CfnVpcEndpointAssociationPropsMixin

class aws_cdk.mixins_preview.aws_networkfirewall.mixins.CfnVpcEndpointAssociationPropsMixin(props, *, strategy=None)

Bases: Mixin

A VPC endpoint association defines a single subnet to use for a firewall endpoint for a Firewall .

You can define VPC endpoint associations only in the Availability Zones that already have a subnet mapping defined in the Firewall resource. .. epigraph:

You can retrieve the list of Availability Zones that are available for use by calling ``DescribeFirewallMetadata`` .

To manage firewall endpoints, first, in the Firewall specification, you specify a single VPC and one subnet for each of the Availability Zones where you want to use the firewall. Then you can define additional endpoints as VPC endpoint associations.

You can use VPC endpoint associations to expand the protections of the firewall as follows:

Protect multiple VPCs with a single firewall - You can use the firewall to protect other VPCs, either in your account or in accounts where the firewall is shared. You can only specify Availability Zones that already have a firewall endpoint defined in the Firewall subnet mappings.
Define multiple firewall endpoints for a VPC in an Availability Zone - You can create additional firewall endpoints for the VPC that you have defined in the firewall, in any Availability Zone that already has an endpoint defined in the Firewall subnet mappings. You can create multiple VPC endpoint associations for any other VPC where you use the firewall.

You can use AWS Resource Access Manager to share a Firewall that you own with other accounts, which gives them the ability to use the firewall to create VPC endpoint associations. For information about sharing a firewall, see PutResourcePolicy in this guide and see Sharing Network Firewall resources in the AWS Network Firewall Developer Guide .

The status of the VPC endpoint association, which indicates whether it’s ready to filter network traffic, is provided in the corresponding VPC endpoint association status. You can retrieve both the association and its status by calling DescribeVpcEndpointAssociation .

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-vpcendpointassociation.html
CloudformationResource:: AWS::NetworkFirewall::VpcEndpointAssociation
Mixin:: true
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_networkfirewall import mixins as networkfirewall_mixins

cfn_vpc_endpoint_association_props_mixin = networkfirewall_mixins.CfnVpcEndpointAssociationPropsMixin(networkfirewall_mixins.CfnVpcEndpointAssociationMixinProps(
    description="description",
    firewall_arn="firewallArn",
    subnet_mapping=networkfirewall_mixins.CfnVpcEndpointAssociationPropsMixin.SubnetMappingProperty(
        ip_address_type="ipAddressType",
        subnet_id="subnetId"
    ),
    tags=[CfnTag(
        key="key",
        value="value"
    )],
    vpc_id="vpcId"
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::NetworkFirewall::VpcEndpointAssociation.

Parameters:

props (Union[CfnVpcEndpointAssociationMixinProps, Dict[str, Any]]) – L1 properties to apply.
strategy (Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:: construct (IConstruct)
Return type:: IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:: construct (IConstruct)
Return type:: bool

Attributes

CFN_PROPERTY_KEYS = ['description', 'firewallArn', 'subnetMapping', 'tags', 'vpcId']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:: x (Any) – Any object.
Return type:: bool
Returns:: true if x is an object created from a class which extends Mixin.
Stability:: experimental

SubnetMappingProperty

class CfnVpcEndpointAssociationPropsMixin.SubnetMappingProperty(*, ip_address_type=None, subnet_id=None)

Bases: object

The ID for a subnet that’s used in an association with a firewall.

This is used in CreateFirewall , AssociateSubnets , and CreateVpcEndpointAssociation . AWS Network Firewall creates an instance of the associated firewall in each subnet that you specify, to filter traffic in the subnet’s Availability Zone.

Parameters:

ip_address_type (Optional[str]) – The subnet’s IP address type. You can’t change the IP address type after you create the subnet.
subnet_id (Optional[str]) – The unique identifier for the subnet.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-vpcendpointassociation-subnetmapping.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_networkfirewall import mixins as networkfirewall_mixins

subnet_mapping_property = networkfirewall_mixins.CfnVpcEndpointAssociationPropsMixin.SubnetMappingProperty(
    ip_address_type="ipAddressType",
    subnet_id="subnetId"
)

Attributes

ip_address_type

The subnet’s IP address type.

You can’t change the IP address type after you create the subnet.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-vpcendpointassociation-subnetmapping.html#cfn-networkfirewall-vpcendpointassociation-subnetmapping-ipaddresstype

subnet_id

The unique identifier for the subnet.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-vpcendpointassociation-subnetmapping.html#cfn-networkfirewall-vpcendpointassociation-subnetmapping-subnetid