Resource: awsNetworkfirewallFirewall
Provides an AWS Network Firewall Firewall Resource
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.networkfirewallFirewall.NetworkfirewallFirewall(this, "example", {
firewallPolicyArn: "${aws_networkfirewall_firewall_policy.example.arn}",
name: "example",
subnetMapping: [
{
subnetId: "${aws_subnet.example.id}",
},
],
tags: {
Tag1: "Value1",
Tag2: "Value2",
},
vpcId: "${aws_vpc.example.id}",
});
Argument Reference
The following arguments are supported:
-
deleteProtection- (Optional) A boolean flag indicating whether it is possible to delete the firewall. Defaults tofalse. -
description- (Optional) A friendly description of the firewall. -
encryptionConfiguration- (Optional) KMS encryption configuration settings. See Encryption Configuration below for details. -
firewallPolicyArn- (Required) The Amazon Resource Name (ARN) of the VPC Firewall policy. -
firewallPolicyChangeProtection- (Option) A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults tofalse. -
name- (Required, Forces new resource) A friendly name of the firewall. -
subnetChangeProtection- (Optional) A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults tofalse. -
subnetMapping- (Required) Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details. -
tags- (Optional) Map of resource tags to associate with the resource. If configured with a providerdefaultTagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. -
vpcId- (Required, Forces new resource) The unique identifier of the VPC where AWS Network Firewall should create the firewall.
Encryption Configuration
encryptionConfiguration settings for customer managed KMS keys. Remove this block to use the default AWS-managed KMS encryption (rather than setting type to AWS_OWNED_KMS_KEY).
keyId- (Optional) The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.type- (Required) The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values areCUSTOMER_KMSandAWS_OWNED_KMS_KEY.
Subnet Mapping
The subnetMapping block supports the following arguments:
ipAddressType- (Optional) The subnet's IP address type. Valida values:"dualstack","ipv4".subnetId- (Required) The unique identifier for the subnet.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
-
id- The Amazon Resource Name (ARN) that identifies the firewall. -
arn- The Amazon Resource Name (ARN) that identifies the firewall. -
firewallStatus- Nested list of information about the current status of the firewall.syncStates- Set of subnets configured for use by the firewall.attachment- Nested list describing the attachment status of the firewall's association with a single VPC subnet.endpointId- The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.subnetId- The unique identifier of the subnet that you've specified to be used for a firewall endpoint.
availabilityZone- The Availability Zone where the subnet is configured.
-
tagsAll- A map of tags assigned to the resource, including those inherited from the providerdefaultTagsconfiguration block. -
updateToken- A string token used when updating a firewall.
Import
Network Firewall Firewalls can be imported using their arn.