Docs
PackagesTry AWS Native preview for resources not in the classic version.
aws.networkfirewall.Firewall
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
Provides an AWS Network Firewall Firewall Resource
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.NetworkFirewall.Firewall("example", new()
{
FirewallPolicyArn = aws_networkfirewall_firewall_policy.Example.Arn,
VpcId = aws_vpc.Example.Id,
SubnetMappings = new[]
{
new Aws.NetworkFirewall.Inputs.FirewallSubnetMappingArgs
{
SubnetId = aws_subnet.Example.Id,
},
},
Tags =
{
{ "Tag1", "Value1" },
{ "Tag2", "Value2" },
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := networkfirewall.NewFirewall(ctx, "example", &networkfirewall.FirewallArgs{
FirewallPolicyArn: pulumi.Any(aws_networkfirewall_firewall_policy.Example.Arn),
VpcId: pulumi.Any(aws_vpc.Example.Id),
SubnetMappings: networkfirewall.FirewallSubnetMappingArray{
&networkfirewall.FirewallSubnetMappingArgs{
SubnetId: pulumi.Any(aws_subnet.Example.Id),
},
},
Tags: pulumi.StringMap{
"Tag1": pulumi.String("Value1"),
"Tag2": pulumi.String("Value2"),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.Firewall;
import com.pulumi.aws.networkfirewall.FirewallArgs;
import com.pulumi.aws.networkfirewall.inputs.FirewallSubnetMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Firewall("example", FirewallArgs.builder()
.firewallPolicyArn(aws_networkfirewall_firewall_policy.example().arn())
.vpcId(aws_vpc.example().id())
.subnetMappings(FirewallSubnetMappingArgs.builder()
.subnetId(aws_subnet.example().id())
.build())
.tags(Map.ofEntries(
Map.entry("Tag1", "Value1"),
Map.entry("Tag2", "Value2")
))
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.networkfirewall.Firewall("example",
firewall_policy_arn=aws_networkfirewall_firewall_policy["example"]["arn"],
vpc_id=aws_vpc["example"]["id"],
subnet_mappings=[aws.networkfirewall.FirewallSubnetMappingArgs(
subnet_id=aws_subnet["example"]["id"],
)],
tags={
"Tag1": "Value1",
"Tag2": "Value2",
})
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.networkfirewall.Firewall("example", {
firewallPolicyArn: aws_networkfirewall_firewall_policy.example.arn,
vpcId: aws_vpc.example.id,
subnetMappings: [{
subnetId: aws_subnet.example.id,
}],
tags: {
Tag1: "Value1",
Tag2: "Value2",
},
});
resources:
example:
type: aws:networkfirewall:Firewall
properties:
firewallPolicyArn: ${aws_networkfirewall_firewall_policy.example.arn}
vpcId: ${aws_vpc.example.id}
subnetMappings:
- subnetId: ${aws_subnet.example.id}
tags:
Tag1: Value1
Tag2: Value2
Create Firewall Resource
new Firewall(name: string, args: FirewallArgs, opts?: CustomResourceOptions);@overload
def Firewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
delete_protection: Optional[bool] = None,
description: Optional[str] = None,
encryption_configuration: Optional[FirewallEncryptionConfigurationArgs] = None,
firewall_policy_arn: Optional[str] = None,
firewall_policy_change_protection: Optional[bool] = None,
name: Optional[str] = None,
subnet_change_protection: Optional[bool] = None,
subnet_mappings: Optional[Sequence[FirewallSubnetMappingArgs]] = None,
tags: Optional[Mapping[str, str]] = None,
vpc_id: Optional[str] = None)
@overload
def Firewall(resource_name: str,
args: FirewallArgs,
opts: Optional[ResourceOptions] = None)func NewFirewall(ctx *Context, name string, args FirewallArgs, opts ...ResourceOption) (*Firewall, error)public Firewall(string name, FirewallArgs args, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: aws:networkfirewall:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Firewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Firewall resource accepts the following input properties:
- Firewall
Policy stringArn The Amazon Resource Name (ARN) of the VPC Firewall policy.
- Subnet
Mappings List<FirewallSubnet Mapping> Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
- Vpc
Id string The unique identifier of the VPC where AWS Network Firewall should create the firewall.
- Delete
Protection bool A boolean flag indicating whether it is possible to delete the firewall. Defaults to
false.- Description string
A friendly description of the firewall.
- Encryption
Configuration FirewallEncryption Configuration KMS encryption configuration settings. See Encryption Configuration below for details.
- Firewall
Policy boolChange Protection A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to
false.- Name string
A friendly name of the firewall.
- Subnet
Change boolProtection A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to
false.- Dictionary<string, string>
Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- Firewall
Policy stringArn The Amazon Resource Name (ARN) of the VPC Firewall policy.
- Subnet
Mappings []FirewallSubnet Mapping Args Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
- Vpc
Id string The unique identifier of the VPC where AWS Network Firewall should create the firewall.
- Delete
Protection bool A boolean flag indicating whether it is possible to delete the firewall. Defaults to
false.- Description string
A friendly description of the firewall.
- Encryption
Configuration FirewallEncryption Configuration Args KMS encryption configuration settings. See Encryption Configuration below for details.
- Firewall
Policy boolChange Protection A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to
false.- Name string
A friendly name of the firewall.
- Subnet
Change boolProtection A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to
false.- map[string]string
Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- firewall
Policy StringArn The Amazon Resource Name (ARN) of the VPC Firewall policy.
- subnet
Mappings List<FirewallSubnet Mapping> Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
- vpc
Id String The unique identifier of the VPC where AWS Network Firewall should create the firewall.
- delete
Protection Boolean A boolean flag indicating whether it is possible to delete the firewall. Defaults to
false.- description String
A friendly description of the firewall.
- encryption
Configuration FirewallEncryption Configuration KMS encryption configuration settings. See Encryption Configuration below for details.
- firewall
Policy BooleanChange Protection A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to
false.- name String
A friendly name of the firewall.
- subnet
Change BooleanProtection A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to
false.- Map<String,String>
Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- firewall
Policy stringArn The Amazon Resource Name (ARN) of the VPC Firewall policy.
- subnet
Mappings FirewallSubnet Mapping[] Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
- vpc
Id string The unique identifier of the VPC where AWS Network Firewall should create the firewall.
- delete
Protection boolean A boolean flag indicating whether it is possible to delete the firewall. Defaults to
false.- description string
A friendly description of the firewall.
- encryption
Configuration FirewallEncryption Configuration KMS encryption configuration settings. See Encryption Configuration below for details.
- firewall
Policy booleanChange Protection A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to
false.- name string
A friendly name of the firewall.
- subnet
Change booleanProtection A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to
false.- {[key: string]: string}
Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- firewall_
policy_ strarn The Amazon Resource Name (ARN) of the VPC Firewall policy.
- subnet_
mappings Sequence[FirewallSubnet Mapping Args] Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
- vpc_
id str The unique identifier of the VPC where AWS Network Firewall should create the firewall.
- delete_
protection bool A boolean flag indicating whether it is possible to delete the firewall. Defaults to
false.- description str
A friendly description of the firewall.
- encryption_
configuration FirewallEncryption Configuration Args KMS encryption configuration settings. See Encryption Configuration below for details.
- firewall_
policy_ boolchange_ protection A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to
false.- name str
A friendly name of the firewall.
- subnet_
change_ boolprotection A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to
false.- Mapping[str, str]
Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
- firewall
Policy StringArn The Amazon Resource Name (ARN) of the VPC Firewall policy.
- subnet
Mappings List<Property Map> Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
- vpc
Id String The unique identifier of the VPC where AWS Network Firewall should create the firewall.
- delete
Protection Boolean A boolean flag indicating whether it is possible to delete the firewall. Defaults to
false.- description String
A friendly description of the firewall.
- encryption
Configuration Property Map KMS encryption configuration settings. See Encryption Configuration below for details.
- firewall
Policy BooleanChange Protection A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to
false.- name String
A friendly name of the firewall.
- subnet
Change BooleanProtection A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to
false.- Map<String>
Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.
Outputs
All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:
- Arn string
The Amazon Resource Name (ARN) that identifies the firewall.
- Firewall
Statuses List<FirewallFirewall Status> Nested list of information about the current status of the firewall.
- Id string
The provider-assigned unique ID for this managed resource.
- Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.Please use
tagsinstead.- Update
Token string A string token used when updating a firewall.
- Arn string
The Amazon Resource Name (ARN) that identifies the firewall.
- Firewall
Statuses []FirewallFirewall Status Nested list of information about the current status of the firewall.
- Id string
The provider-assigned unique ID for this managed resource.
- map[string]string
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.Please use
tagsinstead.- Update
Token string A string token used when updating a firewall.
- arn String
The Amazon Resource Name (ARN) that identifies the firewall.
- firewall
Statuses List<FirewallFirewall Status> Nested list of information about the current status of the firewall.
- id String
The provider-assigned unique ID for this managed resource.
- Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.Please use
tagsinstead.- update
Token String A string token used when updating a firewall.
- arn string
The Amazon Resource Name (ARN) that identifies the firewall.
- firewall
Statuses FirewallFirewall Status[] Nested list of information about the current status of the firewall.
- id string
The provider-assigned unique ID for this managed resource.
- {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.Please use
tagsinstead.- update
Token string A string token used when updating a firewall.
- arn str
The Amazon Resource Name (ARN) that identifies the firewall.
- firewall_
statuses Sequence[FirewallFirewall Status] Nested list of information about the current status of the firewall.
- id str
The provider-assigned unique ID for this managed resource.
- Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.Please use
tagsinstead.- update_
token str A string token used when updating a firewall.
- arn String
The Amazon Resource Name (ARN) that identifies the firewall.
- firewall
Statuses List<Property Map> Nested list of information about the current status of the firewall.
- id String
The provider-assigned unique ID for this managed resource.
- Map<String>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.Please use
tagsinstead.- update
Token String A string token used when updating a firewall.
Look up Existing Firewall Resource
Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
delete_protection: Optional[bool] = None,
description: Optional[str] = None,
encryption_configuration: Optional[FirewallEncryptionConfigurationArgs] = None,
firewall_policy_arn: Optional[str] = None,
firewall_policy_change_protection: Optional[bool] = None,
firewall_statuses: Optional[Sequence[FirewallFirewallStatusArgs]] = None,
name: Optional[str] = None,
subnet_change_protection: Optional[bool] = None,
subnet_mappings: Optional[Sequence[FirewallSubnetMappingArgs]] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
update_token: Optional[str] = None,
vpc_id: Optional[str] = None) -> Firewallfunc GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
The Amazon Resource Name (ARN) that identifies the firewall.
- Delete
Protection bool A boolean flag indicating whether it is possible to delete the firewall. Defaults to
false.- Description string
A friendly description of the firewall.
- Encryption
Configuration FirewallEncryption Configuration KMS encryption configuration settings. See Encryption Configuration below for details.
- Firewall
Policy stringArn The Amazon Resource Name (ARN) of the VPC Firewall policy.
- Firewall
Policy boolChange Protection A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to
false.- Firewall
Statuses List<FirewallFirewall Status> Nested list of information about the current status of the firewall.
- Name string
A friendly name of the firewall.
- Subnet
Change boolProtection A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to
false.- Subnet
Mappings List<FirewallSubnet Mapping> Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
- Dictionary<string, string>
Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.Please use
tagsinstead.- Update
Token string A string token used when updating a firewall.
- Vpc
Id string The unique identifier of the VPC where AWS Network Firewall should create the firewall.
- Arn string
The Amazon Resource Name (ARN) that identifies the firewall.
- Delete
Protection bool A boolean flag indicating whether it is possible to delete the firewall. Defaults to
false.- Description string
A friendly description of the firewall.
- Encryption
Configuration FirewallEncryption Configuration Args KMS encryption configuration settings. See Encryption Configuration below for details.
- Firewall
Policy stringArn The Amazon Resource Name (ARN) of the VPC Firewall policy.
- Firewall
Policy boolChange Protection A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to
false.- Firewall
Statuses []FirewallFirewall Status Args Nested list of information about the current status of the firewall.
- Name string
A friendly name of the firewall.
- Subnet
Change boolProtection A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to
false.- Subnet
Mappings []FirewallSubnet Mapping Args Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
- map[string]string
Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- map[string]string
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.Please use
tagsinstead.- Update
Token string A string token used when updating a firewall.
- Vpc
Id string The unique identifier of the VPC where AWS Network Firewall should create the firewall.
- arn String
The Amazon Resource Name (ARN) that identifies the firewall.
- delete
Protection Boolean A boolean flag indicating whether it is possible to delete the firewall. Defaults to
false.- description String
A friendly description of the firewall.
- encryption
Configuration FirewallEncryption Configuration KMS encryption configuration settings. See Encryption Configuration below for details.
- firewall
Policy StringArn The Amazon Resource Name (ARN) of the VPC Firewall policy.
- firewall
Policy BooleanChange Protection A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to
false.- firewall
Statuses List<FirewallFirewall Status> Nested list of information about the current status of the firewall.
- name String
A friendly name of the firewall.
- subnet
Change BooleanProtection A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to
false.- subnet
Mappings List<FirewallSubnet Mapping> Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
- Map<String,String>
Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.Please use
tagsinstead.- update
Token String A string token used when updating a firewall.
- vpc
Id String The unique identifier of the VPC where AWS Network Firewall should create the firewall.
- arn string
The Amazon Resource Name (ARN) that identifies the firewall.
- delete
Protection boolean A boolean flag indicating whether it is possible to delete the firewall. Defaults to
false.- description string
A friendly description of the firewall.
- encryption
Configuration FirewallEncryption Configuration KMS encryption configuration settings. See Encryption Configuration below for details.
- firewall
Policy stringArn The Amazon Resource Name (ARN) of the VPC Firewall policy.
- firewall
Policy booleanChange Protection A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to
false.- firewall
Statuses FirewallFirewall Status[] Nested list of information about the current status of the firewall.
- name string
A friendly name of the firewall.
- subnet
Change booleanProtection A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to
false.- subnet
Mappings FirewallSubnet Mapping[] Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
- {[key: string]: string}
Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.Please use
tagsinstead.- update
Token string A string token used when updating a firewall.
- vpc
Id string The unique identifier of the VPC where AWS Network Firewall should create the firewall.
- arn str
The Amazon Resource Name (ARN) that identifies the firewall.
- delete_
protection bool A boolean flag indicating whether it is possible to delete the firewall. Defaults to
false.- description str
A friendly description of the firewall.
- encryption_
configuration FirewallEncryption Configuration Args KMS encryption configuration settings. See Encryption Configuration below for details.
- firewall_
policy_ strarn The Amazon Resource Name (ARN) of the VPC Firewall policy.
- firewall_
policy_ boolchange_ protection A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to
false.- firewall_
statuses Sequence[FirewallFirewall Status Args] Nested list of information about the current status of the firewall.
- name str
A friendly name of the firewall.
- subnet_
change_ boolprotection A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to
false.- subnet_
mappings Sequence[FirewallSubnet Mapping Args] Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
- Mapping[str, str]
Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.Please use
tagsinstead.- update_
token str A string token used when updating a firewall.
- vpc_
id str The unique identifier of the VPC where AWS Network Firewall should create the firewall.
- arn String
The Amazon Resource Name (ARN) that identifies the firewall.
- delete
Protection Boolean A boolean flag indicating whether it is possible to delete the firewall. Defaults to
false.- description String
A friendly description of the firewall.
- encryption
Configuration Property Map KMS encryption configuration settings. See Encryption Configuration below for details.
- firewall
Policy StringArn The Amazon Resource Name (ARN) of the VPC Firewall policy.
- firewall
Policy BooleanChange Protection A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to
false.- firewall
Statuses List<Property Map> Nested list of information about the current status of the firewall.
- name String
A friendly name of the firewall.
- subnet
Change BooleanProtection A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to
false.- subnet
Mappings List<Property Map> Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
- Map<String>
Map of resource tags to associate with the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String>
A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.Please use
tagsinstead.- update
Token String A string token used when updating a firewall.
- vpc
Id String The unique identifier of the VPC where AWS Network Firewall should create the firewall.
Supporting Types
FirewallEncryptionConfiguration, FirewallEncryptionConfigurationArgs
- Type string
The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are
CUSTOMER_KMSandAWS_OWNED_KMS_KEY.- Key
Id string The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
- Type string
The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are
CUSTOMER_KMSandAWS_OWNED_KMS_KEY.- Key
Id string The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
- type String
The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are
CUSTOMER_KMSandAWS_OWNED_KMS_KEY.- key
Id String The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
- type string
The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are
CUSTOMER_KMSandAWS_OWNED_KMS_KEY.- key
Id string The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
- type str
The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are
CUSTOMER_KMSandAWS_OWNED_KMS_KEY.- key_
id str The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
- type String
The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are
CUSTOMER_KMSandAWS_OWNED_KMS_KEY.- key
Id String The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
FirewallFirewallStatus, FirewallFirewallStatusArgs
- Sync
States List<FirewallFirewall Status Sync State> Set of subnets configured for use by the firewall.
- Sync
States []FirewallFirewall Status Sync State Set of subnets configured for use by the firewall.
- sync
States List<FirewallFirewall Status Sync State> Set of subnets configured for use by the firewall.
- sync
States FirewallFirewall Status Sync State[] Set of subnets configured for use by the firewall.
- sync_
states Sequence[FirewallFirewall Status Sync State] Set of subnets configured for use by the firewall.
- sync
States List<Property Map> Set of subnets configured for use by the firewall.
FirewallFirewallStatusSyncState, FirewallFirewallStatusSyncStateArgs
- Attachments
List<Firewall
Firewall Status Sync State Attachment> Nested list describing the attachment status of the firewall's association with a single VPC subnet.
- Availability
Zone string The Availability Zone where the subnet is configured.
- Attachments
[]Firewall
Firewall Status Sync State Attachment Nested list describing the attachment status of the firewall's association with a single VPC subnet.
- Availability
Zone string The Availability Zone where the subnet is configured.
- attachments
List<Firewall
Firewall Status Sync State Attachment> Nested list describing the attachment status of the firewall's association with a single VPC subnet.
- availability
Zone String The Availability Zone where the subnet is configured.
- attachments
Firewall
Firewall Status Sync State Attachment[] Nested list describing the attachment status of the firewall's association with a single VPC subnet.
- availability
Zone string The Availability Zone where the subnet is configured.
- attachments
Sequence[Firewall
Firewall Status Sync State Attachment] Nested list describing the attachment status of the firewall's association with a single VPC subnet.
- availability_
zone str The Availability Zone where the subnet is configured.
- attachments List<Property Map>
Nested list describing the attachment status of the firewall's association with a single VPC subnet.
- availability
Zone String The Availability Zone where the subnet is configured.
FirewallFirewallStatusSyncStateAttachment, FirewallFirewallStatusSyncStateAttachmentArgs
- Endpoint
Id string The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
- Subnet
Id string The unique identifier for the subnet.
- Endpoint
Id string The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
- Subnet
Id string The unique identifier for the subnet.
- endpoint
Id String The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
- subnet
Id String The unique identifier for the subnet.
- endpoint
Id string The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
- subnet
Id string The unique identifier for the subnet.
- endpoint_
id str The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
- subnet_
id str The unique identifier for the subnet.
- endpoint
Id String The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
- subnet
Id String The unique identifier for the subnet.
FirewallSubnetMapping, FirewallSubnetMappingArgs
- Subnet
Id string The unique identifier for the subnet.
- Ip
Address stringType The subnet's IP address type. Valida values:
"DUALSTACK","IPV4".
- Subnet
Id string The unique identifier for the subnet.
- Ip
Address stringType The subnet's IP address type. Valida values:
"DUALSTACK","IPV4".
- subnet
Id String The unique identifier for the subnet.
- ip
Address StringType The subnet's IP address type. Valida values:
"DUALSTACK","IPV4".
- subnet
Id string The unique identifier for the subnet.
- ip
Address stringType The subnet's IP address type. Valida values:
"DUALSTACK","IPV4".
- subnet_
id str The unique identifier for the subnet.
- ip_
address_ strtype The subnet's IP address type. Valida values:
"DUALSTACK","IPV4".
- subnet
Id String The unique identifier for the subnet.
- ip
Address StringType The subnet's IP address type. Valida values:
"DUALSTACK","IPV4".
Import
Using pulumi import, import Network Firewall Firewalls using their arn. For example:
$ pulumi import aws:networkfirewall/firewall:Firewall example arn:aws:network-firewall:us-west-1:123456789012:firewall/example
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
awsTerraform Provider.
Try AWS Native preview for resources not in the classic version.