Skip to content

Create Firewall

networkfirewall_create_firewall R Documentation

Creates an Network Firewall Firewall and accompanying FirewallStatus for a VPC

Description

Creates an Network Firewall Firewall and accompanying FirewallStatus for a VPC.

The firewall defines the configuration settings for an Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource.

After you create a firewall, you can provide additional settings, like the logging configuration.

To update the settings for a firewall, you use the operations that apply to the settings themselves, for example update_logging_configuration, associate_subnets, and update_firewall_delete_protection.

To manage a firewall's tags, use the standard Amazon Web Services resource tagging operations, list_tags_for_resource, tag_resource, and untag_resource.

To retrieve information about firewalls, use list_firewalls and describe_firewall.

Usage

networkfirewall_create_firewall(FirewallName, FirewallPolicyArn, VpcId,
  SubnetMappings, DeleteProtection, SubnetChangeProtection,
  FirewallPolicyChangeProtection, Description, Tags,
  EncryptionConfiguration)

Arguments

FirewallName

[required] The descriptive name of the firewall. You can't change the name of a firewall after you create it.

FirewallPolicyArn

[required] The Amazon Resource Name (ARN) of the FirewallPolicy that you want to use for the firewall.

VpcId

[required] The unique identifier of the VPC where Network Firewall should create the firewall.

You can't change this setting after you create the firewall.

SubnetMappings

[required] The public subnets to use for your Network Firewall firewalls. Each subnet must belong to a different Availability Zone in the VPC. Network Firewall creates a firewall endpoint in each subnet.

DeleteProtection

A flag indicating whether it is possible to delete the firewall. A setting of TRUE indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to TRUE.

SubnetChangeProtection

A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.

FirewallPolicyChangeProtection

A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.

Description

A description of the firewall.

Tags

The key:value pairs to associate with the resource.

EncryptionConfiguration

A complex type that contains settings for encryption of your firewall resources.

Value

A list with the following syntax: 

list(
  Firewall = list(
    FirewallName = "string",
    FirewallArn = "string",
    FirewallPolicyArn = "string",
    VpcId = "string",
    SubnetMappings = list(
      list(
        SubnetId = "string",
        IPAddressType = "DUALSTACK"|"IPV4"|"IPV6"
      )
    ),
    DeleteProtection = TRUE|FALSE,
    SubnetChangeProtection = TRUE|FALSE,
    FirewallPolicyChangeProtection = TRUE|FALSE,
    Description = "string",
    FirewallId = "string",
    Tags = list(
      list(
        Key = "string",
        Value = "string"
      )
    ),
    EncryptionConfiguration = list(
      KeyId = "string",
      Type = "CUSTOMER_KMS"|"AWS_OWNED_KMS_KEY"
    )
  ),
  FirewallStatus = list(
    Status = "PROVISIONING"|"DELETING"|"READY",
    ConfigurationSyncStateSummary = "PENDING"|"IN_SYNC"|"CAPACITY_CONSTRAINED",
    SyncStates = list(
      list(
        Attachment = list(
          SubnetId = "string",
          EndpointId = "string",
          Status = "CREATING"|"DELETING"|"FAILED"|"ERROR"|"SCALING"|"READY",
          StatusMessage = "string"
        ),
        Config = list(
          list(
            SyncStatus = "PENDING"|"IN_SYNC"|"CAPACITY_CONSTRAINED",
            UpdateToken = "string"
          )
        )
      )
    ),
    CapacityUsageSummary = list(
      CIDRs = list(
        AvailableCIDRCount = 123,
        UtilizedCIDRCount = 123,
        IPSetReferences = list(
          list(
            ResolvedCIDRCount = 123
          )
        )
      )
    )
  )
)

Request syntax

svc$create_firewall(
  FirewallName = "string",
  FirewallPolicyArn = "string",
  VpcId = "string",
  SubnetMappings = list(
    list(
      SubnetId = "string",
      IPAddressType = "DUALSTACK"|"IPV4"|"IPV6"
    )
  ),
  DeleteProtection = TRUE|FALSE,
  SubnetChangeProtection = TRUE|FALSE,
  FirewallPolicyChangeProtection = TRUE|FALSE,
  Description = "string",
  Tags = list(
    list(
      Key = "string",
      Value = "string"
    )
  ),
  EncryptionConfiguration = list(
    KeyId = "string",
    Type = "CUSTOMER_KMS"|"AWS_OWNED_KMS_KEY"
  )
)