Class: Aws::NetworkFirewall::Types::CreateFirewallRequest

Inherits:
Struct
  • Object
show all
Includes:
Structure
Defined in:
lib/aws-sdk-networkfirewall/types.rb

Overview

See Also:

Constant Summary collapse

SENSITIVE = 
[]

Instance Attribute Summary collapse

Instance Attribute Details

#availability_zone_change_protectionBoolean

Optional. A setting indicating whether the firewall is protected against changes to its Availability Zone configuration. When set to ‘TRUE`, you cannot add or remove Availability Zones without first disabling this protection using UpdateAvailabilityZoneChangeProtection.

Default value: ‘FALSE`

Returns:

  • (Boolean) 


973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#availability_zone_mappingsArray<Types::AvailabilityZoneMapping>

Required. The Availability Zones where you want to create firewall endpoints for a transit gateway-attached firewall. You must specify at least one Availability Zone. Consider enabling the firewall in every Availability Zone where you have workloads to maintain Availability Zone isolation.

You can modify Availability Zones later using AssociateAvailabilityZones or DisassociateAvailabilityZones, but this may briefly disrupt traffic. The ‘AvailabilityZoneChangeProtection` setting controls whether you can make these modifications.

Returns:



973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#delete_protectionBoolean

A flag indicating whether it is possible to delete the firewall. A setting of ‘TRUE` indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to `TRUE`.

Returns:

  • (Boolean) 


973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#descriptionString

A description of the firewall.

Returns:

  • (String) 


973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#enabled_analysis_typesArray<String>

An optional setting indicating the specific traffic analysis types to enable on the firewall.

Returns:

  • (Array<String>) 


973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#encryption_configurationTypes::EncryptionConfiguration

A complex type that contains settings for encryption of your firewall resources.

Returns:



973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#firewall_nameString

The descriptive name of the firewall. You can’t change the name of a firewall after you create it.

Returns:

  • (String) 


973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#firewall_policy_arnString

The Amazon Resource Name (ARN) of the FirewallPolicy that you want to use for the firewall.

Returns:

  • (String) 


973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#firewall_policy_change_protectionBoolean

A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to ‘TRUE`.

Returns:

  • (Boolean) 


973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#subnet_change_protectionBoolean

A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to ‘TRUE`.

Returns:

  • (Boolean) 


973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#subnet_mappingsArray<Types::SubnetMapping>

The public subnets to use for your Network Firewall firewalls. Each subnet must belong to a different Availability Zone in the VPC. Network Firewall creates a firewall endpoint in each subnet.

Returns:



973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#tagsArray<Types::Tag>

The key:value pairs to associate with the resource.

Returns:



973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#transit_gateway_idString

Required when creating a transit gateway-attached firewall. The unique identifier of the transit gateway to attach to this firewall. You can provide either a transit gateway from your account or one that has been shared with you through Resource Access Manager.

After creating the firewall, you cannot change the transit gateway association. To use a different transit gateway, you must create a new firewall.

For information about creating firewalls, see CreateFirewall. For specific guidance about transit gateway-attached firewalls, see

Considerations for transit gateway-attached firewalls][1

in the

*Network Firewall Developer Guide*.

[1]: docs.aws.amazon.com/network-firewall/latest/developerguide/tgw-firewall-considerations.html

Returns:

  • (String) 


973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end

#vpc_idString

The unique identifier of the VPC where Network Firewall should create the firewall.

You can’t change this setting after you create the firewall.

Returns:

  • (String) 


973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
 
# File 'lib/aws-sdk-networkfirewall/types.rb', line 973

class CreateFirewallRequest < Struct.new(
  :firewall_name,
  :firewall_policy_arn,
  :vpc_id,
  :subnet_mappings,
  :delete_protection,
  :subnet_change_protection,
  :firewall_policy_change_protection,
  :description,
  :tags,
  :encryption_configuration,
  :enabled_analysis_types,
  :transit_gateway_id,
  :availability_zone_mappings,
  :availability_zone_change_protection)
  SENSITIVE = []
  include Aws::Structure
end