AWS v7.4.0, Aug 13 25

AWS v7.4.0 published on Wednesday, Aug 13, 2025 by Pulumi

aws.networkfirewall.getFirewall

Explore with Pulumi AI

AWS v7.4.0 published on Wednesday, Aug 13, 2025 by Pulumi

pulumi/pulumi-aws

Example Usage

Find firewall policy by ARN

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = aws.networkfirewall.getFirewall({
    arn: arn,
});

import pulumi
import pulumi_aws as aws

example = aws.networkfirewall.get_firewall(arn=arn)

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/networkfirewall"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networkfirewall.LookupFirewall(ctx, &networkfirewall.LookupFirewallArgs{
			Arn: pulumi.StringRef(arn),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = Aws.NetworkFirewall.GetFirewall.Invoke(new()
    {
        Arn = arn,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.NetworkfirewallFunctions;
import com.pulumi.aws.networkfirewall.inputs.GetFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = NetworkfirewallFunctions.getFirewall(GetFirewallArgs.builder()
            .arn(arn)
            .build());

    }
}

variables:
  example:
    fn::invoke:
      function: aws:networkfirewall:getFirewall
      arguments:
        arn: ${arn}

Find firewall policy by Name

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = aws.networkfirewall.getFirewall({
    name: "Test",
});

import pulumi
import pulumi_aws as aws

example = aws.networkfirewall.get_firewall(name="Test")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/networkfirewall"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networkfirewall.LookupFirewall(ctx, &networkfirewall.LookupFirewallArgs{
			Name: pulumi.StringRef("Test"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = Aws.NetworkFirewall.GetFirewall.Invoke(new()
    {
        Name = "Test",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.NetworkfirewallFunctions;
import com.pulumi.aws.networkfirewall.inputs.GetFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = NetworkfirewallFunctions.getFirewall(GetFirewallArgs.builder()
            .name("Test")
            .build());

    }
}

variables:
  example:
    fn::invoke:
      function: aws:networkfirewall:getFirewall
      arguments:
        name: Test

Find firewall policy by ARN and Name

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = aws.networkfirewall.getFirewall({
    arn: arn,
    name: "Test",
});

import pulumi
import pulumi_aws as aws

example = aws.networkfirewall.get_firewall(arn=arn,
    name="Test")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/networkfirewall"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networkfirewall.LookupFirewall(ctx, &networkfirewall.LookupFirewallArgs{
			Arn:  pulumi.StringRef(arn),
			Name: pulumi.StringRef("Test"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = Aws.NetworkFirewall.GetFirewall.Invoke(new()
    {
        Arn = arn,
        Name = "Test",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.NetworkfirewallFunctions;
import com.pulumi.aws.networkfirewall.inputs.GetFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = NetworkfirewallFunctions.getFirewall(GetFirewallArgs.builder()
            .arn(arn)
            .name("Test")
            .build());

    }
}

variables:
  example:
    fn::invoke:
      function: aws:networkfirewall:getFirewall
      arguments:
        arn: ${arn}
        name: Test

Using getFirewall

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getFirewall(args: GetFirewallArgs, opts?: InvokeOptions): Promise<GetFirewallResult>
function getFirewallOutput(args: GetFirewallOutputArgs, opts?: InvokeOptions): Output<GetFirewallResult>

def get_firewall(arn: Optional[str] = None,
                 name: Optional[str] = None,
                 region: Optional[str] = None,
                 tags: Optional[Mapping[str, str]] = None,
                 opts: Optional[InvokeOptions] = None) -> GetFirewallResult
def get_firewall_output(arn: Optional[pulumi.Input[str]] = None,
                 name: Optional[pulumi.Input[str]] = None,
                 region: Optional[pulumi.Input[str]] = None,
                 tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                 opts: Optional[InvokeOptions] = None) -> Output[GetFirewallResult]

func LookupFirewall(ctx *Context, args *LookupFirewallArgs, opts ...InvokeOption) (*LookupFirewallResult, error)
func LookupFirewallOutput(ctx *Context, args *LookupFirewallOutputArgs, opts ...InvokeOption) LookupFirewallResultOutput

> Note: This function is named LookupFirewall in the Go SDK.

public static class GetFirewall 
{
    public static Task<GetFirewallResult> InvokeAsync(GetFirewallArgs args, InvokeOptions? opts = null)
    public static Output<GetFirewallResult> Invoke(GetFirewallInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetFirewallResult> getFirewall(GetFirewallArgs args, InvokeOptions options)
public static Output<GetFirewallResult> getFirewall(GetFirewallArgs args, InvokeOptions options)

fn::invoke:
  function: aws:networkfirewall/getFirewall:getFirewall
  arguments:
    # arguments dictionary

The following arguments are supported:

Arn string

ARN of the firewall.

Name string

Descriptive name of the firewall.

One or more of these arguments is required.

Region string

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

Tags Dictionary<string, string>

Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Arn string

ARN of the firewall.

Name string

Descriptive name of the firewall.

One or more of these arguments is required.

Region string

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

Tags map[string]string

arn String

ARN of the firewall.

name String

Descriptive name of the firewall.

One or more of these arguments is required.

region String

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

tags Map<String,String>

arn string

ARN of the firewall.

name string

Descriptive name of the firewall.

One or more of these arguments is required.

region string

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

tags {[key: string]: string}

arn str

ARN of the firewall.

name str

Descriptive name of the firewall.

One or more of these arguments is required.

region str

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

tags Mapping[str, str]

arn String

ARN of the firewall.

name String

Descriptive name of the firewall.

One or more of these arguments is required.

region String

Region where this resource will be managed. Defaults to the Region set in the provider configuration.

tags Map<String>

getFirewall Result

The following output properties are available:

Arn string: ARN of the firewall.
AvailabilityZoneChangeProtection bool: Indicates whether the firewall is protected against changes to its Availability Zone configuration.
AvailabilityZoneMappings List<GetFirewallAvailabilityZoneMapping>: Set of Availability Zones where the firewall endpoints are created for a transit gateway-attached firewall.
DeleteProtection bool: A flag indicating whether the firewall is protected against deletion.
Description string: Description of the firewall.
EnabledAnalysisTypes List<string>: Set of types for which to collect analysis metrics.
EncryptionConfigurations List<GetFirewallEncryptionConfiguration>: AWS Key Management Service (AWS KMS) encryption settings for the firewall.
FirewallPolicyArn string: ARN of the VPC Firewall policy.
FirewallPolicyChangeProtection bool: A flag indicating whether the firewall is protected against a change to the firewall policy association.
FirewallStatuses List<GetFirewallFirewallStatus>: Nested list of information about the current status of the firewall.
Id string: The provider-assigned unique ID for this managed resource.
Name string: Descriptive name of the firewall.
Region string
SubnetChangeProtection bool: A flag indicating whether the firewall is protected against changes to the subnet associations.
SubnetMappings List<GetFirewallSubnetMapping>: Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet.
Tags Dictionary<string, string>: Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TransitGatewayId string: The unique identifier of the transit gateway associated with this firewall.
TransitGatewayOwnerAccountId string: The AWS account ID that owns the transit gateway.
UpdateToken string: String token used when updating a firewall.
VpcId string: Unique identifier of the VPC where AWS Network Firewall should create the firewall.

Arn string: ARN of the firewall.
AvailabilityZoneChangeProtection bool: Indicates whether the firewall is protected against changes to its Availability Zone configuration.
AvailabilityZoneMappings []GetFirewallAvailabilityZoneMapping: Set of Availability Zones where the firewall endpoints are created for a transit gateway-attached firewall.
DeleteProtection bool: A flag indicating whether the firewall is protected against deletion.
Description string: Description of the firewall.
EnabledAnalysisTypes []string: Set of types for which to collect analysis metrics.
EncryptionConfigurations []GetFirewallEncryptionConfiguration: AWS Key Management Service (AWS KMS) encryption settings for the firewall.
FirewallPolicyArn string: ARN of the VPC Firewall policy.
FirewallPolicyChangeProtection bool: A flag indicating whether the firewall is protected against a change to the firewall policy association.
FirewallStatuses []GetFirewallFirewallStatus: Nested list of information about the current status of the firewall.
Id string: The provider-assigned unique ID for this managed resource.
Name string: Descriptive name of the firewall.
Region string
SubnetChangeProtection bool: A flag indicating whether the firewall is protected against changes to the subnet associations.
SubnetMappings []GetFirewallSubnetMapping: Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet.
Tags map[string]string: Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TransitGatewayId string: The unique identifier of the transit gateway associated with this firewall.
TransitGatewayOwnerAccountId string: The AWS account ID that owns the transit gateway.
UpdateToken string: String token used when updating a firewall.
VpcId string: Unique identifier of the VPC where AWS Network Firewall should create the firewall.

arn String: ARN of the firewall.
availabilityZoneChangeProtection Boolean: Indicates whether the firewall is protected against changes to its Availability Zone configuration.
availabilityZoneMappings List<GetFirewallAvailabilityZoneMapping>: Set of Availability Zones where the firewall endpoints are created for a transit gateway-attached firewall.
deleteProtection Boolean: A flag indicating whether the firewall is protected against deletion.
description String: Description of the firewall.
enabledAnalysisTypes List<String>: Set of types for which to collect analysis metrics.
encryptionConfigurations List<GetFirewallEncryptionConfiguration>: AWS Key Management Service (AWS KMS) encryption settings for the firewall.
firewallPolicyArn String: ARN of the VPC Firewall policy.
firewallPolicyChangeProtection Boolean: A flag indicating whether the firewall is protected against a change to the firewall policy association.
firewallStatuses List<GetFirewallFirewallStatus>: Nested list of information about the current status of the firewall.
id String: The provider-assigned unique ID for this managed resource.
name String: Descriptive name of the firewall.
region String
subnetChangeProtection Boolean: A flag indicating whether the firewall is protected against changes to the subnet associations.
subnetMappings List<GetFirewallSubnetMapping>: Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet.
tags Map<String,String>: Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
transitGatewayId String: The unique identifier of the transit gateway associated with this firewall.
transitGatewayOwnerAccountId String: The AWS account ID that owns the transit gateway.
updateToken String: String token used when updating a firewall.
vpcId String: Unique identifier of the VPC where AWS Network Firewall should create the firewall.

arn string: ARN of the firewall.
availabilityZoneChangeProtection boolean: Indicates whether the firewall is protected against changes to its Availability Zone configuration.
availabilityZoneMappings GetFirewallAvailabilityZoneMapping[]: Set of Availability Zones where the firewall endpoints are created for a transit gateway-attached firewall.
deleteProtection boolean: A flag indicating whether the firewall is protected against deletion.
description string: Description of the firewall.
enabledAnalysisTypes string[]: Set of types for which to collect analysis metrics.
encryptionConfigurations GetFirewallEncryptionConfiguration[]: AWS Key Management Service (AWS KMS) encryption settings for the firewall.
firewallPolicyArn string: ARN of the VPC Firewall policy.
firewallPolicyChangeProtection boolean: A flag indicating whether the firewall is protected against a change to the firewall policy association.
firewallStatuses GetFirewallFirewallStatus[]: Nested list of information about the current status of the firewall.
id string: The provider-assigned unique ID for this managed resource.
name string: Descriptive name of the firewall.
region string
subnetChangeProtection boolean: A flag indicating whether the firewall is protected against changes to the subnet associations.
subnetMappings GetFirewallSubnetMapping[]: Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet.
tags {[key: string]: string}: Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
transitGatewayId string: The unique identifier of the transit gateway associated with this firewall.
transitGatewayOwnerAccountId string: The AWS account ID that owns the transit gateway.
updateToken string: String token used when updating a firewall.
vpcId string: Unique identifier of the VPC where AWS Network Firewall should create the firewall.

arn str: ARN of the firewall.
availability_zone_change_protection bool: Indicates whether the firewall is protected against changes to its Availability Zone configuration.
availability_zone_mappings Sequence[GetFirewallAvailabilityZoneMapping]: Set of Availability Zones where the firewall endpoints are created for a transit gateway-attached firewall.
delete_protection bool: A flag indicating whether the firewall is protected against deletion.
description str: Description of the firewall.
enabled_analysis_types Sequence[str]: Set of types for which to collect analysis metrics.
encryption_configurations Sequence[GetFirewallEncryptionConfiguration]: AWS Key Management Service (AWS KMS) encryption settings for the firewall.
firewall_policy_arn str: ARN of the VPC Firewall policy.
firewall_policy_change_protection bool: A flag indicating whether the firewall is protected against a change to the firewall policy association.
firewall_statuses Sequence[GetFirewallFirewallStatus]: Nested list of information about the current status of the firewall.
id str: The provider-assigned unique ID for this managed resource.
name str: Descriptive name of the firewall.
region str
subnet_change_protection bool: A flag indicating whether the firewall is protected against changes to the subnet associations.
subnet_mappings Sequence[GetFirewallSubnetMapping]: Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet.
tags Mapping[str, str]: Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
transit_gateway_id str: The unique identifier of the transit gateway associated with this firewall.
transit_gateway_owner_account_id str: The AWS account ID that owns the transit gateway.
update_token str: String token used when updating a firewall.
vpc_id str: Unique identifier of the VPC where AWS Network Firewall should create the firewall.

arn String: ARN of the firewall.
availabilityZoneChangeProtection Boolean: Indicates whether the firewall is protected against changes to its Availability Zone configuration.
availabilityZoneMappings List<Property Map>: Set of Availability Zones where the firewall endpoints are created for a transit gateway-attached firewall.
deleteProtection Boolean: A flag indicating whether the firewall is protected against deletion.
description String: Description of the firewall.
enabledAnalysisTypes List<String>: Set of types for which to collect analysis metrics.
encryptionConfigurations List<Property Map>: AWS Key Management Service (AWS KMS) encryption settings for the firewall.
firewallPolicyArn String: ARN of the VPC Firewall policy.
firewallPolicyChangeProtection Boolean: A flag indicating whether the firewall is protected against a change to the firewall policy association.
firewallStatuses List<Property Map>: Nested list of information about the current status of the firewall.
id String: The provider-assigned unique ID for this managed resource.
name String: Descriptive name of the firewall.
region String
subnetChangeProtection Boolean: A flag indicating whether the firewall is protected against changes to the subnet associations.
subnetMappings List<Property Map>: Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet.
tags Map<String>: Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
transitGatewayId String: The unique identifier of the transit gateway associated with this firewall.
transitGatewayOwnerAccountId String: The AWS account ID that owns the transit gateway.
updateToken String: String token used when updating a firewall.
vpcId String: Unique identifier of the VPC where AWS Network Firewall should create the firewall.

Supporting Types

GetFirewallAvailabilityZoneMapping

AvailabilityZoneId string: The ID of the Availability Zone where the firewall endpoint is located.

AvailabilityZoneId string: The ID of the Availability Zone where the firewall endpoint is located.

availabilityZoneId String: The ID of the Availability Zone where the firewall endpoint is located.

availabilityZoneId string: The ID of the Availability Zone where the firewall endpoint is located.

availability_zone_id str: The ID of the Availability Zone where the firewall endpoint is located.

availabilityZoneId String: The ID of the Availability Zone where the firewall endpoint is located.

GetFirewallEncryptionConfiguration

KeyId string: The ID of the AWS Key Management Service (AWS KMS) customer managed key.
Type string: The type of the AWS Key Management Service (AWS KMS) key use by the firewall.

KeyId string: The ID of the AWS Key Management Service (AWS KMS) customer managed key.
Type string: The type of the AWS Key Management Service (AWS KMS) key use by the firewall.

keyId String: The ID of the AWS Key Management Service (AWS KMS) customer managed key.
type String: The type of the AWS Key Management Service (AWS KMS) key use by the firewall.

keyId string: The ID of the AWS Key Management Service (AWS KMS) customer managed key.
type string: The type of the AWS Key Management Service (AWS KMS) key use by the firewall.

key_id str: The ID of the AWS Key Management Service (AWS KMS) customer managed key.
type str: The type of the AWS Key Management Service (AWS KMS) key use by the firewall.

keyId String: The ID of the AWS Key Management Service (AWS KMS) customer managed key.
type String: The type of the AWS Key Management Service (AWS KMS) key use by the firewall.

GetFirewallFirewallStatus

CapacityUsageSummaries List<GetFirewallFirewallStatusCapacityUsageSummary>: Aggregated count of all resources used by reference sets in a firewall.
ConfigurationSyncStateSummary string: Summary of sync states for all availability zones in which the firewall is configured.
Status string: The current status of the firewall endpoint instantiation in the subnet.
SyncStates List<GetFirewallFirewallStatusSyncState>: Set of subnets configured for use by the firewall.
TransitGatewayAttachmentSyncStates List<GetFirewallFirewallStatusTransitGatewayAttachmentSyncState>: Set of transit gateway configured for use by the firewall.

CapacityUsageSummaries []GetFirewallFirewallStatusCapacityUsageSummary: Aggregated count of all resources used by reference sets in a firewall.
ConfigurationSyncStateSummary string: Summary of sync states for all availability zones in which the firewall is configured.
Status string: The current status of the firewall endpoint instantiation in the subnet.
SyncStates []GetFirewallFirewallStatusSyncState: Set of subnets configured for use by the firewall.
TransitGatewayAttachmentSyncStates []GetFirewallFirewallStatusTransitGatewayAttachmentSyncState: Set of transit gateway configured for use by the firewall.

capacityUsageSummaries List<GetFirewallFirewallStatusCapacityUsageSummary>: Aggregated count of all resources used by reference sets in a firewall.
configurationSyncStateSummary String: Summary of sync states for all availability zones in which the firewall is configured.
status String: The current status of the firewall endpoint instantiation in the subnet.
syncStates List<GetFirewallFirewallStatusSyncState>: Set of subnets configured for use by the firewall.
transitGatewayAttachmentSyncStates List<GetFirewallFirewallStatusTransitGatewayAttachmentSyncState>: Set of transit gateway configured for use by the firewall.

capacityUsageSummaries GetFirewallFirewallStatusCapacityUsageSummary[]: Aggregated count of all resources used by reference sets in a firewall.
configurationSyncStateSummary string: Summary of sync states for all availability zones in which the firewall is configured.
status string: The current status of the firewall endpoint instantiation in the subnet.
syncStates GetFirewallFirewallStatusSyncState[]: Set of subnets configured for use by the firewall.
transitGatewayAttachmentSyncStates GetFirewallFirewallStatusTransitGatewayAttachmentSyncState[]: Set of transit gateway configured for use by the firewall.

capacity_usage_summaries Sequence[GetFirewallFirewallStatusCapacityUsageSummary]: Aggregated count of all resources used by reference sets in a firewall.
configuration_sync_state_summary str: Summary of sync states for all availability zones in which the firewall is configured.
status str: The current status of the firewall endpoint instantiation in the subnet.
sync_states Sequence[GetFirewallFirewallStatusSyncState]: Set of subnets configured for use by the firewall.
transit_gateway_attachment_sync_states Sequence[GetFirewallFirewallStatusTransitGatewayAttachmentSyncState]: Set of transit gateway configured for use by the firewall.

capacityUsageSummaries List<Property Map>: Aggregated count of all resources used by reference sets in a firewall.
configurationSyncStateSummary String: Summary of sync states for all availability zones in which the firewall is configured.
status String: The current status of the firewall endpoint instantiation in the subnet.
syncStates List<Property Map>: Set of subnets configured for use by the firewall.
transitGatewayAttachmentSyncStates List<Property Map>: Set of transit gateway configured for use by the firewall.

GetFirewallFirewallStatusCapacityUsageSummary

Cidrs List<GetFirewallFirewallStatusCapacityUsageSummaryCidr>: Capacity usage of CIDR blocks used by IP set references in a firewall.

Cidrs []GetFirewallFirewallStatusCapacityUsageSummaryCidr: Capacity usage of CIDR blocks used by IP set references in a firewall.

cidrs List<GetFirewallFirewallStatusCapacityUsageSummaryCidr>: Capacity usage of CIDR blocks used by IP set references in a firewall.

cidrs GetFirewallFirewallStatusCapacityUsageSummaryCidr[]: Capacity usage of CIDR blocks used by IP set references in a firewall.

cidrs Sequence[GetFirewallFirewallStatusCapacityUsageSummaryCidr]: Capacity usage of CIDR blocks used by IP set references in a firewall.

cidrs List<Property Map>: Capacity usage of CIDR blocks used by IP set references in a firewall.

GetFirewallFirewallStatusCapacityUsageSummaryCidr

AvailableCidrCount int: Available number of CIDR blocks available for use by the IP set references in a firewall.
IpSetReferences List<GetFirewallFirewallStatusCapacityUsageSummaryCidrIpSetReference>: The list of IP set references used by a firewall.
UtilizedCidrCount int: Number of CIDR blocks used by the IP set references in a firewall.

AvailableCidrCount int: Available number of CIDR blocks available for use by the IP set references in a firewall.
IpSetReferences []GetFirewallFirewallStatusCapacityUsageSummaryCidrIpSetReference: The list of IP set references used by a firewall.
UtilizedCidrCount int: Number of CIDR blocks used by the IP set references in a firewall.

availableCidrCount Integer: Available number of CIDR blocks available for use by the IP set references in a firewall.
ipSetReferences List<GetFirewallFirewallStatusCapacityUsageSummaryCidrIpSetReference>: The list of IP set references used by a firewall.
utilizedCidrCount Integer: Number of CIDR blocks used by the IP set references in a firewall.

availableCidrCount number: Available number of CIDR blocks available for use by the IP set references in a firewall.
ipSetReferences GetFirewallFirewallStatusCapacityUsageSummaryCidrIpSetReference[]: The list of IP set references used by a firewall.
utilizedCidrCount number: Number of CIDR blocks used by the IP set references in a firewall.

available_cidr_count int: Available number of CIDR blocks available for use by the IP set references in a firewall.
ip_set_references Sequence[GetFirewallFirewallStatusCapacityUsageSummaryCidrIpSetReference]: The list of IP set references used by a firewall.
utilized_cidr_count int: Number of CIDR blocks used by the IP set references in a firewall.

availableCidrCount Number: Available number of CIDR blocks available for use by the IP set references in a firewall.
ipSetReferences List<Property Map>: The list of IP set references used by a firewall.
utilizedCidrCount Number: Number of CIDR blocks used by the IP set references in a firewall.

GetFirewallFirewallStatusCapacityUsageSummaryCidrIpSetReference

ResolvedCidrCount int: Total number of CIDR blocks used by the IP set references in a firewall.

ResolvedCidrCount int: Total number of CIDR blocks used by the IP set references in a firewall.

resolvedCidrCount Integer: Total number of CIDR blocks used by the IP set references in a firewall.

resolvedCidrCount number: Total number of CIDR blocks used by the IP set references in a firewall.

resolved_cidr_count int: Total number of CIDR blocks used by the IP set references in a firewall.

resolvedCidrCount Number: Total number of CIDR blocks used by the IP set references in a firewall.

GetFirewallFirewallStatusSyncState

Attachments List<GetFirewallFirewallStatusSyncStateAttachment>: Nested list describing the attachment status of the firewall's association with a single VPC subnet.
AvailabilityZone string: The Availability Zone where the subnet is configured.

Attachments []GetFirewallFirewallStatusSyncStateAttachment: Nested list describing the attachment status of the firewall's association with a single VPC subnet.
AvailabilityZone string: The Availability Zone where the subnet is configured.

attachments List<GetFirewallFirewallStatusSyncStateAttachment>: Nested list describing the attachment status of the firewall's association with a single VPC subnet.
availabilityZone String: The Availability Zone where the subnet is configured.

attachments GetFirewallFirewallStatusSyncStateAttachment[]: Nested list describing the attachment status of the firewall's association with a single VPC subnet.
availabilityZone string: The Availability Zone where the subnet is configured.

attachments Sequence[GetFirewallFirewallStatusSyncStateAttachment]: Nested list describing the attachment status of the firewall's association with a single VPC subnet.
availability_zone str: The Availability Zone where the subnet is configured.

attachments List<Property Map>: Nested list describing the attachment status of the firewall's association with a single VPC subnet.
availabilityZone String: The Availability Zone where the subnet is configured.

GetFirewallFirewallStatusSyncStateAttachment

EndpointId string: The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
Status string: The current status of the firewall endpoint instantiation in the subnet.
StatusMessage string: A message providing additional information about the current status.
SubnetId string: The unique identifier for the subnet.

EndpointId string: The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
Status string: The current status of the firewall endpoint instantiation in the subnet.
StatusMessage string: A message providing additional information about the current status.
SubnetId string: The unique identifier for the subnet.

endpointId String: The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
status String: The current status of the firewall endpoint instantiation in the subnet.
statusMessage String: A message providing additional information about the current status.
subnetId String: The unique identifier for the subnet.

endpointId string: The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
status string: The current status of the firewall endpoint instantiation in the subnet.
statusMessage string: A message providing additional information about the current status.
subnetId string: The unique identifier for the subnet.

endpoint_id str: The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
status str: The current status of the firewall endpoint instantiation in the subnet.
status_message str: A message providing additional information about the current status.
subnet_id str: The unique identifier for the subnet.

endpointId String: The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
status String: The current status of the firewall endpoint instantiation in the subnet.
statusMessage String: A message providing additional information about the current status.
subnetId String: The unique identifier for the subnet.

GetFirewallFirewallStatusTransitGatewayAttachmentSyncState

AttachmentId string: The unique identifier of the transit gateway attachment.
StatusMessage string: A message providing additional information about the current status.
TransitGatewayAttachmentStatus string: The current status of the transit gateway attachment.

AttachmentId string: The unique identifier of the transit gateway attachment.
StatusMessage string: A message providing additional information about the current status.
TransitGatewayAttachmentStatus string: The current status of the transit gateway attachment.

attachmentId String: The unique identifier of the transit gateway attachment.
statusMessage String: A message providing additional information about the current status.
transitGatewayAttachmentStatus String: The current status of the transit gateway attachment.

attachmentId string: The unique identifier of the transit gateway attachment.
statusMessage string: A message providing additional information about the current status.
transitGatewayAttachmentStatus string: The current status of the transit gateway attachment.

attachment_id str: The unique identifier of the transit gateway attachment.
status_message str: A message providing additional information about the current status.
transit_gateway_attachment_status str: The current status of the transit gateway attachment.

attachmentId String: The unique identifier of the transit gateway attachment.
statusMessage String: A message providing additional information about the current status.
transitGatewayAttachmentStatus String: The current status of the transit gateway attachment.

GetFirewallSubnetMapping

SubnetId string: The unique identifier for the subnet.

SubnetId string: The unique identifier for the subnet.

subnetId String: The unique identifier for the subnet.

subnetId string: The unique identifier for the subnet.

subnet_id str: The unique identifier for the subnet.

subnetId String: The unique identifier for the subnet.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v7.4.0 published on Wednesday, Aug 13, 2025 by Pulumi

pulumi/pulumi-aws

aws.networkfirewall.getFirewall

On this page

On this page

Example Usage

Find firewall policy by ARN

Find firewall policy by Name

Find firewall policy by ARN and Name

Using getFirewall

getFirewall Result

Supporting Types

GetFirewallAvailabilityZoneMapping

GetFirewallEncryptionConfiguration

GetFirewallFirewallStatus

GetFirewallFirewallStatusCapacityUsageSummary

GetFirewallFirewallStatusCapacityUsageSummaryCidr

GetFirewallFirewallStatusCapacityUsageSummaryCidrIpSetReference

GetFirewallFirewallStatusSyncState

GetFirewallFirewallStatusSyncStateAttachment

GetFirewallFirewallStatusTransitGatewayAttachmentSyncState

GetFirewallSubnetMapping

Package Details

On this page

On this page