Update the solution - Centralized Network Inspection on AWS
Update the Network Firewall log destination

Update the solution

If you have previously deployed the solution, follow this procedure to update the solution's CloudFormation stack to get the latest version of the solution's framework.

Important

The Amazon VPC and related resource configuration cannot be updated using the CloudFormation update stack workflow. To update the VPC CIDR block, you must delete and recreate the VPC. We recommend consulting your network engineering team to obtain a dedicated CIDR block for the inspection VPC.

  1. Sign in to the CloudFormation console, select your existing Centralized Network Inspection on AWS CloudFormation stack, and select Update.

  2. Select Replace current template.

  3. Under Specify template:

    1. Select Amazon S3 URL.

    2. Copy the link of the latest template.

    3. Paste the link in the Amazon S3 URL box.

    4. Verify that the correct template URL shows in the Amazon S3 URL text box, and choose Next. Choose Next again.

  4. Under Parameters, review the parameters for the template and modify them as necessary. For details about the parameters, see Step 1. Launch the Stack.

  5. Choose Next.

  6. On the Configure stack options page, choose Next.

  7. On the Review page, review and confirm the settings. Check the box acknowledging that the template will create IAM resources.

  8. Choose View change set and verify the changes.

  9. Choose Update stack to deploy the stack.

You can view the status of the stack in the AWS CloudFormation console in the Status column. You should receive a UPDATE_COMPLETE status in approximately 7–10 minutes.

Update the Network Firewall log destination

If you previously deployed this solution, any updates made to the stack will require you to manually initiate CodePipeline to update to the Network Firewall log destination. The Network Firewall configuration should not be updated to manually release changes. To start the AWS CodePipeline manually, refer to Start a pipeline manually in the AWS CodePipeline User Guide.

To modify the AWS Network Firewall, firewall policy, and rule groups, refer to Configuring resources for network firewall.