AWS::NetworkFirewall::Firewall

NetworkFirewall Firewall

Resource type definition for AWS::NetworkFirewall::Firewall

Properties

13 configurable properties. 2 required. Click a row to see details.

Filter:

Property	Type	Flags
`FirewallName`	`string`	RequiredCreate-only
`FirewallPolicyArn`	`string`	Required
`AvailabilityZoneChangeProtection`	`boolean`
`AvailabilityZoneMappings`	`Array<AvailabilityZoneMapping>`
`DeleteProtection`	`boolean`
`Description`	`string`
`EnabledAnalysisTypes`	`Array<string>`
`FirewallPolicyChangeProtection`	`boolean`
`SubnetChangeProtection`	`boolean`
`SubnetMappings`	`Array<SubnetMapping>`
`Tags`	`Array<Tag>`
`TransitGatewayId`	`string`
`VpcId`	`string`	Create-only

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`EndpointIds`	`Array<string>`	-
`FirewallArn`	`string`	-
`FirewallId`	`string`	-
`TransitGatewayAttachmentId`	`string`	-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::NetworkFirewall::Firewall

Resources:
  MyResource:
    Type: AWS::NetworkFirewall::Firewall
    Properties:
      FirewallName: "my-firewallname"
      FirewallPolicyArn: "arn:aws:service:region:account:resource"
      Tags:
        - Key: Environment
          Value: Production
      Description: !Ref "AWS::StackName"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

ec2:CreateVpcEndpointec2:DescribeVpcEndpointsec2:DescribeSubnetsec2:DescribeVpcsiam:CreateServiceLinkedRolenetwork-firewall:CreateFirewallnetwork-firewall:DescribeFirewallPolicynetwork-firewall:DescribeRuleGroup

read

network-firewall:DescribeFirewallnetwork-firewall:ListTagsForResource

update

network-firewall:AssociateSubnetsnetwork-firewall:DisassociateSubnetsnetwork-firewall:UpdateFirewallDescriptionnetwork-firewall:UpdateFirewallDeleteProtectionnetwork-firewall:UpdateSubnetChangeProtectionnetwork-firewall:UpdateFirewallPolicyChangeProtectionnetwork-firewall:AssociateFirewallPolicynetwork-firewall:TagResource

delete

ec2:DeleteVpcEndpointsec2:DescribeRouteTableslogs:DescribeLogGroupslogs:DescribeResourcePolicieslogs:GetLogDeliverylogs:ListLogDeliveriesnetwork-firewall:DeleteFirewallnetwork-firewall:UntagResource

list

network-firewall:ListFirewalls

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceNetworkFirewall

Properties17

Required2

TaggingSupported

Primary IDFirewallArn

Supported Operations

CreateReadUpdateDeleteList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

VpcIdFirewallName

Related Resources

External Links

AWS Documentation