Class: Aws::NetworkFirewall::Types::VpcEndpointAssociation

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb

Overview

A VPC endpoint association defines a single subnet to use for a firewall endpoint for a Firewall. You can define VPC endpoint associations only in the Availability Zones that already have a subnet mapping defined in the Firewall resource.

You can retrieve the list of Availability Zones that are available for use by calling DescribeFirewallMetadata.

To manage firewall endpoints, first, in the Firewall specification, you specify a single VPC and one subnet for each of the Availability Zones where you want to use the firewall. Then you can define additional endpoints as VPC endpoint associations.

You can use VPC endpoint associations to expand the protections of the firewall as follows:

  • Protect multiple VPCs with a single firewall - You can use the firewall to protect other VPCs, either in your account or in accounts where the firewall is shared. You can only specify Availability Zones that already have a firewall endpoint defined in the Firewall subnet mappings.

  • Define multiple firewall endpoints for a VPC in an Availability Zone - You can create additional firewall endpoints for the VPC that you have defined in the firewall, in any Availability Zone that already has an endpoint defined in the Firewall subnet mappings. You can create multiple VPC endpoint associations for any other VPC where you use the firewall.

You can use Resource Access Manager to share a Firewall that you own with other accounts, which gives them the ability to use the firewall to create VPC endpoint associations. For information about sharing a firewall, see PutResourcePolicy in this guide and see Sharing Network Firewall resources in the Network Firewall Developer Guide.

The status of the VPC endpoint association, which indicates whether it's ready to filter network traffic, is provided in the corresponding VpcEndpointAssociationStatus. You can retrieve both the association and its status by calling DescribeVpcEndpointAssociation.

See Also:

Constant Summary collapse

SENSITIVE = 
[]

Instance Attribute Summary collapse

Instance Attribute Details

#descriptionString

A description of the VPC endpoint association.

Returns:

  • (String) 


9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
 
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 9776

class VpcEndpointAssociation < Struct.new(
  :vpc_endpoint_association_id,
  :vpc_endpoint_association_arn,
  :firewall_arn,
  :vpc_id,
  :subnet_mapping,
  :description,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#firewall_arnString

The Amazon Resource Name (ARN) of the firewall.

Returns:

  • (String) 


9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
 
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 9776

class VpcEndpointAssociation < Struct.new(
  :vpc_endpoint_association_id,
  :vpc_endpoint_association_arn,
  :firewall_arn,
  :vpc_id,
  :subnet_mapping,
  :description,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#subnet_mappingTypes::SubnetMapping

The ID for a subnet that's used in an association with a firewall. This is used in CreateFirewall, AssociateSubnets, and CreateVpcEndpointAssociation. Network Firewall creates an instance of the associated firewall in each subnet that you specify, to filter traffic in the subnet's Availability Zone.

Returns:



9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
 
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 9776

class VpcEndpointAssociation < Struct.new(
  :vpc_endpoint_association_id,
  :vpc_endpoint_association_arn,
  :firewall_arn,
  :vpc_id,
  :subnet_mapping,
  :description,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#tagsArray<Types::Tag>

The key:value pairs to associate with the resource.

Returns:



9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
 
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 9776

class VpcEndpointAssociation < Struct.new(
  :vpc_endpoint_association_id,
  :vpc_endpoint_association_arn,
  :firewall_arn,
  :vpc_id,
  :subnet_mapping,
  :description,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#vpc_endpoint_association_arnString

The Amazon Resource Name (ARN) of a VPC endpoint association.

Returns:

  • (String) 


9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
 
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 9776

class VpcEndpointAssociation < Struct.new(
  :vpc_endpoint_association_id,
  :vpc_endpoint_association_arn,
  :firewall_arn,
  :vpc_id,
  :subnet_mapping,
  :description,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#vpc_endpoint_association_idString

The unique identifier of the VPC endpoint association.

Returns:

  • (String) 


9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
 
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 9776

class VpcEndpointAssociation < Struct.new(
  :vpc_endpoint_association_id,
  :vpc_endpoint_association_arn,
  :firewall_arn,
  :vpc_id,
  :subnet_mapping,
  :description,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end

#vpc_idString

The unique identifier of the VPC for the endpoint association.

Returns:

  • (String) 


9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
 
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 9776

class VpcEndpointAssociation < Struct.new(
  :vpc_endpoint_association_id,
  :vpc_endpoint_association_arn,
  :firewall_arn,
  :vpc_id,
  :subnet_mapping,
  :description,
  :tags)
  SENSITIVE = []
  include Aws::Structure
end