NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwFirewallPolicyConfig

Network Firewall policy configuration. Use this configuration to define a Network Firewall policy. An AWS Network Firewall firewall policy defines the monitoring and protection behavior for a firewall. The details of the behavior are defined in the rule groups that you add to your policy, and in some policy default settings.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewallpolicy.html

Example

- name: accelerator-nfw-policy
firewallPolicy:
statelessDefaultActions: ['aws:forward_to_sfe']
statelessFragmentDefaultActions: ['aws:forward_to_sfe']
statefulRuleGroups:
- name: accelerator-stateful-group
statelessRuleGroups:
- name: accelerator-stateless-group
priority: 100
regions:
- us-east-1
shareTargets:
organizationalUnits:
- Root
tags: []

Hierarchy

  • NfwFirewallPolicyConfig

Implements

Constructors

Properties

description: undefined | string = undefined

(OPTIONAL) A description for the policy.

firewallPolicy: NfwFirewallPolicyPolicyConfig = ...

Use this property to define specific behaviors and rule groups to associate with the policy.

See

NfwFirewallPolicyPolicyConfig

name: string = ''

A friendly name for the policy.

Remarks

CAUTION: Changing this property value after initial deployment causes the policy to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

regions: string[] = []

The regions to deploy the policy to.

See

Region

shareTargets: undefined | ShareTargets = undefined

(OPTIONAL) Resource Access Manager (RAM) share targets.

Remarks

Targets can be account names and/or organizational units. Targets must be configured for account(s)/OU(s) that require access to the policy. A target is not required for the delegated admin account.

See

ShareTargets

tags: undefined | Tag[] = undefined

(OPTIONAL) An array of tags for the policy.

Generated using TypeDoc