Skip to content
Alchemy
GitHubXDiscord

Firewall

The Firewall resource lets you manage AWS NetworkFirewall Firewalls to protect your virtual networks from unwanted traffic. This resource allows you to define firewall policies, configure network settings, and set up various protection features.

Minimal Example

Section titled “Minimal Example”

Create a basic firewall with required properties and common optional settings.

import AWS from "alchemy/aws/control";


const basicFirewall = await AWS.NetworkFirewall.Firewall("basicFirewall", {
  FirewallName: "BasicFirewall",
  FirewallPolicyArn: "arn:aws:network-firewall:us-west-2:123456789012:firewall-policy/MyFirewallPolicy",
  VpcId: "vpc-0abcd1234efgh5678",
  SubnetMappings: [
    {
      SubnetId: "subnet-0abcd1234efgh5678"
    }
  ],
  Description: "A basic firewall configuration",
  Tags: [
    {
      Key: "Environment",
      Value: "Development"
    }
  ]
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a firewall with additional features such as protection settings and analysis types.

const advancedFirewall = await AWS.NetworkFirewall.Firewall("advancedFirewall", {
  FirewallName: "AdvancedFirewall",
  FirewallPolicyArn: "arn:aws:network-firewall:us-west-2:123456789012:firewall-policy/MyAdvancedFirewallPolicy",
  VpcId: "vpc-0abcd1234efgh5678",
  SubnetMappings: [
    {
      SubnetId: "subnet-0abcd1234efgh5678"
    }
  ],
  SubnetChangeProtection: true,
  DeleteProtection: true,
  FirewallPolicyChangeProtection: true,
  EnabledAnalysisTypes: ["FLOW", "TLS"],
  Tags: [
    {
      Key: "Environment",
      Value: "Production"
    }
  ]
});

Secure Firewall with Multiple Subnets

Section titled “Secure Firewall with Multiple Subnets”

Create a firewall that spans multiple subnets for increased resilience.

const multiSubnetFirewall = await AWS.NetworkFirewall.Firewall("multiSubnetFirewall", {
  FirewallName: "MultiSubnetFirewall",
  FirewallPolicyArn: "arn:aws:network-firewall:us-west-2:123456789012:firewall-policy/MyMultiSubnetFirewallPolicy",
  VpcId: "vpc-0abcd1234efgh5678",
  SubnetMappings: [
    {
      SubnetId: "subnet-0abcd1234efgh5678"
    },
    {
      SubnetId: "subnet-0abcd9876ijkl4321"
    }
  ],
  Description: "A firewall with multiple subnets for high availability",
  Tags: [
    {
      Key: "Environment",
      Value: "Staging"
    }
  ]
});

Firewall with Custom Analysis Types

Section titled “Firewall with Custom Analysis Types”

Set up a firewall with specific analysis types for in-depth traffic insights.

const customAnalysisFirewall = await AWS.NetworkFirewall.Firewall("customAnalysisFirewall", {
  FirewallName: "CustomAnalysisFirewall",
  FirewallPolicyArn: "arn:aws:network-firewall:us-west-2:123456789012:firewall-policy/MyCustomPolicy",
  VpcId: "vpc-0abcd1234efgh5678",
  SubnetMappings: [
    {
      SubnetId: "subnet-0abcd1234efgh5678"
    }
  ],
  EnabledAnalysisTypes: ["FLOW"],
  Tags: [
    {
      Key: "AnalysisType",
      Value: "TrafficFlow"
    }
  ]
});