Interface INfwFirewallPolicyConfig

NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwFirewallPolicyConfig

Description

Use this configuration to define a Network Firewall policy. An AWS Network Firewall firewall policy defines the monitoring and protection behavior for a firewall. The details of the behavior are defined in the rule groups that you add to your policy, and in some policy default settings.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewallpolicy.html

Example

- name: accelerator-nfw-policy
  firewallPolicy:
    statelessDefaultActions: ['aws:forward_to_sfe']
    statelessFragmentDefaultActions: ['aws:forward_to_sfe']
    statefulRuleGroups:
      - name: accelerator-stateful-group
    statelessRuleGroups:
      - name: accelerator-stateless-group
        priority: 100
  regions:
    - us-east-1
  shareTargets:
    organizationalUnits:
      - Root
  tags: []

interface INfwFirewallPolicyConfig {
    description?: string;
    firewallPolicy: INfwFirewallPolicyPolicyConfig;
    name: string;
    regions: (
        | "af-south-1"
        | "ap-east-1"
        | "ap-northeast-1"
        | "ap-northeast-2"
        | "ap-northeast-3"
        | "ap-south-1"
        | "ap-south-2"
        | "ap-southeast-1"
        | "ap-southeast-2"
        | "ap-southeast-3"
        | "ap-southeast-4"
        | "ap-southeast-5"
        | "ca-central-1"
        | "ca-west-1"
        | "cn-north-1"
        | "cn-northwest-1"
        | "eu-central-1"
        | "eu-central-2"
        | "eu-north-1"
        | "eu-south-1"
        | "eu-south-2"
        | "eu-west-1"
        | "eu-west-2"
        | "eu-west-3"
        | "eu-isoe-west-1"
        | "il-central-1"
        | "me-central-1"
        | "me-south-1"
        | "sa-east-1"
        | "us-east-1"
        | "us-east-2"
        | "us-gov-west-1"
        | "us-gov-east-1"
        | "us-iso-east-1"
        | "us-isob-east-1"
        | "us-iso-west-1"
        | "us-isof-south-1"
        | "us-isof-east-1"
        | "us-west-1"
        | "us-west-2")[];
    shareTargets?: IShareTargets;
    tags?: ITag[];
}

Index

Properties

description? firewallPolicy name regions shareTargets? tags?

Properties

`Optional` `Readonly`description

description?: string

(OPTIONAL) A description for the policy.

`Readonly`firewallPolicy

firewallPolicy: INfwFirewallPolicyPolicyConfig

Use this property to define specific behaviors and rule groups to associate with the policy.

See

NfwFirewallPolicyPolicyConfig

`Readonly`name

name: string

A friendly name for the policy.

Remarks

CAUTION: Changing this property value after initial deployment causes the policy to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

`Readonly`regions

The regions to deploy the policy to.

See

Region

`Optional` `Readonly`shareTargets

shareTargets?: IShareTargets

(OPTIONAL) Resource Access Manager (RAM) share targets.

Remarks

Targets can be account names and/or organizational units. Targets must be configured for account(s)/OU(s) that require access to the policy. A target is not required for the delegated admin account.

See

ShareTargets

`Optional` `Readonly`tags

tags?: ITag[]

(OPTIONAL) An array of tags for the policy.

Interface INfwFirewallPolicyConfig

Description

See

Example

Index

Properties

Properties

`Optional` `Readonly`description

`Readonly`firewallPolicy

See

`Readonly`name

Remarks

`Readonly`regions

See

`Optional` `Readonly`shareTargets

Remarks

See

`Optional` `Readonly`tags

Settings

On This Page

Interface INfwFirewallPolicyConfig

Description

See

Example

Index

Properties

Properties

Optional Readonlydescription

ReadonlyfirewallPolicy

See

Readonlyname

Remarks

Readonlyregions

See

Optional ReadonlyshareTargets

Remarks

See

Optional Readonlytags

Settings

On This Page

`Optional` `Readonly`description

`Readonly`firewallPolicy

`Readonly`name

`Readonly`regions

`Optional` `Readonly`shareTargets

`Optional` `Readonly`tags