Update the solution
If you have previously deployed the solution, follow this procedure to update the solution's CloudFormation stack to get the latest version of the solution's framework.
Important
The Amazon VPC and related resource configuration cannot be updated using the CloudFormation update stack workflow. To update the VPC CIDR block, you must delete and recreate the VPC. We recommend consulting your network engineering team to obtain a dedicated CIDR block for the inspection VPC.
Important
The solution version v1.1.0 uses an S3 bucket in place of a CodeCommit repository. Please
review all steps in the update instructions before starting the update process as the Code
Pipeline resource will be updated to start using an S3 bucket (location
). Refer to Step 12 for the BUCKET_NAME
/centralized-network-inspection-on-aws/configuration
.BUCKET_NAME
-
Sign in to the CloudFormation console
, select your existing Centralized Network Inspection on AWS CloudFormation stack, and select Update. -
Select Replace current template.
-
Under Specify template:
-
Select Amazon S3 URL.
-
Copy the link of the latest template
. -
Paste the link in the Amazon S3 URL box.
-
Verify that the correct template URL shows in the Amazon S3 URL text box, and choose Next. Choose Next again.
-
-
Under Parameters, review the parameters for the template and modify them as necessary. For details about the parameters, see Step 1. Launch the Stack.
-
Choose Next.
-
On the Configure stack options page, choose Next.
-
On the Review page, review and confirm the settings. Check the box acknowledging that the template will create IAM resources.
-
Choose View change set and verify the changes.
-
Choose Update stack to deploy the stack.
-
You can view the status of the stack in the AWS CloudFormation console in the Status column. You should receive an UPDATE_COMPLETE status in approximately 7–10 minutes.
-
Once the update is complete, the code pipeline resource will have a new S3 bucket source stage instead of CodeCommit source code.
-
The solution stack outputs will display the key
CodeBuildsourcecodebucket
. The value of this key should replace documentation references of
.BUCKET_NAME
-
Go to the S3 bucket location
and download the archive fileBUCKET_NAME
/centralized-network-inspection-on-aws/configurationcentralized-network-inspection-on-aws.zip
and unzip the archive to a new folder. -
Make sure to sync all the files from the CodeCommit repository previously being used by the pipeline to the folder created in the Step 13.
-
Once the files are reviewed to have all the changes from the CodeCommit repository, create a new archive file
centralized-network-inspection-on-aws.zip
and upload it to the S3 bucket location from Step 13. -
Once the file has been successfully uploaded into the S3 bucket, go to the CodePipeline resource and release the changes.
-
After the update is completed in the AWS CloudFormation Console, there will be no reference to the CodeCommit repository in the solution.
Update the Network Firewall log destination
If you previously deployed this solution, any updates made to the stack will require you to manually initiate CodePipeline to update to the Network Firewall log destination. The Network Firewall configuration should not be updated to manually release changes. To start the AWS CodePipeline manually, refer to Start a pipeline manually in the AWS CodePipeline User Guide.
To modify the AWS Network Firewall, firewall policy, and rule groups, refer to Configuring resources for network firewall.