Class: Aws::NetworkFirewall::Types::CreateFirewallRequest

Inherits:

Struct

• Object
• Struct
• Aws::NetworkFirewall::Types::CreateFirewallRequest

Includes:

Structure

Defined in:

lib/aws-sdk-networkfirewall/types.rb

Overview

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #availability_zone_change_protection ⇒ Boolean

  Optional.

• #availability_zone_mappings ⇒ Array<Types::AvailabilityZoneMapping>

  Required.

• #delete_protection ⇒ Boolean

  A flag indicating whether it is possible to delete the firewall.

• #description ⇒ String

  A description of the firewall.

• #enabled_analysis_types ⇒ Array<String>

  An optional setting indicating the specific traffic analysis types to enable on the firewall.

• #encryption_configuration ⇒ Types::EncryptionConfiguration

  A complex type that contains settings for encryption of your firewall resources.

• #firewall_name ⇒ String

  The descriptive name of the firewall.

• #firewall_policy_arn ⇒ String

  The Amazon Resource Name (ARN) of the FirewallPolicy that you want to use for the firewall.

• #firewall_policy_change_protection ⇒ Boolean

  A setting indicating whether the firewall is protected against a change to the firewall policy association.

• #subnet_change_protection ⇒ Boolean

  A setting indicating whether the firewall is protected against changes to the subnet associations.

• #subnet_mappings ⇒ Array<Types::SubnetMapping>

  The public subnets to use for your Network Firewall firewalls.

• #tags ⇒ Array<Types::Tag>

  The key:value pairs to associate with the resource.

• #transit_gateway_id ⇒ String

  Required when creating a transit gateway-attached firewall.

• #vpc_id ⇒ String

  The unique identifier of the VPC where Network Firewall should create the firewall.

Instance Attribute Details

#availability_zone_change_protection ⇒ Boolean

Optional. A setting indicating whether the firewall is protected against changes to its Availability Zone configuration. When set to ‘TRUE`, you cannot add or remove Availability Zones without first disabling this protection using UpdateAvailabilityZoneChangeProtection.

Default value: ‘FALSE`

Returns:

• (Boolean)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#availability_zone_mappings ⇒ Array<Types::AvailabilityZoneMapping>

Required. The Availability Zones where you want to create firewall endpoints for a transit gateway-attached firewall. You must specify at least one Availability Zone. Consider enabling the firewall in every Availability Zone where you have workloads to maintain Availability Zone isolation.

You can modify Availability Zones later using AssociateAvailabilityZones or DisassociateAvailabilityZones, but this may briefly disrupt traffic. The ‘AvailabilityZoneChangeProtection` setting controls whether you can make these modifications.

Returns:

• (Array<Types::AvailabilityZoneMapping>)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#delete_protection ⇒ Boolean

A flag indicating whether it is possible to delete the firewall. A setting of ‘TRUE` indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to `TRUE`.

Returns:

• (Boolean)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#description ⇒ String

A description of the firewall.

Returns:

• (String)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#enabled_analysis_types ⇒ Array<String>

An optional setting indicating the specific traffic analysis types to enable on the firewall.

Returns:

• (Array<String>)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#encryption_configuration ⇒ Types::EncryptionConfiguration

A complex type that contains settings for encryption of your firewall resources.

Returns:

• (Types::EncryptionConfiguration)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#firewall_name ⇒ String

The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

Returns:

• (String)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#firewall_policy_arn ⇒ String

The Amazon Resource Name (ARN) of the FirewallPolicy that you want to use for the firewall.

Returns:

• (String)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#firewall_policy_change_protection ⇒ Boolean

A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to ‘TRUE`.

Returns:

• (Boolean)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#subnet_change_protection ⇒ Boolean

A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to ‘TRUE`.

Returns:

• (Boolean)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#subnet_mappings ⇒ Array<Types::SubnetMapping>

The public subnets to use for your Network Firewall firewalls. Each subnet must belong to a different Availability Zone in the VPC. Network Firewall creates a firewall endpoint in each subnet.

Returns:

• (Array<Types::SubnetMapping>)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#tags ⇒ Array<Types::Tag>

The key:value pairs to associate with the resource.

Returns:

• (Array<Types::Tag>)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#transit_gateway_id ⇒ String

Required when creating a transit gateway-attached firewall. The unique identifier of the transit gateway to attach to this firewall. You can provide either a transit gateway from your account or one that has been shared with you through Resource Access Manager.

After creating the firewall, you cannot change the transit gateway association. To use a different transit gateway, you must create a new firewall.

For information about creating firewalls, see CreateFirewall. For specific guidance about transit gateway-attached firewalls, see

Considerations for transit gateway-attached firewalls][1

in the

*Network Firewall Developer Guide*.

[1]: docs.aws.amazon.com/network-firewall/latest/developerguide/tgw-firewall-considerations.html

Returns:

• (String)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#vpc_id ⇒ String

The unique identifier of the VPC where Network Firewall should create the firewall.

You can’t change this setting after you create the firewall.

Returns:

• (String)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 1045

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end