Skip to content
Alchemy
GitHubXDiscord

FirewallPolicy

The FirewallPolicy resource allows you to manage AWS NetworkFirewall FirewallPolicys to define your firewall rules and behaviors.

Minimal Example

Section titled “Minimal Example”

Create a basic FirewallPolicy with required properties and a description.

import AWS from "alchemy/aws/control";


const basicFirewallPolicy = await AWS.NetworkFirewall.FirewallPolicy("basicFirewallPolicy", {
  FirewallPolicyName: "BasicPolicy",
  Description: "A basic firewall policy for demonstration purposes",
  FirewallPolicy: {
    StatelessRuleGroupReferences: [],
    StatelessDefaultActions: ["aws:pass"],
    StatelessFragmentDefaultActions: ["aws:pass"],
    StatefullRuleGroupReferences: []
  }
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a firewall policy with stateful rule groups and more complex default actions.

const advancedFirewallPolicy = await AWS.NetworkFirewall.FirewallPolicy("advancedFirewallPolicy", {
  FirewallPolicyName: "AdvancedPolicy",
  Description: "An advanced firewall policy with stateful rules",
  FirewallPolicy: {
    StatelessRuleGroupReferences: [
      {
        ResourceArn: "arn:aws:network-firewall:us-east-1:123456789012:stateful-rulegroup/MyStatefulRuleGroup"
      }
    ],
    StatelessDefaultActions: ["aws:drop"],
    StatelessFragmentDefaultActions: ["aws:drop"],
    StatefulRuleGroupReferences: [
      {
        ResourceArn: "arn:aws:network-firewall:us-east-1:123456789012:stateless-rulegroup/MyStatelessRuleGroup"
      }
    ]
  }
});

Example with Tags

Section titled “Example with Tags”

Create a FirewallPolicy that includes tags for better resource management.

const taggedFirewallPolicy = await AWS.NetworkFirewall.FirewallPolicy("taggedFirewallPolicy", {
  FirewallPolicyName: "TaggedPolicy",
  Description: "A policy with tags for organizational purposes",
  Tags: [
    {
      Key: "Environment",
      Value: "Production"
    },
    {
      Key: "Team",
      Value: "Security"
    }
  ],
  FirewallPolicy: {
    StatelessRuleGroupReferences: [],
    StatelessDefaultActions: ["aws:pass"],
    StatelessFragmentDefaultActions: ["aws:pass"],
    StatefulRuleGroupReferences: []
  }
});

Example with Adoption

Section titled “Example with Adoption”

Create a FirewallPolicy and adopt an existing resource if it already exists.

const adoptiveFirewallPolicy = await AWS.NetworkFirewall.FirewallPolicy("adoptiveFirewallPolicy", {
  FirewallPolicyName: "AdoptivePolicy",
  Description: "Adopt an existing firewall policy if it exists",
  adopt: true,
  FirewallPolicy: {
    StatelessRuleGroupReferences: [],
    StatelessDefaultActions: ["aws:pass"],
    StatelessFragmentDefaultActions: ["aws:pass"],
    StatefulRuleGroupReferences: []
  }
});