Firewall

networkfirewall.services.k8s.aws/v1alpha1

TypeLink
GoDocnetworkfirewall-controller/apis/v1alpha1#Firewall

Metadata

PropertyValue
ScopeNamespaced
KindFirewall
ListKindFirewallList
Pluralfirewalls
Singularfirewall

The firewall defines the configuration settings for an Network Firewall firewall. These settings include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource. The status of the firewall, for example whether it’s ready to filter network traffic, is provided in the corresponding FirewallStatus. You can retrieve both objects by calling DescribeFirewall.

Spec

deleteProtection: boolean
description: string
encryptionConfiguration: 
  keyID: string
  type_: string
firewallName: string
firewallPolicyARN: string
firewallPolicyChangeProtection: boolean
subnetChangeProtection: boolean
subnetMappings:
- subnetID: string
tags:
- key: string
  value: string
vpcID: string
FieldDescription
deleteProtection
Optional
boolean
A flag indicating whether it is possible to delete the firewall. A setting of TRUE indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to TRUE.
description
Optional
string
A description of the firewall.
encryptionConfiguration
Optional
object
A complex type that contains settings for encryption of your firewall resources.
encryptionConfiguration.keyID
Optional
string
**encryptionConfiguration.type_**
Optional
string
firewallName
Required
string
The descriptive name of the firewall. You can’t change the name of a firewall after you create it.
firewallPolicyARN
Required
string
The Amazon Resource Name (ARN) of the FirewallPolicy that you want to use for the firewall.
firewallPolicyChangeProtection
Optional
boolean
A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.
subnetChangeProtection
Optional
boolean
A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.
subnetMappings
Required
array
The public subnets to use for your Network Firewall firewalls. Each subnet must belong to a different Availability Zone in the VPC. Network Firewall creates a firewall endpoint in each subnet.
subnetMappings.[]
Required
object
The ID for a subnet that you want to associate with the firewall. This is used with CreateFirewall and AssociateSubnets. Network Firewall creates an instance of the associated firewall in each subnet that you specify, to filter traffic in the subnet’s Availability Zone.
tags
Optional
array
The key:value pairs to associate with the resource.
tags.[]
Required
object
A key:value pair associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as “environment”) and the tag value represents a specific value within that category (such as “test,” “development,” or “production”). You can add up to 50 tags to each Amazon Web Services resource.
tags.[].value
Optional
string
vpcID
Required
string
The unique identifier of the VPC where Network Firewall should create the firewall.
You can’t change this setting after you create the firewall.

Status

ackResourceMetadata: 
  arn: string
  ownerAccountID: string
  region: string
conditions:
- lastTransitionTime: string
  message: string
  reason: string
  status: string
  type: string
firewall: 
  deleteProtection: boolean
  description: string
  encryptionConfiguration: 
    keyID: string
    type_: string
  firewallARN: string
  firewallID: string
  firewallName: string
  firewallPolicyARN: string
  firewallPolicyChangeProtection: boolean
  subnetChangeProtection: boolean
  subnetMappings:
  - subnetID: string
  tags:
  - key: string
    value: string
  vpcID: string
firewallStatus: 
  capacityUsageSummary: 
    cidrs: 
      availableCIDRCount: integer
      iPSetReferences: {}
      utilizedCIDRCount: integer
  configurationSyncStateSummary: string
  status: string
  syncStates: {}
FieldDescription
ackResourceMetadata
Optional
object
All CRs managed by ACK have a common Status.ACKResourceMetadata member that is used to contain resource sync state, account ownership, constructed ARN for the resource
ackResourceMetadata.arn
Optional
string
ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an “adopted” resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR’s Spec field values. TODO(vijat@): Find a better strategy for resources that do not have ARN in CreateOutputResponse https://github.com/aws/aws-controllers-k8s/issues/270
ackResourceMetadata.ownerAccountID
Required
string
OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource.
ackResourceMetadata.region
Required
string
Region is the AWS region in which the resource exists or will exist.
conditions
Optional
array
All CRS managed by ACK have a common Status.Conditions member that contains a collection of ackv1alpha1.Condition objects that describe the various terminal states of the CR and its backend AWS service API resource
conditions.[]
Required
object
Condition is the common struct used by all CRDs managed by ACK service controllers to indicate terminal states of the CR and its backend AWS service API resource
conditions.[].message
Optional
string
A human readable message indicating details about the transition.
conditions.[].reason
Optional
string
The reason for the condition’s last transition.
conditions.[].status
Optional
string
Status of the condition, one of True, False, Unknown.
conditions.[].type
Optional
string
Type is the type of the Condition
firewall
Optional
object
The configuration settings for the firewall. These settings include the firewall policy and the subnets in your VPC to use for the firewall endpoints.
firewall.deleteProtection
Optional
boolean
firewall.description
Optional
string
firewall.encryptionConfiguration
Optional
object
A complex type that contains optional Amazon Web Services Key Management Service (KMS) encryption settings for your Network Firewall resources. Your data is encrypted by default with an Amazon Web Services owned key that Amazon Web Services owns and manages for you. You can use either the Amazon Web Services owned key, or provide your own customer managed key. To learn more about KMS encryption of your Network Firewall resources, see Encryption at rest with Amazon Web Services Key Managment Service (https://docs.aws.amazon.com/kms/latest/developerguide/kms-encryption-at-rest.html) in the Network Firewall Developer Guide.
firewall.encryptionConfiguration.keyID
Optional
string
**firewall.encryptionConfiguration.type_**
Optional
string
firewall.firewallARN
Optional
string
firewall.firewallID
Optional
string
firewall.firewallName
Optional
string
firewall.firewallPolicyARN
Optional
string
firewall.firewallPolicyChangeProtection
Optional
boolean
firewall.subnetChangeProtection
Optional
boolean
firewall.subnetMappings
Optional
array
firewall.subnetMappings.[]
Required
object
The ID for a subnet that you want to associate with the firewall. This is used with CreateFirewall and AssociateSubnets. Network Firewall creates an instance of the associated firewall in each subnet that you specify, to filter traffic in the subnet’s Availability Zone.
firewall.tags
Optional
array
firewall.tags.[]
Required
object
A key:value pair associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as “environment”) and the tag value represents a specific value within that category (such as “test,” “development,” or “production”). You can add up to 50 tags to each Amazon Web Services resource.
firewall.tags.[].value
Optional
string
firewall.vpcID
Optional
string
firewallStatus
Optional
object
Detailed information about the current status of a Firewall. You can retrieve this for a firewall by calling DescribeFirewall and providing the firewall name and ARN.
firewallStatus.capacityUsageSummary
Optional
object
The capacity usage summary of the resources used by the ReferenceSets in a firewall.
firewallStatus.capacityUsageSummary.cidrs
Optional
object
Summarizes the CIDR blocks used by the IP set references in a firewall. Network Firewall calculates the number of CIDRs by taking an aggregated count of all CIDRs used by the IP sets you are referencing.
firewallStatus.capacityUsageSummary.cidrs.availableCIDRCount
Optional
integer
firewallStatus.capacityUsageSummary.cidrs.iPSetReferences
Optional
object
firewallStatus.capacityUsageSummary.cidrs.utilizedCIDRCount
Optional
integer
firewallStatus.configurationSyncStateSummary
Optional
string
firewallStatus.status
Optional
string
firewallStatus.syncStates
Optional
object