Class NfwFirewallConfig

NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwFirewallConfig

Network Firewall firewall configuration. Use this configuration to define a Network Firewall firewall. An AWS Network Firewall firewall connects a firewall policy, which defines network traffic monitoring and filtering behavior, to the VPC that you want to protect. The firewall configuration includes specifications for the Availability Zones and subnets where the firewall endpoints are placed. It also defines high-level settings like the firewall logging configuration and tagging on the AWS firewall resource.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html.

The following example creates a firewall named accelerator-nfw in the VPC named Network-Inspection. Firewall endpoints are deployed to the subnets named Subnet-A and Subnet-B in that VPC.

Example

- name: accelerator-nfw
  description: Accelerator Firewall
  firewallPolicy: accelerator-nfw-policy
  subnets:
    - Subnet-A
    - Subnet-B
  vpc: Network-Inspection
  loggingConfiguration:
    - destination: s3
      type: ALERT
  tags: []

Hierarchy

  • NfwFirewallConfig

Implements

Constructors

constructor

Properties

deleteProtection description firewallPolicy firewallPolicyChangeProtection loggingConfiguration name subnetChangeProtection subnets tags vpc

Constructors

constructor

Properties

Readonly deleteProtection

deleteProtection: undefined | boolean = undefined

(OPTIONAL) Enable for deletion protection on the firewall.

Readonly description

description: undefined | string = undefined

(OPTIONAL) A description for the firewall.

Readonly firewallPolicy

firewallPolicy: string = ''

The friendly name of the Network Firewall policy.

Remarks

This is the logical name property of the policy as defined in network-config.yaml.

See

NfwFirewallPolicyConfig

Readonly firewallPolicyChangeProtection

firewallPolicyChangeProtection: undefined | boolean = undefined

(OPTIONAL) Enable to disallow firewall policy changes.

Readonly loggingConfiguration

loggingConfiguration: undefined | NfwLoggingConfig[] = undefined

(OPTIONAL) An array of Network Firewall logging configurations.

See

NfwLoggingConfig

Readonly name

name: string = ''

A friendly name for the firewall.

Remarks

CAUTION: Changing this property value after initial deployment causes the firewall to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Readonly subnetChangeProtection

subnetChangeProtection: undefined | boolean = undefined

(OPTIONAL) Enable to disallow firewall subnet changes.

Readonly subnets

subnets: string[] = []

An array of the friendly names of subnets to deploy Network Firewall to.

Remarks

This is the logical name property of the subnets as defined in network-config.yaml. The listed subnets must exist in the VPC referenced in the vpc property.

Readonly tags

tags: undefined | Tag[] = undefined

(OPTIONAL) An array of tags for the firewall.

Readonly vpc

vpc: string = ''

The friendly name of the VPC to deploy Network Firewall to.

Remarks

CAUTION: Changing this property value after initial deployment causes the firewall to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

This is the logical name property of the VPC as defined in network-config.yaml.

See

VpcConfig

Settings

Member Visibility

Theme

Generated using TypeDoc