Interface INfwConfig

NetworkConfig / CentralNetworkServicesConfig / NfwConfig

Network Firewall configuration.

Description

Use this configuration to define Network Firewalls in your environment. AWS Network Firewall is a stateful, managed, network firewall and intrusion detection and prevention service for your virtual private cloud (VPC) that you create in Amazon Virtual Private Cloud (Amazon VPC). With Network Firewall, you can filter traffic at the perimeter of your VPC. This includes filtering traffic going to and coming from an internet gateway, NAT gateway, or over VPN or AWS Direct Connect.

The following example creates a simple Network Firewall rule group, policy, and firewall. The policy and rule group are shared with the entire organization. The firewall endpoints are created in subnets named Subnet-A and Subnet-B in the VPC named Network-Inspection.

Example

networkFirewall:
  firewalls:
    - name: accelerator-nfw
      description: Accelerator Firewall
      firewallPolicy: accelerator-nfw-policy
      subnets:
        - Subnet-A
        - Subnet-B
      vpc: Network-Inspection
      loggingConfiguration:
        - destination: s3
          type: ALERT
      tags: []
  policies:
    - name: accelerator-nfw-policy
      firewallPolicy:
        statelessDefaultActions: ['aws:forward_to_sfe']
        statelessFragmentDefaultActions: ['aws:forward_to_sfe']
        statefulRuleGroups:
          - name: accelerator-stateful-group
        statelessRuleGroups:
          - name: accelerator-stateless-group
            priority: 100
      regions:
        - us-east-1
      shareTargets:
        organizationalUnits:
          - Root
      tags: []
  rules:
    - name: accelerator-stateful-group
      regions:
        - us-east-1
      capacity: 100
      type: STATEFUL
      ruleGroup:
        rulesSource:
          rulesFile: path/to/rules.txt
      shareTargets:
        organizationalUnits:
          - Root
      tags: []
Copy