AWS Network Firewall Firewall
This page shows how to write Terraform and CloudFormation for Network Firewall Firewall and write them securely.
aws_networkfirewall_firewall (Terraform)
The Firewall in Network Firewall can be configured in Terraform with the resource name aws_networkfirewall_firewall
. The following sections describe 4 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_networkfirewall_firewall" "example" {
firewall_policy_arn = aws_networkfirewall_firewall_policy.test-firewall-policy.arn
name = var.firewall-name
vpc_id = aws_vpc.default.id
subnet_mapping {
subnet_id = aws_subnet.firewall.id
resource "aws_networkfirewall_firewall" "this" {
name = local.name
description = "allow domain list"
firewall_policy_arn = aws_networkfirewall_firewall_policy.this.arn
vpc_id = aws_vpc.this.id
resource "aws_networkfirewall_firewall" "default" {
vpc_id = aws_vpc.vpc_10_111_0_0.id
name = "transit-gateway-centralized-east-west-net-fw"
firewall_policy_arn = aws_networkfirewall_firewall_policy.default.arn
subnet_mapping {
resource "aws_networkfirewall_firewall" "this" {
name = "AWSNetworkFirewall"
firewall_policy_arn = aws_networkfirewall_firewall_policy.this.arn
vpc_id = module.inspection_vpc.vpc_id
subnet_mapping {
subnet_id = module.inspection_vpc.private_subnets[1]
Parameters
-
arn
optional computed - string -
delete_protection
optional - bool -
description
optional - string -
firewall_policy_arn
required - string -
firewall_policy_change_protection
optional - bool -
firewall_status
optional computed - list of object-
sync_states
- set of object-
attachment
- list of object-
endpoint_id
- string -
subnet_id
- string
-
-
availability_zone
- string
-
-
-
id
optional computed - string -
name
required - string -
subnet_change_protection
optional - bool -
tags
optional - map from string to string -
update_token
optional computed - string -
vpc_id
required - string -
subnet_mapping
set block-
subnet_id
required - string
-
Explanation in Terraform Registry
Provides an AWS Network Firewall Firewall Resource
AWS::NetworkFirewall::Firewall (CloudFormation)
The Firewall in NetworkFirewall can be configured in CloudFormation with the resource name AWS::NetworkFirewall::Firewall
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: AWS::NetworkFirewall::Firewall
Properties:
FirewallName: !Sub ${AWS::StackName}
FirewallPolicyArn: !Ref SampleFirewallPolicy
VpcId: !Ref SampleVPC
SubnetMappings:
Type: AWS::NetworkFirewall::Firewall
Properties:
FirewallName: !Sub "aws-network-firewall-${AWS::StackName}"
FirewallPolicyArn: !Ref EgressFirewallPolicy
VpcId: !Ref SpokeVpcA
SubnetMappings:
Type: "AWS::NetworkFirewall::FirewallPolicy"
Properties:
FirewallPolicyName: "starting-allows"
FirewallPolicy:
StatelessDefaultActions:
- "aws:forward_to_sfe"
Type: AWS::NetworkFirewall::Firewall
Properties:
FirewallName: AWSNetworkFirewall
FirewallPolicyArn: !Ref NetworkFirewallPolicy
VpcId: !Ref VPC
SubnetMappings:
Type: 'AWS::NetworkFirewall::FirewallPolicy'
Properties:
FirewallPolicyName: AWS-Network-Firewall-Policy
FirewallPolicy:
StatelessDefaultActions:
- 'aws:pass'
"resourceType": "AWS::NetworkFirewall::Firewall",
"resourceId": "f80c47ff-8cd0-46f9-aeb7-e4093414f0ed",
"resourceName": "unicron"
}
],
"ResponseMetadata": {}
"resourceType": "AWS::NetworkFirewall::Firewall",
"resourceId": "f80c47ff-8cd0-46f9-aeb7-e4093414f0ed",
"resourceName": "unicron"
}
],
"ResponseMetadata": {}
"resourceType": "AWS::NetworkFirewall::Firewall",
"resourceId": "f80c47ff-8cd0-46f9-aeb7-e4093414f0ed",
"resourceName": "unicron",
"awsRegion": "us-east-2",
"availabilityZone": "Multiple Availability Zones",
"resourceCreationTime": {
"resourceType": "AWS::NetworkFirewall::Firewall",
"resourceId": "f80c47ff-8cd0-46f9-aeb7-e4093414f0ed",
"resourceName": "unicron",
"awsRegion": "us-east-2",
"availabilityZone": "Multiple Availability Zones",
"resourceCreationTime": {
"AWS::NetworkFirewall::FirewallPolicy": {
"Type": "AWS::NetworkFirewall::FirewallPolicy",
"Properties": {}
},
"AWS::GuardDuty::Master": {
"Type": "AWS::GuardDuty::Master",
Parameters
-
FirewallName
required - String -
FirewallPolicyArn
required - String -
VpcId
required - String -
SubnetMappings
required - List of SubnetMapping -
DeleteProtection
optional - Boolean -
SubnetChangeProtection
optional - Boolean -
FirewallPolicyChangeProtection
optional - Boolean -
Description
optional - String -
Tags
optional - List of Tag
Explanation in CloudFormation Registry
Use the AWS::NetworkFirewall::Firewall to provide stateful, managed, network firewall and intrusion detection and prevention filtering for your VPCs in Amazon VPC. The firewall defines the configuration settings for an AWS Network Firewall firewall. The settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall AWS resource.
Frequently asked questions
What is AWS Network Firewall Firewall?
AWS Network Firewall Firewall is a resource for Network Firewall of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Network Firewall Firewall?
For Terraform, the toddlers/aws-network-firewall-workflow, pete911/eks-cluster and ericdahl/tf-vpc-sandbox source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the PaulDuvall/aws-5-mins, opstodevops/poc.anfw-cfn and jaredswarren/three-by-three-vpc source code examples are useful. See the CloudFormation Example section for further details.