UNPKG

@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi.com

pulumi/pulumi-aws-native

94 lines (93 loc) 5.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
import * as pulumi from "@pulumi/pulumi"; import * as outputs from "../types/output"; import * as enums from "../types/enums"; /** * Resource type definition for AWS::NetworkFirewall::Firewall */ export declare function getFirewall(args: GetFirewallArgs, opts?: pulumi.InvokeOptions): Promise<GetFirewallResult>; export interface GetFirewallArgs { /** * The Amazon Resource Name (ARN) of the firewall. */ firewallArn: string; } export interface GetFirewallResult { /** * A setting indicating whether the firewall is protected against changes to its Availability Zone configuration. When set to `TRUE` , you must first disable this protection before adding or removing Availability Zones. */ readonly availabilityZoneChangeProtection?: boolean; /** * The Availability Zones where the firewall endpoints are created for a transit gateway-attached firewall. Each mapping specifies an Availability Zone where the firewall processes traffic. */ readonly availabilityZoneMappings?: outputs.networkfirewall.FirewallAvailabilityZoneMapping[]; /** * A flag indicating whether it is possible to delete the firewall. A setting of `TRUE` indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to `TRUE` . */ readonly deleteProtection?: boolean; /** * A description of the firewall. */ readonly description?: string; /** * The types of analysis to enable for the firewall. Can be TLS_SNI, HTTP_HOST, or both. */ readonly enabledAnalysisTypes?: enums.networkfirewall.FirewallEnabledAnalysisType[]; /** * The unique IDs of the firewall endpoints for all of the subnets that you attached to the firewall. The subnets are not listed in any particular order. For example: `["us-west-2c:vpce-111122223333", "us-west-2a:vpce-987654321098", "us-west-2b:vpce-012345678901"]` . */ readonly endpointIds?: string[]; /** * The Amazon Resource Name (ARN) of the firewall. */ readonly firewallArn?: string; /** * The name of the firewallresource. */ readonly firewallId?: string; /** * The Amazon Resource Name (ARN) of the firewall policy. * * The relationship of firewall to firewall policy is many to one. Each firewall requires one firewall policy association, and you can use the same firewall policy for multiple firewalls. */ readonly firewallPolicyArn?: string; /** * A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to `TRUE` . */ readonly firewallPolicyChangeProtection?: boolean; /** * A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to `TRUE` . */ readonly subnetChangeProtection?: boolean; /** * The primary public subnets that Network Firewall is using for the firewall. Network Firewall creates a firewall endpoint in each subnet. Create a subnet mapping for each Availability Zone where you want to use the firewall. * * These subnets are all defined for a single, primary VPC, and each must belong to a different Availability Zone. Each of these subnets establishes the availability of the firewall in its Availability Zone. * * In addition to these subnets, you can define other endpoints for the firewall in `VpcEndpointAssociation` resources. You can define these additional endpoints for any VPC, and for any of the Availability Zones where the firewall resource already has a subnet mapping. VPC endpoint associations give you the ability to protect multiple VPCs using a single firewall, and to define multiple firewall endpoints for a VPC in a single Availability Zone. */ readonly subnetMappings?: outputs.networkfirewall.FirewallSubnetMapping[]; /** * An array of key-value pairs to apply to this resource. * * For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) . */ readonly tags?: outputs.Tag[]; /** * The unique identifier of the transit gateway attachment associated with this firewall. This field is only present for transit gateway-attached firewalls. */ readonly transitGatewayAttachmentId?: string; /** * The unique identifier of the transit gateway associated with this firewall. This field is only present for transit gateway-attached firewalls. */ readonly transitGatewayId?: string; } /** * Resource type definition for AWS::NetworkFirewall::Firewall */ export declare function getFirewallOutput(args: GetFirewallOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output<GetFirewallResult>; export interface GetFirewallOutputArgs { /** * The Amazon Resource Name (ARN) of the firewall. */ firewallArn: pulumi.Input<string>; }