UNPKG

@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi.com

pulumi/pulumi-aws-native

145 lines (144 loc) 9.07 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; import * as enums from "../types/enums"; /** * Resource type definition for AWS::NetworkFirewall::Firewall */ export declare class Firewall extends pulumi.CustomResource { /** * Get an existing Firewall resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): Firewall; /** * Returns true if the given object is an instance of Firewall. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Firewall; /** * A flag indicating whether it is possible to delete the firewall. A setting of `TRUE` indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to `TRUE` . */ readonly deleteProtection: pulumi.Output<boolean | undefined>; /** * A description of the firewall. */ readonly description: pulumi.Output<string | undefined>; /** * The types of analysis to enable for the firewall. Can be TLS_SNI, HTTP_HOST, or both. */ readonly enabledAnalysisTypes: pulumi.Output<enums.networkfirewall.FirewallEnabledAnalysisType[] | undefined>; /** * The unique IDs of the firewall endpoints for all of the subnets that you attached to the firewall. The subnets are not listed in any particular order. For example: `["us-west-2c:vpce-111122223333", "us-west-2a:vpce-987654321098", "us-west-2b:vpce-012345678901"]` . */ readonly endpointIds: pulumi.Output<string[]>; /** * The Amazon Resource Name (ARN) of the `Firewall` . */ readonly firewallArn: pulumi.Output<string>; /** * The name of the `Firewall` resource. */ readonly firewallId: pulumi.Output<string>; /** * The descriptive name of the firewall. You can't change the name of a firewall after you create it. */ readonly firewallName: pulumi.Output<string>; /** * The Amazon Resource Name (ARN) of the firewall policy. * * The relationship of firewall to firewall policy is many to one. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls. */ readonly firewallPolicyArn: pulumi.Output<string>; /** * A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to `TRUE` . */ readonly firewallPolicyChangeProtection: pulumi.Output<boolean | undefined>; /** * A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to `TRUE` . */ readonly subnetChangeProtection: pulumi.Output<boolean | undefined>; /** * The primary public subnets that Network Firewall is using for the firewall. Network Firewall creates a firewall endpoint in each subnet. Create a subnet mapping for each Availability Zone where you want to use the firewall. * * These subnets are all defined for a single, primary VPC, and each must belong to a different Availability Zone. Each of these subnets establishes the availability of the firewall in its Availability Zone. * * In addition to these subnets, you can define other endpoints for the firewall in `VpcEndpointAssociation` resources. You can define these additional endpoints for any VPC, and for any of the Availability Zones where the firewall resource already has a subnet mapping. VPC endpoint associations give you the ability to protect multiple VPCs using a single firewall, and to define multiple firewall endpoints for a VPC in a single Availability Zone. */ readonly subnetMappings: pulumi.Output<outputs.networkfirewall.FirewallSubnetMapping[]>; /** * An array of key-value pairs to apply to this resource. * * For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) . */ readonly tags: pulumi.Output<outputs.Tag[] | undefined>; /** * The unique identifier of the VPC where the firewall is in use. You can't change the VPC of a firewall after you create the firewall. */ readonly vpcId: pulumi.Output<string>; /** * Create a Firewall resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FirewallArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a Firewall resource. */ export interface FirewallArgs { /** * A flag indicating whether it is possible to delete the firewall. A setting of `TRUE` indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to `TRUE` . */ deleteProtection?: pulumi.Input<boolean>; /** * A description of the firewall. */ description?: pulumi.Input<string>; /** * The types of analysis to enable for the firewall. Can be TLS_SNI, HTTP_HOST, or both. */ enabledAnalysisTypes?: pulumi.Input<pulumi.Input<enums.networkfirewall.FirewallEnabledAnalysisType>[]>; /** * The descriptive name of the firewall. You can't change the name of a firewall after you create it. */ firewallName?: pulumi.Input<string>; /** * The Amazon Resource Name (ARN) of the firewall policy. * * The relationship of firewall to firewall policy is many to one. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls. */ firewallPolicyArn: pulumi.Input<string>; /** * A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to `TRUE` . */ firewallPolicyChangeProtection?: pulumi.Input<boolean>; /** * A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to `TRUE` . */ subnetChangeProtection?: pulumi.Input<boolean>; /** * The primary public subnets that Network Firewall is using for the firewall. Network Firewall creates a firewall endpoint in each subnet. Create a subnet mapping for each Availability Zone where you want to use the firewall. * * These subnets are all defined for a single, primary VPC, and each must belong to a different Availability Zone. Each of these subnets establishes the availability of the firewall in its Availability Zone. * * In addition to these subnets, you can define other endpoints for the firewall in `VpcEndpointAssociation` resources. You can define these additional endpoints for any VPC, and for any of the Availability Zones where the firewall resource already has a subnet mapping. VPC endpoint associations give you the ability to protect multiple VPCs using a single firewall, and to define multiple firewall endpoints for a VPC in a single Availability Zone. */ subnetMappings: pulumi.Input<pulumi.Input<inputs.networkfirewall.FirewallSubnetMappingArgs>[]>; /** * An array of key-value pairs to apply to this resource. * * For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) . */ tags?: pulumi.Input<pulumi.Input<inputs.TagArgs>[]>; /** * The unique identifier of the VPC where the firewall is in use. You can't change the VPC of a firewall after you create the firewall. */ vpcId: pulumi.Input<string>; }