NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwFirewallConfig

Network Firewall firewall configuration. Use this configuration to define a Network Firewall firewall. An AWS Network Firewall firewall connects a firewall policy, which defines network traffic monitoring and filtering behavior, to the VPC that you want to protect. The firewall configuration includes specifications for the Availability Zones and subnets where the firewall endpoints are placed. It also defines high-level settings like the firewall logging configuration and tagging on the AWS firewall resource.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html.

The following example creates a firewall named accelerator-nfw in the VPC named Network-Inspection. Firewall endpoints are deployed to the subnets named Subnet-A and Subnet-B in that VPC.

Example

- name: accelerator-nfw
description: Accelerator Firewall
firewallPolicy: accelerator-nfw-policy
subnets:
- Subnet-A
- Subnet-B
vpc: Network-Inspection
loggingConfiguration:
- destination: s3
type: ALERT
tags: []

Hierarchy

  • NfwFirewallConfig

Implements

Constructors

Properties

deleteProtection: undefined | boolean = undefined

(OPTIONAL) Enable for deletion protection on the firewall.

description: undefined | string = undefined

(OPTIONAL) A description for the firewall.

firewallPolicy: string = ''

The friendly name of the Network Firewall policy.

Remarks

This is the logical name property of the policy as defined in network-config.yaml.

See

NfwFirewallPolicyConfig

firewallPolicyChangeProtection: undefined | boolean = undefined

(OPTIONAL) Enable to disallow firewall policy changes.

loggingConfiguration: undefined | NfwLoggingConfig[] = undefined

(OPTIONAL) An array of Network Firewall logging configurations.

See

NfwLoggingConfig

name: string = ''

A friendly name for the firewall.

Remarks

CAUTION: Changing this property value after initial deployment causes the firewall to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

subnetChangeProtection: undefined | boolean = undefined

(OPTIONAL) Enable to disallow firewall subnet changes.

subnets: string[] = []

An array of the friendly names of subnets to deploy Network Firewall to.

Remarks

This is the logical name property of the subnets as defined in network-config.yaml. The listed subnets must exist in the VPC referenced in the vpc property.

tags: undefined | Tag[] = undefined

(OPTIONAL) An array of tags for the firewall.

vpc: string = ''

The friendly name of the VPC to deploy Network Firewall to.

Remarks

CAUTION: Changing this property value after initial deployment causes the firewall to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

This is the logical name property of the VPC as defined in network-config.yaml.

See

VpcConfig

Generated using TypeDoc