{ "typeName" : "AWS::NetworkFirewall::Firewall", "description" : "Resource type definition for AWS::NetworkFirewall::Firewall", "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-networkfirewall.git", "additionalProperties" : false, "definitions" : { "ResourceArn" : { "description" : "A resource ARN.", "type" : "string", "pattern" : "^arn:aws.*$", "minLength" : 1, "maxLength" : 256 }, "EndpointId" : { "description" : "An endpoint Id.", "type" : "string" }, "SubnetMapping" : { "type" : "object", "properties" : { "SubnetId" : { "description" : "A SubnetId.", "type" : "string" }, "IPAddressType" : { "description" : "A IPAddressType", "type" : "string" } }, "required" : [ "SubnetId" ], "additionalProperties" : false }, "Tag" : { "type" : "object", "properties" : { "Key" : { "type" : "string", "minLength" : 1, "maxLength" : 128 }, "Value" : { "type" : "string", "minLength" : 0, "maxLength" : 255 } }, "required" : [ "Value", "Key" ], "additionalProperties" : false } }, "properties" : { "FirewallName" : { "type" : "string", "minLength" : 1, "maxLength" : 128, "pattern" : "^[a-zA-Z0-9-]+$" }, "FirewallArn" : { "$ref" : "#/definitions/ResourceArn" }, "FirewallId" : { "type" : "string", "minLength" : 36, "maxLength" : 36, "pattern" : "^([0-9a-f]{8})-([0-9a-f]{4}-){3}([0-9a-f]{12})$" }, "FirewallPolicyArn" : { "$ref" : "#/definitions/ResourceArn" }, "VpcId" : { "type" : "string", "minLength" : 1, "maxLength" : 128, "pattern" : "^vpc-[0-9a-f]+$" }, "SubnetMappings" : { "type" : "array", "minItems" : 1, "insertionOrder" : false, "uniqueItems" : true, "items" : { "$ref" : "#/definitions/SubnetMapping" } }, "DeleteProtection" : { "type" : "boolean" }, "SubnetChangeProtection" : { "type" : "boolean" }, "FirewallPolicyChangeProtection" : { "type" : "boolean" }, "Description" : { "type" : "string", "maxLength" : 512, "pattern" : "^.*$" }, "EndpointIds" : { "type" : "array", "insertionOrder" : false, "items" : { "$ref" : "#/definitions/EndpointId" } }, "Tags" : { "type" : "array", "insertionOrder" : false, "uniqueItems" : true, "items" : { "$ref" : "#/definitions/Tag" } } }, "required" : [ "FirewallName", "FirewallPolicyArn", "VpcId", "SubnetMappings" ], "readOnlyProperties" : [ "/properties/FirewallArn", "/properties/FirewallId", "/properties/EndpointIds" ], "primaryIdentifier" : [ "/properties/FirewallArn" ], "createOnlyProperties" : [ "/properties/VpcId", "/properties/FirewallName" ], "handlers" : { "create" : { "permissions" : [ "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "network-firewall:CreateFirewall", "network-firewall:DescribeFirewallPolicy", "network-firewall:DescribeRuleGroup", "network-firewall:TagResource" ] }, "read" : { "permissions" : [ "network-firewall:DescribeFirewall", "network-firewall:ListTagsForResources" ] }, "update" : { "permissions" : [ "network-firewall:AssociateSubnets", "network-firewall:DisassociateSubnets", "network-firewall:UpdateFirewallDescription", "network-firewall:UpdateFirewallDeleteProtection", "network-firewall:UpdateSubnetChangeProtection", "network-firewall:UpdateFirewallPolicyChangeProtection", "network-firewall:AssociateFirewallPolicy", "network-firewall:TagResource", "network-firewall:UntagResource", "network-firewall:DescribeFirewall" ] }, "delete" : { "permissions" : [ "ec2:DeleteVpcEndpoints", "logs:DescribeLogGroups", "logs:DescribeResourcePolicies", "logs:GetLogDelivery", "logs:ListLogDeliveries", "network-firewall:DeleteFirewall", "network-firewall:UntagResource" ] }, "list" : { "permissions" : [ "network-firewall:ListFirewalls" ] } } }