firewalls

Creates, updates, deletes or gets a firewall resource or lists firewalls in a region

Overview

Name	`firewalls`
Type	Resource
Description	Resource type definition for AWS::NetworkFirewall::Firewall
Id	`aws.networkfirewall.firewalls`

Fields

Name	Datatype	Description
`firewall_name`	`string`
`firewall_arn`	`string`	A resource ARN.
`firewall_id`	`string`
`firewall_policy_arn`	`string`	A resource ARN.
`vpc_id`	`string`
`subnet_mappings`	`array`
`delete_protection`	`boolean`
`subnet_change_protection`	`boolean`
`firewall_policy_change_protection`	`boolean`
`description`	`string`
`endpoint_ids`	`array`
`tags`	`array`
`region`	`string`	AWS region.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`FirewallName, FirewallPolicyArn, VpcId, SubnetMappings, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all firewalls in a region.

SELECT
region,
firewall_name,
firewall_arn,
firewall_id,
firewall_policy_arn,
vpc_id,
subnet_mappings,
delete_protection,
subnet_change_protection,
firewall_policy_change_protection,
description,
endpoint_ids,
tags
FROM aws.networkfirewall.firewalls
WHERE region = 'us-east-1';

Gets all properties from an individual firewall.

SELECT
region,
firewall_name,
firewall_arn,
firewall_id,
firewall_policy_arn,
vpc_id,
subnet_mappings,
delete_protection,
subnet_change_protection,
firewall_policy_change_protection,
description,
endpoint_ids,
tags
FROM aws.networkfirewall.firewalls
WHERE region = 'us-east-1' AND data__Identifier = '<FirewallArn>';

`INSERT` example

Use the following StackQL query and manifest file to create a new firewall resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO aws.networkfirewall.firewalls (
 FirewallName,
 FirewallPolicyArn,
 VpcId,
 SubnetMappings,
 region
)
SELECT 
'{{ FirewallName }}',
 '{{ FirewallPolicyArn }}',
 '{{ VpcId }}',
 '{{ SubnetMappings }}',
'{{ region }}';

/*+ create */
INSERT INTO aws.networkfirewall.firewalls (
 FirewallName,
 FirewallPolicyArn,
 VpcId,
 SubnetMappings,
 DeleteProtection,
 SubnetChangeProtection,
 FirewallPolicyChangeProtection,
 Description,
 Tags,
 region
)
SELECT 
 '{{ FirewallName }}',
 '{{ FirewallPolicyArn }}',
 '{{ VpcId }}',
 '{{ SubnetMappings }}',
 '{{ DeleteProtection }}',
 '{{ SubnetChangeProtection }}',
 '{{ FirewallPolicyChangeProtection }}',
 '{{ Description }}',
 '{{ Tags }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: firewall
    props:
      - name: FirewallName
        value: '{{ FirewallName }}'
      - name: FirewallPolicyArn
        value: '{{ FirewallPolicyArn }}'
      - name: VpcId
        value: '{{ VpcId }}'
      - name: SubnetMappings
        value:
          - SubnetId: '{{ SubnetId }}'
            IPAddressType: '{{ IPAddressType }}'
      - name: DeleteProtection
        value: '{{ DeleteProtection }}'
      - name: SubnetChangeProtection
        value: '{{ SubnetChangeProtection }}'
      - name: FirewallPolicyChangeProtection
        value: '{{ FirewallPolicyChangeProtection }}'
      - name: Description
        value: '{{ Description }}'
      - name: Tags
        value:
          - Key: '{{ Key }}'
            Value: '{{ Value }}'

`DELETE` example

/*+ delete */
DELETE FROM aws.networkfirewall.firewalls
WHERE data__Identifier = '<FirewallArn>'
AND region = 'us-east-1';

Permissions

To operate on the firewalls resource, the following permissions are required:

Create

ec2:CreateVpcEndpoint,
ec2:DescribeVpcEndpoints,
ec2:DescribeSubnets,
ec2:DescribeVpcs,
iam:CreateServiceLinkedRole,
network-firewall:CreateFirewall,
network-firewall:DescribeFirewallPolicy,
network-firewall:DescribeRuleGroup,
network-firewall:TagResource,
network-firewall:AssociateSubnets,
network-firewall:AssociateFirewallPolicy,
network-firewall:DescribeFirewall

Read

network-firewall:DescribeFirewall,
network-firewall:ListTagsForResources

Update

network-firewall:AssociateSubnets,
network-firewall:DisassociateSubnets,
network-firewall:UpdateFirewallDescription,
network-firewall:UpdateFirewallDeleteProtection,
network-firewall:UpdateSubnetChangeProtection,
network-firewall:UpdateFirewallPolicyChangeProtection,
network-firewall:AssociateFirewallPolicy,
network-firewall:TagResource,
network-firewall:UntagResource,
network-firewall:DescribeFirewall

Delete

ec2:DeleteVpcEndpoints,
ec2:DescribeRouteTables,
logs:DescribeLogGroups,
logs:DescribeResourcePolicies,
logs:GetLogDelivery,
logs:ListLogDeliveries,
network-firewall:DeleteFirewall,
network-firewall:UntagResource,
network-firewall:DescribeFirewall

List

network-firewall:ListFirewalls

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Create​

Read​

Update​

Delete​

List​