewall_policy_change_protectionoptional - bool -
firewall_statusoptional computed - list of object-
sync_states- set of object-
attachment- list of object-
endpoint_id- string -
subnet_id- string
-
-
availability_zone- string
-
-
-
idoptional computed - string -
namerequired - string -
subnet_change_protectionoptional - bool -
tagsoptional - map from string to string -
update_tokenoptional computed - string -
vpc_idrequired - string -
subnet_mappingset block-
subnet_idrequired - string
-
Explanation in Terraform Registry
Provides an AWS Network Firewall Firewall Resource
AWS::NetworkFirewall::Firewall (CloudFormation)
The Firewall in NetworkFirewall can be configured in CloudFormation with the resource name AWS::NetworkFirewall::Firewall. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::NetworkFirewall::Firewall
Properties:
FirewallName: !Sub ${AWS::StackName}
FirewallPolicyArn: !Ref SampleFirewallPolicy
VpcId: !Ref SampleVPC
SubnetMappings:
Type: AWS::NetworkFirewall::Firewall
Properties:
FirewallName: !Sub "aws-network-firewall-${AWS::StackName}"
FirewallPolicyArn: !Ref EgressFirewallPolicy
VpcId: !Ref SpokeVpcA
SubnetMappings:
Type: "AWS::NetworkFirewall::FirewallPolicy"
Properties:
FirewallPolicyName: "starting-allows"
FirewallPolicy:
StatelessDefaultActions:
- "aws:forward_to_sfe"
Type: AWS::NetworkFirewall::Firewall
Properties:
FirewallName: AWSNetworkFirewall
FirewallPolicyArn: !Ref NetworkFirewallPolicy
VpcId: !Ref VPC
SubnetMappings:
Type: 'AWS::NetworkFirewall::FirewallPolicy'
Properties:
FirewallPolicyName: AWS-Network-Firewall-Policy
FirewallPolicy:
StatelessDefaultActions:
- 'aws:pass'
"resourceType": "AWS::NetworkFirewall::Firewall",
"resourceId": "f80c47ff-8cd0-46f9-aeb7-e4093414f0ed",
"resourceName": "unicron"
}
],
"ResponseMetadata": {}
"resourceType": "AWS::NetworkFirewall::Firewall",
"resourceId": "f80c47ff-8cd0-46f9-aeb7-e4093414f0ed",
"resourceName": "unicron"
}
],
"ResponseMetadata": {}
"resourceType": "AWS::NetworkFirewall::Firewall",
"resourceId": "f80c47ff-8cd0-46f9-aeb7-e4093414f0ed",
"resourceName": "unicron",
"awsRegion": "us-east-2",
"availabilityZone": "Multiple Availability Zones",
"resourceCreationTime": {
"resourceType": "AWS::NetworkFirewall::Firewall",
"resourceId": "f80c47ff-8cd0-46f9-aeb7-e4093414f0ed",
"resourceName": "unicron",
"awsRegion": "us-east-2",
"availabilityZone": "Multiple Availability Zones",
"resourceCreationTime": {
"AWS::NetworkFirewall::FirewallPolicy": {
"Type": "AWS::NetworkFirewall::FirewallPolicy",
"Properties": {}
},
"AWS::GuardDuty::Master": {
"Type": "AWS::GuardDuty::Master",
Parameters
-
FirewallNamerequired - String -
FirewallPolicyArnrequired - String -
VpcIdrequired - String -
SubnetMappingsrequired - List of SubnetMapping -
DeleteProtectionoptional - Boolean -
SubnetChangeProtectionoptional - Boolean -
FirewallPolicyChangeProtectionoptional - Boolean -
Descriptionoptional - String -
Tagsoptional - List of Tag
Explanation in CloudFormation Registry
Use the AWS::NetworkFirewall::Firewall to provide stateful, managed, network firewall and intrusion detection and prevention filtering for your VPCs in Amazon VPC. The firewall defines the configuration settings for an AWS Network Firewall firewall. The settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource.
Frequently asked questions
What is AWS Network Firewall Firewall?
AWS Network Firewall Firewall is a resource for Network Firewall of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Network Firewall Firewall?
For Terraform, the toddlers/aws-network-firewall-workflow, pete911/eks-cluster and ericdahl/tf-vpc-sandbox source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the PaulDuvall/aws-5-mins, opstodevops/poc.anfw-cfn and jaredswarren/three-by-three-vpc source code examples are useful. See the CloudFormation Example section for further details.
