aws_sdk_networkfirewall/client/
create_firewall.rs

1// Code generated by software.amazon.smithy.rust.codegen.smithy-rs. DO NOT EDIT.
2impl super::Client {
3    /// Constructs a fluent builder for the [`CreateFirewall`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder) operation.
4    ///
5    /// - The fluent builder is configurable:
6    ///   - [`firewall_name(impl Into<String>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::firewall_name) / [`set_firewall_name(Option<String>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_firewall_name):<br>required: **true**<br><p>The descriptive name of the firewall. You can't change the name of a firewall after you create it.</p><br>
7    ///   - [`firewall_policy_arn(impl Into<String>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::firewall_policy_arn) / [`set_firewall_policy_arn(Option<String>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_firewall_policy_arn):<br>required: **true**<br><p>The Amazon Resource Name (ARN) of the <code>FirewallPolicy</code> that you want to use for the firewall.</p><br>
8    ///   - [`vpc_id(impl Into<String>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::vpc_id) / [`set_vpc_id(Option<String>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_vpc_id):<br>required: **false**<br><p>The unique identifier of the VPC where Network Firewall should create the firewall.</p> <p>You can't change this setting after you create the firewall.</p><br>
9    ///   - [`subnet_mappings(SubnetMapping)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::subnet_mappings) / [`set_subnet_mappings(Option<Vec::<SubnetMapping>>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_subnet_mappings):<br>required: **false**<br><p>The public subnets to use for your Network Firewall firewalls. Each subnet must belong to a different Availability Zone in the VPC. Network Firewall creates a firewall endpoint in each subnet.</p><br>
10    ///   - [`delete_protection(bool)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::delete_protection) / [`set_delete_protection(Option<bool>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_delete_protection):<br>required: **false**<br><p>A flag indicating whether it is possible to delete the firewall. A setting of <code>TRUE</code> indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to <code>TRUE</code>.</p><br>
11    ///   - [`subnet_change_protection(bool)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::subnet_change_protection) / [`set_subnet_change_protection(Option<bool>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_subnet_change_protection):<br>required: **false**<br><p>A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to <code>TRUE</code>.</p><br>
12    ///   - [`firewall_policy_change_protection(bool)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::firewall_policy_change_protection) / [`set_firewall_policy_change_protection(Option<bool>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_firewall_policy_change_protection):<br>required: **false**<br><p>A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to <code>TRUE</code>.</p><br>
13    ///   - [`description(impl Into<String>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::description) / [`set_description(Option<String>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_description):<br>required: **false**<br><p>A description of the firewall.</p><br>
14    ///   - [`tags(Tag)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::tags) / [`set_tags(Option<Vec::<Tag>>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_tags):<br>required: **false**<br><p>The key:value pairs to associate with the resource.</p><br>
15    ///   - [`encryption_configuration(EncryptionConfiguration)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::encryption_configuration) / [`set_encryption_configuration(Option<EncryptionConfiguration>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_encryption_configuration):<br>required: **false**<br><p>A complex type that contains settings for encryption of your firewall resources.</p><br>
16    ///   - [`enabled_analysis_types(EnabledAnalysisType)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::enabled_analysis_types) / [`set_enabled_analysis_types(Option<Vec::<EnabledAnalysisType>>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_enabled_analysis_types):<br>required: **false**<br><p>An optional setting indicating the specific traffic analysis types to enable on the firewall.</p><br>
17    ///   - [`transit_gateway_id(impl Into<String>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::transit_gateway_id) / [`set_transit_gateway_id(Option<String>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_transit_gateway_id):<br>required: **false**<br><p>Required when creating a transit gateway-attached firewall. The unique identifier of the transit gateway to attach to this firewall. You can provide either a transit gateway from your account or one that has been shared with you through Resource Access Manager.</p><important>  <p>After creating the firewall, you cannot change the transit gateway association. To use a different transit gateway, you must create a new firewall.</p> </important> <p>For information about creating firewalls, see <code>CreateFirewall</code>. For specific guidance about transit gateway-attached firewalls, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/tgw-firewall-considerations.html">Considerations for transit gateway-attached firewalls</a> in the <i>Network Firewall Developer Guide</i>.</p><br>
18    ///   - [`availability_zone_mappings(AvailabilityZoneMapping)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::availability_zone_mappings) / [`set_availability_zone_mappings(Option<Vec::<AvailabilityZoneMapping>>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_availability_zone_mappings):<br>required: **false**<br><p>Required. The Availability Zones where you want to create firewall endpoints for a transit gateway-attached firewall. You must specify at least one Availability Zone. Consider enabling the firewall in every Availability Zone where you have workloads to maintain Availability Zone independence.</p> <p>You can modify Availability Zones later using <code>AssociateAvailabilityZones</code> or <code>DisassociateAvailabilityZones</code>, but this may briefly disrupt traffic. The <code>AvailabilityZoneChangeProtection</code> setting controls whether you can make these modifications.</p><br>
19    ///   - [`availability_zone_change_protection(bool)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::availability_zone_change_protection) / [`set_availability_zone_change_protection(Option<bool>)`](crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::set_availability_zone_change_protection):<br>required: **false**<br><p>Optional. A setting indicating whether the firewall is protected against changes to its Availability Zone configuration. When set to <code>TRUE</code>, you cannot add or remove Availability Zones without first disabling this protection using <code>UpdateAvailabilityZoneChangeProtection</code>.</p> <p>Default value: <code>FALSE</code></p><br>
20    /// - On success, responds with [`CreateFirewallOutput`](crate::operation::create_firewall::CreateFirewallOutput) with field(s):
21    ///   - [`firewall(Option<Firewall>)`](crate::operation::create_firewall::CreateFirewallOutput::firewall): <p>The configuration settings for the firewall. These settings include the firewall policy and the subnets in your VPC to use for the firewall endpoints.</p>
22    ///   - [`firewall_status(Option<FirewallStatus>)`](crate::operation::create_firewall::CreateFirewallOutput::firewall_status): <p>Detailed information about the current status of a <code>Firewall</code>. You can retrieve this for a firewall by calling <code>DescribeFirewall</code> and providing the firewall name and ARN.</p> <p>The firewall status indicates a combined status. It indicates whether all subnets are up-to-date with the latest firewall configurations, which is based on the sync states config values, and also whether all subnets have their endpoints fully enabled, based on their sync states attachment values.</p>
23    /// - On failure, responds with [`SdkError<CreateFirewallError>`](crate::operation::create_firewall::CreateFirewallError)
24    pub fn create_firewall(&self) -> crate::operation::create_firewall::builders::CreateFirewallFluentBuilder {
25        crate::operation::create_firewall::builders::CreateFirewallFluentBuilder::new(self.handle.clone())
26    }
27}