1. Packages
  2. AWS
  3. API Docs
  4. networkfirewall
  5. Firewall
AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi

aws.networkfirewall.Firewall

Explore with Pulumi AI

Provides an AWS Network Firewall Firewall Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.networkfirewall.Firewall("example", {
    name: "example",
    firewallPolicyArn: exampleAwsNetworkfirewallFirewallPolicy.arn,
    vpcId: exampleAwsVpc.id,
    subnetMappings: [{
        subnetId: exampleAwsSubnet.id,
    }],
    tags: {
        Tag1: "Value1",
        Tag2: "Value2",
    },
});
Copy
import pulumi
import pulumi_aws as aws

example = aws.networkfirewall.Firewall("example",
    name="example",
    firewall_policy_arn=example_aws_networkfirewall_firewall_policy["arn"],
    vpc_id=example_aws_vpc["id"],
    subnet_mappings=[{
        "subnet_id": example_aws_subnet["id"],
    }],
    tags={
        "Tag1": "Value1",
        "Tag2": "Value2",
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networkfirewall.NewFirewall(ctx, "example", &networkfirewall.FirewallArgs{
			Name:              pulumi.String("example"),
			FirewallPolicyArn: pulumi.Any(exampleAwsNetworkfirewallFirewallPolicy.Arn),
			VpcId:             pulumi.Any(exampleAwsVpc.Id),
			SubnetMappings: networkfirewall.FirewallSubnetMappingArray{
				&networkfirewall.FirewallSubnetMappingArgs{
					SubnetId: pulumi.Any(exampleAwsSubnet.Id),
				},
			},
			Tags: pulumi.StringMap{
				"Tag1": pulumi.String("Value1"),
				"Tag2": pulumi.String("Value2"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.NetworkFirewall.Firewall("example", new()
    {
        Name = "example",
        FirewallPolicyArn = exampleAwsNetworkfirewallFirewallPolicy.Arn,
        VpcId = exampleAwsVpc.Id,
        SubnetMappings = new[]
        {
            new Aws.NetworkFirewall.Inputs.FirewallSubnetMappingArgs
            {
                SubnetId = exampleAwsSubnet.Id,
            },
        },
        Tags = 
        {
            { "Tag1", "Value1" },
            { "Tag2", "Value2" },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.Firewall;
import com.pulumi.aws.networkfirewall.FirewallArgs;
import com.pulumi.aws.networkfirewall.inputs.FirewallSubnetMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new Firewall("example", FirewallArgs.builder()
            .name("example")
            .firewallPolicyArn(exampleAwsNetworkfirewallFirewallPolicy.arn())
            .vpcId(exampleAwsVpc.id())
            .subnetMappings(FirewallSubnetMappingArgs.builder()
                .subnetId(exampleAwsSubnet.id())
                .build())
            .tags(Map.ofEntries(
                Map.entry("Tag1", "Value1"),
                Map.entry("Tag2", "Value2")
            ))
            .build());

    }
}
Copy
resources:
  example:
    type: aws:networkfirewall:Firewall
    properties:
      name: example
      firewallPolicyArn: ${exampleAwsNetworkfirewallFirewallPolicy.arn}
      vpcId: ${exampleAwsVpc.id}
      subnetMappings:
        - subnetId: ${exampleAwsSubnet.id}
      tags:
        Tag1: Value1
        Tag2: Value2
Copy

Create Firewall Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Firewall(name: string, args: FirewallArgs, opts?: CustomResourceOptions);
@overload
def Firewall(resource_name: str,
             args: FirewallArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Firewall(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             firewall_policy_arn: Optional[str] = None,
             subnet_mappings: Optional[Sequence[FirewallSubnetMappingArgs]] = None,
             vpc_id: Optional[str] = None,
             delete_protection: Optional[bool] = None,
             description: Optional[str] = None,
             encryption_configuration: Optional[FirewallEncryptionConfigurationArgs] = None,
             firewall_policy_change_protection: Optional[bool] = None,
             name: Optional[str] = None,
             subnet_change_protection: Optional[bool] = None,
             tags: Optional[Mapping[str, str]] = None)
func NewFirewall(ctx *Context, name string, args FirewallArgs, opts ...ResourceOption) (*Firewall, error)
public Firewall(string name, FirewallArgs args, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: aws:networkfirewall:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. FirewallArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. FirewallArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. FirewallArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var firewallResource = new Aws.NetworkFirewall.Firewall("firewallResource", new()
{
    FirewallPolicyArn = "string",
    SubnetMappings = new[]
    {
        new Aws.NetworkFirewall.Inputs.FirewallSubnetMappingArgs
        {
            SubnetId = "string",
            IpAddressType = "string",
        },
    },
    VpcId = "string",
    DeleteProtection = false,
    Description = "string",
    EncryptionConfiguration = new Aws.NetworkFirewall.Inputs.FirewallEncryptionConfigurationArgs
    {
        Type = "string",
        KeyId = "string",
    },
    FirewallPolicyChangeProtection = false,
    Name = "string",
    SubnetChangeProtection = false,
    Tags = 
    {
        { "string", "string" },
    },
});
Copy
example, err := networkfirewall.NewFirewall(ctx, "firewallResource", &networkfirewall.FirewallArgs{
	FirewallPolicyArn: pulumi.String("string"),
	SubnetMappings: networkfirewall.FirewallSubnetMappingArray{
		&networkfirewall.FirewallSubnetMappingArgs{
			SubnetId:      pulumi.String("string"),
			IpAddressType: pulumi.String("string"),
		},
	},
	VpcId:            pulumi.String("string"),
	DeleteProtection: pulumi.Bool(false),
	Description:      pulumi.String("string"),
	EncryptionConfiguration: &networkfirewall.FirewallEncryptionConfigurationArgs{
		Type:  pulumi.String("string"),
		KeyId: pulumi.String("string"),
	},
	FirewallPolicyChangeProtection: pulumi.Bool(false),
	Name:                           pulumi.String("string"),
	SubnetChangeProtection:         pulumi.Bool(false),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})
Copy
var firewallResource = new Firewall("firewallResource", FirewallArgs.builder()
    .firewallPolicyArn("string")
    .subnetMappings(FirewallSubnetMappingArgs.builder()
        .subnetId("string")
        .ipAddressType("string")
        .build())
    .vpcId("string")
    .deleteProtection(false)
    .description("string")
    .encryptionConfiguration(FirewallEncryptionConfigurationArgs.builder()
        .type("string")
        .keyId("string")
        .build())
    .firewallPolicyChangeProtection(false)
    .name("string")
    .subnetChangeProtection(false)
    .tags(Map.of("string", "string"))
    .build());
Copy
firewall_resource = aws.networkfirewall.Firewall("firewallResource",
    firewall_policy_arn="string",
    subnet_mappings=[{
        "subnet_id": "string",
        "ip_address_type": "string",
    }],
    vpc_id="string",
    delete_protection=False,
    description="string",
    encryption_configuration={
        "type": "string",
        "key_id": "string",
    },
    firewall_policy_change_protection=False,
    name="string",
    subnet_change_protection=False,
    tags={
        "string": "string",
    })
Copy
const firewallResource = new aws.networkfirewall.Firewall("firewallResource", {
    firewallPolicyArn: "string",
    subnetMappings: [{
        subnetId: "string",
        ipAddressType: "string",
    }],
    vpcId: "string",
    deleteProtection: false,
    description: "string",
    encryptionConfiguration: {
        type: "string",
        keyId: "string",
    },
    firewallPolicyChangeProtection: false,
    name: "string",
    subnetChangeProtection: false,
    tags: {
        string: "string",
    },
});
Copy
type: aws:networkfirewall:Firewall
properties:
    deleteProtection: false
    description: string
    encryptionConfiguration:
        keyId: string
        type: string
    firewallPolicyArn: string
    firewallPolicyChangeProtection: false
    name: string
    subnetChangeProtection: false
    subnetMappings:
        - ipAddressType: string
          subnetId: string
    tags:
        string: string
    vpcId: string
Copy

Firewall Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Firewall resource accepts the following input properties:

FirewallPolicyArn This property is required. string
The Amazon Resource Name (ARN) of the VPC Firewall policy.
SubnetMappings This property is required. List<FirewallSubnetMapping>
Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
VpcId
This property is required.
Changes to this property will trigger replacement.
string
The unique identifier of the VPC where AWS Network Firewall should create the firewall.
DeleteProtection bool
A flag indicating whether the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. Defaults to false.
Description string
A friendly description of the firewall.
EncryptionConfiguration FirewallEncryptionConfiguration
KMS encryption configuration settings. See Encryption Configuration below for details.
FirewallPolicyChangeProtection bool
A flag indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. Defaults to false.
Name Changes to this property will trigger replacement. string
A friendly name of the firewall.
SubnetChangeProtection bool
A flag indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. Defaults to false.
Tags Dictionary<string, string>
Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
FirewallPolicyArn This property is required. string
The Amazon Resource Name (ARN) of the VPC Firewall policy.
SubnetMappings This property is required. []FirewallSubnetMappingArgs
Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
VpcId
This property is required.
Changes to this property will trigger replacement.
string
The unique identifier of the VPC where AWS Network Firewall should create the firewall.
DeleteProtection bool
A flag indicating whether the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. Defaults to false.
Description string
A friendly description of the firewall.
EncryptionConfiguration FirewallEncryptionConfigurationArgs
KMS encryption configuration settings. See Encryption Configuration below for details.
FirewallPolicyChangeProtection bool
A flag indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. Defaults to false.
Name Changes to this property will trigger replacement. string
A friendly name of the firewall.
SubnetChangeProtection bool
A flag indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. Defaults to false.
Tags map[string]string
Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
firewallPolicyArn This property is required. String
The Amazon Resource Name (ARN) of the VPC Firewall policy.
subnetMappings This property is required. List<FirewallSubnetMapping>
Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
vpcId
This property is required.
Changes to this property will trigger replacement.
String
The unique identifier of the VPC where AWS Network Firewall should create the firewall.
deleteProtection Boolean
A flag indicating whether the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. Defaults to false.
description String
A friendly description of the firewall.
encryptionConfiguration FirewallEncryptionConfiguration
KMS encryption configuration settings. See Encryption Configuration below for details.
firewallPolicyChangeProtection Boolean
A flag indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. Defaults to false.
name Changes to this property will trigger replacement. String
A friendly name of the firewall.
subnetChangeProtection Boolean
A flag indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. Defaults to false.
tags Map<String,String>
Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
firewallPolicyArn This property is required. string
The Amazon Resource Name (ARN) of the VPC Firewall policy.
subnetMappings This property is required. FirewallSubnetMapping[]
Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
vpcId
This property is required.
Changes to this property will trigger replacement.
string
The unique identifier of the VPC where AWS Network Firewall should create the firewall.
deleteProtection boolean
A flag indicating whether the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. Defaults to false.
description string
A friendly description of the firewall.
encryptionConfiguration FirewallEncryptionConfiguration
KMS encryption configuration settings. See Encryption Configuration below for details.
firewallPolicyChangeProtection boolean
A flag indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. Defaults to false.
name Changes to this property will trigger replacement. string
A friendly name of the firewall.
subnetChangeProtection boolean
A flag indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. Defaults to false.
tags {[key: string]: string}
Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
firewall_policy_arn This property is required. str
The Amazon Resource Name (ARN) of the VPC Firewall policy.
subnet_mappings This property is required. Sequence[FirewallSubnetMappingArgs]
Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
vpc_id
This property is required.
Changes to this property will trigger replacement.
str
The unique identifier of the VPC where AWS Network Firewall should create the firewall.
delete_protection bool
A flag indicating whether the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. Defaults to false.
description str
A friendly description of the firewall.
encryption_configuration FirewallEncryptionConfigurationArgs
KMS encryption configuration settings. See Encryption Configuration below for details.
firewall_policy_change_protection bool
A flag indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. Defaults to false.
name Changes to this property will trigger replacement. str
A friendly name of the firewall.
subnet_change_protection bool
A flag indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. Defaults to false.
tags Mapping[str, str]
Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
firewallPolicyArn This property is required. String
The Amazon Resource Name (ARN) of the VPC Firewall policy.
subnetMappings This property is required. List<Property Map>
Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
vpcId
This property is required.
Changes to this property will trigger replacement.
String
The unique identifier of the VPC where AWS Network Firewall should create the firewall.
deleteProtection Boolean
A flag indicating whether the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. Defaults to false.
description String
A friendly description of the firewall.
encryptionConfiguration Property Map
KMS encryption configuration settings. See Encryption Configuration below for details.
firewallPolicyChangeProtection Boolean
A flag indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. Defaults to false.
name Changes to this property will trigger replacement. String
A friendly name of the firewall.
subnetChangeProtection Boolean
A flag indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. Defaults to false.
tags Map<String>
Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

Arn string
The Amazon Resource Name (ARN) that identifies the firewall.
FirewallStatuses List<FirewallFirewallStatus>
Nested list of information about the current status of the firewall.
Id string
The provider-assigned unique ID for this managed resource.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

UpdateToken string
A string token used when updating a firewall.
Arn string
The Amazon Resource Name (ARN) that identifies the firewall.
FirewallStatuses []FirewallFirewallStatus
Nested list of information about the current status of the firewall.
Id string
The provider-assigned unique ID for this managed resource.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

UpdateToken string
A string token used when updating a firewall.
arn String
The Amazon Resource Name (ARN) that identifies the firewall.
firewallStatuses List<FirewallFirewallStatus>
Nested list of information about the current status of the firewall.
id String
The provider-assigned unique ID for this managed resource.
tagsAll Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

updateToken String
A string token used when updating a firewall.
arn string
The Amazon Resource Name (ARN) that identifies the firewall.
firewallStatuses FirewallFirewallStatus[]
Nested list of information about the current status of the firewall.
id string
The provider-assigned unique ID for this managed resource.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

updateToken string
A string token used when updating a firewall.
arn str
The Amazon Resource Name (ARN) that identifies the firewall.
firewall_statuses Sequence[FirewallFirewallStatus]
Nested list of information about the current status of the firewall.
id str
The provider-assigned unique ID for this managed resource.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

update_token str
A string token used when updating a firewall.
arn String
The Amazon Resource Name (ARN) that identifies the firewall.
firewallStatuses List<Property Map>
Nested list of information about the current status of the firewall.
id String
The provider-assigned unique ID for this managed resource.
tagsAll Map<String>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

updateToken String
A string token used when updating a firewall.

Look up Existing Firewall Resource

Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        delete_protection: Optional[bool] = None,
        description: Optional[str] = None,
        encryption_configuration: Optional[FirewallEncryptionConfigurationArgs] = None,
        firewall_policy_arn: Optional[str] = None,
        firewall_policy_change_protection: Optional[bool] = None,
        firewall_statuses: Optional[Sequence[FirewallFirewallStatusArgs]] = None,
        name: Optional[str] = None,
        subnet_change_protection: Optional[bool] = None,
        subnet_mappings: Optional[Sequence[FirewallSubnetMappingArgs]] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        update_token: Optional[str] = None,
        vpc_id: Optional[str] = None) -> Firewall
func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)
public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)
public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)
resources:  _:    type: aws:networkfirewall:Firewall    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string
The Amazon Resource Name (ARN) that identifies the firewall.
DeleteProtection bool
A flag indicating whether the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. Defaults to false.
Description string
A friendly description of the firewall.
EncryptionConfiguration FirewallEncryptionConfiguration
KMS encryption configuration settings. See Encryption Configuration below for details.
FirewallPolicyArn string
The Amazon Resource Name (ARN) of the VPC Firewall policy.
FirewallPolicyChangeProtection bool
A flag indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. Defaults to false.
FirewallStatuses List<FirewallFirewallStatus>
Nested list of information about the current status of the firewall.
Name Changes to this property will trigger replacement. string
A friendly name of the firewall.
SubnetChangeProtection bool
A flag indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. Defaults to false.
SubnetMappings List<FirewallSubnetMapping>
Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
Tags Dictionary<string, string>
Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

UpdateToken string
A string token used when updating a firewall.
VpcId Changes to this property will trigger replacement. string
The unique identifier of the VPC where AWS Network Firewall should create the firewall.
Arn string
The Amazon Resource Name (ARN) that identifies the firewall.
DeleteProtection bool
A flag indicating whether the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. Defaults to false.
Description string
A friendly description of the firewall.
EncryptionConfiguration FirewallEncryptionConfigurationArgs
KMS encryption configuration settings. See Encryption Configuration below for details.
FirewallPolicyArn string
The Amazon Resource Name (ARN) of the VPC Firewall policy.
FirewallPolicyChangeProtection bool
A flag indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. Defaults to false.
FirewallStatuses []FirewallFirewallStatusArgs
Nested list of information about the current status of the firewall.
Name Changes to this property will trigger replacement. string
A friendly name of the firewall.
SubnetChangeProtection bool
A flag indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. Defaults to false.
SubnetMappings []FirewallSubnetMappingArgs
Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
Tags map[string]string
Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

UpdateToken string
A string token used when updating a firewall.
VpcId Changes to this property will trigger replacement. string
The unique identifier of the VPC where AWS Network Firewall should create the firewall.
arn String
The Amazon Resource Name (ARN) that identifies the firewall.
deleteProtection Boolean
A flag indicating whether the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. Defaults to false.
description String
A friendly description of the firewall.
encryptionConfiguration FirewallEncryptionConfiguration
KMS encryption configuration settings. See Encryption Configuration below for details.
firewallPolicyArn String
The Amazon Resource Name (ARN) of the VPC Firewall policy.
firewallPolicyChangeProtection Boolean
A flag indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. Defaults to false.
firewallStatuses List<FirewallFirewallStatus>
Nested list of information about the current status of the firewall.
name Changes to this property will trigger replacement. String
A friendly name of the firewall.
subnetChangeProtection Boolean
A flag indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. Defaults to false.
subnetMappings List<FirewallSubnetMapping>
Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
tags Map<String,String>
Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

updateToken String
A string token used when updating a firewall.
vpcId Changes to this property will trigger replacement. String
The unique identifier of the VPC where AWS Network Firewall should create the firewall.
arn string
The Amazon Resource Name (ARN) that identifies the firewall.
deleteProtection boolean
A flag indicating whether the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. Defaults to false.
description string
A friendly description of the firewall.
encryptionConfiguration FirewallEncryptionConfiguration
KMS encryption configuration settings. See Encryption Configuration below for details.
firewallPolicyArn string
The Amazon Resource Name (ARN) of the VPC Firewall policy.
firewallPolicyChangeProtection boolean
A flag indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. Defaults to false.
firewallStatuses FirewallFirewallStatus[]
Nested list of information about the current status of the firewall.
name Changes to this property will trigger replacement. string
A friendly name of the firewall.
subnetChangeProtection boolean
A flag indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. Defaults to false.
subnetMappings FirewallSubnetMapping[]
Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
tags {[key: string]: string}
Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

updateToken string
A string token used when updating a firewall.
vpcId Changes to this property will trigger replacement. string
The unique identifier of the VPC where AWS Network Firewall should create the firewall.
arn str
The Amazon Resource Name (ARN) that identifies the firewall.
delete_protection bool
A flag indicating whether the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. Defaults to false.
description str
A friendly description of the firewall.
encryption_configuration FirewallEncryptionConfigurationArgs
KMS encryption configuration settings. See Encryption Configuration below for details.
firewall_policy_arn str
The Amazon Resource Name (ARN) of the VPC Firewall policy.
firewall_policy_change_protection bool
A flag indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. Defaults to false.
firewall_statuses Sequence[FirewallFirewallStatusArgs]
Nested list of information about the current status of the firewall.
name Changes to this property will trigger replacement. str
A friendly name of the firewall.
subnet_change_protection bool
A flag indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. Defaults to false.
subnet_mappings Sequence[FirewallSubnetMappingArgs]
Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
tags Mapping[str, str]
Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

update_token str
A string token used when updating a firewall.
vpc_id Changes to this property will trigger replacement. str
The unique identifier of the VPC where AWS Network Firewall should create the firewall.
arn String
The Amazon Resource Name (ARN) that identifies the firewall.
deleteProtection Boolean
A flag indicating whether the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. Defaults to false.
description String
A friendly description of the firewall.
encryptionConfiguration Property Map
KMS encryption configuration settings. See Encryption Configuration below for details.
firewallPolicyArn String
The Amazon Resource Name (ARN) of the VPC Firewall policy.
firewallPolicyChangeProtection Boolean
A flag indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. Defaults to false.
firewallStatuses List<Property Map>
Nested list of information about the current status of the firewall.
name Changes to this property will trigger replacement. String
A friendly name of the firewall.
subnetChangeProtection Boolean
A flag indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. Defaults to false.
subnetMappings List<Property Map>
Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.
tags Map<String>
Map of resource tags to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>
A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Deprecated: Please use tags instead.

updateToken String
A string token used when updating a firewall.
vpcId Changes to this property will trigger replacement. String
The unique identifier of the VPC where AWS Network Firewall should create the firewall.

Supporting Types

FirewallEncryptionConfiguration
, FirewallEncryptionConfigurationArgs

Type This property is required. string
The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are CUSTOMER_KMS and AWS_OWNED_KMS_KEY.
KeyId string
The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
Type This property is required. string
The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are CUSTOMER_KMS and AWS_OWNED_KMS_KEY.
KeyId string
The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
type This property is required. String
The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are CUSTOMER_KMS and AWS_OWNED_KMS_KEY.
keyId String
The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
type This property is required. string
The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are CUSTOMER_KMS and AWS_OWNED_KMS_KEY.
keyId string
The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
type This property is required. str
The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are CUSTOMER_KMS and AWS_OWNED_KMS_KEY.
key_id str
The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.
type This property is required. String
The type of AWS KMS key to use for encryption of your Network Firewall resources. Valid values are CUSTOMER_KMS and AWS_OWNED_KMS_KEY.
keyId String
The ID of the customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN.

FirewallFirewallStatus
, FirewallFirewallStatusArgs

SyncStates List<FirewallFirewallStatusSyncState>
Set of subnets configured for use by the firewall.
SyncStates []FirewallFirewallStatusSyncState
Set of subnets configured for use by the firewall.
syncStates List<FirewallFirewallStatusSyncState>
Set of subnets configured for use by the firewall.
syncStates FirewallFirewallStatusSyncState[]
Set of subnets configured for use by the firewall.
sync_states Sequence[FirewallFirewallStatusSyncState]
Set of subnets configured for use by the firewall.
syncStates List<Property Map>
Set of subnets configured for use by the firewall.

FirewallFirewallStatusSyncState
, FirewallFirewallStatusSyncStateArgs

Attachments List<FirewallFirewallStatusSyncStateAttachment>
Nested list describing the attachment status of the firewall's association with a single VPC subnet.
AvailabilityZone string
The Availability Zone where the subnet is configured.
Attachments []FirewallFirewallStatusSyncStateAttachment
Nested list describing the attachment status of the firewall's association with a single VPC subnet.
AvailabilityZone string
The Availability Zone where the subnet is configured.
attachments List<FirewallFirewallStatusSyncStateAttachment>
Nested list describing the attachment status of the firewall's association with a single VPC subnet.
availabilityZone String
The Availability Zone where the subnet is configured.
attachments FirewallFirewallStatusSyncStateAttachment[]
Nested list describing the attachment status of the firewall's association with a single VPC subnet.
availabilityZone string
The Availability Zone where the subnet is configured.
attachments Sequence[FirewallFirewallStatusSyncStateAttachment]
Nested list describing the attachment status of the firewall's association with a single VPC subnet.
availability_zone str
The Availability Zone where the subnet is configured.
attachments List<Property Map>
Nested list describing the attachment status of the firewall's association with a single VPC subnet.
availabilityZone String
The Availability Zone where the subnet is configured.

FirewallFirewallStatusSyncStateAttachment
, FirewallFirewallStatusSyncStateAttachmentArgs

EndpointId string
The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
SubnetId string
The unique identifier of the subnet that you've specified to be used for a firewall endpoint.
EndpointId string
The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
SubnetId string
The unique identifier of the subnet that you've specified to be used for a firewall endpoint.
endpointId String
The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
subnetId String
The unique identifier of the subnet that you've specified to be used for a firewall endpoint.
endpointId string
The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
subnetId string
The unique identifier of the subnet that you've specified to be used for a firewall endpoint.
endpoint_id str
The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
subnet_id str
The unique identifier of the subnet that you've specified to be used for a firewall endpoint.
endpointId String
The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
subnetId String
The unique identifier of the subnet that you've specified to be used for a firewall endpoint.

FirewallSubnetMapping
, FirewallSubnetMappingArgs

SubnetId This property is required. string
The unique identifier for the subnet.
IpAddressType string
The subnet's IP address type. Valida values: "DUALSTACK", "IPV4".
SubnetId This property is required. string
The unique identifier for the subnet.
IpAddressType string
The subnet's IP address type. Valida values: "DUALSTACK", "IPV4".
subnetId This property is required. String
The unique identifier for the subnet.
ipAddressType String
The subnet's IP address type. Valida values: "DUALSTACK", "IPV4".
subnetId This property is required. string
The unique identifier for the subnet.
ipAddressType string
The subnet's IP address type. Valida values: "DUALSTACK", "IPV4".
subnet_id This property is required. str
The unique identifier for the subnet.
ip_address_type str
The subnet's IP address type. Valida values: "DUALSTACK", "IPV4".
subnetId This property is required. String
The unique identifier for the subnet.
ipAddressType String
The subnet's IP address type. Valida values: "DUALSTACK", "IPV4".

Import

Using pulumi import, import Network Firewall Firewalls using their arn. For example:

$ pulumi import aws:networkfirewall/firewall:Firewall example arn:aws:network-firewall:us-west-1:123456789012:firewall/example
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.