pulumi-aws-kotlin/com.pulumi.aws.networkfirewall.kotlin/FirewallArgs

FirewallArgs

data class FirewallArgs(val deleteProtection: Output<Boolean>? = null, val description: Output<String>? = null, val enabledAnalysisTypes: Output<List<String>>? = null, val encryptionConfiguration: Output<FirewallEncryptionConfigurationArgs>? = null, val firewallPolicyArn: Output<String>? = null, val firewallPolicyChangeProtection: Output<Boolean>? = null, val name: Output<String>? = null, val subnetChangeProtection: Output<Boolean>? = null, val subnetMappings: Output<List<FirewallSubnetMappingArgs>>? = null, val tags: Output<Map<String, String>>? = null, val vpcId: Output<String>? = null) : ConvertibleToJava<FirewallArgs>

Provides an AWS Network Firewall Firewall Resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.networkfirewall.Firewall("example", {
    name: "example",
    firewallPolicyArn: exampleAwsNetworkfirewallFirewallPolicy.arn,
    vpcId: exampleAwsVpc.id,
    enabledAnalysisTypes: [
        "TLS_SNI",
        "HTTP_HOST",
    ],
    subnetMappings: [{
        subnetId: exampleAwsSubnet.id,
    }],
    tags: {
        Tag1: "Value1",
        Tag2: "Value2",
    },
});

import pulumi
import pulumi_aws as aws
example = aws.networkfirewall.Firewall("example",
    name="example",
    firewall_policy_arn=example_aws_networkfirewall_firewall_policy["arn"],
    vpc_id=example_aws_vpc["id"],
    enabled_analysis_types=[
        "TLS_SNI",
        "HTTP_HOST",
    ],
    subnet_mappings=[{
        "subnet_id": example_aws_subnet["id"],
    }],
    tags={
        "Tag1": "Value1",
        "Tag2": "Value2",
    })

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var example = new Aws.NetworkFirewall.Firewall("example", new()
    {
        Name = "example",
        FirewallPolicyArn = exampleAwsNetworkfirewallFirewallPolicy.Arn,
        VpcId = exampleAwsVpc.Id,
        EnabledAnalysisTypes = new[]
        {
            "TLS_SNI",
            "HTTP_HOST",
        },
        SubnetMappings = new[]
        {
            new Aws.NetworkFirewall.Inputs.FirewallSubnetMappingArgs
            {
                SubnetId = exampleAwsSubnet.Id,
            },
        },
        Tags =
        {
            { "Tag1", "Value1" },
            { "Tag2", "Value2" },
        },
    });
});

package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/networkfirewall"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := networkfirewall.NewFirewall(ctx, "example", &networkfirewall.FirewallArgs{
			Name:              pulumi.String("example"),
			FirewallPolicyArn: pulumi.Any(exampleAwsNetworkfirewallFirewallPolicy.Arn),
			VpcId:             pulumi.Any(exampleAwsVpc.Id),
			EnabledAnalysisTypes: pulumi.StringArray{
				pulumi.String("TLS_SNI"),
				pulumi.String("HTTP_HOST"),
			},
			SubnetMappings: networkfirewall.FirewallSubnetMappingArray{
				&networkfirewall.FirewallSubnetMappingArgs{
					SubnetId: pulumi.Any(exampleAwsSubnet.Id),
				},
			},
			Tags: pulumi.StringMap{
				"Tag1": pulumi.String("Value1"),
				"Tag2": pulumi.String("Value2"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.networkfirewall.Firewall;
import com.pulumi.aws.networkfirewall.FirewallArgs;
import com.pulumi.aws.networkfirewall.inputs.FirewallSubnetMappingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new Firewall("example", FirewallArgs.builder()
            .name("example")
            .firewallPolicyArn(exampleAwsNetworkfirewallFirewallPolicy.arn())
            .vpcId(exampleAwsVpc.id())
            .enabledAnalysisTypes(
                "TLS_SNI",
                "HTTP_HOST")
            .subnetMappings(FirewallSubnetMappingArgs.builder()
                .subnetId(exampleAwsSubnet.id())
                .build())
            .tags(Map.ofEntries(
                Map.entry("Tag1", "Value1"),
                Map.entry("Tag2", "Value2")
            ))
            .build());
    }
}

resources:
  example:
    type: aws:networkfirewall:Firewall
    properties:
      name: example
      firewallPolicyArn: ${exampleAwsNetworkfirewallFirewallPolicy.arn}
      vpcId: ${exampleAwsVpc.id}
      enabledAnalysisTypes:
        - TLS_SNI
        - HTTP_HOST
      subnetMappings:
        - subnetId: ${exampleAwsSubnet.id}
      tags:
        Tag1: Value1
        Tag2: Value2

Import

Using pulumi import, import Network Firewall Firewalls using their arn. For example:

$ pulumi import aws:networkfirewall/firewall:Firewall example arn:aws:network-firewall:us-west-1:123456789012:firewall/example

Constructors

FirewallArgs

constructor(deleteProtection: Output<Boolean>? = null, description: Output<String>? = null, enabledAnalysisTypes: Output<List<String>>? = null, encryptionConfiguration: Output<FirewallEncryptionConfigurationArgs>? = null, firewallPolicyArn: Output<String>? = null, firewallPolicyChangeProtection: Output<Boolean>? = null, name: Output<String>? = null, subnetChangeProtection: Output<Boolean>? = null, subnetMappings: Output<List<FirewallSubnetMappingArgs>>? = null, tags: Output<Map<String, String>>? = null, vpcId: Output<String>? = null)

Properties

deleteProtection

val deleteProtection: Output<Boolean>? = null

A flag indicating whether the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. Defaults to false.

description

val description: Output<String>? = null

A friendly description of the firewall.

enabledAnalysisTypes

val enabledAnalysisTypes: Output<List<String>>? = null

Set of types for which to collect analysis metrics. See Reporting on network traffic in Network Firewall for details on how to use the data. Valid values: TLS_SNI, HTTP_HOST. Defaults to [].

encryptionConfiguration

val encryptionConfiguration: Output<FirewallEncryptionConfigurationArgs>? = null

KMS encryption configuration settings. See Encryption Configuration below for details.

firewallPolicyArn

val firewallPolicyArn: Output<String>? = null

The Amazon Resource Name (ARN) of the VPC Firewall policy.

firewallPolicyChangeProtection

val firewallPolicyChangeProtection: Output<Boolean>? = null

A flag indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. Defaults to false.

name

val name: Output<String>? = null

A friendly name of the firewall.

subnetChangeProtection

val subnetChangeProtection: Output<Boolean>? = null

A flag indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. Defaults to false.

subnetMappings

val subnetMappings: Output<List<FirewallSubnetMappingArgs>>? = null

Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.

Functions

toJava

open override fun toJava(): FirewallArgs