Package software.amazon.awscdk.cfnpropertymixins.services.networkfirewall

Class CfnVpcEndpointAssociationPropsMixin

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.Mixin
software.amazon.awscdk.cfnpropertymixins.services.networkfirewall.CfnVpcEndpointAssociationPropsMixin
All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable, software.constructs.IMixin
@Generated(value="jsii-pacmak/1.127.0 (build 2117ad5)", date="2026-03-11T13:20:01.845Z") @Stability(Stable) public class CfnVpcEndpointAssociationPropsMixin extends Mixin implements software.constructs.IMixin
A VPC endpoint association defines a single subnet to use for a firewall endpoint for a Firewall .

You can define VPC endpoint associations only in the Availability Zones that already have a subnet mapping defined in the Firewall resource.

You can retrieve the list of Availability Zones that are available for use by calling DescribeFirewallMetadata .

To manage firewall endpoints, first, in the Firewall specification, you specify a single VPC and one subnet for each of the Availability Zones where you want to use the firewall. Then you can define additional endpoints as VPC endpoint associations.

You can use VPC endpoint associations to expand the protections of the firewall as follows:

  • Protect multiple VPCs with a single firewall - You can use the firewall to protect other VPCs, either in your account or in accounts where the firewall is shared. You can only specify Availability Zones that already have a firewall endpoint defined in the Firewall subnet mappings.
  • Define multiple firewall endpoints for a VPC in an Availability Zone - You can create additional firewall endpoints for the VPC that you have defined in the firewall, in any Availability Zone that already has an endpoint defined in the Firewall subnet mappings. You can create multiple VPC endpoint associations for any other VPC where you use the firewall.

You can use AWS Resource Access Manager to share a Firewall that you own with other accounts, which gives them the ability to use the firewall to create VPC endpoint associations. For information about sharing a firewall, see PutResourcePolicy in this guide and see Sharing Network Firewall resources in the AWS Network Firewall Developer Guide .

The status of the VPC endpoint association, which indicates whether it's ready to filter network traffic, is provided in the corresponding VPC endpoint association status. You can retrieve both the association and its status by calling DescribeVpcEndpointAssociation .

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.cfnpropertymixins.services.networkfirewall.*;
 import software.amazon.awscdk.*;
 IMergeStrategy mergeStrategy;
 CfnVpcEndpointAssociationPropsMixin cfnVpcEndpointAssociationPropsMixin = CfnVpcEndpointAssociationPropsMixin.Builder.create(CfnVpcEndpointAssociationMixinProps.builder()
         .description("description")
         .firewallArn("firewallArn")
         .subnetMapping(SubnetMappingProperty.builder()
                 .ipAddressType("ipAddressType")
                 .subnetId("subnetId")
                 .build())
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .vpcId("vpcId")
         .build())
 .strategy(mergeStrategy)
 .build();

See Also:

  • Field Details

    • CFN_PROPERTY_KEYS

      @Stability(Stable) protected static final List<String> CFN_PROPERTY_KEYS

  • Constructor Details

    • CfnVpcEndpointAssociationPropsMixin

      protected CfnVpcEndpointAssociationPropsMixin(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnVpcEndpointAssociationPropsMixin

      protected CfnVpcEndpointAssociationPropsMixin(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnVpcEndpointAssociationPropsMixin

      @Stability(Stable) public CfnVpcEndpointAssociationPropsMixin(@NotNull CfnVpcEndpointAssociationMixinProps props, @Nullable CfnPropertyMixinOptions options)
      Create a mixin to apply properties to AWS::NetworkFirewall::VpcEndpointAssociation.

      Parameters:
      props - L1 properties to apply. This parameter is required.
      options - Mixin options.

    • CfnVpcEndpointAssociationPropsMixin

      @Stability(Stable) public CfnVpcEndpointAssociationPropsMixin(@NotNull CfnVpcEndpointAssociationMixinProps props)
      Create a mixin to apply properties to AWS::NetworkFirewall::VpcEndpointAssociation.

      Parameters:
      props - L1 properties to apply. This parameter is required.

  • Method Details

    • applyTo

      @Stability(Stable) public void applyTo(@NotNull software.constructs.IConstruct construct)
      Apply the mixin properties to the construct.

      Specified by:
      applyTo in interface software.constructs.IMixin
      Specified by:
      applyTo in class Mixin
      Parameters:
      construct - This parameter is required.

    • supports

      @Stability(Stable) @NotNull public Boolean supports(@NotNull software.constructs.IConstruct construct)
      Check if this mixin supports the given construct.

      Specified by:
      supports in interface software.constructs.IMixin
      Overrides:
      supports in class Mixin
      Parameters:
      construct - This parameter is required.

    • getProps

      @Stability(Stable) @NotNull protected CfnVpcEndpointAssociationMixinProps getProps()

    • getStrategy

      @Stability(Stable) @NotNull protected IMergeStrategy getStrategy()