Interface INfwFirewallConfig

NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwFirewallConfig

Network Firewall firewall configuration.

Description

Use this configuration to define a Network Firewall firewall. An AWS Network Firewall firewall connects a firewall policy, which defines network traffic monitoring and filtering behavior, to the VPC that you want to protect. The firewall configuration includes specifications for the Availability Zones and subnets where the firewall endpoints are placed. It also defines high-level settings like the firewall logging configuration and tagging on the AWS firewall resource.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html.

The following example creates a firewall named accelerator-nfw in the VPC named Network-Inspection. Firewall endpoints are deployed to the subnets named Subnet-A and Subnet-B in that VPC.

Example

- name: accelerator-nfw
  description: Accelerator Firewall
  firewallPolicy: accelerator-nfw-policy
  subnets:
    - Subnet-A
    - Subnet-B
  vpc: Network-Inspection
  loggingConfiguration:
    - destination: s3
      type: ALERT
  tags: []
interface INfwFirewallConfig {
    deleteProtection?: boolean;
    description?: string;
    firewallPolicy: string;
    firewallPolicyChangeProtection?: boolean;
    loggingConfiguration?: INfwLoggingConfig[];
    name: string;
    subnetChangeProtection?: boolean;
    subnets: string[];
    tags?: ITag[];
    vpc: string;
}

Properties

deleteProtection? description? firewallPolicy firewallPolicyChangeProtection? loggingConfiguration? name subnetChangeProtection? subnets tags? vpc

Properties

Optional ReadonlydeleteProtection

deleteProtection?: boolean

(OPTIONAL) Enable for deletion protection on the firewall.

Optional Readonlydescription

description?: string

(OPTIONAL) A description for the firewall.

ReadonlyfirewallPolicy

firewallPolicy: string

The friendly name of the Network Firewall policy or ARN for an existing network firewall policy.

Remarks

This is the logical name property of the policy as defined in network-config.yaml.

See

NfwFirewallPolicyConfig

Optional ReadonlyfirewallPolicyChangeProtection

firewallPolicyChangeProtection?: boolean

(OPTIONAL) Enable to disallow firewall policy changes.

Optional ReadonlyloggingConfiguration

loggingConfiguration?: INfwLoggingConfig[]

(OPTIONAL) An array of Network Firewall logging configurations.

See

NfwLoggingConfig

Readonlyname

name: string

A friendly name for the firewall.

Remarks

CAUTION: Changing this property value after initial deployment causes the firewall to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Optional ReadonlysubnetChangeProtection

subnetChangeProtection?: boolean

(OPTIONAL) Enable to disallow firewall subnet changes.

Readonlysubnets

subnets: string[]

An array of the friendly names of subnets to deploy Network Firewall to.

Remarks

This is the logical name property of the subnets as defined in network-config.yaml. The listed subnets must exist in the VPC referenced in the vpc property.

Optional Readonlytags

tags?: ITag[]

(OPTIONAL) An array of tags for the firewall.

Readonlyvpc

vpc: string

The friendly name of the VPC to deploy Network Firewall to.

Remarks

CAUTION: Changing this property value after initial deployment causes the firewall to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

This is the logical name property of the VPC as defined in network-config.yaml.

See

VpcConfig

Settings

Member Visibility

On This Page

Properties