Aws-cdk: [aws-networkfirewall] Add support for AWS Network Firewall

Created on 24 Nov 2020  路  9Comments  路  Source: aws/aws-cdk

The new managed AWS Network Firewall service is now available, and has CloudFormation support.

Use Case

Need to create a firewall.

Proposed Solution

CDK should incorporate L1 and eventually L2 constructs for the AWS Network Firewall.

Other

  • [ ] :wave: I may be able to implement this feature request
  • [ ] :warning: This feature might incur a breaking change

This is a :rocket: Feature Request

feature-request needs-triage
Source
picture bf-sodle
👍6

Most helpful comment

Thanks for reporting @bf-sodle . Confirmed I was able to reproduce the error. Working on a fix.

picture skinny85 on 9 Dec 2020
🚀22 🎉2 👍2

All 9 comments

@SomayaB I鈥檓 curious what the time frame is for this?

sciarrilli picture sciarrilli on 5 Dec 2020

L1 constructs for Network firewall is included in the 1.77 release of CDK. Docs are still updating (Currently 1.76) but since it's L1, it just points to CFN docs: https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/aws-networkfirewall

NukaCody picture NukaCody on 7 Dec 2020
👍1

@sciarrilli The L1 is awaiting release and was merged a few days after it was added to Cloudformation, which always happens automatically whenever a new resource is added to CFN. As far as an L2, we don't have a timeline right now but we welcome PRs, here's the tracking issue for the L2.

SomayaB picture SomayaB on 7 Dec 2020

鈿狅笍COMMENT VISIBILITY WARNING鈿狅笍

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

github-actions[bot] picture github-actions[bot] on 7 Dec 2020

@SomayaB I am unable to deploy the CfnFirewallPolicy construct included in this update. TypeScript sees the construct as valid, but CloudFormation raises the following validation errors:

Properties validation failed for resource firewallpolicy with message:
#/Tags: expected type: JSONArray, found: JSONObject
#/FirewallPolicy/StatelessDefaultActions: expected type: JSONArray, found: JSONObject
#/FirewallPolicy/StatelessFragmentDefaultActions: expected type: JSONArray, found: JSONObject

On further inspection of the CloudFormation documentation, I believe there is an inconsistency in the spec for this resource. The specification seems to define AWS::NetworkFirewall::FirewallPolicy.StatelessActions as a nested object, but the top-level example shows it as a simple list. I believe the CDK is synthesizing the nested object form, while CloudFormation is actually expecting the list form.

bf-sodle picture bf-sodle on 9 Dec 2020
👍1

Thanks for reporting @bf-sodle . Confirmed I was able to reproduce the error. Working on a fix.

skinny85 picture skinny85 on 9 Dec 2020
🚀22 🎉2 👍2

I've just reproduced it with the Tags property on CfnRuleGroup as well. Haven't tested other constructs yet.

bf-sodle picture bf-sodle on 9 Dec 2020

Thank you for looking at this!

bf-sodle picture bf-sodle on 9 Dec 2020
😄1

I opened a new issue specifically for this bug here.

SomayaB picture SomayaB on 10 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

clareliguori picture clareliguori  路  30Comments
amirsch picture amirsch  路  58Comments
laimonassutkus picture laimonassutkus  路  34Comments
julienlepine picture julienlepine  路  39Comments
markusl picture markusl  路  37Comments