1. Packages
  2. AWS Classic
  3. API Docs
  4. networkfirewall
  5. Firewall

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.2.1 published on Friday, Sep 22, 2023 by Pulumi

aws.networkfirewall.Firewall

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.2.1 published on Friday, Sep 22, 2023 by Pulumi

    Provides an AWS Network Firewall Firewall Resource

    Example Usage

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Aws.NetworkFirewall.Firewall("example", new()
        {
            FirewallPolicyArn = aws_networkfirewall_firewall_policy.Example.Arn,
            VpcId = aws_vpc.Example.Id,
            SubnetMappings = new[]
            {
                new Aws.NetworkFirewall.Inputs.FirewallSubnetMappingArgs
                {
                    SubnetId = aws_subnet.Example.Id,
                },
            },
            Tags = 
            {
                { "Tag1", "Value1" },
                { "Tag2", "Value2" },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := networkfirewall.NewFirewall(ctx, "example", &networkfirewall.FirewallArgs{
    			FirewallPolicyArn: pulumi.Any(aws_networkfirewall_firewall_policy.Example.Arn),
    			VpcId:             pulumi.Any(aws_vpc.Example.Id),
    			SubnetMappings: networkfirewall.FirewallSubnetMappingArray{
    				&networkfirewall.FirewallSubnetMappingArgs{
    					SubnetId: pulumi.Any(aws_subnet.Example.Id),
    				},
    			},
    			Tags: pulumi.StringMap{
    				"Tag1": pulumi.String("Value1"),
    				"Tag2": pulumi.String("Value2"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.networkfirewall.Firewall;
    import com.pulumi.aws.networkfirewall.FirewallArgs;
    import com.pulumi.aws.networkfirewall.inputs.FirewallSubnetMappingArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Firewall("example", FirewallArgs.builder()        
                .firewallPolicyArn(aws_networkfirewall_firewall_policy.example().arn())
                .vpcId(aws_vpc.example().id())
                .subnetMappings(FirewallSubnetMappingArgs.builder()
                    .subnetId(aws_subnet.example().id())
                    .build())
                .tags(Map.ofEntries(
                    Map.entry("Tag1", "Value1"),
                    Map.entry("Tag2", "Value2")
                ))
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    example = aws.networkfirewall.Firewall("example",
        firewall_policy_arn=aws_networkfirewall_firewall_policy["example"]["arn"],
        vpc_id=aws_vpc["example"]["id"],
        subnet_mappings=[aws.networkfirewall.FirewallSubnetMappingArgs(
            subnet_id=aws_subnet["example"]["id"],
        )],
        tags={
            "Tag1": "Value1",
            "Tag2": "Value2",
        })
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example = new aws.networkfirewall.Firewall("example", {
        firewallPolicyArn: aws_networkfirewall_firewall_policy.example.arn,
        vpcId: aws_vpc.example.id,
        subnetMappings: [{
            subnetId: aws_subnet.example.id,
        }],
        tags: {
            Tag1: "Value1",
            Tag2: "Value2",
        },
    });
    
    resources:
      example:
        type: aws:networkfirewall:Firewall
        properties:
          firewallPolicyArn: ${aws_networkfirewall_firewall_policy.example.arn}
          vpcId: ${aws_vpc.example.id}
          subnetMappings:
            - subnetId: ${aws_subnet.example.id}
          tags:
            Tag1: Value1
            Tag2: Value2
    

    Create Firewall Resource

    new Firewall(name: string, args: FirewallArgs, opts?: CustomResourceOptions);
    @overload
    def Firewall(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 delete_protection: Optional[bool] = None,
                 description: Optional[str] = None,
                 encryption_configuration: Optional[FirewallEncryptionConfigurationArgs] = None,
                 firewall_policy_arn: Optional[str] = None,
                 firewall_policy_change_protection: Optional[bool] = None,
                 name: Optional[str] = None,
                 subnet_change_protection: Optional[bool] = None,
                 subnet_mappings: Optional[Sequence[FirewallSubnetMappingArgs]] = None,
                 tags: Optional[Mapping[str, str]] = None,
                 vpc_id: Optional[str] = None)
    @overload
    def Firewall(resource_name: str,
                 args: FirewallArgs,
                 opts: Optional[ResourceOptions] = None)
    func NewFirewall(ctx *Context, name string, args FirewallArgs, opts ...ResourceOption) (*Firewall, error)
    public Firewall(string name, FirewallArgs args, CustomResourceOptions? opts = null)
    public Firewall(String name, FirewallArgs args)
    public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
    
    type: aws:networkfirewall:Firewall
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FirewallArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Firewall Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Firewall resource accepts the following input properties:

    FirewallPolicyArn string

    The Amazon Resource Name (ARN) of the VPC Firewall policy.

    SubnetMappings List<FirewallSubnetMapping>

    Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.

    VpcId string

    The unique identifier of the VPC where AWS Network Firewall should create the firewall.

    DeleteProtection bool

    A boolean flag indicating whether it is possible to delete the firewall. Defaults to false.

    Description string

    A friendly description of the firewall.

    EncryptionConfiguration FirewallEncryptionConfiguration

    KMS encryption configuration settings. See Encryption Configuration below for details.

    FirewallPolicyChangeProtection bool

    A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to false.

    Name string

    A friendly name of the firewall.

    SubnetChangeProtection bool

    A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to false.

    Tags Dictionary<string, string>

    Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    FirewallPolicyArn string

    The Amazon Resource Name (ARN) of the VPC Firewall policy.

    SubnetMappings []FirewallSubnetMappingArgs

    Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.

    VpcId string

    The unique identifier of the VPC where AWS Network Firewall should create the firewall.

    DeleteProtection bool

    A boolean flag indicating whether it is possible to delete the firewall. Defaults to false.

    Description string

    A friendly description of the firewall.

    EncryptionConfiguration FirewallEncryptionConfigurationArgs

    KMS encryption configuration settings. See Encryption Configuration below for details.

    FirewallPolicyChangeProtection bool

    A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to false.

    Name string

    A friendly name of the firewall.

    SubnetChangeProtection bool

    A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to false.

    Tags map[string]string

    Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    firewallPolicyArn String

    The Amazon Resource Name (ARN) of the VPC Firewall policy.

    subnetMappings List<FirewallSubnetMapping>

    Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.

    vpcId String

    The unique identifier of the VPC where AWS Network Firewall should create the firewall.

    deleteProtection Boolean

    A boolean flag indicating whether it is possible to delete the firewall. Defaults to false.

    description String

    A friendly description of the firewall.

    encryptionConfiguration FirewallEncryptionConfiguration

    KMS encryption configuration settings. See Encryption Configuration below for details.

    firewallPolicyChangeProtection Boolean

    A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to false.

    name String

    A friendly name of the firewall.

    subnetChangeProtection Boolean

    A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to false.

    tags Map<String,String>

    Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    firewallPolicyArn string

    The Amazon Resource Name (ARN) of the VPC Firewall policy.

    subnetMappings FirewallSubnetMapping[]

    Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.

    vpcId string

    The unique identifier of the VPC where AWS Network Firewall should create the firewall.

    deleteProtection boolean

    A boolean flag indicating whether it is possible to delete the firewall. Defaults to false.

    description string

    A friendly description of the firewall.

    encryptionConfiguration FirewallEncryptionConfiguration

    KMS encryption configuration settings. See Encryption Configuration below for details.

    firewallPolicyChangeProtection boolean

    A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to false.

    name string

    A friendly name of the firewall.

    subnetChangeProtection boolean

    A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to false.

    tags {[key: string]: string}

    Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    firewall_policy_arn str

    The Amazon Resource Name (ARN) of the VPC Firewall policy.

    subnet_mappings Sequence[FirewallSubnetMappingArgs]

    Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.

    vpc_id str

    The unique identifier of the VPC where AWS Network Firewall should create the firewall.

    delete_protection bool

    A boolean flag indicating whether it is possible to delete the firewall. Defaults to false.

    description str

    A friendly description of the firewall.

    encryption_configuration FirewallEncryptionConfigurationArgs

    KMS encryption configuration settings. See Encryption Configuration below for details.

    firewall_policy_change_protection bool

    A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to false.

    name str

    A friendly name of the firewall.

    subnet_change_protection bool

    A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to false.

    tags Mapping[str, str]

    Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    firewallPolicyArn String

    The Amazon Resource Name (ARN) of the VPC Firewall policy.

    subnetMappings List<Property Map>

    Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.

    vpcId String

    The unique identifier of the VPC where AWS Network Firewall should create the firewall.

    deleteProtection Boolean

    A boolean flag indicating whether it is possible to delete the firewall. Defaults to false.

    description String

    A friendly description of the firewall.

    encryptionConfiguration Property Map

    KMS encryption configuration settings. See Encryption Configuration below for details.

    firewallPolicyChangeProtection Boolean

    A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to false.

    name String

    A friendly name of the firewall.

    subnetChangeProtection Boolean

    A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to false.

    tags Map<String>

    Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

    Arn string

    The Amazon Resource Name (ARN) that identifies the firewall.

    FirewallStatuses List<FirewallFirewallStatus>

    Nested list of information about the current status of the firewall.

    Id string

    The provider-assigned unique ID for this managed resource.

    TagsAll Dictionary<string, string>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    UpdateToken string

    A string token used when updating a firewall.

    Arn string

    The Amazon Resource Name (ARN) that identifies the firewall.

    FirewallStatuses []FirewallFirewallStatus

    Nested list of information about the current status of the firewall.

    Id string

    The provider-assigned unique ID for this managed resource.

    TagsAll map[string]string

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    UpdateToken string

    A string token used when updating a firewall.

    arn String

    The Amazon Resource Name (ARN) that identifies the firewall.

    firewallStatuses List<FirewallFirewallStatus>

    Nested list of information about the current status of the firewall.

    id String

    The provider-assigned unique ID for this managed resource.

    tagsAll Map<String,String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    updateToken String

    A string token used when updating a firewall.

    arn string

    The Amazon Resource Name (ARN) that identifies the firewall.

    firewallStatuses FirewallFirewallStatus[]

    Nested list of information about the current status of the firewall.

    id string

    The provider-assigned unique ID for this managed resource.

    tagsAll {[key: string]: string}

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    updateToken string

    A string token used when updating a firewall.

    arn str

    The Amazon Resource Name (ARN) that identifies the firewall.

    firewall_statuses Sequence[FirewallFirewallStatus]

    Nested list of information about the current status of the firewall.

    id str

    The provider-assigned unique ID for this managed resource.

    tags_all Mapping[str, str]

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    update_token str

    A string token used when updating a firewall.

    arn String

    The Amazon Resource Name (ARN) that identifies the firewall.

    firewallStatuses List<Property Map>

    Nested list of information about the current status of the firewall.

    id String

    The provider-assigned unique ID for this managed resource.

    tagsAll Map<String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    updateToken String

    A string token used when updating a firewall.

    Look up Existing Firewall Resource

    Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            delete_protection: Optional[bool] = None,
            description: Optional[str] = None,
            encryption_configuration: Optional[FirewallEncryptionConfigurationArgs] = None,
            firewall_policy_arn: Optional[str] = None,
            firewall_policy_change_protection: Optional[bool] = None,
            firewall_statuses: Optional[Sequence[FirewallFirewallStatusArgs]] = None,
            name: Optional[str] = None,
            subnet_change_protection: Optional[bool] = None,
            subnet_mappings: Optional[Sequence[FirewallSubnetMappingArgs]] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            update_token: Optional[str] = None,
            vpc_id: Optional[str] = None) -> Firewall
    func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)
    public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)
    public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string

    The Amazon Resource Name (ARN) that identifies the firewall.

    DeleteProtection bool

    A boolean flag indicating whether it is possible to delete the firewall. Defaults to false.

    Description string

    A friendly description of the firewall.

    EncryptionConfiguration FirewallEncryptionConfiguration

    KMS encryption configuration settings. See Encryption Configuration below for details.

    FirewallPolicyArn string

    The Amazon Resource Name (ARN) of the VPC Firewall policy.

    FirewallPolicyChangeProtection bool

    A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to false.

    FirewallStatuses List<FirewallFirewallStatus>

    Nested list of information about the current status of the firewall.

    Name string

    A friendly name of the firewall.

    SubnetChangeProtection bool

    A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to false.

    SubnetMappings List<FirewallSubnetMapping>

    Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.

    Tags Dictionary<string, string>

    Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TagsAll Dictionary<string, string>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    UpdateToken string

    A string token used when updating a firewall.

    VpcId string

    The unique identifier of the VPC where AWS Network Firewall should create the firewall.

    Arn string

    The Amazon Resource Name (ARN) that identifies the firewall.

    DeleteProtection bool

    A boolean flag indicating whether it is possible to delete the firewall. Defaults to false.

    Description string

    A friendly description of the firewall.

    EncryptionConfiguration FirewallEncryptionConfigurationArgs

    KMS encryption configuration settings. See Encryption Configuration below for details.

    FirewallPolicyArn string

    The Amazon Resource Name (ARN) of the VPC Firewall policy.

    FirewallPolicyChangeProtection bool

    A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to false.

    FirewallStatuses []FirewallFirewallStatusArgs

    Nested list of information about the current status of the firewall.

    Name string

    A friendly name of the firewall.

    SubnetChangeProtection bool

    A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to false.

    SubnetMappings []FirewallSubnetMappingArgs

    Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.

    Tags map[string]string

    Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    TagsAll map[string]string

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    UpdateToken string

    A string token used when updating a firewall.

    VpcId string

    The unique identifier of the VPC where AWS Network Firewall should create the firewall.

    arn String

    The Amazon Resource Name (ARN) that identifies the firewall.

    deleteProtection Boolean

    A boolean flag indicating whether it is possible to delete the firewall. Defaults to false.

    description String

    A friendly description of the firewall.

    encryptionConfiguration FirewallEncryptionConfiguration

    KMS encryption configuration settings. See Encryption Configuration below for details.

    firewallPolicyArn String

    The Amazon Resource Name (ARN) of the VPC Firewall policy.

    firewallPolicyChangeProtection Boolean

    A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to false.

    firewallStatuses List<FirewallFirewallStatus>

    Nested list of information about the current status of the firewall.

    name String

    A friendly name of the firewall.

    subnetChangeProtection Boolean

    A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to false.

    subnetMappings List<FirewallSubnetMapping>

    Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.

    tags Map<String,String>

    Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll Map<String,String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    updateToken String

    A string token used when updating a firewall.

    vpcId String

    The unique identifier of the VPC where AWS Network Firewall should create the firewall.

    arn string

    The Amazon Resource Name (ARN) that identifies the firewall.

    deleteProtection boolean

    A boolean flag indicating whether it is possible to delete the firewall. Defaults to false.

    description string

    A friendly description of the firewall.

    encryptionConfiguration FirewallEncryptionConfiguration

    KMS encryption configuration settings. See Encryption Configuration below for details.

    firewallPolicyArn string

    The Amazon Resource Name (ARN) of the VPC Firewall policy.

    firewallPolicyChangeProtection boolean

    A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to false.

    firewallStatuses FirewallFirewallStatus[]

    Nested list of information about the current status of the firewall.

    name string

    A friendly name of the firewall.

    subnetChangeProtection boolean

    A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to false.

    subnetMappings FirewallSubnetMapping[]

    Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.

    tags {[key: string]: string}

    Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll {[key: string]: string}

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    updateToken string

    A string token used when updating a firewall.

    vpcId string

    The unique identifier of the VPC where AWS Network Firewall should create the firewall.

    arn str

    The Amazon Resource Name (ARN) that identifies the firewall.

    delete_protection bool

    A boolean flag indicating whether it is possible to delete the firewall. Defaults to false.

    description str

    A friendly description of the firewall.

    encryption_configuration FirewallEncryptionConfigurationArgs

    KMS encryption configuration settings. See Encryption Configuration below for details.

    firewall_policy_arn str

    The Amazon Resource Name (ARN) of the VPC Firewall policy.

    firewall_policy_change_protection bool

    A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to false.

    firewall_statuses Sequence[FirewallFirewallStatusArgs]

    Nested list of information about the current status of the firewall.

    name str

    A friendly name of the firewall.

    subnet_change_protection bool

    A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to false.

    subnet_mappings Sequence[FirewallSubnetMappingArgs]

    Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.

    tags Mapping[str, str]

    Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tags_all Mapping[str, str]

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    update_token str

    A string token used when updating a firewall.

    vpc_id str

    The unique identifier of the VPC where AWS Network Firewall should create the firewall.

    arn String

    The Amazon Resource Name (ARN) that identifies the firewall.

    deleteProtection Boolean

    A boolean flag indicating whether it is possible to delete the firewall. Defaults to false.

    description String

    A friendly description of the firewall.

    encryptionConfiguration Property Map

    KMS encryption configuration settings. See Encryption Configuration below for details.

    firewallPolicyArn String

    The Amazon Resource Name (ARN) of the VPC Firewall policy.

    firewallPolicyChangeProtection Boolean

    A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to false.

    firewallStatuses List<Property Map>

    Nested list of information about the current status of the firewall.

    name String

    A friendly name of the firewall.

    subnetChangeProtection Boolean

    A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to false.

    subnetMappings List<Property Map>

    Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.

    tags Map<String>

    Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    tagsAll Map<String>

    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:

    Please use tags instead.

    updateToken String

    A string token used when updating a firewall.

    vpcId String

    The unique identifier of the VPC where AWS Network Firewall should create the firewall.

    Supporting Types

    FirewallEncryptionConfiguration, FirewallEncryptionConfigurationArgs

    Type string

    The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are CUSTOMER_KMS and AWS_OWNED_KMS_KEY.

    KeyId string

    The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.

    Type string

    The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are CUSTOMER_KMS and AWS_OWNED_KMS_KEY.

    KeyId string

    The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.

    type String

    The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are CUSTOMER_KMS and AWS_OWNED_KMS_KEY.

    keyId String

    The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.

    type string

    The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are CUSTOMER_KMS and AWS_OWNED_KMS_KEY.

    keyId string

    The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.

    type str

    The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are CUSTOMER_KMS and AWS_OWNED_KMS_KEY.

    key_id str

    The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.

    type String

    The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are CUSTOMER_KMS and AWS_OWNED_KMS_KEY.

    keyId String

    The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.

    FirewallFirewallStatus, FirewallFirewallStatusArgs

    SyncStates List<FirewallFirewallStatusSyncState>

    Set of subnets configured for use by the firewall.

    SyncStates []FirewallFirewallStatusSyncState

    Set of subnets configured for use by the firewall.

    syncStates List<FirewallFirewallStatusSyncState>

    Set of subnets configured for use by the firewall.

    syncStates FirewallFirewallStatusSyncState[]

    Set of subnets configured for use by the firewall.

    sync_states Sequence[FirewallFirewallStatusSyncState]

    Set of subnets configured for use by the firewall.

    syncStates List<Property Map>

    Set of subnets configured for use by the firewall.

    FirewallFirewallStatusSyncState, FirewallFirewallStatusSyncStateArgs

    Attachments List<FirewallFirewallStatusSyncStateAttachment>

    Nested list describing the attachment status of the firewall's association with a single VPC subnet.

    AvailabilityZone string

    The Availability Zone where the subnet is configured.

    Attachments []FirewallFirewallStatusSyncStateAttachment

    Nested list describing the attachment status of the firewall's association with a single VPC subnet.

    AvailabilityZone string

    The Availability Zone where the subnet is configured.

    attachments List<FirewallFirewallStatusSyncStateAttachment>

    Nested list describing the attachment status of the firewall's association with a single VPC subnet.

    availabilityZone String

    The Availability Zone where the subnet is configured.

    attachments FirewallFirewallStatusSyncStateAttachment[]

    Nested list describing the attachment status of the firewall's association with a single VPC subnet.

    availabilityZone string

    The Availability Zone where the subnet is configured.

    attachments Sequence[FirewallFirewallStatusSyncStateAttachment]

    Nested list describing the attachment status of the firewall's association with a single VPC subnet.

    availability_zone str

    The Availability Zone where the subnet is configured.

    attachments List<Property Map>

    Nested list describing the attachment status of the firewall's association with a single VPC subnet.

    availabilityZone String

    The Availability Zone where the subnet is configured.

    FirewallFirewallStatusSyncStateAttachment, FirewallFirewallStatusSyncStateAttachmentArgs

    EndpointId string

    The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.

    SubnetId string

    The unique identifier for the subnet.

    EndpointId string

    The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.

    SubnetId string

    The unique identifier for the subnet.

    endpointId String

    The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.

    subnetId String

    The unique identifier for the subnet.

    endpointId string

    The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.

    subnetId string

    The unique identifier for the subnet.

    endpoint_id str

    The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.

    subnet_id str

    The unique identifier for the subnet.

    endpointId String

    The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.

    subnetId String

    The unique identifier for the subnet.

    FirewallSubnetMapping, FirewallSubnetMappingArgs

    SubnetId string

    The unique identifier for the subnet.

    IpAddressType string

    The subnet's IP address type. Valida values: "DUALSTACK", "IPV4".

    SubnetId string

    The unique identifier for the subnet.

    IpAddressType string

    The subnet's IP address type. Valida values: "DUALSTACK", "IPV4".

    subnetId String

    The unique identifier for the subnet.

    ipAddressType String

    The subnet's IP address type. Valida values: "DUALSTACK", "IPV4".

    subnetId string

    The unique identifier for the subnet.

    ipAddressType string

    The subnet's IP address type. Valida values: "DUALSTACK", "IPV4".

    subnet_id str

    The unique identifier for the subnet.

    ip_address_type str

    The subnet's IP address type. Valida values: "DUALSTACK", "IPV4".

    subnetId String

    The unique identifier for the subnet.

    ipAddressType String

    The subnet's IP address type. Valida values: "DUALSTACK", "IPV4".

    Import

    Using pulumi import, import Network Firewall Firewalls using their arn. For example:

     $ pulumi import aws:networkfirewall/firewall:Firewall example arn:aws:network-firewall:us-west-1:123456789012:firewall/example
    

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the aws Terraform Provider.

    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.2.1 published on Friday, Sep 22, 2023 by Pulumi