Interface ICfnFirewallProps

Properties for defining a CfnFirewall.

Namespace: Amazon.CDK.AWS.NetworkFirewall

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public interface ICfnFirewallProps

Syntax (vb)

Public Interface ICfnFirewallProps

Remarks

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html

ExampleMetadata: fixture=_generated

Examples

// The code below shows an example of how to instantiate this type.
             // The values are placeholders you should change.
             using Amazon.CDK.AWS.NetworkFirewall;

             var cfnFirewallProps = new CfnFirewallProps {
                 FirewallName = "firewallName",
                 FirewallPolicyArn = "firewallPolicyArn",

                 // the properties below are optional
                 AvailabilityZoneChangeProtection = false,
                 AvailabilityZoneMappings = new [] { new AvailabilityZoneMappingProperty {
                     AvailabilityZone = "availabilityZone"
                 } },
                 DeleteProtection = false,
                 Description = "description",
                 EnabledAnalysisTypes = new [] { "enabledAnalysisTypes" },
                 FirewallPolicyChangeProtection = false,
                 SubnetChangeProtection = false,
                 SubnetMappings = new [] { new SubnetMappingProperty {
                     SubnetId = "subnetId",

                     // the properties below are optional
                     IpAddressType = "ipAddressType"
                 } },
                 Tags = new [] { new CfnTag {
                     Key = "key",
                     Value = "value"
                 } },
                 TransitGatewayId = "transitGatewayId",
                 VpcId = "vpcId"
             };

Synopsis

Properties

AvailabilityZoneChangeProtection	A setting indicating whether the firewall is protected against changes to its Availability Zone configuration.
AvailabilityZoneMappings	The Availability Zones where the firewall endpoints are created for a transit gateway-attached firewall.
DeleteProtection	A flag indicating whether it is possible to delete the firewall.
Description	A description of the firewall.
EnabledAnalysisTypes	An optional setting indicating the specific traffic analysis types to enable on the firewall.
FirewallName	The descriptive name of the firewall.
FirewallPolicyArn	The Amazon Resource Name (ARN) of the firewall policy.
FirewallPolicyChangeProtection	A setting indicating whether the firewall is protected against a change to the firewall policy association.
SubnetChangeProtection	A setting indicating whether the firewall is protected against changes to the subnet associations.
SubnetMappings	The primary public subnets that Network Firewall is using for the firewall.
Tags	An array of key-value pairs to apply to this resource.
TransitGatewayId	The unique identifier of the transit gateway associated with this firewall.
VpcId	The unique identifier of the VPC where the firewall is in use.

Properties

AvailabilityZoneChangeProtection

A setting indicating whether the firewall is protected against changes to its Availability Zone configuration.

object? AvailabilityZoneChangeProtection { get; }

Property Value

object

Remarks

When set to TRUE , you must first disable this protection before adding or removing Availability Zones.

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-availabilityzonechangeprotection

Type union: either bool or IResolvable

AvailabilityZoneMappings

The Availability Zones where the firewall endpoints are created for a transit gateway-attached firewall.

object? AvailabilityZoneMappings { get; }

Property Value

object

Remarks

Each mapping specifies an Availability Zone where the firewall processes traffic.

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-availabilityzonemappings

Type union: either IResolvable or (either IResolvable or CfnFirewall.IAvailabilityZoneMappingProperty)[]

DeleteProtection

A flag indicating whether it is possible to delete the firewall.

object? DeleteProtection { get; }

Property Value

object

Remarks

A setting of TRUE indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to TRUE .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-deleteprotection

Type union: either bool or IResolvable

Description

A description of the firewall.

string? Description { get; }

Property Value

string

Remarks

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-description

EnabledAnalysisTypes

An optional setting indicating the specific traffic analysis types to enable on the firewall.

string[]? EnabledAnalysisTypes { get; }

Property Value

string[]

Remarks

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-enabledanalysistypes

FirewallName

The descriptive name of the firewall.

string FirewallName { get; }

Property Value

string

Remarks

You can't change the name of a firewall after you create it.

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-firewallname

FirewallPolicyArn

The Amazon Resource Name (ARN) of the firewall policy.

string FirewallPolicyArn { get; }

Property Value

string

Remarks

The relationship of firewall to firewall policy is many to one. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls.

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-firewallpolicyarn

FirewallPolicyChangeProtection

A setting indicating whether the firewall is protected against a change to the firewall policy association.

object? FirewallPolicyChangeProtection { get; }

Property Value

object

Remarks

Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-firewallpolicychangeprotection

Type union: either bool or IResolvable

SubnetChangeProtection

A setting indicating whether the firewall is protected against changes to the subnet associations.

object? SubnetChangeProtection { get; }

Property Value

object

Remarks

Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-subnetchangeprotection

Type union: either bool or IResolvable

SubnetMappings

The primary public subnets that Network Firewall is using for the firewall.

object? SubnetMappings { get; }

Property Value

object

Remarks

Network Firewall creates a firewall endpoint in each subnet. Create a subnet mapping for each Availability Zone where you want to use the firewall.

These subnets are all defined for a single, primary VPC, and each must belong to a different Availability Zone. Each of these subnets establishes the availability of the firewall in its Availability Zone.

In addition to these subnets, you can define other endpoints for the firewall in VpcEndpointAssociation resources. You can define these additional endpoints for any VPC, and for any of the Availability Zones where the firewall resource already has a subnet mapping. VPC endpoint associations give you the ability to protect multiple VPCs using a single firewall, and to define multiple firewall endpoints for a VPC in a single Availability Zone.

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-subnetmappings

Type union: either IResolvable or (either IResolvable or CfnFirewall.ISubnetMappingProperty)[]

Tags

An array of key-value pairs to apply to this resource.

ICfnTag[]? Tags { get; }

Property Value

ICfnTag[]

Remarks

For more information, see Tag .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-tags

TransitGatewayId

The unique identifier of the transit gateway associated with this firewall.

string? TransitGatewayId { get; }

Property Value

string

Remarks

This field is only present for transit gateway-attached firewalls.

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-transitgatewayid

VpcId

The unique identifier of the VPC where the firewall is in use.

string? VpcId { get; }

Property Value

string

Remarks

You can't change the VPC of a firewall after you create the firewall.

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewall.html#cfn-networkfirewall-firewall-vpcid