Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. networkfirewall
  5. Firewall

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
pulumi/pulumi-aws-native

aws-native.networkfirewall.Firewall

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
pulumi/pulumi-aws-native

Resource type definition for AWS::NetworkFirewall::Firewall

Create Firewall Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Firewall(name: string, args: FirewallArgs, opts?: CustomResourceOptions);
@overload
def Firewall(resource_name: str,
             args: FirewallArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Firewall(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             firewall_policy_arn: Optional[str] = None,
             subnet_mappings: Optional[Sequence[FirewallSubnetMappingArgs]] = None,
             vpc_id: Optional[str] = None,
             delete_protection: Optional[bool] = None,
             description: Optional[str] = None,
             firewall_name: Optional[str] = None,
             firewall_policy_change_protection: Optional[bool] = None,
             subnet_change_protection: Optional[bool] = None,
             tags: Optional[Sequence[_root_inputs.TagArgs]] = None)
func NewFirewall(ctx *Context, name string, args FirewallArgs, opts ...ResourceOption) (*Firewall, error)
public Firewall(string name, FirewallArgs args, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)

type: aws-native:networkfirewall:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. FirewallArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. FirewallArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. FirewallArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Firewall Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The Firewall resource accepts the following input properties:

FirewallPolicyArn This property is required. string

The Amazon Resource Name (ARN) of the firewall policy.

The relationship of firewall to firewall policy is many to one. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls.

SubnetMappings This property is required. List<Pulumi.AwsNative.NetworkFirewall.Inputs.FirewallSubnetMapping>
The public subnets that Network Firewall is using for the firewall. Each subnet must belong to a different Availability Zone.
VpcId This property is required. string
The unique identifier of the VPC where the firewall is in use. You can't change the VPC of a firewall after you create the firewall.
DeleteProtection bool
A flag indicating whether it is possible to delete the firewall. A setting of TRUE indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to TRUE .
Description string
A description of the firewall.
FirewallName string
The descriptive name of the firewall. You can't change the name of a firewall after you create it.
FirewallPolicyChangeProtection bool
A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .
SubnetChangeProtection bool
A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .
Tags List<Pulumi.AwsNative.Inputs.Tag>

An array of key-value pairs to apply to this resource.

For more information, see Tag .

FirewallPolicyArn This property is required. string

The Amazon Resource Name (ARN) of the firewall policy.

The relationship of firewall to firewall policy is many to one. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls.

SubnetMappings This property is required. []FirewallSubnetMappingArgs
The public subnets that Network Firewall is using for the firewall. Each subnet must belong to a different Availability Zone.
VpcId This property is required. string
The unique identifier of the VPC where the firewall is in use. You can't change the VPC of a firewall after you create the firewall.
DeleteProtection bool
A flag indicating whether it is possible to delete the firewall. A setting of TRUE indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to TRUE .
Description string
A description of the firewall.
FirewallName string
The descriptive name of the firewall. You can't change the name of a firewall after you create it.
FirewallPolicyChangeProtection bool
A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .
SubnetChangeProtection bool
A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .
Tags TagArgs

An array of key-value pairs to apply to this resource.

For more information, see Tag .

firewallPolicyArn This property is required. String

The Amazon Resource Name (ARN) of the firewall policy.

The relationship of firewall to firewall policy is many to one. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls.

subnetMappings This property is required. List<FirewallSubnetMapping>
The public subnets that Network Firewall is using for the firewall. Each subnet must belong to a different Availability Zone.
vpcId This property is required. String
The unique identifier of the VPC where the firewall is in use. You can't change the VPC of a firewall after you create the firewall.
deleteProtection Boolean
A flag indicating whether it is possible to delete the firewall. A setting of TRUE indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to TRUE .
description String
A description of the firewall.
firewallName String
The descriptive name of the firewall. You can't change the name of a firewall after you create it.
firewallPolicyChangeProtection Boolean
A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .
subnetChangeProtection Boolean
A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .
tags List<Tag>

An array of key-value pairs to apply to this resource.

For more information, see Tag .

firewallPolicyArn This property is required. string

The Amazon Resource Name (ARN) of the firewall policy.

The relationship of firewall to firewall policy is many to one. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls.

subnetMappings This property is required. FirewallSubnetMapping[]
The public subnets that Network Firewall is using for the firewall. Each subnet must belong to a different Availability Zone.
vpcId This property is required. string
The unique identifier of the VPC where the firewall is in use. You can't change the VPC of a firewall after you create the firewall.
deleteProtection boolean
A flag indicating whether it is possible to delete the firewall. A setting of TRUE indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to TRUE .
description string
A description of the firewall.
firewallName string
The descriptive name of the firewall. You can't change the name of a firewall after you create it.
firewallPolicyChangeProtection boolean
A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .
subnetChangeProtection boolean
A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .
tags Tag[]

An array of key-value pairs to apply to this resource.

For more information, see Tag .

firewall_policy_arn This property is required. str

The Amazon Resource Name (ARN) of the firewall policy.

The relationship of firewall to firewall policy is many to one. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls.

subnet_mappings This property is required. Sequence[FirewallSubnetMappingArgs]
The public subnets that Network Firewall is using for the firewall. Each subnet must belong to a different Availability Zone.
vpc_id This property is required. str
The unique identifier of the VPC where the firewall is in use. You can't change the VPC of a firewall after you create the firewall.
delete_protection bool
A flag indicating whether it is possible to delete the firewall. A setting of TRUE indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to TRUE .
description str
A description of the firewall.
firewall_name str
The descriptive name of the firewall. You can't change the name of a firewall after you create it.
firewall_policy_change_protection bool
A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .
subnet_change_protection bool
A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .
tags Sequence[TagArgs]

An array of key-value pairs to apply to this resource.

For more information, see Tag .

firewallPolicyArn This property is required. String

The Amazon Resource Name (ARN) of the firewall policy.

The relationship of firewall to firewall policy is many to one. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls.

subnetMappings This property is required. List<Property Map>
The public subnets that Network Firewall is using for the firewall. Each subnet must belong to a different Availability Zone.
vpcId This property is required. String
The unique identifier of the VPC where the firewall is in use. You can't change the VPC of a firewall after you create the firewall.
deleteProtection Boolean
A flag indicating whether it is possible to delete the firewall. A setting of TRUE indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to TRUE .
description String
A description of the firewall.
firewallName String
The descriptive name of the firewall. You can't change the name of a firewall after you create it.
firewallPolicyChangeProtection Boolean
A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .
subnetChangeProtection Boolean
A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE .
tags List<Property Map>

An array of key-value pairs to apply to this resource.

For more information, see Tag .

Outputs

All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

EndpointIds List<string>
The unique IDs of the firewall endpoints for all of the subnets that you attached to the firewall. The subnets are not listed in any particular order. For example: ["us-west-2c:vpce-111122223333", "us-west-2a:vpce-987654321098", "us-west-2b:vpce-012345678901"] .
FirewallArn string
The Amazon Resource Name (ARN) of the Firewall .
FirewallId string
The name of the Firewall resource.
Id string
The provider-assigned unique ID for this managed resource.
EndpointIds []string
The unique IDs of the firewall endpoints for all of the subnets that you attached to the firewall. The subnets are not listed in any particular order. For example: ["us-west-2c:vpce-111122223333", "us-west-2a:vpce-987654321098", "us-west-2b:vpce-012345678901"] .
FirewallArn string
The Amazon Resource Name (ARN) of the Firewall .
FirewallId string
The name of the Firewall resource.
Id string
The provider-assigned unique ID for this managed resource.
endpointIds List<String>
The unique IDs of the firewall endpoints for all of the subnets that you attached to the firewall. The subnets are not listed in any particular order. For example: ["us-west-2c:vpce-111122223333", "us-west-2a:vpce-987654321098", "us-west-2b:vpce-012345678901"] .
firewallArn String
The Amazon Resource Name (ARN) of the Firewall .
firewallId String
The name of the Firewall resource.
id String
The provider-assigned unique ID for this managed resource.
endpointIds string[]
The unique IDs of the firewall endpoints for all of the subnets that you attached to the firewall. The subnets are not listed in any particular order. For example: ["us-west-2c:vpce-111122223333", "us-west-2a:vpce-987654321098", "us-west-2b:vpce-012345678901"] .
firewallArn string
The Amazon Resource Name (ARN) of the Firewall .
firewallId string
The name of the Firewall resource.
id string
The provider-assigned unique ID for this managed resource.
endpoint_ids Sequence[str]
The unique IDs of the firewall endpoints for all of the subnets that you attached to the firewall. The subnets are not listed in any particular order. For example: ["us-west-2c:vpce-111122223333", "us-west-2a:vpce-987654321098", "us-west-2b:vpce-012345678901"] .
firewall_arn str
The Amazon Resource Name (ARN) of the Firewall .
firewall_id str
The name of the Firewall resource.
id str
The provider-assigned unique ID for this managed resource.
endpointIds List<String>
The unique IDs of the firewall endpoints for all of the subnets that you attached to the firewall. The subnets are not listed in any particular order. For example: ["us-west-2c:vpce-111122223333", "us-west-2a:vpce-987654321098", "us-west-2b:vpce-012345678901"] .
firewallArn String
The Amazon Resource Name (ARN) of the Firewall .
firewallId String
The name of the Firewall resource.
id String
The provider-assigned unique ID for this managed resource.

Supporting Types

FirewallSubnetMapping
, FirewallSubnetMappingArgs

SubnetId This property is required. string
A SubnetId.
IpAddressType string
A IPAddressType
SubnetId This property is required. string
A SubnetId.
IpAddressType string
A IPAddressType
subnetId This property is required. String
A SubnetId.
ipAddressType String
A IPAddressType
subnetId This property is required. string
A SubnetId.
ipAddressType string
A IPAddressType
subnet_id This property is required. str
A SubnetId.
ip_address_type str
A IPAddressType
subnetId This property is required. String
A SubnetId.
ipAddressType String
A IPAddressType

Tag
, TagArgs

Key This property is required. string
The key name of the tag
Value This property is required. string
The value of the tag
Key This property is required. string
The key name of the tag
Value This property is required. string
The value of the tag
key This property is required. String
The key name of the tag
value This property is required. String
The value of the tag
key This property is required. string
The key name of the tag
value This property is required. string
The value of the tag
key This property is required. str
The key name of the tag
value This property is required. str
The value of the tag
key This property is required. String
The key name of the tag
value This property is required. String
The value of the tag

Package Details

Repository
AWS Native pulumi/pulumi-aws-native
License
Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.26.0 published on Wednesday, Mar 12, 2025 by Pulumi
pulumi/pulumi-aws-native